2020 Security Priorities Report

  • Buy Link or Shortcode: {j2store}245|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Security Strategy & Budgeting
  • Parent Category Link: /security-strategy-and-budgeting

Use this deck to learn what projects security practitioners are prioritizing for 2020. Based on a survey of 460 IT security professionals, this report explains what you need to know about the top five priorities, including:

  • Signals and drivers
  • Benefits
  • Critical uncertainties
  • Case study
  • Implications

While the priorities should in no way be read as prescriptive, this research study provides a high-level guide to understand that priorities drive the initiatives, projects, and responsibilities that make up organizations' security strategies.

Our Advice

Critical Insight

There is always more to do, and if IT leaders are to grow with the business, provide meaningful value, and ascend the ladder to achieve true business partner and innovator status, aggressive prioritization is necessary. Clearly, security has become a priority across organizations, as security budgets have continued to increase over the course of 2019. 2020’s priorities highlight that data security has become the thread that runs through all other security priorities, as data is now the currency of the modern digital economy. As a result, data security has reshaped organizations’ priorities to ensure that data is always protected.

Impact and Result

Ultimately, understanding how changes in technology and patterns of work stand to impact the day-to-day lives of IT staff across seniority and industries will allow you to evaluate what your priorities should be for 2020. Ensure that you’re spending your time right. Use data to validate. Prioritize and implement.

2020 Security Priorities Report Research & Tools

Start here – read the Executive Brief

This storyboard will help you understand what projects security practitioners are prioritizing for 2020.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Data security

Data security often rubs against other organizational priorities like data quality, but organizations need to understand that the way they store, handle, and dispose of data is now under regulatory oversight.

  • 2020 Security Priorities Report – Priority 1: Data Security

2. Cloud security

Cloud security means that organizations can take advantage of automation tools not only for patching and patch management but also to secure code throughout the SDLC. It is clear that cloud will transform how security is performed.

  • 2020 Security Priorities Report – Priority 2: Cloud Security

3. Email security

Email security is critical, since email continues to be one of the top points of ingress for cyberattacks from ransomware to business email compromise.

  • 2020 Security Priorities Report – Priority 3: Email Security

4. Security risk management

Security risk management requires organizations to make decisions based on their individual risk tolerance on such things as machine learning and IoT devices.

  • 2020 Security Priorities Report – Priority 4: Security Risk Management

5. Security awareness and training

Human error continues to be a security issue. In 2020, organizations should tailor their security awareness and training to their people so that they are more secure not only at work but also in life.

  • 2020 Security Priorities Report – Priority 5: Security Awareness and Training
[infographic]

Adding the Right Value: Building Cloud Brokerages That Enable

  • Buy Link or Shortcode: {j2store}110|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Strategy and Organizational Design
  • Parent Category Link: /strategy-and-organizational-design

In many cases, the answer is to develop a cloud brokerage to manage the complexity. But what should your cloud broker be delivering, and how?

Our Advice

Critical Insight

  • To avoid failure, you need to provide security and compliance, but basic user satisfaction means becoming a frictionless intermediary.
  • Enabling brokers provide knowledge and guidance for the best usage of cloud.
  • While GCBs fill a critical role as a control point for IT consumption, they can easily turn into a friction point for IT projects. It’s important to find the right balance between enabling compliance and providing frictionless usability.

Impact and Result

  • Avoid disintermediation.
  • Maintain compliance.
  • Leverage economies of scale.
  • Ensure architecture discipline.

Adding the Right Value: Building Cloud Brokerages That Enable Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Build a Cloud Brokerage Deck – A guide to help you start designing a cloud brokerage that delivers value beyond gatekeeping.

Define the value, ecosystem, and metrics required to add value as a brokerage. Develop a brokerage value proposition that aligns with your audience and capabilities. Define and rationalize the ecosystem of partners and value-add activities for your brokerage. Define KPIs that allow you to maximize and balance both usability and compliance.

  • Adding the Right Value: Building Cloud Brokerages That Enable Storyboard
[infographic]

Further reading

Adding the Right Value: Building Cloud Brokerages That Enable

Considerations for implementing an institutional-focused cloud brokerage.

Your Challenge

Increasingly, large institutions and governments are adopting cloud-first postures for delivering IT resources. Combined with the growth of cloud offerings that are able to meet the certifications and requirements of this segment that has been driven by federal initiatives like Cloud-First in Canada and Cloud Smart in the United States, these two factors have left institutions (and the businesses that serve them) with the challenge of delivering cloud services to their users while maintaining compliance, control, and IT sanity.

In many cases, the answer is to develop a cloud brokerage to manage the complexity. But what should your cloud broker be delivering and how?

Navigating the Problem

Not all cloud brokerages are the same. And while they can be an answer to cloud complexity, an ineffective brokerage can drain value and complicate operations even further. Cloud brokerages need to be designed:

  1. To deliver the right type of value to its users.
  2. To strike the balance between effective governance & security and flexibility & ease of use.

Info-Tech’s Approach

By defining your end goals, framing solutions based on the type of value and rigor your brokerage needs to deliver, and focusing on the right balance of security and flexibility, you can deliver a brokerage that delivers the best of all worlds.

  1. Define the brokerage value you want to deliver.
  2. Build the catalog and partner ecosystem.
  3. Understand how to maximize adoption and minimize disintermediation while maintaining architectural discipline and compliance.

Info-Tech Insight

Sometimes a brokerage delivery model makes sense, sometimes it doesn’t! Understanding the value addition you want your brokerage to provide before creating it allows you to not only avoid pitfalls and maximize benefits but also understand when a brokerage model does and doesn’t make sense in the first place.

Project Overview

Understand what value you want your brokerage to deliver

Different institutions want brokerage delivery for different reasons. It’s important to define up front why your users need to work through a brokerage and what value that brokerage needs to deliver.

What’s in the catalog? Is it there to consolidate and simplify billing and consumption? Or does it add value further up the technology stack or value chain? If so, how does that change the capabilities you need internally and from partners?

Security and compliance are usually the highest priority

Among institutions adopting cloud, a broker that can help deliver their defined security and compliance standards is an almost universal requirement. Especially in government institutions, this can mean the need to meet a high standard in both implementation and validation.

The good news is that even if you lack the complete set of skills in-house, the high certification levels available from hyperscale providers combined with a growing ecosystem of service providers working on these platforms means you can usually find the right partner(s) to make it possible.

The real goal: frictionless intermediation and enablement

Ultimately, if end users can’t get what they need from you, they will go around you to get it. This challenge, which has always existed in IT, is further amplified in a cloud service world that offers users a cornucopia of options outside the brokerage. Furthermore, cloud users expect to be able to consume IT seamlessly. Without frictionless satisfaction of user demand your brokerage will become disintermediated, which risks your highest priorities of security and compliance.

Understand the evolution: Info-Tech thought model

While initial adoption of cloud brokerages in institutions was focused on ensuring the ability of IT to extend its traditional role as gatekeeper to the realm of cloud services, the focus has now shifted upstream to enabling ease of use and smart adoption of cloud services. This is evidenced clearly in examples like the US government’s renaming of its digital strategy from “Cloud First” to “Cloud Smart” and has been mirrored in other regions and institutions.

Info-Tech Insights

To avoid failure, you need to provide security and compliance.

Basic user satisfaction means becoming a frictionless intermediary.

Exceed expectations! Enabling brokers provide knowledge and guidance for the best usage of cloud.

  • Security & Compliance
  • Frictionless Intermediation
  • Cloud-Enabling Brokerage

Define the role of a cloud broker

Where do brokers fit in the cloud model?

  • NIST Definition: An entity that manages the use, performance, and delivery of cloud services and negotiates relationships between cloud providers and cloud consumers.
  • Similar to a telecom master agent, a cloud broker acts as the middle-person and end-user point of contact, consolidating the management of underlying providers.
  • A government or institutional cloud broker (GCB) is responsible for the delivery of all cloud services consumed by the departments or agencies it supports or that are mandated to use it.

Balancing governance and agility

Info-Tech Insight

While GCBs fill a critical role as a control point for IT consumption, they can easily turn into a friction point for IT projects. It’s important to find the right balance between enabling compliance and providing frictionless usability.

Model brokerage drivers and benefits

Reduced costs: Security through standardization: Frictionless consumption: Avoid disinter-mediation; Maintain compliance; Leverage economies of scale; Ensure architecture discipline

Maintain compliance and ensure architecture discipline: Brokerages can be an effective gating point for ensuring properly governed and managed IT consumption that meets the specific regulations and compliances required for an institution. It can also be a strong catalyst and enabler for moving to even more effective cloud consumption through automation.

Avoid disintermediation: Especially in institutions, cloud brokers are a key tool in the fight against disintermediation – that is, end users circumventing your IT department’s procurement and governance by consuming an ad hoc cloud service.

Leverage economies of scale: Simply put, consolidation of your cloud consumption drives effectiveness by making the most of your buying power.

Info-Tech Insights

Understanding the importance of each benefit type to your brokerage audience will help you define the type of brokerage you need to build and what skills and partners will be required to deliver the right value.

The brokerage landscape

The past ten years have seen governments and institutions evolve from basic acceptance of cloud services to the usage of cloud as the core of most IT initiatives.

  • As part of this evolution, many organizations now have well-defined standards and guidance for the implementation, procurement, and regulation of cloud services for their use.
  • Both Canada (Strategic Plan for Information Management and Information Technology) and the United States (Cloud Smart – formerly known as Cloud First) have recently updated their guidance on adoption of cloud services. The Australian Government has also recently updated its Cloud Computing Policy.
  • AWS and Azure both now claim Full FedRAMP (Federal Risk and Authorization Management Program) certification.
  • This has not only enabled easy adoption of these core hyperscale cloud service by government but also driven the proliferation of a large ecosystem of FedRAMP-authorized cloud service providers.
  • This trend started with government at the federal level but has cascaded downstream to provincial and municipal governments globally, and the same model seems likely to be adopted by other governments and other institution types over time.

Info-Tech Insight

The ecosystem of platforms and tools has grown significantly and examples of best practices, especially in government, are readily available. Once you’ve defined your brokerage’s value stance, the building blocks you need to deliver often don’t need to be built from scratch.

Address the unique challenges of business-led IT in institutions

With the business taking more accountability and management of their own technology, brokers must learn how to evolve from being gatekeepers to enablers.

This image This lists the Cons of IT acting as a gatekeeper providing oversight, and the Pros of IT acting as an Enabler in an IT Partnership. the Cons are: Restrict System Access; Deliver & Monitor Applications; Own Organizational Risk; Train the Business. The Pros are: Manage Role-Based Access; Deliver & Monitor Platforms; Share Organizational Risk; Coach & Mentor the Business

Turn brokerage pitfalls into opportunities

The greatest risks in using a cloud broker come from its nature as a single point of distribution for service and support. Without resources (or automation) to enable scale, as well as responsive processes for supporting users in finding the right services and making those services available through the brokerage, you will lose alignment with your users’ needs, which inevitably leads to disintermediation, loss of IT control, and broken compliance

Info-Tech Insights

Standardization and automation are your friend when building a cloud brokerage! Sometimes this means having a flexible catalog of options and configurations, but great brokerages can deliver value by helping their users redefine and evolve their workloads to work more effectively in the cloud. This means providing guidance and facilitating the landing/transformation of users’ workloads in the cloud, the right way.

Challenges Impact
  • Single point of failure
  • Managing capacity
  • Alignment of brokerage with underlying agencies
  • Additional layer of complexity
  • Inability to deliver service
  • Disintermediation
  • Broken security/compliance
  • Loss of cost control/purchasing power

Validate your cloud brokerage strategy using Info-Tech’s approach

Value Definition

  • Define your brokerage type and value addition

Capabilities Mapping

  • Understand the partners and capabilities you need to be able to deliver

Measuring Value

  • Define KPIs for both compliant delivery and frictionless intermediation

Provide Cloud Excellence

  • Move from intermediation to enablement and help users land on the cloud the right way

Define the categories for your brokerage’s benefit and value

Depending on the type of brokerage, the value delivered may be as simple as billing consolidation, but many brokerages go much deeper in their value proposition.

This image depicts a funnel, where the following inputs make up the Broker Value: Integration, Interface and Management Enhancement; User Identity and Risk Management/ Security & Compliance; Cost & Workload Efficiency, Service Aggregation

Define the categories of brokerage value to add

  • Purchasing Agents save the purchaser time by researching services from different vendors and providing the customer with information about how to use cloud computing to support business goals.
  • Contract Managers may also be assigned power to negotiate contracts with cloud providers on behalf of the customer. In this scenario, the broker may distribute services across multiple vendors to achieve cost-effectiveness, while managing the technical and procurement complexity of dealing with multiple vendors.
    • The broker may provide users with an application program interface (API) and user interface (UI) that hides any complexity and allows the customer to work with their cloud services as if they were being purchased from a single vendor. This type of broker is sometimes referred to as a cloud aggregator.
  • Cloud Enablers can also provide the customer with additional services, such as managing the deduplication, encryption, and cloud data transfer and assisting with data lifecycle management and other activities.
  • Cloud Customizers integrate various underlying cloud services for customers to provide a custom offering under a white label or its own brand.
  • Cloud Agents are essentially the software version of a Contract Manager and act by automating and facilitating the distribution of work between different cloud service providers.

Info-Tech Insights

Remember that these categories are general guidelines! Depending on the requirements and value a brokerage needs to deliver, it may fit more than one category of broker type.

Brokerage types and value addition

Info-Tech Insights

Each value addition your brokerage invests in delivering should tie to reinforcing efficiency, compliance, frictionlessness, or enablement.

Value Addition Purchasing Agent Contract Manager Cloud Enabler Cloud Customizer Cloud Agent
Underlying service selection

Standard Activity

 Standard Activity Standard Activity Standard Activity Common Activity
Support and info Standard Activity

Common Activity

 Standard Activity Standard Activity Common Activity
Contract lifecycle (pricing/negotiation) Standard Activity Common Activity Standard Activity
Workload distribution (to underlying services) (aggregation) Common Activity Standard Activity Standard Activity Standard Activity
Value-add or layered on services Standard Activity Common Activity
Customization/integration of underlying services Standard Activity
Automated workload distribution (i.e. software) Standard Activity

Start by delivering value in these common brokerage service categories

Security & Compliance

  • Reporting & Auditing
  • SIEM & SOC Services
  • Patching & Monitoring

Cost Management

  • Right-Sizing
  • Billing Analysis
  • Anomaly Detection & Change Recommendations

Data Management

  • Data Tiering
  • Localization Management
  • Data Warehouse/Lake Services

Resilience & Reliability

  • Backup & Archive
  • Replication & Sync
  • DR & HA Management
  • Ransomware Prevention/Mitigation

Cloud-Native & DevOps Enablement

  • Infrastructure as Code (IaC)
  • DevOps Tools & Processes
  • SDLC Automation Tools

Design, Transformation, and Integration

  • CDN Integration
  • AI Tools Integration
  • SaaS Customizations

Activity: Brokerage value design

Who are you and who are you building this for?

  • Internal brokerage (i.e. you are a department in an organization that is tasked with providing IT resources to other internal groups)
    • No profit motivation
    • Primary goal is to maintain compliance and avoid disintermediation
  • Third-party brokerage (i.e. you are an MSP that needs to build a brokerage to provide a variety of downstream services and act as the single point of consumption for an organization)
    • Focus on value-addition to the downstream services you facilitate for your client
    • Increased requirement to quickly add new partners/services from downstream as required by your client

What requirements and pains do you need to address?

  • Remember that in the world of cloud, users ultimately can go around IT to find the resources and tools they want to use. In short, if you don’t provide ease and value, they will get it somewhere else.
  • Assess the different types of cloud brokerages out there as a guide to what sort of value you want to deliver.

Why are you creating a brokerage? There are several categories of driver and more than one may apply.

  • Compliance and security gating/validation
  • Cost consolidation and governance
  • Value-add or feature enhancement of raw/downstream services being consumed

It’s important to clearly understand how best you can deliver unique value to ensure that they want to consume from you.

This is an image of a Venn diagram between the following: Who are you trying to serve?; Why and how are you uniquely positioned to deliver?; What requirements do they have and what pain points can you help solve?. Where all three circles overlap is the Brokerage Value Proposition.

Understand the ecosystem you’ll require to deliver value

GCB

  • Enabling Effectiveness
  • Cost Governance
  • Adoption and User Satisfaction
  • Security & Compliance

Whatever value proposition and associated services your brokerage has defined, either internal resources or additional partners will be required to run the platform and processes you want to offer on top of the defined base cloud platforms.

Info-Tech Insights

Remember to always align your value adds and activities to the four key themes:

  • Efficiency
  • Compliance
  • Frictionlessness
  • Cloud Enablement

Delivering value may require an ecosystem

The additional value your broker delivers will depend on the tools and services you can layer on top of the base cloud platform(s) you support.

In many cases, you may require different partners to fulfil similar functions across different base platforms. Although this increases complexity for the brokerage, it’s also a place where additional value can be delivered to end users by your role as a frictionless intermediary.

Base Partner/Platform

  • Third-party software & platforms
  • Third-party automations & integrations
  • Third-party service partners
  • Internal value-add functions

Build the ecosystem you need for your value proposition

Leverage partners and automation to bake compliance in.

Different value-add types (based on the category/categories of broker you’re targeting) require different additional platforms and partners to augment the base cloud service you’re brokering.

Security & Config

  • IaC Tools
  • Cloud Resource Configuration Validation
  • Templating Tools
  • Security Platforms
  • SDN and Networking Platforms
  • Resilience (Backup/Replication/DR/HA) Platforms
  • Data & Storage Management
  • Compliance and Validation Platforms & Partners

Cost Management

  • Subscription Hierarchy Management
  • Showback and Chargeback Logic
  • Cost Dashboarding and Thresholding
  • Governance and Intervention

Adoption & User Satisfaction

  • Service Delivery SLAs
  • Support Process & Tools
  • Capacity/Availability Management
  • Portal Usability/UX

Speed of Evolution

  • Partner and Catalog/Service Additions
  • Broker Catalog Roadmapping
  • User Request Capture (new services)
  • User Request Capture (exceptions)

Build your features and services lists

Incorporate your end user, business, and IT perspectives in defining the list of mandatory and desired features of your target solution.

See our Implement a Proactive and Consistent Vendor Selection Process blueprint for information on procurement practices, including RFP templates.

End User

  • Visual, drag-and-drop models to define data models, business logic, and user interfaces
  • One-click deployment
  • Self-healing application
  • Vendor-managed infrastructure
  • Active community and marketplace
  • Prebuilt templates and libraries
  • Optical character recognition and natural language processing

Business

  • Audit and change logs
  • Theme and template builder
  • Template management
  • Knowledgebase and document management
  • Role-based access
  • Business value, operational costs, and other KPI monitoring
  • Regulatory compliance
  • Consistent design and user experience across applications
  • Business workflow automation

IT

  • Application and system performance monitoring
  • Versioning and code management
  • Automatic application and system refactoring and recovery
  • Exception and error handling
  • Scalability (e.g. load balancing) and infrastructure management
  • Real-time debugging
  • Testing capabilities
  • Security management
  • Application integration management

Understand the stakeholders

Hyperscale Platform/Base Platform: Security; Compliance and Validation;Portal/Front-End; Cost Governance; Broker Value Add(s)

Depending on the value-add(s) you are trying to deliver, as well as the requirements from your institution(s), you will have a different delineation of responsibilities for each of the value-add dimensions. Typically, there will be at least three stakeholders whose role needs to be considered for each dimension:

  • Base Cloud Provider
  • Third-Party Platforms/Service Providers
  • Internal Resources

Info-Tech Insights

It’s important to remember that the ecosystem of third-party options available to you in each case will likely be dependent on if a given partner operates or supports your chosen base provider.

Define the value added by each stakeholder in your value chain

Value Addition Cost Governance Security & Compliance Adoption and User Satisfaction New Service Addition Speed End-User Cloud Effectiveness
Base platform(s)
Third party
Internal

A basic table of the stakeholders and platforms involved in your value stream is a critical tool for aligning activities and partners with brokerage value.

Remember to tie each value-add category you’re embarking on to at least one of the key themes!

Cost Governance → Efficiency

Security & Compliance → Compliance

Adoption & User Satisfaction → Frictionlessness

New Service Addition Responsiveness → Frictionlessness, Enablement

End-User Cloud Effectiveness → Enablement

Info-Tech Insights

The expectations for how applications are consumed and what a user experience should look like is increasingly being guided by the business and by the disintermediating power of the cloud-app ecosystem.

“Enabling brokers” help embrace business-led IT

In environments where compliance and security are a must, the challenges of handing off application management to the business are even more complex. Great brokers learn to act not just as a gatekeeper but an enabler of business-led IT.

Business Empowerment

Organizations are looking to enhance their Agile and BizDevOps practices by shifting traditional IT practices left and toward the business.

Changing Business Needs

Organizational priorities are constantly changing. Cost reduction opportunities and competitive advantages are lost because of delayed delivery of features.

Low Barrier to Entry

Low- and no-code development tools, full-stack solutions, and plug-and-play architectures allow non-technical users to easily build and implement applications without significant internal technical support or expertise.

Democratization of IT

A wide range of digital applications, services, and information are readily available and continuously updated through vendor and public marketplaces and open-source communities.

Technology-Savvy Business

The business is motivated to learn more about the technology they use so that they can better integrate it into their processes.

Balance usability and compliance: accelerate cloud effectiveness

Move to being an accelerator and an enabler! Rather than creating an additional layer of complexity, we can use the abstraction of a cloud brokerage to bring a wide variety of value-adds and partners into the ecosystem without increasing complexity for end users.

Manage the user experience

  • Your portal is a great source of data for optimizing user adoption and satisfaction.
  • Understand the KPIs that matter to your clients or client groups from both a technical and a service perspective.

Be proactive and responsive in meeting changing needs

  • Determine dashboard consumption by partner view.
  • Regularly review and address the gaps in your catalog.
  • Provide an easy mechanism for adding user-demanded services.

Think like a service provider

  • You do need to be able to communicate and even market internally new services and capabilities as you add them or people won't know to come to you to use them.
  • It's also critical in helping people move along the path to enablement and knowing what might be possible that they hadn't considered.

Provide cloud excellence functions

Enablement Broker

  • Mentorship & Training
    • Build the skills, knowledge, and experiences of application owners and managers with internal and external expertise.
  • Organizational Change Leadership
    • Facilitate cultural, governance, and other organizational changes through strong relationships with business and IT leadership.
  • Good Delivery Practices & Thinking
    • Develop, share, and maintain a toolkit of good software development lifecycle (SDLC) practices and techniques.
  • Knowledge Sharing
    • Centralize a knowledgebase of up-to-date and accurate documentation and develop community forums to facilitate knowledge transfer.
  • Technology Governance & Leadership
    • Implement the organizational standards, policies, and rules for all applications and platforms and coordinate growth and sprawl.
  • Shared Services & Integrations
    • Provide critical services and integrations to support end users with internal resources or approved third-party providers and partners.

Gauge value with the right metrics

Focus your effort on measuring key metrics.

Category

Purpose

Examples
Business Value – The amount of value and benefits delivered. Justify the investment and impact of the brokerage and its optimization to business operations. ROI, user productivity, end-user satisfaction, business operational costs, error rate
Application Quality – Satisfaction of application quality standards. Evaluate organizational effort to address and maximize user satisfaction and adoption rates. Adoption rate, usage friction metrics, user satisfaction metrics
Delivery Effectiveness – The delivery efficiency of changes. Enable members to increase their speed to effective deployment, operation, and innovation on cloud platforms. Speed of deployment, landing/migration success metrics

Determine measures that demonstrate the value of your brokerage by aligning it with your quality definition, value drivers, and users’ goals and objectives. Recognize that your journey will require constant monitoring and refinement to adjust to situations that may arise as you adopt new products, standards, strategies, tactics, processes, and tools.

Activity Output

Ultimately, the goal is designing a brokerage that can evolve from gatekeeping to frictionless intermediation to cloud enablement.

Maintain focus on the value proposition, your brokerage ecosystem, and the metrics that represent enablement for your users and avoid pitfalls and challenges from the beginning.

Activity: Define your brokerage type and value addition; Understand the partners and capabilities you need to be able to deliver; Define KPIs for both delivery (compliance) and adoption (frictionlessness); Output: GCB Strategy Plan; Addresses: Why and when you should build a GCB; How to avoid pitfalls; How to maximize benefits; How to maximize responsiveness and user satisfaction; How to roadmap and add services with agility.

Appendix

Related blueprints and tools

Document Your Cloud Strategy

This blueprint covers aligning your value proposition with general cloud requirements.

Define Your Digital Business Strategy

Phase 1 of this research covers identifying value chains to be transformed.

Embrace Business-Managed Applications

Phase 1 of this research covers understanding the business-managed applications as a factor in developing a frictionless intermediary model.

Implement a Proactive and Consistent Vendor Selection Process

This blueprint provides information on partner selection and procurement practices, including RFP templates.

Bibliography

“3 Types of Cloud Brokers That Can Save the Cloud.” Cloud Computing Topics, n.d. Web.

Australian Government Cloud Computing Policy. Government of Australia, October 2014. Web.

“Cloud Smart Policy Overview.” CIO.gov, n.d. Web.

“From Cloud First to Cloud Smart.” CIO.gov, n.d. Web.

Gardner, Dana. “Cloud brokering: Building a cloud of clouds.” ZDNet, 22 April 2011. Web.

Narcisi, Gina. “Cloud, Next-Gen Services Help Master Agents Grow Quickly And Beat 'The Squeeze' “As Connectivity Commissions Decline.” CRN, 14 June 2017. Web.

Smith, Spencer. “Asigra calls out the perils of cloud brokerage model.” TechTarget, 28 June 2019. Web.

Tan, Aaron. “Australia issues new cloud computing guidelines.” TechTarget, 27 July 2020. Web.

The European Commission Cloud Strategy. ec.europa.eu, 16 May 2019. Web.

“TrustRadius Review: Cloud Brokers 2022.” TrustRadius, 2022. Web.

Yedlin, Debbie. “Pros and Cons of Using a Cloud Broker.” Technology & Business Integrators, 17 April 2015. Web.

IT Operations Consulting

Operations... make sure that the services and products you offer your clients are delivered in the most efficient way possible. IT Operations makes sure that the applications and infrastructure that your delivery depends on is solid.

Gert Taeymans has over 20 years experience in directing the implementation and management of mission-critical services for businesses in high-volume international markets. Strong track record in risk management, crisis management including disaster recovery, service delivery and change & config management.

Register to read more …

Mature and Scale Product Ownership

  • Buy Link or Shortcode: {j2store}145|cart{/j2store}
  • member rating overall impact: 9.5/10 Overall Impact
  • member rating average dollars saved: $21,919 Average $ Saved
  • member rating average days saved: 13 Average Days Saved
  • Parent Category Name: Development
  • Parent Category Link: /development
  • Product owners must bridge the gap between the customers, operations, and delivery to ensure products continuously deliver increasing value.
  • Product owners are often assigned to projects or product delivery without proper support, guidance, or alignment.
  • In many organizations, the product owner role is not well-defined, serves as a proxy for stakeholder ownership, and lacks reinforcement of the key skills needed to be successful.

Our Advice

Critical Insight

A product owner is the CEO for their product. Successful product management starts with empowerment and accountability. Product owners own the vision, roadmap, and value realization for their product or family aligned to enterprise goals and priorities.

  • Product and service ownership share the same foundation - underlying capabilities and best practices to own and improve a product or service are identical for both roles. Use the terms that make the most sense for your culture.
  • Product owners represent three primary perspectives: Business (externally facing), Technical (systems and tools), or Operational (manual processes). Although all share the same capabilities, how they approach their responsibilities is influenced by their primary perspective.
  • Product owners are operating under an incomplete understanding of the capabilities needed to succeed. Most product/service owners lack a complete picture of the needed capabilities, skills, and activities to successfully perform their roles.

Impact and Result

  • Create a culture of product management trust and empowerment with product owners aligned to your operational structure and product needs.
  • Promote and develop true Agile skills among your product owners and family managers.
  • Implement Info-Tech’s product owner capability model to define the role expectations and provide a development path for product owners.

Mature and Scale Product Ownership Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Mature and Scale Product Ownership Storyboard – Establish a culture of success for product management and mature product owner capabilities.

Strengthen the product owner role in your organization by focusing on core capabilities and proper alignment.

  • Establish a foundation for empowerment and success.
  • Assign and align product owners with products and stakeholders.
  • Mature product owner capabilities and skills.

    • Mature and Scale Product Ownership Storyboard

    2. Mature and Scale Product Ownership Readiness Assessment – Determine your readiness for a product-centric culture based on Info-Tech’s CLAIM+G model.

    Using Info-Tech’s CLAIM model, quickly determine your organization’s strengths and weaknesses preparing for a product culture. Use the heat map to identify key areas.

    • Mature and Scale Product Ownership Readiness Assessment

    3. Mature and Scale Product Ownership Playbook – Playbook for product owners and product managers.

    Use the blueprint exercises to build your personal product owner playbook. You can also use the workbook to capture exercise outcomes.

    • Mature and Scale Product Ownership Playbook

    4. Mature and Scale Product Ownership Workbook – Workbook for product owners and product managers.

    Use this workbook to capture exercise outcomes and transfer them to your Mature and Scale Product Ownership Playbook (optional).

    • Mature and Scale Product Ownership Workbook

    5. Mature and Scale Product Ownership Proficiency Assessment – Determine your current proficiency and improvement areas.

    Product owners need to improve their core capabilities and real Agile skills. The assessment radar will help identify current proficiency and growth opportunities.

    • Mature and Scale Product Ownership Proficiency Assessment
    [infographic]

    Workshop: Mature and Scale Product Ownership

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish the foundation for product ownership

    The Purpose

    Establish the foundation for product ownership.

    Key Benefits Achieved

    Product owner playbook with role clarity and RACI.

    Activities

    1.1 Define enablers and blockers of product management.

    1.2 Define your product management roles and names.

    1.3 Assess your product management readiness.

    1.4 Identify your primary product owner perspective.

    1.5 Define your product owner RACI.

    Outputs

    Enablers and blockers

    Role definitions.

    Product culture readiness

    Product owner perspective mapping

    Product owner RACI

    2 Align product owners to products

    The Purpose

    Align product owners to products.

    Key Benefits Achieved

    Assignment of resources to open products.

    A stakeholder management strategy.

    Activities

    2.1 Assign resources to your products and families.

    2.2 Visualize relationships to identify key influencers.

    2.3 Group stakeholders into categories.

    2.4 Prioritize your stakeholders.

    Outputs

    Product resource assignment

    Stakeholder management strategy

    Stakeholder management strategy

    Stakeholder management strategy

    3 Mature product owner capabilities

    The Purpose

    Mature product owner capabilities.

    Key Benefits Achieved

    Assess your Agile product owner readiness

    Assess and mature product owner capabilities

    Activities

    3.1 Assess your real Agile skill proficiency.

    3.2 Assess your vison capability proficiency.

    3.3 Assess your leadership capability proficiency.

    3.4 Assess your PLM capability proficiency.

    3.5 Assess your value realization capability proficiency.

    3.6 Identify your business value drivers and sources of value.

    Outputs

    Real Agile skill proficiency assessment

    Info-Tech’s product owner capability model proficiency assessment

    Info-Tech’s product owner capability model proficiency assessment

    Info-Tech’s product owner capability model proficiency assessment

    Info-Tech’s product owner capability model proficiency assessment

    Business value drivers and sources of value

    Further reading

    Mature and Scale Product Ownership

    Strengthen the product owner’s role in your organization by focusing on core capabilities and proper alignment.

    Executive Brief

    Analyst Perspective

    Empower product owners throughout your organization.

    Hans Eckman

    Whether you manage a product or service, the fundamentals of good product ownership are the same. Organizations need to focus on three key elements of product ownership in order to be successful.

    • Create an environment of empowerment and service leadership to reinforce product owners and product family managers as the true owners of the vision, improvement, and realized the value of their products.
    • Align product and product family owner roles based on operational alignment and the groups defined when scaling product management.
    • Develop your product owners to improve the quality of roadmaps, alignment to enterprise goals, and profit and loss (P&L) for each product or service.

    By focusing the attention of the teammates serving in product owner or service owner roles, your organization will deliver value sooner and respond to change more effectively.

    Hans Eckman

    Principal Research Director – Application Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Product owners must bridge the gap between the customers, operations, and delivery to ensure products continuously deliver increasing value.

    Product owners are often assigned to projects or product delivery without proper support, guidance, or alignment.

    In many organizations the product owner role is not well-defined, serves as a proxy for stakeholder ownership, and lacks reinforcement of the key skills needed to be successful.

    Common Obstacles

    Organizations have poor alignment or missing product owners between lines of business, IT, and operations.

    Product owners are aligned to projects and demand management rather than long-term strategic product ownership.

    Product families are not properly defined, scaled, and supported within organizations.

    Individuals in product owner roles have an incomplete understanding of needed capabilities and lack a development path.

    Info-Tech's Approach

    Create a culture of product management trust and empowerment with product owners aligned to your operational structure and product needs.

    Promote and develop true Agile skills among your product owners and family managers.

    Implement Info-Tech’s product owner capability model to define the role expectations and provide a development path for product owners.

    Extend product management success using Deliver on Your Digital Product Vision and Deliver Digital Products at Scale.

    Info-Tech Insight

    There is no single correct approach to product ownership. Product ownership must be tuned and structured to meet the delivery needs of your organization and the teams it serves.

    Info-Tech’s Approach

    Product owners make the final decision

    • Establish a foundation for empowerment and success
    • Assign product owners and align with products and stakeholders
    • Mature product owner capabilities and skills
    Product Owner capabilities: Vision, Product Lifecycle Management, Leadership, Value Realization

    The Info-Tech difference

    1. Assign product owners where product decisions are needed, not to match org charts or delivery teams. The product owner has the final word on product decisions.
    2. Organize product owners into related teams to ensure product capabilities delivered are aligned to enterprise strategy and goals.
    3. Shared products and services must support the needs of many product owners with conflicting priorities. Shared service product owners must map and prioritize demand to align to enterprise priorities and goals.
    4. All product owners share the same capability model.

    Insight summary

    There is no single correct approach to product ownership

    Successful product management starts with empowerment and accountability. Product owners own the vision, roadmap, and value realization for their product or family aligned to enterprise goals and priorities.

    Phase 1 insight

    Product owners represent three primary perspectives: business (external-facing), technical (systems and tools), or operational (manual processes). Although all share the same capabilities, how they approach their responsibilities is influenced by their primary perspective.

    Phase 2 insight

    Start with your operational grouping of products and families, identifying where an owner is needed. Then, assign people to the products and families. The owner does not define the product or family.

    Phase 3 insight

    Product owners are operating under an incomplete understanding of the capabilities needed to succeed. Most product/service owners lack a complete picture of the needed capabilities, skills, and activities to successfully perform their roles.

    Product and service ownership share the same foundation

    The underlying capabilities and best practices to own and improve a product or service are identical for both roles. Use the terms that make the most sense for your culture.

    Map product owner roles to your existing job titles

    Identify where product management is needed and align expectations with existing roles. Successful product management does not require a dedicated job family.

    Projects can be a mechanism for funding product changes and improvements

    Projects can be a mechanism for funding product changes and improvements. Shows difference of value for project life-cycles, hybrid life-cycles, and product life-cycles.

    Projects within products

    Regardless of whether you recognize yourself as a product-based or project-based shop, the same basic principles should apply.

    You go through a period or periods of project-like development to build a version of an application or product.

    You also have parallel services along with your project development, which encompass the more product-based view. These may range from basic support and maintenance to full-fledged strategy teams or services like sales and marketing.

    Product and services owners share the same foundation and capabilities

    For the purpose of this blueprint, product/service and product owner/service owner are used interchangeably. The term “product” is used for consistency but would apply to services, as well.

    Product = Service

    Common foundations: Focus on continuous improvement, ROI, and value realization. Clear vision, goals, roadmap, and backlog.

    “Product” and “service” are terms that each organization needs to define to fit its culture and customers (internal and external). The most important aspect is consistent use and understanding of:

    • External products
    • Internal products
    • External services
    • Internal services
    • Products as a service (PaaS)
    • Productizing services (SaaS)

    Recognize the product owner perspectives

    The 3 product owner perspectives. 1. Business: Customer-facing, value-generating. 2. Technical: IT systems and tools. 3. Operations: Keep-the-lights-on processes.

    Product owners represent one of three primary perspectives. Although all share the same capabilities, how they approach their responsibilities is influenced by their primary perspective.

    Info-Tech Insight

    Product owners must translate needs and constraints from their perspective into the language of their audience. Kathy Borneman, Digital Product Owner at SunTrust Bank, noted the challenges of finding a common language between lines of business and IT (e.g. what is a unit?).

    Match your product management role definitions to your product family levels

    Product ownership exists at the different operational tiers or levels in your product hierarchy. This does not imply a management relationship.

    Product portfolio

    Groups of product families within an overall value stream or capability grouping.

    Project portfolio manager

    Product family

    A collection of related products. Products can be grouped along architectural, functional, operational, or experiential patterns.

    Product family manager

    Product

    Single product composed of one or more applications and services.

    Product owner

    Info-Tech Insight

    Define the current roles that will perform the product management function or define consistent role names to product owners and managers.

    Align enterprise value through product families

    Product families are operational groups based on capabilities or business functions. Product family managers translate goals, priorities, and constraints so they are actionable at the next level. Product owners prioritize changes to enhance the capabilities that allow you to realize your product family. Enabling capabilities realize value and help reach your goals.

    Understand special circumstances

    In Deliver Digital Products at Scale, products were grouped into families using Info-Tech’s five scaling patterns. Assigning owners to Enterprise Applications and Shared Services requires special consideration.

    Value stream alignment

    • Business architecture
      • Value stream
      • Capability
      • Function
    • Market/customer segment
    • Line of business (LoB)
    • Example: Customer group > value stream > products

    Enterprise applications

    • Enabling capabilities
    • Enterprise platforms
    • Supporting apps
    • Example: HR > Workday/Peoplesoft > Modules Supporting: Job board, healthcare administrator

    Shared Services

    • Organization of related services into service family
    • Direct hierarchy does not necessarily exist within the family
    • Examples: End-user support and ticketing, workflow and collaboration tools

    Technical

    • Domain grouping of IT infrastructure, platforms, apps, skills, or languages
    • Often used in combination with Shared Services grouping or LoB-specific apps
    • Examples: Java, .NET, low-code, database, network

    Organizational alignment

    • Used at higher levels of the organization where products are aligned under divisions
    • Separation of product managers from organizational structure is no longer needed because the management team owns the product management role

    Map sources of demand and influencers

    Use the stakeholder analysis to define the key stakeholders and sources of demand for enterprise applications and shared services. Extend your mapping to include their stakeholders and influencers to uncover additional sources of demand and prioritization.

    Map of key stakeholders for enterprise applications and shared services.

    Info-Tech Insight

    Your product owner map defines the influence landscape your product operates. It is every bit as important as the teams who enhance, support and operate your product directly.

    Combine your product owner map with your stakeholder map to create a comprehensive view of influencers.

    The primary value of the product owner is to fill the backlog with the highest ROI opportunities aligned with enterprise goals.

    Info-Tech Insight

    The product owner owns the direction of the product.

    • Roadmap - Where are we going?
    • Backlog - What changes are needed to get there?
    • Product review - Did we get close enough?

    Product delivery realizes value for your product family

    While planning and analysis are done at the family level, work and delivery are done at the individual product level.

    Product strategy includes: Vision, Goals, Roadmap, backlog and Release plan.

    Product family owners are more strategic

    When assigning resources, recognize that product family owners will need to be more strategic with their planning and alignment of child families and products.

    Product family owners are more strategic. They require a roadmap that is strategic, goal-based, high-level, and flexible.

    Info-Tech Insight

    Roadmaps for your product family are, by design, less detailed. This does not mean they aren’t actionable! Your product family roadmap should be able to communicate clear intentions around the future delivery of value in both the near and long term.

    Connecting your product family roadmaps to product roadmaps

    Your product and product family roadmaps should be connected at an artifact level that is common between both. Typically, this is done with capabilities, but it can be done at a more granular level if an understanding of capabilities isn’t available.

    Product family roadmap versus Product Roadmaps.

    Develop a product owner stakeholder strategy

    Stakeholder management, Product lifecycle, Project delivery, Operational support.

    Stakeholders are a critical cornerstone to product ownership. They provide the context, alignment, and constraints that influence or control what a product owner can accomplish.

    Product owners operate within a network of stakeholders who represent different perspectives within the organization.

    First, product owners must identify members of their stakeholder network. Next, they should devise a strategy for managing stakeholders.

    Without a stakeholder strategy, product owners will encounter obstacles, resistance, or unexpected changes.

    Create a stakeholder network map to product roadmaps and prioritization

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers, to uncover hidden stakeholders.

    Stakeholder network map defines the influence landscape your product operates. Connectors determine who may be influencing your direct stakeholders.

    Info-Tech Insight

    Your stakeholder map defines the influence landscape your product operates. It is every bit as important as the teams who enhance, support and operate your product directly.

    Use “connectors” to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantive relationships with your stakeholders.

    Being successful at Agile is more than about just doing Agile

    The following represents the hard skills needed to “Do Agile”:

    Being successful at Agile needs 4 hard skills: 1. Engineering skills, 2. Technician Skills, 3. Framework/Process skills, 4. Tools skills.
    • Engineering skills. These are the skills and competencies required for building brand-new valuable software.
    • Technician skills. These are the skills and competencies required for maintaining and operating the software delivered to stakeholders.
    • Framework/Process skills. These are the specific knowledge skills required to support engineering or technician skills.
    • Tools skills. This represents the software that helps you deliver other software.

    While these are important, they are not the whole story. To effectively deliver software, we believe in the importance of being Agile over simply doing Agile.

    Adapted from: “Doing Agile” Is Only Part of the Software Delivery Pie

    Why focus on core skills?

    They are the foundation to achieve business outcomes

    Skills, actions, output and outcomes

    The right skills development is only possible with proper assessment and alignment against outcomes.

    Focus on these real Agile skills

    Agile skills

    • Accountability
    • Collaboration
    • Comfort with ambiguity
    • Communication
    • Empathy
    • Facilitation
    • Functional decomposition
    • Initiative
    • Process discipline
    • Resilience

    Product capabilities deliver value

    As a product owner, you are responsible for managing these facets through your capabilities and activities.

    The core product and value stream consists of: Funding - Product management and governance, Business functionality - Stakeholder and relationship management, and Technology - Product delivery.

    Info-Tech Best Practice

    It is easy to lose sight of what matters when we look at a product from a single point of view. Despite what "The Agile Manifesto" says, working software is not valuable without the knowledge and support that people need in order to adopt, use, and maintain it. If you build it, they will not come. Product owners must consider the needs of all stakeholders when designing and building products.

    Recognize product owner knowledge gaps

    Pulse survey of product owners

    Pulse survey of product owners. Graph shows large percentage of respondents have alignment to common agile definition of product owners. Yet a significant perception gap in P&L, delivery, and analytics.

    Info-Tech Insight

    1. Less than 15% of respondents identified analytics or financial management as a key component of product ownership.
    2. Assess your product owner’s capabilities and understanding to develop a maturity plan.

    Source: Pulse Survey (N=18)

    Implement the Info-Tech product owner capability model

    Unfortunately, most product owners operate with incomplete knowledge of the skills and capabilities needed to perform the role. Common gaps include focusing only on product backlogs, acting as a proxy for product decisions, and ignoring the need for key performance indicators (KPIs) and analytics in both planning and value realization.

    Product Owner capabilities: Vision, Product Lifecycle Management, Leadership, Value Realization

    Vision

    • Market Analysis
    • Business Alignment
    • Product Roadmap

    Leadership

    • Soft Skills
    • Collaboration
    • Decision Making

    Product Lifecycle Management

    • Plan
    • Build
    • Run

    Value Realization

    • KPIs
    • Financial Management
    • Business Model

    Product owner capabilities provide support

    Vision predicts impact of Value realization. Value realization provides input to vision

    Your vision informs and aligns what goals and capabilities are needed to fulfill your product or product family vision and align with enterprise goals and priorities. Each item on your roadmap should have corresponding KPIs or OKRs to know how far you moved the value needle. Value realization measures how well you met your target, as well as the impacts on your business value canvas and cost model.

    Product lifecycle management builds trust with Leadership. Leadership improves quality of Product lifecycle management.

    Your leadership skills improve collaborations and decisions when working with your stakeholders and product delivery teams. This builds trust and improves continued improvements to the entire product lifecycle. A product owner’s focus should always be on finding ways to improve value delivery.

    Product owner capabilities provide support

    Leadership enhances Vision. Vision Guides Product Lifecycle Management. Product Lifecycle Management delivers Value Realization. Leadership enhances Value Realization

    Develop product owner capabilities

    Each capability: Vision, Product lifecycle management, Value realization and Leadership has 3 components needed for successful product ownership.

    Avoid common capability gaps

    Vision

    • Focusing solely on backlog grooming (tactical only)
    • Ignoring or failing to align product roadmap to enterprise goals
    • Operational support and execution
    • Basing decisions on opinion rather than market data
    • Ignoring or missing internal and external threats to your product

    Leadership

    • Failing to include feedback from all teams who interact with your product
    • Using a command-and-control approach
    • Viewing product owner as only a delivery role
    • Acting as a proxy for stakeholder decisions
    • Avoiding tough strategic decisions in favor of easier tactical choices

    Product lifecycle management

    • Focusing on delivery and not the full product lifecycle
    • Ignoring support, operations, and technical debt
    • Failing to build knowledge management into the lifecycle
    • Underestimating delivery capacity, capabilities, or commitment
    • Assuming delivery stops at implementation

    Value realization

    • Focusing exclusively on “on time/on budget” metrics
    • Failing to measure a 360-degree end-user view of the product
    • Skipping business plans and financial models
    • Limiting financial management to project/change budgets
    • Ignoring market analysis for growth, penetration, and threats

    Your product vision is your North Star

    It's ok to dream a little!

    Who is the target customer, what is the key benefit, what do they need, what is the differentiator

    Adapted from: Crossing the Chasm

    Info-Tech Best Practice

    A product vision shouldn’t be so far out that it doesn’t feel real or so short-term that it gets bogged down in minutiae and implementation details. Finding the right balance will take some trial and error and will be different for each organization.

    Leverage the product canvas to state and inform your product vision

    Leverage the product Canvas to state and inform your product vision. Includes: Product name, Tracking info, Vision, List of business objectives or goals, Metrics used to measure value realization, List of groups who consume the product/service, and List of key resources or stakeholders.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    Use a balanced value to establish a common definition of goals and value

    Value drivers are strategic priorities aligned to our enterprise strategy and translated through our product families. Each product and change has an impact on the value driver helping us reach our enterprise goals.

    Importance of the value driver multiplied by the Impact of value score is equal to the Value score.

    Info-Tech Insight

    Your value drivers and impact helps estimate the expected value of roadmap items, prioritize roadmap and backlog items, and identify KPIs and OKRs to measure value realization and actual impact.

    Use CLAIM to guide your journey

    Culture, Learning, Automation, Integrated teams, Metrics and governance.

    Value is best created by self-managing teams who deliver in frequent, short increments supported by leaders who coach them through challenges.

    Product-centric delivery and Agile are a radical change in how people work and think. Structured, facilitated learning is required throughout the transformation to help leaders and practitioners make the shift.

    Product management, Agile, and DevOps have inspired SDLC tools that have become a key part of delivery practices and work management.

    Self-organizing teams that cross business, delivery, and operations are essential to gain the full benefits of product-centric delivery.

    Successful implementations require the disciplined use of metrics that support developing better teams

    Communicate reasons for changes and how they will be implemented

    Five elements of communicating change: What is the change? Why are we doing it? How are we going to go about it? How long will it take us to do it? What will the role be for each department individual?

    Leaders of successful change spend considerable time developing a powerful change message; that is, a compelling narrative that articulates the desired end state, and that makes the change concrete and meaningful to staff.

    The organizational change message should:

    • Explain why the change is needed.
    • Summarize what will stay the same.
    • Highlight what will be left behind.
    • Emphasize what is being changed.
    • Explain how the change will be implemented.
    • Address how change will affect various roles in the organization.
    • Discuss the staff’s role in making the change successful.

    Info-Tech’s methodology for mature and scale product ownership

    Phase steps

    1. Establish the foundation for product ownership

    Step 1.1 Establish an environment for product owner success

    Step 1.2 Establish your product ownership model

    2. Align product owners to products

    Step 2.1 Assign product owners to products

    Step 2.2 Manage stakeholder influence

    3. Mature product owner capabilities

    Step 3.1 Assess your Agile product owner readiness

    Step 3.2 Mature product owner capabilities

    Phase outcomes

    1.1.1 Define enablers and blockers of product management

    1.1.2 Define your product management roles and names

    1.2.1 Identify your primary product owner perspective

    1.2.2 Define your product owner RACI

    2.1.1 Assign resources to your products and families

    2.2.1 Visualize relationships to identify key influencers

    2.2.2 Group stakeholders into categories

    2.2.3 Prioritize your stakeholders

    3.1.1 Assess your real Agile skill proficiency

    3.2 Mature product owner capabilities

    3.2.1 Assess your vision capability proficiency

    3.2.2 Assess your leadership capability proficiency

    3.2.3 Assess your PLM capability proficiency

    3.2.4 Identify your business value drivers and sources of value

    3.2.5 Assess your value realization capability proficiency

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    Key deliverable

    Mature and Scale Product Ownership Playbook

    Capture and organize the outcomes of the activities in the workbook.

    Mature and Scale Product Ownership Workbook

    The workbook helps organize and communicate the outcomes of each activity.

    Mature and Scale Product Ownership Readiness Assessment

    Determine your level of mastery of real Agile skills and product owner capabilities.


    Blueprint benefits

    IT benefits

    • Competent product owner who can support teams operating in any delivery methodology.
    • Representative viewpoint and input from the technical and operational product owner perspectives.
    • Products aligned to business needs and committed work are achievable.
    • Single point of contact with a business representative.
    • Acceptance of product owner role outside the Scrum teams.

    Business benefits

    • Better alignment to enterprise goals, vision, and outcomes.
    • Improved coordination with stakeholders.
    • Quantifiable value realization tied to vision.
    • Product decisions made at the right time and with the right input.
    • Product owner who has the appropriate business, operations, and technical knowledge.

    Measure the value of this blueprint

    Align product owner metrics to product delivery and value realization.

    Member outcome

    Suggested Metric

    Estimated impact
    Increase business application satisfaction Satisfaction of business applications (CIO BV Diagnostic) 20% increase within one year after implementation
    Increase effectiveness of application portfolio management Effectiveness of application portfolio management (M&G Diagnostic) 20% increase within one year after implementation
    Increase importance and effectiveness of application portfolio Importance and effectiveness to business (APA Diagnostic) 20% increase within one year after implementation
    Increase satisfaction of support of business operations Support to business (CIO BV Diagnostic) 20% increase within one year after implementation
    Successfully deliver committed work (productivity) Number of successful deliveries; burndown Reduction in project implementation overrun by 20%

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project"

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Establish the Foundation for Product Ownership

    Phase 2 Align Product Owners to Products

    Phase 3 Mature Product Owner Capabilities
    • Call #1:
      Scope objectives and your specific challenges
    • Call #2:
      Step 1.1 Establish an environment for product owner success
      Step 1.2 Establish your product ownership model
    • Call #3:
      Step 2.1 Assign product owners to products
    • Call #4:
      Step 2.2 Manage stakeholder influence
    • Call #5:
      Step 3.1 Assess your Agile product owner readiness
    • Call #6:
      Step 3.2 Mature product owner capabilities

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 and 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Phase 1

    Phase 2

    Phase 3

    Activities

    Establish the Foundation for Product Ownership

    Step 1.1 Establish an environment for product owner success

    1.1.1 Define enablers and blockers of product management

    1.1.2 Define your product management roles and names

    1.1.3 Assess your product management readiness

    Step 1.2 Establish your product ownership model

    1.2.1 Identify your primary product owner perspective

    1.2.2 Define your product owner RACI

    Align Product Owners to Products

    Step 2.1 Assign product owners to products

    2.1.1 Assign resources to your products and families

    Step 2.2 Manage stakeholder influence

    2.2.1 Visualize relationships to identify key influencers

    2.2.2 Group stakeholders into categories

    2.2.3 Prioritize your stakeholders

    Mature Product Owner Capabilities

    Step 3.1 Assess your Agile product owner readiness

    3.1.1 Assess your real Agile skill proficiency

    Step 3.2 Mature product owner capabilities=

    3.2.1 Assess your Vision capability proficiency

    3.2.2 Assess your Leadership capability proficiency

    3.2.3 Assess your PLM capability proficiency

    3.2.4 Identify your business value drivers and sources of value

    3.2.5 Assess your Value Realization capability proficiency

    Deliverables

    1. Enablers and blockers
    2. Role definitions
    3. Product culture readiness
    4. Product owner perspective mapping
    5. Product owner RACI
    1. Product resource assignment
    2. Stakeholder management strategy
    1. Real Agile skill proficiency assessment
    2. Info-Tech’s product owner capability model proficiency assessment
    3. Business value drivers and sources of value

    Related Info-Tech Research

    Product delivery

    Deliver on Your Digital Product Vision

    Build a product vision your organization can take from strategy through execution.

    Deliver Digital Products at Scale

    Deliver value at the scale of your organization through defining enterprise product families.

    Build Your Agile Acceleration Roadmap

    Quickly assess the state of your Agile readiness and plan your path forward to higher value realization.

    Develop Your Agile Approach for a Successful Transformation

    Understand Agile fundamentals, principles, and practices so you can apply them effectively in your organization.

    Implement DevOps Practices That Work

    Streamline business value delivery through the strategic adoption of DevOps practices.

    Extend Agile Practices Beyond IT

    Further the benefits of Agile by extending a scaled Agile framework to the business.

    Build Your BizDevOps Playbook

    Embrace a team sport culture built around continuous business-IT collaboration to deliver great products.

    Embed Security Into the DevOps Pipeline

    Shift security left to get into DevSecOps.

    Spread Best Practices With an Agile Center of Excellence

    Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Enable Organization-Wide Collaboration by Scaling Agile

    Execute a disciplined approach to rolling out Agile methods in the organization.

    Related Info-Tech Research

    Application portfolio management

    APM Research Center

    See an overview of the APM journey and how we can support the pieces in this journey.

    Application Portfolio Management Foundations

    Ensure your application portfolio delivers the best possible return on investment.

    Streamline Application Maintenance

    Effective maintenance ensures the long-term value of your applications.

    Streamline Application Management

    Move beyond maintenance to ensuring exceptional value from your apps.

    Build an Application Department Strategy

    Delivering value starts with embracing what your department can do.

    Embrace Business-Managed Applications

    Empower the business to implement its own applications with a trusted business-IT relationship.

    Optimize Applications Release Management

    Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Related Info-Tech Research

    Value, delivery metrics, estimation

    Build a Value Measurement Framework

    Focus product delivery on business value-driven outcomes.

    Select and Use SDLC Metrics Effectively

    Be careful what you ask for, because you will probably get it.

    Application Portfolio Assessment: End User Feedback

    Develop data-driven insights to help you decide which applications to retire, upgrade, re-train on, or maintain to meet the demands of the business.

    Create a Holistic IT Dashboard

    Mature your IT department by measuring what matters.

    Refine Your Estimation Practices With Top-Down Allocations

    Don’t let bad estimates ruin good work.

    Estimate Software Delivery With Confidence

    Commit to achievable software releases by grounding realistic expectations.

    Reduce Time to Consensus With an Accelerated Business Case

    Expand on the financial model to give your initiative momentum.

    Optimize Project Intake, Approval, and Prioritization

    Deliver more projects by giving yourself the voice to say “no” or “not yet” to new projects.

    Enhance PPM Dashboards and Reports

    Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Related Info-Tech Research

    Organizational design and performance

    Redesign Your IT Organizational Structure

    Focus product delivery on business value-driven outcomes.

    Build a Strategic Workforce Plan

    Have the right people in the right place, at the right time.

    Implement a New Organizational Structure

    Reorganizations are inherently disruptive. Implement your new structure with minimal pain for staff while maintaining IT performance throughout the change.

    Build an IT Employee Engagement Program

    Don’t just measure engagement, act on it.

    Set Meaningful Employee Performance Measures

    Set holistic measures to inspire employee performance.

    Phase 1

    Establish the Foundation for Product Ownership

    Phase 1: Establish an environment for product owner success, Establish your product ownership model

    Mature and Scale Product Ownership

    This phase will walk you through the following activities:

    1.1.1 Define enablers and blockers of product management

    1.1.2 Define your product management roles and names

    1.1.3 Assess your product management readiness

    1.2.1 Identify your primary product owner perspective

    1.2.2 Define your product owner RACI

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Step 1.1

    Establish an environment for product owner success

    Activities

    1.1.1 Define enablers and blockers of product management

    1.1.2 Define your product management roles and names

    1.1.3 Assess your product management readiness

    Establish the foundation for product ownership

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Outcomes of this step

    • Enablers and blockers
    • Role definitions

    Empower product owners as the true owners of their product

    Product ownership requires decision-making authority and accountability for the value realization from those decisions. POs are more than a proxy for stakeholders, aggregators for changes, and the communication of someone else’s priorities.

    “A Product Owner in its most beneficial form acts like an Entrepreneur, like a 'mini-CEO'. The Product Owner is someone who really 'owns' the product.”

    – Robbin Schuurman,
    “Tips for Starting Technical Product Managers”

    Info-Tech Best Practice

    Implement Info-Tech’s Product Owner Capability Model to help empower and hold product owners accountable for the maturity and success of their product. The product owner must understand how their product fits into the organization’s mission and strategy in order to align to enterprise value.

    Product and service owners share the same foundation and capabilities

    For the purpose of this blueprint, product/service and product owner/service owner are used interchangeably. The term “product” is used for consistency but applies to services, as well.

    Product = Service

    Common foundations: Focus on continuous improvement, ROI, and value realization. Clear vision, goals, roadmap, and backlog.

    “Product” and “service” are terms that each organization needs to define to fit its culture and customers (internal and external). The most important aspect is consistent use and understanding of:

    • External products
    • Internal products
    • External services
    • Internal services
    • Products as a service (PaaS)
    • Productizing services (SaaS)

    Define product ownership to match your culture and customers

    Characteristics of a discrete product:

    • Has end users or consumers
    • Delivers quantifiable value
    • Evolves or changes over time
    • Has predictable delivery
    • Has definable boundaries
    • Has a cost to produce and operate
    • Has a discrete backlog and roadmap of improvements

    What does not need a product owner?

    • Individual features
    • Transactions
    • Unstructured data
    • One-time solutions
    • Non-repeatable processes
    • Solutions that have no users or consumers
    • People or teams

    Info-Tech Insight

    • Products are long-term endeavors that don’t end after the project finishes.
    • Products mature and improve their ability to deliver value.
    • Products have a discrete backlog of changes to improve the product itself, separate from operational requests fulfilled by the product or service.

    Need help defining your products or services? Download our blueprint Deliver Digital Products at Scale.

    Connect roadmaps to value realization with KPIs

    Every roadmap item should have an expected realized value once it is implemented. The associate KPIs or OKRs determine if our goal was met. Any gap in value feedback back into the roadmap and backlog refinement.</p data-verified=

    " loading="lazy">

    Info-Tech Insight

    Every roadmap item should have an expected realized value once it is implemented. The associate KPIs or OKRs determine if our goal was met. Any gap in value feedback back into the roadmap and backlog refinement.

    Identify the differences between a project-centric and a product-centric organization

    Differences between Project centric and Product centric organizations in regards to: Funding, Prioritization, Accountability, Product management, Work allocation, and Capacity management.

    Info-Tech Insight

    Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that support improving end-user value and enterprise alignment.

    Projects can be a mechanism for funding product changes and improvements

    Projects lifecycle, hybrid lifecycle and product lifecycle. Period or periods of project development have parallel services that encompass a more product-based view.

    Projects withing products

    Regardless of whether you recognize yourself as a product-based or project-based shop, the same basic principles should apply.

    You go through a period or periods of project-like development to build a version of an application or product.

    You also have parallel services along with your project development, which encompasses a more product-based view. These may range from basic support and maintenance to full-fledged strategy teams or services like sales and marketing.

    Recognize common barriers to product management

    The transition to product ownership is a series of behavioral and cultural changes supported by processes and governance. It takes time and consistency to be successful.

    • Command and control structures
    • Lack of ownership and accountability
    • High instability in the market, demand, or organization
    • Lack of dedicated teams align to delivery, service, or product areas
    • Culture of one-off projects
    • Lack of identified and engaged stakeholders
    • Lack of customer exposure and knowledge

    Agile’s four core values

    “…while there is value in the items on the right, we value the items on the left more.”

    Source: “The Agile Manifesto”

    We value...

    We value being agile: Individuals and interactions, Working Software, Customer collaboration, Responding to change. Versus being prescriptive: Processes and tools, Comprehensive documentation, Contract negotiation, following a plan.

    Exercise 1.1.1 Define enablers and blockers of product management

    1 hour
    1. Identify and mitigate blockers of product management in your organization.
    2. What enablers will support strong product owners?
    3. What blockers will make the transition to product management harder?
    4. For each blocker, also define at least one mitigating step.
    Define enablers e.g. team culture. Define blockers and at least one mitigating step

    Output

    • Enablers and blockers

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Align enterprise value through product families

    Product families are operational groups based on capabilities or business functions. Product family managers translate goals, priorities, and constraints so they are actionable at the next level. Product owners prioritize changes to enhance the capabilities that allow you to realize your product family. Enabling capabilities realize value and help reach your goals.

    Effective product delivery requires thinking about more than just a single product

    Good application and product management begins with strengthening good practices for a single or small set of applications, products, and services.

    Product portfolio

    Groups of product families within an overall value stream or capability grouping.

    Project portfolio manager

    Product family

    A collection of related products. Products can be grouped along architectural, functional, operational, or experiential patterns.

    Product family manager

    Product

    Single product composed of one or more applications and services.

    Product owner

    Info-Tech Insight

    Define the current roles that will perform the product management function or define consistent role names to product owners and managers.

    Exercise 1.1.2 Define your product management roles and names

    1-2 hour
    1. Identify the roles in which product management activities will be owned.
    2. Define a common set of role names and describe the role.
    3. Map the level of accountability for each role: Product or Product Family
    4. Product owner perspectives will be defined in the next step.

    Define roles, description and level of product accountability.

    Output

    • Role definitions

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Use CLAIM to guide your journey

    Culture, Learning, Automation, Integrated teams, Metrics and governance.

    Value is best created by self-managing teams who deliver in frequent, short increments supported by leaders who coach them through challenges.

    Product-centric delivery and Agile are a radical change in how people work and think. Structured, facilitated learning is required throughout the transformation to help leaders and practitioners make the shift.

    Product management, Agile, and DevOps have inspired SDLC tools that have become a key part of delivery practices and work management.

    Self-organizing teams that cross business, delivery, and operations are essential to gain the full benefits of product-centric delivery.

    Successful implementations require the disciplined use of metrics that support developing better teams

    Exercise 1.1.3 Assess your product management readiness

    1 hour
    1. Open and complete the Mature and Scale Product Ownership Readiness Assessment in your Playbook or the provided Excel tool.
    2. Discuss high and low scores for each area to reach a consensus.
    3. Record your results in your Playbook.

    Assess your culture, learning, automation, Integrated teams, metrics and governance.

    Output

    • Assessment of product management readiness based on Info-Tech’s CLAIM+G model.

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Readiness Assessment.

    Communicate reasons for changes and how they will be implemented

    Five elements of communicating change: What is the change? Why are we doing it? How are we going to go about it? How long will it take us to do it? What will the role be for each department individual?

    Leaders of successful change spend considerable time developing a powerful change message; that is, a compelling narrative that articulates the desired end state, and that makes the change concrete and meaningful to staff.

    The organizational change message should:

    Step 1.2

    Establish your product ownership model

    Activities

    1.2.1 Identify your primary product owner perspective

    1.2.2 Define your product owner RACI

    Establish the foundation for product ownership

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Outcomes of this step

    • Product owner perspective mapping
    • Product owner RACI

    Recognize the product owner perspectives

    The 3 product owner perspectives. 1. Business: Customer-facing, value-generating. 2. Technical: IT systems and tools. 3. Operations: Keep-the-lights-on processes.

    Product owners represent one of three primary perspectives. Although all share the same capabilities, how they approach their responsibilities is influenced by their primary perspective.

    Info-Tech Best Practice

    Product owners must translate needs and constraints from their perspective into the language of their audience. Kathy Borneman, Digital Product Owner at SunTrust Bank, noted the challenges of finding a common language between lines of business and IT (e.g. what is a unit?).

    Identify and align to product owner perspectives to ensure product success

    Product owner perspectives

    The 3 product owner perspectives. 1. Business: Customer-facing, value-generating. 2. Technical: IT systems and tools. 3. Operations: Keep-the-lights-on processes.
    1. Each product owner perspective provides important feedback, demand, and support for the product.
    2. Where a perspective is represented by a distinct role, the perspective is managed with that product owner.
    3. If separate roles don’t exist, the product owner must evaluate their work using two or three perspectives.
    4. The ultimate success of a product, and therefore product owner, is meeting the end-user value of the business product owner, tool support of the technical product owner, and manual processing support of the operations product owner.

    Line of business (LOB) product owners

    LOB product owners focus on the products and services consumed by the organization’s external consumers and users. The role centers on the market needs, competitive landscape, and operational support to deliver products and services.

    Business perspective

    • Alignment to enterprise strategy and priorities
    • Growth: market penetration and/or revenue
    • Perception of product value
    • Quality, stability, and predictability
    • Improvement and innovation
    • P&L
    • Market threats and opportunities
    • Speed to market
    • Service alignment
    • Meet or exceed individual goals

    Relationship to Operations

    • Customer satisfaction
    • Speed of delivery and manual processing
    • Continuity

    Relationship to Technical

    • Enabler
    • Analysis and insight
    • Lower operating and support costs

    Technical product owners

    Technical product owners are responsible for the IT systems, tools, platforms, and services that support business operations. Often they are identified as application or platform managers.

    Technical perspective

    • Application, application suite, or group of applications
    • Core platforms and tools
    • Infrastructure and networking
    • Third-party technology services
    • Enable business operations
    • Direct-to-customer product or service
    • Highly interconnected
    • Need for continuous improvement
    • End-of-life management
    • Internal value proposition and users

    Relationship to Business

    • Direct consumers
    • End users
    • Source of funding

    Relationship to Operations

    • End users
    • Process enablement or automation
    • Support, continuity, and manual intervention

    Operations (service) product owners

    Operational product owners focus on the people, processes, and tools needed for manual processing and decisions when automation is not cost-effective. Operational product owners are typically called service owners due to the nature of their work.

    Operational perspective

    • Business enablement
    • Continuity
    • Problem, incident, issue resolution
    • Process efficiency
    • Throughput
    • Error/defect avoidance
    • Decision enablement
    • Waste reduction
    • Limit time in process
    • Disaster recovery

    Relationship to Business

    • Revenue enablement
    • Manual intervention and processing
    • End-user satisfaction

    Relationship to Technical

    • Process enabler
    • Performance enhancement
    • Threat of automation

    Exercise 1.2.1 Identify your primary product owner perspective

    1 hour
    1. Identify which product owner perspective represents your primary focus.
    2. Determine where the other perspectives need to be part of your product roadmap or if they are managed by other product owners.

    Identify product/service name, identify product owner perspective, determine if other perspectives need to be part of roadmap.

    Output

    • Identification of primary product owner perspective.

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Realign differences between project managers and product owners

    Differences between Project Manager and Product Owners in regards to: Funding, Prioritization, Accountability, Product management, Work allocation, and Capacity management.

    Manage and communicate key milestones

    Successful product owners understand and define the key milestones in their product delivery lifecycles. These need to be managed along with the product backlog and roadmap.

    Define key milestones and their product delivery life-cycles.

    Info-Tech Best Practice

    Product ownership isn’t just about managing the product backlog and development cycles. Teams need to manage key milestones such as learning milestones, test releases, product releases, phase gates, and other organizational checkpoints.

    Define who manages each key milestone

    Key milestones must be proactively managed. If a project manager is not available, those responsibilities need to be managed by the product owner or Scrum Master. Start with responsibility mapping to decide which role will be responsible.

    Example milestones and Project Manager, Product Owner and Team Facilitator.

    *Scrum Master, Delivery Manager, Team Lead

    Exercise 1.2.2 Define your product owner RACI

    60 minutes
    1. Review your product and project delivery methodologies to identify key milestones (including approvals, gates, reviews, compliance checks, etc.). List each milestone on a flip chart or whiteboard.
    2. For each milestone, define who is accountable for the completion.
    3. For each milestone, define who is responsible for executing the milestone activity. (Who does the work that allows the milestone to be completed?)
    4. Review any responsibility and accountability gaps and identify opportunities to better support and execute your operating model.
    5. If you previously completed Deliver Digital Products at Scale , review and update your RACI in the Mature and Scale Product Ownership Workbook .

    Define: Milestones, Project Manager, Product/service owner, Team Facilitator, and Other roles.

    Output

    • Product owner RACI

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Phase 2

    Align Product Owners to Products

    Phase 2: Assign product owners to products, Manage stakeholder influence

    Mature and Scale Product Ownership

    This phase will walk you through the following activities:

    2.1.1 Assign resources to your products and families

    2.2.1 Visualize relationships to identify key influencers

    2.2.2 Group stakeholders into categories

    2.2.3 Prioritize your stakeholders

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Step 2.1

    Assign product owners to products

    Activities

    2.1.1 Assign resources to your products and families

    Align product owners to products

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Outcomes of this step

    • Product resource assignment

    Match your product management role definitions to your product family levels

    Using the role definitions, you created in Exercise 1.1.2, determine which roles correspond to which levels of your product families.

    Product portfolio

    Groups of product families within an overall value stream or capability grouping.

    Project portfolio manager

    Product family

    A collection of related products. Products can be grouped along architectural, functional, operational, or experiential patterns.

    Product family manager

    Product

    Single product composed of one or more applications and services.

    Product owner

    Info-Tech Insight

    Define the current roles that will perform the product management function or define consistent role names to product owners and managers.

    Assign resources throughout your product families

    Project families are owned by a product manager. Product owners own each product that has a distinct backlog.

    Info-Tech Insight

    • Start by assigning resources to each product or product family box.
    • A product owner can be responsible for more than one product.
    • Ownership of more than one product does not mean they share the same backlog.
    • For help organizing your product families, please download Deliver Digital Products at Scale.

    Understand special circumstances

    In Deliver Digital Products at Scale , products were grouped into families using Info-Tech’s five scaling patterns. Assigning owners to Enterprise Applications and Shared Services requires special consideration.

    Value stream alignment

    • Business architecture
      • Value stream
      • Capability
      • Function
    • Market/customer segment
    • Line of business (LoB)
    • Example: Customer group > value stream > products

    Enterprise applications

    • Enabling capabilities
    • Enterprise platforms
    • Supporting apps
    • Example: HR > Workday/Peoplesoft > Modules Supporting: Job board, healthcare administrator

    Shared Services

    • Organization of related services into service family
    • Direct hierarchy does not necessarily exist within the family
    • Examples: End-user support and ticketing, workflow and collaboration tools

    Technical

    • Domain grouping of IT infrastructure, platforms, apps, skills, or languages
    • Often used in combination with Shared Services grouping or LoB-specific apps
    • Examples: Java, .NET, low-code, database, network

    Organizational alignment

    • Used at higher levels of the organization where products are aligned under divisions
    • Separation of product managers from organizational structure is no longer needed because the management team owns the product management role

    Map the source of demand to each product

    With enterprise applications and shared services, your demand comes from other product and service owners rather than end customers in a value stream.

    Enterprise applications

    • Primary demand comes from the operational teams and service groups using the platform.
    • Each group typically has processes and tools aligned to a module or portion of the overall platform.
    • Product owners determine end-user needs to assist with process improvement and automation.
    • Product family managers help align roadmap goals and capabilities across the modules and tools to ensure consistency and the alignment of changes.

    Shared services

    • Primary demand for shared services comes from other product owners and service managers whose solution or application is dependent on the shared service platform.
    • Families are grouped by related themes (e.g. workflow tools) to increase reusability, standard enterprise solutions, reduced redundancy, and consistent processes across multiple teams.
    • Product owners manage the individual applications or services within a family.

    Pattern: Enterprise applications

    A division or group delivers enabling capabilities and the team’s operational alignment maps directly to the modules/components of an enterprise application and other applications that support the specific business function.

    Workforce Management, Strategic HR, Talent Management, Core HR

    Example:

    • Human resources is one corporate function. Within HR, however, there are subfunctions that operate independently.
    • Each operational team is supported by one or more applications or modules within a primary HR system.
    • Even though the teams work independently, the information they manage is shared with, or ties into processes used by other teams. Coordination of efforts helps provide a higher level of service and consistency.

    For additional information about HRMS, please download Get the Most Out of Your HRMS.

    Assigning owners to enterprise applications

    Align your enterprise application owners to your operating teams that use the enterprise applications. Effectively, your service managers will align with your platform module owners to provide integrated awareness and planning.

    Family manager (top-level), Family managers (second-level) and Product owners.

    Pattern: Shared services

    Grouping by service type, knowledge area, or technology allows for specialization while families align service delivery to shared business capabilities.

    Grouping by service type, knowledge area, or technology allows for specialization while families align service delivery to shared business capabilities.

    Example:

    • Recommended for governance, risk, and compliance; infrastructure; security; end-user support; and shared platforms (workflow, collaboration, imaging/record retention). Direct hierarchies do not necessarily exist within the shared service family.
    • Service groupings are common for service owners (also known as support managers, operations managers, etc.).
    • End-user ticketing comes through a common request system, is routed to the team responsible for triage, and then is routed to a team for resolution.
    • Collaboration tools and workflow tools are enablers of other applications, and product families might support multiple apps or platforms delivering that shared capability.

    Assigning owners to shared services

    Assign owners by service type, knowledge area, or technology to provide alignment of shared business capabilities and common solutions.

    Family manager (top-level), Family managers (second-level) and Product owners.

    Map sources of demand and influencers

    Use the stakeholder analysis to define the key stakeholders and sources of demand for enterprise applications and shared services. Extend your mapping to include their stakeholders and influencers to uncover additional sources of demand and prioritization.

    Map of key stakeholders for enterprise applications and shared services.

    Info-Tech Insight

    Your product owner map defines the influence landscape your product operates. It is every bit as important as the teams who enhance, support, and operate your product directly.

    Combine your product owner map with your stakeholder map to create a comprehensive view of influencers.

    Exercise 2.1.1 Assign resources to your products and families

    1-4 hours
    1. Use the product families you completed in Deliver Digital Products at Scale to determine which products and product families need a resource assigned. Where the same resource fills more than one role, they are the product owner or manager for each independently.
    2. Product families that are being managed as products (one backlog for multiple products) should have one owner until the family is split into separate products later.
    3. For each product and family, define the following:
      • Who is the owner (role or person)?
      • Is ownership clearly defined?
      • Are there other stakeholders who make decisions for the product?
    4. Record the results in the Mature and Scale Product Ownership Workbook on the Product Owner Mapping worksheet.

    Output

    • Product owner and manager resource alignment.

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Step 2.2

    Manage stakeholder influence

    Activities

    2.2.1 Visualize relationships to identify key influencers

    2.2.2 Group stakeholders into categories

    2.2.3 Prioritize your stakeholders

    Align product owners to products

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Outcomes of this step

    • Stakeholder management strategy

    Develop a product owner stakeholder strategy

    Stakeholder management, Product lifecycle, Project delivery, Operational support.

    Stakeholders are a critical cornerstone to product ownership. They provide the context, alignment, and constraints that influence or control what a product owner can accomplish.

    Product owners operate within a network of stakeholders who represent different perspectives within the organization.

    First, product owners must identify members of their stakeholder network. Next, they should devise a strategy for managing stakeholders.

    Without a stakeholder strategy, product owners will encounter obstacles, resistance, or unexpected changes.

    Create a stakeholder network map to product roadmaps and prioritization

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Create a stakeholder network map to product roadmaps and prioritization. Use connectors to determine who may be influencing your direct stakeholders.

    Info-Tech Insight

    Your stakeholder map defines the influence landscape your product operates. It is every bit as important as the teams who enhance, support, and operate your product directly.

    Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantive relationships with your stakeholders.

    Exercise 2.2.1 Visualize relationships to identify key influencers

    1 hour
    1. List direct stakeholders for your product.
    2. Determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
    3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
    4. Construct a diagram linking stakeholders and their influencers together.
      • Use black arrows to indicate the direction of professional influence.
      • Use dashed green arrows to indicate informal bidirectional influence relationships.
    5. Record the results in the Mature and Scale Product Ownership Workbook .

    Output

    • Relationships among stakeholders and influencers

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Categorize your stakeholders with a prioritization map

    A stakeholder prioritization map helps product owners categorize their stakeholders by their level of influence and ownership in the product and/or teams.

    Influence versus Ownership/Interest

    There are four areas on the map, and the stakeholders within each area should be treated differently.

    • Players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediments to the objectives.
    • Mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.
    • Noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively but have little ability to enact their wishes.
    • Spectators are generally apathetic and have little influence over or interest in the initiative.

    Exercise 2.2.2 Group stakeholders into categories

    1 hour
    1. Identify your stakeholders’ interest in and influence on your Agile implementation as high, medium, or low by rating the attributes below.
    2. Map your results to the model below to determine each stakeholder’s category.
    3. Record the results in the Mature and Scale Product Ownership Workbook .

    Influence versus Ownership/Interest with CMO, CIO and Product Manager in assigned areas.

    Output

    • Categorization of stakeholders and influencers

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Prioritize your stakeholders

    There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

    Stakeholder category versus level of support.

    Consider the three dimensions of stakeholder prioritization: influence, interest, and support. Support can be determined by rating the following question: How likely is it that your stakeholder would recommend your product? These parameters are used to prioritize which stakeholders are most important and should receive your focused attention. The table to the right indicates how stakeholders are ranked.

    Exercise 2.2.3 Prioritize your stakeholders

    1 hour
    1. Identify the level of support of each stakeholder by answering the following question: How likely is it that your stakeholder would endorse your product?
    2. Prioritize your stakeholders using the prioritization scheme on the previous slide.
    3. Record the results in the Mature and Scale Product Ownership Workbook .

    Stakeholder, Category, level of support, prioritization.

    Output

    • Stakeholder and influencer prioritization

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Define strategies for engaging stakeholders by type

    Authority Vs. Ownership/Interest.

    Type

    Quadrant

    Actions

    Players

    		 High influence, high interest – actively engage Keep them updated on the progress of the project. Continuously involve players in the process and maintain their engagement and interest by demonstrating their value to its success.

    Mediators

    		 High influence, low interest – keep satisfied They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.

    Noisemakers

    		 Low influence, high interest – keep informed Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using mediators to help them.

    Spectators

    		 Low influence, low interest – monitor They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    Info-Tech Insight

    Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying your stakeholder groups, the product owner can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy spectators and noisemakers while ensuring the needs of mediators and players are met.

    Phase 3

    Mature Product Owner Capabilities

    Phase 3: Assess your Agile product owner readiness, Mature product owner capabilities.

    Mature and Scale Product Ownership

    This phase will walk you through the following activities:

    3.1.1 Assess your real Agile skill proficiency

    3.2.1 Assess your vision capability proficiency

    3.2.2 Assess your leadership capability proficiency

    3.2.3 Assess your PLM capability proficiency

    3.2.4 Identify your business value drivers and sources of value

    3.2.5 Assess your value realization capability proficiency

    This phase involves the following participants:

    • Product owners
    • Product managers

    Step 3.1

    Assess your Agile product owner readiness

    Activities

    3.1.1 Assess your real Agile skill proficiency

    Mature product owner capabilities

    This step involves the following participants:

    • Product owners
    • Product managers

    Outcomes of this step

    • Real Agile skill proficiency assessment

    Why focus on core skills?

    They are the foundation to achieve business outcomes

    Skills, actions, output and outcomes

    The right skills development is only possible with proper assessment and alignment against outcomes.

    Being successful at Agile is more than about just doing Agile

    The following represents the hard skills needed to “Do Agile”:

    Being successful at Agile needs 4 hard skills: 1. Engineering skills, 2. Technician Skills, 3. Framework/Process skills, 4. Tools skills.

    • Engineering skills. These are the skills and competencies required for building brand-new valuable software.
    • Technician skills. These are the skills and competencies required for maintaining and operating the software delivered to stakeholders.
    • Framework/Process skills. These are the specific knowledge skills required to support engineering or technician skills.
    • Tools skills. This represents the software that helps you deliver other software.

    While these are important, they are not the whole story. To effectively deliver software, we believe in the importance of being Agile over simply doing Agile.

    Adapted from: “Doing Agile” Is Only Part of the Software Delivery Pie

    Focus on these real Agile skills

    Agile skills

    • Accountability
    • Collaboration
    • Comfort with ambiguity
    • Communication
    • Empathy
    • Facilitation
    • Functional decomposition
    • Initiative
    • Process discipline
    • Resilience

    Info-Tech research shows these are the real Agile skills to get started with

    Skill Name

    Description

    Accountability

    		 Refers to the state of being accountable. In an Agile context, it implies transparency, dedication, acting responsibly, and doing what is necessary to get the job done.

    Collaboration

    		Values diverse perspectives and working with others to achieve the best output possible. Effective at working toward individual, team, department, and organizational goals.

    Comfort with ambiguity

    		Allows you to confidently take the next steps when presented with a problem without having all the necessary information present.

    Communication

    		Uses different techniques to share information, concerns, or emotions when a situation arises, and it allows you to vary your approach depending on the current phase of development.

    Empathy

    		Is the ability to understand and share the feelings of another to better serve your team and your stakeholders.

    Facilitation

    		Refers to guiding and directing people through a set of conversations and events to learn and achieve a shared understanding.

    Functional decomposition

    		Is being able to break down requirements into constituent epics and stories.

    Initiative

    		Is being able to anticipate challenges and then act on opportunities that lead to better business outcomes.

    Process discipline

    		Refers to the focus of following the right steps for a given activity at the right time to achieve the right outcomes.

    Resilience

    		Refers to the behaviors, thoughts, and actions that allow a person to recover from stress and adversity.

    Accountability

    An accountable person:

    • Takes ownership of their own decisions and actions and is responsible for the quality of results.
    • Recognizes personal accountabilities to others, including customers.
    • Works well autonomously.
    • Ensures that the mutual expectations between themselves and others are clearly defined.
    • Takes the appropriate actions to ensure that obligations are met in a timely manner.
    • As a leader, takes responsibility for those being led.

    Accountability drives high performance in teams and organizations

    • The performance level of teams depends heavily on accountability and who demonstrates it:
      • In weak teams, there is no accountability.
      • In mediocre teams, supervisors demonstrate accountability.
      • In high-performance teams, peers manage most performance problems through joint accountability. (Grenny, 2014)
    • According to Bain & Company, accountability is the third most important attribute of high-performing companies. Some of the other key attributes include honest, performance-focused, collaborative, and innovative. (Mankins, 2013)

    All components of the employee empowerment driver have a strong, positive correlation with engagement.

    Employee empowerment and Correlation with engagement.

    Source: McLean & Company Engagement Database, 2018; N=71,794

    Accountability

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength
    • Alerts others to possible problems in a timely manner.
    • Seeks appropriate support to solve problems.
    • Actively contributes to the creation and evaluation of possible solutions.
    • Acts on solutions selected and decisions made as directed.
    • Makes effective decisions about how to complete work tasks.
    • Demonstrates the capability of breaking down concrete issues into parts and synthesizing information succinctly.
    • Collects and analyzes information from a variety of sources.
    • Seeks information and input to fully understand the cause of problems.
    • Takes action to address obstacles and problems before they impact performance and results.
    • Initiates the evaluation of possible solutions to problems.
    • Makes effective decisions about work task prioritization.
    • Appropriately assesses risks before deciding.
    • Effectively navigates through ambiguity, using multiple data points to analyze issues and identify trends.
    • Does not jump to conclusions.
    • Draws logical conclusions and provides opinions and recommendations with confidence.
    • Takes ownership over decisions and their consequences.
    • Demonstrates broad knowledge of information sources that can be used to assess problems and make decisions.
    • Invests time in planning, discovery, and reflection to drive better decisions.
    • Effectively leverages hard data as inputs to making decisions.
    • Garners insight from abstract data and makes appropriate decisions.
    • Coaches others in effective decision-making practices.
    • Has the authority to solve problems and make decisions.
    • Thinks several steps ahead in deciding the best course of action, anticipating likely outcomes, risks, or implications.
    • Establishes metrics to aid in decision-making, for self and teams
    • Prioritizes objective and ambiguous information and analyzes this when making decisions.
    • Solicits a diverse range of opinions and perspectives as inputs to decision making.
    • Applies frameworks to decision making, particularly in situations that have little base in prior experience.
    • Makes effective decisions about organizational priorities.
    • Holds others accountable for their decisions and consequences.
    • Creates a culture of empowerment and trust to facilitate effective problem solving and decision making.
    • Makes sound decisions that have organization-wide consequences and that influence future direction.

    Collaboration as a skill

    The principles and values of Agile revolve around collaboration.

    • Works well with others on specialized and cross-functional teams.
    • Can self-organize while part of a team.
    • Respects the commitments that others make.
    • Identifies and articulates dependencies.
    • Values diverse perspectives and works with others to achieve the best output possible.
    • Effective at working toward individual, team, department, and organizational goals.
    The principles and values of Agile revolve around collaboration. Doing what was done before (being prescriptive), going though the motions (doing Agile), living the principles (being Agile)

    Collaboration

    The Agile Manifesto has three principles that focus on collaboration:

    1. The business and developers must work together daily throughout the project.
    2. Build projects around motivated individuals. Give them the environment and support they need and trust them to get the job done.
    3. The most efficient and effective method of conveying information to and within a development team is face-to-face conversation.

    Effective collaboration supports Agile behaviors, including embracing change and the ability to work iteratively.

    Collaboration

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Understands role on the team and the associated responsibilities and accountabilities.
    • Treats team members with respect.
    • Contributes to team decisions and to the achievement of team goals and objectives.
    • Demonstrates a positive attitude.
    • Works cross-functionally to achieve common goals and to support the achievement of other team/department goals.
    • Values working in a diverse team and understands the importance of differing perspectives to develop unique solutions or ideas.
    • Fosters team camaraderie, collaboration, and cohesion.
    • Understands the impact of one's actions on the ability of team members to do their jobs.
    • Respects the differences other team members bring to the table by openly seeking others' opinions.
    • Helps the team accomplish goals and objectives by breaking down shared goals into smaller tasks.
    • Approaches challenging team situations with optimism and an open mind, focusing on coming to a respectful conclusion.
    • Makes suggestions to improve team engagement and effectiveness.
    • Supports implementation of team decisions.
    • Professionally gives and seeks feedback to achieve common goals.
    • Values working in a diverse team and understands the importance of differing perspectives to develop unique solutions or ideas.
    • Motivates the team toward achieving goals and exceeding expectations.
    • Reaches out to other teams and departments to build collaborative, cross-functional relationships.
    • Creates a culture of collaboration that leverages team members' strengths, even when the team is remote or virtual.
    • Participates and encourages others to participate in initiatives that improve team engagement and effectiveness.
    • Builds consensus to make and implement team decisions, often navigating through challenging task or interpersonal obstacles.
    • Values leading a diverse team and understands the importance of differing perspectives to develop unique solutions or ideas.
    • Creates a culture of collaboration among teams, departments, external business partners, and all employee levels.
    • Breaks down silos to achieve inter-departmental collaboration.
    • Demonstrates ownership and accountability for team/department/ organizational outcomes.
    • Uses an inclusive and consultative approach in setting team goals and objectives and making team decisions.
    • Coaches others on how to identify and proactively mitigate potential points of team conflict.
    • Recognizes and rewards teamwork throughout the organization.
    • Provides the tools and resources necessary for teams to succeed.
    • Values diverse teams and understands the importance of differing perspectives to develop unique solutions or ideas.

    Comfort with ambiguity

    Ability to handle ambiguity is a key factor in Agile success.

    • Implies the ability to maintain a level of effectiveness when all information is not present.
    • Able to confidently act when presented with a problem without all information present.
    • Risk and uncertainty can comfortably be handled.
    • As a result, can easily adapt and embrace change.
    • People comfortable with ambiguity demonstrate effective problem-solving skills.

    Relative importance of traits found in Agile teams

    1. Handles ambiguity
    2. Agreeable
    3. Conscientious

    Comfort with ambiguity

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Requires most information to be present before carrying out required activities.
    • Can operate with some information missing.
    • Comfortable asking people within their known circles for help.
    • Significant time is taken to reveal small pieces of information.
    • More adept at operating with information missing.
    • Willing to reach out to people outside of their regular circles for assistance and clarification.
    • Able to apply primary and secondary research methods to fill in the missing pieces.
    • Can operate essentially with a statement and a blank page.
    • Able to build a plan, drive others and themselves to obtain the right information to solve the problem.
    • Able to optimize only pulling what is necessary to answer the desired question and achieve the desired outcome.

    Communication

    Even though many organizations recognize its importance, communication is one of the root causes of project failure.

    Project success vs Communication effectiveness. Effective communications is associated with a 17% increase in finishing projects within budget.

    56%

    56% of the resources spent on a project are at risk due to ineffective communications.

    PMI, 2013.

    29%

    In 29% of projects started in the past 12 months, poor communication was identified as being one of the primary causes of failure.

    PMI, 2013.

    Why are communication skills important to the Agile team?

    It’s not about the volume, it’s about the method.

    • Effectively and appropriately interacts with others to build relationships and share ideas and information.
    • Uses tact and diplomacy to navigate difficult situations.
    • Relays key messages by creating a compelling story, targeted toward specific audiences.

    Communication effectiveness, Activity and Effort required.

    Adapted From: Agile Modeling

    Communication

    Your Score:____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Actively listens, learns through observation, and uses clear and precise language.
    • Possesses an open and approachable demeanor, with a positive and constructive tone.
    • Demonstrates interest in the thoughts and feelings of others.
    • Considers potential responses of others before speaking or acting.
    • Checks own understanding of others’ communication by repeating or paraphrasing.
    • Demonstrates self-control in stressful situations.
    • Provides clear, concise information to others via verbal or written communication.
    • Seeks to understand others' points of view, looking at verbal and non-verbal cues to encourage open and honest discussions.
    • Invites and encourages others to participate in discussions.
    • Projects a sincere and genuine tone.
    • Remains calm when dealing with others who are upset or angry.
    • Provides and seeks support to improve communication.
    • Does not jump to conclusions or act on assumptions.
    • Tailors messages to meet the different needs of different audiences.
    • Accurately interprets responses of others to their words and actions.
    • Provides feedback effectively and with empathy.
    • Is a role model for others on how to effectively communicate.
    • Ensures effective communication takes place at the departmental level.
    • Engages stakeholders using appropriate communication methods to achieve desired outcomes.
    • Creates opportunities and forums for discussion and idea sharing.
    • Demonstrates understanding of the feelings, motivations, and perspectives of others, while adapting communications to anticipated reactions.
    • Shares insights about their own strengths, weaknesses, successes, ad failures to show empathy and help others relate.
    • Discusses contentious issues without getting defensive and maintains a professional tone.
    • Coaches others on how to communicate effectively and craft targeted messages.
    • Sets and exemplifies standards for respectful and effective communications in the organization.
    • Comfortably delivers strategic messages supporting their function and the organization at the enterprise level.
    • Communicates with senior-level executives on complex organizational issues.
    • Promotes inter-departmental communication and transparency.
    • Achieves buy-in and consensus from people who share widely different views.
    • Shares complex messages in clear, understandable language.
    • Accurately interprets how they are perceived by others.
    • Rallies employees to communicate ideas and build upon differing perspectives to drive innovation.

    Empathy

    Empathy is the ability to understand and share the feelings of another in order to better serve your team and your stakeholders. There are three kinds:

    Cognitive

    Thought, understanding, intellect

    • Knowing how someone else feels and what they might be thinking.
    • Contributes to more effective communication.

    Emotional

    Feelings, physical sensation

    • You physically feel the emotions of the other person.
    • Helps build emotional connections with others.

    Compassionate

    Intellect, emotion with action

    • Along with understanding, you take action to help.

    How is empathy an Agile skill?

    Empathy enables you to serve your team, your customers, and your organization

    Serving the team

    • Primary types: Emotional and compassionate empathy.
    • The team is accountable for delivery.
    • By being able to empathize with the person you are talking to, complex issues can be addressed.
    • A lack of empathy leads to a lack of collaboration and being able to go forward on a common path.

    Serving your customers and stakeholders

    • Primary type: Cognitive empathy.
    • Agile enables the delivery of the right value at the right time to your stakeholders
    • Translating your stakeholders' needs requires an understanding of who they are as people. This is done through observations, interviews and conversations.
    • Leveraging empathy maps and user-story writing is an effective tool.

    Empathy

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Knowing how someone else feels and what they might be thinking.
    • Ability to build emotional connections with others.
    • Able to harness emotional connections to achieve tangible and experiential outcomes.
    • Demonstrates an awareness of different feelings and ways of thinking by both internal and external stakeholders.
    • Limited ability to make social connections with others outside of the immediate team.
    • Able to connect with similarly minded people to improve customer/stakeholder satisfaction. (Insights into action)
    • Able to interact and understand others with vastly different views.
    • Lack of agreement does not stop individual. from asking questions, understanding, and pushing the conversation forward

    Facilitation

    It’s not just your manager’s problem.

    “Facilitation is the skill of moderating discussions within a group in order to enable all participants to effectively articulate their views on a topic under discussion, and to ensure that participants in the discussion are able to recognize and appreciate the differing points of view that are articulated.” (IIBA, 2015)

    • Drives action through influence, often without authority.
    • Leads and impacts others' thinking, decisions, or behavior through inclusive practices and relationship building.
    • Encourages others to self-organize and hold themselves accountable.
    • Identifies blockers and constructively removes barriers to progress.

    Facilitation

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Drives action through influence, often without authority.
    • Leads and impacts others' thinking, decisions, or behavior through inclusive practices and relationship building.
    • Encourages others to self-organize and hold themselves accountable.
    • Identifies blockers and constructively removes barriers to progress.
    • Maps and executes processes effectively.
    • Uses facts and concrete examples to demonstrate a point and gain support from others.
    • Openly listens to the perspectives of others.
    • Builds relationships through honest and consistent behavior.
    • Understands the impact of their own actions and how others will perceive it.
    • Identifies impediments to progress.
    • Anticipates the effect of one's approach on the emotions and sensitivities of others.
    • Practices active listening while demonstrating positivity and openness.
    • Customizes discussion and presentations to include "what’s in it for me" for the audience.
    • Presents compelling information to emphasize the value of an idea.
    • Involves others in refining ideas or making decisions in order to drive buy-in and action.
    • Knows how to appropriately use influence to achieve outcomes without formal authority.
    • Seeks ways and the help of others to address barriers or blockers to progress.
    • Leverages a planned approach to influencing others by identifying stakeholder interests, common goals, and potential barriers.
    • Builds upon successes to gain acceptance for new ideas.
    • Facilitates connections between members of their network for the benefit of the organization or others.
    • Demonstrates the ability to draw on trusting relationships to garner support for ideas and action.
    • Encourages a culture that allows space for influence to drive action.
    • Adept at appropriately leveraging influence to achieve business unit outcomes.
    • Actively manages the removal of barriers and blockers for teams.

    Functional decomposition

    It’s not just a process, it’s a skill.

    “Functional decomposition helps manage complexity and reduce uncertainty by breaking down processes, systems, functional areas, or deliverables into their simpler constituent parts and allowing each part to be analyzed independently."

    (IIBA, 2015)

    Being able to break down requirements into constituent consumable items (example: epics and user stories).

    Start: Strategic Initiatives. 1: Epics. 2: Capabilities. 3: Features. End: Stories.

    Use artifact mapping to improve functional decomposition

    In our research, we refer to these items as epics, capabilities, features, and user stories. How you develop your guiding principles and structure your backlog should be based on the terminology and artifact types commonly used in your organization.

    Agile, Waterfall, Relationship, Decomposition skill most in demand, definition.

    Functional Decomposition

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Able to decompose items with assistance from other team members.
    • Able to decompose items independently, ensuring alignment with business value.
    • Able to decompose items independently and actively seeks out collaboration opportunities with relevant SME's during and after the refinement process to ensure completion.
    • Able to decompose items at a variety of granularity levels.
    • Able to teach and lead others in their decomposition efforts.
    • Able to quickly operate at different levels of the requirements stack.

    Initiative and self-organization

    A team that takes initiative can self-organize to solve critical problems.

    • "The best architectures, requirements, and designs emerge from self-organizing teams." (Agile Manifesto)
    • In a nutshell, the initiative represents the ability to anticipate challenges and act on opportunities that lead to better business outcomes.
    • Anticipates challenges and acts on opportunities that lead to better business outcomes.
    • Thinks critically and is motivated to use both specialist expertise and general knowledge.
    • Driven by the delivery of business value and better business outcomes.
    • Empowers others to act and is empowered and self-motivated.

    Initiative and self-organization

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Demonstrates awareness of an opportunity or issue which is presently occurring or is within the immediate work area.
    • Reports an opportunity or issue to the appropriate person.
    • Acts instead of waiting to be asked.
    • Willingly takes on challenges, even if they fall outside their area of expertise.
    • Is proactive in identifying issues and making recommendations to resolve them.
    • Within the scope of the work environment, takes action to improve processes or results, or to resolve problems.
    • Not deterred by obstacles.
    • Tackles challenges that require risk taking.
    • Procures the necessary resources, team and technical support to enable success.
    • Assists others to get the job done.
    • Demonstrates awareness of an opportunities or issues which are in the future or outside the immediate work area.
    • Typically exceeds the expectations of the job.
    • Learns new technology or skills outside their specialization so that they can be a more effective team member.
    • Recommends solutions to enhance results or prevent potential issues.
    • Drives implementation of new processes within the team to improve results.
    • Able to provide recommendations on plans and decisions that are strategic and future-oriented for the organization.
    • Identifies areas of high risk or of organizational level impact.
    • Able to empower significant recourses from the organization to enable success.
    • Leads long-term engagements that result in improved organizational capabilities and processes.

    Process discipline

    A common misconception is that Agile means no process and no discipline. Effective Agile teams require more adherence to the right processes to create a culture of self-improvement.

    • Refers to the focus of following the right steps for a given activity at the right time to achieve the right outcomes.
    • Focus on following the right steps for a given activity at the right time to achieve desired outcomes.
    Example: Scrum Ceremonies during a sprint (1 - 4 weeks/sprint). 1: Sprint planning, 2: Daily scrum, 3: Sprint review, 4: Sprint retrospective.

    Process discipline

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Demonstrates awareness of the key processes and steps that are needed in a given situation.
    • Limited consistency in following processes and limited understanding of the 'why' behind the processes.
    • Aware and follows through with key agile processes in a consistent manner.
    • Demonstrates not only the knowledge of processes but understands the 'why' behind their existence.
    • Aware and follows through with key agile processes in a consistent manner.
    • Demonstrates understanding of not only why specific processes exist but can suggest changes to improve efficiency, consistency, and outcomes.

    N/A -- Maximum level is '3

    Resilience

    If your team hits the wall, don’t let the wall hit them back.

    • Resilience is critical for an effective Agile transformation. A team that demonstrates resilience always exhibits:
    • Evolution over transformation – There is a recognition that changes happen over time.
    • Intensity and productivity – A race is not won by the ones who are the fastest, but by the ones who are the most consistent. Regardless of what comes up, the team can push through.
    • That organizational resistance is futile – Given that it is working on the right objectives, the team needs to demonstrate a consistency of approach and intensity regardless of what may stand in its way.
    • Refers to the behaviors, thoughts, and actions that allow a person to recover from stress and adversity.

    How resilience aligns with Agile

    A team is not “living the principles” without resilience.

    1. Purpose

      Aligns with: “Our highest priority is to satisfy the customer through early and continuous delivery of valuable software.” The vision or goals may not be clear in certain circumstances and can be difficult to relate to a single work item. Being able to intrinsically source and harness a sense of purpose becomes more important, especially as a self-organizing team.

    2. Perseverance

      Aligns with: “Agile processes harness change for the customer's competitive advantage.” Perseverance enables teams to continuously deliver at a steady pace, addressing impediments or setbacks and continuing to move forward.

    3. Composure

      Aligns with: “Agile processes promote sustainable development,” and “At regular intervals, the team reflects ... and adjusts its behavior accordingly.”
      When difficult situations arise, composure allows us to understand perspectives, empathize with customers, accept late changes, and sustain a steady pace.

    4. Self-Reliance

      Aligns with: “The best architectures, requirements, and designs emerge from self-organizing teams.” Knowing oneself, recognizing strengths, and drawing on past successes, can be a powerful aid in creating high-performing Agile teams

    5. Authenticity

      Aligns with: “At regular intervals, the team reflects … and adjusts its behavior accordingly,” and “Build projects around motivated individuals.”
      When difficult situations arise, authenticity is crucial. “For example, being able to openly disclose areas outside of your strengths in sprint planning or being able to contribute constructively toward self-organization.”

    Adapted from: Why Innovation, 2019.

    Resilience

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Easily distracted and stopped by moderately stressful and challenging situations.
    • Requires significant help from others to get back on track.
    • Not frequently able (or knows) how to ask for help
    • Handles typical stresses and challenges for the given role.
    • Able to get back on track with limited assistance.
    • Able to ask for help when they need it.
    • Quality of work unaffected by an increase in pressures and challenges.
    • Handles stresses and challenges what is deemed above and beyond their given role.
    • Able to provide advice to others on how to handle difficult and challenging situations.
    • Quality of work and outcomes is maintained and sometimes exceeded as pressure increases.
    • Team looks to this individual as being the gold standard on how to approach any given problem or situation.
    • Directly mentors others on approaches in situations regardless of the level of challenge.

    Exercise 1.2.1 Identify your primary product owner perspective

    1 hour
    1. Review each real Agile skill and determine your current proficiency.
    2. Complete your assessment in the Mature and Scale Product Owner Proficiency Assessment tool.
    3. Record the results in the Mature and Scale Product Ownership Playbook.
    4. Review the skills map to identify strengths and areas of growth.

    Accountability, Collaboration, Comfort in Ambiguity, Communication, Empathy, Facilitation, Functional Decomposition, Initiative, Process Discipline, Resilience.

    Output

    • Agile skills assessment results.

    Participants

    • Product owners
    • Product managers

    Capture in the Mature and Scale Product Owner Proficiency Assessment.

    Determine your Agile skills proficiency: Edit chart data to plot your scores or add your data points and connect the lines.

    Step 3.2

    Mature product owner capabilities

    Activities

    3.2.1 Assess your vision capability proficiency

    3.2.2 Assess your leadership capability proficiency

    3.2.3 Assess your PLM capability proficiency

    3.2.4 Identify your business value drivers and sources of value

    3.2.5 Assess your value realization capability proficiency

    Mature product owner capabilities

    This step involves the following participants:

    • Product owners
    • Product managers

    Outcomes of this step

    • Info-Tech product owner capability model proficiency assessment

    Product capabilities deliver value

    As a product owner, you are responsible for managing these facets through your capabilities and activities.

    The core product and value stream consists of: Funding - Product management and governance, Business functionality - Stakeholder and relationship management, and Technology - Product delivery.

    Info-Tech Best Practice

    It is easy to lose sight of what matters when we look at a product from a single point of view . Despite what "The Agile Manifesto" says, working software is not valuable without the knowledge and support that people need in order to adopt, use, and maintain it. If you build it, they will not come. Product owners must consider the needs of all stakeholders when designing and building products.

    Recognize product owner knowledge gaps

    Pulse survey of product owners

    Pulse survey of product owners. Graph shows large percentage of respondents have alignment to common agile definition of product owners. Yet a significant perception gap in P&L, delivery, and analytics.

    Info-Tech Insight

    1. Less than 15% of respondents identified analytics or financial management as a key component of product ownership.
    2. Assess your product owner’s capabilities and understanding to develop a maturity plan.

    Source: Pulse Survey (N=18)

    Implement the Info-Tech product owner capability model

    Unfortunately, most product owners operate with incomplete knowledge of the skills and capabilities needed to perform the role. Common gaps include focusing only on product backlogs, acting as a proxy for product decisions, and ignoring the need for key performance indicators (KPIs) and analytics in both planning and value realization.

    Product Owner capabilities: Vision, Product Lifecycle Management, Leadership, Value Realization

    Vision

    • Market Analysis
    • Business Alignment
    • Product Roadmap

    Leadership

    • Soft Skills
    • Collaboration
    • Decision Making

    Product Lifecycle Management

    • Plan
    • Build
    • Run

    Value Realization

    • KPIs
    • Financial Management
    • Business Model

    Product owner capabilities provide support

    Vision predicts impact of Value realization. Value realization provides input to vision

    Your vision informs and aligns what goals and capabilities are needed to fulfill your product or product family vision and align with enterprise goals and priorities. Each item on your roadmap should have corresponding KPIs or OKRs to know how far you moved the value needle. Value realization measures how well you met your target, as well as the impacts on your business value canvas and cost model.

    Product lifecycle management builds trust with Leadership. Leadership improves quality of Product lifecycle management.

    Your leadership skills improve collaborations and decisions when working with your stakeholders and product delivery teams. This builds trust and improves continued improvements to the entire product lifecycle. A product owner’s focus should always be on finding ways to improve value delivery.

    Product owner capabilities provide support

    Leadership enhances Vision. Vision Guides Product Lifecycle Management. Product Lifecycle Management delivers Value Realization. Leadership enhances Value Realization

    Develop product owner capabilities

    Each capability: Vision, Product lifecycle management, Value realization and Leadership has 3 components needed for successful product ownership.

    Avoid common capability gaps

    Vision

    • Focusing solely on backlog grooming (tactical only)
    • Ignoring or failing to align product roadmap to enterprise goals
    • Operational support and execution
    • Basing decisions on opinion rather than market data
    • Ignoring or missing internal and external threats to your product

    Leadership

    • Failing to include feedback from all teams who interact with your product
    • Using a command-and-control approach
    • Viewing product owner as only a delivery role
    • Acting as a proxy for stakeholder decisions
    • Avoiding tough strategic decisions in favor of easier tactical choices

    Product lifecycle management

    • Focusing on delivery and not the full product lifecycle
    • Ignoring support, operations, and technical debt
    • Failing to build knowledge management into the lifecycle
    • Underestimating delivery capacity, capabilities, or commitment
    • Assuming delivery stops at implementation

    Value realization

    • Focusing exclusively on “on time/on budget” metrics
    • Failing to measure a 360-degree end-user view of the product
    • Skipping business plans and financial models
    • Limiting financial management to project/change budgets
    • Ignoring market analysis for growth, penetration, and threats

    Capabilities: Vision

    Market Analysis

    • Customer Empathy: Identify the target users and unique value your product provides that is not currently being met. Define the size of your user base, segmentation, and potential growth.
    • Customer Journey: Define the future path and capabilities your users will respond to.
    • Competitive analysis: Complete a SWOT analysis for your end-to-end product lifecycle. Use Info-Tech’s Business SWOT Analysis Template.

    Business Alignment

    • Enterprise alignment: Align to enterprise and product family goals, strategies, and constraints.
    • Delivery and release strategy: Develop a delivery strategy to achieve value quickly and adapt to internal and external changes. Value delivery is constrained by your delivery pipeline.
    • OCM and go-to-market strategy: Create organizational change management, communications, and a user implementation approach to improve adoption and satisfaction from changes.

    Product Roadmap

    • Roadmap strategy: Determine the duration, detail, and structure of your roadmap to accurately communicate your vision.
    • Value prioritization: Define criteria used to evaluate and sequence demand items.
    • Release and capacity planning: Build your roadmap with realistic goals and milestones based on your delivery pipeline and dependencies.

    “Customers are best heard through many ears.”

    – Thomas K. Connellan, Inside the Magic Kingdom

    Vision: Market Analysis, Business Alignment, and Product Roadmap.

    Info-Tech Insight

    Data comes from many places and may still not tell the complete story.

    Build your product strategy playbook

    Complete Deliver on Your Digital Product Vision to define your Vision, Goals, Roadmap approach, and Backlog quality filters.

    Digital Product Strategy Supporting Workbook

    Supporting workbook that captures the interim results from a number of exercises that will contribute to your overall digital product vision.

    Product Backlog Item Prioritization Tool

    An optional tool to help you capture your product backlog and prioritize based on your given criteria

    Product Roadmap Tool

    An optional tool to help you build out and visualize your first roadmap.

    Your Digital Product Vision Details Strategy

    Record the results from the exercises to help you define, detail, and make real your digital product vision.

    Your product vision is your North Star

    It's ok to dream a little!

    Who is the target customer, what is the key benefit, what do they need, what is the differentiator

    Adapted from: Geoffrey Moore, 2014.

    Info-Tech Best Practice

    A product vision shouldn’t be so far out that it doesn’t feel real or so short-term that it gets bogged down in minutiae and implementation details. Finding the right balance will take some trial and error and will be different for each organization.

    Use product roadmaps to guide delivery

    In Deliver on Your Digital Product Vision, we showed how the product roadmap is key to value realization. As a product owner, the product roadmap is your communicated path to align teams and changes to your defined goals, while aligning your product to enterprise goals and strategy.

    As a product owner, the product roadmap is your communicated path to align teams and changes to your defined goals, while aligning your product to enterprise goals and strategy

    Info-Tech Best Practice

    Info-Tech Best Practice Product delivery requires a comprehensive set of business and technical competencies to effectively roadmap, plan, deliver, support, and validate your product portfolio. Product delivery is a “multi-faceted, complex discipline that can be difficult to grasp and hard to master.” It will take time to learn and adopt methods and become a competent product manager or owner (“What Is Product Management?”, Pichler Consulting Limited).

    Match your roadmap and backlog to the needs of the product

    Ultimately, you want products to be able to respond faster to changes and deliver value sooner. The level of detail in the roadmap and backlog is a tool to help the product owner plan for change. The duration of your product roadmap is all directly related to the tier of product owner in the product family.

    The level of detail in the roadmap and backlog is a tool to help the product owner plan for change. The duration of your product roadmap is all directly related to the tier of product owner in the product family.

    Product delivery realizes value for your product family

    While planning and analysis are done at the family level, work and delivery are done at the individual product level.

    Product strategy includes: Vision, Goals, Roadmap, backlog and Release plan.

    Use artifact mapping to improve functional decomposition

    In our research, we refer to these items as epics, capabilities, features, and user stories. How you develop your guiding principles and structure your backlog should be based on the terminology and artifact types commonly used in your organization.

    Agile, Waterfall, Relationship, Decomposition skill most in demand, definition.

    Manage and communicate key milestones

    Successful product owners understand and define the key milestones in their product delivery lifecycles. These need to be managed along with the product backlog and roadmap.

    Define key milestones and their release dates.

    Info-Tech Best Practice

    Product ownership isn’t just about managing the product backlog and development cycles! Teams need to manage key milestones such as learning milestones, test releases, product releases, phase gates, and other organizational checkpoints!

    Milestones

    • Points in the timeline when the established set of artifacts is complete (feature-based), or checking status at a particular point in time (time-based).
    • Typically assigned a date and used to show the progress of development.
      • Plays an important role when sequencing different types of artifacts.

    Release dates

    • Releases mark the actual delivery of a set of artifacts packaged together in a new version of the product.
    • Release dates, firm or not, allow stakeholders to anticipate when this is coming.

    Leverage the product canvas to state and inform your product vision

    Leverage the product Canvas to state and inform your product vision. Includes: Product name, Tracking info, Vision, List of business objectives or goals, Metrics used to measure value realization, List of groups who consume the product/service, and List of key resources or stakeholders.

    Capability: Vision

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Product backlog.
    • Basic roadmap with milestones and releases.
    • Unprioritized stakeholder list.
    • Understanding of product’s purpose and value.
    • Customers and end-users defined with core needs identified.
    • Roadmap with goals and capabilities defined by themes and set to appropriate time horizons.
    • Documented stakeholder management plan with communication and collaboration aligned to the stakeholder strategy.
    • Value drivers traced to product families and enterprise goals.
    • Customer personas defined with pain relievers and value creators defined.
    • Fully-developed roadmap traced to family (and child) roadmaps.
    • Expected ROI for all current and next roadmap items.
    • KPIs/OKRs used to improve roadmap prioritization and sequencing.
    • Proactive stakeholder engagement and reviews.
    • Cross-functional engagement to align opportunities and drive enterprise value.
    • Formal metrics to assess customer needs and value realization.
    • Roadmaps managed in an enterprise system for full traceability, value realization reporting, and views for defined audiences.
    • Proactive stakeholder engagement with regular planning and review ceremonies tied to their roadmaps and goals.
    • Cross-functional innovation to find disruptive opportunities to drive enterprise value.
    • Omni-channel metrics and customer feedback mechanisms to proactively evaluate goals, capabilities, and value realization.

    Exercise 3.2.1 Assess your Vision capability proficiency

    1 hour
    1. Review the expectations for this capability and determine your current proficiency for each skill.
    2. Complete your assessment in the Mature and Scale Product Owner Proficiency Assessment tool.
    3. Record the results in the Mature and Scale Product Ownership Playbook.
    4. Review the skills map to identify strengths and areas of growth.

    Output

    • Product owner capability assessment

    Participants

    • Product owners
    • Product managers

    Capture in the Mature and Scale Product Owner Proficiency Assessment.

    Capabilities: Leadership

    Soft Skills

    • Communication: Maintain consistent, concise, and appropriate communication using SMART guidelines (specific, measurable, attainable, relevant, and timely).
    • Integrity: Stick to your values, principles, and decision criteria for the product to build and maintain trust with your users and teams.
    • Influence: Manage stakeholders using influence and collaboration over contract negotiation.

    Collaboration

    • Stakeholder management: Build a communications strategy for each stakeholder group, tailored to individual stakeholders.
    • Relationship management: Use every interaction point to strengthen relationships, build trust, and empower teams.
    • Team development: Promote development through stretch goals and controlled risks to build team capabilities and performance.

    Decision Making

    • Prioritized criteria: Remove personal bias by basing decisions off data analysis and criteria.
    • Continuous improvement: Balance new features with the need to ensure quality and create an environment of continuous improvement.
    • Team empowerment/negotiation: Push decisions to teams closest to the problem and solution, using Delegation Poker to guide you.

    “Everything walks the walk. Everything talks the talk.”

    – Thomas K. Connellan, Inside the Magic Kingdom

    Leadership: Soft skills, collaboration, decision making.

    Info-Tech Insight

    Product owners cannot be just a proxy for stakeholder decisions. The product owner owns product decisions and management of all stakeholders.

    Capability: Leadership

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Activities are prioritized with minimal direction and/or assistance.
    • Progress self-monitoring against objectives with leadership apprised of deviations against plan.
    • Facilitated decisions from stakeholders or teams.
    • Informal feedback on performance and collaboration with teams.
    • Independently prioritized activities and provide direction or assistance to others as needed.
    • Managed issue resolution and provided guidance on goals, priorities, and constraints.
    • Product decision ownership with input from stakeholders, SMEs, and delivery teams.
    • Formal product management retrospectives with tracked and measured changes to improve performance.
    • Consulted in the most challenging situations to provide subject matter expertise on leading practices and industry standards.
    • Provide mentoring and coaching to your peers and/or teammates.
    • Use team empowerment, pushing decisions to the lowest appropriate level based on risk and complexity.
    • Mature and flexible communication.
    • Provide strategies and programs ensuring all individuals in the delivery organization obtain the level of coaching and supervision required for success in their position.
    • Provide leadership to the organization’s coaches ensuring delivery excellence across the organization.
    • Help develop strategic initiatives driving common approaches and utilizing information assets and processes across the enterprise.

    Exercise 3.2.2 Assess your Leadership capability proficiency

    1 hour
    1. Review the expectations for this capability and determine your current proficiency for each skill.
    2. Complete your assessment in the Mature and Scale Product Owner Proficiency Assessment tool.
    3. Record the results in the Mature and Scale Product Ownership Playbook.
    4. Review the skills map to identify strengths and areas of growth.

    Output

    • Product owner capability assessment

    Participants

    • Product owners
    • Product managers

    Capture in the Mature and Scale Product Owner Proficiency Assessment.

    Capability: Product lifecycle management

    Plan

    • Product backlog: Follow a schedule for backlog intake, grooming, updates, and prioritization.
    • Journey map: Create an end-user journey map to guide adoption and loyalty.
    • Fit for purpose: Define expected value and intended use to ensure product meets your end user’s needs.

    Build

    • Capacity management: Work with operations and delivery teams to ensure consistent and stable outcomes.
    • Release strategy: Build learning, release, and critical milestones into a repeatable release plan.
    • Compliance: Build policy compliance into delivery practices to ensure alignment and reduce avoidable risk (privacy, security).

    Run

    • Adoption: Focus attention on end-user adoption and proficiency to accelerate value and maximize retention.
    • Support: Build operational support and business continuity into every team.
    • Measure: Measure KPIs and validate expected value to ensure product alignment to goals and consistent product quality.

    “Pay fantastic attention to detail. Reward, recognize, celebrate.”

    – Thomas K. Connellan, Inside the Magic Kingdom

    Product Lifecycle Management: Plan, Build, Run

    Info-Tech Insight

    Product owners must actively manage the full lifecycle of the product.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    A backlog stores and organizes PBIs at various stages of readiness

    A backlog stores and organizes PBIs at different levels of readiness. Stage 3 - Ideas are composed of raw, vague ideas that have yet to go through any formal valuation. Stage 2 - Qualified are researched and qualified PBIs awaiting refinement. Stage 1 - Ready are Discrete, refined RBIs that are read to be placed in your development team's sprint plans.

    A well-formed backlog can be thought of as a DEEP backlog:

    Detailed Appropriately: PBIs are broken down and refined, as necessary.

    Emergent: The backlog grows and evolves over time as PBIs are added and removed.

    Estimated: The effort a PBI requires is estimated at each tier.

    Prioritized: The PBI’s value and priority are determined at each tier.

    (Perforce, 2018)

    Distinguish your specific goals for refining in the product backlog vs. planning for a sprint itself

    Often backlog refinement is used interchangeably or considered a part of sprint planning. The reality is they are very similar, as the required participants and objectives are the same; however, there are some key differences.

    Backlog refinement versus Sprint planning. Differences in Objectives, Cadence and Participants

    Use quality filters to promote high value items into the delivery pipeline

    Product backlog has quality filters such as: Backlogged, Qualified and Ready. Sprint backlog has a backlog of accepted PBI's

    Basic scrum process

    The scrum process coordinates multiple stakeholders to deliver on business priorities.

    Prioritized Backlog, Sprint Backlog, Manage Delivery, Sprint Review, Product Release

    Capability: Product lifecycle management

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Informal or undocumented intake process.
    • Informal or undocumented delivery lifecycle.
    • Unstable or unpredictable throughput or quality.
    • Informal or undocumented testing and release processes.
    • Informal or undocumented organizational change management planning for each release.
    • Informal or undocumented compliance validation with every release.
    • Documented intake process with stakeholder prioritization of requests.
    • Consistent delivery lifecycle with stable and predictable throughput with an expected range of delivery variance.
    • Formal and documented testing and release processes.
    • Organizational change management planning for each major release.
    • Compliance validation with every major release.
    • Intake process using value drivers and prioritization criteria to sequence all items.
    • Consistent delivery lifecycle with stable and predictable throughput with little variance.
    • Risk-based and partially automated testing and release processes.
    • Organizational change management planning for all releases.
    • Automated compliance validation with every major release.
    • Intake process using enterprise value drivers and prioritization criteria to sequence all items.
    • Stable Agile DevOps with low variability and automation.
    • Risk-based automated and manual testing.
    • Multiple release channels based on risk. Automated build, validation, and rollback capabilities.
    • Cross-channel, integrated organizational change management for all releases.
    • Automated compliance validation with every change or release.

    Exercise 3.2.3 Assess your PLM capability proficiency

    1 hour
    1. Review the expectations for this capability and determine your current proficiency for each skill.
    2. Complete your assessment in the Mature and Scale Product Owner Proficiency Assessment tool.
    3. Record the results in the Mature and Scale Product Ownership Playbook.
    4. Review the skills map to identify strengths and areas of growth.

    Output

    • Product owner capability assessment

    Participants

    • Product owners
    • Product managers

    Capture in the Mature and Scale Product Owner Proficiency Assessment.

    Capabilities: Value realization

    Key performance indicators (KPIs)

    • Usability and user satisfaction: Assess satisfaction through usage monitoring and end-user feedback.
    • Value validation: Directly measure performance against defined value proposition, goals, and predicted ROI.
    • Fit for purpose: Verify the product addresses the intended purpose better than other options.

    Financial management

    • P&L: Manage each product as if it were its own business with profit and loss statements.
    • Acquisition cost/market growth: Define the cost of acquiring a new consumer, onboarding internal users, and increasing product usage.
    • User retention/market share: Verify product usage continues after adoption and solution reaches new user groups to increase value.

    Business model

    • Defines value proposition: Dedicate your primary focus to understanding and defining the value your product will deliver.
    • Market strategy and goals: Define your acquisition, adoption, and retention plan for users.
    • Financial model: Build an end-to-end financial model and plan for the product and all related operational support.

    “The competition is anyone the customer compares you with.”

    – Thomas K. Connellan, Inside the Magic Kingdom

    Value Realization: KPIs, Financial management, Business model

    Info-Tech Insight

    Most organizations stop with on-time and on-budget. True financial alignment needs to define and manage the full lifecycle P&L.

    Use a balanced value to establish a common definition of goals and value

    Value drivers are strategic priorities aligned to our enterprise strategy and translated through our product families. Each product and change has an impact on the value driver helping us reach our enterprise goals.

    Importance of the value driver multiplied by the Impact of value score is equal to the Value score.

    Info-Tech Insight

    Your value drivers and impact helps estimate the expected value of roadmap items, prioritize roadmap and backlog items, and identify KPIs and OKRs to measure value realization and actual impact.

    Include balanced value as one criteria to guide better decisions

    Your balanced value is just one of many criteria needed to align your product goals and sequence roadmap items. Feasibility, delivery pipeline capacity, shared services, and other factors may impact the prioritization of backlog items.

    Build your balanced business value score by using four key value drivers.

    Determine your value drivers

    Competent organizations know that value cannot always be represented by revenue or reduced expenses. However, it is not always apparent how to envision the full spectrum of sources of value. Dissecting value by benefit type and the value source’s orientation allows you to see the many ways in which a product or service brings value to the organization.

    Business value matrix

    Graph with 4 quadrants representing Outward versus Inward, and Financial benefit versus Human benefit. The quadrants are Reach customers, Increase revenue/demonstrate value, Enhance services, Reduce costs.

    Financial benefits vs. improved capabilities

    Financial benefits refer to the degree to which the value source can be measured through monetary metrics and is often quite tangible.

    Human benefits refer to how a product or service can deliver value through a user’s experience.

    Inward vs. outward orientation

    Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.

    Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Exercise 3.2.4 Identify your business value drivers and sources of value

    1 hour
    1. Brainstorm the different types of business value that you produce on the sticky notes (one item per page). Draw from examples of products in your portfolio.
    2. Identify the most important value items for your organization (two to three per quadrant).
    3. Record the results in the Mature and Scale Product Ownership Workbook.

    Output

    • Product owner capability assessment

    Participants

    • Product owners
    • Product managers

    Capture in the Mature and Scale Product Ownership Workbook.

    My business value sources

    Graph with 4 quadrants representing Outward versus Inward, and Financial benefit versus Human benefit. The quadrants are Reach customers, Increase revenue/demonstrate value, Enhance services, Reduce costs.

    Capability: Value realization

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Product canvas or basic product positioning overview.
    • Simple budget or funding mechanism for changes.
    • Product demos and informal user feedback mechanisms.
    • Business value canvas or basic business model tied to roadmap funding.
    • Product funding tied to roadmap milestones and prioritization.
    • Defined KPIs /OKRs for roadmap delivery throughput and value realization measurement.
    • Business model with operating cost structures, revenue/value traceability, and market/user segments.
    • Scenario-based roadmap funding alignment.
    • Roadmap aligned KPIs /OKRs for delivery throughput and value realization measurement as a key factor in roadmap prioritization.
    • Business model tied to enterprise operating costs and value realization KPIs/OKRs.
    • P&L roadmap and cost accounting tied to value metrics.
    • Roadmap aligned enterprise and scenario-based KPIs /OKRs for delivery throughput and value realization measurement as a key factor in roadmap prioritization.

    Exercise 3.2.5 Assess your value realization capability proficiency

    1 hour
    1. Review the expectations for this capability and determine your current proficiency for each skill.
    2. Complete your assessment in the Mature and Scale Product Owner Proficiency Assessment tool.
    3. Record the results in the Mature and Scale Product Ownership Playbook.
    4. Review the skills map to identify strengths and areas of growth.

    Output

    • Product owner capability assessment

    Participants

    • Product owners
    • Product managers

    Capture in the Mature and Scale Product Owner Proficiency Assessment.

    Determine your product owner capability proficiency in regards to: Vision, Leadership, Product Lifecycle, and Value Realization

    Summary of Accomplishment

    Problem solved.

    Product ownership can be one of the most difficult challenges facing delivery and operations teams. By focusing on operational grouping and alignment of goals, organizations can improve their value realization at all levels in the organization.

    The foundation for delivering and enhancing products and services is rooted in the same capability model. Traditionally, product owners have focused on only a subset of skills and capabilities needed to properly manage and grow their products. The product owner capability model is a useful tool to ensure optimal performance from product owners and assess the right level of detail for each product within the product families.

    Congratulations. You’ve completed a significant step toward higher-value products and services.

    If you would like additional support, have our analysts guide you through other phases as apart of an Info-Tech workshop

    Contact your account representative for more information

    workshops@infotech.com
    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as apart of an Info-Tech workshop

    Contact your account representative for more information
    workshops@infotech.com 1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.1 Assess your real Agile skill proficiency

    Assess your skills and capabilities against the real Agile skills inventory

    2.2.3 Prioritize your stakeholders

    Build a stakeholder management strategy.

    Research Contributors and Experts

    Emily Archer

    Lead Business Analyst,
    Enterprise Consulting, authentic digital agency

    Emily Archer is a consultant currently working with Fortune 500 clients to ensure the delivery of successful projects, products, and processes. She helps increase the business value returned for organizations’ investments in designing and implementing enterprise content hubs and content operations, custom web applications, digital marketing, and e-commerce platforms.

    David Berg

    Founder & CTO
    Strainprint Technologies Inc.

    David Berg is a product commercialization expert who has spent the last 20 years delivering product management and business development services across a broad range of industries. Early in his career, David worked with product management and engineering teams to build core network infrastructure products that secure and power the internet we benefit from today. David’s experience also includes working with clean technologies in the area of clean power generation, agritech, and Internet of Things infrastructure. Over the last five years, David has been focused on his latest venture, Strainprint Technologies, a data and analytics company focused on the medical cannabis industry. Strainprint has built the largest longitudinal medical cannabis dataset in the world, with a goal to develop an understanding of treatment behavior, interactions, and chemical drivers to guide future product development.

    Research Contributors and Experts

    Kathy Borneman

    Digital Product Owner, SunTrust Bank

    Kathy Borneman is a senior product owner who helps people enjoy their jobs again by engaging others in end-to-end decision making to deliver software and operational solutions that enhance the client experience and allow people to think and act strategically.

    Charlie Campbell

    Product Owner, Merchant e-Solutions

    Charlie Campbell is an experienced problem solver with the ability to quickly dissect situations and recommend immediate actions to achieve resolution, liaise between technical and functional personnel to bridge the technology and communication gap, and work with diverse teams and resources to reach a common goal.

    Research Contributors and Experts

    Yarrow Diamond

    Sr. Director, Business Architecture
    Financial Services

    Yarrow Diamond is an experienced professional with expertise in enterprise strategy development, project portfolio management, and business process reengineering across financial services, healthcare and insurance, hospitality, and real estate environments. She has a master’s in Enterprise Architecture from Penn State University, LSSMBB, PMP, CSM, ITILv3.

    Cari J. Faanes-Blakey, CBAP, PMI-PBA

    Enterprise Business Systems Analyst,
    Vertex, Inc.

    Cari J. Faanes-Blakey has a history in software development and implementation as a Business Analyst and Project Manager for financial and taxation software vendors. Active in the International Institute of Business Analysis (IIBA), Cari participated on the writing team for the BA Body of Knowledge 3.0 and the certification exam.

    Research Contributors and Experts

    Kieran Gobey

    Senior Consultant Professional Services
    Blueprint Software Systems

    Kieran Gobey is an IT professional with 24 years of experience, focused on business, technology, and systems analysis. He has split his career between external and internal customer-facing roles, and this has resulted in a true understanding of what is required to be a Professional Services Consultant. His problem-solving skills and ability to mentor others have resulted in successful software implementations.

    Kieran’s specialties include deep system troubleshooting and analysis skills, facilitating communications to bring together participants effectively, mentoring, leadership, and organizational skills.

    Rupert Kainzbauer

    VP Product, Digital Wallets
    Paysafe Group

    Rupert Kainzbauer is an experienced senior leader with a passion for defining and delivering products that deliver real customer and commercial benefit. With a team of highly experienced and motivated product managers, he has successfully led highly complex, multi-stakeholder payments initiatives, from proposition development and solution design through to market delivery. Their domain experience is in building online payment products in high-risk and emerging markets, remittance, prepaid cards, and mobile applications.

    Research Contributors and Experts

    Saeed Khan

    Founder,
    Transformation Labs

    Saeed Khan has been working in high tech for 30 years in Canada and the US and has held several leadership roles in Product Management in that time. He speaks regularly at conferences and has been writing publicly about technology product management since 2005.

    Through Transformation Labs, Saeed helps companies accelerate product success by working with product teams to improve their skills, practices, and processes. He is a cofounder of ProductCamp Toronto and currently runs a Meetup group and global Slack community called Product Leaders; the only global community of senior level product executives.

    Hoi Kun Lo

    Product Owner
    Nielsen

    Hoi Kun Lo is an experienced change agent who can be found actively participating within the IIBA and WITI groups in Tampa, FL and a champion for Agile, architecture, diversity, and inclusion programs at Nielsen. She is currently a Product Owner in the Digital Strategy team within Nielsen Global Watch Technology.

    Research Contributors and Experts

    Abhishek Mathur

    Sr Director, Product Management
    Kasisto, Inc.

    Abhishek Mathur is a product management leader, an artificial intelligence practitioner, and an educator. He has led product management and engineering teams at Clarifai, IBM, and Kasisto to build a variety of artificial intelligence applications within the space of computer vision, natural language processing, and recommendation systems. Abhishek enjoys having deep conversations about the future of technology and helping aspiring product managers enter and accelerate their careers.

    Jeff Meister

    Technology Advisor and Product Leader

    Jeff Meister is a technology advisor and product leader. He has more than 20 years of experience building and operating software products and the teams that build them. He has built products across a wide range of industries and has built and led large engineering, design, and product organizations.

    Jeff most recently served as Senior Director of Product Management at Avanade, where he built and led the product management practice. This involved hiring and leading product managers, defining product management processes, solution shaping and engagement execution, and evangelizing the discipline through pitches, presentations, and speaking engagements.

    Jeff holds a Bachelor of Applied Science (Electrical Engineering) and a Bachelor of Arts from the University of Waterloo, an MBA from INSEAD (Strategy), and certifications in product management, project management, and design thinking.

    Research Contributors and Experts

    Vincent Mirabelli

    Principal,
    Global Project Synergy Group

    With over 10 years of experience in both the private and public sectors, Vincent Mirabelli possesses an impressive track record of improving, informing, and transforming business strategy and operations through process improvement, design and re-engineering, and the application of quality to business analysis, project management, and process improvement standards.

    Oz Nazili

    VP, Product & Growth
    TWG

    Oz Nazili is a product leader with a decade of experience in both building products and product teams. Having spent time at funded startups and large enterprises, he thinks often about the most effective way to deliver value to users. His core areas of interest include Lean MVP development and data-driven product growth.

    Research Contributors and Experts

    Mike Starkey

    Director of Engineering
    W.W. Grainger

    Mike Starkey is a Director of Engineering at W.W. Grainger, currently focusing on operating model development, digital architecture, and building enterprise software. Prior to joining W.W. Grainger, Mike held a variety of technology consulting roles throughout the system delivery lifecycle spanning multiple industries such as healthcare, retail, manufacturing, and utilities with Fortune 500 companies.

    Anant Tailor

    Cofounder and Head of Product
    Dream Payments Corp.

    Anant Tailor is a cofounder at Dream Payments where he currently serves as the COO and Head of Product, having responsibility for Product Strategy & Development, Client Delivery, Compliance, and Operations. He has 20+ years of experience building and operating organizations that deliver software products and solutions for consumers and businesses of varying sizes.

    Prior to founding Dream Payments, Anant was the COO and Director of Client Services at DonRiver Inc, a technology strategy and software consultancy that he helped to build and scale into a global company with 100+ employees operating in seven countries.

    Anant is a Professional Engineer with a Bachelor degree in Electrical Engineering from McMaster University and a certificate in Product Strategy & Management from the Kellogg School of Management at Northwestern University.

    Research Contributors and Experts

    Angela Weller

    Scrum Master, Businessolver

    Angela Weller is an experienced Agile business analyst who collaborates with key stakeholders to attain their goals and contributes to the achievement of the company’s strategic objectives to ensure a competitive advantage. She excels when mediating or facilitating teams.

    Related Info-Tech Research

    Product Delivery

    Deliver on Your Digital Product Vision

    Build a product vision your organization can take from strategy through execution.

    Deliver Digital Products at Scale

    Deliver value at the scale of your organization through defining enterprise product families.

    Build Your Agile Acceleration Roadmap

    Quickly assess the state of your Agile readiness and plan your path forward to higher value realization.

    Implement Agile Practices That Work

    Improve collaboration and transparency with the business to minimize project failure.

    Implement DevOps Practices That Work

    Streamline business value delivery through the strategic adoption of DevOps practices.

    Extend Agile Practices Beyond IT

    Further the benefits of Agile by extending a scaled Agile framework to the business.

    Build Your BizDevOps Playbook

    Embrace a team sport culture built around continuous business-IT collaboration to deliver great products.

    Embed Security Into the DevOps Pipeline

    Shift security left to get into DevSecOps.

    Spread Best Practices With an Agile Center of Excellence

    Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Enable Organization-Wide Collaboration by Scaling Agile

    Execute a disciplined approach to rolling out Agile methods in the organization.

    Related Info-Tech Research

    Application Portfolio Management

    APM Research Center

    See an overview of the APM journey and how we can support the pieces in this journey.

    Application Portfolio Management Foundations

    Ensure your application portfolio delivers the best possible return on investment.

    Streamline Application Maintenance

    Effective maintenance ensures the long-term value of your applications.

    Streamline Application Management

    Move beyond maintenance to ensuring exceptional value from your apps.

    Build an Application Department Strategy

    Delivering value starts with embracing what your department can do.

    Embrace Business-Managed Applications

    Empower the business to implement their own applications with a trusted business-IT relationship

    Optimize Applications Release Management

    Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Related Info-Tech Research

    Value, Delivery Metrics, Estimation

    Build a Value Measurement Framework

    Focus product delivery on business value–driven outcomes.

    Select and Use SDLC Metrics Effectively

    Be careful what you ask for, because you will probably get it.

    Application Portfolio Assessment: End User Feedback

    Develop data-driven insights to help you decide which applications to retire, upgrade, re-train on, or maintain to meet the demands of the business.

    Create a Holistic IT Dashboard

    Mature your IT department by measuring what matters.

    Refine Your Estimation Practices With Top-Down Allocations

    Don’t let bad estimates ruin good work.

    Estimate Software Delivery With Confidence

    Commit to achievable software releases by grounding realistic expectations.

    Reduce Time to Consensus With an Accelerated Business Case

    Expand on the financial model to give your initiative momentum.

    Optimize Project Intake, Approval, and Prioritization

    Deliver more projects by giving yourself the voice to say “no” or “not yet” to new projects.

    Enhance PPM Dashboards and Reports

    Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Related Info-Tech Research

    Organizational Design and Performance

    Redesign Your IT Organizational Structure

    Focus product delivery on business value-driven outcomes.

    Build a Strategic IT Workforce Plan

    Have the right people, in the right place, at the right time.

    Implement a New Organizational Structure

    Reorganizations are inherently disruptive. Implement your new structure with minimal pain for staff while maintaining IT performance throughout the change.

    Build an IT Employee Engagement Program

    Don’t just measure engagement, act on it

    Set Meaningful Employee Performance Measures

    Set holistic measures to inspire employee performance.

    Bibliography (Product Management)

    “12th Annual State of Agile Report.” VersionOne, 9 April 2018. Web.

    A, Karen. “20 Mental Models for Product Managers.” Product Management Insider, Medium, 2 Aug. 2018. Web.

    Adams, Paul. “Product Teams: How to Build & Structure Product Teams for Growth.” Inside Intercom, 30 Oct. 2019. Web.

    Aghina, Handscomb, Ludolph, West, and Abby Yip, “How to select and develop individuals for successful agile teams: A practical guide” McKinsey & Company 20 Dec. 2018. Web.

    Agile Alliance. “Product Owner.” Agile Alliance. n.d. Web.

    Ambler, Scott W. "Communication on Agile Software Teams“, Agile Modeling. 2001-2022. Web.

    Ambysoft. “2018 IT Project Success Rates Survey Results.” Ambysoft. 2018. Web.

    Banfield, Richard, et al. “On-Demand Webinar: Strategies for Scaling Your (Growing) Enterprise Product Team.” Pluralsight, 31 Jan. 2018. Web.

    Beck, Beedle, van Bennekum, Cockburn, Cunningham, Fowler, Grenning, Highsmith, Hunt, Jeffries, Kern, Marick, Martin, Mellor, Schwaber, Sutherland, Thomas, "Manifesto for Agile Software Development." agilemanifesto.org. 2001

    Berez, Steve, et al. “How to Plan and budget for Agile at Scale.” Bain & Company, 08 Oct 2019. Web

    Blueprint. “10 Ways Requirements Can Sabotage Your Projects Right From the Start.” Blueprint. 2012. Web.

    Breddels, Dajo, and Paul Kuijten. “Product Owner Value Game.” Agile2015 Conference, Agile Alliance 2015. Web.

    Cagan, Martin. “Behind Every Great Product.” Silicon Valley Product Group. 2005. Web.

    Cohn, Mike. “What Is a Product?” Mountain Goat Software. 6 Sept. 2016. Web.

    Connellan, Thomas K. Inside the Magic Kingdom, Bard Press, 1997.

    Curphey, Mark. “Product Definition.” SlideShare, 25 Feb. 2007. Web.

    “Delegation Poker Product Image.” Management 3.0, n.d. Web.

    Distel, Dominic, et al. “Finding the sweet spot in product-portfolio management.’ McKinsey, 4 Dec. 2020. Web

    Eringa, Ron. “Evolution of the Product Owner.” RonEringa.com, 12 June 2016. Web.

    Fernandes, Thaisa. “Spotify Squad Framework - Part I.” PM101, Medium, 6 Mar. 2017. Web.

    Galen, Robert. “Measuring Product Ownership – What Does ‘Good’ Look Like?” RGalen Consulting, 5 Aug. 2015. Web.

    Grenny, Joseph. “The Best Teams Hold Themselves Accountable.” Harvard Business Review, 30 May 2014. Web.

    Halisky, Merland, and Luke Lackrone. “The Product Owner’s Universe.” Agile2016 Conference, Agile Alliance, 2016. Web.

    Bibliography (Product Management)

    IIBA "A Guide to the Business Analysis Body of Knowledge® (BABOK® Guide) v3" IIBA. 15 APR 2015

    Kamer, Jurriaan. “How to Build Your Own ‘Spotify Model’.” The Ready, Medium, 9 Feb. 2018. Web.

    Kendis Team. “Exploring Key Elements of Spotify’s Agile Scaling Model.” Scaled Agile Framework, Medium, 23 Jul. 2018. Web.

    Lindstrom, Lowell. “7 Skills You Need to Be a Great Product Owner.” Scrum Alliance, n.d. Web.

    Lukassen, Chris. “The Five Belts Of The Product Owner.” Xebia.com, 20 Sept. 2016. Web.

    Mankins, Michael. “The Defining Elements of a Winning Culture.” Bain, 19 Dec. 2013. Web.

    McCloskey, Heather. “Scaling Product Management: Secrets to Defeating Common Challenges.” ProductPlan, 12 July 2019. Web.

    McCloskey, Heather. “When and How to Scale Your Product Team.” UserVoice, 21 Feb. 2017. Web. Mironov, Rich. “Scaling Up Product Manager/Owner Teams.” Rich Mironov's Product Bytes, Mironov Consulting, 12 Apr. 2014. Web.

    Moore, Geoffrey A. “Crossing the Chasm, 3rd Edition.” Collins Business Essentials, 28 Jan 2014

    Oh, Paul. “How Mastering Resilience Can Help Drive Agile Transformations.” Why Innovation!, 10 Oct. 2019.

    Overeem, Barry. “A Product Owner Self-Assessment.” Barry Overeem, 6 Mar. 2017. Web.

    Overeem, Barry. “Retrospective: Using the Team Radar.” Barry Overeem, 27 Feb. 2017. Web.

    Pichler, Roman. “How to Scale the Scrum Product Owner.” Roman Pichler, 28 June 2016 . Web.

    Pichler, Roman. “Product Management Framework.” Pichler Consulting Limited, 2014. Web.

    Pichler, Roman. “Sprint Planning Tips for Product Owners.” LinkedIn, 4 Sept. 2018. Web.

    Pichler, Roman. “What Is Product Management?” Pichler Consulting Limited, 26 Nov. 2014. Web.

    PMI "The high cost of low performance: the essential role of communications“. PMI Pulse of Profession, May 2013.

    Radigan,Dan. “Putting the ‘Flow' Back in Workflow With WIP Limits.” Atlassian, n.d. Web.

    Bibliography (Product Management)

    Rouse, Margaret. “Definition: product.” TechTarget, Sept. 2005. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on (Business) Value.” Scrum.org, 30 Nov. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on Agile Product Management.” Scrum.org, 28 Nov. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on Product Backlog Management.” Scrum.org, 5 Dec. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on the Product Vision.” Scrum.org, 29 Nov. 2017. Web.

    Schuurman, Robbin. “Tips for Starting Product Owners.” Scrum.org, 27 Nov. 2017. Web.

    Sharma, Rohit. “Scaling Product Teams the Structured Way.” Monetary Musings, 28 Nov. 2016. Web.

    Shirazi, Reza. “Betsy Stockdale of Seilevel: Product Managers Are Not Afraid To Be Wrong.” Austin Voice of Product, 2 Oct. 2018. Web.

    Spitz, Enid R. “The Three Kinds of Empathy: Emotional, Cognitive, Compassionate.” The Three Kinds of Empathy: Emotional, Cognitive, Compassionate. Heartmanity. Web.

    Steiner, Anne. “Start to Scale Your Product Management: Multiple Teams Working on Single Product.” Cprime, 6 Aug. 2019. Web.

    “The Qualities of Leadership: Leading Change.” Cornelius & Associates, 2016. Web.

    “The Standish Group 2015 Chaos Report.” The Standish Group. 2015. Web.

    Theus, Andre. “When Should You Scale the Product Management Team?” ProductPlan, 7 May 2019. Web.

    Tolonen, Arto. “Scaling Product Management in a Single Product Company.” Smartly.io, 26 Apr. 2018. Web.

    Ulrich, Catherine. “The 6 Types of Product Managers. Which One Do You Need?” Medium, 19 Dec. 2017. Web.

    Verwijs, Christiaan. “Retrospective: Do The Team Radar.” The Liberators, Medium, 10 Feb. 2017. Web.

    Vlaanderen, Kevin. “Towards Agile Product and Portfolio Management”. Academia.edu. 2010. Web.

    Backlog

    2009 Business Analysis Benchmark Study.” IAG Consulting, 2009. Web.

    Armel, Kate. “Data-driven Estimation, Management Lead to High Quality.” Quantitative Software Management Inc, 2015. Web.

    Bradley, Marty. “Agile Estimation Guidance.” Leading Agile, 30 Aug. 2016. Web. Feb. 2019.

    CollabNet and VersionOne. “12th Annual State of Agile Report.” VersionOne, 9 April 2018. Web.

    Craveiro, João. “Marty meets Martin: connecting the two triads of Product Management.” Product Coalition, 18 Nov. 2017. Accessed Feb. 2019.

    “Enablers.” Scaled Agile, n.d. Web.

    “Epic.” Scaled Agile, n.d. Web.

    Fischer, Christian. “Scrum Compact.” Itemis, n.d. Web. Feb. 2019.

    Hackshall, Robin. “Product Backlog Refinement.” Scrum Alliance, 9 Oct. 2014. Accessed Feb. 2019.

    Hartman, Bob. “New to agile? INVEST in good user stories.” Agile For All, 14 May 2009. Web.

    Huether, Derek. “Cheat Sheet for Product Backlog Refinement (Grooming).” Leading Agile, 2 Nov. 2013. Accessed Feb. 2019.

    Karlsson, Johan. “Backlog Grooming: Must-Know Tips for High-Value Products.” Perforce, 18 May 2018. Accessed Feb. 2019.

    Khan, Saeed. “Good Bye ‘Product Owner’, Hello ‘Backlog Manager.’” On Product Management, 27 June 2011. Accessed Feb. 2019.

    Khan, Saeed. “Let’s End the Confusion: A Product Owner is NOT a Product Manager.” On Product Management, 14 July 2017. Accessed Feb. 2019.

    Lawrence, Richard. “New Story Splitting Resource.” Agile For All. 27 Jan. 2012. Web. Feb. 2019.

    Leffingwell, Dean. “SAFe 4.0.” Scaled Agile Inc, 2017. Accessed Feb. 2019.

    Lucero, Mario. “Product Backlog – Deep Model.” Agilelucero, 8 Oct. 2014. Web.

    “PI Planning.” Scaled Agile, n.d. Web.

    Pichler, Roman. “The Product Roadmap and the Product Backlog.” Roman Pichler, 9 Sept. 2014. Accessed Feb. 2019.

    Rubin, Kenneth S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Pearson Education, 2012.

    Schuurman, Robbin. “10 Tips for Product Owners on Product Backlog Management.” Burozeven, 20 Nov. 2017. Accessed Feb. 2019.

    Srinivasan, Vibhu. “Product Backlog Management: Tips from a Seasoned Product Owner.” Agile Alliance, n.d. Accessed Feb. 2019.

    Todaro, Dave. “Splitting Epics and User Stories.” Ascendle, n.d. Accessed Feb. 2019.

    “What Characteristics Make Good Agile Acceptance Criteria?” Segue Technologies, 3 Sept. 2015. Web. Feb. 2019.

    Bibliography (Roadmap)

    Bastow, Janna. “Creating Agile Product roadmaps Everyone Understands.” ProdPad, 22 Mar. 2017. Accessed Sept. 2018.

    Bastow, Janna. “The Product Tree Game: Our Favorite Way To Prioritize Features.” ProdPad, 21 Feb. 2016. Accessed Sept. 2018.

    Chernak, Yuri. “Requirements Reuse: The State of the Practice.” 2012 IEEE International Conference, 12 June 2012, Herzliya, Israel. Web.

    Fowler, Martin. “Application Boundary.” MartinFowler.com, 11 Sept. 2003. Accessed 20 Nov. 2017.

    Harrin, Elizabeth. “Learn What a Project Milestone Is.” The Balance Careers, 10 May 2018. Accessed Sept. 2018.

    “How to create a product roadmap.” Roadmunk, n.d. Accessed Sept. 2018.

    Johnson, Steve. “How to Master the 3 Horizons of Product Strategy.” Aha!, 24 Sept. 2015. Accessed Sept. 2018.

    Johnson, Steve. “The Product Roadmap vs. the Technology Roadmap.” Aha!, 23 June 2016. Accessed Sept. 2018

    Juncal, Shaun. “How Should You Set Your Product Roadmap Timeframes?” ProductPlan, Web. Sept. 2018.

    Leffingwell, Dean. “SAFe 4.0.” Scaled Agile, 2017. Web.

    Maurya, Ash. “What is a Minimum Viable Product (MVP).” Leanstack, 12 June 2017. Accessed Sept. 2018.

    Pichler, Roman. “10 Tips for Creating an Agile Product Roadmap.” Roman Pichler, 20 July 2016. Accessed Sept. 2018.

    Pichler, Roman. Strategize: Product Strategy and Product Roadmap Practices for the Digital Age. Pichler Consulting, 2016.

    “Product Roadmap Contents: What Should You Include?” ProductPlan, n.d. Accessed 20 Nov. 2017.

    Saez, Andrea. “Why Your Roadmap Is Not a Release Plan.” ProdPad, 23 October 2015. Accessed Sept. 2018.

    Schuurman, Robbin. “Tips for Agile product roadmaps & product roadmap examples.” Scrum.org, 7 Dec. 2017. Accessed Sept. 2018.

    Bibliography (Vision and Canvas)

    Adams, Paul. “The Future Product Canvas.” Inside Intercom, 10 Jan. 2014. Web.

    “Aligning IT Funding Models to the Pace of Technology Change.” EDUCAUSE, 14 Dec. 2015. Web.

    Altman, Igor. “Metrics: Gone Bad.” OpenView, 10 Nov. 2009. Web.

    Barry, Richard. “The Product Vision Canvas – a Strategic Tool in Developing a Successful Business.” Polymorph, 2019. Web.

    “Business Canvas – Business Models & Value Propositions.” Strategyzer, 2019. Web.

    “Business Model Canvas.” Wikipedia: The Free Encyclopedia, 4 Aug. 2019. Web.

    Charak, Dinker. “Idea to Product: The Working Model.” ThoughtWorks, 13 July 2017. Web.

    Charak, Dinker. “Product Management Canvas - Product in a Snapshot.” Dinker Charak, 29 May 2017. Web.

    Chudley, James. “Practical Steps in Determining Your Product Vision (Product Tank Bristol, Oct. 2018).” LinkedIn SlideShare. Uploaded by cxpartners, 2 Nov. 2018. Web.

    Cowan, Alex. “The 20 Minute Business Plan: Business Model Canvas Made Easy.” COWAN+, 2019. Web.

    Craig, Desiree. “So You've Decided To Become A Product Manager.” Start it up, Medium, 2 June 2019. Web.

    “Create an Aha! Business Model Canvas Strategic Model.” Aha! Support, 2019. Web.

    Eick, Stephen. “Does Code Decay? Assessing the Evidence from Change Management Data.” IEEE Transactions on Software Engineering, vol. 27, no. 1, Jan. 2001, pp. 1-12. Web.

    Eriksson, Martin. “The next Product Canvas.” Mind the Product, 22 Nov. 2013. Web.

    “Experience Canvas: a Lean Approach: Atlassian Team Playbook.” Atlassian, 2019. Web.

    Freeman, James. “How to Make a Product Canvas – Visualize Your Product Plan.” Edraw, 23 Dec. 2019. Web.

    Fuchs, Danny. “Measure What Matters: 5 Best Practices from Performance Management Leaders.” OpenGov, 8 Aug. 2018. Web.

    Gorisse, Willem. “A Practical Guide to the Product Canvas.” Mendix, 28 Mar. 2017. Web.

    Gothelf, Jeff. “The Lean UX Canvas.” Jeff Gothelf, 15 Dec. 2016. Web.

    Gottesdiener, Ellen. “Using the Product Canvas to Define Your Product: Getting Started.” EBG Consulting, 15 Jan. 2019. Web.

    Gottesdiener, Ellen. “Using the Product Canvas to Define Your Product's Core Requirements.” EBG Consulting, 4 Feb. 2019. Web.

    Gray, Mark Krishan. “Should I Use the Business Model Canvas or the Lean Canvas?” Blog, Medium.com, 2019. Web.

    Bibliography (Vision and Canvas)

    Hanby, Jeff. "Software Maintenance: Understanding and Estimating Costs." LookFar, 21 Oct. 2016. Web.

    “How do you define a product?” Scrum.org, 4 Apr 2017, Web

    Juncal, Shaun. “How to Build a Product Roadmap Based on a Business Model Canvas.” ProductPlan, 19 June 2019. Web.

    “Lean Canvas Intro - Uber Example.” YouTube, uploaded by Railsware Product Academy, 12 Oct. 2018. Web.

    “Lesson 6: Product Canvas.” ProdPad Help Center, 2019. Web.

    Lucero, Mario. “The Product Canvas.” Agilelucero.com, 22 June 2015. Web.

    Maurya, Ash. “Create a New Lean Canvas.” Canvanizer, 2019. Web.

    Maurya, Ash. “Don't Write a Business Plan. Create a Lean Canvas Instead.” LEANSTACK, 2019. Web.

    Maurya, Ash. “Why Lean Canvas vs Business Model Canvas?” Medium, 27 Feb. 2012. Web.

    Mirabelli, Vincent. “The Project Value Canvas.” Vincent Mirabelli, 2019. Web.

    Mishra, LN. “Business Analysis Canvas – The Ultimate Enterprise Architecture.” BA Times, 19 June 2019. Web.

    Muller. Jerry Z. “Why performance metrics isn’t always the best way to judge performance.” Fast Company, 3 April 2019. Web.

    Perri, Melissa. “What Is Good Product Strategy?” Melissa Perri, 14 July 2016. Web.

    Pichler, Roman. “A Product Canvas for Agile Product Management, Lean UX, Lean Startup.” Roman Pichler, 16 July 2012. Web.

    Pichler, Roman. “Introducing the Product Canvas.” JAXenter, 15 Jan. 2013. Web.

    Pichler, Roman. “Roman's Product Canvas: Introduction.” YouTube, uploaded by Roman Pichler, 3 Mar. 2017. Web.

    Pichler, Roman. “The Agile Vision Board: Vision and Product Strategy.” Roman Pichler, 10 May 2011. Web.

    Pichler, Roman. “The Product Canvas – Template.” Roman Pichler, 11 Oct. 2016. Web.

    Pichler, Roman. “The Product Canvas Tutorial V1.0.” LinkedIn SlideShare. Uploaded by Roman Pichler, 14 Feb. 2013. Web.

    Pichler, Roman. “The Product Vision Board: Introduction.” YouTube uploaded by Roman Pichler, 3 Mar. 2017. Web.

    “Product Canvas PowerPoint Template.” SlideModel, 2019. Web.

    Bibliography (Vision and Canvas)

    “Product Canvas.” SketchBubble, 2019, Web.

    “Product Canvas.” YouTube, uploaded by Wojciech Szramowski, 18 May 2016. Web.

    “Product Roadmap Software to Help You Plan, Visualize, and Share Your Product Roadmap.” Productboard, 2019. Web.

    Roggero, Giulio. “Product Canvas Step-by-Step.” LinkedIn SlideShare, uploaded by Giulio Roggero, 18 May 2013. Web.

    Royce, Dr. Winston W. “Managing the Development of Large Software Systems.” Scf.usc.edu, 1970. Web.

    Ryan, Dustin. “The Product Canvas.” Qdivision, Medium, 20 June 2017. Web.

    Snow, Darryl. “Product Vision Board.” Medium, 6 May 2017. Web.

    Stanislav, Shymansky. “Lean Canvas – a Tool Your Startup Needs Instead of a Business Plan.” Railsware, 12 Oct. 2018. Web.

    Stanislav, Shymansky. “Lean Canvas Examples of Multi-Billion Startups.” Railsware, 20 Feb. 2019. Web.

    “The Product Vision Canvas.” YouTube, Uploaded by Tom Miskin, 20 May 2019. Web.

    Tranter, Leon. “Agile Metrics: the Ultimate Guide.” Extreme Uncertainty, n.d. Web.

    “Using Business Model Canvas to Launch a Technology Startup or Improve Established Operating Model.” AltexSoft, 27 July 2018. Web.

    Veyrat, Pierre. “Lean Business Model Canvas: Examples + 3 Pillars + MVP + Agile.” HEFLO BPM, 10 Mar. 2017. Web.

    “What Are Software Metrics and How Can You Track Them?” Stackify, 16 Sept. 2017. Web

    “What Is a Product Vision?” Aha!, 2019. Web.

    Supporting Research

    Transformation topics and supporting Info-Tech research to make the journey easier, with less rework.

    Supporting research and services

    Improving IT alignment

    Build a Business-Aligned IT Strategy

    Success depends on IT initiatives clearly aligned to business goals, IT excellence, and driving technology innovation.

    Includes a "Strategy on a page" template

    Make Your IT Governance Adaptable

    Governance isn't optional, so keep it simple and make it flexible.

    Create an IT View of the Service Catalog

    Unlock the full value of your service catalog with technical components.

    Application Portfolio Management Foundations

    Ensure your application portfolio delivers the best possible return on investment.

    Supporting research and services

    Shifting toward Agile DevOps

    Agile/DevOps Resource Center

    Tools and advice you need to be successful with Agile.

    Develop Your Agile Approach for a Successful Transformation

    Understand Agile fundamentals, principles, and practices so you can apply them effectively in your organization.

    Implement DevOps Practices That Work

    Streamline business value delivery through the strategic adoption of DevOps practices.

    Perform an Agile Skills Assessment

    Being Agile isn't about processes, it's about people.

    Define the Role of Project Management in Agile and Product-Centric Delivery

    Projects and products are not mutually exclusive.

    Supporting research and services

    Shifting toward product management

    Make the Case for Product Delivery

    Align your organization on the practices to deliver what matters most.

    Deliver on Your Digital Product Vision

    Build a product vision your organization can take from strategy through execution.

    Deliver Digital Products at Scale

    Deliver value at the scale of your organization through defining enterprise product families.

    Build a Better Product Owner

    Strengthen the product owner's role in your organization by focusing on core capabilities and proper alignment.

    Supporting research and services

    Improving value and delivery metrics

    Build a Value Measurement Framework

    Focus product delivery on business value-driven outcomes.

    Create a Holistic IT Dashboard

    Mature your IT department by measuring what matters.

    Select and Use SDLC Metrics Effectively

    Be careful what you ask for because you will probably get it.

    Reduce Time to Consensus With an Accelerated Business Case

    Expand on the financial model to give your initiative momentum.

    Supporting research and services

    Improving governance, prioritization, and value

    Make Your IT Governance Adaptable

    Governance isn't optional, so keep it simple and make it flexible.

    Maximize Business Value from IT Through Benefits Realization

    Embed benefits realization into your governance process to prioritize IT spending and confirm the value of IT.

    Drive Digital Transformation With Platform Strategies

    Innovate and transform your business models with digital platforms.

    Succeed With Digital Strategy Execution

    Building a digital strategy is only half the battle: create a systematic roadmap of technology initiatives to execute the strategy and drive digital transformation.

    Build a Value Measurement Framework

    Focus product delivery on business value-driven outcomes.

    Create a Holistic IT Dashboard

    Mature your IT department by measuring what matters.

    Supporting research and services

    Improving requirements management and quality assurance

    Requirements Gathering for Small Enterprises

    Right-size the guidelines of your requirements gathering process.

    Improve Requirements Gathering

    Back to basics: great products are built on great requirements.

    Build a Software Quality Assurance Program

    Build quality into every step of your SDLC.

    Automate Testing to Get More Done

    Drive software delivery throughput and quality confidence by extending your automation test coverage.

    Manage Your Technical Debt

    Make the case to manage technical debt in terms of business impact.

    Create a Business Process Management Strategy

    Avoid project failure by keeping the "B" in BPM.

    Build a Winning Business Process Automation Playbook

    Optimize and automate your business processes with a user-centric approach.

    Create a Winning BPI Playbook

    Don't waste your time focusing on the "as is." Focus on the improvements and the "to be."

    Supporting research and services

    Improving release management

    Optimize Applications Release Management

    Build trust by right-sizing your process using appropriate governance.

    Streamline Application Maintenance

    Effective maintenance ensures the long-term value of your applications.

    Streamline Application Management

    Move beyond maintenance to ensure exceptional value from your apps.

    Optimize Change Management

    Right-size your change management process.

    Manage Your Technical Debt

    Make the case to manage technical debt in terms of business impact.

    Improve Application Development Throughput

    Drive down your delivery time by eliminating development inefficiencies and bottlenecks while maintaining high quality.

    Supporting research and services

    Business relationship management

    Embed Business Relationship Management

    Leverage knowledge of the business to become a strategic IT partner.

    Improving security

    Build an Information Security Strategy

    Create value by aligning your strategy to business goals and business risks.

    Develop and Deploy Security Policies

    Enhance your overall security posture with a defensible and prescriptive policy suite.

    Simplify Identity and Access Management

    Leverage risk- and role-based access control to quantify and simplify the IAM process.

    Supporting research and services

    Improving and supporting business-managed applications

    Embrace Business-Managed Applications

    Empower the business to implement their own applications with a trusted business-IT relationship.

    Enhance Your Solution Architecture Practices

    Ensure your software systems solution is architected to reflect stakeholders’ short-and long-term needs.

    Satisfy Digital End Users With Low- and No-Code

    Extend IT, automation, and digital capabilities to the business with the right tools, good governance, and trusted organizational relationships.

    Build Your First RPA Bot

    Support RPA delivery with strong collaboration and management foundations.

    Automate Work Faster and More Easily With Robotic Process Automation

    Embrace the symbiotic relationship between the human and digital workforce.

    Supporting research and services

    Improving business intelligence, analytics, and reporting

    Modernize Data Architecture for Measurable Business Results

    Enable the business to achieve operational excellence, client intimacy, and product leadership with an innovative, Agile, and fit-for-purpose data architecture practice.

    Build a Reporting and Analytics Strategy

    Deliver actionable business insights by creating a business-aligned reporting and analytics strategy.

    Build Your Data Quality Program

    Quality data drives quality business decisions.

    Design Data-as-a-Service

    Journey to the data marketplace ecosystems.

    Build a Robust and Comprehensive Data Strategy

    Key to building and fostering a data-driven culture.

    Build an Application Integration Strategy

    Level the table before assembling the application integration puzzle or risk losing pieces.

    Appendix

    Pulse survey results

    Pulse survey (N=18): What are the key components of product/service ownership?

    Pulse survey results: What are the key components of product/service ownership? Table shows answer options and responses in percentage.

    Pulse Survey (N=18): What are the key individual skills for a product/service owner?

    What are the key individual skills for a product/service owner? Table shows answer options and responses in percentage

    Other choices entered by respondents:

    • Anticipating client needs, being able to support delivery in all phases of the product lifecycle, adaptability, and ensuring a healthy backlog (at least two sprints’ worth of work).
    • Requirements elicitation and prioritization.
    • The key skill is being product-focused to ensure it provides value for competitive advantage.

    Pulse Survey (N=18): What are three things an outstanding product/service owner does that an average one doesn’t?

    What are three things an outstanding product/service owner does that an average one doesn't? Table shows results.

    Negotiate SaaS Agreements That Are Built to Last

    • Buy Link or Shortcode: {j2store}137|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $72,298 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Internal stakeholders usually have different – and often conflicting – needs and expectations that require careful facilitation and management.
    • SaaS solutions bring forth a unique form of “switching costs” that can make a decision to migrate solutions financially, technically, and politically painful.

    Our Advice

    Critical Insight

    • Conservatively, it’s possible to save 5% of the overall IT budget through comprehensive software and SaaS contract review.
    • Focus on the terms and conditions, not just the price.
    • Learning to negotiate is crucial.

    Impact and Result

    • Take control of your SaaS contract negotiations from the beginning.
    • Look at your contract holistically to find cost savings.
    • Guide communication between vendors and your organization for the duration of contract negotiations.
    • Redline the terms and conditions of your SaaS contract.
    • Prioritize crucial terms and conditions to negotiate.

    Negotiate SaaS Agreements That Are Built to Last Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to redline and negotiate a SaaS agreement, review Info-Tech’s methodology, and understand the different ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Gather requirements

    Build and manage the stakeholder team, and then document the business use case.

    • Negotiate SaaS Agreements That Are Built to Last – Phase 1: Gather Requirements
    • RASCI Chart
    • Vendor Communication Management Plan
    • Software Business Use Case Template
    • SaaS TCO Calculator

    2. Redline contract

    Redline the proposed SaaS contract.

    • Negotiate SaaS Agreements That Are Built to Last – Phase 2: Redline Contract
    • SaaS Terms and Conditions Evaluation Tool

    3. Negotiate contract

    Create a thorough negotiation plan.

    • Negotiate SaaS Agreements That Are Built to Last – Phase 3: Negotiate Contract
    • SaaS Contract Negotiation Terms Prioritization Checklist
    • Controlled Vendor Communications Letter
    • Key Vendor Fiscal Year End Calendar
    • Contract Negotiation Tactics Playbook
    [infographic]

    Workshop: Negotiate SaaS Agreements That Are Built to Last

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Collect and Review Data

    The Purpose

    Assemble documentation.

    Key Benefits Achieved

    Understand current position before going forward.

    Activities

    1.1 Assemble existing contracts.

    1.2 Document their strategic and tactical objectives.

    1.3 Identify current status of the vendor relationship and any historical context.

    1.4 Clarify goals for ideal future state.

    Outputs

    Business Use Case.

    2 Define the Business Use Case and Build a Stakeholder Team

    The Purpose

    Define the business use case and build a stakeholder team.

    Key Benefits Achieved

    Create a business use case to document functional and non-functional requirements.

    Build an internal cross-functional stakeholder team to negotiate the contract.

    Activities

    2.1 Establish a negotiation team and define roles.

    2.2 Write a communication plan.

    2.3 Complete a business use case.

    Outputs

    RASCI Matrix

    Communications Plan

    SaaS TCO Calculator

    Business Use Case

    3 Redline the Contract

    The Purpose

    Examine terms and conditions and prioritize for negotiation.

    Key Benefits Achieved

    Discover cost savings.

    Improve agreement terms.

    Prioritize terms for negotiation.

    Activities

    3.1 Review general terms and conditions.

    3.2 Review license and application specific terms and conditions.

    3.3 Match to business and technical requirements.

    3.4 Redline the agreement.

    Outputs

    SaaS Terms and Conditions Evaluation Tool

    SaaS Contract Negotiation Terms Prioritization Checklist

    4 Build a Negotiation Strategy

    The Purpose

    Create a negotiation strategy.

    Key Benefits Achieved

    Controlled communication established.

    Negotiation tactics chosen.

    Negotiation timeline plotted.

    Activities

    4.1 Review vendor and application specific negotiation tactics.

    4.2 Build negotiation strategy.

    Outputs

    Contract Negotiation Tactics Playbook

    Controlled Vendor Communications Letter

    Key Vendor Fiscal Year End Calendar

    Adopt Generative AI in Solution Delivery

    • Buy Link or Shortcode: {j2store}146|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Delivery teams are under continuous pressure to deliver high value and quality solutions with limited capacity in complex business and technical environments. Common challenges experienced by these teams include:
      • Attracting and retaining talent
      • Maximizing the return on technology
      • Confidently shifting to digital
      • Addressing competing priorities
      • Fostering a collaborative culture
      • Creating high-throughput teams
    • Gen AI offers a unique opportunity to address many of these challenges.

    Our Advice

    Critical Insight

    • Your stakeholders' understanding of Gen AI, its value, and its application can be driven by hype and misinterpretation. This confusion can lead to unrealistic expectations and set the wrong precedent for the role Gen AI is intended to play.
    • Your SDLC is not well documented and is often executed inconsistently. An immature practice will not yield the benefits stakeholders expect.
    • The Gen AI marketplace is broad and diverse. Selecting the appropriate tools and partners is confusing and overwhelming.
    • There is a skills gap for what is needed to configure, adopt, and operate Gen AI.

    Impact and Result

    • Ground your Gen AI expectations. Set realistic and achievable goals centered on driving business value and efficiency across the entire SDLC by enabling Gen AI in key tasks and activities. Propose the SDLC as the ideal pilot for Gen AI.
    • Select the right Gen AI opportunities. Discuss how proven Gen AI capabilities can be applied to your solution delivery practice to achieve the outcomes and priorities stakeholders expect. Lessons learned sow the foundation for future Gen AI scaling.
    • Assess your Gen AI readiness in your solution delivery teams. Clarify the roles, processes, and tools needed for the implementation, use, and maintenance of Gen AI.

    Adopt Generative AI in Solution Delivery Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Adopt Generative AI in Solution Delivery Storyboard – A step-by-step guide that helps you assess whether Gen AI is right for your solution delivery practices.

    Gain an understanding of the potential opportunities that Gen AI can provide your solution delivery practices and answer the question "What should I do next?"

    • Adopt Generative AI in Solution Delivery Storyboard

    2. Gen AI Solution Delivery Readiness Assessment Tool – A tool to help you understand if your solution delivery practice is ready for Gen AI.

    Assess the readiness of your solution delivery team for Gen AI. This tool will ask several questions relating to your people, process, and technology, and recommend whether or not the team is ready to adopt Gen AI practices.

    • Gen AI Solution Delivery Readiness Assessment Tool
    [infographic]

    Further reading

    Adopt Generative AI in Solution Delivery

    Drive solution quality and team productivity with the right generative AI capabilities.

    Analyst Perspective

    Build the case for Gen AI with the right opportunities.

    Generative AI (Gen AI) presents unique opportunities to address many solution delivery challenges. Code generation can increase productivity, synthetic data generation can produce usable test data, and scanning tools can identify issues before they occur. To be successful, teams must be prepared to embrace the changes that Gen AI brings. Stakeholders must also give teams the opportunity to optimize their own processes and gauge the fit of Gen AI.

    Start small with the intent to learn. The right pilot initiative helps you learn the new technology and how it benefits your team without the headache of complex setups and lengthy training and onboarding. Look at your existing solution delivery tools to see what Gen AI capabilities are available and prioritize the use cases where Gen AI can be used out of the box.

    This is a picture of Andrew Kum-Seun

    Andrew Kum-Seun
    Research Director,
    Application Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Delivery teams are under continuous pressure to deliver high-value, high-quality solutions with limited capacity in complex business and technical environments. Common challenges experienced by these teams include:

    • Attracting and retaining talent
    • Maximizing the return on technology
    • Confidently shifting to digital
    • Addressing competing priorities
    • Fostering a collaborative culture
    • Creating high-throughput teams

    Generative AI (Gen AI) offers a unique opportunity to address many of these challenges.

    Common Obstacles

    • Your stakeholders' understanding of what is Gen AI, its value and its application, can be driven by hype and misinterpretation. This confusion can lead to unrealistic expectations and set the wrong precedent for the role Gen AI is intended to play.
    • Your solution delivery process is not well documented and is often executed inconsistently. An immature practice will not yield the benefits stakeholders expect.
    • The Gen AI marketplace is very broad and diverse. Selecting the appropriate tools and partners is confusing and overwhelming.
    • There is a skills gap for what is needed to configure, adopt, and operate Gen AI.

    Info-Tech's Approach

    • Ground your Gen AI expectations. Set realistic and achievable goals centered on driving business value and efficiency across the entire solution delivery process by enabling Gen AI in key tasks and activities. Propose this process as the ideal pilot for Gen AI.
    • Select the right Gen AI opportunities. Discuss how proven Gen AI capabilities can be applied to your solution delivery practice and achieve the outcomes and priorities stakeholders expect. Lessons learned sow the foundation for future Gen AI scaling.
    • Assess your Gen AI readiness in your solution delivery teams. Clarify the roles, processes, and tools needed for the implementation, use, and maintenance of Gen AI.

    Info-Tech Insight

    Position Gen AI as a tooling opportunity to enhance the productivity and depth of your solution delivery practice. Current Gen AI tools are unable to address the various technical and human complexities that commonly occur in solution delivery. Assess the fit of Gen AI by augmenting low-risk, out-of-the-box tools in key areas of your solution delivery process and teams.

    Insight Summary

    Overarching Info-Tech Insight

    Position Gen AI is a tooling opportunity to enhance the productivity and depth of your solution delivery practice. However, current Gen AI tools are unable to address the various technical and human complexities that commonly occur in solution delivery. Assess the fit of Gen AI by augmenting low-risk, out-of-the-box tools in key areas of your solution delivery process and teams.

    Understand and optimize first, automate with Gen AI later.
    Gen AI magnifies solution delivery inefficiencies and constraints. Adopt a user-centric perspective to understand your solution delivery teams' interactions with solution delivery tools and technologies to better replicate how they complete their tasks and overcome challenges.

    Enable before buy. Buy before build.
    Your solution delivery vendors see AI as a strategic priority in their product and service offering. Look into your existing toolset and see if you already have the capabilities. Otherwise, prioritize using off-the-shelf solutions with pre-trained Gen AI capabilities and templates.

    Innovate but don't experiment.
    Do not reinvent the wheel and lower your risk of success. Stick to the proven use cases to understand the value and fit of Gen AI tools and how your teams can transform the way they work. Use your lessons learned to discover scaling opportunities.

    Blueprint benefits

    IT benefits

    Business benefits
    • Select the Gen AI tools and capabilities that meet both the solution delivery practice and team goals, such as:
    • Improved team productivity and throughput.
    • Increased solution quality and value.
    • Greater team satisfaction.
    • Motivate stakeholder buy-in for the investment in solution delivery practice improvements.
    • Validate the fit and opportunities with Gen AI for future adoption in other IT departments.
    • Increase IT satisfaction by improving the throughput and speed of solution delivery.
    • Reduce the delivery and operational costs of enterprise products and services.
    • Use a pilot to demonstrate the fit and value of Gen AI capabilities and supporting practices across business and IT units.

    What is Gen AI?

    An image showing where Gen AI sits within the artificial intelligence. It consists of four concentric circles. They are labeled from outer-to-inner circle in the following order: Artificial Intelligence; Machine Learning; Deep Learning; Gen AI

    Generative AI (Gen AI)
    A form of ML whereby, in response to prompts, a Gen AI platform can generate new output based on the data it has been trained on. Depending on its foundational model, a Gen AI platform will provide different modalities and use case applications.

    Machine Learning (ML)
    The AI system is instructed to search for patterns in a data set and then make predictions based on that set. In this way, the system learns to provide accurate content over time. This requires a supervised intervention if the data is inaccurate. Deep learning is self-supervised and does not require intervention.

    Artificial Intelligence (AI)
    A field of computer science that focuses on building systems to imitate human behavior. Not all AI systems have learning behavior; many systems (such as customer service chatbots) operate on preset rules.

    Info-Tech Insight

    Many vendors have jumped on Gen AI as the latest marketing buzzword. When vendors claim to offer Gen AI functionality, pin down what exactly is generative about it. The solution must be able to induce new outputs from inputted data via self-supervision – not trained to produce certain outputs based on certain inputs.

    Augment your solution delivery teams with Gen AI

    Position Gen AI as a tooling opportunity to enhance the productivity and depth of your solution delivery practice. Current Gen AI tools are unable to address the various technical and human complexities that commonly occur in solution delivery; assess the fit of Gen AI by augmenting low-risk, out-of-the-box tools in key areas of your solution delivery process and teams.

    Solution Delivery Team

    Humans

    Gen AI Bots

    Product owner and decision maker
    Is accountable for the promised delivery of value to the organization.

    Business analyst and architect
    Articulates the requirements and aligns the team to the business and technical needs.

    Integrator and builder
    Implements the required solution.

    Collaborator
    Consults and supports the delivery.

    Administrator
    Performs common administrative tasks to ensure smooth running of the delivery toolchain and end-solutions.

    Designer and content creator
    Provides design and content support for common scenarios and approaches.

    Paired developer and tester
    Acts as a foil for existing developer or tester to ensure high quality output.

    System monitor and support
    Monitors and recommends remediation steps for operational issues that occur.

    Research deliverable

    This research is accompanied by a supporting deliverable to help you accomplish your goals.

    Gen AI Solution Delivery Readiness Assessment Tool

    Assess the readiness of your solution delivery team for Gen AI. This tool will ask several questions relating to your people, process, and technology, and recommend whether the team is ready to adopt Gen AI practices.

    This is a series of three screenshots from the Gen AI Solution Delivery Readiness Assessment Tool

    Step 1.1

    Set the context

    Activities

    1.1.1 Understand the challenges of your solution delivery teams.

    1.1.2 Outline the value you expect to gain from Gen AI.

    This step involves the following participants:

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Outcomes of this step

    • SWOT Analysis to help articulate the challenges facing your teams.
    • A Gen AI Canvas that will articulate the value you expect to gain.

    IT struggles to deliver solutions effectively

    • Lack of skills and resources
      Forty-six percent of respondents stated that it was very or somewhat difficult to attract, hire, and retain developers (GitLab, 2023; N=5,010).
    • Delayed software delivery
      Code development (37%), monitoring/observability (30%), deploying to non-production environments (30%), and testing (28%) were the top areas where software delivery teams or organizations encountered the most delays (GitLab, 2023, N=5,010).
    • Low solution quality and satisfaction
      Only 64% of applications were identified as effective by end users. Effective applications are identified as at least highly important and have high feature and usability satisfaction (Application Portfolio Assessment, August 2021 to July 2022; N=315).
    • Burnt out teams
      While workplace flexibility comes with many benefits, longer work hours jeopardize wellbeing. Sixty-two percent of organizations reported increased working hours, while 80% reported an increase in flexibility ("2022 HR Trends Report," McLean & Company, 2022; N=394) .

    Creating high-throughput teams is an organizational priority.

    CXOs ranked "optimize IT service delivery" as the second highest priority. "Achieve IT business" was ranked first.

    (CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568)

    1.1.1 Understand the challenges of your solution delivery teams

    1-3 hours

    1. Complete a SWOT analysis of your solution delivery team to discover areas where Gen AI can be applied.
    2. Record this information in the Gen AI Solution Delivery Readiness Assessment Tool.

    Strengths

    Internal characteristics that are favorable as they relate to solution delivery

    Weaknesses

    Internal characteristics that are unfavorable or need improvement

    Opportunities

    External characteristics that you may use to your advantage

    Threats

    External characteristics that may be potential sources of failure or risk

    Record the results in the Gen AI Solution Delivery Readiness Assessment Tool

    Output

    • SWOT analysis of current state of solution delivery practice

    Participants

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Gen AI can help solve your solution delivery challenges

    Why is software delivery an ideal pilot candidate for Gen AI?

    • Many software delivery practices are repeatable and standardized.
    • Software delivery roles that are using and implementing Gen AI are technically savvy.
    • Automation is a staple in many commonly used tools.
    • Change will likely not impact business operations.

    Improved productivity

    Gen AI jumpstarts the most laborious and mundane parts of software delivery. Delivery teams saved 22 hours (avg) per software use case when using AI in 2022, compared to last year when AI was not used ("Generative AI Speeds Up Software Development," PRNewswire, 2023).

    Fungible resources

    Teams are transferrable across different frameworks, platforms, and products. Gen AI provides the structure and guidance needed to work across a wider range of projects ("Game changer: The startling power generative AI is bringing to software development," KPMG, 2023).

    Improved solution quality

    Solution delivery artifacts (e.g. code) are automatically scanned to quickly identify bugs and defects based on recent activities and trends and validate against current system performance and capacity.

    Business empowerment

    AI enhances the application functionalities workers can build with low- and no-code platforms. In fact, "AI high performers are 1.6 times more likely than other organizations to engage non-technical employees in creating AI applications" ("The state of AI in 2022 — and a half decade in review." McKinsey, 2022, N=1,492).

    However, various fears, uncertainties, and doubts challenge Gen AI adoption

    Black Box

    Little transparency is provided on the tool's rationale behind content creation, decision making, and the use and storage of training data, creating risks for legal, security, intellectual property, and other areas.

    Role Replacement

    Some workers have job security concerns despite Gen AI being bound to their rule-based logic framework, the quality of their training data, and patterns of consistent behavior.

    Skills Gaps

    Teams need to gain expertise in AI/ML techniques, training data preparation, and continuous tooling improvements to support effective Gen AI adoption across the delivery practice and ensure reliable operations.

    Data Inaccuracy

    Significant good quality data is needed to build trust in the applicability and reliability of Gen AI recommendations and outputs. Teams must be able to combine Gen AI insights with human judgment to generate the right outcome.

    Slow Delivery of AI Solution

    Timelines are sensitive to organizational maturity, experience with Gen AI, and investments in good data management practices. 65% of organizations said it took more than three months to deploy an enterprise-ready AIOps solution (OpsRamp, 2022).

    Define the value you want Gen AI to deliver

    Well-optimized Gen AI instills stakeholder confidence in ongoing business value delivery and ensures stakeholder buy-in, provided proper expectations are set and met. However, business value is not interpreted or prioritized the same across the organization. Come to a common business value definition to drive change in the right direction by balancing the needs of the individual, team, and organization.

    Business value cannot always be represented by revenue or reduced expenses. Dissecting value by the benefit type and the value source's orientation allows you to see the many ways in which Gen AI brings value to the organization.

    Financial benefits vs. intrinsic needs

    • Financial benefits refers to the degree to which the value source can be measured through monetary metrics, such as revenue generation and cost saving.
    • Intrinsic needs refers to how a product, service, or business capability enhanced with Gen AI meets functional, user experience, and existential needs.

    Inward vs. outward orientation

    • Inward refers to value sources that are internally impacted by Gen AI and improve your employees' and teams' effectiveness in performing their responsibilities.
    • Outward refers to value sources that come from your interaction with external stakeholders and customers and were improved from using Gen AI.

    See our Build a Value Measurement Framework blueprint for more information about business value definition.

    An image of the Business Value Matrix for Gen AI

    Measure success with the right metrics

    Establishing and monitoring metrics are powerful ways to drive behavior and strategic changes in your organization. Determine the right measures that demonstrate the value of your Gen AI implementation by aligning them with your Gen AI objectives, business value drivers, and non-functional requirements.

    Select metrics with different views

    1. Solution delivery practice effectiveness
      The ability of your practice to deliver, support, and operate solutions with Gen AI
      Examples: Solution quality and throughput, delivery and operational costs, number of defects and issues, and system quality
    2. Solution quality and value
      The outcome of your solutions delivered with Gen AI tools
      Examples: Time and money saved, utilization of products and services, speed of process execution, number of errors, and compliance with standards
    3. Gen AI journey goals and milestones
      Your organization's position in your Gen AI journey
      Examples: Maturity score, scope of Gen AI adoption, comfort and
      confidence with Gen AI capabilities, and complexity of Gen AI use cases

    Leverage Info-Tech's Diagnostics

    IT Management & Governance

    • Improvement to application development quality and throughput effectiveness
    • Increased importance of application delivery and maintenance capabilities across the IT organization
    • Delegation of delivery accountability across more IT roles

    CIO Business Vision

    • Improvements to IT satisfaction and value from delivered solutions
    • Changes to the value and importance of IT core services enabled with Gen AI
    • The state of business and IT relationships
    • Capability to deliver and support Gen AI effectively

    1.1.2 Outline the value you expect to gain from Gen AI

    1-3 hours

    1. Complete the following fields to build your Gen AI canvas:
      1. Problem that Gen AI is intending to solve
      2. List of stakeholders
      3. Desired business and IT outcomes
      4. In-scope solution delivery teams, systems, and capabilities.
    2. Record this information in the Gen AI Solution Delivery Readiness Assessment Tool.

    Output

    • Gen AI Canvas

    Participants

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Record the results in the Gen AI Solution Delivery Readiness Assessment Tool

    1.1.2 Example

    Example of an outline of the value you expect to gain from Gen AI

    Problem statements

    • Manual testing procedures hinder pace and quality of delivery.
    • Inaccurate requirement documentation leads to constant redesigning.

    Business and IT outcomes

    • Improve code quality and performance.
    • Expedite solution delivery cycle.
    • Improve collaboration between teams and reduce friction.

    List of stakeholders

    • Testing team
    • Application director
    • CIO
    • Design team
    • Project manager
    • Business analysts

    In-scope solution delivery teams, system, and capabilities

    • Web
    • Development
    • App development
    • Testing
    • Quality assurance
    • Business analysts
    • UI/UX design

    Align your objectives to the broader AI strategy

    Why is an organizational AI strategy important for Gen AI?

    • All Gen AI tactics and capabilities are designed, delivered, and managed to support a consistent interpretation of the broader AI vision and goals.
    • An organizational strategy gives clear understanding of the sprawl, criticality, and risks of Gen AI solutions and applications to other IT capabilities dependent on AI.
    • Gen AI initiatives are planned, prioritized, and coordinated alongside other software delivery practice optimizations and technology modernization initiatives.
    • Resources, skills, and capacities are strategically allocated to meet the needs of Gen AI considering other commitments in the software delivery optimization backlog and roadmap.
    • Gen AI expectations and practices uphold the persona, values, and principles of the software delivery team.

    What is an AI strategy?

    An AI strategy details the direction, activities, and tactics to deliver on the promise of your AI portfolio. It often includes:

    • AI vision and goals
    • Application, automation, and process portfolio involved or impacted by AI
    • Values and principles
    • Health of your AI portfolio
    • Risks and constraints
    • Strategic roadmap

    Step 1.2

    Evaluate opportunities for Gen AI

    Activities

    1.2.1 Align Gen AI opportunities with teams and capabilities.

    This step involves the following participants:

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Outcomes of this step

    • Understand the Gen AI opportunities for your solution delivery practice.

    Learn how Gen AI is employed in solution delivery

    Gen AI opportunity Common Gen AI tools and vendors Teams than can benefit How can teams leverage this? Case study
    Synthetic data generation
    • Testing
    • Data Analysts
    • Privacy and Security
    • Create test datasets
    • Replace sensitive personal data

    How Unity Leverages Synthetic Data
    Code generation
    • Development
    • Testing
    • Code Templates & Boilerplate
    • Code Refactoring

    How CI&T accelerated development by 11%
    Defect forecasting and debugging
    • Project Manager & Quality Assurance
    • Development
    • Testing
    • Identify root cause
    • Static and dynamic code analysis
    • Debugging assistance

    Altran Uses Microsoft Code Defect AI Solution
    Requirements documentation and elicitation
    • Business Analysts
    • Development
    • Document functional requirements
    • Writing test cases

    Google collaborates with Replit to reduce time to bring new products to market by 30%
    UI design and prototyping
    • UI/UX Design
    • Development
    • Deployment
    • Rapid prototyping
    • Design assistance

    How Spotify is Upleveling Their Entire Design Team

    Other common AI opportunities solutions include test case generation, code translation, use case creation, document generation, and automated testing.

    Opportunity 1: Synthetic data generation

    Create artificial data that mimics the structure of real-life data.

    What are the expected benefits?

    • Availability of test data: Creation of large volumes of data compatible for testing multiple systems within the organization.
    • Improved privacy: Substituting real data with artificial leads to reduced data leaks.
    • Quicker data provisioning: Automated generation of workable datasets aligned to company policies.

    What are the notable risks and challenges?

    • Generalization and misrepresentations: Data models used in synthetic data generation may not be an accurate representation of production data because of potentially conflicting definitions, omission of dependencies, and multiple sources of truth.
    • Lack of accurate representation: It is difficult for synthetic data to fully capture real-world data nuances.
    • Legal complexities: Data to build and train the Gen AI tool does not comply with data residency and management standards and regulations.

    How should teams prepare for synthetic data generation?

    It can be used:

    • To train machine learning models when there is not enough real data, or the existing data does not meet specific needs.
    • To improve quality of test by using data that closely resembles production without the risk of leveraging sensitive and private information.

    "We can simply say that the total addressable market of synthetic data and the total addressable market of data will converge,"
    Ofir Zuk, CEO, Datagen (Forbes, 2022)

    Opportunity 2: Code generation

    Learn patterns and automatically generate code.

    What are the expected benefits?

    • Increased productivity: It allows developers to generate more code quickly.
    • Improved code consistency: Code is generated using a standardized model and lessons learnt from successful projects.
    • Rapid prototyping: Expedite development of a working prototype to be verified and validated.

    What are the notable risks and challenges?

    • Limited contextual understanding: AI may lack domain-specific knowledge or understanding of requirements.
    • Dependency: Overreliance on AI generated codes can affect developers' creativity.
    • Quality concerns: Generated code is untested and its alignment to coding and quality standards is unclear.

    How should teams prepare for code generation?

    It can be used to:

    • Build solutions without the technical expertise of traditional development.
    • Discover different solutions to address coding challenges.
    • Kickstart new development projects with prebuilt code.

    According to a survey conducted by Microsoft's GitHub, a staggering 92% of programmers were reported as using AI tools in their workflow (GitHub, 2023).

    Opportunity 3: Defect forecasting & debugging

    Predict and proactively address defects before they occur.

    What are the expected benefits?

    • Reduced maintenance cost: Find defects earlier in the delivery process, when it's cheaper to fix them.
    • Increased efficiency: Testing efforts can remain focused on critical and complex areas of solution.
    • Reduced risk: Find critical defects before the product is deployed to production.

    What are the notable risks and challenges?

    • False positives and negatives: Incorrect interpretation and scope of defect due to inadequate training of the Gen AI model.
    • Inadequate training: Training data does not reflect the complexity of the solutions code.
    • Not incorporating feedback: Gen AI models are not retrained in concert with solution changes.

    How should teams prepare for defect forecasting and debugging?

    It can be used to:

    • Perform static and dynamic code analysis to find vulnerabilities in the solution source code.
    • Forecast potential issues of a solution based on previous projects and industry trends.
    • Find root cause and suggest solutions to address found defects.

    Using AI technologies, developers can reduce the time taken to debug and test code by up to 70%, allowing them to finish projects faster and with greater accuracy (Aloa, 2023).

    Opportunity 4: Requirements documentation & elicitation

    Capturing, documenting, and analyzing function and nonfunctional requirements.

    What are the expected benefits?

    • Improve quality of requirements: Obtain different perspectives and contexts for the problem at hand and help identify ambiguities and misinterpretation of risks and stakeholder expectation.
    • Increased savings: Fewer resources are consumed in requirements elicitation activities.
    • Increased delivery confidence: Provide sufficient information for the solution delivery team to confidently estimate and commit to the delivery of the requirement.

    What are the notable risks and challenges?

    • Conflicting bias: Gen AI models may interpret the problem differently than how the stakeholders perceive it.
    • Organization-specific interpretation: Inability of the Gen AI models to accommodate unique interpretation of terminologies, standards, trends and scenarios.
    • Validation and review: Interpreting extracted insights requires human validation.

    How should teams prepare for requirements documentation & elicitation?

    It can be used to:

    • Document requirements in a clear and concise manner that is usable to the solution delivery team.
    • Analyze and test requirements against various user, business, and technical scenarios.

    91% of top businesses surveyed report having an ongoing investment in AI (NewVantage Partners, 2021).

    Opportunity 5: UI design and prototyping

    Analyze existing patterns and principles to generate design, layouts, and working solutions.

    What are the expected benefits?

    • Increased experimentation: Explore different approaches and tactics to solve a solution delivery problem.
    • Improved collaboration: Provide quick design layouts that can be reshaped based on stakeholder feedback.
    • Ensure design consistency: Enforce a UI/UX design standard for all solutions.

    What are the notable risks and challenges?

    • Misinterpretation of UX Requirements: Gen AI model incorrectly assumes a specific interpretation of user needs, behaviors, and problem.
    • Incorrect or missing requirements: Lead to extensive redesigns and iterations, adding to costs while hampering user experience.
    • Design creativity: May lack originality and specific brand aesthetics if not augmented well with human customizability and creativity.

    How should teams prepare for UI design and prototyping?

    It can be used to:

    • Visualize the solution through different views and perspectives such as process flows and use-case diagrams.
    • Create working prototypes that can be verified and validated by stakeholders and end users.

    A study by McKinsey & Company found that companies that invest in AI-driven design outperform their peers in revenue growth and customer experience metrics. They were found to achieve up to two times higher revenue growth than industry peers and up to 10% higher net promoter score (McKinsey & Company, 2018).

    Determine the importance of your opportunities by answering these questions

    Realizing the complete potential of Gen AI relies on effectively fostering its adoption and resulting changes throughout the entire solution delivery process.

    What are the challenges faced by your delivery teams that could be addressed by Gen AI?

    • Recognize the precise pain points, bottlenecks, or inefficiencies faced by delivery teams.
    • Include all stakeholders' perspectives during problem discovery and root cause analysis.

    What's holding back Gen AI adoption in the organization?

    • Apart from technical barriers, address cultural and organizational challenges and discuss how organizational change management strategies can mitigate Gen AI adoption risk.

    Are your objectives aligned with Gen AI capabilities?

    • Identify areas where processes can be modernized and streamlined with automation.
    • Evaluate the current capabilities and resources available within the organization to leverage Gen AI technologies effectively.

    How can Gen AI improve the entire solution delivery process?

    • Investigate and evaluate the improvements Gen AI can reasonably deliver, such as increased accuracy, quickened delivery cycles, improved code quality, or enhanced cross-functional collaboration.

    1.2.1 Align Gen AI opportunities to teams and capabilities

    1-3 hours

    1. Associate the Gen AI opportunities that can be linked to your system capabilities. These opportunities refer to the potential applications of generative AI techniques, such as code generation or synthetic data, to address specific challenges.
      1. Start by analyzing your system's requirements, constraints, and areas where Gen AI techniques can bring value. Identify the potential benefits of integrating Gen AI, such as increased productivity, or enhanced creativity.
      2. Next, discern potential risks or challenges, such as dependency or quality concerns, associated with the opportunity implementation.
    2. Record this information in the Gen AI Solution Delivery Readiness Assessment Tool.

    Output

    • Gen AI opportunity selection

    Participants

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Record the results in the Gen AI Solution Delivery Readiness Assessment Tool

    Keep an eye out for red flags

    Not all Gen AI opportunities are delivered and adopted the same. Some present a bigger risk than others.

    • Establishing vague targets and success criteria
    • Defining Gen AI as substitution of human capital
    • Open-source software not widely adopted or validated
    • High level of dependency on automation
    • Unadaptable cross-functional training across organization
    • Overlooking privacy, security, legal, and ethical implications
    • Lack of Gen AI expertise and understanding of good practices

    Step 1.3

    Assess your readiness for Gen AI

    Activities

    1.3.1 Assess your readiness for Gen AI.

    This step involves the following participants:

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Outcomes of this step

    • A completed Gen AI Readiness Assessment to confirm how prepared you are to embrace Gen AI in your solution delivery team.

    Prepare your SDLC* to leverage Gen AI

    As organizations evolve and adopt more tools and technology, their solution delivery processes become more complex. Process improvement is needed to simplify complex and undocumented software delivery activities and artifacts and prepare it for Gen AI. Gen AI scales process throughput and output quantity, but it multiplies the negative impact of problems the process already has.

    When is your process ready for Gen AI?

    • Solution value Ensures the accuracy and alignment of the committed feature and change requests to what the stakeholder truly expects and receives.
    • ThroughputDelivers new products, enhancements, and changes at a pace and frequency satisfactory to stakeholder expectations and meets delivery commitments.
    • Process governance Has clear ownership and appropriate standardization. The roles, activities, tasks, and technologies are documented and defined. At each stage of the process someone is responsible and accountable.
    • Process management Follows a set of development frameworks, good practices, and standards to ensure the solution and relevant artifacts are built, tested, and delivered consistently and repeatably.
    • Technical quality assurance – Accommodates committed non-functional requirements within the stage's outputs to ensure products meet technical excellence expectations.

    *software development lifecycle

    To learn more, visit Info-Tech's Modernize Your SDLC blueprint.

    To learn more, visit Info-Tech's Build a Winning Business Process Automation Playbook

    Assess the impacts from Gen AI changes

    Ensure that no stone is left unturned as you evaluate the fit of Gen AI and prepare your adoption and support plans.

    By shining a light on considerations that might have otherwise escaped planners and decision makers, an impact analysis is an essential component to Gen AI success. This analysis should answer the following questions on the impact to your solution delivery teams.

    1. Will the change impact how our clients/customers receive, consume, or engage with our products/services?
    2. Will there be an increase in operational costs, and a change to compensation and/or rewards?
    3. Will this change increase the workload and alter staffing levels?
    4. Will the vision or mission of the team change?
    5. Will a new or different set of skills be needed?
    6. Will the change span multiple locations/time zones?
    7. Are multiple products/services impacted by this change?
    8. Will the workflow and approvals be changed, and will there be a substantial change to scheduling and logistics?
    9. Will the tools of the team be substantially different?
    10. Will there be a change in reporting relationships?

    See our Master Organizational Change Management Practices blueprint for more information.

    Brace for impact

    A thorough analysis of change impacts will help your software delivery teams and change leaders:

    • Bypass avoidable problems.
    • Remove non-fixed barriers to success.
    • Acknowledge and minimize the impact of unavoidable barriers.
    • Identify and leverage potential benefits.
    • Measure the success of the change.

    Many key IT capabilities are required to successfully leverage Gen AI

    Portfolio Management

    An accurate and rationalized inventory of all Gen AI tools verifies they support the goals and abide to the usage policies of the broader delivery practice. This becomes critical when tooling is updated frequently and licenses and open- source community principles drastically change (e.g. after an acquisition).

    Quality Assurance

    Gen AI tools are routinely verified and validated to ensure outcomes are accurate, complete, and aligned to solution delivery quality standards. Models are retrained using lessons learned, new use cases, and updated training data.

    Security & Access Management

    Externally developed and trained Gen AI models may not include the measures, controls, and tactics you need to prevent vulnerabilities and protect against threats that are critical in your security frameworks, policies, and standards.

    Data Management & Governance

    All solution delivery data and artifacts can be transformed and consumed in various ways as they transit through solution delivery and Gen AI tools. Data integrations, structures, and definitions must be well-defined, governed, and monitored.

    OPERATIONAL SUPPORT

    Resources are available to support the ongoing operations of the Gen AI tool, including infrastructure, preparing training data, and managing integration with other tools. They are also prepared to recover backups, roll back, and execute recovery plans at a moment's notice.

    Apply Gen AI good practices in your solution delivery practice

    1. Keep the human in the loop.
      Gen AI models cannot produce high-quality content with 100% confidence. Keeping the human in the loop allows people to directly give feedback to the model to improve output quality.
    2. Strengthen prompt and query engineering.
      The value of the outcome is dependent on what is being asked. Good prompts and queries focus on creating the optimal input by selecting and phrasing the appropriate words, sentence structures, and punctuation to illustrate the focus, scope, problem, and boundaries.
    3. Thoughtfully prepare your training data.
      Externally hosted Gen AI tools may store your training data in their systems or use it to train their other models. Intellectual property and sensitive data can leak into third-party systems and AI models if it is not properly masked and sanitized.
    4. Build guardrails into your Gen AI models.
      Guardrails can limit the variability of any misleading Gen AI responses by defining the scope and bounds of the response, enforcing the policies of its use, and clarifying the context of its response.
    5. Monitor your operational costs.
      The cost breakdown will vary among the types of Gen AI solution and the vendor offerings. Cost per query, consultant fees, infrastructure hosting, and licensing costs are just a few cost factors. Open source can be an attractive cost-saving option, but you must be willing to invest in the roles to assume traditional vendor accountabilities.
    6. Check the licenses of your Gen AI tool.
      Each platform has licenses and agreements on how their solution can or cannot be used. They limit your ability to use the tool for commercial purposes or reproductions or may require you to purchase and maintain a specific license to use their solution and materials.

    See Build Your Generative AI Roadmap for more information.

    Assess your Gen AI readiness

    • Solution delivery team
      The team is educated on Gen AI, its use cases, and the tools that enable it. They have the skills and capacity to implement, create, and manage Gen AI.
    • Solution delivery process and tools
      The solution delivery process is documented, repeatable, and optimized to use Gen AI effectively. Delivery tools are configured to enable, leverage and manage Gen AI assets to improve their performance and efficiency.
    • Solution delivery artifacts
      Delivery artifacts (e.g. code, scripts, documents) that will be used to train and be leveraged by Gen AI tools are discoverable, accurate, complete, standardized, of sufficient quantity, optimized for Gen AI use, and stored in an accessible shared central repository.
    • Governance
      Defined policies, role definitions, guidelines, and processes that guide the implementation, development, operations, and management of Gen AI.
    • Vision and executive support
      Clear alignment of Gen AI direction, ambition, and objectives with broader business and IT priorities. Stakeholders support the Gen AI initiative and allocate human and financial resources for its implementation within the solution delivery team.
    • Operational support
      The capabilities to manage the Gen AI tools and ensure they support the growing needs of the solution delivery practice, such as security management, hosting infrastructure, risk and change management, and data and application integration.

    1.3.1 Assess your readiness for Gen AI

    1-3 hours

    1. Review the current state of your solution delivery teams including their capacity, skills and knowledge, delivery practices, and tools and technologies.
    2. Determine the readiness of your team to adopt Gen AI.
    3. Discuss the gaps that need to be filled to be successful with Gen AI.
    4. Record this information in the Gen AI Solution Delivery Readiness Assessment Tool.

    Record the results in the Gen AI Solution Delivery Readiness Assessment Tool

    Output

    • Gen AI Solution Delivery Readiness Assessment

    Participants

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Recognize that Gen AI does not require a fully optimized solution delivery process

    1. Consideration; 2. Exploration; 3. Incorporation; 4. Proliferation; 5. Optimization. Steps 3-5 are Recommended maturity levels to properly embrace Gen AI.

    To learn more, visit Info-Tech's Develop Your Value-First Business Process Automation (BPA) Strategy.

    Be prepared to take the next steps

    Deliver Gen AI to your solution delivery teams

    Modernize Your SDLC
    Efficient and effective SDLC practices are vital, as products need to readily adjust to evolving and changing business needs and technologies.

    Adopt Generative AI in Solution Delivery
    Generative AI can drive productivity and solution quality gains to your solution delivery teams. Level set expectations with the right use case to demonstrate its value potential.

    Select Your AI Vendor & Implementation Partner
    The right vendor and partner are critical for success. Build the selection criteria to shortlist the products and services that best meets the current and future needs of your teams.

    Drive Business Value With Off-the-Shelf AI
    Build a framework that will guide your teams through the selection of an off-the-shelf AI tool with a clear definition of the business case and preparations for successful adoption.

    Build Your Enterprise Application Implementation Playbook
    Your Gen AI implementation doesn't start with technology, but with an effective plan that your team supports and is aligned to broader stakeholder and sponsor priorities and goals.

    Build your Gen AI practice

    • Get Started With AI
    • AI Strategy & Generative AI Roadmap
    • AI Governance

    Related Info-Tech Research

    Build a Winning Business Process Automation Playbook
    Optimize and automate your business processes with a user-centric approach.

    Embrace Business Managed Applications
    Empower the business to implement their own applications with a trusted business-IT relationship.

    Application Portfolio Management Foundations
    Ensure your application portfolio delivers the best possible return on investment.

    Maximize the Benefits from Enterprise Applications with a Center of Excellence
    Optimize your organization's enterprise application capabilities with a refined and scalable methodology.

    Create an Architecture for AI
    Build your target state architecture from predefined best-practice building blocks.

    Deliver on Your Digital Product Vision
    Build a product vision your organization can take from strategy through execution.

    Enhance Your Solution Architecture Practices
    Ensure your software systems solution is architected to reflect stakeholders' short- and long-term needs.

    Apply Design Thinking to Build Empathy With the Business
    Use design thinking and journey mapping to make IT the business' go-to problem solver.

    Modernize Your SDLC
    Deliver quality software faster with new tools and practices.

    Drive Business Value With Off-the-Shelf AI
    A practical guide to ensure return on your off-the-shelf AI investment.

    Bibliography

    "Altran Helps Developers Write Better Code Faster with Azure AI." Microsoft, 2020.
    "Apply Design Thinking to Complex Teams, Problems, and Organizations." IBM, 2021.
    Bianca. "Unleashing the Power of AI in Code Generation: 10 Applications You Need to Know — AITechTrend." AITechTrend, 16 May 2023.
    Biggs, John. "Deep Code Cleans Your Code with the Power of AI." TechCrunch, 26 Apr 2018.
    "Chat GPT as a Tool for Business Analysis — the Brazilian BA." The Brazilian BA, 24 Jan 2023.
    Davenport, Thomas, and Randy Bean. "Big Data and AI Executive Survey 2019." New Vantage Partners, 2019.
    Davenport, Thomas, and Randy Bean. "Big Data and AI Executive Survey 2021." New Vantage Partners, 2021.
    Das, Tamal. "9 Best AI-Powered Code Completion for Productive Development." Geek flare, 5 Apr 2023.
    Gondrezick, Ilya. "Council Post: How AI Can Transform the Software Engineering Process." Forbes, 24 Apr 2020.
    "Generative AI Speeds up Software Development: Compass UOL Study." PR Newswire, 29 Mar 2023.
    "GitLab 2023 Global Develops Report Series." Gitlab, 2023.
    "Game Changer: The Startling Power Generative AI Is Bringing to Software Development." KPMG, 30 Jan 2023.
    "How AI Can Help with Requirements Analysis Tools." TechTarget, 28 July 2020.
    Indra lingam, Ashanta. "How Spotify Is Upleveling Their Entire Design Team." Framer, 2019.
    Ingle, Prathamesh. "Top Artificial Intelligence (AI) Tools That Can Generate Code to Help Programmers." Matchcoat, 1 Jan 2023.
    Kaur, Jagreet . "AI in Requirements Management | Benefits and Its Processes." Xenon Stack, 13 June 2023.
    Lange, Danny. "Game On: How Unity Is Extending the Power of Synthetic Data beyond the Gaming Industry." CIO, 17 Dec 2020.
    Lin, Ying. "10 Artificial Intelligence Statistics You Need to Know in 2020." OBERLO, 17 Mar. 2023.
    Mauran, Cecily. "Whoops, Samsung Workers Accidentally Leaked Trade Secrets via ChatGPT." Mashable, 6 Apr 2023.

    Application Portfolio Management

    • Buy Link or Shortcode: {j2store}28|cart{/j2store}
    • Related Products: {j2store}28|crosssells{/j2store}
    • member rating overall impact: 9.1/10
    • member rating average dollars saved: $81,275
    • member rating average days saved: 20
    • Parent Category Name: Applications
    • Parent Category Link: /applications
    • byline: Manage your application portfolio to minimize risk and maximize value.

    The challenge

    • The chances are that you, too, have too many or far too many applications in your organization. You will not be alone. Almost 60% of companies report the same issue. 
    • That is due to poorly managed portfolios.
    • Your application managers now need to support too many non-critical applications, and they spend insufficient time on the vital applications.
    • You can rarely find the required pieces to rationalize your portfolio in one place. You will need to find the resources and build a team.
    • The lack of standard practices to define the value that each application in a portfolio provides to the company causes misalignments.

    Our advice

    Insight

    • There is no silver bullet solution. Going too rigid in your approach causes delays in value realization through application portfolio management. It may even prevent this altogether. Define flexible inputs to your portfolio and align closely with your business goals.

    Impact and results 

    • Define the outputs of your application rationalization effort, with clear roles and responsibilities.
    • Tailor the application rationalization framework (ARF) to your company's motivations, goals, and limitations.
    • Apply various application assessments to build a clear picture of your portfolio.
    • Build an application portfolio roadmap that shows your target state based on your rationalization decisions.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief shows you why you should rationalize your application portfolio using a tailored framework for your company. We'll show you our methodology and the ways we can help you in handling this.

    Lay the foundations

    Define why you want to rationalize your application portfolio. Define the end state and scope. Build your action plan.

    • Build an Application Rationalization Framework – Phase 1: Lay Your Foundations (ppt)
    • Application Rationalization Tool (xls)

    Plan the application rationalization framework

    Understand what the core assessments are that you perform in these rationalizations. Define your framework and how rigorous you want to apply the reviews based on your business context.

    • Build an Application Rationalization Framework – Phase 2: Plan Your Application Rationalization Framework (ppt)

    Test and adapt your application rationalization framework (ARF)

    Our tool allows you to test the elements of your ARF. Then do a retrospective and adapt based on your experience and desired outcomes. 

    • Build an Application Rationalization Framework – Phase 3: Test and Adapt Your Application Rationalization Framework (ppt)
    • Application TCO Calculator (xls)
    • Value Calculator (xls)

    Initiate your roadmap

    Review your dispositions to ensure they align with your goals. 

    • Build an Application Rationalization Framework – Phase 4: Initiate Your Roadmap (ppt)
    • Disposition Prioritization Tool (xls)

     

    Optimize IT Change Management

    • Buy Link or Shortcode: {j2store}409|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $33,585 Average $ Saved
    • member rating average days saved: 27 Average Days Saved
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Infrastructure managers and change managers need to re-evaluate their change management processes due to slow change turnaround time, too many unauthorized changes, too many incidents and outages because of poorly managed changes, or difficulty evaluating and prioritizing changes.
    • IT system owners often resist change management because they see it as slow and bureaucratic.
    • Infrastructure changes are often seen as different from application changes, and two (or more) processes may exist.

    Our Advice

    Critical Insight

    • ITIL provides a usable framework for change management, but full process rigor is not appropriate for every change request.
    • You need to design a process that is flexible enough to meet the demand for change, and strict enough to protect the live environment from change-related incidents.
    • A mature change management process will minimize review and approval activity. Counterintuitively, with experience in implementing changes, risk levels decline to a point where most changes are “pre-approved.”

    Impact and Result

    • Create a unified change management process that reduces risk. The process should be balanced in its approach toward deploying changes while also maintaining throughput of innovation and enhancements.
    • Categorize changes based on an industry-standard risk model with objective measures of impact and likelihood.
    • Establish and empower a change manager and change advisory board with the authority to manage, approve, and prioritize changes.
    • Integrate a configuration management database with the change management process to identify dependencies.

    Optimize IT Change Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should optimize change management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Optimize IT Change Management – Phases 1-4

    1. Define change management

    Assess the maturity of your existing change management practice and define the scope of change management for your organization.

    • Change Management Maturity Assessment Tool
    • Change Management Risk Assessment Tool

    2. Establish roles and workflows

    Build your change management team and standardized process workflows for each change type.

    • Change Manager
    • Change Management Process Library – Visio
    • Change Management Process Library – PDF
    • Change Management Standard Operating Procedure

    3. Define the RFC and post-implementation activities

    Bookend your change management practice by standardizing change intake, implementation, and post-implementation activities.

    • Request for Change Form Template
    • Change Management Pre-Implementation Checklist
    • Change Management Post-Implementation Checklist

    4. Measure, manage, and maintain

    Form an implementation plan for the project, including a metrics evaluation, change calendar inputs, communications plan, and roadmap.

    • Change Management Metrics Tool
    • Change Management Communications Plan
    • Change Management Roadmap Tool
    • Optimize IT Change Management Improvement Initiative: Project Summary Template

    [infographic]

    Workshop: Optimize IT Change Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Change Management

    The Purpose

    Discuss the existing challenges and maturity of your change management practice.

    Build definitions of change categories and the scope of change management.

    Key Benefits Achieved

    Understand the starting point and scope of change management.

    Understand the context of change request versus other requests such as service requests, projects, and operational tasks.

    Activities

    1.1 Outline strengths and challenges

    1.2 Conduct a maturity assessment

    1.3 Build a categorization scheme

    1.4 Build a risk assessment matrix

    Outputs

    Change Management Maturity Assessment Tool

    Change Management Risk Assessment Tool

    2 Establish Roles and Workflows

    The Purpose

    Define roles and responsibilities for the change management team.

    Develop a standardized change management practice for approved changes, including process workflows.

    Key Benefits Achieved

    Built the team to support your new change management practice.

    Develop a formalized and right-sized change management practice for each change category. This will ensure all changes follow the correct process and core activities to confirm changes are completed successfully.

    Activities

    2.1 Define the change manager role

    2.2 Outline the membership and protocol for the Change Advisory Board (CAB)

    2.3 Build workflows for normal, emergency, and pre-approved changes

    Outputs

    Change Manager Job Description

    Change Management Standard Operating Procedure (SOP)

    Change Management Process Library

    3 Define the RFC and Post-Implementation Activities

    The Purpose

    Create a new change intake process, including a new request for change (RFC) form.

    Develop post-implementation review activities to be completed for every IT change.

    Key Benefits Achieved

    Bookend your change management practice by standardizing change intake, implementation, and post-implementation activities.

    Activities

    3.1 Define the RFC template

    3.2 Determine post-implementation activities

    3.3 Build your change calendar protocol

    Outputs

    Request for Change Form Template

    Change Management Post-Implementation Checklist

    Project Summary Template

    4 Measure, Manage, and Maintain

    The Purpose

    Develop a plan and project roadmap for reaching your target for your change management program maturity.

    Develop a communications plan to ensure the successful adoption of the new program.

    Key Benefits Achieved

    A plan and project roadmap for reaching target change management program maturity.

    A communications plan ready for implementation.

    Activities

    4.1 Identify metrics and reports

    4.2 Build a communications plan

    4.3 Build your implementation roadmap

    Outputs

    Change Management Metrics Tool

    Change Management Communications Plan

    Change Management Roadmap Tool

    Further reading

    Optimize IT Change Management

    Right-size IT change management practice to protect the live environment.

    EXECUTIVE BRIEF

    Analyst Perspective

    Balance risk and efficiency to optimize IT change management.

    Change management (change enablement, change control) is a balance of efficiency and risk. That is, pushing changes out in a timely manner while minimizing the risk of deployment. On the one hand, organizations can attempt to avoid all risk and drown the process in rubber stamps, red tape, and bureaucracy. On the other hand, organizations can ignore process and push out changes as quickly as possible, which will likely lead to change related incidents and debilitating outages.

    Right-sizing the process does not mean adopting every recommendation from best-practice frameworks. It means balancing the efficiency of change request fulfillment with minimizing risk to your organization. Furthermore, creating a process that encourages adherence is key to avoid change implementers from skirting your process altogether.

    Benedict Chang, Research Analyst, Infrastructure and Operations, Info-Tech Research Group

    Executive Summary

    Your Challenge

    Infrastructure and application change occurs constantly and is driven by changing business needs, requests for new functionality, operational releases and patches, and resolution of incidents or problems detected by the service desk.

    IT managers need to follow a standard change management process to ensure that rogue changes are never deployed while the organization remains responsive to demand.

    Common Obstacles

    IT system owners often resist change management because they see it as slow and bureaucratic.

    At the same time, an increasingly interlinked technical environment may cause issues to appear in unexpected places. Configuration management systems are often not kept up-to-date and do not catch the potential linkages.

    Infrastructure changes are often seen as “different” from application changes and two (or more) processes may exist.

    Info-Tech’s Approach

    Info-Tech’s approach will help you:

    • Create a unified change management practice that balances risk and throughput of innovation.
    • Categorize changes based on an industry-standard risk model with objective measures of impact and likelihood.
    • Establish and empower a Change Manager and Change Advisory Board (CAB) with the authority to manage, approve, and prioritize changes.

    Balance Risk and Efficiency to Optimize IT Change Management

    Two goals of change management are to protect the live environment and deploying changes in a timely manner. These two may seem to sometimes be at odds against each other, but assessing risk at multiple points of a change’s lifecycle can help you achieve both.

    Your challenge

    This research is designed to help organizations who need to:

    • Build a right-sized change management practice that encourages adherence and balances efficiency and risk.
    • Integrate the change management practice with project management, service desk processes, configuration management, and other areas of IT and the business.
    • Communicate the benefits and impact of change management to all the stakeholders affected by the process.

    Change management is heavily reliant on organizational culture

    Having a right-sized process is not enough. You need to build and communicate the process to gather adherence. The process is useless if stakeholders are not aware of it or do not follow it.

    Increase the Effectiveness of Change Management in Your Organization

    The image is a bar graph, with the segments labelled 1 and 2. The y-axis lists numbers 1-10. Segment 1 is at 6.2, and segment 2 is at 8.6.

    Of the eight infrastructure & operations processes measured in Info-Tech’s IT Management and Governance Diagnostic (MGD) program, change management has the second largest gap between importance and effectiveness of these processes.

    Source: Info-Tech 2020; n=5,108 IT professionals from 620 organizations

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • Gaining buy-in can be a challenge no matter how well the process is built.
    • The complexity of the IT environment and culture of tacit knowledge for configuration makes it difficult to assess cross-dependencies of changes.
    • Each silo or department may have their own change management workflows that they follow internally. This can make it difficult to create a unified process that works well for everyone.

    “Why should I fill out an RFC when it only takes five minutes to push through my change?”

    “We’ve been doing this for years. Why do we need more bureaucracy?”

    “We don’t need change management if we’re Agile.”

    “We don’t have the right tools to even start change management.”

    “Why do I have to attend a CAB meeting when I don’t care what other departments are doing?”

    Info-Tech’s approach

    Build change management by implementing assessments and stage gates around appropriate levels of the change lifecycle.

    The image is a circle, comprised of arrows, with each arrow pointing to the next, forming a cycle. Each arrow is labelled, as follows: Improve; Request; Assess; Plan; Approve; Implement

    The Info-Tech difference:

    1. Create a unified change management process that balances risk and throughput of innovation.
    2. Categorize changes based on an industry-standard risk model with objective measures of impact and likelihood.
    3. Establish and empower a Change Manager and Change Advisory Board (CAB) with the authority to manage, approve, and prioritize changes.

    IT change is constant and is driven by:

    Change Management:

    1. Operations - Operational releases, maintenance, vendor-driven updates, and security updates can all be key drivers of change. Example: ITSM version update
      • Major Release
      • Maintenance Release
      • Security Patch
    2. Business - Business-driven changes may include requests from other business departments that require IT’s support. Examples: New ERP or HRIS implementation
      • New Application
      • New Version
    3. Service desk → Incident & Problem - Some incident and problem tickets require a change to facilitate resolution of the incident. Examples: Outage necessitating update of an app (emergency change), a user request for new functionality to be added to an existing app
      • Workaround
      • Fix
    4. Configuration Management Database (CMDB) ↔ Asset Management - In addition to software and hardware asset dependencies, a configuration management database (CMDB) is used to keep a record of changes and is queried to assess change requests.
      • Hardware
      • Software

    Insight summary

    “The scope of change management is defined by each organization…the purpose of change management is to maximize the number of successful service and product changes by ensuring that the risk have been properly assessed, authorizing changes to process, and managing the change schedule.” – ALEXOS Limited, ITIL 4

    Build a unified change management process balancing risk and change throughput.

    Building a unified process that oversees all changes to the technical environment doesn’t have to be burdensome to be effective. However, the process is a necessary starting point to identifying cross dependencies and avoiding change collisions and change-related incidents.

    Use an objective framework for estimating risk

    Simply asking, “What is the risk?” will result in subjective responses that will likely minimize the perceived risk. The level of due diligence should align to the criticality of the systems or departments potentially impacted by the proposed changes.

    Integrate your change process with your IT service management system

    Change management in isolation will provide some stability, but maturing the process through service integrations will enable data-driven decisions, decrease bureaucracy, and enable faster and more stable throughput.

    Change management and DevOps can work together effectively

    Change and DevOps tend to be at odds, but the framework does not have to change. Lower risk changes in DevOps are prime candidates for the pre-approved category. Much of the responsibility traditionally assigned to the CAB can be diffused throughout the software development lifecycle.

    Change management and DevOps can coexist

    Shift the responsibility and rigor to earlier in the process.

    • If you are implementing change management in a DevOps environment, ensure you have a strong DevOps lifecycle. You may wish to refer to Info-Tech’s research Implementing DevOps Practices That Work.
    • Consider starting in this blueprint by visiting Appendix II to frame your approach to change management. Follow the blueprint while paying attention to the DevOps Callouts.

    DEVOPS CALLOUTS

    Look for these DevOps callouts throughout this storyboard to guide you along the implementation.

    The image is a horizontal figure eight, with 7 arrows, each pointing into the next. They are labelled are follows: Plan; Create; Verify; Package; Release; Configure; Monitor. At the centre of the circles are the words Dev and Ops.

    Successful change management will provide benefits to both the business and IT

    Respond to business requests faster while reducing the number of change-related disruptions.

    IT Benefits

    • Fewer change-related incidents and outages
    • Faster change turnaround time
    • Higher rate of change success
    • Less change rework
    • Fewer service desk calls related to poorly communicated changes

    Business Benefits

    • Fewer service disruptions
    • Faster response to requests for new and enhanced functionalities
    • Higher rate of benefits realization when changes are implemented
    • Lower cost per change
    • Fewer “surprise” changes disrupting productivity

    IT satisfaction with change management will drive business satisfaction with IT. Once the process is working efficiently, staff will be more motivated to adhere to the process, reducing the number of unauthorized changes. As fewer changes bypass proper evaluation and testing, service disruptions will decrease and business satisfaction will increase.

    Change management improves core benefits to the business: the four Cs

    Most organizations have at least some form of change control in place, but formalizing change management leads to the four Cs of business benefits:

    Control

    Change management brings daily control over the IT environment, allowing you to review every relatively new change, eliminate changes that would have likely failed, and review all changes to improve the IT environment.

    Collaboration

    Change management planning brings increased communication and collaboration across groups by coordinating changes with business activities. The CAB brings a more formalized and centralized communication method for IT.

    Consistency

    Request for change templates and a structured process result in implementation, test, and backout plans being more consistent. Implementing processes for pre-approved changes also ensures these frequent changes are executed consistently and efficiently.

    Confidence

    Change management processes will give your organization more confidence through more accurate planning, improved execution of changes, less failure, and more control over the IT environment. This also leads to greater protection against audits.

    You likely need to improve change management more than any other infrastructure & operations process

    The image shows a vertical bar graph. Each segment of the graph is labelled for an infrastructure/operations process. Each segment has two bars one for effectiveness, and another for importance. The first segment, Change Management, is highlighted, with its Effectiveness at a 6.2 and Importance at 8.6

    Source: Info-Tech 2020; n=5,108 IT Professionals from 620 organizations

    Of the eight infrastructure and operations processes measured in Info-Tech’s IT Management and Governance Diagnostic (MGD) program, change management consistently has the second largest gap between importance and effectiveness of these processes.

    Executives and directors recognize the importance of change management but feel theirs is currently ineffective

    Info-Tech’s IT Management and Governance Diagnostic (MGD) program assesses the importance and effectiveness of core IT processes. Since its inception, the MGD has consistently identified change management as an area for immediate improvement.

    The image is a vertical bar graph, with four segments, each having 2 bars, one for Effectiveness and the other for Importance. The four segments are (with Effectiveness and Importance ratings in brackets, respectively): Frontline (6.5/8.6); Manager (6.6/8.9); Director (6.4/8.8); and Executive (6.1/8.8)

    Source: Info-Tech 2020; n=5,108 IT Professionals from 620 organizations

    Importance Scores

    No importance: 1.0-6.9

    Limited importance: 7.0-7.9

    Significant importance: 8.0-8.9

    Critical importance: 9.0-10.0

    Effectiveness Scores

    Not in place: n/a

    Not effective: 0.0-4.9

    Somewhat Ineffective: 5.0-5.9

    Somewhat effective: 6.0-6.9

    Very effective: 7.0-10.0

    There are several common misconceptions about change management

    Which of these have you heard in your organization?

     Reality
    “It’s just a small change; this will only take five minutes to do.” Even a small change can cause a business outage. That small fix could impact a large system connected to the one being fixed.
    “Ad hoc is faster; too many processes slow things down.” Ad hoc might be faster in some cases, but it carries far greater risk. Following defined processes keeps systems stable and risk-averse.
    “Change management is all about speed.” Change management is about managing risk. It gives the illusion of speed by reducing downtime and unplanned work.
    “Change management will limit our capacity to change.” Change management allows for a better alignment of process (release management) with governance (change management).

    Overcome perceived challenges to implementing change management to reap measurable reward

    Before: Informal Change Management

    Change Approval:

    • Changes do not pass through a formal review process before implementation.
    • 10% of released changes are approved.
    • Implementation challenge: Staff will resist having to submit formal change requests and assessments, frustrated at the prospect of having to wait longer to have changes approved.

    Change Prioritization

    • Changes are not prioritized according to urgency, risk, and impact.
    • 60% of changes are urgent.
    • Implementation challenge: Influential stakeholders accustomed to having changes approved and deployed might resist having to submit changes to a standard cost-benefit analysis.

    Change Deployment

    • Changes often negatively impact user productivity.
    • 25% of changes are realized as planned.
    • Implementation challenge: Engaging the business so that formal change freeze periods and regular maintenance windows can be established.

    After: Right-Sized Change Management

    Change Approval

    • All changes pass through a formal review process. Once a change is repeatable and well-tested, it can be pre-approved to save time. Almost no unauthorized changes are deployed.
    • 95% of changes are approved.
    • KPI: Decrease in change-related incidents

    Change Prioritization

    • The CAB prioritizes changes so that the business is satisfied with the speed of change deployment.
    • 35% of changes are urgent.
    • KPI: Decrease in change turnaround time.

    Change deployment

    • Users are always aware of impending changes and changes don’t interrupt critical business activities.
    • Over 80% of changes are realized as planned
    • KPI: Decrease in the number of failed deployments.

    Info-Tech’s methodology for change management optimization focuses on building standardized processes

     1. Define Change Management2. Establish Roles and Workflows3. Define the RFC and Post-Implementation Activities4. Measure, Manage, and Maintain
    Phase Steps

    1.1 Assess Maturity

    1.2 Categorize Changes and Build Your Risk Assessment

    2.1 Determine Roles and Responsibilities

    2.2 Build Core Workflows

    3.1 Design the RFC

    3.2 Establish Post-Implementation Activities

    4.1 Identify Metrics and Build the Change Calendar

    4.2 Implement the Project
      Change Management Standard Operating Procedure (SOP) Change Management Project Summary Template
    Phase Deliverables
    • Change Management Maturity Assessment Tool
    • Change Management Risk Assessment Tool
    • Change Manager Job Description
    • Change Management Process Library
    • Request for Change (RFC) Form Template
    • Change Management Pre-Implementation Checklist
    • Change Management Post-Implementation Checklist
    • Change Management Metrics Tool
    • Change Management
    • Communications Plan
    • Change Management Roadmap Tool

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Change Management Process Library

    Document your normal, pre-approved, and emergency change lifecycles with the core process workflows .

    Change Management Risk Assessment Tool

    Test Drive your impact and likelihood assessment questionnaires with the Change Management Risk Assessment Tool.

    Project Summary Template

    Summarize your efforts in the Optimize IT Change Management Improvement Initiative: Project Summary Template.

    Change Management Roadmap Tool

    Record your action items and roadmap your steps to a mature change management process.

    Key Deliverable:

    Change Management SOP

    Document and formalize your process starting with the change management standard operating procedure (SOP).

    These case studies illustrate the value of various phases of this project

    Define Change Management

    Establish Roles and Workflows

    Define RFC and Post-Implementation Activities

    Measure, Manage, and Maintain

    A major technology company implemented change management to improve productivity by 40%. This case study illustrates the full scope of the project.

    A large technology firm experienced a critical outage due to poor change management practices. This case study illustrates the scope of change management definition and strategy.

    Ignorance of change management process led to a technology giant experiencing a critical cloud outage. This case study illustrates the scope of the process phase.

    A manufacturing company created a makeshift CMDB in the absence of a CMDB to implement change management. This case study illustrates the scope of change intake.

    A financial institution tracked and recorded metrics to aid in the success of their change management program. This case study illustrates the scope of the implementation phase.

    Working through this project with Info-Tech can save you time and money

    Engaging in a Guided Implementation doesn’t just offer valuable project advice, it also results in significant cost savings.

    Guided ImplementationMeasured Vale
    Phase 1: Define Change Management
    • We estimate Phase 1 activities will take 2 FTEs 10 days to complete on their own, but the time saved by using Info-Tech’s methodology will cut that time in half, thereby saving $3,100 (2 FTEs * 5 days * $80,000/year).

    Phase 2: Establish Roles and Workflows
    • We estimate Phase 2 will take 2 FTEs 10 days to complete on their own, but the time saved by using Info-Tech’s methodology will cut that time in half, thereby saving $3,100 (2 FTEs * 5 days * $80,000/year).
    Phase 3: Define the RFC and Post-Implementation Activities
    • We estimate Phase 3 will take 2 FTEs 10 days to complete on their own, but the time saved by using Info-Tech’s methodology will cut that time in half, thereby saving $3,100 (2 FTEs * 5 days * $80,000/year).

    Phase 4: Measure, Manage, and Maintain
    • We estimate Phase 4 will take 2 FTEs 5 days to complete on their own, but the time saved by using Info-Tech’s methodology will cut that time in half, thereby saving $1,500 (2 FTEs * 2.5 days * $80,000/year).
    Total Savings $10,800

    Case Study

    Industry: Technology

    Source: Daniel Grove, Intel

    Intel implemented a robust change management program and experienced a 40% improvement in change efficiency.

    Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.

    ITIL Change Management Implementation

    With close to 4,000 changes occurring each week, managing Intel’s environment is a formidable task. Before implementing change management within the organization, over 35% of all unscheduled downtime was due to errors resulting from change and release management. Processes were ad hoc or scattered across the organization and no standards were in place.

    Results

    After a robust implementation of change management, Intel experienced a number of improvements including automated approvals, the implementation of a formal change calendar, and an automated RFC form. As a result, Intel improved change productivity by 40% within the first year of the program’s implementation.

    Define Change Management

    Establish Roles and Workflows

    Define RFC and Post-Implementation Activities

    Measure, Manage, and Maintain

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Define Change Management

    • Call #1: Introduce change concepts.
    • Call #2: Assess current maturity.
    • Call #3: Identify target-state capabilities.

    Establish Roles and Workflows

    • Call #4: Review roles and responsibilities.
    • Call #5: Review core change processes.

    Define RFC and Post- Implementation Activities

    • Call #6: Define change intake process.
    • Call #7: Create pre-implementation and post-implementation checklists.

    Measure, Manage, and Maintain

    • Call #8: Review metrics.
    • Call #9: Create roadmap.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

     Day 1Day 2Day 3Day 4Day 5
    Activities

    Define Change Management

    1.1 Outline Strengths and Challenges

    1.2 Conduct a Maturity Assessment

    1.3 Build a Change Categorization Scheme

    1.4 Build Your Risk Assessment

    Establish Roles and Workflows

    2.1 Define the Change Manager Role

    2.2 Outline CAB Protocol and membership

    2.3 Build Normal Change Process

    2.4 Build Emergency Change Process

    2.5 Build Pre-Approved Change Process

    Define the RFC and Post-Implementation Activities

    3.1 Create an RFC Template

    3.2 Determine Post-Implementation Activities

    3.3 Build a Change Calendar Protocol

    Measure, Manage, and Maintain

    4.1 Identify Metrics and Reports

    4.2 Create Communications Plan

    4.3 Build an Implementation Roadmap

    Next Steps and Wrap-Up (offsite)

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps
    Deliverables
    1. Maturity Assessment
    2. Risk Assessment
    1. Change Manager Job Description
    2. Change Management Process Library
    1. Request for Change (RFC) Form Template
    2. Pre-Implementation Checklist
    3. Post-Implementation Checklist
    1. Metrics Tool
    2. Communications Plan
    3. Project Roadmap
    1. Change Management Standard Operating Procedure (SOP)
    2. Workshop Summary Deck

    Phase 1

    Define Change Management

    Define Change Management

    1.1 Assess Maturity

    1.2 Categorize Changes and Build Your Risk Assessment

    Establish Roles and Workflows

    2.1 Determine Roles and Responsibilities

    2.2 Build Core Workflows

    Define the RFC and Post-Implementation Activities

    3.1 Design the RFC

    3.2 Establish Post-Implementation Activities

    Measure, Manage, and Maintain

    4.1 Identify Metrics and Build the Change Calendar

    4.2 Implement the Project

    This phase will guide you through the following steps:

    • Assess Maturity
    • Categorize Changes and Build Your Risk Assessment

    This phase involves the following participants:

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board

    Step 1.1

    Assess Maturity

    Activities

    1.1.1 Outline the Organization’s Strengths and Challenges

    1.1.2 Complete a Maturity Assessment

    This step involves the following participants:

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board

    Outcomes of this step

    • An understanding of maturity change management processes and frameworks
    • Identification of existing change management challenges and potential causes
    • A framework for assessing change management maturity and an assessment of your existing change management processes

    Define Change Management

    Step 1.1: Assess Maturity → Step 1.2: Categorize Changes and Build Your Risk Assessment

    Change management is often confused with release management, but they are distinct processes

    Change

    • Change management looks at software changes as well as hardware, database, integration, and network changes, with the focus on stability of the entire IT ecosystem for business continuity.
    • Change management provides a holistic view of the IT environment, including dependencies, to ensure nothing is negatively affected by changes.
    • Change documentation is more focused on process, ensuring dependencies are mapped, rollout plans exist, and the business is not at risk.

    Release

    • Release and deployment are the detailed plans that bundle patches, upgrades, and new features into deployment packages, with the intent to change them flawlessly into a production environment.
    • Release management is one of many actions performed under change management’s governance.
    • Release documentation includes technical specifications such as change schedule, package details, change checklist, configuration details, test plan, and rollout and rollback plans.

    Info-Tech Insight

    Ensure the Release Manager is present as part of your CAB. They can explain any change content or dependencies, communicate business approval, and advise the service desk of any defects.

    Integrate change management with other IT processes

    As seen in the context diagram, change management interacts closely with many other IT processes including release management and configuration management (seen below). Ensure you delineate when these interactions occur (e.g. RFC updates and CMDB queries) and which process owns each task.

    The image is a chart mapping the interactions between Change Management and Configuration Management (CMDB).

    Avoid the challenges of poor change management

    1. Deployments
      • Too frequent: The need for frequent deployments results in reduced availability of critical business applications.
      • Failed deployments or rework is required: Deployments are not successful and have to be backed out of and then reworked to resolve issues with the installation.
      • High manual effort: A lack of automation results in high resource costs for deployments. Human error is likely, which adds to the risk of a failed deployment.
    2. Incidents
      • Too many unauthorized changes: If the process is perceived as cumbersome and ineffective, people will bypass it or abuse the emergency designation to get their changes deployed faster.
      • Changes cause incidents: When new releases are deployed, they create problems with related systems or applications.
    3. End Users
      • Low user satisfaction: Poor communication and training result in surprised and unhappy users and support staff.

    “With no controls in place, IT gets the blame for embarrassing outages. Too much control, and IT is seen as a roadblock to innovation.” – Anonymous, VP IT of a federal credit union

    1.1.1 Outline the Organization’s Strengths and Challenges

    Input

    • Current change documentation (workflows, SOP, change policy, etc.)
    • Organizational chart(s)

    Output

    • List of strengths and challenges for change management

    Materials

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board
    1. As group, discuss and outline the change management challenges facing the organization. These may be challenges caused by poor change management processes or by a lack of process.
    2. Use the pain points found on the previous slide to help guide the discussion.
    3. As a group, also outline the strengths of change management and the strengths of the current organization. Use these strengths as a guide to know what practices to continue and what strengths you can leverage to improve the change management process.
    4. Record the activity results in the Project Summary Template.

    Download the Optimize IT Change Management Improvement Initiative: Project Summary Template

    Assess current change management maturity to create a plan for improvement

     ChaosReactiveControlled

    Proactive

    		Optimized
    Change Requests No defined processes for submitting changes Low process adherence and no RFC form RFC form is centralized and a point of contact for changes exists RFCs are reviewed for scope and completion RFCs trend analysis and proactive change exists
    Change Review Little to no change risk assessment Risk assessment exists for each RFC RFC form is centralized and a point of contact for changes exists Change calendar exists and is maintained System and component dependencies exist (CMDB)
    Change Approval No formal approval process exists Approval process exists but is not widely followed Unauthorized changes are minimal or nonexistent Change advisory board (CAB) is established and formalized Trend analysis exists increasing pre-approved changes
    Post-Deployment No post-deployment change review exists Process exists but is not widely followed Reduction of change-related incidents Stakeholder satisfaction is gathered and reviewed Lessons learned are propagated and actioned
    Process Governance Roles & responsibilities are ad hoc Roles, policies & procedures are defined & documented Roles, policies & procedures are defined & documented KPIs are tracked, reported on, and reviewed KPIs are proactively managed for improvement

    Info-Tech Insight

    Reaching an optimized level is not feasible for every organization. You may be able to run a very good change management process at the Proactive or even Controlled stage. Pay special attention to keeping your goals attainable.

    1.1.2 Complete a Maturity Assessment

    Input

    • Current change documentation (workflows, SOP, change policy, etc.)

    Output

    • Assessment of current maturity level and goals to improve change management

    Materials

    Participants

    • Change Manager
    • Service Desk Manager
    • Operations (optional)
    1. Use Info-Tech’s Change Management Maturity Assessment Tool to assess the maturity and completeness of your change process.
    2. Significant gaps revealed in this assessment should be the focal points of your discussion when investigating root causes and brainstorming remediation activities:
      1. For each activity of each process area of change management, determine the degree of completeness of your current process.
      2. Review your maturity assessment results and discuss as a group potential reasons why you arrived at your maturity level. Identify areas where you should focus your initial attention for improvement.
      3. Regularly review the maturity of your change management practices by completing this maturity assessment tool periodically to identify other areas to optimize.

    Download the Change Management Maturity Assessment Tool

    Case Study

    Even Google isn’t immune to change-related outages. Plan ahead and communicate to help avoid change-related incidents

    Industry: Technology

    Source: The Register

    As part of a routine maintenance procedure, Google engineers moved App Engine applications between data centers in the Central US to balance out traffic.

    Unfortunately, at the same time that applications were being rerouted, a software update was in progress on the traffic routers, which triggered a restart. This temporarily diminished router capacity, knocking out a sizeable portion of Google Cloud.

    The server drain resulted in a huge spike in startup requests, and the routers simply couldn’t handle the traffic.

    As a result, 21% of Google App Engine applications hosted in the Central US experienced error rates in excess of 10%, while an additional 16% of applications experienced latency, albeit at a lower rate.

    Solution

    Thankfully, engineers were actively monitoring the implementation of the change and were able to spring into action to halt the problem.

    The change was rolled back after 11 minutes, but the configuration error still needed to be fixed. After about two hours, the change failure was resolved and the Google Cloud was fully functional.

    One takeaway for the engineering team was to closely monitor how changes are scheduled. Ultimately, this was the result of miscommunication and a lack of transparency between change teams.

    Step 1.2

    Categorize Changes and Build Your Risk Assessment

    Activities

    1.2.1 Define What Constitutes a Change

    1.2.2 Build a Change Categorization Scheme

    1.2.3 Build a Classification Scheme to Assess Impact

    1.2.4 Build a Classification Scheme to Define Likelihood

    1.2.5 Evaluate and Adjust Your Risk Assessment Scheme

    Define Change Management

    Step 1.1: Assess Maturity → Step 1.2: Categorize Changes and Build Your Risk Assessment

    This step involves the following participants:

    • Infrastructure/Applications Manager
    • Change Manager
    • Members of the Change Advisory Board

    Outcomes of this step

    • A clear definition of what constitutes a change in your organization
    • A defined categorization scheme to classify types of changes
    • A risk assessment matrix and tool for evaluating and prioritizing change requests according to impact and likelihood of risk

    Change must be managed to mitigate risk to the infrastructure

    Change management is the gatekeeper protecting your live environment.

    Successfully managed changes will optimize risk exposure, severity of impact, and disruption. This will result in the bottom-line business benefits of removal of risk, early realization of benefits, and savings of money and time.

    • IT change is constant; change requests will be made both proactively and reactively to upgrade systems, acquire new functionality, and to prevent or resolve incidents.
    • Every change to the infrastructure must pass through the change management process before being deployed to ensure that it has been properly assessed and tested, and to check that a backout /rollback plan is in place.
    • It will be less expensive to invest in a rigorous change management process than to resolve incidents, service disruptions, and outages caused by the deployment of a bad change.
    • Change management is what gives you control and visibility regarding what is introduced to the live environment, preventing incidents that threaten business continuity.

    80%

    In organizations without formal change management processes, about 80% (The Visible Ops Handbook) of IT service outage problems are caused by updates and changes to systems, applications, and infrastructure. It’s crucial to track and systematically manage change to fully understand and predict the risks and potential impact of the change.

    Attributes of a change

    Differentiate changes from other IT requests

    Is this in the production environment of a business process?

    The core business of the enterprise or supporting functions may be affected.

    Does the task affect an enterprise managed system?

    If it’s for a local application, it’s a service request

    How many users are impacted?

    It should usually impact more than a single user (in most cases).

    Is there a configuration, or code, or workflow, or UI/UX change?

    Any impact on a business process is a change; adding a user or a recipient to a report or mailing list is not a change.

    Does the underlying service currently exist?

    If it’s a new service, then it’s better described as a project.

    Is this done/requested by IT?

    It needs to be within the scope of IT for the change management process to apply.

    Will this take longer than one week?

    As a general rule, if it takes longer than 40 hours of work to complete, it’s likely a project.

    Defining what constitutes a change

    Every change request will initiate the change management process; don’t waste time reviewing requests that are out of scope.

    ChangeService Request (User)Operational Task (Backend)
    • Fixing defects in code
    • Changing configuration of an enterprise system
    • Adding new software or hardware components
    • Switching an application to another VM
    • Standardized request
    • New PC
    • Permissions request
    • Change password
    • Add user
    • Purchases
    • Change the backup tape
    • Delete temporary files
    • Maintain database (one that is well defined, repeatable, and predictable)
    • Run utilities to repair a database

    Do not treat every IT request as a change!

    • Many organizations make the mistake of calling a standard service request or operational task a “change.”
    • Every change request will initiate the change management process; don’t waste time reviewing requests that are out of scope.
    • While the overuse of RFCs for out-of-scope requests is better than a lack of process, this will slow the process and delay the approval of more critical changes.
    • Requiring an RFC for something that should be considered day-to-day work will also discourage people from adhering to the process, because the RFC will be seen as meaningless paperwork.

     

    1.2.1 Define What Constitutes a Change

    Input

    • List of examples of each category of the chart

    Output

    • Definitions for each category to be used at change intake

    Materials

    • Whiteboard/flip charts (or shared screen if working remotely)
    • Service catalog (if applicable)
    • Sticky notes
    • Markers/pens
    • Change Management SOP

    Participants

    • Infrastructure Manager
    • Change Manager
    • Members of the Change Advisory Board
    1. As a group, brainstorm examples of changes, projects, service requests (user), operational tasks (backend), and releases. You may add additional categories as needed (e.g. incidents).
    2. Have each participant write the examples on sticky notes and populate the following chart on the whiteboard/flip chart.
    3. Use the examples to draw lines and define what defines each category.
      • What makes a change distinct from a project?
      • What makes a change distinct from a service request?
      • What makes a change distinct from an operational task?
      • When do the category workflows cross over with other categories? (For example, when does a project interact with change management?)
    4. Record the definitions of requests and results in section 2.3 of the Change Management Standard Operating Procedure (SOP).
    ChangeProjectService Request (User)Operational Task (Backend)Release
    Changing Configuration ERP upgrade Add new user Delete temp files Software release

    Download the Change Management Standard Operating Procedure (SOP).

    Each RFC should define resources needed to effect the change

    In addition to assigning a category to each RFC based on risk assessment, each RFC should also be assigned a priority based on the impact of the change on the IT organization, in terms of the resources needed to effect the change.

    Categories include

    Normal

    Emergency

    Pre-Approved

    The majority of changes will be pre-approved or normal changes. Definitions of each category are provided on the next slide.

    Info-Tech uses the term pre-approved rather than the ITIL terminology of standard to more accurately define the type of change represented by this category.

    A potential fourth change category of expedited may be employed if you are having issues with process adherence or if you experience changes driven from outside change management’s control (e.g. from the CIO, director, judiciary, etc.) See Appendix I for more details.

    Info-Tech Best Practice

    Do not rush to designate changes as pre-approved. You may have a good idea of which changes may be considered pre-approved, but make sure they are in fact low-risk and well-documented before moving them over from the normal category.

    The category of the change determines the process it follows

     Pre-ApprovedNormalEmergency
    Definition
    • Tasks are well-known, documented, and proven
    • Budgetary approval is preordained or within control of change requester
    • Risk is low and understood
    • There’s a low probability of failure
    • All changes that are not pre-approved or emergency will be classified as normal
    • Further categorized by priority/risk
    • The change is being requested to resolve a current or imminent critical/severity-1 incident that threatens business continuity
    • Associated with a critical incident or problem ticket
    Trigger
    • The same change is built and changed repeatedly using the same install procedures and resulting in the same low-risk outcome
    • Upgrade or new functionality that will capture a business benefit
    • A fix to a current problem
    • A current or imminent critical incident that will impact business continuity
    • Urgency to implement the change must be established, as well as lack of any alternative or workaround
    Workflow
    • Pre-established
    • Repeatable with same sequence of actions, with minimal judgment or decision points
    • Dependent on the change
    • Different workflows depending on prioritization
    • Dependent on the change
    Approval
    • Change Manager (does not need to be reviewed by CAB)
    • CAB
    • Approval from the Emergency Change Advisory Board (E-CAB) is sufficient to proceed with the change
    • A retroactive RFC must be created and approved by the CAB

    Pay close attention to defining your pre-approved changes. They are going to be critical for running a smooth change management practice in a DevOps Environment

    1.2.2 Build a Change Categorization Scheme

    Input

    • List of examples of each change category

    Output

    • Definitions for each change category

    Materials

    • Whiteboard/flip charts (or shared screen if working remotely)
    • Service catalog (if applicable)
    • Sticky notes
    • Markers
    • Change Management SOP

    Participants

    • Infrastructure Manager
    • Change Manager
    • Members of the Change Advisory Board
    1. Discuss the change categories on the previous slide and modify the types of descriptions to suit your organization.
    2. Once the change categories or types are defined, identify several examples of change requests that would fall under each category.
    3. Types of normal changes will be further defined in the next activity and can be left blank for now.
    4. Examples are provided below. Capture your definitions in section 4 of your Change Management SOP.
    Pre-Approved (AKA Standard)NormalEmergency
    • Microsoft patch management/deployment
    • Windows update
    • Minor form changes
    • Service pack updates on non-critical systems
    • Advance label status on orders
    • Change log retention period/storage
    • Change backup frequency

    Major

    • Active directory server upgrade
    • New ERP

    Medium

    • Network upgrade
    • High availability implementation

    Minor

    • Ticket system go-live
    • UPS replacement
    • Cognos update
    • Any change other than a pre-approved change
    • Needed to resolve a major outage in a Tier 1 system

    Assess the risk for each normal change based on impact (severity) and likelihood (probability)

    Create a change assessment risk matrix to standardize risk assessment for new changes. Formalizing this assessment should be one of the first priorities of change management.

    The following slides guide you through the steps of formalizing a risk assessment according to impact and likelihood:

    1. Define a risk matrix: Risk matrices can either be a 3x3 matrix (Minor, Medium, or High Risk as shown on the next slide) or a 4x4 matrix (Minor, Medium, High, or Critical Risk).
    2. Build an impact assessment: Enable consistent measurement of impact for each change by incorporating a standardized questionnaire for each RFC.
    3. Build a likelihood assessment: Enable the consistent measurement of impact for each change by incorporating a standardized questionnaire for each RFC.
    4. Test drive your risk assessment and make necessary adjustments: Measure your newly formed risk assessment questionnaires against historical changes to test its accuracy.

    Consider risk

    1. Risk should be the primary consideration in classifying a normal change as Low, Medium, High. The extent of governance required, as well as minimum timeline to implement the change, will follow from the risk assessment.
    2. The business benefit often matches the impact level of the risk – a change that will provide a significant benefit to a large number of users may likely carry an equally major downside if deviations occur.

    Info-Tech Insight

    All changes entail an additional level of risk. Risk is a function of impact and likelihood. Risk may be reduced, accepted, or neutralized through following best practices around training, testing, backout planning, redundancy, timing and sequencing of changes, etc.

    Create a risk matrix to assign a risk rating to each RFC

    Every normal RFC should be assigned a risk rating.

    How is risk rating determined?

    • Priority should be based on the business consequences of implementing or denying the change.
    • Risk rating is assigned using the impact of the risk and likelihood/probability that the event may occur.

    Who determines priority?

    • Priority should be decided with the change requester and with the CAB, if necessary.
    • Don’t let the change requester decide priority alone, as they will usually assign it a higher priority than is justified. Use a repeatable, standardized framework to assess each request.

    How is risk rating used?

    • Risk rating is used to determine which changes should be discussed and assessed first.
    • Time frames and escalation processes should be defined for each risk level.

    RFCs need to clearly identify the risk level of the proposed change. This can be done through statement of impact and likelihood (low/medium/high) or through pertinent questions linked with business rules to assess the risk.

    Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.

    Risk Matrix

    Risk Matrix. Impact vs. Likelihood. Low impact, Low Likelihood and Medium Impact, Medium Likelihood are minor risks. High Likelihood, Low Impact; Medium Likelihood, Medium Impact; and Low Likelihood, High Impact are Medium Risk. High Impact, High Likelihood; High Impact, Medium Likelihood; and Medium Impact, High Likelihood are Major risk.

    1.2.3 Build a Classification Scheme to Assess Impact

    Input

    • Current risk assessment (if available)

    Output

    • Tailored impact assessment

    Materials

    Participants

    • CIO
    • Infrastructure Manager
    • Change Manager
    • Members of the Change Advisory Board
    1. Define a set of questions to measure risk impact.
    2. For each question, assign a weight that should be placed on that factor.
    3. Define criteria for each question that would categorize the risk as high, medium, or low.
    4. Capture your results in section 4.3.1 of your Change Management SOP.
    Impact
    Weight Question High Medium Low
    15% # of people affected 36+ 11-35 <10
    20% # of sites affected 4+ 2-3 1
    15% Duration of recovery (minutes of business time) 180+ 30-18 <3
    20% Systems affected Mission critical Important Informational
    30% External customer impact Loss of customer Service interruption None

    1.2.4 Build a Classification Scheme to Define Likelihood

    Input

    • Current risk assessment (if available)

    Output

    • Tailored likelihood assessment

    Materials

    Participants

    • CIO
    • Infrastructure Manager
    • Change Manager
    • Members of the Change Advisory Board
    1. Define a set of questions to measure risk likelihood.
    2. For each question, assign a weight that should be placed on that factor.
    3. Define criteria for each question that would categorize the risk as high, medium, or low.
    4. Capture your results in section 4.3.2 of your Change Management SOP.
    LIKELIHOOD
    Weight Question High Medium Low
    25% Has this change been tested? No   Yes
    10% Have all the relevant groups (companies, departments, executives) vetted the change? No Partial Yes
    5% Has this change been documented? No   Yes
    15% How long is the change window? When can we implement? Specified day/time Partial Per IT choice
    20% Do we have trained and experienced staff available to implement this change? If only external consultants are available, the rating will be “medium” at best. No   Yes
    25% Has an implementation plan been developed? No   Yes

    1.2.5 Evaluate and Adjust Your Risk Assessment Scheme

    Input

    • Impact and likelihood assessments from previous two activities

    Output

    • Vetted risk assessment

    Materials

    Participants

    • CIO
    • Infrastructure Manager
    • Change Manager
    • Members of the Change Advisory Board
    1. Draw your risk matrix on a whiteboard or flip chart.
    2. As a group, identify up to 10 examples of requests for changes that would apply within your organization. Depending on the number of people participating, each person could identify one or two changes and write them on sticky notes.
    3. Take turns bringing your sticky notes up to the risk matrix and placing each where it belongs, according to the assessment criteria you defined.
    4. After each participant has taken a turn, discuss each change as a group and adjust the placement of any changes, if needed. Update the risk assessment weightings or questions, if needed.

    Download the Change Management Rick Assessment Tool.

    #

    Change Example

    Impact

    Likelihood

    Risk

    1

    ERP change

    High

    Medium

    Major

    2

    Ticket system go-live

    Medium

    Low

    Minor

    3

    UPS replacement

    Medium

    Low

    Minor

    4

    Network upgrade

    Medium

    Medium

    Medium

    5

    AD upgrade

    Medium

    Low

    Minor

    6

    High availability implementation

    Low

    Medium

    Minor

    7

    Key-card implementation

    Low

    High

    Medium

    8

    Anti-virus update

    Low

    Low

    Minor

    9

    Website

    Low

    Medium

    Minor

     

    Case Study

    A CMDB is not a prerequisite of change management. Don’t let the absence of a configuration management database (CMDB) prevent you from implementing change management.

    Industry: Manufacturing

    Source: Anonymous Info-Tech member

    Challenge

    The company was planning to implement a CMDB; however, full implementation was still one year away and subject to budget constraints.

    Without a CMDB, it would be difficult to understand the interdependencies between systems and therefore be able to provide notifications to potentially affected user groups prior to implementing technical changes.

    This could have derailed the change management project.

    Solution

    An Excel template was set up as a stopgap measure until the full implementation of the CMDB. The template included all identified dependencies between systems, along with a “dependency tier” for each IT service.

    Tier 1: The dependent system would not operate if the upstream system change resulted in an outage.

    Tier 2: The dependent system would suffer severe degradation of performance and/or features.

    Tier 3: The dependent system would see minor performance degradation or minor feature unavailability.

    Results

    As a stopgap measure, the solution worked well. When changes ran the risk of degrading downstream dependent systems, the impacted business system owner’s authorization was sought and end users were informed in advance.

    The primary takeaway was that a system to manage configuration linkages and system dependencies was key.

    While a CMDB is ideal for this use case, IT organizations shouldn’t let the lack of such a system stop progress on change management.

    Case Study (part 1 of 4)

    Intel used a maturity assessment to kick-start its new change management program.

    Industry: Technology

    Source: Daniel Grove, Intel

    Challenge

    Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.

    Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.

    Intel’s change management program is responsible for over 4,000 changes each week.

    Solution

    Due to the sheer volume of change management activities present at Intel, over 35% of unscheduled outages were the result of changes.

    Ineffective change management was identified as the top contributor of incidents with unscheduled downtime.

    One of the major issues highlighted was a lack of process ownership. The change management process at Intel was very fragmented, and that needed to change.

    Results

    Daniel Grove, Senior Release & Change Manager at Intel, identified that clarifying tasks for the Change Manager and the CAB would improve process efficiency by reducing decision lag time. Roles and responsibilities were reworked and clarified.

    Intel conducted a maturity assessment of the overall change management process to identify key areas for improvement.

    Phase 2

    Establish Roles and Workflows

    For running change management in DevOps environment, see Appendix II.

    Define Change Management

    1.1 Assess Maturity

    1.2 Categorize Changes and Build Your Risk Assessment

    Establish Roles and Workflows

    2.1 Determine Roles and Responsibilities

    2.2 Build Core Workflows

    Define RFC and Post-Implementation Activities

    3.1 Design the RFC

    3.2 Establish Post-Implementation Activities

    Measure, Manage, and Maintain

    4.1 Identify Metrics and Build the Change Calendar

    4.2 Implement the Project

    This phase will guide you through the following steps:

    • Determine Roles and Responsibilities
    • Build Core Workflows

    This phase involves the following participants:

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board

    Step 2.1

    Determine Roles and Responsibilities

    Activities

    2.1.1 Capture Roles and Responsibilities Using a RACI Chart

    2.1.2 Determine Your Change Manager’s Responsibilities

    2.1.3 Define the Authority and Responsibilities of Your CAB

    2.1.4 Determine an E-CAB Protocol for Your Organization

    Establish Roles and Workflows

    Step 2.1: Determine Roles and Responsibilities → Step 2.2: Build Core Workflows

    This step involves the following participants:

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board

    Outcomes of this step

    • Clearly defined responsibilities to form the job description for a Change Manager
    • Clearly defined roles and responsibilities for the change management team, including the business system owner, technical SME, and CAB members
    • Defined responsibilities and authority of the CAB
    • Protocol for an emergency CAB (E-CAB) meeting

    Identify roles and responsibilities for your change management team

    Business System Owner

    • Provides downtime window(s)
    • Advises on need for change (prior to creation of RFC)
    • Validates change (through UAT or other validation as necessary)
    • Provides approval for expedited changes (needs to be at executive level)

    Technical Subject Matter Expert (SME)

    • Advises on proposed changes prior to RFC submission
    • Reviews draft RFC for technical soundness
    • Assesses backout/rollback plan
    • Checks if knowledgebase has been consulted for prior lessons learned
    • Participates in the PIR, if necessary
    • Ensures that the service desk is trained on the change

    CAB

    • Approves/rejects RFCs for normal changes
    • Reviews lessons learned from PIRs
    • Decides on the scope of change management
    • Reviews metrics and decides on remedial actions
    • Considers changes to be added to list of pre-approved changes
    • Communicates to organization about upcoming changes

    Change Manager

    • Reviews RFCs for completeness
    • Ensures RFCs brought to the CAB have a high chance of approval
    • Chairs CAB meetings, including scheduling, agenda preparation, reporting, and follow-ups
    • Manages post-implementation reviews and reporting
    • Organizes internal communications (within IT)

    2.1.1 Capture Roles and Responsibilities Using a RACI Chart

    Input

    • Current SOP

    Output

    • Documented roles and responsibilities in change management in a RACI chart

    Materials

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board
    1. As a group, work through developing a RACI chart to determine the roles and responsibilities of individuals involved in the change management practice based on the following criteria:
      • Responsible (performs the work)
      • Accountable (ensures the work is done)
      • Consulted (two-way communication)
      • Informed (one-way communication)
    2. Record your results in slide 14 of the Project Summary Template and section 3.1 of your Change Management SOP.
    Change Management TasksOriginatorSystem OwnerChange ManagerCAB MemberTechnical SMEService DeskCIO/ VP ITE-CAB Member
    Review the RFC C C A C R C R  
    Validate changes C C A C R C R  
    Assess test plan A C R R C   I  
    Approve the RFC I C A R C   I  
    Create communications plan R I A     I I  
    Deploy communications plan I I A I   R    
    Review metrics   C A R   C I  
    Perform a post implementation review   C R A     I  
    Review lessons learned from PIR activities     R A   C    

    Designate a Change Manager to own the process, change templates, and tools

    The Change Manager will be the point of contact for all process questions related to change management.

    • The Change Manager needs the authority to reject change requests, regardless of the seniority of the requester.
    • The Change Manager needs the authority to enforce compliance to a standard process.
    • The Change Manager needs enough cross-functional subject-matter expertise to accurately evaluate the impact of change from both an IT and business perspective.

    Info-Tech Best Practice

    Some organizations will not be able to assign a dedicated Change Manager, but they must still task an individual with change review authority and with ownership of the risk assessment and other key parts of the process.

    Responsibilities

    1. The Change Manager is your first stop for change approval. Both the change management and release and deployment management processes rely on the Change Manager to function.
    2. Every single change that is applied to the live environment, from a single patch to a major change, must originate with a request for change (RFC), which is then approved by the Change Manager to proceed to the CAB for full approval.
    3. Change templates and tools, such as the change calendar, list of preapproved changes, and risk assessment template are controlled by the Change Manager.
    4. The Change Manager also needs to have ownership over gathering metrics and reports surrounding deployed changes. A skilled Change Manager needs to have an aptitude for applying metrics for continual improvement activities.

    2.1.2 Document Your Change Manager’s Responsibilities

    Input

    • Current Change Manager job description (if available)

    Output

    • Change Manager job description and list of responsibilities

    Materials

    • Whiteboard/flip charts (or shared screen if working remotely)
    • Markers/pens
    • Info-Tech’s Change Manager Job Description
    • Change Management SOP

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board

    1.Using the previous slide, Info-Tech’s Change Manager Job Description, and the examples below, brainstorm responsibilities for the Change Manager.

    2.Record the responsibilities in Section 3.2 of your Change Management SOP.

    Example:

    Change Manager: James Corey

    Responsibilities

    1. Own the process, tools, and templates.
    2. Control the Change Management SOP.
    3. Provide standard RFC forms.
    4. Distribute RFCs for CAB review.
    5. Receive all initial RFCs and check them for completion.
    6. Approve initial RFCs.
    7. Approve pre-approved changes.
    8. Approve the conversion of normal changes to pre-approved changes.
    9. Assemble the Emergency CAB (E-CAB) when emergency change requests are received.
    10. Approve submission of RFCs for CAB review.
    11. Chair the CAB:
      • Set the CAB agenda and distribute it at least 24 hours before the meeting.
      • Ensure the agenda is adhered to.
      • Make the final approval/prioritization decision regarding a change if the CAB is deadlocked and cannot come to an agreement.
      • Distribute CAB meeting minutes to all members and relevant stakeholders.

    Download the Change Manager Job Description

    Create a Change Advisory Board (CAB) to provide process governance

    The primary functions of the CAB are to:

    1. Protect the live environment from poorly assessed, tested, and implemented changes.
      • CAB approval is required for all normal and emergency changes.
      • If a change results in an incident or outage, the CAB is effectively responsible; it’s the responsibility of the CAB to assess and accept the potential impact of every change.
    2. Prioritize changes in a way that fairly reflects change impact and urgency.
      • Change requests will originate from multiple stakeholders, some of whom have competing interests.
      • It’s up to the CAB to prioritize these requests effectively so that business need is balanced with any potential risk to the infrastructure.
      • The CAB should seek to reduce the number of emergency/expedited changes.
    3. Schedule deployments in a way that minimizes conflict and disruption.
      • The CAB uses a change calendar populated with project work, upcoming organizational initiatives, and change freeze periods. They will schedule changes around these blocks to avoid disrupting user productivity.
      • The CAB should work closely with the release and deployment management teams to coordinate change/release scheduling.

    See what responsibilities in the CAB’s process are already performed by the DevOps lifecycle (e.g. authorization, deconfliction etc.). Do not duplicate efforts.

    Use diverse representation from the business to form an effective CAB

    The CAB needs insight into all areas of the business to avoid approving a high-risk change.

    Based on the core responsibilities you have defined, the CAB needs to be composed of a diverse set of individuals who provide quality:

    • Change need assessments – identifying the value and purpose of a proposed change.
    • Change risk assessments – confirmation of the technical impact and likelihood assessments that lead to a risk score, based on the inputs in RFC.
    • Change scheduling – offer a variety of perspectives and responsibilities and will be able to identify potential scheduling conflicts.
     CAB RepresentationValue Added
    Business Members
    • CIO
    • Business Relationship Manager
    • Service Level Manager
    • Business Analyst
    • Identify change blackout periods, change impact, and business urgency.
    • Assess impact on fiduciary, legal, and/or audit requirements.
    • Determine acceptable business risk.
    IT Operations Members
    • Managers representing all IT functions
    • IT Directors
    • Subject Matter Experts (SMEs)
    • Identify dependencies and downstream impacts.
    • Identify possible conflicts with pre-existing OLAs and SLAs.
    CAB Attendees
    • Specific SMEs, tech specialists, and business and vendor reps relevant to a particular change
    • Only attend meetings when invited by the Change Manager
    • Provide detailed information and expertise related to their particular subject areas.
    • Speak to requirements, change impact, and cost.

    Info-Tech Best Practice

    Form a core CAB (members attend every week) and an optional CAB (members who attend only when a change impacts them or when they can provide value in discussions about a change). This way, members can have their voice heard without spending every week in a meeting where they do not contribute.

    2.1.3 Define the Authority and Responsibilities of Your CAB

    Input

    • Current SOP or CAB charter (if available)

    Output

    • Documented list of CAB authorities and responsibilities

    Materials

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board

    1.Using the previous slide and the examples below, list the authorities and responsibilities of your CAB.

    2.Record the responsibilities in section 3.3.2 of your Change Management SOP and the Project Summary Template.

    Example:

    CAP AuthorityCAP Responsibilities
    • Final authority over the deployment of all normal and emergency changes.
    • Authority to absorb the risk of a change.
    • Authority to set the change calendar:
      • Maintenance windows.
      • Change freeze periods.
      • Project work.
      • Authority to delay changes.
    • Evaluate all normal and emergency changes.
    • Verify all normal change test, backout, and implementation plans.
    • Verify all normal change test results.
    • Approve all normal and emergency changes.
    • Prioritize all normal changes.
    • Schedule all normal and emergency changes.
    • Review failed change deployments.

    Establish an emergency CAB (E-CAB) protocol

    • When an emergency change request is received, you will not be able to wait until the regularly scheduled CAB meeting.
    • As a group, decide who will sit on the E-CAB and what their protocol will be when assessing and approving emergency changes.

    Change owner conferences with E-CAB (best efforts to reach them) through email or messaging.

    E-CAB members and business system owners are provided with change details. No decision is made without feedback from at least one E-CAB member.

    If business continuity is being affected, the Change Manager has authority to approve change.

    Full documentation of the change (a retroactive RFC) is done after the change and is then reviewed by the CAB.

    Info-Tech Best Practice

    Members of the E-CAB should be a subset of the CAB who are typically quick to respond to their messages, even at odd hours of the night.

    2.1.4 Determine an E-CAB Protocol for Your Organization

    Input

    • Current SOP or CAB charter (if available)

    Output

    • E-CAB protocol

    Materials

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board
    1. Gather the members of the E-CAB and other necessary representatives from the change management team.
    2. Determine the order of operations for the E-CAB in the event that an emergency change is needed.
    3. Consult the example emergency protocol below. Determine what roles and responsibilities are involved at each stage of the emergency change’s implementation.
    4. Document the E-CAB protocol in section 3.4 of your Change Management SOP.

    Example

    Assemble E-CAB

    Assess Change

    Test (if Applicable)

    Deploy Change

    Create Retroactive RFC

    Review With CAB

    Step 2.2

    Build Core Workflows

    Activities

    2.2.1 Build a CMDB-lite as a Reference for Requested Changes

    2.2.2 Create a Normal Change Process

    2.2.3 Create a Pre-Approved Change Process

    2.2.4 Create an Emergency Change Process

    Establish Roles and Workflows

    Step 2.1: Determine Roles and Responsibilities → Step 2.2: Build Core Workflows

    This step involves the following participants:

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board

    Outcomes of this step

    • Emergency change workflow
    • Normal process workflow
    • Pre-approved change workflow

    Establishing Workflows: Change Management Lifecycle

    Improve

    • A post-implementation review assesses the value of the actual change measured against the proposed change in terms of benefits, costs, and impact.
    • Results recorded in the change log.
    • Accountability: Change Manager Change Implementer

    Request

    • A change request (RFC) can be submitted via paper form, phone, email, or web portal.
    • Accountability: Change requester/Initiator

    Assess

    • The request is screened to ensure it meets an agreed-upon set of business criteria.
    • Changes are assessed on:
      • Impact of change
      • Risks or interdependencies
      • Resourcing and costs
    • Accountability: Change Manager

    Plan

    • Tasks are assigned, planned, and executed.
    • Change schedule is consulted and necessary resources are identified.
    • Accountability: Change Manager

    Approve

    • Approved requests are sent to the most efficient channel based on risk, urgency, and complexity.
    • Change is sent to CAB members for final review and approval
    • Accountability: Change Manager
      • Change Advisory Board

    Implement

    • Approved changes are deployed.
    • A rollback plan is created to mitigate risk.
    • Accountability: Change Manager Change Implementer

    Establishing workflows: employ a SIPOC model for process definition

    A good SIPOC (supplier, input, process, output, customer) model helps establish the boundaries of each process step and provides a concise definition of the expected outcomes and required inputs. It’s a useful and recommended next step for every workflow diagram.

    For change management, employ a SIPOC model to outline your CAB process:

    Supplier

    • Who or what organization provides the inputs to the process? The supplier can be internal or external.

    Input

    • What goes into the process step? This can be a document, data, information, or a decision.

    Process

    • Activities that occur in the process step that’s being analyzed.

    Output

    • What does the process step produce? This can be a document, data, information, or a decision.

    Customer

    • Who or what organization(s) takes the output of the process? The customer can be internal or external.

    Optional Fields

    Metrics

    • Top-level indicators that usually relate to the input and output, e.g. turnaround time, risk matrix completeness.

    Controls

    • Checkpoints to ensure process step quality.

    Dependencies

    • Other process steps that require the output.

    RACI

    • Those who are Responsible, Accountable, Consulted, or Informed (RACI) about the input, output, and/or process.

    Establish change workflows: assess requested changes to identify impact and dependencies

    An effective change assessment workflow is a holistic process that leaves no stone unturned in an effort to mitigate risk before any change reaches the approval stage. The four crucial areas of risk in a change workflow are:

    Dependencies

    Identify all components of the change.

    Ask how changes will affect:

    • Services on the same infrastructure?
    • Applications?
    • Infrastructure/app architecture?
    • Security?
    • Ability to support critical systems?

    Business Impact

    Frame the change from a business point of view to identify potential disruptions to business activities.

    Your assessment should cover:

    • Business processes
    • User productivity
    • Customer service
    • BCPs

    SLA Impact

    Each new change can impact the level of service available.

    Examine the impact on:

    • Availability of critical systems
    • Infrastructure and app performance
    • Infrastructure and app capacity
    • Existing disaster recovery plans and procedures

    Required Resources

    Once risk has been assessed, resources need to be identified to ensure the change can be executed.

    These include:

    • People (SMEs, tech support, work effort/duration)
    • System time for scheduled implementation
    • Hardware or software (new or existing, as well as tools)

    Establishing workflows: pinpoint dependencies to identify the need for additional changes

    An assessment of each change and a query of the CMDB needs to be performed as part of the change planning process to mitigate outage risk.

    • A version upgrade on one piece of software may require another component to be upgraded as well. For example, an upgrade to the database management system requires that an application that uses the database be upgraded or modified.
    • The sequence of the release must also be determined, as certain components may need to be upgraded before others. For example, if you upgrade the Exchange Server, a Windows update must be installed prior to the Exchange upgrade.
    • If you do not have a CMDB, consider building a CMDB-lite, which consists of a listing of systems, primary users, SMEs, business owners, and system dependencies (see next slide).

    Services Impacted

    • Have affected services been identified?
    • Have supporting services been identified?
    • Has someone checked the CMDB to ensure all dependencies have been accounted for?
    • Have we referenced the service catalog so the business approves what they’re authorizing?

    Technical Teams Impacted

    • Who will support the change throughout testing and implementation?
    • Will additional support be needed?
    • Do we need outside support from eternal suppliers?
    • Has someone checked the contract to ensure any additional costs have been approved?

    Build a dependency matrix to avoid change related collisions (optional)

    A CMDB-lite does not replace a CMDB but can be a valuable tool to leverage when requesting changes if you do not currently have configuration management. Consider the following inputs when building your own CMDB-lite.

    • System
      • To build a CMDB-lite, start with the top 10 systems in your environment that experience changes. This list can always be populated iteratively.
    • Primary Users
      • Listing the primary users will give a change requester a first glance at the impact of the change.
      • You can also use this information when looking at the change communication and training after the change is implemented.
    • SME/Backup
      • These are the staff that will likely build and implement the change. The backup is listed in case the primary is on holiday.
    • Business System Owner
      • The owner of the system is one of the people needed to sign off on the change. Having their support from the beginning of a change is necessary to build and implement it successfully.
    • Tier 1 Dependency
      • If the primary system experiences and outage, Tier 1 dependency functionality is also lost. To request a change, include the business system owner signoffs of the Tier 1 dependencies of the primary system.
    • Tier 2 Dependency
      • If the primary system experiences an outage, Tier 2 dependency functionality is lost, but there is an available workaround. As with Tier 1, this information can help you build a backout plan in case there is a change-related collision.
    • Tier 3 Dependency
      • Tier 3 functionality is not lost if the primary system experiences an outage, but nice-to-haves such as aesthetics are affected.

    2.2.1 Build a CMDB-lite as a Reference for Requested Changes

    Input

    • Current system ownership documentation

    Output

    • Documented reference for change requests (CMDB-lite)

    Materials

    • Whiteboard/flip charts (or shared screen if working remotely)
    • Sticky notes
    • Markers/pens

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board
    1. Start with a list of your top 10-15 systems/services with the highest volume of changes.
    2. Using a whiteboard, flip chart, or shared screen, complete the table below by filling the corresponding Primary Users, SMEs, Business System Owner, and Dependencies as shown below. It may help to use sticky notes.
    3. Iteratively populate the table as you notice gaps with incoming changes.
    SystemPrimary UsersSMEBackup SME(s)Business System OwnerTier 1 Dependency (system functionality is down)Tier 2 (impaired functionality/ workaround available)Tier 3 Dependency (nice to have)
    Email Enterprise Naomi Amos James
    • ITSMs
    • Scan-to-email
    • Reporting
    		  
    • Lots
    Conferencing Tool Enterprise Alex Shed James
    • Videoconferencing
    • Conference rooms (can use Facebook messenger instead in worst case scenario)
    • IM
    ITSM (Service Now) Enterprise (Intl.) Anderson TBD Mike
    • Work orders
    • Dashboards
    • Purchasing
    		  
    ITSM (Manage Engine) North America Bobbie Joseph Mike
    • Work orders
    • Dashboards
    • Purchasing
    		  

    Establishing workflows: create standards for change approvals to improve efficiency

    • Not all changes are created equal, and not all changes require the same degree of approval. As part of the change management process, it’s important to define who is the authority for each type of change.
    • Failure to do so can create bureaucratic bottlenecks if each change is held to an unnecessary high level of scrutiny, or unplanned outages may occur due to changes circumventing the formal approval process.
    • A balance must be met and defined to ensure the process is not bypassed or bottlenecked.

    Info-Tech Best Practice

    Define a list pre-approved changes and automate them (if possible) using your ITSM solution. This will save valuable time for more important changes in the queue.

    Example:

    Change CategoryChange Authority
    Pre-approved change Department head/manager
    Emergency change E-CAB
    Normal change – low and medium risk CAB
    Normal change – high risk CAB and CIO (for visibility)

    Example process: Normal Change – Change Initiation

    Change initiation allows for assurance that the request is in scope for change management and acts as a filter for out-of-scope changes to be redirected to the proper workflow. Initiation also assesses who may be assigned to the change and the proper category of the change, and results in an RFC to be populated before the change reaches the build and test phase.

    The image is a horizontal flow chart, depicting an example of a change process.

    The change trigger assessment is critical in the DevOps lifecycle. This can take a more formal role of a technical review board (TRB) or, with enough maturity, may be automated. Responsibilities such as deconfliction, dependency identification, calendar query, and authorization identification can be done early in the lifecycle to decrease or eliminate the burden on CAB.

    For the full process, refer to the Change Management Process Library.

    Example process: Normal Change – Technical Build and Test

    The technical build and test stage includes all technical prerequisites and testing needed for a change to pass before proceeding to approval and implementation. In addition to a technical review, a solution consisting of the implementation, rollback, communications, and training plan are also built and included in the RFC before passing it to the CAB.

    The image is a flowchart, showing the process for change during the technical build and test stage.

    For the full process, refer to the Change Management Process Library.

    Example process: Normal Change – Change Approval (CAB)

    Change approval can start with the Change Manager reviewing all incoming RFCs to filter them for completeness and check them for red flags before passing them to the CAB. This saves the CAB from discussing incomplete changes and allows the Change Manager to set a CAB agenda before the CAB meeting. If need be, change approval can also set vendor communications necessary for changes, as well as the final implementation date of the change. The CAB and Change Manager may follow up with the appropriate parties notifying them of the approval decision (accepted, rescheduled, or rejected).

    The image shows a flowchart illustrating the process for change approval.

    For the full process, refer to the Change Management Process Library.

    Example process: Normal Change – Change Implementation

    Changes should not end at implementation. Ensure you define post-implementation activities (documentation, communication, training etc.) and a post-implementation review in case the change does not go according to plan.

    The image is a flowchart, illustrating the work process for change implementation and post-implementation review.

    For the full process, refer to the Change Management Process Library.

    2.2.2 Create a Normal Change Process

    Input

    • Current SOP/workflow library

    Output

    • Normal change process

    Materials

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board
    1. Gather representatives from the change management team.
    2. Using the examples shown on the previous few slides, work as a group to determine the workflow for a normal change, with particular attention to the following sub-processes:
      1. Request
      2. Assessment
      3. Plan
      4. Approve
      5. Implementation and Post-Implementation Activities
    3. Optionally, you may create variations of the workflow for minor, medium, and major changes (e.g. there will be fewer authorizations for minor changes).
    4. For further documentation, you may choose to run the SIPOC activity for your CAB as outlined on this slide.
    5. Document the resulting workflows in the Change Management Process Library and section 11 of your Change Management SOP.

    Download the Change Management Process Library.

    Identify and convert low-risk normal changes to pre-approved once the process is established

    As your process matures, begin creating a list of normal changes that might qualify for pre-approval. The most potential for value in gains from change management comes from re-engineering and automating of high-volume changes. Pre-approved changes should save you time without threatening the live environment.

    IT should flag changes they would like pre-approved:

    • Once your change management process is firmly established, hold a meeting with all staff that make change requests and build changes.
    • Run a training session detailing the traits of pre-approved changes and ask these individuals to identify changes that might qualify.
    • These changes should be submitted to the Change Manager and reviewed, with the help of the CAB, to decide whether or not they qualify for pre-approval.

    Pre-approved changes are not exempt from due diligence:

    • Once a change is designated as pre-approved, the deployment team should create and compile all relevant documentation:
      • An RFC detailing the change, dependencies, risk, and impact.
      • Detailed procedures and required resources.
      • Implementation and backout plan.
      • Test results.
    • When templating the RFC for pre-approved changes, aim to write the documentation as if another SME were to implement it. This reduces confusion, especially if there’s staff turnover.
    • The CAB must approve, sign off, and keep a record of all documents.
    • Pre-approved changes must still be documented and recorded in the CMDB and change log after each deployment.

    Info-Tech Best Practice

    At the beginning of a change management process, there should be few active pre-approved changes. However, prior to launch, you may have IT flag changes for conversion.

    Example process: Pre-Approved Change Process

    The image shows two horizontal flow charts, the first labelled Pre-Approval of Recurring RFC, and the second labelled Implementation of Child RFC.

    For the full process, refer to the Change Management Process Library.

    Review the pre-approved change list regularly to ensure the list of changes are still low-risk and repeatable.

    IT environments change. Don’t be caught by surprise.

    • Changes which were once low-risk and repeatable may cause unforeseen incidents if they are not reviewed regularly.
    • Dependencies change as the IT environment changes. Ensure that the changes on the pre-approved change list are still low-risk and repeatable, and that the documentation is up to date.
    • If dependencies have changed, then move the change back to the normal category for reassessment. It may be redesignated as a pre-approved change once the documentation is updated.

    Info-Tech Best Practice

    Other reasons for moving a pre-approved change back to the normal category is if the change led to an incident during implementation or if there was an issue during implementation.

    Seek new pre-approved change submissions. → Re-evaluate the pre-approved change list every 4-6 months.

    The image shows a horizontal flow chart, depicting the process for a pre-approved change list review.

    For the full process, refer to the Change Management Process Library.

    2.2.3 Create a Pre-Approved Change Process

    Input

    • Current SOP/workflow library

    Output

    • Pre-approved change process

    Materials

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board
    1. Gather representatives from the change management team.
    2. Using the examples shown on the previous few slides, work as a group to determine the workflow for a pre-approved change, with particular attention to the following sub-processes:
      1. Request
      2. Assessment
      3. Plan
      4. Approve
    3. Document the process of a converting a normal change to pre-approved. Include the steps from flagging a low-risk change to creating the related RFC template.
    4. Document the resulting workflows in the Change Management Process Library and sections 4.2 and 13 of your Change Management SOP.

    Reserve the emergency designation for real emergencies

    • Emergency changes have one of the following triggers:
      • A critical incident is impacting user productivity.
      • An imminent critical incident will impact user productivity.
    • Unless a critical incident is being resolved or prevented, the change should be categorized as normal.
    • An emergency change differs from a normal change in the following key aspects:
      • An emergency change is required to recover from a major outage – there must be a validated service desk critical incident ticket.
      • An urgent business requirement is not an “emergency.”
      • An RFC is created after the change is implemented and the outage is over.
      • A review by the full CAB occurs after the change is implemented.
      • The first responder and/or the person implementing the change may not be the subject matter expert for that system.
    • In all cases, an RFC must be created and the change must be reviewed by the full CAB. The review should occur within two business days of the event.
    Sample ChangeQuick CheckEmergency?
    Install the latest critical patches from the vendor. Are the patches required to resolve or prevent an imminent critical incident? No
    A virus or worm invades the network and a patch is needed to eliminate the threat. Is the patch required to resolve or prevent an imminent critical incident? Yes

    Info-Tech Best Practice

    Change requesters should be made aware that senior management will be informed if an emergency RFC is submitted inappropriately. Emergency requests trigger urgent CAB meetings, are riskier to deploy, and delay other changes waiting in the queue.

    Example process: Emergency Change Process

    The image is a flowchart depicting the process for an emergency change process

    When building your emergency change process, have your E-CAB protocol from activity 2.1.4 handy.

    • Focus on the following requirements for an emergency process:
      • E-CAB protocol and scope: Does the SME need authorization first before working on the change or can the SME proceed if no E-CAB members respond?
      • Documentation and communication to stakeholders and CAB after the emergency change is completed.
      • Input from incident management.

    For the full process, refer to the Change Management Process Library.

    2.2.4 Create an Emergency Change Process

    Input

    • Current SOP/workflow library

    Output

    • Emergency change process

    Materials

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board
    1. Gather representatives from the change management team.
    2. Using the examples shown on the previous few slides, work as a group to determine the workflow for an emergency change, with particular attention to the following sub-processes:
      1. Request
      2. Assessment
      3. Plan
      4. Approve
    3. Ensure that the E-CAB protocol from activity 2.1.4 is considered when building your process.
    4. Document the resulting workflows in the Change Management Process Library and section 12 of your Change Management SOP.

    Case Study (part 2 of 4)

    Intel implemented a robust change management process.

    Industry: Technology

    Source: Daniel Grove, Intel

    Challenge

    Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.

    Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.

    Intel’s change management program is responsible for over 4,000 changes each week.

    Solution

    Intel identified 37 different change processes and 25 change management systems of record with little integration.

    Software and infrastructure groups were also very siloed, and this no doubt contributed to the high number of changes that caused outages.

    The task was simple: standards needed to be put in place and communication had to improve.

    Results

    Once process ownership was assigned and the role of the Change Manager and CAB clarified, it was a simple task to streamline and simplify processes among groups.

    Intel designed a new, unified change management workflow that all groups would adopt.

    Automation was also brought into play to improve how RFCs were generated and submitted.

    Phase 3

    Define the RFC and Post-Implementation Activities

    Define Change Management

    1.1 Assess Maturity

    1.2 Categorize Changes and Build Your Risk Assessment

    Establish Roles and Workflows

    2.1 Determine Roles and Responsibilities

    2.2 Build Core Workflows

    Define the RFC and Post-Implementation Activities

    3.1 Design the RFC

    3.2 Establish Post-Implementation Activities

    Measure, Manage, and Maintain

    4.1 Identify Metrics and Build the Change Calendar

    4.2 Implement the Project

    This phase will guide you through the following activities:

    • Design the RFC
    • Establish Post-Implementation Activities

    This phase involves the following participants:

    • IT Director
    • Infrastructure Manager
    • Change Manager
    • Members of the Change Advisory Board

    Step 3.1

    Design the RFC

    Activities

    3.1.1 Evaluate Your Existing RFC Process

    3.1.2 Build the RFC Form

    Define the RFC and Post-Implementation Activities

    Step 3.1: Design the RFC

    Step 3.2: Establish Post-Implementation Activities

    This step involves the following participants:

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board

    Outcomes of this step

    • A full RFC template and process that compliments the workflows for the three change categories

    A request for change (RFC) should be submitted for every non-standard change

    An RFC should be submitted through the formal change management practice for every change that is not a standard, pre-approved change (a change which does not require submission to the change management practice).

    • The RFC should contain all the information required to approve a change. Some information will be recorded when the change request is first initiated, but not everything will be known at that time.
    • Further information can be added as the change progresses through its lifecycle.
    • The level of detail that goes into the RFC will vary depending on the type of change, the size, and the likely impact of the change.
    • Other details of the change may be recorded in other documents and referenced in the RFC.

    Info-Tech Insight

    Keep the RFC form simple, especially when first implementing change management, to encourage the adoption of and compliance with the process.

    RFCs should contain the following information, at a minimum:

    1. Contact information for requester
    2. Description of change
    3. References to external documentation
    4. Items to be changed, reason for the change, and impact of both implementing and not implementing the change
    5. Change type and category
    6. Priority and risk assessment
    7. Predicted time frame, resources, and cost
    8. Backout or remediation plan
    9. Proposed approvers
    10. Scheduled implementation time
    11. Communications plan and post-implementation review

    3.1.1 Evaluate Your Existing RFC Process

    Input

    • Current RFC form or stock ITSM RFC
    • Current SOP (if available)

    Output

    • List of changes to the current RFC form and RFC process

    Materials

    Participants

    • IT Director
    • Infrastructure Manager
    • Change Manager
    • Members of the Change Advisory Board
    1. If the organization is already using an RFC form, review it as a group now and discuss its contents:
      • Does this RFC provide adequate information for the Change Manager and/or CAB to review?
      • Should any additional fields be added?
    2. Show the participants Info-Tech’s Request for Change Form Template and compare it to the one the organization is currently using.
    3. As a group, finalize an RFC table of contents that will be used to formalize a new or improved RFC.
    4. Decide which fields should be filled out by the requester before the initial RFC is submitted to the Change Manager:
      • Many sections of the RFC are relevant for change assessment and review. What information does the Change Manager need when they first receive a request?
      • The Change Manager needs enough information to ensure that the change is in scope and has been properly categorized.
    5. Decide how the RFC form should be submitted and reviewed; this can be documented in section 5 of your Change Management SOP.

    Download the Request for Change Form Template.

    Design the RFC to encourage process buy-in

    • When building the RFC, split the form up into sections that follow the normal workflow (e.g. Intake, Assessment and Build, Approval, Implementation/PIR). This way the form walks the requester through what needs to be filled and when.
    • Revisit the form periodically and solicit feedback to continually improve the user experience. If there’s information missing on the RFC that the CAB would like to know, add the fields. If there are sections that are not used or not needed for documentation, remove them.
    • Make sure the user experience surrounding your RFC form is a top priority – make it accessible, otherwise change requesters simply will not use it.
    • Take advantage of your ITSM’s dropdown lists, automated notifications, CMDB integrations, and auto-generated fields to ease the process of filling the RFC

    Draft:

    • Change requester
    • Requested date of deployment
    • Change risk: low/medium/high
    • Risk assessment
    • Description of change
    • Reason for change
    • Change components

    Technical Build:

    • Assess change:
      • Dependencies
      • Business impact
      • SLA impact
      • Required resources
      • Query the CMS
    • Plan and test changes:
      • Test plan
      • Test results
      • Implementation plan
      • Backout plan
      • Backout plan test results

    CAB:

    • Approve and schedule changes:
      • Final CAB review
      • Communications plan

    Complete:

    • Deploy changes:
      • Post-implementation review

    Designing your RFC: RFC draft

    • Change requester – link your change module to the active directory to pull the change requester’s contact information automatically to save time.
    • A requested date of deployment gives approvers information on timeline and can be used to query the change calendar for possible conflicts
    • Information about risk assessment based on impact and likelihood questionnaires are quick to fill out but provide a lot of information to the CAB. The risk assessment may not be complete at the draft stage but can be updated as the change is built. Ensure this field is up-to- date before it reaches CAB.
    • If you have a technical review stage where changes are directed to the proper workflow and resourcing is assessed, the description, reason, and change components are high-level descriptors of the change that will aid in discovery and lining the change up with the business vision (viability from both a technical and business standpoint).
    • Change requester
    • Requested date of deployment
    • Change Risk: low/medium/high
    • Risk assessment
    • Description of change
    • Reason for change
    • Change components

    Use the RFC to point to documentation already gathered in the DevOps lifecycle to cut down on unnecessary manual work while maintaining compliance.

    Designing your RFC: technical build

    • Dependencies and CMDB query, along with the proposed implementation date, are included to aid in calendar deconfliction and change scheduling. If there’s a conflict, it’s easier to reschedule the proposed change early in the lifecycle.
    • Business, SLA impact, and required resources can be tracked to provide the CAB with information on the business resources required. This can also be used to prioritize the change if conflicts arise.
    • Implementation, test, and backout plans must be included and assessed to increase the probability that a change will be implemented without failure. It’s also useful in the case of PIRs to determine root causes of change-related incidents.
    • Assess change:
      • Dependencies
      • Business impact
      • SLA impact
      • Required resources
      • Query the CMS
    • Plan and test changes:
      • Test plan
      • Test results
      • Implementation plan
      • Backout plan
      • Backout plan test results

    Designing your RFC: approval and deployment

    • Documenting approval, rejection, and rescheduling gives the change requester the go-ahead to proceed with the change, rationale on why it was prioritized lower than another change (rescheduled), or rationale on rejection.
    • Communications plans for appropriate stakeholders can also be modified and forwarded to the communications team (e.g. service desk or business system owners) before deployment.
    • Post-implementation activities and reviews can be conducted if need be before a change is closed. The PIR, if filled out, should then be appended to any subsequent changes of the same nature to avoid making the same mistake twice.
    • Approve and schedule changes:
      • Final CAB review
      • Communications plan
    • Deploy changes:
      • Post-implementation review

    Standardize the request for change protocol

    1. Submission Standards
      • Electronic submission will make it easier for CAB members to review the documentation.
      • As the change goes through the assessment, plan, and test phase, new documentation (assessments, backout plans, test results, etc.) can be attached to the digital RFC for review by CAB members prior to the CAB meeting.
      • Change management software won’t be necessary to facilitate the RFC submission and review; a content repository system, such as SharePoint, will suffice.
    2. Designate the first control point
      • All RFCs should be submitted to a single point of contact.
      • Ideally, the Change Manager or Technical Review Board should fill this role.
      • Whoever is tasked with this role needs the subject matter expertise to ensure that the change has been categorized correctly, to reject out-of-scope requests, or to ask that missing information be provided before the RFC moves through the full change management practice.

    Info-Tech Best Practice

    Technical and SME contacts should be noted in each RFC so they can be easily consulted during the RFC review.

    3.1.2 Build the RFC Form

    Input

    • Current RFC form or stock ITSM RFC
    • Current SOP (if available)

    Output

    • List of changes to the current RFC and RFC process

    Materials

    Participants

    • IT Director
    • Infrastructure Manager
    • Change Manager
    • Members of the Change Advisory Board
    1. Use Info-Tech’s Request for Change Form Template as a basis for your RFC form.
    2. Use this template to standardize your change request process and ensure that the appropriate information is documented effectively each time a request is made. The change requester and Change Manager should consolidate all information associated with a given change request in this form. This form will be submitted by the change requester and reviewed by the Change Manager.

    Case Study (part 3 of 4)

    Intel implemented automated RFC form generation.

    Industry: Technology

    Source: Daniel Grove, Intel

    Challenge

    Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.

    Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.

    Intel’s change management program is responsible for over 4,000 changes each week.

    Solution

    One of the crucial factors that was impacting Intel’s change management efficiency was a cumbersome RFC process.

    A lack of RFC usage was contributing to increased ad hoc changes being put through the CAB, and rescheduled changes were quite high.

    Additionally, ad hoc changes were also contributing heavily to unscheduled downtime within the organization.

    Results

    Intel designed and implemented an automated RFC form generator to encourage end users to increase RFC usage.

    As we’ve seen with RFC form design, the UX/UI of the form needs to be top notch, otherwise end users will simply circumvent the process. This will contribute to the problems you are seeking to correct.

    Thanks to increased RFC usage, Intel decreased emergency changes by 50% and reduced change-caused unscheduled downtime by 82%.

    Step 3.2

    Establish Post-Implementation Activities

    Activities

    3.2.1 Determine When the CAB Would Reject Tested Changes

    3.2.2 Create a Post-Implementation Activity Checklist

    Define the RFC and Post-Implementation Activities

    Step 3.1: Design RFC

    Step 3.2: Establish Post-Implementation Activities

    This step involves the following participants:

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board

    Outcomes of this step

    • A formalized post-implementation process for continual improvement

    Why would the CAB reject a change that has been properly assessed and tested?

    Possible reasons the CAB would reject a change include:

    • The product being changed is approaching its end of life.
    • The change is too costly.
    • The timing of the change conflicts with other changes.
    • There could be compliance issues.
    • The change is actually a project.
    • The risk is too high.
    • There could be regulatory issues.
    • The peripherals (test, backout, communication, and training plans) are incomplete.

    Info-Tech Best Practice

    Many reasons for rejection (listed above) can be caught early on in the process during the technical review or change build portion of the change. The earlier you catch these reasons for rejection, the less wasted effort there will be per change.

    Sample RFCReason for CAP Rejection
    There was a request for an update to a system that a legacy application depends on and only a specific area of the business was aware of the dependency. The CAB rejects it due to the downstream impact.
    There was a request for an update to a non-supported application, and the vendor was asking for a premium support contract that is very costly. It’s too expensive to implement, despite the need for it. The CAB will wait for an upgrade to a new application.
    There was a request to update application functionality to a beta release. The risk outweighs the business benefits.

    Determine When the CAB Would Reject Tested Changes

    Input

    • Current SOP (if available)

    Output

    • List of reasons to reject tested changes

    Materials

    • Whiteboard/flip charts (or shared screen if working remotely)
    • Projector
    • Markers/pens
    • Laptop with ITSM admin access
    • Project Summary Template

    Participants

    • IT Director
    • Infrastructure Manager
    • Change Manager
    • Members of the Change Advisory Board

    Avoid hand-offs to ensure a smooth implementation process

    The implementation phase is the final checkpoint before releasing the new change into your live environment. Once the final checks have been made to the change, it’s paramount that teams work together to transition the change effectively rather than doing an abrupt hand-off. This could cause a potential outage.

    1.

    • Deployment resources identified, allocated, and scheduled
    • Documentation complete
    • Support team trained
    • Users trained
    • Business sign-off
    • Target systems identified and ready to receive changes
    • Target systems available for installation maintenance window scheduled
    • Technical checks:
      • Disk space available
      • Pre-requisites met
      • Components/Services to be updated are stopped
      • All users disconnected
    • Download Info-Tech’sChange Management Pre-Implementation Checklist

    Implement change →

    2.

    1. Verification – once the change has been implemented, verify that all requirements are fulfilled.
    2. Review – ensure that all affected systems and applications are operating as predicted. Update change log.
    3. Transition – a crucial phase of implementation that’s often overlooked. Once the change implementation is complete from a technical point of view, it’s imperative that the team involved with the change inform and train the group responsible for managing the new change.

    Create a backout plan to reduce the risk of a failed change

    Every change process needs to plan for the potential for failure and how to address it effectively. Change management’s solution to this problem is a backout plan.

    A backout plan needs to contain a record of the steps that need to be taken to restore the live environment back to its previous state and maintain business continuity. A good backout plan asks the following questions:

    1. How will failure be determined? Who will make the determination to back out of a change be made and when?
    2. Do we fix on fail or do we rollback to the previous configuration?
    3. Is the service desk aware of the impending change? Do they have proper training?

    Notify the Service Desk

    • Notify the Service Desk about backout plan initiation.

    Disable Access

    • Disable user access to affected system(s).

    Conduct Checks

    • Conduct checks to all affected components.

    Enable User Access

    • Enable user access to affected systems.

    Notify the Service Desk

    • Notify the service desk that the backout plan was successful.

    Info-Tech Best Practice

    As part of the backout plan, consider the turnback point in the change window. That is, the point within the change window where you still have time to fully back out of the change.

    Ensure the following post-implementation review activities are completed

    Service Catalog

    Update the service catalog with new information as a result of the implemented change.

    CMDB

    Update new dependencies present as a result of the new change.

    Asset DB

    Add notes about any assets newly affected by changes.

    Architecture Map

    Update your map based on the new change.

    Technical Documentation

    Update your technical documentation to reflect the changes present because of the new change.

    Training Documentation

    Update your training documentation to reflect any information about how users interact with the change.

    Use a post-implementation review process to promote continual improvement

    The post-implementation review (PIR) is the most neglected change management activity.

    • All changes should be reviewed to understand the reason behind them, appropriateness, and recommendations for next steps.
    • The Change Manager manages the completion of information PIRs and invites RFC originators to present their findings and document the lessons learned.

    Info-Tech Best Practice

    Review PIR reports at CAB meetings to highlight the root causes of issues, action items to close identified gaps, and back-up documentation required. Attach the PIR report to the relevant RFC to prevent similar changes from facing the same issues in the future.

    1. Why do a post-implementation review?
      • Changes that don’t fail but don’t perform well are rarely reviewed.
      • Changes may fail subtly and still need review.
      • Changes that cause serious failures (i.e. unplanned downtime) receive analysis that is unnecessarily in-depth.
    2. What are the benefits?
      • A proactive, post-implementation review actually uses less resources than reactionary change reviews.
      • Root-cause analysis of failed changes, no matter what the impact.
      • Insight into changes that took longer than projected.
      • Identification of previously unidentified risks affecting changes.

    Determine the strategy for your PIR to establish a standardized process

    Capture the details of your PIR process in a table similar to the one below.

    Frequency Part of weekly review (IT team meeting)
    Participants
    • Change Manager
    • Originator
    • SME/supervisor/impacted team(s)

    Categories under review

    Current deviations and action items from previous PIR:

    • Complete
    • Partially complete
    • Complete, late
    • Change failed, rollback succeeded
    • Change failed, rollback failed
    • Major deviation from implementation plan
    Output
    • Root cause or failure or deviation
    • External factors
    • Remediation focus areas
    • Remediation timeline (follow-up at appropriate time)
    Controls
    • Reviewed at next CAB meeting
    • RFC close is dependent on completion of PIR
    • Share with the rest of the technical team
    • Lessons learned stored in the knowledgebase and attached to RFC for easy search of past issues.

    3.2.2 Create a Post-Implementation Activity Checklist

    Input

    • Current SOP (if available)

    Output

    • List of reasons to reject tested changes

    Materials

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board
    1. Gather representatives from the change management team.
    2. Brainstorm duties to perform following the deployment of a change. Below is a sample list:
      • Example:
        • Was the deployment successful?
          • If no, was the backout plan executed successfully?
        • List change-related incidents
        • Change assessment
          • Missed dependencies
          • Inaccurate business impact
          • Incorrect SLA impact
          • Inaccurate resources
            • Time
            • Staff
            • Hardware
        • System testing
        • Integration testing
        • User acceptance testing
        • No backout plan
        • Backout plan failure
        • Deployment issues
    3. Record your results in the Change Management Post-Implementation Checklist.

    Download the Change Management Post-Implementation Checklist

    Case Study

    Microsoft used post-implementation review activities to mitigate the risk of a critical Azure outage.

    Industry: Technology

    Source: Jason Zander, Microsoft

    Challenge

    In November 2014, Microsoft deployed a change intended to improve Azure storage performance by reducing CPU footprint of the Azure Table Front-Ends.

    The deployment method was an incremental approach called “flighting,” where software and configuration deployments are deployed incrementally to Azure infrastructure in small batches.

    Unfortunately, this software deployment caused a service interruption in multiple regions.

    Solution

    Before the software was deployed, Microsoft engineers followed proper protocol by testing the proposed update. All test results pointed to a successful implementation.

    Unfortunately, engineers pushed the change out to the entire infrastructure instead of adhering to the traditional flighting protocol.

    Additionally, the configuration switch was incorrectly enabled for the Azure Blob storage Front-Ends.

    A combination of the two mistakes exposed a bug that caused the outage.

    Results

    Thankfully, Microsoft had a backout plan. Within 30 minutes, the change was rolled back on a global scale.

    It was determined that policy enforcement was not integrated across the deployment system. An update to the system shifted the process of policy enforcement from human-based decisions and protocol to automation via the deployment platform.

    Defined PIR activities enabled Microsoft to take swift action against the outage and mitigate the risk of a serious outage.

    Phase 4

    Measure, Manage, and Maintain

    Define Change Management

    1.1 Assess Maturity

    1.2 Categorize Changes and Build Risk Assessment

    Establish Roles and Workflows

    2.1 Determine Roles and Responsibilities

    2.2 Build Core Workflows

    Define RFC and Post-Implementation Activities

    3.1 Design RFC

    3.2 Establish post-implementation activities

    Measure, Manage, and Maintain

    4.1 Identify Metrics and Build the Change Calendar

    4.2 Implement the Project

    This phase will guide you through the following activities:

    • Identify Metrics and Build the Change Calendar
    • Implement the Project

    This phase involves the following participants:

    • CIO/IT Director
    • IT Managers
    • Change Manager

    Step 4.1

    Identify Metrics and Build the Change Calendar

    Activities

    4.1.1 Create an Outline for Your Change Calendar

    4.1.2 Determine Metrics, Key Performance Indicators (KPIs), and Critical Success Factors (CSFs)

    4.1.3 Track and Record Metrics Using the Change Management Metrics Tool

    Measure, Manage, and Maintain

    Step 4.1: Identify Metrics and Build the Change Calendar

    Step 4.2: Implement the Project

    This step involves the following participants:

    • CIO/IT Director
    • IT Managers
    • Change Manager

    Outcomes of this step

    • Clear definitions of change calendar content
    • Guidelines for change calendar scheduling
    • Defined metrics to measure the success of change management with associated reports, KPIs, and CSFs

    Enforce a standard method of prioritizing and scheduling changes

    The impact of not deploying the change and the benefit of deploying it should determine its priority.

    Risk of Not Deploying

    • What is the urgency of the change?
    • What is the risk to the organization if the change is not deployed right away?
    • Will there be any lost productivity, service disruptions, or missed critical business opportunities?
      • Timing
        • Does the proposed timing work with the approved changes already on the change schedule?
        • Has the change been clash checked so there are no potential conflicts over services or resources?
      • Once prioritized, a final deployment date should be set by the CAB. Check the change calendar first to avoid conflicts.

    Positive Impact of Deployment

    • What benefits will be realized once the change is deployed?
    • How significant is the opportunity that triggered the change?
    • Will the change lead to a positive business outcome (e.g. increased sales)?

    “The one who has more clout or authority is usually the one who gets changes scheduled in the time frame they desire, but you should really be evaluating the impact to the organization. We looked at the risk to the business of not doing the change, and that’s a good way of determining the criticality and urgency of that change.” – Joseph Sgandurra, Director, Service Delivery, Navantis

    Info-Tech Insight

    Avoid a culture where powerful stakeholders are able to push change deployment on an ad hoc basis. Give the CAB the full authority to make approval decisions based on urgency, impact, cost, and availability of resources.

    Develop a change schedule to formalize the planning process

    A change calendar will help the CAB schedule changes more effectively and increase visibility into upcoming changes across the organization.

    1. Establish change windows in a consistent change schedule:
      • Compile a list of business units that would benefit from a change.
      • Look for conflicts in the change schedule.
      • Avoid scheduling two or more major business units in a day.
      • Consider clients when building your change windows and change schedule.
    2. Gain commitments from key participants:
      • These individuals can confirm if there are any unusual or cyclical business requirements that will impact the schedule.
    3. Properly control your change calendar to improve change efficiency:
      • Look at the proposed start and end times: Are they sensible? Does the implementation window leave time for anything going wrong or needing to roll back the change?
      • Special considerations: Are there special circumstances that need to be considered? Ask the business if you don’t know.
      • The key principle is to have a sufficient window available for implementing changes so you only need to set up calendar freezes for sound business or technical reasons.

    Our mantra is to put it on the calendar. Even if it’s a preapproved change and doesn’t need a vote, having it on the calendar helps with visibility. The calendar is the one-stop shop for scheduling and identifying change dependencies.“ – Wil Clark, Director of Service and Performance Management, University of North Texas Systems

    Provide clear definitions of what goes on the change calendar and who’s responsible

    Roles

    • The Change Manager will be responsible for creating and maintaining a change calendar.
    • Only the Change Manager can physically alter the calendar by adding a new change after the CAB has agreed upon a deployment date.
    • All other CAB members, IT support staff, and other impacted stakeholders should have access to the calendar on a read-only basis to prevent people from making unauthorized changes to deployment dates.

    Inputs

    • Freeze periods for individual business departments/applications (e.g. finance month-end periods, HR payroll cycle, etc. – all to be investigated).
    • Maintenance windows and planned outage periods.
    • Project schedules, and upcoming major/medium changes.
    • Holidays.
    • Business hours (some departments work 9-5, others work different hours or in different time zones, and user acceptance testing may require business users to be available).

    Guidelines

    • Business-defined freeze periods are the top priority.
    • No major or medium normal changes should occur during the week between Christmas and New Year’s Day.
    • Vendor SLA support hours are the preferred time for implementing changes.
    • The vacation calendar for IT will be considered for major changes.
    • Change priority: High > Medium > Low.
    • Minor changes and preapproved changes have the same priority and will be decided on a case-by-case basis.

    The change calendar is a critical pre-requisite to change management in DevOps. Use the calendar to be proactive with proposed implementation dates and deconfliction before the change is finished.

    4.1.1 Create Guidelines for Your Change Calendar

    Input

    • Current change calendar guidelines

    Output

    • Change calendar inputs and schedule checklist

    Materials

    Participants

    • Change Manager
    • Members of the Change Advisory Board
    • Service Desk Manager
    • Operations (optional)
    1. Gather representatives from the change management team.
      • Example:
        • The change calendar/schedule includes:
          • Approved and scheduled normal changes.
          • Scheduled project work.
          • Scheduled maintenance windows.
          • Change freeze periods with affected users noted:
            • Daily/weekly freeze periods.
            • Monthly freeze periods.
            • Annual freeze periods.
            • Other critical business events.
    2. Create a checklist to run through before each change is scheduled:
      • Check the schedule and assess resource availability:
        • Will user productivity be impacted?
        • Are there available resources (people and systems) to implement the change?
        • Is the vendor available? Is there a significant cost attached to pushing change deployment before the regularly scheduled refresh?
        • Are there dependencies? Does the deployment of one change depend on the earlier deployment of another?
    3. Record your results in your Project Summary Template.

    Start measuring the success of your change management project using three key metrics

    Number of change-related incidents that occur each month

    • Each month, record the number of incidents that can be directly linked to a change. This can be done using an ITSM tool or manually by service desk staff.
    • This is a key success metric: if you are not tracking change-related incidents yet, start doing so as soon as possible. This is the metric that the CIO and business stakeholders will be most interested in because it impacts users directly.

    Number of unauthorized changes applied each month

    • Each month, record the number of changes applied without approval. This is the best way to measure adherence to the process.
    • If this number decreases, it demonstrates a reduction in risk, as more changes are formally assessed and approved before being deployed.

    Percentage of emergency changes

    • Each month, compare the number of emergency change requests to the total number of change requests.
    • Change requesters often designate changes as emergencies as a way of bypassing the process.
    • A reduction in emergency changes demonstrates that your process is operating smoothly and reduces the risk of deploying changes that have not been properly tested.

    Info-Tech Insight

    Start simple. Metrics can be difficult to tackle if you’re starting from scratch. While implementing your change management practice, use these three metrics as a starting point, since they correlate well with the success of change management overall. The following few slides provide more insight into creating metrics for your change process.

    If you want more insight into your change process, measure the progress of each step in change management with metrics

    Improve

    • Number of repeat failures (i.e. making the same mistake twice)
    • Number of changes converted to pre-approved
    • Number of changes converted from pre-approved back to normal

    Request

    • What percentage of change requests have errors or lack appropriate support?
    • What percentage of change requests are actually projects, service requests, or operational tasks?
    • What percentage of changes have been requested before (i.e. documented)?

    Assess

    • What percentage of change requests are out of scope?
    • What percentage of changes have been requested before (i.e. documented)?
    • What are the percentages of changes by category (normal, pre-approved, emergency)?

    Plan

    • What percentage of change requests are reviewed by the CAB that should have been pre-approved or emergency (i.e. what percentage of changes are in the wrong category)?

    Approve

    • Number of changes broken down by department (business unit/IT department to be used in making core/optional CAB membership more efficient)
    • Number of workflows that can be automated

    Implement

    • Number of changes completed on schedule
    • Number of changes rolled back
    • What percentage of changes caused an incident?

    Use metrics to inform project KPIs and CSFs

    Leverage the metrics from the last slide and convert them to data communicable to IT, management, and leadership

    • To provide value, metrics and measurements must be actionable. What actions can be taken as a result of the data being presented?
    • If the metrics are not actionable, there is no value and you should question the use of the metric.
    • Data points in isolation are mostly meaningless to inform action. Observe trends in your metrics to inform your decisions.
    • Using a framework to develop measurements and metrics provides a defined methodology that enables a mapping of base measurements through CSFs.
    • Establishing the relationship increases the value that measurements provide.

    Purposely use SDLC and change lifecycle metrics to find bottlenecks and automation candidates.

    Metrics:

    Metrics are easily measured datapoints that can be pulled from your change management tool. Examples: Number of changes implemented, number of changes without incident.

    KPIs:

    Key Performance Indicators are metrics presented in a way that is easily digestible by stakeholders in IT. Examples: Change efficiency, quality of changes.

    CSFs:

    Critical Success Factors are measures of the business success of change management taken by correlating the CSF with multiple KPIs. Examples: consistent and efficient change management process, a change process mapped to business needs

    List in-scope metrics and reports and align them to benefits

    Metric/Report (by team)Benefit
    Total number of RFCs and percentages by category (pre-approved, normal, emergency, escalated support, expedited)
    • Understand change management activity
    • Tracking maturity growth
    • Identifying “hot spots”
    Pre-approved change list (and additions/removals from the list) Workload and process streamlining (i.e. reduce “red tape” wherever possible)
    Average time between RFC lifecycle stages (by service/application) Advance planning for proposed changes
    Number of changes by service/application/hardware class
    • Identifying weaknesses in the architecture
    • Vendor-specific TCO calculations
    Change triggers Business- vs. IT-initiated change
    Number of RFCs by lifecycle stage Workload planning
    List of incidents related to changes Visible failures of the CM process
    Percentage of RFCs with a tested backout/validation plan Completeness of change planning
    List of expedited changes Spotlighting poor planning and reducing the need for this category going forward (“The Hall of Shame”)
    CAB approval rate Change coordinator alignment with CAB priorities – low approval rate indicates need to tighten gatekeeping by the change coordinator
    Calendar of changes Planning

    4.1.2 Determine Metrics, Key Performance Indicators (KPIs), and Critical Success Factors (CSFs)

    Input

    • Current metrics

    Output

    • List of trackable metrics, KPIs and CSFs

    Materials

    Participants

    • Change Manager
    • Members of the Change Advisory Board
    • Service Desk Manager
    • Operations (optional)
    1. Draw three tables for metrics, KPIs, and CSFs.
    2. Starting with the CSF table, fill in all relevant CSFs that your group wishes to track and measure.
    3. Next, work to determine relevant KPIs correlated with the CSFs and metrics needed to measure the KPIs. Use the tables included below (taken from section 14 of the Change Management SOP) to guide the process.
    4. Record the results in the tables in section 14 of your Change Management SOP.
    5. Decide on where and when to review the metrics to discuss your change management strategy. Designate and owner and record in the RACI and Communications section of your Change Management SOP.
    Ref #Metric

    M1

    		 Number of changes implemented for a time period
    M2 Number of changes successfully implemented for a time period
    M3 Number of changes implemented causing incidents
    M4 Number of accepted known errors when change is implemented
    M5 Total days for a change build (specific to each change)
    M6 Number of changes rescheduled
    M7 Number of training questions received following a change
    Ref#KPIProduct
    K1 Successful changes for a period of time (approach 100%) M2 / M1 x 100%
    K2 Changes causing incidents (approach 0%) M3 / M1 x 100%
    K3 Average days to implement a change ΣM5 / M1
    K4 Change efficiency (approach 100%) [1 - (M6 / M1)] x 100%
    K5 Quality of changes being implemented (approach 100%) [1 - (M4 / M1)] x 100%
    K6 Change training efficiency (approach 100%) [1 - (M7 / M1)] x 100%
    Ref#CSFIndicator
    C1 Successful change management process producing quality changes K1, K5
    C2 Consistent efficient change process K4, K6
    C3 Change process maps to business needs K5, K6

    Measure changes in selected metrics to evaluate success

    Once you have implemented a standardized change management practice, your team’s goal should be to improve the process, year over year.

    • After a process change has been implemented, it’s important to regularly monitor and evaluate the CSFs, KPIs, and metrics you chose to evaluate. Examine whether the process change you implemented has actually resolved the issue or achieved the goal of the critical success factor.
    • Establish a schedule for regularly reviewing the key metrics. Assess changes in those metrics and determine progress toward reaching objectives.
    • In addition to reviewing CSFs, KPIs, and metrics, check in with the release management team and end users to measure their perceptions of the change management process once an appropriate amount of time has passed.
    • Ensure that metrics are telling the whole story and that reporting is honest in order to be informative.

    Outcomes of standardizing change management should include:

    1. Improved efficiency, effectiveness, and quality of changes.
    2. Changes and processes are more aligned with the business needs and strategy.
    3. Improved maturity of change processes.

    Info-Tech Best Practice

    Make sure you’re measuring the right things and considering all sources of information. It’s very easy to put yourself in a position where you’re congratulating yourselves for improving on a specific metric such as number of releases per month, but satisfaction remains low.

    4.1.3 Track and Record Metrics Using the Change Management Metrics Tool

    Input

    • Current metrics

    Output

    • List of trackable metrics, KPIs and CSFs to be observed over the length of a year

    Materials

    Participants

    • Change Manager
    • Members of the Change Advisory Board
    • Service Desk Manager
    • Operations (optional)

    Tracking the progress of metrics is paramount to the success of any change management process. Use Info-Tech’s Change Management Metrics Tool to record metrics and track your progress. This tool is intended to be a substitute for organizations who do not have the capability to track change-related metrics in their ITSM tool.

    1. Input metrics from the previous activity to track over the course of a year.
    2. To record your metrics, open the tool and go to tab 2. The tool is currently primed to record and track five metrics. If you need more than that, you can edit the list in the hidden calculations tab.
    3. To see the progress of your metrics, move to tab 3 to view a dashboard of all metrics in the tool.

    Download the Change Management Metrics Tool

    Case Study

    A federal credit union was able to track maturity growth through the proper use of metrics.

    Industry: Federal Credit Union (anonymous)

    Source: Info-Tech Workshop

    Challenge

    At this federal credit union, the VP of IT wanted a tight set of metrics to engage with the business, communicate within IT, enable performance management of staff, and provide visibility into workload demands, among other requirements.

    The organization was suffering from “metrics fatigue,” with multiple reports being generated from all groups within IT, to the point that weekly/monthly reports were being seen as spam.

    Solution

    Stakeholders were provided with an overview of change management benefits and were asked to identify one key attribute that would be useful to their specific needs.

    Metrics were designed around the stakeholder needs, piloted with each stakeholder group, fine-tuned, and rolled out.

    Some metrics could not be automated off-the-shelf and were rolled out in a manual fashion. These metrics were subsequently automated and finally made available through a dashboard.

    Results

    The business received clear guidance regarding estimated times to implement changes across different elements of the environment.

    The IT managers were able to plan team workloads with visibility into upstream change activity.

    Architects were able to identify vendors and systems that were the leading source of instability.

    The VP of IT was able to track the maturity growth of the change management process and proactively engage with the business on identified hot spots.

    Step 4.2

    Implement the Project

    Activities

    4.2.1 Use a Communications Plan to Gain End User Buy-In

    4.2.2 Create a Project Roadmap to Track Your Implementation Progress

    Measure, Manage, and Maintain

    Step 4.1: Identify Metrics and Build the Change Calendar

    Step 3.2: Implement the Project

    This step involves the following participants:

    • CIO/IT Director
    • IT Managers
    • Change Manager

    Outcomes of this step

    • A communications plan for key messages to communicate to relevant stakeholders and audiences
    • A roadmap with assigned action items to implement change management

    Success of the new process will depend on introducing change and gaining acceptance

    Change management provides value by promptly evaluating and delivering changes required by the business and by minimizing disruption and rework caused by failed changes. Communication of your new change management process is key. If people do not understand the what and why, it will fail to provide the desired value.

    Info-Tech Best Practice

    Gather feedback from end users about the new process: if the process is too bureaucratic, end users are more likely to circumvent it.

    Main Challenges with Communication

    • Many people fail before they even start because they are buried in a mess created before they arrived – either because of a failed attempt to get change management implemented or due to a complicated system that has always existed.
    • Many systems are maintained because “that’s the way it’s always been done.”
    • Organizations don’t know where to start; they think change management is too complex a process.
    • Each group needs to follow the same procedure – groups often have their own processes, but if they don’t agree with one another, this could cause an outage.

    Educate affected stakeholders to prepare for organizational change

    An organizational change management plan should be part of your change management project.

    • Educate stakeholders about:
      • The process change (describe it in a way that the user can understand and is clear and concise).
        • IT changes will be handled in a standardized and repeatable fashion to minimize change-related incidents.
      • Who is impacted?
        • All users.
      • How are they impacted?
        • All change requests will be made using a standard form and will not be deployed until formal approval is received.
      • Change messaging.
        • How to communicate the change (benefits).
      • Learning and development – training your users on the change.
        • Develop and deliver training session on the Change Management SOP to familiarize users with this new method of handling IT change.

    Host a lunch-and-learn session

    • For the initial deployment, host a lunch-and-learn session to educate the business on the change management practice. Relevant stakeholders of affected departments should host it and cover the following topics:
    • What is change management (change management/change control)?
    • The value of change management.
    • What the Change Management SOP looks like.
    • Who is involved in the change management process (the CAB, etc.)?
    • What constitutes a pre-approved change and an emergency change?
    • An overview of the process, including how to avoid unauthorized changes.
    • Who should they contact in case of questions?

    Communicate the new process to all affected stakeholders

    Do not surprise users or support staff with changes. This will result in lost productivity and low satisfaction with IT services.

    • User groups and the business need to be given sufficient notice of an impending change.
    • This will allow them to make appropriate plans to accept the change, minimizing the impact of the change on productivity.
    • A communications plan will be documented in the RFC while the release is being built and tested.
    • It’s the responsibility of the change team to execute on the communications plan.

    Info-Tech Insight

    The success of change communication can be measured by monitoring the number of service desk tickets related to a change that was not communicated to users.

    Communication is crucial to the integration and overall implementation of your change management initiative. An effective communications plan will:

    • Gain support from management at the project proposal phase.
    • Create end-user buy-in once the program is set to launch.
    • Maintain the presence of the program throughout the business.
    • Instill ownership throughout the business from top-level management to new hires.

    Create your communications plan to anticipate challenges, remove obstacles, and ensure buy-in

    Management

    Technicians

    Business Stakeholders

    Provide separate communications to key stakeholder groups

    Why? What problems are you trying to solve?

    What? What processes will it affect (that will affect me)?

    Who? Who will be affected? Who do I go to if I have issues with the new process?

    When? When will this be happening? When will it affect me?

    How? How will these changes manifest themselves?

    Goal? What is the final goal? How will it benefit me?

    Info-Tech Insight

    Pay close attention to the medium of communication. For example, stakeholders on their feet all day would not be as receptive to an email communication compared to those who primarily work in front of a computer. Put yourself into various stakeholders’ shoes to craft a tailored communication of change management.

    4.2.1 Use a Communications Plan to Gain End User Buy-In

    Input

    • List of stakeholder groups for change management

    Output

    • Tailored communications plans for various stakeholder groups

    Materials

    Participants

    • Change Manager
    • Members of the Change Advisory Board
    • Service Desk Manager
    • Operations (optional)
    1. Using Info-Tech’s Change Management Communications Plan, identify key audiences or stakeholder groups that will be affected by the new change management practice.
    2. For each group requiring a communications plan, identify the following:
      • The benefits for that group of individuals.
      • The impact the change will have on them.
      • The best communication method(s) for them.
      • The time frame of the communication.
    3. Complete this information in a table like the one below:
    GroupBenefitsImpactMethodTimeline
    IT Standardized change process All changes must be reviewed and approved Poster campaign 6 months
    End Users Decreased wait time for changes Formal process for RFCs Lunch-and-learn sessions 3 months
    Business Reduced outages Increased involvement in planning and approvals Monthly reports 1 year
    1. Discuss the communications plan:
      • Will this plan ensure that users are given adequate opportunities to accept the changes being deployed?
      • Is the message appropriate for each audience? Is the format appropriate for each audience?
      • Does the communication include training where necessary to help users adopt any new functions/workflows being introduced?

    Download the Change Management Communications Plan

    Present your SOP to key stakeholders and obtain their approval

    Now that you have completed your Change Management SOP, the final step is to get sign-off from senior management to begin the rollout process.

    Know your audience:

    • Determine the service management stakeholders who will be included in the audience for your presentation.
    • You want your presentation to be succinct and hard hitting. Management’s time is tight and they will lose interest if you drag out the delivery.
    • Briefly speak about the need for more formal change management and emphasize the benefits of implementing a more formal process with a SOP.
    • Present your current state assessment results to provide context before presenting the SOP itself.
    • As with any other foundational activity, be prepared with some quick wins to gain executive attention.
    • Be prepared to review with both technical and less technical stakeholders.

    Info-Tech Insight

    The support of senior executive stakeholders is critical to the success of your SOP rollout. Try to wow them with project benefits and make sure they know about the risks/pain points.

    Download the Change Management Project Summary Template

    4.2.2 Create a Project Roadmap to Track Your Implementation Progress

    Input

    • List of implementation tasks

    Output

    • Roadmap and timeline for change management implementation

    Materials

    Participants

    • Change Manager
    • Members of the Change Advisory Board
    • Service Desk Manager
    • Operations (optional)
    1. Info-Tech’s Change Management Roadmap Tool helps you identify and prioritize tasks that need to be completed for the change management implementation project.
    2. Use this tool to identify each action item that will need to be completed as part of the change management initiative. Chart each action item, assign an owner, define the duration, and set a completion date.
    3. Use the resulting rocket diagram as a guide to task completion as you work toward your future state.

    Download the Change Management Roadmap Tool

    Case Study (part 4 of 4)

    Intel implemented a robust change management process.

    Industry: Technology

    Source: Daniel Grove, Intel

    Challenge

    Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.

    Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.

    Intel’s change management program is responsible for over 4,000 changes each week.

    Solution

    Intel had its new change management program in place and the early milestones planned, but one key challenge with any new project is communication.

    The company also needed to navigate the simplification of a previously complex process; end users could be familiar with any of the 37 different change processes or 25 different change management systems of record.

    Top-level buy-in was another concern.

    Results

    Intel first communicated the process changes by publishing the vision and strategy for the project with top management sponsorship.

    The CIO published all of the new change policies, which were supported by the Change Governance Council.

    Intel cited the reason for success as the designation of a Policy and Guidance Council – a group designed to own communication and enforcement of the new policies and processes put in place.

    Summary of Accomplishment

    Problem Solved

    You now have an outline of your new change management process. The hard work starts now for an effective implementation. Make use of the communications plan to socialize the new process with stakeholders and the roadmap to stay on track.

    Remember as you are starting your implementation to keep your documents flexible and treat them as “living documents.” You will likely need to tweak and refine the processware and templates several times to continually improve the process. Furthermore, don’t shy away from seeking feedback from your stakeholders to gain buy-in.

    Lastly, keep an eye on your progress with objective, data-driven metrics. Leverage the trends in your data to drive your decisions. Be sure to revisit the maturity assessment not only to measure and visualize your progress, but to gain insight into your next steps.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic office in Toronto, Ontario, Canada to participate in an innovative onsite workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.2 Complete a Change Management Maturity Assessment

    Run through the change management maturity assessment with tailored commentary for each action item outlining context and best practices.

    2.2.1 Plot the Process for a Normal Change

    Build a normal change process using Info-Tech’s Change Management Process Library template with an analyst helping you to right size the process for your organization.

    Related Info-Tech Research

    Standardize the Service Desk

    Improve customer service by driving consistency in your support approach and meeting SLAs.

    Stabilize Release and Deployment Management

    Maintain both speed and control while improving the quality of deployments and releases within the infrastructure team.

    Incident and Problem Management

    Don’t let persistent problems govern your department.

    Select Bibliography

    AXELOS Limited. ITIL Foundation: ITIL 4th edition. TSO, 2019, pp. 118–120.

    Behr, Kevin and George Spafford. The Visible Ops Handbook: Implementing ITIL in 4 Practical and Auditable Steps. IT Revolution Press. 2013.

    BMC. “ITIL Change Management.” BMC Software Canada, 22 December 2016.

    Brown, Vance. “Change Management: The Greatest ROI of ITIL.” Cherwell Service Management.

    Cisco. “Change Management: Best Practices.” Cisco, 10 March 2008.

    Grove, Daniel. “Case Study ITIL Change Management Intel Corporation.” PowerShow, 2005.

    ISACA. “COBIT 5: Enabling Processes.” ISACA, 2012.

    Jantti, M. and M. Kainulainen. “Exploring an IT Service Change Management Process: A Case Study.” ICDS 2011: The Fifth International Conference on Digital Society, 23 Feb. 2011.

    Murphy, Vawns. “How to Assess Changes.” The ITSM Review, 29 Jan. 2016.

    Nyo, Isabel. “Best Practices for Change Management in the Age of DevOps.” Atlassian Engineering, 12 May 2021.

    Phillips, Katherine W., Katie A. Liljenquist, and Margaret A. Neale. “Better Decisions Through Diversity.” Kellogg Insight, 1 Oct. 2010.

    Pink Elephant. “Best Practices for Change Management.” Pink Elephant, 2005.

    Sharwood, Simon. “Google broke its own cloud by doing two updates at once.” The Register, 24 Aug. 2016.

    SolarWinds. “How to Eliminate the No: 1 Cause of Network Downtime.” SolarWinds Tech Tips, 25 Apr. 2014.

    The Stationery Office. “ITIL Service Transition: 2011.” The Stationary Office, 29 July 2011.

    UCISA. “ITIL – A Guide to Change Management.” UCISA.

    Zander, Jason. “Final Root Cause Analysis and Improvement Areas: Nov 18 Azure Storage Service Interruption.” Microsoft Azure: Blog and Updates, 17 Dec. 2014.

    Appendix I: Expedited Changes

    Employ the expedited change to promote process adherence

    In many organizations, there are changes which may not fit into the three prescribed categories. The reason behind why the expedited category may be needed generally falls between two possibilities:

    1. External drivers dictate changes via mandates which may not fall within the normal change cycle. A CIO, judge, state/provincial mandate, or request from shared services pushes a change that does not fall within a normal change cycle. However, there is no imminent outage (therefore it is not an emergency). In this case, an expedited change can proceed. Communicate to the change requester that IT and the change build team will still do their best to implement the change without issue, but any extra risk of implementing this expedited change (compared to an normal change) will be absorbed by the change requester.
    2. The change requester did not prepare for the change adequately. This is common if a new change process is being established (and stakeholders are still adapting to the process). Change requesters or the change build team may request the change to be done by a certain date that does not fall within the normal change cycle, or they simply did not give the CAB enough time to vet the change. In this case, you may use the expedited category as a metric (or a “Hall of Shame” example). If you identify a department or individual that frequently request expedited changes, use the expedited category as a means to educate them about the normal change to discourage the behavior moving forward.

    Two possible ways to build an expedited change category”

    1. Build the category similar to an emergency change. In this case, one difference would be the time allotted to fully obtain authorization of the change from the E-CAB and business owner before implementing the change (as opposed to the emergency change workflow).
    2. Have the expedited change reflect the normal change workflow. In this case, all the same steps of the normal change workflow are followed except for expedited timelines between processes. This may include holding an impromptu CAB meeting to authorize the change.

    Example process: Expedited Change Process

    The image is a flowchart, showing the process for Expedited Change.

    For the full process, refer to the Change Management Process Library.

    Appendix II: Optimize IT Change Management in a DevOps Environment

    Change Management cannot be ignored because you are DevOps or Agile

    But it can be right-sized.

    The core tenets of change management still apply no matter the type of development environment an organization has. Changes in any environment carry risk of degrading functionality, and must therefore be vetted. However, the amount of work and rigor put into different stages of the change life cycle can be altered depending on the maturity of the development workflows. The following are several stage gates for change management that MUST be considered if you are a DevOps or Agile shop:

    • Intake assessment (separation of changes from projects, service requests, operational tasks)
      • Within a DevOps or Agile environment, many of the application changes will come directly from the SDLC and projects going live. It does not mean a change must go through CAB, but leveraging the pre-approved category allows for an organization to stick to development lifecycles without being heavily bogged down by change bureaucracy.
    • Technical review
      • Leveraging automation, release contingencies, and the current SDLC documentation to decrease change risk allows for various changes to be designated as pre-approved.
    • Authorization
      • Define the authorization and dependencies of a change early in the lifecycle to gain authorization and necessary signoffs.
    • Documentation/communication
      • Documentation and communication are post-implementation activities that cannot be ignored. If documentation is required throughout the SDLC, then design the RFC to point to the correct documentation instead of duplicating information.

    "Understand that process is hard and finding a solution that fits every need can be tricky. With this change management process we do not try to solve every corner case so much as create a framework by which best judgement can be used to ensure maximum availability of our platforms and services while still complying with our regulatory requirements and making positive changes that will delight our customers.“ -IT Director, Information Cybersecurity Organization

    Five principals for implementing change in DevOps

    Follow these best practices to make sure your requirements are solid:

    People

    The core differences between an Agile or DevOps transition and a traditional approach are the restructuring and the team behind it. As a result, the stakeholders of change management must be onboard for the process to work. This is the most difficult problem to solve if it’s an issue, but open avenues of feedback for a process build is a start.

    DevOps Lifecycles

    • Plan the dev lifecycle so people can’t skirt it. Ensure the process has automated checks so that it’s more work to skirt the system than it is to follow it. Make the right process the process of least resistance.
    • Plan changes from the start to ensure that cross-dependencies are identified early and that the proposed implementation date is deconflicted and visible to other change requesters and change stakeholders.

    Automation

    Automation comes in many forms and is well documented in many development workflows. Having automated signoffs for QA/security checks and stakeholders/cross dependency owner sign offs may not fully replace the CAB but can ease the burden on discussions before implementation.

    Contingencies

    Canary releases, phased releases, dark releases, and toggles are all options you can employ to reduce risk during a release. Furthermore, building in contingencies to the test/rollback plan decreases the risk of the change by decreasing the factor of likelihood.

    Continually Improve

    Building change from the ground up doesn’t meant the process has to be fully fledged before launch. Iterative improvements are possible before achieving an optimal state. Having the proper metrics on the pain points and bottlenecks in the process can identify areas for automation and improvement.

    Increasing the proportion of pre-approved changes

    Leverage the traditional change infrastructure to deploy changes quickly while keeping your risk low.

    • To designate a change as a pre-approved change it must have a low risk rating (based on impact and likelihood). Fortunately, many of the changes within the Agile framework are designed to be small and lower risk (at least within application development). Putting in the work ahead of time to document these changes, template RFCs, and document the dependencies for various changes allows for a shift in the proportion of pre-approved changes.
    • The designation of pre-approved changes is an ongoing process. This is not an overnight initiative. Measure the proportion of changes by category as a metric, setting goals and interim goals to shift the change proportion to a desired ratio.

    The image is a bar graph, with each bar having 3 colour-coded sections: Emergency, Normal, and Pre-Approved. The first bar is before, where the largest change category is Normal. The second bar is after, and the largest change category is Pre-Approved.

    Turn your CAB into a virtual one

    • The CAB does not have to fully disappear in a DevOps environment. If the SDLC is built in a way that authorizes changes through peer reviews and automated checks, by the time it’s deployed, the job of the CAB should have already been completed. Then the authorization stage-gate (traditionally, the CAB) shifts to earlier in the process, reducing the need for an actual CAB meeting. However, the change must still be communicated and documented, even if it’s a pre-approved change.
    • As the proportion of changes shifts from a high degree of normal changes to a high degree of pre-approved changes, the need for CAB meetings should decrease even further. As an end-state, you may reserve actual CAB meetings for high-profile changes (as defined by risk).
    • Lastly, change management does not disappear as a process. Periodic reviews of change management metrics and the pre-approved change list must still be completed.

    IT Governance

    • Buy Link or Shortcode: {j2store}22|cart{/j2store}
    • Related Products: {j2store}22|crosssells{/j2store}
    • Up-Sell: {j2store}22|upsells{/j2store}
    • member rating overall impact: 9.2/10
    • member rating average dollars saved: $124,127
    • member rating average days saved: 37
    • Parent Category Name: Strategy and Governance
    • Parent Category Link: /strategy-and-governance
    • byline: Avoid bureaucracy and achieve alignment with a practical approach.
    Read our concise Executive Brief to find out why you may want to redesign your IT governance, Review our methodology, and understand how we can support you in completing this process.

    Portfolio Management

    • Buy Link or Shortcode: {j2store}47|cart{/j2store}
    • Related Products: {j2store}47|crosssells{/j2store}
    • member rating overall impact: 9.6/10
    • member rating average dollars saved: $40,234
    • member rating average days saved: 30
    • Parent Category Name: Applications
    • Parent Category Link: /applications
    • byline: Develop your project portfolio management strategy.

    The challenge

    • Typically your business wants much more than your IT development organization can deliver with the available resources at the requested quality levels.
    • Over-damnd has a negative influence on delivery throughput. IT starts many projects (or features) but has trouble delivering most of them within the set parameters of scope, time, budget, and quality. Some requested deliverables may even be of questionable value to the business.
    • You may not have the right project portfolio management (PPM) strategy to bring order in IT's delivery activities and to maximize business value.

    Our advice

    Insight

    • Many in IT mix PPM and project management. Your project management playbook does not equate to the holistic view a real PPM practice gives you.
    • Some organizations also mistake PPM for a set of processes. Processes are needed, but a real strategy works towards tangible goals.
    • PPM works at the strategic level of the company; hence executive buy-in is critical. Without executive support, any effort to reconcile supply and demand will be tough to achieve.

    Impact and results 

    • PPM is a coherent business-aligned strategy that maximizes business value creation across the entire portfolio, rather than in each project.
    • Our methodology tackles the most pressing challenge upfront: get executive buy-in before you start defining your goals. With senior management behind the plan, implementation will become easier.
    • Create PPM processes that are a cultural fit for your company. Define your short and long-term goals for your strategy and support them with fully embedded portfolio management processes.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started.

    Read our executive brief to understand why you should develop a PPM strategy and understand how our methodology can help you. We show you how we can support you.

    Obtain executive buy-in for your strategy

    Ensure your strategy is a cultural fit or cultural-add for your company.

    • Develop a Project Portfolio Management Strategy – Phase 1: Get Executive Buy-In for Your PPM Strategy (ppt)
    • PPM High-Level Supply-Demand Calculator (xls)
    • PPM Strategic Plan Template (ppt)
    • PPM Strategy-Process Goals Translation Matrix Template (xls)

    Align the PPM processes to your company's strategic goals

    Use the advice and tools in this stage to align the PPM processes.

    • Develop a Project Portfolio Management Strategy – Phase 2: Align PPM Processes to Your Strategic Goals (ppt)
    • PPM Strategy Development Tool (xls)

    Refine and complete your plan

    Use the inputs from the previous stages and add a cost-benefit analysis and tool recommendation.

    • Streamline Application Maintenance – Phase 3: Optimize Maintenance Capabilities (ppt)

    Streamline your maintenance delivery

    Define quality standards in maintenance practices. Enforce these in alignment with the governance you have set up. Show a high degree of transparency and open discussions on development challenges.

    • Develop a Project Portfolio Management Strategy – Phase 3: Complete Your PPM Strategic Plan (ppt)
    • Project Portfolio Analyst / PMO Analyst (doc)

     

     

    Integrate Portfolios to Create Exceptional Customer Value

    • Buy Link or Shortcode: {j2store}176|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Through growth, both organic and acquisition, you have a significant footprint of projects and applications.
    • Projects and applications have little in common with one another, all with their own history and pedigree.
    • You need to look across your portfolio of applications and projects to see if they will collectively help the organization achieve its goals.

    Our Advice

    Critical Insight

    • Stakeholders don’t care about the minutia and activities involved in project and application portfolio management.
    • Timely delivery of effective and important applications that deliver value throughout their life are the most important factors driving business satisfaction with IT.

    Impact and Result

    • Define an organizing principle that will structure your projects and applications in a way that matters to your stakeholders.
    • Bridge application and project portfolio data using the organizing principle that matters to communicate with stakeholders across the organization.
    • Create a dashboard that brings together the benefits of both project and application portfolio management to improve visibility and decision making.

    Integrate Portfolios to Create Exceptional Customer Value Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should integrate your application and project portfolios, review Info-Tech’s methodology, and understand the three ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define the principle that organizes your portfolios, objectives, and stakeholders

    To bring your portfolios together, you need to start with learning about your objectives, principles, and stakeholders.

    • Integrate Portfolios to Create Exceptional Customer Value – Phase 1: Define the Principle That Organizes Your Portfolios, Objectives, and Stakeholders
    • Integrated Portfolio Dashboard Tool
    • Integrated Portfolio Dashboard Tool – Example

    2. Take stock of what brings you closer to your goals

    Get a deeper understanding of what makes up your organizing principle before learning about your applications and projects that are aligned with your principles.

    • Integrate Portfolios to Create Exceptional Customer Value – Phase 2: Take Stock of What Brings You Closer to Your Goals

    3. Bring it all together

    Bound by your organizing principles, bring your projects and applications together under a single dashboard. Once defined, determine the rollout and communication plan that suits your organization.

    • Integrate Portfolios to Create Exceptional Customer Value – Phase 3: Bring It All Together
    • Integrated Portfolio Communication and Roadmap Plan
    • Integrated Portfolio Communication and Roadmap Plan Example
    [infographic]

    Workshop: Integrate Portfolios to Create Exceptional Customer Value

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Looking at Your Principles

    The Purpose

    Determine your organizational objectives and organizing principle.

    Key Benefits Achieved

    A clear understanding of where you need to go as an organization.

    A clear way to enable all parts of your portfolio to come together.

    Activities

    1.1 Determine your organization’s objectives.

    1.2 Determine your key stakeholders.

    1.3 Define your organizing principle.

    1.4 Decompose your organizing principle into its core components.

    Outputs

    Determined organizing principle for your applications and projects

    2 Understanding Your Applications

    The Purpose

    Get a clear view of the applications that contribute to your organization’s objectives.

    Key Benefits Achieved

    A key element of IT value delivery is its applications. Gaining awareness allows you to evaluate if the right value is being provided.

    Activities

    2.1 Determine your complete list of applications.

    2.2 Determine the health of your applications.

    2.3 Link your applications to the organization’s core components.

    Outputs

    List of applications

    Application list with health statistics filled in

    List of applications with health metrics bound to the organization’s core components

    3 Understanding Your Projects

    The Purpose

    Get a clear view of your project portfolio and how it relates to your applications and their organizing principle.

    Key Benefits Achieved

    An understanding of your project portfolio.

    Activities

    3.1 List all in-flight projects and vital health statistics.

    3.2 Map out the key programs and projects in your portfolio to the application’s core components.

    Outputs

    List of projects

    List of projects mapped to applications they impact

    4 Rolling Out the New Dashboard

    The Purpose

    Bring together your application and project portfolios in a new, easy-to-use dashboard with a full rollout plan.

    Key Benefits Achieved

    Dashboard available for use

    Roadmap and communication plan to make dashboard implementable and tangible

    Activities

    4.1 Test the dashboard.

    4.2 Define your refresh cadence.

    4.3 Plan your implementation.

    4.4 Develop your communication plan.

    Outputs

    Validated dashboards

    Create a Customized Big Data Architecture and Implementation Plan

    • Buy Link or Shortcode: {j2store}388|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Big data architecture is different from traditional data for several key reasons, including:
      • Big data architecture starts with the data itself, taking a bottom-up approach. Decisions about data influence decisions about components that use data.
      • Big data introduces new data sources such as social media content and streaming data.
      • The enterprise data warehouse (EDW) becomes a source for big data.
      • Master data management (MDM) is used as an index to content in big data about the people, places, and things the organization cares about.
      • The variety of big data and unstructured data requires a new type of persistence.
    • Many data architects have no experience with big data and feel overwhelmed by the number of options available to them (including vendor options, storage options, etc.). They often have little to no comfort with new big data management technologies.
    • If organizations do not architect for big data, there are a couple of main risks:
      • The existing data architecture is unable to handle big data, which will eventually result in a failure that could compromise the entire data environment.
      • Solutions will be selected in an ad hoc manner, which can cause incompatibility issues down the road.

    Our Advice

    Critical Insight

    • Before beginning to make technology decisions regarding the big data architecture, make sure a strategy is in place to document architecture principles and guidelines, the organization’s big data business pattern, and high-level functional and quality of service requirements.
    • The big data business pattern can be used to determine what data sources should be used in your architecture, which will then dictate the data integration capabilities required. By documenting current technologies, and determining what technologies are required, you can uncover gaps to be addressed in an implementation plan.
    • Once you have identified and filled technology gaps, perform an architectural walkthrough to pull decisions and gaps together and provide a fuller picture. After the architectural walkthrough, fill in any uncovered gaps. A proof-of-technology project can be started as soon as you have evaluation copies (or OSS) products and at least one person who understands the technology.

    Impact and Result

    • Save time and energy trying to fix incompatibilities between technology and data.
    • Allow the Data Architect to respond to big data requests from the business more quickly.
    • Provide the organization with valuable insights through the analytics and visualization technologies that are integrated with the other building blocks.

    Create a Customized Big Data Architecture and Implementation Plan Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Recognize the importance of big data architecture

    Big data is centered on the volume, variety, velocity, veracity, and value of data. Achieve a data architecture that can support big data.

    • Storyboard: Create a Customized Big Data Architecture and Implementation Plan

    2. Define architectural principles and guidelines while taking into consideration maturity

    Understand the importance of a big data architecture strategy. Assess big data maturity to assist with creation of your architectural principles.

    • Big Data Maturity Assessment Tool
    • Big Data Architecture Principles & Guidelines Template

    3. Build the big data architecture

    Come to accurate big data architecture decisions.

    • Big Data Architecture Decision Making Tool

    4. Determine common services needs

    What are common services?

    5. Plan a big data architecture implementation

    Gain business satisfaction with big data requests. Determine what steps need to be taken to achieve your big data architecture.

    • Big Data Architecture Initiative Definition Tool
    • Big Data Architecture Initiative Planning Tool

    Infographic

    Workshop: Create a Customized Big Data Architecture and Implementation Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Recognize the Importance of Big Data Architecture

    The Purpose

    Set expectations for the workshop.

    Recognize the importance of doing big data architecture when dealing with big data.

    Key Benefits Achieved

    Big data defined.

    Understanding of why big data architecture is necessary.

    Activities

    1.1 Define the corporate strategy.

    1.2 Define big data and what it means to the organization.

    1.3 Understand why doing big data architecture is necessary.

    1.4 Examine Info-Tech’s Big Data Reference Architecture.

    Outputs

    Defined Corporate Strategy

    Defined Big Data

    Reference Architecture

    2 Design a Big Data Architecture Strategy

    The Purpose

    Identification of architectural principles and guidelines to assist with decisions.

    Identification of big data business pattern to choose required data sources.

    Definition of high-level functional and quality of service requirements to adhere architecture to.

    Key Benefits Achieved

    Key Architectural Principles and Guidelines defined.

    Big data business pattern determined.

    High-level requirements documented.

    Activities

    2.1 Discuss how maturity will influence architectural principles.

    2.2 Determine which solution type is best suited to the organization.

    2.3 Define the business pattern driving big data.

    2.4 Define high-level requirements.

    Outputs

    Architectural Principles & Guidelines

    Big Data Business Pattern

    High-Level Functional and Quality of Service Requirements Exercise

    3 Build a Big Data Architecture

    The Purpose

    Establishment of existing and required data sources to uncover any gaps.

    Identification of necessary data integration requirements to uncover gaps.

    Determination of the best suited data persistence model to the organization’s needs.

    Key Benefits Achieved

    Defined gaps for Data Sources

    Defined gaps for Data Integration capabilities

    Optimal Data Persistence technology determined

    Activities

    3.1 Establish required data sources.

    3.2 Determine data integration requirements.

    3.3 Learn which data persistence model is best suited.

    3.4 Discuss analytics requirements.

    Outputs

    Data Sources Exercise

    Data Integration Exercise

    Data Persistence Decision Making Tool

    4 Plan a Big Data Architecture Implementation

    The Purpose

    Identification of common service needs and how they differ for big data.

    Performance of an architectural walkthrough to test decisions made.

    Group gaps to form initiatives to develop an Initiative Roadmap.

    Key Benefits Achieved

    Common service needs identified.

    Architectural walkthrough completed.

    Initiative Roadmap completed.

    Activities

    4.1 Identify common service needs.

    4.2 Conduct an architectural walkthrough.

    4.3 Group gaps together into initiatives.

    4.4 Document initiatives on an initiative roadmap.

    Outputs

    Architectural Walkthrough

    Initiative Roadmap

    Risk management company

    Expert risk management consultancy firm

    Based on experience
    Implementable advice
    human-based and people-oriented

    Engage Tymans Group, expert risk management and consultancy company, to advise you on mitigating, preventing, and monitoring IT and information security risks within your business. We offer our extensive experience as a risk consulting company to provide your business with a custom roadmap and practical solutions to any risk management problems you may encounter.

    Security and risk management

    Our security and risk services

    Security strategy

    Security Strategy

    Embed security thinking through aligning your security strategy to business goals and values

    Read more

    Disaster Recovery Planning

    Disaster Recovery Planning

    Create a disaster recovey plan that is right for your company

    Read more

    Risk Management

    Risk Management

    Build your right-sized IT Risk Management Program

    Read more

    Check out all our services

    Setting up risk management within your company with our expert help

    Risk is unavoidable when doing business, but that does not mean you should just accept it and move on. Every company should try to manage and mitigate risk as much as possible, be it risks regarding data security or general corporate security. As such, it would be wise to engage an expert risk management and consultancy company, like Tymans Group. Our risk management consulting firm offers business practical solutions for setting up risk management programs and IT risk monitoring protocols as well as solutions for handling IT incidents. Thanks to our experience as a risk management consulting firm, you enjoy practical and proven solutions based on a people-oriented approach.

    Benefit from our expert advice on risk management

    If you engage our risk management consultancy company you get access to various guides and documents to help you set up risk management protocols within you company. Additionally, you can book a one-hour online talk with our risk management consulting firm’s CEO Gert Taeymans to discuss any problems you may be facing or request an on-site appointment in which our experts analyze your problems. The talk can discuss any topic, from IT risk control to external audits and even corporate security consultancy. If you have any questions about our risk management and consulting services for your company, we are happy to answer them. Just contact our risk management consulting firm through the online form and we will get in touch with as soon as possible.

    Register to read more …

    Reduce Shadow IT With a Service Request Catalog

    • Buy Link or Shortcode: {j2store}302|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $129,999 Average $ Saved
    • member rating average days saved: 35 Average Days Saved
    • Parent Category Name: Asset Management
    • Parent Category Link: /asset-management
    • Shadow IT: The IT team is regularly surprised to discover new products within the organization, often when following up on help desk tickets or requests for renewals from business users or vendors.
    • Renewal Management: The contracts and asset teams need to be aware of upcoming renewals and have adequate time to review renewals.
    • Over-purchasing: Contracts may be renewed without a clear picture of usage, potentially renewing unused applications.

    Our Advice

    Critical Insight

    There is a direct correlation between service delivery dissatisfaction and increases in shadow IT. Whether the goal is to reduce shadow IT or gain control, improved customer service and fast delivery are key to making lasting changes.

    Impact and Result

    Our blueprint will help you design a service that draws the business to use it. If it is easier for them to buy from IT than it is to find their own supplier, they will use IT.

    A heavy focus on customer service, design optimization, and automation will provide a means for the business to get what they need, when they need it, and provide visibility to IT and security to protect organizational interests.

    This blueprint will help you:

    • Design the request service
    • Design the request catalog
    • Build the request catalog
    • Market the service

    Reduce Shadow IT With a Service Request Catalog Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Reduce Shadow IT With a Service Request Catalog – A step-by-step document that walks you through creation of a request service management program.

    Use this blueprint to create a service request management program that provides immediate value.

    • Reduce Shadow IT With a Service Request Catalog Storyboard

    2. Nonstandard Request Assessment – A template for documenting requirements for vetting and onboarding new applications.

    Use this template to define what information is needed to vet and onboard applications into the IT environment.

    • Nonstandard Request Assessment

    3. Service Request Workflows – A library of workflows used as a starting point for creating and fulfilling requests for applications and equipment.

    Use this library of workflows as a starting point for creating and fulfilling requests for applications and equipment in a service catalog.

    • Service Request Workflows

    4. Application Portfolio – A template to organize applications requested by the business and identify which items are published in the catalog.

    Use this template as a starting point to create an application portfolio and request catalog.

    • Application Portfolio

    5. Reduce Shadow IT With a Service Request Catalog Communications Template – A presentation and communications plan to announce changes to the service and introduce a catalog.

    Use this template to create a presentation and communications plan for launching the new service and service request catalog.

    • Reduce Shadow IT with a Service Request Catalog Communications Template
    [infographic]

    Workshop: Reduce Shadow IT With a Service Request Catalog

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Design the Service

    The Purpose

    Collaborate with the business to determine service model.

    Collaborate with IT teams to build non-standard assessment process.

    Key Benefits Achieved

    Designed a service for service requests, including new product intake.

    Activities

    1.1 Identify challenges and obstacles.

    1.2 Complete customer journey map.

    1.3 Design process for nonstandard assessments.

    Outputs

    Nonstandard process.

    2 Design the Catalog

    The Purpose

    Design the service request catalog management process.

    Key Benefits Achieved

    Ensure the catalog is kept current and is integrated with IT service catalog if applicable.

    Activities

    2.1 Determine what will be listed in the catalog.

    2.2 Determine process to build and maintain the catalog, including roles, responsibilities, and workflows.

    2.3 Define success and determine metrics.

    Outputs

    Catalog scope.

    Catalog design and maintenance plan.

    Defined success metrics

    3 Build and Market the Catalog

    The Purpose

    Determine catalog contents and how requests will be fulfilled.

    Key Benefits Achieved

    Catalog framework and service level agreements will be defined.

    Create communications documents.

    Activities

    3.1 Determine how catalog items will be displayed.

    3.2 Complete application categories for catalog.

    3.3 Create deployment categories and SLAs.

    3.4 Design catalog forms and deployment workflows.

    3.5 Create roadmap.

    3.6 Create communications plan.

    Outputs

    Catalog workflows and SLAs.

    Roadmap.

    Communications deck.

    4 Breakout Groups – Working Sessions

    The Purpose

    Create an applications portfolio.

    Prepare to populate the catalog.

    Key Benefits Achieved

    Portfolio and catalog contents created.

    Activities

    4.1 Using existing application inventory, add applications to portfolio and categorize.

    4.2 Determine which applications should be in the catalog.

    4.3 Determine which applications are packaged and can be easily deployed.

    Outputs

    Application Portfolio.

    List of catalog items.

    Further reading

    Reduce Shadow IT With a Service Request Catalog

    Foster business partnerships with sourcing-as-a-service.

    Analyst Perspective

    Improve the request management process to reduce shadow IT.

    In July 2022, Ivanti conducted a study on the state of the digital employee experience, surveying 10,000 office workers, IT professionals, and C-suite executives. Results of this study indicated that 49% of employees are frustrated by their tools, and 26% of employees were considering quitting their jobs due to unsuitable tech. 42% spent their own money to gain technology to improve their productivity. Despite this, only 21% of IT leaders prioritized user experience when selecting new tools.

    Any organization’s workers are expected to be productive and contribute to operational improvements or customer experience. Yet those workers don’t always have the tools needed to do the job. One option is to give the business greater control, allowing them to choose and acquire the solutions that will make them more productive. Info-Tech's blueprint Embrace Business-Managed Applications takes you down this path.

    However, if the business doesn’t want to manage applications, but just wants have access to better ones, IT is positioned to provide services for application and equipment sourcing that will improve the employee experience while ensuring applications and equipment are fully managed by the asset, service, and security teams.

    Improving the request management and deployment practice can give the business what they need without forcing them to manage license agreements, renewals, and warranties.

    Photo of Sandi Conrad

    Sandi Conrad
    ITIL Managing Professional
    Principal Research Director, IT Infrastructure & Operations,
    Info-Tech Research Group

    Your challenge

    This research is designed to help organizations that are looking to improve request management processes and reduce shadow IT.

    Shadow IT: The IT team is regularly surprised to discover new products within the organization, often when following up on help desk tickets or requests for renewals from business users or vendors.

    Renewal management: The contracts and asset teams need to be aware of upcoming renewals and have adequate time to review renewals.

    Over-purchasing and over-spending: Contracts may be renewed without a clear picture of utilization, potentially renewing unused applications. Applications or equipment may be purchased at retail price where corporate, government, or educational discounts exist.

    Info-Tech Insight

    To increase the visibility of the IT environment, IT needs to transform the request management process to create a service that makes it easier for the business to access the tools they need rather than seeking them outside of the organization.

    609
    Average number of SaaS applications in large enterprises

    40%
    On average, only 60% of provisioned SaaS licenses are used, with the remaining 40% unused.

    — Source: Zylo, SaaS Trends for IT Leaders, 2022

    Common obstacles

    Too many layers of approvals and a lack of IT workers makes it difficult to rethink service request fulfillment.

    Delays: The business may not be getting the applications they need from IT to do their jobs or must wait too long to get the applications approved.

    Denials: Without IT’s support, the business is finding alternative options, including SaaS applications, as they can be bought and used without IT’s input or knowledge.

    Threats: Applications that have not been vetted by security or installed without their knowledge may present additional threats to the organization.

    Access: Self-serve isn’t mature enough to support an applications catalog.

    A diagram that shows the number of SaaS applications being acquired outside of IT is increasing year over year, and that business units are driving the majority of SaaS spend.

    8: average number of applications entering the organization every 30 days

    — Source: Zylo, SaaS Trends for Procurement, 2022

    Info-Tech’s approach

    Improve the request management process to create sourcing-as-a-service for the business.

    • Improve customer service
    • Reduce shadow IT
    • Gain control in a way that keeps the business happy

    1. Design the service

    Collaborate with the business

    Identify the challenges and obstacles

    Gain consensus on priorities

    Design the service

    2. Design the catalog

    Determine catalog scope

    Create a process to build and maintain the catalog

    Define metrics for the request management process

    3. Build the catalog

    Determine descriptions for catalog items

    Create definitions for license types, workflows, and SLAs

    Create application portfolio

    Design catalog forms and workflows

    4. Market the service

    Create a roadmap

    Determine messaging

    Build a communications plan

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Communications Presentation

    Photo of Communications Presentation

    Application Portfolio

    Photo of Application Portfolio

    Visio Library

    Photo of Visio Library

    Nonstandard Request Assessment

    Photo of Nonstandard Request Assessment

    Create a request management process and service catalog to improve delivery of technology to the business

    Get the Most Out of Workday

    • Buy Link or Shortcode: {j2store}239|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: 20 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Optimization
    • Parent Category Link: /optimization
    • Your Workday systems are critical to supporting the organization’s business processes.They are expensive. Direct benefits and ROI can be hard to measure.
    • Workday application portfolios are often behemoths to support. With complex integration points and unique business processes, stabilization is the norm.
    • Application optimization is essential to staying competitive and productive in today’s digital environment.

    Our Advice

    Critical Insight

    Continuous assessment and optimization of your Workday enterprise resource planning (ERP) is critical to the success of your organization.

    Impact and Result

    • Build an ongoing optimization team to conduct application improvements.
    • Assess your Workday application(s) and the environment in which they exist. Take a business first strategy to prioritize optimization efforts.
    • Validate Workday capabilities, user satisfaction, processes, issues around data, integrations, and vendor management to build out an optimization strategy
    • Pull this all together to develop a prioritized optimization roadmap.

    Get the Most Out of Workday Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Get the Most Out of Workday – A guide to help the business leverages to accomplish its goals.

    Enterprise resource planning (ERP) is a core tool that the business leverages to accomplish its goals. Take a proactive approach to optimize your enterprise applications. Strategically re-align business goals, identify business application capabilities, complete a process assessment, evaluate user satisfaction, measure module satisfaction, and vendor relations to create an optimization plan that will drive a cohesive technology strategy that delivers results.

    • Get the Most Out of Workday – Phases 1-4

    2. Get the Most Out of Workday Workbook – A tool to document and assist with this project.

    The Get the Most out of Workday Workbook serves as the holding document for the different elements of the Get the Most out Workday blueprint. Use each assigned tab to input the relevant information for the process of optimizing Workday.

    • Get the Most Out of Workday Workbook

    3. Workday Application Inventory Tool – A tool to define applications and capabilities around ERP.

    Use this tool provide Info-Tech with information surrounding your ERP application(s). This inventory will be used to create a custom Application Portfolio Assessment (APA) for your ERP. The template includes demographics, application inventory, departments to be surveyed and data quality inclusion.

    • Workday Application Inventory Tool

    Infographic

    Workshop: Get the Most Out of Workday

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your Workday Application Vision

    The Purpose

    Define your workday application vision.

    Key Benefits Achieved

    Set the foundation for optimizing Workday by building a cross-functional team, aligning with organizational strategy, inventorying current system state, defining your timeframe, and exploring current costs.

    Activities

    1.1 Identify stakeholders and build your optimization team.

    1.2 Build an ERP strategy model.

    1.3 Inventory current system state.

    1.4 Define optimization timeframe.

    1.5 Understand Workday costs.

    Outputs

    Workday optimization team

    Workday business model

    Workday optimization goals

    System inventory and data flow

    Application and business capabilities list

    Workday optimization timeline

    2 Map Current-State Capabilities

    The Purpose

    Map current-state capabilities.

    Key Benefits Achieved

    Measure the state of your current Workday system to understand where it is not performing well.

    Activities

    2.1 Assess Workday capabilities.

    2.2 Review your satisfaction with the vendor/product and willingness for change.

    Outputs

    Workday capability gap analysis

    Workday user satisfaction (application portfolio assessment)

    Workday SoftwareReviews survey results

    Workday current costs

    3 Assess Workday

    The Purpose

    Assess Workday.

    Key Benefits Achieved

    Explore underperforming areas to:

    Uncover where user satisfaction is lacking and possible root causes.

    Identify process and workflows that are creating issues for end users and identify improvement options.

    Understand where data issues are occurring and explore how you can improve these.

    Identify integration points and explore if there are any areas of improvement.

    Investigate your relationship with the vendor and product, including that relative to others.

    Identify any areas for cost optimization (optional).

    Activities

    3.1 Prioritize optimization opportunities.

    3.2 Discover optimization initiatives.

    Outputs

    Product and vendor satisfaction opportunities

    Capability and feature optimization opportunities

    Process optimization opportunities

    Integration optimization opportunities

    Data optimization opportunities

    Workday cost-saving opportunities

    4 Build the Optimization Roadmap

    The Purpose

    Build the optimization roadmap.

    Key Benefits Achieved

    Understanding where you need to improve is the first step, now understand where to focus your optimization efforts, build out next steps and put a timeframe in place.

    Activities

    4.1 Build your optimization roadmap.

    Outputs

    Workday optimization roadmap

    Further reading

    Get the Most Out of Workday

    In today’s connected world, the continuous optimization of enterprise applications to realize your digital strategy is key.

    EXECUTIVE BRIEF

    Analyst Perspective

    Focus optimization on organizational value delivery.

    HR, finance, and planning systems are the core foundation of enterprise resource systems (ERP) systems. These are core tools that the business leverages to accomplish its goals. An ERP that is doing its job well is invisible to the business. The challenges come when the tool is no longer invisible. It has become a source of friction in the functioning of the business.

    Workday is expensive, benefits can be difficult to quantify, and optimization can be difficult to navigate. Over time, technology evolves, organizational goals change, and the health of these systems is often not monitored. This is complicated in today’s digital landscape with multiple integration points, siloed data, and competing priorities.

    Too often organizations jump into selecting replacement systems without understanding the health of their systems. We can do better than this.

    IT leaders need to take a proactive approach to continually monitor and optimize their enterprise applications. Strategically realign business goals, identify business application capabilities, complete a process assessment, evaluate user satisfaction, measure module satisfaction, and improve vendor relations to create an optimization plan that will drive a cohesive technology strategy that delivers results.

    Lisa Highfield

    Research Director, Enterprise Applications

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Your Workday systems are critical to supporting the organization’s business processes. They are expensive. Direct benefits and ROI can be hard to measure.

    Workday application portfolios are often behemoths to support. With complex integration points and unique business processes, stabilization is the norm.

    Application optimization is essential to staying competitive and productive in today’s digital environment.

    Common Obstacles

    Balancing optimization with stabilization is one of the most difficult decisions for Workday application leaders.

    Competing priorities and often unclear enterprise application strategies make it difficult to make decisions about what, how, and when to optimize.

    Enterprise applications involve large numbers of processes, users, and evolving vendor roadmaps.

    Teams do not have a framework to illustrate, communicate, and justify the optimization effort in the language your stakeholders understand.

    Info-Tech's Approach

    In today’s changing world, it is imperative to evaluate your applications for optimization and to look for opportunities to capitalize on rapidly expanding technologies, integrated data, and employee solutions that meet the needs of your organization.

    Assess your Workday applications and the environment in which they exist. Take a business-first strategy to prioritize optimization efforts.

    Validate capabilities, user satisfaction, and issues around data, vendor management, and costs to build out an overall roadmap and optimization strategy.

    Pull this all together to prioritize optimization efforts and develop a concrete roadmap.

    Info-Tech Insight

    Workday is investing heavily in expanding and deepening its finance and expanded product offerings, but we cannot stand still on our optimization efforts. Understand your product(s), processes, user satisfaction, integration points, and the availability of data to business decision makers. Examine these areas to develop a personalized Workday optimization roadmap that fits the needs of your organization. Incorporate these methodologies into an ongoing optimization strategy aimed at enabling the business, increasing productivity, and reducing costs.

    The image shows a graphic titled Get the Most Out of Your ERP. The centre of the graphic shows circular gears labelled with text such as Processes; User Satisfaction; Integrations; Data; and Vendor Relations. There is also text surrounding the central gears in concentric circles, and on either side, there are sets of arrows titled Service-centric capabilities and Product-centric capabilities.

    Insight summary

    Continuous assessment and optimization of your Workday ERP is critical to the success of your organization.

    • Applications and the environments in which they live are constantly evolving.
    • This blueprint provides business and application managers with a method to complete a health assessment of their Workday systems to identify areas for improvement and optimization.
    • Put optimization practices into effect by:
      • Aligning and prioritizing key business and technology drivers.
      • Identifying ERP process classification and performing a gap analysis.
      • Measuring user satisfaction across key departments.
      • Evaluating vendor relations.
      • Understanding how data plays into the mix.
      • Pulling it all together into an optimization roadmap.

    Workday enterprise resource planning (ERP) facilitates the flow of information across business units. It allows for the seamless integration of data across financial and people systems to create a holistic view of the enterprise to support decision making.

    In many organizations, Workday is considered the core people systems and is becoming more widely adopted for finance and a full ERP system.

    ERP systems are considered the lifeblood of organizations. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

    ERP implementation should not be a one-and-done exercise. There needs to be ongoing optimization to enable business processes and optimal organizational results.

    Workday enterprise resource planning (ERP)

    Workday

    • Finance
    • Human Resources Management
    • Talent and Performance
    • Payroll and Workforce Management
    • Employee Experience
    • Student Information Systems
    • Professional Services Automation
    • Analytics and Reporting
    • Spend Management
    • Enterprise Planning

    What is Workday?

    Workday has many modules that work together to facilitate the flow of information across the business. Workday’s unique data platform allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making.

    In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

    Workday operates in many industry verticals and performs well in service organizations.

    An ERP system:

    • Automates processes, reducing the amount of manual, routine work.
    • Integrates with core modules, eliminating the fragmentation of systems.
    • Centralizes information for reporting from multiple parts of the value chain to a single point.

    Workday Fast Facts

    Product Description

    • Workday offers HR, Finance, planning systems, and extended offerings. Workday prides itself on rapidly expanding its product portfolio to meet the needs of organizations in a changing world.
    • The integrated cloud data model Workday has been built on allows for seamless end-to-end organizational data.
    • Offerings include Financial Management, Human Capital Management, Workday Adaptive Planning, Spend Management, Talent Management, Payroll & Workforce Management, Analytics & Reporting, Student, Professional Services Automation, Platform & Product Extensions, Workday Peakon Employee Voice, and most recently VNDLY (contract and vendor management).

    Evolution of Workday

    Workday HCM 2006

    Workday Financial Management 2007

    Workday 10 (Finance & HCM) 2010

    Workday Student (Higher Education) 2011

    Workday Cloud (PAAS) 2017

    Acquisition of Adaptive Insights 2018

    Acquisition of VNDLY 2021

    Vendor Description

    • Workday was founded in 2005 by Aneel Bhusri and Dave Duffield (former PeopleSoft founder.)
    • The platform-as-a-service (PaaS) bundles and modules are sold in a subscription model to customers.
    • Workday has untaken several acquisitions in recent years to grow the product and invests in early-stage companies through Workday Ventures.
    • Workday is publicly traded (2012); Nasdaq: WDAY.

    Employees: 12,500

    Headquarters: Pleasanton, CA

    Website: workday.com

    Founded: 2005

    Presence: Global, Publicly Traded

    Workday by the numbers

    77%

    77% of clients were satisfied with the product’s business value created. 78% of clients were satisfied that the cost is fair relative to value, and 95% plan to renew. (SoftwareReviews, 2022)

    50% of Fortune 500

    Workday has seen steady growth working with over 50% of Fortune 500 companies. 4,100 of those are HCM and finance customers. It has seen great success in service industries and has a 95% gross retention rate. (Diginomica)

    40%

    Workday reported a 40% year-over-year increase in Workday Financial Management deployments for both new and existing customers, as accelerated demand for Workday cloud-based continues. (Workday, June 2021)

    Workday Finance

    A great opportunity for Workday

    Workday continues to invest in Workday Finance

    • 35% of the Fortune 500 and 50% of the Fortune 50 use Workday HCM products (Seeking Alpha, 2019).
    • The customer base for Workday Financial Management has increased from 45 in 2014 to 530 in 2019 with 9 Fortune 500 companies in the mix. This infers that Financial Management is a product that will drive future growth for Workday.

    Recent Finance-Related Acquisitions

    • Zimit - Quotation Management
    • Stories.bi - Augmented Analytics
    • Adaptive Insights - Business Planning
    • SkipFlag - Machine Learning (AI)
    • Platfora - Analytics
    • VNDLY - Contractor and Vendor Management

    Workday challenges and dissatisfaction

    Workday challenges and dissatisfaction

    Organizational

    • Competing Priorities
    • Lack of Strategy
    • Budget Challenges

    People and teams

    • Knowledgeable Staff/Turnover
    • Lack of Internal Skills
    • Ability to Manage New Products
    • Lack of Training

    Technology

    • Integration Issues
    • Selecting Tools & Technology
    • Keeping Pace With Technology Changes
    • Update Challenges

    Data

    • Access to Data
    • Data Literacy
    • Data Hygiene
    • One View of the Customer

    Finance, IT, Sales, and other users of the ERP system can only optimize ERP with the full support of each other. The cooperation of the departments is crucial when trying to improve ERP technology capabilities and customer interaction.

    Info-Tech Insight

    While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder-to-shoulder with the business to develop a technology framework for ERP.

    Where are applications leaders focusing?

    Big growth numbers

    Year-over-year call topic requests

    Enterprise Application Optimization - 124%

    Product - 65%

    Enterprise Application Selection - 76%

    Agile - 79%

    (Info-Tech case data, 2022; N=3,293)

    We are seeing Applications leaders’ priorities change year over year, driven by a shift in their approach to problem solving. Leaders are moving from a process-centric approach to a collaborative approach that breaks down boundaries and brings teams together.

    Other changes

    Year-over-year call topic requests

    Application Portfolio Management - 13%

    Business Process Management - 4%

    Software Development Lifecycle -25%

    (Info-Tech case data, 2022; N=3,293)

    Software development lifecycle topics are tactical point solutions. Organizations have been “shifting left” to tackle the strategic issues such as product vision and Agile mindset to optimize the whole organization.

    Application optimization is risky without a plan

    Avoid these common pitfalls:

    • Not considering how this pays into the short-, medium-, and long-term ERP strategy.
    • Not considering application optimization as a business and IT partnership, which requires the continuous formal engagement of all participants.
    • Not having a good understanding of your current state, including integration points and data.
    • Not adequately accommodating feedback and changes after digital applications are deployed and employed.
    • Not treating digital applications as a motivator for potential future IT optimization efforts and incorporating digital assets in strategic business planning.
    • Not involving department leads, management, and other subject-matter experts to facilitate the organizational change digital applications bring.

    “A successful application optimization strategy starts with the business need in mind and not from a technological point of view. No matter from which angle you look at it, modernizing a legacy application is a considerable undertaking that can’t be taken lightly. Your best approach is to begin the journey with baby steps.” – Norelus, Pamidala, and Senti, 2020

    Info-Tech’s methodology for getting the most out of your ERP

    1. Map Current-State Capabilities 2. Assess Your Current State 3. Identify Key Optimization Areas 4. Build Your Optimization Roadmap
    Phase Steps
    1. Identify Stakeholders and Build Your Workday Optimization Team
    2. Build an ERP Strategy Model
    3. Inventory Current System State
    4. Define Business Capabilities
    • Conduct a Gap Analysis for ERP Processes
    • Assess User Satisfaction
    • Review Your Satisfaction With the Vendor and Product
    1. Identify Key Optimization Areas
    2. Evaluate Product Sustainability Over the Short, Medium, and Long Term
    3. Identify Any Product Changes Anticipated Over Short, Medium, and Long Term
    1. Prioritize Optimization Opportunities
    2. Identify Key Optimization Areas
    3. Compile Optimization Assessment Results
    Phase Outcomes
    1. Stakeholder map
    2. Workday optimization team
    3. Workday business model
    4. Strategy alignment
    5. Systems inventory and diagram
    6. Business capabilities map
    7. Key Workday processes list
    1. Gap analysis for Workday-related processes
    2. Understanding of user satisfaction across applications and processes
    3. Insight into Workday data quality
    4. Quantified satisfaction with the vendor and product
    5. Understanding Workday costs
    1. List of Workday optimization opportunities
    1. Workday optimization roadmap

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Get the Most Out of Your Workday Workbook

    Identify and prioritize your Workday optimization goals.

    Application Portfolio Assessment

    Assess IT-enabled user satisfaction across your Workday portfolio.

    Key deliverable:

    Workday Optimization Roadmap

    Complete an assessment of processes, user satisfaction, data quality, and vendor management.

    Case Study

    MANAGED AP AUTOMATION with OneSource Virtual

    TripAdvisor + OneSource

    INDUSTRY: Travel

    SOURCE: OneSource Virtual, 2017

    Challenge

    TripAdvisor needed a solution that would decrease administrative labor from its accounting department.

    “We needed something that was already compatible with our Workday tenant, that didn’t require a lot of customizations and would be an enhancement to our processes.” – Director of Accounting Operations, Scott Garner

    Requirements included:

    • Easy implementation
    • Existing system compatibility
    • Enhancement to the company’s process
    • Competitive pricing
    • Secure

    Solution

    TripAdvisor chose to outsource its accounts payable services to OneSource Virtual (OSV).

    OneSource Virtual offers the comprehensive finance and accounting outsourcing solutions needed to improve efficiency, eliminate paper processes, reduce errors, and improve cash flow.

    Managed AP services include scanning and auditing all extracted invoice data for accuracy, transmitting AP files with line-item details from invoices, and creating full invoice images in Workday.

    Results

    • Accurate and timely invoice processing for over 3,000 invoices per month.
    • Empowered employees to focus on higher-level tasks rather than day-to-day data entry.
    • 50+ hours saved per week on routine data entry.
    • Employees had 30% of their time freed up to focus on high-value tasks.
    • Allowed TripAdvisor to become more scalable across departments and as an organization.

    Info-Tech offers various levels of support to suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Phase 1

    Call #1: Scope requirements, objectives, and your specific challenge.

    Phase 2

    Call #2:

    • Build the Workday team.
    • Align organizational goals.

    Call #3:

    • Map current state.
    • Inventory Workday capabilities and processes.
    • Explore Workday-related costs.

    Phase 3

    Call #4: Understand product satisfaction and vendor management.

    Call #5: Review APA results.

    Call #6: Understand Workday optimization opportunities.

    Call #7: Determine the right Workday path for your organization.

    Phase 4

    Call #8: Build out optimization roadmap and next steps.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1Day 2Day 3Day 4Day 5
    Define Your Workday Application VisionMap Current StateAssess WorkdayBuild Your Optimization RoadmapNext Steps and

    Wrap-Up (offsite)

    Activities

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an ERP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand Workday Costs

    2.1 Assess Workday Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    		4.1 Build Your Optimization Roadmap

    5.1 Complete In-progress Deliverables From Previous Four Days.

    5.2 Set Up Review Time for Workshop Deliverables and to Discuss Next Steps.

    Deliverables
    1. Workday optimization team
    2. Workday business model
    3. Workday optimization goals
    4. System inventory and data flow
    5. Application and business capabilities list
    6. Workday optimization timeline
    1. Workday capability gap analysis
    2. Workday user satisfaction (application portfolio assessment)
    3. Workday SoftwareReviews survey results
    4. Workday current costs
    1. Product and vendor satisfaction opportunities
    2. Capability and feature optimization opportunities
    3. Process optimization opportunities
    4. Integration optimization opportunities
    5. Data optimization opportunities
    6. Workday cost-saving opportunities
    1. Workday optimization roadmap

    Phase 1

    Map Current-State Capabilities

    Phase 1

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an ERP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand Workday Costs

    Phase 2

    2.1 Assess Workday Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    Phase 3

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    Phase 4

    4.1 Build Your Optimization Roadmap

    This phase will guide you through the following activities:

    • Align your organizational goals
    • Gain a firm understanding of your current state
    • Inventory Workday and related applications
    • Confirm the organization’s capabilities

    This phase involves the following participants:

    • CFO
    • Department Leads – Finance, Procurement, Asset Management
    • Applications Director
    • Senior Business Analyst
    • Senior Developer
    • Procurement Analysts

    Step 1.1

    Identify Stakeholders and Build Your Optimization Team

    Activities

    1.1.1 Identify Stakeholders Critical to Success

    1.1.2 Map Your Workday Optimization Stakeholders

    1.1.3 Determine Your Workday Optimization Team

    Map Current State Capabilities

    Step 1.1

    Step 1.2

    Step 1.3

    Step 1.4

    Step 1.5

    This step will guide you through the following activities:

    • Identify ERP drivers and objectives
    • Explore ERP challenges and pain points
    • Discover ERP benefits and opportunities
    • Align the ERP foundation with your corporate strategy

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Stakeholder map
    • Workday optimization team

    ERP optimization stakeholders

    • Understand the roles necessary to Get the Most Out of Your Workday.
    • Understand the role of each player within your project structure. Look for listed participants on the activities slides to determine when each player should be involved.
    Title Role Within the Project Structure
    Organizational Sponsor
    • Owns the project at the management/C-suite level
    • Responsible for breaking down barriers and ensuring alignment with your organizational strategy
    • CIO, CFO, COO, or similar
    Project Manager
    • The IT individual(s) that oversee day-to-day project operations
    • Responsible for preparing and managing the project plan and monitoring the project team’s progress
    • Applications Manager or other IT Manager, Business Analyst, Business Process Owner, or similar
    Business Unit Leaders
    • Works alongside the IT Project Manager to ensure the strategy is aligned with business needs
    • In this case, likely to be a marketing, sales, or customer service lead
    • Sales Director, Marketing Director, Customer Care Director, or similar
    Optimization Team
    • Comprised of individuals whose knowledge and skills are crucial to project success
    • Responsible for driving day-to-day activities, coordinating communication, and making process and design decisions; can assist with persona and scenario development for ERP
    • Project Manager, Business Lead, ERP Manager, Integration Manager, Application SMEs, Developers, Business Process Architects, and/or similar SMEs
    Steering Committee
    • Comprised of the C-suite/management-level individuals that act as the project’s decision makers
    • Responsible for validating goals and priorities, defining the project scope, enabling adequate resourcing, and managing change
    • Project Sponsor, Project Manager, Business Lead, CFO, Business Unit SMEs, or similar

    Info-Tech Insight

    Do not limit project input or participation. Include subject-matter experts and internal stakeholders at stages within the project. Such inputs can be solicited on a one-off basis as needed. This ensures you take a holistic approach to create your ERP optimization strategy.

    1.1.1 Identify Workday optimization stakeholders

    1 hour

    1. Hold a meeting to identify the Workday optimization stakeholders.
    2. Use the next slide as a guide.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Understand how to navigate the complex web of stakeholders in ERP

    Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.

    Sponsor End User IT Business
    Description An internal stakeholder who has final sign-off on the ERP project. Front-line users of the ERP technology. Back-end support staff who are tasked with project planning, execution, and eventual system maintenance. Additional stakeholders that will be impacted by any ERP technology changes.
    Examples
    • CEO
    • CIO/CTO
    • COO
    • CFO
    • Warehouse personnel
    • Sales teams
    • HR admins
    • Applications manager
    • Vendor relationship manager(s)
    • Director, Procurement
    • VP, Marketing
    • Manager, HR
    Values Executive buy-in and support is essential to the success of the project. Often, the sponsor controls funding and resource allocation. End users determine the success of the system through user adoption. If the end user does not adopt the system, the system is deemed useless and benefits realization is poor. IT is likely to be responsible for more in-depth requirements gathering. IT possesses critical knowledge around system compatibility, integration, and data. Involving business stakeholders in the requirements gathering will ensure alignment between HR and organizational objectives.

    Large-scale ERP projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.

    The image shows a graph with dots on it, titled Example: Stakeholder Involvement during Selection.

    Activity 1.1.2 Map your Workday optimization stakeholders

    1 hour

    1. Use the list of Workday optimization stakeholders.
    2. Map each stakeholder on the quadrant based on their expected Influence and involvement in the project.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    The image shows a graph titled Map the Organization's Stakeholders, with stakeholders listed on the left, and arranged in quadrants. Along the bottom of the graph is the text: Involvement, with an arrow pointing to the right. Along the left side of the graph is the text: Influence, with an arrow pointing upwards.

    Map the organization’s stakeholders

    The image shows the same organization stakeholder map shown in the previous section.

    The Workday optimization team

    Consider the core team functions when putting together the project team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, and Operations) to create a well-aligned ERP optimization strategy.

    Don’t let your project team become too large when trying to include all relevant stakeholders. Carefully limiting the size of the project team will enable effective decision making while still including functional business units such as Human Resources, Operations, Manufacturing, Marketing, Sales, Service, and Finance as well as IT.

    Required Skills/Knowledge Suggested Project Team Members
    Business
    • Department leads
    • Business process leads
    • Business analysts
    • Subject matter experts
    • SMEs/Business process leads across all functional areas, for example, Strategy, Sales, Marketing, Customer Service, Finance, HR
    IT
    • Application development
    • Enterprise integration
    • Business processes
    • Data management
    • Product owner
    • ERP application manager
    • Business process manager
    • Integration manager
    • Application developer
    • Data stewards
    Other
    • Operations
    • Administrative
    • Change management
    • COO
    • CFO
    • Change management officer

    1.1.3 Determine your Workday optimization team

    1 hour

    1. Have the project manager and other key stakeholders discuss and determine who will be involved in the Workday optimization project.
      • The size of the team will depend on the initiative and size of your organization.
      • Key business leaders in key areas and IT representatives should be involved.

    Note: Depending on your initiative and size of your organization, the size of this team will vary.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Step 1.2

    Build an ERP Strategy Model

    Activities

    1.2.1 Explore Organizational Goals and Business Needs

    1.2.2 Discover Environmental Factors and Technology Drivers

    1.2.3 Consider Potential Barriers to Achieving Workday Optimization

    1.2.4 Set the Foundation for Success

    1.2.5 Discuss Workday Strategy and Develop Your ERP Optimization Goals

    Map Current State Capabilities

    Step 1.1

    Step 1.2

    Step 1.3

    Step 1.4

    Step 1.5

    This step will guide you through the following activities:

    • Identify ERP drivers and objectives
    • Explore ERP challenges and pain points
    • Discover ERP benefits and opportunities
    • Align the ERP foundation with the corporate strategy

    This step involves the following participants:

    • Workday Optimization Team

    Outcomes of this step

    • ERP business model
    • Strategy alignment

    Align your Workday strategy with the corporate strategy

    Corporate Strategy

    Your corporate strategy:

    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and business aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the desired future state.

    Unified ERP Strategy

    • The ideal ERP strategy is aligned with overarching organizational business goals and broader IT initiatives.
    • Include all affected business units and departments in these conversations.
    • The ERP optimization can be and should be linked, with metrics, to the corporate strategy and ultimate business objectives.

    IT Strategy

    Your IT strategy:

    • Communicates the organization’s budget and spending on ERP.
    • Identifies IT initiatives that will support the business and key ERP objectives.
    • Outlines staffing and resourcing for ERP initiatives.

    ERP projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with ERP capabilities. Effective alignment between IT and the business should happen daily. Alignment doesn’t just need to occur at the executive level but at each level of the organization.

    ERP Business Model Template

    The image shows a template of the ERP Business Model. At the top, there is a section for ERP Needs, then on the left and right, Environmental Factors and Organizational Goals. At the center, there is a box with text that reads Barriers, with empty space underneath it, then the text: ERP Strategy, and then the heading Enables with empty space beneath it. At the bottom are Technology Drivers. There are notes attached to sections. For ERP Needs, the note reads: What are your business drivers? What are your current ERP pains?. For the Environmental Factors section, the note reads: What factors impacting your strategy are out of your control?. For the Technology Drivers section, the note reads: Why do you need a new system? What is the purpose for becoming an integrated organization?.

    Conduct interviews to elicit the business context

    Stakeholder Interviews

    Begin by conducting interviews of your executive team. Interview the following leaders:

    1. Chief Information Officer
    2. Chief Executive Officer
    3. Chief Financial Officer
    4. Chief Revenue Officer/Sales Leader
    5. Chief Operating Officer/Supply Chain & Logistics Leader
    6. Chief Technology Officer/Chief Product Officer

    INTERVIEWS MUST UNCOVER:

    1. Your organization’s mission & vision
    2. Your organization’s top business goals
    3. Your organization’s top business initiatives
    4. The stakeholder’s top goals and initiatives
    5. Tools and systems needed to facilitate organizational and departmental goals

    Understand the mission, vision, and goals of the organization and supporting departments

    Business Needs Business Drivers
    Definition A business need is a requirement associated with a particular business process. A business need is a requirement associated with a particular business process.
    Examples
    • Audit tracking
    • Authorization levels
    • Business rules
    • Data quality
    • Customer satisfaction
    • Branding
    • Time-to-resolution

    Info-Tech Insight

    One of the biggest drivers for ERP adoption is the ability to make quicker decisions from timely information. This driver is a result of external considerations. Many industries today are highly competitive, uncertain, and rapidly changing. To succeed under these pressures, there needs to be timely information and visibility into all components of the organization.

    1.2.1 Explore organizational goals and business needs

    60 minutes

    1. Discuss organizational mission, vision, and goals. What are the top initiatives underway? Are you contracting, expanding, or innovating?
    2. Discuss business needs to support organizational goals. What are identified goals and initiatives at the departmental level? What tools and resources within the Workday system will help make this successful?
    3. Understand how the company is running today and what the organization’s future will look like. Envision the future system state.

    Record this information in the Get the Most Out of Your Workday Workbook.

    The image shows the same ERP Business Model Template from the previous section, zoomed in on the centre of the graphic.

    Organizational Goals

    • Organization’s mission and vision
    • Top business goals
    • Initiatives underway

    Business Needs

    • Departmental goals
    • Business drivers
    • Key initiatives
    • Key capabilities to support the organization
    • Requirements to support the business capability and process

    Download the Get the Most Out of Your Workday Workbook

    ERP Business Model

    Organizational Goals

    • Organization’s mission and vision
    • Top business goals (~3)
    • Initiatives underway
    • KPIs and metrics that are important to the organization in achieving its goals and objectives

    Business Needs

    • Departmental goals
    • Key initiatives
    • Key capabilities to support the organization
    • Tools and systems required to support business capability or process
    • KPIs and metrics that are important to the department/stakeholder in achieving its goals and objectives

    Understand the technology drivers and environmental factors

    Technology Drivers Environmental Factors
    Definition Technology drivers are technological changes that have created the need for a new ERP enablement strategy. Many organizations turn to technology systems to help them obtain a competitive edge. These external considerations are factors that take place outside of the organization and impact the way business is conducted inside the organization. These are often outside the control of the business. Look three to five years ahead, what challenges will the business face? Where will you have to adapt and pivot? How can we prepare for this?
    Examples
    • Deployment model (i.e. SaaS)
    • Integration
    • Reporting capabilities
    • Fragmented technologies
    • Economic and political factors
    • Competitive influencers
    • Compliance regulations

    Info-Tech Insight

    A comprehensive plan that takes into consideration organizational goals, departmental needs, technology drivers, and environmental factors will allow for a collaborative approach to defining your Workday strategy.

    1.2.2 Discover environmental factors and technology drivers

    30 minutes

    1. Identify business drivers that are contributing to the organization’s need for ERP.
    2. Understand how the company is running today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization. Use a whiteboard or flip charts and markers to capture key findings.
    3. Consider external considerations, organizational drivers, technology drivers, and key functional requirements.

    Record this information in the Get the Most Out of Your Workday Workbook.

    The image is the same ERP Business Model Template from previous sections. In this instance, it is zoomed into the centre of the graphic, with the environmental factors section circled.

    External Considerations

    • Funding constraints
    • Regulations

    Technology Considerations

    • Data accuracy
    • Data quality
    • Better reporting

    Functional Requirements

    • Information availability
    • Integration between systems
    • Secure data

    Download the Get the Most Out of Your Workday Workbook

    Create a realistic ERP foundation by identifying the challenges and barriers the project will bestow

    There are several different factors that may stifle the success of an ERP implementation. Organizations that are creating an ERP foundation must scan their current environment to identify internal barriers and challenges.

    Common Internal Barriers

    Management Support Organizational Culture Organizational Structure IT Readiness
    Definition The degree of understanding and acceptance toward ERP systems. The collective shared values and beliefs. The functional relationships between people and departments in an organization. The degree to which the organization’s people and processes are prepared for a new ERP system.
    Questions
    • Is an ERP project recognized as a top priority?
    • Will management commit time to the project?
    • Are employees resistant to change?
    • Is the organization highly individualized?
    • Is the organization centralized?
    • Is the organization highly formalized?
    • Is there strong technical expertise?
    • Is there strong infrastructure?
    Impact
    • Funding
    • Resources
    • Knowledge sharing
    • User acceptance
    • Flow of knowledge
    • Quality of implementation
    • Need for reliance on consultants

    1.2.3 Consider potential barriers to achieving Workday optimization

    1-3 hours

    1. Open tab 1.2, “Strategy & Goals,” in the Get the Most Out of Your Workday Workbook.
    2. Identify barriers to ERP optimization success.
    3. Review the ERP critical success factors and how they relate to your optimization efforts.
    4. Discuss potential barriers to successful ERP optimization.

    Record this information in the Get the Most Out of Your Workday Workbook.

    The image is the same zoomed-in section of the ERP Strategy Business Model Template seen in previous sections. In this instance, the Barriers section is circled.

    Functional Gaps

    • No online purchase order requisitions

    Technical Gaps

    • Inconsistent reporting – data quality concerns

    Process Gaps

    • Duplication of data
    • Lack of system integration

    Barriers to Success

    • Cultural mindset
    • Resistance to change
    • Lack of training
    • Funding

    Download the Get the Most Out of Your Workday Workbook

    ERP Business Model

    Organizational Goals

    • Efficiency
    • Effectiveness
    • Integrity
    • One source of truth for data
    • One team
    • Customer service, external and internal

    Barriers

    • Organizational silos
    • Lack of formal process documentation
    • Funding availability
    • What goes first? Organizational priorities

    What does success look like?

    Top 15 Critical Success Factors for ERP System Implementation

    The image shows a horizontal bar graph with the text: Frequency of Citation (n=127) at the top. Different implementation strategies are listed on the left, in descending order of frequency.

    (Epizitone and Olugbara, 2019; CC BY 4.0)

    Info-Tech Insight

    Complement your ability to deliver on your critical success factors with the capabilities of your implementation partner to drive a successful ERP implementation.

    “Implementation partners can play an important role in successful ERP implementations. They can work across the organizational departments and layers creating a synergy and a communications mechanism.” – Ayogeboh Epizitone, Durban University of Technology

    1.2.3 Set the foundation for success

    1-3 hours

    1. Open tab 1.2, “Strategy & Goals,” in the Get the Most Out of Your Workday Workbook.
    2. Identify barriers to ERP optimization success.
    3. Review the ERP critical success factors and how they relate to your optimization efforts.
    4. Discuss potential barriers to successful ERP optimization.

    Record this information in the Get the Most Out of Your Workday Workbook.

    The image is the same zoomed-in section of the ERP Strategy Business Model Template seen in previous sections. In this instance, the Enablers section is circled.

    Business Benefits

    • Business-IT alignment

    IT Benefits

    • Compliance
    • Scalability
    • Operational efficiency

    Organizational Benefits

    • Data accuracy
    • Data quality
    • Better reporting

    Enablers of Success

    • Change management
    • Training
    • Alignment with strategic objectives

    Download the Get the Most Out of Your Workday Workbook

    ERP Business Model

    Organizational Goals

    • Efficiency
    • Effectiveness
    • Integrity
    • One source of truth for data
    • One team
    • Customer service, external and internal

    Enablers

    • Cross-trained employees
    • Desire to focus on value-add activities
    • Collaborative
    • Top-level executive support
    • Effective change management process

    The Business Value Matrix

    Rationalizing and quantifying the value of Workday

    Benefits can be realized internally and externally to the organization or department and have different drivers of value.

    • Financial benefits refer to the degree to which the value source can be measured through monetary metrics and are often quite tangible.
    • Human benefits refer to how an application can deliver value through a user’s experience.
    • Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.
    • Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Organizational Goals

    Increased Revenue

    Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.

    Reduced Costs

    Reduction of overhead. The ways in which an application limits the operational costs of business functions.

    Enhanced Services

    Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    Reach Customers

    Application functions that enable and improve the interaction with customers or produce market information and insights.

    Business Value Matrix

    The image shows a matrix, with Human benefits and Financial Benefits on the horizontal axis, and Outward and Inward on the Vertical axis.

    1.2.4 Define your Workday strategy and optimization goals

    30 minutes

    1. Discuss the Workday business model exercises and ERP critical success factors.
    2. Through the lens of corporate goals and objectives think about the supporting ERP technology. How can the ERP system bring value to the organization? What are the top things that will make this initiative a success? What major themes are emerging?
    3. Develop five to ten optimization goals that will form the basis for the success of this initiative.
      • What is a strong statement that will help guide decision making throughout the life of the ERP project?
      • What are your overarching requirements for business processes?
      • What do you ultimately want to achieve?
      • What is a statement that will ensure all stakeholders are on the same page for the project?

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Workday strategy and optimization goals

    Key Themes Emerging / Workday Strategy

    • Efficiency
    • Effectiveness
    • Integrity
    • One source of truth for data
    • One team
    • Customer service, external and internal

    Optimization Goals

    • Support Business Agility: A flexible and adaptable integrated business system providing a seamless user experience.
    • Use ERP best practices: Do not recreate or replicate what we have today; focus on modernization. Exercise customization governance by focusing on those customizations that are strategically differentiating.
    • Automate: Take manual work out where we can, empowering staff and improving productivity through automation and process efficiencies.
    • Stay focused: Focus on scope around core business capabilities. Maintain scope control. Prioritize demand in line with the strategy.
    • Strive for “One Source of Truth”: Unified data model and integrate processes where possible. Assess integration needs carefully.

    Step 1.3

    Inventory Current System State

    Activities

    1.3.1 Inventory Workday Applications and Interactions

    1.3.2 Draw Your Workday System Diagram

    1.3.3 Inventory Your Workday Modules and Business Capabilities (or Business Processes)

    1.3.4 Define Your Key Workday Optimization Modules and Business Capabilities

    Map Current-State Capabilities

    Step 1.1

    Step 1.2

    Step 1.3

    Step 1.4

    Step 1.5

    This step will guide you through the following activities:

    • Inventory of applications
    • Mapping interactions between systems

    This step involves the following participants:

    • Workday Optimization Team
    • Enterprise Architect
    • Data Architect

    Outcomes of this step

    • Systems inventory
    • Systems diagram

    1.3.1 Inventory Workday applications and interfaces

    1-3+ hours

    1. Enter your Workday systems, Workday extended applications, and integrated applications within scope.
    2. Include any abbreviated names or nicknames.
    3. List the application type or main function. List the modules the organization has licensed.
    4. List any integrations.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    ERP Data Flow

    When assessing the current application portfolio that supports your ERP, the tendency will be to focus on the applications under the ERP umbrella. These relate mostly to marketing, sales, and customer service. Be sure to include systems that act as input to, or benefit due to outputs from, ERP or similar applications.

    The image shows a flowchart, with example ERP Data. There is a colour-coded legend for the data, and at the bottom of the graphic, there is text that reads: Be sure to include enterprise applications that are not included in the ERP application portfolio. There are also definitions of abbreviated terms at the bottom of the graphic.

    1.3.2 Draw your Workday system diagram (optional)

    1-3+ hours

    1. From the Workday application inventory, diagram your network. Include:
      • Any internal or external systems
      • Integration points
      • Data flow

    The image shows the flowchart section of th image that appears in the previous section.

    Download the Get the Most Out of Your Workday Workbook

    Sample Workday and integrations map

    The image shows a sample map of Workday and integrations. There is a colour-coded legend at the bottom right.

    Business capability map (Level 0)

    In business architecture, the primary view of an organization is known as a business capability map.

    A business capability defines what a business does to enable value creation, rather than how.

    Business capabilities:

    • Represent stable business functions.
    • Are unique and independent of each other.
    • Will typically have a defined business outcome.

    A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

    The image shows a Business Capability Map, which is divided into 4 sections: Products and Services Development; Revenue Generation; Demand Fulfillment; and Enterprise Management and Planning

    The value stream

    Value stream defined:

    Value Streams:

    Design Product

    • Manufacturers work proactively to design products and services that will meet consumer demand.
    • Products are driven by consumer demand and government regulations.

    Produce Product

    • Production processes and labor costs are constantly analyzed for efficiencies and accuracies.
    • Quality of product and services are highly regulated through all levels of the supply chain.

    Sell Product

    • Sales networks and sales staff deliver the product from the organization to the end consumer.
    • Marketing plays a key role throughout the value stream connecting consumers’ wants and needs to the products and services offered.

    Customer Service

    • Relationships with consumers continue after the sale of products and services.
    • Continued customer support and data mining is important to revenue streams.

    Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates. There are two types of value streams: core value streams and support value streams.

    • Core value streams are mostly externally facing. They deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map.
    • Support value streams are internally facing and provide the foundational support for an organization to operate.

    Taking a value stream approach to process mapping allows you to move across departmental and system boundaries to understand the underlying business capability.

    Some mistakes organizations make are over-customizing processes, or conversely, not customizing when required. Workday provides good baseline process that work for most organizations. However, if a process is broken or not working efficiently take the time to investigate it, including underlying policies, roles, workflows, and integrations.

    Process frameworks

    Help define your inventory of sales, marketing, and customer services processes.

    Operating Processes
    1. Develop vision and strategy 2. Develop and manage products and services 3. Market and sell products and services 4. Deliver physical products 5. Deliver services
    Management and Support Processes
    6. Manage customer service
    7. Develop and manage human capital
    8. Manage IT
    9. Manage financial resources
    10. Acquire, construct, and manage assets
    11. Manage enterprise risk, compliance, remediation, and resiliency
    12. Manage external relationships
    13. Develop and manage business capabilities

    (APQC)

    If you do not have a documented process model, you can use the APQC Framework to help define your inventory of sales business processes.

    APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.

    APQC’s Process Classification Framework

    Process mapping hierarchy

    A process classification framework is helpful for organizations to effectively define their processes and manage them appropriately.

    Use Info-Tech’s related industry resources or publicly available process frameworks (such as APQC) to develop and map your business processes.

    These processes can then be mapped to supporting applications and modules. Policies, roles, and workflows also play a role and should be considered in the overall functioning.

    APQC’s Process Classification Framework

    The image shows a chart, titled PCL Levels Explained, with each of the PCF Levels listed, and a brief description of each.

    (APQC)

    Focus on level-1 processes

    Level 1 Level 2 Level 3 Level 4
    Market and sell products and services Understand markets, customers, and capabilities Perform customer and market intelligence analysis Conduct customer and market research
    Market and sell products and services Develop a sales strategy Develop a sales forecast Gather current and historic order information
    Deliver services Manage service delivery resources Manage service delivery resource demand Develop baseline forecasts
    ? ? ? ?

    Info-Tech Insight

    Focus your initial assessment on the level-1 processes that matter to your organization. This allows you to target your scant resources on the areas of optimization that matter most to the organization and minimize the effort required from your business partners.

    You may need to iterate the assessment as challenges are identified. This allows you to be adaptive and deal with emerging issues more readily and become a more responsive partner to the business.

    Process mapping and supporting ERP modules

    The operating model

    An operating model is a framework that drives operating decisions. It helps to set the parameters for the scope of ERP and the processes that will be supported. The operating model will serve to group core operational processes. These groupings represent a set of interrelated, consecutive processes aimed at generating a common output.

    From your developed processes and your Workday license agreements you will be able to pinpoint the scope for investigation, including the processes and modules.

    The image shows three images, overlapping one another. At the back is a chart with three sections, and boxes beneath. In front of that is a graphic with Objectives, Value Streams, Capabilities, and Processes written down the left side, and descriptions on the right. Below that image is an arrow pointing downward to the text Supporting Workday Modules. In front is a circular graphic with the word Workday in the centre, and circles with text in them around it.

    Workday modules and process enablement

    Workday Finance

    • Accounts Receivable and Collections
    • Accounts Payable and Payments
    • Asset Management
    • Audit and Controls
    • Billing and Invoicing
    • Cash Management
    • Contracts
    • Financial Reporting and Analysis
    • [Global] Close and Consolidation
    • Multi-GAAP/Multi-book/Multi-chart of Accounts
    • Revenue Management

    Spend Management

    • Strategic Sourcing
    • Procure to Pay
    • Inventory
    • Expenses

    Professional Services Automation

    • Project and Resource Management
    • Project Financials
    • Project Billing
    • Expense Management
    • Time Tracking

    Enterprise Planning

    • Financial planning
    • Reporting
    • Analytics
    • Budgets
    • Insights
    • Workforce planning
    • Sales planning
    • Operational planning

    Analytics and Reporting

    • Financial Management Core Reporting
    • Human Capital Management Core Reporting
    • Benchmarking
    • Data Hub
    • Augmented Analytics

    Student

    • Admissions
    • Financial Aid
    • Advising
    • Student Finance
    • Student Records

    Human Capital Management (HCM)

    • Human Resource Management
    • Organization Management
    • Business Process Management
    • Reporting and Analytics
    • Employee and Manager Self-Service
    • Contingent Labor Management
    • Skills Cloud
    • Absence Management
    • Benefits Administration
    • ACA Management
    • Compensation
    • Talent Optimization

    Payroll and Workforce Management

    • Scheduling and Labor Management
    • Time and Attendance
    • Absence
    • Payroll

    Employee Experience

    • Employee Engagement Insights
    • Diversity, Inclusion, and Belonging Measurement
    • Health and Well-Being Metrics
    • Back-to-Workplace Readiness
    • Confidential Employee-Manager Conversations
    • Attrition Prediction
    • Continuous Industry Benchmarks

    Talent and Performance

    • Talent Profile
    • Continuous Feedback
    • Survey Campaigns
    • Embedded Analytics
    • Goal Management
    • Performance Management
    • Talent Review
    • Calibration
    • Competencies
    • Career and Development Planning
    • Succession Planning
    • Talent Marketplace
    • Mobile
    • Expenses

    1.3.3 Inventory your Workday modules and business capabilities

    1-3+ hours

    1. Look at the major functions or processes within the scope of ERP.
    2. From the inventory of current systems, choose the submodules or processes that you want to investigate and are within scope for this optimization initiative.
    3. List the top modules, capabilities, or processes that will be within the scope of this optimization initiative.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    1.3.4 Define your key Workday optimization modules and business capabilities

    1-3+ hours

    1. Look at the major functions or processes within the scope of ERP.
    2. From the inventory of current systems, choose the submodules or processes for this optimization initiative. Base this on those that are most critical to the business, those with the lowest levels of satisfaction, or those that perhaps need more knowledge around them.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Step 1.4

    Define Optimization Timeframe

    Activities

    1.4.1 Define Workday Key Dates, and Workday Optimization Roadmap Timeframe and Structure

    Map Current-State Capabilities

    Step 1.1

    Step 1.2

    Step 1.3

    Step 1.4

    Step 1.5

    This step will guide you through the following activities:

    • Defining key dates related to your optimization initiative
    • Identifying key building blocks for your optimization roadmap

    This step involves the following participants:

    • Workday Optimization Team
    • Vendor Management

    Outcomes of this step

    • Optimization Key Dates
    • Optimization Roadmap Timeframe and Structure

    1.4.1 Optimization roadmap timeframe and structure

    1-3+ hours

    1. Key items and dates relevant to your optimization initiatives, such as any products reaching end of life or end of contract, or budget proposal submission deadlines.
    2. Enter the expected Optimization Initiative Start Date.
    3. Enter the Roadmap Length. This is the total amount of time you expect to participate in the Workday Optimization Initiative. This includes short-, medium-, and long-term initiatives.
    4. Enter your Roadmap Date markers – how you want dates displayed on the roadmap.
    5. Enter column time values – what level of granularity will be helpful for this initiative?
    6. Enter the sprint or cycle timeframe – use this if following Agile.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Step 1.5

    Understand Workday Costs

    Activities

    1.5.1 Document Costs Associated With Workday

    Map Current-State Capabilities

    Step 1.1

    Step 1.2

    Step 1.3

    Step 1.4

    Step 1.5

    This step will walk you through the following activities:

    • Define your Workday direct and indirect costs
    • List your Workday expense line items

    This step involves the following participants:

    • Finance representatives
    • Workday Optimization Team

    Outcomes of this step

    • Current Workday and related costs

    1.5.1 Document costs associated with Workday

    1-3 hours

    Before you can make changes and optimization decisions, you need to understand the high-level costs associated with your current application architecture. This activity will help you identify the types of technology and people costs associated with your current systems.

    1. Identify the types of technology costs associated with each current system:
      1. System Maintenance
      2. Annual Renewal
      3. Licensing
    2. Identify the cost of people associated with each current system:
      1. Full-Time Employees
      2. Application Support Staff
      3. Help Desk Tickets

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Phase 2

    Assess Your Current State

    Phase 1

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an ERP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand Workday Costs

    Phase 2

    2.1 Assess Workday Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    Phase 3

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    Phase 4

    4.1 Build Your Optimization Roadmap

    This phase will guide you through the following activities:

    • Determine process relevance
    • Perform a gap analysis
    • Perform a user satisfaction survey
    • Assess software and vendor satisfaction

    This phase involves the following participants:

    • Workday Optimization Team
    • Users across functional areas of your ERP and related technologies

    Step 2.1

    Assess Workday Capabilities

    Activities

    2.1.1 Rate Capability Relevance to Organizational Goals

    2.1.2 Complete a Workday Application Portfolio Assessment

    2.1.3 (Optional) Assess Workday Process Maturity

    Assess Workday Capabilities

    Step 2.1

    Step 2.2

    This step will guide you through the following activities:

    • Capability Relevance
    • Process Gap Analysis
    • Application Portfolio Assessment

    This step involves the following participants:

    • Workday Users

    Outcomes of this step

    • Workday Capability Assessment

    Benefits of the Application Portfolio Assessment

    Assess the health of the application portfolio

    • Get a full 360-degree view of the effectiveness, criticality, and prevalence of all relevant applications to get a comprehensive view of the health of the applications portfolio.
    • Identify opportunities to drive more value from effective applications, retire nonessential applications, and immediately address at-risk applications that are not meeting expectations.

    Provide targeted department feedback

    • Share end-user satisfaction and importance ratings for core IT services, IT communications, and business enablement to focus on the right end-user groups or lines of business, and ramp up satisfaction and productivity.

    Gain insight into the state of data quality

    • Data quality is one of the key issues causing poor ERP user satisfaction and business results. This can include the relevance, accuracy, timeliness, or usability of the organization’s data.
    • Targeted, open-ended feedback around data quality will provide insight into where optimization efforts should be focused.

    2.1.1 Complete a current state assessment (via the Application Portfolio Assessment)

    3 hours

    Option 1: Use Info-Tech’s Application Portfolio Assessment to generate your user satisfaction score. This tool not only measures application satisfaction but also elicits great feedback from users regarding the support they receive from the IT team around Workday.

    1. Download the Workday Application Inventory Tool.
    2. Complete the “Demographics” tab (tab 2).
    3. Complete the “Inventory” tab (tab 3).
      1. Complete the inventory by treating each module within your Workday system as an application.
      2. Treat every department as a separate column in the department section. Feel free to add, remove, or modify department names to match your organization.
      3. Include data quality for all applications applicable.

    Option 2: Create a survey manually.

    1. Use tab Reference 2.1 “APA Questions” as a guide for creating your survey.
    2. Send out surveys to end users.
    3. Modify tab 2.1 “Workday Assessment” if required.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Content for New section Tag Goes HereThe image shows a number of charts relating to applications, such as Overall Applications Portfolio Satisfaction and Most Critical Applications. Data is shown in each category relating to number of users, usability, data quality, status, and others.

    2.1.2 Complete the Application Portfolio Assessment

    3 hours

    Option 1: Use Info-Tech’s Application Portfolio Assessment to generate your user satisfaction score. This tool not only measures application satisfaction but also elicits great feedback from users regarding the support they receive from the IT team around Workday.

    1. Download the Workday Application Inventory Tool.
    2. Complete the “Demographics” tab (tab 2).
    3. Complete the “Inventory” tab (tab 3).
      1. Complete the inventory by treating each module within your Workday system as an application.
      2. Treat every department as a separate column in the department section. Feel free to add, remove, or modify department names to match your organization.
      3. Include data quality for all applications applicable.

    Option 2: Create a survey manually.

    1. Use tab Reference 2.1 “APA Questions” as a guide for creating your survey.
    2. Send out surveys to end users.
    3. Modify tab 2.1 “Workday Assessment” if required.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    2.1.3 (Optional) Assess Workday process maturity

    1. As with any ERP system, the issues encountered may not be related to the system itself but processes that have developed over time.
    2. Use this opportunity to interview key stakeholders to learn about deeper capability processes.
      1. Identify key stakeholders.
      2. Hold sessions to document deeper processes.
      3. Discuss processes and technical enablement in each area.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Process Maturity Assessment

    Process Assessment

    Strong

    Moderate

    Weak

    1.1 Financial Planning and Analysis

    1.2 Accounting and Financial Close

    1.3 Treasury Management

    1.4 Financial Operations

    1.5 Governance, Risk & Compliance

    2.1 Core HR

    Description All aspects related to financial operations
    Key Success Indicators Month-end reporting in 5 days AR at risk managing down (zero over 90 days) Weekly operating cash flow updates
    Timely liquidity for claims payments Payroll audit reporting and insights reporting 90% of workflow tasks captured in ERP
    EFT uptake Automated reconciliations Reduce audit hours required
    Current Pain Points A lot of voided and re-issued checks NIDPP Integration with banks; can’t get the information back into existing ERP
    There is no payroll integration No payroll automation and other processes Lack of integration with HUB
    Not one true source of data Incentive payment processing Rewards program management
    Audit process is onerous Reconcile AP and AR for dealers

    Stakeholders Interviewed:

    The process is formalized, documented, optimized, and audited.

    The process is poorly documented. More than one person knows how to do it. Inefficient and error-prone.

    The process is not documented. One person knows how to do it. The process is ad hoc, not formalized, inconsistent.

    Capability Processes:

    General Ledger

    Accounts Receivable

    Incentives Management

    Accounts Payable

    General Ledger Consolidation

    Treasury Management

    Cash Management

    Subscription / recurring payments

    Treasury Transactions

    Step 2.2

    Review Your Satisfaction With the Vendor/Product and Willingness for Change

    Activities

    2.2.1 Rate Your Vendor and Product Satisfaction

    2.2.2 Review Workday Product Scores (if applicable)

    2.2.3 Evaluate Your Product Satisfaction

    2.2.4 Check Your Business Process Change Tolerance

    Product Satisfaction

    Step 2.1

    Step 2.2

    This step will guide you through the following activities:

    • Rate your vendor and product satisfaction
    • Compare with survey data from SoftwareReviews

    This step involves the following participants:

    • Workday Product Owner(s)
    • Procurement Representative
    • Vendor Contracts Manager

    Outcomes of this step

    • Quantified satisfaction with vendor and product

    2.2.1 Rate your vendor and product satisfaction

    30 minutes

    Use Info-Tech’s vendor satisfaction survey to identify optimization areas with your ERP product(s) and vendor(s).

    1. Option 1 (recommended): Conduct a satisfaction survey using SoftwareReviews. This option allows you to see your results in the context of the vendor landscape.
    2. Option 2: Use the Get the Most Out of Your Workday Workbook to review your satisfaction with your Workday software.

    Record this information in the Get the Most Out of Your Workday Workbook

    SoftwareReviews’ Enterprise Resource Planning Category

    Download the Get the Most Out of Your Workday Workbook

    2.2.2 Review Workday product scores (if applicable)

    30 minutes

    1. Download the scorecard for your Workday product from the SoftwareReviews website. (Note: Not all products are represented or have sufficient data, so a scorecard may not be available.)
    2. Use the Get the Most Out of Your Workday Workbook tab 2.3 to record the scorecard results.
    3. Use your Get the Most Out of Your Workday Workbook to flag areas where your score may be lower than the product scorecard. Brainstorm ideas for optimization.

    Record this information in the Get the Most Out of Your Workday Workbook.

    SoftwareReviews’ Enterprise Resource Planning Category

    Download the Get the Most Out of Your Workday Workbook

    2.2.3 How does your satisfaction compare with your peers?

    Use SoftwareReviews to explore product features, vendor experience, and capability satisfaction.

    The image shows two data quadrants, one titled Enterprise Resource Planning - Enterprise, and Enterprise Resource Planning - Midmarket.

    (SoftwareReviews ERP Mid-Market, 2022; SoftwareReviews ERP Enterprise, 2022)

    2.2.4 Check your business process change tolerance

    1 hours

    Input

    • Business process capability map

    Output

    • Heat map of risk areas that require more attention to validate best practices or minimize customization

    Materials

    • Whiteboard/flip charts
    • Get the Most Out of Your Workday Workbook

    Participants

    • Implementation team
    • SMEs
    • Departmental Leaders
    1. As a group, list your level-0 and level-1 business capabilities. Sample on the next slide.
    2. Assess the department’s willingness for change and the risk of maintaining the status quo.
    3. Color-code the level-0 business capabilities based on:
      1. Green – Willing to follow best practices
      2. Yellow – May be challenging or unique business model
      3. Red – Low tolerance for change

    Record this information in the Get the Most Out of Your Workday Workbook

    Heat map representing desire for best practice or those having the least tolerance for change

    Legend:

    Willing to follow best practice

    May be challenging or unique business model

    Low tolerance for change

    Out of Scope

    Product-Centric Capabilities
    R&D Production Supply Chain Distribution Asset Mgmt
    Idea to Offering Plan to Produce Procure to Pay Forecast to Delivery Acquire to Dispose
    Add/Remove Shop Floor Scheduling Add/Remove Add/Remove Add/Remove
    Add/Remove Product Costing Add/Remove Add/Remove Add/Remove
    Service-Centric Capabilities
    Finance HR Marketing Sales Service
    Record to Report Hire to Retire Market to Order Quote to Cash Issue to Resolution
    Add/Remove Add/Remove Add/Remove Add/Remove Add/Remove
    Add/Remove Add/Remove Add/Remove Add/Remove Add/Remove

    Determine the areas of risk to conform to best practice and minimize customization. These will be areas needing focus from the vendor, supporting change and guiding best practice.

    For example: Must be able to support our unique process manufacturing capabilities and enhance planning and visibility to detailed costing.

    Phase 3

    Identify Key Optimization Opportunities

    Phase 1

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an ERP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand Workday Costs

    Phase 2

    2.1 Assess Workday Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    Phase 3

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    Phase 4

    4.1 Build Your Optimization Roadmap

    This phase will walk you through the following activities:

    • Identify key optimization areas
    • Create an optimization roadmap

    This phase involves the following participants:

    • Workday Optimization Team

    Step 3.1

    Prioritize optimization opportunities

    Activities

    3.1.1 Prioritize Optimization Capability Areas

    Build Your Optimization Roadmap

    Step 3.1

    Step 3.2

    This step will guide you through the following activities:

    • Explore existing process gaps
    • Identify the impact of processes on user satisfaction
    • Identify the impact of data quality on user satisfaction
    • Review your overall product satisfaction and vendor management

    This step involves the following participants:

    • Workday Optimization Team

    Outcomes of this step

    • Application optimization plan

    Info-Tech Insight

    Enabling a high-performing organization requires excellent management practices and continuous optimization efforts. Your technology portfolio and architecture are important, but we must go deeper. Taking a holistic view of ERP technologies in the environments in which they operate allows for the inclusion of people and process improvements – this is key to maximizing business results. Using a formal ERP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    Address process gaps:

    • ERP and related technologies are invaluable to the goal of organizational enablement, but they must have supported processes driven by business goals.
    • Identify areas where capabilities need to be improved and work toward optimization.

    Support user satisfaction:

    • The best technology in the world won’t deliver business results if it’s not working for the users who need it.
    • Understand concerns, communicate improvements, and support users in all roles.

    Improve data quality:

    • Data quality is unique to each business unit and requires tolerance, not perfection.
    • Implement data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.

    Proactively manage vendors:

    • Vendor management is a critical component of technology enablement and IT satisfaction.
    • Assess your current satisfaction against that of your peers and work toward building a process that is best fit for your organization.

    Assessing application business value

    The Business

    Keepers of the organization’s mission, vision, and value statements that define IT success. The business maintains the overall ownership and evaluation of the applications.

    Business Value of Applications

    IT

    Technical subject matter experts of the applications they deliver and maintain. Each IT function works together to ensure quality applications are delivered to stakeholder expectations.

    First, the authorities on business value need to define and weigh their value drivers that describe the priorities of the organization. This will allow the applications team to apply a consistent, objective, and strategically aligned evaluation of applications across the organization.

    In this context…

    business value is

    the value of the business outcome that the application produces. Additionally, it is how effective the application is at producing that outcome.

    Business value IS NOT

    the user’s experience or satisfaction with the application.

    Brainstorm IT initiatives to enable high areas of opportunity to support the business

    Create or Improve:

    • ERP Capabilities
    • Optimization Initiatives

    Capabilities are what the system and business do that creates value for the organization.

    Optimization initiatives are projects with a definitive start and end date, and they enhance, create, maintain, or remove capabilities with the goal of increasing value.

    Brainstorm ERP optimization initiatives in each area. Ensure you are looking for all-encompassing opportunities within the context of IT, the business, and Workday systems.

    • Process
    • Technology
    • Organization

    Discover the value drivers of your applications

    Financial vs. Human Benefits

    Financial benefits refer to the degree to which the value source can be measured through monetary metrics and are often quite tangible.

    Human benefits refer to how an application can deliver value through a user’s experience.

    Inward vs. Outward Orientation

    Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.

    Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    The image shows a business value matrix, with Human benefit and Financial benefit in the horizontal and Outward and Inward on the vertical. In the top left quadrant is Reach Customers; top right is Increase Revenue or Deliver Value; bottom left is Enhance Services, and bottom right is Reduce Costs.

    The image shows a graph titled Perceived business benefits from using digital tools. It is a bar graph, showing percentages assigned to each perceived benefit. The source is Collins et al, 2017.

    Increased Revenue

    Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.

    Reduced Costs

    Reduction of overhead. The ways in which an application limits the operational costs of business functions.

    Enhanced Services

    Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    Reach Customers

    Application functions that enable and improve the interaction with customers or produce market information and insights.

    Prioritize Workday optimization areas that will bring the most value to the organization

    Review your ERP capability areas and rate them according to relevance to organizational goals. This will allow you to eliminate optimization ideas that may not bring value to the organization.

    The image shows a graph, separated into quadrants. On the x-axis is Satisfaction, from low to high, and on the Y-axis is Relevant to Organizational Goals from Low to High. The top left quadrant is High Priority, top right is Maintain, and the two lower quadrants are both low priority.

    Value vs. Effort

    How important is it? vs. How difficult is it?

    How important is it? How Difficult is it?

    What is the value?

    • Increase revenue
    • Decrease costs
    • Enhanced services
    • Reach customers

    What is the benefit?

    • How can it help us reach our goals?

    What is the impact?

    • To organizational goals
    • To ERP goals
    • To departmental goals

    What is the cost?

    • Hours x Rates ++ =

    What is the level of effort?

    • Development effort
    • Operational effort
    • Implementation effort
    • Outside resource coordination

    What is the risk of implementing/not implementing?

    What is the complexity?

    (Roadmunk)

    RICE method

    Measure the “total impact per time worked”

    The image shows a graphic with the word Confidence at the top, then an arrow pointing upwards that reads Impact. Below that, there is an arrow pointing horizontally in both directions that reads Reach, and then a horizontal line, with the word Effort below it.

    Reach Impact Confidence Effort

    How many people will this improvement impact? Internal: # of users OR # of transactions per period

    External: # of customers OR # of transactions per period

    What is the scale of impact? How much will the improvement affect satisfaction?

    Example Weighting:

    1 = Massive Impact

    2 = High Impact

    1 = Medium Impact

    0.5 = Low Impact

    0.25 = Very Low Impact

    How confident are we that the improvements are achievable and that they will meet the impact estimates?

    Example Weighting:

    1 = High Confidence

    0.80 = Medium Confidence

    0.50 = Low Confidence

    How much investment will be required to implement the improvement initiative?

    FTE hours x cost per hour

    (Intercom)

    3.1.1 Prioritize and rate optimization capability areas

    1-3 hours

    1. Use tab 3.1 Optimization Priorities.
    2. From the Workday Key Capabilities (pulled from tab 1.3 Key Capabilities), discuss areas of scope for the Workday optimization initiative.
    3. Discuss the four areas of the business value matrix and identify how each module, along with organizational goals, can bring value to the organization.
    4. Rate each of your Workday capabilities for the level of importance to your organization. The levels of importance are:
      • Crucial
      • Important
      • Secondary
      • Unimportant
      • Not applicable

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Step 3.2

    Discover Optimization Initiatives

    Activities

    3.2.1 Discover Product and Vendor Satisfaction Opportunities

    3.2.2 Discover Capability and Feature Optimization Opportunities

    3.2.3 Discover Process Optimization Opportunities

    3.2.4 Discover Integration Optimization Opportunities

    3.2.5 Discover Data Optimization Opportunities

    3.2.6 Discover Workday Cost-Saving Opportunities

    Build Your Optimization Roadmap

    Step 3.1

    Step 3.2

    This step will guide you through the following activities:

    • Explore existing process gaps
    • Identify the impact of processes on user satisfaction
    • Identify the impact of data quality on user satisfaction
    • Review your overall product satisfaction and vendor management

    This step involves the following participants:

    • Workday Optimization Team

    Outcomes of this step

    • Application optimization plan
    Content for New section Tag Goes HereThe image shows a graphic title Product Feature Satisfaction, showing features in rank order and data on each.
    Content for New section Tag Goes HereThe image shows a graphic titled Vendor Capability Satisfaction, showing features in rank order with related data.

    Workday’s partner landscape

    Workday uses an extensive partner network to help deliver results.

    ADVISORY PARTNERS

    Workday Advisory Partners have in-depth knowledge to help customers determine what’s best for their needs and how to maximize business value. They guide you through digital acceleration strategy and planning, product selection, change management, and more.

    SERVICES PARTNERS

    Workday Services Partners represent a curated community of global systems integrators and regional firms that help companies deploy Workday and continually adopt new capabilities.

    SOFTWARE PARTNERS

    Workday Software Partners are a global ecosystem of application, content, and technology software companies that design, build, and deploy solution extensions to help customers enhance the capabilities of Workday.

    Global payroll PARTNERS

    Workday’s Global Payroll Cloud (GPC) program makes it easy to expand payroll (outside of the US, Canada, the UK, and France) to third-party payroll providers around the world using certified, prebuilt integrations from Workday Partners. Payroll partners provide solutions in more than 100 countries.

    Adaptive planning PARTNERS

    Adaptive planning partners guide you through all aspects of everything from integration to deployment.

    With large-scale ERP and HCM systems, the success of the system can be as much about the SI (Systems Integrator) or vendor partners as it is about the core product.

    In evaluating your Workday system, think about Workday’s extensive partner network to understand how you can capitalize on your installation.

    You do not need to reinvent the system; you may just need an additional service partner or bolt-on solution to round out your product functionality.

    Improving vendor management

    Create a right-size, right-fit strategy for managing the vendors relevant to your organization.

    The image shows a matrix, with strategic value on the x-axis from low to high, and Vendor Spend/Switching Costs on the y-axis, from low to high. In the top left is Operational, top right is Strategic; lower left is commodity; and lower right Tactical.

    Info-Tech Insight

    A vendor management initiative is an organization’s formalized process for evaluating, selecting, managing, and optimizing third-party providers of goods and services.

    The amount of resources you assign to managing vendors depends on the number and value of your organization’s relationships. Before optimizing your vendor management program around the best practices presented in Info-Tech’s Jump Start Your Vendor Management Initiative blueprint, assess your current maturity and build the process around a model that reflects the needs of your organization.

    Note: Info-Tech uses VMI interchangeably with the terms “vendor management office (VMO),” “vendor management function,” “vendor management process,” and “vendor management program.”

    Jump Start Your Vendor Management Initiative

    3.2.1 Discover product and vendor satisfaction

    1-2 hours

    1. Review tab 2.2 Vend. & Prod. Sat. to review the overall Product (and Vendor) satisfaction of your Workday system.
    2. Use tab 3.2 Optimization Initiatives to answer the following questions in the Overall Product (and Vendor) Evaluation area.
      • Document overall product satisfaction.
      • How does your satisfaction compare with your peers?
      • Is the overall system fit for use?
      • Do you have a proactive vendor management strategy in place?
      • Is the product dissatisfaction at the point that you need to evaluate if it is time to replace the product?
      • Could your vendor or SI help you achieve better results?

    Record this information in the Get the Most Out of Your Workday Workbook.

    The image shows a box with text in it, titled 3.2.1 Overall Product (and Vendor) Evaluation.

    Download the Get the Most Out of Your Workday Workbook

    Content for New section Tag Goes HereThe image is a graphic, with the Five Most Critical Applications section at the top, with related data, and other sets of data included in smaller text at the bottom of the image.

    3.2.2 Discover capability and feature optimization opportunities

    1-2 hours

    1. Review tab 2.2 Vend. & Prod. Sat. and tab 3.1 Optimization Priorities to review the satisfaction with the capabilities and features of your Workday system.
    2. Use tab 3.2 Optimization Initiatives to answer the following questions in the Capabilities and Features Evaluation area to answer the following questions:
      • What capabilities and features are performing the worst?
      • Do other organizations and users struggle with these areas?
      • Why is it not performing well?
      • Is there an opportunity for improvement?
      • What are some optimization initiatives that could be undertaken?

    Record this information in the Get the Most Out of Your Workday Workbook

    The image is a box with text in it, titled 3.2.2 Capabilities and Features Evaluation.

    Download the Get the Most Out of Your Workday Workbook

    Process optimization: the hidden goldmine

    Know your strategic goals and KPIs that will deliver results.

    Goals of Process Improvement Process Improvement Sample Areas Improvement Possibilities
    • Optimize business and improve value drivers
    • Reduce TCO
    • Reduce process complexity
    • Eliminate manual processes
    • Increase efficiencies
    • Support digital transformation and enablement
    • Order to cash
    • Procure to pay
    • Order to replenish
    • Plan to produce
    • Request to settle
    • Make to order
    • Make to stock
    • Purchase to order
    • Increase number of process instances processed successfully end to end
    • Increase number of instances processed in time
    • Increase degree of process automation
    • Speed up cycle times of supply chain processes
    • Reduce number of process exceptions
    • Apply internal best practices across organizational units

    3.2.3 Discover process optimization opportunities

    1-2 hours

    1. Use tab 3.1 Optimization Priorities and tab 2.2 Bus Proc Change Tolerance to review process optimization opportunities.
    2. Use tab 3.2 Optimization Initiatives to answer the following questions in the Capabilities and Features Evaluation area to answer the following questions:
      • List underperforming capabilities around process.
      • Answer the following:
        • What is the state of the current processes?
        • Is there an opportunity for process improvement?
        • What are some optimization initiatives that could be undertaken in this area?

    Record this information in the Get the Most Out of Your Workday Workbook.

    The image shows a box with text in it, titled Processes Optimization.

    Download the Get the Most Out of Your Workday Workbook

    Integration provides long-term usability

    Balance the need for secure, compliant data availability with organizational agility.

    The benefits of integration

    • The largest benefit is the extended use of data. The ERP data can be used in the enterprise-level business intelligence suite rather than the application-specific analytics.
    • Enhanced data security. Integrated approaches lend themselves to auditable processes such as sign-on and limit the email movement of data.
    • Regulatory compliance. Large multi-site organizations have many layers of regulation. A clear understanding of where orders, deliveries, and payments were made streamlines the audit process.

    The challenges of integration

    • Extending a single instance ERP to multiple sites. The challenge for data management is the same as any SaaS application. The connection and data replication present challenges.
    • Combining data from equally high-volume systems. For Workday it is recommended that one instance is set to primary and all other sites are read-only to maintain data integrity.
    • Incorporating data from the separate system(s). The proprietary and locked-in nature of the data collection and definitions for ERP systems often limit the movement of data between separate systems.

    Common integration and consolidation scenarios

    Financial Consolidation Data Backup Synchronization Across Sites Legacy Consolidation
    • Financial consolidation requires a holistic view of data format and accounting schedules
    • Problem: Controlling financial documentation across geographic regions. Most companies are required to report in each region where they maintain a presence. Stakeholders and senior management also need a holistic view. This leads to significant strain on the financial department to consolidate both revenue and budget allocations for cross-site projects across the various geographic locations on a regular basis.
    • Solution: For enterprises with a single vendor or Workday-only portfolios, Workday can offer integration tools. For those needing to integrate with other ERPs the use of a connector may be required to send financial data to the main system. The format and accounting calendar for transactions should match the primary ERP system to allow consolidation. The local specific format should be a role-based customization at the level of the site’s specific instance.
    • Use a data center as the main repository to ensure all geographic locations have equal access to the necessary data.
    • Problem: ERP systems generate high volumes of data. Most systems have a defined schedule of back-up during off-hours. Multi-instance brings additional issues through lack of defined off-hours, higher volume of data, and the potential for cross-site or instance data relationships. This leads to headaches for both the Database Administrator and Business Analysts.
    • Solution: The best solution is an offsite data center with high availability. This may include cloud storage or hosted data centers. Regardless of where the data is stored, centralize the data and replicate to each site. Ensure that the data center can mirror the database and Binary Large Object (BLOB) storage that exists for each site.
    • Set up synchronization schedules based on data usage, not site location.
    • Problem: Providing access to up-to-date transactions requires copying of both contextual information (permissions, timestamp, location, history) and the transaction itself across multiple sites to allow local copies to be used for analysis and audits. The sheer volume of information makes timely synchronization difficult.
    • Solution: Not all data needs to be synchronized in a timely fashion. In Workday, administrators can use NetWeaver to maintain and alter global data synchronization through the Master Data Management module. Permissions can be given to users to perform on-demand synchronization of data attached to that user.
    • Carefully define older transactions. Only active transactions should be brought in the ERP. Send older data to storage.
    • Problem: Subsidiaries and acquired companies often have a Tier 2 ERP product. Prior to fully consolidating the processes, many enterprises will want to migrate data to their ERP system to build compliance and audit trails. Migration of data often breaks historical linkages between transactions.
    • Solution: Workday offers tools to integrate data across applications that can be used as part of a data migration strategy. The process of data migration should be combined with data warehousing to ensure a cost-effective process. For most enterprises, the lack of experience in data migration will necessitate the use of consultants and Independent Software Vendors (ISV).

    For more information: Implement a Multi-site ERP

    3.2.4 Discover integration optimization opportunities

    1-2 hours

    1. Use tab 3.2 Optimization Initiatives to answer the following questions in the Integration Evaluation area:
      1. Are there some areas where integration could be improved?
      2. Is there an opportunity for process improvement?
      3. What are some optimization initiatives that could be undertaken in this area?

    Record this information in the Get the Most Out of Your Workday Workbook.

    The image shows a box with text in it, titled Integration Evaluation.

    Download the Get the Most Out of Your Workday Workbook

    Use a data strategy that fixes the enterprise-wide data management issues

    Your data management must allow for flexibility and scalability for future needs.

    IT has several concerns around ERP data and wide dissemination of that data across sites. Large organizations can benefit from building a data warehouse or at least adopting some of the principles of data warehousing. The optimal way to deal with the issue of integration is to design a metadata-driven data warehouse that acts as a central repository for all ERP data. This serves as the storage facility for millions of transactions, formatted to allow analysis and comparison.

    Key considerations:

    • Technical: At what stage does data move to the warehouse? Can processes be automated to dump data or to do a scheduled data movement?
    • Process: Data integration requires some level of historical context for all data. Ensure that all data has multiple metadata tags to future-proof the data.
    • People: Who will be accessing the data and what are the key items that users will need to adapt to the data warehouse process?

    Info-Tech Insight

    Data warehouse solutions can be expensive. See Info-Tech’s Build a Data Warehouse on a Solid Foundation for guidance on what options are available to meet your budget and data needs.

    Optimizing Workday data, additional considerations

    Data Quality Management Effective Data Governance Data-Centric Integration Strategy Extensible Data Warehousing
    • Prevention is 10x cheaper than remediation. Stop fixing data quality with band-aid solutions and start fixing at the source of the problem.
    • Data quality is unique to each business unit and requires tolerance, not perfection. If the data allows the business to operate at the desired level, don’t waste time fixing data that may not need to be fixed.
    • Implement a set of data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.
    • Develop a prioritized data quality improvement project roadmap and long-term improvement strategy.
    • Build related practices with more confidence and less risk after achieving an appropriate level of data quality.
    • Data governance enables data-driven insight. Think of governance as a structure for making better use of data.
    • Collaboration is critical. The business may own the data, but IT understands the data. Data governance will not work unless the business and IT work together.
    • Data governance powers the organization up the data value chain through policies and procedures, master data management, data quality, and data architecture.
    • Create a roadmap to prioritize initiatives and delineate responsibilities among data stewards, data owners, and the data governance steering committee.
    • Ensure buy-in from business and IT stakeholders. Communicate initiatives to end users and executives to reduce resistance.
    • Every enterprise application involves data integration. Any change in the application and database ecosystem requires you to solve a data integration problem.
    • Data integration is becoming more and more critical for downstream functions of data management and for business operations to be successful. Poor integration holds back these critical functions.
    • Build your data integration practice with a firm foundation in governance and a reference architecture. Ensure that your process is scalable and sustainable.
    • Support the flow of data through the organization and meet the organization’s requirements for data latency, availability, and relevancy.
    • Data availability must be frequently reviewed and repositioned to continue to grow with the business.
    • A data warehouse is a project, but successful data warehousing is a program. An effective data warehouse requires planning beyond the technology implementation.
    • Governance, not technology, needs to be the core support system for enabling a data warehouse program.
    • Leverage an approach that focuses on constructing a data warehouse foundation that can address a combination of operational, tactical, and ad hoc business needs.
    • Invest time and effort to put together pre-project governance to inform and guide your data warehouse implementation.
    • Select the most suitable architecture pattern to ensure the data warehouse is “built right” at the very beginning.

    Build Your Data Quality Program

    Establish Data Governance

    Build a Data Integration Strategy

    Build an Extensible Data Warehouse Foundation

    3.2.5 Discover data optimization opportunities

    1-2 hours

    1. Use your 2.1 APA survey and/or tab 2.2 Vendor & Prod Sat to better understand issues related to data.
    • Note: Data issues happen for a number of reasons:
      • Poor underlying data in the system
      • More than one source of truth
      • Inability to consolidate data
      • Inability to measure KPIs (key performance indicators) effectively
      • Reporting that is cumbersome or non-existent
  • Use tab 3.2 Optimization Initiatives to answer the following questions in the Data Evaluation area:
    • What are some underlying issues?
    • Is there an opportunity for data improvement?
    • What are some optimization initiatives that could be undertaken in this area?

    • Record this information in the Get the Most Out of Your Workday Workbook.

    The image shows a box with text in it, titled 3.2.5 Data Evaluation.

    Download the Get the Most Out of Your Workday Workbook

    Content for New section Tag Goes HereThe image shows a graphic, with a bar graph at the bottom, showing Primary Reason for Leaving Workday Human Capital Management.

    Info-Tech Insight

    The number one reason organizations leave Workday is because of cost. Do not be strong-armed into a contract you do not feel comfortable with. Do your homework, know your leverage points, be fully prepared for cost negotiations, use their competition to your advantage, and get support – such as Info-Tech’s vendor management resources and team.

    Approach contracts and pricing strategically

    Don’t go into contract negotiation blind.

    • Understand the vendor – year-end, market strategy, and competitive position.
    • Take the time to understand the contract. including contract details such as length of the contract, full-service equivalent (FSE, employee count,) innovation fees, modules included, and renewal clauses.
    • Be fully prepared to take a proactive approach to cost negotiations.
      • Use Info-Tech’s vendor management services to support you.
      • Go in prepared.
      • Use your leverage points – FSE count, Module Bundles, CPI & Innovation Fees.
      • Use competition to your advantage.

    Since 2007, Workday has been steadily growing its market share and footprint in human capital management, finance, and student information systems.

    Organizations considering additional modules or undergoing contract renewal need to gain insight into areas of leverage and other relevant vendor information.

    Key issues that occur include pricing transparency and contractual flexibility on terms and conditions. Adequate planning and communication need to be taken into consideration before entering into any agreement.

    3.2.6 Discover Workday cost-saving opportunities

    1-2 hours

    1. Use tab 1.5 Current Costs, as an input for this exercise. Another great resource is Info-Tech’s Workday vendor management resources which you can use to help understand cost-saving strategies.
    2. Use tab 3.2 Optimization Initiatives Costs Evaluation area to list cost savings initiatives and opportunities.

    Record this information in the Get the Most Out of Your Workday Workbook.

    The image shows a box with text in it, titled 3.2.6 Costs Evaluation.

    Download the Get the Most Out of Your Workday Workbook

    Other optimization opportunities

    There are many opportunities to improve your Workday portfolio. Choose the ones that are right for your business.

    • Artificial intelligence (AI) (and management of the AI lifecycle)
    • Machine learning (ML)
    • Augment business interactions
    • Automatically execute sales pipelines
    • Process mining
    • Workday application monitoring
    • Be aware of the Workday product roadmap
    • Implement and take advantage of Workday tools and product offerings

    Phase 4

    Build Your Optimization Roadmap

    Phase 1

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an ERP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand Workday Costs

    Phase 2

    2.1 Assess Workday Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    Phase 3

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    Phase 4

    4.1 Build Your Optimization Roadmap

    This phase will walk you through the following activities:

    • Review the different options to solve the identified pain points
    • Build out a roadmap showing how you will get to those solutions
    • Build a communication plan that includes the stakeholder presentation

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Get the Most Out of Your Workday

    Step 4.1

    4.1 Build Your Optimization Roadmap

    Activities

    4.1.1 Evaluate Optimization Initiatives

    4.1.2 Prioritize Your Workday Initiatives

    4.1.3 Build a Roadmap

    4.1.4 Build a Visual Roadmap

    Next steps

    Step 4.1

    This step will walk you through the following activities:

    • Review the different options to solve the identified pain points then build out a roadmap of how to get to that solution.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    • A strategic direction is set
    • An initial roadmap is laid out

    Evaluate your optimization initiatives and determine next steps to build out your optimization roadmap

    The image shows a chart titled Value Drivers, with specific categories and criteria listed along the top as headings. The rows below the headings are blank.

    Activity 4.1.1 Evaluate optimization Initiatives

    1 hour

    1. Evaluate your optimization initiatives from tab 3.2, Optimization Initiatives.
    2. Complete Value Drivers:
    • Relevance to Organizational Goals and Objectives
    • Applications Portfolio Assessment Survey:
      • Impact: Number of Users, Importance to Role
      • Current State: Satisfaction With Features, Usability, and Data Quality.
    • Value Drivers: Increase Revenue, Decrease Costs, Enhanced Services, or Reach Customers.
    • Additional Factors:
      • Current to Future Risk Profile
      • Number of Departments to Benefit
      • Importance to Stakeholder Relations
  • Complete Effort and Cost Estimations:
    • Resources: Do we have resources available and the skillset?
    • Cost
    • Overall Effort Rating
  • Gut Check: “Is it achievable? Have we done it or something similar before? Are we willing to invest in it?“
  • Decision to Proceed
  • Next Steps

    • Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Activity 4.1.2 Determine your optimization roadmap building blocks

    1 hour

    Optimization initiatives: Determine which if any to proceed with.

    1. Identify initiatives.
    2. For each item on your roadmap assign an owner who will be accountable to the completion of the roadmap item.
    3. Wherever possible, assign a start date, month, or quarter. The more specific you can be the better.
    4. Identify completion dates to create a sense of urgency. If you are struggling with start dates, it can help to start with a finish date and “back in” to a start date based on estimated efforts.
    5. Include periphery tasks such as communication strategy.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Note: Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.

    Download the Get the Most Out of Your Workday Workbook

    Activity 4.1.3 – Build a visual Workday optimization roadmap (optional)

    1 hour

    For some, a visual representation of a roadmap is easier to comprehend.

    Consider taking the roadmap built in 4.1.2 and creating a visual roadmap.

    Record this information in the Get the Most Out of Your Workday Workbook.

    The image shows a chart that tracks Initiative and Owner across multiple years.

    Download the Get the Most Out of Your Workday Workbook

    Summary of Accomplishment

    Get the Most Out of Your Workday

    ERP technology is critical to facilitating an organization’s flow of information across business units. It allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making. ERP implementation should not be a one-and-done exercise. There needs to be ongoing optimization to enable business processes and optimal organizational results.

    Get the Most Out of Your Workday allows organizations to proactively implement continuous assessment and optimization of their enterprise resource planning system, including:

    • Alignment and prioritization of key business and technology drivers.
    • Identification of processes, including classification and gap analysis.
    • Measurement of user satisfaction across key departments.
    • Improved vendor relations.
    • Data quality initiatives.

    This formal Workday optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Research Contributors

    Ben Dickie

    Research Practice Lead

    Info-Tech Research Group

    Ben Dickie is a Research Practice Lead at Info-Tech Research Group. His areas of expertise include customer experience management, CRM platforms, and digital marketing. He has also led projects pertaining to enterprise collaboration and unified communications.

    Scott Bickley

    Practice Lead and Principal Research

    Director Info-Tech Research Group

    Scott Bickley is a Practice Lead and Principal Research Director at Info-Tech Research Group focused on vendor management and contract review. He also has experience in the areas of IT asset management (ITAM), software asset management (SAM), and technology procurement along with a deep background in operations, engineering, and quality systems management.

    Andy Neil

    Practice Lead, Applications

    Info-Tech Research Group

    Andy is a Senior Research Director, Data Management and BI, at Info-Tech Research Group. He has over 15 years of experience in managing technical teams, information architecture, data modeling, and enterprise data strategy. He is an expert in enterprise data architecture, data integration, data standards, data strategy, big data, and the development of industry standard data models.

    Bibliography

    “9 product prioritization frameworks for product managers.” Roadmunk, n.d. Accessed 15 May 2022.

    Armel, Kate. "New Article: Data-Driven Estimation, Management Lead to High Quality." QSM: Quantitative Software Management, 14 May 2013. Accessed 4 Feb. 2021.

    Collins, George, et al., “Connecting Small Businesses in the US.” Deloitte Commissioned by Google, 2017. Web.

    Epizitone, Ayogeboh, and Oludayo O. Olugbara. "Critical Success Factors for ERP System Implementation to Support Financial Functions." Academy of Accounting and Financial Studies Journal, vol. 23, no. 6, 2019. Accessed 12 Oct. 2021

    Gheorghiu, Gabriel. "The ERP Buyer’s Profile for Growing Companies." Selecthub, 2018. Accessed 21 Feb. 2021.

    Karlsson, Johan. "Product Backlog Grooming Examples and Best Practices." Perforce, 18 May 2018. Accessed 4 Feb. 2021.

    Lauchlan, Stuart. “Workday accelerates into fiscal 2023 with a strong year end as cloud adoption gets a COVID-bounce.” diginomica, 1 March 2022. Web.

    "Maximizing the Emotional Economy: Behavioral Economics." Gallup, n.d. Accessed 21 Feb. 2021.

    Noble, Simon-Peter. “Workday: A High-Quality Business That's Fairly Valued.” Seeking Alpha, 8 Apr. 2019. Web.

    Norelus, Ernese, Sreeni Pamidala, and Oliver Senti. "An Approach to Application Modernization: Discovery and Assessment Phase," Medium, 24 Feb. 2020. Accessed 21 Feb. 2021.

    "Process Frameworks." APQC, n.d. Accessed 21 Feb. 2021.

    Saxena, Deepak, and Joe Mcdonagh. "Evaluating ERP Implementations: The Case for a Lifecycle-based Interpretive Approach." The Electronic Journal of Information Systems Evaluation, vol. 22, no. 1, 2019, pp. 29-37. Accessed 21 Feb. 2021.

    “Workday Enterprise Management Cloud Product Scorecard.” SoftwareReviews, May 2022. Web.

    “Workday Meets Growing Customer Demand with Record Number of Deployments and Industry-Leading Customer Satisfaction Score.” Workday, Inc., 7 June 2021. Web.

    Enter Into Mobile Development Without Confusion and Frustration

    • Buy Link or Shortcode: {j2store}282|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Mobile Development
    • Parent Category Link: /mobile-development
    • IT managers don’t know where to start when initiating a mobile program.
    • IT has tried mobile development in the past but didn't achieve success.
    • IT must initiate a mobile program quickly based on business priorities and needs a roadmap based on best practices.

    Our Advice

    Critical Insight

    • Form factors and mobile devices won't drive success – business alignment and user experience will. Don't get caught up with the latest features in mobile devices.
    • Software emulation testing is not true testing. Get on the device and run your tests.
    • Cross form-factor testing cannot be optimized to run in parallel. Therefore, anticipate longer testing cycles for cross form-factor testing.

    Impact and Result

    • Prepare your development, testing, and deployment teams for mobile development.
    • Get a realistic assessment of ROI for the launch of a mobile program.

    Enter Into Mobile Development Without Confusion and Frustration Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the Case for a Mobile Program

    Understand the current mobile ecosystem. Use this toolkit to help you initiate a mobile development program.

    • Storyboard: Enter Into Mobile Development Without Confusion and Frustration

    2. Assess Your Dev Process for Readiness

    Review and evaluate your current application development process.

    3. Prepare to Execute Your Mobile Program

    Prioritize your mobile program based on your organization’s prioritization profile.

    • Mobile Program Tool

    4. Communicate with Stakeholders

    Summarize the execution of the mobile program.

    • Project Status Communication Worksheet
    [infographic]

    Workshop: Enter Into Mobile Development Without Confusion and Frustration

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build your Future Mobile Development State

    The Purpose

    Understand the alignment of stakeholder objectives and priorities to mobile dev IT drivers.

    Assess readiness of your organization for mobile dev.

    Understand how to build your ideal mobile dev process.

    Key Benefits Achieved

    Identify and address the gaps in your existing app dev process.

    Build your future mobile dev state.

    Activities

    1.1 Getting started

    1.2 Assess your current state

    1.3 Establish your future state

    Outputs

    List of key stakeholders

    Stakeholder and IT driver mapping and assessment of current app dev process

    List of practices to accommodate mobile dev

    2 Prepare and Execute your Mobile Program

    The Purpose

    Assess the impact of mobile dev on your existing app dev process.

    Prioritize your mobile program.

    Understand the dev practice metrics to gauge success.

    Key Benefits Achieved

    Properly prepare for the execution of your mobile program.

    Calculate the ROI of your mobile program.

    Prioritize your mobile program with dependencies in mind.

    Build a communication plan with stakeholders.

    Activities

    2.1 Conduct an impact analysis

    2.2 Prepare to execute

    2.3 Communicate with stakeholders

    Outputs

    Impact analysis of your mobile program and expected ROI

    Mobile program order of execution and project dependencies mapping

    List of dev practice metrics

    In Case Of Emergency...

    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    1. Get people to safety efficiently by following the floor warden's information and get out if needed
      If there are no floor wardens, YOU take the initiative and alert people. Vacate the premises if you suspect danger.
      Err on the side of caution. Nobody ever got fired over keeping people safe.
    2. Get people to safety (yes! double check this)
    3. Check what is happening
    4. Stop the bleeding
    5. Check what you broke while stopping the bleeding
    6. Check if you need to go into DR mode
    7. Go into DR mode if that is the fastest way to restore the service
    8. Only now start to look deeper

    Notice what is missing in this list?

    • WHY did this happen?
    • WHO did what

    During the first reactions to an event, stick to the facts of what is happening and the symptoms. If the symptoms are bad, attend to people first, no matter the financial losses occurring.
    Remember that financial losses are typically insured. Human life is not. Only loss of income and ability to pay is insured! Not the person's life.

    The WHY, HOW, WHO and other root cause questions are asked in the aftermath of the incident and after you have stabilized the situation.
    In ITIL terms, those are Problem Management and Root Cause Analysis stage questions.

     

     

     

    Management, incident, reaction, emergency

    Integrate IT Risk Into Enterprise Risk

    • Buy Link or Shortcode: {j2store}195|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,599 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • IT risks, when considered, are identified and classified separately from the enterprise-wide perspective.
    • IT is expected to own risks over which they have no authority or oversight.
    • Poor behaviors, such as only considering IT risks when conducting compliance or project due diligence, have been normalized.

    Our Advice

    Critical Insight

    • Stop avoiding risk – integrate it. This provides a holistic view of uncertainty for the organization to drive innovative new approaches to optimize the organization’s ability to respond to risk.

    Impact and Result

    • Understand gaps in the organization’s current approach to risk management practices.
    • Establish a standardized approach for how IT risks impact the enterprise as a whole.
    • Drive a risk-aware organization toward innovation and consider alternative options for how to move forward.
    • Integrate IT risks into the foundational risk practice.

    Integrate IT Risk Into Enterprise Risk Research & Tools

    Integrated Risk Management Capstone – A framework for how IT risks can be integrated into your organization’s enterprise risk management program to enable strategic risk-informed decisions.

    This is a capstone blueprint highlighting the benefits of an integrated risk management program that uses risk information and data to inform strategic decision making. Throughout this research you will gain insight into the five core elements of integrating risk through assessing, governing, defining the program, defining the process, and implementing.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Integrate IT Risk Into Enterprise Risk Capstone
    • Integrated Risk Maturity Assessment
    • Risk Register Tool

    Infographic

    Further reading

    Integrate IT Risk Into Enterprise Risk

    Don’t fear IT risks, integrate them.

    EXECUTIVE BRIEF

    Analyst Perspective

    Having siloed risks is risky business for any enterprise.

    Photo of Valence Howden, Principal Research Director, CIO Practice.
    Valence Howden
    Principal Research Director, CIO Practice     		Photo of Petar Hristov Research Director, Security, Privacy, Risk & Compliance.
    Petar Hristov
    Research Director, Security, Privacy, Risk & Compliance     		Photo of Ian Mulholland Research Director, Security, Risk & Compliance.
    Ian Mulholland
    Research Director, Security, Risk & Compliance     		Photo of Brittany Lutes, Senior Research Analyst, CIO Practice.
    Brittany Lutes
    Senior Research Analyst, CIO Practice     		Photo of Ibrahim Abdel-Kader, Research Analyst, CIO Practice
    Ibrahim Abdel-Kader
    Research Analyst, CIO Practice

    Every organization has a threshold for risk that should not be exceeded, whether that threshold is defined or not.

    In the age of digital, information and technology will undoubtedly continue to expand beyond the confines of the IT department. As such, different areas of the organization cannot address these risks in silos. A siloed approach will produce different ways of identifying, assessing, responding to, and reporting on risk events. Integrated risk management is about embedding IT uncertainty to inform good decision making across the organization.

    When risk is integrated into the organization's enterprise risk management program, it enables a single view of all risks and the potential impact of each risk event. More importantly, it provides a consistent view of the risk event in relation to uncertainty that might have once been seemingly unrelated to IT.

    And all this can be achieved while remaining within the enterprise’s clearly defined risk appetite.

    Executive Summary

    Your Challenge

    Most organizations fail to integrate IT risks into enterprise risks:

    • IT risks, when considered, are identified and classified separately from the enterprise-wide perspective.
    • IT is expected to own risks over which they have no authority or oversight.
    • Poor behaviors, such as only considering IT risks when conducting compliance or project due diligence, have been normalized.

    Common Obstacles

    IT leaders have to overcome these obstacles when it comes to integrating risk:

    • Making business leaders aware of, involved in, and able to respond to all enterprise risks.
    • A lack of data or information being used to support a holistic risk management process.
    • A low level of enterprise risk maturity.
    • A lack of risk management capabilities.

    Info-Tech’s Approach

    By leveraging the Info-Tech Integrated Risk approach, your business can better address and embed risk by:

    • Understanding gaps in the organization’s current approach to risk management practices.
    • Establishing a standardized approach for how IT risks impact the enterprise as a whole.
    • Driving a risk-aware organization toward innovation and considering alternative options for how to move forward.
    • Helping integrate IT risks into the foundational risk practice.

    Info-Tech Insight

    Stop avoiding risk – integrate it. This provides a holistic view of uncertainty for the organization to drive innovative new approaches to optimize its ability to respond to risk.

    What is integrated risk management?

    • Integrated risk management is the process of ensuring all forms of risk information, including information and technology, are considered and included in the enterprise’s risk management strategy.
    • It removes the siloed approach to classifying risks related to specific departments or areas of the organization, recognizing that each of those risks is a threat to the overarching enterprise.
    • Aggregating the different threats or uncertainty that might exist within an organization allows for informed decisions to be made that align to strategic goals and continue to drive value back to the business.
    • By holistically considering the different risks, the organization can make informed decisions on the best course of action that will reduce any negative impacts associated with the uncertainty and increase the overall value.

    Enterprise Risk Management (ERM)

    • IT
    • Security
    • Digital
    • Vendor/Third Party
    • Other

    Enterprise risk management is the practice of identifying and addressing risks to your organization and using risk information to drive better decisions and better opportunities.

    IT risk is enterprise risk

    Multiple types of risk, 'Finance', 'IT', 'People', and 'Digital', funneling into 'ENTERPRISE RISKS'. IT risks have a direct and often aggregated impact on enterprise risks and opportunities in the same way other business risks can. This relationship must be understood and addressed through integrated risk management to ensure a consistent approach to risk.

    Your challenge

    Embedding IT risks into the enterprise risk management program is challenging because:

    • Most organizations classify risks based on the departments or areas of the business where the uncertainty is likely to happen.
    • Unnecessary expectations are placed on the IT department to own risks over which they have no authority or oversight.
    • Risks are often only identified when conducting due diligence for a project or ensuring compliance with regulations and standards.

    Risk-mature organizations have a unique benefit in that they often have established an overarching governance framework and embedded risk awareness into the culture.

    35% — Only 35% of organizations had embraced ERM in 2020. (Source: AICPA and NC State Poole College of Management)

    12% — Only 12% of organizations are leveraging risk as a tool to their strategic advantage. (Source: AICPA and NC State Poole College of Management)

    Common obstacles

    These barriers make integrating IT risks difficult to address for many organizations:

    • IT risks are not seen as enterprise risks.
    • The organization’s culture toward risk is not defined.
    • The organization’s appetite and threshold for risk are not defined.
    • Each area of the organization has a different method of identifying, assessing, and responding to risk events.
    • Access to reliable and informative data to support risk management is difficult to obtain.
    • Leadership does not see the business value of integrating risk into a single management program.
    • The organization’s attitudes and behaviors toward risk contradict the desired and defined risk culture.
    • Skills, training, and resources to support risk management are lacking, let alone those to support integrated risk management.

    Integrating risks has its challenges

    62% — Accessing and disseminating information is the main challenge for 62% of organizations maturing their organizational risk management. (Source: OECD)

    20-28% — Organizations with access to machine learning and analytics to address future risk events have 20 to 28% more satisfaction. (Source: Accenture)

    Integrate Risk and Use It to Your Advantage

    Accelerate and optimize your organization by leveraging meaningful risk data to make intelligent enterprise risk decisions.

    Risk management is more than checking an audit box or demonstrating project due diligence.

    Risk Drivers
    • Audit & compliance
    • Preserve value & avoid loss
    • Previous risk impact driver
    • Major transformation
    • Strategic opportunities
    		 Arrow pointing right. Only 7% of organizations are in a “leading” or “aspirational” level of risk maturity. (OECD, 2021) 63% of organizations struggle when it comes to defining their appetite toward strategy related risks. (“Global Risk Management Survey,” Deloitte, 2021) Late adopters of risk management were 70% more likely to use instinct over data or facts to inform an efficient process. (Clear Risk, 2020) 55% of organizations have little to no training on ERM to properly implement such practices. (AICPA, NC State Poole College of Management, 2021)
    1. Assess Enterprise Risk Maturity 3. Build a Risk Management Program Plan 4. Establish Risk Management Processes 5. Implement a Risk Management Program
    2. Determine Authority with Governance
    Unfortunately, less than 50% of those in risk focused roles are also in a governance role where they have the authority to provide risk oversight. (Governance Institute of Australia, 2020)
    IT can improve the maturity of the organization’s risk governance and help identify risk owners who have authority and accountability.

    Governance and related decision making is optimized with integrated and aligned risk data.

    		List of 'Integrated Risk Maturity Categories': '1. Context & Strategic Direction', '2. Risk Culture and Authority', '3. Risk Management Process', and '4. Risk Program Optimization'. The five types of a risk in Enterprise Risk Management.

    ERM incorporates the different types of risk, including IT, security, digital, vendor, and other risk types.

    The program plan is meant to consider all the major risk types in a unified approach.

    		The 'Risk Process' cycle starting with '1. Identify', '2. Assess', '3. Respond', '4. Monitor', '5. Report', and back to the beginning. Implementation of an integrated risk management program requires ongoing access to risk data by those with decision making authority who can take action.

    Integrated Risk Mapping — Downside Risk Focus

    A diagram titled 'Risk and Controls' beginning with 'Possible Sources' and a list of sources, 'Control Activities' to prevent, the 'RISK EVENT', 'Recovery Activities' to recover, and 'Possible Repercussions' with a list of ramifications.

    Integrated Risk Mapping — Downside and Upside Risk

    Third-Party Risk Example

    Example of a third-party risk mapped onto the diagram on the previous slide, but with potential upsides mapped out as well. The central risk event is 'Vendor exposes private customer data'. Possible Sources of the downside are 'External Attack' with likelihood prevention method 'Define security standard requirements for vendor assessment' and 'Exfiltration of data through fourth-party staff' with likelihood prevention method 'Ensure data is properly classified'. Possible Sources of the upside are 'Application rationalization' with likelihood optimization method 'Reduce number of applications in environment' and 'Review vendor assessment practices' with likelihood optimization method 'Improve vendor onboarding'. Possible Repercussions on the downside are 'Organization unable to operate in jurisdiction' with impact minimization method 'Engage in-house risk mitigation responses' and 'Fines levied against organization' with impact minimization method 'Report incident to any regulators'. Possible Repercussions on the upside are 'Easier vendor integration and management' with impact utilization method 'Improved vendor onboarding practices' and 'Able to bid on contracts with these requirements' with impact utilization method 'Vendors must provide attestations (e.g. SOC or CMMC)'.

    Insight Summary

    Overarching insight

    Stop fearing risk – integrate it. Integration leads to opportunities for organizations to embrace innovation and new digital technologies as well as reducing operational costs and simplifying reporting.

    Govern risk strategically

    Governance of risk management for information- and technology-related events is often misplaced. Just because it's classified as an IT risk does not mean it shouldn’t be owned by the board or business executive.

    Assess risk maturity

    Integrating risk requires a baseline of risk maturity at the enterprise level. IT can push integrating risks, but only if the enterprise is willing to adopt the attitudes and behaviors that will drive the integrated risk approach.

    Manage risk

    It is not a strategic decision to have different areas of the organization manage the risks perceived to be in their department. It’s the easy choice, but not the strategic one.

    Implement risk management

    Different areas of an enterprise apply risk management processes differently. Determining a single method for identification, assessment, response, and monitoring can ensure successful implementation of enterprise risk management.

    Tactical insight

    Good risk management will consider both the positives and negatives associated with a risk management program by recognizing both the upside and downside of risk event impact and likelihood.

    Integrated risk benefits

    IT Benefits

    • IT executives have a responsibility but not accountability when it comes to risk. Ensure the right business stakeholders have awareness and ability to make informed risk decisions.
    • Controls and responses to risks that are within the “IT” realm will be funded and provided with sufficient support from the business.
    • The business respects and values the role of IT in supporting the enterprise risk program, elevating its role into business partner.

    Business Benefits

    • Business executives and boards can make informed responses to the various forms of risk, including those often categorized as “IT risks.”
    • The compounding severity of risks can be formally assessed and ideally quantified to provide insight into how risks’ ramifications can change based on scenarios.
    • Risk-informed decisions can be used to optimize the business and drive it toward adopting innovation as a response to risk events.
    • Get your organization insured against cybersecurity threats at the lowest premiums possible.

    Measure the value of integrating risk

    • Reduce Operating Costs

      • Organizations can reduce their risk operating costs by 20 to 30% by adopting enterprise-wide digital risk initiatives (McKinsey & Company).

    • Increase Cybersecurity Threat Preparedness

      • Increase the organization’s preparedness for cybersecurity threats. 79% of organizations that were impacted by email threats in 2020 were not prepared for the hit (Diligent)

    • Increase Risk Management’s Impact to Drive Strategic Value

      • Currently, only 3% of organizations are extensively using risk management to drive their unique competitive advantage, compared to 35% of companies who do not use it at all (AICPA & NC State Poole College of Management).

    • Reduce Lost Productivity for the Enterprise

      • Among small businesses, 76% are still not considering purchasing cyberinsurance in 2021, despite the fact that ransomware attacks alone cost Canadian businesses $5.1 billion in productivity in 2020 (Insurance Bureau of Canada, 2021).

    “31% of CIO’s expected their role to expand and include risk management responsibilities.” (IDG “2021 State of the CIO,” 2021)

    Make integrated risk management sustainable

    58%

    Focus not just on the preventive risk management but also the value-creating opportunities. With 58% of organizations concerned about disruptive technology, it’s an opportunity to take the concern and transform it into innovation. (Accenture)

    70%

    Invest in tools that have data and analytics features. Currently, “gut feelings” or “experience” inform the risk management decisions for 70% of late adopters. (Clear Risk)

    54%

    Align to the strategic vision of the board and CEO, given that these two roles account for 54% of the accountability associated with extended enterprise risk management. (Extended Enterprise Risk Management Survey, 2020,” Deloitte)

    63%

    Include IT leaders in the risk committee to help informed decision making. Currently 63% of chief technology officers are included in the C‑suite risk committee. (AICPA & NC State Poole College of Management)

    Successful adoption of integrated risk management is often associated with these key elements.

    Assessment

    Assess your organization’s method of addressing risk management to determine if integrated risk is possible

    Assessing the organization’s risk maturity

    Mature or not, integrated risk management should be a consideration for all organizations

    The first step to integrating risk management within the enterprise is to understand the organization’s readiness to adopt practices that will enable it to successfully integrate information.

    In 2021, we saw enterprise risk management assessments become one of the most common trends, particularly as a method by which the organization can consolidate the potential impacts of uncertainties or threats (Lawton, 2021). A major driver for this initiative was the recognition that information and technology not only have enterprise-wide impacts on the organization’s risk management but that IT has a critical role in supporting processes that enable effective access to data/information.

    A maturity assessment has several benefits for an organization: It ensures there is alignment throughout the organization on why integrated risk is the right approach to take, it recognizes the organization’s current risk maturity, and it supports the organization in defining where it would like to go.

    		Pie chart titled 'Organizational Risk Management Maturity Assessment Results' showing just under half 'Progressing', a third 'Established', a seventh 'Emerging', and a very small portion 'Leading or Aspirational'.

    Integrated Risk Maturity Categories

    		 Semi-circle with colored points indicating four categories.

    1

    		Context & Strategic Direction Understand the organization’s main objectives and how risk can support or enhance those objectives.

    2

    		Risk Culture and Authority Examine if risk-based decisions are being made by those with the right level of authority and if the organization’s risk appetite is embedded in the culture.

    3

    		Risk Management Process Determine if the current process to identify, assess, respond to, monitor, and report on risks is benefitting the organization.

    4

    		Risk Program Optimization Consider opportunities where risk-related data is being gathered, reported, and used to make informed decisions across the enterprise.

    Maturity should inform your approach to risk management

    The outcome of the risk maturity assessment should inform how risk management is approached within the organization.

    A row of waves starting light and small and becoming taller and darker in steps. The levels are 'Non-existent', 'Basic', 'Partially Integrated', 'Mostly Integrated', 'Fully Integrated', and 'Optimized'.

    For organizations with a low maturity, remaining superficial with risk will offer more benefits and align to the enterprise’s risk tolerance and appetite. This might mean no integrated risk is taking place.

    However, organizations that have higher risk maturity should begin to integrate risk information. These organizations can identify the nuances that would affect the severity and impact of risk events.

    Integrated Risk Maturity Assessment

    The purpose of the Integrated Risk Maturity Assessment is to assess the organization's current maturity and readiness for integrated risk management (IRM).

    Frequently and continually assessing your organization’s maturity toward integrated risk ensures the right risk management program can be adopted by your organization.

    Integrated Risk Maturity Assessment

    A simple tool to understand if your organization is ready to embrace integrated risk management by measuring maturity across four key categories: Context & Strategic Direction, Risk Culture & Authority, Risk Management Process, and Risk Program Optimization

    		Sample of the Integrated Risk Maturity Assessment deliverable.

    Use the results from this integrated risk maturity assessment to determine the type of risk management program that can and should be adopted by your organization.

    Some organizations will need to remain siloed and focused on IT risk management only, while others will be able to integrate risk-related information to start enabling automatic controls that respond to this data.

    Reduce Manual Repetitive Work With IT Automation

    • Buy Link or Shortcode: {j2store}458|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $34,099 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • IT staff are overwhelmed with manual repetitive work.
    • You have little time for projects.
    • You cannot move as fast as the business wants.

    Our Advice

    Critical Insight

    • Optimize before you automate.
    • Foster an engineering mindset.
    • Build a process to iterate.

    Impact and Result

    • Begin by automating a few tasks with the highest value to score quick wins.
    • Define a process for rolling out automation, leveraging SDLC best practices.
    • Determine metrics and continually track the success of the automation program.

    Reduce Manual Repetitive Work With IT Automation Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand why you should reduce manual repetitive work with IT automation.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify automation candidates

    Select the top automation candidates to score some quick wins.

    • Reduce Manual Repetitive Work With IT Automation – Phase 1: Identify Automation Candidates
    • IT Automation Presentation
    • IT Automation Worksheet

    2. Map and optimize process flows

    Map and optimize process flows for each task you wish to automate.

    • Reduce Manual Repetitive Work With IT Automation – Phase 2: Map & Optimize Process Flows

    3. Build a process for managing automation

    Build a process around managing IT automation to drive value over the long term.

    • Reduce Manual Repetitive Work With IT Automation – Phase 3: Build a Process for Managing Automation

    4. Build automation roadmap

    Build a long-term roadmap to enhance your organization's automation capabilities.

    • Reduce Manual Repetitive Work With IT Automation – Phase 4: Build Automation Roadmap
    • IT Automation Roadmap
    [infographic]

    Workshop: Reduce Manual Repetitive Work With IT Automation

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Automation Candidates

    The Purpose

    Identify top candidates for automation.

    Key Benefits Achieved

    Plan to achieve quick wins with automation for early value.

    Activities

    1.1 Identify MRW pain points.

    1.2 Drill down pain points into tasks.

    1.3 Estimate the MRW involved in each task.

    1.4 Rank the tasks based on value and ease.

    1.5 Select top candidates and define metrics.

    1.6 Draft project charters.

    Outputs

    MRW pain points

    MRW tasks

    Estimate of MRW involved in each task

    Ranking of tasks for suitability for automation

    Top candidates for automation & success metrics

    Project charter(s)

    2 Map & Optimize Processes

    The Purpose

    Map and optimize the process flow of the top candidate(s).

    Key Benefits Achieved

    Requirements for automation of the top task(s).

    Activities

    2.1 Map process flows.

    2.2 Review and optimize process flows.

    2.3 Clarify logic and finalize future-state process flows.

    Outputs

    Current-state process flows

    Optimized process flows

    Future-state process flows with complete logic

    3 Build a Process for Managing Automation

    The Purpose

    Develop a lightweight process for rolling out automation and for managing the automation program.

    Key Benefits Achieved

    Ability to measure and to demonstrate success of each task automation, and of the program as a whole.

    Activities

    3.1 Kick off your test plan for each automation.

    3.2 Define process for automation rollout.

    3.3 Define process to manage your automation program.

    3.4 Define metrics to measure success of your automation program.

    Outputs

    Test plan considerations

    Automation rollout process

    Automation program management process

    Automation program metrics

    4 Build Automation Roadmap

    The Purpose

    Build a roadmap to enhance automation capabilities.

    Key Benefits Achieved

    A clear timeline of initiatives that will drive improvement in the automation program to reduce MRW.

    Activities

    4.1 Build a roadmap for next steps.

    Outputs

    IT automation roadmap

    Further reading

    Reduce Manual Repetitive Work With IT Automation

    Free up time for value-adding jobs.

    ANALYST PERSPECTIVE

    Automation cuts both ways.

    Automation can be very, very good, or very, very bad.
    Do it right, and you can make your life a whole lot easier.
    Do it wrong, and you can suffer some serious pain.
    All too often, automation is deployed willy-nilly, without regard to the overall systems or business processes in which it lives.
    IT professionals should follow a disciplined and consistent approach to automation to ensure that they maximize its value for their organization.

    Derek Shank,
    Research Analyst, Infrastructure & Operations
    Info-Tech Research Group

    Executive summary

    Situation

    • IT staff are overwhelmed with manual repetitive work.
    • You have little time for projects.
    • You cannot move as fast as the business wants.

    Complication

    • Automation is simple to say, but hard to implement.
    • Vendors claim automation will solve all your problems.
    • You have no process for managing automation.

    Resolution

    • Begin by automating a few tasks with the highest value to score quick wins.
    • Define a process for rolling out automation, leveraging SDLC best practices.
    • Determine metrics and continually track the success of the automation program.

    Info-Tech Insight

    1. Optimize before you automate.The current way isn’t necessarily the best way.
    2. Foster an engineering mindset.Your team members may not be process engineers, but they should learn to think like one.
    3. Build a process to iterate.Effective automation can't be a one-and-done. Define a lightweight process to manage your program.

    Infrastructure & operations teams are overloaded with work

    • DevOps and digital transformation initiatives demand increased speed.
    • I&O is still tasked with security and compliance and audit.
    • I&O is often overloaded and unable to keep up with demand.

    Manual repetitive work (MRW) sucks up time

    • Manual repetitive work is a fact of life in I&O.
    • DevOps circles refer to this type of work simply as “toil.”
    • Toil is like treading water: it must be done, but it consumes precious energy and effort just to stay in the same place.
    • Some amount of toil is inevitable, but it's important to measure and cap toil, so it does not end up overwhelming your team's whole capacity for engineering work.

    Info-Tech Insight

    Follow our methodology to focus IT automation on reducing toil.

    Manual hand-offs create costly delays

    • Every time there is a hand-off, we lose efficiency and productivity.
    • In addition to the cost of performing manual work itself, we must also consider the impact of lost productivity caused by the delay of waiting for that work to be performed.

    Every queue is a tire fire

    Queues create waste and are extremely damaging. Like a tire fire, once you get started, they’re almost impossible to stamp out!

    Increase queues if you want

    • “More overhead”
    • “Lower quality”
    • “More variability”
    • “Less motivation”
    • “Longer cycle time”
    • “Increased risk”

    (Source: Edwards, citing Donald G. Reinersten: The Principles of Product Development Flow: Second Generation Lean Product Development )

    Increasing complexity makes I&O’s job harder

    Every additional layer of complexity multiplies points of failure. Beyond a certain level of complexity, troubleshooting can become a nightmare.

    Today, Operations is responsible for the outcomes of a full stack of a very complex, software-defined, API-enabled system running on infrastructure they may or may not own.
    – Edwards

    Growing technical debt means an ever-rising workload

    • Enterprises naturally accumulate technical debt.
    • All technology requires care and feeding.
    • I&O cannot control how much technology it’s expected to support.
    • I&O faces a larger and larger workload as technical debt accumulates.

    The systems built under each new technology paradigm never fully replace the systems built under the old paradigms. It’s not uncommon for an enterprise to have an accumulation of systems built over 10-15 years and have no budget, risk appetite, or even a viable path to replace them all. With each shift, who bares [SIC] the brunt of the responsibility for making sure the old and the new hang together? Operations, of course. With each new advance, Operations juggles more complexity and more layers of legacy technologies than ever before.
    – Edwards

    Most IT shops can’t have a dedicated engineering team

    • In most organizations, the team that builds things is best equipped to support them.
    • Often the knowledge to design systems and the knowledge to run those systems naturally co-exists in the same personnel resources.
    • When your I&O team is trying to do engineering work, they can end up frequently interrupted to perform operational tasks.
    A Venn Diagram is depicted which compares People who build things with People who run things. the two circles are almost completely overlapping, indicating the strong connection between the two groups.

    Personnel resources in most IT organizations overlap heavily between “build” and “run.”

    IT operations must become an engineering practice

    • Usually you can’t double your staff or double their hours.
    • IT professionals must become engineers.
    • We do this by automating manual repetitive work and reducing toil.
    Two scenarios are depicted. The first scenario is found at a hypothetical work camp, in which one employee performs the task of manually splitting firewood with an axe. In order to split twice as much firewood, the employee would need to spend twice the time. The second scenario is Engineering Operations. in this scenario, a wood processor is used to automate the task, allowing far more wood to be split in same amount of time.

    Build your Sys Admin an Iron Man suit

    Some CIOs see a Sys Admin and want to replace them with a Roomba. I see a Sys Admin and want to build them an Iron Man suit.
    – Deepak Giridharagopal, CTO, Puppet

    Two Scenarios are depicted. In one, an employee is replaced by automation, represented by a Roomba, reducing costs by laying off a single employee. In the second scenario, the single employee is given automated tools to do their job, represented by an iron-man suit, leading to a 10X boost in employee productivity.

    Use automation to reduce risk

    Consistency

    When we automate, we can make sure we do something the same way every time and produce a consistent result.

    Auditing and Compliance

    We can design an automated execution that will ship logs that provide the context of the action for a detailed audit trail.

    Change

    • Enterprise environments are continually changing.
    • When context changes, so does the procedure.
    • You can update your docs all you want, but you can't make people read them before executing a procedure.
    • When you update the procedure itself, you can make sure it’s executed properly.

    Follow Info-Tech’s approach: Start small and snowball

    • It’s difficult for I&O to get the staffing resources it needs for engineering work.
    • Rather than trying to get buy-in for resources using a “top down” approach, Info-Tech recommends that I&O score some quick wins to build momentum.
    • Show success while giving your team the opportunity to build their engineering chops.

    Because the C-suite relies on upwards communication — often filtered and sanitized by the time it reaches them — executives don’t see the bottlenecks and broken processes that are stalling progress.
    – Andi Mann

    Info-Tech’s methodology employs a targeted approach

    • You aren’t going to automate IT operations end-to-end overnight.
    • In fact, such a large undertaking might be more effort than it’s worth.
    • Info-Tech’s methodology employs a targeted approach to identify which candidates will score some quick wins.
    • We’ll demonstrate success, gain momentum, and then iterate for continual improvement.

    Invest in automation to reap long-term rewards

    • All too often people think of automation like a vacuum cleaner you can buy once and then forget.
    • The reality is you need to perform care and feeding for automation like for any other process or program.
    • To reap the greatest rewards you must continually invest in automation – and invest wisely.

    To get the full ROI on your automation, you need to treat it like an employee. When you hire an employee, you invest in that person. You spend time and resources training and nurturing new employees so they can reach their full potential. The investment in a new employee is no different than your investment in automation.– Edwards

    Measure the success of your automation program

    Example of How to Estimate Dollar Value Impact of Automation
    Metric Timeline Target Value
    Hours of manual repetitive work 12 months 20% reduction $48,000/yr.(1)
    Hours of project capacity 18 months 30% increase $108,000/yr.(2)
    Downtime caused by errors 6 months 50% reduction $62,500/yr.(3)

    1 15 FTEs x 80k/yr.; 20% of time on MRW, reduced by 20%
    2 15 FTEs x 80k/yr.; 30% project capacity, increased by 30%
    3 25k/hr. of downtime.; 5 hours per year of downtime caused by errors

    Automating failover for disaster recovery

    CASE STUDY

    Industry Financial Services
    Source Interview

    Challenge

    An IT infrastructure manager had established DR failover procedures, but these required a lot of manual work to execute. His team lacked the expertise to build automation for the failover.

    Solution

    The manager hired consultants to build scripts that would execute portions of the failover and pause at certain points to report on outcomes and ask the human operator whether to proceed with the next step.

    Results

    The infrastructure team reduced their achievable RTOs as follows:
    Tier 1: 2.5h → 0.5h
    Tier 2: 4h → 1.5h
    Tier 3: 8h → 2.5h
    And now, anyone on the team could execute the entire failover!

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Reduce Manual Repetitive Work With IT Automation – project overview

    1. Select Candidates 2. Map Process Flows 3. Build Process 4. Build Roadmap
    Best-Practice Toolkit

    1.1 Identify MRW pain points

    1.2 Drill down pain points into tasks

    1.3 Estimate the MRW involved in each task

    1.4 Rank the tasks based on value and ease

    1.5 Select top candidates and define metrics

    1.6 Draft project charters

    2.1 Map process flows

    2.2 Review and optimize process flows

    2.3 Clarify logic and finalize future-state process flows

    3.1 Kick off your test plan for each automation

    3.2 Define process for automation rollout

    3.3 Define process to manage your automation program

    3.4 Define metrics to measure success of your automation program

    4.1 Build automation roadmap

    Guided Implementations

    Introduce methodology.

    Review automation candidates.

    Review success metrics.

    Review process flows.

    Review end-to-end process flows.

    Review testing considerations.

    Review automation SDLC.

    Review automation program metrics.

    Review automation roadmap.

    Onsite Workshop Module 1:
    Identify Automation Candidates     		Module 2:
    Map and Optimize Processes     		Module 3:
    Build a Process for Managing Automation     		Module 4:
    Build Automation Roadmap
    Phase 1 Results:
    Automation candidates and success metrics     		Phase 2 Results:
    End-to-end process flows for automation     		Phase 3 Results:
    Automation SDLC process, and automation program management process     		Phase 4 Results:
    Automation roadmap

    The latest burning platform: Exit Plans in a shifting world

    • Large vertical image:
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Byline body: The new geopolitical reality brings the possibility that we will have to execute our exit plans closer to home. In this research, we delve deeper into exit plans and their implementation and execution.

    The current global situation, marked by significant trade tensions and retaliatory measures between major economic powers, has elevated the importance of more detailed, robust, and executable exit plans for businesses in nearly all industries. The current geopolitical headwinds create an unpredictable environment that can severely impact supply chains, technology partnerships, and overall business operations. What was once a prudent measure is now a critical necessity – a “burning platform” – for ensuring business continuity and resilience.

    Here I will delve deeper into the essential components of an effective exit plan, outline the practical steps for its implementation, and explain the crucial role of testing in validating its readiness.

    exit plan

    Continue reading

    Master the Secrets of Adobe’s Creative Cloud Contracts to Right-Size Your Adobe Spend

    • Buy Link or Shortcode: {j2store}139|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $63,667 Average $ Saved
    • member rating average days saved: 110 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Adobe operates in its own niche in the creative space, and Adobe users have grown accustomed to their products, making switching very difficult.
    • With Adobe’s transition to a cloud-based subscription model, it’s important for organizations to actively manage licenses, software provisioning, and consumption.
    • Without a detailed understanding of Adobe’s various purchasing models, overspending often occurs.
    • Organizations have experienced issues in identifying commercial licensed packages with their install files, making it difficult to track and assign licenses.

    Our Advice

    Critical Insight

    • Focus on user needs first. Examine which products are truly needed versus nice to have to prevent overspending on the Creative Cloud suite.
    • Examine what has been deployed. Knowing what has been deployed and what is being used will greatly aid in completing your true-up.
    • Compliance is not automatic with products that are in the cloud. Shared logins or computers that have desktop installs that can be access by multiple users can cause noncompliance.

    Impact and Result

    • Visibility into license deployments and needs
    • Compliance with internal audits

    Master the Secrets of Adobe’s Creative Cloud Contracts to Right-Size Your Adobe Spend Research & Tools

    Start here – read the Executive Brief

    Procuring Adobe software is not the same game as it was just a few years ago. Adopt a comprehensive approach to understanding Adobe licensing to avoid overspending and to maximize negotiation leverage.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Manage your Adobe agreements

    Use Info-Tech’s licensing best practices to avoid overspending on Adobe licensing and to remain compliant in case of audit.

    • Adobe ETLA vs. VIP Pricing Table
    • Adobe ETLA Forecasted Costs and Benefits
    • Adobe ETLA Deployment Forecast
    [infographic]

    Further reading

    Master the Secrets of Adobe’s Creative Cloud Contracts to Right-Size Your Adobe Spend

    Learn the essential steps to avoid overspending and to maximize negotiation leverage with Adobe.

    ANALYST PERSPECTIVE

    Only 18% of Adobe licenses are genuine copies: are yours?

    "Adobe has designed and executed the most comprehensive evolution to the subscription model of pre-cloud software publishers with Creative Cloud. Adobe's release of Document Cloud (replacement for the Acrobat series of software) is the final nail in the coffin for legacy licensing for Adobe. Technology procurement functions have run out of time in which to act while they still retain leverage, with the exception of some late adopter organizations that were able to run on legacy versions (e.g. CS6) for the past five years. Procuring Adobe software is not the same game as it was just a few years ago. Adopt a comprehensive approach to understanding Adobe licensing, contract, and delivery models in order to accurately forecast your software needs, transact against the optimal purchase plan, and maximize negotiation leverage. "

    Scott Bickley

    Research Lead, Vendor Practice

    Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For:

    • IT managers scoping their Adobe licensing requirements and compliance position.
    • CIOs, CTOs, CPOs, and IT directors negotiating licensing agreements in search of cost savings.
    • ITAM/Software asset managers responsible for tracking and managing Adobe licensing.
    • IT and business leaders seeking to better understand Adobe licensing options (Creative Cloud).
    • Vendor management offices in the process of a contract renewal.

    This Research Will Help You:

    • Understand and simplify licensing per product to help optimize spend.
    • Ensure agreement type is aligned to needs.
    • Navigate the purchase process to negotiate from a position of strength.
    • Manage licenses more effectively to avoid compliance issues, audits, and unnecessary purchases.

    This Research Will Also Assist:

    • CFOs and the finance department
    • Enterprise architects
    • ITAM/SAM team
    • Network and IT architects
    • Legal
    • Procurement and sourcing

    This Research Will Help Them:

    • Understand licensing methods in order to make educated and informed decisions.
    • Understand the future of the cloud in your Adobe licensing roadmap.

    Executive summary

    Situation

    • Adobe’s dominant market position and ownership of the creative software market is forcing customers to refocus the software acquisition process to ensure a positive ROI on every license.
    • In early 2017, Adobe announced it would stop selling perpetual Creative Suite 6 products, forcing future purchases to be transitioned to the cloud.

    Complication

    • Adobe operates in its own niche in the creative space, and Adobe users have grown accustomed to their products, making switching very difficult.
    • With transition to a cloud-based subscription model, organizations need to actively manage licenses, software provisioning, and consumption.
    • Without a detailed understanding of Adobe’s various purchasing models, overspending often occurs.
    • Organizations have experienced issues in identifying commercial licensed packages with their install files, making it difficult to track and assign licenses.

    Resolution

    • Gain visibility into license deployments and needs with a strong SAM program/tool; this will go a long way toward optimizing spend.
      • Number of users versus number of installs are not the same, and confusing the two can result in overspending. Device-based licensing historically would have required two licenses, but now only one may be required.
    • Ensure compliance with internal audits. Adobe has a very high rate of piracy stemming from issues such as license overuse, misunderstanding of contract language, using cracks/keygens, virtualized environments, indirect access, and sharing of accounts.
    • A handful of products are still sold as perpetual – Acrobat Standard/Pro, Captivate, ColdFusion, Photoshop, and Premiere Elements – but be aware of what is being purchased and used in the organization.
      • Beware of products deployed on server, where the number of users accessing that product cannot easily be counted.

    Info-Tech Insight

    1. Your user-need analysis has shifted in the new subscription-based model. Determine which products are needed versus nice to have to prevent overspending on the Creative Cloud suite.
    2. Examine what you need, not what you have. You can no longer mix and match applications.
    3. Compliance is not automatic with products that are in the cloud. Shared logins or computers with desktop installs that can be accessed by multiple users can cause noncompliance.

    The aim of this blueprint is to provide a foundational understanding of Adobe

    Why Adobe

    In 2011 Adobe took the strategic but radical move toward converting its legacy on-premises licensing to a cloud-based subscription model, in spite of material pushback from its customer base. While revenues initially dipped, Adobe’s resolve paid off; the transition is mostly complete and revenues have doubled. This was the first enterprise software offering to effect the transition to the cloud in a holistic manner. It now serves as a case study for those following suit, such as Microsoft, Autodesk, and Oracle.

    What to know

    Adobe elected to make this market pivot in a dramatic fashion, foregoing a gradual transition process. Enterprise clients were temporarily allowed to survive on legacy on-premises editions of Adobe software; however, as the Adobe Creative Cloud functionality was quickly enhanced and new applications were launched, customer capitulation to the new subscription model was assured.

    The Future

    Adobe is now leveraging the power of connected customers, the availability of massive data streams, and the ongoing digitalization trend globally to supplement the core Creative Cloud products with online services and analytics in the areas of Creative Cloud for content, Marketing Cloud for marketers, and Document Cloud for document management and workflows. This blueprint focuses on Adobe's Creative Cloud and Document Cloud solutions and the enterprise term license agreement (ETLA).

    Info-Tech Insight

    Beware of your contract being auto-renewed and getting locked into the quantities and product subset that you have in your current agreement. Determining the number of licenses you need is critical. If you overestimate, you're locked in for three years. If you underestimate, you have to pay a big premium in the true-up process.

    Learn the “Adobe way,” whether you are reviewing existing spend or considering the purchase of new products

    1. Legacy on-premises Adobe Creative Suite products used to be available in multiple package configurations, enabling right-sized spend with functionality. Adobe’s support for legacy Creative Suites CS6 products ended in May 2017.
    2. While early ETLAs allowed customer application packaging at a lower price than the full Creative Cloud suite, this practice has been discontinued. Now, the only purchasing options are the full suite or single-application subscriptions.
    3. Buyers must now assess alternative Adobe products as an option for non-power users. For example, QuarkXPress, Corel PaintShop Pro, CorelDRAW, Bloom, and Affinity Designer are possible replacements for some Creative Cloud applications.
    4. Document Cloud, Adobe’s latest step in creating an Acrobat-focused subscription model, limits the ability to reduce costs with an extended upgrade cycle. These changes go beyond the licensing model.
    5. Organizations need to perform a cost-benefit analysis of single app purchases vs. the full suite to right-size spend with functionality.

    As Adobe’s dominance continues to grow, organizations must find new ways to maintain a value-added relationship

    Adobe estimates the total addressable market for creative and document cloud to be $21 billion. With no sign of growth slowing down, Adobe customers must learn how to work within the current design monopoly.

    The image contains two pie graphs. The first is labelled FY2014 Revenue Mix, and the second graph is titled FY2017E Revenue Mix.

    Source: Adobe, 2017

    "Adobe is not only witnessing a steady increase in Creative Cloud subscriptions, but it also gained more visibility into customers’ product usage, which enables it to consistently push out software updates relevant to user needs. The company also successfully transformed its sales organization to support the recurring revenue model."

    – Omid Razavi, Global Head of Success, ServiceNow

    Consider your route forward

    Consider your route forward, as ETLA contract commitments, scope, and mechanisms differ in structure to the perpetual models previously utilized. The new model shortchanges technology procurement leaders in their expectations of cost-usage alignment and opex flexibility (White, 2016).

    ☑ Implement a user profile to assign licenses by version and limit expenditures. Alternatives can include existing legacy perpetual and Acrobat classic versions that may already be owned by the organization.

    ☑ Examine the suitability and/or dependency on Document Cloud functions, such as existing business workflows and e-signature integration.

    ☑ Involve stakeholders in the evaluation of alternate products for use cases where dependency on Acrobat-specific functionality is limited.

    ☑ Identify not just the installs and active use of the applications but also the depth and breadth of use across the various features so that the appropriate products can be selected.

    The image contains a screenshot of a diagram listing the adobe toolkit. The toolkit includes: Adobe ETLA Deployment Forecast Tool, Adobe ETLA Forecasted Cost and Benefits, Adobe ETLA vs. VIP Pricing Table.

    Use Info-Tech’s Adobe toolkit to prepare for your new purchases or contract renewal

    Info-Tech Insight

    IT asset management (ITAM) and software asset management (SAM) are critical! An error made in a true-up can cost the organization for the remaining years of the ETLA. Info-Tech worked with one client that incurred a $600k error in the true-up that they were not able to recoup from Adobe.

    Apply licensing best practices and examine the potential for cost savings through an unbiased third-party perspective

    Establish Licensing Requirements

    • Understand Adobe’s product landscape and transition to cloud.
    • Analyze users and match to correct Adobe SKU.
    • Conduct an internal software assessment.
    • Build an effective licensing position.

    Evaluate Licensing Options

    • Value Incentive Plan (VIP)
    • Cumulative Licensing Program (CLP)
    • Transactional Licensing Program (TLP)
    • Enterprise Term License Agreement (ETLA)

    Evaluate Agreement Options

    • Price
    • Discounts
    • Price protection
    • Terms and conditions

    Purchase and Manage Licenses

    • Learn negotiation tactics to enhance your current strategy.
    • Control the flow of communication.
    • Assign the right people to manage the environment.

    Preventive practices can help find measured value ($)

    Time and resource disruption to business if audited

    Lost estimated synergies in M&A

    Cost of new licensing

    Cost of software audit, penalties, and back support

    Lost resource allocation and time

    Third party, legal/SAM partners

    Cost of poor negotiation tactics

    Lost discount percentage

    Terms and conditions improved

    Explore Adobe licensing and optimize spend – project overview

    Establish Licensing Requirements

    Evaluate Licensing Options

    Evaluate Agreement Options

    Purchase and Manage Licenses

    Best-Practice Toolkit
    • Assess current state and align goals; review business feedback.
    • Interview key stakeholders to define business objectives and drivers.
    • Review licensing options.
    • Review licensing rules.
    • Determine the ideal contract type.
    • Review final contract.
    • Discuss negotiation points.
    • License management.
    • Future licensing strategy.

    Guided Implementations
    • Engage in a scoping call.
    • Assess the current state.
    • Determine licensing position.
    • Review product options.
    • Review licensing rules.
    • Review contract option types.
    • Determine negotiation points.
    • Finalize the contract.
    • Discuss license management.
    • Evaluate and develop a roadmap for future licensing.

    PHASE 1

    Manage Your Adobe Agreements

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Managing Adobe Contracts

    Proposed Time to Completion: 3-6 weeks

    Step 1.1: Establish Licensing Requirements

    Start with a kick-off call:

    • Assess the current state.
    • Determine licensing position.

    Then complete these activities…

    • Complete a deployment count, needs analysis, and internal audit.

    With these tools & templates:

    Adobe ETLA Deployment Forecast

    Step 1.2: Determine Licensing Options

    Review findings with analyst:

    • Review licensing options.
    • Review licensing rules.
    • Review contract option types.

    Then complete these activities…

    • Select licensing option.
    • Document forecasted costs and benefits.

    With these tools & templates:

    Adobe ETLA vs. VIP Pricing Table

    Adobe ETLA Forecasted Costs and Benefits

    Step 1.3: Purchase and Manage Licenses

    Review findings with analyst:

    • Review final contract.
    • Discuss negotiation points.
    • Plan a roadmap for SAM.

    Then complete these activities…

    • Negotiate final contract.
    • Evaluate and develop a roadmap for SAM.

    With these tools & templates:

    Adobe ETLA Deployment Forecast

    Adobe’s Cloud – Snapshot of what has changed

    1. Since Adobe has limited the procurement and licensing options with the introduction of Creative Cloud, there are three main choices:
      1. Direct online purchase at Adobe.com
      2. Value Incentive Plan (VIP): Creative Cloud for teams–based purchase with a volume discount (minimal, usually ~10%); may have some incentives or promotional pricing
      3. Enterprise Term License Agreement (ETLA): Creative Cloud for Enterprise (CCE)
    2. Adobe has discontinued support for legacy perpetual licenses, with the latest version being CS6, which is steering organizations to prioritize their options for products in the creative and document management space.
    3. Document Cloud (DC) is the cloud product replacing the Acrobat perpetual licensing model. DC extends the subscription-based model further and limits options to extend the lifespan of legacy on-premises licenses through a protracted upgrade process.
    4. The subscription model, coupled with limited discount options on transactional purchases, forces enterprises to consider the ETLA option. The ETLA brings with it unique term commitments, new pricing structures, and true-up mechanisms and inserts the "land and expand" model vs. license reassignment.

    Info-Tech Insight

    Adobe’s move from a perpetual license to a per-user subscription model can be positive in some scenarios for organizations that experienced challenges with deployment, management of named users vs. devices, and license tracking.

    Core concepts of Adobe agreements: Discounting, pricing, and bundling

    ETLA

    Adobe has been systematically reducing discounts on ETLAs as they enter the second renewal cycle of the original three-year terms.

    Adobe Cloud Bundling

    Adobe cloud services are being bundled with ETLAs with a mandate that companies that do not accept the services at the proposed cost have Adobe management’s approval to unbundle the deal, generally with no price relief.

    Custom Bundling

    The option for custom bundling of legacy Creative Suite component applications has been removed, effectively raising the price across the board for licensees that require more than two Adobe applications who must now purchase the full Creative Cloud suite.

    Higher and Public Education

    Higher education/public education agreements have been revamped over the past couple of years, increasing prices for campus-wide agreements by double-digit percentages (~10-30%+). While they still receive an 80% discount over list price, IT departments in this industry are not prepared to absorb the budget increase.

    Info-Tech Insight

    Adobe has moved to an all-or-one bundle model. If you need more than two application products, you will likely need to purchase the full Creative Cloud suite. Therefore, it is important to focus on creating accurate user profiles to identify usage needs.

    Use Info-Tech’s Adobe deployment tool for SAM: Track deployment and needs

    The image contains a screenshot of Info-Tech's Adobe deployment tool for SAM: Track deployment and needs.

    Use Info-Tech’s Adobe deployment tool for SAM: Audit

    The image contains a screenshot of the Adobe Deployment Tool for SAM, specifically the Audit tab.

    Use Info-Tech’s Adobe deployment tool for SAM: Cost

    The image contains a screenshot of the Adobe Deployment Tool for SAM, specifically the Cost tab.

    Use Info-Tech’s tools to compare ETLA vs. VIP and to document forecasted costs and benefits

    Is the ETLA or VIP option better for your organization?

    Use Info-Tech’s Adobe ETLA vs. VIP Pricing Table tool to compare ETLA costs against VIP costs.

    The image contains a screenshot of Info-Tech's Adobe ETLA vs. VIP Pricing Table.

    Your ETLA contains multiple products and is a multi-year agreement.

    Use Info-Tech’s ETLA Forecasted Costs and Benefits tool to forecast your ETLA costs and document benefits.

    The image contains a screenshot of Info-Tech's ETLA Forecasted Costs and Benefits.

    Adobe’s Creative Cloud Complete offering provides access to all Adobe creative products and ongoing upgrades

    Why subscription model?

    The subscription model forces customers to an annuity-based pricing model, so Adobe has recurring revenue from a subscription-based product. This increases customer lifetime value (CLTV) for Adobe while providing ongoing functionality updates that are not version/edition dependent.

    Key Characteristics:

    • Available as a month-to-month or annual subscription license
    • Can be purchased for one user, for a team, or for an enterprise
    • Subject to annual payment and true-up of license fees
    • Can only true-up during lifespan of contract; quantities cannot be reduced until renewal
    • May contain auto-renewal clauses – beware!

    Key things to know:

    1. Applications can be purchased individually if users require only one specific product. A few products continue to have on-premises licensing options, but most are offered by per-user subscriptions.
    2. At the end of the subscription period, the organization no longer has any rights to the software and would have to return to a previously owned version.
    3. True-downs are not possible (in contrast to Microsoft’s Office 365).
    4. Downgrade rights are not included or are limited by default.

    Which products are in the Creative Cloud bundle?

    Adobe Acrobat® XI Pro

    Adobe After Effects® CC

    Adobe Audition® CC

    Adobe Digital Publishing Suite, Single Edition

    Adobe InDesign® CC

    Adobe Dreamweaver® CC

    Adobe Edge Animate

    Adobe Edge Code preview

    Adobe Edge Inspect

    Adobe Photoshop CC

    Adobe Edge Reflow preview

    Adobe Edge Web Fonts

    Adobe Extension Manager

    ExtendScript Toolkit

    Adobe Fireworks® CS6

    Adobe Flash® Builder® 4.7 Premium Edition

    Adobe Flash Professional CC

    Adobe Illustrator® CC

    Adobe Prelude® CC

    Adobe Premiere® Pro CC

    Adobe Scout

    Adobe SpeedGrade® CC

    Adobe Muse CC

    Adobe Photoshop Lightroom 6

    Adobe offers different solutions for teams vs. enterprise licensing

    Evaluate the various options for Creative Cloud, as they can be purchased individually, for teams, or for enterprise.

    Bundle Name

    Target Customer

    Included Applications

    Features

    CC (for Individuals)

    Individual users

    The individual chooses
    • Sync, store, and share assets
    • Adobe Portfolio website
    • Adobe Typekit font collection
    • Microsoft Teams integration
    • Can only be purchased through credit card

    CC for Teams (CCT)

    Small to midsize organizations with a small number of Adobe users who are all within the same team

    Depends on your team’s requirements. You can select all applications or specific applications.

    Everything that CC (for individuals) does, plus

    • One license per user; can reassign CC licenses
    • Web-based admin console
    • Centralized deployment
    • Usage tracking and reporting
    • 100GB of storage per user
    • Volume discounts for 10+ seats

    CC for Enterprise (CCE)

    Large organizations with users who regularly use multiple Adobe products on multiple machines

    All applications including Adobe Stock for images and Adobe Enterprise Dashboard for managing user accounts

    Everything that CCT does, plus

    • Employees can activate a second copy of software on another device (e.g. home computer) as long as they share the same Adobe ID and are not used simultaneously
    • Ability to reassign licenses from old users to new users
    • Custom storage options
    • Greater integration with other Adobe products
    • Larger volume discounts with more seats

    For further information on specific functionality differences, reference Adobe’s comparison table.

    A Cloud-ish solution: Considerations and implications for IT organizations

    ☑ True cloud products are typically service-based, scalable and elastic, shared resources, have usage metering, and rely upon internet technologies. Currently, Adobe’s Creative Cloud and Document Cloud products lack these characteristics. In fact, the core products are still downloaded and physically installed on endpoint devices, then anchored to the cloud provisioning system, where the software can be automatically updated and continuously verified for compliance by ensuring the subscription is active.

    ☑ Adobe Cloud allows Adobe to increase end-user productivity by releasing new features and products to market faster, but the customer will increase lock-in to the Adobe product suite. The fast-release approach poses a different challenge for IT departments, as they must prepare to test and support new functionality and ensure compatibility with endpoint devices.

    ☑ There are options at the enterprise level that enable IT to exert more granular control over new feature releases, but these are tied to the ETLA and the provided enterprise portal and are not available on other subscription plans. This is another mechanism by which Adobe has been able to spur ETLA adoption.

    Not all CIOs consider SaaS/subscription applications their first choice, but the Adobe’s dominant position in the content and document management marketplace is forcing the shift regardless. It is significant that Adobe bypassed the typical hybrid transition model by effectively disrupting the ability to continue with perpetual licensing without falling behind the functionality curve.

    VIP plans do allow for annual terms and payment, but you lose the price elasticity that comes with multi-year terms.

    Download Info-Tech’s Adobe ETLA vs. VIP Pricing Table tool to compare ETLA costs against VIP costs.

    When moving to Adobe cloud, validate that license requirements meet organizational needs, not a sales quota

    Follow these steps in your transition to Creative Cloud.

    Step 1: Make sure you have a software asset management (SAM) tool to determine Adobe installs and usage within your environment.

    Step 2: Look at the current Adobe install base and usage. We recommend reviewing three months’ worth of reliable usage data to decide which users should have which licenses going forward.

    Step 3: Understand the changes in Adobe packages for Creative Cloud (CC). Also, take into account that the license types are based on users, not devices.

    Step 4: Identify those users who only need a single license for a single application (e.g. Photoshop, InDesign, Muse).

    Step 5: Identify the users who require CC suites. Look at their usage of previous Adobe suites to get an idea of which CC suite they require. Did they have Design Suite Standard installed but only use one or two elements? This is a good way to ensure you do not overspend on Adobe licenses.

    Source: The ITAM Review

    Download Info-Tech’s Adobe ETLA Deployment Forecast tool to track Adobe installs within your environment and to determine usage needs.

    Acquiring Adobe Software

    Adobe offers four common licensing methods, which are reviewed in detail in the following slides.

    Most common purchasing models

    Points for consideration
    • Value Incentive Plan (VIP)
    • Cumulative Licensing Program (CLP)
    • Transactional Licensing Program (TLP)
    • Enterprise Term License Agreement (ETLA)
    • Adobe, as with many other large software providers, includes special benefits and rights when its products are purchased through volume licensing channels.
    • Businesses should typically refrain from purchasing individual OEM (shrink wrap) licenses or those meant for personal use.
    • Purchase record history is available online, making it easier for your organization to manage entitlements in the case of an audit.

    "Customers are not even obliged to manage all the licenses themselves. The reseller partners have access to the cloud console and can manage licenses on behalf of their customers. Even better, they can seize cross and upsell opportunities and provide good insight into the environment. Additionally, Adobe itself provides optimization services."

    B-lay

    CLP and TLP

    The CLP and TLP are transactional agreements generally used for the purchase of perpetual licenses. For example, they could be used for making Acrobat purchases if Creative Suite products are purchased on the ETLA.

    The image contains a screenshot of a table comparing CLP and TLP.

    Source: “Adobe Buying Programs Comparison Guide for Commercial and Government Organizations”

    VIP and ETLA

    The Value Incentive Plan is aimed at small- to medium-sized organizations with no minimum quantity required. However, there is limited flexibility to reduce licenses and limited price protection for future purchases. The ETLA is aimed at large organizations who wish to have new functionality as it comes out, license management portal, services, and security/IT control aspects.

    The image contains a screenshot of a table comparing VIP and ETLA.

    Source: “Adobe Buying Programs Comparison Guide for Commercial and Government Organizations”

    ETLA commitments risk creating “shelfware-as-a-service”

    The Adobe ETLA’s rigid contract parameters, true-up process, and unique deployment/provisioning mechanisms give technology/IT procurement leaders fewer options to maximize cost-usage alignment and to streamline opex costs.

    ☑ No ETLA price book is publicly published; pricing is controlled by the Adobe enterprise sales team.

    ☑ Adobe's retail pricing is a good starting point for negotiating discounted pricing.

    ☑ ETLA commitments are usually for three years, and the lack of a true-down option increases the risk involved in overbuying licenses should the organization encounter a business downturn or adverse event.

    ☑ Pricing discounts are the highest at the initial ETLA signing for the upfront volume commitment. The true-up pricing is discounted from retail but still higher than the signing cost per license.

    ☑ Technical support is included in the ETLA.

    ☑ While purchases typically go through value-added resellers (VARs), procurement can negotiate directly with Adobe.

    "For cloud products, it is less complex when it comes to purchasing and pricing. If larger quantities are purchased on a longer term, the discount may reach up to 15%. As soon as you enroll in the VIP program, you can control all your licenses from an ‘admin console’. Any updates or new functionalities are included in the original price. When the licenses expire, you may choose to renew your subscriptions or remove them. Partial renewal is also accepted. Of course, you can also re-negotiate your price if more subscriptions are added to your console."

    B-lay

    ETLA recommendations

    1. Assess the end-user requirements with a high degree of scrutiny. Perform an analysis that matches the licensee with the correct Adobe product SKU to reduce the risk of overspending.
    • Leverage metering data that identifies actual usage and lack thereof, match to user profile functional requirements, and then determine end users’ actual license requirements.
  • Build in time to evaluate alternative products where possible and position the organization to leverage a Plan B vendor to replace or mitigate growth on the Adobe platform. Re-evaluate options well in advance of the ETLA renewal.
  • Secure price protection through negotiating a price cap or an extended ETLA term beyond the standard three-year term. Short of obtaining an escalation cap, which Adobe is strongly resisting, build in price increases for the ETLA renewal years.
    • Demand price transparency and granularity in the proposal process.
    • Validate that volume discounts are appropriate and show through to the true-up line item pricing.
  • Negotiate a true-down mechanism upfront with Adobe if usage decline is inevitable or expected due to a merger or acquisition, divestiture, or material restructuring event.

    • INFO-TECH TIP: For further guidance on ETLAs and pricing, contact your Info-Tech representative to set up a call with an analyst.

    Use Info-Tech’s Adobe ETLA Deployment Forecast tool to match licensees with Adobe product SKUs.

    Prepare for Adobe’s true-up process

    How the true-up process works

    When adding a license, the true-up price will be prorated to 50% of the license cost for previous year’s usage plus 100% of the license cost for the next year. This back-charging adds up to 150% of the overall true-up license cost. In some rare cases, Adobe has provided an “unlimited” quantity for certain SKUs; these Unlimited ETLAs generally align with FTE counts and limit FTE increases to about 5%. Procurement must monitor and work with SAM/ITAM and stakeholder groups to restrain unnecessary growth during the term of an Unlimited ETLA to avoid the risk of cost escalation at renewal time.

    Higher-education specific

    Higher-education clients can license under the ETLA based on a prescribed number of user and classroom/lab devices and/or on a FTE basis. In these cases, the combination of Creative Cloud and Acrobat Pro volume must equal the FTE total, creating an enterprise footprint. FTE calculations establish the full-time faculty plus one-third of part-time faculty plus one-half of part-time staff.

    Info-Tech Insight

    Compliance takes a different form in terms of the ETLA true-up process. The completion of Adobe's transition to cloud-based licensing and verification has improved compliance rates via phone home telemetry such that pirated software is less available and more easily detected. Adobe has actually decommissioned its audit arm in the Americas and EMEA.

    Audits and software asset management with Adobe

    Watch out for:

    • Virtual desktops, freeware, and test and trial licenses
    • Adobe products that may be bundled into a suite; a manual check will be needed to ensure the suite isn’t recognized as a standalone license
    • Pirated licenses with a “crack” built into the software

    Simplify your process – from start to finish – with these steps:

    Determine License Entitlements

    Obtain documentation from internal records and Adobe to track licenses and upgrades to determine what licenses you own and have the right to use.

    Gather Deployment Information

    Leverage a software asset management tool or process to determine what software is deployed and what is/is not being used.

    Determine Effective License Position

    Compare license entitlements with deployment data to uncover surpluses and deficits in licensing. Look for opportunities.

    Plan Changes to License Position

    Meet with IT stakeholders to discuss the enterprise license program (ELP), short- and long-term project plans, and budget allocation. Plan and document licensing requirements.

    Adobe Genuine Software Integrity Service

    • This service was started in 2014 to combat non-genuine software sold by non-authorized resellers.
    • The service works hand in hand with the cloud movement to reduce piracy.
    • Every Adobe product now contains an executable file that will scan your machine for non-genuine software.
    • If non-genuine software is detected, the user will be notified and directed to the official Adobe website for next steps.

    Detailed list of Adobe licensing contract types

    The table below describes Adobe contract types beyond the four typical purchasing models explained in the previous slides:

    Option

    What is it?

    What’s included?

    For

    Term

    CLP (Cumulative Licensing Program)

    10,000 plus points, support and maintenance optional

    Select Adobe perpetual desktop products

    Business

    2 years

    EA (Adobe Enterprise Agreement)

    100 licenses plus maintenance and support for eligible Adobe products

    All applications

    100+ users requirement

    3 years

    EEA (Adobe Enterprise Education Agreement)

    Creative Cloud enterprise agreement for education establishments

    Creative Cloud applications without services

    Education

    1 or 2 years

    ETLA (Enterprise Term License Agreement)

    Licensing program designed for Adobe’s top commercial, government, and education customers

    All Creative Cloud applications

    Large enterprise companies

    3 years

    K-12 – Enterprise Agreement

    Enterprise agreement for primary and secondary schools

    Creative Cloud applications without services

    Education

    1 year

    K-12 – School Site License

    Allows a school to install a Creative Cloud on up to 500 school-owned computers regardless of school size

    Creative Cloud applications without services

    Education

    1 year

    TLP (Transactional Licensing Program)

    Agreement for SMBs that want volume licensing bonuses

    Perpetual desktop products only

    Aimed at SMBs, but Enterprise customers can use the TLP for smaller requirements

    N/A

    Upgrade Plan

    Insurance program for software purchased under a perpetual license program such as CLP or TLP for Creative Cloud upgrade

    Dependent on the existing perpetual estate

    Anyone

    N/A

    VIP (Value Incentive Plan)

    VIP allows customers to purchase, deploy, and manage software through a term-based subscription license model

    Creative Cloud of teams

    Business, government, and education

    Insight breakdown

    Insight 1

    Adobe operates in its own niche in the creative space, and Adobe users have grown accustomed to their products, making switching very difficult.

    Insight 2

    Adobe has transitioned the vast majority of its software offerings to the cloud-based subscription model. Active management of licenses, software provisioning, and consumption of cloud services is now an ongoing job.

    Insight 3

    With the vendor lock-in process nearly complete via the transition to a SaaS subscription model, Adobe is raising prices on an annual basis. Advance planning and strategic use of the ETLA is key to avoid budget-breaking surprises.

    Summary of accomplishment

    Knowledge Gained

    • The key pieces of licensing information that should be gathered about the current state of your own organization.
    • An in-depth understanding of the required licenses across all of your products.
    • Clear methodology for selecting the most effective contract type.
    • Development of measurable, relevant metrics to help track future project success and identify areas of strength and weakness within your licensing program.

    Processes Optimized

    • Understanding of the importance of licensing in relation to business objectives.
    • Understanding of the various licensing considerations that need to be made.
    • Contract negotiation.

    Deliverables Completed

    • Adobe ETLA Deployment Forecast
    • Adobe ETLA Forecasted Cost and Benefits
    • Adobe ETLA vs. VIP Pricing Table

    Related Info-Tech Research

    Take Control of Microsoft Licensing and Optimize Spend

    Create an Effective Plan to Implement IT Asset Management

    Establish an Effective System of Internal IT Controls to Mitigate Risks

    Optimize Software Asset Management

    Take Control of Compliance Improvement to Conquer Every Audit

    Cut PCI Compliance and Audit Costs in Half

    Bibliography

    “Adobe Buying Programs: At-a-glance comparison guide for Commercial and government organizations.” Adobe Systems Incorporated, 2014. Web. 1 Feb. 2018.

    “Adobe Buying Programs Comparison Guide for Commercial and Government Organizations.” Adobe Systems Incorporated, 2018. Web.

    “Adobe Buying Programs Comparison Guide for Education.” Adobe Systems Incorporated, 2018. Web. 1 Feb 2018.

    “Adobe Education Enterprise Agreement: Give your school access to the latest industry-leading creative tools.” Adobe Systems Incorporated, 2014. Web. 1 Feb. 2018.

    “Adobe Enterprise Term License Agreement for commercial and government organizations.” Adobe Systems Incorporated, 2016. Web. 1 Feb. 2018.

    Adobe Investor Presentation – October 2017. Adobe Systems Incorporated, 2017. Web. 1 Feb. 2018.

    Cabral, Amanda. “Students react to end of UConn-Adobe contract.” The Daily Campus (Uconn), 5 April 2017. Web. 1 Feb. 2018.

    de Veer, Patrick and Alecsandra Vintilescu. “Quick Guide to Adobe Licensing.” B-lay, Web. 1 Feb. 2018.

    “Find the best program for your organization.” Adobe, Web. 1 Feb 2018.

    Foxen, David. “Adobe Upgrade Simplified.” Snow Software, 7 Oct. 2016. Web.

    Frazer, Bryant. “Adobe Stops Reporting Subscription Figures for Creative Cloud.” Studio Daily. Access Intelligence, LLC. 17 March 2016. Web.

    “Give your students the power to create bright futures.” Adobe, Web. 1 Feb 2018.

    Jones, Noah. “Adobe changes subscription prices, colleges forced to pay more.” BG Falcon Media. Bowling Green State University, 18 Feb. 2015. Web. 1 Feb. 2018.

    Mansfield, Adam. “Is Your Organization Prepared for Adobe’s Enterprise Term License Agreements (ETLA)?” UpperEdge,30 April 2013. Web. 1 Feb. 2018.

    Murray, Corey. “6 Things Every School Should Know About Adobe’s Move to Creative Cloud.” EdTech: Focus on K-12. CDW LLC, 10 June 2013. Web.

    “Navigating an Adobe Software Audit: Tips for Emerging Unscathed.” Nitro, Web. 1 Feb. 2018.

    Razavi, Omid. “Challenges of Traditional Software Companies Transitioning to SaaS.” Sand Hill, 12 May 2015. Web. 1 Feb. 2018.

    Rivard, Ry. “Confusion in the Cloud.” Inside Higher Ed. 22 May 2013. Web. 1 Feb. 2018.

    Sharwood, Simon. “Adobe stops software licence audits in Americas, Europe.” The Register. Situation Publishing. 12 Aug. 2016. Web. 1 Feb. 2018.

    “Software Licensing Challenges Faced In The Cloud: How Can The Cloud Benefit You?” The ITAM Review. Enterprise Opinions Limited. 20 Nov. 2015. Web.

    White, Stephen. “Understanding the Impacts of Adobe’s Cloud Strategy and Subscriptions Before Negotiating an ETLA.” Gartner, 22 Feb. 2016. Web.

    Build a Software Quality Assurance Program

    • Buy Link or Shortcode: {j2store}284|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $20,972 Average $ Saved
    • member rating average days saved: 14 Average Days Saved
    • Parent Category Name: Testing, Deployment & QA
    • Parent Category Link: /testing-deployment-and-qa
    • Today’s rapidly scaling and increasingly complex products create mounting pressure on delivery teams to release new systems and changes quickly and with sufficient quality.
    • Many organizations lack the critical capabilities and resources needed to satisfy their growing testing backlog, risking product success.

    Our Advice

    Critical Insight

    • Testing is often viewed as a support capability rather than an enabler of business growth. It receives focus and investment only when it becomes a visible problem.
    • The rise in security risks, aggressive performance standards, constantly evolving priorities, and misunderstood quality policies further complicate QA as it drives higher expectations for effective practices.
    • QA starts with good requirements. Tests are only as valuable as the requirements they are validating and verifying. Early QA improves the accuracy of downstream tests and reduces costs of fixing defects late in delivery.
    • Quality is an organization-wide accountability. Upstream work can have extensive ramifications if all roles are not accountable for the decisions they make.
    • Quality must account for both business and technical requirements. Valuable change delivery is cemented in a clear understanding of quality from both business and IT perspectives.

    Impact and Result

    • Standardize your definition of a product. Come to an organizational agreement of what attributes define a high-quality product. Accommodate both business and IT perspectives in your definition.
    • Clarify the role of QA throughout your delivery pipeline. Indicate where and how QA is involved throughout product delivery. Instill quality-first thinking in each stage of your pipeline to catch defects and issues early.
    • Structure your test design, planning, execution, and communication practices to better support your quality definition and business and IT environments and priorities. Adopt QA good practices to ensure your tests satisfy your criteria for a high-quality and successful product.

    Build a Software Quality Assurance Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a strong foundation for quality, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define your QA process

    Standardize your product quality definition and your QA roles, processes, and guidelines according to your business and IT priorities.

    • Build a Strong Foundation for Quality – Phase 1: Define Your QA Process
    • Test Strategy Template

    2. Adopt QA good practices

    Build a solid set of good practices to define your defect tolerances, recognize the appropriate test coverage, and communicate your test results.

    • Build a Strong Foundation for Quality – Phase 2: Adopt QA Good Practices
    • Test Plan Template
    • Test Case Template
    [infographic]

    Workshop: Build a Software Quality Assurance Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your QA Process

    The Purpose

    Discuss your quality definition and how quality is interpreted from both business and IT perspectives.

    Review your case for strengthening your QA practice.

    Review the standardization of QA roles, processes, and guidelines in your organization.

    Key Benefits Achieved

    Grounded understanding of quality that is accepted across IT and between the business and IT.

    Clear QA roles and responsibilities.

    A repeatable QA process that is applicable across the delivery pipeline.

    Activities

    1.1 List your QA objectives and metrics.

    1.2 Adopt your foundational QA process.

    Outputs

    Quality definition and QA objectives and metrics.

    QA guiding principles, process, and roles and responsibilities.

    2 Adopt QA Good Practices

    The Purpose

    Discuss the practices to reveal the sufficient degree of test coverage to meet your acceptance criteria, defect tolerance, and quality definition.

    Review the technologies and tools to support the execution and reporting of your tests.

    Key Benefits Achieved

    QA practices aligned to industry good practices supporting your quality definition.

    Defect tolerance and acceptance criteria defined against stakeholder priorities.

    Identification of test scenarios to meet test coverage expectations.

    Activities

    2.1 Define your defect tolerance.

    2.2 Model and prioritize your tests.

    2.3 Develop and execute your QA activities.

    2.4 Communicate your QA activities.

    Outputs

    Defect tolerance levels and courses of action.

    List of test cases and scenarios that meet test coverage expectations.

    Defined test types, environment and data requirements, and testing toolchain.

    Test dashboard and communication flow.

    Streamline Application Maintenance

    • Buy Link or Shortcode: {j2store}402|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: 20 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Maintenance
    • Parent Category Link: /maintenance
    • Application maintenance teams are accountable for the various requests and incidents coming from a variety business and technical sources. The sheer volume and variety of requests create unmanageable backlogs.
    • The increasing complexity and reliance on technology within the business has set unrealistic expectations on maintenance teams. Stakeholders expect teams to accommodate maintenance without impact on project schedules.

    Our Advice

    Critical Insight

    • Improving maintenance’s focus and attention may mean doing less but more valuable work. Teams need to be realistic about what can be committed and be prepared to justify why certain requests have to be pushed down the backlog (e.g. lack of business value, high risks).
    • Maintenance must be treated like any other development activity. The same intake and prioritization practices and quality standards must be upheld, and best practices followed.

    Impact and Result

    • Justify the necessity of streamlined maintenance. Gain a grounded understanding of stakeholder objectives and concerns, and validate their achievability against the current state of the people, process, and technologies involved in application maintenance.
    • Strengthen triaging and prioritization practices. Obtain a holistic picture of the business and technical impacts, risks, and urgencies of each accepted maintenance requests in order to justify its prioritization and relevance within your backlog. Identify opportunities to bundle requests together or integrate them within project commitments to ensure completion.
    • Establish and govern a repeatable process. Develop a maintenance process with well-defined stage gates, quality controls, and roles and responsibilities, and instill development best practices to improve the success of delivery.

    Streamline Application Maintenance Research & Tools

    Start here – read the Executive Brief

    Read our Executive Brief to understand the common struggles found in application maintenance, their root causes, and the Info-Tech methodology to overcoming these hurdles.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand your maintenance priorities

    Understand the stakeholder priorities driving changes in your application maintenance practice.

    • Streamline Application Maintenance – Phase 1: Assess the Current Maintenance Landscape
    • Application Maintenance Operating Model Template
    • Application Maintenance Resource Capacity Assessment
    • Application Maintenance Maturity Assessment

    2. Instill maintenance governance

    Identify the appropriate level of governance and enforcement to ensure accountability and quality standards are upheld across maintenance practices.

    • Streamline Application Maintenance – Phase 2: Develop a Maintenance Release Schedule

    3. Enhance triaging and prioritization practices

    Build a maintenance triage and prioritization scheme that accommodates business and IT risks and urgencies.

    • Streamline Application Maintenance – Phase 3: Optimize Maintenance Capabilities

    4. Streamline maintenance delivery

    Define and enforce quality standards in maintenance activities and build a high degree of transparency to readily address delivery challenges.

    • Streamline Application Maintenance – Phase 4: Streamline Maintenance Delivery
    • Application Maintenance Business Case Presentation Document
    [infographic]

    Workshop: Streamline Application Maintenance

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Your Maintenance Priorities

    The Purpose

    Understand the business and IT stakeholder priorities driving the success of your application maintenance practice.

    Understand any current issues that are affecting your maintenance practice.

    Key Benefits Achieved

    Awareness of business and IT priorities.

    An understanding of the maturity of your maintenance practices and identification of issues to alleviate.

    Activities

    1.1 Define priorities for enhanced maintenance practices.

    1.2 Conduct a current state assessment of your application maintenance practices.

    Outputs

    List of business and technical priorities

    List of the root-cause issues, constraints, and opportunities of current maintenance practice

    2 Instill Maintenance Governance

    The Purpose

    Define the processes, roles, and points of communication across all maintenance activities.

    Key Benefits Achieved

    An in-depth understanding of all maintenance activities and what they require to function effectively.

    Activities

    2.1 Modify your maintenance process.

    2.2 Define your maintenance roles and responsibilities.

    Outputs

    Application maintenance process flow

    List of metrics to gauge success

    Maintenance roles and responsibilities

    Maintenance communication flow

    3 Enhance Triaging and Prioritization Practices

    The Purpose

    Understand in greater detail the process and people involved in receiving and triaging a request.

    Define your criteria for value, impact, and urgency, and understand how these fit into a prioritization scheme.

    Understand backlog management and release planning tactics to accommodate maintenance.

    Key Benefits Achieved

    An understanding of the stakeholders needed to assess and approve requests.

    The criteria used to build a tailored prioritization scheme.

    Tactics for efficient use of resources and ideal timing of the delivery of changes.

    A process that ensures maintenance teams are always working on tasks that are valuable to the business.

    Activities

    3.1 Review your maintenance intake process.

    3.2 Define a request prioritization scheme.

    3.3 Create a set of practices to manage your backlog and release plans.

    Outputs

    Understanding of the maintenance request intake process

    Approach to assess the impact, urgency, and severity of requests for prioritization

    List of backlog management grooming and release planning practices

    4 Streamline Maintenance Delivery

    The Purpose

    Understand how to apply development best practices and quality standards to application maintenance.

    Learn the methods for monitoring and visualizing maintenance work.

    Key Benefits Achieved

    An understanding of quality standards and the scenarios for where they apply.

    The tactics to monitor and visualize maintenance work.

    Streamlined maintenance delivery process with best practices.

    Activities

    4.1 Define approach to monitor maintenance work.

    4.2 Define application quality attributes.

    4.3 Discuss best practices to enhance maintenance development and deployment.

    Outputs

    Taskboard structure and rules

    Definition of application quality attributes with user scenarios

    List of best practices to streamline maintenance development and deployment

    5 Finalize Your Maintenance Practice

    The Purpose

    Create a target state built from appropriate metrics and attainable goals.

    Consider the required items and steps for the implementation of your optimization initiatives.

    Key Benefits Achieved

    A realistic target state for your optimized application maintenance practice.

    A well-defined and structured roadmap for the implementation of your optimization initiatives.

    Activities

    5.1 Refine your target state maintenance practices.

    5.2 Develop a roadmap to achieve your target state.

    Outputs

    Finalized application maintenance process document

    Roadmap of initiatives to achieve your target state

    Audit the Project Portfolio

    • Buy Link or Shortcode: {j2store}442|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • As a CIO you know you should audit your portfolio, but you don’t know where to start.
    • There is a lack of portfolio and project visibility.
    • Projects are out of scope, over budget, and over schedule.

    Our Advice

    Critical Insight

    • Organizations establish processes and assume people are following them.
    • There is a dilution of practices from external influences and rapid turnover rates.
    • Many organizations build their processes around existing frameworks. These frameworks are great resources but they’re often missing context and clear links to tools, templates, and fiduciary duty.

    Impact and Result

    • The best way to get insight into your current state is to get an objective set of observations of your processes.
    • Use Info-Tech’s framework to audit your portfolios and projects:
      • Triage at a high level to assess the need for an audit by using the Audit Standard Triage Tool to assess your current state and the importance of conducting a deeper audit.
      • Complete Info-Tech’s Project Portfolio Audit Tool:
        • Validate the inputs.
        • Analyze the data.
        • Review the findings and create your action plan.

    Audit the Project Portfolio Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should audit the project portfolio, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess readiness

    Understand your current state and determine the need for a deeper audit.

    • Audit the Project Portfolio – Phase 1: Assess Readiness
    • Info-Tech Audit Standard for Project Portfolio Management
    • Audit Glossary of Terms
    • Audit Standard Triage Tool

    2. Perform project portfolio audit

    Audit your selected projects and portfolios. Understand the gaps in portfolio practices.

    • Audit the Project Portfolio – Phase 2: Perform Project Portfolio Audit
    • Project Portfolio Audit Tool

    3. Establish a plan

    Document the steps you are going to take to address any issues that were uncovered in phase 2.

    • Audit the Project Portfolio – Phase 3: Establish a Plan
    • PPM Audit Timeline Template
    [infographic]

    Workshop: Audit the Project Portfolio

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Portfolio Audit

    The Purpose

    An audit of your portfolio management practices.

    Key Benefits Achieved

    Analysis of audit results.

    Activities

    1.1 Info-Tech’s Audit Standard/Engagement Context

    1.2 Portfolio Audit

    1.3 Input Validation

    1.4 Portfolio Audit Analysis

    1.5 Start/Stop/Continue

    Outputs

    Audit Standard and Audit Glossary of Terms

    Portfolio and Project Audit Tool

    Start/Stop/Continue

    2 Project Audit

    The Purpose

    An audit of your project management practices.

    Key Benefits Achieved

    Analysis of audit results.

    Activities

    2.1 Project Audit

    2.2 Input Validation

    2.3 Project Audit Analysis

    2.4 Start/Stop/Continue

    Outputs

    Portfolio and Project Audit Tool

    Start/Stop/Continue

    3 Action Plan

    The Purpose

    Create a plan to start addressing any vulnerabilities.

    Key Benefits Achieved

    A plan to move forward.

    Activities

    3.1 Action Plan

    3.2 Key Takeaways

    Outputs

    Audit Timeline Template

    Infrastructure & Operations Priorities 2022

    • Buy Link or Shortcode: {j2store}56|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Disruptive & Emerging Technologies
    • Parent Category Link: /disruptive-emerging-technologies
    • The expectation amongst IT professionals for permanent transformational change has gone up 30% year over year. Further, 47% expect a lot of permanent change in 2022.
    • We are experiencing a great rate of change concurrent with a low degree of predictability.
    • How do you translate a general trend into a specific priority you can work on?

    Our Advice

    Critical Insight

    • Trends don’t matter but pressure does: Trends can be analyzed based on the pressure they exert (or not) on your I&O practice. Organizing trends into categories based on source makes for a more successful and contextual analysis.
    • Different prioritization is being demanded in 2022. For the foreseeable future prioritization is about drawing a line, below which you can ignore items with a clean conscience.
    • The priorities you choose to advocate for will be how your leadership is evaluated in the upcoming year.

    Impact and Result

    • By reading through this publication, you will begin to address the age-old problem “You don’t know what you don’t know.”
    • More importantly you will have a framework to dive deeper into the trends most relevant to you and your organization.
    • Info-Tech can help you turn your strong opinion into a compelling case for your stakeholders.

    Infrastructure & Operations Priorities 2022 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Infrastructure & Operations Priorities 2022 – A framework to dive deeper into the trends most relevant to you and your organization

    Discover Info-Tech's four trends for Infrastructure & Operations leaders.

    • Infrastructure & Operations Priorities Report for 2022

    Infographic

    z-Series Modernization and Migration

    • Buy Link or Shortcode: {j2store}114|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    Under the best of circumstances, mainframe systems are complex, expensive, and difficult to scale. In today’s world, applications written for mainframe legacy systems also present significant operational challenges to customers compounded by the dwindling pool of engineers who specialize in these outdated technologies. Many organizations want to migrate their legacy applications to the cloud but to do so they need to go through a lengthy migration process that is made more challenging by the complexity of mainframe applications.

    Our Advice

    Critical Insight

    The most common tactic is for the organization to better realize their z/Series options and adopt a strategy built on complexity and workload understanding. To make the evident, obvious, the options here for the non-commodity are not as broad as with commodity server platforms and the mainframe is arguably the most widely used and complex non-commodity platform on the market.

    Impact and Result

    This research will help you:

    • Evaluate the future viability of this platform.
    • Assess the fit and purpose, and determine TCO
    • Develop strategies for overcoming potential challenges.
    • Determine the future of this platform for your organization.

    z/Series Modernization and Migration Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. z/Series Modernization and Migration Guide – A brief deck that outlines key migration options and considerations for the z/Series platform.

    This blueprint will help you assess the fit, purpose, and price; develop strategies for overcoming potential challenges; and determine the future of z/Series for your organization.

    • z/Series Modernization and Migration Storyboard

    2. Scale Up vs. Scale Out TCO Tool – A tool that provides organizations with a framework for TCO.

    Use this tool to play with the pre-populated values or insert your own amounts to compare possible database decisions, and determine the TCO of each. Note that common assumptions can often be false; for example, open-source Cassandra running on many inexpensive commodity servers can actually have a higher TCO over six years than a Cassandra environment running on a larger single expensive piece of hardware. Therefore, calculating TCO is an essential part of the database decision process.

    • Scale Up vs. Scale Out TCO Tool
    [infographic]

    Further reading

    z/Series Modernization and Migration

    The biggest migration is yet to come.

    Executive Summary

    Info-Tech Insight

    “A number of market conditions have coalesced in a way that is increasingly driving existing mainframe customers to consider running their application workloads on alternative platforms. In 2020, the World Economic Forum noted that 42% of core skills required to perform existing jobs are expected to change by 2022, and that more than 1 billion workers need to be reskilled by 2030.” – Dale Vecchio

    Your Challenge

    It seems like anytime there’s a new CIO who is not from the mainframe world there is immediate pressure to get off this platform. However, just as there is a high financial commitment required to stay on System Z, moving off is risky and potentially more costly. You need to truly understand the scale and complexity ahead of the organization.

    Common Obstacles

    Under the best of circumstances, mainframe systems are complex, expensive, and difficult to scale. In today’s world, applications written for mainframe legacy systems also present significant operational challenges to customers compounded by the dwindling pool of engineers who specialize in these outdated technologies. Many organizations want to migrate their legacy applications to the cloud, but to do so they need to go through a lengthy migration process that is made more challenging by the complexity of mainframe applications.

    Info-Tech Approach

    The most common tactic is for the organization to better realize its z/Series options and adopt a strategy built on complexity and workload understanding. To make the evident, obvious: the options here for the non-commodity are not as broad as with commodity server platforms and the mainframe is arguably the most widely used and complex non-commodity platform on the market.

    Review

    We help IT leaders make the most of their z/Series environment

    Problem statement:

    The z/Series remains a vital platform for many businesses and continues to deliver exceptional reliability and performance and play a key role in the enterprise. With the limited and aging resources at hand, CIOs and the like must continually review and understand their migration path with the same regard as any other distributed system roadmap.

    This research is designed for:

    IT strategic direction decision makers.

    IT managers responsible for an existing z/Series platform.

    Organizations evaluating platforms for mission critical applications.

    This research will help you:

    1. Evaluate the future viability of this platform.
    2. Assess the fit and purpose, and determine TCO.
    3. Develop strategies for overcoming potential challenges.
    4. Determine the future of this platform for your organization.

    Analyst Perspective

    Good Luck.

    Darin Stahl.

    Modernize the mainframe … here we go again.

    Prior to 2020, most organizations were muddling around in “year eleven of the four-year plan” to exit the mainframe platform where a medium-term commitment to the platform existed. Since 2020, it appears the appetite for the mainframe platform changed. Again. Discussions mostly seem to be about what the options are beyond hardware outsourcing or re-platforming to “cloud” migration of workloads – mostly planning and strategy topics. A word of caution: it would appear unwise to stand in front of the exit door for fear of being trampled.

    Hardware expirations between now and 2025 are motivating hosting deployments. Others are in migration activities, and some have already decommissioned and migrated but now are trying to rehab the operations team now lacking direction and/or structure.

    There is little doubt that modernization and “digital transformation” trends will drive more exit traffic, so IT leaders who are still under pressure to get off the platform need to assess their options and decide. Being in a state of perpetually planning to get off the mainframe handcuffs your ability to invest in the mainframe, address deficiencies, and improve cost-effectiveness.

    Darin Stahl
    Principal Research Advisor, Infrastructure & Operations Research
    Info-Tech Research Group

    The mainframe “fidget spinner”

    Thinking of modernizing your mainframe can cause you angst so grab a fidget spinner and relax because we have you covered!

    External Business Pressures:

    • Digital transformation
    • Modernization programs
    • Compliance and regulations
    • TCO

    Internal Considerations:

    • Reinvest
    • Migrate to a new platform
    • Evaluate public and vendor cloud alternatives
    • Hosting versus infrastructure outsourcing

    Info-Tech Insight

    With multiple control points to be addressed, care must be taken to simplify your options while addressing all concerns to ease operational load.

    The analyst call review

    “Who has Darin talked with?” – Troy Cheeseman

    Dating back to 2011, Darin Stahl has been the primary z/Series subject matter expert within the Infrastructure & Operations Research team. Below represents the percentage of calls, per industry, where z/Series advisory has been provided by Darin*:

    37% - State Government

    19% - Insurance

    11% - Municipality

    8% - Federal Government

    8% - Financial Services

    5% - Higher Education

    3% - Retail

    3% - Hospitality/Resort

    3% - Logistics and Transportation

    3% - Utility

    Based on the Info-Tech call history, there is a consistent cross section of industry members who not only rely upon the mainframe but are also considering migration options.

    Note:

    Of course, this only represents industries who are Info-Tech members and who called for advisory services about the mainframe.

    There may well be more Info-Tech members with mainframes who have no topic to discuss with us about the mainframe specifically. Why do we mention this?

    We caution against suggesting things like, ”somewhat less than 50% of mainframes live in state data centers” or any other extrapolated inference from this data.

    Our viewpoint and discussion is based on the cases and the calls that we have taken over the years.

    *37+ enterprise calls were reviewed and sampled.

    Scale out versus scale up

    For most workloads “scale out" (e.g. virtualized cloud or IaaS ) is going to provide obvious and quantifiable benefits.

    However, with some workloads (extremely large analytics or batch processing ) a "scale up" approach is more optimal. But the scale up is really limited to very specific workloads. Despite some assumptions, the gains made when moving from scale up to scale out are not linear.

    Obviously, when you scale out from a performance perspective you experience a drop in what a single unit of compute can do. Additionally, there will be latency introduced in the form of network overhead, transactions, and replication into operations that were previously done just bypassing object references within a single frame.

    Some applications or use cases will have to be architected or written differently (thinking about the high-demand analytic workloads at large scale). Remember the “grid computing” craze that hit us during the early part of this century? It was advantageous for many to distribute work across a grid of computing devices for applications but the advantage gained was contingent on the workload able to be parsed out as work units and then pulled back together through the application.

    There can be some interesting and negative consequences for analytics or batch operations in a large scale as mentioned above. Bottom line, as experienced previously with Microfocus mainframe ports to x86, the batch operations simply take much longer to complete.

    Big Data Considerations*:

    • Value: Data has no inherent value until it’s used to solve a business problem.
    • Variety: The type of data being produced is increasingly diverse and ranges from email and social media to geo-spatial and photographic data. This data may be difficult to process using a structured data model.
    • Volume: The sheer size of the datasets is growing exponentially, often ranging from terabytes to petabytes. This is complicating traditional data management strategies.
    • Velocity: The increasing speed at which data is being collected and processed is also causing complications. Big data is often time sensitive and needs to be captured in real time as it is streaming into the enterprise.

    *Build a Strategy for Big Data Platforms

    Consider your resourcing

    Below is a summary of concerns regarding core mainframe skills:

    1. System Management (System Programmers): This is the most critical and hard-to-replace skill since it requires in-depth low-level knowledge of the mainframe (e.g. at the MVS level). These are skills that are generally not taught anymore, so there is a limited pool of experienced system programmers.
    2. Information Management System (IMS) Specialists: Requires a combination of mainframe knowledge and data analysis skills, which makes this a rare skill set. This is becoming more critical as business intelligence takes on an ever-increasing focus in most organizations.
    3. Application Development: The primary concern here is a shortage of developers skilled in older languages such as COBOL. It should be noted that this is an application issue; for example, this is not solved by migrating off mainframes.
    4. Mainframe Operators: This is an easier skill set to learn, and there are several courses and training programs available. An IT person new to mainframes could learn this position in about six weeks of on-the-job training.
    5. DB2 Administration: Advances in database technology have simplified administration (not just for DB2 but also other database products). As a result, as with mainframe operators, this is a skill set that can be learned in a short period of time on the job.

    The Challenge

    An aging workforce, specialized skills, and high salary expectations

    • Mainframe specialists, such as system programmers and IMS specialists, are typically over 50, have a unique skill set, and are tasked with running mission-critical systems.

    The In-House Solution:

    Build your mentorship program to create a viable succession plan

    • Get your money’s worth out of your experienced staff by having them train others.
    • Operator skills take about six weeks to learn. However, it takes about two years before a system programmer trainee can become fully independent. This is similar to the learning curve for other platforms; however, this is a more critical issue for mainframes since organizations have far fewer mainframe specialists to fall back on when senior staff retire or move on.

    Understand your options

    Migrate to another platform

    Use a hosting provider

    Outsource

    Re-platform (cloud/vendors)

    Reinvest

    There are several challenges to overcome in a migration project, from finding an appropriate alternative platform to rewriting legacy code. Many organizations have incurred huge costs in the attempt, only to be unsuccessful in the end, so make this decision carefully.

    Organizations often have highly sensitive data on their mainframes (e.g. financial data), so many of these organizations are reluctant to have this data live outside of their four walls. However, the convenience of using a hosting provider makes this an attractive option to consider.

    The most common tactic is for the organization to adopt some level of outsourcing for the non-commodity platform, retaining the application support/development in-house.

    A customer can “re-platform” the non-commodity workload into public cloud offerings or in a few offerings
    “re-host.”

    If you’re staying with the mainframe and keeping it in-house, it’s important to continue to invest in this platform, keep it current, and look for opportunities to optimize its value.

    Migrate

    Having perpetual plans to migrate handcuffs your ability to invest in your mainframe, extend its value, and improve cost effectiveness.

    If this sounds like your organization, it’s time to do the analysis so you can decide and get clarity on the future of the mainframe in your organization.

    1. Identify current performance, availability, and security requirements. Assess alternatives based on this criteria.
    2. Review and use Info-Tech’s Mainframe TCO Comparison Tool to compare mainframe costs to the potential alternative platform.
    3. Assess the business risks and benefits. Can the alternative deliver the same performance, reliability, and security? If not, what are the risks? What do you gain by migrating?
    4. If migration is still a go, evaluate the following:
    • Do you have the expertise or a reliable third party to perform the migration, including code rewrites?
    • How long will the migration take? Can the business function effectively during this transition period?
    • How much will the migration cost? Is the value you expect to gain worth the expense?

    *3 of the top 4 challenges related to shortfalls of alternative platforms

    The image contains a bar graph that demonstrates challenges related to shortfalls of alternative platforms.

    *Source: Maximize the Value of IBM Mainframes in My Business

    Hosting

    Using a hosting provider is typically more cost-effective than running your mainframe in-house.

    Potential for reduced costs

    • Hosting enables you to reduce or eliminate your mainframe staff.
    • Economies of scale enable hosting providers to reduce software licensing costs. They also have more buying power to negotiate better terms.
    • Power and cooling costs are also transferred to the hosting provider.

    Reliable infrastructure and experienced staff

    • A quality hosting provider will have 24/7 monitoring, full redundancy, and proven disaster recovery capabilities.
    • The hosting provider will also have a larger mainframe staff, so they don’t have the same risk of suddenly being without those advanced critical skills.

    So, what are the risks?

    • A transition to a hosting provider usually means eliminating or significantly reducing your in-house mainframe staff. With that loss of in-house expertise, it will be next to impossible to bring the mainframe back in-house, and you become highly dependent on your hosting provider.

    Outsourcing

    The most common tactic is for the organization to adopt some level of outsourcing for the non-commodity platform, retaining the application support/development in-house.

    The options here for the non-commodity (z/Series, IBM Power platforms, for example) are not as broad as with commodity server platforms. More confusingly, the term “outsourcing” for these can include:

    Traditional/Colocation – A customer transitions their hardware environment to a provider’s data center. The provider can then manage the hardware and “system.”

    Onsite Outsourcing – Here a provider will support the hardware/system environment at the client’s site. The provider may acquire the customer’s hardware and provide software licenses. This could also include hiring or “rebadging” staff supporting the platform. This type of arrangement is typically part of a larger services or application transformation. While low risk, it is not as cost-effective as other deployment models.

    Managed Hosting – A customer transitions their legacy application environment to an off-prem hosted multi-tenanted environment. It will provide the most cost savings following the transition, stabilization, and disposal of existing environment. Some providers will provide software licensing, and some will also support “Bring Your Own,” as permitted by IBM terms for example.

    Info-Tech Insight

    Technical debt for non-commodity platforms isn’t only hardware based. Moving an application written for the mainframe onto a “cheaper” hardware platform (or outsourced deployment) leaves the more critical problems and frequently introduces a raft of new ones.

    Re-platform – z/Series COBOL Cloud

    Re-platforming is not trivial.

    While the majority of the coded functionality (JCLs, programs, etc.) migrate easily, there will be a need to re-code or re-write objects – especially if any object, code, or location references are not exactly the same in the new environment.

    Micro Focus has solid experience in this but if consider it within the context of an 80/20 rule (the actual metrics might be much better than that), meaning that some level of rework would have to be accomplished as an overhead to the exercise.

    Build that thought into your thinking and business case.

    AWS Cloud

    • Astadia (an AWS Partner) is re-platforming mainframe workloads to AWS. With its approach you reuse the original application source code and data to AWS services. Consider reviewing Amazon’s “Migrating a Mainframe to AWS in 5 Steps.”

    Azure Cloud

    Micro Focus COBOL (Visual COBOL)

    • Micro Focus' Visual COBOL also supports running COBOL in Docker containers and managing and orchestrating the containers with Kubernetes. I personally cannot imagine what sort of drunken bender decision would lead me to move COBOL into Docker and then use Kubernetes to run in GCP but there you are...if that's your Jam you can do it.

    Re-platform – z/Series (Non-COBOL)

    But what if it's not COBOL?

    Yeah, a complication for this situation is the legacy code.

    While re-platforming/re-hosting non-COBOL code is not new, we have not had many member observations compared to the re-platforming/re-hosting of COBOL functionality initiatives.

    That being said, there are a couple of interesting opportunities to explore.

    NTT Data Services (GLOBAL)

    • Most intriguing is the re-hosting of a mainframe environment into AWS. Not sure if the AWS target supports NATURAL codebase; it does reference Adabas however (Re-Hosting Mainframe Applications to AWS with NTT DATA Services). Nevertheless, NTT has supported re-platforming and NATURAL codebase environments previously.

    ModernSystems (or ModSys) has relevant experience.

    • ModSys is the resulting entity following a merger between BluePhoenix and ATERAS a number of years ago. ATERAS is the entity I find references to within my “wayback machine” for member discussions. There are also a number of published case studies still searchable about ATERAS’ successful re-platforming engagements, including the California Public Employees Retirement System (CalPERS) most famously after the Accenture project to rewrite it failed.

    ATOS, as a hosting vendor mostly referenced by customers with global locations in a short-term transition posture, could be an option.

    Lastly, the other Managed Services vendors with NATURAL and Adabas capabilities:

    Reinvest

    By contrast, reducing the use of your mainframe makes it less cost-effective and more challenging to retain in-house expertise.

    • For organizations that have migrated applications off the mainframe (at least partly to reduce dependency on the platform), inevitably there remains a core set of mission critical applications that cannot be moved off for reasons described on the “Migrate” slide. This is when the mainframe becomes a costly burden:
      • TCO is relatively high due to low utilization.
      • In-house expertise declines as workload declines and current staffing allocations become harder to justify.
    • Organizations that are instead adding capacity and finding new ways to use this platform have lower cost concerns and resourcing challenges. The charts below illustrate this correlation. While some capacity growth is due to normal business growth, some is also due to new workloads, and it reflects an ongoing commitment to the platform.

    *92% of organizations that added capacity said TCO is lower than for commodity servers (compared to 50% of those who did not add capacity)

    *63% of organizations that added capacity said finding resources is not very difficult (compared to 42% of those who did not add capacity)
    The image contains a bar graph as described in the above text. The image contains a bar graph as described in the above text.

    *Maximize the Value of IBM Mainframes in My Business

    An important thought about data migration

    Mainframe data migrations – “VSAM, IMS, etc.”

    • While the application will be replaced and re-platformed, there is the historical VIN data remaining in the VSAM files and access via the application. The challenge is that a bulk conversion can add upfront costs and delay the re-platforming of the application functionality. Some shops will break the historical data migration into a couple of phases.
    • While there are technical solutions to accessing VSAM data stores, what I have observed with other members facing a similar scenario is a need to “shrink” the data store over time. The technical accesses to historical VSAM records would also have a lifespan, and rather than kicking the can down the road indefinitely, many have turned to a process-based solution allowing them to shrink the historical data store over time. I have observed three approaches to the handling or digitization of historical records like this:

    Temporary workaround. This would align with a technical solution allowing the VASM files to be accessed using platforms other than on mainframe hardware (Micro Focus or other file store trickery). This can be accomplished relatively quickly but does run the risk of technology obsolesce for the workaround at some point in the future.

    Bulk conversion. This method would involve the extract/transform/load of the historical records into the new application platform. Often the order of the conversion is completed on work newest to oldest (the idea is that the newest historical records would have the highest likelihood of an access need), but all files would be converted to the new application and the old data store destroyed.

    Forward convert, which would have files undergo the extract/transform/load conversion into the new application as they are accessed or reopened. This method would keep historical records indefinitely or until they are converted – or the legal retention schedule allows for their destruction (hopefully no file must be kept forever). This could be a cost-efficient approach since the historical files remaining on the VSAM platform would be shrunk over time based on demand from the district attorney process. The conversion process could be automated and scripted, with a QR step allowing for the records to be deleted from the old platform.

    Info-Tech Insight

    It is not usual for organizations to leverage options #2 and #3 above to move the functionality forward while containing the scope creep and costs for the data conversions.

    Enterprise class job scheduling

    Job scheduling or data center automation?

    • Enterprise class job scheduling solutions enable complex unattended batched programmatically conditioned task/job scheduling.
    • Data center automation (DCIM) software automates and orchestrates the processes and workflow for infrastructure operations including provisioning, configuring, patching of physical, virtual, and cloud servers, and monitoring of tasks involved in maintaining the operations of a data center or Infrastructure environment.
    • While there maybe some overlap and or confusion between data center automation and enterprise class job scheduling solutions, data center automation (DCIM) software solutions are least likely to have support for non-commodity server platforms and lack robust scheduling functionality.

    Note: Enterprise job scheduling is a topic with low member interest or demand. Since our published research is driven by members’ interest and needs, the lack of activity or member demand would obviously be a significant influence into our ability to aggregate shared member insight, trends, or best practices in our published agenda.

    Data Center Automation (DCIM) Software

    Orchestration/Provisioning Software

    Enterprise class job scheduling features

    The feature set for these tools is long and comprehensive. The feature list below is not exhaustive as specific tools may have additional product capabilities. At a minimum, the solutions offered by the vendors in the list below will have the following capabilities:

    • Automatic restart and recovery
    • File management
    • Integration with security systems such as AD
    • Operator alerts
    • Ability to control spooling devices
    • Cross-platform support
    • Cyclical scheduling
    • Deadline scheduling
    • Event-based scheduling / triggers
    • Inter-dependent jobs
    • External task monitoring (e.g. under other sub-systems)
    • Multiple calendars and time-zones
    • Scheduling of packaged applications (such as SAP, Oracle, JD Edwards)
    • The ability to schedule web applications (e.g. .net, java-based)
    • Workload analysis
    • Conditional dependencies
    • Critical process monitoring
    • Event-based automation (“self-healing” processes in response to common defined error conditions)
    • Graphical job stream/workflow visualization
    • Alerts (job failure notifications, task thresholds (too long, too quickly, missed windows, too short, etc.) via multiple channels
    • API’s supporting programmable scheduler needs
    • Virtualization support
    • Workload forecasting and workload planning
    • Logging and message data supporting auditing capabilities likely to be informed by or compliant with regulatory needs such as Sarbanes, Gramme-Leach
    • Historical reporting
    • Auditing reports and summaries

    Understand your vendors and tools

    List and compare the job scheduling features of each vendor.

    • This is not presented as an exhaustive list.
    • The list relies on observations aggregated from analyst engagements with Info-Tech Research Group members. Those member discussions tend to be heavily tilted toward solutions supporting non-commodity platforms.
    • Nothing is implied about a solution suitability or capability by the order of presentation or inclusion or absence in this list.

    ✓ Advanced Systems Concepts

    ✓ BMC

    ✓ Broadcom

    ✓ HCL

    ✓ Fortra

    ✓ Redwood

    ✓ SMA Technologies

    ✓ StoneBranch

    ✓ Tidal Software

    ✓ Vinzant Software

    Info-Tech Insight

    Creating vendor profiles will help quickly filter the solution providers that directly meet your z/Series needs.

    Advanced Systems Concepts

    ActiveBatch

    Workload Management:

    Summary

    Founded in 1981, ASCs ActiveBatch “provides a central automation hub for scheduling and monitoring so that business-critical systems, like CRM, ERP, Big Data, BI, ETL tools, work order management, project management, and consulting systems, work together seamlessly with minimal human intervention.”*

    URL

    advsyscon.com

    Coverage:

    Global

    Amazon EC2

    Hadoop Ecosystem

    IBM Cognos

    DataStage

    IBM PureData (Netezza)

    Informatica Cloud

    Microsoft Azure

    Microsoft Dynamics AX

    Microsoft SharePoint

    Microsoft Team Foundation Server

    Oracle EBS

    Oracle PeopleSoft

    SAP

    BusinessObjects

    ServiceNow

    Teradata

    VMware

    Windows

    Linux

    Unix

    IBM i

    *Advanced Systems Concepts, Inc.


    BMC

    Control-M

    Workload Management:

    Summary

    Founded in 1980, BMCs Control-M product “simplifies application and data workflow orchestration on premises or as a service. It makes it easy to build, define, schedule, manage, and monitor production workflows, ensuring visibility, reliability, and improving SLAs.”*

    URL

    bmc.com/it-solutions/control-m.html

    Coverage:

    Global

    AWS

    Azure

    Google Cloud Platform

    Cognos

    IBM InfoSphere

    DataStage

    SAP HANA

    Oracle EBS

    Oracle PeopleSoft

    BusinessObjects

    ServiceNow

    Teradata

    VMware

    Windows

    Linux

    Unix

    IBM i

    IBM z/OS

    zLinux

    *BMC

    Broadcom

    Atomic Automation

    Autosys Workload Automation

    Workload Management:

    Summary

    Broadcom offers Atomic Automation and Autosys Workload Automation which ”gives you the agility, speed and reliability required for effective digital business automation. From a single unified platform, Atomic centrally provides the orchestration and automation capabilities needed accelerate your digital transformation and support the growth of your company.”*

    URL

    broadcom.com/products/software/automation/automic-automation

    broadcom.com/products/software/automation/autosys

    Coverage:

    Global


    Windows

    MacOS

    Linux

    UNIX

    AWS

    Azure

    Google Cloud Platform

    VMware

    z/OS

    zLinux

    System i

    OpenVMS

    Banner

    Ecometry

    Hadoop

    Oracle EBS

    Oracle PeopleSoft

    SAP

    BusinessObjects

    ServiceNow

    Teradata

    VMware

    Windows

    Linux

    Unix

    IBM i

    *Broadcom

    HCL

    Workload Automation

    Workload Management:

    Summary

    “HCL Workload Automation streamlined modelling, advanced AI and open integration for observability. Accelerate the digital transformation of modern enterprises, ensuring business agility and resilience with our latest version of one stop automation platform. Orchestrate unattended and event-driven tasks for IT and business processes from legacy to cloud and kubernetes systems.”*

    URL

    hcltechsw.com/workload-automation

    Coverage:

    Global


    Windows

    MacOS

    Linux

    UNIX

    AWS

    Azure

    Google Cloud Platform

    VMware

    z/OS

    zLinux

    System i

    OpenVMS

    IBM SoftLayer

    IBM BigInsights

    IBM Cognos

    Hadoop

    Microsoft Dynamics 365

    Microsoft Dynamics AX

    Microsoft SQL Server

    Oracle E-Business Suite

    PeopleSoft

    SAP

    ServiceNow

    Apache Oozie

    Informatica PowerCenter

    IBM InfoSphere DataStage

    Salesforce

    BusinessObjects BI

    IBM Sterling Connect:Direct

    IBM WebSphere MQ

    IBM Cloudant

    Apache Spark

    *HCL Software

    Fortra

    JAMS Scheduler

    Workload Management:

    Summary

    Fortra’s “JAMS is a centralized workload automation and job scheduling solution that runs, monitors, and manages jobs and workflows that support critical business processes.

    JAMS reliably orchestrates the critical IT processes that run your business. Our comprehensive workload automation and job scheduling solution provides a single pane of glass to manage, execute, and monitor jobs—regardless of platforms or applications.”*

    URL

    jamsscheduler.com

    Coverage:

    Global


    OpenVMS

    OS/400

    Unix

    Windows

    z/OS

    SAP

    Oracle

    Microsoft

    Infor

    Workday

    AWS

    Azure

    Google Cloud Compute

    ServiceNow

    Salesforce

    Micro Focus

    Microsoft Dynamics 365

    Microsoft Dynamics AX

    Microsoft SQL Server

    MySQL

    NeoBatch

    Netezza

    Oracle PL/SQL

    Oracle E-Business Suite

    PeopleSoft

    SAP

    SAS

    Symitar

    *JAMS

    Redwood

    Redwood SaaS

    Workload Management:

    Summary

    Founded in 1993 and delivered as a SaaS solution, ”Redwood lets you orchestrate securely and reliably across any application, service or server, in the cloud or on-premises, all inside a single platform. Automation solutions are at the core of critical business operations such as forecasting, replenishment, reconciliation, financial close, order to cash, billing, reporting, and more. Enterprises in every industry — from manufacturing, utility, retail, and biotech to healthcare, banking, and aerospace.”*

    URL

    redwood.com

    Coverage:

    Global


    OpenVMS

    OS/400

    Unix

    Windows

    z/OS

    SAP

    Oracle

    Microsoft

    Infor

    Workday

    AWS

    Azure

    Google Cloud Compute

    ServiceNow

    Salesforce

    Github

    Office 365

    Slack

    Dropbox

    Tableau

    Informatica

    SAP BusinessObjects

    Cognos

    Microsoft Power BI

    Amazon QuickSight

    VMware

    Xen

    Kubernetes

    *Redwood

    Fortra

    Robot Scheduler

    Workload Management:

    Summary

    “Robot Schedule’s workload automation capabilities allow users to automate everything from simple jobs to complex, event-driven processes on multiple platforms and centralize management from your most reliable system: IBM i. Just create a calendar of when and how jobs should run, and the software will do the rest.”*

    URL

    fortra.com/products/job-scheduling-software-ibm-i

    Coverage:

    Global


    IBM i (System i, iSeries, AS/400)

    AIX/UNIX

    Linux

    Windows

    SQL/Server

    Domino

    JD Edwards EnterpriseOne

    SAP

    Automate Schedule (formerly Skybot Scheduler)

    *Fortra

    SMA Technologies

    OpCon

    Workload Management:

    Summary

    Founded in1980, SMA offers to “save time, reduce error, and free your IT staff to work on more strategic contributions with OpCon from SMA Technologies. OpCon offers powerful, easy-to-use workload automation and orchestration to eliminate manual tasks and manage workloads across business-critical operations. It's the perfect fit for financial institutions, insurance companies, and other transactional businesses.”*

    URL

    smatechnologies.com

    Coverage:

    Global

    Windows

    Linux

    Unix

    z/Series

    IBM i

    Unisys

    Oracle

    SAP

    Microsoft Dynamics AX

    Infor M3

    Sage

    Cegid

    Temenos

    FICS

    Microsoft Azure Data Management

    Microsoft Azure VM

    Amazon EC2/AWS

    Web Services RESTful

    Docker

    Google Cloud

    VMware

    ServiceNow

    Commvault

    Microsoft WSUS

    Microsoft Orchestrator

    Java

    JBoss

    Asysco AMT

    Tuxedo ART

    Nutanix

    Corelation

    Symitar

    Fiserv DNA

    Fiserv XP2

    *SMA Technologies

    StoneBranch

    Universal Automation Center (UAC)

    Workload Management:

    Summary

    Founded in 1999, ”the Stonebranch Universal Automation Center (UAC) is an enterprise-grade business automation solution that goes beyond traditional job scheduling. UAC's event-based workload automation solution is designed to automate and orchestrate system jobs and tasks across all mainframe, on-prem, and hybrid IT environments. IT operations teams gain complete visibility and advanced control with a single web-based controller, while removing the need to run individual job schedulers across platforms.”*

    URL

    stonebranch.com/it-automation-solutions/enterprise-job-scheduling

    Coverage:

    Global

    Windows

    Linux

    Unix

    z/Series

    Apache Kafka

    AWS

    Databricks

    Docker

    GitHub

    Google Cloud

    Informatica

    Jenkins

    Jscape

    Kubernetes

    Microsoft Azure

    Microsoft SQL

    Microsoft Teams

    PagerDuty

    PeopleSoft

    Petnaho

    RedHat Ansible

    Salesforce

    SAP

    ServiceNow

    Slack

    SMTP and IMAP

    Snowflake

    Tableau

    VMware

    *Stonebranch

    Tidal Software

    Workload Automation

    Workload Management:

    Summary

    Founded in 1979, Tidal’s Workload Automation will “simplify management and execution of end-to-end business processes with our unified automation platform. Orchestrate workflows whether they're running on-prem, in the cloud or hybrid environments.”*

    URL

    tidalsoftware.com

    Coverage:

    Global

    CentOS

    Linux

    Microsoft Windows Server

    Open VMS

    Oracle Cloud

    Oracle Enterprise Linux

    Red Hat Enterprise Server

    Suse Enterprise

    Tandem NSK

    Ubuntu

    UNIX

    HPUX (PA-RISC, Itanium)

    Solaris (Sparc, X86)

    AIX, iSeries

    z/Linux

    z/OS

    Amazon AWS

    Microsoft Azure

    Oracle OCI

    Google Cloud

    ServiceNow

    Kubernetes

    VMware

    Cisco UCS

    SAP R/3 & SAP S/4HANA

    Oracle E-Business

    Oracle ERP Cloud

    PeopleSoft

    JD Edwards

    Hadoop

    Oracle DB

    Microsoft SQL

    SAP BusinessObjects

    IBM Cognos

    FTP/FTPS/SFTP

    Informatica

    *Tidal

    Vinzant Software

    Global ECS

    Workload Management:

    Summary

    Founded in 1987, Global ECS can “simplify operations in all areas of production with the GECS automation framework. Use a single solution to schedule, coordinate and monitor file transfers, database operations, scripts, web services, executables and SAP jobs. Maximize efficiency for all operations across multiple business units intelligently and automatically.”*

    URL

    vinzantsoftware.com

    Coverage:

    Global

    Windows

    Linux

    Unix

    iSeries

    SAP R/3 & SAP S/4HANA

    Oracle, SQL/Server

    *Vizant Software

    Activity

    Scale Out or Scale Up

    Activities:

    1. Complete the Scale Up vs. Scale Out TCO Tool.
    2. Compare total lifecycle costs to determine TCO.

    This activity involves the following participants:

    IT strategic direction decision makers

    IT managers responsible for an existing z/Series platform

    Organizations evaluating platforms for mission critical applications

    Outcomes of this step:

    • Completed Scale Up vs. Scale Out TCO Tool

    Info-Tech Insight

    This checkpoint process creates transparency around agreement costs with the business and gives the business an opportunity to re-evaluate its requirements for a potentially leaner agreement.

    Scale out versus scale up activity

    The Scale Up vs. Scale Out TCO Tool provides organizations with a framework for estimating the costs associated with purchasing and licensing for a scale-up and scale-out environment over a multi-year period.

    Use this tool to:

    • Compare the pre-populated values.
    • Insert your own amounts to contrast possible database decisions and determine the TCO of each.
    		The image contains screenshots of the Scale Up vs. Scale Out TCO Tool.

    Info-Tech Insight

    Watch out for inaccurate financial information. Ensure that the financials for cost match your maintenance and contract terms.

    Use the Scale Up vs. Scale Out TCO Tool to determine your TCO options.

    Related Info-Tech Research

    Effectively Acquire Infrastructure Services

    Acquiring a service is like buying an experience. Don’t confuse the simplicity of buying hardware with buying an experience.

    Outsource IT Infrastructure to Improve System Availability, Reliability, and Recovery

    There are very few IT infrastructure components you should be housing internally – outsource everything else.

    Build Your Infrastructure Roadmap

    Move beyond alignment: Put yourself in the driver’s seat for true business value.

    Define Your Cloud Vision

    Make the most of cloud for your organization.

    Document Your Cloud Strategy

    Drive consensus by outlining how your organization will use the cloud.

    Build a Strategy for Big Data Platforms

    Know where to start and where to focus attention in the implementation of a big data strategy.

    Create a Better RFP Process

    Improve your RFPs to gain leverage and get better results.

    Research Authors

    Darin Stahl.

    Darin Stahl, Principal Research Advisor, Info-Tech Research Group

    Darin is a Principal Research Advisor within the Infrastructure Practice, and leveraging 38+ years of experience, his areas of focus include: IT Operations Management, Service Desk, Infrastructure Outsourcing, Managed Services, Cloud Infrastructure, DRP/BCP, Printer Management, Managed Print Services, Application Performance Monitoring/ APM, Managed FTP, non-commodity servers (z/Series, mainframe, IBM i, AIX, Power PC).
    Troy Cheeseman.

    Troy Cheeseman, Practice Lead, Info-Tech Research Group

    Troy has over 25 years of IT management experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT Operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) start-ups.

    Bibliography

    “AWS Announces AWS Mainframe Modernization.” Business Wire, 30 Nov. 2021.
    de Valence, Phil. “Migrating a Mainframe to AWS in 5 Steps with Astadia?” AWS, 23 Mar. 2018.
    Graham, Nyela. “New study shows mainframes still popular despite the rise of cloud—though times are changing…fast?” WatersTechnology, 12 Sept. 2022.
    “Legacy applications can be revitalized with API.” MuleSoft, 2022.
    Vecchio, Dale. “The Benefits of Running Mainframe Applications on LzLabs Software Defined Mainframe® & Microsoft Azure.” LzLabs Sites, Mar. 2021.

    Establish Effective Security Governance & Management

    • Buy Link or Shortcode: {j2store}380|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $63,532 Average $ Saved
    • member rating average days saved: 24 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • The security team is unsure of governance needs and how to manage them.
    • There is a lack of alignment between key stakeholder groups
    • There are misunderstandings related to the role of policy and process.

    Our Advice

    Critical Insight

    Good governance stems from a deep understanding of how stakeholder groups interact with each other and their respective accountabilities and responsibilities. Without these things, organizational functions tend to interfere with each other, blurring the lines between governance and management and promoting ad–hoc decision making that undermines governance.

    Impact and Result

    • The first phase of this project will help you establish or refine your security governance and management by determining the accountabilities, responsibilities, and key interactions of your stake holder groups.
    • In phase two, the project will guide you through the implementation of essential governance processes: setting up a steering committee, determining risk appetite, and developing a policy exception-handling process.

    Establish Effective Security Governance & Management Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish Effective Security Governance and Management Deck – A step-by-step guide to help you establish or refine the governance model for your security program.

    This storyboard will take you through the steps to develop a security governance and management model and implement essential governance processes.

    • Establish Effective Security Governance & Management – Phases 1-2

    2. Design Your Governance Model – A security governance and management model to track accountabilities, responsibilities, stakeholder interactions, and the implementation of key governance processes.

    This tool will help you determine governance and management accountabilities and responsibilities and use them to build a visual governance and management model.

    • Security Governance Model Templates (Visio)
    • Security Governance Model Templates (PDF)
    • Security Governance Model Tool

    3. Organizational Structure Template – A tool to address structural issues that may affect your new governance and management model.

    This template will help you to implement or revise your organizational structure.

    • Security Governance Organizational Structure Template

    4. Information Security Steering Committee Charter & RACI – Templates to formalize the role of your steering committee and the oversight it will provide.

    These templates will help you determine the role a steering committee will play in your governance and management model.

    • Information Security Steering Committee Charter
    • Information Security Steering Committee RACI Chart

    5. Security Policy Lifecycle Template – A template to help you model your policy lifecycle.

    Once this governing document is customized, ensure the appropriate security policies are developed as well.

    • Security Policy Lifecycle Template

    6. Security Policy Exception Approval Process Templates – Templates to establish an approval process for policy exceptions and bolster policy governance and risk management.

    These templates will serve as the foundation of your security policy exception approval processes.

    • Security Policy Exception Approval Workflow (Visio)
    • Security Policy Exception Approval Workflow (PDF)
    • Policy Exception Tracker
    • Information Security Policy Exception Request Form

    Infographic

    Further reading

    Establish Effective Security Governance & Management

    The key is in stakeholder interactions, not policy and process.

    Analyst Perspective

    It's about stakeholder interactions, not policy and process.

    Many security leaders complain about a lack of governance and management in their organizations. They have policies and processes but find neither have had the expected impact and that the organization is teetering on the edge of lawlessness, with stakeholder groups operating in ways that interfere with each other (usually due to poorly defined accountabilities).

    Among the most common examples is security's relationship to the business. When these groups don't align, they tend to see each other as adversaries and make decisions in line with their respective positions: security endorses one standard, the business adopts another.

    The consequences of this are vast. Such an organization is effectively opposed to itself. No wonder policy and process have not resolved the issue.

    At a practical level, good governance stems from understanding how different stakeholder groups interact, providing inputs and outputs to each other and modeling who is accountable for what. But this implied accountability model needs to be formalized (perhaps even modified) before governance can help all stakeholder groups operate as strategic partners with clearly defined roles, responsibilities, and decision-making power. Only when policies and processes reflect this will they serve as effective tools to support governance.

    Logan Rohde, Senior Research Analyst, Security & Privacy

    Logan Rohde
    Senior Research Analyst, Security & Privacy
    Info-Tech Research Group

    Executive Summary

    Your Challenge Common Obstacles Info-Tech's Approach
    Ineffective governance and management processes, if they are adopted at all, can lead to:
    • An organization unsure of governance needs and how to manage them.
    • A lack of alignment between key stakeholder groups.
    • Misunderstandings related to the role of policy and process.
    		Most governance and management initiatives stumble because they do not address governance as a set of interactions and influences that stakeholders have with and over each other, seeing it instead as policy, process, and risk management. Challenges include:
    • Senior management disinterest
    • Stakeholders operating in silos
    • Separating governance from management
    		You will be able to establish a robust governance model to support the current and future state of your organization by accounting for these three essential parts:
    1. Determine governance accountabilities.
    2. Define management responsibilities.
    3. Model stakeholders' interactions, inputs, and outputs as part of business and security operations.

    Info-Tech Insight
    Good governance stems from a deep understanding of how stakeholder groups interact with each other and their respective accountabilities and responsibilities. Without these things, organizational functions tend to interfere with each other, blurring the lines between governance and management and promoting ad hoc decision making that undermines governance.

    Your challenge

    This research is designed to help organizations who need to:

    • Establish security governance from scratch.
    • Improve security governance despite a lack of cooperation from the business.
    • Determine the accountabilities and responsibilities of each stakeholder group.

    This blueprint will solve the above challenges by helping you model your organization's governance structure and implement processes to support the essential governance areas: policy, risk, and performance metrics.

    Percentage of organizations that have yet to fully advance to a maturity-based approach to security

    70%

    Source: McKinsey, 2021

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • The business does not wish to be governed and does not seek to align with security on the basis of risk.
    • Various stakeholder groups essentially govern themselves, causing business functions to interfere with each other.
    • Security teams struggle to differentiate between governance and management and the purpose of each.

    Early adopter infrastructure

    63%
    Security leaders not reporting to the board about risk or incident detection and prevention.
    Source: LogRhythm, 2021

    46%
    Those who report that senior leadership is confident cybersecurity leaders understand business goals.
    Source: LogRhythm, 2021

    Governance isn't just policy and process

    Governance is often mistaken for an organization's formalized policies and processes. While both are important governance supports, they do not provide governance in and of themselves.

    For governance to work well, an organization needs to understand how stakeholder groups interact with each other. What inputs and outputs do they provide? Who is accountable? Who is responsible? These are the questions one needs to ask before designing a governance structure. Failing to account for any of these three elements tends to result in overlap, inefficiency, and a lack of accountability, creating flawed governance.

    Separate governance from management

    Oversight versus operations

    • COBIT emphasizes the importance of separating governance from management. These are complementary functions, but they refer to different parts of organizational operation.
    • Governance provides a decision-making apparatus based on predetermined requirements to ensure smooth operations. It is used to provide oversight and direction and hinges on established accountabilities
    • Simply put, governance refers to what an organization is and is not willing to permit in day-to-day operations, and it tends to make its presence known via the key areas of risk appetite, formal policy and process, and exception handling.
      • Note: These key areas do not provide governance in and of themselves. Rather, governance emerges in accordance with the decisions an organization has made regarding these areas. Sometimes, however, these "decisions" have not been formally or consciously made and the current state of the organization's operations becomes the default - even when it is not working well.
    • Management, by contrast, is concerned with executing business processes in accordance with the governance model, essentially, governance provides guidance for how to make decisions during daily management.

    "Information security governance is the guiding hand that organizes and directs risk mitigation efforts into a business-aligned strategy for the entire organization."

    Steve Durbin,
    Chief Executive,
    Information Security Forum, Forbes, 2023

    Models for governance and management

    Info-Tech's Governance and Management research uses the logic of COBIT's governance and management framework but distills this guidance into a practical, easy-to-implement series of steps, moving beyond the rudimentary logic of COBIT to provide an actionable and personalized governance model.

    Governance Cycle

    Management Cycle

    Clear accountabilities and responsibilities

    Complementary frameworks to simplify governance and management

    The distinction that COBIT draws between governance and management is roughly equivalent to that of accountability and responsibility, as seen in the RACI* model.

    There can be several stakeholders responsible for something, but only one party can be accountable.

    Use this guidance to help determine the accountabilities and responsibilities of your governance and management model.

    *Responsible, Accountable, Consulted, Informed

    COBIT RACI chart

    Security governance framework

    A security governance framework is a system that will design structures, processes, accountability definitions, and membership assignments that lead the security department toward optimal results for the business.

    Governance is performed in three ways:

    1 Evaluate 2 Direct 3 Monitor
    For governance to be effective it must account for stakeholder interests and business needs. Determining what these are is the vital first step. Governance is used to determine how things should be done within an organization. It sets standards and provides oversight so decisions can be made during day-to-day management. Governance needs change and inefficiencies need to be revised. Therefore, monitoring key performance indicators is an essential step to course correct as organizational needs evolve.

    "Governance specifies the accountability framework and provides oversight to ensure that risks are adequately mitigated, while management ensures that controls are implemented to mitigate risks. Management recommends security strategies. Governance ensures that security strategies are aligned with business objectives and consistent with regulations."
    - EDUCAUSE

    Establish Effective Security Governance & Management

    SMART metrics

    Suggested targets to measure success

    Specific

    Measurable

    Achievable

    Relevant

    Time-Bound

    Examples
    Security's risk analyses will be included as part of the business decision-making process within three months after completing the governance initiative.
    Increase rate of security risk analysis using risk appetite within three months of project completion.
    Have stakeholder engagement supply input into security risk-management decisions within three months of completing phase one of blueprint.
    Reduce time to approve policy exceptions by 25%.
    Reduce security risk related to policy non-compliance by 50% within one year.
    Develop five KPIs to measure progress of governance and management within three months of completing blueprint.

    Info-Tech's methodology for security governance and management

    1. Design Your Governance Model 2. Implement Essential Governance Processes
    Phase Steps
    1. Evaluate
    2. Direct
    3. Monitor
    1. Implement Oversight
    2. Set Risk Appetite
    3. Implement Policy Lifecycle
    Phase Outcomes
    • Defined governance accountabilities
    • Defined management responsibilities
    • Record of key stakeholder interactions
    • Visual governance model
    • Key performance indicators (KPIs)
    • Established steering committee
    • Qualitative risk-appetite statements
    • Policy lifecycle
    • Policy exceptions-handling process

    Governance starts with mapping stakeholder inputs, outputs, and throughputs

    The key is in stakeholder interactions, not policy and process
    Good governance stems from a deep understanding of how stakeholder groups interact with each other and their respective accountabilities and responsibilities. Without these things, organizational functions tend to interfere with each other, blurring the lines between governance and management and promoting ad hoc decision making that undermines governance.

    Policy, process, and org. charts support governance but do not produce it on their own
    To be effective, these things need to be developed with the accountabilities and influence of the organizational functions that produce them.

    A lack of business alignment does not mean you're doomed to fail
    While the highest levels of governance maturity depend on strong security-business alignment, there are still tactics one can use to improve governance.

    All organizations have governance
    Sometimes it is poorly defined, ineffective, and occurs in the same place as management, but it exists at some level, acting as the decision-making apparatus for an organization (i.e. what can and cannot occur).

    Risk tolerances are variable across lines of business
    This can lead to misalignments between security and the business, as each may have their own tolerance for particular risks. The remedy is to understand the risk appetite of the business and allow this to inform security risk management decisions.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Security Governance Model Tool

    Security Governance Organizational Structure Template

    Information Security Steering Committee Charter & RACI

    Policy Exceptions-Handling Workflow

    Policy Exception Tracker and Request Form

    Key deliverable:

    Security Governance Model

    By the end of this blueprint, you will have created a personalized governance model to map your stakeholders' accountabilities, responsibilities, and key interactions.

    Blueprint benefits

    IT Benefits Business Benefits
    • Correct any overlapping and mismanaged security processes by assigning accountabilities and responsibilities to each stakeholder group.
    • Improve efficiency and effectiveness of the security program by separating governance from management.
    • Determine necessary inputs and outputs from stakeholder interactions to ensure the governance model functions as intended.
    • Improved support of business goals through security-business alignment.
    • Better risk management by defining risk appetite with security.
    • Increased stakeholder satisfaction via a governance model designed to meet their needs.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2
    Call #1: Scope requirements, objectives, and your specific challenges. Call #2: Determine governance requirements.
    Call #3: Review governance model.    		 Call #4: Determine KPIs.
    Call #5: Stand up steering committee.    		 Call #6: Set risk appetite.
    Call #7: Establish policy lifecycle.    		 Call #8: Revise exception-handing process.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 4 to 8 calls over the course of 2 to 3 months.

    Workshop Overview

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities Evaluate Direct Monitor Implement Essential Governance Processes Next Steps and Wrap-Up (offsite)
    1.1 Prioritize governance accountabilities
    1.2 Prioritize management responsibilities
    1.3 Evaluate organizational structure    		 2.1 Align with business
    2.2 Build security governance and management model
    2.3 Visualize security governance and management model    		 3.1 Develop governance and management KPIs 4.1 Draft steering committee charter
    4.2 Complete steering committee RACI
    4.3 Draft qualitative risk statements
    4.4 Define policy management lifecycle
    4.5 Establish policy exception approval process    		 5.1 Complete in-progress deliverables from previous four days
    5.2 Set up review time for workshop deliverables and to discuss next steps
    Deliverables
    1. Prioritized list of accountabilities and responsibilities
    2. Revised organizational structure
    1. Security governance and management model
    1. Security Metrics Determination and Tracking Tool
    2. KPI Development Worksheet
    1. Steering committee charter and RACI
    2. Risk-appetite statements
    3. Policy management lifecycle
    4. Policy exception approval process

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Customize your journey

    The security governance and management blueprint pairs well with security design and security strategy.

    • The governance and management model you create in this blueprint will inform efforts to improve security, like revisiting security program design and your security strategy.
    • Work with your member services director, executive advisor, or technical counselor to scope the journey you need. They will work with you to align the subject matter experts to support your roadmap and workshops.

    Workshop Day 1 and Day 2
    Security Governance and Management

    Workshop Day 3 and Day 4
    Security Strategy Gap Analysis or Security Program Design Factors

    Phase 1

    Design Your Governance Model

    Phase 1
    1.1 Evaluate
    1.2 Direct
    1.3 Monitor

    Phase 2
    2.1 Implement Oversight
    2.2 Set Risk Appetite
    2.3 Implement Policy lifecycle

    Establish Security Governance & Management

    This phase will walk you through the following activities:

    • Prioritize governance accountabilities
    • Prioritize management responsibilities
    • Evaluate current organizational structure
    • Align with the business
    • Build security governance and management model
    • Finalize governance and management model
    • Develop governance and management KPIs

    This phase involves the following participants:

    • CISO
    • CIO
    • Business representative

    Step 1.1

    Evaluate

    Activities
    1.1.1 Prioritize governance accountabilities
    1.1.2 Prioritize management responsibilities
    1.1.3 Evaluate current organizational structure

    This step involves the following participants:

    • CISO
    • CIO
    • Business representative

    Outcomes of this step

    • Defined governance accountabilities
    • Defined management responsibilities

    Design Your Governance Model

    Step 1.1 > Step 1.2 > Step 1.3

    Evaluate: Getting started

    Element Questions
    Compliance What voluntary or mandatory standards must be represented in my governance model?
    Legal What laws are the organization accountable to? Who is the accountable party?
    Business needs What does the business need to operate? What sort of informational or operational flows need to be accounted for?
    Culture How does the business operate? Are departments siloed or cooperative? Where does security fit in?
    Decision-making process How are decisions made? Who is involved? What information needs to be available to do so?
    Willingness to be governed Is the organization adverse to formal governance mechanisms? Are there any opportunities to improve alignment with the business?
    Relevant trends Are there recent developments (e.g. new privacy laws) that are likely to affect the organization in the future? Will this complicate or simplify governance modeling efforts?
    Stakeholder interests Who are the internal and external stakeholders that need to be represented in the governance model?

    The above is a summary of COBIT 2019 EDM01.01 Evaluate the governance system, along with Info-Tech-recommended questions to contextualize each element for your organization.

    1.1.1 Prioritize governance accountabilities

    1-2 hours

    Using the example on the next slide, complete the following steps.

    1. Download Info-Tech's Security Governance Model Tool using the link below and customize the stakeholder groups on tab 1 to reflect the makeup of your organization.
    2. Using the previous slide as a guide, evaluate your organization's internal and external pressures and discuss their possible impacts your governance and management model.
    3. Complete tab 2, Governance Prioritization, indicating your response to each prompt using the drop-down menus. The tool will score your responses and provide you with a prioritized list of governance accountabilities based on greatest need on tab 4, Governance Model Builder.
    4. Review the list and make any desired modifications to the prompts on tab 2 and then move on to Activity 1.1.2. (We will return to tab 4 in Step 2.1.) Remember to evaluate the results against the internal/external pressure analysis to ensure these details are reflected.

    Download the Security Governance Model Tool

    Input Output
    • List of governance pressures
  • Prioritized list of governance accountabilities
    		•
    Materials Participants
    • Security Governance Model Tool
    • CISO
    • CIO
    • Security Operations
    • Business representative (optional)

    Security Governance and Management Model Tool

    Tabs 2 and 3

    Security Governance and Management Model Tool

    1.1.2 Prioritize management responsibilities

    1 hours

    Using the examples on the previous slide, complete the following steps.

    1. Complete tab 3, Management Prioritization, indicating your response to each prompt using the drop-down menus. The tool will score your responses and provide you with a prioritized list of governance accountabilities based on greatest need on tab 4, Governance Model Builder.
    2. Review the list and make any desired modifications to the prompts on tab 3 and then move on to Activity 1.1.3. (We will return to tab 4 in Step 2.1.) Remember to evaluate the results against the internal/external pressure analysis to ensure these details are reflected.

    Download Security Governance Model Tool

    InputOutput
    • Pressure analysis
    • Prioritized list of management responsibilities
    MaterialsParticipants
    • Security Governance Model Tool
    • CISO
    • CIO
    • Business representative (optional)

    Security Governance and Management Model Tool

    Tab 4

    Security Governance and Management Model Tool Tab 4

    1.1.3 Evaluate current organizational structure

    1-3 hours

    1. Download and modify Info-Tech's Security Governance Organizational Structure Template to reflect the reporting structure at your organization. If such a document already exists, simply review it and move on to the next step below.
    2. Determine if the current organizational structure will negatively affect your ability to pursue the items in your prioritized lists from governance accountabilities and management responsibilities (e.g. conflicts of interest related to oversight or reporting), and discuss the feasibility of changing the current governance structure.
    3. Record these recommended changes and any other key points you'd like the business or other stakeholders to be aware of. We'll use this information in the business alignment exercise in Step 2.1

    Download the Security Governance Organizational Structure Template

    Input Output
    • Prioritized lists of governance accountabilities and management responsibilities
    • Updated organizational structure
    Materials Participants
    • Security Governance Organizational Structure Template
    • CISO

    Info-Tech resources

    Locate structural problems in advance

    • If you do not already have a diagram of your organization's reporting structure, use this template to create one. Examples are provided for high, medium, and low maturity.
    • The existing reporting structure will likely affect the governance model you create, as it may not be feasible to assign certain governance accountabilities and management responsibilities to certain stakeholders.
      • For example, it may make sense for the head of security to approve the security budget, but if they report to a CIO with greater authority that accountability will likely have to sit with the CIO instead.

    Download the Security Governance Organizational Structure Template

    Security Governance Organizational Structure

    Step 1.2

    Direct

    Activities
    1.2.1 Align with the business
    1.2.2 Build security governance and management model
    1.2.3 Finalize governance and management model

    This step involves the following participants:

    CISO

    CIO

    Business representative

    Outcomes of this step

    • Record of key stakeholder interactions
    • Visual governance model

    Design Your Governance Model

    Step 1.1 > Step 1.2 > Step 1.3

    Direct: Getting started

    Element Questions
    Business alignment Do we have a full understanding of the business's approach to risk and security's role to support business objectives?
    Organizational security process How well do our current processes work? Are we missing any key processes?
    Steering committee Will we use a dedicated steering committee to oversee security governance, or will another stakeholder assume this role?
    Security awareness Does the organization have a strong security culture? Does an effort need to be made to educate stakeholder groups on the role of security in the organization?
    Roles and responsibilities Does the organization use RACI charts or another system to define roles and document duties?
    Communication flows Do we have a good understanding of how information flows between stakeholder groups? Are there any gaps that need to be addressed (e.g. regular board reporting)?

    The above is a summary of COBIT 2019 EDM01.02 Direct the governance system, along with Info-Tech-recommended questions to contextualize each element for your organization.

    Embed security governance within enterprise governance

    Design structures, processes, authority definitions, and steering committee assignments to drive optimal business results.

    Embed security governance within enterprise governance

    1.2.1 Align with the business

    1-3 hours

    1. Request a meeting with the business to present your findings from the previous activities in Step 1.1. As you prepare for the meeting, remember to following points:
    • The goal here is to align, not to command. You want the business to see the security team as a strategic ally that supports the pursuit of business goals.
    • Make recommendations and explain any security risks associated with the direction the business wants to take, but the goal is not to strongarm the business into adopting your perspective.
    • Above all, listen to the business to learn more about how they relate to governance and what their priorities are. This will help you adapt your governance model to better support business needs.

    Info-Tech Insight
    A lack of business participation does not mean your governance initiative is doomed. From this lack, we can still infer their attitudes toward security governance, and we can account for this in our governance model. This may limit the maturity your program can reach, but it doesn't prevent improvements from being made to your current security governance.

    InputOutput
    • Prioritized lists of governance accountabilities and management responsibilities
    • Current organizational structure
    • List of recommendations or proposed changes
    • Security governance and management target state definition
    MaterialsParticipants
    • Means to capture key points of the conversation (e.g. notebook, recorded meeting)
    • CISO
    • CIO
    • Business representative

    1.2.2 Build security governance and management model

    1-2 hours

    Using the example on the next slide, complete the following steps:

    1. On tab 4, review the prioritized lists for governance accountabilities and management responsibilities and begin assigning them to the appropriate stakeholder groups.
    • Remember: Responsibilities can be assigned to up to four stakeholders, but there can be only one party listed as accountable.
  • Use the drop-down menus to record any interactions that occur between the groups (e.g. repots to, appoints, approves, oversees).
    • Documenting these interactions will help you ensure your governance program accounts for inputs and outputs that are required by, or that otherwise affect, your various stakeholder groups.

    Note: You may wish to review Info-Tech's governance model templates before completing this activity to get an idea of what you'll be working toward in this step. See slides 37-38.

    Download Security Governance Model Tool

    InputOutput
    • Prioritized lists of governance accountabilities and management responsibilities
    • Target state from business alignment exercise
    • Summary of governance model
    MaterialsParticipants
    • Security Governance Model Tool
    • CISO
    • CIO
    • Business representative (optional)

    Security Governance and Management Model Tool

    Tab 5

    Security Governance and Management Model Tool Tab 5

    Security Governance and Management Model Tool continued

    Tab 6

    Security Governance and Management Model Tool Tab 6

    1.2.3 Visualize your security governance and management model

    1-2 hours

    1. Download the Security Governance Model Templates using the link below and determine which of the three example models most closely resembles your own.
    2. Once you have chosen an example to work from, begin customizing it to reflect the governance model completed in Activity 1.2.2. See next slide for example.

    Note: You do not have to use these templates. If you prefer, you can use them as inspiration and design your own model.

    Download Security Governance Model Templates

    InputOutput
    • Results of Activity 2.1.2
    • Security governance and management model diagram
    MaterialsParticipants
    • Security Governance Model Templates
    • CISO

    Customize the template

    Customize the template

    Step 1.3

    Monitor

    Activities
    1.3.1 Develop governance and management KPIs

    This step involves the following participants:

    • CISO
    • CIO
    • Security team
    • Business representative

    Outcomes of this step

    Key performance indicators

    Design Your Governance Model

    Step 1.1 > Step 1.2 > Step 1.3

    Monitor: Getting started

    Element Questions
    Metrics Does the organization have a well-developed metrics program or will this need to be taken up as a separate effort? Have we considered what outcomes we are hoping to see as a result of implementing a new governance and management model?
    Existing and emerging threats What has changed or is likely to change in the future that may destabilize our governance program? What do we need to do to mitigate any security risks to our organizational governance and management?

    The above is a summary of COBIT 2019 EDM01.03 Monitor the governance system, along with Info-Tech-recommended questions to contextualize each element for your organization.

    1.3.1 Develop governance and management KPIs

    1-2 hours

    This activity is meant to provide a starting point for key governance metrics. To develop a comprehensive metrics program, see Info-Tech's Build a Security Metrics Program to Drive Maturity blueprint.

    1. Create a list of four to six outcomes you'd like to see as the result of your new governance model. Be as specific as you can; the better defied the outcome, the easier it will be to determine suitable KPI.
    2. For each desired outcome, determine what would best indicate that progress is being made toward that state.
    • Desired outcome: security team is consulted before critical business decisions are made.
    • Success criteria: the business evaluates Security's recommendations before starting new projects
    • Possible KPI: % of critical business decisions made with security consultation
    • See next slide for additional examples

    Note: Try to phrase each KPI using percents, which helps to add context to the metric and will make it easier to explain when reporting metrics in the future.

    Input Output
    • List of desired outcomes after new governance model implemented
    • Set of key performance indicators
    Materials Participants
    • Whiteboard
    • CISO
    • CIO
    • Security team
    • Business representative (optional)

    Example KPIs

    Desired Outcome Success Criteria Possible KPI
    Security team is consulted before critical business decisions are made The business evaluates Security's recommendations before starting new projects % of critical business decisions with Security consultation
    Greater alignment over risk appetite The business does not take on initiatives with excessive security risks % of incidents stemming from not following Security's risk management recommendations
    Reduced number of policy exceptions Policy exceptions are only granted when a clear need is present and a formal process is followed % of incidents stemming from policy exceptions
    Improved policy adherence Policies are understood and followed throughout the organization % of incidents stemming from policy violations

    Establish Baseline Metrics

    Baseline metrics will be improved through:

    1. Improved business alignment
    2. Developing formal process to manage security risks
    3. Separating governance from management
    Metric Current Goal
    % of critical business decisions with Security consultation 20% 100%
    % of incidents stemming from not following Security's risk management recommendations 65% 0%
    % of incidents stemming from policy exceptions 35% 5%
    % of incidents stemming from policy violations 40% 5%
    % of ad hoc decisions made (i.e. not accounted for by governance model 85% 5%
    % of accepted security risks evaluated against risk appetite 50% 100%
    % of deferred steering committee decisions (i.e. decisions not made ASAP after issue arises) 50% 5%
    % of policies approved within target window (e.g. 1 month) 20% 100%

    Phase 2

    Implement Essential Governance Processes

    Phase 1
    1.1 Evaluate
    1.2 Direct
    1.3 Monitor

    Phase 2
    2.1 Implement Oversight
    2.2 Set Risk Appetite
    2.3 Implement Policy Lifecycle

    This phase will walk you through the following activities:

    • Draft Steering Committee Charter
    • Complete Steering Committee RACI
    • Draft qualitative risk statements
    • Model policy lifecycle
    • Establish exceptions-handling process

    This phase involves the following participants:

    • CISO
    • CRO
    • CIO
    • HR
    • Internal Audit
    • Business representative
    • Legal

    Establish Security Governance & Management

    Step 2.1

    Implement Oversight

    Activities
    2.1.1 Draft steering committee charter
    2.1.2 Complete steering committee RACI

    This step involves the following participants:

    • CISO
    • CRO
    • CIO
    • HR
    • Internal Audit
    • Business representative
    • Legal

    Outcomes of this step

    Steering Committee Charter and RACI

    Implement Essential Governance Processes

    Step 2.1 > Step 2.2 > Step 2.3

    2.1.1 Draft steering committee charter

    1-3 hours

    This activity is meant to provide a starting point for your steering committee. If a more comprehensive approach is desired, see Info-Tech's Improve Security Governance With a Security Steering Committee blueprint.

    1. Download the template using the link below and review the various sections of the document
    2. Review slides 50-51 to help determine the scope of your steering committee's role. Discuss with other stakeholder groups, as necessary, to determine the steering committee's duties, how often the group will meet, and what the regular meeting agenda will be.
    3. Customize the template to suit your organization's needs.

    Download Information Security Steering Committee Charter

    Input Output
    • N/A
    • Steering Committee
    Materials Participants
    • Information Security Steering Committee Charter Template
    • CISO
    • CRO
    • CIO
    • HR
    • Internal Audit
    • Business representative
    • Legal

    Steering committee membership

    Representation is key, but don't try to please everyone

    • For your steering committee to be effective, it should include representatives from across the organization. However, it is important not to overextend committee membership, which can interfere with decision making.
    • Participants should be selected based on the identified responsibilities of the security steering committee, and the number of people should be appropriate to the size and complexity of the organization.

    Example steering committee

    CISO
    CRO
    Internal Audit
    CIO
    Business Leaders
    HR
    Legal

    Download Information Security Steering Committee Charter

    Typical steering committee duties

    Strategic Oversight Policy Governance
    • Provide oversight and ensure alignment between information security governance and company objectives.
    • Assess the adequacy of resources and funding to sustain and advance successful security programs and practices for identifying, assessing, and mitigating cybersecurity risks across all business functions.
    • Review control audit reports and resulting remediation plans to ensure business alignment
    • Review the company's cyber insurance policies to ensure appropriate coverage.
    • Provide recommendations, based on security best practices, for significant technology investments.
    • Review policy-exception requests to determine if potential security risks can be accepted or if a workaround exists.
    • Assess the ramifications of updates to policies and standards.
    • Establish standards and procedures for escalating significant security incidents to the board, other steering committees, government agencies, and law enforcement, as appropriate.

    Typical steering committee duties

    Risk Governance Monitoring and Reporting
    • Review and approve the company's information risk governance structure.
    • Assess the company's high-risk information assets and coordinate planning to address information privacy and security needs.
    • Provide input to executive management regarding the enterprise's information security risk tolerance.
    • Review the company's cyber-response preparedness, incident response plans, and disaster recovery capabilities as applicable to the organization's information security strategy.
    • Promote an open discussion regarding information risk and integrate information risk management into the enterprise's objectives.
    • Receive periodic reports and coordinate with management on the metrics used to measure, monitor, and manage cyber risks posed to the company and to review periodic reports on selected security risk topics as the committee deems appropriate.
    • Monitor and evaluate the quality and effectiveness of the company's technology security, capabilities for disaster recovery, data protection, cyber threat detection, and cyber incident response, and management of technology-related compliance risks.

    2.1.2 Complete steering committee RACI

    1-3 hours

    1. Download the RACI template and review the membership roles. Customize the template to match the makeup of your steering committee.
    2. Read through each task in the left-hand column and determine who will be involved:
    • R - responsible: the person doing the action (can be multiple)
    • A - accountable: the owner of the task, usually a department head who delegates the execution of the task (only assigned to one stakeholder)
    • C - consulted: stakeholders that offer some kind of guidance, advice, or recommendation (can be multiple)
    • I - Informed: stakeholders that receive status updates about the task (can be multiple)

    Note: All tasks must have accountability and responsibility assigned (sometimes a single stakeholder is accountable and responsible). However, not all tasks will have someone consulted or informed.

    Download Information Security Steering Committee RACI Chart

    InputOutput
    • N/A
    • Defined roles and responsibilities
    MaterialsParticipants
    • RACI Chart
    • CISO
    • CRO
    • CIO
    • HR
    • Internal Audit
    • Business representative
    • Legal

    Step 2.2

    Set Risk Appetite

    Activities
    2.2.1 Draft qualitative risk statements

    This step involves the following participants:

    • CISO
    • CIO
    • Business representative

    Outcomes of this step

    Qualitative risk appetite

    Implement Essential Governance Processes

    Step 2.1 > Step 2.2 > Step 2.3

    Know your appetite for risk

    What is an organizational risk appetite?

    Setting risk appetite is a key governance function, as it structures how your organization will deal with the risks it will inevitably face - when they can be accepted, when they need to be mitigated, and when they must be rejected entirely.

    It is important to note that risk appetite and risk tolerance are not the same. Risk appetite refers to the amount of risk the organization is willing to accept as part of doing business, whereas risk tolerance has more to do with individual risks affecting one or more lines of business that exceed that appetite. Such risks are often tolerated as individual cases that can be mitigated to an acceptable level of risk even though it exceeds the risk-appetite threshold.

    Chart Risk Appetite

    2.1.2 Draft qualitative risk-appetite statements

    1-3 hours

    This activity is meant to provide a starting point for risk governance. To develop a comprehensive risk-management program, see Info-Tech's Combine Security Risk Management Components Into One Program blueprint.

    1. Draft statements that express your attitudes toward the kinds of risks your organization faces. The point is to set boundaries to better understand when risk mitigation may be necessary.
      2. Examples:
    • We will not accept risks that may cause us to violate SLAs.
    • We will avoid risks that may prevent the organization from operating normally.
    • We will not accept risks that may result in exposure of confidential information.
    • We will not accept risks that may cause significant brand damage.
    • We will not accept risks that pose undue risk to human life or safety.
    InputOutput
    • Definitions for high, medium, low impact and frequency
    • Set of qualitative risk-appetite statements
    MaterialsParticipants
    • Whiteboard
    • CISO
    • CIO
    • Business representative

    Step 2.3

    Implement Policy Lifecycle

    Activities
    2.3.1 Model your policy lifecycle
    2.3.2 Establish exception-approval process

    This step involves the following participants:

    • CISO
    • CIO

    Outcomes of this step

    Policy lifecycle

    Exceptions-handling process

    Implement Essential Governance Processes

    Step 2.1 > Step 2.2 > Step 2.3

    2.3.1 Model your policy lifecycle

    1-3 hours

    This activity is meant to provide a starting point for policy governance. To develop a comprehensive policy-management program, see Info-Tech's Develop and Deploy Security Policies blueprint.

    1. Review the sections within the Security Policy Lifecycle Template and delete any sections or subsections that do not apply to your organization.
    2. As necessary, modify the lifecycle and receive approved sign-off by your organization's leadership.
    3. Solicit feedback from stakeholders, specifically, IT department management and business stakeholders.

    Download the Security Policy Lifecycle Template

    InputOutput
    • N/A
    • Policy lifecycle
    MaterialsParticipants
    • Security Policy Lifecycle Template
    • CISO
    • CIO

    Develop the security policy lifecycle

    The security policy lifecycle is an integral component of the security policy program and adds value by:

    • Setting out a roadmap to define needs, develop required documentation, and implement, communicate, and measure your policy program.
    • Defining roles and responsibilities for the security policy suite.
    • Aligning the business goals, security program goals, and policy objectives.

    Security Policy Lifecycle

    Diagram inspired by: ComplianceBridge, 2021

    2.3.2 Establish exception-approval process

    1-3 hours

    1. Download the Security Policy Exception Approval Template and customize it to match your exception-handling process. Be sure to account for the recommendations on the next slide.
    2. Use the Policy Exception Tracker to record and monitor granted exceptions.

    Download the Security Policy Exception Approval Workflow

    Download the Security Policy Exception Tracker

    Input Output
    • Answers to questions provided
    • Exception-handling process
    Materials Participants
    • Security Policy Exception Approval Workflow
    • Security Policy Exception Tracker
    • CISO
    • CIO

    Determine criteria to grant policy exception

    A key part of security risk and policy governance

    • Not all policies can be complied with all the time. As technology and business needs change, sometimes exceptions must be granted for operations to continue smoothly.
    • Exceptions can be either short or long term.
      • Short-term exceptions are often granted until a particular security gap can be closed, such as allowing staff to temporarily use new laptops that have yet to receive a required VPN for remote access.
      • Long-term exceptions usually occur when closing the gap entirely is not feasible. For example, a legacy system may be unable to meet evolving security standards, but there is no room in the budget to replace it.
    • Having a formal approval process for exceptions and a record of granted exceptions will help you to stay on top of security risk governance.

    Before granting an exception:

    1. Assess security risks associated with doing so: are they acceptable?
    2. Look for another way to resolve the issue: is a suitable workaround possible?
    3. Evaluate mitigating controls: is it possible to provide an equivalent level of security via other means?
    4. Assign risk ownership: who will be accountable if an incident arises from the exception?
    5. Determine appeals process: when disagreements arise, how will the final decision be made?

    Sources: University of Virginia; CIS

    Summary of Accomplishment

    Problem Solved

    You have now established a formal governance model for your organization - congratulations! Building this model and determining stakeholders' accountabilities and responsibilities is a big step.

    Remember to continue to use the evaluate-direct-monitor framework to make sure your governance model evolves as organizational governance matures and priorities shift.

    If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation.

    Contact your account representative for more information.
    workshops@infotech.com
    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Build Governance Model
    Build a customized security governance model for your organization.

    Develop policy lifecycle
    Develop a policy lifecycle and exceptions-handling process.

    Related Info-Tech Research

    Build an Information Security Strategy

    Design a Business-Focused Security Program

    Combine Security Risk Management Components Into One Program

    Research contributors and experts

    Michelle Tran, Consulting Industry

    Michelle Tran
    Consulting Industry

    One anonymous contributor

    Bibliography

    Durbin, Steve. "Achieving The Five Levels Of Information Security Governance." Forbes, 4 Apr. 2023. Accessed 4 Apr. 2023.

    Eiden, Kevin, et al. "Organizational Cyber Maturity: A Survey of Industries." McKinsey & Company, 4 Aug. 2021. Accessed 25 Apr. 2023.

    "Information Security Exception Policy." Center for Internet Security, 2020. Accessed 14 Apr. 2023.

    "Information Security Governance." EDUCAUSE, n.d. Accessed 27 Apr. 2023.

    ISACA. COBIT 2019 Framework: Governance and Management Objectives. GF Books, 2018.

    Policies & Procedures Team. "Your Policy for Policies: Creating a Policy Management Framework." ComplianceBridge, 30 Apr. 2021. Accessed 27 Apr. 2023.

    "Security and the C-Suite: Making Security Priorities Business Priorities." LogRhythm, Feb. 2021. Accessed 25 Apr 2023.

    University of Virginia. "Policy, Standards, and Procedures Exceptions Process." Information Security at UVA, 1 Jun. 2022. Accessed 14 Apr. 2023

    Adapt Your Onboarding Process to a Virtual Environment

    • Buy Link or Shortcode: {j2store}577|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Attract & Select
    • Parent Category Link: /attract-and-select
    • For many, the WFH arrangement will be temporary, however, the uncertainty around the length of the pandemic makes it hard for organizations to plan long term.
    • As onboarding plans traditionally carry a six- to twelve-month outlook, the uncertainty around how long employees will be working remotely makes it challenging to determine how much of the current onboarding program needs to change. In addition, introducing new technologies to a remote workforce and planning training on how to access and effectively use these technologies is difficult.

    Our Advice

    Critical Insight

    • The COVID-19 pandemic has led to a virtual environment many organizations were not prepared for.
    • Focusing on critical parts of the onboarding process and leveraging current technology allows organizations to quickly adapt to the uncertainty and constant change.

    Impact and Result

    • Organizations need to assess their existing onboarding process and identify the parts that are critical.
    • Using the technology currently available, organizations must adapt onboarding to a virtual environment.
    • Develop a plan to re-assess and update the onboarding program according to the duration of the situation.

    Adapt Your Onboarding Process to a Virtual Environment Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess current onboarding processes

    Map the current onboarding process and identify the challenges to a virtual approach.

    • Adapt Your Onboarding Process to a Virtual Environment Storyboard
    • Virtual Onboarding Workbook
    • Process Mapping Guide

    2. Modify onboarding activities

    Determine how existing onboarding activities can be modified for a virtual environment.

    • Virtual Onboarding Ideas Catalog
    • Performance Management for Emergency Work-From-Home

    3. Launch the virtual onboarding process and plan to re-assess

    Finalize the virtual onboarding process and create an action plan. Continue to re-assess and iterate over time.

    • Virtual Onboarding Guide for HR
    • Virtual Onboarding Guide for Managers
    • HR Action and Communication Plan
    • Virtual Onboarding Schedule
    [infographic]

    Explore the Secrets of Oracle Cloud Licensing

    • Buy Link or Shortcode: {j2store}142|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: 5 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Organizations are considering moving workloads to the cloud; however, they often struggle to understand Oracle's licensing and services models.
    • Complexity of licensing and high price tags can make the renewal process an overwhelming experience.
    • Oracle’s SaaS applications are the most mature, but Oracle’s on-premises E-Business Suite still has functionality gaps in comparison to Oracle’s cloud apps.

    Our Advice

    Critical Insight

    • Understand the Oracle agenda. Oracle has established a unique approach to their cloud offerings – they want all of your workloads on the Red Stack.
    • Communicate effectively. Be aware that Oracle will reach out to members at your organization at various levels. Having your executives on the same page is critical to successfully managing Oracle.
    • Negotiate hard. Oracle needs the deal more than the customer. Oracle's top leaders are heavily incentivized to drive massive cloud adoption and increase Oracle's share price. Use this to your advantage.

    Impact and Result

    • Conducting business with Oracle is not typical compared to other vendors. To emerge successfully from a commercial transaction with Oracle, customers must learn the “Oracle way” of conducting business, which includes a best-in-class sales structure, highly unique contracts, and license use policies coupled with a hyper-aggressive compliance function.
    • Leverage cloud spend to retire support on shelf-ware licenses, or gain virtualization rights for an on-premises environment.
    • Map out the process of how to negotiate from a position of strength, examining terms and conditions, discount percentages, and agreement pitfalls.
    • Carefully review key clauses in the Oracle Cloud Services Agreement to avoid additional spend and compliance risks.

    Explore the Secrets of Oracle Cloud Licensing Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should explore the secrets of Oracle Cloud licensing, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evaluate licensing requirements

    Review current licensing options and models to determine which cloud products will most appropriately fit the organization's environment.

    • Oracle Cloud Services Agreement Terms and Conditions Evaluation Tool
    [infographic]

    Safety as a secondary consideration

    • Large vertical image:
    • member rating overall impact: Very High
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    This is a story that should make you perk up.

    I know of a department that was eager to launch their new product. The strain was severe. The board was breathing down their necks. Rivals were catching up (or so they thought).

    What did they do?

    "Let's get this thing live, prove the market wants it, then we'll circle back and handle all the security and stability backlog items." For the product owner, at the time, that seemed the right thing to do.

    They were hacked 48 hours after going live.

    Customer information was stolen. The brand's reputation suffered. The decision led to a months-long legal nightmare. And they still had to completely rebuild the system. Making stability and security bolt-on items is never a good idea.

    The true price of "fix it later"

    See, I understand. When the product owner is pressing for user experience enhancements and you're running out of time for launch, it's easy to overlook those "non-functional requirements." Yet, we should avoid blaming the product owner. The PO is under pressure from many stakeholders, and a delayed launch may also come with significant costs.

    Load balancing isn't visible to customers, after all. Penetration testing doesn't excite them. Failure mechanisms don't matter to them. This statement is true until a malfunction impacts a client. Then it suddenly becomes the most important thing in the world.

    However, I know that ignoring non-functional requirements (NFRs) can lead to failed businesses (or business lines). This elevates these issues beyond mere technical inconveniences. NFRs are designed with the client in mind.

    Look at it this way. When your system crashes during periods of high traffic, how does the user experience change? How satisfied are customers when their personal information is stolen? When it takes 30 seconds for your website to load, how does that conversion rate look?

    Let me expose you to some consultant figures. The average cost of IT outages is $5,600 per minute, according to a 2014 Gartner study. That figure can rise to $300,000 per hour for larger businesses. The reality is that in your department, you will rarely reach these numbers. When we look at current (2020-2025) and expected (2026) trends, the typical operational loss numbers in international commercial banking or insurance are closer to 100K for high-impact incidents that are handled within 2–3 hours.

    Obviously, your numbers will vary. And if you don't know what your costs are, now would be a good time to discover that. This does not imply that you should simply accept the risks associated with such situations. You must fix or mitigate such opportunities for hackers to get in. Do so at the appropriate cost for your business.

    Data breaches are a unique phenomenon. According to IBM's Cost of a Data Breach Report 2025, a data breach typically costs $4.44 million, and detecting and containing it takes an average of 241 days. Some preview data from the 2025 report include that 97% of organizations that reported on the study indicated that they lacked access controls for their AI systems. That means that many companies don't even have the basics in order. And AI-related breaches are just going to accelerate. AI security defenses will help lower the cost of such breaches.

    Despite the decreasing cost of these breaches, I anticipate an increase in their frequency in the upcoming years.

    This means that non-functional requirements in terms of security and resilience should take a more prominent place in the prioritizations. Your client depends on your systems being safe, resilient, and performant.

    The blind spot in leadership

    And yet, this is where some leaders make mistakes. I have the impression they believe that client-focused design means more functionality and elegant interfaces. They prioritize user experience enhancements over system reliability.

    I want to share a key fact that distinguishes successful businesses: customers desire more than just a good product. It must always function for them. And that means following certain procedures. They are not there to hamper you; they are there to retain customers.

    88% of online shoppers are less likely to visit a website again after a negative experience, according to research from Forrester. Amazon found that they lose 1% of sales for every 100 ms of latency. That 100 milliseconds adds up to millions of lost profits when billions of dollars are at stake.

    You run the risk of more than just technical difficulties when you deprioritize safety. Customer trust, revenue stability, competitive advantage, adherence to the law, costs, and team morale are all at stake.

    The "happy flow" trap is costing you revenue.

    Allow me to illustrate what I see happening during development cycles.

    The team tests the happy flow. The user successfully logs in. The user navigates with ease. The user makes the purchase without any problems. The user logs off without incident.

    "Excellent! Publish it!"

    However, what occurs if 1000 users attempt to log in at once? What occurs if an attempt is made to insert malicious code into your contact form? During a transaction, what happens if your database connection fails?

    These are not extreme situations. These are real-life occurrences.

    Fifty percent of data center managers and operators reported having an impactful outage in the previous three years, according to the Uptime Institute's 2025 Global Data Center Survey. Note that this is at the infra level. The biggest contributor is power outages. What role does power play in ensuring a smooth flow? Power will not always flow as you want it, so plan for lack of power and for spikes.

    With regard to software failures, the spread of possible causes widens. AI is a big contributor. AI is typically brought in to accelerate development and assist in coding. But it tends to introduce subtle bugs and vulnerabilities that a seasoned developer has to review and solve.

    Another upcoming article will discuss how faster release cycles often lead to a rush in testing. This should not be the case; by spending some time automating your (non-)regression test bank, you will gain speed. But you have to invest time in building the test suite.

    Can your system handle success? This question should keep every executive awake at night.

    I've witnessed businesses invest millions in advertising campaigns to drive traffic to systems that fail due to their success. Consider describing to your board how your greatest marketing victory became your worst operational mishap.

    Managing traffic spikes is only one aspect of load balancing. It is about ensuring that your business can handle opportunities without being overwhelmed.

    The mindset that transforms everything

    Let's now address the most pressing issue: security.

    The majority of leaders consider security to be like insurance, something you hope you never need. The fact that security is more than just protection, however, will alter the way you approach every project. It's approval to develop.

    According to the Ponemon Institute's 2025 Cost of Insider Threats Global Report, the average annualized cost of insider threats, defined as employee negligence, criminal insiders, and credential thieves, has risen to $17.4 million per incident, up from $15.4 million in 2022. The number of discovered and analyzed incidents increased from 3,269 in 2018 to 7,868 in 2025 research studies. 

    Cybersecurity Ventures predicts that cybercrime will cost the global economy $10.5 trillion annually by 2025.

    The most fascinating thing, though, is that companies that invest in proactive security see measurable outcomes. Organizations that allocate over 10% of their IT budget to cybersecurity have a 2.5-fold higher chance of experiencing no security incidents than those that allocate less than 1%, per Deloitte's Future of Cyber Survey.

    By hardening your systems against common attack vectors, you can scale quickly without worrying about the future. You can handle sensitive data with confidence, enter new markets without fear, establish partnerships that require trust, and focus on innovation instead of crisis management.

    The non-functional needs that genuinely generate income

    Allow me to explain this in a way that will satisfy your CFO.

    Retention is equal to reliability. Customers return when a system functions reliably (given you sell items they want). The Harvard Business Review claims that a 5% increase in customer retention rates boosts profits by 25% to 95%. It is five to twenty-five times less expensive to retain customers than to acquire new ones.

    Scalability is equal to security. Secure systems can handle larger client volumes, more sensitive data, and higher-value transactions. 69% of board members and C-suite executives think that privacy and cyber risks could affect their company's ability to grow, according to PwC.

    Profit is equal to performance. You lose conversions for every second of load time. Google discovered that the likelihood of a bounce rises by 32% as page load time increases from 1 to 3 seconds. It increases by 90% from 1 second to 5 seconds. Walmart discovered that every second improvement in page load time led to a 2% increase in conversions.

    Reputation is equal to resilience. Guess which company benefits when your system works while your competitors' systems fail? Failures reduce trust. 71% of consumers will actively advocate against companies they don't trust, and 67% of consumers will stop purchasing from them, according to Edelman's 2023 Trust Barometer. While the 2025 report does not present comparative numbers, distrust impacting consumer behavior is likely to be even more prevalent. 

    The structure that reverses the script

    Reframe this discussion with your executives and team

    • The question we should not ask is, "Can we afford to build this right?" but rather, "Can we afford not to?" This consideration is crucial because we risk losing customers at every obstacle they encounter. 
    • Non-functional requirements should be viewed as competitive advantages rather than obstructions. If it suddenly does not work, the customer walks away.
    • Consider viewing system reliability as a profit center instead of a cost center. When a customer knows it will work, they will order again and refer a friend.

    The numbers support this point. Businesses that invest in operational resilience see three times higher profit margins and 2.5 times higher revenue growth than their counterparts, according to McKinsey's 2023 State of Organizations report. In 2025 we see a focus on AI, but the point remains.

    These metrics will grab the attention when you're presenting them.

    Although the average cost of downtime varies by industry, it is always high. 

    The impact of a security breach on customer lifetime value is equally uncomfortable. Following a data breach, 78% of consumers will cease interacting with a brand online, and 36% will never do so again, according to Ping Identity's 2023 Consumer Identity Breach Report.

    Every second that the system is unavailable results in a rapidly mounting loss of money. That's about $3,170 per minute of full downtime for a business that makes $100 million a year. We're talking about $31,700 per minute for billion-dollar businesses. Again, your experience may differ, but it's important to note that this cost is often unseen yet undeniable. If you want to calculate this more granularly, then I have a calculation method for you that is easy to implement.

    There is a discernible trend in the cost of rebuilding versus building correctly the first time. Resolving a problem in production can cost four to five times as much as fixing it during design, and it can cost up to 100 times as much as fixing it during the requirements and design phase, according to IBM's Systems Sciences Institute.

    The plan of action that truly works

    This is what you should do right away.

    Please begin by reviewing your current primary systems. When they're under stress, what happens? What occurs if they are attacked? What occurs if they don't work? 40% of businesses that suffer a significant system failure never reopen, although only 23% of organizations have tested their disaster recovery plans in the previous year, according to Gartner. Companies we work with test their systems at least once per year. If the results are unsatisfactory, we conduct a retest to ensure they meet our standards.

    Next, please determine the actual cost of addressing issues at a later stage. Add in the costs of customer attrition, security breaches, downtime, and reconstruction. To lend credibility to your calculations, try to work out exact numbers for your company. Industry standards (like in this article) will give you indicators, but you need to know your figures.

    Third, recast your non-functional needs as business needs. Consider focusing on strategies for managing success rather than solely discussing load balancing. Instead of discussing security testing, focus on revenue protection.

    Fourth, consider safety when defining "done." Until a feature is dependable, secure, and scalable, it isn't considered complete. Projects that incorporate non-functional requirements from the outset have a threefold higher chance of success, per the Standish Group's 2023 Chaos Report.

    Fifth, use system dependability as a differentiator in the marketplace. You're up when your rivals are down. You're safe when they're compromised.

    The bottom line

    I understand that resilience isn't sexy. I am aware that UI enhancements are more exciting than infrastructure resilience.

    And yet, I know that businesses that prioritize safety will survive and lead after seeing others thrive and fail based on this one choice. Customers trust them. They are capable of scaling without breaking. Because they are confident that their systems can manage whatever comes next, they are the ones who get a good night's sleep.

    Resilient organizations are twice as likely to surpass customer satisfaction goals and are 2.5 times more likely to achieve revenue growth of 10% or more.

    Resilience represents the most significant competitive advantage. You have a choice. Just keep in mind that your clients are depending on you to do the job correctly.

    Always happy to engage in a conversation.

    Define Your Digital Business Strategy

    • Buy Link or Shortcode: {j2store}55|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $83,641 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Your organizational digital business strategy sits on the shelf because it fails to guide implementation.
    • Your organization has difficulty adapting new technologies or rethinking their existing business models.
    • Your organization lacks a clear vision for the digital customer journey.
    • Your management team lacks a framework to rethink how your organization delivers value today, which causes annual planning to become an ideation session that lacks focus.

    Our Advice

    Critical Insight

    • Pre-pandemic digital strategies have been primarily focused on automation. However, your post-pandemic digital strategy must focus on driving resilience for growth opportunities.

    Impact and Result

    • Design a strategy that applies innovation to your business model, streamline and transform processes, and make use of technologies to enhance interactions with customers and employees.
    • Use digital for transforming non-routine cognitive activities and for derisking key elements of the value chain.
    • Create a balanced roadmap that improves digital maturity and prepares you for long-term success in a digital economy.

    Define Your Digital Business Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Digital Business Strategy Deck – A step-by-step document that walks you through how to identify top value chains and a digitally enabled growth opportunity, transform stakeholder journeys, and build a digital transformation roadmap.

    This blueprint guides you through a value-driven approach to digital transformation that allows you to identify what aspects of the business to transform, what technologies to embrace, what processes to automate, and what new business models to create. This approach to digital transformation unifies digital possibilities with your customer experiences.

    • Define Your Digital Business Strategy – Phases 1-4

    2. Digital Business Strategy Workbook – A tool to guide you in planning and prioritizing projects to build an effective digital business strategy.

    This tool guides you in planning and prioritizing projects to build an effective digital business strategy. Key activities include conducting a horizon scan, conducting a journey mapping exercise, prioritizing opportunities from a journey map, expanding opportunities into projects, and lastly, building the digital transformation roadmap using a Gantt chart visual to showcase project execution timelines.

    • Digital Strategy Workbook

    3. Digital Business Strategy Final Report Template – Use this template to capture the synthesized content from outputs of the activities.

    This deck is a visual presentation template for this blueprint. The intent is to capture the contents of the activities in a presentation PowerPoint. It uses sample data from “City of X” to demonstrate the digital business strategy.

    • Digital Business Strategy Final Report Template
    [infographic]

    Workshop: Define Your Digital Business Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Two Existing Value Chains

    The Purpose

    Understand how your organization creates value today.

    Key Benefits Achieved

    Identify opportunities for digital transformation in how you currently deliver value today.

    Activities

    1.1 Validate business context.

    1.2 Assess business ecosystem.

    1.3 Identify and prioritize value streams.

    1.4 Break down value stream into value chains.

    Outputs

    Business context

    Overview of business ecosystem

    Value streams and value chains

    2 Identify a Digitally Enabled Growth Opportunity

    The Purpose

    Leverage strategic foresight to evaluate how complex trends can evolve over time and identify opportunities to leapfrog competitors.

    Key Benefits Achieved

    Identify a leapfrog idea to sidestep competitors.

    Activities

    2.1 Conduct a horizon scan.

    2.2 Identify leapfrog ideas.

    2.3 Identify impact to existing or new value chains.

    Outputs

    One leapfrog idea

    Corresponding value chain

    3 Transform Stakeholder Journeys

    The Purpose

    Design a journey map to empathize with your customers and identify opportunities to streamline or enhance existing and new experiences.

    Key Benefits Achieved

    Identify a unified view of customer experience.

    Identify opportunities to automate non-routine cognitive tasks.

    Identify gaps in value delivery.

    Improve customer journey.

    Activities

    3.1 Identify stakeholder persona.

    3.2 Identify journey scenario.

    3.3 Conduct one journey mapping exercise.

    3.4 Identify opportunities to improve stakeholder journey.

    3.5 Break down opportunities into projects.

    Outputs

    Stakeholder persona

    Stakeholder scenario

    Journey map

    Journey-based projects

    4 Build a Digital Transformation Roadmap

    The Purpose

    Build a customer-centric digital transformation roadmap.

    Key Benefits Achieved

    Keep your team on the same page with key projects, objectives, and timelines.

    Activities

    4.1 Prioritize and categorize initiatives.

    4.2 Build roadmap.

    Outputs

    Digital goals

    Unified roadmap

    Further reading

    Define Your Digital Business Strategy

    After a major crisis, find your place in the digital economy.

    Info-Tech Research Group

    Info-Tech is a provider of best-practice IT research advisory services that make every IT leader’s job easier.

    35,000 members sharing best practices you can leverage

    Millions spent developing tools and templates annually

    Leverage direct access to over 100 analysts as an extension of your team

    Use our massive database of benchmarks and vendor assessments

    Get up to speed in a fraction of the time

    Analyst Perspective

    Build business resilience and prepare for a digital economy.

    This is a picture of Senior Research Analyst, Dana Daher

    Dana Daher
    Senior Research Analyst

    To survive one of the greatest economic downturns since the Great Depression, organizations had to accelerate their digital transformation by engaging with the Digital Economy. To sustain growth and thrive as the pandemic eases, organizations must focus their attention on building business resilience by transforming how they deliver value today.
    This requires a value-driven approach to digital transformation that is capable of identifying what aspects of the business to transform, what technologies to embrace, what processes to automate, and what new business models to create. And most importantly, it needs to unify digital possibilities with your customer experiences.
    If there was ever a time for an organization to become a digital business, it is today.

    Executive Summary

    Your Challenge

    • Your organization has difficulty adapting new technologies or rethinking the existing business models.
    • Your management lacks a framework to rethink how your organization delivers value today, which causes annual planning to become an ideation session that lacks focus.
    • There is uncertainty on how to meet evolving customer needs and how to compete in a digital economy.

    Common Obstacles

    • Your organization might approach digital transformation as if we were still in 2019, not recognizing that the pandemic resulted in a major shift to an end-to-end digital economy.
    • Your senior-most leadership thinks digital is "IT's problem" because digital is viewed synonymously with technology.
    • On the other hand, your IT team lacks the authority to make decisions without the executives’ involvement in the discussion around digital.

    Info-Tech’s Approach

    • Design a strategy that applies innovation to your business model, streamline and transform processes, and make use of technologies to enhance interactions with customers and employees.
    • Use digital for transforming non-routine cognitive activities and for de-risking key elements of the value chain.
    • Create a balanced roadmap that improves digital maturity and prepares you for long-term success in a digital economy.

    Info-Tech Insight

    After a major crisis, focus on restarting the growth engine and bolstering business resilience.

    Your digital business strategy aims to transform the business

    Digital Business Strategy

    • Looks for ways to transform the business by identifying what technologies to embrace, what processes to automate, and what new business models to create.
    • Unifies digital possibilities with your customer experiences.
    • Accountability lies with the executive leadership.
    • Must involve cross-functional participation from senior management from the different areas of the organization.

    IT Strategy

    • Aims to identify how to change, fix, or improve technology in support of the organization’s business strategy.
    • Accountability lies with the CIO.
    • Must involve IT management and gather strategic input from the business.

    Becoming a digital business

    Automate tasks to free up time for innovation.

    Business activities (tasks, procedures, and processes, etc.) are used to create, sell, buy, and deliver goods and services.

    When we convert information into a readable format used by computers, we call this digitization (e.g. converting paper into digital format). When we convert these activities into a format to be processed by a computer, we have digitalization (e.g. scheduling appointments online).

    These two processes alter how work takes place in an organization and form the foundation of the concept digital transformation.

    We maintain that digital transformation is all about becoming a “digital business” – an organization that performs more than 66% of all work activities via executable code.

    As organizations take a step closer to this optimal state, new avenues are open to identify advances to promote growth, enhance customer experiences, secure sustainability, drive operational efficiencies, and unearth potential future business ventures.

    Key Concepts:

    Digital: The representation of a physical item in a format used by computers

    Digitization: Conversion of information and processes into a digital format

    Digitalization: Conversion of information into a format to be processed by a computer

    Why transform your business?

    COVID-19 has irrefutably changed livelihoods, businesses, and the economy. During the pandemic, digital tools have acted as a lifeline, helping businesses and economies survive, and in the process, have acted as a catalyst for digital transformation.

    As organizations continue to safeguard business continuity and financial recovery, in the long term, recovery won’t be enough.

    Although many pandemic/recession recovery periods have occurred before, this next recovery period will present two first-time challenges no one has faced before. We must find ways to:

    • Recover from the COVID-19 recession.
    • Compete in a digital economy.

    To grow and thrive in this post-pandemic world, organizations must provide meaningful and lasting changes to brace for a future defined by digital technologies. – Dana Daher, Info-Tech Research Group

    We are amid an economic transformation

    What we are facing today is a paradigm shift transforming the ways in which we work, live, and relate to one another.

    In the last 60 years alone, performance and productivity have been vastly improved by IT in virtually all economic activities and sectors. And today, digital technologies continue to advance IT's contribution even further by bringing unprecedented insights into economic activities that have largely been untouched by IT.

    As technological innovation and the digitalization of products and services continue to support economic activities, a fundamental shift is occurring that is redefining how we live, work, shop, and relate to one another.

    These rapid changes are captured in a new 21st century term:

    The Digital Economy.

    90% of CEOs believe the digital economy will impact their industry. But only 25% have a plan in place. – Paul Taylor, Forbes, 2020

    Analyst Perspective

    Become a Digital Business

    this is a picture of Research Fellow, Kenneth McGee

    Kenneth McGee
    Research Fellow

    Today, the world faces two profoundly complex, mega-challenges simultaneously:

    1. Ending the COVID-19 pandemic and recession.
    2. Creating strategies for returning to business growth.

    Within the past year, healthcare professionals have searched for and found solutions that bring real hope to the belief the global pandemic/recession will soon end.

    As progress towards ending COVID-19 continues, business professionals are searching for the most effective near-term and long-term methods of restoring or exceeding the rates of growth they were enjoying prior to 2020.

    We believe developing a digital business strategy can deliver cost savings to help achieve near-term business growth while preparing an enterprise for long-term business growth by effectively competing within the digital economy of the future.

    The Digital Economy

    The digital economy refers to a concept in which all economic activity is facilitated or managed through digital technologies, data, infrastructure, services, and products (OECD, 2020).

    The digital economy captures decades of digital trends including:

    • Declining enterprise computing costs
    • Improvements in computing power and performance; unprecedent analytic capabilities
    • Rapid growth in network speeds, affordability, and geographic reach
    • High adoption rates of PCs, mobile, and other computing devices

    These trends among others have set the stage to permanently alter how buying and selling will take place within and between local, regional, national, and international economies.

    The emerging digital economy concept is so compelling that the world economists, financial experts, and others are currently investigating how they must substantially rewrite the rules governing how taxes, trade, tangible and intangible assets, and countless other financial issues will be assessed and valued in a digital economy.

    Download Info-Tech’s Digital Economy Report

    Signals of Change

    60%
    of People on Earth Use the Internet
    (DataReportal, 2021)
    20%
    of Global Retail Sales Performed via E-commerce
    (eMarketer, 2021)
    6.64T
    Global Business-to-Business
    E-commerce Market
    (Derived from The Business Research Company, 2021)
    9.6%
    of US GDP ($21.4T) accounted for by the digital economy ($2.05T)
    (Bureau of Economic Analysis, 2021)

    The digital economy captures technological developments transforming the way in which we live, work, and socialize

    Technological evolution

    this image contains a timeline of technological advances, from computers and information technology, to the digital economy of the future

    Info-Tech’s approach to digital business strategy

    A path to thrive in a digital economy.

    1. Identify top value chains to be transformed
    2. Identify a digitally enabled growth opportunity
    3. Transform stakeholder journeys
    4. Build a digital transformation roadmap

    Info-Tech Insight

    Pre-pandemic digital strategies have been primarily focused on automation. However, your post-pandemic digital strategy must focus on driving resilience for growth opportunities.

    The Info-Tech difference:

    • Understand how your organization creates value today to identify opportunities for digital transformation.
    • Leverage strategic foresight to evaluate how complex trends can evolve over time and identify opportunities to leapfrog competitors.
    • Design a journey map to empathize with your customers and identify opportunities to streamline or enhance existing and new experiences.
    • Create a balanced roadmap that improves digital maturity and prepares you for long-term success in a digital economy.

    A digital transformation starts by transforming how you deliver value today

    As digital transformation is an effort to transform how you deliver value today, it is important to understand the different value-generating activities that deliver an outcome for and from your customers.

    We do this by looking at value streams –which refer to the specific set of activities an industry player undertakes to create and capture value for and from the end consumer (and so the question to ask is, how do you make money as an organization?).

    Our approach helps you to digitally transform those value streams that generate the most value for your organization.

    Higher Education Value stream

    Recruitment → Admission → Student Enrolment → Instruction & Research → Graduation → Advancement

    Local Government Value Stream

    Sustain Land, Property, and the Environment → Facilitate Civic Engagement → Protect Local Health and Safety → Grow the Economy → Provide Regional Infrastructure

    Manufacturing Value Stream

    Design Product → Produce Product → Sell Product

    Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams

    Assess your external environment to identify new value generators

    Assessing your external environment allows you to identify trends that will have a high impact on how you deliver value today.

    Traditionally, a PESTLE analysis is used to assess the external environment. While this is a helpful tool, it is often too broad as it identifies macro trends that are not relevant to an organization's addressable market. That is because not every factor that affects the macro environment (for example, the country of operation) affects a specific organization’s industry in the same way.

    And so, instead of simply assessing the macro environment and trying to project its evolution along the PESTLE factors, we recommend to:

    • Conduct a PESTLE first and deduce, from the analysis, what are possible shifts in six characteristics of an organization’s industry, or
    • Proceed immediately with identifying evolutionary trends that impact the organization’s direct market.

    the image depicts the relationship of factors from the Macro Environment, to the Industry/Addressable Market, to the Organization. the macro environmental factors are Political; Economic; Social; Technological; Legal; and Environmental. the Industry/addressable market factors are the Customer; Talent; Regulation; technology and; Supply chain.

    Info-Tech Insight

    While PESTLE is helpful to scan the macro environment, the analysis often lacks relevance to an organization’s industry.

    An analysis of evolutionary shifts in five industry-specific characteristics would be more effective for identifying trends that impact the organization

    A Market Evolution Trend Analysis (META) identifies changes in prevailing market conditions that are directly relevant to an organization’s industry, and thus provides some critical input to the strategy design process, since these trends can bring about strategic risks or opportunities.
    Shifts in these five characteristics directly impact an organization:

    ORGANIZATION

    • Customer Expectations
    • Talent Availability
    • Regulatory System
    • Supply Chain Continuity
    • Technological Landscape

    Capture existing and new value generators through a customer journey map

    As we prioritize value streams, we break them down into value chains – that is the “string” of processes that interrelate that work.

    However, once we identify these value chains and determine what parts we wish to digitally transform, we take on the perspective of the user, as the way they interact with your products and services will be different to the view of those within the organization who implement and provide those services.

    This method allows us to build an empathetic and customer-centric lens, granting the capability to uncover challenges and potential opportunities. Here, we may define new experiences or redesign existing ones.

    This image contains an example of how a school might use a value chain and customer journey map. the value streams listed include: Recruitment; Admission; Student Enrolment; Instruction& Research; Graduation; and Advancement. the Value chain for the Instruction and Research Value stream. The value chain includes: Research; Course Creation, Delivery, and assessment. The Customer journey map for curricula delivery includes: Understanding the needs of students; Construct the course material; Deliver course material; Conduct assessment and; Upload Grades into system

    A digital transformation is not just about customer journeys but also about building business resilience

    Pre-pandemic, a digital transformation was primarily focused around improving customer experiences. Today, we are facing a paradigm shift in the way in which we capture the priorities and strategies for a digital transformation.

    As the world grows increasingly uncertain, organizations need to continue to focus on improving customer experience while simultaneously protecting their enterprise value.

    Ultimately, a digital transformation has two purposes:

    1. The classical model – whereby there is a focus on improving digital experiences.
    2. Value protection or the reduction of enterprise risk by systematically identifying how the organization delivers value and digitally transforming it to protect future cashflows and improve the overall enterprise value.
    Old Paradigm New Paradigm
    Predictable regulatory changes with incremental impact Unpredictable regulatory changes with sweeping impact
    Reluctance to use digital collaboration Wide acceptance of digital collaboration
    Varied landscape of brick-and-mortar channels Last-mile consolidation
    Customers value brand Customers value convenience/speed of fulfilment
    Intensity of talent wars depends on geography Broadened battlefields for the war for talent
    Cloud-first strategies Cloud-only strategies
    Physical assets Aggressive asset decapitalization
    Digitalization of operational processes Robotization of operational processes
    Customer experience design as an ideation mechanism Business resilience for value protection and risk reduction

    Key deliverable:

    Digital Business Strategy Presentation Template

    A highly visual and compelling presentation template that enables easy customization and executive-facing content.

    three images are depicted, which contain slides from the Digital Business Strategy presentation template, which will be available in 2022.

    *Coming in 2022

    Blueprint deliverables

    The Digital Business Strategy Workbook supports each step of this blueprint to help you accomplish your goals:

    Initiative Prioritization

    A screenshot from the Initiative Prioritization blueprint is depicted, no words are legible in the image.

    Use the weighted scorecard approach to evaluate and prioritize your opportunities and initiatives.

    Roadmap Gantt Chart

    A screenshot from the Roadmap Gantt Chart blueprint is depicted, no words are legible in the image.

    Populate your Gantt chart to visually represent your key initiative plan over the next 12 months.

    Journey Mapping Workbook

    A screenshot from the Journey Mapping Workbook blueprint is depicted, no words are legible in the image.

    Populate the journey maps to evaluate a user experience over its end-to-end journey.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 0 Phase 1 Phase 2 Phase 3 Phase 4
    Call #1:
    Discuss business context and customize your organization’s capability map.     		Call #2:
    Assess business ecosystem.     		Call #3:
    Perform horizon scanning and trends identification.     		Call #5:
    Identify stakeholder personas and scenarios.     		Call #7:
    Discuss initiative generation and inputs into roadmap.
    Call #3:
    Identify how your organization creates value.     		Call #4:
    Discuss value chain impact.     		Call #6:
    Complete journey mapping exercise.     		Call #8:
    Summarize results and plan next steps.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
    A typical GI is between 8 to 12 calls over the course of 2 to 4 months.

    Workshop Requirements

    Business Inputs

    Gather business strategy documents and find information on:

    • Business goals
    • Current transformation initiatives
    • Business capabilities to create or enhance
    • Identify top ten revenue and expense generators
    • Identify stakeholders

    Interview the following stakeholders to uncover business context information:

    • CEO
    • CIO

    Download the Business Context Discovery Tool

    Optional Diagnostic

    • Assess your digital maturity (Concierge Service)

    Visit Assess Your Digital Maturity

    Phase 1

    Identify top value chains to be transformed

    • Understand the business
    • Assess your business ecosystem
    • Identify two value chains for transformation

    This phase will walk you through the following activities:

    Understand how your organization delivers value today and identify value chains to be transformed.

    This phase involves the following participants:

    A cross-functional cohort across all levels of the organization.

    Outcomes

    • Business ecosystem
    • Existing value chains to be transformed

    Step 1.1

    Understand the business

    Activities

    • Review business documents.

    Identify top value chains to be transformed

    This step will walk you through the following activities:

    In this section you will gain an understanding of the business context for your strategy.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Business Context

    Understand the business context

    Understanding the business context is a must for all strategic initiatives. A pre-requisite to all strategic planning should be to elicit the business context from your business stakeholders.

    Inputs Document(s)/ Method Outputs
    Key stakeholders Strategy Document Stakeholders that are actively involved in, affected by or influence outcome of the organization, e.g. employers, customers, vendors.
    Vision and mission of the organization Website Strategy Document What the organization wants to achieve and how it strives to accomplish those goals.
    Business drivers CEO Interview Inputs and activities that drive the operational and financial results of the organization.
    Key targets CEO Interview Quantitative benchmarks to support strategic goals, e.g. double the enterprise EBITD, improve top-of-mind brand awareness by 15%,
    Strategic investment goals CFO Interview
    Digital Strategy     		Financial investments corresponding with strategic objectives of the organization, e.g. geographic expansion, digital investments.
    Top three value-generating lines of business Financial Document Identification of your top three value-generating products and services or lines of business.
    Goals of the organization over the next 12 months Strategy Document
    Corporate Retreat Notes     		Strategic goals to support the vision, e.g. hire 100 new sales reps, improve product management and marketing.
    Top business initiatives over the next 12 months Strategy Document
    CEO Interview     		Internal campaigns to support strategic goals, e.g. invest in sales team development, expand the product innovation team.
    Business model Strategy Document Products or services that the organization plans to sell, the identified market and customer segments, price points, channels and anticipated expenses.
    Competitive landscape Internal Research Analysis Who your typical or atypical competitors are.

    1.1 Understand the business context

    Objective: Elicit the business context with a careful review of business and strategy documents.

    1. Gather the strategy creation team and review your business context documents. This includes business strategy documents, interview notes from executive stakeholders, and other sources for uncovering the business strategy.
    2. Brainstorm in smaller groups answers to the question you were assigned:
      • What are the strengths and weaknesses of the organization?
      • What are some areas of improvement or opportunity?
      • What does it mean to have a digital business strategy?
    3. Discuss the questions above with participants and document key findings. Share with the group and work through the balanced scorecard questions to complete this exercise.
    4. Document your findings.

    Assess your digital readiness with Info-Tech’s Digital Maturity Assessment

    Input

    • Business Strategy Documents
    • Executive Stakeholder Interviews

    Output

    • Business Context Information

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Step 1.2

    Assess your business ecosystem

    Activities

    • Identify disruptors and incumbents.

    Info-Tech Insight

    Your digital business strategy cannot be formulated without a clear vision of the evolution of your industry.

    Identify top value chains to be transformed

    This step will walk you through the following activities:

    In this section, we will assess who the incumbents and disruptors are in your ecosystem and identify who your stakeholders are.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Business Ecosystem

    Assess your business ecosystem

    Understand the nature of your competition.

    Learn what your competitors are doing.

    To survive, grow, or transform in today's digital era, organizations must first have a strong pulse on their business ecosystem. Learning what your competitors are doing to grow their bottom line is key to identifying how to grow your own. Start by understanding who the key incumbents and disruptors in your industry are to identify where your industry is heading.

    Incumbents: These are established leaders in the industry that possess the largest market share. Incumbents often focus their attention to their most demanding or profitable customers and neglect the needs of those down market.

    Disruptors: Disruptors are primarily new entrants (typically startups) that possess the ability to displace the existing market, industry, or technology. Disruptors are often focused on smaller markets that the incumbents aren’t focused on. (Clayton Christenson, 1997)

    An image is shown demonstrating the relationship within an industry between incumbents, disruptors, and the organization. The incumbents are represented by two large purple circles. The disruptors are represented by 9 smaller blue circles, which represent smaller individual customer bases, but overall account for a larger portion of the industry.

    ’Disruption’ specifically refers to what happens when the incumbents are so focused on pleasing their most profitable customers that they neglect or misjudge the needs of their other segments.– Ilan Mochari, Inc., 2015

    Example Business Ecosystem Analysis

    Business Target Market & Customer Product/Service & Key Features Key Differentiators Market Positioning
    University XYZ
    • Local Students
    • Continuous Learner
    • Certificate programs
    • Associate degrees
    • Strong engineering department with access to high-quality labs
    • Strong community impact
    		Affordable education with low tuition cost and access to bursaries & scholarships.
    University CDE University CDE
    • Local students
    • International students
    • Continuous learning students
    • Continuous learning offerings (weekend classes)
    • Strong engineering program
    • Strong continuous learning programs
    		 Outcome focused university with strong co-ops/internship programs and career placements for graduates
    University MNG
    • Local students
    • Non degree, freshman and continuous learning adults
    • Associate degrees
    • Certificate programs (IT programs)
    • Dual credit program
    • More locations/campuses
    • Greater physical presence
    • High web presence
    		 Nurturing university with small student population and classroom sizes. University attractive to adult learners.
    Disruptors Online Learning Company EFG
    • Full-time employees & executives– (online presence important)
    • Shorter courses
    • Full-time employees & executives– (online presence important)
    		 Competitive pricing with an open acceptance policy
    University JKL Online Credential Program
    • High school
    • University students
    • Adult learners
    • Micro credentials
    • Ability to acquire specific skills
    		Borderless and free (or low cost) education

    1.2 Understand your business ecosystem

    Objective: Identify the incumbents and disruptors in your business ecosystem.

    1. Identify the key incumbents and disruptors in your business ecosystem.
      • Incumbents: These are established leaders in the industry that possess the largest market share.
      • Disruptors: Disruptors are primarily new entrants (startups) that possess the ability to displace the existing market, industry, or technology.
    2. Identify target market and key customers. Who are the primary beneficiaries of your products or service offerings? Your key customers are those who keep you in business, increase profits, and are impacted by your operations.
    3. Identify what their core products or services are. Assess what core problem their products solve for key customers and what key features of their solution support this.
    4. Assess what the competitors' key differentiators are. There are many differentiators that an organization can have, examples include product, brand, price, service, or channel.
    5. Identify what the organization’s value proposition is. Why do customers come to them specifically? Leverage insights from the key differentiators to derive this.
    6. Finally, assess how your organization derives value relative to your competitors.

    Input

    • Market Assessment

    Output

    • Key Incumbents and Disruptors

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Step 1.3

    Value-chain prioritization

    Activities

    • Identify and prioritize value chains for innovation.

    Identify top value chains to be transformed

    This step will walk you through the following activities:

    Identify and prioritize how your organization currently delivers value today and identify value chains to be transformed.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Prioritized Value Chains

    Determine what value the organization creates

    Identify areas for innovation.

    Value streams and value chains connect business goals to the organization’s value realization activities. They enable an organization to create and capture value in the market place by engaging in a set of interconnected activities. Those activities are dependent on the specific industry segment an organization operates within.

    Different types of value your organization creates

    This an example of a value chain which a school would use to analyze how their organization creates value. The value streams listed include: Recruitment; Admission; Student Enrolment; Instruction& Research; Graduation; and Advancement. the Value chain for the Student enrolment stream is displayed. The value chain includes: Matriculation; Enrolment into a Program and; Unit enrolment.

    Value Streams

    A value stream refers to the specific set of activities an industry player undertakes to create and capture value for and from the end consumer.

    Value Chains

    A value chain is a ”string” of processes within a company that interrelate and work together to meet market demand. Examining the value chain of a company will reveal how it achieves competitive advantage.

    Visit Info-Tech’s Industry Coverage Research to identify value streams

    Begin with understanding your industry’s value streams

    Value Streams

    Recruitment

    • The promotion of the institution and the communication with prospective students is accommodated by the recruitment component.
    • Prospective students are categorized as domestic and international, undergraduate and graduate. Each having distinct processes.

    Admission

    • Admission into the university involves processes distinct from recruitment. Student applications are processed and evaluated and the students are informed of the decision.
    • This component is also concerned with transfer students and the approval of transfer credits.

    Student Enrolment

    • Student enrolment is concerned with matriculation when the student first enters the institution, and subsequent enrolment and scheduling of current students.
    • The component is also concerned with financial aid and the ownership of student records.

    Instruction & Research

    • Instruction involves program development, instructional delivery and assessment, and the accreditation of courses of study.
    • The research component begins with establishing policy and degree fundamentals and concerns the research through to publication and impact assessment.

    Graduation

    • Graduation is not only responsible for the ceremony but also the eligibility of the candidate for an award and the subsequent maintenance of transcripts.

    Advancement

    • Alumni relations are the first responsibility of advancement. This involves the continual engagement with former students.
    • Fundraising is the second responsibility. This includes the solicitation and stewardship of gifts from alumni and other benefactors.

    Value stream defined…

    Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates.

    There are two types of value streams: core value streams and support value streams.

    • Core value streams are mostly externally facing. They deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map.
    • Support value streams are internally facing and provide the foundational support for an organization to operate.

    An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers.

    Leverage your industry’s capability maps to identify value chains

    Business Capability Map Defined

    A business capability defines what a business does to enable value creation, rather than how. Business capabilities:

    • Represent stable business functions.
    • Are unique and independent of each other.
    • Typically, will have a defined business outcome.

    A capability map is a great starting point to identify value chains within an organization as it is a strong indicator of the processes involved to deliver on the value streams.

    this image contains an example of a business capability map using the value streams identified earlier in this blueprint.

    Info-Tech Insight

    Leverage your industry reference architecture to define value streams and value chains.

    Visit Info-Tech’s Industry Coverage Research to identify value streams

    Prioritize value streams to be supported or enhanced

    Use an evaluation criteria that considers both the human and business value generators that these streams provide.

    two identical value streams are depicted. The right most value stream has Student Enrolment and Instruction Research highlighted in green. between the two streams, are two boxes. In these boxes is the following: Business Value: Profit; Enterprise Value; Brand value. Human Value: Faculty satisfaction; Student satisfaction; Community impact.

    Info-Tech Insight

    To produce maximum impact, focus on value streams that provide two-thirds of your enterprise value.

    Business Value

    Assess the value generators to the business, e.g. revenue dollars, enterprise value, cost or differentiation (competitiveness), etc.

    Human Value

    Assess the value generators to people, e.g. student/faculty satisfaction, well-being, and social cohesion.

    Identify value chains for transformation

    Value chains, pioneered by the academic Michael Porter, refer to the ”string” of processes within a company that interrelate and work together to meet market demand. An organization’s value chain is connected to the larger part of the value stream. This perspective of how value is generated encourages leaders to see each activity as a part of a series of steps required deliver value within the value stream and opens avenues to identify new opportunities for value generation.

    this image depicts two sample value chains for the value streams: student enrolment and Instruction & Research. Each value chain has a stakeholder associated with it. This is the primary stakeholder that seeks to gain value from that value chain.

    Prioritize value chains for transformation

    Once we have identified the key value chains within each value stream element, evaluate the individual processes within the value chain to identify opportunities for transformation. Evaluate the value chain processes based on the level of pain experienced by a stakeholder to accomplish that task, and the financial impact that level of the process has on the organization.

    this image depicts the same value chains as the image above, with a legend showing which steps have a financial impact, which steps have a high degree of risk, and which steps are prioritized for transformation. Matriculation and publishing are shown to have a financial impact. Research foundation is shown to have a high degree of risk, and enrollment into a program and conducting research are prioritized for transformation.

    1.3 Value chain analysis

    Objective: Determine how the organization creates value, and prioritize value chains for innovation.

    1. The first step of delivering value is defining how it will happen. Use the organization’s industry segment to start a discussion on how value is created for customers. Working back from the moment value is realized by the customer, consider the sequential steps required to deliver value in your industry segment.
    2. Define and validate the organization’s value stream. Write a short description of the value stream that includes a statement about the value provided and a clear start and end for the value stream.
    3. Prioritize the value streams based on an evaluation criteria that reflects business and human value generators to the organization.
    4. Identify value chains that are associated with each value stream. The value chains refer to a string of processes within the value stream element. Each value chain also captures a particular stakeholder that benefits from the value chain.
    5. Once we have identified the key value chains within each value stream element, evaluate the individual processes within the value chain and identify areas for transformation. Evaluate the value chain processes based on the level of pain or exposure to risk experienced by a stakeholder to accomplish that task and the financial impact that level of the process has on the organization.

    Visit Info-Tech’s Industry Coverage Research to identify value streams and capability maps

    Input

    • Market Assessment

    Output

    • Key Incumbents and Disruptors

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Phase 2

    Identify a digitally enabled growth opportunity

    • Conduct horizon scan
    • Identify leapfrog idea
    • Conduct value chain impact analysis

    This phase will walk you through the following activities:

    Assess trends that are impacting your industry and identify strategic growth opportunities.

    This phase involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes

    Identify new growth opportunities and value chains impacted

    Phase 2.1

    Horizon scanning

    Activities

    • Scan the internal and external environment for trends.

    Info-Tech Insight

    Systematically scan your environment to identify avenues or opportunities to skip one or several stages of technological development and stay ahead of disruption.

    Identify a digitally enabled growth opportunity

    This step will walk you through the following activities:

    Scan the environment for external environment for megatrends, trends, and drivers. Prioritize trends and build a trends radar to keep track of trends within your environment.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Growth opportunity

    Horizon scanning

    Understand how your industry is evolving.

    Horizon scanning is a systematic analysis of detecting early signs of future changes or threats.

    Horizon scanning involves scanning, analyzing, and communicating changes in an organization’s environment to prepare for potential threats and opportunities. Much of what we know about the future is based around the interactions and trajectory of macro trends, trends, and drivers. These form the foundations for future intelligence.

    Macro Trends

    A macro trend captures a large-scale transformative trend that could impact your addressable market.

    Trends

    A trend captures a business use case of the macro trend. Consider trends in relation to competitors in your industry.

    Drivers

    A driver is an underlying force causing the trend to occur. There can be multiple causal forces, or drivers, that influence a trend, and multiple trends can be influenced by the same causal force.

    Identify signals of change in the present and their potential future impacts.

    Identifying macro trends

    A macro trend captures a large-scale transformative trend that could change the addressable market. Here are some examples of macro trends to consider when horizon scanning for your own organization:

    Talent Availability

    • Decentralized workforce
    • Hybrid workforce
    • Diverse workforce
    • Skills gap
    • Digital workforce
    • Multigenerational workforce

    Customer Expectations

    • Personalization
    • Digital experience
    • Data ownership
    • Transparency
    • Accessibility

    Technological Landscape

    • AI & robotics
    • Virtual world
    • Ubiquitous connectivity,
    • Genomics
    • Materials (smart, nano, bio)

    Regulatory System

    • Market control
    • Economic shifts
    • Digital regulation
    • Consumer protection
    • Global green

    Supply Chain Continuity

    • Resource scarcity
    • Sustainability
    • Supply chain digitization
    • Circular supply chains
    • Agility

    Identifying trends and drivers

    A trend captures a business use case of a macro trend. Assessing trends can reduce some uncertainties about the future and highlight potential opportunities for your organization. A driver captures the internal or external forces that lead the trend to occur. Understanding and capturing drivers is important to understanding why these trends are occurring and the potential impacts to your value chains.

    This image contains a flow chart, demonstrating the relationship between Macro trends, Trends, and Drivers. in this example, the macro trend is Accessibility. The Trends, or patterns of change, are an increase in demands for micro-credentials, and Preference for eLearning. The Drivers, or the why, are addressing skill gaps for increase in demand for micro-credentials, and Accommodating adult/working learners- for Preference for eLearning.

    Leverage industry roundtables and trend reports to understand the art of the possible

    Uncover important business and industry trends that can inform possibilities for technology innovation.

    Explore trends in areas such as:

    • Machine Learning
    • Citizen Dev 2.0
    • Venture Architecture
    • Autonomous Organizations
    • Self-Sovereign Cloud
    • Digital Sustainability

    Market research is critical in identifying factors external to your organization and identifying technology innovation that will provide a competitive edge. It’s important to evaluate the impact each trend or opportunity will have in your organization and market.

    Visit Info-Tech’s Trends & Priorities Research Center

    Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams

    this image contains three screenshots from Rethinking Higher Education Report and 2021 Tech Trends Report

    Images are from Info-Tech’s Rethinking Higher Education Report and 2021 Tech Trends Report

    Example horizon scanning activity

    Macro Trends Trends Drivers
    Talent Availability Diversity Inclusive campus culture Systemic inequities
    Hybrid workforce Online learning staff COVID-19 and access to physical institutions
    Customer Expectations Digital experience eLearning for working learners Accommodate adult learners
    Accessibility Micro-credentials for non-traditional students Addressing skills gap
    Technological Landscape Artificial intelligence and robotics AI for personalized learning Hyper personalization
    IoT IoT for monitoring equipment Asset tracking
    Augmented reality Immersive education AR and VR Personalized experiences
    Regulatory System Regulatory System Alternative funding for research Changes in federal funding
    Global Green Environmental and sustainability education curricula Regulatory and policy changes
    Supply Chain Continuity Circular supply chains Vendors recycling outdated technology Sustainability
    Cloud-based solutions Cloud-based eLearning software Convenience and accessibility

    Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams

    Prioritize trends

    Develop a cross-industry holistic view of trends.

    Visualize emerging and prioritize action.

    Moving from horizon scanning to action requires an evaluation process to determine which trends can lead to growth opportunities. First, we need to make a short list of trends to analyze. For your digital strategy, consider trends on the time horizon that are under 24 months. Next, we need to evaluate the shortlisted opportunities by a second set of criteria: relevance to your organization and impact on industry.

    Timing

    The estimated time to disruption this trend will have for your industry. Assess whether the trend will require significant developments to support its entry into the ecosystem.

    Relevance

    The relevance of the trend to your organization. Does the trend fulfil the vision or goals of the organization?

    Impact

    The degree of impact the trend will have on your industry. A trend with high impact will drive new business models, products, or services.

    Prioritize trends to adopt into your organization

    Prioritize trends based on timing, impact, and relevance.

    Trend Timing
    (S/M/L)     		Impact
    (1-5)     		Relevance
    ( 1-5)
    1. Micro-credentialing S 5 5
    2. IoT-connected devices for personalized experience S 1 3
    3. International partnerships with educational institutions M
    4. Use of chatbots throughout enrollment process L
    5. IoT for energy management of campus facilities L
    6. Gamification of digital course content M
    7. Flexible learning curricula S 4 3
    Deprioritize trends
    that have a time frame
    to disruption of more
    than 24 months.
    this image contains a graph demonstrating the relationship between relevance (x axis) and Impact (Y axis).

    2.1 Scanning the horizon

    Objective: Generate trends

    60 minutes

    • Start by selecting macro trends that are occurring in your environment using the five categories. These are the large-scale transformative trends that impact your addressable market. Macro trends have three key characteristics:
      • They span over a long period of time.
      • They impact all geographic regions.
      • They impact governments, individuals, and organizations.
    • Begin to break down these macro trends into trends. Trends should reflect the direction of a macro trend and capture the pattern in events. Consider trends that directly impact your organization.
    • Understand the drivers behind these trends. Why are they occurring? What is driving them? Understanding the drivers helps us understand the value they may generate.
    • Deprioritize trends that are expected to happen beyond 24 months.
    • Prioritize trends that have a high impact and relevance to the organization.
    • If you identify more than one trend, discuss with the group which trend you would like to pursue and limit it to one opportunity.

    Input

    • Macro Trends
    • Trends

    Output

    • Trends Prioritization

    Materials

    • Digital Strategy Workbook

    Participants

    • Executive Team

    Step 2.2

    Leapfrogging ideation

    Activities

    • Identify leapfrog ideas.
    • Identify impact to value chain.

    Info-Tech Insight

    A systematic approach to leapfrog ideation is one of the most critical ways in which an organization can build the capacity for resilient innovation.

    This step will walk you through the following activities:

    Evaluate trend opportunities and determine the strategic opportunities they pose. You will also work towards identifying the impact the trend has on your value chain.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • Strategic growth opportunities
    • Value chain impact

    Leapfrog into the future

    Turn trends into growth opportunities.

    To thrive in the digital age, organizations must innovate big, leverage internal creativity, and prepare for flexibility.

    In this digital era, organizations are often playing catch up to a rapidly evolving technological landscape and following a strict linear approach to innovation. However, this linear catch-up approach does not help companies get ahead of competitors. Instead, organizations must identify avenues to skip one or several stages of technological development to leapfrog ahead of their competitors.

    The best way to predict the future is to invent it. – Alan Kay

    Leapfrogging takes place when an organization introduces disruptive innovation into the market and sidesteps competitors who are unable to mobilize to respond to the opportunities.

    Case Study

    Classroom of the Future

    Higher Education: Barco’s Virtual Classroom at UCL

    University College London (UCL), in the United Kingdom, selected Barco weConnect virtual classroom technology for its continuing professional development medical education offering. UCL uses the platform for synchronous teaching, where remote students can interact with a lecturer.

    One of the main advantages of the system is that it enables direct interaction with students through polls, questions, and whiteboarding. The system also allows you to track student engagement in real time.

    The system has also been leveraged for scientific research and publications. In their “Delphi” process, key opinion leaders were able to collaborate in an effective way to reach consensus on a subject matter. The processes that normally takes months were successfully completed in 48 hours (McCann, 2020).

    Results

    The system has been largely successful and has supported remote, real-time teaching, two-way engagement, engagement with international staff, and an overall enriched teaching experience.

    Funnel trends into leapfrog ideas

    Go from trend insights into ideas.

    Brainstorm ways of generating leapfrog ideas from trend insights.

    Dealing with trends is one of the most important tasks for innovation. It provides the basis of developing the future orientation of the organization. However, being aware of a trend is one thing, to develop strategies for response is another.

    To identify the impact the trend has on the organization, consider the four areas of growth strategies for the organization:

    1. New Customers: Leverage the trend to target new customers for existing products or services.
    2. New Business Models: Adjust the business model to capture a change in how the organization delivers value.
    3. New Markets: Enter or create new markets by applying existing products or services to different problems.
    4. New Product or Service Offerings: Introduce new products or services to the existing market.
    A funnel shaped image is depicted. At the top, at the entrance of the funnel, is the word Trend. At the bottom of the image, at the output of the funnel, is the word Opportunity.

    From trend to leapfrog ideas

    Trend New Customer New Market New Business Model New Product or Service
    What trends pose a high-immediate impact to the organization? Target new customers for existing products or services Enter or create new markets by applying existing products or services to different problems Adjust the business model to capture a change in how the organization delivers value Introduce new products or services to the existing market
    Micro-credentials for non-traditional students Target non-traditional learners/students - Online delivery Introduce mini MBA program

    2.2 Identify and prioritize opportunities

    60 minutes

    1. Gather the prioritized trend identified in the horizon scanning exercise (the trend identified to be “adopted” within the organization).
    2. Analyze each trend identified and assess whether the trend provides an opportunity for a new customers, new markets, new business models, or new products and services.

    Input

    • “Adopt” Trends

    Output

    • Trends to pursue
    • Breakdown of strategic opportunities that the trends pose

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Step 2.3

    Value chain impact

    Activities

    • Identify impact to value chain.

    This step will walk you through the following activities:

    Evaluate trend opportunities and determine the strategic opportunities they pose. Prioritize the opportunities and identify impact to your value chain.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • Strategic growth opportunities

    Value chain analysis

    Identify implications of strategic growth opportunities to the value chains.

    As we identify and prioritize the opportunities available to us, we need to assess their impacts on value chains. Does the opportunity directly impact an existing value chain? Or does it open us to the creation of a new value chain?

    The value chain perspective allows an organization to identify how to best minimize or enhance impacts and generate value.
    As we move from opportunity to impact, it is important to break down opportunities into the relevant pieces so we can see a holistic picture of the sources of differentiation.

    this image depicts the value chain for the value stream, student enrolment.

    2.3 Value chain impact

    Objective: Identify impacts to the value chain from the opportunities identified.
    60 minutes

    1. Once you have identified the opportunity, turn back to the value stream, and with the working group, identify the value stream impacted most by the opportunity. Leverage the human impact/business impact criteria to support the identification of the value stream to be impacted.
    2. Within the value stream, brainstorm what parts of the value chain will be impacted by the new opportunity. Or ask whether this new opportunity provides you with a new value chain to be created.
    3. If this opportunity will require a new value chain, identify what set of new processes or steps will be created to support this new entrant.
    4. Identify any critical value chains that will be impacted by the new opportunity. What areas of the value chain pose the greatest risk? And where can we estimate the financial revenue will be impacted the most?

    Input

    • Opportunity

    Output

    • Value chains impacted

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Phase 3

    Transform stakeholder journeys

    • Identify stakeholder personas and scenarios
    • Conduct journey map
    • Identify projects

    This phase will walk you through the following activities:

    Take the prioritized value chains and create a journey map to capture the end-to-end experience of a stakeholder.

    Through a journey mapping exercise, you will identify opportunities to digitize parts of the journey. These opportunities will be broken down into functional initiatives to tackle in your strategy.

    This phase involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes

    1. Stakeholder persona
    2. Stakeholder scenario
    3. Stakeholder journey map
    4. Opportunities

    Step 3.1

    Identify stakeholder persona and journey scenario

    Activities

    • Identify stakeholder persona.
    • Identify stakeholder journey scenario.

    Transform stakeholder journeys

    This step will walk you through the following activities:

    In this step, you with identify stakeholder personas and scenarios relating to the prioritized value chains.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • A taxonomy of critical stakeholder journeys.

    Identify stakeholder persona and journey scenario

    From value chain to journey scenario.

    Stakeholder personas and scenarios help us build empathy towards our customers. It helps put us into the shoes of a stakeholder and relate to their experience to solve problems or understand how they experience the steps or processes required to accomplish a goal. A user persona is a valuable basis for stakeholder journey mapping.

    A stakeholder scenario describes the situation the journey map addresses. Scenarios can be real (for existing products and services) or anticipated.

    A stakeholder persona is a fictitious profile to represent a customer or a user segment. Creating this persona helps us understand who your customers really are and why they are using your service or product.

    Learn more about applying design thinking methodologies

    Identify stakeholder scenarios to map

    For your digital strategy, leverage the existing and opportunity value chains identified in phase 1 and 2 for journey mapping.

    Identify two existing value chains to be transformed.
    In section 1, we identified existing value chains to be transformed. For example, your stakeholder persona is a member of the faculty (engineering), and the scenario is the curricula design process.     		this image contains the value chains for instruction (engineering) and enrolment of engineering student. the instruction(engineering) value chain includes curricula research, curricula design, curricula delivery, and Assessment for the faculty-instructor. The enrolment of engineering student value chain includes matriculation, enrolment into a program, and unit enrolment for the student. In the instruction(engineering) value chain, curricula design is highlighted in blue. In the enrolment of engineering student value chain, Enrolment into a program is highlighted.
    Identify one new value chain.
    In section 2, we identified a new value chain. However, for a new opportunity, the scenario is more complex as it may capture many different areas of a value chain. Subsequently, a journey map for a new opportunity may require mapping all parts of the value chain.     		this image contains an example of a value chain for micro-credentialing (mini online MBA)

    Identify stakeholder persona

    Who are you transforming for?

    To define a stakeholder scenario, we need to understand who we are mapping for. In each value chain, we identified a stakeholder who gains value from that value chain. We now need to develop a stakeholder persona: a representation of the end user to gain a strong understanding of who they are, what they need, and their pains and gains.

    One of the best ways to flesh out your stakeholder persona is to engage with the stakeholders directly or to gather the input of those who may engage with them within the organization.

    For example, if we want to define a journey map for a student, we might want to gather the input of students or teaching faculty that have firsthand encounters with different student types and are able to define a common student type.

    Info-Tech Insight

    Run a survey to understand your end users and develop a stronger picture of who they are and what they are seeking to gain from your organization.

    Example Stakeholder Persona

    Name: Anne
    Age: 35
    Occupation: Engineering Faculty
    Location: Toronto, Canada

    Pains

    What are their frustrations, fears, and anxieties?

    • Time restraints
    • Using new digital tools
    • Managing a class while incorporating individual learning
    • Varying levels within the same class
    • Unmotivated students

    What do they need to do?

    What do they want to get done? How will they know they are successful?

    • Design curricula in a hybrid mode without loss of quality of experience of in-classroom learning.

    Gains

    What are their wants, needs, hopes, and dreams?

    • Interactive content for students
    • Curriculum alignment
    • Ability to run a classroom lab (in hybrid format)
    • Self-paced and self-directed learning opportunities for students

    (Adapted from Osterwalder, et al., 2014)

    Define a journey statement for mapping

    Now that we understand who we are mapping for, we need to define a journey statement to capture the stakeholder journey.
    Leverage the following format to define the journey statement.
    As a [stakeholder], I need to [prioritized value chain task], so that I can [desired result or overall goal].

    this image contains the instruction(engineering) value chain shown above. next to it is a stakeholder journey statement, which states: As an engineering faculty member, I want to design my curricula in a hybrid mode of delivery so that I can simulate in-classroom experiences.

    3.1 Identify stakeholder persona and journey scenario

    Objective: Identify stakeholder persona and journey scenario statement for journey mapping exercise.

    1. Start by identifying who your stakeholder is. Give your stakeholder a demographic profile – capture a typical stakeholder for this value chain.
    2. Identify what the gains and pains are during this value chain and what the stakeholder is seeking to accomplish.
    3. Looking at the value chain, create a statement that captures the goals and needs of the stakeholder. Use the following format to create a statement:
      As a [stakeholder], I need to [prioritized value chain task], so that I can [desired result or overall goal].

    Input

    • Prioritized Value Chains (existing and opportunity)

    Output

    • Stakeholder Persona
    • Stakeholder Journey Statement

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)
    • Stakeholder Persona Canvas

    Participants

    • Executive Team
    • Stakeholders (if possible)
    • Individual who works directly with stakeholders

    Step 3.2

    Map stakeholder journeys

    Activities

    • Map stakeholder journeys.

    Transform stakeholder journeys

    This step will walk you through the following activities:

    Prioritize the journeys by focusing on what matters most to the stakeholders and estimating the organizational effort to improve those experiences.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • Candidate journeys identified for redesign or build.

    Leverage customer journey mapping to capture value chains to be transformed

    Conduct a journey mapping exercise to identify opportunities for innovation or automation.

    A journey-based approach helps an organization understand how a stakeholder moves through a process and interacts with the organization in the form of touch points, channels, and supporting characters. By identifying pain points in the journey and the activity types, we can identify opportunities for innovation and automation along the journey.

    Embrace design thinking methodologies to elevate the stakeholder journey and to build a competitive advantage for your organization.

    this image contains an example of the result of a journey mapping exercise. the main headings are Awareness, Consideration, Acquisition, Service and, Loyalty.

    Internal vs. external stakeholder perspective

    In journey mapping, we always start with the stakeholder's perspective, then eventually transition into what the organization does business-wise to deliver value to each stakeholder. It is important to keep in mind both perspectives while conducting a journey mapping exercise as there are often different roles, processes, and technologies associated with each of the journey steps.

    Stakeholder Journey
    (External Perspective)

    • Awareness
    • Consideration
    • Selecting
    • Negotiating
    • Approving

    Business Processes
    (Internal Perspective)

    • Preparation
    • Prospecting
    • Presentation
    • Closing
    • Follow-Up

    Info-Tech Insight

    Take the perspective of an end user, who interacts with your products and services, as it is different from the view of those inside the organization, who implement and provide those services.

    Build a stakeholder journey map

    A stakeholder journey map is a tool used to illustrate the user’s perceptions, emotions, and needs as they move through a process and interact with the organization in the form of touch points, channels, and supporting characters.

    this image depicts an example of a stakeholder journey map, the headings in the map are: Journey Activity; Touch Points; Metrics; Nature of Activity; Key Moments & Pain Points; Opportunities

    Stakeholder Journey Map: Journey Activity

    The journey activity refers to the steps taken to accomplish a goal.

    The journey activity comprises the steps or sequence of tasks the stakeholder takes to accomplish their goal. These steps reflect the high-level process your candidates perform to complete a task or solve a problem.

    Stakeholder Journey Map: Touch Points

    Touch points are the points of interaction between a stakeholder and the organization.

    A touch point refers to any time a stakeholder interacts with your organization or brand. Consider three main points of interaction with the customer in the journey:

    • Before: How did they find out about you? How did they first contact you to start this journey? What channels or mediums were used?
      • Social media
      • Rating & reviews
      • Word of mouth
      • Advertising
    • During: How was the sale or service accomplished?
      • Website
      • Catalog
      • Promotions
      • Point of sale
      • Phone system
    • After: What happened after the sale or service?
      • Billing
      • Transactional emails
      • Marketing emails
      • Follow-ups
      • Thank-you emails

    Stakeholder Journey Map: Nature of Activity

    The nature of activity refers to the type of task the journey activity captures.

    We categorize the activity type to identify opportunities for automation. There are four main types of task types, which in combination (as seen in the table below) capture a task or job to be automated.

    Routine Non-Routine
    Cognitive Routine Cognitive: repeatable tasks that rely on knowledge work, e.g. sales, administration
    Prioritize for automation (2)     		Non-Routine Cognitive: infrequent tasks that rely on knowledge work, e.g. driving, fraud detection
    Prioritize for automation (3)
    Non-Routine Cognitive: infrequent tasks that rely on knowledge work, e.g. driving, fraud detection Prioritize for automation (3) Routine Manual: repeatable tasks that rely on physical work, e.g. manufacturing, production
    Prioritize for automation (1)     		Non-Routine Manual: infrequent tasks that rely on physical work, e.g. food preparation
    Not mature for automation

    Info-Tech Insight

    Where automation makes sense, routine manual activities should be transformed first, followed by routine cognitive activities. Non-routine cognitive activities are the final frontier.

    Stakeholder Journey Map: Metrics

    Metrics are a quantifiable measurement of a process, activity, or initiative.

    Metrics are crucial to justify expenses and to estimate growth for capacity planning and resourcing. There are multiple benefits to identifying and implementing metrics in a journey map:

    • Metrics provide accurate indicators for accurate IT and business decisions.
    • Metrics help you identify stakeholder touch point efficiencies and problems and solve issues before they become more serious.
    • Active metrics tracking makes root cause analysis of issues much easier.

    Example of journey mapping metrics: Cost, effort, turnaround time, throughput, net promoter score (NPS), satisfaction score

    Stakeholder Journey Map: Key Moments & Pain Points

    Key moments and pain points refer to the emotional status of a stakeholder at each stake of the customer journey.

    The key moments are defining pieces or periods in a stakeholder's experience that create a critical turning point or memory.

    The pain points are the critical problems that the stakeholder is facing during the journey or business continuity risks. Prioritize identifying pain points around key moments.

    Info-Tech Insight

    To identify key moments, look for moments that can dramatically influence the quality of the journey or end the journey prematurely. To improve the experience, analyze the hidden needs and how they are or aren’t being met.

    Stakeholder Journey Map: Opportunities

    An opportunity is an investment into people, process, or technology for the purposes of building or improving a business capability and accomplishing a specific organizational objective.

    An opportunity refers to the initiatives or projects that should address a stakeholder pain. Opportunities should also produce a demonstrable financial impact – whether direct (e.g. cost reduction) or indirect (e.g. risk mitigation) – and be evaluated based on how technically difficult it will be to implement.

    Customer

    Create new or different experiences for customers

    Workforce

    Generate new organizational skills or new ways of working

    Operations

    Improve responsiveness and resilience of operations

    Innovation

    Develop different products or services

    Example of stakeholder journey output: Higher Education

    Stakeholder: A faculty member
    Journey: As an engineering faculty member, I want to design my curricula in a hybrid mode of delivery so that I can simulate in-classroom experiences

    Journey activity Understanding the needs of students Construct the course material Deliver course material Conduct assessments Upload grades into system
    Touch Points
    • Research (primary or secondary)
    • Teaching and learning center
    • Training on tools
    • Office suite
    • Video tools
    • PowerPoint live
    • Chat (live)
    • Forum (FAQ
    • Online assessment tool
    • ERP
    • LMS
    Nature of Activity Non-routine cognitive Non-routine cognitive Non-routine cognitive Routine cognitive Routine Manual
    Metrics
    • Time to completion
    • Time to completion
    • Student satisfaction
    • Student satisfaction
    • Student scores
    Ken Moments & Pain Points Lack of centralized repository for research knowledge
    • Too many tools to use
    • Lack of Wi-Fi connectivity for students
    • Loss of social aspects
    • Adjusting to new forms of assessments
    		No existing critical pain points; process already automated
    Opportunities
    • Centralized repository for research knowledge
    • Rationalize course creation tool set
    • Connectivity self-assessment/checklist
    • Forums for students
    • Implement an online proctoring tool

    3.2 Stakeholder journey mapping

    Objective: Conduct journey mapping exercise for existing value chains and for opportunities.

    1. Gather the working group and, with the journey mapping workbook, begin to map out the journey scenario statements identified in the value chain analysis. In total, there should be three journey maps:
      • Two for the existing value chains. Map out the specific point in the value chain that is to be transformed.
      • One for the opportunity value chain. Map out all parts of the value chain to be impacted by the new opportunity.
    2. Start with the journey activity and map out the steps involved to accomplish the goal of the stakeholder.
    3. Identify the touch points involved in the value chain.
    4. Categorize the nature of the activity in the journey activity.
    5. Identify metrics for the journey. How can we measure the success of the journey?
    6. Identify pain points and opportunities in parallel with one another.

    Input

    • Value Chain Analysis
    • Stakeholder Personas
    • Journey Mapping Scenario

    Output

    • Journey Map

    Materials

    • Digital Strategy Workbook, Stakeholder Journey tab

    Participants

    • Executives
    • Individuals in the organization that have a direct interaction with the stakeholders

    Info-Tech Insight

    Aim to build out 90% of the stakeholder journey map with the working team; validate the last 10% with the stakeholder themselves.

    Step 3.3

    Prioritize opportunities

    Activities

    • Prioritize opportunities.

    Transform stakeholder journeys

    This step will walk you through the following activities:

    Prioritize the opportunities that arose from the stakeholder journey mapping exercise.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Prioritized opportunities

    Prioritization of opportunities

    Leverage design-thinking methods to prioritize opportunities.

    As there may be many opportunities arising from the journey map, we need to prioritize ideas to identify which ones we can tackle first – or at all. Leverage IDEO’s design-thinking “three lenses of innovation” to support prioritization:

    • Feasibility: Do you currently have the capabilities to deliver on this opportunity? Do we have the right partners, resources, or technology?
    • Desirability: Is this a solution the stakeholder needs? Does it solve a known pain point?
    • Viability: Does this initiative have an impact on the financial revenue of the organization? Is it a profitable solution that will support the business model? Will this opportunity require a complex cost structure?
    Opportunities Feasibility
    (L/M/H)     		Desirability
    (L/M/H)     		Viability
    (L/M/H)
    Centralized repository for research knowledge H H H
    Rationalize course creation tool set H H H
    Connectivity self-assessment/ checklist H M H
    Forums for students M H H
    Exam preparation (e.g. education or practice exams) H H H

    3.3 Prioritization of opportunities

    Objective: Prioritize opportunities for creating a roadmap.

    1. Gather the opportunities identified in the journey mapping exercise
    2. Assess the opportunities based on IDEO’s three lenses of innovation:
      • Feasibility: Do you currently have the capabilities to deliver on this opportunity? Do we have the right partners, resources, or technology?
      • Viability: Does this initiative have an impact on the financial revenue of the organization? Is it a profitable solution that will support the business model? Will this opportunity require a complex cost structure?
      • Desirability: Is this a solution the stakeholder needs? Does it solve a known pain point?
    3. Opportunities that score high in all three areas are prioritized for the roadmap.

    Input

    • Opportunities From Journey Map

    Output

    • Prioritized Opportunities

    Materials

    • Digital Strategy Workbook

    Participants

    • Executives

    Step 3.4

    Define digital goals

    Activities

    Transform stakeholder journeys

    This step will walk you through the following activities:

    Define a digital goal as it relates to the prioritized opportunities and the stakeholder journey map.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Digital goals

    Define digital goals

    What digital goals can be derived from the stakeholder journey?

    With the prioritized set of opportunities for each stakeholder journey, take a step back and assess what the sum of these opportunities mean for the journey. What is the overall goal or objective of these opportunities? How do these opportunities change or facilitate the journey experience? From here, identify a single goal statement for each stakeholder journey.

    Stakeholder Scenario Prioritized Opportunities Goal
    Faculty (Engineering) As a faculty (Engineering), I want to prepare and teach my course in a hybrid mode of delivery Centralized repository for research knowledge
    Rationalized course creation tool set     		Support hybrid course curricula development through value-driven toolsets and centralized knowledge

    3.4 Define digital goals

    Objective: Identify digital goals derived from the journey statements.

    1. With the prioritized set of opportunities for each stakeholder journey (the two existing journeys and one opportunity journey) take a step back and assess what the sum of these opportunities means for each journey.
      • What is the overall goal or objective of these opportunities?
      • How do these opportunities change or facilitate the journey experience?
    2. From here, identify a single goal for each stakeholder journey.

    Input

    • Opportunities From Journey Map
    • Stakeholder Persona

    Output

    • Digital Goals

    Materials

    • Prioritization Matrix

    Participants

    • Executives

    Step 3.5

    Breakdown opportunities into series of initiatives

    Activities

    • Identify initiatives from the opportunities.

    Transform stakeholder journeys

    This step will walk you through the following activities:

    Identify people, process, and technology initiatives for the opportunities identified.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • People, process, and technology initiatives

    Break down opportunities into a series of initiatives

    Brainstorm initiatives for each high-priority opportunity using the framework below. Describe each initiative as a plan or action to take to solve the problem.

    Opportunity → Initiatives:

    People: What initiatives are required to manage people, data, and other organizational factors that are impacted by this opportunity?

    Process: What processes must be created, changed, or removed based on the data?

    Technology: What systems are required to support this opportunity?

    Break down opportunities into a series of initiatives

    Initiatives
    Centralized repository for research knowledge Technology Acquire and implement knowledge management application
    People Train researchers on functionality
    Process Periodically review and validate data entries into repository
    Initiatives
    Rationalize course creation toolset Technology Retire duplicate or under-used tools
    People Provide training on tool types and align to user needs
    Process Catalog software applications and tools across the organization
    Identify under-used or duplicate tools/applications

    Info-Tech Insight

    Ruthlessly evaluate if a initiative should stand alone or if it can be rolled up with another. Fewer initiatives or opportunities increases focus and alignment, allowing for better communication.

    3.5 Break down opportunities into initiatives

    Objective: Break down opportunities into people, process, and technology initiatives.

    1. Split into groups and identify initiatives required to deliver on each opportunity. Document each initiative on sticky notes.
    2. Have each team answer the following questions to identify initiatives for the prioritized opportunities:
      • People: What initiatives are required to manage people, data, and other organizational factors that are impacted by this opportunity?
      • Process: What processes must be created, changed, or removed based on the data?
      • Technology: What systems are required to support this opportunity?
    3. Document findings in the Digital Strategy Workbook.

    Input

    • Opportunities

    Output

    • Opportunity initiatives categorized by people, process and technology

    Materials

    • Digital Strategy Workbook

    Participants

    • Executive team

    Phase 4

    Build a digital transformation roadmap

    • Detail initiatives
    • Build a unified roadmap roadmap

    This phase will walk you through the following activities:

    Build a digital transformation roadmap that captures people, process, and technology initiatives.

    This phase involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes

    • Digital transformation roadmap

    Step 4.1

    Detail initiatives

    Activities

    • Detail initiatives.

    Build a digital transformation roadmap

    This step will walk you through the following activities:

    Detail initiatives for each priority initiative on your horizon.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • A roadmap for your digital business strategy.

    Create initiative profiles for each high-priority initiative on your strategy

    this image contains a screenshot of an example initiative profile

    Step 4.2

    Build a roadmap

    Activities

    • Create a roadmap of initiatives.

    Build a digital transformation roadmap

    Info-Tech Insight

    A roadmap that balances growth opportunities with business resilience will transform your organization for long-term success in the digital economy.

    This step will walk you through the following activities:

    Identify timing of initiatives and build a Gantt chart roadmap.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • A roadmap for your digital transformation and the journey canvases for each of the prioritized journeys.

    Build a roadmap to visualize your key initiative plan

    Visual representations of data are more compelling than text alone.

    Develop a high-level document that travels with the initiative from inception through executive inquiry, project management, and finally execution.

    A initiative needs to be discrete: able to be conceptualized and discussed as an independent item. Each initiative must have three characteristics:

    • Specific outcome: Describe an explicit change in the people, processes, or technology of the enterprise.
    • Target end date: When the described outcome will be in effect.
    • Owner: Who on the IT team is responsible for executing on the initiative.
    this image contains screenshots of a sample roadmap for supporting hybrid course curricula development through value-driven toolsets and centralized knowledge.

    4.2 Build your roadmap (30 minutes)

    1. For the Gantt chart:
      • Input the Roadmap Start Year date.
      • Change the months and year in the Gantt chart to reflect the same roadmap start year.
      • Populate the planned start and planned end date for the pre-populated list of high-priority initiatives in each category (people, process, and technology).

    Input

    • Initiatives
    • Initiative start & end dates
    • Initiative category

    Output

    • Digital strategy roadmap visual

    Materials

    • Digital Strategy Workbook

    Participants

    • Senior Executive

    Learn more about project portfolio management strategy

    Step 4.3

    Create a refresh strategy

    Activities

    • Refresh your strategy.

    Build a digital transformation roadmap

    Info-Tech Insight

    A digital strategy is a design process, it must be revisited to pressure test and account for changes in the external environment.

    This step will walk you through the following activities:

    Detail a refresh strategy.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • Refresh strategy

    Create a refresh strategy

    It is important to dedicate time to your strategy throughout the year. Create a refresh plan to assess for the changing business context and its impact on the digital business strategy. Make sure the regular planning cycle is not the primary trigger for strategy review. Put a process in place to review the strategy and make your organization proactive. Start by examining the changes to the business context and how the effect would trickle downwards. It’s typical for organizations to build a refresh strategy around budget season and hold planning and touch points to accommodate budget approval time.
    Example:

    this image contains an example of a refresh strategy.

    4.3 Create a refresh strategy (30 minutes)

    1. Work with the digital strategy creation team to identify the time frequencies the organization should consider to refresh the digital business strategy. Time frequencies can also be events that trigger a review (i.e. changing business goals). Record the different time frequencies in the Refresh of the Digital Business Strategy slide of the section.
    2. Discuss with the team the different audience members for each time frequency and the scope of the refresh. The scope represents what areas of the digital business strategy need to be re-examined and possibly changed.

    Example:

    Frequency Audience Scope Date
    Annually Executive Leadership Resurvey, review/ validate, update schedule Pre-budget
    Touch Point Executive Leadership Status update, risks/ constraints, priorities Oct 2021
    Every Year (Re-build) Executive Leadership Full planning Jan 2022

    Input

    • Digital Business Strategy

    Output

    • Refresh Strategy

    Materials

    • Digital Business Strategy Presentation Template
    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Leaders

    Related Info-Tech Research

    Design a Customer-Centric Digital Operating Model

    Design a Customer-Centric Digital Operating Model

    Establish a new way of working to deliver value on your digital transformation initiatives.

    Develop a Project Portfolio Management Strategy

    Develop a Project Portfolio Management Strategy

    Drive project throughput by throttling resource capacity.

    Adopt Design Thinking in Your Organization

    Adopt Design Thinking in Your Organization

    Innovation needs design thinking.

    Digital Maturity Improvement Service

    Digital Maturity Improvement Service

    Prepare your organization for digital transformation – or risk falling behind.

    Research Contributors and Experts

    Kenneth McGee

    this is a picture of Research Fellow, Kenneth McGee

    Research Fellow
    Info-Tech Research Group

    Kenneth McGee is a Research Fellow within the CIO practice at Info-Tech Research Group and is focused on IT business and financial management issues, including IT Strategy, IT Budgets and Cost Management, Mergers & Acquisitions (M&A), and Digital Transformation. He also has extensive experience developing radical IT cost reduction and return-to-growth initiatives during and following financial recessions.

    Ken works with CIOs and IT leaders to help establish twenty-first-century IT organizational charters, structures, and responsibilities. Activities include IT organizational design, IT budget creation, chargeback, IT strategy formulation, and determining the business value derived from IT solutions. Ken’s research has specialized in conducting interviews with CEOs of some of the world’s largest corporations. He has also interviewed a US Cabinet member and IT executives at the White

    House. He has been a frequent keynote speaker at industry conventions, client sales kick-off meetings, and IT offsite planning sessions.

    Ken obtained a BA in Cultural Anthropology from Dowling College, Oakdale, NY, and has pursued graduate studies at Polytechnic Institute (now part of NYU University). He has been an adjunct instructor at State University of New York, Westchester Community College.

    Jack Hakimian

    this is a picture of Vice President of the Info-Tech Research Group, Jack Hakimian

    Vice President
    Info-Tech Research Group

    Jack has more than 25 years of technology and management consulting experience. He has served multi-billion dollar organizations in multiple industries including Financial Services and Telecommunications. Jack also served a number of large public sector institutions.

    Prior to joining the Info-Tech Research Group, he worked for leading consulting players such as Accenture, Deloitte, EY, and IBM.

    Jack led digital business strategy engagements as well as corporate strategy and M&A advisory services for clients across North America, Europe, the Middle East, and Africa. He is a seasoned technology consultant who has developed IT strategies and technology roadmaps, led large business transformations, established data governance programs, and managed the deployment of mission-critical CRM and ERP applications.

    He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master’s degree in Computer Engineering as well as an MBA from the ESCP-EAP European School of Management.

    Bibliography

    Abrams, Karin von. “Global Ecommerce Forecast 2021.” eMarketer, Insider Intelligence, 7 July 2021. Web.

    Christenson, Clayton. The Innovator's Dilemma: When New Technologies Cause Great Firms to Fail. Harvard Business School, 1997. Book.

    Drucker, Peter F., and Joseph A. Maciariello. Innovation and Entrepreneurship. Routledge, 2015.

    Eagar, Rick, David Boulton, and Camille Demyttenaere. “The Trends in Megatrends.” Arthur D Little, Prism, no. 2, 2014. Web.

    Enright, Sara, and Allison Taylor. “The Future of Stakeholder Engagement.” The Business of a Better World, October 2016. Web.

    Hatem, Louise, Daniel Ker, and John Mitchell. “A roadmap toward a common framework for measuring the digital economy.” Report for the G20 Digital Economy Task Force, OECD, 2020. Web.

    Kemp, Simon. “Digital 2021 April Statshot Report.” DataReportal, Global Digital Insights, 21 Apr. 2021. Web.

    Larson, Chris. “Disruptive Innovation Theory: 4 Key Concepts.” Business Insights, Harvard Business School, HBS Online, 15 Nov. 2016. Web.

    McCann, Leah. “Barco's Virtual Classroom at UCL: A Case Study for the Future of All University Classrooms?” rAVe, 2 July 2020. Web.

    Mochari, Ilan. “The Startup Buzzword Almost Everyone Uses Incorrectly.” Inc., 19 Nov. 2015. Web.

    Osterwalder, Alexander, et al. Value Proposition Design. Wiley, 2014.

    Reed, Laura. “Artificial Intelligence: Is Your Job at Risk?” Science Node, 9 August 2017.

    Rodeck, David. “Alphabet Soup: Understanding the Shape of a Covid-19 Recession.” Forbes, 8 June 2020. Web.

    Tapscott, Don. Wikinomics. Atlantic Books, 2014.

    Taylor, Paul. “Don't Be A Dodo: Adapt to the Digital Economy.” Forbes, 27 Aug. 2015. Web.

    The Business Research Company. "Wholesale Global Market Report 2021: COVID-19 Impact and Recovery to 2030." Research and Markets, January 2021. Press Release.

    “Topic 1: Megatrends and Trends.” BeFore, 11 October 2018.

    “Updated Digital Economy Estimates – June 2021.” Bureau of Economic Analysis, June 2021. Web.

    Williamson, J. N. The Leader Manager. John Wiley & Sons, 1984.

    Create a Data Management Roadmap

    • Buy Link or Shortcode: {j2store}122|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $100,135 Average $ Saved
    • member rating average days saved: 36 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    Data has quickly become one of the most valuable assets in any organization. But when it comes to strategically and effectively managing those data assets, many businesses find themselves playing catch-up. The stakes are high because ineffective data management practices can have serious consequences, from poor business decisions and missed revenue opportunities to critical cybersecurity risks.

    Successful management and consistent delivery of data assets requires collaboration between the business and IT and the right balance of technology, process, and resourcing solutions.

    Build an effective and collaborative data management practice

    Data management is not one-size-fits-all. Cut through the noise around data management and create a roadmap that is right for your organization:

    • Align data management plans with business requirements and strategic plans.
    • Create a collaborative plan that unites IT and the business in managing data assets.
    • Design a program that can scale and evolve over time.
    • Perform data strategy planning and incorporate data capabilities into your broader plans.
    • Identify gaps in current data services and the supporting environment and determine effective corrective actions.

    This blueprint will help you design a data management practice that builds capabilities to support your organization’s current use of data and its vision for the future.

    Create a Data Management Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a Data Management Roadmap Storyboard – Use this deck to help you design a data management practice and turn data into a strategic enabler for the organization.

    Effective data delivery and management provides the business with new and improved opportunities to leverage data for business operations and decision making. This blueprint will help you design a data management practice that will help your team build capabilities that align to the business' current usage of data and its vision for the future.

    • Create a Data Management Roadmap – Phases 1-2

    2. Data Management Strategy Planning Tools – Use these tools to align with the business and lay the foundations for the success of your data management practice.

    Begin by using the interview guide to engage stakeholders to gain a thorough understanding of the business’ challenges with data, their strategic goals, and the opportunities for data to support their future plans. From there, these tools will help you identify the current and target capabilities for your data management practice, analyze gaps, and build your roadmap.

    • Data Strategy Planning Interview Guide
    • Data Management Assessment and Planning Tool
    • Data Management Project Charter Template

    3. Stakeholder Communication and Assessment Tools – Use these templates to develop a communication strategy that will convey the value of the data management project to the organization and meet the needs of key stakeholders.

    Strong messaging around the value and purpose of the data management practice is essential to ensure buy-in. Use these templates to build a business case for the project and socialize the idea of data management across the various levels of the organization while anticipating the impact on and reactions from key stakeholders.

    • Data Management Communication/Business Case Template
    • Project Stakeholder and Impact Assessment Tool

    4. Data Management Strategy Work Breakdown Structure Template – Use this template to maintain strong project management throughout your data management project.

    This customizable template will support an organized approach to designing a program that addresses the business’ current and evolving data management needs. Use it to plan and track your deliverables and outcomes related to each stage of the project.

    • Data Management Strategy Work Breakdown Structure Template

    5. Data Management Roadmap Tools – Use these templates to plan initiatives and create a data management roadmap presentation.

    Create a roadmap for your data management practice that aligns to your organization’s current needs for data and its vision for how it wants to use data over the next 3-5 years. The initiative tool guides you to identify and record all initiative components, from benefits to costs, while the roadmap template helps you create a presentation to share your project findings with your executive team and project sponsors.

    • Initiative Definition Tool
    • Data Management Roadmap Template

    6. Track and Measure Benefits Tool – Use this tool to monitor the project’s progress and impact.

    Benefits tracking enables you to measure the effectiveness of your project and make adjustments where necessary to realize expected benefits. This tool will help you track benefit metrics at regular intervals to report progress on goals and identify benefits that are not being realized so that you can take remedial action.

    • Track and Measure Benefits Tool

    Infographic

    Workshop: Create a Data Management Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Develop Data Strategies

    The Purpose

    Understand the business’s vision for data and the role of the data management practice.

    Determine business requirements for data.

    Map business goals and strategic plans to create data strategies.

    Key Benefits Achieved

    Understanding of business’s vision for data

    Unified vision for data management (business and IT)

    Identification of the business’s data strategies

    Activities

    1.1 Establish business context for data management.

    1.2 Develop data management principles and scope.

    1.3 Develop conceptual data model (subject areas).

    1.4 Discuss strategic information needs for each subject area.

    1.5 Develop data strategies.

    1.6 Identify data management strategies and enablers.

    Outputs

    Practice vision

    Data management guiding principles

    High-level data requirements

    Data strategies for key data assets

    2 Assess Data Management Capabilities

    The Purpose

    Determine the current and target states of your data management practice.

    Key Benefits Achieved

    Clear understanding of current environment

    Activities

    2.1 Determine the role and scope of data management within the organization.

    2.2 Assess current data management capabilities.

    2.3 Set target data management capabilities.

    2.4 Identify performance gaps.

    Outputs

    Data management scope

    Data management capability assessment results

    3 Analyze Gaps and Develop Improvement Initiatives

    The Purpose

    Identify how to bridge the gaps between the organization’s current and target environments.

    Key Benefits Achieved

    Creation of key strategic plans for data management

    Activities

    3.1 Evaluate performance gaps.

    3.2 Identify improvement initiatives.

    3.3 Create preliminary improvement plans.

    Outputs

    Data management improvement initiatives

    4 Design Roadmap and Plan Implementation

    The Purpose

    Create a realistic and action-oriented plan for implementing and improving the capabilities for data management.

    Key Benefits Achieved

    Completion of a Data Management Roadmap

    Plan for how to implement the roadmap’s initiatives

    Activities

    4.1 Align data management initiatives to data strategies and business drivers.

    4.2 Identify dependencies and priorities

    4.3 Build a data management roadmap (short and long term)

    4.4 Create a communication plan

    Outputs

    Data management roadmap

    Action plan

    Communication plan

    Further reading

    Contents

    Executive Brief
    Analyst Perspective
    Executive Summary
    Phase 1: Build Business and User Context
    Phase 2: Assess Data Management and Build Your Roadmap
    Additional Support
    Related Research
    Bibliography

    Create a Data Management Roadmap

    Ensure the right capabilities to support your data strategy.

    EXECUTIVE BRIEF

    Analyst Perspective

    Establish a data management program to realize the data strategy vision and data-driven organization.

    Data is one of the most valuable organizational assets, and data management is the foundation – made up of plans, programs, and practices – that delivers, secures, and enhances the value of those assets.

    Digital transformation in how we do business and innovations like artificial intelligence and automation that deliver exciting experiences for our customers are all powered by readily available, trusted data. And there’s so much more of it.

    A data management roadmap designed for where you are in your business journey and what’s important to you provides tangible answers to “Where do we start?” and “What do we do?”

    This blueprint helps you build and enhance data management capabilities as well as identify the next steps for evaluating, strengthening, harmonizing, and optimizing these capabilities, aligned precisely with business objectives and data strategy.

    Andrea Malick
    Director, Research & Advisory, Data & Analytics Practice
    Info-Tech Research Group

    Frame the problem

    Who this research is for
    • Data management professionals looking to improve the organization’s ability to leverage data in value-added ways
    • Data governance managers and data analysts looking to improve the effectiveness and value of their organization’s data management practice
    		 This research will help you
    • Align data management plans with business requirements and strategic plans.
    • Create a collaborative plan that unites IT and the business in managing the organization’s data assets.
    • Design a data management program that can scale and evolve over time.
    This research will also assist
    • Business leaders creating plans to leverage data in their strategic planning and business processes
    • IT professionals looking to improve the environment that manages and delivers data
    		This research will also help you
    • Perform data strategy planning and incorporate data capabilities and plans into your broader plans.
    • Identify gaps in current data services and the supporting environment and determine effective corrective actions.

    Executive Summary

    Your Challenge
    • The organizational appetite for data is increasing, with growing demands for data to better support business processes and inform decision making.
    • For data to be accessible and trustworthy for the business it must be effectively managed throughout its lifecycle.
    • With so much data circulating throughout our systems and a steady flow via user activity and business activities, it is imperative that we understand our data environment, focus our data services and oversight on what really matters, and work closely with business leads to ensure data is an integral part of the digital solution.
    		 Common Obstacles
    • Despite the growing focus on data, many organizations struggle to develop an effective strategy for managing their data assets.
    • Successful management and consistent delivery of data assets throughout their lifecycle requires the collaboration of the business and IT and the balance of technology, process, and resourcing solutions.
    • Employees are doing their best to just get things done with their own spreadsheets and familiar patterns of behavior. It takes leadership to pause those patterns and take a thoughtful enterprise and strategic approach to a more streamlined – and transformed – business data service.
    		 Info-Tech’s Approach
    • Incremental approach: Building a mature and optimized practice doesn’t occur overnight – it takes time and effort. Use this blueprint’s approach and roadmap results to support your organization in building a practice that prioritizes scope, increases the effectiveness of your data management practice, and improves your alignment with business data needs.
    • Build smart: Don’t do data management for data management’s sake; instead, align it to business requirements and the business’ vision for the organization’s data. Ensure initiatives and program investments best align to business priorities and support the organization in becoming more data driven and data centric.

    Info-Tech Insight

    Use value streams and business capabilities to develop a prioritized and practical data management plan that provides the highest business satisfaction in the shortest time.

    Full page illustration of the 'Create a Data Management Roadmap' using the image of a cargo ship labelled 'Data Management' moving in the direction of 'Business Strategy'. The caption at the top reads 'Data Management capabilities create new business value by augmenting data & optimizing it for analytics. Data is a digital imprint of organizational activities.'

    Data Management Capabilities

    A similar concept to the last one, with a ship moving toward 'Business Strategy', except the ship is cross-sectioned with different capabilities filling the interior of the silhouette. Below are different steps in data management 'Data Creation', 'Data Ingestion', 'Data Accumulation, 'Data Augmentation', 'Data Delivery', and 'Data Consumption'.

    Data is a business asset and needs to be treated like one

    Data management is an enabler of the business and therefore needs to be driven by business goals and objectives. For data to be a strategic asset of the business, the business and IT processes that support its delivery and management must be mature and clearly executed.

    Business Drivers
    1. Client Intimacy/Service Excellence
    2. Product and Service Innovations
    3. Operational Excellence
    4. Risk and Compliance Management
    		 Data Management Enablers
    • Data Governance
    • Data Strategy Planning
    • Data Architecture
    • Data Operations Management
    • Data Risk Management
    • Data Quality Management

    Industry spotlight: Risk management in the financial services sector

    REGULATORY
    COMPLIANCE
    Regulations are the #1 driver for risk management.

    US$11M:

    Fine incurred by a well-known Wall Street firm after using inaccurate data to execute short sales orders.
    “To successfully leverage customer data while maintaining compliance and transparency, the financial sector must adapt its current data management strategies to meet the needs of an ever-evolving digital landscape.” (Phoebe Fasulo, Security Scorecard, 2021)

    Industry spotlight: Operational excellence in the public sector

    GOVERNMENT
    TRANSPARENCY

    With frequent government scandals and corruption dominating the news, transparency to the public is quickly becoming a widely adopted practice at every level of government. Open government is the guiding principle that the public has access to the documents and proceedings of government to allow for effective public oversight. With growing regulations and pressure from the public, governments must adopt a comprehensive data management strategy to ensure they remain accountable to their rate payers, residents, businesses, and other constituents.

    1. Transparency Transparency is not just about access; it’s about sharing and reuse.
    2. Social and commercial value Everything from finding your local post office to building a search engine requires access to data.
    3. Participatory government Open data enables citizens to be more directly informed and involved in decision making.

    Industry spotlight: Operational excellence and client intimacy in major league sports

    SPORTS
    ANALYTICS

    A professional sports team is essentially a business that is looking for wins to maximize revenue. While they hope for a successful post-season, they also need strong quarterly results, just like you. Sports teams are renowned for adopting data-driven decision making across their organizations to do everything from improving player performance to optimizing tickets sales. At the end of the day, to enable analytics you must have top-notch information management.

    		Team Performance Benefits
    1. Talent identification
    2. In-game decision making
    3. Injury reduction
    4. Athlete performance
    5. Bargaining agreement
    Team Performance Benefits
    1. Fan engagement
    2. Licensing
    3. Sports gambling
    (Deloitte Insights, 2020)
    Industry leaders cite data, and the insights they glean from it, as their means of standing apart from their competitors.

    Industry spotlight: Operational excellence and service delivery within manufacturing and supply chain services

    SUPPLY CHAIN
    EFFICIENCY

    Data offers key insights and opportunities when it comes to supply chain management. The supply chain is where the business strategy gets converted to operational service delivery of the business. Proper data management enables business processes to become more efficient, productive, and profitable through the greater availability of quality data and analysis.

    Fifty-seven percent of companies believe that supply chain management gives them a competitive advantage that enables them to further develop their business (FinancesOnline, 2021).

    Involving Data in Your Supply Chain

    25%

    		 Companies can reap a 25% increase in productivity, a 20% gain in space usage, and a 30% improvement in stock use efficiency if they use integrated order processing for their inventory system.

    36%

    		 Thirty-six percent of supply chain professionals say that one of the top drivers of their analytics initiatives is the optimization of inventory management to balance supply and demand.
    (Source: FinancesOnline, 2021)

    Industry spotlight: Intelligent product innovation and strong product portfolios differentiate consumer retailers and CPGs

    INFORMED PRODUCT
    DEVELOPMENT         		Consumer shopping habits and preferences are notoriously variable, making it a challenge to develop a well-received product. Information and insights into consumer trends, shopping preferences, and market analysis support the probability of a successful outcome.

    Maintaining a Product Portfolio
    What is selling? What is not selling?

    Product Development
    • Based on current consumer buying patterns, what will they buy next?
    • How will this product be received by consumers?
    • What characteristics do consumers find important?
    A combination of operational data and analytics data is required to accurately answer these questions.     		Internal Data
    • Organizational sales performance
    External Data
    • Competitor performance
    • Market analysis
    • Consumer trends and preferences
    Around 75% of ideas fail for organizational reasons – viability or feasibility or time to market issues. On the other hand, around 20% of product ideas fail due to user-related issues – not valuable or usable (Medium, 2020).

    Changes in business and technology are changing how organizations use and manage data

    The world moves a lot faster today

    Businesses of today operate in real time. To maintain a competitive edge, businesses must identify and respond quickly to opportunities and events.

    To effectively do this businesses must have accurate and up-to-date data at their fingertips.

    To support the new demands around data consumption, data velocity (pace in which data is captured, organized, and analyzed) must also accelerate.

    Data Management Implications
    • Strong integration capabilities
    • Intelligent and efficient systems
    • Embedded data quality management
    • Strong transparency into the history of data and its transformation

    Studies and projections show a clear case of how data and its usage will grow and evolve.

    Zettabyte Era

    64.2

    		 More Data

    The amount of data created, consumed, and stored globally is forecast to increase rapidly, reaching 64.2 zettabytes in 2020 and projected to grow to over 180 zettabyes in 2025 (Statista, 2021).

    Evolving Technologies

    $480B

    		 Cloud Proliferation

    Global end-user spending on public cloud services is expected to exceed $480 billion next year (Info-Tech, 2021).

    To differentiate and remain competitive in today’s marketplace, organizations are becoming more data-driven

    Pyramid with a blue tip. Sublevels from top down are labelled 'Analytical Companies', 'Analytical Aspirations', 'Localized Analytics', and 'Analytically Impaired'.

    Analytic Competitor

    “Given the unforgiving competitive landscape, organizations have to transform now, and correctly. Winning requires an outcome-focused analytics strategy.” (Ramya Srinivasan, Forbes, 2021)
    Data and the use of data analytics has become a centerpiece to effective modern business. Top-performing organizations across a variety of industries have been cited as using analytics five times more than lower performers (MIT Sloan).

    The strategic value of data

    Power intelligent and transformative organizational performance through leveraging data.

    Respond to industry disruptors

    Optimize the way you serve your stakeholders and customers

    Develop products and services to meet ever-evolving needs

    Manage operations and mitigate risk
    Harness the value of your data

    Despite investments in data initiatives, organizations are carrying high levels of data debt

    Data debt is the accumulated cost that is associated with the suboptimal governance of data assets in an enterprise, like technical debt.

    Data debt is a problem for 78% of organizations.

    40%

    of organizations say individuals within the business do not trust data insights.

    66%

    of organizations say a backlog of data debt is impacting new data management initiatives.

    33%

    of organizations are not able to get value from a new system or technology investment.

    30%

    of organizations are unable to become data-driven.

    (Source: Experian, 2020)

    The journey to being data-driven

    The journey to becoming a data-driven organization requires a pit stop at data enablement.

    The Data Economy

    Diagram of 'The Data Economy' with three points on an arrow. 'Data Disengaged: You have a low appetite for data and rarely use data for decision making.' 'Data Enabled: Technology, data architecture, and people and processes are optimized and supported by data governance.' 'Data Driven: You are differentiating and competing on data and analytics, described as a “data first” organization. You’re collaborating through data. Data is an asset.'

    Measure success to demonstrate tangible business value

    Put data management into the context of the business:
    • Tie the value of data management and its initiatives back to the business capabilities that are enabled.
    • Leverage the KPIs of those business capabilities to demonstrate tangible and measurable value. Use terms and language that will resonate with senior leadership.

    Don’t let measurement be an afterthought:

    Start substantiating early on how you are going to measure success as your data management program evolves.

    Build a right-sized roadmap

    Formulate an actionable roadmap that is right-sized to deliver value in your organization.

    Key considerations:
    • When building your data management roadmap, ensure you do so through an enterprise lens. Be cognizant of other initiatives that might be coming down the pipeline that may require you to align your data governance milestones accordingly.
    • Apart from doing your planning with consideration for other big projects or launches that might be in-flight and require the time and attention of your data management partners, also be mindful of the more routine yet still demanding initiatives.
    • When doing your roadmapping, consider factors like the organization’s fiscal cycle, typical or potential year-end demands, and monthly/quarterly reporting periods and audits. Initiatives such as these are likely to monopolize the time and focus of personnel key to delivering on your data management milestones
    Sample milestones:
    • Data Management Leadership & Org Structure Definition
      Define the home for data management, as approved by senior leadership.
    • Data Management Charter and Policies
      Create a charter for your program and build/refresh associated policies.
    • Data Culture Diagnostic
      Understand the organization’s current data culture, perception of data, value of data, and knowledge gaps.
    • Use Case Build and Prioritization
      Build a use case that is tied to business capabilities. Prioritize accordingly.
    • Business Data Glossary/Catalog
      Build and/or refresh the business’ glossary for addressing data definitions and standardization issues.
    • Tools & Technology
      Explore the tools and technology offering in the data management space that would serve as an enabler to the program (e.g. RFI, RFP).

    Insight summary

    Overarching insight

    Your organization’s value streams and the associated business capabilities require effectively managed data. Whether building customer service excellence or getting ahead of cyberattacks, a data management practice is the dependable mainstay supporting business operations and transformation.

    Insight 1

    Data – it’s your business.
    Data is a digital imprint of business activities. Data architecture and flows are reflective of the organizational business architecture. Take data management capabilities as seriously as other core business capabilities.

    Insight 2

    Take a data-oriented approach.
    Data management must be data-centric – with technology and functional enablement built around the data and its structure and flows. Maintain the data focus during project’s planning, delivery, and evaluation stages.

    Insight 3

    Get the business into the data business.
    Data is not “IT’s thing.” Just as a bank helps you properly allocate your money to achieve your financial goals, IT will help you implement data management to support your business goals, but the accountability for data resides with the business.

    Tactical insight

    Data management is the program and environment we build once we have direction, i.e. a data strategy, and we have formed an ongoing channel with the guiding voice of the business via data governance. Without an ultimate goal in a strategy or the real requirements of the business, what are we building data systems and processes for? We are used to tech buzz words and placing our hope in promising innovations like artificial intelligence. There are no shortcuts, but there are basic proven actions we can take to meet the digital revolution head on and let our data boost our journey.

    Key deliverable:

    Data Management Roadmap Template

    Use this template to guide you in translating your project's findings and outcomes into a presentation that can be shared with your executive team and project sponsors.

    Sample of the 'Data Management Roadmap Template' key deliverable.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Data Management Assessment and Planning Tool

    Use this tool to support your team in assessing and designing the capabilities and components of your organization's data management practice. Sample of the 'Data Management Assessment and Planning Tool' deliverable.

    Data Culture Diagnostic and Scorecard

    Sample of the 'Data Culture Diagnostic and Scorecard' deliverable.

    Leverage Info-Tech’s Data Culture Diagnostic to understand how your organization scores across 10 areas relating to data culture.

    Business Capability Map

    This template takes you through a business capability and value stream mapping to identify the data capabilities required to enable them. Sample of the 'Business Capability Map' deliverable.

    Measure the value of this blueprint

    Leverage this blueprint’s approach to ensure your data management initiatives align and support your key value streams and their business capabilities.
    • Aligning your data management program and its initiatives to your organization’s business capabilities is vital for tracing and demonstrating measurable business value for the program.
    • This alignment of data management with value streams and business capabilities enables you to use business-defined KPIs and demonstrate tangible value.

    Project outcome

    Metric
    Timely data delivery Time of data delivery to consumption
    Improved data quality Data quality scorecard metrics
    Data provenance transparency Time for data auditing (from report/dashboard to the source)
    New reporting and analytic capabilities Number of level 2 business capabilities implemented as solutions
    		In Phase 1 of this blueprint, we will help you establish the business context, define your business drivers and KPIs, and understand your current data management capabilities and strengths.

    In Phase 2, we will help you develop a plan and a roadmap for addressing any gaps and improving the relevant data management capabilities so that data is well positioned to deliver on those defined business metrics.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Create a Data Management Roadmap project overview

    1. Build Business Context and Drivers for the Data Management Program 2. Assess Data Management and Build Your Roadmap
    Best-Practice Toolkit

    1.1 Review the Data Management Framework

    1.2 Understand and Align to Business Drivers

    1.3 Build High-Value Use Cases

    1.4 Create a Vision

    2.1 Assess Data Management

    2.2 Build Your Data Management Roadmap

    2.3 Organize Business Data Domains

    Guided Implementation
    • Call 1
    • Call 2
    • Call 3
    • Call 4
    • Call 5
    • Call 6
    • Call 7
    • Call 8
    • Call 9
    Phase Outcomes
    • An understanding of the core components of an effective data management program
    • Your organization’s business capabilities and value streams
    • A business capability map for your organization
    • High-value use cases for data management
    • Vision and guiding principles for data management
    • An understanding of your organization’s current data management capabilities
    • Definition of target-state capabilities and gaps
    • Roadmap of priority data management initiatives
    • Business data domains and ownership

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2
    Call #1: Understand drivers, business context, and scope of data management at your organization. Learn about Info-Tech’s approach and resources.

    Call #2: Get a detailed overview of Info-Tech’s approach, framework, Data Culture Diagnostic, and blueprint.

    		Call #3:Align your business capabilities with your data management capabilities. Begin to develop a use case framework.

    Call #4:Further discuss alignment of business capabilities to data management capabilities and use case framework.

    		Call #5: Assess your current data management capabilities and data environment. Review your Data Culture Diagnostic Scorecard, if applicable.

    Call #6: Plan target state and corresponding initiatives.

    		Call #7: Identify program risks and formulate a roadmap.

    Call #8: Identify and prioritize improvements. Define a RACI chart.

    		Call #9: Summarize results and plan next steps.

    Workshop Overview

    		 Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889
    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Understand and contextualize

    1.1 Review your data strategy.

    1.2 Learn data management capabilities.

    1.3 Discuss DM capabilities cross-dependencies and interactions.

    1.4 Develop high-value use cases.

    Assess current DM capabilities and set improvement targets

    2.1 Assess you current DM capabilities.

    2.2 Set targets for DM capabilities.

    Formulate and prioritize improvement initiatives

    3.1 Formulate core initiatives for DM capabilities improvement.

    3.2 Discuss dependencies across the initiatives and prioritize them.

    Plan for delivery dates and assign RACI

    4.1 Plan dates and assign RACI for the initiatives.

    4.2 Brainstorm initiatives to address gaps and enable business goals.

    Next steps and wrap-up (offsite)

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables
    1. Understanding of the data management capabilities and their interactions and logical dependencies
    2. Use cases
    1. DM capability assessment results
    2. DM vision and guiding principles
    1. Prioritized DM capabilities improvement initiatives
    1. DM capabilities improvement roadmap
    2. Business data domains and ownership
    1. Workshop final report with key findings and recommendations

    Full page diagram of the 'Data & Analytics landscape'. Caption reads 'The key to landscaping your data environment lies in ensuring foundational disciplines are optimized in a way that recognizes the interdependency among the various disciplines.' Many foundational disciplines are color-coded to a legend determining whether its 'accountability sits with IT' or 'with the business; CDO'. An arrow labeled 'You Are Here' points to 'Data Management', which is coded in both colors meaning both IT and the business are accountable.

    What is data management and why is it needed?

    “Data management is the development, execution, and supervision of plans, policies, programs and practices that deliver, control, protect and enhance the value of data and information assets throughout their lifecycles.” (DAMA International, 2017)

    Achieving successful management and consistent delivery of data assets throughout their lifecycle requires the collaboration of the business and IT and the balance of technology, process, and resourcing solutions.

    Who:

    This research is designed for:
    • Data management heads and professionals looking to improve their organization’s ability to leverage data in value-added ways.
    • Data management and IT professionals looking to optimize the data environment, from creation and ingestion right through to consumption.

    Are your data management capabilities optimized to support your organization’s data use and demand?

    What is the current situation?

    Situation
    • The volume and variety of data are growing exponentially and show no sign of slowing down.
    • Business landscapes and models are evolving.
    • Users and stakeholders are becoming more and more data-centric, with maturing and demanding expectations.
    		 Complication
    • Organizations struggle to develop a comprehensive approach to optimizing data management.
    • In their efforts to keep pace with the demands for data, data management groups often adopt a piecemeal approach that includes turning to tools as a means to address the needs.
    • Data architecture, models, and designs fail to deliver real and measurable business impact and value. Technology ROI is not realized.
    		 Info-Tech Insight

    A data strategy should never be formulated disjointed from the business. Ensure the data strategy aligns with the business strategy and supports the business architecture.

    Info-Tech’s Data Management Framework

    What Is Data Management?

    Data management is the development, execution, and supervision of plans, policies, programs and practices that deliver, control, protect and enhance the value of data and information assets throughout their lifecycles.” (DAMA International, 2017)

    The three-tiered Data Management Framework, tiers are labelled 'Data Management Enablers', 'Information Dimensions', and 'Business Information'.

    Adapted from DAMA-DMBOK and Advanced Knowledge Innovations Global Solutions

    Info-Tech’s Approach

    Info-Tech’s Data Management Framework is designed to show how an organization’s business model sits as the foundation of its data management practice. Drawing from the requirements of the underpinning model, a practice is designed and maintained through the creation and application of the enablers and dimensions of data management.

    Build a data management practice that is centered on supporting the business and its use of key data assets

    Business Resources

    Data subject areas provide high-level views of the data assets that are used in business processes and enable an organization to perform its business functions.

    Classified by specific subjects, these groups reflect data elements that, when used effectively, are able to support analytical and operational use cases of data.

    This layer is representative of the delivery of the data assets and the business’ consumption of the data.

    Data is an integral business asset that exists across all areas of an organization

    Equation stating 'Trustworthy and Usable Data' plus 'Well-Designed and Executed Processes' equals 'Business Capabilities and Functions'.     		Data Management Framework with only the bottom tier highlighted.

    For a data management practice to be effective it ultimately must show how its capabilities and operations better support the business in accessing and leveraging its key data assets.*

    *This project focuses on building capabilities for data management. Leverage our data quality management research to support you in assessing the performance of this model.

    Information dimensions support the different types of data present within an organization’s environment

    Information Dimensions

    Components at the Information Dimensions layer manage the different types of data and information present with an environment.

    At this layer, data is managed based on its type and how the business is looking to use and access the data.

    Custom capabilities are developed at this level to support:

    • Structured data
    • Semi-structured data
    • Unstructured data
    The types, formats, and structure of the data are managed at this level using the data management enablers to support their successful execution and performance.     		Data Management Framework with only the middle tier highlighted.

    Build a data management practice with strong process capabilities

    Use these guiding principles to contextualize the purpose and value for each data management enabler.

    Data Management Framework with only the top tier highlighted.

    Data Management Enablers

    Info-Tech categorizes data management enablers as the processes that guide the management of the organization’s data assets and support the delivery.

    Govern and Direct
    • Ensures data management practices and processes follow the standards and policies outlined for them
    • Manages the executive oversight of the broader practice

    Align and Plan
    • Aligns data management plans to the business’ data requirements
    • Creates the plans to guide the design and execution of data management components

    Build, Acquire, Operate, Deliver, and Support
    • Executes the operations that manage data as it flows through the business environment
    • Manages the business’ risks in relation to its data assets and the level of security and access required

    Monitor and Improve
    • Analyzes the performance of data management components and the quality of business data
    • Creates and execute plans to improve the performance of the practice and the quality and use of data assets

    Use Info-Tech’s assessment framework to support your organization’s data management planning

    Info-Tech employs a consumer-driven approach to requirements gathering in order to support a data management practice. This will create a vision and strategic plan that will help to make data an enabler to the business as it looks to achieve its strategic objectives.

    Data Strategy Planning

    To support the project in building an accurate understanding of the organization’s data requirements and the role of data in its operations (current and future), the framework first guides organizations on a business and subject area assessment.

    By focusing on data usage and strategies for unique data subject areas, the project team will be better able to craft a data management practice with capabilities that will generate the greatest value and proactively handle evolving data requirements.

    Arrow pointing right.

    Data Management Assessment

    To support the design of a fit-for-purpose data management practice that aligns with the business’ data requirements this assessment will guide you in:

    • Determining the target capabilities for the different dimensions of data management.
    • Identifying the interaction dependencies and coordination efforts required to build a successful data management practice.

    Create a Data Management Roadmap

    Phase 1

    Build Business Context and Drivers for the Data Management Program

    Phase 1

    1.1 Review the Data Management Framework

    1.2 Understand and Align to Business Drivers

    1.3 Build High-Value Use Cases

    1.4 Create a Vision

    Phase 2

    2.1 Assess Data Management

    2.2 Build Your Data Management Roadmap

    2.3 Organize Business Data Domains

    This phase will walk you through the following activities:

    • Identify your business drivers and business capabilities.
    • Align data management capabilities with business goals.
    • Define scope and vision of the data management plan.
    • This phase involves the follow

    This phase involves the following participants:

    • Data Management Lead/Information Management Lead, CDO, Data Lead
    • Senior Business Leaders
    • Business SMEs
    • Data Owners, Records Managers, Regulatory Subject Matter Experts (e.g. Legal Counsel, Security)

    Step 1.1

    Review the Data Management Framework

    Activities

    1.1.1 Walk through the main parts of the best-practice Data Management Framework

    This step will guide you through the following activities:

    • Understand the main disciplines and makeup of a best-practice data management program.
    • Determine which data management capabilities are considered high priority by your organization.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map
    Build Business Context and Drivers
    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    Full page diagram of the 'Data & Analytics landscape'. Caption reads 'The key to landscaping your data environment lies in ensuring foundational disciplines are optimized in a way that recognizes the interdependency among the various disciplines.' Many foundational disciplines are color-coded to a legend determining whether its 'accountability sits with IT' or 'with the business; CDO'. An arrow labeled 'You Are Here' points to 'Data Management', which is coded in both colors meaning both IT and the business are accountable.

    Full page illustration of the 'Create a Data Management Roadmap' using the image of a cargo ship labelled 'Data Management' moving in the direction of 'Business Strategy'. The caption at the top reads 'Data Management capabilities create new business value by augmenting data & optimizing it for analytics. Data is a digital imprint of organizational activities.'

    Data Management Capabilities

    A similar concept to the last one, with a ship moving toward 'Business Strategy', except the ship is cross-sectioned with different capabilities filling the interior of the silhouette. Below are different steps in data management 'Data Creation', 'Data Ingestion', 'Data Accumulation, 'Data Augmentation', 'Data Delivery', and 'Data Consumption'.

    Build a Robust & Comprehensive Data Strategy

    Business Strategy

    Organizational Goals & Objectives

    Business Drivers

    Industry Drivers

    Current Environment

    Data Management Capability Maturity Assessment

    Data Culture Diagnostic

    Regulatory and Compliance Requirements

    		Data Strategy

    Organizational Drivers and Data Value

    Data Strategy Objectives & Guiding Principles

    Data Strategy Vision and Mission

    Data Strategy Roadmap

    People: Roles and Organizational Structure

    Data Culture & Data Literacy

    Data Management and Tools

    Risk and Feasibility

    		Unlock the Value of Data

    Generate Game-Changing Insights

    Fuel Data-Driven Decision Making

    Innovate and Transform With Data

    Thrive and Differentiate With a Data-Driven Culture

    Elevate Organizational Data IQ

    Build a Foundation for Data Valuation

    What is a data strategy and why is it needed?

    • Your data strategy is the vehicle for ensuring data is poised to support your organization’s strategic objectives.
    • For any CDO or equivalent data leader, a robust and comprehensive data strategy is the number one tool in your toolkit for generating measurable business value from data.
    • The data strategy will serve as the mechanism for making high-quality, trusted, and well-governed data readily available and accessible to deliver on your organizational mandate.

    What is driving the need to formulate or refresh your organization’s data strategy?

    Who:

    This research is designed for:

    • Chief Data Officer (CDO) or equivalent
    • Head of Data
    • Chief Analytics Officer (CAO)
    • Head of Digital Transformation
    • CIO

    Info-Tech Insight

    A data strategy should never be formulated disjointed from the business. Ensure the data strategy aligns with the business strategy and supports the business architecture.

    Info-Tech’s Data Governance Framework

    Model of Info-Tech's Data Governance Framework titled 'Key to Data Enablement'. There are inputs, a main Data Governance cycle, and a selection of outputs. The inputs are 'Business Strategy' and 'Data Strategy' injected into the cycle via 'Strategic Goals & Objectives'. The cycle consists of 'Operating Model', 'Policies & Procedures', 'Data Literacy & Culture', 'Enterprise Projects & Services', 'Data Management', 'Data Privacy & Security', 'Data Leadership', and 'Data Ownership & Stewardship'. The latter two are part of 'Enterprise Governance's 'Oversight & Alignment' cycle. Outputs are 'Defined Data Accountability & Responsibility', 'Knowledge & Common Understanding of Data Assets', 'Trust & Confidence in Traceable Data', 'Improved Data ROI & Reduced Data Debt', and 'Support of Ethical Use of Data in a Data-Driven Culture'.

    What is data governance and why is it needed?

    • Data governance is an enabling framework of decision rights, responsibilities, and accountabilities for data assets across the enterprise.
    • It should deliver agreed-upon models that are conducive to your organization’s operating culture, where there is clarity on who can do what with which data and via what means.
    • It is the key enabler for bringing high-quality, trusted, secure, and discoverable data to the right users across your organization.
    • It promotes and drives responsible and ethical use and handling of data while helping to build and foster an organizational culture of data excellence.

    Do you feel there is a clear definition of data accountability and responsibility in your organization?

    Who:

    This research is designed for:

    • Chief Data Officer (CDO) or equivalent
    • Head of Data Governance, Lead Data Governance Officer
    • Head of Data
    • Head of Digital Transformation
    • CIO

    Info-Tech Insight

    Data governance should not sit as an island in your organization. It must continuously align with the organization’s enterprise governance function.

    A diagram titled 'Data Platform Selection - Make complex tasks simple by applying proven methodology to connect businesses to software' with five steps. '1. Formalize a Business Strategy', '2. Identify Platform Specific Considerations', '3. Execute Data Platform Architecture Selection', 'Select Software', 'Achieve Business Goals'.

    Info-Tech’s Data Platform Framework

    Data pipeline for versatile and scalable data delivery

    a diagram showing the path from 'Data Creation' to 'Data Accumulation', to 'Engineering & Augmentation', to 'Data Delivery'. Each step has a 'Fast Lane', 'Operational Lane', and 'Curated Lane'.

    What are the data platform and practice and why are they needed?

    • The data platform and practice are two parts of the data and analytics equation:
      • The practice is about the operating model for data; that is, how stakeholders work together to deliver business value on your data platform. These stakeholders are a combination of business and IT from across the organization.
      • The platform is a combination of the architectural components of the data and analytics landscape that come together to support the role the business plays day to day with respect to data.
    • Don’t jump directly into technology: use Info-Tech tools to solve and plan first.
    • Create a continuous roadmap to implement and evolve your data practice and platform.
    • Promote collaboration between the business and IT by clearly defining responsibilities.

    Does your data platform effectively serve your reporting and analytics capabilities?

    Who:

    This research is designed for:

    • Data and Information Leadership
    • Enterprise Information Architect
    • Data Architect
    • Data Engineer/Modeler

    Info-Tech Insight

    Info-Tech’s approach is driven by business goals and leverages standard data practice and platform patterns. This enables the implementation of critical and foundational data and analytics components first and subsequently facilitates the evolution and development of the practice and platform over time.

    Info-Tech’s Reporting and Analytics Framework

    Formulating an enterprise reporting and analytics strategy requires the business vision and strategies to first be substantiated. Any optimization to the data warehouse, integration, and source layers is in turn driven by the enterprise reporting and analytics strategy.
    A diagram of the 'Reporting and Analytics Framework' with 'Business vision/strategies' fed through four stages beginning with 'Business Intelligence: Reporting & Analytics Strategy', 'Data Warehouse: Data Warehouse/ Data Lake Strategy', 'Integration and Translation: Data Integration Strategy', 'Sources: Source Strategy (Content/Quality)'
    The current states of your integration and warehouse platforms determine what data can be used for BI and analytics.     		Your enterprise reporting and analytics strategy is driven by your organization’s vision and corporate strategy.

    What is reporting and analytics and why is it needed?

    • Reporting and analytics bridges the gap between an organization’s data assets and consumable information that facilitates insight generation and informed or evidence-based decision making.
    • The reporting and analytics strategy drives data warehouse and integration strategies and the data needs to support business decisions.
    • The reporting and analytics strategy ensures that the investment made in optimizing the data environment to support reporting and analytics is directly aligned with the organization’s needs and priorities and hence will deliver measurable business value.

    Do you have a strategy to enable self-serve analytics? What does your operating model look like? Have you an analytics CoE?

    Who:

    This research is designed for:

    • Head of BI and Analytics
    • CIO or Business Unit (BU) Leader looking to improve reporting and analytics
    • Applications Lead

    Info-Tech Insight

    Formulating an enterprise reporting and analytics strategy requires the business vision and strategies to first be substantiated. Any optimization to the data warehouse, integration, and source layer is in turn driven by the enterprise reporting and analytics strategy.

    Info-Tech’s Data Architecture Framework

    Info-Tech’s methodology:
      1. Prioritize your core business objectives and identify your business driver.
      2. Learn how business drivers apply to specific tiers of Info-Tech’s five-tier data architecture model.
      3. Determine the appropriate tactical pattern that addresses your most important requirements.
    		 Visual diagram of the first two parts of the methodology on the left. Objectives apply to the data architecture model, which appropriates tactical patterns, which leads to a focus.
      1. Select the areas of the five-tier architecture to focus on.
      2. Measure your current state.
      3. Set the targets of your desired optimized state.
      1. Roadmap your tactics.
      2. Manage and communicate change.
    		 Visual diagram of the third part of the methodology on the left. A roadmap of tactics leads to communicating change.

    What is data architecture and why is it needed?

    • Data architecture is the set of rules, policies, standards, and models that govern and define the type of data collected and how it is used, stored, managed, and integrated within the organization and its database systems.
    • In general, the primary objective of data architecture is the standardization of data for the benefit of the organization.

    Is your architecture optimized to sustainably deliver readily available and accessible data to users?

    Who:

    This research is designed for:

    • Data Architects or their equivalent
    • Enterprise Architects
    • Head of Data
    • CIO
    • Database Administrators

    Info-Tech Insight

    Data architecture is not just about models. Viewing data architecture as just technical data modeling can lead to a data environment that does not aptly serve or support the business. Identify your business’ priorities and adapt your data architecture to those needs.

    A diagram titled 'Build Your Data Quality Program'. '1. Data Quality & Data Culture Diagnostics Business Landscape Exercise', '2. Business Strategy & Use Cases', '3. Prioritize Use Cases With Poor Quality'. 'Info-Tech Insight: As data is ingested, integrated, and maintained in the various streams of the organization's system and application architecture, there are multiple points where the quality of the data can degrade.' A data flow diagram points out how 'Data quality issues can occur at any stage of the data flow', and that it is better to 'Fix data quality root causes here' during the 'Data Creation', 'Data Ingestion', and 'Data Accumulation & Engineering' stages in order 'to prevent expensive cures here' in the 'Data Delivery' and 'Reporting & Analytics' stages.

    What is data quality management and why is it needed?

    • Data is the foundation of decisions made at data-driven organizations.
    • Data quality management ensures that foundation is sustainably solid.
    • If there are problems with the organization’s underlying data, it can have a domino effect on many downstream business functions.
    • The transformational insights that executives are constantly seeking can be uncovered by a data quality practice that makes high-quality, trustworthy information readily available to the business users who need it.

    Do your users have an optimal level of trust and confidence in the quality of the organization’s data?

    Who:

    This research is designed for:

    • Chief Data Officer (CDO) or equivalent Head of Data
    • Chief Analytics Officer (CAO)
    • Head of Digital Transformation
    • CIO

    Info-Tech Insight

    Data quality suffers most at the point of entry. The resulting domino effect of error propagation makes these errors among the most costly forms of data quality errors. Fix data ingestion, whether through improving your application and database design or improving your data ingestion policy, and you will fix a majority of data quality issues.

    Info-Tech’s Enterprise Content Management Framework

    Drivers Governance Information Architecture Process Policy Systems Architecture
    Regulatory, Legal –›
    Efficiency, Cost-Effectiveness –›
    Customer Service –›
    User Experience –›
    • Establish decision-making committee
    • Define and formalize roles (RACI, charter)
    • Develop policies
    • Create business data glossary
    • Decide who approves documents in workflow
    • Operating models
    • Information categories (taxonomy)
    • Classifications, retention periods
    • Metadata (for findability and as tags in automated workflows)
    • Review and approval process, e.g. who approves
    • Process for admins to oversee performance of IM service
    • Process for capturing and classifying incoming documents
    • Audit trails and reporting process
    • Centralized index of data and records to be tracked and managed throughout their lifecycle
    • Data retention policy
    • E-signature policy
    • Email policy
    • Information management policies
    • Access/privacy rules
    • Understand the flow of content through multiple systems (e.g. email, repositories)
    • Define business and technical requirements to select a new content management platform/service
    • Improve integrations
    • Right-size solutions for use case (e.g. DAM)
    • Communication/Change Management
    • Data Literacy

    What is enterprise content management and why is it needed?

    “Enterprise Content Management is the systematic collection and organization of information that is to be used by a designated audience – business executives, customers, etc. Neither a single technology nor a methodology nor a process, it is a dynamic combination of strategies, methods and tools used to capture, manage, store, preserve and deliver information supporting key organizational processes through its entire lifecycle.” (AIIM, 2021)

    • Changing your ECM capabilities is about changing organizational behavior; take an all-hands-on-deck approach to make the most of information gathering, create a vested interest, and secure buy-in.
    • It promotes and drives responsible and ethical use and handling of content while helping to build and foster an organizational culture of information excellence.

    Who:

    This research is designed for:

    • Information Architect
    • Chief Data Officer (CDO)
    • Head of Data, Information Management
    • Records Management
    • CIO

    Info-Tech Insight

    ECM is critical to becoming a digital and modernized operation, where both structured data (such as sales reports) and unstructured content (such as customer sentiment in social media) are brought together for a 360-degree view of the customer or for a comprehensive legal discovery.

    Metadata management/Data cataloging

    Overview

    Metadata is structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an information resource. Metadata is often called data about data or information about information (NISO).

    Metadata management is the function that manages and maintains the technology and processes that creates, processes, and stores metadata created by business processes and data.

    90%

    		 The majority of data is unstructured information like text, video, audio, web server logs, social media, and more (MIT Sloan, 2021).
    As data becomes more unstructured, complex, and manipulated, the importance and value of metadata will grow exponentially and support improved:
    • Data consumption
    • Quality management
    • Risk management

    Value of Effective Metadata Management

    • Supports the traceability of data through an environment.
    • Creates standards and logging that enable information and data to be searchable and cataloged.
    • Metadata schemas enable easier transferring and distribution of data across different environments.
    Data about data: The true value of metadata and the management practices supporting it is its ability to provide deeper understanding and auditability to the data assets and processes of the business.
    Metadata supports the use of:
    Big Data
    Unstructured data     		Content and Documents
    Unstructured and semi-structured data     		Structured data
    Master, reference, etc.

    Critical Success Factors of Metadata Management

    • Consistent and documented data standards and definitions
    • Architectural planning for metadata
    • Incorporation of metadata into system design and the processing of data
    • Technology to support metadata creation, collection, storage, and reviews (metadata repository, meta marts, etc.)

    Info-Tech’s Data Integration Framework

    On one hand…

    Data has massive potential to bring insight to an organization when combined and analyzed in creative ways.

    On the other hand…

    It is difficult to bring data together from different sources to generate insights and prevent stale data.

    How can these two ideas be reconciled?

    Answer: Info-Tech’s Data Integration Onion Framework summarizes an organization’s data environment at a conceptual level and is used to design a common data-centric integration environment.

    		A diagram of the 'Data Integration Onion Framework' with five layers: 'Enterprise Business Processes', 'Enterprise Analytics', 'Enterprise Integration', 'Enterprise Data Repositories', and 'Enterprise Data' at the center.
    Info-Tech’s Data Integration Onion Framework     		Data-centric integration is the solution you need to bring data together to break down data silos.

    What is data integration and why is it needed?

    • To get more value from their information, organizations are relying on increasingly more complex data sources. These diverse data sources have to be properly integrated to unlock the full potential of that data.
    • Integrating large volumes of data from the many varied sources in an organization has incredible potential to yield insights, but many organizations struggle with creating the right structure for that blending to take place, and that leads to the formation of data silos.
    • Data-centric integration capabilities can break down organizational silos. Once data silos are removed and all the information that is relevant to a given problem is available, problems with operational and transactional efficiencies can be solved, and value from business intelligence (BI) and analytics can be fully realized.

    Is your integration near real time and scalable?

    Who:

    This research is designed for:

    • Data Engineers
    • Business Analysts
    • Data Architects
    • Head of Data Management
    • Enterprise Architects

    Info-Tech Insight

    Every IT project requires data integration. Any change in the application and database ecosystem requires you to solve a data integration problem.

    Info-Tech’s Master Data Management Framework

    Master data management (MDM) “entails control over Master Data values and identifiers that enable consistent use, across systems, of the most accurate and timely data about essential business entities” (DAMA, 2017).

    The Data Management Framework from earlier with tier 2 item 'Reference and Master' highlighted.

    Fundamental objective of MDM: Enable the business to see one view of critical data elements across the organization.

    		Phases of the MDM Framework. 'Phase 1: Build a Vision for MDM' entails a 'Readiness Assessment', then both 'Identify the Master Data Needs of the Business' and 'Create a Strategic Vision'. 'Phase 2: Create a Plan and Roadmap for the Organization’s MDM Program' entails 'Assess Current MDM Capabilities', then 'Initiative Planning', then 'Strategic Roadmap'.

    What is MDM and why is it needed?

    • Master data management (MDM) “entails control over Master Data values and identifiers that enable consistent use, across systems, of the most accurate and timely data about essential business entities” (DAMA, 2017).
    • The fundamental objective of MDM is to enable the business to see one view of critical data elements across the organization.
    • What is included in the scope of MDM?
      • Party data (employees, customers, etc.)
      • Product/service data
      • Financial data
      • Location data

    Is there traceability and visibility into your data’s lineage? Does your data pipeline facilitate that single view across the organization?

    Who:

    This research is designed for:

    • Chief Data Officer (CDO)
    • Head of Data Management, CIO
    • Data Architect
    • Head of Data Governance, Data Officer

    Info-Tech Insight

    Successful MDM requires a comprehensive approach. To be successfully planned, implemented, and maintained it must include effective capabilities in the critical processes and subpractices of data management.

    Data Modeling Framework

    • The framework consists of the business, enterprise, application, and implementation layers.
    • The Business Layer encodes real-world business concepts via the conceptual model.
    • The Enterprise Layer defines all enterprise data asset details and their relationships.
    • The Application Layer defines the data structures as used by a specific application.
    • The Implementation Layer defines the data models and artifacts for use by software tools.
    		 Data Modeling Framework with items from the 'Implementation Layer' contributing to items in the 'Application Layer' and 'Enterprise Layer' before turning into a 'Conceptual Model' in the 'Business Layer'.

    Model hierarchy

    • The Conceptual data model describes the organization from a business perspective.
    • The Message model is used to describe internal- and external-facing messages and is equivalent to the canonical model.
    • The Enterprise model depicts the whole organization and is divided into domains.
    • The Analytical model is built for specific business use cases.
    • Application models are application-specific operational models.
    		Model hierarchy with items from the 'Implementation Layer' contributing to items in the 'Application Layer' and 'Enterprise Layer' before turning into a 'Conceptual Model' in the 'Business Layer'.

    Info-Tech Insight

    The Conceptual model acts as the root of all the models required and used by an organization.

    Data architecture and modeling processes

    A diagram moving from right to left through 5 phases: 'Business concepts defined and organized', 'Business concepts enriched with attribution', 'Physical view of the data, still vendor agnostic', 'The view being used by developers and business', and 'Manage the progression of your data assets'.

    Info-Tech Insight

    The Conceptual data model adds relationships to your business data glossary terms and is the first step of the modeling journey.

    Data operations

    Objectives of Data Operations Management

    • Implement and follow policies and procedures to manage data at each stage of its lifecycle.
    • Maintain the technology supporting the flow and delivery of data (applications, databases, systems, etc.).
    • Control the delivery of data within the system environment.

    Indicators of Successful Data Operations Management

    • Effective delivery of data assets to end users.
    • Successful maintenance and performance of the technical environment that collects, stores, delivers, and purges organizational data.
    		 'Data Lifecycle' with steps 'Create', 'Acquire', 'Store', 'Maintain', 'Use', and 'Archive/Destroy'.
    This data management enabler has a heavy focus on the management and performance of data systems and applications.
    It works closely with the organization’s technical architecture to support successful data delivery and lifecycle management (data warehouses, repositories, databases, networks, etc.).

    Step 1.2

    Understand and Align to Business Drivers

    Activities

    1.2.1 Define your value streams

    1.2.2 Identify your business capabilities

    1.2.3 Categorize your organization’s key business capabilities

    1.2.4 Develop a strategy map tied to data management

    This step will guide you through the following activities:

    • Leverage your organization’s existing business capability map or initiate the formulation of a business capability map.
    • Determine which business capabilities are considered high priority by your organization.
    • Map your organization’s strategic objectives to value streams and capabilities to communicate how objectives are realized with the support of data.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

    Build Business Context and Drivers

    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    Identifying value streams

    Value streams connect business goals to organization’s value realization activities. They enable an organization to create and capture value in the marketplace by engaging in a set of interconnected activities.
    There are several key questions to ask when endeavouring to identify value streams.

    Key Questions

    • Who are your customers?
    • What are the benefits we deliver to them?
    • How do we deliver those benefits?
    • How does the customer receive the benefits?

    1.2.1 Define value streams

    1-3 hours

    Input: Business strategy/goals, Financial statements, Info-Tech’s industry-specific business architecture

    Output: List of organization-specific value streams, Detailed value stream definition(s)

    Materials: Whiteboard/kanban board, Info-Tech’s Reference Architecture Template – contact your Account Representative for details, Other industry standard reference architecture models: BIZBOK, APQC, etc., Info-Tech’s Archimate models

    Participants: Enterprise/Business Architect, Business Analysts, Business Unit Leads, CIO, Departmental Executive & Senior managers

    Unify the organization’s perspective on how it creates value.

    1. Write a short description of the value stream that includes a statement about the value provided and a clear start and end for the value stream. Validate the accuracy of the descriptions with your key stakeholders.
    2. Consider:
      • How does the organization deliver those benefits?
      • How does the customer receive the benefits?
      • What is the scope of your value stream? What will trigger the stream to start and what will the final value be?
    3. Avoid:
      • Don’t start with a blank page. Use Info-Tech’s business architecture models for sample value streams.

    Contact your Account Representative for access to Info-Tech’s Reference Architecture Template

    Define or validate the organization’s value streams

    Value streams connect business goals to the organization’s value realization activities. These value realization activities, in turn, depend on data.

    If the organization does not have a business architecture function to conduct and guide Activity 1.2.1, you can leverage the following approach:

    • Meet with key stakeholders regarding this topic, then discuss and document your findings.
    • When trying to identify the right stakeholders, consider: Who are the decision makers and key influencers? Who will impact this piece of business architecture–related work? Who has the relevant skills, competencies, experience, and knowledge about the organization?
    • Engage with these stakeholders to define and validate how the organization creates value. Consider:
      • Who are your main stakeholders? This will depend on the industry in which you operate. For example, they could be customers, residents, citizens, constituents, students, patients.
      • What are your stakeholders looking to accomplish?
      • How does your organization’s products and/or services help them accomplish that?
      • What are the benefits your organization delivers to them and how does your organization deliver those benefits?
      • How do your stakeholders receive those benefits?

    Align data management to the organization’s value realization activities.

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Info-Tech Insight

    Your organization’s value streams and the associated business capabilities require effectively managed and governed data. Without this, you could face elevated operational costs, missed opportunities, eroded stakeholder satisfaction, negative impact to reputation and brand, and/or increased exposure to business risk.

    Example of value streams – Retail Banking

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Retail Banking

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Retail Banking with five value chains. 'Attract Customers: Retail banks design new products to fill gaps in their product portfolios by analyzing the market for changing customer needs and new competitor offerings or pricing; Pricing a product correctly through analysis and rate setting is a delicate balance and fundamental to a bank’s success.' 'Supply Loans and Mortgages and Credit Cards: Selecting lending criteria helps banks decide on the segment of customer they should take on and the degree of risk they are willing to accept.' 'Provide Core Banking Services: Servicing includes the day-to-day interactions with customers for onboarding, payments, adjustments, and offboarding through multiple banking channels; Customer retention and growing share of wallet are crucial capabilities in servicing that directly impact the growth and profitability of retail banks.' 'Offer Card Services: Card servicing involves quick turnarounds on card delivery and acceptance at a large number of merchants; Accurate billing and customizable spending alerts are crucial in ensuring that the customer understands their spending habits.' 'Grow Investments and Manage Wealth: Customer retention can be increased through effective wealth management and additional services that will increase the number of products owned by a customer.'

    For this value stream, download Info-Tech’s Industry Reference Architecture for Retail Banking.

    Example of value streams – Higher Education

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Higher Education

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Higher Education with five value chains. 'Shape Institutional Research: Institutional research provides direct benefits to both partners and faculty, ensuring efficient use of resources and compliance with ethical and methodological standards; This value stream involves all components of the research lifecycle, from planning and resourcing to delivery and commercialization.' 'Facilitate Curriculum Design: Curriculum design is the process by which learning content is designed and developed to achieve desired student outcomes; Curriculum management capabilities include curriculum planning, design and commercialization, curriculum assessment, and instruction management.' 'Design Student Support Services: Support services design and development provides a range of resources to assist students with academic success, such as accessibility, health and counseling, social services, housing, and academic skills development.' 'Manage Academic Administration: Academic administration involves the broad capabilities required to attract and enroll students in institutional programs; This value stream involves all components related to recruitment, enrollment, admissions, and retention management.' 'Deliver Student Services: Delivery of student services comes after curricular management, support services design, and academic administration. It comprises delivery of programs and services to enable student success; Program and service delivery capabilities include curriculum delivery, convocation management, and student and alumni support services.'

    For this value stream, download Info-Tech’s Industry Reference Architecture for Higher Education.

    Example of value streams – Local Government

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Local Government

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Local Government with five value chains. 'Sustain Land, Property, and the Environment: Local governments act as the stewards of the regional land and environment that are within their boundaries; Regional government bodies are responsible for ensuring that the natural environment is protected and sustained for future citizens in the form of parks and public land.' 'Facilitate Civic Engagement: Local governments engage with constituents to maintain a high quality of life through art, culture, and education.' 'Protect Local Health and Safety: Health concerns are managed by a local government through specialized campaigns and clinics; Emergency services are provided by the local authority to protect and react to health and safety concerns including police and firefighting services.' 'Grow the Economy: Economic growth is a cornerstone of a strong local government. Growth comes from flourishing industries, entrepreneurial success, high levels of employment, and income from tourism.' 'Provide Regional Infrastructure: Local governments ensure that infrastructure is built, maintained, and effective in meeting the needs of constituents. (Includes: electricity, water, sustainable energy sources, waste collection, transit, and local transportation.'

    For this value stream, download Info-Tech’s Industry Reference Architecture for Local Government.

    Example of value streams – Manufacturing

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Manufacturing

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Manufacturing with three value chains. 'Design Product: Manufacturers proactively analyze their respective markets for any new opportunities or threats; They design new products to serve changing customer needs or to rival any new offerings by competitors; A manufacturer’s success depends on its ability to develop a product that the market wants at the right price and quality level.' 'Produce Product: Optimizing production activities is an important capability for manufacturers. Raw materials and working inventories need to be managed effectively to minimize wastage and maximize the utilization of the production lines; Processes need to be refined continuously over time to remain competitive and the quality of the materials and final products needs to be strictly managed.' 'Sell Product: Once produced, manufacturers need to sell the products. This is done through distributors, retailers, and, in some cases, directly to the end consumer; After the sale, manufacturers typically have to deliver the product, provide customer care, and manage complaints; Manufacturers also randomly test their end products to ensure they meet quality requirements.'

    For this value stream, download Info-Tech’s Industry Reference Architecture for Manufacturing.

    Define the organization’s business capabilities in a business capability map

    A business capability defines what a business does to enable value creation. Business capabilities represent stable business functions and typically will have a defined business outcome.

    Business capabilities can be thought of as business terms defined using descriptive nouns such as “Marketing” or “Research and Development.”

    If your organization doesn’t already have a business capability map, you can leverage the following approach to build one. This initiative requires a good understanding of the business. By working with the right stakeholders, you can develop a business capability map that speaks a common language and accurately depicts your business.

    Working with the stakeholders as described in the slide entitled “Define or validate the organization’s value streams”:

    • Analyze the value streams to identify and describe the organization’s capabilities that support them.
    • Consider the objective of your value stream. (This can highlight which capabilities support which value stream.)
    • As you initiate your engagement with your stakeholders, don’t start a blank page. Leverage the examples on the next slides as a starting point for your business capability map.
    • When using these examples, consider: What are the activities that make up your particular business? Keep the ones that apply to your organization, remove the ones that don’t, and add any needed.

    Align data management to the organization’s value realization activities.

    Info-Tech Insight

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data management program must support.

    For more information, refer to Info-Tech’s Document Your Business Architecture.

    1.2.2 Identify your business capabilities

    Input: List of confirmed value streams and their related business capabilities

    Output: Business capability map with value streams for your organization

    Materials: Your existing business capability map, Business Alignment worksheet provided in the Data Management Assessment and Planning Tool, Info-Tech’s Document Your Business Architecture blueprint

    Participants: Key business stakeholders, Data stewards, Data custodians, Data leads and administrators

    Confirm your organization's existing business capability map or initiate the formulation of a business capability map:

    • If you have an existing business capability map, meet with the relevant business owners/stakeholders to confirm that the content is accurate and up to date. Confirm the value streams (how your organization creates and captures value) and their business capabilities reflect the organization’s current business environment.
    • If you do not have an existing business capability map, complete this activity to initiate the formulation of a map (value streams and related business capabilities):
      1. Define the organization’s value streams. Meet with senior leadership and other key business stakeholders to define how your organization creates and captures value.
      2. Define the relevant business capabilities. Meet with senior leadership and other key business stakeholders to define the business capabilities.

    Note: A business capability defines what a business does to enable value creation. Business capabilities are business terms defined using nouns such as “Marketing” or “Research and Development.” They represent stable business functions, are unique and independent of one another, and typically will have a defined business outcome.

    Example business capability map – Retail Banking

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data management program.

    Example business capability map for: Retail Banking

    Example business capability map for Retail Banking with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail Banking.

    Example business capability map – Higher Education

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data management program.

    Example business capability map for: Higher Education

    Example business capability map for Higher Education with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Higher Education.

    Example business capability map – Local Government

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Local Government

    Example business capability map for Local Government with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Local Government.

    Example business capability map – Manufacturing

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Manufacturing

    Example business capability map for Manufacturing with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Manufacturing.

    Example business capability map – Retail

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Retail

    Example business capability map for Retail with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail.

    1.2.3 Categorize your organization’s key capabilities

    Input: Strategic insight from senior business stakeholders on the business capabilities that drive value for the organization

    Output: Business capabilities categorized and prioritized (e.g. cost advantage creators, competitive advantage differentiators, high value/high risk) See next slide for an example

    Materials: Your existing business capability map or the business capability map derived in Activity 1.2.2

    Participants: Key business stakeholders, Data stewards, Data custodians, Data governance working group

    Determine which capabilities are considered high priority in your organization.

    1. Categorize or heatmap the organization’s key capabilities. Consult with senior and other key business stakeholders to categorize and prioritize the business’ capabilities. This will aid in ensuring your data governance future-state planning is aligned with the mandate of the business. One approach to prioritizing capabilities with business stakeholders is to examine them through the lens of cost advantage creators, competitive advantage differentiators, and/or by high value/high risk.
    2. Identify cost advantage creators. Focus on capabilities that drive a cost advantage for your organization. Highlight these capabilities and prioritize programs that support them.
    3. Identify competitive advantage differentiators. Focus on capabilities that give your organization an edge over rivals or other players in your industry.

    This categorization/prioritization exercise helps highlight prime areas of opportunity for building use cases, determining prioritization, and the overall optimization of data and data governance.

    For more information, refer to Info-Tech’s Document Your Business Architecture.

    Example of business capabilities categorization or heatmapping – Retail

    This exercise is useful in ensuring the data governance program is focused and aligned to support the priorities and direction of the business.

    • Depending on the mandate from the business, priority may be on developing cost advantage. Hence the capabilities that deliver efficiency gains are the ones considered to be cost advantage creators.
    • The business’ priority may be on maintaining or gaining a competitive advantage over its industry counterparts. Differentiation might be achieved in delivering unique or enhanced products, services, and/or experiences, and the focus will tend to be on the capabilities that are more end-stakeholder-facing (e.g. customer-, student-, patient,- and/or constituent-facing). These are the organization’s competitive advantage creators.

    Example: Retail

    Example business capability map for Retail with capabilities categorized into Cost Advantage Creators and Competitive Advantage creators via a legend. Value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail.

    1.2.4 Develop a strategy map tied to data management

    Input: Strategic objectives as outlined by the organization’s business strategy and confirmed by senior leaders

    Output: A strategy map that maps your organizational strategic objectives to value streams, business capabilities, and ultimately data programs

    Materials: Your existing business capability map or the one created in Activity 1.2.2, Business strategy (see next slide for an example)

    Participants: Key business stakeholders, Data stewards, Data custodians, Data governance working group

    Identify the strategic objectives for the business. Knowing the key strategic objectives will drive business–data governance alignment. It’s important to make sure the right strategic objectives of the organization have been identified and are well understood.

    1. Meet with senior business leaders and other relevant stakeholders to help identify and document the key strategic objectives for the business.
    2. Leverage their knowledge of the organization’s business strategy and strategic priorities to visually represent how these map to value streams, business capabilities, and ultimately data and data governance needs and initiatives. Tip: Your map is one way to visually communicate and link the business strategy to other levels of the organization.
    3. Confirm the strategy mapping with other relevant stakeholders.

    Example of a strategy map tied to data management

    • Strategic objectives are the outcomes the organization is looking to achieve.
    • Value streams enable an organization to create and capture value in the market through interconnected activities that support strategic objectives.
    • Business capabilities define what a business does to enable value creation in value streams.
    • Data capabilities and initiatives are descriptions of action items on the data and data governance roadmap that will enable one or multiple business capabilities in its desired target state.

    Info-Tech Tip: Start with the strategic objectives, then map the value streams that will ultimately drive them. Next, link the key capabilities that enable each value stream. Then map the data and data governance initiatives that support those capabilities. This process will help you prioritize the data initiatives that deliver the most value to the organization.

    Example: Retail

    Example of a strategy map tied to data management with diagram column headers 'Strategic Objectives' (are realized through...) 'Value Streams' (are enabled by...) 'Key Capabilities' (are driven by...) 'Data Capabilities and Initiatives'. Row headers are objectives and fields are composed of three examples of each column header.

    For this strategy map, download Info-Tech’s Industry Reference Architecture for Retail.

    Step 1.3

    Build High-Value Use Cases for Data Management

    Activities

    1.3.1 Build high-value use cases

    This step will guide you through the following activities:

    • Understand the main disciplines and makeup of a best-practice data management program.
    • Determine which data management capabilities are considered high priority by your organization.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

    Build Business Context and Drivers

    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    1.3.1 Build high-value use cases

    Input: Value streams and business capabilities as defined by business leaders, Business stakeholders’ subject area expertise, Data custodian systems, integration, and data knowledge

    Output: Use cases that articulate data-related challenges, needs, or opportunities that are tied to defined business capabilities and hence, if addressed, will deliver measurable value to the organization

    Materials: Your business capability map from Activity 1.2.2, Info-Tech’s Data Use Case Framework Template, Whiteboard or flip charts (or shared screen if working remotely), Markers/pens

    Participants: Key business stakeholders, Data stewards and business SMEs, Data custodians, Data leads and administrators

    This business needs gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organization.

    1. Bring together key business stakeholders (data owner, stewards, SMEs) from a particular line of business as well the relevant data custodian(s) to build cases for their units. Leverage the business capability map you created for facilitating this act.
    2. Leverage Info-Tech’s Data Use Case Framework Template as seen on the next slide.
    3. Have the stakeholders move through each breakout session outlined in the use case worksheet. Use flip charts or a whiteboard to brainstorm and document their thoughts.
    4. Debrief and document results in the Data Use Case Framework Template.
    5. Repeat this exercise with as many lines of the business as possible, leveraging your business capability map to guide your progress and align with business value.

    Tip: Don’t conclude these use case discussions without substantiating what measures of success will be used to demonstrate the business value of the effort to produce the desired future state, as relevant to each particular use case.

    Download Info-Tech’s Data Use Case Framework Template

    Data use cases

    Sample Data

    The following is the list of use cases as articulated by key stakeholders at [Organization Name].

    The stakeholders see these as areas that are relevant and highly valuable for delivering strategic value to [Organization Name].

    Use Case 1: Customer/Student/Patient/Resident 360 View

    Use Case 2: Project/Department Financial Performance

    Use Case 3: Vendor Lifecycle Management

    Use Case 4: Project Risk Management

    Prioritization of use cases

    Example table for use case prioritization. Column headers are 'Use Case', 'Order of Priority', and 'Comments'. Fields are empty.

    Use case 1

    Sample Data

    Problem statement:

    • We are not realizing our full growth potential because we do not have a unified 360 view of our customers/clients/[name of external stakeholder].
    • This impacts: our cross-selling; upselling; talent acquisition and retention; quality of delivery; ability to identify and deliver the right products, markets, and services...

    If we could solve this:

    • We would be able to better prioritize and position ourselves to meet evolving customer needs.
    • We would be able to optimize the use of our limited resources.

    Use case 1: challenges, risks, and opportunities

    Sample Data

    1. What is the number one risk you need to alleviate?
      • Loss of potential revenue, whether from existing or net new customers.
        • How?
          • By not maximizing opportunities with customers or even by losing customers; by not understanding or addressing their greatest needs
          • By not being able to win potential new customers because we don’t understand their needs
    2. What is the number one opportunity you wish to see happen?
      • The ability to better understand and anticipate the needs of both existing and potential customers.
    3. What is the number one pain point you have when working with data?
      • I can’t do my job with confidence because it’s not based on comprehensive, sound, reliable data. My group spends significant time reconciling data sets with little time left for data use and analysis.
    4. What are your challenges in performing the activity today?
      • I cannot pull together customer data in a timely manner due to having a high level of dependence on specific individuals with institutional knowledge rather than having easy access to information.
      • It takes too much time and effort to pull together what we know about a customer.
      • The necessary data is not consolidated or readily/systematically available for consumption.
      • These challenges are heightened when dealing with customers across markets.

    Use case 1 (cont'd)

    Sample Data

    1. What does “amazing” look like if we solve this perfectly?
      • Employees have immediate, self-service access to necessary information, leading to better and more timely decisions. This results in stronger business and financial growth.
    2. What other business unit activities/processes will be impacted/improved if we solve this?
      • Marketing/bid and proposal, staffing, procurement, and contracting strategy
    3. What compliance/regulatory/policy concerns do we need to consider in any solution?
      • PII, GDPR, HIPAA, CCPA, etc.
    4. What measures of success/change should we use to prove the value of the effort (KPIs/ROI)?
      • Win rate, number of services per customer, gross profit, customer retention, customer satisfaction scores, brand awareness, and net promoter score
    5. What are the steps in the process/activity today?
      • Manual aggregation (i.e. pull data from systems into Excel), reliance on unwritten knowledge, seeking IT support, canned reports

    Use case 1 (cont'd)

    Sample Data

    1. What are the applications/systems used at each step?
      • Salesforce CRM, Excel, personal MS Access databases, SharePoint
    2. What data elements (domains) are involved, created, used, or transformed at each step?
      • Bid and proposal information, customer satisfaction, forecast data, list of products, corporate entity hierarchy, vendor information, key staffing, recent and relevant news, and competitor intelligence

    Use case worksheet

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    1.

    What business capability (or capabilities) in your business area is this use case tied to?

    		 Examples: Demand Planning, Assortment Planning, Allocation & Replenishment, Fulfillment Planning, Customer Management
    2.

    What are your data-related challenges in performing this today?

    Use case worksheet (cont’d.)

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    3.

    What are the steps in the process/activity today?
    4.

    What are the applications/systems used at each step today?
    5.

    What data domains are involved, created, used, or transformed at each step today?

    Use case worksheet (cont’d.)

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    6.

    What does an ideal or improved state look like?
    7.

    What other business units, business capabilities, activities, or processes will be impacted and/or improved if this were to be solved?
    8.

    Who are the stakeholders impacted by these changes? Who needs to be consulted?
    9.

    What are the risks to the organization (business capability, revenue, reputation, customer loyalty, etc.) if this is not addressed?

    Use case worksheet (cont’d.)

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    10.

    What compliance, regulatory, or policy concerns do we need to consider in any solution?
    11.

    What measures of success or change should we use to prove the value of the effort (KPIs/ROI)? What is the measurable business value of doing this?

    Use case worksheet (cont’d.)

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    10.

    Conclusion: What are the data capabilities that need to be optimized, addressed, or improved to support or help realize the business capability (or capabilities) highlighted in this use case?

    (Tip: This will inform your future-state data capabilities optimization planning and roadmapping activities.)

    Data Management Workshop
    Use Case 1: Covid-19 Emergency Management

    [SAMPLE]
    Problem Statement

    Inability to provide insights to DPH due to inconsistent data, inaccurate reporting, missing governance, and unknown data sources resulting in decisions that impact citizens being made without accurate information.

    Challenges
    • Data is not suitable for analytics. It takes lot of effort to clean data.
    • Data intervals are not correct and other data quality issues.
    • The roles are not clearly defined.
    • Lack of communication between key stakeholders.
    • Inconsistent data/reporting/governance in the agencies. This has resulted in number of issues for Covid-19 emergency management. Not able to report accurately on number of cases, deaths, etc.
    • Data collection systems changed overtime (forms, etc.).
    • GIS has done all the reporting. However, why GIS is doing all the reporting is not clear. GIS provides critical information for location. Reason: GIS was ready with reporting solution ArcGIS.
    • Problem with data collection, consolidation, and providing hierarchical view.
    • Change in requirements, metrics – managing crisis by email and resulting in creating one dashboard after another. Not sure whether these dashboards being used.
    • There is a lot of manual intervention and repeated work.
    		 What Does Amazing Look Like?
    • One set of dashboards (or single dashboard) – too much time spend on measure development
    • Accurate and timely data
    • Automated data
    • Access to granular data (for researchers and other stakeholders)
    • Clear ownership of data and analytics
    • It would have been nice to have governance already prior to this crisis
    • Proper metrics to measure usage and value
    • Give more capabilities such as predictive analytics, etc.
    Related Processes/Impact
    • DPH
    • Schools
    • Business
    • Citizens
    • Resources & Funding
    • Data Integration & GIS
    • Data Management
    • Automated Data Quality
    		Compliance
    • HIPAA, FERPA, CJIS, IRS
    • FEMA
    • State compliance requirement – data classification
    • CDC
    • Federal data-sharing agreements/restrictions
    		 Benefits/KPIs
    • Reduction in cases
    • Timely response to outbreak
    • Better use of resources
    • Economic impact
    • Educational benefits
    • Trust and satisfaction

    Data Management Workshop
    Use Case 1: Covid-19 Emergency Management

    [SAMPLE]
    Problem Statement

    Inability to provide insights to DPH due to inconsistent data, inaccurate reporting, missing governance, and unknown data sources resulting in decisions that impact citizens being made without accurate information.

    Current Steps in Process Activity (Systems)
    1. Collect data through Survey123 using ArcGIS (hospitals are managed to report by 11 am) – owned KYEM
    2. KYEM stores this information/data
    3. Deduplicate data (emergency preparedness group)
    4. Generate dashboard using ArcGIS
    5. Map to monitor status of the update
    6. Error correction using web portal (QAQC)
    7. Download Excel/CVS after all 97 hospital reports
    8. Sent to federal platform (White House, etc.)
    9. Generate reports for epidemiologist (done manually for public reporting)
    		Data Flow diagram

    Data flow diagram.

    SystemsData Management Dimensions
    1. Data Governance
    2. Data Quality
    3. Data Integrity
    4. Data Integration
    1. Data Architecture
    2. Metadata
    3. Data Warehouse, Reporting & Analytics
    4. Data Security

    Data Management Workshop
    Use Case 1: Covid-19 Emergency Management

    [SAMPLE]

    Problem Statement

    Inability to provide insights to DPH due to inconsistent data, inaccurate reporting, missing governance, and unknown data sources resulting in decisions that impact citizens being made without accurate information.

    List Future Process Steps

    Prior to COVID-19 Emergency Response:

    • ArcGIS data integrated available in data warehouse/data lake.
    • KYEM data integrated and available in data warehouse/data lake.
    • CHFS data integrated and available in data warehouse/data lake.
    • Reporting standards and tools framework established.

    After COVID-19 Emergency Response:

    • Collect data through Survey123 using ArcGIS (hospitals are managed to report by 11 am) – owned KYEM.
    • Error correction using web portal (QAQC).
    • Generate reports/dashboard/files as per reporting/analytical requirements:
      • Federal reporting
      • COVID dashboards
      • Epidemiologist reports
      • Lab reporting
    		Future Process and Data Flow

    Data flow diagram with future processes.

    Step 1.4

    Create a Vision and Guiding Principles for Data Management

    Activities

    1.4.1 Craft a vision

    1.4.2 Create guiding principles

    This step will guide you through the following activities:

    • Leverage your organization’s existing business capability map or initiate the formulation of a business capability map, guided by info-Tech’s approach.
    • Determine which business capabilities are considered high priority by your organization.
    • Map your organization’s strategic objectives to value streams and capabilities to communicate how objectives are realized with the support of data.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

    Build Business Context and Drivers

    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    1.4.1 Craft a vision

    Input: Organizational vision and mission statements, Stakeholder survey results and elicitation findings, Use cases, Business and data capability map

    Output: Vision and mission statements

    Materials: Markers and pens, Whiteboard, Online whiteboard, Vision samples and templates

    Participants: Key business stakeholders, Data managers, Data owners, Business leads and SMEs, Project team, Project sponsor

    Complete the vision statement to set the direction, the “why,” for the changes we’re making. The vision is a reference point that should galvanize everyone in the organization and set guardrails for technical and process decisions to follow.

    1. Bring together key business stakeholders (content owners, SMEs, and relevant IT custodians) to craft a data management vision statement.
    2. Start by brainstorming keywords, such as customer-focused, empower the business, service excellence, findable and manageable, protected, accessible, paperless.
    3. Highlight the keywords that resonate most with the group. Refer to example vision statements for ideas.

    Create a common data management vision that is consistently communicated to the organization

    A data management program should be an enterprise-wide initiative.

    • To create a strong vision for data management, there must be participation from the business and IT. A common vision will articulate the state the organization wishes to achieve and how it will reach that state. Visioning helps to develop long-term goals and direction.
    • Once the vision is established, it must be effectively communicated to everyone, especially those who are involved in creating, managing, disposing, or archiving data.
    • The data management program should be periodically refined. This will ensure the organization continues to incorporate best methods and practices as the organization grows and data needs evolve.
    		 Stock image of a megaphone with multiple icons pouring from its opening.

    Info-Tech Tips

    • Use information from the stakeholder interviews to derive business goals and objectives.
    • Work to integrate different opinions and perspectives into the overall vision for data management.
    • Brainstorm guiding principles for content and understand the overall value to the organization.

    Create compelling vision and mission statements for the organization’s future data management practice

    A vision represents the way your organization intends to be in the future.

    A clear vision statement helps align the entire organization to the same end goal.

    Your vision should be brief, concise, and inspirational; it is attempting to say a lot in a few words, so be very thoughtful and careful with the words you choose. Consider your strengths across departments – business and IT, the consumers of your services, and your current/future commitments to service quality.

    Remember that a vision statement is internally facing for other members of your company throughout the process.

    		A mission expresses why you exist.

    While your vision is a declaration of where your organization aspires to be in the future, your mission statement should communicate the fundamental purpose of the data management practice.

    It identifies the function of the practice, what it produces, and its high-level goals that are linked to delivering timely, high-quality, relevant, and valuable data to business processes and end users. Consider if the practice is responsible for providing data for analytical and/or operational use cases.

    A mission statement should be a concise and clear statement of purpose for both internal and external stakeholders.

    “The Vision is the What, Where or Who you want the company to become. The Mission is the WHY the company exists, it is your purpose, passion or cause.” (Doug Meyer-Cuno, Forbes, 2021)

    Data Management Vision and Mission Statements: Draft

    Vision and mission statements crafted by the workshop participants. These statements are to be reviewed, refined into a single version, approved by members of the senior leadership team, and then communicated to the wider organization.

    Corporate

    Group 1

    Group 2
    Vision:
    Create and maintain an institution of world-class excellence.     		Vision: Vision:
    Mission:
    Foster an economic and financial environment conducive to sustainable economic growth and development.     		Mission: Mission:

    Information management framework

    The information management framework is a way to organize all the ECM program’s guidelines and artifacts

    Information management framework with 'Information Management Vision' above six principles. Below them are 'Information Management Policies' and 'Information Management Standards and Procedures.'

    The vision is a statement about the organization’s goals and provides a basis to guide decisions and rally employees toward a shared goal.

    The principles or themes communicate the organization’s priorities for its information management program.

    Policies are a set of official guidelines that determine a course of action. For example: Company is committed to safety for its employees.

    Procedures are a set of actions for doing something. For example: Company employees will wear protective gear while on the production floor.

    Craft your vision

    Use the insights you gathered from users and stakeholders to develop a vision statement
    • The beginning of a data management practice is a clear set of goals and key performance indicators (KPIs).
      A good set of goals takes time and input from senior leadership and stakeholders.
    • The data management program lead is selling a compelling vision of what is possible.
    • The vision also helps set the scope and expectations about what the data management program lead is and is not doing.
    • Be realistic about what you can do and how long it will take to see a difference.
    Table comparing the talk (mission statements, vision statements, and values) with the walk (strategies/goals, objectives, and tactical plans). Example vision statements:
    • The organization is dedicated to creating an enabling structure that helps the organization get the right information to the right people at the right time.
    • The organization is dedicated to creating a program that recognizes data as an asset, establishing a data-centric culture, and ensuring data quality and accessibility to achieve service excellence.
      •
    		The vision should be short, memorable, inspirational and draw a clear picture of what that future-state data management experience looks like.

    Is it modern and high end, with digital self-service?

    Is it a trusted and transparent steward of customer assets?

    1.4.2 Create guiding principles

    Input: Sample data management guiding principles, Stakeholder survey results and elicitation findings, Use cases, Business and data capability map

    Output: Data management guiding principles

    Materials: Markers and pens, Whiteboard, Online whiteboard, Guiding principles samples and templates

    Participants: Key business stakeholders, Data managers, Data owners, Business leads and SMEs, Project team, Project sponsor

    Draft a set of guiding principles that express your program’s values as a framework for decisions and actions and keep the data strategy alive.

    1. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to craft a set of data management guiding principles.
    2. Refer to industry sample guiding principles for data management.
    3. Discuss what’s important to stakeholders and owners, e.g. security, transparency, integrity. Good guiding principles address real challenges.
    4. A helpful tip: Craft principles as “We will…” statements for the problems you’ve identified.

    Twelve data management universal principles

    		 [SAMPLE]
    Principle Definitions
    Data Is Accessible Data is accessible across the organization based on individuals’ roles and privileges.
    Treat Data as an Asset Treat data as a most valuable foundation to make right decisions at the right time. Manage the data lifecycle across organization.
    Manage Data Define strategic enterprise data management that defines, integrates, and effectively retrieves data to generate accurate, consistent insights.
    Define Ownership & Stewardship Organizations should clearly appoint data owners and data stewards and ensure all team members understand their role in the company’s data management system.
    Use Metadata Use metadata to ensure data is properly managed by tacking how data has been collected, verified, reported, and analyzed.
    Single Source of Truth Ensure the master data maintenance across the organization.
    Ensure Data Quality Ensure data integrity though out the lifecycle of data by establishing a data quality management program.
    Data Is Secured Classify and maintain the sensitivity of the data.
    Maximize Data Use Extend the organization’s ability to make the most of its data.
    Empower the Users Foster data fluency and technical proficiency through training to maximize optimal business decision making.
    Share the Knowledge Share and publish the most valuable insights appropriately.
    Consistent Data Definitions Establish a business data glossary that defines consistent business definitions and usage of the data.

    Create a Data Management Roadmap

    Phase 2

    Assess Data Management and Build Your Roadmap

    Phase 1

    1.1 Review the Data Management Framework

    1.2 Understand and Align to Business Drivers

    1.3 Build High-Value Use Cases

    1.4 Create a Vision

    Phase 2

    2.1 Assess Data Management

    2.2 Build Your Data Management Roadmap

    2.3 Organize Business Data Domains

    This phase will walk you through the following activities:

    • Understand your current data management capabilities.
    • Define target-state capabilities required to achieve business goals and enable the data strategy.
    • Identify priority initiatives and planning timelines for data management improvements.

    This phase involves the following participants:

    • Data Management Lead/Information Management Lead, CDO, Data Lead
    • Senior Business Leaders
    • Business SMEs
    • Data owners, records managers, regulatory subject matter experts (e.g. legal counsel, security)

    Step 2.1

    Assess Your Data Management Capabilities

    Activities

    2.1.1 Define current state of data management capabilities

    2.1.2 Set target state and identify gaps

    This step will guide you through the following activities:

    • Assess the current state of your data management capabilities.
    • Define target-state capabilities required to achieve business goals and enable the data strategy.
    • Identify gaps and prioritize focus areas for improvement.

    Outcomes of this step

    • A prioritized set of improvement areas aligned with business value stream and drivers

    Assess Data Management and Build Your Roadmap

    Step 2.1 Step 2.2 Step 2.3

    Define current state

    The Data Management Assessment and Planning Tool will help you analyze your organization’s data requirements, identify data management strategies, and systematically develop a plan for your target data management practice.
    • Based on Info-Tech’s Data Management Framework, evaluate the current-state performance levels for your organization’s data management practice.
    • Use the CMMI maturity index to assign values 1 to 5 for each capability and enabler.

    A visualization of stairs numbered up from the bottom. Main headlines of each step are 'Initial and Reactive', 'Managed while developing DG capabilities', 'Defined DG capabilities', 'Quantitatively Managed by DG capabilities', and 'Optimized'.

    		Sample of the 'Data Management Current State Assessment' form the Data Management Assessment and Planning Tool.

    2.1.1 Define current state

    Input: Stakeholder survey results and elicitation findings, Use cases, Business and data management capability map

    Output: Current-state data management capabilities

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Assign a maturity level value from 1 to 5 for each question in the assessment tool, organized into capabilities, e.g. Data Governance, Data Quality, Risk.

    1. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to assign current-state maturity levels in each question of the worksheet.
    2. Remember that there is more distance between levels 4 and 5 than there is between 1 and 2 – the distance between levels is not even throughout.
    3. To help assign values, think of the higher levels as representing cross-enterprise standardization, monitored for continuous improvement, formalized and standardized, while the lower levels mean applied within individual units, not formalized or tracked for performance.
    4. In tab 4, “Current State Assessment,” populate a current-state value for each item in the Data Management Capabilities worksheet.
    5. Once you’ve entered values in tab 4, a visual and summary report of the results will be generated on tab 5, “Current State Results.”

    2.1.2 Set target state and identify gaps

    Input: Stakeholder survey results and elicitation findings, Use cases, Business and data management capability map to identify priorities

    Output: Target-state data management capabilities, Gaps identification and analysis

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Assign a maturity level value from 1 to 5 for each question in the assessment tool, organized into capabilities, e.g., Data Governance, Data Quality, Risk.

    1. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to assign target-state maturity levels in each question of the worksheet.
    2. Remember that there is more distance between levels 4 and 5 than there is between 1 and 2 – the distance between levels is not even throughout.
    3. To help assign values, think of the higher levels as representing cross-enterprise standardization, monitored for continuous improvement, formalized and standardized, while the lower levels mean applied within individual units, not formalized or tracked for performance.
    4. In tab 6, “Target State & Gap Analysis,” enter maturity values in each item of the Capabilities worksheet in the Target State column.
    5. Once you’ve assigned both target-state and current-state values, the tool will generate a gap analysis chart on tab 7, “Gap Analysis Results,” where you can start to decide first- and second-line priorities.

    Step 2.2

    Build Your Data Management Roadmap

    Activities

    2.2.1 Describe gaps

    2.2.2 Define gap initiatives

    2.2.2 Build a data management roadmap

    This step will guide you through the following activities:

    • Identify and understand data management gaps.
    • Develop data management improvement initiatives.
    • Build a data management–prioritized roadmap.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

    Assess Data Management and Build Your Roadmap

    Step 2.1 Step 2.2 Step 2.3

    2.2.1 Describe gaps

    Input: Target-state maturity level

    Output: Detail and context about gaps to lead planners to specific initiatives

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Based on the gaps result, describe the nature of the gap, which will lead to specific initiatives for the data management plan:

    1. In tab 6, “Target State & Gap Analysis,” the same tab where you entered your target-state maturity level, enter additional context about the nature and extent of each gap in the Gap Description column.
    2. Based on the best-practices framework we walked through in Phase 1, note the specific areas that are not fully developed in your organization; for example, we don’t have a model of our environment and its integrations, or there isn’t an established data quality practice with proactive monitoring and intervention.

    2.2.2 Define gap initiatives

    Input: Gaps analysis, Gaps descriptions

    Output: Data management initiatives

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Based on the gap analysis, start to define the data management initiatives that will close the gaps and help the organization achieve its target state.

    1. In tab 6, “Target State & Gap Analysis,” the same tab where you entered your target-state maturity level, note in the Gap Initiative column what actions you can take to address the gap for each item. For example, if we found through diagnostics and use cases that users didn’t understand the meaning of their data or reports, an initiative might be, “Build a standard enterprise business data catalog.”
    2. It’s an opportunity to brainstorm, to be creative, and think about possibilities. We’ll use the roadmap step to select initiatives from this list.
    3. There are things we can do right away to make a difference. Acknowledge the resources, talent, and leadership momentum you already have in your organization and leverage those to find activities that will work in your culture. For example, one company held a successful Data Day to socialize the roadmap and engage users.

    2.2.3 Build a data management roadmap

    Input: Gap initiatives, Target state and current-state assessment

    Output: Data management initiatives and roadmap

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Start to list tangible actions you will take to address gaps and achieve data objectives and business goals along with timelines and responsibility:

    1. With an understanding of your priority areas and specific gaps, and referring back to your use cases, draw up specific initiatives that you can track, measure, and align with your original goals.
    2. For example, in data governance, initiatives might include:
      • Assign data owners and stewards for all data assets.
      • Consolidate disparate business data catalogs.
      • Create a data governance charter or terms of reference.
    3. Alongside the initiatives, fill in other detail, especially who is responsible and timing (start and end dates). Assigning responsibility and some time markers will help to keep momentum alive and make the work projects real.

    Step 2.3

    Organize Business Data Domains

    Activities

    2.3.1 Define business data domains and assign owners

    This step will guide you through the following activities:

    • Identify business data domains that flow through and support the systems environment and business processes.
    • Define and organize business data domains with assigned owners, artifacts, and profiles.
    • Apply the domain map to building governance program.

    Outcomes of this step

    • Business data domain map with assigned owners and artifacts

    Assess Data Management and Build Your Roadmap

    Step 2.1 Step 2.2 Step 2.3

    2.3.1 Define business data domains

    Input: Target-state maturity level

    Output: Detail and context about gaps to lead planners to specific initiatives

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Identify the key data domains for each line of business, where the data resides, and the main contact or owner.

    1. We have an understanding of what the business wants to achieve, e.g. build customer loyalty or comply with privacy laws. But where is the data that can help us achieve that? What systems is that data moving and living in and who, if anyone, owns it?
    2. Define the main business data domains apart from what system it may be spread over. Use the worksheet on the next slide as an example.
    3. Examples of business data domains: Customer, Product, Vendor.
    4. Each domain should have owners and associated business processes. Assign data domain owners, application owners, and business process owners.

    Business and data domains

    [SAMPLE]

    Business Domain App/Data Domains Business Stewards Application Owners Business Owners
    Client Experience and Sales Tech Salesforce (Sales, Service, Experience Clouds), Mulesoft (integration point) (Any team inputting data into the system)
    Quality and Regulatory Salesforce
    Operations Salesforce, Salesforce Referrals, Excel spreadsheets, SharePoint
    Finance Workday, Sage 300 (AccPac), Salesforce, Moneris Finance
    Risk/Legal Network share drive/SharePoint
    Human Resources Workday, Network share drive/SharePoint HR team
    Corporate Sales Salesforce (Sales, Service, Health, Experience Clouds),
    Sales and Client Success Mitel, Outlook, PDF intake forms, Workday, Excel. Sales & Client Success Director, Marketing Director CIO, Sales & Client Success Director, Marketing Director

    Embrace the technology

    Make the available data governance tools and technology work for you:
    • Data catalog
    • Business data glossary
    • Data lineage
    • Metadata management
    While data governance tools and technologies are no panacea, leverage their automated and AI-enabled capabilities to augment your data governance program.     		Array of logos of tech companies whose products are used for this type of work: Informatica, Collibra, Tibco, Alation, Immuta, TopQuadrant, and SoftwareReviews.

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.     		Photo of an analyst.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    		The following are sample activities that will be conducted by Info-Tech analysts with your team:
    Sample of the Data Governance Strategy Map slide from earlier.

    Build Your Business and User Context

    Work with your core team of stakeholders to build out your data management roadmap, aligning data management initiatives with business capabilities, value streams, and, ultimately, your strategic priorities.     		Sample of a 'Data Management Enablers' table.

    Formulate a Plan to Get to Your Target State

    Develop a data management future-state roadmap and plan based on an understanding of your current data governance capabilities, your operating environment, and the driving needs of your business.

    Related Info-Tech Research

    Stock image of people pointing to a tablet with a dashboard.

    Build a Robust and Comprehensive Data Strategy

    Key to building and fostering a data-driven culture.
    Sample of the 'Data & Analytics Landscape' slide from earlier.

    Understand the Data and Analytics Landscape

    Optimize your data and analytics environment.
    Stock image of co-workers looking at the same thing.

    Build a Data Pipeline for Reporting and Analytics

    Data architecture best practices to prepare data for reporting and analytics.

    Research Contributors

    Name Position Company
    Anne Marie Smith Board of Directors DAMA International
    Andy Neill Practice Lead, Data & Analytics Info-Tech Research Group
    Dirk Coetsee Research Director, Data & Analytics Info-Tech Research Group
    Graham Price Executive Advisor, Advisory Executive Services Info-Tech Research Group
    Igor Ikonnikov Research Director, Data & Analytics Info-Tech Research Group
    Jean Bujold Senior Workshop Delivery Director Info-Tech Research Group
    Mario Cantin Chief Data Strategist Prodago
    Martin Sykora Director NexJ Analytics
    Michael Blaha Author, Patterns of Data Modeling Consultant
    Rajesh Parab Research Director, Data & Analytics Info-Tech Research Group
    Ranjani Ranganathan Product Manager, Research – Workshop Delivery Info-Tech Research Group
    Reddy Doddipalli Senior Workshop Director Info-Tech Research Group

    Bibliography

    AIIM, “What is Enterprise Content Management (ECM)?” Intelligent Information Management Glossary, AIIM, 2021. Web.

    BABOK V3: A Guide to Business Analysis Body of Knowledge. IIBA, 2014. Web.

    Barton, Dominic, and David Court. "Three Keys To Building a Data-Driven Strategy." McKinsey and Company, 1 Mar. 2013. Web.

    Boston University Libraries. "Data Life Cycle » Research Data Management | Boston University." Research Data Management RSS. Boston University, n.d. Accessed Oct. 2015.

    Chang, Jenny. “97 Supply Chain Statistics You Must Know: 2020 / 2021 Market Share Analysis & Data.” FinancesOnline, 2021. Web.

    COBIT 5: Enabling Information. ISACA, 2013. Web.

    CSC (Computer Sciences Corporation), Big Data Infographic, 2012. Web.

    DAMA International. DAMA-DMBOK Guide. 1st ed., Technics Publications, 2009. Digital.

    DAMA International. “DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK2 Guide).” 2nd ed., 2017. Accessed June 2017.

    Davenport, Thomas H. "Analytics in Sports: The New Science of Winning." International Institute for Analytics, 2014. Web.

    Department of Homeland Security. Enterprise Data Management Policy. Department of Homeland Security, 25 Aug. 2014. Web.

    Enterprise Data Management Data Governance Plan. US Federal Student Aid, Feb. 2007. Accessed Oct. 2015.

    Experian. “10 signs you are sitting on a pile of data debt.” Experian, 2020. Accessed 25 June 2021.

    Fasulo, Phoebe. “6 Data Management Trends in Financial Services.” SecurityScorecard, 3 June 2021. Web.

    Georgia DCH Medicaid Enterprise – Data Management Strategy. Georgia Department of Community Health, Feb. 2015. Accessed Oct. 2015.

    Hadavi, Cyrus. “Use Exponential Growth of Data to Improve Supply Chain Operations.” Forbes, 5 Oct. 2021. Web.

    Harbert, Tam. “Tapping the power of unstructured data.” MIT Sloan, 1 Feb. 2021. Web.

    Hoberman, Steve, and George McGeachie. Data Modeling Made Simple with PowerDesigner. Technics Pub, 2011. Print.

    “Information Management Strategy.” Information Management – Alberta. Service Alberta, Nov.-Dec. 2013. Web.

    Jackson, Brian, et al. “2021 Tech Trends.” Info-Tech Research Group, 2021. Web.

    Jarvis, David, et al. “The hyperquantified athlete: Technology, measurement, and the business of sports.” Deloitte Insights, 7 Dec. 2020. Web.

    Bibliography

    Johnson, Bruce. “Leveraging Subject Area Models.” EIMInsight Magazine, vol. 3, no. 4, April 2009. Accessed Sept. 2015.

    Lewis, Larry. "How to Use Big Data to Improve Supply Chain Visibility." Talking Logistics, 14 Sep. 2014. Web.

    McAfee, Andrew, and Erik Brynjolfsson. “Big Data: The Management Revolution,” Harvard Business Review, vol. 90, no. 10, 2012, pp. 60-68.

    Meyer-Cuno, Doug. “Is A Vision Statement Important?” Forbes, 24 Feb. 2021. Web.

    MIT. “Big Data: The Management Revolution.” MIT Center for Digital Business, 29 May 2014. Accessed April 2014.

    "Open Framework, Information Management Strategy & Collaborative Governance.” MIKE2 Methodology RSS, n.d. Accessed Aug. 2015.

    PwC. “Asset Management 2020: A Brave New World.” PwC, 2014. Accessed April 2014.

    Riley, Jenn. Understanding Metadata: What is Metadata, and What is it For: A Primer. NISO, 1 Jan. 2017. Web.

    Russom, Philip. "TDWI Best Practices Report: Managing Big Data." TDWI, 2013. Accessed Oct. 2015.

    Schneider, Joan, and Julie Hall. “Why Most Product Launches Fail.” Harvard Business Review, April 2011. Web.

    Sheridan, Kelly. "2015 Trends: The Growth of Information Governance | Insurance & Technology." InformationWeek. UBM Tech, 10 Dec. 2014. Accessed Nov. 2015.

    "Sports Business Analytics and Tickets: Case Studies from the Pros." SloanSportsConference. Live Analytics – Ticketmaster, Mar. 2013. Accessed Aug. 2015.

    Srinivasan, Ramya. “Three Analytics Breakthroughs That Will Define Business in 2021.” Forbes, 4 May 2021. Web.

    Statista. “Amount of data created, consumed, and stored 2010-2020.” Statista, June 2021. Web.

    “Understanding the future of operations: Accenture Global Operations Megatrends research.” Accenture Consulting, 2015. Web.

    Vardhan, Harsh. “Why So Many Product Ideas Fail?” Medium, 26, Sept. 2020. Web.

    Develop and Implement a Security Incident Management Program

    • Buy Link or Shortcode: {j2store}316|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $105,346 Average $ Saved
    • member rating average days saved: 39 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Tracked incidents are often classified into ready-made responses that are not necessarily applicable to the organization. With so many classifications, tracking becomes inefficient and indigestible, allowing major incidents to fall through the cracks.
    • Outcomes of incident response tactics are not formally tracked or communicated, resulting in a lack of comprehensive understanding of trends and patterns regarding incidents, leading to being re-victimized by the same vector.
    • Having a formal incident response document to meet compliance requirements is not useful if no one is adhering to it.

    Our Advice

    Critical Insight

    • You will experience incidents. Don’t rely on ready-made responses. They’re too broad and easy to ignore. Save your organization response time and confusion by developing your own specific incident use cases.
    • Analyze, track, and review results of incident response regularly. Without a comprehensive understanding of incident trends and patterns, you can be re-victimized by the same attack vector.
    • Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and exchange information with other organizations to stay ahead of incoming threats.

    Impact and Result

    • Effective and efficient management of incidents involves a formal process of preparation, detection, analysis, containment, eradication, recovery, and post-incident activities.
    • This blueprint will walk through the steps of developing a scalable and systematic incident response program relevant to your organization.

    Develop and Implement a Security Incident Management Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop and implement a security incident management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare

    Equip your organization for incident response with formal documentation of policies and processes.

    • Develop and Implement a Security Incident Management Program – Phase 1: Prepare
    • Security Incident Management Maturity Checklist ‒ Preliminary
    • Information Security Requirements Gathering Tool
    • Incident Response Maturity Assessment Tool
    • Security Incident Management Charter Template
    • Security Incident Management Policy Template
    • Security Incident Management RACI Tool

    2. Operate

    Act with efficiency and effectiveness as new incidents are handled.

    • Develop and Implement a Security Incident Management Program – Phase 2: Operate
    • Security Incident Management Plan
    • Security Incident Runbook Prioritization Tool
    • Security Incident Management Runbook: Credential Compromise
    • Security Incident Management Workflow: Credential Compromise (Visio)
    • Security Incident Management Workflow: Credential Compromise (PDF)
    • Security Incident Management Runbook: Distributed Denial of Service
    • Security Incident Management Workflow: Distributed Denial of Service (Visio)
    • Security Incident Management Workflow: Distributed Denial of Service (PDF)
    • Security Incident Management Runbook: Malware
    • Security Incident Management Workflow: Malware (Visio)
    • Security Incident Management Workflow: Malware (PDF)
    • Security Incident Management Runbook: Malicious Email
    • Security Incident Management Workflow: Malicious Email (Visio)
    • Security Incident Management Workflow: Malicious Email (PDF)
    • Security Incident Management Runbook: Ransomware
    • Security Incident Management Workflow: Ransomware (Visio)
    • Security Incident Management Workflow: Ransomware (PDF)
    • Security Incident Management Runbook: Data Breach
    • Security Incident Management Workflow: Data Breach (Visio)
    • Security Incident Management Workflow: Data Breach (PDF)
    • Data Breach Reporting Requirements Summary
    • Security Incident Management Runbook: Third-Party Incident
    • Security Incident Management Workflow: Third-Party Incident (Visio)
    • Security Incident Management Workflow: Third-Party Incident (PDF)
    • Security Incident Management Runbook: Blank Template

    3. Maintain and optimize

    Manage and improve the incident management process by tracking metrics, testing capabilities, and leveraging best practices.

    • Develop and Implement a Security Incident Management Program – Phase 3: Maintain and Optimize
    • Security Incident Metrics Tool
    • Post-Incident Review Questions Tracking Tool
    • Root-Cause Analysis Template
    • Security Incident Report Template
    [infographic]

    Workshop: Develop and Implement a Security Incident Management Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare Your Incident Response Program

    The Purpose

    Understand the purpose of incident response.

    Formalize the program.

    Identify key players and escalation points.

    Key Benefits Achieved

    Common understanding of the importance of incident response.

    Various business units becoming aware of their roles in the incident management program.

    Formalized documentation.

    Activities

    1.1 Assess the current process, obligations, scope, and boundaries of the incident management program.

    1.2 Identify key players for the response team and for escalation points.

    1.3 Formalize documentation.

    1.4 Prioritize incidents requiring preparation.

    Outputs

    Understanding of the incident landscape

    An identified incident response team

    A security incident management charter

    A security incident management policy

    A list of top-priority incidents

    A general security incident management plan

    A security incident response RACI chart

    2 Develop Incident-Specific Runbooks

    The Purpose

    Document the clear response procedures for top-priority incidents.

    Key Benefits Achieved

    As incidents occur, clear response procedures are documented for efficient and effective recovery.

    Activities

    2.1 For each top-priority incident, document the workflow from detection through analysis, containment, eradication, recovery, and post-incident analysis.

    Outputs

    Up to five incident-specific runbooks

    3 Maintain and Optimize the Program

    The Purpose

    Ensure the response procedures are realistic and effective.

    Identify key metrics to measure the success of the program.

    Key Benefits Achieved

    Real-time run-through of security incidents to ensure roles and responsibilities are known.

    Understanding of how to measure the success of the program.

    Activities

    3.1 Limited scope tabletop exercise.

    3.2 Discuss key metrics.

    Outputs

    Completed tabletop exercise

    Key success metrics identified

    Further reading

    Develop and Implement a Security Incident Management Program

    Create a scalable incident response program without breaking the bank.

    ANALYST PERSPECTIVE

    Security incidents are going to happen whether you’re prepared or not. Ransomware and data breaches are just a few top-of-mind threats that all organizations deal with. Taking time upfront to formalize response plans can save you significantly more time and effort down the road. When an incident strikes, don’t waste time deciding how to remediate. Rather, proactively identify your response team, optimize your response procedures, and track metrics so you can be prepared to jump to action.

    Céline Gravelines,
    Senior Research Analyst
    Security, Risk & Compliance Info-Tech Research Group

    Picture of Céline Gravelines

    Céline Gravelines,
    Senior Research Analyst
    Security, Risk & Compliance Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For

    • A CISO who is dealing with the following:
      • Inefficient use of time and money when retroactively responding to incidents, negatively affecting business revenue and workflow.
      • Resistance from management to adequately develop a formal incident response plan.
      • Lack of closure of incidents, resulting in being re-victimized by the same vector.

    This Research Will Help You

    • Develop a consistent, scalable, and usable incident response program that is not resource intensive.
    • Track and communicate incident response in a formal manner.
    • Reduce the overall impact of incidents over time.
    • Learn from past incidents to improve future response processes.

    This Research Will Also Assist

    • Business stakeholders who are responsible for the following:
    • Improving workflow and managing operations in the event of security incidents to reduce any adverse business impacts.
    • Ensuring that incident response compliance requirements are being adhered to.

    This Research Will Help Them

    • Efficiently allocate resources to improve incident response in terms of incident frequency, response time, and cost.
    • Effectively communicate expectations and responsibilities to users.

    Executive Summary

    Situation

    • Security incidents are inevitable, but how they’re dealt with can make or break an organization. Poor incident response negatively affects business practices, including workflow, revenue generation, and public image.
    • The incident response of most organizations is ad hoc at best. A formal management plan is rarely developed or adhered to, resulting in ineffective firefighting responses and inefficient allocation of resources.

    Complication

    • Tracked incidents are often classified into ready-made responses that are not necessarily applicable to the organization. With so many classifications, tracking becomes inefficient and indigestible, allowing major incidents to fall through the cracks.
    • Outcomes of incident response tactics are not formally tracked or communicated, resulting in a lack of comprehensive understanding of trends and patterns regarding incidents, leading to being revictimized by the same vector.
    • Having a formal incident response document to meet compliance requirements is not useful if no one is adhering to it.

    Resolution

    • Effective and efficient management of incidents involves a formal process of preparation, detection, analysis, containment, eradication, recovery, and post-incident activities.
    • This blueprint will walk through the steps of developing a scalable and systematic incident response program relevant to your organization.

    Info-Tech Insight

    • You will experience incidents. Don’t rely on ready-made responses. They’re too broad and easy to ignore. Save your organization response time and confusion by developing your own specific incident use cases.
    • Analyze, track, and review results of incident response regularly. Without a comprehensive understanding of incident trends and patterns, you can be re-victimized by the same attack vector.
    • Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and exchange information with other organizations to stay ahead of incoming threats.

    Data breaches are resulting in major costs across industries

    Per capita cost by industry classification of benchmarked companies (measured in USD)

    This is a bar graph showing the per capita cost by industry classification of benchmarked companies(measured in USD). the companies are, in decreasing order of cost: Health; Financial; Services; Pharmaceutical; Technology; Energy; Education; Industrial; Entertainment; Consumer; Media; Transportation; Hospitality; Retail; Research; Public

    Average data breach costs per compromised record hit an all-time high of $148 (in 2018).
    (Source: IBM, “2018 Cost of Data Breach Study)”

    % of systems impacted by a data breach
    1%
    No Impact     		19%
    1-10% impacted     		41%
    11-30% impacted     		24%
    31-50% impacted     		15%
    > 50% impacted
    % of customers lost from a data breach
    61% Lost
    < 20%     		21% Lost 20-40% 8% Lost
    40-60%     		6% Lost
    60-80%     		4% Lost
    80-100%
    % of customers lost from a data breach
    58% Lost
    <20%     		25% Lost
    20-40%     		9% Lost
    40-60%     		5% Lost
    60-80%     		4% Lost
    80-100%

    Source: Cisco, “Cisco 2017 Annual Cybersecurity Report”

    Defining what is security incident management

    IT Incident

    Any event not a part of the standard operation of a service which causes, or may cause, the interruption to, or a reduction in, the quality of that service.

    Security Event:

    A security event is anything that happens that could potentially have information security implications.

    • A spam email is a security event because it may contain links to malware.
    • Organizations may be hit with thousands or perhaps millions of identifiable security events each day.
    • These are typically handled by automated tools or are simply logged.

    Security Incident:

    A security incident is a security event that results in damage such as lost data.

    • Incidents can also include events that don't involve damage but are viable risks.
    • For example, an employee clicking on a link in a spam email that made it through filters may be viewed as an incident.

    It’s not a matter of if you have a security incident, but when

    The increasing complexity and prevalence of threats have finally caught the attention of corporate leaders. Prepare for the inevitable with an incident response program.

    1. A formalized incident response program reduced the average cost of a data breach (per capita) from $148 to $134, while third-party involvement increased costs by $13.40.
    2. US organizations lost an average of $7.91 million per data breach as a result of increased customer attrition and diminished goodwill. Canada and the UK follow suit at $1.57 and $1.39 million, respectively.
    3. 73% of breaches are perpetrated by outsiders, 50% are the work of criminal groups, and 28% involve internal actors.
    4. 55% of companies have to manage fallout, such as reputational damage after a data breach.
    5. The average cost of a data breach increases by $1 million if left undetected for > 100 days.

    (Sources: IBM, “2018 Cost of Data Breach Study”; Verizon, “2017 Data Breach Investigations Report”; Cisco, “Cisco 2018 Annual Cybersecurity Report”)

    Threat Actor Examples

    The proliferation of hacking techniques and commoditization of hacking tools has enabled more people to become threat actors. Examples include:
    • Organized Crime Groups
    • Lone Cyber Criminals
    • Competitors
    • Nation States
    • Hacktivists
    • Terrorists
    • Former Employees
    • Domestic Intelligence Services
    • Current Employees (malicious and accidental)

    Benefits of an incident management program

    Effective incident management will help you do the following:

    Improve efficacy
    Develop structured processes to increase process consistency across the incident response team and the program as a whole. Expose operational weak points and transition teams from firefighting to innovating.

    Improve threat detection, prevention, analysis, and response
    Enhance your pressure posture through a structured and intelligence-driven incident handling and remediation framework.

    Improve visibility and information sharing
    Promote both internal and external information sharing to enable good decision making.

    Create and clarify accountability and responsibility
    Establish a clear level of accountability throughout the incident response program, and ensure role responsibility for all tasks and processes involved in service delivery.

    Control security costs
    Effective incident management operations will provide visibility into your remediation processes, enabling cost savings from misdiagnosed issues and incident reduction.

    Identify opportunities for continuous improvement
    Increase visibility into current performance levels and accurately identify opportunities for continuous improvement with a holistic measurement program.

    Impact

    Short term:
    • Streamlined security incident management program.
    • Formalized and structured response process.
    • Comprehensive list of operational gaps and initiatives.
    • Detailed response runbooks that predefine necessary operational protocol.
    • Compliance and audit adherence.
    Long term:
    • Reduced incident costs and remediation time.
    • Increased operational collaboration between prevention, detection, analysis, and response efforts.
    • Enhanced security pressure posture.
    • Improved communication with executives about relevant security risks to the business.
    • Preserved reputation and brand equity.

    Incident management is essential for organizations of any size

    Your incidents may differ, but a standard response ensures practical security.

    Certain regulations and laws require incident response to be a mandatory process in organizations.

    Compliance Standard Examples Description
    Federal Information Security Modernization Act (FISMA)
    • Organizations must have “procedures for detecting, reporting, and responding to security incidents” (2002).
    • They must also “inform operators of agency information systems about current and potential information security threats and vulnerabilities.”
    Federal Information Processing Standards (FIPS)
    • “Organizations must: (i) establish an operational incident handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.”
    Payment Card Industry Data Security Standard (PCI DSS v3)
    • 12.5.3: “Establish, document, and distribute security incident response and escalation procedures to ensure timely and effective handling of all situations.”
    Health Insurance Portability and Accountability Act (HIPAA)
    • 164.308: Response and Reporting – “Identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity; and document security incidents and their outcomes.”

    Security incident management is applicable to all verticals

    Examples:
    • Finance
    • Insurance
    • Healthcare
    • Public administration
    • Education services
    • Professional services
    • Scientific and technical services

    Maintain a holistic security operations program

    Legacy security operations centers (SOCs) fail to address gaps between data sources, network controls, and human capital. There is limited visibility and collaboration between departments, resulting in siloed decisions that do not support the best interests of the organization.

    Security operations is part of what Info-Tech calls a threat collaboration environment, where members must actively collaborate to address cyberthreats affecting the organization’s brand, business operation, and technology infrastructure on a daily basis.

    Prevent: Defense in depth is the best approach to protect against unknown and unpredictable attacks. Diligent patching and vulnerability management, endpoint protection, and strong human-centric security (amongst other tactics) are essential. Detect: There are two types of companies – those who have been breached and know it, and those who have been breached and don’t know it. Ensure that monitoring, logging, and event detection tools are in place and appropriate to your organizational needs.
    Analyze: Raw data without interpretation cannot improve security and is a waste of time, money, and effort. Establish a tiered operational process that not only enriches data but also provides visibility into your threat landscape. Respond: Organizations can’t rely on an ad hoc response anymore – don’t wait until a state of panic. Formalize your response processes in a detailed incident runbook to reduce incident remediation time and effort.

    Info-Tech’s incident response blueprint is one of four security operations initiatives

    Design and Implement a Vulnerability Management Program Vulnerability Management
    Vulnerability management revolves around the identification, prioritization, and remediation of vulnerabilities. Vulnerability management teams hunt to identify which vulnerabilities need patching and remediating.
    • Vulnerability Tracking Tool
    • Vulnerability Scanning Tool RFP Template
    • Penetration Test RFP Template
    • Vulnerability Mitigation Process Template
    Integrate Threat Intelligence Into Your Security Operations Vulnerability Management
    Vulnerability management revolves around the identification, prioritization, and remediation of vulnerabilities. Vulnerability management teams hunt to identify which vulnerabilities need patching and remediating.
    • Threat Intelligence Maturity Assessment Tool
    • Threat Intelligence RACI Tool
    • Threat Intelligence Management Plan Template
    • Threat Intelligence Policy Template
    • Threat Intelligence Alert Template
    • Threat Intelligence Alert and Briefing Cadence Schedule Template
    Develop Foundational Security Operations Processes Operations
    Security operations include the real-time monitoring and analysis of events based on the correlation of internal and external data sources. This also includes incident escalation based on impact. These analysts are constantly tuning and tweaking rules and reporting thresholds to further help identify which indicators are most impactful during the analysis phase of operations.
    • Security Operations Maturity Assessment Tool
    • Security Operations Event Prioritization Tool
    • Security Operations Efficiency Calculator
    • Security Operations Policy
    • In-House vs. Outsourcing Decision-Making Tool
    • Seccrimewareurity Operations RACI Tool
    • Security Operations TCO & ROI Comparison Calculator
    Develop and Implement a Security Incident Management Program Incident Response (IR)
    Effective and efficient management of incidents involves a formal process of analysis, containment, eradication, recovery, and post-incident activities. Incident response teams coordinate root cause and incident gathering while facilitating post-incident lessons learned. Incident response can provide valuable threat data that ties specific indicators to threat actors or campaigns.     		Security Incident Management Policy
    • Security Incident Management Plan
    • Incident Response Maturity Assessment Tool
    • Security Incident Runbook Prioritization Tool
    • Security Incident Management RACI Tool
    • Various Incident Management Runbooks

    Understand how incident response ties into related processes

    Info-Tech Resources:
    Business Continuity Plan Develop a Business Continuity Plan
    Disaster Recovery Plan Create a Right-Sized Disaster Recovery Plan
    Security Incident Management Develop and Implement a Security Incident Management Program
    Incident Management Incident and Problem Management
    Service Desk Standardize the Service Desk

    Develop and Implement a Security Incident Management Program – project overview

    1. Prepare 2. Operate 3. Maintain and Optimize
    Best-Practice Toolkit 1.1 Establish the Drivers, Challenges, and Benefits.

    1.2 Examine the Security Incident Landscape and Trends.

    1.3 Understand Your Security Obligations, Scope, and Boundaries.

    1.4 Gauge Your Current Process to Identify Gaps.

    1.5 Formalize the Security Incident Management Charter.

    1.6 Identify Key Players and Develop a Call Escalation Tree.

    1.7 Develop a Security Incident Management Policy.

    		 2.1 Understand the Incident Response Framework.

    2.2 Understand the Purpose of Runbooks.

    2.3 Prioritize the Development of Incident-Specific Runbooks.

    2.4 Develop Top-Priority Runbooks.

    2.5 Fill Out the Root-Cause Analysis Template.

    2.6 Customize the Post-Incident Review Questions Tracking Tool to Standardize Useful Questions for Lessons-Learned Meetings.

    2.7 Complete the Security Incident Report Template.

    		 3.1 Conduct Tabletop Exercises.

    3.2 Initialize a Security Incident Management Metrics Program.

    3.3 Leverage Best Practices for Continuous Improvement.
    Guided Implementations Understand the incident response process, and define your security obligations, scope, and boundaries.

    Formalize the incident management charter, RACI, and incident management policy.     		Use the framework to develop a general incident management plan.

    Prioritize and develop top-priority runbooks.     		Develop and facilitate tabletop exercises.

    Create an incident management metrics program, and assess the success of the incident management program.
    Onsite Workshop Module 1:
    Prepare for Incident Response     		Module 2:
    Handle Incidents     		Module 3:
    Review and Communicate Security Incidents
    Phase 1 Outcome:
  • Formalized stakeholder support
  • Security Incident Management Policy
  • Security Incident Management Charter
  • Call Escalation Tree
    		•  Phase 2 Outcome:
    • A generalized incident management plan
    • A prioritized list of incidents
    • Detailed runbooks for top-priority incidents
    		 Phase 3 Outcome:
    • A formalized tracking system for benchmarking security incident metrics.
    • Recommendations for optimizing your security incident management processes.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities
    • Kick off and introductions.
    • High-level overview of weekly activities and outcomes.
    • Understand the benefits of security incident response management.
    • Formalize stakeholder support.
    • Assess your current process, obligations, and scope.
    • Develop RACI chart.
    • Define impact and scope.
    • Identify key players for the threat escalation protocol.
    • Develop a security incident response policy.
    • Develop a general security incident response plan.
    • Prioritize incident-specific runbook development.
    • Understand the incident response process.
    • Develop general and incident-specific call escalation trees.
    • Develop specific runbooks for your top-priority incidents (e.g. ransomware).
      • Detect the incident.
      • Analyze the incident.
      • Contain the incident.
      • Eradicate the root cause.
      • Recover from the incident.
      • Conduct post-incident analysis and communication.
    • Develop specific runbooks for your next top-priority incidents:
      • Detect the incident.
      • Analyze the incident.
      • Contain the incident.
      • Eradicate the root cause.
      • Recover from the incident.
      • Conduct post-incident analysis and communication.
    • Determine key metrics to track and report.
    • Develop post-incident activity documentation.
    • Understand best practices for both internal and external communication.
    • Finalize key deliverables created during the workshop.
    • Present the security incident response program to key stakeholders.
    • Workshop executive presentation and debrief.
    • Finalize main deliverables.
    • Schedule subsequent Analyst Calls.
    • Schedule feedback call.
    Deliverables
    • Security Incident Management Maturity Checklist ‒ Preliminary
    • Security Incident Management RACI Tool
    • Security Incident Management Policy
    • General incident management plan
    • Security Incident Management Runbook
    • Development prioritization
    • Prioritized list of runbooks
    • Understanding of incident handling process
    • Incident-specific runbooks for two incidents (including threat escalation criteria and Visio workflow)
    • Discussion points for review with response team
    • Incident-specific runbooks for two incidents (including threat escalation criteria and Visio workflow)
    • Discussion points for review with response team
    • Security Incident Metrics Tool
    • Post-Incident Review Questions Tracking Tool
    • Post-Incident Report Analysis Template
    • Root Cause Analysis Template
    • Post-Incident Review Questions Tracking Tool
    • Communication plans
    • Workshop summary documentation
  • All final deliverables
    		•

    Measured value for Guided Implementations

    Engaging in GIs doesn’t just offer valuable project advice – it also results in significant cost savings.

    GI Purpose Measured Value
    Section 1: Prepare

    Understand the need for an incident response program.
    Develop your incident response policy and plan.
    Develop classifications around incidents.
    Establish your program implementation roadmap.

    Time, value, and resources saved using our classification guidance and templates: 2 FTEs*2 days*$80,000/year = $1,280
    Time, value, and resources saved using our classification guidance and templates:
    2 FTEs*5 days*$80,000/year = $3,200

    Section 2: Operate

    Prioritize runbooks and develop the processes to create your own incident response program:

  • Detect
  • Analyze
  • Contain
  • Eradicate
  • Recover
  • Post-Incident Activity
    		•

    Time, value, and resources saved using our guidance:
    4 FTEs*10 days*$80,000/year = $12,800 (if done internally)

    Time, value, and resources saved using our guidance:
    1 consultant*15 days*$2,000/day = $30,000 (if done by third party)
    Section 3: Maintain and Optimize Develop methods of proper reporting and create templates for communicating incident response to key parties. Time, value, and resources saved using our guidance, templates, and tabletop exercises:
    2 FTEs*3 days*$80,000/year = $1,920
    Total Costs To just get an incident response program off the ground. $49,200

    Insurance company put incident response aside; executives were unhappy

    Organization implemented ITIL, but formal program design became less of a priority and turned more ad hoc.

    Situation

    • Ad hoc processes created management dissatisfaction around the organization’s ineffective responses to data breaches.
    • Because of the lack of formal process, an entirely new security team needed to be developed, costing people their positions.

    Challenges

    • Lack of criteria to categorize and classify security incidents.
    • Need to overhaul the long-standing but ineffective program means attempting to change mindsets, which can be time consuming.
    • Help desk is not very knowledgeable on security.
    • New incident response program needs to be in alignment with data classification policy and business continuity.
    • Lack of integration with MSSP’s ticketing system.

    Next steps:

    • Need to get stakeholder buy-in for a new program.
    • Begin to establish classification/reporting procedures.

    Follow this case study to Phase 1

    Phase 1

    Prepare

    Develop and Implement a Security Incident Management Program

    Phase 1: Prepare

    PHASE 1 PHASE 2 PHASE 3
    Prepare Operate Optimize

    This phase walks you through the following activities:

    1.1 Establish the drivers, challenges, and benefits.
    1.2 Examine the security incident landscape and trends.
    1.3 Understand your security obligations, scope, and boundaries.
    1.4 Gauge your current process to identify gaps.
    1.5 Formalize a security incident management charter.
    1.6 Identify key players and develop a call escalation tree.
    1.7 Develop a security incident management policy.

    This phase involves the following participants:

    • CISO
    • Security team
    • IT staff
    • Business leaders

    Outcomes of this phase

    • Formalized stakeholder support.
    • Security incident management policy.
    • Security incident management charter.
    • Call escalation tree.

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Prepare for Incident Response
    Proposed Time to Completion: 3 Weeks
    Step 1.1-1.3 Understand Incident Response Step 1.4-1.7 Begin Developing Your Program
    Start with an analyst kick-off call:
  • Discuss your current incident management status.
    		•  Review findings with analyst:
  • Review documents.
    		•
    Then complete these activities…
    • Establish your security obligations, scope, and boundaries.
    • Identify the drivers, challenges, and benefits of formalized incident response.
    • Review any existing documentation.
    		 Then complete these activities…
    • Discuss further incident response requirements.
    • Identify key players for escalation and notifications.
    • Develop the policy.
    • Develop the plan.

    With these tools & templates:
    Security Incident Management Maturity Checklist ‒ Preliminary Information Security Requirements Gathering Tool

    		With these tools & templates:
    Security Incident Management Policy
    Security Incident Management Plan
    Phase 1 Results & Insights:

    Ready-made incident response solutions often contain too much coverage: too many irrelevant cases that are not applicable to the organization are accounted for, making it difficult to sift through all the incidents to find the ones you care about. Develop specific incident use cases that correspond with relevant incidents to quickly identify the response process and eliminate ambiguity when handled by different individuals.

    Ice breaker: What is a security incident for your organization?

    1.1 Whiteboard Exercise – 60 minutes

    How do you classify various incident types between service desk, IT/infrastructure, and security?

    • Populate sticky notes with various incidents and assign them to the appropriate team.
      • Who owns the remediation? When are other groups involved? What is the triage/escalation process?
      • What other groups need to be notified (e.g. cyber insurance, Legal, HR, PR)?
      • Are there dependencies among incidents?
      • What are we covering in the scope of this project?

    Domino – Maintain, Commit to, or Vacate?

    If you have a Domino/Notes footprint that is embedded within your business units and business processes and is taxing your support organization, you may have met resistance from the business and been asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses and a multipurpose solution that, over the years, became embedded within core business applications and processes.

    Our Advice

    Critical Insight

    For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.

    Impact and Result

    The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.

    Domino – Maintain, Commit to, or Vacate? Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Domino – Maintain, Commit to, or Vacate? – A brief deck that outlines key migration options for HCL Domino platforms.

    This blueprint will help you assess the fit, purpose, and price of Domino options; develop strategies for overcoming potential challenges; and determine the future of Domino for your organization.

    • Domino – Maintain, Commit to, or Vacate? Storyboard

    2. Application Rationalization Tool – A tool to understand your business-developed applications, their importance to business process, and the potential underlying financial impact.

    Use this tool to input the outcomes of your various application assessments.

    • Application Rationalization Tool

    Infographic

    Further reading

    Domino – Maintain, Commit to, or Vacate?

    Lotus Domino still lives, and you have options for migrating away from or remaining with the platform.

    Executive Summary

    Info-Tech Insight

    “HCL announced that they have somewhere in the region of 15,000 Domino customers worldwide, and also claimed that that number is growing. They also said that 42% of their customers are already on v11 of Domino, and that in the year or so since that version was released, it’s been downloaded 78,000 times. All of which suggests that the Domino platform is, in fact, alive and well.”
    – Nigel Cheshire in Team Studio

    Your Challenge

    You have a Domino/Notes footprint embedded within your business units and business processes. This is taxing your support organization; you are meeting resistance from the business, and you are now asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses as a multipurpose solution that, over the years, became embedded within core business applications and processes.

    Common Obstacles

    For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.

    Info-Tech Approach

    The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.

    Review

    Is “Lotus” Domino still alive?

    Problem statement

    The number of member engagements with customers regarding the Domino platform has, as you might imagine, dwindled in the past couple of years. While many members have exited the platform, there are still many members and organizations that have entered a long exit program, but with how embedded Domino is in business processes, the migration has slowed and been met with resistance. Some organizations had replatformed the applications but found that the replacement target state was inadequate and introduced friction because the new solution was not a low-code/business-user-driven environment. This resulted in returning the Domino platform to production and working through a strategy to maintain the environment.

    This research is designed for:

    • IT strategic direction decision-makers
    • IT managers responsible for an existing Domino platform
    • Organizations evaluating migration options for mission-critical applications running on Domino

    This research will help you:

    1. Evaluate migration options.
    2. Assess the fit and purpose.
    3. Consider strategies for overcoming potential challenges.
    4. Determine the future of this platform for your organization.

    The “everything may work” scenario

    Adopt and expand

    Believe it or not, Domino and Notes are still options to consider when determining a migration strategy. With HCL still committed to the platform, there are options organizations should seek to better understand rather than assuming SharePoint will solve all. In our research, we consider:

    Importance to current business processes

    • Importance of use
    • Complexity in migrations
    • Choosing a new platform

    Available tools to facilitate

    • Talent/access to skills
    • Economies of scale/lower cost at scale
    • Access to technology

    Info-Tech Insight

    With multiple options to consider, take the time to clearly understand the application rationalization process within your decision making.

    • Archive/retire
    • Application migration
    • Application replatform
    • Stay right where you are

    Eliminate your bias – consider the advantages

    “There is a lot of bias toward Domino; decisions are being made by individuals who know very little about Domino and more importantly, they do not know how it impacts business environment.”

    – Rob Salerno, Founder & CTO, Rivet Technology Partners

    Domino advantages include:

    Modern Cloud & Application

    • No-code/low-code technology

    Business-Managed Application

    • Business written and supported
    • Embrace the business support model
    • Enterprise class application

    Leverage the Application Taxonomy & Build

    • A rapid application development platform
    • Develop skill with HCL training

    HCL Domino is a supported and developed platform

    Why consider HCL?

    • Consider scheduling a Roadmap Session with HCL. This is an opportunity to leverage any value in the mission and brand of your organization to gain insights or support from HCL.
    • Existing Domino customers are not the only entities seeking certainty with the platform. Software solution providers that support enterprise IT infrastructure ecosystems (backup, for example) will also be seeking clarity for the future of the platform. HCL will be managing these relationships through the channel/partner management programs, but our observations indicate that Domino integrations are scarce.
    • HCL Domino should be well positioned feature-wise to support low-code/NoSQL demands for enterprises and citizen developers.

    Visualize Your Application Roadmap

    1. Focus on the application portfolio and crafting a roadmap for rationalization.
      • The process is intended to help you determine each application’s functional and technical adequacy for the business process that it supports.
    2. Document your findings on respective application capability heatmaps.
      • This drives your organization to a determination of application dispositions and provides a tool to output various dispositions for you as a roadmap.
    3. Sort the application portfolio into a disposition status (keep, replatform, retire, consolidate, etc.)
      • This information will be an input into any cloud migration or modernization as well as consolidation of the infrastructure, licenses, and support for them.

    Our external support perspective

    by Darin Stahl

    Member Feedback

    • Some members who have remaining Domino applications in production – while the retire, replatform, consolidate, or stay strategy is playing out – have concerns about the challenges with ongoing support and resources required for the platform. In those cases, some have engaged external services providers to augment staff or take over as managed services.
    • While there could be existing support resources (in house or on retainer), the member might consider approaching an external provider who could help backstop the single resource or even provide some help with the exit strategies. At this point, the conversation would be helpful in any case. One of our members engaged an external provider in a Statement of Work for IBM Domino Administration focused on one-time events, Tier 1/Tier 2 support, and custom ad hoc requests.
    • The augmentation with the managed services enabled the member to shift key internal resources to a focus on executing the exit strategies (replatform, retire, consolidate), since the business knowledge was key to that success.
    • The member also very aggressively governed the Domino environment support needs to truly technical issues/maintenance of known and supported functionality rather than coding new features (and increasing risk and cost in a migration down the road) – in short, freezing new features and functionality unless required for legal compliance or health and safety.
    • There obviously are other providers, but at this point Info-Tech no longer maintains a market view or scan of those related to Domino due to low member demand.

    Domino database assessments

    Consider the database.

    • Domino database assessments should be informed through the lens of a multi-value database, like jBase, or an object system.
    • The assessment of the databases, often led by relational database subject matter experts grounded in normalized databases, can be a struggle since Notes databases must be denormalized.
    Key/Value Column

    Use case: Heavily accessed, rarely updated, large amounts of data
    Data Model: Values are stored in a hash table of keys.
    Fast access to small data values, but querying is slow
    Processor friendly
    Based on amazon's Dynamo paper
    Example: Project Voldemort used by LinkedIn

    		 this is a Key/Value example

    Use case: High availability, multiple data centers
    Data Model: Storage blocks of data are contained in columns
    Handles size well
    Based on Google's BigTable
    Example: Hadoop/Hbase used by Facebook and Yahoo

    		 This is a Column Example
    Document Graph

    Use case: Rapid development, Web and programmer friendly
    Data Model: Stores documents made up of tagged elements. Uses Key/Value collections
    Better query abilities than Key/Value databases.
    Inspired by Lotus Notes.
    Example: CouchDB used by BBC

    		 This is a Document Example

    Use case: Best at dealing with complexity and relationships/networks
    Data model: Nodes and relationships.
    Data is processed quickly
    Inspired by Euler and graph theory
    Can easily evolve schemas
    Example: Neo4j

    		 This is a Graph Example

    Understand your options

    Archive/Retire

    Store the application data in a long-term repository with the means to locate and read it for regulatory and compliance purposes.

    Migrate

    Migrate to a new version of the application, facilitating the process of moving software applications from one computing environment to another.

    Replatform

    Replatforming is an option for transitioning an existing Domino application to a new modern platform (i.e. cloud) to leverage the benefits of a modern deployment model.

    Stay

    Review the current Domino platform roadmap and understand HCL’s support model. Keep the application within the Domino platform.

    Archive/retire

    Retire the application, storing the application data in a long-term repository.

    Abstract

    The most common approach is to build the required functionality in whatever new application/solution is selected, then archive the old data in PDFs and documents.

    Typically this involves archiving the data and leveraging Microsoft SharePoint and the new collaborative solutions, likely in conjunction with other software-as-a-service (SaaS) solutions.

    Advantages

    • Reduce support cost.
    • Consolidate applications.
    • Reduce risk.
    • Reduce compliance and security concerns.
    • Improve business processes.

    Considerations

    • Application transformation
    • eDiscovery costs
    • Legal implications
    • Compliance implications
    • Business process dependencies

    Info-Tech Insights

    Be aware of the costs associated with archiving. The more you archive, the more it will cost you.

    Application migration

    Migrate to a new version of the application

    Abstract

    An application migration is the managed process of migrating or moving applications (software) from one infrastructure environment to another.

    This can include migrating applications from one data center to another data center, from a data center to a cloud provider, or from a company’s on-premises system to a cloud provider’s infrastructure.

    Advantages

    • Reduce hardware costs.
    • Leverage cloud technologies.
    • Improve scalability.
    • Improve disaster recovery.
    • Improve application security.

    Considerations

    • Data extraction, starting from the document databases in NSF format and including security settings about users and groups granted to read and write single documents, which is a powerful feature of Lotus Domino documents.
    • File extraction, starting from the document databases in NSF format, which can contain attachments and RTF documents and embedded files.
    • Design of the final relational database structure; this activity should be carried out without taking into account the original structure of the data in Domino files or the data conversion and loading, from the extracted format to the final model.
    • Design and development of the target-state custom applications based on the new data model and the new selected development platform.

    Application replatform

    Transition an existing Domino application to a new modern platform

    Abstract

    This type of arrangement is typically part of an application migration or transformation. In this model, client can “replatform” the application into an off-premises hosted provider platform. This would yield many benefits of cloud but in a different scaling capacity as experienced with commodity workloads (e.g. Windows, Linux) and the associated application.

    Two challenges are particularly significant when migrating or replatforming Domino applications:

    • The application functionality/value must be reproduced/replaced with not one but many applications, either through custom coding or a commercial-off-the-shelf/SaaS solution.
    • Notes “databases” are not relational databases and will not migrate simply to an SQL database while retaining the same business value. Notes databases are essentially NoSQL repositories and are difficult to normalize.

    Advantages

    • Leverage cloud technologies.
    • Improve scalability.
    • Align to a SharePoint platform.
    • Improve disaster recovery.
    • Improve application security.

    Considerations

    • Application replatform resource effort
    • Network bandwidth
    • New platform terms and conditions
    • Secure connectivity and communication
    • New platform security and compliance
    • Degree of complexity

    Info-Tech Insights

    There is a difference between a migration and a replatform application strategy. Determine which solution aligns to the application requirements.

    Stay with HCL

    Stay with HCL, understanding its future commitment to the platform.

    Abstract

    Following the announced acquisition of IBM Domino and up until around December 2019, HCL had published no future roadmap for the platform. The public-facing information/website at the time stated that HCL acquired “the product family and key lab services to deliver professional services.” Again, there was no mention or emphasis on upcoming new features for the platform. The product offering on their website at the time stated that HCL would leverage its services expertise to advise clients and push applications into four buckets:

    1. Replatform
    2. Retire
    3. Move to cloud
    4. Modernize

    That public-facing messaging changed with release 11.0, which had references to IBM rebranded to HCL for the Notes and Domino product – along with fixes already inflight. More information can be found on HCL’s FAQ page.

    Advantages

    • Known environment
    • Domino is a supported platform
    • Domino is a developed platform
    • No-code/low-code optimization
    • Business developed applications
    • Rapid application framework

    This is the HCL Domino Logo

    Understand your tools

    Many tools are available to help evaluate or migrate your Domino Platform. Here are a few common tools for you to consider.

    Notes Archiving & Notes to SharePoint

    Summary of Vendor

    “SWING Software delivers content transformation and archiving software to over 1,000 organizations worldwide. Our solutions uniquely combine key collaborative platforms and standard document formats, making document production, publishing, and archiving processes more efficient.”*

    Tools

    Lotus Notes Data Migration and Archiving: Preserve historical data outside of Notes and Domino

    Lotus Note Migration: Replacing Lotus Notes. Boost your migration by detaching historical data from Lotus Notes and Domino.

    Headquarters

    Croatia

    Best fit

    • Application archive and retire
    • Migration to SharePoint

    This is an image of the SwingSoftware Logo

    * swingsoftware.com

    Domino Migration to SharePoint

    Summary of Vendor

    “Providing leading solutions, resources, and expertise to help your organization transform its collaborative environment.”*

    Tools

    Notes Domino Migration Solutions: Rivit’s industry-leading solutions and hardened migration practice will help you eliminate Notes Domino once and for all.

    Rivive Me: Migrate Notes Domino applications to an enterprise web application

    Headquarters

    Canada

    Best fit

    • Application Archive & Retire
    • Migration to SharePoint

    This is an image of the RiVit Logo

    * rivit.ca

    Lotus Notes to M365

    Summary of Vendor

    “More than 300 organizations across 40+ countries trust skybow to build no-code/no-compromise business applications & processes, and skybow’s community of customers, partners, and experts grows every day.”*

    Tools

    SkyBow Studio: The low-code platform fully integrated into Microsoft 365

    Headquarters:

    Switzerland

    Best fit

    • Application Archive & Retire
    • Migration to SharePoint

    This is an image of the SkyBow Logo

    * skybow.com | About skybow

    Notes to SharePoint Migration

    Summary of Vendor

    “CIMtrek is a global software company headquartered in the UK. Our mission is to develop user-friendly, cost-effective technology solutions and services to help companies modernize their HCL Domino/Notes® application landscape and support their legacy COBOL applications.”*

    Tools

    CIMtrek SharePoint Migrator: Reduce the time and cost of migrating your IBM® Lotus Notes® applications to Office 365, SharePoint online, and SharePoint on premises.

    Headquarters

    United Kingdom

    Best fit

    • Application replatform
    • Migration to SharePoint

    This is an image of the CIMtrek Logo

    * cimtrek.com | About CIMtrek

    Domino replatform/Rapid application selection framework

    Summary of Vendor

    “4WS.Platform is a rapid application development tool used to quickly create multi-channel applications including web and mobile applications.”*

    Tools

    4WS.Platform is available in two editions: Community and Enterprise.
    The Platform Enterprise Edition, allows access with an optional support pack.

    4WS.Platform’s technical support provides support services to the users through support contracts and agreements.

    The platform is a subscription support services for companies using the product which will allow customers to benefit from the knowledge of 4WS.Platform’s technical experts.

    Headquarters

    Italy

    Best fit

    • Application replatform

    This is an image of the 4WS PLATFORM Logo

    * 4wsplatform.org

    Activity

    Understand your Domino options

    Application Rationalization Exercise

    Info-Tech Insight

    Application rationalization is the perfect exercise to fully understand your business-developed applications, their importance to business process, and the potential underlying financial impact.

    This activity involves the following participants:

    • IT strategic direction decision-makers.
    • IT managers responsible for an existing Domino platform
    • Organizations evaluating platforms for mission-critical applications.

    Outcomes of this step:

    • Completed Application Rationalization Tool

    Application rationalization exercise

    Use this Application Rationalization Tool to input the outcomes of your various application assessments

    In the Application Entry tab:

    • Input your application inventory or subset of apps you intend to rationalize, along with some basic information for your apps.

    In the Business Value & TCO Comparison tab, determine rationalization priorities.

    • Input your business value scores and total cost of ownership (TCO) of applications.
    • Review the results of this analysis to determine which apps should require additional analysis and which dispositions should be prioritized.

    In the Disposition Selection tab:

    • Add to or adapt our list of dispositions as appropriate.

    In the Rationalization Inputs tab:

    • Add or adapt the disposition criteria of your application rationalization framework as appropriate.
    • Input the results of your various assessments for each application.

    In the Disposition Settings tab:

    • Add or adapt settings that generate recommended dispositions based on your rationalization inputs.

    In the Disposition Recommendations tab:

    • Review and compare the rationalization results and confirm if dispositions are appropriate for your strategy.

    In the Timeline Considerations tab:

    • Enter the estimated timeline for when you execute your dispositions.

    In the Portfolio Roadmap tab:

    • Review and present your roadmap and rationalization results.

    Follow the instructions to generate recommended dispositions and populate an application portfolio roadmap.

    This image depicts a scatter plot graph where the X axis is labeled Business Value, and the Y Axis is labeled Cost. On the graph, the following datapoints are displayed: SF; HRIS; ERP; ALM; B; A; C; ODP; SAS

    Info-Tech Insight

    Watch out for misleading scores that result from poorly designed criteria weightings.

    Related Info-Tech Research

    Build an Application Rationalization Framework

    Manage your application portfolio to minimize risk and maximize value.

    Embrace Business-Managed Applications

    Empower the business to implement their own applications with a trusted business-IT relationship.

    Satisfy Digital End Users With Low- and No-Code

    Extend IT, automation, and digital capabilities to the business with the right tools, good governance, and trusted organizational relationships.

    Maximize the Benefits from Enterprise Applications with a Center of Excellence

    Optimize your organization’s enterprise application capabilities with a refined and scalable methodology.

    Drive Successful Sourcing Outcomes With a Robust RFP Process

    Leverage your vendor sourcing process to get better results.

    Research Authors

    Darin Stahl, Principal Research Advisor, Info-Tech Research Group

    Darin Stahl, Principal Research Advisor,
    Info-Tech Research Group

    Darin is a Principal Research Advisor within the Infrastructure practice, leveraging 38+ years of experience. His areas of focus include IT operations management, service desk, infrastructure outsourcing, managed services, cloud infrastructure, DRP/BCP, printer management, managed print services, application performance monitoring, managed FTP, and non-commodity servers (zSeries, mainframe, IBM i, AIX, Power PC).

    Troy Cheeseman, Practice Lead, Info-Tech Research Group

    Troy Cheeseman, Practice Lead,
    Info-Tech Research Group

    Troy has over 24 years of experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) startups.

    Research Contributors

    Rob Salerno, Founder & CTO, Rivit Technology Partners

    Rob Salerno, Founder & CTO, Rivit Technology Partners

    Rob is the Founder and Chief Technology Strategist for Rivit Technology Partners. Rivit is a system integrator that delivers unique IT solutions. Rivit is known for its REVIVE migration strategy which helps companies leave legacy platforms (such as Domino) or move between versions of software. Rivit is the developer of the DCOM Application Archiving solution.

    Bibliography

    Cheshire, Nigel. “Domino v12 Launch Keeps HCL Product Strategy On Track.” Team Studio, 19 July 2021. Web.

    “Is LowCode/NoCode the best platform for you?” Rivit Technology Partners, 15 July 2021. Web.

    McCracken, Harry. “Lotus: Farewell to a Once-Great Tech Brand.” TIME, 20 Nov. 2012. Web.

    Sharwood, Simon. “Lotus Notes refuses to die, again, as HCL debuts Domino 12.” The Register, 8 June 2021. Web.

    Woodie, Alex. “Domino 12 Comes to IBM i.” IT Jungle, 16 Aug. 2021. Web.

    10 Secrets for Successful Disaster Recovery in the Cloud

    • Buy Link or Shortcode: {j2store}419|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,096 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • The pay-per-use pricing structure of cloud services make it a cheaper DR option, but there are gotchas you need to avoid, ranging from unexpected licensing costs to potential security vulnerabilities.
    • You likely started on the path to cloud DR with consideration of cloud storage for offsite retention of backups. Systems recovery in the cloud can be a real value-add to using cloud as a backup target.
    • Your cloud-based DR environment has to be secure and compliant, but performance also has to be “good enough” to operate the business.
    • Location still matters, and selecting the DR site that optimizes latency tolerance and geo-redundancy can be difficult.

    Our Advice

    Critical Insight

    • Keep your systems dormant until disaster strikes. Prepare as much of your environment as possible without tapping into compute resources. Enjoy the low at-rest costs, and leverage the reliability of the cloud in your failover.
    • Avoid failure on the failback! Bringing up your systems in the cloud is a great temporary solution, but an expensive long-term strategy. Make sure you have a plan to get back on premises.
    • Leverage cloud DR as a start for cloud migration. Cloud DR provides a gateway for broader infrastructure lift and shift to cloud IaaS, but this should only be the first phase of a longer-term roadmap that ends in multi-service hybrid cloud.

    Impact and Result

    • Calculate the cost of your DR solution with a cloud vendor. Test your systems often to build out more accurate budgets and to define failover and failback action plans to increase confidence in your capabilities.
    • Define “good enough” performance by consulting with the business and setting correct expectations for the recovery state.
    • Dig deeper into the various flavors of cloud-based DR beyond backup and restore, including pilot light, warm standby, and multi-site recovery. Each of these has unique benefits and challenges when done in the cloud.

    10 Secrets for Successful Disaster Recovery in the Cloud Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out the 10 secrets for success in cloud-based DR deployment, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    [infographic]

    Performance Measurement

    • Buy Link or Shortcode: {j2store}24|cart{/j2store}
    • Related Products: {j2store}24|crosssells{/j2store}
    • member rating overall impact: 9.0/10
    • member rating average dollars saved: $19,436
    • member rating average days saved: 23
    • Parent Category Name: Strategy and Governance
    • Parent Category Link: /strategy-and-governance
    • byline: Develop meaningful service metrics that act the part.
    Reinforce service orientation in your IT organization through IT metrics that make value-driven behavior happen..

    Modernize Your Microsoft Licensing for the Cloud Era

    • Buy Link or Shortcode: {j2store}304|cart{/j2store}
    • member rating overall impact: 9.1/10 Overall Impact
    • member rating average dollars saved: $102,414 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Microsoft licensing is complicated. Often, the same software can be licensed a number of ways. It’s difficult to know which edition and licensing model is best.
    • Licensing and features often change with the release of new software versions, compounding the problem by making it difficult to stay current.
    • In tough economic times, IT is asked to reduce capital and operating expenses wherever possible. As one of the top five expense items in most enterprise software budgets, Microsoft licensing is a primary target for cost reduction.

    Our Advice

    Critical Insight

    • Focus on needs first. Conduct a thorough needs assessment and document the results. Well-documented needs will be your best asset in navigating Microsoft licensing and negotiating your agreement.
    • Beware the bundle. Be aware when purchasing the M365 suite that there is no way out. Negotiating a low price is critical, as all leverage swings to Microsoft once it is on your agreement.
    • If the cloud doesn’t fit, be ready to pay up or start making room. Microsoft has drastically reduced discounting for on-premises products, support has been reduced, and product rights have been limited. If you are planning to remain on premises, be prepared to pay up.

    Impact and Result

    • Understand what your organization needs and what your business requirements are. It’s always easier to purchase more later than try to reduce your spend.
    • Complete cost calculations carefully, as the cloud might end up costing significantly more for the desired feature set. However, in some scenarios, it may be more cost efficient for organizations to license in the cloud.
    • If there are significant barriers to cloud adoption, discuss and document them. You’ll need this documentation in three years when it’s time to renew your agreement.

    Modernize Your Microsoft Licensing for the Cloud Era Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Modernize Your Microsoft Licensing Deck – A deck to help you build a strategy for your Microsoft licensing renewal.

    This storyboard will help you build a strategy for your Microsoft licensing renewal from conducting a thorough needs assessment to examining your licensing position, evaluating Microsoft's licensing options, and negotiations.

    • Modernize Your Microsoft Licensing for the Cloud Era – Phases 1-4

    2. Microsoft Cloud Products Cost Modeler – A tool to model estimated costs for Microsoft's cloud products.

    The Microsoft Cloud Products Cost Modeler will provide a rough estimate of what you can expect to pay for Office 365 or Dynamics CRM licensing, before you enter into negotiations. This is not your final cost, but it will give you an idea.

    • Microsoft Cloud Products Cost Modeler

    3. Microsoft Licensing Purchase Reference Guide - A template to capture licensing stakeholder information, proposed changes to licensing, and negotiation items.

    The Microsoft Licensing Purchase Reference Guide can be used throughout the process of licensing review: from initial meetings to discuss compliance state and planned purchases, to negotiation meetings with resellers. Use it in conjunction with Info-Tech's Microsoft Licensing Effective License Position Template.

    • Microsoft Licensing Purchase Reference Guide

    4. Negotiation Timeline for Microsoft – A template to navigate your negotiations with Microsoft.

    This tool will help you plot out your negotiation timeline, depending on where you are in your contract negotiation process.

  • 6-12 months
  • Less than 3 months

    • Negotiation Timeline for Microsoft – Visio
    • Negotiation Timeline for Microsoft – PDF

    5. Effective Licensing Position Tool – A template to help you create an effective licensing position and determine your compliance position.

    This template helps organizations to determine the difference between the number of software licenses they own and the number of software copies deployed. This is known as the organization’s effective license position (ELP).

    • Effective Licensing Position Tool
    [infographic]

    Develop a Web Experience Management Strategy

    • Buy Link or Shortcode: {j2store}555|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Web Experience Management (WEM) solutions have emerged as applications that provide marketers and other customer experience professionals with a complete set of tools for web content management, delivery, campaign execution, and site analytics.
    • However, many organizations are unsure of how to leverage these new technologies to enhance their customer interaction strategy.

    Our Advice

    Critical Insight

    • WEM products are not a one-size-fits-all investment: unique evaluations and customization is required in order to deploy a solution that fits your organization.
    • WEM technology often complements core CRM and marketing management products – it does not supplant it, and must augment the rest of your customer experience management portfolio.
    • WEM provides benefits by giving web visitors a better experience – leveraging tools such as web analytics gives the customer a tailored experience. Marketing can then monitor their behavior and use this information to warm leads.

    Impact and Result

    • Deploy a WEM platform and execute initiatives that will strengthen the web-facing customer experience, improving customer satisfaction and unlocking new revenue opportunities.
    • Avoid making unnecessary new WEM investments.
    • Make informed decisions about the types of technologies and initiatives that are necessary to support WEM.

    Develop a Web Experience Management Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a WEM strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Harness the value of web experience management

    Make the case for a web experience management suite and structure the WEM strategy project.

    • Develop a Web Experience Management Strategy Phase 1: Harness the Value of Web Experience Management
    • Web Experience Management Strategy Summary Template
    • WEM Project Charter Template

    2. Create the vision for web experience management

    Identify the target state WEM strategy, assess current state, and identify gaps.

    • Develop a Web Experience Management Strategy Phase 2: Create the Vision for Web Experience Management

    3. Execute initiatives for WEM deployment

    Build the WEM technology stack and create a web strategy initiatives roadmap.

    • Develop a Web Experience Management Strategy Phase 3: Execute Initiatives for WEM Deployment
    • Web Process Automation Investment Appropriateness Assessment Tool
    [infographic]

    Workshop: Develop a Web Experience Management Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch the WEM Selection Project

    The Purpose

    Discuss the general project overview for the WEM selection.

    Key Benefits Achieved

    Launch of your WEM selection project.

    Development of your organization’s WEM requirements. 

    Activities

    1.1 Facilitation of activities from the Launch the WEM Project and Collect Requirements phase, including project scoping and resource planning.

    1.2 Conduct overview of the WEM market landscape, trends, and vendors.

    1.3 Conduct process mapping for selected marketing processes.

    1.4 Interview business stakeholders.

    1.5 Prioritize WEM functional requirements.

    Outputs

    WEM Procurement Project Charter

    WEM Use-Case Fit Assessment

    2 Plan the Procurement and Implementation Process

    The Purpose

    Plan the procurement and the implementation of the WEM solution.

    Key Benefits Achieved

    Selection of a WEM solution.

    A plan for implementing the selected WEM solution. 

    Activities

    2.1 Complete marketing process mapping with business stakeholders.

    2.2 Interview IT staff and project team, identify technical requirements for the WEM suite, and document high-level solution requirements.

    2.3 Perform a use-case scenario assessment, review use-case scenario results, identify use-case alignment, and review the WEM Vendor Landscape vendor profiles and performance.

    2.4 Create a custom vendor shortlist and investigate additional vendors for exploration in the marketplace.

    2.5 Meet with project manager to discuss results and action items.

    Outputs

    Vendor Shortlist

    WEM RFP

    Vendor Evaluations

    Selection of a WEM Solution

    WEM projected work break-down

    Implementation plan

    Framework for WEM deployment and CRM/Marketing Management Suite Integration

    Assess the Viability of M365-O365 Security Add-Ons

    • Buy Link or Shortcode: {j2store}251|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting

    The technical side of IT security demands the best security possible, but the business side of running IT demands that you determine what is cost-effective and can still do the job. You likely shrugged off the early iterations of Microsoft’s security efforts, but you may have heard that things have changed. Where do you start in evaluating Microsoft’s security products in terms of effectiveness? The value proposition sounds tremendous to the CFO, “free” security as part of your corporate license, but how does it truly measure up and how do you articulate your findings to the business?

    Our Advice

    Critical Insight

    Microsoft’s security products have improved to the point where they are often ranked competitively with mainstream security products. Depending on your organization’s licensing of Office 365/Microsoft 365, some of these products are included in what you’re already paying for. That value proposition is hard to deny.

    Impact and Result

    Determine what is important to the business, and in what order of priority.

    Take a close look at your current solution and determine what are table stakes, what features you would like to have in its replacement, and what your current solution is missing.

    Consider Microsoft’s security solutions using an objective methodology. Sentiment will still be a factor, but it shouldn’t dictate the decision you make for the good of the business.

    Assess the Viability of M365/O365 Security Add-Ons Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to assess the viability of M365/O365 security add-ons. Review Info-Tech’s methodology and understand the four key steps to completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review your current state

    Examine what you are licensed for, what you are paying, what you need, and what your constraints are.

    • Microsoft 365/Office 365 Security Add-Ons Assessment Tool

    2. Assess your needs

    Determine what is “good enough” security and assess the needs of your organization.

    3. Select your path

    Decide what you will go with and start planning your next steps.

    [infographic]

    Standardize the Service Desk

    • Buy Link or Shortcode: {j2store}477|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $24,155 Average $ Saved
    • member rating average days saved: 24 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • Not everyone embraces their role in service support. Specialists would rather work on projects than provide service support.
    • The Service Desk lacks processes and workflows to provide consistent service. Service desk managers struggle to set and meet service-level expectations, which further compromises end-user satisfaction.

    Our Advice

    Critical Insight

    • Service desk improvement is an exercise in organizational change. Engage specialists across the IT organization in building the solution. Establish a single service-support team across the IT group and enforce it with a cooperative, customer-focused culture.
    • Don’t be fooled by a tool that’s new. A new service desk tool alone won’t solve the problem. Service desk maturity improvements depend on putting in place the right people and processes to support the technology.

    Impact and Result

    • Create a consistent customer service experience for service desk patrons, and increase efficiency, first-call resolution, and end-user satisfaction with the Service Desk.
    • Decrease time and cost to resolve service desk tickets.
    • Understand and address reporting needs to address root causes and measure success and build a solid foundation for future IT service improvements.

    Standardize the Service Desk Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Standardize the Service Desk Research – A step-by-step document that helps you improve customer service by driving consistency in your support approach and meet SLAs.

    Use this blueprint to standardize your service desk by assessing your current capability and laying the foundations for your service desk, design an effective incident management workflow, design a request fulfillment process, and apply the discussions and activities to make an actionable plan for improving your service desk.

    • Standardize the Service Desk – Phases 1-4

    2. Service Desk Maturity Assessment – An assessment tool to help guide process improvement efforts and track progress.

    This tool is designed to assess your service desk process maturity, identify gaps, guide improvement efforts, and measure your progress.

    • Service Desk Maturity Assessment

    3. Service Desk Project Summary – A template to help you organize process improvement initiatives using examples.

    Use this template to organize information about the service desk challenges that the organization is facing, make the case to build a right-sized service desk to address those challenges, and outline the recommended process changes.

    • Service Desk Project Summary

    4. Service Desk Roles and Responsibilities Guide – An analysis tool to determine the right roles and build ownership.

    Use the RACI template to determine roles for your service desk initiatives and to build ownership around them. Use the template and replace it with your organization's information.

    • Service Desk Roles and Responsibilities Guide

    5. Incident Management and Service Desk Standard Operating Procedure – A template designed to help service managers kick-start the standardization of service desk processes.

    The template will help you identify service desk roles and responsibilities, build ticket management processes, put in place sustainable knowledgebase practices, document ticket prioritization scheme and SLO, and document ticket workflows.

    • Incident Management and Service Desk SOP

    6. Ticket and Call Quality Assessment Tool – An assessment tool to check in on ticket and call quality quarterly and improve the quality of service desk data.

    Use this tool to help review the quality of tickets handled by agents and discuss each technician's technical capabilities to handle tickets.

    • Ticket and Call Quality Assessment Tool

    7. Workflow Library – A repository of typical workflows.

    The Workflow Library provides examples of typical workflows that make up the bulk of the incident management and request fulfillment processes at the service desk.

    • Incident Management and Service Desk Workflows (Visio)
    • Incident Management and Service Desk Workflows (PDF)

    8. Service Desk Ticket Categorization Schemes – A repository of ticket categories.

    The Ticket Categorization Schemes provide examples of ticket categories to organize the data in the service desk tool and produce reports that help managers manage the service desk and meet business requirements.

    • Service Desk Ticket Categorization Schemes

    9. Knowledge Manager – A job description template that includes a detailed explication of the responsibilities and expectations of a Knowledge Manager role.

    The Knowledge Manager's role is to collect, synthesize, organize, and manage corporate information in support of business units across the enterprise.

    • Knowledge Manager

    10. Knowledgebase Article Template – A comprehensive record of the incident management process.

    An accurate and comprehensive record of the incident management process, including a description of the incident, any workarounds identified, the root cause (if available), and the profile of the incident's source, will improve incident resolution time.

    • Knowledgebase Article Template

    11. Sample Communication Plan – A sample template to guide your communications around the integration and implementation of your overall service desk improvement initiatives.

    Use this template to develop a communication plan that outlines what stakeholders can expect as the process improvements recommended in the Standardize the Service Desk blueprint are implemented.

    • Sample Communication Plan

    12. Service Desk Roadmap – A structured roadmap tool to help build your service desk initiatives timeline.

    The Service Desk Roadmap helps track outstanding implementation activities from your service desk standardization project. Use the roadmap tool to define service desk project tasks, their owners, priorities, and timeline.

    • Service Desk Roadmap
    [infographic]

    Workshop: Standardize the Service Desk

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Lay Service Desk Foundations

    The Purpose

    Discover your challenges and understand what roles, metrics, and ticket handling procedures are needed to tackle the challenges.

    Key Benefits Achieved

    Set a clear understanding about the importance of service desk to your organization and service desk best practices.

    Activities

    1.1 Assess current state of the service desk.

    1.2 Review service desk and shift-left strategy.

    1.3 Identify service desk metrics and reports.

    1.4 Identify ticket handling procedures

    Outputs

    Current state assessment

    Shift-left strategy and implications

    Service desk metrics and reports

    Ticket handling procedures

    2 Design Incident Management

    The Purpose

    Build workflows for incident and critical incident tickets.

    Key Benefits Achieved

    Distinguish incidents from service requests.

    Ticket categorization facilitates ticket. routing and reporting.

    Develop an SLA for your service desk team for a consistent service delivery.

    Activities

    2.1 Build incident and critical incident management workflows.

    2.2 Design ticket categorization scheme and proper ticket handling guidelines.

    2.3 Design incident escalation and prioritization guidelines.

    Outputs

    Incident and critical incident management workflows

    Ticket categorization scheme

    Ticket escalation and prioritization guidelines

    3 Design Request Fulfilment

    The Purpose

    Build service request workflows and prepare self-service portal.

    Key Benefits Achieved

    Standardize request fulfilment processes.

    Prepare for better knowledge management and leverage self-service portal to facilitate shift-left strategy.

    Activities

    3.1 Build service request workflows.

    3.2 Build a targeted knowledgebase.

    3.3 Prepare for a self-serve portal project.

    Outputs

    Distinguishing criteria for requests and projects

    Service request workflows and SLAs

    Knowledgebase article template, processes, and workflows

    4 Build Project Implementation Plan

    The Purpose

    Now that you have laid the foundation of your service desk, put all the initiatives into an action plan.

    Key Benefits Achieved

    Discuss priorities, set timeline, and identify effort for your service desk.

    Identify the benefits and impacts of communicating service desk initiatives to stakeholders and define channels to communicate service desk changes.

    Activities

    4.1 Build an implementation roadmap.

    4.2 Build a communication plan

    Outputs

    Project implementation and task list with associated owners

    Project communication plan and workshop summary presentation

    Further reading

    Analyst Perspective

    "Customer service issues are rarely based on personality but are almost always a symptom of poor and inconsistent process. When service desk managers are looking to hire to resolve customer service issues and executives are pushing back, it’s time to look at improving process and the support strategy to make the best use of technicians’ time, tools, and knowledge sharing. Once improvements have been made, it’s easier to make the case to add people or introduce automation.

    Replacing service desk solutions will also highlight issues around poor process. Without fixing the baseline services, the new solution will simply wrap your issues in a prettier package.

    Ultimately, the service desk needs to be the entry point for users to get help and the rest of IT needs to provide the appropriate support to ensure the first line of interaction has the knowledge and tools they need to resolve quickly and preferably on first contact. If your plans include optimization to self-serve or automation, you’ll have a hard time getting there without standardizing first."

    Sandi Conrad

    Principal Research Director, Infrastructure & Operations Practice

    Info-Tech Research Group

    A method for getting your service desk out of firefighter mode

    This Research Is Designed For:

    • The CIO and senior IT management who need to increase service desk effectiveness and timeliness and improve end-user satisfaction.
    • The service desk manager who wants to lead the team from firefighting mode to providing consistent and proactive support.

    This Research Will Also Assist:

    • Service desk teams who want to increase their own effectiveness and move from a help desk to a service desk.
    • Infrastructure and applications managers who want to decrease reactive support activities and increase strategic project productivity by shifting repetitive and low-value work left.

    This Research Will Help You:

    • Create a consistent customer service experience for service desk patrons.
    • Increase efficiency, first-call resolution, and end-user satisfaction with the Service Desk.
    • Decrease time and cost to resolve service desk tickets.
    • Understand and address reporting needs to address root causes and measure success.
    • Build a solid foundation for future IT service improvements.

    Executive Summary

    Situation

    • The CIO and senior IT management who need to increase service desk effectiveness and timeliness and improve end-user satisfaction.
    • If only the phone could stop ringing, the Service Desk could become proactive, address service levels, and improve end-user IT satisfaction.

    Complication

    • Not everyone embraces their role in service support. Specialists would rather work on projects than provide service support.
    • The Service Desk lacks processes and workflows to provide consistent service. Service desk managers struggle to set and meet service-level expectations, which further compromises end-user satisfaction.

    Resolution

    • Go beyond the blind adoption of best-practice frameworks. No simple formula exists for improving service desk maturity. Use diagnostic tools to assess the current state of the Service Desk. Identify service support challenges and draw on best-practice frameworks intelligently to build a structured response to those challenges.
    • An effective service desk must be built on the right foundations. Understand how:
      • Service desk structure affects cost and ticket volume capacity.
      • Incident management workflows can improve ticket handling, prioritization, and escalation.
      • Request fulfillment processes create opportunities for streamlining and automating services.
      • Knowledge sharing supports the processes and workflows essential to effective service support.

    Info-Tech Insight

    Service desk improvement is an exercise in organizational change. Engage specialists across the IT organization in building the solution. Establish a single service-support team across the IT group and enforce it with a cooperative, customer-focused culture. Don’t be fooled by a tool that’s new. A new service desk tool alone won’t solve the problem. Service desk maturity improvements depend on putting in place the right people and processes to support the technology

    Directors and executives understand the importance of the service desk and believe IT can do better

    A double bar graph is depicted. The blue bars represent Effectiveness and the green bars represent Importance in terms of service desk at different seniority levels, which include frontline, manager, director, and executive.

    Source: Info-Tech, 2019 Responses (N=189 organizations)

    Service Desk Importance Scores

      No Importance: 1.0-6.9
      Limited Importance: 7.0-7.9
      Significant Importance: 8.0-8.9
      Critical Importance: 9.0-10.0

    Service Desk Effectiveness Scores

      Not in Place: N/A
      Not Effective: 0.0-4.9
      Somewhat Ineffective: 5.0-5.9
      Somewhat Effective: 6.0-6.9
      Very Effective: 7.0-10.0

    Info-Tech Research Group’s IT Management and Governance Diagnostic (MGD) program assesses the importance and effectiveness of core IT processes. Since its inception, the MGD has consistently identified the service desk as an area to leverage.

    Business stakeholders consistently rank the service desk as one of the top five most important services that IT provides

    Since 2013, Info-Tech has surveyed over 40,000 business stakeholders as part of our CIO Business Vision program.

    Business stakeholders ranked the following 12 core IT services in terms of importance:

    Learn more about the CIO Business Vision Program.
    *Note: IT Security was added to CIO Business Vision 2.0 in 2019

    Top IT Services for Business Stakeholders

    1. Network Infrastructure
    2. IT Security*
    3. Data Quality
    4. Service Desk
    5. Business Applications
    6. Devices
    7. Client-Facing Technology
    8. Analytical Capability
    9. IT Innovation Leadership
    10. Projects
    11. Work Orders
    12. IT Policies
    13. Requirements Gathering
    Source: Info-Tech Research Group, 2019 (N=224 organizations)

    Having an effective and timely service desk correlates with higher end-user satisfaction with all other IT services

    A double bar graph is depicted. The blue bar represents dissatisfied ender user, and the green bar represents satisfied end user. The bars show the average of dissatisfied and satisfied end users for service desk effectiveness and service desk timeliness.

    On average, organizations that were satisfied with service desk effectiveness rated all other IT processes 46% higher than dissatisfied end users.

    Organizations that were satisfied with service desk timeliness rated all other IT processes 37% higher than dissatisfied end users.
    “Satisfied” organizations had average scores =8.“Dissatisfied" organizations had average scores “Dissatisfied" organizations had average scores =6. Source: Info-Tech Research Group, 2019 (N=18,500+ respondents from 75 organizations)

    Standardize the service desk the Info-Tech way to get measurable results

    More than one hundred organizations engaged with Info-Tech, through advisory calls and workshops, for their service desk projects in 2016. Their goal was either to improve an existing service desk or build one from scratch.

    Organizations that estimate the business impact of each project phase help us shed light on the average measured value of the engagements.

    "The analysts are an amazing resource for this project. Their approach is very methodical, and they have the ability to fill in the big picture with detailed, actionable steps. There is a real opportunity for us to get off the treadmill and make real IT service management improvements"

    - Rod Gula, IT Director

    American Realty Advisors

    Three circles are depicted. The top circle shows the sum of measured value dollar impact which is US$1,659,493.37. The middle circle shows the average measured value dollar impact which is US$19,755.87. The bottom circle shows the average measured value time saved which is 27 days.

    Info-Tech’s approach to service desk standardization focuses on building service management essentials

    This image depicts all of the phases and steps in this blueprint.

    Info-Tech draws on the COBIT framework, which focuses on consistent delivery of IT services across the organization

    This image depicts research that can be used to improve IT processes. Service Desk is circled to demonstrate which research is being used.

    The service desk is the foundation of all other service management processes.

    The image shows how the service desk is a foundation for other service management processes.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Standardize the Service Desk – project overview

    This image shows the project overview of this blueprint.

    Info-Tech delivers: Use our tools and templates to accelerate your project to completion

    Project Summary

    Image of template.

    Service Desk Standard Operating Procedures

    Image of tool.

    Service Desk Maturity Assessment Tool

    Image of tool.

    Service Desk Implementation Roadmap

    Image of tool Incident, knowledge, and request management workflows

    Incident, knowledge, and request management workflows

    The project’s key deliverable is a service desk standard operating procedure

    Benefits of documented SOPs:

    Improved training and knowledge transfer: Routine tasks can be delegated to junior staff (freeing senior staff to work on higher priority tasks).

    IT automation, process optimization, and consistent operations: Defining, documenting, and then optimizing processes enables IT automation to be built on sound processes, so consistent positive results can be achieved.

    Compliance: Compliance audits are more manageable because the documentation is already in place.

    Transparency: Visually documented processes answer the common business question of “why does that take so long?”

    Cost savings: Work solved at first contact or with a minimal number of escalations will result in greater efficiency and more cost-effective support. This will also lead to better customer service.

    Impact of undocumented/undefined SOPs:

    Tasks will be difficult to delegate, key staff become a bottleneck, knowledge transfer is inconsistent, and there is a longer onboarding process for new staff

    IT automation built on poorly defined, unoptimized processes leads to inconsistent results.

    Documenting SOPs to prepare for an audit becomes a major time-intensive project.

    Other areas of the organization may not understand how IT operates, which can lead to confusion and unrealistic expectations.

    Support costs are highest through inefficient processes, and proactive work becomes more difficult to schedule, making the organization vulnerable to costly disruptions.

    Workshop Overview

    Image depicts workshop overview occurring over four days.

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Phase 1

    Lay Service Desk Foundations

    Step 1.1:Assess current state

    Image shows the steps in phase 1. Highlight is on step 1.1

    This step will walk you through the following activities:

    • 1.1.1 Outline service desk challenges
    • 1.1.2 Assess the service desk maturity

    This step involves the following participants:

    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Alignment on the challenges that the service desk faces, an assessment of the current state of service desk processes and technologies, and baseline metrics against which to measure improvements.

    Deliverables

    • Service Desk Maturity Assessment

    Standardizing the service desk benefits the whole business

    The image depicts 3 circles to represent the service desk foundations.

    Embrace standardization

    • Standardization prevents wasted energy on reinventing solutions to recurring issues.
    • Standardized processes are scalable so that process maturity increases with the size of your organization.

    Increase business satisfaction

    • Improve confidence that the service desk can meet service levels.
    • Create a single point of contact for incidents and requests and escalate quickly.
    • Analyze trends to forecast and meet shifting business requirements.

    Reduce recurring issues

    • Create tickets for every task and categorize them accurately.
    • Generate reliable data to support root-cause analysis.

    Increase efficiency and lower operating costs

    • Empower end users and technicians with a targeted knowledgebase (KB).
    • Cross-train to improve service consistency.

    Case Study: The CIO of Westminster College took stock of existing processes before moving to empower the “helpless desk”

    Scott Lowe helped a small staff of eight IT professionals formalize service desk processes and increase the amount of time available for projects.

    When he joined Westminster College as CIO in 2006, the department faced several infrastructure challenges, including:

    • An unreliable network
    • Aging server replacements and no replacement plan
    • IT was the “department of no”
    • A help desk known as the “helpless desk”
    • A lack of wireless connectivity
    • Internet connection speed that was much too slow

    As the CIO investigated how to address the infrastructure challenges, he realized people cared deeply about how IT spent its time.

    The project load of IT staff increased, with new projects coming in every day.

    With a long project list, it became increasingly important to improve the transparency of project request and prioritization.

    Some weeks, staff spent 80% of their time working on projects. Other weeks, support requirements might leave only 10% for project work.

    He addressed the infrastructure challenges in part by analyzing IT’s routine processes.

    Internally, IT had inefficient support processes that reduced the amount of time they could spend on projects.

    They undertook an internal process analysis effort to identify processes that would have a return on investment if they were improved. The goal was to reduce operational support time so that project time could be increased.

    Five years later, they had a better understanding of the organization's operational support time needs and were able to shift workloads to accommodate projects without compromising support.

    Common challenges experienced by service desk teams

    Unresolved issues

    • Tickets are not created for all incidents.
    • Tickets are lost or escalated to the wrong technicians.
    • Poor data impedes root-cause analysis of incidents.

    Lost resources/accountability

    • Lack of cross-training and knowledge sharing.
    • Lack of skills coverage for critical applications and services.
    • Time is wasted troubleshooting recurring issues.
    • Reports unavailable due to lack of data and poor categorization.

    High cost to resolve

    • Tier 2/3 resolve issues that should be resolved at tier 1.
    • Tier 2/3 often interrupt projects to focus on service support.

    Poor planning

    • Lack of data for effective trend analysis leads to poor demand planning.
    • Lack of data leads to lost opportunities for templating and automation.

    Low business satisfaction

    • Users are unable to get assistance with IT services quickly.
    • Users go to their favorite technician instead of using the service desk.

    Outline the organization’s service desk challenges

    1.1.1 Brainstorm service desk challenges

    Estimated Time: 45 minutes

    A. As a group, outline the areas where you think the service desk is experiencing challenges or weaknesses. Use sticky notes or a whiteboard to separate the challenges into People, Process, and Technology so you have a wholistic view of the constraints across the department.

    B. Think about the following:

    • What have you heard from users? (e.g. slow response time)
    • What have you heard from executives? (e.g. poor communication)
    • What should you start doing? (e.g. documenting processes)
    • What should you stop doing? (e.g. work that is not being entered as tickets)

    C. Document challenges in the Service Desk Project Summary.

    Participants:

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    Assess current service desk maturity to establish a baseline and create a plan for service desk improvement

    A current-state assessment will help you build a foundation for process improvements. Current-state assessments follow a basic formula:

    1. Determine the current state of the service desk.
    2. Determine the desired state of the service desk.
    3. Build a practical path from current to desired state.
    Image depicts 2 circles and a box. The circle on the 1. left has assess current state. The circle on the right has 2. assess target state. The box has 3. build a roadmap.

    Ideally, the current-state assessment should align the delivery of IT services with organizational needs. The assessment should achieve the following goals:

    1. Identify service desk pain points.
    2. Map each pain point to business services.
    3. Assign a broad business value to the resolution of each pain point.
    4. Map each pain point to a process.

    Expert Insight

    Image of expert.

    “How do you know if you aren’t mature enough? Nothing – or everything – is recorded and tracked, customer satisfaction is low, frustration is high, and there are multiple requests and incidents that nobody ever bothers to address.”

    Rob England

    IT Consultant & Commentator

    Owner Two Hills

    Also known as The IT Skeptic

    Assess the process maturity of the service desk to determine which project phase and steps will bring the most value

    1.1.2 Measure which activity will have the greatest impact

    The Service Desk Maturity Assessmenttool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.

    The tool will help guide improvement efforts and measure your progress.

    • The second tab of the tool walks through a qualitative assessment of your service desk practices. Questions will prompt you to evaluate how you are executing key activities. Select the answer in the drop-down menus that most closely aligns with your current state.
    • The third tab displays your rate of process completeness and maturity. You will receive a score for each phase, an overall score, and advice based on your performance.
    • Document the results of the efficiency assessment in the Service Desk Project Summary.

    The tool is intended for periodic use. Review your answers each year and devise initiatives to improve the process performance where you need it most.

    Where do I find the data?

    Consult:

    • Service Manager
    • Service Desk Tools
    Image is the service desk tools.

    Step 1.2:Review service support best practices

    Image shows the steps in phase 1. Highlight is on step 1.2.

    This step will walk you through the following activities:

    1. 1.2.1 Identify roles and responsibilities in your organization
    2. 1.2.2 Map out the current and target structure of the service desk

    This step involves the following participants:

    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Identifying who is accountable for different support practices in the service desk will allow workload to be distributed effectively between functional teams and individuals. Closing the gaps in responsibilities will enable the execution of a shift-left strategy.

    Deliverables

    • Roles & responsibilities guide
    • Service desk structure

    Everyone in IT contributes to the success of service support

    Regardless of the service desk structure chosen to meet an organization’s service support requirements, IT staff should not doubt the role they play in service support.

    If you try to standardize service desk processes without engaging specialists in other parts of the IT organization, you will fail. Everyone in IT has a role to play in providing service support and meeting service-level agreements.

    Service Support Engagement Plan

    • Identify who is accountable for different service support processes.
    • Outline the different responsibilities of service desk agents at tier 1, tier 2, and tier 3 in meeting service-level agreements for service support.
    • Draft operational-level agreements between specialty groups and the service desk to improve accountability.
    • Configure the service desk tool to ensure ticket visibility and ownership across queues.
    • Engage tier 2 and tier 3 resources in building workflows for incident management, request fulfilment, and writing knowledgebase articles.
    • Emphasize the benefits of cooperation across IT silos:
      • Better customer service and end-user satisfaction.
      • Shorter time to resolve incidents and implement requests.
      • A higher tier 1 resolution rate, more efficient escalations, and fewer interruptions from project work.

    Info-Tech Insight

    Specialists tend to distance themselves from service support as they progress through their career to focus on projects.

    However, their cooperation is critical to the success of the new service desk. Not only do they contribute to the knowledgebase, but they also handle escalations from tiers 1 and 2.

    Clear project complications by leveraging roles and responsibilities

    R

    Responsible: This person is the staff member who completes the work. Assign at least one Responsible for each task, but this could be more than one.

    A

    Accountable: This team member delegates a task and is the last person to review deliverables and/or task. Sometimes Responsible and Accountable can be the same staff. Make sure that you always assign only one Accountable for each task and not more.

    C

    Consulted: People who do not carry out the task but need to be consulted. Typically, these people are subject matter experts or stakeholders.

    I

    Informed: People who receive information about process execution and quality and need to stay informed regarding the task.

    A RACI analysis is helpful with the following:

    • Workload Balancing: Allowing responsibilities to be distributed effectively between functional teams and individuals.
    • Change Management: Ensuring key functions and processes are not overlooked during organizational changes.
    • Onboarding: New employees can identify their own roles and responsibilities.

    A RACI chart outlines which positions are Responsible, Accountable, Consulted, and Informed

    Image shows example of RACI chart

    Create a list of roles and responsibilities in your organization

    1.2.1 Create RACI matrix to define responsibilities

    1. Use the Service Desk Roles and Responsibilities Guidefor a better understanding of the roles and responsibilities of different service desk tiers.
    2. In the RACI chart, replace the top row with specific roles in your organization.
    3. Modify or expand the process tasks, as needed, in the left column.
    4. For each role, identify the responsibility values that the person brings to the service desk. Fill out each column.
    5. Document in the Service Desk SOP. Schedule a time to share the results with organization leads.
    6. Distribute the chart between all teams in your organization.

    Notes:

    • Assign one Accountable for each task.
    • Have at least one Responsible for each task.
    • Avoid generic responsibilities, such as “team meetings.”
    • Keep your RACI definitions in your documents, as they are sometimes tough to remember.

    Participants

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    What You'll Need

    • Service Desk SOP
    • Roles and Responsibilities Guide
    • Flip Chart
    • Whiteboard

    Build a single point of contact for the service desk

    Regardless of the service desk structure chosen to meet your service support requirements, end users should be in no doubt about how to access the service.

    Provide end users with:

    • A single phone number.
    • A single email address.
    • A single web portal for all incidents and requests.

    A single point of contact will ensure:

    • An agent is available to field incidents and requests.
    • Incidents and requests are prioritized according to impact and urgency.
    • Work is tracked to completion.

    This prevents ad hoc ticket channels such as shoulder grabs or direct emails, chats, or calls to a technician from interrupting work.

    A single point of contact does not mean the service desk is only accessible through one intake channel, but rather all tickets are directed to the service desk (i.e. tier 1) to be resolved or redirected appropriately.

    Image depicts 2 boxes. The smaller box labelled users and the larger box labelled Service Desk Tier 1. There are four double-sided arrows. The top is labelled email, the second is walk-in, the third is phone, the fourth is web portal.

    Directors and executives understand the importance of the service desk and believe IT can do better

    A double bar graph is depicted. The blue bars represent Effectiveness and the green bars represent Importance in terms of service desk at different seniority levels, which include frontline, manager, director, and executive.

    Source: Info-Tech, 2019 Responses (N=189 organizations)

    Service Desk Importance Scores

      No Importance: 1.0-6.9
      Limited Importance: 7.0-7.9
      Significant Importance: 8.0-8.9
      Critical Importance: 9.0-10.0

    Service Desk Effectiveness Scores

      Not in Place: N/A
      Not Effective: 0.0-4.9
      Somewhat Ineffective: 5.0-5.9
      Somewhat Effective: 6.0-6.9
      Very Effective: 7.0-10.0

    Info-Tech Research Group’s IT Management and Governance Diagnostic (MGD) program assesses the importance and effectiveness of core IT processes. Since its inception, the MGD has consistently identified the service desk as an area to leverage.

    Business stakeholders consistently rank the service desk as one of the top five most important services that IT provides

    Since 2013, Info-Tech has surveyed over 40,000 business stakeholders as part of our CIO Business Vision program.

    Business stakeholders ranked the following 12 core IT services in terms of importance:

    Learn more about the CIO Business Vision Program.
    *Note: IT Security was added to CIO Business Vision 2.0 in 2019

    Top IT Services for Business Stakeholders

    1. Network Infrastructure
    2. IT Security*
    3. Data Quality
    4. Service Desk
    5. Business Applications
    6. Devices
    7. Client-Facing Technology
    8. Analytical Capability
    9. IT Innovation Leadership
    10. Projects
    11. Work Orders
    12. IT Policies
    13. Requirements Gathering
    Source: Info-Tech Research Group, 2019 (N=224 organizations)

    Having an effective and timely service desk correlates with higher end-user satisfaction with all other IT services

    A double bar graph is depicted. The blue bar represents dissatisfied ender user, and the green bar represents satisfied end user. The bars show the average of dissatisfied and satisfied end users for service desk effectiveness and service desk timeliness.

    On average, organizations that were satisfied with service desk effectiveness rated all other IT processes 46% higher than dissatisfied end users.

    Organizations that were satisfied with service desk timeliness rated all other IT processes 37% higher than dissatisfied end users.
    “Satisfied” organizations had average scores =8.“Dissatisfied" organizations had average scores “Dissatisfied" organizations had average scores =6. Source: Info-Tech Research Group, 2019 (N=18,500+ respondents from 75 organizations)

    Standardize the service desk the Info-Tech way to get measurable results

    More than one hundred organizations engaged with Info-Tech, through advisory calls and workshops, for their service desk projects in 2016. Their goal was either to improve an existing service desk or build one from scratch.

    Organizations that estimate the business impact of each project phase help us shed light on the average measured value of the engagements.

    "The analysts are an amazing resource for this project. Their approach is very methodical, and they have the ability to fill in the big picture with detailed, actionable steps. There is a real opportunity for us to get off the treadmill and make real IT service management improvements"

    - Rod Gula, IT Director

    American Realty Advisors

    Three circles are depicted. The top circle shows the sum of measured value dollar impact which is US$1,659,493.37. The middle circle shows the average measured value dollar impact which is US$19,755.87. The bottom circle shows the average measured value time saved which is 27 days.

    Info-Tech’s approach to service desk standardization focuses on building service management essentials

    This image depicts all of the phases and steps in this blueprint.

    Info-Tech draws on the COBIT framework, which focuses on consistent delivery of IT services across the organization

    This image depicts research that can be used to improve IT processes. Service Desk is circled to demonstrate which research is being used.

    The service desk is the foundation of all other service management processes.

    The image shows how the service desk is a foundation for other service management processes.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Standardize the Service Desk – project overview

    This image shows the project overview of this blueprint.

    Info-Tech delivers: Use our tools and templates to accelerate your project to completion

    Project Summary

    Image of template.

    Service Desk Standard Operating Procedures

    Image of tool.

    Service Desk Maturity Assessment Tool

    Image of tool.

    Service Desk Implementation Roadmap

    Image of tool Incident, knowledge, and request management workflows

    Incident, knowledge, and request management workflows

    The project’s key deliverable is a service desk standard operating procedure

    Benefits of documented SOPs:

    Improved training and knowledge transfer: Routine tasks can be delegated to junior staff (freeing senior staff to work on higher priority tasks).

    IT automation, process optimization, and consistent operations: Defining, documenting, and then optimizing processes enables IT automation to be built on sound processes, so consistent positive results can be achieved.

    Compliance: Compliance audits are more manageable because the documentation is already in place.

    Transparency: Visually documented processes answer the common business question of “why does that take so long?”

    Cost savings: Work solved at first contact or with a minimal number of escalations will result in greater efficiency and more cost-effective support. This will also lead to better customer service.

    Impact of undocumented/undefined SOPs:

    Tasks will be difficult to delegate, key staff become a bottleneck, knowledge transfer is inconsistent, and there is a longer onboarding process for new staff

    IT automation built on poorly defined, unoptimized processes leads to inconsistent results.

    Documenting SOPs to prepare for an audit becomes a major time-intensive project.

    Other areas of the organization may not understand how IT operates, which can lead to confusion and unrealistic expectations.

    Support costs are highest through inefficient processes, and proactive work becomes more difficult to schedule, making the organization vulnerable to costly disruptions.

    Workshop Overview

    Image depicts workshop overview occurring over four days.

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Phase 1

    Lay Service Desk Foundations

    Step 1.1:Assess current state

    Image shows the steps in phase 1. Highlight is on step 1.1

    This step will walk you through the following activities:

    • 1.1.1 Outline service desk challenges
    • 1.1.2 Assess the service desk maturity

    This step involves the following participants:

    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Alignment on the challenges that the service desk faces, an assessment of the current state of service desk processes and technologies, and baseline metrics against which to measure improvements.

    Deliverables

    • Service Desk Maturity Assessment

    Standardizing the service desk benefits the whole business

    The image depicts 3 circles to represent the service desk foundations.

    Embrace standardization

    • Standardization prevents wasted energy on reinventing solutions to recurring issues.
    • Standardized processes are scalable so that process maturity increases with the size of your organization.

    Increase business satisfaction

    • Improve confidence that the service desk can meet service levels.
    • Create a single point of contact for incidents and requests and escalate quickly.
    • Analyze trends to forecast and meet shifting business requirements.

    Reduce recurring issues

    • Create tickets for every task and categorize them accurately.
    • Generate reliable data to support root-cause analysis.

    Increase efficiency and lower operating costs

    • Empower end users and technicians with a targeted knowledgebase (KB).
    • Cross-train to improve service consistency.

    Case Study: The CIO of Westminster College took stock of existing processes before moving to empower the “helpless desk”

    Scott Lowe helped a small staff of eight IT professionals formalize service desk processes and increase the amount of time available for projects.

    When he joined Westminster College as CIO in 2006, the department faced several infrastructure challenges, including:

    • An unreliable network
    • Aging server replacements and no replacement plan
    • IT was the “department of no”
    • A help desk known as the “helpless desk”
    • A lack of wireless connectivity
    • Internet connection speed that was much too slow

    As the CIO investigated how to address the infrastructure challenges, he realized people cared deeply about how IT spent its time.

    The project load of IT staff increased, with new projects coming in every day.

    With a long project list, it became increasingly important to improve the transparency of project request and prioritization.

    Some weeks, staff spent 80% of their time working on projects. Other weeks, support requirements might leave only 10% for project work.

    He addressed the infrastructure challenges in part by analyzing IT’s routine processes.

    Internally, IT had inefficient support processes that reduced the amount of time they could spend on projects.

    They undertook an internal process analysis effort to identify processes that would have a return on investment if they were improved. The goal was to reduce operational support time so that project time could be increased.

    Five years later, they had a better understanding of the organization's operational support time needs and were able to shift workloads to accommodate projects without compromising support.

    Common challenges experienced by service desk teams

    Unresolved issues

    • Tickets are not created for all incidents.
    • Tickets are lost or escalated to the wrong technicians.
    • Poor data impedes root-cause analysis of incidents.

    Lost resources/accountability

    • Lack of cross-training and knowledge sharing.
    • Lack of skills coverage for critical applications and services.
    • Time is wasted troubleshooting recurring issues.
    • Reports unavailable due to lack of data and poor categorization.

    High cost to resolve

    • Tier 2/3 resolve issues that should be resolved at tier 1.
    • Tier 2/3 often interrupt projects to focus on service support.

    Poor planning

    • Lack of data for effective trend analysis leads to poor demand planning.
    • Lack of data leads to lost opportunities for templating and automation.

    Low business satisfaction

    • Users are unable to get assistance with IT services quickly.
    • Users go to their favorite technician instead of using the service desk.

    Outline the organization’s service desk challenges

    1.1.1 Brainstorm service desk challenges

    Estimated Time: 45 minutes

    A. As a group, outline the areas where you think the service desk is experiencing challenges or weaknesses. Use sticky notes or a whiteboard to separate the challenges into People, Process, and Technology so you have a wholistic view of the constraints across the department.

    B. Think about the following:

    • What have you heard from users? (e.g. slow response time)
    • What have you heard from executives? (e.g. poor communication)
    • What should you start doing? (e.g. documenting processes)
    • What should you stop doing? (e.g. work that is not being entered as tickets)

    C. Document challenges in the Service Desk Project Summary.

    Participants:

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    Assess current service desk maturity to establish a baseline and create a plan for service desk improvement

    A current-state assessment will help you build a foundation for process improvements. Current-state assessments follow a basic formula:

    1. Determine the current state of the service desk.
    2. Determine the desired state of the service desk.
    3. Build a practical path from current to desired state.
    Image depicts 2 circles and a box. The circle on the 1. left has assess current state. The circle on the right has 2. assess target state. The box has 3. build a roadmap.

    Ideally, the current-state assessment should align the delivery of IT services with organizational needs. The assessment should achieve the following goals:

    1. Identify service desk pain points.
    2. Map each pain point to business services.
    3. Assign a broad business value to the resolution of each pain point.
    4. Map each pain point to a process.

    Expert Insight

    Image of expert.

    “How do you know if you aren’t mature enough? Nothing – or everything – is recorded and tracked, customer satisfaction is low, frustration is high, and there are multiple requests and incidents that nobody ever bothers to address.”

    Rob England

    IT Consultant & Commentator

    Owner Two Hills

    Also known as The IT Skeptic

    Assess the process maturity of the service desk to determine which project phase and steps will bring the most value

    1.1.2 Measure which activity will have the greatest impact

    The Service Desk Maturity Assessmenttool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.

    The tool will help guide improvement efforts and measure your progress.

    • The second tab of the tool walks through a qualitative assessment of your service desk practices. Questions will prompt you to evaluate how you are executing key activities. Select the answer in the drop-down menus that most closely aligns with your current state.
    • The third tab displays your rate of process completeness and maturity. You will receive a score for each phase, an overall score, and advice based on your performance.
    • Document the results of the efficiency assessment in the Service Desk Project Summary.

    The tool is intended for periodic use. Review your answers each year and devise initiatives to improve the process performance where you need it most.

    Where do I find the data?

    Consult:

    • Service Manager
    • Service Desk Tools
    Image is the service desk tools.

    Step 1.2:Review service support best practices

    Image shows the steps in phase 1. Highlight is on step 1.2.

    This step will walk you through the following activities:

    1. 1.2.1 Identify roles and responsibilities in your organization
    2. 1.2.2 Map out the current and target structure of the service desk

    This step involves the following participants:

    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Identifying who is accountable for different support practices in the service desk will allow workload to be distributed effectively between functional teams and individuals. Closing the gaps in responsibilities will enable the execution of a shift-left strategy.

    Deliverables

    • Roles & responsibilities guide
    • Service desk structure

    Everyone in IT contributes to the success of service support

    Regardless of the service desk structure chosen to meet an organization’s service support requirements, IT staff should not doubt the role they play in service support.

    If you try to standardize service desk processes without engaging specialists in other parts of the IT organization, you will fail. Everyone in IT has a role to play in providing service support and meeting service-level agreements.

    Service Support Engagement Plan

    • Identify who is accountable for different service support processes.
    • Outline the different responsibilities of service desk agents at tier 1, tier 2, and tier 3 in meeting service-level agreements for service support.
    • Draft operational-level agreements between specialty groups and the service desk to improve accountability.
    • Configure the service desk tool to ensure ticket visibility and ownership across queues.
    • Engage tier 2 and tier 3 resources in building workflows for incident management, request fulfilment, and writing knowledgebase articles.
    • Emphasize the benefits of cooperation across IT silos:
      • Better customer service and end-user satisfaction.
      • Shorter time to resolve incidents and implement requests.
      • A higher tier 1 resolution rate, more efficient escalations, and fewer interruptions from project work.

    Info-Tech Insight

    Specialists tend to distance themselves from service support as they progress through their career to focus on projects.

    However, their cooperation is critical to the success of the new service desk. Not only do they contribute to the knowledgebase, but they also handle escalations from tiers 1 and 2.

    Clear project complications by leveraging roles and responsibilities

    R

    Responsible: This person is the staff member who completes the work. Assign at least one Responsible for each task, but this could be more than one.

    A

    Accountable: This team member delegates a task and is the last person to review deliverables and/or task. Sometimes Responsible and Accountable can be the same staff. Make sure that you always assign only one Accountable for each task and not more.

    C

    Consulted: People who do not carry out the task but need to be consulted. Typically, these people are subject matter experts or stakeholders.

    I

    Informed: People who receive information about process execution and quality and need to stay informed regarding the task.

    A RACI analysis is helpful with the following:

    • Workload Balancing: Allowing responsibilities to be distributed effectively between functional teams and individuals.
    • Change Management: Ensuring key functions and processes are not overlooked during organizational changes.
    • Onboarding: New employees can identify their own roles and responsibilities.

    A RACI chart outlines which positions are Responsible, Accountable, Consulted, and Informed

    Image shows example of RACI chart

    Create a list of roles and responsibilities in your organization

    1.2.1 Create RACI matrix to define responsibilities

    1. Use the Service Desk Roles and Responsibilities Guidefor a better understanding of the roles and responsibilities of different service desk tiers.
    2. In the RACI chart, replace the top row with specific roles in your organization.
    3. Modify or expand the process tasks, as needed, in the left column.
    4. For each role, identify the responsibility values that the person brings to the service desk. Fill out each column.
    5. Document in the Service Desk SOP. Schedule a time to share the results with organization leads.
    6. Distribute the chart between all teams in your organization.

    Notes:

    • Assign one Accountable for each task.
    • Have at least one Responsible for each task.
    • Avoid generic responsibilities, such as “team meetings.”
    • Keep your RACI definitions in your documents, as they are sometimes tough to remember.

    Participants

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    What You'll Need

    • Service Desk SOP
    • Roles and Responsibilities Guide
    • Flip Chart
    • Whiteboard

    Build a tiered generalist service desk to optimize costs

    A tiered generalist service desk with a first-tier resolution rate greater than 60% has the best operating cost and customer satisfaction of all competing service desk structural models.

    Image depicts a tiered generalist service desk example. It shows a flow from users to tier 1 and to tiers 2 and 3.

    The success of a tiered generalist model depends on standardized, defined processes

    Image lists the processes and benefits of a successful tiered generalist service desk.

    Define the structure of the service desk

    1.2.2 Map out the current and target structure of the service desk

    Estimated Time: 45 minutes

    Instructions:

    1. Using the model from the previous slides as a guide, discuss how closely it matches the current service desk structure.
    2. Map out a similar diagram of your existing service desk structure, intake channels, and escalation paths.
    3. Review the structure and discuss any changes that could be made to improve efficiency. Revise as needed.
    4. Document the outcome in the Service Desk Project Summary.

    Image depicts a tiered generalist service desk example. It shows a flow from users to tier 1 and to tiers 2 and 3.

    Participants

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    Use a shift-left strategy to lower service support costs, reduce time to resolve, and improve end-user satisfaction

    Shift-left strategy:

    • Shift service support tasks from specialists to generalists.
    • Implement self-service.
    • Automate incident resolution.
    Image shows the incident and service request resolution in a graph. It includes metrics of cost per ticket, average time to resolve, and end-user satisfaction.

    Work through the implications of adopting a shift-left strategy

    Overview:

    Identify process gaps that you need to fill to support the shift-left strategy and discuss how you could adopt or improve the shift-left strategy, using the discussion questions below as a guide.

    Which process gaps do you need to fill to identify ticket trends?

    • What are your most common incidents and service requests?
    • Which tickets could be resolved at tier 1?
    • Which tickets could be resolved as self-service tickets?
    • Which tickets could be automated?

    Which processes do you most need to improve to support a shift-left strategy?

    • Which incident and request processes are well documented?
    • Do you have recurring tickets that could be automated?
    • What is the state of your knowledgebase maintenance process?
    • Which articles do you most need to support tier 1 resolution?
    • What is the state of your web portal? How could it be improved to support self-service?

    Document in the Project Summary

    Step 1.3: Identify service desk metrics and reports

    Image shows the steps in phase 1. Highlight is on step 1.3.

    This step will walk you through the following activities:

    • 1.3 Create a list of required reports to identify relevant metrics

    This step involves the following participants:

    • Project Sponsor
    • IT Managers and Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Managers and analysts will have service desk metrics and reports that help set expectations and communicate service desk performance.

    Deliverables

    • A list of service desk performance metrics and reports

    Engage business unit leaders with data to appreciate needs

    Service desk reports are an opportunity to communicate the story of IT and collect stakeholder feedback. Interview business unit leaders and look for opportunities to improve IT services.

    Start with the following questions:

    • What are you hearing from your team about working with IT?
    • What are the issues that are contributing to productivity losses?
    • What are the workarounds your team does because something isn’t working?
    • Are you able to access the information you need?

    Work with business unit leaders to develop an action plan.

    Remember to communicate what you do to address stakeholder grievances.

    The service recovery paradox is a situation in which end users think more highly of IT after the organization has corrected a problem with their service compared to how they would regard the company if the service had not been faulty in the first place.

    The point is that addressing issues (and being seen to address issues) will significantly improve end-user satisfaction. Communicate that you’re listening and acting, and you should see satisfaction improve.

    Info-Tech Insight

    Presentation is everything:

    If you are presenting outside of IT, or using operational metrics to create strategic information, be prepared to:

    • Discuss trends.
    • Identify organizational and departmental impacts.
    • Assess IT costs and productivity.

    For example, “Number of incidents with ERP system has decreased by 5% after our last patch release. We are working on the next set of changes and expect the issues to continue to decrease.”

    Engage technicians to ensure they input quality data in the service desk tool

    You need better data to address problems. Communicate to the technical team what you need from them and how their efforts contribute to the usefulness of reports.

    Tickets MUST:

    • Be created for all incidents and service requests.
    • Be categorized correctly, and categories updated when the ticket is resolved.
    • Be closed after the incidents and service requests are resolved or implemented.

    Emphasize that reports are analyzed regularly and used to manage costs, improve services, and request more resources.

    Info-Tech Insight

    Service Desk Manager: Technical staff can help themselves analyze the backlog and improve service metrics if they’re looking at the right information. Ensure their service desk dashboards are helping them identify high-priority and quick-win tickets and anticipate potential SLA breaches.

    Produce service desk reports targeted to improve IT services

    Use metrics and reports to tell the story of IT.

    Metrics should be tied to business requirements and show how well IT is meeting those requirements and where obstacles exist.

    Tailor metrics and reports to specific stakeholders.

    Technicians require mostly real-time information in the form of a dashboard, providing visibility into a prioritized list of tickets for which they are responsible.

    Supervisors need tactical information to manage the team and set client expectations as well as track and meet strategic goals.

    Managers and executives need summary information that supports strategic goals. Start by looking at executive goals for the support team and then working through some of the more tactical data that will help support those goals.

    One metric doesn’t give you the whole picture

    • Don’t put too much emphasis on a single metric. At best, it will give you a distorted picture of your service desk performance. At worst, it will distort the behavior of your agents as they may adopt poor practices to meet the metric.
    • The solution is to use tension metrics: metrics that work together to give you a better sense of the state of operations.
    • Tension metrics ensure a balanced focus toward shared goals.

    Example:

    First-call resolution (FCR), end-user satisfaction, and number of tickets reopened all work together to give you a complete picture. As FCR goes up, so should end-user satisfaction, as number of tickets re-opened stays steady or declines. If the three metrics are heading in different directions, then you know you have a problem.

    Rely on internal metrics to measure and improve performance

    External metrics provide useful context, but they represent broad generalizations across different industries and organizations of different sizes. Internal metrics measured annually are more reliable.

    Internal metrics provide you with information about your actual performance. With the right continual improvement process, you can improve those metrics year over year, which is a better measure of the performance of your service desk.

    Whether a given metric is the right one for your service desk will depend on several different factors, not the least of which include:

    • The maturity of your service desk processes.
    • Your ticket volume.
    • The complexity of your tickets.
    • The degree to which your end users are comfortable with self-service.

    Info-Tech Insight

    Take external metrics with a grain of salt. Most benchmarks represent what service desks do across different industries, not what they should do. There also might be significant differences between different industries in terms of the kinds of tickets they deal with, differences which the overall average obscures.

    Use key service desk metrics to build a business case for service support improvements

    The right metrics can tell the business how hard IT works and how many resources it needs to perform:

    1. End-User Satisfactions:
      • The most important metric for measuring the perceived value of the service desk. Determine this based on a robust annual satisfaction survey of end users and transactional satisfaction surveys sent with a percentage of tickets.
    2. Ticket Volume and Cost per Ticket:
      • A key indicator of service desk efficiency, computed as the monthly operating expense divided by the average ticket volume per month.
    3. First-Contact Resolution Rate:
      • The biggest driver of end-user satisfaction. Depending on the kind of tickets you deal with, you can measure first-contact, first-tier, or first-day resolution.
    4. Average Time to Resolve (Incident) or Fulfill (Service Requests):
      • An assessment of the service desk's ability to resolve tickets effectively, measuring the time elapsed between the moment the ticket status is set to “open” and the moment it is set to “resolved.”

    Info-Tech Insight

    Metrics should be tied to business requirements. They tell the story of how well IT is meeting those requirements and help identify when obstacles get in the way. The latter can be done by pointing to discrepancies between the internal metrics you expected to reach but didn’t and external metrics you trust.

    Use service desk metrics to track progress toward strategic, operational, and tactical goals

    Image depicts a chart to show the various metrics in terms of strategic goals, tactical goals, and operational goals.

    Cost per ticket and customer satisfaction are the foundation metrics of service support

    Ultimately, everything boils down to cost containment (measured by cost per ticket) and quality of service (measured by customer satisfaction).

    Cost per ticket is a measure of the efficiency of service support:

    • A higher than average cost per ticket is not necessarily a bad thing, particularly if accompanied by higher-than-average quality levels.
    • Conversely, a low cost per ticket is not necessarily good, particularly if the low cost is achieved by sacrificing quality of service.

    Cost per ticket is the total monthly operating expense of the service desk divided by the monthly ticket volume. Operating expense includes the following components:

    • Salaries and benefits for desktop support technicians
    • Salaries and benefits for indirect personnel (team leads, supervisors, workforce schedulers, dispatchers, QA/QC personnel, trainers, and managers)
    • Technology expense (e.g. computers, software licensing fees)
    • Telecommunications expenses
    • Facilities expenses (e.g. office space, utilities, insurance)
    • Travel, training, and office supplies
    Image displays a pie chart that shows the various service desk costs.

    Create a list of required reports to identify metrics to track

    1.3.1 Start by identifying the reports you need, then identify the metrics that produce them

    1. Answer the following questions to determine the data your reports require:
      • What strategic initiatives do you need to track?
        • Example: reducing mean time to resolve, meeting SLAs
      • What operational areas need attention?
        • Example: recurring issues that need a permanent resolution
      • What kind of issues do you want to solve?
        • Example: automate tasks such as password reset or software distribution
      • What decisions or processes are held up due to lack of information?
        • Example: need to build a business case to justify infrastructure upgrades
      • How can the data be used to improve services to the business?
        • Example: recurring issues by department
    2. Document report and metrics requirements in Service Desk SOP.
    3. Provide the list to your tool administrator to create reports with auto-distribution.

    Participants

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    What You'll Need

    • Service Desk SOP
    • Flip Chart
    • Whiteboard

    Step 1.4: Review ticket handling procedures

    Image shows the steps in phase 1. Highlight is on step 1.4.

    This step will walk you through the following activities:

    • 1.4.1 Review ticket handling practices
    • 1.4.2 Identify opportunities to automate ticket creation and reduce recurring tickets

    This step involves the following participants:

    • Project Sponsor
    • IT Managers and Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Managers and analysts will have best practices for ticket handling and troubleshooting to support ITSM data quality and improve first-tier resolution.

    DELIVERABLES

    • List of ticket templates and recurring tickets
    • Ticket and Call QA Template and ticket handling best practices

    Start by reviewing the incident intake process to find opportunities for improvement

    If end users are avoiding your service desk, you may have an intake problem. Create alternative ways for users to seek help to manage the volume; keep in mind not every request is an emergency.

    Image shows the various intake channels and the recommendation.

    Identify opportunities for improvement in your ticket channels

    The two most efficient intake channels should be encouraged for the majority of tickets.

    • Build a self-service portal.
      • Do users know where to find the portal?
      • How many tickets are created through the portal?
      • Is the interface easy to use?
    • Deal efficiently with email.
      • How quickly are messages picked up?
      • Are they manually transferred to a ticket or does the service desk tool automatically create a ticket?

    The two most traditional and fastest methods to get help must deal with emergencies and escalation effectively.

    • Phone should be the fastest way to get help for emergencies.
      • Are enough agents answering calls?
      • Are voicemails picked up on time?
      • Are the automated call routing prompts clear and concise?
    • Are walk-ins permitted and formalized?
      • Do you always have someone at the desk?
      • Is your equipment secure?
      • Are walk-ins common because no one picks up the phone or is the traffic as you’d expect?

    Ensure technicians create tickets for all incidents and requests

    Why Collect Ticket Data?

    If many tickets are missing, help service support staff understand the need to collect the data. Reports will be inaccurate and meaningless if quality data isn’t entered into the ticketing system.

    Image shows example of ticket data

    Set ticket handling expectations to drive a consistent process

    Set expectations:

    • Create and update tickets, but not at the expense of good customer service. Agents can start the ticket but shouldn’t spend five minutes creating the ticket when they should be troubleshooting the problem.
    • Update the ticket when the issue is resolved or needs to be escalated. If agents are escalating, they should make sure all relevant information is passed along to the next technician.
    • Update user of ETA if issue cannot be resolved quickly.
    • Ticket templates for common incidents can lead to fast creation, data input, and categorizations. Templates can reduce the time it takes to create tickets from two minutes to 30 seconds.
    • Update categories to reflect the actual issue and resolution.
    • Reference or link to the knowledgebase article as the documented steps taken to resolve the incident.
    • Validate incident is resolved with client; automate this process with ticket closure after a certain time.
    • Close or resolve the ticket on time.

    Use the Ticket and Call Quality Assessment Tool to improve the quality of service desk data

    Build a process to check-in on ticket and call quality monthly

    Better data leads to better decisions. Use the Ticket and Call Quality Assessment Toolto check-in on the ticket and call quality monthly for each technician and improve service desk data quality.

    1. Fill tab 1 with technician’s name.
    2. Use either tab 2 (auto-scoring) or tab 3 (manual scoring) to score the agent. The assessment includes ticket evaluation, call evaluation, and overall metric.
    3. Record the results of each review in the score summary of tab 1.
    Image shows tool.

    Use ticket templates to make ticket creation, updating, and resolution more efficient

    A screenshot of the Ticket and Call Quality Assessment Tool

    Implement measures to improve ticket handling and identify ticket template candidates

    1.4.1 Identify opportunities to automate ticket creation

    1. Poll the team and discuss.
      • How many members of the team are not creating tickets? Why?
      • How can we address those barriers?
      • What are the expectations of management?
    2. Brainstorm five to ten good candidates for ticket templates.
      • What data can auto-fill?
      • What will help process the ticket faster?
      • What automations can we build to ensure a fast, consistent service?
      • Note:
        • Ticket template name
        • Information that will auto-fill from AD and other applications
        • Categories and resolution codes
        • Automated routing and email responses
    3. Document ticket template candidates in the Service Desk Roadmap to capture the actions.

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You'll Needs

    • Flip Chart
    • Whiteboard

    Phase 2

    Design Incident Management Processes

    Step 2.1: Build incident management workflows

    Image shows the steps in phase 2. Highlight is on step 2.1.

    This step will walk you through the following activities:

    • 2.1.1 Review incident management challenges
    • 2.1.2 Define the incident management workflow
    • 2.1.3 Define the critical incident management workflow
    • 2.1.4 Design critical incident communication plan

    This step involves the following participants:

    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Workflows for incident management and critical incident management will improve the consistency and quality of service delivery and prepare the service desk to negotiate reliable service levels with the organization.

    DELIVERABLES

    • Incident management workflows
    • Critical incident management workflows
    • Critical incident communication plan

    Communicate the great incident resolution work that you do to improve end-user satisfaction

    End users think more highly of IT after the organization has corrected a problem with their service than they would have had the service not been faulty in the first place.

    Image displays a graph to show the service recovery paradox

    Info-Tech Insight

    Use the service recovery paradox to your advantage. Address service desk challenges explicitly, develop incident management processes that get services back online quickly, and communicate the changes.

    If you show that the service desk recovered well from the challenges end users raised, you will get greater loyalty from them.

    Assign incident roles and responsibilities to promote accountability

    The role of an incident coordinator or manager can be assigned to anyone inside the service desk that has a strong knowledge of incident resolution, attention to detail, and knows how to herd cats.

    In organizations with high ticket volumes, a separate role may be necessary.

    Everyone must recognize that incident management is a cross-IT organization process and it does not have to be a unique service desk process.

    An incident coordinator is responsible for:

    • Improving incident management processes.
    • Tracking metrics and producing reports.
    • Developing and maintaining the incident management system.
    • Developing and maintaining critical incident processes.
    • Ensuring the service support team follows the incident management process.
    • Gathering post-mortem information from the various technical resources on root cause for critical or severity 1 incidents.

    The Director of IT Services invested in incident management to improve responsiveness and set end-user expectations

    Practitioner Insight

    Ben Rodrigues developed a progressive plan to create a responsive, service-oriented culture for the service support organization.

    "When I joined the organization, there wasn’t a service desk. People just phoned, emailed, maybe left [sticky] notes for who they thought in IT would resolve it. There wasn’t a lot of investment in developing clear processes. It was ‘Let’s call somebody in IT.’

    I set up the service desk to clarify what we would do for end users and to establish some SLAs.

    I didn’t commit to service levels right away. I needed to see how many resources and what skill sets I would need. I started by drafting some SLA targets and plugging them into our tracking application. I then monitored how we did on certain things and established if we needed other skill sets. Then I communicated those SOPs to the business, so that ‘if you have an issue, this is where you go, and this is how you do it,’ and then shared those KPIs with them.

    I had monthly meetings with different function heads to say, ‘this is what I see your guys calling me about,’ and we worked on something together to make some of the pain disappear."

    -Ben Rodrigues

    Director, IT Services

    Gamma Dynacare

    Sketch out incident management challenges to focus improvements

    Common Incident Management Challenges

    End Users

    • No faith in the service desk beyond speaking with their favorite technician.
    • No expectations for response or resolution time.
    • Non-IT staff are disrupted as people ask their colleagues for IT advice.

    Technicians

    • No one manages and escalates incidents.
    • Incidents are unnecessarily urgent and more likely to have a greater impact.
    • Agents are flooded with requests to do routine tasks during desk visits.
    • Specialist support staff are subject to constant interruptions.
    • Tickets are lost, incomplete, or escalated incorrectly.
    • Incidents are resolved from scratch rather than referring to existing solutions.

    Managers

    • Tickets are incomplete or lack historical information to address complaints.
    • Tickets in system don’t match the perceived workload.
    • Unable to gather data for budgeting or business analysis.

    Info-Tech Insight

    Consistent incident management processes will improve end-user satisfaction with all other IT services.

    However, be prepared to overcome these common obstacles as you put the process in place, including:

    • Absence of management or staff commitment.
    • Lack of clarity on organizational needs.
    • Outdated work practices.
    • Poorly defined service desk goals and responsibilities.
    • Lack of a reliable knowledgebase.
    • Inadequate training.
    • Resistance to change.

    Prepare to implement or improve incident management

    2.1.1 Review incident management challenges and metrics

    1. Review your incident management challenges and the benefits of addressing them.
    2. Review the level of service you are providing with the current resources. Define clear goals and deliverables for the improvement initiative.
    3. Decide how the incident management process will interface with the service desk. Who will take on the responsibility for resolving incidents? Specifically, who will:
      • Log incidents.
      • Perform initial incident troubleshooting.
      • Own and monitor tickets.
      • Communicate with end users.
      • Update records with the resolution.
      • Close incidents.
      • Implement next steps (e.g. initiate problem management).
    4. Document recommendations and the incident management process requirements in the Service Desk SOP.

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You’ll Need

    • Service Desk SOP
    • Flip Chart
    • Whiteboard

    Distinguish between different kinds of tickets for better SLAs

    Different ticket types are associated with radically different prioritization, routing, and service levels. For instance, most incidents are resolved within a business day, but requests take longer to implement.

    If you fail to distinguish between ticket types, your metrics will obscure service desk performance.

    Common Service Desk Tickets

    • Incidents
      • An unanticipated interruption of a service.
        • The goal of incident management is to restore the service as soon as possible, even if the resolution involves a workaround.
    • Problems
      • The root cause of several incidents.
        • The goal of problem management is to detect the root cause and provide long-term resolution and prevention.
    • Requests
      • A generic description for small changes or service access
        • Requests are small, frequent, and low risk. They are best handled by a process distinct from incident, change, and project management.
    • Changes
      • Modification or removal of anything that could influence IT services.
        • The scope includes significant changes to architectures, processes, tools, metrics, and documentation.

    Info-Tech Insight

    Organizations sometimes mistakenly classify small projects as service requests, which can compromise your data, resulting in a negative impact to the perceived value of the service desk.

    Separate incidents and service requests for increased customer service and better-defined SLAs

    Defining the differences between service requests and incidents is not just for reporting purposes. It also has a major impact on how service is delivered.

    Incidents are unexpected disruptions to normal business processes and require attempts to restore services as soon as possible (e.g. the printer is not working).

    Service requests are tasks that don’t involve something that is broken or has an immediate impact on services. They do not require immediate resolution and can typically be scheduled (e.g. new software).

    Image shows a chart on incidents and service requests.

    Focus on the big picture first to capture and streamline how your organization resolves incidents

    Image displays a flow chart to show how to organize resolving incidents.

    Document your incident management workflow to identify opportunities for improvement

    Image shows a flow cart on how to organize incident management.

    Workflow should include:

    • Ticket creation and closure
    • Triage
    • Troubleshooting
    • Escalations
    • Communications
    • Change management
    • Documentation
    • Vendor escalations

    Notes:

    • Notification and alerts should be used to set or reset expectations on delivery or resolution
    • Identify all the steps where a customer is informed and ensure we are not over or under communicating

    Collaborate to define each step of the incident management workflow

    2.1.2 Define the incident management workflow

    Estimated Time: 60 minutes

    Option 1: Whiteboard

    1. Discuss the workflow and draw it on the whiteboard.
    2. Assess whether you are using the best workflow. Modify it if necessary.
    3. Engage the team in refining the process workflow.
    4. Transfer data to Visio and add to the SOP.

    Option 2: Tabletop Exercise

    1. Distribute index cards to each member of the team.
    2. Have each person write a single task they perform on the index card. Be granular. Include the title or the name of the person responsible.
    3. Mark cards that are decision points. Use a card of a different color or use a marker to make a colored dot.
    4. Arrange the index cards in order, removing duplicates.
    5. Assess whether you are using the best workflow. Engage the team to refine it if necessary.
    6. Transfer data to Visio and add to the Service Desk SOP.

    Participants

    • Service Manager
    • Service Desk Support
    • Applications or Infrastructure Support

    What You’ll Need

    • Flip Chart Paper
    • Sticky Notes
    • Pens
    • Service Desk SOP
    • Project Summary

    Formalize the process for critical incident management to reduce organizational impact

    Discuss these elements to see how the organization will handle them.

    • Communication plan:
      • Who communicates with end users?
      • Who communicates with the executive team?
      • It’s important to separate the role of the technician trying to solve a problem with the need to communicate progress.
    • Change management:
      • Define a separate process for regular and emergency change management to ensure changes are timely and appropriate.
    • Business continuity plan:
      • Identify criteria to decide when a business continuity plan (BCP) must be implemented during a critical incident to minimize the business impact of the incident.
    • Post-mortems:
      • Formalize the process of discussing and documenting lessons learned, understanding outstanding issues, and addressing the root cause of incidents.
    • Source of incident notification:
      • Does the process change if users notify the service desk of an issue or if the systems management tools alert technicians?

    Critical incidents are high-impact, high-urgency events that put the effectiveness and timeliness of the service desk center stage.

    Build a workflow that focuses on quickly bringing together the right people to resolve the incident and reduces the chances of recurrence.

    Document your critical incident management workflow to identify opportunities for improvement

    Image shows a flow cart on how to organize critical incident management.

    Workflow should include:

    • Ticket creation and closure
    • Triage
    • Troubleshooting
    • Escalations
    • Communications plan
    • Change management
    • Disaster recovery or business continuity plan
    • Documentation
    • Vendor escalations
    • Post-mortem

    Collaborate to define each step of the critical incident management workflow

    2.1.3 Define the critical incident management workflow

    Estimated Time: 60 minutes

    Option 1: Whiteboard

    1. Discuss the workflow and draw it on the whiteboard.
    2. Assess whether you are using the best workflow. Modify it if necessary.
    3. Engage the team in refining the process workflow.
    4. Transfer data to Visio and add to the SOP.

    Option 2: Tabletop Exercise

    1. Distribute index cards to each member of the team.
    2. Have each person write a single task they perform on the index card. Be granular. Include the title or the name of the person responsible.
    3. Mark cards that are decision points. Use a card of a different color or use a marker to make a colored dot.
    4. Arrange the index cards in order, removing duplicates.
    5. Assess whether you are using the best workflow. Engage the team to refine it if necessary.
    6. Transfer data to Visio and add to the Service Desk SOP.

    Participants

    • Service Manager
    • Service Desk Support
    • Applications or Infrastructure Support

    What You’ll Need

    • Flip Chart Paper
    • Sticky Notes
    • Pens
    • Service Desk SOP

    Establish a critical incident management communication plan

    When it comes to communicating during major incidents, it’s important to get the information just right. Users don’t want too little, they don’t want too much, they just want what’s relevant to them, and they want that information at the right time.

    As an IT professional, you may not have a background in communications, but it becomes an important part of your job. Broad guidelines for good communication during a critical incident are:

    1. Communicate as broadly as the impact of your incident requires.
    2. Communicate as much detail as a specific audience requires, but no more than necessary.
    3. Communicate as far ahead of impact as possible.

    Why does communication matter?

    Sending the wrong message, at the wrong time, to the wrong stakeholders, can result in:

    • Drop in customer satisfaction.
    • Wasted time and resources from multiple customers contacting you with the same issue.
    • Dissatisfied executives kept in the dark.
    • Increased resolution time if the relevant providers and IT staff are not informed soon enough to help.

    Info-Tech Insight

    End users understand that sometimes things break. What’s important to them is that (1) you don’t repeatedly have the same problem, (2) you keep them informed, and (3) you give them enough notice when their systems will be impacted and when service will be returned.

    Automate communication to save time and deliver consistent messaging to the right stakeholders

    In the middle of resolving a critical incident, the last thing you have time for is worrying about crafting a good message. Create a series of templates to save time by providing automated, tailored messages for each stage of the process that can be quickly altered and sent out to the right stakeholders.

    Once templates are in place, when the incident occurs, it’s simply a matter of:

    1. Choosing the relevant template.
    2. Updating recipients and messaging if necessary.
    3. Adding specific, relevant data and fields.
    4. Sending the message.

    When to communicate?

    Tell users the information they need to know when they need to know it. If a user is directly impacted, tell them that. If the incident does not directly affect the user, the communication may lead to decreased customer satisfaction or failure to pay attention to future relevant messaging.

    What to say?

    • Keep messaging short and to the point.
    • Only say what you know for sure.
    • Provide only the details the audience needs to know to take any necessary action or steps on their side and no more. There’s no need to provide details on the reason for the failure before it’s resolved, though this can be done after resolution and restoration of service.

    You’ll need distinct messages for distinct audiences. For example:

    • To incident resolvers: “Servers X through Y in ABC Location are failing intermittently. Please test the servers and all the connections to determine the exact cause so we can take corrective action ASAP.”
    • To the IT department head: “Servers X through Y in ABC Location are failing intermittently. We are beginning tests. We will let you know when we have determined the exact cause and can give you an estimated completion time.”
    • To executives: “We’re having an issue with some servers at ABC Location. We are testing to determine the cause and will let you know the estimated completion time as soon as possible.”
    • To end users: “We are experience some service issues. We are working on a resolution diligently and will restore service as soon as possible.”

    Map out who will need to be contacted in the event of a critical incident

    2.1.4 Design the critical incident communication plan

    • Identify critical incidents that require communication.
    • Identify stakeholders who will need to be informed about each incident.
    • For each audience, determine:
      1. Frequency of communication
      2. Content of communication
    Use the sample template to the right as an example.

    Some questions to assist you:

    • Whose work will be interrupted, either by their services going down or by their workers having to drop everything to solve the incident?
    • What would happen if we didn’t notify this person?
    • What level of detail do they need?
    • How often would they want to be updated?
    Document outcomes in the Service Desk SOP. Image shows template of unplanned service outage.

    Measure and improve customer satisfaction with the use of relationship and transactional surveys

    Customer experience programs with a combination of relationship and transactional surveys tend to be more effective. Merging the two will give a wholistic picture of the customer experience.

    Relationship Surveys

    Relationship surveys focus on obtaining feedback on the overall customer experience.

    • Inform how well you are doing or where you need improvement in the broad services provided.
    • Provide a high-level perspective on the relationship between the business and IT.
    • Help with strategic improvement decisions.
    • Should be sent over a duration of time and to the entire customer base after they’ve had time to experience all the services provided by the service desk. This can be done as frequently as per quarter or on a yearly basis.
    • E.g. An annual satisfaction survey such as Info-Tech’s End User Satisfaction Diagnostic.

    Transactional Surveys

    Transactional surveys are tied to a specific interaction or transaction your end users have with a specific product or service.

    • Help with tactical improvement decisions.
    • Questions should point to a specific interaction.
    • Usually only a few questions that are quick and easy to complete following the transaction.
    • Since transactional surveys allow you to improve individual relationships, they should be sent shortly after the interaction with the service desk has occurred.
    • E.g. How satisfied are you with the way your ticket was resolved?

    Add transactional end-user surveys at ticket close to escalate unsatisfactory results

    A simple quantitative survey at the closing of a ticket can inform the service desk manager of any issues that were not resolved to the end user’s satisfaction. Take advantage of workflows to escalate poor results immediately for quick follow-up.

    Image shows example of survey question with rating.

    If a more complex survey is required, you may wish to include some of these questions:

    Please rate your overall satisfaction with the way your issue was handled (1=unsatisfactory, 5=fantastic)

    • The professionalism of the analyst.
    • The technical skills or knowledge of the analyst.
    • The timeliness of the service provided.
    • The overall service experience.

    Add an open-ended, qualitative question to put the number in context, and solicit critical feedback:

    What could the service desk have done to improve your experience?

    Define a process to respond to both negative and positive feedback

    Successful customer satisfaction programs respond effectively to both positive and negative outcomes. Late or lack of responses to negative comments may increase customer frustration, while not responding at all to the positive comments may give the perception of indifference. If customers are taking the time to fill out the survey, good or bad, they should be followed up with

    Take these steps to handle survey feedback:

    1. Assign resources to receive, read, and track responses. The entire team doesn’t need to receive every response, while a single resource may not have capacity to respond in a timely manner. Decide what makes the most sense in your environment.
    2. Respond to negative feedback: It may not be possible to respond to every customer that fills out a survey. Set guidelines for responding to negative surveys with no details on the issue; don’t spend time guessing why they were upset, simply ask the user why they were unsatisfied. The critical piece of taking advantage of the service recovery paradox is in the follow-up to the customer.
    3. Investigate and improve: Make sure you investigate the issue to ensure that it is a justified complaint or whether the issue is a symptom of another issue’s root cause. Identify remediation steps to ensure the issue does not repeat itself, and then communicate to the customer the action you have taken to improve.
    4. Act on positive feedback as well: If it’s easy for customers to provide feedback, then make room in your process for handling the positive results. Appreciate the time and effort your customers take to give kudos and use it as a tool to build a long-term relationship with that user. Saying thank you goes a long way and when customers know their time matters, they will be encouraged to fill out those surveys. This is also a good way to show what a great job the service desk team did with the interaction.

    Analyze survey feedback month over month to complement and justify metric results already in place

    When you combine the tracking and analysis of relationship and transactional survey data you will be able to dive into specific issues, identify trends and patterns, assess impact to users, and build a plan to make improvements.

    Once the survey data is centralized, categorized, and available you can start to focus on metrics. At a minimum, for transactional surveys, consider tracking:

    • Breakdown of satisfaction scores with trends over time
    • Unsatisfactory surveys that are related to incidents and service requests
    • Total surveys that have been actioned vs pending

    For relationship surveys, consider tracking:

    • Satisfaction scores by department and seniority level
    • Satisfaction with IT services, applications, and communication
    • Satisfaction with IT’s business enablement

    Scores of overall satisfaction with IT

    Image Source: Info-Tech End User Satisfaction Report

    Prioritize company-wide improvement initiatives by those that have the biggest impact to the entire customer base first and then communicate the plan to the organization using a variety of communication channels that will draw your customers in, e.g. dashboards, newsletters, email alerts.

    Info-Tech Insight

    Consider automating or using your ITSM notification system as a direct communication method to inform the service desk manager of negative survey results.

    Step 2.2: Design ticket categorization

    Image shows the steps in phase 2. Highlight is on step 2.2

    This step will walk you through the following activities:

    • 2.2.1 Assess ticket categorization
    • 2.2.2 Enhance ticket categories with resolution and status codes

    This step involves the following participants:

    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    The reviewed ticket categorization scheme will be easier to use and deploy more consistently, which will improve the categorization of data and the reliability of reports.

    DELIVERABLES

    • Optimized ticket categorization

    Design a ticket classification scheme to produce useful reports

    Reliable reports depend on an effective categorization scheme.

    Too many options cause confusion; too few options provide little value. As you build the classification scheme over the next few slides, let call routing and reporting requirements be your guide.

    Effective classification schemes are concise, easy to use correctly, and easy to maintain.

    Image shows example of a ticket classification scheme.

    Keep these guidelines in mind:

    • A good categorization scheme is exhaustive and mutually exclusive: there’s a place for every ticket and every ticket fits in only one place.
    • As you build your classification scheme, ensure the categories describe the actual asset or service involved based on final resolution, not how it was reported initially.
    • Pre-populate ticket templates with relevant categories to dramatically improve reporting and routing accuracy.
    • Use a tiered system to make the categories easier to navigate. Three tiers with 6-8 categories per tier provides up to 512 sub-categories, which should be enough for the most ambitious team.
    • Track only what you will use for reporting purposes. If you don’t need a report on individual kinds of laptops, don’t create a category beyond “laptops.”
    • Avoid “miscellaneous” categories. A large portion of your tickets will eventually end up there.

    Info-Tech Insight

    Don’t do it alone! Collaborate with managers in the specialized IT groups responsible for root-cause analysis to develop a categorization scheme that makes sense for them.

    The first approach to categorization breaks down the IT portfolio into asset types

    WHY SHOULD I START WITH ASSETS?

    Start with asset types if asset management and configuration management processes figure prominently in your practice or on your service management implementation roadmap.

    Image displays example of asset types and how to categorize them.

    Building the Categories

    Ask these questions:

    • Type: What kind of asset am I working on?
    • Category: What general asset group am I working on?
    • Subcategory: What particular asset am I working on?

    Need to make quick progress? Use Info-Tech Research Group’s Service Desk Ticket Categorization Schemes template.

    Info-Tech Insight

    Think about how you will use the data to determine which components need to be included in reports. If components won’t be used for reporting, routing, or warranty, reporting down to the component level adds little value.

    The second approach to categorization breaks down the IT portfolio into types of services

    WHY SHOULD I START WITH SERVICES?

    Start with asset services if service management generally figures prominently in your practice, especially service catalog management.

    Image displays example of service types and how to categorize them.

    Building the Categories

    Ask these questions:

    • Type: What kind of service am I working on?
    • Category: What general service group am I working on?
    • Subcategory: What particular service am I working on?

    Need to make quick progress? Use Info-Tech Research Group’s Service Desk Ticket Categorization Schemes template.

    Info-Tech Insight

    Remember, ticket categories are not your only source of reports. Enhance the classification scheme with resolution and status codes for more granular reporting.

    Improve the categorization scheme to enhance routing and reporting

    2.2.1 Assess whether the service desk can improve its ticket categorization

    1. As a group, review existing categories, looking for duplicates and designations that won’t affect ticket routing. Reconcile duplicates and remove non-essential categories.
    2. As a group, re-do the categories, ensuring that the new categorization scheme will meet the reporting requirements outlined earlier.
      • Are categories exhaustive and mutually exclusive?
      • Is the tier simple and easy to use (i.e. 3 tiers x 8 categories)?
    3. Test against recent tickets to ensure you have the right categories.
    4. Record the ticket categorization scheme in the Service Desk Ticket Categorization Schemes template.

    A screenshot of the Service Desk Ticket Categorization Schemes template.

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You’ll Need

    • Flip Chart
    • Whiteboard
    • Service Desk Ticket Categorization Scheme

    Enhance the classification scheme with resolution and status codes for more granular reporting

    Resolution codes differ from detailed resolution notes.

    • A resolution code is a field within the ticketing system that should be updated at ticket close to categorize the primary way the ticket was resolved.
    • This is important for reporting purposes as it adds another level to the categorization scheme and can help you identify knowledgebase article candidates, training needs, or problems.

    Ticket statuses are a helpful field for both IT and end users to identify the current status of the ticket and to initiate workflows.

    • The most common statuses are open, pending/in progress, resolved, and closed (note the difference between resolved and closed).
    • Waiting on user or waiting on vendor are also helpful statuses to stop the clock when awaiting further information or input.

    Common Examples:

    Resolution Codes

    • How to/training
    • Configuration change
    • Upgrade
    • Installation
    • Data import/export/change
    • Information/research
    • Reboot

    Status Fields

    • Declined
    • Open
    • Closed
    • Waiting on user
    • Waiting on vendor
    • Reopened by user

    Identify and document resolution and status codes

    2.2.2 Enhance ticket categories with resolution codes

    Discuss:

    • How can we use resolution information to enhance reporting?
    • Are current status fields telling the right story?
    • Are there other requirements like project linking?

    Draft:

    1. Write out proposed resolution codes and status fields and critically assess their value.
    2. Resolutions can be further broken down by incident and service request if desired.
    3. Test resolution codes against a few recent tickets.
    4. Record the ticket categorization scheme in the Service Desk SOP.

    Participants

    • CIO
    • Service Desk Manager
    • Service Desk Technician(s)

    What You’ll Need

    • Whiteboard or Flip Chart
    • Markers

    Step 2.3: Design incident escalation and prioritization

    Image shows the steps in phase 2. Highlight is on step 2.3.

    This step will walk you through the following activities:

    • 2.3.1 Build a small number of rules to facilitate prioritization
    • 2.3.2 Define escalation rules
    • 2.3.3 Define automated escalations
    • 2.3.4 Provide guidance to each tier around escalation steps and times

    This step involves the following participants:

    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    The reviewed ticket escalation and prioritization will streamline queue management, improve the quality of escalations, and ensure agents work on the right tickets at the right time.

    DELIVERABLES

    • Optimized ticket prioritization scheme
    • Guidelines for ticket escalations
    • List of automatic escalations

    Build a ticket prioritization matrix to make escalation assessment less subjective

    Most IT leaders agree that prioritization is one of the most difficult aspects of IT in general. Set priorities based on business needs first.

    Mission-critical systems or problems that affect many people should always come first (i.e. Severity Level 1).

    The bulk of reported problems, however, are often individual problems with desktop PCs (i.e. Severity Level 3 or 4).

    Some questions to consider when deciding on problem severity include:

    • How is productivity affected?
    • How many users are affected?
    • How many systems are affected?
    • How critical are the affected systems to the organization?

    Decide how many severity levels the organization needs the service desk to have. Four levels of severity are ideal for most organizations.

    Image shows example ticket prioritization matrix

    Collect the ticket prioritization scheme in one diagram to ensure service support aligns to business requirements

    Image shows example ticket prioritization matrix

    Prioritize incidents based on severity and urgency to foreground critical issues

    2.3.1 Build a clearly defined priority scheme

    Estimated Time: 60 minutes

    1. Decide how many levels of severity are appropriate for your organization.
    2. Build a prioritization matrix, breaking down priority levels by impact and urgency.
    3. Build out the definitions of impact and urgency to complete the prioritization matrix.
    4. Run through examples of each priority level to make sure everyone is on the same page.

    Image shows example ticket prioritization matrix

    Document in the SOP

    Participants

    • Service Managers
    • Service Desk Support
    • Applications or Infrastructure Support

    What You'll Need

    • Flip Chart Paper
    • Sticky Notes
    • Pens
    • Service Desk SOP

    Example of outcome from 2.3.1

    Define response and resolution targets for each priority level to establish service-level objectives for service support

    Image shows example of response and resolution targets.

    Build clear rules to help agents determine when to escalate

    2.3.2 Assign response, resolution, and escalation times to each priority level

    Estimated Time: 60 minutes

    Instructions:

    For each incident priority level, define the associated:

    1. Response time – time from when incident record is created to the time the service desk acknowledges to the customer that their ticket has been received and assigned.
    2. Resolution time – time from when the incident record is created to the time that the customer has been advised that their problem has been resolved.
    3. Escalation time – maximum amount of time that a ticket should be worked on without progress before being escalated to someone else.

    Participants

    • Service Managers
    • Service Desk Support
    • Applications or Infrastructure Support

    What You'll Need

    • Flip Chart Paper
    • Sticky Notes
    • Pens

    Image shows example of response and resolution targets

    Use the table on the previous slide as a guide.

    Discuss the possible root causes for escalation issues

    WHY IS ESCALATION IMPORTANT?

    Escalation is not about admitting defeat, but about using your resources properly.

    Defining procedures for escalation reduces the amount of time the service desk spends troubleshooting before allocating the incident to a higher service tier. This reduces the mean time to resolve and increases end-user satisfaction.

    You can correlate escalation paths to ticket categories devised in step 2.2.

    Image shows example on potential root causes for escalation issues.

    Build decision rights to help agents determine when to escalate

    2.3.3 Provide guidance to each tier around escalation steps and times

    Estimated Time: 60 minutes

    Instructions

    1. For each support tier, define escalation rules for troubleshooting (steps that each tier should take before escalation).
    2. For each support tier, define maximum escalation times (maximum amount of time to work on a ticket without progress before escalating).
    Example of outcome from step 2.3.3 to determine when to escalate issues.

    Create a list of application specialists to get the escalation right the first time

    2.3.4 Define automated escalations

    Estimated Time: 60 minutes

    1. Identify applications that will require specialists for troubleshooting or access rights.
    2. Identify primary and secondary specialists for each application.
    3. Identify vendors that will receive escalations either immediately or after troubleshooting.
    4. Set up application groups in the service desk tool.
    5. Set up workflows in the service desk tool where appropriate.
    6. Document the automated escalations in the categorization scheme developed in step 2.2 and in the Service Desk Roles and Responsibilities Guide.

    A screenshot of the Service Desk Roles and Responsibilities Guide

    Participants

    • Service Managers
    • Service Desk Support
    • Applications or Infrastructure Support

    What You'll Need

    • Flip Chart Paper
    • Sticky Notes
    • Pens

    Phase 3

    Design Request Fulfilment Processes

    Step 3.1: Build request workflows

    Image shows the steps in phase 3. Highlight is on step 3.1.

    This step will walk you through the following activities:

    • 3.1.1 Distinguish between requests and small projects
    • 3.1.2 Define service requests with SLAs
    • 3.1.3 Build and critique request workflows

    This step involves the following participants:

    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Workflows for service requests will improve the consistency and quality of service delivery and prepare the service desk to negotiate reliable service levels with the organization.

    DELIVERABLES

    • Workflows for the most common service requests
    • An estimated service level for each service request
    • Request vs. project criteria

    Standardize service requests for more efficient delivery

    Definitions:

    • An incident is an unexpected disruption to normal business processes and requires attempts to restore service as soon as possible (e.g. printer not working).
    • A service request is a request where nothing is broken or impacting a service and typically can be scheduled rather than requiring immediate resolution (e.g. new software application).
    • Service requests are repeatable, predictable, and easier to commit to SLAs.
    • By committing to SLAs, expectations can be set for users and business units for service fulfillment.
    • Workflows for service requests should be documented and reviewed to ensure consistency of fulfillment.
    • Documentation should be created for service request procedures that are complex.
    • Efficiencies can be created through automation such as with software deployment.
    • All service requests can be communicated through a self-service portal or service catalog.

    PREPARE A FUTURE SERVICE CATALOG

    Standardize requests to develop a consistent offering and prepare for a future service catalog.

    Document service requests to identify time to fulfill and approvals.

    Identify which service requests can be auto-approved and which will require a workflow to gain approval.

    Document workflows and analyze them to identify ways to improve SLAs. If any approvals are interrupting technical processes, rearrange them so that approvals happen before the technical team is involved.

    Determine support levels for each service offering and ensure your team can sustain them.

    Where it makes sense, automate delivery of services such as software deployment.

    Distinguish between service requests and small projects to ensure agents and end users follow the right process

    The distinction between service requests and small projects has two use cases, which are two sides of the same resourcing issue.

    • Service desk managers need to understand the difference to ensure the right approval process is followed. Typically, projects have more stringent intake requirements than requests do.
    • PMOs need to understand the difference to ensure the right people are doing the work and that small, frequent changes are standardized, automated, and taken out of the project list.

    What’s the difference between a service request and a small project?

    • The key differences involve resource scope, frequency, and risk.
    • Requests are likely to require fewer resources than projects, be fulfilled more often, and involve less risk.
    • Requests are typically done by tier 1 and 2 employees throughout the IT organization.
    • A request can turn into a small project if the scope of the request grows beyond the bounds of a normal request.

    Example: A mid-sized organization goes on a hiring blitz and needs to onboard 150 new employees in one quarter. Submitting and scheduling 150 requests for onboarding new employees would require much more time and resources.

    Projects are different from service requests and have different criteria

    A project, by terminology, is a temporary endeavor planned around producing a specific organizational or business outcome.

    Common Characteristics of Projects:

    • Time sensitive, temporary, one-off.
    • Uncertainty around how to create the unique thing, product, or service that is the project’s goal.
    • Non-repetitive work and sizeable enough to introduce heightened risk and complexity.
    • Strategic focus, business case-informed capital funding, and execution activities driven by a charter.
    • Introduces change to the organization.
    • Multiple stakeholders involved and cross-functional resourcing.

    Info-Tech Insight

    Projects require greater risk, effort, and resources than a service request and should be redirected to the PMO.

    Standard service requests vs. non-standard service requests: criteria to make them distinct

    • If there is no differentiation between standard and non-standard requests, those tickets can easily move into the backlog, growing it very quickly.
    • Create a process to easily identify non-standard requests when they enter the ticket queue to ensure customers are made aware of any delay of service, especially if it is a product or service currently not offered. This will give time for any approvals or technical solutioning that may need to occur.
    • Take recurring non-standard requests and make them standard. This is a good way to determine if there are any gaps in services offered and another vehicle to understand what your customers want.

    Standard Requests

    • Very common requests, delivered on an on-going basis
    • Defined process
    • Measured in hours or days
    • Uses service catalog, if it exists
    • Formalized and should already be documented
    • The time to deal with the request is defined

    Non-Standard Requests

    • Higher level complexity than standard requests
    • Cannot be fulfilled via service catalog
    • No defined process
    • Not supplied by questions that Service Request Definition (SRD) offers
    • Product or service is not currently offered, and it may need time for technical review, additional approvals, and procurement processes

    The right questions can help you distinguish between standard requests, non-standard requests, and projects

    Where do we draw the line between a standard and non-standard request and a project?

    The service desk can’t and shouldn’t distinguish between requests and projects on its own. Instead, engage stakeholders to determine where to draw the line.

    Whatever criteria you choose, define them carefully.

    Be pragmatic: there is no single best set of criteria and no single best definition for each criterion. The best criteria and definitions will be the ones that work in your organizational context.

    Common distinguishing factors and thresholds:

    Image shows table of the common distinguishing factors and thresholds.

    Distinguish between standard and non-standard service requests and projects

    3.1.1 Distinguish between service requests and projects

    1. Divide the group into two small teams.
    2. Each team will brainstorm examples of service requests and small projects.
    3. Identify factors and thresholds that distinguish between the two groups of items.
    4. Bring the two groups together and discuss the two sets of criteria.
    5. Consolidate one set of criteria that will help make the distinction between projects and service requests.
    6. Capture the table in the Service Desk SOP.

    Image shows blank template of the common distinguishing factors and thresholds.

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You'll Need

    • Service Desk SOP
    • Flip Chart
    • Whiteboard

    Distinguishing factors and thresholds

    Don’t standardize request fulfilment processes alone

    Everyone in IT contributes to the fulfilment of requests, but do they know it?

    New service desk managers sometimes try to standardize request fulfilment processes on their own only to encounter either apathy or significant resistance to change.

    Moving to a tiered generalist service desk with a service-oriented culture, a high first-tier generalist resolution rate, and collaborative T2 and T3 specialists can be a big change. It is critical to get the request workflows right.

    Don’t go it alone. Engage a core team of process champions from all service support. With executive support, the right process building exercises can help you overcome resistance to change.

    Consider running the process building activities in this project phase in a working session or a workshop setting.

    Info-Tech Insight

    If they build it, they will come. Service desk improvement is an exercise in organizational change that crosses IT disciplines. Organizations that fail to engage IT specialists from other silos often encounter resistance to change that jeopardizes the process improvements they are trying to make. Overcome resistance by highlighting how process changes will benefit different groups in IT and solicit the feedback of specialists who can affect or be affected by the changes.

    Define standard service requests with SLAs and workflows

    WHY DO I NEED WORKFLOWS?

    Move approvals out of technical IT processes to make them more efficient. Evaluate all service requests to see where auto-approvals make sense. Where approvals are required, use tools and workflows to manage the process.

    Example:

    Image is an example of SLAs and workflows.

    Approvals can be the main roadblock to fulfilling service requests

    Image is example of workflow approvals.

    Review the general standard service request and inquiry fulfillment processes

    As standard service requests should follow standard, repeatable, and predictable steps to fulfill, they can be documented with workflows.

    Image is a flow chart of service and inquiry request processes.

    Review the general standard service request and inquiry fulfillment processes

    Ensure there is a standard and predictable methodology for assessing non-standard requests; inevitably those requests may still cause delay in fulfillment.

    Create a process to ensure reasonable expectations of delivery can be set with the end user and then identify what technology requests should become part of the existing standard offerings.

    Image is a flowchart of non-standard request processes

    Document service requests to ensure consistent delivery and communicate requirements to users

    3.1.2 Define service requests with SLAs

    1. On a flip chart, list standard service requests.
    2. Identify time required to fulfill, including time to schedule resources.
    3. Identify approvals required; determine if approvals can be automated through defining roles.
    4. Discuss opportunities to reduce SLAs or automate, but recognize that this may not happen right away.
    5. Discuss plans to communicate SLAs to the business units, recognizing that some users may take a bit of time to adapt to the new SLAs.
    6. Work toward improving SLAs as new opportunities for process change occur.
    7. Document SLAs in the Service Desk SOP and update as SLAs change.
    8. Build templates in the service desk tool that encapsulate workflows and routing, SLAs, categorization, and resolution.

    Participants

    • Service Desk Managers
    • Service Desk Agents

    What You'll Need

    • Service Desk SOP
    • Flip Chart
    • Whiteboard

    Info-Tech Insight

    These should all be scheduled services. Anything that is requested as a rush needs to be marked as a higher urgency or priority to track end users who need training on the process.

    Analyze service request workflows to improve service delivery

    3.1.3 Build and critique request workflows

    1. Divide the group into small teams.
    2. Each team will choose one service request from the list created in the previous module and then draw the workflow. Include decision points and approvals.
    3. Discuss availability and technical support:
      • Can the service be fulfilled during regular business hours or 24x7?
      • Is technical support and application access available during regular business hours or 24x7?
    4. Reconvene and present workflows to the group.
    5. Document workflows in Visio and add to the Service Desk SOP. Where appropriate, enter workflows in the service desk tool.

    Critique workflows for efficiencies and effectiveness:

    • Do the workflows support the SLAs identified in the previous exercise?
    • Are the workflows efficient?
    • Is the IT staff consistently following the same workflow?
    • Are approvals appropriate? Is there too much bureaucracy or can some approvals be removed? Can they be preapproved?
    • Are approvals interrupting technical processes? If so, can they be moved?

    Participants

    • Service Desk Managers
    • Service Desk Agents

    What You'll Need

    • Service Desk SOP
    • Project Summary
    • Flip Chart
    • Whiteboard

    Step 3.2: Build a targeted knowledgebase

    Image shows the steps in phase 3. Highlight is on step 3.2.

    This step will walk you through the following activities:

    • 3.2.1 Design knowledge management processes
    • 3.2.2 Create actionable knowledgebase articles

    This step involves the following participants:

    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    The section will introduce service catalogs and get the organization to envision what self-service tools it might include.

    DELIVERABLES

    • Knowledgebase policy and process

    A knowledgebase is an essential tool in the service management toolbox

    Knowledge Management

    Gathering, analyzing, storing & sharing knowledge to reduce the need to rediscover known solutions.

    Knowledgebase

    Organized repository of IT best practices and knowledge gained from practical experiences.

    • End-User KB

      • Give end users a chance to resolve simple issues themselves without submitting a ticket.

    • Internal KB

      • Shared resource for service desk staff and managers to share and use knowledge.

    Use the knowledgebase to document:

    • Steps for pre-escalation troubleshooting.
    • Known errors.
    • Workarounds or solutions to recurring issues.
    • Solutions that require research or complex troubleshooting.
    • Incidents that have many root causes. Start with the most frequent solution and work toward less likely issues.

    Draw on organizational goals to define the knowledge transfer target state

    Image is Info-Tech’s Knowledge Transfer Maturity Model
    *Source: McLean & Company, 2013; N=120

    It’s better to start small than to have nothing at all

    Service desk teams are often overwhelmed by the idea of building and maintaining a comprehensive integrated knowledgebase that covers an extensive amount of information.

    Don’t let this idea stop you from building a knowledgebase! It takes time to build a comprehensive knowledgebase and you must start somewhere.

    Start with existing documentation or knowledge that depends on the expertise of only a few people and is easy to document and you will already see the benefits.

    Then continue to build and improve from there. Eventually, knowledge management will be a part of the culture.

    Engage the team to build a knowledgebase targeted on your most important incidents and requests

    WHERE DO I START?

    Inventory and consolidate existing documentation, then evaluate it for audience relevancy, accuracy, and usability. Use the exercise and the next slides to develop a knowledgebase template.

    Produce a plan to improve the knowledgebase.

    • Identify the current top five or ten incidents from the service desk reports and create related knowledgebase articles.
    • Evaluate for end-user self-service or technician resolution.
    • Note any resolutions that require access rights to servers.
    • Assign documentation creation tasks for the knowledgebase to individual team members each week.
    • Apply only one incident per article.
    • Set goals for each technician to submit one or two meaningful articles per month.
    • Assign a knowledge manager to monitor creation and edit and maintain the database.
    • Set policy to drive currency of the knowledgebase. See the Service Desk SOP for an example of a workable knowledge policy.

    Use a phased approach to build a knowledgebase

    Image is an example of a phased approach to build a knowledge base

    Use a quarterly, phased approach to continue to build and maintain your knowledgebase

    Continual Knowledgebase Maintenance:

    • Once a knowledgebase is in place, future articles should be written using established templates.
    • Articles should be regularly reviewed and monitored for usage. Outdated information will be retired and archived.
    • Ticket trend analysis should be done on an ongoing basis to identify new articles.
    • A proactive approach will anticipate upcoming issues based on planned upgrades and maintenance or other changes, and document resolution steps in knowledgebase articles ahead of time.

    Every Quarter:

    1. Conduct a ticket trend analysis. Identify the most important and common tickets.
    2. Review the knowledgebase to identify relevant articles that need to be revised or written.
    3. Use data from knowledge management tool to track expiring content and lesser used articles.
    4. Assign the task of writing articles to all IT staff members.
    5. Build and revise ticket templates for incident and service requests.

    Assign a knowledge manager role to ensure accountability for knowledgebase maintenance

    Assign a knowledge manager to monitor creation and edit and maintain database.

    Knowledge Manager/Owner Role:

    • Has overall responsibility for the knowledgebase.
    • Ensures content is consistent and maintains standards.
    • Regularly monitors and updates the list of issues that should be added to the knowledgebase.
    • Regularly reviews existing knowledgebase articles to ensure KB is up to date and flags content to retire or review.
    • Assigns content creation tasks.
    • Optimizes knowledgebase structure and organization.
    • See Info-Tech’s knowledge manager role description if you need a hand defining this position.

    The knowledge manager role will likely be a role assigned to an existing resource rather than a dedicated position.

    Develop a template to ensure knowledgebase articles are easy to read and write

    A screenshot of the Knowledgebase Article Template

    QUICK TIPS

    • Use non-technical language whenever possible to help less-technical readers.
    • Identify error messages and use screenshots where it makes sense.
    • Take advantage of social features like voting buttons to increase use.
    • Use Info-Tech’s Knowledge Base Article Template to get you started.

    Analyze the necessary features for your knowledgebase and compare them against existing tools

    Service desk knowledgebases range in complexity from simple FAQs to fully integrated software suites.

    Options include:

    • Article search with negative and positive filters.
    • Tagging, with the option to have keywords generate top matches.
    • Role-based permissions (to prevent unauthorized deletions).
    • Ability to turn a ticket resolution into a knowledgebase article (typically only available if knowledgebase tool is part of the service desk tool).
    • Natural language search.
    • Partitioning so relevant articles only appear for specific audiences.
    • Editorial workflow management.
    • Ability to set alerts for scheduled article review.
    • Article reporting (most viewed, was it useful?).
    • Rich text fields for attaching screenshots.

    Determine which features your organization needs and check to see if your tools have them.

    For more information on knowledgebase improvement, refer to Info-Tech’s Optimize the Service Desk With a Shift-Left Strategy.

    Document your knowledge management maintenance workflow to identify opportunities for improvement

    Workflow should include:

    • How you will identify top articles that need to be written
    • How you will ensure articles remain relevant
    • How you will assign new articles to be written, inclusive of peer review
    Image of flowchart of knowledgebase maintenance process.

    Design knowledgebase management processes

    3.2.1 Design knowledgebase management processes

    1. Assign a knowledge manager to monitor creation and edit and maintain the database. See Info-Tech’s knowledge manager role description if you need a hand defining this position.
    2. Discuss how you can use the service desk tool to integrate the knowledgebase with incident management, request fulfilment, and self-service processes.
    3. Discuss the suitability of a quarterly process to build and edit articles for a target knowledgebase that covers your most important incidents and requests.
    4. Set knowledgebase creation targets for tier 1, 2, and 3 analysts.
    5. Identify relevant performance metrics.
    6. Brainstorm elements that might be used as an incentive program to encourage the creation of knowledgebase articles and knowledge sharing more generally.
    7. Set policy to drive currency of knowledgebase. See the Service Desk SOP for an example of a workable knowledge policy.

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You’ll Need

    • Service Desk SOP
    • Flip Chart
    • Whiteboard

    Create actionable knowledgebase articles

    3.2.2 Run a knowledgebase working group

    Write and critique knowledgebase articles.

    1. On a whiteboard, build a list of potential knowledgebase articles divided by audience: Technician or End User.
    2. Each team member chooses one topic and spends 20 minutes writing.
    3. Each team member either reads the article and has the team critique or passes to the technician to the right for peer review. If there are many participants, break into smaller groups.
    4. Set a goal with the team for how, when, and how often knowledgebase articles will be created.
    5. Capture knowledgebase processes in the Service Desk SOP.

    Audience: Technician

    • Password update
    • VPN printing
    • Active directory – policy, procedures, naming conventions
    • Cell phones
    • VPN client and creation set-up

    Audience: End users

    • Set up email account
    • Password creation policy
    • Voicemail – access, change greeting, activities
    • Best practices for virus, malware, phishing attempts
    • Windows 10 tips and tricks

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You’ll Need

    • Service Desk SOP
    • Flip Chart
    • Whiteboard

    Step 3.3: Prepare for a self-service portal project

    Image shows the steps in phase 3. Highlight is on step 3.3.

    This step will walk you through the following activities:

    • 3.3.1 Develop self-service tools for the end user
    • 3.3.2 Make a plan for creating or improving the self-service portal

    This step involves the following participants:

    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    The section prepares you to tackle a self-service portal project once the service desk standardization is complete.

    DELIVERABLES

    • High-level activities to create a self-service portal

    Design the self-service portal with the users’ computer skills in mind

    A study by the OECD offers a useful reminder of one of usability’s most hard-earned lessons: you are not the user.

    • There is an important difference between IT professionals and the average user that’s even more damaging to your ability to predict what will be a good self-service tool: skills in using computers, the internet, and technology in general.
    • An international research study explored the computer skills of 215,942 people aged 16-65 in 33 countries.
    • The results show that across 33 rich countries, only 5% of the population has strong computer-related abilities and only 33% of people can complete medium-complexity computer tasks.
    • End users are skilled, they just don’t have the same level of comfort with computers as the average IT professional. Design your self-service tools with that fact in mind.
    Image is of a graph showing the ability of computer skills from age 16-65 among various countries.

    Take an incremental and iterative approach to developing your self-service portal

    Use a web portal to offer self-serve functionality or provide FAQ information to your customers to start.

    • Don’t build from scratch. Ideally, use the functionality included with your ITSM tool.
    • If your ITSM tool doesn’t have an adequate self-service portal functionality, then harness other tools that IT already uses. Common examples include Microsoft SharePoint and Google Forms.
    • Make it as easy as possible to access the portal:
      • Deploy an app to managed devices or put the app in your app store.
      • Create a shortcut on people’s start menus or home screens.
      • Print the URL on swag such as mousepads.
    • Follow Info-Tech’s approach to developing your user facing service catalog.

    Some companies use vending machines as a form of self serve. Users can enter their purchase code and “buy” a thin client, mouse, keyboard, software, USB keys, tablet, headphones, or loaners.

    Info-Tech Insight

    Building the basics first will provide your users with immediate value. Incrementally add new features to your portal.

    Optimize the portal: self-service should be faster and more convenient than the alternative

    Design the portal by demand, not supply

    Don’t build a portal framed around current offerings and capabilities just for the sake of it. Build the portal based on what your users want and need if you want them to use it.

    Make user experience a top priority

    The portal should be designed for users to self-serve, and thus self-service must be seamless, clear, and attractive to users.

    Speak your users’ language

    Keep in mind that users may not have high technical literacy or be familiar with terminology that you find commonplace. Use terms that are easy to understand.

    Appeal to both clickers and searchers

    Ensure that users can find what they’re looking for both by browsing the site and by using search functionality.

    Use one central portal for all departments

    If multiple departments (i.e. HR, Finance) use or will use a portal, set up a shared portal so that users won’t have to guess where to go to ask for help.

    You won’t know unless you test

    You will know how to navigate the portal better than anyone, but that doesn’t mean it’s intuitive for a new user. Test the portal with users to collect and incorporate feedback.

    Self-service portal examples (1/2)

    Image is of an example of the self-service portal

    Image source: Cherwell Service Management

    Self-service examples (2/2)

    Image is of an example of the self-service portal

    Image source: Team Dynamix

    Keep the end-user facing knowledgebase relevant with workflows, multi-device access, and social features

    Workflows:

    • Easily manage peer reviews and editorial and relevance review.
    • Enable links and importing between tickets and knowledgebase articles.
    • Enable articles to appear based on ticket content.

    Multi-device access:

    • Encourage users to access self-service.
    • Enable technicians to solve problems from anywhere.

    Social features:

    • Display most popular articles first to solve trending issues.
    • Enable voting to improve usability of articles.
    • Allow collaboration on self-service.

    For more information on building self-service portal, refer to Info-Tech’s Optimize the Service Desk with a Shift-Left Strategy

    Draft a high-level project plan for a self-service portal project

    3.3.1 Draft a high-level project plan for a self-service portal project

    1. Identify stakeholders who can contribute to the project.
      • Who will help with FAQ creation?
      • Who can design the self-service portal?
      • Who needs to sign off on the project?
    2. Identify the high-level tasks that need to be done.
      • How many FAQs need to be created?
      • How will we design the service catalog’s web portal?
      • What might a phased approach look like?
      • How can we break down the project into design, build, and implementation tasks?
      • What is the rough timeline for these tasks?
    3. Capture the high-level activities in the Service Desk Roadmap.

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You’ll Need

    • Flip Chart
    • Whiteboard
    • Implementation Roadmap

    Once you have a service portal, you can review the business requirements for a service catalog

    A service catalog is a communications device that lists the IT services offered by an organization. The service catalog is designed to enable the creation of a self-service portal for the end user. The portal augments the service desk so analysts can spend time managing incidents and providing technical support.

    The big value comes from workflows:

    • Improved economics and a means to measure the costs to serve over time.
    • Incentive for adoption because things work better.
    • Abstracts delivery from offer to serve so you can outsource, insource, crowdsource, slow, speed, reassign, and cover absences without involving the end user.

    There are three types of catalogs:

    • Static:Informational only, so can be a basic website.
    • Routing and workflow: Attached to service desk tool.
    • Workflow and e-commerce: Integrated with service desk tool and ERP system.
    Image is an example of service catalog

    Image courtesy of University of Victoria

    Understand the time and effort involved in building a service catalog

    A service catalog will streamline IT service delivery, but putting one together requires a significant investment. Service desk standardization comes first.

    • Workflows and back-end services must be in place before setting up a service catalog.
      • Think of the catalog as just the delivery mechanism for service you currently provide. If they aren’t running well and delivery is not consistent, you don’t want to advertise SLAs and options.
    • Service catalogs require maintenance.
      • It’s not a one-time investment – service catalogs must be kept up to date to be useful.
    • Service catalog building requires input from VIPs.
      • Architects and wordsmiths are not the only ones that spend effort on the service catalog. Leadership from IT and the business also provide input on policy and content.

    Sample Service Catalog Efforts

    • A college with 17 IT staff spent one week on a simple service catalog.
    • A law firm with 110 IT staff spent two months on a service catalog project.
    • A municipal government with 300 IT people spent over seven months and has yet to complete the project.
    • A financial organization with 2,000 IT people has spent seven months on service catalog automation alone! The whole project has taken multiple years.

    “I would say a client with 2,000 users and an IT department with a couple of hundred, then you're looking at six months before you have the catalog there.”

    – Service Catalog Implementation Specialist,

    Health Services

    Draft a high-level project plan for a self-service portal project

    3.2.2 Make a plan for creating or improving the self-service portal

    Identify stakeholders who can contribute to the project.

    • Who will help with FAQs creation?
    • Who can design the self-service portal?
    • Who needs to sign off on the project?

    Evaluate tool options.

    • Will you stick with your existing tool or invest in a new tool?

    Identify the high-level tasks that need to be done.

    • How will we design the web portal?
    • What might a phased approach look like?
    • What is the rough timeline for these tasks?
    • How many FAQs need to be created?
    • Will we have a service catalog, and what type?

    Document the plan and tasks in the Service Desk Roadmap.

    Examples of publicly posted service catalogs:

    University of Victoria is an example of a catalog that started simple and now includes multiple divisions, notifications, systems status, communications, e-commerce, incident registration, and more.

    Indiana University is a student, faculty, and staff service catalog and self-service portal that goes beyond IT services.

    If you are ready to start building a service catalog, use Info-Tech’s Design and Build a User-Facing Service Catalog blueprint to get started.

    Phase 4

    Plan the Implementation of the Service Desk

    Step 4.1: Build communication plan

    Image shows the steps in phase 4. Highlight is on step 4.1.

    This step will walk you through the following activities:

    • 4.1.1 Create the communication plan

    This step involves the following participants:

    • CIO
    • IT Director
    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    The communication plan and project summary will help project managers outline recommendations and communicate their benefits.

    DELIVERABLES

    • Communication plan
    • Project summary

    Effectively communicate the game plan to IT to ensure the success of service desk improvements

    Communication is crucial to the integration and overall implementation of your service desk improvement.

    An effective communication plan will:

    • Gain support from management at the project proposal phase.
    • Create end-user buy-in once the program is set to launch.
    • Maintainthe presence of the program throughout the business.
    • Instill ownership throughout the business, from top-level management to new hires.

    Build a communication plan to:

    1. Communicate benefits to IT:
      • Share the standard operating procedures for training and feedback.
      • Train staff on policies as they relate to end users and ensure awareness of all policy changes.
      • As changes are implemented, continue to solicit feedback on what is and is not working and communicate adjustments as appropriate.
    2. Train technicians:
      • Make sure everyone is comfortable communicating changes to customers.
    3. Measure success:
      • Review SLAs and reports. Are you consistently meeting SLAs?
      • Is it safe to communicate with end users?

    Create your communication plan to anticipate challenges, remove obstacles, and secure buy-in

    Why:

    • What problems are you trying to solve?

    What:

    • What processes will it affect (that will affect me)?

    Who:

    • Who will be affected?
    • Who do I go to if I have issues with the new process?
    3 gears are depicted. The top gear is labelled managers with an arrow going clockwise. The middle gear is labelled technical staff with an arrow going counterclockwise. The bottom gear is labelled end users with an arrow going clockwise

    When:

    • When will this be happening?
    • When will it affect me?

    How:

    • How will these changes manifest themselves?

    Goal:

    • What is the final goal?
    • How will it benefit me?

    Create a communication plan to outline the project benefits

    Improved business satisfaction:

    • Improve confidence that the service desk can solve issues within the service-level agreement.
    • Channel incidents and requests through the service desk.
    • Escalate incidents quickly and accurately.

    Fewer recurring issues:

    • Tickets are created for every incident and categorized correctly.
    • Reports can be used for root-cause analysis.

    Increased efficiency or lower cost to serve:

    • Use FAQs to enable end users to self-solve.
    • Use knowledgebase to troubleshoot once, solve many times.
    • Cross-train to improve service consistency.

    Enhanced demand planning:

    • Trend analysis and reporting improve IT’s ability to forecast and address the demands of the business.

    Organize the information to manage the deployment of key messages

    Example of how to organize and manage key messages

    Create the communication plan

    4.1.1 Create the communication plan

    Estimated Time: 45 minutes

    Develop a stakeholder analysis.

    1. Identify everyone affected by the project.
    2. Assess their level of interest, value, and influence.
    3. Develop a communication strategy tailored to their level of engagement.

    Craft key messages tailored to each stakeholder group.

    Finalize the communication plan.

    1. Examine your roadmap and determine the most appropriate timing for communications.
    2. Assess when communications must happen with executives, business unit leaders, end users, and technicians.
    3. Identify any additional communication challenges that have come up.
    4. Identify who will send out the communications.
    5. Identify multiple methods for getting the messages out (newsletters, emails, posters, company meetings).
    6. For inspiration, you can refer to the Sample Communication Plan for the project.

    Participants

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    Step 4.2: Build implementation roadmap

    Image shows the steps in phase 4. Highlight is on step 4.2.

    This step will walk you through the following activities:

    • 4.2.1 Build implementation roadmap

    This step involves the following participants:

    • CIO
    • IT Director
    • IT Managers
    • Service Desk Manager
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    The implementation plan will help track and categorize the next steps and finalize the project.

    DELIVERABLES

    • Implementation roadmap

    Collaborate to create an implementation plan

    4.2.1 Create the implementation plan

    Estimated Time: 45 minutes

    Determine the sequence of improvement initiatives that have been identified throughout the project.

    The purpose of this exercise is to define a timeline and commit to initiatives to reach your goals.

    Instructions:

    1. Review the initiatives that will be taken to improve the service desk and revise tasks, as necessary.
    2. Input each of the tasks in the data entry tab and provide a description and rationale behind the task.
    3. Assign an effort, priority, and cost level to each task (high, medium, low).
    4. Assign ownership to each task.
    5. Identify the timeline for each task based on the priority, effort, and cost (short, medium, and long term).
    6. Highlight risk for each task if it will be deferred.
    7. Track the progress of each task with the status column.

    Participants

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    A screenshot of the Roadmap tool.

    Document using the Roadmap tool.

    Related Info-Tech Research

    Standardize the Service Desk

    ImplementHardware and Software Asset Management

    Optimize Change Management Incident and Problem Management Build a Continual Improvement Plan for the Service Desk

    The Standardize blueprint reviews service desk structures and metrics and builds essential processes and workflows for incident management, service request fulfillment, and knowledge management practices.

    Once the service desk is operational, there are three paths to basic ITSM maturity:

    • Having the incident management processes and workflows built allows you to:
      • Introduce Change Management to reduce change-related incidents.
      • Introduce Problem Management to reduce incident recurrence.
      • Introduce Asset Management to augment service management processes with reliable data.

    Solicit targeted department feedback on core IT service capabilities, IT communications, and business enablement. Use the results to assess the satisfaction of end users, with each service broken down by department and seniority level.

    Works cited

    “Help Desk Staffing Models: Simple Analysis Can Save You Money.” Giva, Inc., 2 Sept. 2009. Web.

    Marrone et al. “IT Service Management: A Cross-national Study of ITIL Adoption.” Communications of the Association for Information Systems: Vol. 34, Article 49. 2014. PDF.

    Rumburg, Jeff. “Metric of the Month: First Level Resolution Rate.” MetricNet, 2011. Web.

    “Service Recovery Paradox.” Wikipedia, n.d. Web.

    Tang, Xiaojun, and Yuki Todo. “A Study of Service Desk Setup in Implementing IT Service Management in Enterprises.” Technology and Investment: Vol. 4, pp. 190-196. 2013. PDF.

    “The Survey of Adult Skills (PIAAC).” Organisation for Economic Co-operation and Development (OECD), 2016. Web.

    Contributors

    • Jason Aqui, IT Director, Bellevue College
    • Kevin Sigil, IT Director, Southwest Care Centre
    • Lucas Gutierrez, Service Desk Manager, City of Santa Fe
    • Rama Dhuwaraha, CIO, University of North Texas System
    • Annelie Rugg, CIO, UCLA Humanities
    • Owen McKeith, Manager IT Infrastructure, Canpotex
    • Rod Gula, IT Director, American Realty Association
    • Rosalba Trujillo, Service Desk Manager, Northgate Markets
    • Jason Metcalfe, IT Manager, Mesalabs
    • Bradley Rodgers, IT Manager, SecureTek
    • Daun Costa, IT Manager, Pita Pit
    • Kari Petty, Service Desk Manager, Mansfield Oil
    • Denis Borka, Service Desk Manager, PennTex Midstream
    • Lateef Ashekun, IT Manager, City of Atlanta
    • Ted Zeisner, IT Manager, University of Ottawa Institut de Cardiologie

    Advisory Call Outline: Software Selection Engagement

    • Buy Link or Shortcode: {j2store}609|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Selection takes forever. Traditional software selection drags on for years, sometimes in perpetuity.
    • IT is viewed as a bottleneck and the business has taken control of software selection.
    • “Gut feel” decisions rule the day. Intuition, not hard data, guides selection, leading to poor outcomes.
    • Negotiations are a losing battle. Money is left on the table by inexperienced negotiators.
    • Overall: Poor selection processes lead to wasted time, wasted effort, and applications that continually disappoint.

    Our Advice

    Critical Insight

    • Adopt a formal methodology to accelerate and improve software selection results.
    • Improve business satisfaction by including the right stakeholders and delivering new applications on a truly timely basis.
    • Kill the “sacred cow” requirements that only exist because “it’s how we’ve always done it.”
    • Forget about “RFP” overload and hone in on the features that matter to your organization.
    • Skip the guesswork and validate decisions with real data.
    • Take control of vendor “dog and pony shows” with single-day, high-value, low-effort, rapid-fire investigative interviews.
    • Master vendor negotiations and never leave money on the table.

    Impact and Result

    • Improving software selection is a critical project that will deliver huge value.
    • Hit a home run with your business stakeholders: use a data-driven approach to select the right application vendor for their needs – fast.
    • Shatter stakeholder expectations with truly rapid application selections.
    • Boost collaboration and crush the broken telephone with concise and effective stakeholder meetings.
    • Lock in hard savings and do not pay list price by using data-driven tactics.

    Advisory Call Outline: Software Selection Engagement Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Advisory Call Outline

    Info-Tech's expert analyst guidance will help you save money, align stakeholders, and speed up the application selection process.

    • Advisory Call Outline: Software Selection Engagement Deck

    2. Workshop Overview

    Info-Tech's workshop will help you implement a repeatable, data-driven approach that accelerates software selection efforts.

    • Rapid Software Selection Workshop Overview
    [infographic]

    Identify and Manage Reputational Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}220|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Access to information about companies is more available to consumers than ever. Organizations must implement mechanisms to monitor and manage how information is perceived to avoid potentially disastrous consequences to their brand reputation.

    A negative event could impact your organization's reputation at any given time. Make sure you understand where such events may come from and have a plan to manage the inevitable consequences.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential impact on your organization’s reputation requires efforts from multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how social media can affect your brand.
    • Organizational leadership is often caught unaware during crises, and their response plans lack the flexibility to adjust to significant market upheavals.

    Impact and Result

    • Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

    Identify and Manage Reputational Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Reputational Risk Impacts on Your Organization Deck – Use the research to better understand the negative impacts of vendor actions on your brand reputation.

    Use this research to identify and quantify the potential reputational impacts caused by vendors. Use Info-Tech's approach to look at the reputational impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Reputational Risk Impacts on Your Organization Storyboard

    2. Reputational Risk Impact Tool – Use this tool to help identify and quantify the reputational impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate - possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Reputational Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Reputational Risk Impacts on Your Organization

    Brand reputation is the most valuable asset an organization can protect.

    Analyst Perspective

    Organizations must diligently assess and protect their reputations, both in the market and internally.

    Social media, unprecedented access to good and bad information, and consumer reliance on others’ online opinions force organizations to dedicate more resources to protecting their brand reputation than ever before. Perceptions matter, and you should monitor and protect the perception of your organization with as much rigor as possible to ensure your brand remains recognizable and trusted.

    Photo of Frank Sewell, Research Director, Vendor Management, Info-Tech Research Group.

    Frank Sewell
    Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Access to information about companies is more available to consumers than ever. A negative event could impact your organizational reputation at any time. As a result, organizations must implement mechanisms to monitor and manage how information is perceived to avoid potentially disastrous consequences to their brand reputation.

    Make sure you understand where negative events may come from and have a plan to manage the inevitable consequences.

    		 Common Obstacles

    Identifying and managing a vendor’s potential impact on your organization’s reputation requires efforts from multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how social media can affect your brand.

    Organizational leadership is often caught unaware during crises, and their response plans lack the flexibility to adjust to significant market upheavals.

    		 Info-Tech’s Approach

    Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

    Info-Tech Insight

    Organizations must evolve their risk assessments to be more adaptive to respond to rapid changes in online media. Ongoing monitoring of social media and the vendors tied to their company is imperative to achieving success and avoiding reputational disasters.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    Cube with each multiple colors on each face, similar to a Rubix cube, and individual components of vendor risk branching off of it: 'Financial', 'Reputational', 'Operational', 'Strategic', 'Security', and 'Regulatory & Compliance'.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of scope:
    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Reputational risk impacts

    Potential losses to the organization due to risks to its reputation and brand

    In this blueprint, we’ll explore reputational risks (risks to the brand reputation of the organization) and their impacts.

    Identify potentially negative events to assess the overall impact on your organization and implement adaptive measures to respond and correct.

    Cube with each multiple colors on each face, similar to a Rubix cube, and the vendor risk component 'Reputational' highlighted.

    Protect your most valuable asset: your brand

    25%

    of a company’s market value is due to reputation (Transmission Private, 2021)

    94%

    of consumers say that a bad review has convinced them to avoid a business (ReviewTrackers, 2022)

    14 hours

    is the average time it takes for a false claim to be corrected on social media (Risk Analysis, 2018)
    Image of an umbrella covering the word 'BRAND' and three arrows approaching from above.

    What is brand recognition?

    And the cost of rebranding

    Brand recognition is the ability of consumers to recognize an identifying characteristic of one company versus a competitor.” (Investopedia)

    Most trademark valuation is based directly on its projected future earning power, based on income history. For a new brand with no history, evaluators must apply experience and common sense to predict the brand's earning potential. They can also use feedback from industry experts, market surveys, and other studies.” (UpCounsel)

    The cost of rebranding for small to medium businesses is about 10 to 20% of the recommended overall marketing budget and can take six to eight months (Ignyte).

    		 Stock image of a house with a money sign chimney.

    "All we are at our core is our reputation and our brand, and they are intertwined." (Phil Bode, Principal Research Director, Info-Tech Research Group)

    What your vendor associations say about you

    Arrows of multiple colors coalescing in an Earth labelled 'Your Brand', and then a red arrow that reads 'Reputation' points to the terms on the right.

    Bad Customer Reviews

    Breach of Data

    Poor Security Posture

    Negative News Articles

    Public Lawsuits

    Poor Performance

    How a major vendor protects its brand

    An ideal state
    • There is a dedicated brand protection department.
    • All employees are educated annually on brand protection policies and procedures.
    • Brand protection is tied to cybersecurity.
    • The organization actively monitors its brand and reputation through various media formats.
    • The organization has criteria for assessing x-party vendors and holds them accountable through ongoing monitoring and validation of their activities.

    Brand Protection
    Done Right

    Sticker for a '5 Star Rating'.

    Never underestimate the power of local media on your profits

    Info-Tech Insight

    Keep in mind that too much exposure to media can be a negative in that it heightens the awareness of your organization to outside actors. If you do go through a period of increased exposure, make sure to advance your monitoring practices and vigilance.

    Story: Restaurant data breach

    Losing customer faith

    A popular local restaurant’s point of service (POS) machines were breached and the credit card data of their customers over a two-week period was stolen. The restaurant did the right thing: they privately notified the affected people, helped them set up credit monitoring services, and replaced their compromised POS system.

    Unfortunately, the local newspaper got wind of the breach. It published the story, leaving out that the restaurant had already notified affected customers and had replaced their POS machines.

    In response, the restaurant launched a campaign in the local paper and on social media to repair their reputation in the community and reassure people that they could safely transact at their business.

    For at least a month, the restaurant experienced a drastic decrease in revenue as customers either refused to come in to eat or paid only in cash. During this same period the restaurant was spending outside their budget on the advertising.
    Broken trust.

    Story: Monitor your subcontractors

    Trust but verify

    A successful general contractor with a reputation for fairness in their dealings needed a specialist to perform some expert carpentry work for a few of their clients.

    The contractor gave the specialist the clients’ contact information and trusted them to arrange the work.

    Weeks later, the contractor checked in with the clients and received a ton of negative feedback:

    • The specialist called them once and never called back.
    • The specialist refused to do the work as described and wanted to charge extra.
    • The specialist performed work to “fix” the issue but cut corners to lessen their costs.

    As a result, the contractor took extreme measures to regain the clients’ confidence and trust and lost other opportunities in the process.

    		 Stock image of a sad construction site supervisor.

    You work hard for your reputation. Don’t let others ruin it.

    Don’t forget to look within as well as without

    Stock image of a frustrated desk worker.

    Story: Internal reputation is vital

    Trust works both ways

    An organization’s relatively new IT and InfoSec department leadership have been upgrading the organization's systems and policies as fast as resources allow when the organization encounters a major breach of security.

    Trust in the developing IT and InfoSec departments' leadership wanes throughout the organization as people search for the root cause and blame the systems. This degradation of trust limits the effectiveness of the newly implemented process, procedures, and tools of the departments.

    The new leaders' abilities are called into question, and they must now rigorously defend and justify their decisions and positions to the executives and board.

    It will be some time before the two departments gain their prior trust and respect, and the new leaders face some tough times ahead regaining the organization's confidence.

    How could the new leaders approach the situation to mend their reputations in the wake of this (perhaps unfair) reputational hit?

    It is not enough to identify the potential risks; there must also be adequate controls in place to monitor and manage them

    Stock image of a fingerprint on a computer chip under a blacklight.

    Identify, manage, and monitor reputational risks

    Global markets
    • Organizations need to learn how to assess the likelihood of potential risks in the changing global markets and recognize how their partnerships and subcontracts affect their brand.
    • Now more than ever, organizations need to be mindful of the larger global landscape and how their interactions within various regions can impact their reputation.
    Social media
    • Understanding how to monitor social media activity and online content will give you an edge in the current environment.
    • Changes in social media generally happen faster than companies can recognize them. If you are not actively monitoring those risks, the damage could set in before you even have a chance to respond.
    Global shortages
    • Organizations need to accept that shortages will recur periodically and that preparing for them will significantly increase the success potential of long-term plans.
    • Customers don’t always understand what is happening in the global supply chain and may blame you for poor service if you cannot meet demands as you have in the past.

    Which way is your reputation heading?

    • Do you understand and track items that might affect your reputation?
    • Do you understand the impact they may have on your business?

    Visualization of a Newton's Cradle perpetual motion device, aka clacky balls. The lifted ball is colored green with a smiley face and is labelled 'Your Brand Reputation'. The other four balls are red with a frowny face and are labelled 'Data Breach/ Lawsuit', 'Service Disruption', 'Customer Complaint', and 'Poor Delivery'.

    Identifying and understanding potential risks is essential to adapting to the ever-changing online landscape

    Info-Tech Insight

    Few organizations are good at identifying risks. As a result, almost none realistically plan to monitor, manage, and adapt their plans to mitigate those risks.

    Reputational risks

    Not protecting your brand can have disastrous consequences to your organization

    • Data breaches & lawsuits
    • Poor vendor performance
    • Service disruptions
    • Negative reviews

    Stock image of a smiling person on their phone rating something five stars.

    What to look for in vendors

    Identify potential reputational risk impacts
    • Check online reviews from both customers and employees.
    • Check news sites:
      • Has the vendor been affected by a breach?
      • Is the vendor frequently in the news – good or bad? Greater exposure can cause an uptick in hostile attacks, so make sure the vendor has adequate protections in line with its exposure.
    • Review its financials. Is it prime for an acquisition/bankruptcy or other significant change?
    • Review your contractual protections to ensure that you are made whole in the event something goes wrong. Has anything changed with the vendor that requires you to increase your protections?
    • Has anything changed in the vendor’s market? Is a competitor taking its business, or are its resources stretched on multiple projects due to increased demand?
    		 Illustration of business people in a city above various icons.

    Assessing Reputational Risk Impacts

    Zigzagging icons and numbers one through 7 alternating sides downward. Review Organizational Strategy
    Understand the organizational strategy to prepare for the “what if” game exercise.
    Identify & Understand Potential Risks
    Play the “what if” game with the right people at the table.
    Create a Risk Profile Packet for Leadership
    Pull all the information together in a presentation document.
    Validate the Risks
    Work with leadership to ensure that the proposed risks are in line with their thoughts.
    Plan to Manage the Risks
    Lower the overall risk potential by putting mitigations in place.
    Communicate the Plan
    It is important not only to have a plan but also to socialize it in the organization for awareness.
    Enact the Plan
    Once the plan is finalized and socialized put it in place with continued monitoring for success.
    (Adapted from Harvard Law School Forum on Corporate Governance)

    Insight Summary

    Reputational risk impacts are often unanticipated, causing catastrophic downstream effects. Continuously monitoring your vendors’ actions in the market can help organizations head off brand disasters before they occur.
    Insight 1

    Understanding how to monitor social media activity and online content will give you an edge in the current environment.

    Do you have dedicated individuals or teams to monitor your organization's online presence? Most organizations review and approve the online content, but many forget the need to have analysts reviewing what others are saying about them.

    Insight 2

    Organizations need to learn how to assess the likelihood of potential risks in the rapidly changing online environments and recognize how their partnerships and subcontractors’ actions can affect their brand.

    For example, do you understand how a simple news article raises your profile for short-term and long-term adverse events?

    Insight 3

    Socialize the risk management process throughout the organization to heighten awareness and enable employees to help protect the company’s reputation.

    Do you include a social media and brand protection policy in your annual education?

    Identify reputational risk

    Who should be included in the discussion?
    • While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make INFORMED decisions.
    • Getting input from your organization's marketing experts will enhance your brand's long-term protection.
    • Involving those who directly manage vendors and understand the market will aid in determining the forward path for relationships with your current vendors and identifying new emerging potential partners.
    • Organizations have a wealth of experience in their marketing departments that can help identify real-world negative scenarios.
    • Include vendor relationship managers to help track what is happening in the media for those vendors.
    		 Keep in mind: (R=L*I)
    Risk = Likelihood x Impact

    Impact tends to remain the same, while likelihood is a very flexible variable.

    Stock image of a flowchart asking 'Risk?', 'Yes', 'No'.

    Manage and monitor reputational risk impacts

    What can we realistically do about the risks?
    • Re-evaluate corporate policies frequently.
    • Ensure proper protections in contracts:
      • Limit the use of your brand name in the publicity and trademark clauses.
      • Make sure to include security protections for your data in the event of a breach; understand that reputation can rarely be made whole again once trust is breached.
    • Introduce continual risk assessment to monitor the relevant vendor markets.
    • Be adaptable and allow for innovations that arise from the current needs.
      • Capture lessons learned from prior incidents to improve over time and adjust your strategy based on the lessons.
    • Monitor your company’s and associated vendors’ online presence.
    • Track similar companies’ brand reputations to see how yours compares in the market.

    Social media is driving the need for perpetual diligence.

    Organizations need to monitor their brand reputation considering the pace of incidents in the modern age.

    Stock image of a person on a phone that is connected to other people.

    The “what if” game

    1-3 hours

    Input: List of identified potential risk scenarios scored by likelihood and financial impact, List of potential management of the scenarios to reduce the risk

    Output: Comprehensive reputational risk profile on the specific vendor solution

    Materials: Whiteboard/flip charts, Reputational Risk Impact Tool to help drive discussion

    Participants: Vendor Management Coordinator, Organizational Leadership, Operations Experts (SMEs), Legal/Compliance/Risk Manager, Marketing

    Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (or if too small, continue as a single group).
    2. Use the Reputational Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potential risk but manage the overall process to keep the discussion on track.
    3. Collect the outputs and ask the subject matter experts for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.

    Download the Reputational Risk Impact Tool

    Example: Low reputational risk

    We can see clearly in this example that the contractor suffered minimal impact from the specialist's behavior. Though they did take a hit to their overall reputation with a few customers, they should be able to course-correct with a minimal outlay of effort and almost no loss of revenue.

    		 Stock image of construction workers.

    Sample table of 'Sample Questions to Ask to Identify Reputational Impacts'. Column headers are 'Score', 'Weight', 'Question', and 'Comments or Notes'. At the bottom the 'Reputational Score' row has a low average score of '1.3' and '%100' total weight in their respective columns.

    Example: High reputational risk

    Note in the example how the tool can represent different weights for each of the criteria depending on your needs.

    		 Stock image of an older person looking out a window.

    Sample table of 'Sample Questions to Ask to Identify Reputational Impacts'. Column headers are 'Score', 'Weight', 'Question', and 'Comments or Notes'. At the bottom the 'Reputational Score' row has a high average score of '3.1' and '%100' total weight in their respective columns.

    Summary

    Be vigilant and adaptable to change
    • Organizations need to learn how to assess the likelihood of potential risks in the changing global markets and recognize how their partnerships and subcontracts affect their brand.
    • Understanding how to monitor social media activity and online content will give you an edge in the current environment.
    • Bring the right people to the table to outline potential risks to your organization’s brand reputation.
    • Socialize the risk management process throughout the organization to heighten awareness and enable employees to help protect the company’s reputation.
    • Incorporate lessons learned from incidents into your risk management process to build better plans for future issues.
    		 Stock image of a person's face overlaid with many different images.

    Organizations must evolve their risk assessments to be more adaptive to respond to global factors in the market.

    Ongoing monitoring of online media and the vendors tied to company visibility is imperative to avoiding disaster.

    Bibliography

    "The CEO Reputation Premium: Gaining Advantage in the Engagement Era." Weber Shandwick, March 2015. Accessed June 2022.

    Glidden, Donna. "Don't Underestimate the Need to Protect Your Brand in Publicity Clauses." Info-Tech Research Group, June 2022.

    Greenaway, Jordan. "Managing Reputation Risk: A start-to-finish guide." Transmission Private, July 2020. Accessed June 2022.

    Jagiello, Robert D., and Thomas T. Hills. “Bad News Has Wings: Dread Risk Mediates Social Amplification in Risk Communication.” Risk Analysis, vol. 38, no. 10, 2018, pp. 2193-2207.

    Kenton, Will. "Brand Recognition.” Investopedia, Aug. 2021. Accessed June 2022.

    Lischer, Brian. "How Much Does it Cost to Rebrand Your Company?" Ignyte, October 2017. Accessed June 2022.

    "Powerful Examples of How to Respond to Negative Reviews." ReviewTrackers, 16 Feb. 2022. Accessed June 2022.

    Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012. Web.

    "Valuation of Trademarks: Everything You Need to Know." UpCounsel, 2022. Accessed June 2022.

    Related Info-Tech Research

    Sample of 'Assessing Financial Risk Management'. Identify and Manage Financial Risk Impacts on Your Organization
    • Identifying and managing a vendor’s potential financial impact requires multiple people in the organization across several functions – and those people all need educating on the potential risks.
    • Organizational leadership is often unaware of decisions on organizational risk appetite and tolerance, and they assume there are more protections in place against risk impact than there truly are.
    Sample of 'How to Assess Strategic Risk'. Identify and Manage Strategic Risk Impacts on Your Organization
    • Identifying and managing a vendor’s potential strategic impact requires multiple people in the organization across several functions – and those people all need coaching on the potential changes in the market and how these changes affect strategic plans.
    • Organizational leadership is often caught unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals.
    Research coming soon. Jump Start Your Vendor Management Initiative
    • Vendor management is not “plug and play” – each organization’s vendor management initiative (VMI) needs to fit its culture, environment, and goals. The key is to adapt vendor management principles to fit your needs…not the other way around.
    • All vendors are not of equal importance to an organization. Classifying or segmenting your vendors allows you to focus your efforts on the most important vendors first, allowing your VMI to have the greatest impact possible.

    Research Contributors and Experts

    Frank Sewell

    Research Director
    Info-Tech Research Group

    		 Donna Glidden

    Research Director
    Info-Tech Research Group
    Steven Jeffery

    Principal Research Director
    Info-Tech Research Group

    		 Mark Roman

    Managing Partner
    Info-Tech Research Group
    Phil Bode

    Principal Research Director
    Info-Tech Research Group

    		 Sarah Pletcher

    Executive Advisor
    Info-Tech Research Group
    Scott Bickley

    Practice Lead
    Info-Tech Research Group

    Strengthen the SSDLC for Enterprise Mobile Applications

    • Buy Link or Shortcode: {j2store}283|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Mobile Development
    • Parent Category Link: /mobile-development
    • CEOs see mobile for employees as their top mandate for upcoming technology innovation initiatives, making security a key competency for development.
    • Unsecure mobile applications can cause your employees to question the mobile applications’ integrity for handling sensitive data, limiting uptake.
    • Secure mobile development tends to be an afterthought, where vulnerabilities are tested for post-production rather than during the build process.
    • Developers lack the expertise, processes, and proper tools to effectively enhance applications for mobile security.

    Our Advice

    Critical Insight

    • Organizations currently react to security issues. Info-Tech recommends a proactive approach to ensure a secure software development life cycle (SSDLC) end-to-end.
    • Organizations currently lack the secure development practices to provide highly secure mobile applications that end users can trust.
    • Enable your developers with five key secure development techniques from Info-Tech’s development toolkit.

    Impact and Result

    • Embed secure development techniques into your SDLC.
    • Create a repeatable process for your developers to continually evaluate and optimize mobile application security for new threats and corresponding mitigation steps.
    • Build capabilities within your team based on Info-Tech’s framework by supporting ongoing security improvements through monitoring and metric analysis.

    Strengthen the SSDLC for Enterprise Mobile Applications Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should adopt secure development techniques for mobile application development, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess secure mobile development processes

    Determine the current security landscape of mobile application development.

    • Strengthen the SSDLC for Enterprise Mobile Applications – Phase 1: Assess Secure Mobile Development Practices
    • Systems Architecture Template
    • Mobile Application High-Level Design Requirements Template

    2. Implement and test secure mobile techniques

    Incorporate the various secure development techniques into current development practices.

    • Strengthen the SSDLC for Enterprise Mobile Applications – Phase 2: Implement and Test Secure Mobile Techniques

    3. Monitor and support secure mobile applications

    Create a roadmap for mobile optimization initiatives.

    • Strengthen the SSDLC for Enterprise Mobile Applications – Phase 3: Monitor and Support Secure Mobile Applications
    • Mobile Optimization Roadmap
    [infographic]

    Workshop: Strengthen the SSDLC for Enterprise Mobile Applications

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Your Secure Mobile Development Practices

    The Purpose

    Identification of the triggers of your secure mobile development initiatives.

    Assessment of the security vulnerabilities in your mobile applications from an end-user perspective.

    Identification of the execution of your mobile environment.

    Assessment of the mobile threats and vulnerabilities to your systems architecture.

    Prioritization of your mobile threats.

    Creation of your risk register.

    Key Benefits Achieved

    Key opportunity areas where a secure development optimization initiative can provide tangible benefits.

    Identification of security requirements.

    Prioritized list of security threats.

    Initial mobile security risk register created. 

    Activities

    1.1 Establish the triggers of your secure mobile development initiatives.

    1.2 Assess the security vulnerabilities in your mobile applications from an end-user perspective.

    1.3 Understand the execution of your mobile environment with a systems architecture.

    1.4 Assess the mobile threats and vulnerabilities to your systems architecture.

    1.5 Prioritize your mobile threats.

    1.6 Begin building your risk register.

    Outputs

    Mobile Application High-Level Design Requirements Document

    Systems Architecture Diagram

    2 Implement and Test Your Secure Mobile Techniques

    The Purpose

    Discovery of secure development techniques to apply to current development practices.

    Discovery of new user stories from applying secure development techniques.

    Discovery of new test cases from applying secure development techniques.

    Key Benefits Achieved

    Areas within your code that can be optimized for improving mobile application security.

    New user stories created in relation to mitigation steps.

    New test cases created in relation to mitigation steps.

    Activities

    2.1 Gauge the state of your secure mobile development practices.

    2.2 Identify the appropriate techniques to fill gaps.

    2.3 Develop user stories from security development gaps identified.

    2.4 Develop test cases from user story gaps identified.

    Outputs

    Mobile Application High-Level Design Requirements Document

    3 Monitor and Support Your Secure Mobile Applications

    The Purpose

    Identification of key metrics used to measure mobile application security issues.

    Identification of secure mobile application and development process optimization initiatives.

    Identification of enablers and blockers of your mobile security optimization.

    Key Benefits Achieved

    Metrics for measuring application security.

    Modified triaging process for addressing security issues.

    Initiatives for development optimization.

    Enablers and blockers identified for mobile security optimization initiatives.

    Process for developing your mobile optimization roadmap.

    Activities

    3.1 List the metrics that would be gathered to assess the success of your mobile security optimization.

    3.2 Adjust and modify your triaging process to enhance handling of security issues.

    3.3 Brainstorm secure mobile application and development process optimization initiatives.

    3.4 Identify the enablers and blockers of your mobile security optimization.

    3.5 Define your mobile security optimization roadmap.

    Outputs

    Mobile Optimization Roadmap

    Build an IT Succession Plan

    • Buy Link or Shortcode: {j2store}476|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $338,474 Average $ Saved
    • member rating average days saved: 17 Average Days Saved
    • Parent Category Name: Lead
    • Parent Category Link: /lead
    • Pending retirements in key roles create workforce risks and potentially impact business continuity.
    • Fifty-six percent of organizations have not engaged in succession planning, so they haven’t identified at-risk key roles or successors for those roles.

    Our Advice

    Critical Insight

    • Just under 60% of organizations haven't tackled succession planning.
    • This means that three out of five organizations don’t know what skills they need for the future or what their key roles truly are. They also haven’t identified at-risk key roles or successors for those roles.
    • In addition, 74% of organizations have no formal process for facilitating knowledge transfer between individuals, so knowledge will be lost.

    Impact and Result

    • Info-Tech's Key Roles Succession Planning Tool will help you assess key role incumbent risk factors as well as identify potential successors and their readiness. Pay particular attention to those employees in key roles that are nearing retirement, and flag them as high risk.
    • Plan for the transfer of critical knowledge held by key role incumbents. Managers and HR leaders see significant tacit knowledge gaps in younger workers; prioritize tacit knowledge in your transfer plan and leverage multiple transfer methods.
    • Explore alternative work arrangements to ensure sufficient time to prepare successors. A key role incumbent must be available to complete knowledge transfer.
    • Define formal transition plans for all employees in at-risk key roles and their successors by leveraging your workforce and succession planning outputs, knowledge transfer strategy, and selected alternative work arrangements.

    Build an IT Succession Plan Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build an IT Succession Plan Deck – A step-by-step document that walks you through how to future-proof your IT team.

    Protect your team and organization from losses associated with departure of people from key roles. This blueprint will help you build an IT succession plan to ensure critical knowledge doesn’t walk out the door and continuity of business when people in key roles leave.

    • Build an IT Succession Plan Storyboard

    2. Critical Role Identifier – A tool to help you determine which roles are most critical to the success of your team.

    The purpose of this tool is to help facilitate a conversation around critical roles.

    • Critical Role Identifier

    3. Key Role Succession Planning Template – A tool that walks you through reviewing your talent, succession planning, and determining successor readiness.

    This tool will help IT leaders work through key steps in succession development for each employee in the team, and present summaries of the findings for easy reference and defensibility.

    • Key Roles Succession Planning Tool

    4. Role Profile Template – A template that helps you outline the minimum requirements for each critical role addressed in succession planning.

    This template is a guide and the categories can be customized to your organization.

    • Role Profile Template

    5. Individual Talent Profile Template – A template to assess an employee against the role profiles of critical roles.

    This profile provides the basis for evidence-based comparison of talent in talent calibration sessions.

    • Individual Talent Profile Template

    6. Role Transition Plan Template – A template to help you plan to implement knowledge transfer and alternative work arrangements.

    As one person exits a role and a successor takes over, a clear checklist-based plan will help ensure a smooth transition.

    • Role Transition Plan Template
    [infographic]

    Further reading

    INFO~TECH RESEARCH GROUP

    Build an IT Succession Plan

    Future-proof your IT team.


    Build an IT Succession Plan

    Future-proof your IT team.

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    Most organizations are unprepared for the loss of employees who hold key roles.

    • The departure of employees in key roles results in the loss of valuable knowledge, core business relationships, and profits.
    • Pending retirements in key roles create workforce risks and potentially impact business continuity.

    Planning and executing on key role transition can take years. CIOs should prepare now to mitigate the risk of loss later.

    		Common Obstacles
    • The number of organizations which have not engaged in succession planning is 56%; they haven’t identified at-risk key roles, or successors for those roles.
    • Analyzing key roles at the incumbent and successor level introduces real-life, individual-focused factors that have a major impact on role-related risk.
    		Info-Tech’s Approach
    • Plan for the transfer of critical knowledge held by key role incumbents.
    • Explore alternative work arrangements to ensure sufficient time to prepare successors.
    • Define formal transition plans for all employees in at-risk key roles and their successors.

    Info-Tech Insight

    Losing employees in key roles without adequate preparation hinders productivity, knowledge retention, relationships, and opportunities. Implement scalable succession planning to mitigate the risks.

    Most organizations are unprepared for the loss of employees who hold key roles

    Due to the atmosphere of uncertainty.

    Not only do they not have the right processes in place, but they are also ill-equipped to deal with the sheer volume of retirees in the future.

    Over 58% of organizations are unprepared for Baby Boomer retirement. Only 8% said they were very prepared.

    Pie chart with percentages of organizations who are prepared for Baby Boomer retirement.
    (Source: McLean & Company, 2013; N=120)

    A survey done by SHRM and AARP found similar results: 41% of HR professionals said their organizations have done nothing and don’t plan to do anything to prepare for a possible worker shortage as Boomers retire.

    (Source: Poll: Organizations Can Do More to Prepare for Talent Shortage as Boomers Retire)     		This means that three out of five organizations don’t know what skills they need for the future, or what their key roles truly are. They also have not identified at-risk key roles or successors for those roles.
    (Source: McLean & Company, 2013, N=120)

    To make matters worse, 74% of organizations have no formal process for facilitating knowledge transfer between individuals, so knowledge will be lost.

    Pie chart with percentages of organizations with a formal process for facilitating knowledge transfer.
    (Source: McLean & Company, 2013; N=120)

    Most organizations underestimate the costs associated with ignoring succession planning

    “In many cases, executives have no idea what knowledge they are losing.” (TLNT: Lost Knowledge – What Are You and Your Organization Doing About It?”)
    Objections to succession planning now: The risks of this mindset…
    “The recession bought us time to plan for Baby Boomer retirement.” Forty-two percent of organizations believe this to be true and may feel a false sense of security. Assume it takes three years to identify an internal successor for a key role, develop them, and execute the transition. Add the idea that, like most organizations, you don’t have a repeatable process for doing this. Do you still have enough time?
    “The skills possessed by my organization’s Baby Boomers are easy to develop in others internally.” Forty percent of organizations agree with this statement, but given the low rate of workforce planning taking place, most may not actually know the skills and knowledge they need to meet future business goals. These organizations may realize their loss too late.
    “We don’t have the time to invest in succession planning.” Thirty-nine percent of organizations cite this as an obstacle, which is a very real concern. Adopting a simple, scalable process that focuses on the most mission critical key roles will be easier to digest, as well as eliminate time wasted trying to recoup losses in the long run. The costs of not planning are much higher than the costs of planning.
    “We don’t know when our boomers plan to retire, so we can’t really plan for it.” The fact that 42% of organizations do not know employees’ retirement plans is proof positive that they’re operating blind. You can’t plan for something if you don’t have any information about what to plan for or the time frame you’re working against.
    “My organization puts a premium on fresh ideas over experience.” While nearly 45% of organizations prioritize fresh ideas, 50% value experience more. Succession planning and knowledge transfer are important strategies for ensuring experience is retained long enough for it to be passed along in the organization.

    Use Info-Tech’s tools and templates

    Talent Review

    Succession Planning

    Knowledge Transfer
    Key tools and templates to help you complete your project deliverables
    Key Roles Succession Planning Tool
    Critical Role Identifier
    Role Profile Template
    Individual Talent Profile Template    		 Key Roles Succession Planning Tool
    Role Profile Template
    Individual Talent Profile Template    		 Role Transition Plan Template
    Key Roles Succession Planning Tool
    Role Profile Template
    Individual Talent Profile Template
    Your completed project deliverables

    Critical Role Identifier

    Key Roles Succession Plan

    Key Role Profiles

    Individual Talent Profiles

    Key Role Transition Plans

    Ignoring succession planning could cause significant costs

    Losing knowledge will undermine your strategy in four ways:

    Inefficiency

    Inefficiency due to “reinvention of the wheel.” When workers leave and don’t effectively transfer their knowledge, duplication of effort to solve problems and find solutions occurs.

    		 Innovation

    Reduced capacity to innovate. Older workers know what works and what doesn’t, what’s new and what’s not. They can identify the status quo faster to make way for novel thinking.

    		 Competitive Advantage

    Loss of competitive advantage. Losing knowledge and/or established client relationships hurts your asset base and stifles growth.

    		Vulnerability

    Increased vulnerability. Losing knowledge can impede your organizational ability to identify, understand, and mitigate risks. You’ll have to learn through experience all over again.

    Succession planning improves performance by reducing the impact of sudden departures

    Business Continuity

    Succession planning limits disruption to daily operations and minimizes recruitment costs:

    • The average time to fill a vacant role externally in the US is approximately 43 days (Workable). Succession planning can reduce this via a talent pool of ready-now successors.
    		 Engagement & Retention

    Effective succession planning is a tool for engaging, developing, and retaining employees:

    • Of departing employees, 45% cite lack of opportunities for career advancement as the moderate, major, or primary reason they left (McLean & Company Exit Survey, 2018, N=7,530).
    		 Innovation & Growth

    Knowledge is a strategic asset, and succession planning can help retain, grow, and capitalize on it:

    • Retaining the experience and expertise of individuals departing from critical roles supports and enhances the quality of innovation (Harvard Business Review, 2008).

    Info-Tech’s approach

    Talent Review

    Conduct a talent review to identify key roles

    Short bracket.    		 Succession Planning

    Succession planning helps you assess which key roles are most at risk

    Long bracket.    		 Knowledge Transfer

    Utilize methods that make it easy to apply the knowledge in day-to-day practice.

    Long bracket.
    Identify Critical Roles Assess Talent Identify Successors Develop Successors Select Successors Identify Critical Knowledge Select Transfer Methods Document Role Transition Plans

    Future-Proofed IT Team
    • Business continuity
    • The right people, in the right positions, at the right time
    • Retention due to employee development & growth
    • IT success
    • Decreased impact of sudden departures
    • Improved performance

    Info-Tech’s methodology for building an IT succession plan

    1. Talent Review 2. Succession Planning 3. Knowledge Transfer
    Phase Steps
    1. Identify critical roles
    2. Assess talent
    1. Identify successor pool
    2. Develop successors
    3. Select successors
    1. Identify critical knowledge
    2. Select knowledge transfer methods
    3. Document role transition plans
    Phase Outcomes
    • Documented business priorities
    • Identified critical roles including required skills and knowledge that support achievement of business strategy
    • Key at-risk roles identified.
    • Potential successors for key roles identified.
    • Gap assessment between key role incumbents and potential successors.
    • Critical knowledge risks identified.
    • Appropriate knowledge transfer methods selected.
    • Documented knowledge transfer initiatives for key role transition plans.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is six to ten calls over the course of four to eight months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3
    Call #1: Scope requirements, objectives, and your specific challenges. Call #2:Review business priorities and clarify criteria weighting.

    Call #3: Review key role criteria. Explain information collection process.

    		 Call #4: Review risk and readiness assessments.

    Call #5: Analyze gaps between key roles and successors for key considerations.

    		 Call #6: Feedback and recommendations on critical knowledge risks.

    Call #7: Review selected transfer methods.

    		 Call #8: Analyze role transition plans for flags.

    Build an IT Succession Plan

    Phase 1

    Talent Review

    Phase 1

    1.1 Identify Critical Roles

    1.2 Assess Talent

    		 Phase 2

    2.1 Identify Successors

    2.2 Develop Successors

    2.3 Select Successors

    		 Phase 3

    3.1 Identify Critical Knowledge

    3.2 Select Transfer Methods

    3.3 Document Role Transition Plan

    This phase will walk you through:

    • Identifying your business priorities
    • Identifying your critical roles including required skills and knowledge that support achievement of business strategy

    Tools and resources used:

    • Key Roles Succession Planning Tool
    • Key Role Profile
    • Individual Talent Profile
    • Critical Role Identifier

    This phase involves the following participants:

    • IT leadership/management team
    • HR

    Conduct a talent review to identify key roles

    Sixty percent of organizations have not engaged in formal workforce planning, so they don’t know what skills they need or what their key roles truly are. (Source: McLean & Company, 2013; N=139)
    1. A talent review ensures that each work unit has the right people, in the right place, at the right time to successfully execute the business strategy.
    2. Only 40% of organizations have engaged in some form of workforce planning.
    3. The first step is to identify your business focus; with this information you can start to note the key roles that drive your business strategy.

    Key roles

    Where an organization’s most valued skills and knowledge reside

    Organizations should prepare now to mitigate the risk of loss later.

    Key roles are:

    • Held by the most senior people in the organization, who carry the bulk of leadership and decision-making responsibility.
    • Highly technical or specialized, and therefore difficult to replace.
    • Tied closely to unique or proprietary processes or possess knowledge that cannot be procured externally.
    • Critical to the continuation of business and cannot be left vacant without risking business operations.

    Info-Tech Insight

    Losing employees in key roles without adequate preparation for their departure has a direct impact on the bottom line in terms of disrupted productivity, lost knowledge, severed relationships, and missed opportunities.

    		A tree of key roles, starting with CEO and branching down.

    Identifying key roles is the first step in a range of workforce management activities because it helps establish organizational needs and priorities, as well as focusing planning effort.

    A talent review allows you to identify the knowledge and skills you need today and for the long term.

    Knowing what you need is the first step in determining what you have and what you need to keep.

    • A talent review is an analytic planning process used to ensure a work unit has the right people, in the right place, at the right time, and for the right cost in order to successfully execute its business strategy. It allows organizations to:
    • Evaluate workforce demographics, review skills, and conduct position inventories.
    • Evaluate business continuity risk from a talent perspective by identifying potential workforce shortages.
    • Identify critical positions, critical skills for each position, and percentage of critical workers retiring to assess the potential impact of losing them.
    • Look at the effect of loss on new product development, revenues, costs, and business strategic objectives.

    Caution

    A talent review is a high-level planning process which does not take individual employees into consideration. Succession planning looks at individuals and will be discussed in Phase 2.

    A talent review gets you to think in terms of:

    • Where your organization wants to be in five years.
    • What skills the organization needs to meet business goals between now and then.
    • How it can be best positioned for the longer-term future.

    Note: Planning against a time frame longer than five years is difficult because uncertainty in the external business environment will have unforeseen effects. Revisit your plan annually and update it, considering changes.

    Step 1.1

    Identify critical roles

    Activities
    • 1.1.1 Document Business Priorities, Goals, and Challenges
    • 1.1.2 Clarify Key Role Criteria and Weighting
    • 1.1.3 Evaluate Role Importance
    • 1.1.4 Key Role Selection and Comparison
    • 1.1.5 Capture Key Elements of Critical Roles

    The primary goal of this step is to ensure we have effectively identified key roles based on business priorities, goals, and challenges, and to capture the key elements of critical roles.

    Outcomes of this step

    • Documented business priorities, goals, and challenges.
    • Key elements of critical roles captured.
    • Key role criteria and weighting.
    Talent Review
    Step 1.1 Step 1.2

    Business priorities will determine the knowledge and skills you value most

    Venn diagram of business priorities: 'Customer Focus', 'Operational Focus', and 'Product Focus'.
    Note: Most organizations will be a blend of all three, with one predominating    		 “I’ve been in the position where the business assumes everyone knows what is required. It’s not until you get people into a room that it becomes clear there is misalignment. It all seems very intuitive but in a lot of cases they haven’t made the critical distinctions regarding what exactly the competencies are. They haven’t spent the time figuring out what they know.” (Anne Roberts, Principal, Leadership Within Inc.)

    1.1.1 Document business priorities

    Input: Business strategic plan

    Output: Completed workforce planning worksheet (Tab 2) of the Key Roles Succession Planning Tool

    Materials: Key Roles Succession Planning Tool

    Participants: IT leadership

    Start by identifying your business priorities based on your strategic plan. The goal of this exercise is to blast away assumptions and make sure leadership has a common understanding of your target.

    With the questions on the previous slide in mind document your business priorities, business goals, and business challenges in Tab 2 of the Key Roles Succession Planning Tool worksheet.

    Get clear answers to these questions:

    • Are we customer focused, product focused, or operationally focused? In other words, is your organization known for:
      • Great customer service or a great customer experience?
      • The lowest price?
      • Having the latest technology, or the best quality product?
    • What are our organizational/departmental business goals? To improve operational effectiveness, are we really talking about reducing operational costs?
    • What are the key business challenges to address within the context of our focus?

    Key Roles Succession Planning Tool

    Clarify what defines a key role

    A key role is crucial to achieving organizational objectives, drives business performance, and includes specialized and rare competencies. Key roles are high in strategic value and rarity – for example, the developer role for a tech company.
    Chart with axes 'Rarity' and 'Strategic Value'. Lowest in both are 'Supporting Roles', Highest in both are 'Critical Roles', and the space in the middle are 'Core Roles'. Look at two dimensions when examining roles:
    • Strategic value refers to the importance of the role in keeping the organization functioning and executing on the strategic objectives.
    • Rarity refers to how difficult it is to find and develop the competencies in the role.

    Info-tech insight

    Traditionally, succession planning has only addressed top management roles. However, until you look at the evidence, you won’t know if these are indeed high-value roles, and you may be missing other critical roles further down the hierarchy.

    Use the Critical Role Identifier to facilitate the identification of critical roles with your leaders.

    1.1.2 Clarify key role criteria & weighting

    Input: Business strategic plan

    Output: Weighted criteria to help identify critical roles

    Materials: Critical Role Identifier

    Participants: IT leadership

    1. Using Tab 2 of the Critical Role Identifier tool, along with the information on the previous slide, determine the relative importance of four criteria as contributing to the importance of a role within the organization.
    2. Rate each of the four criteria: strategic value, rarity, revenue generation, business/operation continuity, and any custom criteria numerically. You might choose only one or two criteria – they all do not need to be included.
    3. Document your decisions in Tab 2 of the Critical Role Identifier.

    Critical Role Identifier

    1.1.3 Evaluate role importance

    Input: List of IT roles

    Output: Full list of roles and a populated Critical Role Selection sheet (Tab 4)

    Materials: Critical Role Identifier

    Participants: IT leadership

    1. Using Tab 3 of the Critical Role Identifier, collect information about IT roles.
    2. Start by listing each role under consideration, and its department or subcategory.
    3. For each criteria statement listed across the top of the sheet, select an option from the drop-down menu to reflect the appropriate answer scale rating. Replace the text in grey with information customized to your team. If criteria has a weighting of zero in Tab 2, the questions associated with that criteria will be greyed out and do not have to be answered.

    Critical Role Identifier

    Identify the key roles that support and drive your business priorities

    Focus on key IT roles instead of all roles to save time and concentrate effort on your highest risk areas.

    Key Roles include:

    • Strategic Roles: Roles that give the greatest competitive advantage. Often these are roles that involve decision-making responsibility.
    • Core Roles: Roles that must provide consistent results to achieve business goals.
    • Proprietary Roles: Roles that are tied closely to unique or proprietary internal processes or knowledge that cannot be procured externally. These are often highly technical or specialized.
    • Required Roles: Roles that support the department and are required to keep it moving forward day-to-day.
    • Influential Roles: Positions filled by employees who are the backbone of the organization, the go-to people who are the corporate culture.
    		 Ask these questions to identify key roles:
    1. What are the roles that have a significant impact on delivering the business strategy?
    2. What are the key differentiating roles for our organization?
    3. Which roles, if vacant, would leave the organization open to non-compliance with regulatory or legal requirements?
    4. Which roles have a direct impact on the customer?
    5. Which roles, if vacant, would create system, function, or process failure for the organization?

    1.1.4 Key role selection and comparison

    Input: Tab 3 of the Critical Role Identifier

    Output: List of roles from highest to lowest criticality score, List of key roles entered in Tab 2 of the Key Roles Succession Planning Tool

    Materials: Critical Role Identifier, Key Roles Succession Planning Tool

    Participants: IT leadership

    1. Using tab 4 of the Critical Role Identifier, which displays the results of the role importance evaluation, review the weighted criticality score. To add or remove roles or departments make changes on Tab 3.
    2. Use this table to see the scores and roles from highest to lowest based on your weightings and scoring.
    3. In column J, classify the roles as critical, core, or supporting based on the weighted overall score and the individual criteria scores.
      1. Critical – is crucial to achieving organizational objectives, drives business performance, and includes specialized and rare skills.
      2. Core – is related to operational excellence. Highly strategically valuable but easy to find or develop.
      3. Supporting – is important in keeping business functioning; however, the strategic value is low. Competencies are easy to develop.
    4. Once you’ve selected the key roles, transfer them into Tab 2 of the Key Roles Succession Planning Tool worksheet where you have documented your business priorities.

    Critical Role Identifier

    Key Roles Succession Planning Tool

    1.1.5 Capture key elements of critical roles

    Input: Job descriptions, Success profiles, Competency profiles

    Output: List of required skills and knowledge for key roles, Role profiles documented for key roles

    Materials: Key Roles Succession Planning Tool, Role Profile Template

    Participants: IT leadership

    1. Document the minimum requirements for critical roles in column E and F of Tab 2 of the Key Roles Succession Planning Tool. Include elements that drive talent decisions, are measurable, and are oriented to future organizational needs.
    2. Consider how leadership competencies and technical skills tie to business expansion plans, new service offerings, etc.
    3. Use the Role Profile Template to help in this process and to maintain up-to-date information.
    4. Role profiles may be informed by existing job descriptions, success profiles, or competency profiles.
    5. Conduct regular maintenance on your role profiles. Outdated and inaccurate role-related information can make succession planning efforts ineffective.

    Key Roles Succession Planning Tool

    Role Profile Template

    Case Study

    Conduct a “sanity check” by walking through a checklist of all roles to ensure you haven’t missed anything.
    INDUSTRY
    Large Provincial Hospital
    SOURCE
    Payroll Manager
    Challenge
    • Key roles may not be what you think they are.
    • The Payroll Manager of a large Provincial hospital, with 20-year tenure, announced her retirement.
    • Throughout her tenure, this employee took on many tasks outside the scope of her role, including pension calculations/filings and other finance-related tasks that required a high level of specialized knowledge of internal systems.
    		 Solution
    • Little time or effort was placed on fully understanding what she did day-to-day.
    • Furthermore, the search for a replacement was left far too late, which meant that she vacated the role without training a replacement.
    • Low level roles can become critical to business continuation if they’re occupied by only one person, creating a “single point of failure” if they become vacant.
    		 Results
    • It wasn’t until after she left that it became obvious how much extra work she was doing, which made it nearly impossible to find a replacement.
    • Her manager found a replacement to take the payroll duties but had to distribute the other duties to colleagues (who were very unhappy about the extra tasks).
    • This role may not seem like a “key role,” but the incumbent turned it into one. Keep tabs on what people are working on to avoid overly nuanced role requirements.

    Step 1.2

    Assess talent

    Activities
    • 1.2.1 Identify Current Incumbents’ Information
    • 1.2.2 Identify Potential Successors and Collect Information

    The primary goal of this step is to assess departmental talent and identify gaps between potential successors and key roles. This analysis is intended to support departmental access to suitable talent ensuring future business success.

    Outcomes of this step

    • Collection of current incumbents’ information.
    • Collection of potential successor information.
    • Gap assessment.

    Talent Review

    Step 1.1 Step 1.2

    Find out key role incumbents’ career plans

    Have career discussions with key role incumbents

    • Do not ask employees directly about their retirement plans as this can be misconstrued as age discrimination – let them take the initiative.
    • To take the spotlight away from older workers and potential feelings of discrimination, supervisors should be having these discussions with their employees at least annually.
    • Having this discussion creates an opportunity for employees to share their retirement plans, if they have any.
    • Warning: This is not the time to make promises about the future. For example, alternative work arrangements cannot be guaranteed without further analysis and planning.
    		 Do the following:
    1. Book a meeting with employees and ask them to prepare for a career development discussion.
    2. Ask direct questions about motivation, lifestyle preferences, and passions.
    3. Spend the time to understand your employees’ goals and their development needs.
    If an employee discloses that they plan to leave within the next few years:
    1. Gather information about approximate exit dates (non-binding).
    2. Find out their opinions about how they would like to transition out of their role, including any alternative work arrangements they would like to pursue.

    Potential questions to ask during career discussions with key role incumbents

    • Where do you see yourself in five years?
    • What role would you see yourself in after this one?
    • What gets you excited about coming to work?
    • Describe your greatest strengths. How would you like to use those strengths in the future?
    • What is standing in the way of your career goals?
    ** Do not ask employees directly about their retirement plans as this can be misconstrued as age discrimination – let them take the initiative.**    		 Stock photo of a smiling employee with grey hair.

    1.2.1 Identify current incumbents' information

    Input: Key roles list, Employee information

    Output: List of key roles with individual incumbent information

    Materials: Key Roles Succession Planning Tool – Succession Plan Worksheet (Tab 3)

    Participants: IT leadership/management team, HR, Current incumbents if necessary

    Identify current incumbents for all key roles and collect information about them.

    Using Tab 3 of the Key Roles Succession Planning Tool identify the incumbent (the person currently in the role) for all key roles.

    Distribute the worksheet to department managers and team leaders to complete the information below for each key role.

    For that incumbent, also document:

    1. Their time in that role.
    2. Their overall performance in current role (does not meet, meets, or exceeds expectations).
    3. Next step in career (target role or retirement).
    4. Time until exit from the current role (known or estimated).
    5. Development needs for next step in career.
    6. Any additional knowledge and skills they possess beyond the role description that is of value to the organization.

    Upon completion, managers and team leaders should review the results with the department leader.

    Key Roles Succession Planning Tool

    Identify potential successors for all key roles

    It’s imperative that multiple sources of information are used to ensure no potential successor is missed and to gain a complete candidate picture.

    Work collaboratively with the management team and HR business partners for names of potential successors.

    The management team includes:

    • The incumbent’s direct supervisor.
    • Managers from the department in which the key role exists.
    • Leaders of teams with which potential successors have worked.
    • The key role incumbent (assuming it’s appropriate to do so).

    Use management roundtable discussions to identify and analyze each potential successor.

    • Participants should come equipped with names of potential successors and be prepared to provide a rationale for their recommendation.
    • Provide all participants with the key role job description in advance of the meeting, including responsibilities and required knowledge and skills.

    Don’t confuse successors with high potentials!

    • Identifying high potential employees involves recognizing those employees who consistently outperform their peers, progress more quickly than their peers, and live the company culture. They are usually striving for leadership roles.
    • While you also want your successors to exemplify these qualities of excellence, succession planning is specifically about identifying the employees who currently possess (or soon will possess) the skills and knowledge required to take over a key role.
    • Remember: Key roles are not limited to leadership roles, so cast a wider net when identifying succession candidates.
    See the following slide for sources of information participants should consult to back up their recommendations and vet succession candidates.

    Determine how employees will be identified for talent assessment

    Description Advice
    Management-nominated employees
    • Managers or skip-level leaders nominate potential successors within or outside their team.
    • Limit bias by requiring management nominations to be based on specific evidence of performance and potential.
    High-potential employees (HiPos)
    • Consider employees who are in an existing high-potential program.
    • Determine whether the HiPo program sufficiently assesses for critical role requirements. Successors must possess the skills and knowledge required for specific critical roles. Expand assessment beyond just HiPo.
    Self-nominated employees
    • Employees are informed about succession planning and asked to indicate their interest in critical roles.
    • Train managers to support the program and to handle difficult conversations (e.g. employee submitted self-nomination and was unsuccessful).
    All employees
    • All employees across a division, geography, function, or leadership level are invited for assessment.
    • While less common, this approach is appropriate for highly inclusive cultures. Be prepared to invest significantly more time and resources.
    When identifying employees, keep the following advice in mind:

    Widen the net

    Don’t limit yourself to the next level down or the same functional group.

    Match transparency

    With less transparency, there are fewer options, and you risk missing out on potential successors.

    Select the appropriate talent assessment methods

    Identify all talent assessment types used in your organization and examine their ability to inform decision-making for critical role assignments. Select multiple sources to ensure a robust talent assessment approach:

    A sound talent assessment methodology will involve both quantitative and qualitative components. Multiple data inputs and perspectives will help ensure relevant information is prioritized and suitable candidates aren’t overlooked.

    However, beware that too many inputs may slow down the process and frustrate managers.

    Beware of biases in talent assessments. A common tendency is for people to recommend successors who are exactly like them or who they like personally, not necessarily the best person for the job. HR must (diplomatically) challenge leaders to use evidence-based assessments.

    Good Successor Information Sources

    • 360-Degree Feedback – (breadth and accuracy)
    • HR-led Interviews – (objectivity and confirmation)
    • Talent Review Meetings – (leadership input)
    • Stretch Assignments – (challenge comfort zones)
    • Competency-Based Aptitude Tests – (objective data)
    • Job Simulations – (real-life testing)
    • Recent Performance Evaluations – (predictor of future performance)

    Prepare to customize the Individual Talent Profile Template

    Ensure the role profile and individual talent profile are synchronized to enable comparing employee qualifications and readiness to critical role requirements. Sample of the Role Profile.

    Role Profile

    A role profile contains information on the skills, competencies, and other minimum requirements for the critical role. It details the type of incumbent that would fit a critical role.    		 Stock image of a chain link.

    Use both in conjunction during:

    • Talent assessment
    • Successor identification
    • Successor development
    • Successor selection
    		 Sample the Individual Talent Profile.

    Individual Talent Profile

    A talent profile provides information about a person. In addition to responding to role profile criteria, it provides information on an employee’s past experiences and performance, career aspirations, and future potential.

    1.2.2 Identify Potential Successors’ Information

    Input: Key roles list, Employee information, Completed role profiles and/or Tab 2 role information.

    Output: List of potential successors for key roles that are selected for talent assessment

    Materials: Key Roles Succession Planning Tool – Succession Plan Worksheet (Tab 3)

    Participants: IT leadership, IT team leads, Employees

    Identify potential successors for key roles and collect critical information.

    Have managers and team leads complete column I on Tab 3 of the Key Roles Succession Planning Tool and review with the department leader.

    There may be more than one potential successor for key roles; this is okay.

    Once the list is compiled, complete an individual talent profile for each potential successor. Record an employee’s:

    1. Employee information
    2. Career goals
    3. Experience and education
    4. Achievements
    5. Competencies
    6. Performance
    7. Any assessment results

    Once the profiles are completed, they can be compared to the role profile to identify development needs.

    Key Roles Succession Planning Tool

    Individual Talent Profile Template

    Build an IT Succession Plan

    Phase 2

    Succession Planning

    Phase 1

    1.1 Identify Critical Roles

    1.2 Assess Talent

    		Phase 2

    2.1 Identify Successors

    2.2 Develop Successors

    2.3 Select Successors

    		Phase 3

    3.1 Identify Critical Knowledge

    3.2 Select Transfer Methods

    3.3 Document Role Transition Plan

    This phase will walk you through how to:

    • Conduct an assessment to identify “at risk” key role incumbents.
    • Identify potential successors for key roles and collect critical information.
    • Assess gaps between key role incumbents and potential successors.

    Tools and resources used:

    • Key Roles Succession Planning Tool
    • Key Role Profile
    • Individual Talent Profile

    This phase involves the following participants:

    • IT leadership/management team
    • HR

    Succession planning helps you assess which key roles are most at risk

    Drilling down to the incumbent and successor level introduces “real life,” individual-focused factors that have a major impact on role-related risk.

    Succession planning is an organizational process for identifying and developing talent internally to fill key business roles. It allows organizations to:

    • Understand the career plans of employees to allow organizations to plan more accurately.
    • Identify suitable successors for key roles and assess their readiness.
    • Mitigate risks to long-term business continuity and growth.
    • Avoid external replacement costs including headhunting and recruitment, HR administration, and productivity loss.
    • Retain internal tacit knowledge.
    • Increase engagement and retention; keeping talented people reinforces career path opportunities and builds team culture.

    Caution:

    Where the talent review was about high-level strategic planning for talent requirements, succession planning looks at individual employees and plans for which employees will fulfill which key roles next.    		 “I ask the questions, What are the risks we have with these particular roles? Is there a way to disperse this knowledge to other members of the group? If yes, then how do we do that?” (Director of HR, Service Industry)

    Succession planning ultimately must drill down to individual people – namely, the incumbent and potential successors.

    This is because individual human beings possess a unique knowledge and skill set, along with their own personal aspirations and life circumstances.

    The risks associated with a key role are theoretical. When people are introduced into the equation, the “real life” risk of loss for that key role can change dramatically.

    Succession Planning

    Funnel titled 'Succession Planning' with 'Critical Roles' at the top of the funnel, 'Critical Knowledge and Skills' as the middle of the funnel, 'Individuals' as the bottom of the funnel, and it drains into 'Incumbent's Potential Successors'.

    Step 2.1

    Identify Successors

    Activities
    • 2.1.1 Conduct Individual Risk Assessment
    • 2.1.2 Successor Readiness Assessment

    This step highlights the relative positioning of all employees assessed for departure risk compared to the potential successors’ readiness, identifying gaps that create risk for the organization, and need mitigation strategies.

    Outcomes of this step

    • Individual risk assessment results – mitigate, manage, accept matrix.
    • Potential successor readiness ranking.
    • Determination on transparency level with successors.

    Succession Planning

    Step 2.1 Step 2.2 Step 2.3

    Decide how to obtain information on employee interest in critical roles

    Not all employees may want to be considered as part of the succession planning program. It might not fit their short- or long-term plans. Avoid misalignment and outline steps to ascertain employee interest.

    Transparency

    • Use your target transparency level to:
      • Determine the degree of employees’ participation in self-assessment.
      • Guide organization-wide and targeted messaging about succession planning (see Step 3).

    Timing

    • Ensure program-level communication has occurred before asking employees about their interests in critical roles, in order to garner more trust and engagement.
    • Decide at what point along the succession planning process (if at all) that employee’s career interests will be collected and incorporated.

    Manager accountability and resources

    • Identify resources needed for managers to conduct targeted career conversations with employees (e.g. training, communication guides, key messaging).
    • If program communication is to be implemented organization-wide, approach accordingly.

    Obtaining employee interest ensures process efficiency because:

    • Time isn’t wasted focusing on candidates who aren’t interested.
    • The assessment group is narrowed down through self-selection.

    Level-set expectations with employees:

    • Communicate that they will be considered for assessment and talent review discussions.
    • Ensure they understand that everyone assessed will not necessarily be identified or selected as a successor.

    Conduct a risk assessment

    Identify key role incumbents who may leave before you’re ready.

    Pay particular attention to those employees nearing retirement and flag them as high risk.

    Understand the impact that employee age has on key role risk. Keep the following in mind when filling out the Individual Risk Assessment of the Key Roles Succession Planning Tool. See the next slide for more details on this.
    High Risk Arrow pointing both ways vertically. Anyone 60 years of age or older, or anyone who has indicated they will be retiring within five years.
    Moderate Risk Employees in their early 50s are still many years away from retirement but have enough years remaining in their career to make a significant move to a new role outside of your organization. Furthermore, they have specialized skills making them more attractive to external organizations.
    Employees in their late 50s are likely more than five years away from retirement but are also less likely than younger employees to leave your organization for another role elsewhere. This is because of increasing personal risk in making such a move, and persistent employer unwillingness to hire older employees.
    Low Risk Technically, when it comes to succession planning for key roles held by employees over the age of 50, no one should be considered “low risk for departure.
    		Pull some hard demographic data.

    Compile a report that breaks down employees into age-based demographic groups.

    Flag those over the age of 50 – they’re in the “retirement zone” and could decide to leave at any time.

    Check to see which key role incumbents fall into the “over 50” age demographic. You’ll want to shortlist these people for an individual risk assessment.

    Update this report twice a year to keep it current.

    For those people on your shortlist, gather the information that supervisors gained from the career discussions that took place. Specifically, draw out information that indicates their retirement plans.

    2.1.1 Conduct Individual Risk Assessment

    Input: Completed Succession Plan worksheet

    Output: Risk assessment of key role incumbents, understanding of which key role departures to manage, mitigate, and accept

    Materials: Key Roles Succession Planning Tool – Individual Risk Assessment (Tab 4), Key Roles Succession Planning Tool – Risk Assessment Results (Tab 5)

    Participants: IT leadership/management team

    Assign values for probability of departure and impact of departure using the Key Roles Succession Planning Tool.

    For those in key roles and those over 50, complete the Individual Risk Assessment (Tab 4) of the Key Roles Succession Planning Tool:

    1. Assess each key role incumbent’s probability of departure based on your knowledge. If the person is going to another job, is a known flight risk, or faces dismissal, the probability is high.
      • 0-40: Unlikely to Leave. If the employee is new to the role, highly engaged, or a high potential.
      • 41-60: Unknown. If the employee is sending mixed messages about happiness at work, or sending no messages, it may be difficult to guess.
      • 61-100: Likely to Leave. If the employee is nearing retirement, actively job searching, disengaged, or faces dismissal, then the probability of departure is high.
    2. Assess the role and the individual’s impact of departure on a scale of 1 (no impact) to 100 (devasting impact).
    3. Review the risk assessment results on tab 5 of the planning tool. The employees that appear in the mitigate quadrant are your succession planning priorities.

    Key Roles Succession Planning Tool

    Define readiness criteria for successor identification

    1. Select the types of readiness and the number of levels:

      Readiness by time horizon:

      • Successors are identified as ready based on how long it is estimated they will take to acquire the minimum requirements of the critical role.
      • Levels example: Ready Now, Ready in 1-2 Years, Ready in 3-5 Years.

      Readiness by moves:

      • Successors are identified as ready based on how many position moves they have made or how many developmental experiences they have had.
      • Levels example: Ready Now, Ready after 1 Move, Ready after 2 Moves.
    2. Create definitions for each readiness level:
      Example:

      Performance

      Potential
      Ready Now Definition: Ability to deliver in current role Requirement: Meets or exceeds expectations Definition: Ability to take on greater responsibility Requirement: Demonstrates learning agility
      The 9-box is an effective way to map performance and potential requirements and can guide management decision making in talent review and calibration sessions. See McLean & Company’s 9-Box Job Aid for more information. Sample of the 9-Box Job Aid, a 9-field matrix with axes 'Potential: Low to High' and 'Performance: Low to High'.
      “Time means nothing. If you say someone will be ready in a year, and you’ve done nothing in that year to develop them, they won’t be ready. We look at it as moves or experiences: ready now, ready in one move, ready in two moves.” (Amanda Mathieson, Senior Manager, Talent Management, Tangerine)

    2.1.2 Successor Readiness Assessment

    Input: Individual talent profiles, List of potential successors (Tab 3)

    Output: Readiness ranking for each potential successor

    Materials: Key Roles Succession Planning Tool

    Participants: IT leadership/management team

    Assign values for probability of departure and impact of departure using the Key Roles Succession Planning Tool.

    Using Tab 6 of the Key Roles Succession Planning Tool, evaluate the readiness of each potential successor that you previously identified.

    1. Enter the name, current role, and target role of each potential successor into the spreadsheet.
    2. For each employee, fill in a response from “strongly agree” to “strongly disagree” for the assessment criteria statements listed in column B of Tab 6. This will give you a readiness ranking in row 68.

    Key Roles Succession Planning Tool

    Decide if and how successors will be told about their status in the succession plan

    1. Decide if employees will be told. Be as transparent as possible. This will provide several benefits to your organization (e.g. higher engagement, retention) while managing potential risks (e.g. perception that the process is unfair, reducing motivation to perform).
    2. Decide who will tell them. Decide based on the culture of your organization; are official communications usually conveyed through the direct manager, HR, senior leaders, or steering committee?
    1. Determine how you will tell them.

      Suggested messaging to non-successors:

      • Not being identified as a successor does not mean that an employee is not valued by the organization, nor does it indicate the employee will be let go. It simply means that the organization needs a backup plan to manage risk.
      • Employees can still develop toward a critical role they are interested in, and the organization will continue to evaluate whether they can be a potential successor.
      • It is the employee’s responsibility to own their development and communicate to their manager any interest they have in critical roles.

      Suggested messaging to successors:

      • Being identified as a successor is an investment in employee development – not a guaranteed promotion.
      • Successor status may change based on changes to the critical role itself, or if performance is not on par with expectations.
      • The organization strives to be as fair and objective as possible through evidence-based assessments of performance and potential.

    Case Study

    Failing to have a career aspiration discussion with a potential successor leaves a sales director in a bind.

    INDUSTRY
    Professional Services
    SOURCE
    Confidential
    Challenge
    • A senior sales director in a medium-sized private company knew there would be a key management opportunity opening up in six months. He had one candidate in mind: a key contributor from the sales floor.
    • The sales manager assumed that the sales representative would want the management position and began planning the candidate’s required training in order to get him ready.
    		 Solution
    • Three months before the position opened up, the manager finally approached the representative about the opportunity, telling the representative that he was an excellent candidate for the role.
    • However, the sales representative was not interested in managing people. He wanted to come in, do a really great day’s worth of work, and then go home and be done. He already loved what he did.
    		Results
    • The sales representative turned down the offer point blank, leaving the manager with less than three months to find and groom a new internal successor.
    • The manager failed on several fronts. First, he did not ask the employee about his career aspirations. Second, he did not groom a pool of potential successors for the role, affording no protection in the event that the primary candidate couldn’t or wouldn’t assume the role.

    Step 2.2

    Develop Successors

    Activities
    • 2.2.1 Outline Successor Development Process

    The primary goal of this step is to identify the steps that need to be taken to develop potential successors. Focus on training employees for their future role, not just their current one.

    Outcomes of this step

    • Identified gaps between key role exits and successor readiness.

    Succession Planning

    Step 2.1 Step 2.2 Step 2.3

    2.2.1 Outline Successor Development Process

    Input: Role profiles, Talent profiles, Talent assessments

    Output: Identified gaps between key role exits and successor readiness

    Materials: Key Roles Succession Planning Tool – Successor Identification (Tab 7)

    Participants: IT leadership/management team

    Prepare successors for their next role, not just their current one.

    Use role and talent profiles and any talent assessment results to identify gaps for development.

    1. Outline the steps involved in the individual development planning process for successors. Key steps include identifying development timeline, learning needs, learning resources and strategies, and accomplishment metrics/evidence.
    2. Identify learning elements successor development will involve based on critical role type. For example, coaching and/or mentoring, leadership training, functional skills training, or targeted experiences/projects.
    3. Select metrics with associated timelines to measure the progress of successor development plans. Establish guidelines for employee and manager accountability in developing prioritized competencies.
    4. Determine monitoring cadence of successor development plans (i.e. how often successor development plans will be tracked to ensure timely progress). Identify who will be involved in monitoring the process (e.g. steering committee).

    Info-Tech insight

    Succession planning without integrated efforts for successor development is simply replacement planning. Get successors ready for promotion by ensuring a continuously monitored and customized development plan is in place.

    Integrate knowledge transfer in the successor development process

    1

    		 Brainstorm ideas to encourage knowledge-sharing and transfer from incumbent to successor.

    2

    		 Integrate knowledge-transfer methods into the successor development process.
    Identify key knowledge areas to include:
    • Specialized technical knowledge
    • Specialized research and development processes
    • Unique design capabilities/methods/models
    • Special formulas/algorithms/techniques
    • Proprietary production processes
    • Decision-making criteria
    • Innovative sales methods
    • Knowledge about key customers
    • Relationships with key stakeholders
    • Company history and values
    		 Use multiple methods for effective knowledge transfer.

    Explicit knowledge is easily explained and codified, such as facts and procedures. Knowledge transfer methods tend to be more formal and one-way. For example:

    • Formal documentation of processes and best practices
    • Self-published knowledgebase
    • Formal training sessions

    Tacit knowledge accumulates over years of experience and is hard to articulate. Knowledge transfer methods are often informal and interactive. For example:

    • Mentoring and job shadowing
    • Multigenerational work teams
    • Networks and communities
    Knowledge transfer can occur via a wide range of methods that need to be selected and integrated into daily work to suit the needs of the knowledge to be transferred and of the people involved. See Phase 3 for more details on knowledge transfer.

    Step 2.3

    Select Successors

    The goal of this step is to determine how critical roles will be filled when vacancies arise.

    Outcomes of this step

    • Agreement with HR on the process to fill vacancies when key roles exit.

    Succession Planning

    Step 2.1 Step 2.2 Step 2.3

    Determine how critical roles will be filled when vacancies arise

    Choose one of two approaches to successor selection:
    • Talent review meeting:
      • Conduct a talent review meeting with functional leaders to discuss key open positions and select the right successors. Ascertain successor interest prior to the meeting, if not obtained already.
      • If multiple successors are ready now, use both role and talent profiles to arrive at a final decision.
      • If only one successor is ready now, outline steps for their promotion process. Which leaders should be involved for final approval? What is TA’s role?
    • Talent acquisition (TA) process:
      • Align with TA to implement a formal recruitment process to select the right successor (open application and interview process to talent pool).
      • Decide if a talent review meeting is required afterwards to agree on the final successor or if the interview panel will make the final decision.

    Work together with Talent Acquisition (TA) to outline special treatment of critical role vacancies. Ensure TA is aware of succession plan(s).

    Explicitly determine the level of preference for internal successors versus external hires to your TA team to ensure alignment. This will create an environment where promotion from within is customary.

    Build an IT Succession Plan

    Phase 3

    Knowledge Transfer

    Phase 1

    1.1 Identify Critical Roles

    1.2 Assess Talent

    		Phase 2

    2.1 Identify Successors

    2.2 Develop Successors

    2.3 Select Successors

    		Phase 3

    3.1 Identify Critical Knowledge

    3.2 Select Transfer Methods

    3.3 Document Role Transition Plan

    This phase will show you to:

    • Identify critical knowledge risks.
    • Select appropriate transfer methods.
    • Document knowledge transfer initiatives for key role transition plans.

    Tools and resources used:

    • Role Transition Plan Template

    This phase involves the following participants:

    • IT leadership/management team
    • HR
    • Incumbent & successor managers

    Mitigate risk – formalize knowledge transfer

    Use Info-Tech’s Mitigate Key IT Employee Knowledge Loss blueprint to build and implement your knowledge transfer plan.

    Effective knowledge transfer allows organizations to:
    • Maintain or improve speed and productivity by ensuring the right people have the right skills to do their jobs well.
    • Increase agility because knowledge is more evenly distributed amongst employees. Multiple people can perform a given task and no one person becomes a bottleneck.
    • Capture and sustain knowledge; creating a knowledge database provides all employees access to the information, now and in the future.
    		 Knowledge transfer between those in key roles and potential successors yields the highest dividends for:
    • Senior level successions.
    • External hires.
    • Senior expatriate transfers.
    • Developmental stretch assignments.
    • Internal cross-divisional transfers and promotions.
    • High organizational dependency on unique expert knowledge.
    • Critical function/project/team transitions.
    • Large scale reorganizations and mergers & acquisitions.
    (Source: Piktialis and Greenes, 2008)    		 Sample of the Mitigate Key IT Employee Knowledge Loss blueprint.

    Mitigate Key IT Employee Knowledge Loss

    Knowledge transfer is complex and must be both multi-faceted and well supported

    Knowledge transfer is the capture, organization, and distribution of knowledge held by individuals to ensure that it is accessible and usable by others.

    Knowledge transfer is not stopping, learning, and returning to work. Nor is it simply implementing a document management system. Arrow pointing right. Knowledge transfer is a wide range of methods that must be carefully selected and integrated into daily work in order to meet the needs of the knowledge to be transferred and the people involved.

    Knowledge transfer works best when the following techniques are applied

    • Use multiple methods and media to transfer the knowledge.
    • Ensure a two-way interaction between the knowledge source and recipient.
    • Support knowledge transfer with active mentoring.
    • Transfer knowledge at the point of need; that is, when it’s immediately useful.
    • Offer experience-oriented training to reinforce knowledge absorption.
    • Use a knowledge management system to permanently capture knowledge shared.
    		 Personalization is the key.

    Dwyer & Dwyer say that providing “insights to a particular person (or people) needing knowledge at the time of the requirement” is the difference between knowledge transfer that sticks and knowledge that is forgotten.
    “Designing a system in which the employee must interrupt his or her work to learn or obtain new knowledge is not productive. Focus on ‘teachable moments.” (Karl Kapp, “Tools and Techniques for Transferring Know-How from Boomers to Gamers”)

    Step 3.1

    Identify Critical Knowledge to Transfer

    The goal of this step is to understand what knowledge and skills much be transferred, keeping in mind the various types of knowledge.

    Outcomes of this step

    • Critical knowledge and skills for key roles documented in the Key Role Transition plans.

    Knowledge Transfer

    Step 3.1 Step 3.2 Step 3.3

    Understand what knowledge and skills must be transferred

    There are two basic types of knowledge:

    Explicit knowledge:
    Easily explained and codified, e.g. facts and procedures.    		 Image of a head with gears inside. Tacit knowledge:
    Accumulates over years of experience and is hard to verbalize.
    • You should already have a good idea of what knowledge and skills are valued from the worksheets completed earlier.
    • Focus on identifying the knowledge, skills, and relationships essential to the specific incumbent in a key role and what it is he or she does to perform that key role well.
    Document critical knowledge and skills for key roles in the:

    Role Transition Plan Template
    1. Identify key knowledge areas. These include:
      • Specialized technical knowledge and research and development process.
      • Unique design capabilities/methods/models.
      • Special formulas/algorithms/techniques.
      • Proprietary production processes.
      • Decision-making criteria.
      • Innovative sales methods.
      • Knowledge about key customers.
      • Relationships with key stakeholders.
      • Company history and values.
    2. Ask questions of both sources and receivers of knowledge to help determine the best knowledge transfer methods to use.
      • What is the nature of the knowledge? Explicit or tacit?
      • Why is it important to transfer?
      • How will the knowledge be used?
      • What knowledge is critical for success?
      • How will the users find and access it?
      • How will it be maintained and remain relevant and usable?
      • What are the existing knowledge pathways or networks connecting sources to recipients?

    Step 3.2

    Select Knowledge Transfer Methods

    Activities
    • 3.2.1 Select Knowledge Transfer Methods

    This step helps you identify the knowledge transfer methods that will be the most effective, considering the knowledge or skill that needs to be transferred and the individuals involved.

    Outcomes of this step

    • Knowledge transfer methods chosen documented in the Key Role Transition Plans.

    Knowledge Transfer

    Step 3.1 Step 3.2 Step 3.3

    Knowledge transfer methods available

    Be prepared to use various methods to transfer knowledge and use them all liberally.

    The most common knowledge transfer method is simply to have a collaborative culture

    Horizontal bar chart ranking knowledge transfer methods by commonality.
    (Source: McLean & Company, 2013; N=121)

    A basic willingness for a role incumbent to share with a successor is the most powerful item in your tacit knowledge transfer toolkit.

    Formal documentation is critical for explicit knowledge sharing, yet only 40% of organizations use it.

    Rewarding and recognizing employees for doing knowledge transfer well is underutilized yet has emerged as an important reinforcing component of any effective knowledge transfer program.
    Don’t forget it!

    3.2.1 Select Knowledge Transfer Methods

    Input: Role profiles, Talent profiles

    Output: Methods for integrating knowledge transfer into day-to-day practice

    Materials: Role Transition Plan Template

    Participants: IT leadership/management team, HR, Knowledge source, Knowledge recipient

    Utilize methods that make it easy to apply the knowledge in day-to-day practice.

    Select your method according to the following criteria:

    1. The type of knowledge. A soft skill, like professionalism, is best taught via mentoring, while a technical process is best documented and applied on-the-job.
    2. What the knowledge recipient is comfortable with. The recipient may get bored during formal training sessions and retain more during job shadowing.
    3. What the knowledge source is comfortable with. The source may be uncomfortable with blogs and wikis, but comfortable with SharePoint.
    4. The cost. Some methods require an investment in time (e.g. mentoring), while others require an investment in technology (e.g. knowledge bases).
      • The good news is that many supporting technologies may already exist in your organization or can be acquired for free.
      • Methods that cost time may be difficult to get underway since employees may feel they don’t have the time or must change the way they work.

    The more integrated knowledge transfer is in day-to-day activities, the more likely it is to be successful and the lower the time cost. This is because real learning is happening at the same time real work is being accomplished.

    Document the knowledge transfer methods in the Role Transition Plan Template.

    Role Transition Plan Template

    Explore alternative work arrangements

    Ensure sufficient time to prepare successors

    If a key role incumbent isn’t around to complete knowledge transfer, it’s all for naught.

    Alternative work arrangements are critical tools that employers can use to achieve a mutually beneficial solution that mitigates the risk of loss associated with key roles.

    Alternative work arrangements not only support employees who want to keep working, but they allow the business to retain employees that are needed in key roles.

    In a survey from The Conference Board, one out of four older workers indicated that they continue to work because their company provided them with needed flexibility.

    And, nearly half said that more flexibility would make them less likely to retire. (Source: Ivey Business Journal)

    Flexible work options are the most used form of alternative work arrangement

    Horizontal bar chart ranking alternative work arrangements by usage.
    (Source: McLean & Company, N=44)

    Choose the alternative work arrangement that works best for you and the employee

    Alternative Work Arrangement

    Description

    Ideal Use

    Caveats
    Flexible work options Employees work the same number of hours but have flexibility in when and where they work (e.g. from home, evenings). Employees who work fairly independently, with no or few direct reports. Employee may become isolated or disconnected, impeding knowledge transfer methods that require interaction or one-on-one time.
    Contract-based work Working for a defined period of time on a specific project on a non-salaried or non-wage basis. Project-oriented work that requires specialized knowledge or skills. Available work may be sporadic or specific projects more intensive than the employee wants. Knowledge transfer must be built into the contractual arrangement.
    Part-time roles Half-days or a certain number of days per week; indefinite with no end date in mind. Employees whose roles can be readily narrowed and upon whom people and critical processes are not dependent. It may be difficult to break a traditionally full-time job down into a part-time role given the size and nature of associated tasks.
    Graduated retirement Retiring employee has a set retirement date, gradually reducing hours worked per week over time. Roles where a successor has been identified and is available to work alongside the incumbent in an overlapping capacity while he or she learns. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

    The arrangement chosen may be a combination of multiple options

    Alternative Work Arrangement

    Description

    Ideal Use

    Caveats

    Part-year jobs or job sharingWorking part of the year and having the rest of the year off, unpaid.Project-oriented work where ongoing external relationships do not need to be maintained. The employee is unavailable for knowledge transfer activities for a large portion of the year. Another risk is that the employee may opt not to return at the end of the extended time off, with little notice.
    Increased paid time offAdditional vacation days upon reaching a certain age.Best used as recognition or reward for long-term service. This may be a particularly useful retention incentive in organizations that do not offer pension plans. The company may not be able to financially afford to pay for such extensive time off. If the role incumbent is the only one in the role, this may mean crucial work is not being done.
    Altered rolesConcentration of a job description on fewer tasks that allows the employee to focus on his or her specific expertise.Roles where a successor has been identified and is available to work alongside the incumbent, with the incumbent’s new role highly focused on mentoring. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

    Alternative work arrangements require senior management support

    Senior management and other employees must see the value of retaining older workers, or they will not be supportive of these solutions.

    Any changes made to an employee’s work arrangement has an impact on people, processes, and policies.

    If the knowledge and skills of older employees aren’t valued, then:

    • Alternative arrangements will be seen as wasteful accommodation of a low-value employee.
    • Time won’t be allowed to manage the transition properly and make appropriate changes.
    • Other employees may resent any workload spillover.
    		 Alternate work arrangements can’t be implemented on a whim.

    Make sure alternative work arrangements can be done right and are supported – they’re often solutions that come with additional work. Determine the effects and make appropriate adjustments.

    • Review processes, particularly hand-off and approval points, to ensure tasks will still be handled seamlessly.
    • Assess organizational policies to ensure no violations are occurring or to rework policies (where possible) to accommodate alternative work arrangements.
    • Speak to affected employees to answer questions, identify obstacles, gain support, redefine their job descriptions if required, and make appropriate compensation adjustments. Always provide appropriate training when skills requirements are expanded.

    Step 3.3

    Document Role Transition Plans for all Key Roles

    Activities
    • 3.3.1 Document Role Transition Plans

    The primary goal of this step is to build clear checklist-based plans for each key role to help ensure a smooth transition as a successor takes over.

    Outcomes of this step

    • Completed key role transition plans

    Knowledge Transfer

    Step 3.1 Step 3.2 Step 3.3

    3.3.1 Document Role Transition Plans

    Input: Role profiles, Talent profiles, Talent assessments, Workforce plans

    Output: A clear checklist-based plan to help ensure a smooth transition.

    Materials: Role Transition Plan Template

    Participants: IT leadership/management team, Incumbent, Successor(s), HR

    Define a transition plan for all employees in at-risk key roles, and their successors.

    You should already have a good idea of what knowledge and skills are valued from the worksheets completed earlier. Focus on identifying the knowledge, skills, and relationships essential to the specific incumbent in a key role and what it is they do to perform that key role well.

    Using the Role Transition Plan Template develop a plan to transfer what needs to be transferred from the incumbent to the successor.

    1. Record the incumbent and successor information in the template.
    2. Summarize the key accountabilities and expectations of the incumbent’s role. This summary should highlight specific tasks and initiatives that the successor must take on, including success enablers. Attach the job description for a full description of accountabilities and expectations.
    3. Document the knowledge and skills requirements for the key role, as well as any additional knowledge and skills possessed by the key role incumbent that will aid the successor.
    4. Document any alternative work arrangements to the incumbent’s roles.
    5. Populate the Role Transition Checklist for key transition activities that must be completed by certain dates. A list of sample checklist items has been provided. Add, delete, or modify list items to suit your needs.

    Role Transition Plan Template

    DairyNZ leverages alternative work arrangements

    Ensures successful knowledge transfer
    INDUSTRY
    Agricultural research
    SOURCE
    Rose Macfarlane, General Manager Human Resources, DairyNZ
    Challenge
    • DairyNZ employs many people in specialized science research roles. Some very senior employees are international experts in their field.
    • Several experts have reached or are nearing retirement age. These pending retirements have come as no surprise.
    • However, due to the industry’s lack of development investment in the past, there is a 20–30-year experience gap in the organization for some key roles.
    		 Solution
    • One principal scientist gave over two years’ notice. His replacement – an external candidate – had been identified in advance and was hired once retirement notice was given.
    • The incumbent’s role was amended. He worked alongside his successor for 18 months in a controlled hand-over process.
    		 Results
    • The result was ideal in that the advance notice allowed full knowledge transfer to take place.

    Research Contributors and Experts

    Anne Roberts
    Principal, Leadership Within Inc. al,
    • Anne T. Roberts is an experienced organization development professional and executive business coach who works with leaders and their organizations to help them create, articulate and implement their change agenda. Her extensive experience in change management, organizational design, meeting design and facilitation, communication and leadership alignment has helped leaders tap into their creativity, drive and energy. Her ability to work with and coach people at the leadership level on a wide range of topics has them face their own organizational stories.
    		 Amanda Mathieson
    Senior Manager, Talent Management, Tangerine
    • Amanda is responsible for researching people- and leadership-focused trends, developing thought models, and providing resources, tools, and processes to build and drive the success of leaders in a disruptive world.
    • Her expertise in leadership development, organizational change management, and performance and talent management comes from her experience in various industries spanning pharmaceutical, retail insurance, and financial services. She takes a practical, experiential approach to people and leadership development that is grounded in adult learning methodologies and leadership theory. She is passionate about identifying and developing potential talent, as well as ensuring the success of leaders as they transition into more senior roles.

    Related Info-Tech Research

    Stock image of a brain. Mitigate Key IT Employee Knowledge Loss
    • Transfer IT knowledge before it’s gone.
    • Effective knowledge transfer mitigates risks from employees leaving the organization and is a key asset driving innovation and customer service.
    Stock image of sticky notes being organized on a board. Implement an IT Employee Development Plan
    • There is a growing gap between the competencies organizations have been focused on developing, and what is needed in the future.
    • Employees have been left to drive their own development, with little direction or support and without the alignment of development to organizational needs.

    Bibliography

    “Accommodating Older Workers’ Needs for Flexible Work Options.” Ivey Business Journal, July/August 2005. Accessed Jan 7, 2013.

    Christensen, Kathleen and Marcie Pitt-Catsouphes. “Approaching 65: A Survey of Baby Boomers Turning 65 Years Old”. AARP, Dec. 2010.

    Coyne, Kevin P. and Shawn T. Coyne. “The Baby Boomer Retirement Fallacy and What It Means to You. “ HBR Blog Network. Harvard Business Review, May 16, 2008. Accessed 8 Jan. 2013.

    Dwyer, Kevin and Ngoc Luong Dwyer. “Managing the Baby Boomer Brain Drain: The Impact of Generational Change on Human Resource Management.” ChangeFactory, April 2010. Accessed Jan 9, 2013.

    Gurchiek, Kathy. “Poll: Organizations Can Do More to Prepare for Talent Shortage as Boomers Retire.” SHRM, Nov 17, 2010. Accessed Jan 3, 2013.

    Howden, Daniel. “What Is Time to Fill? KPIs for Recruiters.” Workable, 24 March 2016. Web.

    Kapp, Karl M. “Tools and Techniques for Transferring Know-How from Boomers to Gamers.” Global Business and Organizational Excellence, July/August 2007. Web.

    Piktialis, Diane and Kent A. Greenes. Bridging the Gaps: How to Transfer Knowledge in Today’s Multigenerational Workplace. The Conference Board, 2008.

    Pisano, Gary P. “You need an Innovation Strategy.” Harvard Business Review, June 2015.

    Vilet, Jacque. “Lost Knowledge – What Are You and Your Organization Doing About It?” TLNT, 25 April 2012. Accessed 5 Jan. 2013.

    Responsibly Resume IT Operations in the Office

    • Buy Link or Shortcode: {j2store}423|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity

    Having shifted operations almost overnight to a remote work environment, and with the crisis management phase of the COVID-19 pandemic winding down, IT leaders and organizations are faced with the following issues:

    • A reduced degree of control with respect to the organization’s assets.
    • Increased presence of unapproved workaround methods, including applications and devices not secured by the organization.
    • Pressure to resume operations at pre-pandemic cadence while still operating in recovery mode.
    • An anticipated game plan for restarting the organization’s project activities.

    Our Advice

    Critical Insight

    An organization’s shift back toward the pre-pandemic state cannot be carried out in isolation. Things have changed. Budgets, resource availability, priorities, etc., will not be the same as they were in early March. Organizations must ensure that all departments work collaboratively to support office repatriation. IT must quickly identify the must-dos to allow safe return to the office, while prioritizing tasks relating to the repopulation of employees, technical assets, and operational workloads via an informed and streamlined roadmap.

    As employees return to the office, PMO and portfolio leaders must sift through unclear requirements and come up with a game plan to resume project activities mid-pandemic. You need to develop an approach, and fast.

    Impact and Result

    Responsibly resume IT operations in the office:

    • Evaluate risk tolerance
    • Prepare to repatriate people to the office
    • Prepare to repatriate assets to the office
    • Prepare to repatriate workloads to the office
    • Prioritize your tasks and build your roadmap

    Quickly restart the engine of your PPM:

    • Restarting the engine of the project portfolio won’t be as simple as turning a key and hitting the gas. The right path forward will differ for every project portfolio practice.
    • Therefore, in this publication we put forth a multi-pass approach that PMO and portfolio managers can follow depending on their unique situations and needs.
    • Each approach is accompanied by a checklist and recommendations for next steps to get you on right path fast.

    Responsibly Resume IT Operations in the Office Research & Tools

    Start here – read the Executive Brief

    As the post-pandemic landscape begins to take shape, ensure that IT can effectively prepare and support your employees as they move back to the office.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evaluate your new risk tolerance

    Identify the new risk landscape and risk tolerance for your organization post-pandemic. Determine how this may impact the second wave of pandemic transition tasks.

    • Responsibly Resume IT Operations in the Office – Phase 1: Evaluate Your New Risk Tolerance
    • Resume Operations Information Security Pressure Analysis Tool

    2. Repatriate people to the office

    Prepare to return your employees to the office. Ensure that IT takes into account the health and safety of employees, while creating an efficient and sustainable working environment

    • Responsibly Resume IT Operations in the Office – Phase 2: Repatriate People to the Office
    • Mid-Pandemic IT Prioritization Tool

    3. Repatriate assets to the office

    Prepare the organization's assets for return to the office. Ensure that IT takes into account the off-license purchases and new additions to the hardware family that took place during the pandemic response and facilitates a secure reintegration to the workplace.

    • Responsibly Resume IT Operations in the Office – Phase 3: Repatriate Assets to the Office

    4. Repatriate workloads to the office

    Prepare and position IT to support workloads in order to streamline office reintegration. This may include leveraging pre-existing solutions in different ways and providing additional workstreams to support employee processes.

    • Responsibly Resume IT Operations in the Office – Phase 4: Repatriate Workloads to the Office

    5. Prioritize your tasks and build the roadmap

    Once you've identified IT's supporting tasks, it's time to prioritize. This phase walks through the activity of prioritizing based on cost/effort, alignment to business, and security risk reduction weightings. The result is an operational action plan for resuming office life.

    • Responsibly Resume IT Operations in the Office – Phase 5: Prioritize Your Tasks and Build the Roadmap

    6. Restart the engine of your project portfolio

    Restarting the engine of the project portfolio mid-pandemic won’t be as simple as turning a key and hitting the gas. Use this concise research to find the right path forward for your organization.

    • Restart the Engine of Your Project Portfolio
    [infographic]

    Modernize Your SDLC

    • Buy Link or Shortcode: {j2store}148|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $30,263 Average $ Saved
    • member rating average days saved: 39 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Today’s rapidly scaling and increasingly complex products create mounting pressure on delivery teams to release new features and changes quickly and with sufficient quality.
    • Many organizations lack the critical capabilities and resources needed to satisfy their growing backlog, jeopardizing product success.

    Our Advice

    Critical Insight

    • Delivery quality and throughput go hand in hand. Focus on meeting minimum process and product quality standards first. Improved throughput will eventually follow.
    • Business integration is not optional. The business must be involved in guiding delivery efforts, and ongoing validation and verification product changes.
    • The software development lifecycle (SDLC) must deliver more than software. Business value is generated through the products and services delivered by your SDLC. Teams must provide the required product support and stakeholders must be willing to participate in the product’s delivery.

    Impact and Result

    • Standardize your definition of a successful product. Come to an organizational agreement of what defines a high-quality and successful product. Accommodate both business and IT perspectives in your definition.
    • Clarify the roles, processes, and tools to support business value delivery and satisfy stakeholder expectations. Indicate where and how key roles are involved throughout product delivery to validate and verify work items and artifacts. Describe how specific techniques and tools are employed to meet stakeholder requirements.
    • Focus optimization efforts on most affected stages. Reveal the health of your SDLC from the value delivery, business and technical practice quality standards, discipline, throughput, and governance perspectives with a diagnostic. Identify and roadmap the solutions to overcome the root causes of your diagnostic results.

    Modernize Your SDLC Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should modernize your SDLC, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Set your SDLC context

    State the success criteria of your SDLC practice through the definition of product quality and organizational priorities. Define your SDLC current state.

    • Modernize Your SDLC – Phase 1: Set Your SDLC Context
    • SDLC Strategy Template

    2. Diagnose your SDLC

    Build your SDLC diagnostic framework based on your practice’s product and process objectives. Root cause your improvement opportunities.

    • Modernize Your SDLC – Phase 2: Diagnose Your SDLC
    • SDLC Diagnostic Tool

    3. Modernize your SDLC

    Learn of today’s good SDLC practices and use them to address the root causes revealed in your SDLC diagnostic results.

    • Modernize Your SDLC – Phase 3: Modernize Your SDLC
    [infographic]

    Workshop: Modernize Your SDLC

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Set Your SDLC Context

    The Purpose

    Discuss your quality and product definitions and how quality is interpreted from both business and IT perspectives.

    Review your case for strengthening your SDLC practice.

    Review the current state of your roles, processes, and tools in your organization.

    Key Benefits Achieved

    Grounded understanding of products and quality that is accepted across the organization.

    Clear business and IT objectives and metrics that dictate your SDLC practice’s success.

    Defined SDLC current state people, process, and technologies.

    Activities

    1.1 Define your products and quality.

    1.2 Define your SDLC objectives.

    1.3 Measure your SDLC effectiveness.

    1.4 Define your current SDLC state.

    Outputs

    Product and quality definitions.

    SDLC business and technical objectives and vision.

    SDLC metrics.

    SDLC capabilities, processes, roles and responsibilities, resourcing model, and tools and technologies.

    2 Diagnose Your SDLC

    The Purpose

    Discuss the components of your diagnostic framework.

    Review the results of your SDLC diagnostic.

    Key Benefits Achieved

    SDLC diagnostic framework tied to your SDLC objectives and definitions.

    Root causes to your SDLC issues and optimization opportunities.

    Activities

    2.1 Build your diagnostic framework.

    2.2 Diagnose your SDLC.

    Outputs

    SDLC diagnostic framework.

    Root causes to SDLC issues and optimization opportunities.

    3 Modernize Your SDLC

    The Purpose

    Discuss the SDLC practices used in the industry.

    Review the scope and achievability of your SDLC optimization initiatives.

    Key Benefits Achieved

    Knowledge of good practices that can improve the effectiveness and efficiency of your SDLC.

    Realistic and achievable SDLC optimization roadmap.

    Activities

    3.1 Learn and adopt SDLC good practices.

    3.2 Build your optimization roadmap.

    Outputs

    Optimization initiatives and target state SDLC practice.

    SDLC optimization roadmap, risks and mitigations, and stakeholder communication flow.

    Spread Best Practices With an Agile Center of Excellence

    • Buy Link or Shortcode: {j2store}152|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $97,499 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Your organization is looking to create consistency across all Agile teams to drive greater business results and alignment.
    • You are seeking to organically grow Agile capabilities within the organization through a set of support structures and facilitated through shared learning and capabilities.

    Our Advice

    Critical Insight

    • Social capital can be an enabler, but also a barrier. People can only manage a finite number of relationships; ensure that the connections the Center of Excellence (CoE) facilitates are purposeful.
    • Don’t over govern. Empowerment is critical to enable improvements; set boundaries and let teams work inside them with autonomy.
    • Legitimize through listening. A CoE will not be leveraged unless it aligns with the needs of its users. Invest the time to align with the functional expectations of your Agile teams.

    Impact and Result

    • Create a set of service offerings aligned with both corporate objectives and the functional expectations of its customers to ensure broad support and utility of the invested resources.
    • Understand some of the cultural and processual challenges you will face when forming a center of excellence, and address them using Info-Tech’s Agile adoption model.

    Spread Best Practices With an Agile Center of Excellence Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build an Agile Center of Excellence, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Strategically align the Center of Excellence

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision.

    • Spread Best Practices With an Agile Center of Excellence – Phase 1: Strategically Align the Center of Excellence

    2. Standardize the Center of Excellence’s service offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization.

    • Spread Best Practices With an Agile Center of Excellence – Phase 2: Standardize the Center of Excellence’s Service Offerings

    3. Operate the Center of Excellence

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change.

    • Spread Best Practices With an Agile Center of Excellence – Phase 3: Operationalize Your Agile Center of Excellence
    • ACE Satisfaction Survey
    • CoE Maturity Diagnostic Tool
    • ACE Benefits Tracking Tool
    • ACE Communications Deck
    [infographic]

    Workshop: Spread Best Practices With an Agile Center of Excellence

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Determine Vision of CoE

    The Purpose

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision.

    Understand how your key stakeholders will impact the longevity of your CoE.

    Determine your CoE structure and staff.

    Key Benefits Achieved

    Top-down alignment with strategic aims of the organization.

    A set of high-level use cases to form the CoE’s service offerings around.

    Visualization of key stakeholders, with their current and desired power and involvement documented.

    Activities

    1.1 Identify and prioritize organizational business objectives.

    1.2 Form use cases for the points of alignment between your Agile Center of Excellence (ACE) and business objectives.

    1.3 Prioritize your ACE stakeholders.

    Outputs

    Prioritized business objectives

    Business-aligned use cases to form CoE’s service offerings

    Stakeholder map of key influencers

    2 Define Service Offerings of CoE

    The Purpose

    Document the functional expectations of the Agile teams.

    Refine your business-aligned use cases with your collected data to achieve both business and functional alignment.

    Create a capability map that visualizes and prioritizes your key service offerings.

    Key Benefits Achieved

    Understanding of some of the identified concerns, pain points, and potential opportunities from your stakeholders.

    Refined use cases that define the service offerings the CoE provides to its customers.

    Prioritization for the creation of service offerings with a capability map.

    Activities

    2.1 Classified pains and opportunities.

    2.2 Refine your use cases to identify your ACE functions and services.

    2.3 Visualize your ACE functions and service offerings with a capability map.

    Outputs

    Classified pains and opportunities

    Refined use cases based on pains and opportunities identified during ACE requirements gathering

    ACE Capability Map

    3 Define Engagement Plans

    The Purpose

    Align service offerings with an Agile adoption model so that teams have a structured way to build their skills.

    Standardize the way your organization will interact with the Center of Excellence to ensure consistency in best practices.

    Key Benefits Achieved

    Mechanisms put in place for continual improvement and personal development for your Agile teams.

    Interaction with the CoE is standardized via engagement plans to ensure consistency in best practices and predictability for resourcing purposes.

    Activities

    3.1 Further categorize your use cases within the Agile adoption model.

    3.2 Create an engagement plan for each level of adoption.

    Outputs

    Adoption-aligned service offerings

    Role-based engagement plans

    4 Define Metrics and Plan Communications

    The Purpose

    Develop a set of metrics for the CoE to monitor business-aligned outcomes with.

    Key Benefits Achieved

    The foundations of continuous improvement are established with a robust set of Agile metrics.

    Activities

    4.1 Define metrics that align with your Agile business objectives.

    4.2 Define target ACE performance metrics.

    4.3 Define Agile adoption metrics.

    4.4 Assess the interaction and communication points of your Agile team.

    4.5 Create a communication plan for change.

    Outputs

    Business objective-aligned metrics

    CoE performance metrics

    Agile adoption metrics

    Assessment of organizational design

    CoE communication plan

    Further reading

    Spread Best Practices With an Agile Center of Excellence

    Achieve ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    ANALYST PERSPECTIVE

    "Inconsistent processes and practices used across Agile teams is frequently cited as a challenge to adopting and scaling Agile within organizations. (VersionOne’s 13th Annual State of Agile Report [N=1,319]) Creating an Agile Center of Excellence (ACE) is a popular way to try to impose structure and improve performance. However, simply establishing an ACE does not guarantee you will be successful with Agile. When setting up an ACE you must: Define ACE services based on identified stakeholder needs. Staff the ACE with respected, “hands on” people, who deliver identifiable value to your Agile teams. Continuously evolve ACE service offerings to maximize stakeholder satisfaction and value delivered."

    Alex Ciraco, Research Director, Applications Practice Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • A CIO who is looking for a way to optimize their Agile capabilities and ensure ongoing alignment with business objectives.
    • An applications director who is looking for mechanisms to inject continuous improvement into organization-wide Agile practices.

    This Research Will Help You:

    • Align your Agile support structure with business objectives and the functional expectations of its users.
    • Standardize the ways in which Agile teams develop and learn to create consistency in purpose and execution.
    • Track and communicate successes to ensure the long-term viability of an Agile Center of Excellence (ACE).

    This Research Will Also Assist

    • Project managers who are tasked with managing Agile projects.
    • Application development managers who are struggling with establishing consistency, transparency, and collaboration across their teams.

    This Research Will Help Them:

    • Provide service offerings to their team members that will help them personally and collectively to develop desired skills.
    • Provide oversight and transparency into Agile projects and outcomes through ongoing monitoring.

    Executive summary

    Situation

    • Your organization has had some success with Agile, but needs to drive consistency across Agile teams for better business results and alignment.
    • You are seeking to organically grow Agile capabilities within the organization through a set of support services and facilitated through shared learning and capabilities.

    Complication

    • Organizational constraints, culture clash, and lack of continuous top-down support are hampering your Agile growth and maturity.
    • Attempts to create consistency across Agile teams and processes fail to account for the expectations of users and stakeholders, leaving them detached from projects and creating resistance.

    Resolution

    • Align the service offerings of your ACE with both corporate objectives and the functional expectations of its stakeholders to ensure broad support and utilization of the invested resources.
    • Understand some of the culture and process challenges you will face when forming an ACE, and address them using Info-Tech’s Agile adoption journey model.
    • Track the progress of the ACE and your Agile teams. Use this data to find root causes for issues, and ideate to implement solutions for challenges as they arise over time.
    • Effectively define and propagate improvements to your Agile teams in order to drive business-valued results.
    • Communicate progress to interested stakeholders to ensure long-term viability of the Center of Excellence (CoE).

    Info-Tech Insight

    1. Define ACE services based on stakeholder needs.Don’t assume you know what your stakeholders need without talking to them.
    2. Staff the ACE strategically. Choose those who are thought leaders and proven change agents.
    3. Continuously improve based on metrics and feedback.Constantly monitor how your ACE is performing and adjust to feedback.

    Info-Tech’s Agile Journey related Blueprints

    1. Stabilize

    Implement Agile Practices That Work

    Begin your Agile transformation with a comprehensive readiness assessment and a pilot project to adopt Agile development practices and behaviors that fit.

    2. Sustain

    YOU ARE HERE

    Spread Best Practices with an Agile Center of Excellence

    Form an ACE to support Agile development at all levels of the organization with thought leadership, strategic development support & process innovation.

    3. Scale

    Enable Organization-Wide Collaboration by Scaling Agile

    Extend the benefits of your Agile pilot project into your organization by strategically scaling Agile initiatives that will meet stakeholders’ needs.

    4. Satisfy

    Transition to Product Delivery Introduce product-centric delivery practices to drive greater benefits and better delivery outcomes.

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    2.1 Define an adoption plan for Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives

    Supporting Capabilities and Practices

    Modernize Your SDLC

    Remodel the stages of your lifecycle to standardize your definition of a successful product.

    Build a Strong Foundation for Quality

    Instill quality assurance practices and principles in each stage of your software development lifecycle.

    Implement DevOps Practices That Work

    Fix, deploy, and support applications quicker though development and operations collaboration.

    What is an Agile Center of Excellence?

    NOTE: Organizational change is hard and prone to failure. Determine your organization’s level of readiness for Agile transformation (and recommended actions) by completing Info-Tech’s Agile Transformation Readiness Tool.

    An ACE amplifies good practices that have been successfully employed within your organization, effectively allowing you to extend the benefits obtained from your Agile pilot(s) to a wider audience.

    From the viewpoint of the business, members of the ACE provide expertise and insights to the entire organization in order to facilitate Agile transformation and ensure standard application of Agile good practices.

    From the viewpoint of your Agile teams, it provides a community of individuals that share experiences and lessons learned, propagate new ideas, and raise questions or concerns so that delivering business value is always top of mind.

    An ACE provides the following:

    1. A mechanism to gather thought leadership to maximize the accessibility and reach of your Agile investment.
    2. A mechanism to share innovations and ideas to facilitate knowledge transfer and ensure broadly applicable innovations do not go to waste.
    3. Strategic alignment to ensure that Agile practices are driving value towards business objectives.
    4. Purposeful good practices to ensure that the service offerings provided align with expectations of both your Agile practitioners and stakeholders.

    SIDEBAR: What is a Community of Practice? (And how does it differ from a CoE?)

    Some organizations prefer Communities of Practice (CoP) to Centers of Excellence (CoE). CoPs are different from CoEs:

    A CoP is an affiliation of people who share a common practice and who have a desire to further the practice itself … and of course to share knowledge, refine best practices, and introduce standards. CoPs are defined by their domain of interest, but the membership is a social structure comprised of volunteer practitioners

    – Wenger, E., R. A. McDermott, et al. (2002) Cultivating communities of practice: A guide to managing knowledge, Harvard Business Press.

    CoPs differ from a CoE mainly in that they tend to have no geographical boundaries, they hold no hierarchical power within a firm, and they definitely can never have structure determined by the company. However, one of the most obvious and telling differences lies in the stated motive of members – CoPs exist because they have active practitioner members who are passionate about a specific practice, and the goals of a CoP are to refine and improve their chosen domain of practice – and the members provide discretionary effort that is not paid for by the employer

    – Matthew Loxton (June 1, 2011) CoP vs CoE – What’s the difference, and Why Should You Care?, Wordpress.com

    What to know about CoPs:

    1. Less formal than a CoE
      • Loosely organized by volunteer practitioners who are interested in advancing the practice.
    2. Not the Authoritative Voice
      • Stakeholders engage the CoP voluntarily, and are not bound by them.
    3. Not funded by Organization
      • CoP members are typically volunteers who provide support in addition to their daily responsibilities.
    4. Not covered in this Blueprint
      • In depth analysis on CoPs is outside the scope of this Blueprint.

    What does an ACE do? Six main functions derived from Info-Tech’s CLAIM+G Framework

    1. Learning
    • Provide training and development and enable engagement based on identified interaction points to foster organizational growth.
  • Tooling
    • Promote the use of standardized tooling to improve efficiency and consistency throughout the organization.
  • Supporting
    • Enable your Agile teams to access subject-matter expertise by facilitating knowledge transfer and documenting good practices.
  • Governing
    • Create operational boundaries for Agile teams, and monitor their progress and ability to meet business objectives within these boundaries.
  • Monitoring
    • Demonstrate the value the CoE is providing through effective metric setting and ongoing monitoring of Agile’s effectiveness.
  • Guiding
    • Provide guidance, methodology, and knowledge for teams to leverage to effectively meet organizational business objectives.

    • Many organizations encounter challenges to scaling Agile

    Tackle the following barriers to Agile adoption with a business-aligned ACE.

    List based on reported impediments from VersionOne’s 13th Annual State of Agile Report (N=1,319)

    1. Organizational culture at odds with Agile values
    • The ACE identifies and measures the value of Agile to build support from senior business leaders for shifting the organizational culture and achieving tangible business benefits.
  • General organizational resistance to change
    • Resistance comes from a lack of trust. Optimized value delivery from Info-Tech’s Agile adoption model will build the necessary social capital to drive cultural change.
  • Inadequate management support and sponsorship
    • Establishing an ACE will require senior management support and sponsorship. Its formation sends a strong signal to the organizational leadership that Agile is here to stay.
  • Lack of skills/experience with Agile methods
    • The ACE provides a vehicle to absorb external training into an internal development program so that Agile capabilities can be grown organically within the organization.
  • Inconsistent processes and practices across teams
    • The ACE provides support to individual Agile teams and will guide them to adopt consistent processes and practices which have a proven track record in the organization.
  • Insufficient training and education
    • The ACE will assist teams with obtaining the Agile skills training they need to be effective in the organization, and support a culture of continuous learning.

    • Overcome your Agile scaling challenges with a business aligned ACE

    An ACE drives consistency and transparency without sacrificing the ability to innovate. It can build on the success of your Agile pilot(s) by encouraging practices known to work in your organization.

    Support Agile Teams

    Provide services designed to inject evolving good practices into workflows and remove impediments or roadblocks from your Agile team’s ability to deliver value.

    Maintain Business Alignment

    Maintain alignment with corporate objectives without impeding business agility in the long term. The ACE functions as an interface layer so that changing expectations can be adapted without negatively impacting Agile teams.

    Facilitate Learning Events

    Avoid the risk of innovation and subject-matter expertise being lost or siloed by facilitating knowledge transfer and fostering a continuous learning environment.

    Govern Improvements

    Set baselines, monitor metrics, and run retrospectives to help govern process improvements and ensure that Agile teams are delivering expected benefits.

    Shift Culture

    Instill Agile thinking and behavior into the organization. The ACE must encourage innovation and be an effective agent for change.

    Use your ACE to go from “doing” Agile to “being” Agile

    Organizations that do Agile without embracing the changes in behavior will not reap the benefits.

    Doing what was done before

    • Processes and Tools
    • Comprehensive Documentation
    • Contract Negotiation
    • Following a Plan

    Being Prescriptive

    Going through the motions

    • Uses SCRUM and tools such as Jira
    • Plans multiple sprints in detail
    • Talks to stakeholders once in a release
    • Works off a fixed scope BRD

    Doing Agile

    Living the principles

    • Individuals and Interactions
    • Working Software
    • Customer Collaboration
    • Responding to Change

    Being Agile

    “(‘Doing Agile’ is) just some rituals but without significant change to support the real Agile approach as end-to-end, business integration, value focus, and team empowerment.” - Arie van Bennekum

    Establishing a CoE does not guarantee success

    Simply establishing a Center of Excellence for any discipline does not guarantee its success:

    The 2019 State of DevOps Report found that organizations which had established DevOps CoEs underperformed compared to organizations which adopted other approaches for driving DevOps transformation. (Accelerate State of DevOps Report 2019 [N=~1,000])

    Still, Agile Centers of Excellence can and do successfully drive Agile adoption in organizations. So what sets the successful examples apart from the others? Here’s what some have to say:

    The ACE must be staffed with qualified people with delivery experience! … [It is] effectively a consulting practice, that can evolve and continuously improve its services … These services are collectively about ‘enablement’ as an output, more than pure training … and above all, the ability to empirically measure the progress” – Paul Blaney, TD Bank

    “When leaders haven’t themselves understood and adopted Agile approaches, they may try to scale up Agile the way they have attacked other change initiatives: through top-down plans and directives. The track record is better when they behave like an Agile team. That means viewing various parts of the organization as their customers.” – HBR, “Agile at Scale”

    “the Agile CoE… is truly meant to be measured by the success of all the other groups, not their own…[it] is meant to be serving the teams and helping them improve, not by telling them what to do, but rather by listening, understanding and helping them adapt.” - Bart Gerardi, PMI

    The CoE must also avoid becoming static, as it’s crucial the team can adjust as quickly as business and customer needs change, and evolve the technology as necessary to remain competitive.” – Forbes, “RPA CoE (what you need to know)”

    "The best CoEs are formed from thought leaders and change agents within the CoE domain. They are the process and team innovators who will influence your CoE roadmap and success. Select individuals who feel passionate about Agile." – Hans Eckman, InfoTech

    To be successful with your ACE, do the following…

    Info-Tech Insight

    Simply establishing an Agile Center of Excellence does not guarantee its success. When setting up your ACE, optimize its impact on the organization by doing the following 3 things:

    1. Define ACE services based on stakeholder needs. Be sure to broadly survey your stakeholders and identify the ACE functions and services which will best meet their needs. ACE services must clearly deliver business value to the organization and the Agile teams it supports.
    2. Staff the ACE strategically. Select ACE team members who have real world, hands-on delivery experience, and are well respected by the Agile teams they will serve. Where possible, select internal thought leaders in your organization who have the credibility needed to effect positive change.
    3. Continuously improve ACE services based on metrics and feedback. The value your ACE brings to the organization must be clear and measurable, and do not assume that your functions and services will remain static. You must regularly monitor both your metrics and feedback from your Agile teams, and adjust ACE behavior to improve/maximize these over time.

    Spread Best Practices With an Agile Center of Excellence

    This blueprint will walk you through the steps needed to build the foundations for operational excellence within an Agile Center of Excellence.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Info-Tech’s Practice Adoption Journey

    Use Info-Tech’s Practice Adoption Journey model to establish your ACE. Building social capital (stakeholders’ trust in your ability to deliver positive outcomes) incrementally is vital to ensure that everyone is aligned to new mindsets and culture as your Agile practices scale.

    Trust & Competency ↓

    DEFINE

    Begin to document your development workflow or value chain, implement a tracking system for KPIs, and start gathering metrics and reporting them transparently to the appropriate stakeholders.

    ITERATE

    Use collected metrics and retrospectives to stabilize team performance by reducing areas of variability in your workflow and increasing the consistency at which targets are met.

    COLLABORATE

    Use information to support changes and adopt appropriate practices to make incremental improvements to the existing environment.

    EMPOWER

    Drive behavioral and cultural changes that will empower teams to be accountable for their own success and learning.

    INNOVATE

    Use your built-up trust and support practice innovation, driving the definition and adoption of new practices.

    Align your ACE with your organization’s strategy

    This research set will assist you with aligning your ACEs services to the objectives of the business in order to justify the resources and funding required by your Agile program.

    Business Objectives → Alignment ←ACE Functions

    Business justification to continue to fund a Center of Excellence can be a challenge, especially with traditional thinking and rigid stakeholders. Hit the ground running and show value to your key influencers through business alignment and metrics that will ensure that the ACE is worth continuous investment.

    Alignment leads to competitive advantage

    The pace of change in customer expectations, competitive landscapes, and business strategy is continuously increasing. It is critical to develop a method to facilitate ongoing alignment to shifting business and development expectations seamlessly and ensure that your Agile teams are able to deliver expected business value.

    Use Info-Tech’s CoE Operating Model to define the service offerings of your ACE

    Understand where your inputs and outputs lie to create an accessible set of service offerings for your Agile teams.

    The image shows a graphic of the COE Operating Model, showing the inputs and outputs, including Other CoEs (at top); Stakeholder Needs (at left); Metrics and Feedback (at bottom); and ACE Functions and Services (at right)

    Continuously improve the ACE to ensure long-term viability

    Improvement involves the continuous evaluation of the performance of your teams, using well-defined metrics and reasonable benchmarks that are supplemented by analogies and root-cause analysis in retrospectives.

    Monitor

    Monitor your metrics to ensure desired benefits are being realized. The ACE is responsible for ensuring that expected Agile benefits are achievable and on track. Monitor against your defined baselines to create transparency and accountability for desired outcomes.

    Iterate

    Run retrospectives to drive improvements and fixes into Agile projects and processes. Metrics falling short of expectations must be diagnosed and their root causes found, and fixes need to be communicated and injected back into the larger organization.

    Define

    Define metrics and set targets that align with the goals of the ACE. These metrics represent the ACEs expected value to the organization and must be measured against on a regular basis to demonstrate value to your key stakeholders.

    Beware the common risks of implementing your ACE

    Culture clash between Agile teams and larger organization

    Agile leverages empowered teams, meritocracy, and broad collaboration for success, but typical organizations are siloed and hierarchical with top down decision making. There needs to be a plan to enable a smooth transition from the current state towards the Agile target state.

    Persistence of tribal knowledge

    Agile relies on easy and open knowledge sharing, but organizational knowledge can sit in siloes. Employees may also try to protect their expertise for job security. It is important to foster knowledge sharing to ensure that critical know-how is accessible and doesn’t leave the organization with the individual.

    Rigid management structures

    Rigidity in how managers operate (performance reviews, human resource management, etc.) can result in cultural rejection of Agile. People need to be assessed on how they enable their teams rather than as individual contributors. This can help ensure that they are given sufficient opportunities to succeed. More support and less strict governance is key.

    Breakdown due to distributed teams

    When face-to-face interactions are challenging, ensure that you invest in the right communication technologies and remove cultural and process impediments to facilitate organization-wide collaboration. Alternative approaches like using documentation or email will not provide the same experience and value as a face-to-face conversation.

    The State of Maine used an ACE to foster positive cultural change

    CASE STUDY

    Industry - Government

    Source - Cathy Novak, Agile Government Leadership

    The State of Maine’s Agile Center of Excellence

    “The Agile CoE in the State of Maine is completely focused on the discipline of the methodology. Every person who works with Agile, or wants to work with Agile, belongs to the CoE. Every member of the CoE tells the same story, approaches the methodology the same way, and uses the same tools. The CoE also functions as an Agile research lab, experimenting with different standards and tools.

    The usual tools of project management – mission, goals, roles, and a high-level definition of done – can be found in Maine’s Agile CoE. For story mapping, teams use sticky notes on a large wall or whiteboard. Demonstrating progress this way provides for positive team dynamics and a psychological bang. The State of Maine uses a project management framework that serves as its single source of truth. Everyone knows what’s going on at all times and understands the purpose of what they are doing. The Agile team is continually looking for components that can be reused across other agencies and programs.”

    Results:

    • Realized positive culture change, leading to more collaborative and supportive teams.
    • Increased visibility of Agile benefits across functional groups.
    • Standardized methodology across Agile teams and increased innovation and experimentation with new standards and tools.
    • Improved traceability of projects.
    • Increased visibility and ability to determine root causes of problems and right the course when outcomes are not meeting expectations.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Spread Best Practices With an Agile Center of Excellence – project overview

    1. Strategically align the Center of Excellence 2. Standardize the CoEs service offerings 3. Operate the Center of Excellence
    Best-Practice Toolkit

    1.1 Determine the vision of your ACE.

    1.2 Define the service offerings of your ACE.

    2.1 Define an adoption plan for your Agile teams.

    2.2 Create an ACE engagement plan.

    2.3 Define metrics to measure success.

    3.1 Optimize the success of your ACE.

    3.2 Plan change to enhance your Agile initiatives.

    3.3 Conduct ongoing retrospectives of your ACE.

    Guided Implementations
    • Align your ACE with the business.
    • Align your ACE with its users.
    • Dissect the key attributes of Agile adoption.
    • Form engagement plans for your Agile teams.
    • Discuss effective ACE metrics.
    • Conduct a baseline assessment of your Agile environment.
    • Interface ACE with your change management function.
    • Build a communications deck for key stakeholders.
    Onsite Workshop Module 1: Strategically align the ACE Module 2: Standardize the offerings of the ACE Module 3: Prepare for organizational change
    Phase 1 Outcome: Create strategic alignment between the CoE and organizational goals.

    Phase 2 Outcome: Build engagement plans and key performance indicators based on a standardized Agile adoption plan.

    		Phase 3 Outcome: Operate the CoEs monitoring function, identify improvements, and manage the change needed to continuously improve.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Module 1 Workshop Module 2 Workshop Module 3 Workshop Module 4
    Activities

    Determine vision of CoE

    1.1 Identify and prioritize organizational business objectives.

    1.2 Form use cases for the points of alignment between your ACE and business objectives.

    1.3 Prioritize your ACE stakeholders.

    Define service offerings of CoE

    2.1 Form a solution matrix to organize your pain points and opportunities.

    2.2 Refine your use cases to identify your ACE functions and services.

    2.3 Visualize your ACE functions and service offerings with a capability map.

    Define engagement plans

    3.1 Further categorize your use cases within the Agile adoption model.

    3.2 Create an engagement plan for each level of adoption.

    Define metrics and plan communications

    4.1 Define metrics that align with your Agile business objectives.

    4.2 Define target ACE performance metrics.

    4.3 Define Agile adoption metrics.

    4.4 Assess the interaction and communication points of your Agile team.

    4.5 Create a communication plan for change.

    Deliverables
    1. Prioritized business objectives
    2. Business-aligned use cases to form CoEs service offerings
    3. Prioritized list of stakeholders
    1. Classified pains and opportunities
    2. Refined use cases based on pains and opportunities identified during ACE requirements gathering
    3. ACE capability map
    1. Adoption-aligned service offerings
    2. Role-specific engagement plans
    1. Business objective-aligned metrics
    2. ACE performance metrics
    3. Agile adoption metrics
    4. Assessment of organization design
    5. ACE Communication Plan

    Phase 1

    Strategically Align the Center of Excellence

    Spread Best Practices With an Agile Center of Excellence

    Begin by strategically aligning your Center of Excellence

    The first step to creating a high-functioning ACE is to create alignment and consensus amongst your key stakeholders regarding its purpose. Engage in a set of activities to drill down into the organization’s goals and objectives in order to create a set of high-level use cases that will evolve into the service offerings of the ACE.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Strategically align the ACE

    Proposed Time to Completion (in weeks): 1

    Step 1.1: Determine the vision of your ACE

    Start with an analyst kick off call:

    • Align your ACE with the business.

    Then complete these activities…

    1.1.1 Optional: Baseline your ACE maturity.

    1.1.2 Identify and prioritize organizational business objectives.

    1.1.3 Form use cases for the points of alignment between your ACE and business objectives.

    1.1.4 Prioritize your ACE stakeholders.

    1.1.5 Select a centralized or decentralized model for your ACE.

    1.1.6 Staff your ACE strategically.

    Step 1.2: Define the service offerings of your ACE

    Start with an analyst kick off call:

    • Align your ACE with its users.

    Then complete these activities…

    1.2.1 Form the Center of Excellence.

    1.2.2 Gather and document your existing Agile practices for the CoE.

    1.2.3 Interview stakeholders to align ACE requirements with functional expectations.

    1.2.4 Form a solution matrix to organize your pain points and opportunities.

    1.2.5 Refine your use cases to identify your ACE functions and services.

    1.2.6 Visualize your ACE functions and service offerings with a capability map.

    Phase 1 Results & Insights:

    • Aligning your ACE with the functional expectations of its users is just as critical as aligning with the business. Invest the time to understand how the ACE fits at all levels of the organization to ensure its highest effectiveness.

    Phase 1, Step 1: Determine the vision of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    1.1.1 Optional: Baseline your ACE maturity.

    1.1.2 Identify and prioritize organizational business objectives.

    1.1.3 Form use cases for the points of alignment between your ACE and business objectives.

    1.1.4 Prioritize your ACE stakeholders.

    1.1.5 Select a centralized or decentralized model for your ACE.

    1.1.6 Staff your ACE strategically.

    Outcomes:

    • Gather your leadership to position the ACE and align it with business priorities.
    • Form a set of high-level use cases for services that will support the enablement of business priorities.
    • Map the stakeholders of the ACE to visualize expected influence and current support levels for your initiative.

    What does an ACE do? Six main functions derived from Info-Tech’s CLAIM+G Framework

    1. Learning
    • Provide training and development and enable engagement based on identified interaction points to foster organizational growth.
  • Tooling
    • Promote the use of standardized tooling to improve efficiency and consistency throughout the organization.
  • Supporting
    • Enable your Agile teams to access subject-matter expertise by facilitating knowledge transfer and documenting good practices.
  • Governing
    • Create operational boundaries for Agile teams, and monitor their progress and ability to meet business objectives within these boundaries.
  • Monitoring
    • Demonstrate the value the CoE is providing through effective metric setting and ongoing monitoring of Agile’s effectiveness.
  • Guiding
    • Provide guidance, methodology, and knowledge for teams to leverage to effectively meet organizational business objectives.

    • OPTIONAL: If you have an existing ACE, use Info-Tech’s CoE Maturity Diagnostic Tool to baseline current practices

    1.1.1 Existing CoE Maturity Assessment

    Purpose

    If you already have established an ACE, use Info-Tech’s CoE Maturity Diagnostic Tool to baseline its current maturity level (this will act as a baseline for comparison after you complete this Blueprint). Assessing your ACEs maturity lets you know where you currently are, and where to look for improvements.

    Steps

    1. Download the CoE Maturity Diagnostic Tool to assess the maturity of your ACE.
    2. Complete the assessment tool with all members of your ACE team to determine your current Maturity score.
    3. Document the results in the ACE Communications Deck.

    Document results in the ACE Communications Deck.

    INFO-TECH DELIVERABLE

    The image is a screen capture of the CoE Maturity Diagnostic Tool

    Download the CoE Maturity Diagnostic Tool.

    Get your Agile leadership together and position the ACE

    Stakeholder Role Why they are essential players
    CIO/ Head of IT Program sponsor: Champion and set the tone for the Agile program. Critical in gaining and maintaining buy-in and momentum for the spread of Agile service offerings. The head of IT has insight and influence to drive buy-in from executive stakeholders and ensure the long-term viability of the ACE.
    Applications Director Program executor: Responsible for the formation of the CoE and will ensure the viability of the initial CoE objectives, use cases, and service offerings. Having a coordinator who is responsible for collating performance data, tracking results, and building data-driven action plans is essential to ensuring continuous success.
    Agile Subject-Matter Experts Program contributor: Provide information on the viability of Agile practices and help build capabilities on existing best practices. Agile’s success relies on adoption. Leverage the insights of people who have implemented and evangelized Agile within your organization to build on top of a working foundation.
    Functional Group Experts Program contributor: Provide information on the functional group’s typical processes and how Agile can achieve expected benefits. Agile’s primary function is to drive value to the business – it needs to align with the expected capabilities of existing functional groups in order to enhance them for the better.

    Align your ACE with your organization’s strategy

    This research set will assist you with aligning your ACEs services to the objectives of the business in order to justify the resources and funding required by your Agile program.

    Business Objectives → Alignment ←ACE Functions

    Business justification to continue to fund a Center of Excellence can be a challenge, especially with traditional thinking and rigid stakeholders. Hit the ground running and show value to your key influencers through business alignment and metrics that will ensure that the ACE is worth continuous investment.

    Alignment leads to competitive advantage

    The pace of change in customer expectations, competitive landscapes, and business strategy is continuously increasing. It is critical to develop a method to facilitate ongoing alignment to shifting business and development expectations seamlessly and ensure that your Agile teams are able to deliver expected business value.

    Activity: Identify and prioritize organizational business objectives

    1.1.2 2 Hours

    Input

    • Organizational business objectives

    Output

    • Prioritized business objectives

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. List the primary high-level business objectives that your organization aims to achieve over the course of the following year (focusing on those that ACE can impact/support).
    2. Prioritize these business objectives while considering the following:
    • Criticality of completion: How critical is the initiative in enabling the business to achieve its goals?
    • Transformational impact: To what degree is the foundational structure of the business affected by the initiative (rationale: Agile can support impact on transformational issues)?
  • Document the hypothesized role of Agile in supporting these business objectives. Take the top three prioritized objectives forward for the establishment of your ACE. While in future years or iterations you can inject more offerings, it is important to target your service offerings to specific critical business objectives to gain buy-in for long-term viability of the CoE.

    • Sample Business Objectives:

    • Increase customer satisfaction.
    • Reduce time-to-market of product releases.
    • Foster a strong organizational culture.
    • Innovate new feature sets to differentiate product. Increase utilization rates of services.
    • Reduce product delivery costs.
    • Effectively integrate teams from a merger.
    • Offer more training programs for personal development.
    • Undergo a digital transformation.

    Understand potential hurdles when attempting to align with business objectives

    While there is tremendous pressure to align IT functions and the business due to the accelerating pace of change and technology innovation, you need to be aware that there are limitations in achieving this goal. Keep these challenges at the top of mind as you bring together your stakeholders to position the service offerings of your ACE. It is beneficial to make your stakeholders self-aware of these biases as well, so they come to the table with an open mind and are willing to find common ground.

    The search for total alignment

    There are a plethora of moving pieces within an organization and total alignment is not a plausible outcome.

    The aim of a group should not be to achieve total alignment, but rather reframe and consider ways to ensure that stakeholders are content with the ways they interact and that misalignment does not occur due to transparency or communication issues.

    “The business” implies unity

    While it may seem like the business is one unified body, the reality is that the business can include individuals or groups (CEO, CFO, IT, etc.) with conflicting priorities. While there are shared business goals, these entities may all have competing visions of how to achieve them. Alignment means compromise and agreement more than it means accommodating all competing views.

    Cost vs. reputation

    There is a political component to alignment, and sometimes individual aspirations can impede collective gain.

    While the business side may be concerned with cost, those on the IT side of things can be concerned with taking on career-defining projects to bolster their own credentials. This conflict can lead to serious breakdowns in alignment.

    Panera Bread used Agile to adapt to changing business needs

    CASE STUDY

    Industry Food Services

    Source Scott Ambler and Associates, Case Study

    Challenge

    Being in an industry with high competition, Panera Bread needed to improve its ability to quickly deliver desired features to end customers and adapt to changing business demands from high internal growth.

    Solution

    Panera Bread engaged in an Agile transformation through a mixture of Agile coaching and workshops, absorbing best practices from these engagements to drive Agile delivery frameworks across the enterprise.

    Results

    Adopting Agile delivery practices resulted in increased frequency of solution delivery, improving the relationship between IT and the business. Business satisfaction increased both with the development process and the outcomes from delivery.

    The transparency that was needed to achieve alignment to rapidly changing business needs resulted in improved communication and broad-scale reduced risk for the organization.

    "Agile delivery changed perception entirely by building a level of transparency and accountability into not just our software development projects, but also in our everyday working relationships with our business stakeholders. The credibility gains this has provided our IT team has been immeasurable and immediate."

    – Mike Nettles, VP IT Process and Architecture, Panera Bread

    Use Info-Tech’s CoE Operating Model to define the service offerings of your ACE

    Understand where your inputs and outputs lie to create an accessible set of service offerings for your Agile teams.

    Functional Input

    • Application Development
    • Project Management
    • CIO
    • Enterprise Architecture
    • Data Management
    • Security
    • Infrastructure & Operations
    • Who else?

    The image shows a graphic of the COE Operating Model, showing the inputs and outputs, including Other CoEs (at top); Stakeholder Needs (at left); Metrics and Feedback (at bottom); and ACE Functions and Services (at right)

    Input arrows represent functional group needs, feedback from Agile teams, and collaboration with other CoEs and CoPs

    Output arrows represent the services the CoE delivers and the benefits realized across the organization.

    ACE Operating Model: Governance & Metrics

    Governance & Metrics involves enabling success through the management of the ACEs resources and services, and ensuring that organizational structures evolve in concert with Agile growth and maturity. Your focus should be on governing, measuring, implementing, and empowering improvements.

    Effective governance will function to ensure the long-term effectiveness and viability of your ACE. Changes and improvements will happen continuously and you need a way to decide which to adopt as best practices.

    "Organizations have lengthy policies and procedures (e.g. code deployment, systems design, how requirements are gathered in a traditional setting) that need to be addressed when starting to implement an Agile Center of Excellence. Legacy ideas that end up having legacy policy are the ones that are going to create bottlenecks, waste resources, and disrupt your progress." – Doug Birgfeld, Senior Partner, Agile Wave

    Governance & Metrics

    • Manage organizational Agile standards, policies, and procedures.
    • Define organizational boundaries based on regulatory, compliance, and cultural requirements.
    • Ensure ongoing alignment of service offerings with business objectives.
    • Adapt organizational change management policies to reflect Agile practices.
    • CoE governance functions include:
      • Policy Management
      • Change Management
      • Risk Management
      • Stakeholder Management
      • Metrics/Feedback Monitoring

    ACE Operating Model: Services

    Services refers to the ability to deliver resourcing, guidance, and assistance across all Agile teams. By creating a set of shared services, you enable broad access to specialized resources, knowledge, and insights that will effectively scale to more teams and departments as Agile matures in your organization.

    A Services model:

    • Supports the organization by standardizing and centralizing service offerings, ensuring consistency of service delivery and accessibility across functional groups.
    • Provides a mechanism for efficient knowledge transfer and on-demand support.
    • Helps to drive productivity and project efficiencies through the organization by disseminating best practices.

    Services

    • Provide reference, support, and re-assurance to implement and adapt organizational best practices.
    • Interface relevant parties and facilitate knowledge transfer through shared learning and communities of practice.
    • Enable agreed-upon service levels through standardized support structures.
    • Shared services functions include:
      • Engagement Planning
      • Knowledge Management
      • Subject-Matter Expertise
      • Agile Team Evaluation

    ACE Operating Model: Technology

    Technology refers to a broad range of supporting tools to enable employees to complete their day-to-day tasks and effectively report on their outcomes. The key to technological support is to strike the right balance between flexibility and control based on your organization's internal and external constraints (policy, equipment, people, regulatory, etc.).

    "We sometimes forget the obvious truth that technology provides no value of its own; it is the application of technology to business opportunities that produces return on investment." – Robert McDowell, Author, In Search of Business Value

    Technology

    • Provide common software tools to enable alignment to organizational best practices.
    • Enable access to locally desired tools while considering organizational, technical, and scaling constraints.
    • Enable communication with a technical subject matter expert (SME).
    • Enable reporting consistency through training and maintenance of reporting mechanisms.
    • Technology functions can include:
      • Vendor Management
      • Application Support
      • Tooling Standards
      • Tooling Use Cases

    ACE Operating Model: Staff

    Staff is all about empowerment. The ACE should support and facilitate the sharing of ideas and knowledge sharing. Create processes and spaces where people are encouraged to come together, learn from, and share with each other. This setting will bring up new ideas to enhance productivity and efficiency in day-to-day activities while maintaining alignment with business objectives.

    "An Agile CoE is legitimized by its ability to create a space where people can come together, share, and learn from one another. By empowering teams to grow by themselves and then re-connect with each other you allow the creativity of your employees to flow back into the CoE." – Anonymous, Founder, Agile consultancy group

    Staff

    • Develop and provide training and day-to-day coaching that are aligned with organizational engagement and growth plans.
    • Include workflow change management to assist traditional roles with accommodating Agile practices.
    • Support the facilitation of knowledge transfer from localized Agile teams into other areas of the organization.
    • Achieve team buy-in and engagement with ACE services and capabilities. Provide a forum for collaboration and innovation.
    • People functions can include:
      • Onboarding
      • Coaching
      • Learning Facilitation

    Form use cases to align your ACE with business objectives

    What is a use case?

    A use case tells a story about how a system will be used to achieve a goal from the perspective of a user of that system. The people or other systems that interact with the use case are called “actors.” Use cases describe what a system must be able to do, not how it will do it.

    How does a use case play a role in building your ACE?

    Use cases are used to guide design by allowing you to highlight the intended function of a service provided by the Center of Excellence while maintaining a business focus. Jumping too quickly to a solution without fully understanding user and business needs leads to the loss of stakeholder buy-in and the Centers of Excellence rejection by teams.

    Hypothesized ACE user needs →Use Case←Business objective

    Activity: Form use cases for the points of alignment between your ACE and business objectives

    1.1.3 2 Hours

    Input

    • Prioritized business objectives
    • ACE functions

    Output

    • ACE use cases

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Using your prioritized business objectives and the six functions of a CoE, create high-level use cases for each point of alignment that describe how the Center of Excellence will better facilitate the realization of that business objective.
    2. For each use case, define the following:
      • Name: Generalized title for the use case.
      • Description: A high-level description of the expected CoE action.
    AGILE CENTER OF EXCELLENCE FUNCTIONS:
    Guiding Learning Tooling Supporting Governing Monitoring
    BUSINESS OBJECTIVES Reduce time-to-market of product releases
    Reduce product delivery costs
    Effectively integrate teams from a merger

    Activity: Form use cases for the points of alignment between your ACE and business objectives (continued)

    1.1.3 2 Hours

    The image shows the Reduce time-to-market of product releases row from the table in the previous section, filled in with sample information.

    Your goal should be to keep these as high level and generally applicable as possible as they provide an initial framework to further develop your service offerings. Begin to talk about the ways in which the ACE can support the realization of your business objectives and what those interactions may look like to customers of the ACE.

    Involve all relevant stakeholders to discuss the organizational goals and objectives of your ACE

    Avoid the rifts in stakeholder representation by ensuring you involve the relevant parties. Without representation and buy-in from all interested parties, your ACE may omit and fail to meet long-term organizational goals.

    By ensuring every group receives representation, your service offerings will speak for the broad organization and in turn meet the needs of the organization as a whole.

    • Business Units: Any functional groups that will be expected to engage with the ACE in order to achieve their business objectives.
    • Team Leads: Representation from the internal Agile community who is aware of the backgrounds, capabilities, and environments of their respective Agile teams.
    • Executive Sponsors: Those expected to evangelize and set the tone and direction for the ACE within the executive ranks of the organization. These roles are critical in gaining buy-in and maintaining momentum for ACE initiatives.

    Organization

    • ACE
      • Executive Sponsors
      • Team Leads
      • Business Units

    Activity: Prioritize your ACE stakeholders

    1.1.4 1 Hour

    Input

    • Prioritized business objectives

    Output

    • Prioritized list of stakeholders

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Using your prioritized business objectives, brainstorm, as a group, the potential list of stakeholders (representatives from business units, team leads, and executive sponsors) that would need to be involved in setting the tone and direction of your ACE.
    2. Evaluate each stakeholder in terms of power, involvement, impact, and support.
    • Power: How much influence does the stakeholder have? Enough to drive the CoE forward or into the ground?
    • Involvement: How interested is the stakeholder? How involved is the stakeholder in the project already?
    • Impact: To what degree will the stakeholder be impacted? Will this significantly change how they do their job?
    • Support: Is the stakeholder a supporter of the project? Neutral? A resister?
  • Map each stakeholder to an area on the power map on the next slide based on his or her level of power and involvement.
  • Vary the size of the circle to distinguish stakeholders that are highly impacted by the ACE from those who are not. Color each circle to show each stakeholder’s estimated or gauged level of support for the project.

    • Prioritize your ACE stakeholders (continued)

    1.1.4 1 Hour

    The image shows a matrix on the left, and a legend on the right. The matrix is labelled with Involvement at the bottom, and Power on the left side, and has the upper left quadrant labelled Keep Satisfied, the upper right quadrant labelled Key players, the lower right quadrant labelled Keep informed, and the lower left quadrant labelled Minimal effort.

    Should your ACE be Centralized or Decentralized?

    An ACE can be organized differently depending on your organization’s specific needs and culture.

    The SAFe Model:©

    “For smaller enterprises, a single centralized [ACE] can balance speed with economies of scale. However, in larger enterprises—typically those with more than 500 – 1,000 practitioners—it’s useful to consider employing either a decentralized model or a hub-and-spoke model.”

    The image shows 3 models: centralized, represented by a single large circle; decentralized, represented by 5 smaller circles; and hub-and-spoke, represented by a central circle, connected to 5 surrounding circles.

    © Scaled Agile, Inc.

    The Spotify Model:

    Spotify avoids using an ACE and instead spreads agile practices using Squads, Tribes, Chapters, Guilds, etc.

    It can be a challenging model to adopt because it is constantly changing, and must be fundamentally supported by your organization’s culture. (Linders, Ben. “Don't Copy the Spotify Model.” InfoQ.com. 6 Oct. 2016.)

    Detailed analysis of The Spotify Model is out of scope for this Blueprint.

    The image shows the Spotify model, with two sections, each labelled Tribe, and members from within each Tribe gathered together in a section labelled Guild.

    Activity: Select a Centralized or Decentralized ACE Model

    1.1.5 30 minutes

    Input

    • Prioritized business objectives
    • Use Cases
    • Organization qualities

    Output

    • Centralized or decentralized ACE model

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Using your prioritized business objectives, your ACE use cases, your organization size, structure, and culture, brainstorm the relative pros and cons of a centralized vs decentralized ACE model.
    2. Consider this: to improve understanding and acceptance, ask participants who prefer a centralized model to brainstorm the pros and cons of a decentralized model, and vice-versa.
    3. Collectively decide whether your ACE should be centralized, decentralized or hub-and-spoke and document it.
    Centralized ACE Decentralized ACE
    Pros Cons Pros Cons
    Centralize Vs De-centralize Considerations Prioritized Business Objectives
    • Neutral (objectives don’t favor either model)
    • Neutral (objectives don’t favor either model)
    ACE Use Cases
    • Neutral (use cases don’t favor either model)
    • Neutral (use cases don’t favor either model)
    Organization Size
    • Org. is small enough for centralized ACE
    • Overkill for a small org. like ours
    Organization Structure
    • All development done in one location
    • Not all locations do development
    Organization Culture
    • All development done in one location
    • Decentralized ACE may have yield more buy-in

    SELECTED MODEL: Centralized ACE

    Activity: Staff your ACE strategically

    1.1.6 1 Hour

    Input

    • List of potential ACE staff

    Output

    • Rated list of ACE staff

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Identify your list of potential ACE staff (this may be a combination of full time and contract staff).
    2. Add/modify/delete the rating criteria to meet your specific needs.
    3. Discuss and adjust the relative weightings of the rating criteria to best suit your organization’s needs.
    4. Rate each potential staff member and compare results to determine the best suited staff for your ACE.
    Candidate: Jane Doe
    Rating Criteria Criteria Weighting Candidate's Score (1-5)
    Candidate has strong theoretical knowledge of Agile. 8% 4
    Candidate has strong hands on experience with Agile. 18% 5
    Candidate has strong hands on experience with Agile. 10% 4
    Candidate is highly respected by the Agile teams. 18% 5
    Candidate is seen as a thought leader in the organization. 18% 5
    Candidate is seen as a change agent in the organization. 18% 5
    Candidate has strong desire to be member of ACE staff. 10% 3
    Total Weighted Score 4.6

    Phase 1, Step 2: Define the service offerings of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    1.2.1 Form the Center of Excellence.

    1.2.2 Gather and document your existing Agile practices for the CoE.

    1.2.3 Interview stakeholders to align ACE requirements with functional expectations.

    1.2.4 Form a solution matrix to organize your pain points and opportunities.

    1.2.5 Refine your use cases to identify your ACE functions and services.

    1.2.6 Visualize your ACE functions and service offerings with a capability map.

    Outcomes:

    • Collect data regarding the functional expectations of the Agile teams.
    • Refine your business-aligned use cases with your collected data to achieve both business and functional alignment.
    • Create a capability map that visualizes and prioritizes your key service offerings.

    Structure your ACE with representation from all of your key stakeholders

    Now that you have a prioritized list of stakeholders, use their influence to position the ACE to ensure maximum representation with minimal bottlenecks.

    By operating within a group of your key players, you can legitimize your Center of Excellence by propagating the needs and interests of those who interface and evangelize the CoE within the larger organization.

    The group of key stakeholders will extend the business alignment you achieved earlier by refining your service offerings to meet the needs of the ACEs customers. Multiple representations at the table will generate a wide arrangement of valuable insights and perspectives.

    Info-Tech Insight

    While holistic representation is necessary, ensure that the list is not too comprehensive and will not lead to progress roadblocks. The goal is to ensure that all factors relevant to the organization are represented; too many conflicting opinions may create an obstruction moving forward.

    ACE

    • Executive Sponsors
    • Team Leads
    • Business Units

    Determine how you will fund your ACE

    Choose the ACE funding model which is most aligned to your current system based on the scenarios provided below. Both models will offer the necessary support to ensure the success of your Agile program going forward.

    Funding Model Funding Scenario I Funding Scenario II
    Funded by the CIO Funded by the CIO office and a stated item within the general IT budget. Charged back to supported functional groups with all costs allocated to each functional group’s budget.
    Funded by the PMO Charged back to supported functional groups with all costs allocated to each functional group’s budget. Charged back to supported functional groups with all costs allocated to each functional group’s budget.

    Info-Tech Insight

    Your funding model may add additional key influencers into the mix. After you choose your funding model, ensure that you review your stakeholder map and add anyone who will have a direct impact in the viability and stability of your ACE.

    Determine how you will govern your ACE

    An Agile Center of Excellence is unique in the way you must govern the actions of its customers. Enable “flexible governance” to ensure that Agile teams have the ability to locally optimize and innovate while still operating within expected boundaries.

    ACE Governing Body

    ↑ Agile Team → ACE ← Agile Team ↑

    Who should take on the governance role?

    The governing body can be the existing executive or standing committees, or a newly formed committee involving your key ACE influencers and stakeholders.

    Flexible governance means that your ACE set boundaries based on your cultural, regulatory, and compliance requirements, and your governance group monitors your Agile teams’ adherence to these boundaries.

    Governing Body Responsibilities

    • Review and approve ACE strategy annually and ensure that it is aligned with current business strategy.
    • Provide detailed quality information for board members.
    • Ensure that the ACE is adequately resourced and that the organization has the capacity to deliver the service offerings.
    • Assure that the ACE is delivering benefits and achieving targets.
    • Assure that the record keeping and reporting systems are capable of providing the information needed to properly assess the quality of service.

    Modify your resourcing strategy based on organizational need

    Your Agile Center of Excellence can be organized either in a dedicated or a virtual configuration, depending on your company’s organizational structure and complexity.

    There is no right answer to how your Center of Excellence should be resourced. Consider your existing organizational structure and culture, the quality of relationships between functional groups, and the typical budgetary factors that would weigh on choosing between a virtual and dedicated CoE structure.

    COE Advantages Disadvantages
    Virtual
    • No change in organization structure required, just additional task delegation to your Agile manager or program manager.
    • Less effort and cost to implement.
    • Investment in quality is proportional to return.
    • Resources are shared between practice areas, and initiatives will take longer to implement.
    • Development and enhancement of best practices can become difficult without a centralized knowledge repository.
    Dedicated
    • Demonstrates a commitment to the ACEs long-term existence.
    • Allows for dedicated maintenance of best practices.
    • Clear lines of accountability for Agile processes.
    • Ability to develop highly skilled employees as their responsibilities are not shared.
    • Requires dedicated resources that can in turn be more costly.
    • Requires strong relationships with the functional groups that interface with the ACE.

    Staffing the ACE: Understand virtual versus dedicated ACE organizational models

    Virtual CoE

    The image shows an organizational chart titled Virtual CoE, with Head of IT at the top, then PMO and CoE Lead/Apps Director at the next level. The chart shows that there is crossover between the CoE Lead's reports, and the PMO's, indicated through dotted lines that connect them.

    • Responsibilities for CoE are split and distributed throughout departments on a part-time basis.
    • CoE members from the PMO report to apps director who also functions as the CoE lead on a part-time basis.

    The image shows a organizational chart titled Dedicated CoE, with all CoE members under the CoE.

    • Requires re-organization and dedicated full-time staff to run the CoE with clear lines of responsibility and accountability.
    • Hiring or developing highly skilled employees who have a sole function to facilitate and monitor quality best practices within the IT department may be necessary.

    Activity: Form the Center of Excellence

    1.2.1 1 Hour

    Input

    • N/A

    Output

    • ACE governance and resourcing plan

    Materials

    • Whiteboard

    Participants

    • Agile leadership group
    1. As a group, discuss if there is an existing body that would be able to govern the Center of Excellence. This body will monitor progress on an ongoing basis and assess any change requests that would impact the CoEs operation or goals.
    • List current governing bodies that are closely aligned with your current Agile environment and determine if the group could take on additional responsibilities.
    • Alternatively, identify individuals who could form a new ACE governing body.
  • Using the results of Exercise 1.1.6 in Step 1, select the individuals who will participate in the Center of Excellence. As a rough rule of thumb for sizing, an ACE staffed with 3-5 people can support 8-12 Agile Teams.

    • Document results in the ACE Communications Deck.

    Leverage your existing Agile practices and SMEs when establishing the ACE

    The synergy between Agile and CoE relies on its ability to build on existing best practices. Agile cannot grow without a solid foundation. ACE gives you the way to disseminate these practices and facilitate knowledge transfer from a centralized sharing environment. As part of defining your service offerings, engage with stakeholders across the organization to evaluate what is already documented so that it can be accommodated in the ACE.

    Documentation

    • Are there any existing templates that can be leveraged (e.g. resource planning, sprint planning)?
    • Are there any existing process documents that can be leveraged (e.g. SIPOC, program frameworks)?
    • Are there any existing standards documents the CoE can incorporate (e.g. policies, procedures, guidelines)?

    SMEs

    • Interview existing subject-matter experts that can give you an idea of your current pains and opportunities.
    • You already have feedback from those in your workshop group, so think about the rest of the organization:
      • Agile practitioners
      • Business stakeholders
      • Operations
      • Any other parties not represented in the workshop group

    Metrics

    • What are the current metrics being used to measure the success of Agile teams?
    • What metrics are currently being used to measure the completion of business objectives?
    • What tools or mediums are currently used for recording and communicating metrics?

    Info-Tech Insight

    When considering existing practices, it is important to evaluate the level of adherence to these practices. If they have been efficiently utilized, injecting them into ACE becomes an obvious decision. If they have been underutilized, however, it is important to understand why this occurred and discuss how you can drive higher adherence.

    Examples of existing documents to leverage

    People

    • Agile onboarding planning documents
    • Agile training documents
    • Organizational Agile manifesto
    • Team performance metrics dashboard
    • Stakeholder engagement and communication plan
    • Development team engagement plan
    • Organizational design and structure
    • Roles and responsibilities chart (i.e. RACI)
    • Compensation plan Resourcing plan

    Process

    • Tailored Scrum process
    • Requirements gathering process
    • Quality stage-gate checklist (including definitions of ready and done)
    • Business requirements document
    • Use case document
    • Business process diagrams
    • Entity relationship diagrams
    • Data flow diagrams
    • Solution or system architecture
    • Application documentation for deployment
    • Organizational and user change management plan
    • Disaster recovery and rollback process
    • Test case templates

    Technology

    • Code review policies and procedures
    • Systems design policies
    • Build, test, deploy, and rollback scripts
    • Coding guidelines
    • Data governance and management policies
    • Data definition and glossary
    • Request for proposals (RFPs)
    • Development tool standards and licensing agreements
    • Permission to development, testing, staging, and production environments
    • Application, system, and data integration policies

    Build upon the lessons learned from your Agile pilots

    The success of your Center of Excellence relies on the ability to build sound best practices within your organization’s context. Use your previous lessons learned and growing pains as shared knowledge of past Agile implementations within the ACE.

    Implement Agile Practices That Work

    Draw on the experiences of your initial pilot where you learned how to adapt the Agile manifesto and practices to your specific context. These lessons will help onboard new teams to Agile since they will likely experience some of the same challenges.

    Download

    Documents for review include:

    • Tailored Scrum Process
    • Agile Pilot Metrics
    • Info-Tech’s Agile Pilot Playbook

    Enable Organization-Wide Collaboration by Scaling Agile

    Draw on previous scaling Agile experiences to help understand how to interface, facilitate, and orchestrate cross-functional teams and stakeholders for large and complex projects. These lessons will help your ACE teams develop collaboration and problem-solving techniques involving roles with different priorities and lines of thinking.

    Download

    Documents for review include:

    • Agile Program Framework
    • Agile Pilot Program Metrics
    • Scaled Agile Development Process
    • Info-Tech’s Scaling Agile Playbook

    Activity: Gather and document your existing Agile practices for the CoE

    1.2.2 Variable time commitment based on current documentation state

    Input

    • Existing practices

    Output

    • Practices categorized within operating model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Compile a list of existing practices that will be shared by the Center of Excellence. Consider any documents, templates, or tools that are used regularly by Agile teams.
    2. Evaluate the level of adherence to use of the practices (whether the practice is complied with regularly or not) with a high, medium, or low. Low compliance will need a root-cause analysis to understand why and how to remedy the situation.
    3. Determine the best fit for each practice under the ACE operational model.
    Name Type Adherence Level CoE Best Fit Source
    1 Tailored Scrum process Process High Shared Services Internal Wiki
    2
    3

    Activity: Interview stakeholders to understand the ACE functional expectations

    1.2.3 30-60 Minutes per interview

    Interview Stakeholders (from both Agile teams and functional areas) on their needs from the ACE. Ensure you capture both pain points and opportunities. Capture these as either Common Agile needs or Functional needs. Document using the tables below:

    Common Agile Needs
    Common Agile Needs
    • Each Agile Team interprets Agile differently
    • Need common approach to Agile with a proven track record within the organization
    • Making sure all Team members have a good understanding of Agile
    • Common set of tool(s) with a proven track record, along with a strong understanding of how to use the tool(s) efficiently and effectively
    • Help troubleshooting process related questions
    • Assistance with addressing the individual short comings of each Agile Team
    • Determining what sort of help each Agile Team needs most
    • Better understanding of the role played by Scrum Master and associated good practices
    • When and how do security/privacy/regulatory requirements get incorporated into Agile projects
    Functional Needs Ent Arch Needs
    • How do we ensure Ent Arch has insight and influence on Agile software design
    • Better understanding of Agile process
    • How to measure compliance with reference architectures

    PMO Needs

    • Better understanding of Agile process
    • Understanding role of PM in Agile
    • Project status reports that determine current level of project risk
    • How does project governance apply on Agile projects
    • What deliverables/artifacts are produced by Agile projects and when are they completed

    Operations Needs

    • Alignment on approaches for doing releases
    • Impact of Agile on change management and support desk processes
    • How and when will installation and operation instructions be available in Agile

    Activity: Form a solution matrix to organize your pain points and opportunities

    1.2.4 Half day

    Input

    • Identified requirements

    Output

    • Classified pains and opportunities

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Review the listed pain points from the data gathering process. Sort the pain points on sticky notes into technology, governance, people, and shared services.
    2. Consider opportunities under each defining element based on the identified business requirements.
    3. Document your findings.
    4. Discuss the results with the project team and prioritize the opportunities.
      • Where do the most pains occur?
      • What opportunities exist to alleviate pains?
    Governance Shared Services Technology People
    Pain Points
    Opportunities

    Document results in the ACE Communications Deck.

    Activity: Refine your use cases to identify your ACE functions and services

    1.2.5 1 Hour

    Input

    • Use cases from activity 1.1.2

    Output

    • Refined use cases based on data collection

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Refine your initial use cases for the points of alignment between your ACE and business objectives using your classified pain points and opportunities.
    2. Add use cases to address newly realized pain points.
    3. Determine the functions and services the CoE can offer to address the identified requirements.
    4. Evaluate the outputs in the form of realized benefits and extracted inefficiencies.

    Possible ACE use cases:

    • Policy Management
    • Change Management
    • Risk Management
    • Stakeholder Management
    • Engagement Planning
    • Knowledge Management
    • Subject-Matter Expertise
    • Agile Team Evaluation
    • Operations Support
    • Onboarding
    • Coaching
    • Learning Facilitation
    • Communications Training
    • Vendor Management
    • Application Support
    • Tooling Standards

    Document results in the ACE Communications Deck.

    Activity: Visualize your ACE functions and service offerings with a capability map

    1.2.6 1 Hour

    Input

    • Use cases from activity 1.2.4

    Output

    • ACE capability map

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Review the refined and categorized list of service offerings.
    2. Determine how these new capabilities will add, remove, or enhance your existing service and capabilities.
    3. Categorize the capabilities into the following groups:
    • Governance and Metrics
    • Services
    • Staff
    • Technology
  • Label the estimated impact of the service offering based on your business priorities for the year. This will guide your strategy for implementing your Agile Center of Excellence moving forward.

    • Document results in the ACE Communications Deck.

    Activity: Visualize your ACE functions and service offerings with a capability map (continued)

    Governance

    Policy Management (Medium Potential)

    Change Management (High Potential)

    Risk Management (High Potential)

    Stakeholder Management (High Potential)

    Metrics/Feedback Monitoring (High Potential)

    Shared Services

    Engagement Planning (High Potential)

    Knowledge Management (High Potential)

    Subject-Matter Expertise (High Potential)

    Agile Team Evaluation (High Potential)

    Operations Support (High Potential)

    People

    Onboarding (Medium Potential)

    Coaching (High Potential)

    Learning Facilitation (High Potential)

    Internal Certification Program (Low Potential)

    Communications Training (Medium Potential)

    Technology

    Vendor Management (Medium Potential)

    Application Support (Low Potential)

    Tooling Standards (High Potential)

    Checkpoint: Are you ready to standardize your CoEs service offerings?

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Self-Auditing Guidelines

    • Have you identified and prioritized the key business objectives for the upcoming year that the ACE will align with?
    • Do you have a high-level set of use cases for points of alignment between your ACE and business objectives?
    • Have you mapped your stakeholders and identified the key players that will have an influence over the future success of your ACE?
    • Have you identified how your organization will fund, resource, and govern the ACE?
    • Have you collected data to understand the functional expectations of the users the ACE is intended to serve?
    • Have you refined your use cases to align with both business objectives and functional expectations?

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.2 Identify and prioritize organizational business objectives

    Our analyst team will help you organize and prioritize your business objectives for the year in order to ensure that the service offerings the ACE offers are delivering consistent business value.

    1.1.3 Form use cases for the points of alignment between your ACE and business objectives

    Our analyst team will help you turn your prioritized business objectives into a set of high-level use cases that will provide the foundation for defining user-aligned services.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.1.4 Prioritize your ACE stakeholders

    Our analysts will walk you through an exercise of mapping and prioritizing your Centers of Excellence stakeholders based on impact and power within so you can ensure appropriate presentation of interests within the organization.

    1.2.4 Form a solution matrix to organize your pain points and opportunities

    Our analyst team will help you solidify the direction of your Center of Excellence by overlaying your identified needs, pain points, and potential opportunities in a matrix guided by Info-Tech’s CoE operating model.

    1.2.5 Refine your use cases to identify your ACE functions and services

    Our analyst team will help you further refine your business-aligned use cases with the functional expectations from your Agile teams and stakeholders, ensuring the ACEs long-term utility.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.2.6 Visualize your ACE functions and service offerings with a capability map

    Our analysts will walk you through creating your Agile Centers of Excellence capability map and help you to prioritize which service offerings are critical to the success of your Agile teams in meeting their objectives.

    Phase 2

    Standardize the Centers of Excellence Service Offerings

    Spread Best Practices With an Agile Center of Excellence

    The ACE needs to ensure consistency in service delivery

    Now that you have aligned the CoE to the business and functional expectations, you need to ensure its service offerings are consistently accessible. To effectively ensure accessibility and delegation of shared services in an efficient way, the CoE needs to have a consistent framework to deliver its services.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Standardize the CoEs Service Offerings

    Proposed Time to Completion (in weeks): 2

    Step 2.1: Define an adoption plan for your Agile teams

    Start with an analyst kick off call:

    • Dissect the key attributes of Agile adoption.

    Then complete these activities…

    2.1.1 Further categorize your use cases within the Agile adoption model.

    Step 2.2: Create an ACE engagement plan

    Start with an analyst kick off call:

    • Form engagement plans for your Agile teams.

    Then complete these activities…

    2.2.1 Create an engagement plan for each level of adoption.

    Step 2.3: Define metrics to measure success

    Finalize phase deliverable:

    • Discuss effective ACE metrics.

    Then complete these activities…

    2.3.1 Collect existing team-level metrics.

    2.3.2 Define metrics that align with your Agile business objectives.

    2.3.3 Define target ACE performance metrics.

    2.3.4 Define Agile adoption metrics.

    2.3.5 Consolidate metrics for stakeholder impact.

    2.3.6 Use Info-Tech’s ACE Benefits Tracking Tool to monitor, evaluate, refine, and ensure continued business value.

    Phase 2 Results & Insights:

    • Standardizing your service offerings allows you to have direct influence on the dissemination of best practices.

    Phase 2, Step 1: Define an adoption plan for your Agile teams

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    2.1.1 Further categorize your use cases within the Agile adoption model.

    Outcomes:

    • Refine your previously determined use cases within the Agile adoption model to ensure that teams can be assisted at any level of Agile adoption.
    • Understand the key attributes of Agile adoption and how they impact success.

    Understand the implementation challenges that the ACE may face

    Culture clash between ACE and larger organization

    It is important to carefully consider the compatibility between the current organizational culture and Agile moving forward. Agile compels empowered teams, meritocracy, and broad collaboration for success; while typical organizational structures are siloed and hierarchical and decisions are delegated from the top down.

    This is not to say that the culture of the ACE has to match the larger organizational culture; part of the overarching aim of the ACE is to evolve the current organizational culture for the better. The point is to ensure you enable a smooth transition with sufficient management support and a team of Agile champions.

    The changing role of middle management

    Very similar to the culture clash challenge, cultural rigidity in how middle managers operate (performance review, human resource management, etc.) can cause cultural rejection. They need to become enablers for high performance and give their teams the sufficient tools, skills, and opportunities to succeed and excel.

    What impedes Agile adoption?

    Based on a global survey of Agile practitioners (N=1,319)*:

    52% Organizational culture at odds with agile values

    44% Inadequate management support and sponsorship

    48% General organization resistance to change

    *Respondents were able to make multiple selections

    (13th Annual State of Agile Report, VersionOne, 2019)

    Build competency and trust through a structured Agile adoption plan

    The reality of cultural incompatibility between Agile and traditional organization structures necessitates a structured adoption plan. Systematically build competency so teams can consistently achieve project success and solidify trust in your teams’ ability to meet business needs with Agile.

    By incrementally gaining the trust of management as you build up your Agile capabilities, you enable a smooth cultural transition to an environment where teams are empowered, adapt quickly to changing needs, and are trusted to innovate and make successes out of their failures.

    Optimized value delivery occurs when there is a direct relationship between competency and trust. There will be unrealized value when competency or trust outweigh the other. That value loss increases as either dimension of adoption continues to grow faster than the other.

    The image shows a graph with Competency on the x-axis and Trust on the y-axis. There are 3 sections: Level 1, Level 2, and Level 3, in subsequently larger arches in the background of the graph. The graph shows two diagonal arrows, the bottom one labelled Current Value Delivery and the top one labelled Optimized Value Delivery. The space between the two arrows is labelled Value Loss.

    Use Info-Tech’s Practice Adoption Optimization Model to systematically increase your teams’ ability to deliver

    Using Info-Tech’s Practice adoption optimization model will ensure you incrementally build competency and trust to optimize your value delivery.

    Agile adoption at its core, is about building social capital. Your level of trust with key influencers increases as you continuously enhance your capabilities, enabling the necessary cultural changes away from traditional organizational structures.

    Trust & Competency ↓

    DEFINE

    Begin to document your development workflow or value chain, implement a tracking system for KPIs, and start gathering metrics and reporting them transparently to the appropriate stakeholders.

    ITERATE

    Use collected metrics and retrospectives to stabilize team performance by reducing areas of variability in your workflow and increasing the consistency at which targets are met.

    COLLABORATE

    Use information to support changes and adopt appropriate practices to make incremental improvements to the existing environment.

    EMPOWER

    Drive behavioral and cultural changes that will empower teams to be accountable for their own success and learning.

    INNOVATE

    Use your built-up trust and support practice innovation, driving the definition and adoption of new practices.

    Review these key attributes of Agile adoption

    Agile adoption is unique to every organization. Consider these key attributes within your own organizational context when thinking about levels of Agile adoption.

    Adoption Attributes

    Team Organization

    Considers the degree to which teams are able to self-organize based on internal organizational structures (hierarchy vs. meritocracy) and inter-team capabilities.

    Team Coordination

    Considers the degree to which teams can coordinate, both within and across functions.

    Business Alignment

    Considers the degree to which teams can understand and/or map to business objectives.

    Coaching

    Considers what kind of coaching/training is offered and how accessible the training is.

    Empowerment

    Considers the degree to which teams are able and capable to address project, process, and technical challenges without significant burden from process controls and bureaucracy.

    Failure Tolerance

    Considers the degree to which stakeholders are risk tolerant and if teams are capable of turning failures into learning outcomes.

    Why are these important?

    These key attributes function as qualities or characteristics that, when improved, will successively increase the degree to which the business trusts your Agile teams’ ability to meet their objectives.

    Systematically improving these attributes as you graduate levels of the adoption model allows the business to acclimatize to the increased capability the Agile team is offering, and the risk of culture clash with the larger organization decreases.

    Start to consider at what level of adoption each of your service offerings become useful. This will allow you to standardize the way your Agile teams interact with the CoE.

    Activity: Further categorize your use cases within the Agile adoption model

    2.1.1 1.5 Hours

    Input

    • List of service offerings

    Output

    • Service offerings categorized within adoption model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team
    1. Gather the list of your categorized use cases.
    2. Based on Info-Tech’s Agile adoption model, categorize which use cases would be useful to help the Agile team graduate to the next level of adoption.
      • Conceptualize: Begin to document your workflow or value chain, implement a tracking system for KPIs, and gather metrics and report them transparently to the appropriate stakeholders.
      • Iterate: Use collected metrics to stabilize team performance by reducing areas of variability in your workflow and increasing the consistency at which targets are met.
      • Collaborate: Use information to drive changes and adopt appropriate Agile practices to make incremental improvements to the existing environment.
      • Empower: Drive behavioral and cultural changes that will empower teams to be accountable for their own successes given the appropriate resources.
      • Innovate: Use your built-up trust to begin to make calculated risks and innovate more, driving new best practices into the CoE.

    The same service offering could be offered at different levels of adoption. In these cases, you will need to re-visit the use case and differentiate how the service (if at all) will be delivered at different levels of adoption.

    1. Use this opportunity to brainstorm alternative or new use cases for any gaps identified. It is the CoEs goal to assist teams at every level of adoption to meet their business objectives. Use a different colored sticky note for these so you can re-visit and map out their inputs, outputs, metrics, etc.

    Activity: Further categorize your use cases within the Agile adoption model (continued)

    2.1.1 1.5 Hours

    Input

    • List of service offerings

    Output

    • Service offerings categorized within adoption model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team

    Example:

    Service Offerings
    Level 5: Innovate
    Level 4: Empower
    Level 3: Collaborate Coaching -- Communications Training
    Level 2: Iterate Tooling Standards
    Level 1: Conceptualize

    Learning Facilitation

    Draw on the service offerings identified in activity 1.2.4

    Phase 2, Step 2: Create an ACE engagement plan

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    2.2.1 Create an engagement plan for each level of adoption.

    Outcomes:

    • Understand the importance of aligning with the functional expectations of your ACE customers.
    • Understand the relationship between engagement and continuous improvement.
    • Create an engagement plan for each level of adoption to standardize the way customers interact with the ACE.

    Enable Agile teams to interface with ACE service offerings to meet their business objectives

    A Center of Excellence aligned with your service offerings is only valuable if your CoEs customers can effectively access those services. At this stage, you have invested in ensuring that your CoE aligns to your business objectives and that your service offerings align to its customers. Now you need to ensure that these services are accessible in the day-to-day operation of your Agile teams.

    Engagement Process → Service Offering

    Use backwards induction from your delivery method to the service offering. This is an effective method to determine the optimal engagement action for the CoE, as it considers the end customer as the driver for best action for every possible situation.

    Info-Tech Insight

    Your engagement process should be largely informed by your ACE users. Teams have constraints as well as in-the-trenches concerns and issues. If your service offerings don’t account for these, it can lead to rejection of the culture you are trying to inspire.

    Show the way, do not dictate

    Do not fix problems for your Agile teams, give them the tools and knowledge to fix the problems themselves.

    Facilitate learning to drive success

    A primary function of your ACE is to transfer knowledge to Agile teams to increase their capability to achieve desired outcomes.

    While this can take the form of coaching, training sessions, libraries, and wikis, a critical component of ACE is creating interactions where individuals from Agile teams can come together and share their knowledge.

    Ideas come from different experiences. By creating communities of practice (CoP) around topics that the ACE is tasked with supporting (e.g. Agile business analysts), you foster social learning and decrease the likelihood that change will result in some sort of cultural rejection.

    Consider whether creating CoPs would be beneficial in your organization’s context.

    "Communities of practice are a practical way to frame the task of managing knowledge. They provide a concrete organizational infrastructure for realizing the dream of a learning organization." – Etienne Wenger, Digital Habitats: Stewarding technology for communities

    A lack of top-down support will result in your ACE being underutilized

    Top-down support is critical to validate the CoE to its customers and ensure they feel compelled to engage with its services. Relevancy is a real concern for the long-term viability of a CoE and championing its use from a position of authority will legitimize its function and deter its fading from relevancy of day-to-day use for Agile teams.

    Although you are aligning your engagement processes to the customers of your Agile Center of Excellence, you still need your key influencers to champion its lasting organizational relevancy. Don’t let your employees think the ACE is just a coordinating body or a committee that is convenient but non-essential – make sure they know that it drives their own personal growth and makes everyone better as a collective.

    "Even if a CoE is positioned to meet a real organizational need, without some measure of top-down support, it faces an uphill battle to remain relevant and avoid becoming simply one more committee in the eyes of the wider organization. Support from the highest levels of the organization help fight the tendency of the larger organization to view the CoE as a committee with no teeth and tip the scales toward relevancy for the CoE." – Joe Shepley, VP and Practice Lead, Doculabs

    Info-Tech Insight

    Stimulate top-down support with internal certifications. This allows your employees to gain accreditation while at the same time encouraging top-down support and creating a compliance check for the continual delivery and acknowledgement of your evolving best practices.

    Ensure that best practices and lessons learned are injected back into the ACE

    For your employees to continuously improve, so must the Center of Excellence. Ensure the ACE has the appropriate mechanisms to absorb and disseminate best practices that emerge from knowledge transfer facilitation events.

    Facilitated Learning Session →Was the localized adaption well received by others in similar roles? →Document Localized Adaptation →Is there broad applicability and benefit to the proposed innovation? →CoE Absorbs as Best Practice

    Continuous improvement starts with the CoE

    While facilitating knowledge transfer is key, it is even more important that the Center of Excellence can take localized adaptations from Agile teams and standardize them as best practices when well received. If an individual were to leave without sharing their knowledge, the CoE and the larger organization will lose that knowledge and potential innovation opportunities.

    Experience matters

    To organically grow your ACE and be cost effective, you want your teams to continuously improve and to share that knowledge. As individual team members develop and climb the adoption model, they should participate as coaches and champions for less experienced groups so that their knowledge is reaching the widest audience possible.

    Case study: Agile learning at Spotify

    CASE STUDY

    Industry Digital Media

    Source Henrik Kniberg & Anders Ivarsson, 2012

    Methods of Agile learning at Spotify

    Spotify has continuously introduced innovative techniques to facilitate learning and ensure that that knowledge gets injected back into the organization. Some examples are the following:

    • Hack days: Self-organizing teams, referred to as squads, come together, try new ideas, and share them with their co-workers. This facilitates a way to stay up to date with new tools and techniques and land new product innovations.
    • Coaching: Every squad has access to an Agile coach to help inject best practices into their workflow – coaches run retrospectives, sprint planning meetings, facilitate one-on-one coaching, etc.
    • Tribes: Collections of squads that hold regular gatherings to show the rest of the tribe what they’ve been working on so others can learn from what they are doing.
    • Chapters: People with similar skills within a tribe come together to discuss their area of expertise and their specific challenges.
    • Guilds: A wide-reaching community of interest where members from different tribes can come together to share knowledge, tools, and codes, and practice (e.g. a tester guild, an Agile coaching guild).

    The image shows the Spotify model, with two sections, each labelled Tribe, and members from within each Tribe gathered together in a section labelled Guild.

    "As an example of guild work, we recently had a ‘Web Guild Unconference,’ an open space event where all web developers at Spotify gathered up in Stockholm to discuss challenges and solutions within their field."

    Activity: Create an engagement plan for each level of adoption

    2.2.1 30 Minutes per role

    Input

    • Categorized use cases

    Output

    • Role-based engagement plans

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team
    1. On the top bar, define the role you are developing the engagement plan for. This will give you the ability to standardize service delivery across all individuals in similar roles.
    2. Import your categorized service offerings for each level of adoption that you think are applicable to the given role.
    3. Using backwards induction, determine the engagement processes that will ensure that those service offerings are accessible and fit the day-to-day operations of the role.
    4. Fill in the template available on the next slide with each role’s engagement plan.

    Document results in the ACE Communications Deck.

    Example engagement plan: Developer

    2.2.1 30 Minutes per role

    Role: Developer
    Level 1 Level 2 Level 3 Level 4 Level 5
    Service Offering
    1. Onboarding
    2. Coaching
    3. Learning Facilitation
    1. Tooling Standards
    2. Learning Facilitation
    1. Communications Training
    2. Learning Facilitation
    1. Subject-Matter Expertise
    2. Coaching
    1. Knowledge Management
    Engagement Process
    1. Based on service request or need identified by dev. manager.
    2. Based on service request or need identified by dev. manager.
    3. Weekly mandatory community of practice meetings.
    1. When determined to have graduated to level 2, receive standard Agile tooling standards training.
    2. Weekly mandatory community of practice meetings.
    1. When determined to have graduated to level 3, receive standard Agile communications training.
    2. Weekly mandatory community of practice meetings
    1. Peer-based training on how to effectively self-organize.
    2. Based on service request or need identified by dev. manager.
    1. Review captured key learnings from last and have CoE review KPIs related to any area changed.

    Example engagement plan: Tester

    2.2.1 30 Minutes per role

    Role: Tester
    Level 1Level 2Level 3Level 4Level 5
    Service Offering
    1. Onboarding
    2. Coaching
    1. Product Training
    2. Communications Training
    1. Communications Training
    2. Learning Facilitation
    1. Subject-Matter Expertise
    2. Coaching
    1. Tooling Standards
    2. Training
    3. Coaching
    Engagement Process
    1. Based on service request or need identified by dev. manager.
    1. Weekly mandatory community of practice meetings.
    2. Provide training on effective methods for communicating with development teams based on organizational best practices.
    1. When determined to have graduated to level 3, receive standard training based on organizational testing best practices. Weekly mandatory community of practice meetings.
    1. Peer-to-peer training with level 5 certified coach.
    2. Based on service request or need identified by dev. manager. .
    1. Periodic updates of organizational tooling standards based on community of practice results.
    2. Automation training.
    3. Provide coaching to level 1 developers on a rotating basis to develop facilitation skills.

    Example engagement plan: Product Owner

    2.2.1 30 Minutes per role

    Role: Product Owner
    Level 1 Level 2 Level 3 Level 4 Level 5
    Service Offering
    1. Onboarding
    2. Coaching
    1. Coaching
    2. Learning Facilitation
    1. Coaching
    2. Communications Training
    3. Learning Facilitation
    1. Coaching
    2. Learning Facilitation
    1. Coaching
    2. Learning Facilitation
    Engagement Process
    1. Provide onboarding materials for Agile product owners.
    2. Provide bi-weekly reviews and subsequent guidance at the end of retrospective processes.
    1. Provide monthly reviews and subsequent guidance based on retrospective results.
    2. Bi-weekly mandatory community of practice meetings
    1. When determined to have graduated to level 3, receive standard training based on organizational testing best practices.
    2. Bi-weekly mandatory community of practice meetings.
    1. Provide monthly reviews and subsequent guidance based on retrospective results.
    2. Bi-weekly mandatory community of practice meetings
    1. Provide quarterly reviews and subsequent guidance based on retrospective results.
    2. Bi-weekly mandatory community of practice meetings

    Phase 2, Step 3: Define metrics to measure success

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    2.3.1 Define existing team-level metrics.

    2.3.2 Define metrics that align with your Agile business objectives.

    2.3.3 Define target ACE performance metrics.

    2.3.4 Define Agile adoption metrics.

    2.3.5 Consolidate your metrics for stakeholder impact.

    2.3.6 Use Info-Tech’s ACE Benefits Tracking Tool to monitor, evaluate, refine, and ensure continued business value.

    Outcomes:

    • Understand the importance of aligning with the functional expectations of your ACE customers.
    • Understand the relationship between engagement and continuous improvement.
    • Create an engagement plan for each level of adoption to standardize the way customers interact with the ACE.

    Craft metrics that will measure the success of your Agile teams

    Quantify measures that demonstrate the effectiveness of your ACE by establishing distinct metrics for each of your service offerings. This will ensure that you have full transparency over the outputs of your CoE and that your service offerings maintain relevance and are utilized.

    Questions to Ask

    1. What are leading indicators of improvements that directly affect the mandate of the CoE?
    2. How do you measure process efficiency and effectiveness?

    Creating meaningful metrics

    Specific

    Measureable

    Achievable

    Realistic

    Time-bound

    Follow the SMART framework when developing metrics for each service offering.

    Adhering to this methodology is a key component of the lean management methodology. This framework will help you avoid establishing general metrics that aren’t relevant.

    "It’s not about telling people what they are doing wrong. It’s about constantly steering everyone on the team in the direction of success, and never letting any individual compromise the progress of the team toward success." – Mary Poppendieck, qtd. in “Questioning Servant Leadership”

    For important advice on how to avoid the many risks associated with metrics, refer to Info-Tech’s Select and Use SDLC Metrics Effectively.

    Ensure your metrics are addressing criteria from different levels of stakeholders and enterprise context

    There will be a degree of overlap between the metrics from your business objectives, service offerings, and existing Agile teams. This is a positive thing. If a metric can speak to multiple benefits it is that much more powerful in commuting successes to your key stakeholders.

    Existing metrics

    Business objective metrics

    Service offering metrics

    Agile adoption metrics

    Finding points of overlap means that you have multiple stakeholders with a vested interest in the positive trend of a specific metric. These consolidated metrics will be fundamental for your CoE as they will help build consensus through communicating the success of the ACE in a common language for a diverse audience.

    Activity: Define existing team-level metrics

    2.3.1 1 Hour

    Input

    • Current metrics

    Output

    • Service offerings categorized within adoption model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team
    1. Gather any metrics related documentation that you collected during your requirements gathering in Phase 1.
    2. Collect team-level metrics for your existing Agile teams:
      • Examine outputs from any feedback mechanisms you have (satisfaction surveys, emails, existing SLAs, burndown charts, resourcing costs, licensing costs per sprint, etc.).
      • Look at historical trends and figures when available. Be careful of frequent anomalies as these may indicate a root cause that needs to be addressed.
      • Explore the definition of specific metrics across different functional teams to ensure consistency of measurement and reporting.
    Team Objective Expected Benefits Metrics
    Improve productivity
    • Improve transparency with business decisions
    • Team burndown and velocity
    • Number of releases per milestone
    Increase team morale and motivation
    • Teams are engaged and motivated to develop new opportunities to deliver more value quicker.
    • Team satisfaction with Agile environment
    • Degree of engagement in ceremonies
    Improve transparency with business decisions
    • Teams are engaged and motivated to develop new opportunities to deliver more value quicker.
    • Stakeholder satisfaction with completed product
    • Number of revisions to products in demonstrations

    Activity: Define metrics that align with your Agile business objectives

    2.3.2 1 Hour

    Input

    • Organizational business objectives from Phase 1

    Output

    • Metrics aligned to organizational business objectives

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE
    1. List the business objectives that you determined in 1.1.2.
    2. Create a shortlist of expected benefits from those business objectives. These will help to drive metrics that align with the intended purpose of completing those business objectives, and affirm they are aligned to realizable benefits.
    3. Define metrics that speak to the benefits of your business objectives. While engaging in this process, ensure to document the collection method for each metrics.
    Business Objectives Expected Benefits Metrics
    Decrease time-to-market of product releases
    • Faster feedback from customers.
    • Increased customer satisfaction.
    • Competitive advantage.
    Decrease time-to-market of product releases
    • Alignment to organizational best practices.
    • Improved team productivity.
    • Greater collaboration across functional teams.
    • Policy and practice adherence and acknowledgement
    • Number of requests for ACE services
    • Number of suggestions to improve Agile best practices and ACE operations

    Activity: Define target ACE performance metrics

    2.3.3 1 Hour

    Input

    • Service offerings
    • Satisfaction surveys
    • Usage rates

    Output

    • CoE performance metrics

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE
    1. Define metrics to measure the success of each of your service offerings.
    2. Create a shortlist of expected benefits from those business objectives. These will help to drive metrics that align with the intended purpose of those service offerings, and affirm they are aligned to realizable benefits.
    3. Define metrics that speak to the benefits of your service offerings.
    4. Compare these to your team performance metrics.
    Service Offering Expected Benefits Metrics
    Knowledge management
    • Comprehensive knowledgebase that accommodates various company products and office locations.
    • Easily accessible resources.
    • Number of practices extracted from ACE and utilized
    • Frequency of updates to knowledgebase
    Tooling standards
    • Tools adhere to company policies, security guidelines, and regulations.
    • Improved support of tools and technologies.
    • Tools integrate and function well with enterprise systems.
    • Number of teams and functional groups using standardized tools
    • Number of supported standardized tools
    • Number of new tools added to the standards list
    • Number of tools removed from standards list

    Activity: Define Agile adoption metrics

    2.3.4 1 Hour

    Input

    • Agile adoption model

    Output

    • Agile adoption metrics
    1. Define metrics to measure the success of each of your service offerings.
    2. Create a shortlist of expected benefits from those business objectives. These will help to drive metrics that align with the intended purpose of those service offerings, and affirm they are aligned to realizable benefits.
    3. Define metrics that speak to the benefits of your service offerings.
    4. It is possible that you will need to adjust these metrics after baselines are established when you begin to operate the ACE. Keep this in mind moving forward.
    Adoption attributes Expected Benefits Metrics
    Team organization
    • Acquisition of the appropriate roles and skills to successfully deliver products.
    • Degree of flexibility to adjust team compositions on a per project basis
    Team coordination
    • Ability to successfully undertake large and complex projects involving multiple functional groups.
    • Number of ceremonies involving teams across functional groups
    Business alignment
    • Increased delivery of business value from process optimizations.
    • Number of business-objective metrics surpassing targets
    Coaching
    • Teams are regularly trained with new and better best practices.
    • Number of coaching and training requests
    Empowerment
    • Teams can easily and quickly modify processes to improve productivity without following a formal, rigorous process.
    • Number of implemented changes from team retrospectives
    Failure tolerance
    • Stakeholders trust teams will adjust when failures occur during a project.
    • Degree of stakeholder trust to address project issues quickly and effectively

    Activity: Consolidate your metrics for stakeholder impact

    2.3.5 30 Minutes

    Input

    • New and existing Agile metrics

    Output

    • Consolidated Agile metrics

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE
    1. Take all the metrics defined from the previous activities and compare them as a group.
    2. If there are overlapping metrics that are measuring similar outcomes or providing similar benefits, see if there is a way to merge them together so that a single metric can report outcomes to multiple stakeholders. This reduces the amount of resources invested in metrics gathering and helps to show consensus or alignment between multiple stakeholder interests.
    3. Compare these to your existing Agile metrics, and explore ways to consolidate existing metrics that are established with some of your new metrics. Established metrics are trusted and if they can be continued it can be viewed as beneficial from a consensus and consistency perspective to your stakeholders.

    Activity: Use Info-Tech’s ACE Benefits Tracking Tool to monitor, evaluate, refine, and ensure continued business value

    2.3.6 1 Hour

    Purpose

    The CoE governance team can use this tool to take ownership of the project’s benefits, track progress, and act on any necessary changes to address gaps. In the long term, it can be used to identify whether the team is ahead, on track, or lagging in terms of benefits realization.

    Steps

    1. Enter your identified metrics from the following activities into the ACE Benefits Tracking Tool.
    2. Input your baselines from your data collection (Phase 3) and a goal value for each metric.
    3. Document the results at key intervals as defined by the tool.
    4. Use the summary report to identify metrics that are not tracking well for root cause analysis and communicate with key stakeholders the outcomes of your Agile Center of Excellence based on your communication schedule from Phase 3, Step 3.

    INFO-TECH DELIVERABLE

    Download the ACE Benefits Tracking Tool.

    Checkpoint: Are you ready to operate your ACE?

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Self Auditing Guidelines

    • Have you categorized your ACE service offerings within Info-Tech’s Agile adoption model?
    • Have you formalized engagement plans to standardize the access to your service offerings?
    • Do you understand the function of learning events and their criticality to the function of the ACE?
    • Do you understand the key attributes of Agile adoption and how social capital leads to optimized value delivery?
    • Have you defined metrics for different goals (adoption, effective service offerings, business objectives) of the ACE?
    • Do your defined metrics align to the SMART framework?

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1 Further categorize your use cases within the Agile adoption model

    Our analyst team will help you categorize the Centers of Excellence service offerings within Info-Tech’s Agile adoption model to help standardize the way your organization engages with the Center of Excellence.

    2.2.1 Create an engagement plan for each level of adoption

    Our analyst team will help you structure engagement plans for each role within your Agile environment to provide a standardized pathway to personal development and consistency in practice.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    2.3.2 Define metrics that align with your Agile business objectives

    Our analysts will walk you through defining a set of metrics that align with your Agile business objectives identified in Phase 1 of the blueprint so the CoEs monitoring function can ensure ongoing alignment during operation.

    2.3.3 Define target ACE performance metrics

    Our analysts will walk you through defining a set of metrics that monitors how successful the ACE has been at providing its services so that business and IT stakeholders can ensure the effectiveness of the ACE.

    2.3.4 Define Agile adoption metrics

    Our analyst team will help you through defining a set of metrics that aligns with your organization’s fit of the Agile adoption model in order to provide a mechanism to track the progress of Agile teams maturing in capability and organizational trust.

    Phase 3

    Operationalize Your Agile Center of Excellence

    Spread Best Practices With an Agile Center of Excellence

    Operate your ACE to drive optimized value from your Agile teams

    The final step is to engage in monitoring of your metrics program to identify areas for improvement. Using metrics as a driver for operating your ACE will allow you to identify and effectively manage needed change, as well as provide you with the data necessary to promote outcomes to your stakeholders to ensure the long-term viability of the ACE within your organization.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Operate the CoE

    Proposed Time to Completion (in weeks): Variable depending on communication plan

    Step 3.1: Optimize the success of your ACE

    Start with an analyst kick off call:

    • Conduct a baseline assessment of your Agile environment.

    Then complete these activities…

    3.1.1 Use Info-Tech’s ACE Satisfaction Survey to help establish your baseline.

    3.1.2 Use Info-Tech’s CoE Maturity Diagnostic Tool to measure the maturity level of your ACE.

    3.1.3 Prioritize ACE actions by monitoring your metrics.

    Step 3.2: Plan change to enhance your Agile initiatives

    Start with an analyst kick off call:

    • Interface with the ACE with your change management function.

    Then complete these activities…

    3.2.1 Assess the interaction and communication points of your Agile teams.

    3.2.2 Determine the root cause of each metric falling short of expectations.

    3.2.3 Brainstorm solutions to identified issues.

    3.2.4 Review your metrics program.

    3.2.5 Create a communication plan for change.

    Step 3.3: Conduct ongoing retrospectives of your ACE

    Finalize phase deliverable:

    • Build a communications deck for key stakeholders.

    Then complete these activities…

    3.3.1 Use the outputs from your metrics tracking tool to communicate progress.

    3.3.2 Summarize adjustments in areas where the ACE fell short.

    3.3.3 Review the effectiveness of your service offerings.

    3.3.4 Evaluate your ACE Maturity.

    3.3.5 Use Info-Tech’s ACE Communications Deck to deliver your outcomes to the key stakeholders.

    Phase 3 Results & Insights:

    Inject improvements into your Agile environment with operational excellence. Plan changes and communicate them effectively, monitor outcomes on a regular basis, and keep stakeholders in the loop to ensure that their interests are being looked after to ensure long-term viability of the CoE.

    Phase 3, Step 1: Optimize the success of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Tools:

    3.1.1 Use Info-Tech’s ACE Satisfaction Survey to help establish your baseline.

    3.1.2 Use Info-Tech’s CoE Maturity Diagnostic Tool to measure the maturity level of your ACE.

    3.1.3 Prioritize ACE actions by monitoring your metrics.

    Outcomes:

    • Conduct a baseline assessment of your ACE to measure against using a variety of data sources, including interviews, satisfaction surveys, and historical data.
    • Use the Benefits Tracking Tool to start monitoring the outcomes of the ACE and to keep track of trends.

    Ensure the CoE is able to collect the necessary data to measure success

    Establish your collection process to ensure that the CoE has the necessary resources to collect metrics and monitor progress, that there is alignment on what data sources are to be used when collecting data, and that you know which stakeholder is interested in the outcomes of that metric.

    Responsibility

    • Does the CoE have enough manpower to collect the metrics and monitor them?
    • If automated through technology, is it clear who is responsible for its function?

    Source of metric

    • Is the method of data collection standardized so that multiple people could collect the data in the same way?

    Impacted stakeholder

    • Do you know which stakeholder is interested in this metric?
    • How often should the interested stakeholder be informed of progress?

    Intended function

    • What is the expected benefit of increasing this metric?
    • What does the metric intend to communicate to the stakeholder?

    Conduct a baseline assessment of your ACE to measure success

    Establishing the baseline performance of the ACE allows you to have a reasonable understanding of the impact it is having on meeting business objectives. Use user satisfaction surveys, stakeholder interviews, and any current metrics to establish a concept of how you are performing now. Setting new metrics can be a difficult task so it is important to collect as much current data as possible. After the metrics have been established and monitored for a period of time, you can revisit the targets you have set to ensure they are realistic and usable.

    Without a baseline, you cannot effectively:

    • Establish reasonable target metrics that reflect the performance of your Center of Excellence.
    • Identify, diagnose, and resolve any data that deviates from expected outcomes.
    • Measure ongoing business satisfaction given the level of service.

    Info-Tech Insight

    Invest the needed time to baseline your activities. These data points are critical to diagnose successes and failures of the CoE moving forward, and you will need them to be able to refine your service offerings as business conditions or user expectations change. While it may seem like something you can breeze past, the investment is critical.

    Use a variety of sources to get the best picture of your current state; a combination of methods provides the richest insight

    Interviews

    What to do:

    • Conduct interviews (or focus groups) with key influencers and Agile team members.

    Benefits:

    • Data comes from key business decision makers.
    • Identify what is top of mind for your top-level stakeholders.
    • Ask follow-up questions for detail.

    Challenges:

    • This will only provide a very high-level view.
    • Interviewer biases may skew the results.

    Surveys

    What to do:

    • Distribute an Agile-specific stakeholder satisfaction survey. The survey should be specific to identify factors of your current environment.

    Benefits:

    • Every end user/business stakeholder will be able to provide feedback.
    • The survey will be simple to develop and distribute.

    Challenges:

    • Response rates can be low if stakeholders do not understand the value in their opinions.

    Historical Data

    What to do:

    • Collect and analyze existing Agile data such as past retrospectives, Agile team metrics, etc.

    Benefits:

    • Get a full overview of current service offerings, past issues, and current service delivery.
    • Allows you to get an objective view of what is really going on within your Agile teams.

    Challenges:

    • Requires a significant time investment and analytical skills to analyze the data and generate insights on business satisfaction and needs.

    Use Info-Tech’s ACE Satisfaction Survey to help establish your baseline

    3.1.1 Baseline satisfaction survey

    Purpose

    Conduct a user satisfaction survey prior to setting your baseline for your ACE. This will include high-level questions addressing your overall Agile environment and questions addressing teams’ current satisfaction with their processes and technology.

    Steps

    1. Modify the satisfaction survey template to suit your organization and the service offerings you have defined for the Agile Center of Excellence.
    2. Distribute the satisfaction survey to any users who are expected to interface with the ACE.
    3. Document the results and communicate them with the relevant key stakeholders.
    4. Combine these results with historical data points (if available) and stakeholder interviews to get a holistic picture of your current state.

    INFO-TECH DELIVERABLE

    Download the ACE Satisfaction Survey.

    Use Info-Tech’s CoE Maturity Diagnostic Tool to measure the maturity level of your ACE

    3.1.2 CoE maturity assessment

    Purpose

    Assessing your ACEs maturity lets you know where they currently are and what to track to get them to the next step. This will help ensure your ACE is following good practices and has the appropriate mechanisms in place to serve your stakeholders.

    Steps

    1. Download the CoE Maturity Diagnostic Tool to assess the maturity of your ACE.
    2. Complete the assessment tool with all members of your ACE team to determine your maturity score.
    3. Document the results and communicate them with the relevant key stakeholders.
    4. Combine these results with historical data points (if available) and stakeholder interviews to get a holistic picture of your ACE maturity level.

    Document results in the ACE Communications Deck.

    INFO-TECH DELIVERABLE

    Download the CoE Maturity Diagnostic Tool.

    Activity: Prioritize ACE actions by monitoring your metrics

    3.1.3 Variable time commitment

    Input

    • Metrics from ACE Benefits Tracking Tool

    Output

    • Prioritized actions for the ACE

    Materials

    • ACE Benefits Tracking Tool

    Participants

    • ACE team
    1. Review your ACE Benefits Tracking Tool periodically (at the end of sprint cycles, quarterly, etc.) and document metrics that are trending or actively falling short of goals or expectations.
    2. Take the documented list and have the ACE staff consider what actions or decisions can be prioritized to help mend the identified gaps. Look for any trends that could potentially speak to a larger problem or a specific aspect of the ACE or the organizational Agile environment that is not functioning as expected.
    3. Take the opportunity to review metrics that are also tracking above expected value to see if there are any lessons learned that can be extended to other ACE service offerings (e.g. effective engagement or communication strategies) so that the organization can start to learn what is effective and what is not based on their internal struggles and challenges. Spreading successes is just as important as identifying challenges in a CoE model.

    Phase 3, Step 2: Plan change to enhance your Agile initiatives

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    3.2.1 Assess the interaction and communication points of your Agile teams.

    3.2.2 Determine the root cause of each metric falling short of expectations.

    3.2.3 Brainstorm solutions to identified issues

    3.2.4 Review your metrics program.

    3.2.5 Create a communication plan for change.

    Outcomes:

    • Understand how your existing change management process interfaces with the Center of Excellence.
    • Identify issues and ideate solutions to metrics falling short of expectations.
    • Create a communication plan to prepare groups for any necessary change.

    Manage the adaptation of teams as they adopt Agile capabilities

    As Agile spreads, be cognizant of your cultural tolerance to change and its ability to deliver on such change. Change will happen more frequently and continuously, and there may be conceptual (change tolerance) or capability (delivery tolerance) roadblocks along the way that will need to be addressed.

    The Agile adoption model will help to graduate both the tolerance to change and tolerance to deliver over time. As your level of competency to deliver change increases, organizational tolerance to change, especially amongst management, will increase as well. Remember that optimized value delivery comes from this careful balance of aptitude and trust.

    Tolerance to change

    Tolerance to change refers to the conceptual capacity of your people to consume and adopt change. Change tolerance may become a barrier to success because teams might be too engrained with current structures and processes and find any changes too disruptive and uncomfortable.

    Tolerance to deliver

    Tolerance to deliver refers to the capability to deliver on expected change. While teams may be tolerant, they may not have the necessary capacity, skills, or resources to deliver the necessary changes successfully. The ACE can help solve this problem with training and coaching, or possibly by obtaining outside help where necessary.

    Understand how the ACE interfaces with your current change management process

    As the ACE absorbs best practices and identifies areas for improvement, a change management process should be established to address the implementation and sustainability of change without introducing significant disruptions and costs.

    To manage a continuously changing environment, your ACE will need to align and coordinate with organizational change management processes. This process should be capable of evaluating and incorporating multiple change initiatives continuously.

    Desired changes will need to be validated, and localized adaptations will need to be disseminated to the larger organization, and current state policy and procedures will need to be amended as the adoption of Agile spreads and capabilities increase.

    The goal here is to have the ACE governance group identify and interface with parties relevant to successfully implementing any specific change.

    INFO-TECH RELATED RESEARCH:

    Strategy and Leadership: Optimize Change Management

    Optimize your stakeholder management process to identify, prioritize, and effectively manage key stakeholders.

    Where should your Agile change requests come from?

    Changes to the services, structure, or engagement model of your ACE can be triggered from various sources in your organization. You will see that proposed changes may be requested with the best intentions; however, the potential impacts they may have to other areas of the organization can be significant. Consult all sources of ACE change requests to obtain a consensus that your change requests will not deteriorate the ACEs performance and use.

    ACE Governance

    • Sources of ACE Change Requests
      • ACE Policies/Stakeholders
        • Triggers for Change:
          • Changes in business and functional group objectives.
          • Dependencies and legacy policies and procedures.
      • ACE Customers
        • Triggers for Change:
          • Retrospectives and post-mortems.
          • Poor fit of best practices to projects.
      • Metrics
        • Triggers for Change:
          • Performance falling short of expectations.
          • Lack of alignment with changing objectives.
      • Tools and Technologies
        • Triggers for Change:
          • New or enhanced tools and technologies.
          • Changes in development and technology standards.

    Note: Each source of ACE change requests may require a different change management process to evaluate and implement the change.

    Activity: Assess the interaction and communication points of your Agile teams

    3.2.1 1.5 Hours

    Input

    • Understanding of team and organization structure

    Output

    • Current assessment of organizational design

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Development team
    1. Identify everyone who is directly or indirectly involved in projects completed by Agile teams. This can include those that are:
    • Informed of a project’s progress.
    • Expected to interface with the Agile team for solution delivery (e.g. DevOps).
    • Impacted by the success of the delivered solutions.
    • Responsible for the removal of impediments faced by the Agile team.
  • Indicate how each role interacts with the others and how frequently these interactions occur for a typical project. Do this by drawing a diagram on a whiteboard using labelled arrows to indicate types and frequency of interactions.
  • Identify the possible communication, collaboration, and alignment challenges the team will face when working with other groups.
    • Agile Team n
    Group Type of Interaction Potential challenges
    Operations
    • Release management
    • Past challenges transitioning to DevOps.
    • Communication barrier as an impediment.
    PMO
    • Planning
    • Product owner not located with team in organization.
    • PMO still primarily waterfall; need Agile training/coaching

    Activity: Determine the root cause of each metric falling short of expectations

    3.2.2 30 Minutes per metric

    Input

    • Metrics from Benefits Tracking Tool

    Output

    • Root causes to issues

    Materials

    • Whiteboard
    • Markers

    Participants

    • ACE team
    1. Take each metric from the ACE Benefits Tracking Tool that is lagging behind or has missed expectations and conduct an analysis of why it is performing that way.
    2. Conduct individual webbing sessions to clarify the issues. The goal is to drive out the reasons why these issues are present or why scaling Agile may introduce additional challenges.
    3. Share and discuss these findings with the entire team.

    Example:

    • Lack of best-practice documentation
      • Why?
        • Knowledge siloed within teams
        • No centralized repository for best practices
          • Why?
            • No mechanisms to share between teams
              • Why? Root causes
                • Teams are not sharing localized adaptations
                • CoE is not effectively monitoring team communications
            • Access issues at team level to wiki
              • Why? Root causes
                • Administration issues with best-practice wiki
                • Lack of ACE visibility into wiki access

    Activity: Brainstorm solutions to identified issues

    3.2.3 30 Minutes per metric

    Input

    • Root causes of issues

    Output

    • Fixes and solutions to scaling Agile issues

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Development team
    1. Using the results from your root-cause analysis, brainstorm potential solutions to the identified problems. Frame your brainstorming within the following perspectives: people, process, and technology. Map these solutions using the matrix below.
    2. Synthesize your ideas to create a consolidated list of initiatives.
      1. Highlight the solutions that can address multiple issues.
      2. Collaborate on how solutions can be consolidated into a single initiative.
    3. Write your synthesized solutions on sticky notes.
    SOLUTION CATEGORY
    People Process Technology
    ISSUES Poor face-to-face communication
    Lack of best-practice documentation

    Engage those teams affected by change early to ensure they are prepared

    Strategically managing change is an essential component to ensure that the ACE achieves its desired function. If the change that comes with adopting Agile best practices is going to impact other functions and change their expected workflows, ensure they are well prepared and the benefits for said changes are clearly communicated to them.

    Necessary change may be identified proactively (dependency assessments, system integrity, SME indicates need, etc.) or reactively (through retrospectives, discussions, completing root-cause analyses, etc.), but both types need to be handled the same way – through proper planning and communication with the affected parties.

    Plan any necessary change

    Understand the points where other groups will be affected by the adoption of Agile practices and recognize the potential challenges they may face. Plan changes to accommodate interactions between these groups without roadblocks or impediments.

    Communicate the change

    Structure a communication plan based on your identified challenges and proposed changes so that groups are well prepared to make the necessary adjustments to accommodate Agile workflows.

    Review and modify your metrics and baselines to ensure they are achievable in changing environments

    Consider the possible limitations that will exist from environmental complexities when measuring your Agile teams. Dependencies and legacy policies and procedures that pose a bottleneck to desired outcomes will need to be changed before teams can be measured justifiably. Take the time to ensure the metrics you crafted earlier are plausible in your current environment and there is not a need for transitional metrics.

    Are your metrics achievable?

    Specific

    Measureable

    Achievable

    • Adopting Agile is a journey, not just a destination. Ensure that the metrics a team is measured against reflect expectations for the team’s current level of Agile adoption and consider external dependencies that may limit their ability to achieve intended results.

    Realistic

    Time-bound

    Info-Tech Insight

    Use metrics as diagnostics, not as motivation. Teams will find ways to meet metrics they are measured by making sacrifices and taking unneeded risk to do so. To avoid dysfunction in your monitoring, use metrics as analytical tools to inform decision making, not as a yardstick for judgement.

    Activity: Review your metrics program

    3.2.4 Variable time commitment

    Input

    • Identified gaps
    • Agile team interaction points

    Output

    • ACE baselines
    • Past measurements

    Materials

    • ACE Benefits Tracking Tool

    Participants

    • ACE
    1. Now that you have identified gaps in your current state, see if those will have any impact on the achievability of your current metrics program.
    2. Review your root-cause analyses and brainstormed solutions, and hypothesize whether or not they will have any downstream impact to goal attainment. It is possible that there is no impact, but as cross-functional collaboration increases, the likelihood that groups will act as bottlenecks or impediments to expected performance will increase.
    3. Consider how any changes will impact the interaction points between teams based on the results from activity 3.2.1: Assess the interaction and communication points of your Agile teams. If there are too many negative impacts it may be a sign to re-consider the hypothesized solution to the problem and consider alternatives.
    4. In any cases where a metric has been altered, adjust its goal measurement to reflect its changes in the ACE Benefits Tracking Tool.

    Case study: Agile change at the GSA

    CASE STUDY

    Industry Government

    Source Navin Vembar, Agile Government Leadership

    Challenge

    The GSA is tasked with completed management of the Integrated Award Environment (IAE).

    • The IAE manages ten federal information technology systems that enable registering, searching, and applying for federal awards, as well as tracking them.
    • The IAE also manages the Federal Service Desk.

    The IAE staff had to find a way to break down the problem of modernization into manageable chunks that would demonstrate progress, but also had to be sure to capture a wide variety of user needs with the ability to respond to those needs throughout development.

    Had to work out the logistics of executing Agile change within the GSA, an agency that relies heavily on telework. In the case of modernization, they had a product owner in Florida while the development team was spread across the metro Washington, DC area.

    Solution

    Agile provided the ability to build incremental successes that allowed teams successful releases and built enthusiasm around the potential of adopting Agile practices offered.

    • GSA put in place an organization framework that allowed for planning of change at the portfolio level to enable the change necessary to allow for teams to execute tasks at the project level.
    • A four-year plan with incremental integration points allowed for larger changes on a quarterly basis while maintaining a bi-weekly sprint cycle.
    • They adopted IBM’s RTC tool for a Scrum board and on Adobe Connect for daily Scrum sessions to ensure transparency and effectiveness of outcomes across their collocated teams.

    Create a clear, concise communication plan

    Communication is key to avoid surprises and lost productivity created by the implementation of changes.

    User groups and the business need to be given sufficient notice of an impending change. Be concise, be comprehensive, and ensure that the message is reaching the right audience so that no one is blindsided and unable to deliver what is needed. This will allow them to make appropriate plans to accept the change, minimizing the impact of the change on productivity.

    Key Aspects of a Communication Plan

    • The method of communication (email, meetings, workshops, etc.).
    • The delivery strategy (who will deliver the message?).
    • The communication responsibility structure.
    • The communication frequency.
    • A feedback mechanism that allows you to review the effectiveness of your plan.
    • The message that you need to present.

    Communicating change

    • What is the change?
    • Why are we doing it?
    • How are we going to go about it?
    • What are we trying to achieve?
    • How often will we be updated?

    (Cornelius & Associates, The Qualities of Leadership: Leading Change)

    Apply the following principles to enhance the clarity of your message

    1. Be Consistent
    • "This is important because..."
      • The core message must be consistent regardless of audience, channel, or medium.
      • Test your communication and obtain feedback before delivering your message.
      • A lack of consistency can be perceived as deception.
  • Be Clear
    • "This means..."
      • Say what you mean and mean what you say.
      • Choice of language is important.
      • Don’t use jargon.
  • Be Relevant
    • "This affects you because..."
      • Talk about what matters to the audience.
      • Talk about what matters to the change initiative.
      • Tailor the details of the message to each audience’s specific concerns.
      • Communicate truthfully; do not make false promises or hide bad news.
  • Be Concise
    • "In summary..."
      • Keep communication short and to the point so key messages are not lost in the noise.

    • Activity: Create a communication plan for change

    3.2.5 1.5 Hours

    Input

    • Desired messages
    • Stakeholder list

    Output

    • Communication plan

    Materials

    • Whiteboard
    • Markers

    Participants

    • CoE
    1. Define the audience(s) for your communications. Consider who needs to be the audience of your different communication events and how it will impact them.
    2. Identify who the messenger will be to deliver the message.
    3. Identify your communication methods. Decide on the methods you will use to deliver each communication event. Your delivery method may vary depending on the audience it is targeting.
    4. Establish a timeline for communication releases. Set dates for your communication events. This can be recurring (weekly, monthly, etc.) or one-time events.
    5. Determine what the content of the message must include. Use the guidelines on the following slide to ensure the message is concise and impactful.

    Note: It is important to establish a feedback mechanism to ensure that the communication has been effective in communicating the change to the intended audiences. This can be incorporated into your ACE satisfaction surveys.

    Audience Messenger Format Timing Message
    Operations Development team Email
    • Monthly (major release)
    • Ad hoc (minor release and fixes)
    		Build ready for release
    Key stakeholders CIO Meeting
    • Monthly unless dictated otherwise
    		Updates on outcomes from past two sprint cycles

    Phase 3, Step 3: Conduct ongoing retrospectives of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities/Tools:

    3.3.1 Use the outputs from your metrics tracking tool to communicate progress.

    3.3.2 Summarize adjustments in areas where the ACE fell short.

    3.3.3 Re-conduct satisfaction surveys and compare against your baseline.

    3.3.4 Use Info-Tech’s CoE Maturity Diagnostic Tool to baseline current practices

    3.3.5 Use Info-Tech’s ACE Communications Deck to deliver your outcomes to the key stakeholders.

    Outcomes:

    • Conduct a retrospective of your ACE to enable the continuous improvement of your Agile program.
    • Structure a communications deck to communicate with stakeholders the outcomes from introducing the ACE to the organization.

    Reflect on your ACEs performance to lead the way to enterprise agility

    After functioning for a period of time, it is imperative to review the function of your ACE to ensure its continual alignment and see in what ways it can improve.

    At the end of the year, take the time to deliberately review and discuss:

    1. The effectiveness and use of your ACEs service offerings.
    2. What went well or wrong during the ACEs operation.
    3. What can be done differently to improve reach, usability, and effectiveness.
    4. Bring together Agile teams and discuss the processes they follow and inquire about suggestions for improvement.

    What is involved?

    • Use your metrics program to diagnose areas of issue and success. The diagnostic value of your metrics can help lead conversations with your Agile teams when attempting to inquire about suggestions for improvement.
    • Leverage your satisfaction surveys from the creation of your ACE and compare them against satisfaction surveys run after a year of operation. What are the lessons learned between then and now?
    • While it is primarily conducted by the ACE team, keep in mind it is a collaborative function and should involve all members, including Agile teams, product owners, Scrum masters, etc.

    Communicating with your key influencers is vital to ensure long-term operation of the ACE

    To ensure the long-term viability of your ACE and that your key influencers will continue funding, you need to demonstrate the ROI the Center of Excellence has provided.

    The overlying purpose of your ACE is to effectively align your Agile teams with corporate objectives. This means that there have to be communicable benefits that point to the effort and resources invested being valuable to the organization. Re-visit your prioritized stakeholder list and get ready to show them the impact the ACE has had on business outcomes.

    Communication with stakeholders is the primary method of building and developing a lasting relationship. Correct messaging can build bridges and tear down barriers, as well as soften opposition and bolster support.

    This section will help you to prepare an effective communication piece that summarizes the metrics stakeholders are interested in, as well as some success stories or benefits that are not communicable through metrics to provide extra context to ongoing successes of the ACE.

    INFO-TECH RELATED RESEARCH:

    Strategy and Leadership: Manage Stakeholder Relations

    Optimize your stakeholder management process to identify, prioritize, and effectively manage key stakeholders.

    Involve key stakeholders in your retrospectives to justify the funding for your ACE

    Those who fund the ACE have a large influence on the long-term success of your ACE. If you have not yet involved your stakeholders, you need to re-visit your organizational funding model for the ACE and ensure that your key stakeholders include the key decision makers for your funding. While they may have varying levels of interest and desires for granularity of data reporting, they need to at least be informed on a high level and kept as champions of the ACE so that there are no roadblocks to the long-term viability of this program.

    Keep this in mind as the ACE begins to demonstrate success, as it is not uncommon to have additional members added to your funding model as your service scales, especially in the chargeback models.

    As new key influencers are included, the ACEs governing group must ensure that collective interests may align and that more priorities don’t lead to derailment.

    The image shows a matrix. The matrix is labelled with Involvement at the bottom, and Power on the left side, and has the upper left quadrant labelled Keep Satisfied, the upper right quadrant labelled Key players, the lower right quadrant labelled Keep informed, and the lower left quadrant labelled Minimal effort. In the matric, there are several roles shown, with roles such as CFO, Apps Director, Funding Group, and CIO highlighted in the Key players section.

    Use the outputs from your metrics tracking tool to communicate progress

    3.3.1 1 Hour

    Use the ACE Benefits Tracking Tool to track the progress of your Agile environment to monitor whether or not the ACE is having a positive impact on the business’ ability to meet its objectives. The outputs will allow you to communicate incremental benefits that have been realized and point towards positive trends that will ensure the long-term buy-in of your key influencers.

    For communication purposes, use this tool to:

    • Re-visit who the impacted or interested stakeholders are so you can tailor your communications to be as impactful as possible for each key influencer of the ACE.

    The image shows a screen capture of the Agile CoE Metrics Tracking sheet.

    • Collate the benefits of the current projects undertaken by the Center of Excellence to give an overall recap of the ACEs impact.

    The image is a screen capture of the Summary Report sheet.

    Communicate where the ACE fell short

    Part of communicating the effectiveness of your ACE is to demonstrate that it is able to remedy projects and processes when they fall short of expectations and brainstorm solutions that effectively address these challenges. Take the opportunity to summarize where results were not as expected, and the ways in which the ACE used its influence or services to drive a positive outcome from a problem diagnosis. Stakeholders do not want a sugar-coated story – they want to see tangible results based on real scenarios.

    Summarizing failures will demonstrate to key influencers that:

    • You are not cherry-picking positive metrics to report and that the ACE faced challenges that it was able to overcome to drive positive business outcomes.
    • You are being transparent with the successes and challenges faced by the ACE, fostering increased trust within your stakeholders regarding the capabilities of Agile.
    • Resolution mechanisms are working as intended, successfully building failure tolerance and trust in change management policies and procedures.

    Activity: Summarize adjustments in areas where the ACE fell short

    3.3.2 15 Minutes per metric

    Input

    • Diagnosed problems from tracking tool
    • Root-cause analyses

    Output

    • Summary of change management successes

    Materials

    • Whiteboard
    • Markers

    Participants

    • ACE
    1. Create a list of items from the ACE Benefits Tracking Tool that fell short of expectations or set goals.
    2. For each point, create a brief synopsis of the root-cause analysis completed and summarize the brainstormed solution and its success in remedying the issue. If this process is not complete, create a to-date summary of any progress.
    3. Choose two to three pointed success stories from this list that will communicate broad success to your set of stakeholders.
    Name of metric that fell short
    Baseline measurement 65% of users satisfied with ACE services.
    Goal measurement 80% of users satisfied with ACE services.
    Actual measurement 70% of users satisfied with ACE services.
    Results of root-cause analysis Onboarding was not extensive enough; teams were unaware of some of the services offered, rendering them unsatisfied.
    Proposed solution Revamp onboarding process to include capability map of service offered.
    Summary of success TBD

    Re-conduct surveys with the ACE Satisfaction Survey to review the effectiveness of your service offerings

    3.3.3 Re-conduct satisfaction surveys and compare against your baseline

    Purpose

    This satisfaction survey will give you a template to follow to monitor the effectiveness of your ACEs defined service offerings. The goal is to understand what worked, and what did not, so you can add, retract, or modify service offerings where necessary.

    Steps

    1. Re-use the satisfaction survey to measure the effectiveness of the service offerings. Add questions regarding specific service offerings where necessary.
    2. Cross-analyze your satisfaction survey with metrics tied to your service offerings to help understand the root cause of the issues.
    3. Use the root-cause analysis exercises from step 3.2 to find the root causes of issues.
    4. Create a set of recommendations to add, amend, or improve any existing service offerings.

    INFO-TECH DELIVERABLE

    Download the ACE Satisfaction Survey.

    Use Info-Tech’s CoE Maturity Diagnostic Tool to baseline current practices

    3.3.4 ACE Maturity Assessment

    Purpose

    Assess your ACEs maturity by using Info-Tech’s CoE Maturity Diagnostic Tool. Assessing your ACEs maturity lets you know where you currently are, and where to look for improvements. Note that your optimal Maturity Level will depend on organizational specifics (e.g. a small organization with a handful of Agile Teams can be less mature than a large organization with hundreds of Agile Teams).

    Steps

    1. Download the CoE Maturity Diagnostic Tool to assess the maturity of your ACE.
    2. Complete the assessment tool with all members of your ACE team to determine your current Maturity score.
    3. Document the results in the ACE Communications Deck.

    Document results in the ACE Communications Deck.

    INFO-TECH DELIVERABLE

    Download the CoE Maturity Diagnostic Tool.

    Use Info-Tech’s ACE Communications Deck to deliver your outcomes to the key stakeholders

    3.3.5 Structure communications to each of your key stakeholders

    Purpose

    The ACE Communications Deck will give you a template to follow to effectively communicate with your stakeholders and ensure the long-term viability of your Agile Center of Excellence. Fill in the slides as instructed and provide each stakeholder with a targeted view of the successes of the ACE.

    Steps

    1. Determine who your target audience is for the Communications Deck – you may desire to create one for each of your key stakeholders as they may have different sets of interests.
    2. Fill out the ACE Communications Deck with the suggested inputs from the exercises you have completed during this research set.
    3. Review communications with members of the ACE to ensure that there are no communicable benefits that have been missed or omitted in the deck.

    INFO-TECH DELIVERABLE

    Download the ACE Communications Deck.

    Summary of accomplishment

    Knowledge Gained

    • An understanding of social capital as the key driver for organizational Agile success, and how it optimizes the value delivery of your Agile teams.
    • Importance of flexible governance to balance the benefits of localized adaptation and centralized control.
    • Alignment of service offerings with both business objectives and functional expectations as critical to ensuring long-term engagement with service offerings.

    Processes Optimized

    • Knowledge management and transfer of Agile best practices to new or existing Agile teams.
    • Optimization of service offerings for Agile teams based on organizational culture and objectives.
    • Change request optimization via interfacing ACE functions with existing change management processes.
    • Communication planning to ensure transparency during cross-functional collaboration.

    Deliverables Completed

    • A set of service offerings offered by the Center of Excellence that are aligned with the business, Agile teams, and related stakeholders.
    • Engagement plans for Agile team members based on a standardized adoption model to access the ACEs service offerings.
    • A suite of Agile metrics to measure effectiveness of Agile teams, the ACE itself, and its ability to deliver positive outcomes.
    • A communications plan to help create cross-functional transparency over pending changes as Agile spreads.
    • A communications deck to communicate Agile goals, actions, and outcomes to key stakeholders to ensure long-term viability of the CoE.

    Research contributors and experts

    Paul Blaney, Technology Delivery Executive, Thought Leader and passionate Agile Advocate

    Paul has been an Agile practitioner since the manifesto emerged some 20 years ago, applying and refining his views through real life experience at several organizations from startups to large enterprises. He has recently completed the successful build out of the inaugural Agile Delivery Centre of Excellence at TD bank in Toronto.

    John Munro, President Scrum Masters Inc.

    John Munro is the President of Scrum Masters Inc., a software optimization professional services firm using Agile, Scrum, and Lean to help North American firms “up skill” their software delivery people and processes. Scrum Masters’ unique, highly collaborative “Master Mind” consulting model leverages Agile/Lean experts on a biweekly basis to solve clients’ technical and process challenges.

    Doug Birgfeld, Senior Partner Agile Wave

    Doug has been a leader in building great teams, Agile project management, and business process innovation for over 20 years. As Senior Partner and Chief Evangelist at Agile Wave, his mission is to educate and to learn from all those who care about effective government delivery, nationally.

    Related Info-Tech research

    Implement Agile Practices That Work

    Agile is a cultural shift. Don't just do Agile, be Agile.

    Enable Organization-Wide Collaboration by Scaling Agile

    Execute a disciplined approach to rolling out Agile methods in the organization.

    Improve Application Development Throughput

    Drive down your delivery time by eliminating development inefficiencies and bottlenecks while maintaining high quality.

    Implement DevOps Practices That Work

    Accelerate software deployment through Dev and Ops collaboration.

    Related Info-Tech research (continued)

    Maximize the Benefits from Enterprise Applications with a Center of Excellence

    Optimize your organization’s enterprise application capabilities with a refined and scalable methodology.

    Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program

    Be proactive; it costs exponentially more to fix a problem the longer it goes unnoticed.

    Optimize the Change Management Process

    Right-size your change management process.

    Improve Requirements Gathering

    Back to basics: great products are built on great requirements.

    Bibliography

    Ambler, Scott. “Agile Requirements Change Management.” Agile Modeling. Scott Amber + Associates, 2014. Web. 12 Apr. 2016.

    Ambler, Scott. “Center of Excellence (CoEs).” Disciplined Agile 2.0: A Process Decision Framework for Enterprise I.T. Scott Amber + Associates. Web. 01 Apr. 2016.

    Ambler, Scott. “Transforming From Traditional to Disciplined Agile Delivery.” Case Study: Disciplined Agile Delivery Adoption. Scott Amber + Associates, 2013. Web.

    Beers, Rick. “IT – Business Alignment Why We Stumble and the Path Forward.” Oracle Corporation, July 2013. Web.

    Cornelius & Associates. “The Qualities of Leadership: Leading Change.” Cornelius & Associates, n.d. Web.

    Craig, William et al. “Generalized Criteria and Evaluation Method for Center of Excellence: A Preliminary Report.” Carnegie Mellon University Research Showcase @ CMU – Software Engineering Institute. Dec. 2009. Web. 20 Apr. 2016.

    Forsgren, Dr. Nicole et al (2019), Accelerate: State of DevOps 2019, Google, https://services.google.com/fh/files/misc/state-of-devops-2019.pdf

    Gerardi, Bart (2017), Agile Centers of Excellence, PMI Projectmanagement.com, https://www.projectmanagement.com/articles/405819/Agile-Centers-of-Excellence

    Gerardi, Bart (2017), Champions of Agile Adoption, PMI Projectmanagement.com, https://www.projectmanagement.com/articles/418151/Champions-of-Agile-Adoption

    Gerardi, Bart (2017), The Roles of an Agile COE, PMI Projectmanagement.com, https://www.projectmanagement.com/articles/413346/The-Roles-of-an-Agile-COE

    Hohl, P. et al. “Back to the future: origins and directions of the ‘Agile Manifesto’ – views of the originators.” Journal of Software Engineering Research and Development, vol. 6, no. 15, 2018. https://link.springer.com/article/10.1186/s40411-0...

    Kaltenecker, Sigi and Hundermark, Peter. “What Are Self-Organising Teams?” InfoQ. 18 July 2014. Web. 14 Apr. 2016.

    Kniberg, Henrik and Anderson Ivarsson. “Scaling Agile @ Spotify with Tribes, Squads, Chapters & Guilds.” Oct. 2012. Web. 30 Apr. 2016.

    Kumar, Alok et al. “Enterprise Agile Adoption: Challenges and Considerations.” Scrum Alliance. 30 Oct. 2014. Web. 30 May 2016.

    Levison, Mark. “Questioning Servant Leadership.” InfoQ, 4 Sept. 2008. Web. https://www.infoq.com/news/2008/09/servant_leadership/

    Linders, Ben. “Don't Copy the Spotify Model.” InfoQ.com. 6 Oct. 2016.

    Loxton, Matthew (June 1, 2011), CoP vs CoE – What’s the difference, and Why Should You Care?, Wordpress.com

    McDowell, Robert, and Bill Simon. In Search of Business Value: Ensuring a Return on Your Technology Investment. SelectBooks, 2010

    Novak, Cathy. “Case Study: Agile Government and the State of Maine.” Agile Government Leadership, n.d. Web.

    Pal, Nirmal and Daniel Pantaleo. “Services are the Language and Building Blocks of an Agile Enterprise.” The Agile Enterprise: Reinventing your Organization for Success in an On-Demand World. 6 Dec. 2015. Springer Science & Business Media.

    Rigby, Darrell K. et al (2018), Agile at Scale, Harvard Business Review, https://hbr.org/2018/05/agile-at-scale

    Scaledagileframework.com, Create a Lean-Agile Center of Excellence, Scaled Agile, Inc, https://www.scaledagileframework.com/lace/

    Shepley, Joe. “8 reasons COEs fail (Part 2).” Agile Ramblings, 22 Feb. 2010. https://joeshepley.com/2010/02/22/8-reasons-coes-fail-part-2/

    Stafford, Jan. “How upper management misconceptions foster Agile failures.” TechTarget. Web. 07 Mar. 2016.

    Taulli, Tom (2020), RPA Center Of Excellence (CoE): What You Need To Know For Success, Forbes.com, https://www.forbes.com/sites/tomtaulli/2020/01/25/rpa-center-of-excellence-coe-what-you-need-to-know-for-success/#24364620287a

    Telang, Mukta. “The CMMI Agile Adoption Model.” ScrumAlliance. 29 May 2015. Web. 15 Apr. 2016.

    VersionOne. “13th Annual State of Agile Report.” VersionOne. 2019. Web.

    Vembar, Navin. “Case Study: Agile Government and the General Services Administration (Integrated Award Environment).” Agile Government Leadership, n.d. Web.

    Wenger, E., R. A. McDermott, et al. (2002), Cultivating communities of practice: A guide to managing knowledge, Harvard Business Press.

    Wenger, E., White, N., Smith, J.D. Digital Habitats; Stewarding Technology for Communities. Cpsquare (2009).

    Develop a COVID-19 Pandemic Response Plan

    • Buy Link or Shortcode: {j2store}420|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • IT departments are being asked to rapidly ramp up work-from-home capabilities and other business process workarounds.
    • Crisis managers are experiencing a pandemic more severe than what they’ve managed in the past.
    • Organizations are scrambling to determine how they can keep their businesses running through this pandemic.

    Our Advice

    Critical Insight

    • Obstacles to working from home go beyond internet speed and needing a laptop. Business input is critical to uncover unexpected obstacles.
    • IT needs to address a range of issues from security risk to increased service desk demand from users who don’t normally work from home.
    • Resist the temptation to bypass IT processes – your future-self will thank you for tracking all those assets about to go out the door.

    Impact and Result

    • Start with crisis management fundamentals – identify crisis management roles and exercise appropriate crisis communication.
    • Prioritize business processes and work-from-home requirements. Not everyone can be set up on day one.
    • Don’t over-complicate your work-from-home deployment plan. A simple spreadsheet (see the Work-from-Home Requirements Tool) to track requirements can be very effective.

    Develop a COVID-19 Pandemic Response Plan Research & Tools

    Start here

    Stay up to date on COVID-19 and the resources available to you.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Develop a COVID-19 Pandemic Response Plan Storyboard

    1. Manage the pandemic crisis

    Identify key roles and immediate steps to manage this crisis.

    • Pandemic Response Plan Example

    2. Create IT’s plan to support the pandemic response plan

    Plan the deployment of a work-from-home initiative.

    • Work-From-Home Requirements Tool
    [infographic]

    Architect Your Big Data Environment

    • Buy Link or Shortcode: {j2store}202|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • Organizations may understand the transformative potential of a big data initiative, but they struggle to make the transition from the awareness of its importance to identifying a concrete use case for a pilot project.
    • The big data ecosystem is crowded and confusing, and a lack of understanding of it may cause paralysis for organizations.

    Our Advice

    Critical Insight

    • Don’t panic, and make use of the resources you already have. The skills, tools, and infrastructure for big data can break any budget quickly, but before making rash decisions, start with the resources you have in-house.
    • Big data as a service (BDaaS) is making big waves. BDaaS removes many of the hurdles associated with implementing a big data strategy and vastly lowers the barrier of entry.

    Impact and Result

    • Follow Info-Tech’s methodology for understanding the types of modern approaches to big data tools, and then determining which approach style makes the most sense for your organization.
    • Based on your big data use case, create a plan for getting started with big data tools that takes into account the backing of the use case, the organization’s priorities, and resourcing available.
    • Put a repeatable framework in place for creating a comprehensive big data tool environment that will help you decide on the necessary tools to help you realize the value from your big data use case and scale for the future.

    Architect Your Big Data Environment Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should find your optimal approach to big data tools, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Plant the foundations of your big data tool architecture

    Identify your big data use case and your current data-related capabilities.

    • Architect Your Big Data Environment – Phase 1: Plant the Foundations of Your Big Data Tool Architecture
    • Big Data Execution Plan Presentation
    • Big Data Architecture Planning Tool

    2. Weigh your big data architecture decision criteria

    Determine your capacity for big data tools, as well as the level of customizability and security needed for your solution to help justify your implementation style decision.

    • Architect Your Big Data Environment – Phase 2: Weigh Your Big Data Architecture Decision Criteria

    3. Determine your approach to implementing big data tools

    Analyze the three big data implementation styles, select your approach, and complete the execution plan for your big data initiative.

    • Architect Your Big Data Environment – Phase 3: Determine Your Approach To Implementing Big Data Tools
    [infographic]

    The Small Enterprise Guide to People and Resource Management

    • Buy Link or Shortcode: {j2store}602|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Train & Develop
    • Parent Category Link: /train-and-develop
    • 52% of small business owners agree that labor quality is their most important problem, and 76% of executives expect the talent market to get even more challenging.
    • The problem? You can't compete on salary, training budgets are slim, you need people skilled in all areas, and even one resignation represents a large part of your workforce.

    Our Advice

    Critical Insight

    • The usual, reactive approach to workforce management is risky:
      • Optimizing tactics helps you hire faster, train more, and negotiate better contracts.
      • But fulfilling needs as they arise costs more, has greater risk of failure, and leaves you unprepared for future needs.
    • In a small enterprise where every resource counts, in which one hire represents 10% of your workforce, it is essential to get it right.

    Impact and Result

    • Workforce planning helps you anticipate future needs.
    • More lead time means better decisions at lower cost.
    • Small Enterprises benefit most, since every resource counts.

    The Small Enterprise Guide to People and Resource Management Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. The Small Enterprise Guide to People and Resource Management Deck – Find out why workforce planning is critical for small enterprises.

    Use this storyboard to lay the foundation of people and resources management practices in your small enterprise IT department.

    • The Small Enterprise Guide to People and Resource Management – Phases 1-3

    2. Workforce Planning Workbook – Use the tool to successfully complete all of the activities required to define and estimate your workforce needs for the future.

    Use these concise exercises to analyze your department’s talent current and future needs and create a skill sourcing strategy to fill the gaps.

    • Workforce Planning Workbook for Small Enterprises

    3. Knowledge Transfer Tools – Use these templates to identify knowledge to be transferred.

    Work through an activity to discover key knowledge held by an employee and create a plan to transfer that knowledge to a successor.

    • IT Knowledge Identification Interview Guide Template
    • IT Knowledge Transfer Plan Template

    4. Development Planning Tools – Use these tools to determine priority development competencies.

    Assess employees’ development needs and draft a development plan that fits with key organizational priorities.

    • IT Competency Library
    • Leadership Competencies Workbook
    • IT Employee Career Development Workbook
    • Individual Competency Development Plan
    • Learning Methods Catalog for IT Employees

    Infographic

    Workshop: The Small Enterprise Guide to People and Resource Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Lay Your Foundations

    The Purpose

    Set project direction and analyze workforce needs.

    Key Benefits Achieved

    Planful needs analysis ensures future workforce supports organizational goals.

    Activities

    1.1 Set workforce planning goals and success metrics.

    1.2 Identify key roles and competency gaps.

    1.3 Conduct a risk analysis to identify future needs.

    1.4 Determine readiness of internal successors.

    Outputs

    Work with the leadership team to:

    Extract key business priorities.

    Set your goals.

    Assess workforce needs.

    2 Create Your Workforce Plan

    The Purpose

    Conduct a skill sourcing analysis, and determine competencies to develop internally.

    Key Benefits Achieved

    A careful analysis ensures skills are being sourced in the most efficient way, and internal development is highly aligned with organizational objectives.

    Activities

    2.1 Determine your skill sourcing route.

    2.2 Determine priority competencies for development.

    Outputs

    Create a workforce plan.

    2.Determine guidelines for employee development.

    3 Plan Knowledge Transfer

    The Purpose

    Discover knowledge to be transferred, and build a transfer plan.

    Key Benefits Achieved

    Ensure key knowledge is not lost in the event of a departure.

    Activities

    3.1 Discover knowledge to be transferred.

    3.2 Identify the optimal knowledge transfer methods.

    3.3 Create a knowledge transfer plan.

    Outputs

    Discover tacit and explicit knowledge.

    Create a knowledge transfer roadmap.

    4 Plan Employee Development

    The Purpose

    Create a development plan for all staff.

    Key Benefits Achieved

    A well-structured development plan helps engage and retain employees while driving organizational objectives.

    Activities

    4.1 Identify target competencies & draft development goals

    4.2 Select development activities and schedule check-ins.

    4.3 Build manager coaching skills.

    Outputs

    Assess employees.

    Prioritize development objectives.

    Plan development activities.

    Build management skills.

    Further reading

    The Small Enterprise Guide to People and Resource Management

    Quickly start getting the right people, with the right skills, at the right time

    Is this research right for you?

    Research Navigation

    Managing the people in your department is essential, whether you have three employees or 300. Depending on your available time, resources, and current workforce management maturity, you may choose to focus on the overall essentials, or dive deep into particular areas of talent management. Use the questions below to help guide you to the right Info-Tech resources that best align with your current needs.

    Question If you answered "no" If you answered "yes"

    Does your IT department have fewer than 15 employees, and is your organization's revenue less than $25 million (USD)?

    Review Info-Tech's archive of research for mid-sized and large enterprise clients.

    Follow the guidance in this blueprint.

    Does your organization require a more rigorous and customizable approach to workforce management?

    Follow the guidance in this blueprint.

    Review Info-Tech's archive of research for mid-sized and large enterprise clients.

    Analyst Perspective

    Workforce planning is even more important for small enterprises than large organizations.

    It can be tempting to think of workforce planning as a bureaucratic exercise reserved for the largest and most formal of organizations. But workforce planning is never more important than in small enterprises, where every individual accounts for a significant portion of your overall productivity.

    Without workforce planning, organizations find themselves in reactive mode, hiring new staff as the need arises. They often pay a premium for having to fill a position quickly or suffer productivity losses when a critical role goes unexpectedly vacant.

    A workforce plan helps you anticipate these challenges, come up with solutions to mitigate them, and allocate resources for the most impact, which means a greater return on your workforce investment in the long run.

    This blueprint will help you accomplish this quickly and efficiently. It will also provide you with the essential development and knowledge transfer tools to put your plan into action.

    This is a picture of Jane Kouptsova

    Jane Kouptsova
    Senior Research Analyst, CIO Advisory
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    52% of small business owners agree that labor quality is their most important problem.1

    Almost half of all small businesses face difficulty due to staff turnover.

    76% of executives expect the talent market to get even more challenging.2

    Common Obstacles

    76% of executives expect workforce planning to become a top strategic priority for their organization.2

    But…

    30% of small businesses do not have a formal HR function.3

    Small business leaders are often left at a disadvantage for hiring and retaining the best talent, and they face even more difficulty due to a lack of support from HR.

    Small enterprises must solve the strategic workforce planning problem, but they cannot invest the same time or resources that large enterprises have at their disposal.

    Info-Tech's Approach

    A modular, lightweight approach to workforce planning and talent management, tailored to small enterprises

    Clear activities that guide your team to decisive action

    Founded on your IT strategy, ensuring you have not just good people, but the right people

    Concise yet comprehensive, covering the entire workforce lifecycle from competency planning to development to succession planning and reskilling

    Info-Tech Insight

    Every resource counts. When one hire represents 10% of your workforce, it is essential to get it right.

    1CNBC & SurveyMonkey. 2ADP. 3Clutch.

    Labor quality is small enterprise's biggest challenge

    The key to solving it is strategic workforce planning

    Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in today's workforce, including pinpointing the human capital needs of the future.

    Linking workforce planning with strategic planning ensures that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.

    SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.

    52%

    of small business owners agree that labor quality is their most important problem.1

    30%

    30% of small businesses have no formal HR function.2

    76%

    of senior leaders expect workforce planning to become the top strategic challenge for their organization.3

    1CNBC & SurveyMonkey. 2Clutch. 3ADP.

    Workforce planning matters more for small enterprises

    You know that staffing mistakes can cost your department dearly. But did you know the costs are greater for small enterprises?

    The price of losing an individual goes beyond the cost of hiring a replacement, which can range from 0.5 to 2 times that employee's salary (Gallup, 2019). Additional costs include loss of productivity, business knowledge, and team morale.

    This is a major challenge for large organizations, but the threat is even greater for small enterprises, where a single individual accounts for a large proportion of IT's productivity. Losing one of a team of 10 means 10% of your total output. If that individual was solely responsible for a critical function, your department now faces a significant gap in its capabilities. And the effect on morale is much greater when everyone is on the same close-knit team.

    And the threat continues when the staffing error causes you not to lose a valuable employee, but to hire the wrong one instead. When a single individual makes up a large percentage of your workforce, as happens on small teams, the effects of talent management errors are magnified.

    A group of 100 triangles is shown above a group of 10 triangles. In each group, one triangle is colored orange, and the rest are colored blue.

    Info-Tech Insight

    One bad hire on a team of 100 is a problem. One bad hire on a team of 10 is a disaster.

    This is an image of Info-Tech's small enterprise guide o people and resource management.

    Blueprint pre-step: Determine your starting point

    People and Resource management is essential for any organization. But depending on your needs, you may want to start at different stages of the process. Use this slide as a quick reference for how the activities in this blueprint fit together, how they relate to other workforce management resources, and the best starting point for you.

    Your IT strategy is an essential input to your workforce plan. It defines your destination, while your workforce is the vessel that carries you there. Ensure you have at least an informal strategy for your department before making major workforce changes, or review Info-Tech's guidance on IT strategy.

    This blueprint covers the parts of workforce management that occur to some extent in every organization:

    • Workforce planning
    • Knowledge transfer
    • Development planning

    You may additionally want to seek guidance on contract and vendor management, if you outsource some part of your workload outside your core IT staff.

    Track metrics

    Consider these example metrics for tracking people and resource management success

    Project Outcome Metric Baseline Target
    Reduced training costs Average cost of training (including facilitation, materials, facilities, equipment, etc.) per IT employee
    Reduced number of overtime hours worked Average hours billed at overtime rate per IT employee
    Reduced length of hiring period Average number of days between job ad posting and new hire start date
    Reduced number of project cancellations due to lack of capacity Total of number of projects cancelled per year
    Increased number of projects completed per year (project throughput) Total number of project completions per year
    Greater net recruitment rate Number of new recruits/Number of terminations and departures
    Reduced turnover and replacement costs Total costs associated with replacing an employee, including position coverage cost, training costs, and productivity loss
    Reduced voluntary turnover rate Number of voluntary departures/Total number of employees
    Reduced productivity loss following a departure or termination Team or role performance metrics (varies by role) vs. one year ago

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1:

    Scope requirements, objectives, and your specific challenges.

    Call #2: Assess current workforce needs.

    Call #4: Determine skill sourcing route.

    Call #6:

    Identify knowledge to be transferred.

    Call #8: Draft development goals and select activities.

    Call #3: Explore internal successor readiness.

    Call #5:Set priority development competencies.

    Call #7: Create a knowledge transfer plan.

    Call #9: Build managers' coaching & feedback skills.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 4 to 6 calls over the course of 3 to 4 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5
    1.Lay Your Foundations 2. Create Your Workforce Plan 3. Plan Knowledge Transfer 3. Plan Employee Development Next Steps and Wrap-Up (offsite)
    Activities

    1.1 Set workforce planning goals and success metrics

    1.2 Identify key roles and competency gaps

    1.3 Conduct a risk analysis to identify future needs

    1.4 Determine readiness of internal successors

    1.5 Determine your skill sourcing route

    1.6 Determine priority competencies for development

    3.1 Discover knowledge to be transferred

    3.2 Identify the optimal knowledge transfer methods

    3.3 Create a knowledge transfer plan

    4.1 Identify target competencies & draft development goals

    4.2 Select development activities and schedule check-ins

    4.3 Build manager coaching skills

    Outcomes

    Work with the leadership team to:

    1. Extract key business priorities
    2. Set your goals
    3. Assess workforce needs

    Work with the leadership team to:

    1. Create a workforce plan
    2. Determine guidelines for employee development

    Work with staff and managers to:

    1. Discover tacit and explicit knowledge
    2. Create a knowledge transfer roadmap

    Work with staff and managers to:

    1. Assess employees
    2. Prioritize development objectives
    3. Plan development activities
    4. Build management skills

    Info-Tech analysts complete:

    1. Workshop report
    2. Workforce plan record
    3. Action plan

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Each onsite day is structured with group working sessions from 9-11 a.m. and 1:30-3:30 p.m. and includes Open Analyst Timeslots, where our facilitators are available to expand on scheduled activities, capture and compile workshop results, or review additional components from our comprehensive approach.

    This is a calendar showing days 1-4, and times from 8am-5pm

    Phase 1

    Workforce Planning

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership team
    • Managers
    • Human resource partner (if applicable)

    Additional Resources

    Workforce Planning Workbook for Small Enterprises

    Phase pre-step: Gather resources and participants

    1. Ensure you have an up-to-date IT strategy. If you don't have a formal strategy in place, ensure you are aware of the main organizational objectives for the next 3-5 years. Connect with executive stakeholders if necessary to confirm this information.
      If you are not sure of the organizational direction for this time frame, we recommend you consult Info-Tech's material on IT strategy first, to ensure your workforce plan is fully positioned to deliver value to the organization.
    2. Consult with your IT team and gather any documentation pertaining to current roles and skills. Examples include an org chart, job descriptions, a list of current tasks performed/required, a list of company competencies, and a list of outsourced projects.
    3. Gather the right participants. Most of the decisions in this section will be made by senior leadership, but you will also need input from front-line managers. Ensure they are available on an as-needed basis. If your organization has an HR partner, it can also be helpful to involve them in your workforce planning process.

    Formal workforce planning benefits even small teams

    Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in your workforce today and plan for the human capital needs of the future.

    Your workforce plan is an extension of your IT strategy, ensuring that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.

    SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.

    The smaller the business, the more impact each individual's performance has on the overall success of the organization. When a given role is occupied by a single individual, the organization's performance in that function is determined wholly by one employee. Creating a workforce plan for a small team may seem excessive, but it ensures your organization is not unexpectedly hit with a critical competency gap.

    Right-size your workforce planning process to the size of your enterprise

    Small organizations are 2.2 times more likely to have effective workforce planning processes.1 Be mindful of the opportunities and risks for organizations of your size as you execute the project. How you build your workforce plan will not change drastically based on the size of your organization; however, the scope of your initiative, the size of your team, and the tactics you employ may vary.

    Small Organization

    Medium Organization

    Large Organization

    Project Opportunities

    • Project scope is much more manageable.
    • Communication and planning can be more manageable.
    • Fewer roles can clarify prioritization needs and promotability.
    • Project scope is more manageable.
    • Moderate budget for workforce planning initiatives is needed.
    • Communication and enforcement is easier.
    • Larger candidate pool to pull from.
    • Greater career path options for staff.
    • In-house expertise may be available

    Project Risks

    • Limited resources and time to execute the project.
    • In-house expertise is unlikely.
    • Competencies may be informal and not documented.
    • Limited overlap in responsibilities, resulting in fewer redundancies.
    • Limited staff with experience for the project.
    • Workforce planning may be a lower priority and difficult to generate buy-in for.
    • Requires more staff to manage workforce plan and execute initiatives.
    • Less collective knowledge on staff strengths may make career planning difficult.
    • Geographically dispersed business units make collaboration and communication difficult.

    1 McLean & Company Trends Report 2014

    1.1 Set project outcomes and success metrics

    1-3 hours

    1. As a group, brainstorm key pain points that the IT department experiences due to the lack of a workforce plan. Ask them to consider turnover, retention, training, and talent acquisition.
    2. Discuss any key themes that arise and brainstorm your desired project outcomes. Keep a record of these for future reference and to aid in stakeholder communication.
    3. Break into smaller groups (or if too small, continue as a single group):
      1. For each desired outcome, consider what metrics you could use to track progress. Keep your initial list of pain points in mind as you brainstorm metrics.
      2. Write each of the metric suggestions on a whiteboard and agree to track 3-5 metrics. Set targets for each metric. Consider the effort required to obtain and track the metric, as well as its reliability.
      3. Assign one individual for tracking the selected metrics. Following the meeting, that individual will be responsible for identifying the baseline and targets, and reporting on metrics progress.

    Input

    Output

    • List of workforce data available
    • List of workforce metrics to track the workforce plan's impact

    Materials

    Participants

    • Whiteboard/flip charts
    • Leadership team
    • Human resource partner (if applicable)

    1.2 Identify key roles and competency gaps

    1-3 hours

    1. As a group, identify all strategic, core, and supporting roles by reviewing the organizational chart:
      1. Strategic: What are the roles that must be filled by top performers and cannot be left vacant in order to meet strategic objectives?
      2. Core: What roles are important to drive operational excellence?
      3. Supporting: What roles are required for day-to-day work, but are low risk if the role is vacant for a period of time?
    2. Working individually or in small groups, have managers for each identified role define the level of competence required for the job. Consider factors such as:
      1. The difficulty or criticality of the tasks being performed
      2. The impact on job outcomes
      3. The impact on the performance of other employees
      4. The consequence of errors if the competency is not present
      5. How frequently the competency is used on the job
      6. Whether the competency is required when the job starts or can be learned or acquired on the job within the first six months
    3. Continue working individually and rate the level of proficiency of the current incumbent.
    4. As a group, review the assessment and make any adjustments.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    Download the Workforce Planning Workbook for Small Enterprises

    1.2 Identify key roles and competency gaps

    Input Output
    • Org chart, job descriptions, list of current tasks performed/required, list of company competencies
    • List of competency gaps for key roles
    Materials Participants
    • Leadership team
    • Managers

    Conduct a risk-of-departure analysis

    A risk-of-departure analysis helps you plan for future talent needs by identifying which employees are most likely to leave the organization (or their current role).

    A risk analysis takes into account two factors: an employee's risk for departure and the impact of departure:

    Employees are high risk for departure if they:

    • Have specialized or in-demand skills (tenured employees are more likely to have this than recent hires)
    • Are nearing retirement
    • Have expressed career aspirations that extend outside your organization
    • Have hit a career development ceiling at your organization
    • Are disengaged
    • Are actively job searching
    • Are facing performance issues or dismissal OR promotion into a new role

    Employees are low risk for departure if they:

    • Are a new hire or new to their role
    • Are highly engaged
    • Have high potential
    • Are 5-10 years out from retirement

    If you are not sure where an employee stands with respect to leaving the organization, consider having a development conversation with them. In the meantime, consider them at medium risk for departure.

    To estimate the impact of departure, consider:

    • The effect of losing the employee in the near- and medium-term, including:
      • Impact on the organization, department, unit/team and projects
      • The cost (in time, resources, and productivity loss) to replace the individual
      • The readiness of internal successors for the role

    1.3 Conduct a risk analysis to identify future needs

    1-3 hours

    Preparation: Your estimation of whether key employees are at risk of leaving the organization will depend on what you know of them objectively (skills, age), as well as what you learn from development conversations. Ensure you collect all relevant information prior to conducting this activity. You may need to speak with employees' direct managers beforehand or include them in the discussion.

    • As a group, list all your current employees, and using the previous slide for guidance, rank them on two parameters: risk of departure and impact of departure, on a scale of low to high. Record your conclusions in a chart like the one on the right. (For a more in-depth risk assessment, use the "Risk Assessment Results" tab of the Key Roles Succession Planning Tool.)
    • Employees that fall in the "Mitigate" quadrant represent key at-risk roles with at least moderate risk and moderate impact. These are your succession planning priorities. Add these roles to your list of key roles and competency gaps, and include them in your workforce planning analysis.
    • Employees that fall in the "Manage" quadrants represent secondary priorities, which should be looked at if there is capacity after considering the "Mitigate" roles.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    This is an image of the Risk analysis for risk of departure to importance of departure.

    Info-Tech Insight

    Don't be afraid to rank most or all your staff as "high impact of departure." In a small enterprise, every player counts, and you must plan accordingly.

    1.3 Conduct a risk analysis to identify future needs

    Input Output
    • Employee data on competencies, skills, certifications, and performance. Input from managers from informal development conversations.
    • A list of first- and second-priority at-risk roles to carry forward into a succession planning analysis
    Materials Participants
    • Leadership team
    • Managers

    Determine your skill sourcing route

    The characteristics of need steer hiring managers to a preferred choice, while the marketplace analysis will tell you the feasibility of each option.

    Sourcing Options

    Preferred Options

    Final Choice

    four blue circles

    A right facing arrow

    		Two blue circles A right facing arrow One blue circle
    State of the Marketplace

    State of the Marketplace

    Urgency: How soon do we need this skill? What is the required time-to-value?

    Criticality: How critical, i.e. core to business goals, are the services or systems that this skill will support?

    Novelty: Is this skill brand new to our workforce?

    Availability: How often, and at what hours, will the skill be needed?

    Durability: For how long will this skill be needed? Just once, or indefinitely for regular operations?

    Scarcity: How popular or desirable is this skill? Do we have a large enough talent pool to draw from? What competition are we facing for top talent?

    Cost: How much will it cost to hire vs. contract vs. outsource vs. train this skill?

    Preparedness: Do we have internal resources available to cultivate this skill in house?

    1.4 Determine your skill sourcing route

    1-3 hours

    1. Identify the preferred sourcing method as a group, starting with the most critical or urgent skill need on your list. Use the characteristics of need to guide your discussion. If more than one option seems adequate, carry several over to the next step.
    2. Consider the marketplace factors applicable to the skill in question and use these to narrow down to one final sourcing decision.
      1. If it is not clear whether a suitable internal candidate is available or ready, refer to the next activity for a readiness assessment.
    3. Be sure to document the rationale supporting your decision. This will ensure the decision can be clearly communicated to any stakeholders, and that you can review on your decision-making process down the line.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    Info-Tech Insight

    Consider developing a pool of successors instead of pinning your hopes on just one person. A single pool of successors can be developed for either one key role that has specialized requirements or even multiple key roles that have generic requirements.

    Input

    Output

    • List of current and upcoming skill gaps
    • A sourcing decision for each skill

    Materials

    Participants

    • Leadership team
    • Human resource partner (if applicable)

    1.5 Determine readiness of internal successors

    1-3 hours

    1. As a group, and ensuring you include the candidates' direct managers, identify potential successors for the first role on your list.
    2. Ask how effectively the potential successor would serve in the role today. Review the competencies for the key role in terms of:
      1. Relationship-building skills
      2. Business skills
      3. Technical skills
      4. Industry-specific skills or knowledge
    3. Determine what competencies the succession candidate currently has and what must be learned. Be sure you know whether the candidate is open to a career change. Don't assume – if this is not clear, have a development conversation to ensure everyone is on the same page.
    4. Finally, determine how difficult it will be for the successor to acquire missing skills or knowledge, whether the resources are available to provide the required development, and how long it will take to provide it.
    5. As a group, decide whether training an internal successor is a viable option for the role in question, considering the successor's readiness and the characteristics of need for the role. If a clear successor is not readily apparent, consider:
      1. If the development of the successor can be fast-tracked, or if some requirements can be deprioritized and the successor provided with temporary support from other employees.
      2. If the role in question is being discussed because the current incumbent is preparing to leave, consider negotiating an arrangement that extends the incumbent's employment tenure.
    6. Record the decision and repeat for the next role on your list.

    Info-Tech Insight

    A readiness assessment helps to define not just development needs, but also any risks around the organization's ability to fill a key role.

    Input

    Output

    • List of roles for which you are considering training internally
    • Job descriptions and competency requirements for the roles
    • List of roles for which internal successors are a viable option

    Materials

    Participants

    • Leadership team
    • Candidates' direct managers, if applicable

    Use alternative work arrangements to gain time to prepare successors

    Alternative work arrangements are critical tools that employers can use to achieve a mutually beneficial solution that mitigates the risk of loss associated with key roles.

    Alternative work arrangements not only support employees who want to keep working, but more importantly, they allow the business to retain employees that are needed in key roles who are departure risks due to retirement.

    Viewing retirement as a gradual process can help you slow down skill loss in your organization and ensure you have sufficient time to train successors. Retiring workers are becoming increasingly open to alternative work arrangements. Among employed workers aged 50-75, more than half planned to continue working part-time after retirement.
    Source: Statistics Canada.

    Flexible work options are the most used form of alternative work arrangement

    A bar graph showing the percent of organizations who implemented alternate work arrangement, for Flexible work options; Contract based work; Part time roles; Graduated retirement programs; Part year jobs or job sharing; Increased PTO for employees over a certain age.

    Source: McLean & Company, N=44

    Choose the alternative work arrangement that works best for you and the employee

    Alternative Work Arrangement Description Ideal Use Caveats
    Flexible work options Employees work the same number of hours but have flexibility in when and where they work (e.g. from home, evenings). Employees who work fairly independently with no or few direct reports. Employee may become isolated or disconnected, impeding knowledge transfer methods that require interaction or one-on-one time.
    Contract-based work Working for a defined period of time on a specific project on a non-salaried or non-wage basis. Project-oriented work that requires specialized knowledge or skills. Available work may be sporadic or specific projects more intensive than the employee wants. Knowledge transfer must be built into the contractual arrangement.
    Part-time roles Half days or a certain number of days per week; indefinite with no end date in mind. Employees whose roles can be readily narrowed and upon whom people and critical processes are not dependent. It may be difficult to break a traditionally full-time job down into a part-time role given the size and nature of associated tasks.
    Graduated retirement Retiring employee has a set retirement date, gradually reducing hours worked per week over time. Roles where a successor has been identified and is available to work alongside the incumbent in an overlapping capacity while he or she learns. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

    Choose the alternative work arrangement that works best for you and the employee

    Alternative Work Arrangement Description Ideal Use Caveats
    Part-year jobs or job sharing Working part of the year and having the rest of the year off, unpaid. Project-oriented work where ongoing external relationships do not need to be maintained. The employee is unavailable for knowledge transfer activities for a large portion of the year. Another risk is that the employee may opt not to return at the end of the extended time off with little notice.
    Increased paid time off Additional vacation days upon reaching a certain age. Best used as recognition or reward for long-term service. This may be a particularly useful retention incentive in organizations that do not offer pension plans. The company may not be able to financially afford to pay for such extensive time off. If the role incumbent is the only one in the role, this may mean crucial work is not being done.
    Altered roles Concentration of a job description on fewer tasks that allows the employee to focus on his or her specific expertise. Roles where a successor has been identified and is available to work alongside the incumbent, with the incumbent's new role highly focused on mentoring. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

    Phase 2

    Knowledge Transfer

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership/management team
    • Incumbent & successor

    Additional Resources

    IT Knowledge Identification Interview Guide Template

    Knowledge Transfer Plan Template

    Determine your skill sourcing route

    Knowledge transfer plans have three key components that you need to complete for each knowledge source:

    Define what knowledge needs to be transferred

    Each knowledge source has unique information which needs to be transferred. Chances are you don't know what you don't know. The first step is therefore to interview knowledge sources to find out.

    Identify the knowledge receiver

    Depending on who the information is going to, the knowledge transfer tactic you employ will differ. Before deciding on the knowledge receiver and tactic, consider three key factors:

    • How will this knowledge be used in the future?
    • What is the next career step for the knowledge receiver?
    • Are the receiver and the source going to be in the same location?

    Identify which knowledge transfer tactics you will use for each knowledge asset

    Not all tactics are good in every situation. Always keep the "knowledge type" (information, process, skills, and expertise), knowledge sources' engagement level, and the knowledge receiver in mind as you select tactics.

    Don't miss tacit knowledge

    There are two basic types of knowledge: "explicit" and "tacit." Ensure you capture both to get a well-rounded overview of the role.

    Explicit Tacit
    • "What knowledge" – knowledge can be articulated, codified, and easily communicated.
    • Easily explained and captured – documents, memos, speeches, books, manuals, process diagrams, facts, etc.
    • Learn through reading or being told.
    • "How knowledge" – intangible knowledge from an individual's experience that is more from the process of learning, understanding, and applying information (insights, judgments, and intuition).
    • Hard to verbalize, and difficult to capture and quantify.
    • Learn through observation, imitation, and practice.

    Types of explicit knowledge

    Types of tacit knowledge

    Information Process Skills Expertise

    Specialized technical knowledge.

    Unique design capabilities/methods/models.

    Legacy systems, details, passwords.

    Special formulas/algorithms/ techniques/contacts.

    • Specialized research & development processes.
    • Proprietary production processes.
    • Decision-making processes.
    • Legacy systems.
    • Variations from documented processes.
    • Techniques for executing on processes.
    • Relationship management.
    • Competencies built through deliberate practice enabling someone to act effectively.
    • Company history and values.
    • Relationships with key stakeholders.
    • Tips and tricks.
    • Competitor history and differentiators.

    e.g. Knowing the lyrics to a song, building a bike, knowing the alphabet, watching a YouTube video on karate.

    e.g. Playing the piano, riding a bike, reading or speaking a language, earning a black belt in karate.

    Embed your knowledge transfer methods into day-to-day practice

    Multiple methods should be used to transfer as much of a person's knowledge as possible, and mentoring should always be one of them. Select your method according to the following criteria:

    Info-Tech Insight

    The more integrated knowledge transfer is in day-to-day activities, the more likely it is to be successful, and the lower the time cost. This is because real learning is happening at the same time real work is being accomplished.

    Type of Knowledge

    • Tacit knowledge transfer methods are often informal and interactive:
      • Mentoring
      • Multi-generational work teams
      • Networks and communities
      • Job shadowing
    • Explicit knowledge transfer methods tend to be more formal and one way:
      • Formal documentation of processes and best practices
      • Self-published knowledge bases
      • Formal training sessions
      • Formal interviews

    Incumbent's Preference/Successor's Preference

    Ensure you consult the employees, and their direct manager, on the way they are best prepared to teach and learn. Some examples of preferences include:

    1. Prefer traditional classroom learning, augmented with participation, critical reflection, and feedback.
    2. May get bored during formal training sessions and retain more during job shadowing.
    3. Prefer to be self-directed or self-paced, and highly receptive to e-learning and media.
    4. Prefer informal, incidental learning, tend to go immediately to technology or direct access to people. May have a short attention span and be motivated by instant results.
    5. May be uncomfortable with blogs and wikis, but comfortable with SharePoint.

    Cost

    Consider costs beyond the monetary. Some methods require an investment in time (e.g. mentoring), while others require an investment in technology (e.g. knowledge bases).

    The good news is that many supporting technologies may already exist in your organization or can be acquired for free.

    Methods that cost time may be difficult to get underway since employees may feel they don't have the time or must change the way they work.

    2.1 Create a knowledge transfer plan

    1-3 hours

    1. Working together with the current incumbent, brainstorm the key information pertaining to the role that you want to pass on to the successor. Use the IT Knowledge Identification Interview Guide Template to ensure you don't miss anything.
      • Consider key knowledge areas, including:
        • Specialized technical knowledge.
        • Specialized research and development processes.
        • Unique design capabilities/methods/models.
        • Special formulas/algorithms/techniques.
        • Proprietary production processes.
        • Decision-making criteria.
        • Innovative sales methods.
        • Knowledge about key customers.
        • Relationships with key stakeholders.
        • Company history and values.
      • Ask questions of both sources and receivers of knowledge to help determine the best knowledge transfer methods to use.
        • What is the nature of the knowledge? Explicit or tacit?
        • Why is it important to transfer?
        • How will the knowledge be used?
        • What knowledge is critical for success?
        • How will the users find and access it?
        • How will it be maintained and remain relevant and usable?
        • What are the existing knowledge pathways or networks connecting sources to recipients?
    2. Once the knowledge has been identified, use the information on the following slides to decide on the most appropriate methods. Be sure to consult the incumbent and successor on their preferences.
    3. Prioritize your list of knowledge transfer activities. It's important not to try to do too much too quickly. Focus on some quick wins and leverage the success of these initiatives to drive the project forward. Follow these steps as a guide:
      1. Take an inventory of all the tactics and techniques which you plan to employ. Eliminate redundancies where possible.
      2. Start your implementation with your highest risk role or knowledge item, using explicit knowledge transfer tactics. Interviews, use cases, and process mapping will give you some quick wins and will help gain momentum for the project.
      3. Then move forward to other tactics, the majority of which will require training and process design. Pick 1-2 other key tactics you would like to employ and build those out. For tactics that require resources or monetary investment, start with those that can be reused for multiple roles.

    Record your plan in the IT Knowledge Transfer Plan Template.

    Download the IT Knowledge Identification Interview Guide Template

    Download the Knowledge Transfer Plan Template

    Info-Tech Insight

    Wherever possible, ask employees about their personal learning styles. It's likely that a collaborative compromise will have to be struck for knowledge transfer to work well.

    2.1 Create a knowledge transfer plan

    Input

    Output

    • List of roles for which you need to transfer knowledge
    • Prioritized list of knowledge items and chosen transfer method

    Materials

    Participants

    • Leadership team
    • Incumbent
    • Successor

    Not every transfer method is effective for every type of knowledge

    Knowledge Type
    Tactic Explicit Tacit
    Information Process Skills Expertise
    Interviews Very Strong Strong Strong Strong
    Process Mapping Medium Very Strong Very Weak Very Weak
    Use Cases Medium Very Strong Very Weak Very Weak
    Job Shadow Very Weak Medium Very Strong Very Strong
    Peer Assist Strong Medium Very Strong Very Strong
    Action Review Medium Medium Strong Strong
    Mentoring Weak Weak Strong Very Strong
    Transition Workshop Strong Strong Strong Weak
    Storytelling Weak Weak Strong Very Strong
    Job Share Weak Weak Very Strong Very Strong
    Communities of Practice Strong Weak Very Strong Very Strong

    This table shows the relative strengths and weaknesses of each knowledge transfer tactic compared against four different knowledge types.

    Not all techniques are effective for all types of knowledge; it is important to use a healthy mixture of techniques to optimize effectiveness.

    Employees' engagement can impact knowledge transfer effectiveness

    Level of Engagement
    Tactic Disengaged/ Indifferent Almost Engaged - Engaged
    Interviews Yes Yes
    Process Mapping Yes Yes
    Use Cases Yes Yes
    Job Shadow No Yes
    Peer Assist Yes Yes
    Action Review Yes Yes
    Mentoring No Yes
    Transition Workshop Yes Yes
    Storytelling No Yes
    Job Share Maybe Yes
    Communities of Practice Maybe Yes

    When considering which tactics to employ, it's important to consider the knowledge holder's level of engagement. Employees who you would identify as being disengaged may not make good candidates for job shadowing, mentoring, or other tactics where they are required to do additional work or are asked to influence others.

    Knowledge transfer can be controversial for all employees as it can cause feelings of job insecurity. It's essential that motivations for knowledge transfer are communicated effectively.

    Pay particular attention to your communication style with disengaged and indifferent employees, communicate frequently, and tie communication back to what's in it for them.

    Putting disengaged employees in a position where they are mentoring others can be a risk, as their negativity could influence others not to participate, or it could negate the work you're doing to create a positive knowledge sharing culture.

    Employees' engagement can impact knowledge transfer effectiveness

    Effort by Stakeholder

    Tactic

    Business Analyst

    IT Manager

    Knowledge Holder

    Knowledge Receiver

    Interviews

    These tactics require the least amount of effort, especially for organizations that are already using these tactics for a traditional requirements gathering process.

    Medium

    N/A

    Low

    Low

    Process Mapping

    Medium

    N/A

    Low

    Low

    Use Cases

    Medium

    N/A

    Low

    Low

    Job Shadow

    Medium

    Medium

    Medium

    Medium

    Peer Assist

    Medium

    Medium

    Medium

    Medium

    Action Review

    These tactics generally require more involvement from IT management and the BA in tandem for preparation. They will also require ongoing effort for all stakeholders. It's important to gain stakeholder buy-in as it is key for success.

    Low

    Medium

    Medium

    Low

    Mentoring

    Medium

    High

    High

    Medium

    Transition Workshop

    Medium

    Low

    Medium

    Low

    Storytelling

    Medium

    Medium

    Low

    Low

    Job Share

    Medium

    High

    Medium

    Medium

    Communities of Practice

    High

    Medium

    Medium

    Medium

    Phase 3

    Development Planning

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership team
    • Managers
    • Employees

    Additional Resources

    Effective development planning hinges on robust performance management

    Your performance management framework is rooted in organizational goals and defines what it means to do any given role well.

    Your organization's priority competencies are the knowledge, skills and attributes that enable an employee to do the job well.

    Each individual's development goals are then aimed at building these priority competencies.

    Mission Statement

    To be the world's leading manufacturer and distributor of widgets.

    Business Goal

    To increase annual revenue by 10%.

    IT Department Objective

    To ensure reliable communications infrastructure and efficient support for our sales and development teams.

    Individual Role Objective

    To decrease time to resolution of support requests by 10% while maintaining quality.

    Info-Tech Insight

    Without a performance management framework, your employees cannot align their development with the organization's goals. For detailed guidance, see Info-Tech's blueprint Setting Meaningful Employee Performance Measures.

    What is a competency?

    The term "competency" refers to the collection of knowledge, skills, and attributes an employee requires to do a job well.

    Often organizations have competency frameworks that consist of core, leadership, and functional competencies.

    Core competencies apply to every role in the organization. Typically, they are tied to organizational values and business mission and/or vision.

    Functional competencies are at the department, work group, or job role levels. They are a direct reflection of the function or type of work carried out.

    Leadership competencies generally apply only to people managers in the organization. Typically, they are tied to strategic goals in the short to medium term

    Generic Functional
    • Core
    • Leadership
    • IT
    • Finance
    • Sales
    • HR

    Use the SMART model to make sure goals are reasonable and attainable

    S

    Specific: Be specific about what you want to accomplish. Think about who needs to be involved, what you're trying to accomplish, and when the goal should be met.

    M

    Measurable: Set metrics that will help to determine whether the goal has been reached.

    A

    Achievable: Ensure that you have both the organizational resources and employee capability to accomplish the goal.

    R

    Relevant: Goals must align with broader business, department, and development goals in order to be meaningful.

    T

    Time-bound: Provide a target date to ensure the goal is achievable and provide motivation.

    Example goal:

    "Learn Excel this summer."

    Problems:

    Not specific enough, not measurable enough, nor time bound.

    Alternate SMART goal:

    "Consult with our Excel expert and take the lead on creating an Excel tool in August."

    3.2 Identify target competencies & draft development goals

    1 hour

    Pre-work: Employees should come to the career conversation having done some self-reflection. Use Info-Tech's IT Employee Career Development Workbook to help employees identify their career goals.

    1. Pre-work: Managers should gather any data they have on the employee's current proficiency at key competencies. Potential sources include task-based assessments, performance ratings, supervisor or peer feedback, and informal conversation.

      Prioritize competencies. Using your list of priority organizational competencies, work with your employees to help them identify two to four competencies to focus on developing now and in the future. Use the Individual Competency Development Plan template to document your assessment and prioritize competencies for development. Consider the following questions for guidance:
      1. Which competencies are needed in my current role that I do not have full proficiency in?
      2. Which competencies are related to both my career interests and the organization's priorities?
      3. Which competencies are related to each other and could be developed together or simultaneously?
    2. Draft goals. Ask your employee to create a list of multiple simple goals to develop the competencies they have selected to work on developing over the next year. Identifying multiple goals helps to break development down into manageable chunks. Ensure goals are concrete, for example, if the competency is "communication skills," your development goals could be "presentation skills" and "business writing."
    3. Review goals:
      1. Ask why these areas are important to the employee.
      2. Share your ideas and why it is important that the employee develop in the areas identified.
      3. Ensure that the goals are realistic. They should be stretch goals, but they must be achievable. Use the SMART framework on the previous slide for guidance.

    Info-Tech Insight

    Lack of career development is the top reason employees leave organizations. Development activities need to work for both the organization and the employee's own development, and clearly link to advancing employees' careers either at the organization or beyond.

    Download the IT Employee Career Development Workbook

    Download the Individual Competency Development Plan

    3.2 Identify target competencies & draft development goals

    Input

    Output

    • Employee's career aspirations
    • List of priority organizational competencies
    • Assessment of employee's current proficiency
    • A list of concrete development goals

    Materials

    Participants

    • Employee
    • Direct manager

    Apply a blend of learning methods

    • Info-Tech recommends the 70-20-10 principle for learning and development, which places the greatest emphasis on learning by doing. This experiential learning is then supported by feedback from mentoring, training, and self-reflection.
    • Use the 70-20-10 principle as a guideline – the actual breakdown of your learning methods will need to be tailored to best suit your organization and the employee's goals.

    Spend development time and effort wisely:

    70%

    On providing challenging on-the-job opportunities

    20%

    On establishing opportunities for people to develop learning relationships with others, such as coaching and mentoring

    10%

    On formal learning and training programs

    Internal initiatives are a cost-effective development aid

    Internal Initiative

    What Is It?

    When to Use It

    Special Project

    Assignment outside of the scope of the day-to-day job (e.g. work with another team on a short-term initiative).

    As an opportunity to increase exposure and to expand skills beyond those required for the current job.

    Stretch Assignment

    The same projects that would normally be assigned, but in a shorter time frame or with a more challenging component.

    Employee is consistently meeting targets and you need to see what they're capable of.

    Training Others

    Training new or more junior employees on their position or a specific process.

    Employee wants to expand their role and responsibility and is proficient and positive.

    Team Lead On an Assignment

    Team lead for part of a project or new initiative.

    To prepare an employee for future leadership roles by increasing responsibility and developing basic managerial skills.

    Job Rotation

    A planned placement of employees across various roles in a department or organization for a set period of time.

    Employee is successfully meeting and/or exceeding job expectations in their current role.

    Incorporating a development objective into daily tasks

    What do we mean by incorporating into daily tasks?

    The next time you assign a project to an employee, you should also ask the employee to think about a development goal for the project. Try to link it back to their existing goals or have them document a new goal in their development plan.

    For example: A team of employees always divides their work in the same way. Their goal for their next project could be to change up the division of responsibility so they can learn each other's roles.

    Another example:

    "I'd like you to develop your ability to explain technical terms to a non-technical audience. I'd like you to sit down with the new employee who starts tomorrow and explain how to use all our software, getting them up and running."

    Info-Tech Insight

    Employees often don't realize that they are being developed. They either think they are being recognized for good work or they are resentful of the additional workload.

    You need to tell your employees that the activity you are asking them to do is intended to further their development.

    However, be careful not to sell mundane tasks as development opportunities – this is offensive and detrimental to engagement.

    Establish manager and employee accountability for following up

    Ensure that the employee makes progress in developing prioritized competencies by defining accountabilities:

    Tracking Progress

    Checking In

    Development Meetings

    Coaching & Feedback

    Employee accountability:

    • Employees need to keep track of what they learn.
    • Employees should take the time to reflect on their progress.

    Manager accountability:

    • Managers need to make the time for employees to reflect.

    Employee accountability:

    • Employees need to provide managers with updates and ask for help.

    Manager accountability:

    • Managers need to check in with employees to see if they need additional resources.

    Employee accountability:

    • Employees need to complete assessments again to determine whether they have made progress.

    Manager accountability:

    • Managers should schedule monthly meetings to discuss progress and identify next steps.

    Employee accountability:

    • Employees should ask their manager and colleagues for feedback after development activities.

    Manager accountability:

    • Managers can use both scheduled meetings and informal conversations to provide coaching and feedback to employees.

    3.3 Select development activities and schedule check-ins

    1-3 hours

    Pre-work: Employees should research potential development activities and come prepared with a range of suggestions.

    Pre-work: Managers should investigate options for employee development, such as internal training/practice opportunities for the employee's selected competencies and availability of training budget.

    1. Communicate your findings about internal opportunities and external training allowance to the employee. This can also be done prior to the meeting, to help guide the employee's own research. Address any questions or concerns.
    2. Review the employee's proposed list of activities, and identify priority ones based on:
      1. How effectively they support the development of priority competencies.
      2. How closely they match the employee's original goals.
      3. The learning methods they employ, and whether the chosen activities support a mix of different methods.
      4. The degree to which the employee will have a chance to practice new skills hands-on.
      5. The amount of time the activities require, balanced against the employee's work obligations.
    3. Guide the employee in selecting activities for the short and medium term. Establish an understanding that this list is tentative and subject to ongoing revision during future check-ins.
      1. If in doubt about whether the employee is over-committing, err on the side of fewer activities to start.
    4. Schedule a check-in for one month out to review progress and roadblocks, and to reaffirm priorities.
    5. Check-ins should be repeated regularly, typically once a month.

    Download the Learning Methods Catalog

    Info-Tech Insight

    Adopt a blended learning approach using a variety of techniques to effectively develop competencies. This will reinforce learning and accommodate different learning styles. See Info-Tech's Learning Methods Catalog for a description of popular experiential, relational, and formal learning methods.

    3.3 Select development activities and schedule check-ins

    Input

    Output

    • List of potential development activities (from employee)
    • List of organizational resources (from manager)
    • A selection of feasible development activities
    • Next check-in scheduled

    Materials

    Participants

    • Employee
    • Direct manager

    Tips for tricky conversations about development

    What to do if…

    Employees aren't interested in development:

    • They may have low aspiration for advancement.
    • Remind them about the importance of staying current in their role given increasing job requirements.
    • Explain that skill development will make their job easier and make them more successful at it; sell development as a quick and effective way to learn the skill.
    • Indicate your support and respond to concerns.

    Employees have greater aspiration than capability:

    • Explain that there are a number of skills and capabilities that they need to improve in order to move to the next level. If the specific skills were not discussed during the performance appraisal, do not hesitate to explain the improvements that you require.
    • Inform the employee that you want them to succeed and that by pushing too far and too fast they risk failure, which would not be beneficial to anyone.
    • Reinforce that they need to do their current job well before they can be considered for promotion.

    Employees are offended by your suggestions:

    • Try to understand why they are offended. Before moving forward, clarify whether they disagree with the need for development or the method by which you are recommending they be developed.
    • If it is because you told them they had development needs, then reiterate that this is about helping them to become better and that everyone has areas to develop.
    • If it is about the development method, discuss the different options, including the pros and cons of each.

    Coaching and feedback skills help managers guide employee development

    Coaching and providing feedback are often confused. Managers often believe they are coaching when they are just giving feedback. Learn the difference and apply the right approach for the right situation.

    What is coaching?

    A conversation in which a manager asks questions to guide employees to solve problems themselves.

    Coaching is:

    • Future-focused
    • Collaborative
    • Geared toward growth and development

    What is feedback?

    Information conveyed from the manager to the employee about their performance.

    Feedback is:

    • Past-focused
    • Prescriptive
    • Geared toward behavior and performance

    Info-Tech Insight

    Don't forget to develop your managers! Ensure coaching, feedback, and management skills are part of your management team's development plan.

    Understand the foundations of coaching to provide effective development coaching:

    Knowledge Mindset Relationship
    • Understand what coaching is and how to apply it:
    • Identify when to use coaching, feedback, or other people management practices, and how to switch between them.
    • Know what coaching can and cannot accomplish.
    • When focusing on performance, guide an employee to solve problems related to their work. When focusing on development, guide an employee to reach their own development goals.
    • Adopt a coaching mindset by subscribing to the following beliefs:
    • Employees want to achieve higher performance and have the potential to do so.
    • Employees have a unique and valuable perspective to share of the challenges they face as well as the possible solutions.
    • Employees should be empowered to realize solutions themselves to motivate them in achieving goals.
    • Develop a relationship of trust between managers and employees:
    • Create an environment of psychological safety where employees feel safe to be open and honest.
    • Involve employees in decision making and inform employees often.
    • Invest in employees' success.
    • Give and expect candor.
    • Embrace failure.

    Apply the "4A" behavior-focused coaching model

    Using a model allows every manager, even those with little experience, to apply coaching best practices effectively.

    Actively Listen

    Ask

    Action Plan

    Adapt

    Engage with employees and their message, rather than just hearing their message.

    Key active listening behaviors:

    • Provide your undivided attention.
    • Observe both spoken words and body language.
    • Genuinely try to understand what the employee is saying.
    • Listen to what is being said, then paraphrase back what you heard.

    Ask thoughtful, powerful questions to learn more information and guide employees to uncover opportunities and/or solutions.

    Key asking behaviors:

    • Ask open-ended questions.
    • Ask questions to learn something you didn't already know.
    • Ask for reasoning (the why).
    • Ask "what else?"

    Hold employees and managers accountable for progress and results.

    During check-ins, review each development goal to ensure employees are meeting their targets.

    Key action planning behaviors:

    Adapt to individual employees and situations.

    Key adapting behaviors:

    • Recognize employees' unique characteristics.
    • Appreciate the situation at hand and change your behavior and communication in order to best support the individual employee.

    Use the following questions to have meaningful coaching conversations

    Opening Questions

    • What's on your mind?
    • Do you feel you've had a good week/month?
    • What is the ideal situation?
    • What else?

    Problem-Identifying Questions

    • What is most important here?
    • What is the challenge here for you?
    • What is the real challenge here for you?
    • What is getting in the way of you achieving your goal?

    Problem-Solving Questions

    • What are some of the options available?
    • What have you already tried to solve this problem? What worked? What didn't work?
    • Have you considered all the possibilities?
    • How can I help?

    Next-Steps Questions

    • What do you need to do, and when, to achieve your goal?
    • What resources are there to help you achieve your goal? This includes people, tools, or even resources outside our organization.
    • How will you know when you have achieved your goal? What does success look like?

    The purpose of asking questions is to guide the conversation and learn something you didn't already know. Choose the questions you ask based on the flow of the conversation and on what information you would like to uncover. Approach the answers you get with an open mind.

    Info-Tech Insight

    Avoid the trap of "hidden agenda" questions, whose real purpose is to offer your own advice.

    Use the following approach to give effective feedback

    Provide the feedback in a timely manner

    • Plan the message you want to convey.
    • Provide feedback "just-in-time."
    • Ensure recipient is not preoccupied.
    • Try to balance the feedback; refer to successful as well as unsuccessful behavior.

    Communicate clearly, using specific examples and alternative behaviors

    • Feedback must be honest and helpful.
    • Be specific and give a recent example.
    • Be descriptive, not evaluative.
    • Relate feedback to behaviors that can be changed.
    • Give an alternative positive behavior.

    Confirm their agreement and understanding

    • Solicit their thoughts on the feedback.
    • Clarify if not understood; try another example.
    • Confirm recipient understands and accepts the feedback.

    Manager skill is crucial to employee development

    Development is a two-way street. This means that while employees are responsible for putting in the work, managers must enable their development with support and guidance. The latter is a skill, which managers must consciously cultivate.

    For more in-depth management skills development, see the Info-Tech "Build a Better Manager" training resources:

    Bibliography

    Anderson, Kelsie. "Is Your IT Department Prepared for the 4 Biggest Challenges of 2017?" 14 June 2017.
    Atkinson, Carol, and Peter Sandiford. "An Exploration of Older Worker Flexible Working Arrangements in Smaller Firms." Human Resource Management Journal, vol. 26, no. 1, 2016, pp. 12–28. Wiley Online Library.
    BasuMallick, Chiradeep. "Top 8 Best Practices for Employee Cross-Training." Spiceworks, 15 June 2020.
    Birol, Andy. "4 Ways You Can Succeed With a Staff That 'Wears Multiple Hats.'" The Business Journals, 26 Nov. 2013.
    Bleich, Corey. "6 Major Benefits To Cross-Training Employees." EdgePoint Learning, 5 Dec. 2018.
    Cancialosi, Chris. "Cross-Training: Your Best Defense Against Indispensable Employees." Forbes, 15 Sept. 2014.
    Cappelli, Peter, and Anna Tavis. "HR Goes Agile." Harvard Business Review, Mar. 2018.
    Chung, Kai Li, and Norma D'Annunzio-Green. "Talent Management Practices of SMEs in the Hospitality Sector: An Entrepreneurial Owner-Manager Perspective." Worldwide Hospitality and Tourism Themes, vol. 10, no. 4, Jan. 2018.
    Clarkson, Mary. Developing IT Staff: A Practical Approach. Springer Science & Business Media, 2012.
    "CNBC and SurveyMonkey Release Latest Small Business Survey Results." Momentive, 2019. Press Release. Accessed 6 Aug. 2020.
    Cselényi, Noémi. "Why Is It Important for Small Business Owners to Focus on Talent Management?" Jumpstart:HR | HR Outsourcing and Consulting for Small Businesses and Startups, 25 Mar. 2013.
    dsparks. "Top 10 IT Concerns for Small Businesses." Stratosphere Networks IT Support Blog - Chicago IT Support Technical Support, 16 May 2017.
    Duff, Jimi. "Why Small to Mid-Sized Businesses Need a System for Talent Management | Talent Management Blog | Saba Software." Saba, 17 Dec. 2018.
    Employment and Social Development Canada. "Age-Friendly Workplaces: Promoting Older Worker Participation." Government of Canada, 3 Oct. 2016.
    Exploring Workforce Planning. Accenture, 23 May 2017.
    "Five Major IT Challenges Facing Small and Medium-Sized Businesses." Advanced Network Systems. Accessed 25 June 2020.
    Harris, Evan. "IT Problems That Small Businesses Face." InhouseIT, 17 Aug. 2016.
    Heathfield, Susan. "What Every Manager Needs to Know About Succession Planning." Liveabout, 8 June 2020.
    ---. "Why Talent Management Is an Important Business Strategy." Liveabout, 29 Dec. 2019.
    Herbert, Chris. "The Top 5 Challenges Facing IT Departments in Mid-Sized Companies." ExpertIP, 25 June 2012.
    How Smaller Organizations Can Use Talent Management to Accelerate Growth. Avilar. Accessed 25 June 2020.
    Krishnan, TN, and Hugh Scullion. "Talent Management and Dynamic View of Talent in Small and Medium Enterprises." Human Resource Management Review, vol. 27, no. 3, Sept. 2017, pp. 431–41.
    Mann Jackson, Nancy. "Strategic Workforce Planning for Midsized Businesses." ADP, 6 Feb. 2017.
    McCandless, Karen. "A Beginner's Guide to Strategic Talent Management (2020)." The Blueprint, 26 Feb. 2020.
    McFeely, Shane, and Ben Wigert. "This Fixable Problem Costs U.S. Businesses $1 Trillion." Gallup.com, 13 Mar. 2019.
    Mihelič, Katarina Katja. Global Talent Management Best Practices for SMEs. Jan. 2020.
    Mohsin, Maryam. 10 Small Business Statistics You Need to Know in 2020 [May 2020]. 4 May 2020.
    Ramadan, Wael H., and B. Eng. The Influence of Talent Management on Sustainable Competitive Advantage of Small and Medium Sized Establishments. 2012, p. 15.
    Ready, Douglas A., et al. "Building a Game-Changing Talent Strategy." Harvard Business Review, no. January–February 2014, Jan. 2014.
    Reh, John. "Cross-Training Employees Strengthens Engagement and Performance." Liveabout, May 2019.
    Rennie, Michael, et al. McKinsey on Organization: Agility and Organization Design. McKinsey, May 2016.
    Roddy, Seamus. "The State of Small Business Employee Benefits in 2019." Clutch, 18 Apr. 2019.
    SHRM. "Developing Employee Career Paths and Ladders." SHRM, 28 Feb. 2020.
    Strandberg, Coro. Sustainability Talent Management: The New Business Imperative. Strandberg Consulting, Apr. 2015.
    Talent Management for Small & Medium-Size Businesses. Success Factors. Accessed 25 June 2020.
    "Top 10 IT Challenges Facing Small Business in 2019." Your IT Department, 8 Jan. 2019.
    "Why You Need Workforce Planning." Workforce.com, 24 Oct. 2022.

    Data and Analytics Trends 2023

    • Buy Link or Shortcode: {j2store}208|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy

    Data is a unique resource that keeps growing, presenting opportunities along the way. CIOs and IT leaders can use rapidly evolving technologies and capabilities to harness this data and its value for the organization.

    IT leaders must prepare their teams and operations with the right knowledge, capabilities, and strategies to make sure they remain competitive in 2023 and beyond. Nine trends that expand on the three common Vs of data – volume, velocity, and variety – can help guide the way.

    Focus on trends that align with your opportunities and challenges

    The path to becoming more competitive in a data-driven economy differs from one company to the next. IT leaders should use the data and analytics trends that align most with their organizational goals and can lead to positive business outcomes.

    1. Prioritize your investments: Conduct market analysis and prioritize the data and analytics investments that will be critical to your business.
    2. Build a robust strategy: Identify a clear path between your data vision and business outcomes to build a strategy that’s a good fit for your organization.
    3. Inspire practical innovation: Follow a pragmatic approach to implementing trends that range from data gravity and democratization to data monetization and augmented analytics.

    Data and Analytics Trends 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Data and Analytics Trends Report 2023 – A report that explores nine data use cases for emerging technologies that can improve on capabilities needed to compete in the data-driven economy.

    Data technologies are rapidly evolving. Understanding data's art of the possible is critical. However, to adapt to these upcoming data trends, a solid data management foundation is required. This report explores nine data trends based on the proven framework of data V's: Volume, Velocity, Variety, Veracity, Value, Virtue, Visualization, Virality, and Viscosity.

    • Data and Analytics Trends Report 2023
    [infographic]

    Further reading

    Data and Analytics Trends Report 2023

    SOONER OR LATER, YOU WILL BE IN THE DATA BUSINESS!

    Nine Data Trends for 2023

    In this report, we explore nine data use cases for emerging technologies that can improve on capabilities needed to compete in the data-driven economy. Use cases combine emerging data trends and modernization of existing capabilities.

    1. VOLUME
      • Data Gravity
    2. VELOCITY
    • Democratizing Real-Time Data
  • VARIETY
    • Augmented Data Management
  • VERACITY
    • Identity Authenticity
  • VALUE
    • Data Monetization
  • VIRTUE
    • Adaptive Data Governance
  • VISUALIZATION
    • AI-Driven Storytelling & Augmented Analytics
  • VIRALITY
    • Data Marketplace
  • VISCOSITY
    • DevOps – DataOps – XOps

    VOLUME

    Data Gravity

    Trend 01 Demand for storage and bandwidth continues to grow

    When organizations begin to prioritize data, they first consider the sheer volume of data, which will influence data system design. Your data systems must consider the existing and growing volume of data by assessing industry initiatives such as digital transformation, Industry 4.0, IoT, consumer digital footprint, etc.

    The largest data center in the world is a citadel in Reno, Nevada, that stretches over 7.2 million square feet!

    Source: Cloudwards, 2022

    IoT devices will generate 79.4 zettabytes of data
    by 2025.

    Source: IDC, 2019

    There were about 97
    zettabytes of data generated worldwide in 2022.

    Source: “Volume of Data,” Statista, 2022

    VOLUME

    Data Gravity

    Data attracts more data and an ecosystem of applications and services

    SharePoint, OneDrive, Google Drive, and Dropbox offer APIs and integration opportunities for developers to enhance their products.

    Social media platforms thought about this early by allowing for an ecosystem of filters, apps, games, and effects that engage their users with little to no additional effort from internal resources.

    The image contains four logos. SharePoint, OneDrive, Google Drive, and Dropbox.

    VOLUME

    Data Gravity

    Focus on data gravity and avoid cloud repatriation

    Data gravity is the tendency of data to attract applications, services, and other data. A growing number of cloud migration decisions will be made based on the data gravity concept. It will become increasingly important in data strategies, with failure potentially resulting in costly cloud repatriations.

    Emerging technologies and capabilities:

    Data Lakehouse, Data Mesh, Data Fabric, Hybrid Data, Cloud Data, Edge Computing

    47%

    Centralized cloud storage going down in 2 years

    		22%
    25%

    Hybrid storage (centralized + edge) going up in 2 years

    		47%

    Source: CIO, 2022

    VOLUME

    Data Gravity

    What worked for terabytes is ineffective for petabytes

    When compared to on-premises infrastructure, cloud computing is less expensive and easier to implement. However, poor data replication and data gravity can significantly increase cloud costs to the point of failure. Data gravity will help organizations make better cloud migration decisions.

    It is also critical to recognize changes in the industry landscape. The goal of data processing and analytics is to generate the right data for users to act on. In most cases, the user is a human being, but in the case of autonomous driving (AD), the car takes on the role of the user (DXC Technology).

    To avoid cloud repatriation, it will become prudent for all organizations to consider data gravity and the timing of cloud migration.

    The image contains a diagram on data gravity.

    VELOCITY

    Democratizing Real-Time Data

    Trend 02 Real-time analytics presents an important differentiator

    The velocity element of data can be assessed from two standpoints: the speed at which data is being generated and how fast the organization needs to respond to the incoming information through capture, analysis, and use. Traditionally data was processed in a batch format (all at once or in incremental nightly data loads). There is a growing demand to process data continuously using streaming data-processing techniques.

    Emerging technologies and capabilities:

    Edge Computing

    Google announced it has a quantum computer that is 100 million times faster than any classical computer in its lab.

    Source: Science Alert, 2015

    The number of qubits in quantum computers has been increasing dramatically, from 2 qubits in 1998 to 128 qubits in 2019.

    Source: Statista, 2019

    IBM released a 433-qubit quantum chip named Osprey in 2022 and expects to surpass 1,000 qubits with its next chip, Condor, in 2023.

    Source: Nature, 2023

    VELOCITY

    Democratizing Real-Time Data

    Make data accessible to everyone in real time

    • 90% of an organization’s data is replicated or redundant.
    • Build API and web services that allow for live access to data.
    • Most social media platforms, like Twitter and Facebook, have APIs that offer access to incredible amounts of data and insights.

    VELOCITY

    Democratizing Real-Time Data

    Trend in Data Velocity

    Data democratization means data is widely accessible to all stakeholders without bottlenecks or barriers. Success in data democratization comes with ubiquitous real-time analytics. Google highlights a need to address democratization in two different frames:

    1. Democratizing stream analytics for all businesses to ensure real-time data at the company level.
    2. Democratizing stream analytics for all personas and the ability of all users to generate real-time insights.

    Emerging technologies and capabilities:

    Data Lakehouse, Streaming API Ecosystem, Industry 4.0, Zero-Copy Cloning

    Nearly 70% of all new vehicles globally will be connected to the internet by 2023.

    Source: “Connected light-duty vehicles,” Statista, 2022

    VELOCITY

    Democratizing Real-Time Data

    Enable real-time processing with API

    In the past, data democratization has largely translated into a free data set and open data portals. This has allowed the government to freely share data with the public. Also, the data science community has embraced the availability of large data sets such as weather data, stock data, etc. In the future, more focus will be on the combination of IoT and steaming analytics, which will provide better responsiveness and agility.

    Many researchers, media companies, and organizations now have easy access to the Twitter/Facebook API platform to study various aspects of human behavior and sentiments. Large technology companies have already democratized their data using real-time APIs.

    Thousands of sources for open data are available at your local municipalities alone.

    6G will push Wi-Fi connectivity to 1 terabyte per second! This is expected to become commercially available by 2030.

    VARIETY

    Augmented Data Management

    Trend 03 Need to manage unstructured data

    The variety of data types is increasingly diverse. Structured data often comes from relational databases, while unstructured data comes from several sources such as photos, video, text documents, cell phones, etc. The variety of data is where technology can drive business value. However, unstructured data also poses a risk, especially for external data.

    The number of IoT devices could rise to 30.9 billion by 2025.

    Source: “IoT and Non-IoT Connections Worldwide,” Statista, 2022

    The global edge computing market is expected to reach $250.6 billion by 2024.

    Source: “Edge Computing,” Statista, 2022

    Genomics research is expected to generate between 2 and 40 exabytes of data within the next decade.

    Source: NIH, 2022

    VARIETY

    Augmented Data Management

    Employ AI to automate data management

    New tools will enhance many aspects of data management:

    • Data preparation, integration, cataloging, and quality
    • Metadata management
    • Master data management

    Enabling AI-assisted decision-making tools

    The image contains logos of the AI-assisted decision-making tools. Informatica, collibra, OCTOPAI.

    VARIETY

    Augmented Data Management

    Trend in Data Variety

    Augmented data management will enhance or automate data management capabilities by leveraging AI and related advanced techniques. It is quite possible to leverage existing data management tools and techniques, but most experts have recognized that more work and advanced patterns are needed to solve many complex data problems.

    Emerging technologies and capabilities:

    Data Factory, Data Mesh, Data Fabric, Artificial Intelligence, Machine Learning

    VARIETY

    Augmented Data Management

    Data Fabric vs. Data Mesh: The Data Journey continues at an accelerated pace

    Data Fabric

    Data Mesh

    Data fabric is an architecture that facilitates the end-to-end integration of various data pipelines and cloud environments using intelligent and automated systems. It’s a data integration pattern to unify disparate data systems, embed governance, strengthen security and privacy measures, and provide more data accessibility to workers and particularly to business users.

    The data mesh architecture is an approach that aligns data sources by business domains, or functions, with data owners. With data ownership decentralization, data owners can create data products for their respective domains, meaning data consumers, both data scientists and business users, can use a combination of these data products for data analytics and data science.

    More Unstructured Data

    95% of businesses cite the need to manage unstructured data as a problem for their business.

    VERACITY

    Identity Authenticity

    Trend 04 Veracity of data is a true test of your data capabilities

    Data veracity is defined as the accuracy or truthfulness of a data set. More and more data is created in semi-structured and unstructured formats and originates from largely uncontrolled sources (e.g. social media platforms, external sources). The reliability and quality of the data being integrated should be a top concern. The veracity of data is imperative when looking to use data for predictive purposes. For example, energy companies rely heavily on weather patterns to optimize their service outputs, but weather patterns have an element of unpredictability.

    Data quality affects overall labor productivity by as much as 20%, and 30% of operating expenses are due to insufficient data.

    Source: Pragmatic Works, 2017

    Bad data costs up to
    15% to 25% of revenue.

    Source: MIT Sloan Management Review, 2017

    VERACITY

    Identity Authenticity

    Veracity of data is a true test of your data capabilities

    • Stop creating your own identity architectures and instead integrate a tried-and-true platform.
    • Aim for a single source of truth for digital identity.
    • Establish data governance that can withstand scrutiny.
    • Imagine a day in the future where verified accounts on social media platforms are available.
    • Zero-trust architecture should be used.

    VERACITY

    Identity Authenticity

    Trend in Data Veracity

    Veracity is a concept deeply linked to identity. As the value of the data increases, a greater degree of veracity is required: We must provide more proof to open a bank account than to make friends on Facebook. As a result, there is more trust in bank data than in Facebook data. There is also a growing need to protect marginalized communities.

    Emerging technologies and capabilities:

    Zero Trust, Blockchain, Data Governance, IoT, Cybersecurity

    The image contains a screenshot of Info-Tech's blueprint slide on Zero Trust.

    VERACITY

    Identity Authenticity

    The identity discussion is no longer limited to people or organizations. The development of new technologies, such as the IoT phenomenon, will lead to an explosion of objects, from refrigerators to shipping containers, coming online as well. If all these entities start communicating with each other, standards will be needed to establish who or what they are.

    IDENTITY
    IS

    Age

    Gender

    Address

    Fingerprint

    Face

    Voice

    Irises

    IDENTITY
    KNOWS

    Password

    Passphrase

    PIN

    Sequence

    IDENTITY
    HAS

    Access badge

    Smartcard

    Security token

    Mobile phone

    ID document

    IDENTITY
    DOES

    Motor skills

    Handwriting

    Gestures

    Keystrokes

    Applications use

    The IoT market is expected to grow 18% to 14.4 billion in 2022 and 27 billion by 2025.

    Source: IoT Analytics, 2022

    VALUE

    Data Monetization

    Trend 05 Not Many organization know the true value of their data

    Data can be valuable if used effectively or dangerous if mishandled. The rise of the data economy has created significant opportunities but also has its challenges. It has become urgent to understand the value of data, which may vary for stakeholders based on their business model and strategy. Organizations first need to understand ownership of their data by establishing a data strategy, then they must improve data maturity by developing a deeper understanding of data value.

    94% of enterprises say data is essential to business growth.

    Source: Find stack, 2021

    VALUE

    Data Monetization

    Start developing your data business

    • Blockbuster ran its business well, but Netflix transformed the video rental industry overnight!
    • Big players with data are catching up fast.
    • You don’t have to be a giant to monetize data.
    • Data monetization is probably closer than you think.
    • You simply need to find it, catalog it, and deliver it.

    The image contains logos of companies related to data monetization as described in the text above. The companies are Amazon Prime, Netflix, Disney Plus, Blockbuster, and Apple TV.

    VALUE

    Data Monetization

    Trend in Data Value

    Data monetization is the transformation of data into financial value. However, this does not imply selling data alone. Monetary value is produced by using data to improve and upgrade existing and new products and services. Data monetization demands an organization-wide strategy for value development.

    Emerging technologies and capabilities:

    Data Strategy, Data Monetization Strategy, Data Products

    Netflix uses big data to save $1 billion per year on customer retention.

    Source: Logidots, 2021

    VALUE

    Data Monetization

    Data is a strategic asset

    Data is beyond currency, assets, or commodities and needs to be a category
    of its own.

    • Data always outlives people, processes, and technology. They all come and go while data remains.
    • Oil is a limited resource. Data is not. Unlike oil, data is likely to grow over time.
    • Data is likely to outlast all other current popular financial instruments, including currency, assets, or commodities.
    • Data is used internally and externally and can easily be replicated or combined.

    Data monetization is currently in the speculative territory, which is unacceptable. It should instead be guided by sound data management theory.

    VIRTUE

    Adaptive Data Governance

    Trend 06 Five Core Virtues: Resilience, Humility, Grit, Liberal Education, Empathy (Forbes, 2020)

    We have become more and more dependent on data, analytics, and organizational protection policies. Data virtue is about leveraging data securely and ethically. This topic has become more critical with the advent of GDPR, the right to be forgotten, and related regulations. Data governance, which seeks to establish an oversight framework that manages the creation, acquisition, integrity, security, compliance, and quality of data, is essential for any organization that makes decisions about data.

    Cultural obstacles are the greatest barrier to becoming data-driven, according to 91.9% of executives.

    Source: Harvard Business Review, 2022

    Fifty million Facebook profiles were harvested for Cambridge Analytica in a major data breach.

    Source: The Guardian, 2018

    VIRTUE

    Adaptive Data Governance

    Encourage noninvasive and automated data governance

    • Data governance affects the entire organization, not just data.
    • The old model for data governance was slow and clumsy.
    • Adaptive data governance encourages faster decision making and a more collaborative approach to governance.
    • Agile data governance allows for faster and more flexible decision making.
    • Automated data governance will simplify execution across the organization.
    • It is great for compliance, quality, impact tracking, and cross-referencing and offers independence to data users.

    VIRTUE

    Adaptive Data Governance

    Trend in Data Virtue

    Adaptive data governance encourages a flexible approach that allows an organization to employ multiple data governance strategies depending on changing business situations. The other aspect of adaptive data governance is moving away from manual (and often slow) data governance and toward aggressive automation.

    Emerging technologies and capabilities:

    AI-Powered Data Catalog and Metadata Management,
    Automated Data Policy Enforcement

    “To effectively meet the needs and velocity of digital organizations and modern practices, IT governance must be embedded and automated where possible to drive success and value.”

    Source: Valence Howden, Info-Tech Research Group

    “Research reveals that the combination of AI and big data technologies can automate almost 80% of all physical work, 70% of data processing, and 64% of data collection tasks.”

    Source: Forbes, 2021

    VIRTUE

    Data Governance Automation

    Simple and easy Data Governance

    Tools are not the ultimate answer to implementing data governance. You will still need to secure stakeholders' buy-in and engagement in the data process. Data governance automation should be about simplifying the execution of roles and responsibilities.

    “When you can see where your data governance strategy can be improved, it’s time to put in place automation that help to streamline processes.”

    Source: Nintex, 2021

    VISUALIZATION

    AI-Driven Storytelling & Augmented Analytics

    Trend 07 Automated and augmented data storytelling is not that far away

    Today, data storytelling is led by the user. It’s the manual practice of combining narrative with data to deliver insights in a compelling form to assist decision makers in engaging with data and analytics. A story backed by data is more easily consumed and understood than a dashboard, which can be overwhelming. However, manual data storytelling has some major shortcomings.

    Problem # 1: Telling stories on more than just the insights noticed by people

    Problem # 2: Poor data literacy and the limitations of manual self-service

    Problem # 3: Scaling data storytelling across the business

    VISUALIZATION

    AI-Driven Storytelling & Augmented Analytics

    Use AI to enhance data storytelling

    • Tableau, Power BI, and many other applications already use
      AI-driven analytics.
    • Power BI and SharePoint can use AI to generate visuals for any SharePoint list in a matter of seconds.

    VISUALIZATION

    AI-Driven Storytelling & Augmented Analytics

    Trend in Data Visualization

    AI and natural language processing will drive future visualization and data storytelling. These tools and techniques are improving rapidly and are now designed in a streamlined way to guide people in understanding what their data means and how to act on it instead of expecting them to do self-service analysis with dashboards and charts and know what to do next. Ultimately, being able to understand how to translate emotion, tropes, personal interpretation, and experience and how to tell what’s most relevant to each user is the next frontier for augmented and automated analytics

    Emerging technologies and capabilities:

    AI-Powered Data Catalog and Metadata Management,
    Automated Data Policy Enforcement

    VISUALIZATION

    Data Storytelling

    Augmented data storytelling is not that far away

    Emotions are a cornerstone of human intelligence and decision making. Mastering the art of storytelling is not easy.

    Industry experts predict the combination of data storytelling with augmented and automated techniques; these capabilities are more than capable of generating and automating parts of a data story’s creation for end users.

    The next challenge for AI is translating emotion, tropes, personal interpretation, and experience into what is most essential to end users.

    Source: Yellowfin, 2021

    VIRALITY

    Data Marketplace

    Trend 08 Missing data marketplace

    Data virality measures data spread and popularity. However, for data virality to occur, an ecosystem comparable to that of traditional or modern digital marketplaces is required. Organizations must reevaluate their data strategies to ensure investment in appropriate data domains by understanding data virality. Data virality is the exact opposite of dark data.

    Dark data is “all the information companies collect in their regular business processes, don’t use, have no plans to use, but will never throw out.”

    Source: Forbes, 2019

    VIRALITY

    Data Marketplace

    Make data easily accessible

    • Making data accessible to a broader audience is the key to successful virality.
    • Data marketplaces provide a location for you to make your data public.
    • Why do this? Contributing to public data marketplaces builds credibility, just like contributing to public GitHub projects.
    • Big players like Microsoft, Amazon, and Snowflake already do this!
    • Snowflake introduced zero-copy cloning, which allows users to interact with source data without compromising the integrity of the original source.

    The image contains the logos of Microsoft, Amazon, and Snowflake.

    VIRALITY

    Data Marketplace

    Trend in Data Virality

    The data marketplace can be defined as a dynamic marketplace where users decide what has the most value. Companies can gauge which data is most popular based on usage and decide where to invest. Users can shop for data products within the marketplace and then join these products with other ones they’ve created to launch truly powerful data-driven projects.

    Emerging technologies and capabilities:

    AI-Powered Data Catalog and Metadata Management,
    Automated Data Policy Enforcement

    The image contains a screenshot of Info-Tech's Data-as-a-Service (DaaS) Framework.

    “Data is like garbage. You’d better know what you are going to do with it before you collect it.”

    – Mark Twain

    VIRALITY

    Data Marketplace

    Journey from siloed data platforms to dynamic data marketplaces

    Data remains a complex topic due to many missing foundational components and infrastructure. Interoperability, security, quality, discoverability, speed, and ease are some of those missing foundational components that most organizations face daily.

    Data lacks an ecosystem that is comparable to those of traditional assets or commodities. Data must be available in open or closed data marketplaces to measure its value. These data marketplaces are still in their infancy.

    “Data markets are an important component of the data economy that could unleash the full potential of data generated by the digital economy and human activity in general.”

    Source: ITU Journal, 2018

    VISCOSITY

    DevOps – DataOps – XOps

    Trend 09 Increase efficiency by removing bottlenecks

    Compared to water, a fluid with a high viscosity flows more slowly, like honey. Data viscosity measures the resistance to flow in a volume of data. The data resistance may come from other Vs (variety, velocity, etc.).

    VISCOSITY

    DevOps – DataOps – XOps

    Increase efficiency by removing bottlenecks

    Consider XOps for a second. It makes no difference what X is. What's important is matching operational requirements to enterprise capabilities.

    • For example, Operations must meet the demands of Sales – hence SalesOps
      or S&Op.
    • Development resources must meet the demands of Operations – hence DevOps.
    • Finally, Data must also meet the demand of Operations.

    These Operations guys are demanding!!

    VISCOSITY

    DevOps – DataOps – XOps

    Trend in Data Viscosity

    The merger of development (Dev) and IT Operations (Ops) started in software development with the concept of DevOps. Since then, new Ops terms have formed rapidly (AIOps, MLOps, ModelOps, PlatformOps, SalesOps, SecOps, etc.). All these methodologies come from Lean manufacturing principles, which seek to identify waste by focusing on eliminating errors, cycle time, collaboration, and measurement. Buzzwords are distractions, and the focus must be on the underlying goals and principles. XOps goals should include the elimination of errors and improving efficiencies.

    Emerging technologies and capabilities:

    Collaborative Data Management, Automation Tools

    VISCOSITY

    DataOps → Data Observability

    Data observability, a subcomponent of DataOps, is a set of technical practices, cultural norms, and architecture that enables low error rates. Data observability focuses on error rates instead of only measuring data quality at a single point in time.

    Data Quality Dimensions

    • Uniqueness
    • Timeliness
    • Validity
    • Accuracy
    • Consistency

    ERROR RATES

    Lateness: Missing Your SLA

    System Processing Issues

    Code Change That Broke Something

    Data Quality

    What’s next? Go beyond the buzzwords.

    Avoid following trends solely for the sake of following them. It is critical to comprehend the concept and apply it to your industry. Every industry has its own set of problems and opportunities.

    Highlight the data trends (or lack thereof) that have been most beneficial to you in your organizations. Follow Info-Tech’s approach to building a data practice and platform to develop your data capabilities through the establishment of data goals.

    The image contains a screenshot of Info-Tech's Build Your Data Pracrice and Platform.

    Research Authors

    Rajesh Parab Chris Dyck

    Rajesh Parab

    Director, Research & Advisory

    Data and Analytics

    Chris Dyck

    Research Lead

    Data and Analytics

    “Data technologies are rapidly evolving. Understanding what’s possible is critical. Adapting to these upcoming data trends requires a solid data management foundation.”

    – Rajesh Parab

    Contributing Experts

    Carlos Thomas John Walsh

    Carlos Thomas

    Executive Counselor

    Info-Tech Research Group

    John Walsh

    Executive Counselor

    Info-Tech Research Group

    Bibliography

    Bean, Randy. “Why Becoming a Data-Driven Organization Is So Hard.” Harvard Business Review, 24 Feb. 2022. Accessed Oct. 2022.
    Brown, Annie. “Utilizing AI And Big Data To Reduce Costs And Increase Profits In Departments Across An Organization.” Forbes, 13 April 2021.
    Accessed Oct. 2022.
    Burciaga, Aaron. “Five Core Virtues For Data Science And Artificial Intelligence.” Forbes, 27 Feb. 2020. Accessed Aug. 2022.
    Cadwalladr, Carole, and Emma Graham-Harrison. “Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach.”
    The Guardian, 17 March 2018. Accessed Aug. 2022.
    Carlier, Mathilde. “Connected light-duty vehicles as a share of total vehicles in 2023.” Statista, 31 Mar. 2021. Accessed Oct. 2022.
    Carter, Rebekah. “The Ultimate List of Big Data Statistics for 2022.” Findstack, 22 May 2021. Accessed Oct. 2022.
    Castelvecchi, Davide. “Underdog technologies gain ground in quantum-computing race.” Nature, 6 Nov. 2023. Accessed Feb. 2023.
    Clark-Jones, Anthony, et al. “Digital Identity:” UBS, 2016. Accessed Aug 2022.
    “The Cost of Bad Data Infographic.” Pragmatic Works, 25 May 2017. Accessed Oct. 2022.
    Demchenko, Yuri, et al. “Data as Economic Goods: Definitions, Properties, Challenges, Enabling Technologies for Future Data Markets.“ ITU Journal: ICT Discoveries, Special Issue, no. 2, vol. 23, Nov. 2018. Accessed Aug 2022.
    Feldman, Sarah. ”20 Years of Quantum Computing Growth.” Statista, 6 May 2019. Accessed Oct. 2022.
    “Genomic Data Science.” NIH, National Human Genome Research Institute, 5 April 2022. Accessed Oct. 2022.

    Bibliography

    Hasbe, Sudhir, and Ryan Lippert. “The democratization of data and insights: making real-time analytics ubiquitous.” Google Cloud, 15 Jan. 2021.
    Accessed Aug. 2022.
    Helmenstine, Anne. “Viscosity Definition and Examples.” Science Notes, 3 Aug. 2021. Accessed Aug. 2022.
    “How data storytelling and augmented analytics are shaping the future of BI together.” Yellowfin, 19 Aug. 2021. Accessed Aug. 2022.
    “How Netflix Saves $1B Annually using AI?” Logidots, 24 Sept. 2021. Accessed Oct. 2022
    Hui, Kenneth. “The AWS Love/Hate Relationship with Data Gravity.” Cloud Architect Musings, 30 Jan. 2017. Accessed Aug 2022.
    ICD. “The Growth in Connected IoT Devices Is Expected to Generate 79.4ZB of Data in 2025, According to a New IDC Forecast.” Business Wire, 18 June 2019. Accessed Oct 2022.
    Internet of Things (IoT) and non-IoT active device connections worldwide from 2010 to 2025” Statista, 27 Nov. 2022. Accessed Nov. 2022.
    Koch, Gunter. “The critical role of data management for autonomous driving development.” DXC Technology, 2021. Accessed Aug. 2022.
    Morris, John. “The Pull of Data Gravity.” CIO, 23 Feb. 2022. Accessed Aug. 2022.
    Nield, David. “Google's Quantum Computer Is 100 Million Times Faster Than Your Laptop.” ScienceAlert, 9 Dec. 2015. Accessed Oct. 2022.
    Redman, Thomas C. “Seizing Opportunity in Data Quality.” MIT Sloan Management Review, 27 Nov. 2017. Accessed Oct. 2022.
    Segovia Domingo, Ana I., and Álvaro Martín Enríquez. “Digital Identity: the current state of affairs.” BBVA Research, 2018. Accessed Aug. 2022.

    Bibliography

    “State of IoT 2022: Number of connected IoT devices growing 18% to 14.4 billion globally.” IOT Analytics, 18 May 2022. Accessed. 14 Nov. 2022.
    Strod, Eran. “Data Observability and Monitoring with DataOps.” DataKitchen, 10 May 2021. Accessed Aug. 2022.
    Sujay Vailshery, Lionel. “Edge computing market value worldwide 2019-2025.” Statista, 25 Feb. 2022. Accessed Oct 2022.
    Sujay Vailshery, Lionel. “IoT and non-IoT connections worldwide 2010-2025.” Statista, 6 Sept. 2022. Accessed Oct. 2022.
    Sumina, Vladimir. “26 Cloud Computing Statistics, Facts & Trends for 2022.” Cloudwards, 7 June 2022. Accessed Oct. 2022.
    Taulli, Tom. “What You Need To Know About Dark Data.” Forbes, 27 Oct. 2019. Accessed Oct. 2022.
    Taylor, Linnet. “What is data justice? The case for connecting digital rights and freedoms globally.“ Big Data & Society, July-Dec 2017. Accessed Aug 2022.
    “Twitter: Data Collection With API Research Paper.” IvyPanda, 28 April 2022. Accessed Aug. 2022.
    “Using governance automation to reduce data risk.” Nintex, 15 Nov. 2021. Accessed Oct. 2022
    “Volume of data/information created, captured, copied, and consumed worldwide from 2010 to 2020, with forecasts from 2021 to 2025.” Statista, 8 Sept. 2022. Accessed Oct 2022.
    Wang, R. “Monday's Musings: Beyond The Three V's of Big Data – Viscosity and Virality.” Forbes, 27 Feb. 2012. Accessed Aug 2022.
    “What is a data fabric?” IBM, n.d. Accessed Aug 2022.
    Yego, Kip. “Augmented data management: Data fabric versus data mesh.” IBM, 27 April 2022. Accessed Aug 2022.

    Build an IT Risk Management Program

    • Buy Link or Shortcode: {j2store}192|cart{/j2store}
    • member rating overall impact: 8.3/10 Overall Impact
    • member rating average dollars saved: $31,532 Average $ Saved
    • member rating average days saved: 17 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • Risk is unavoidable. Without a formal program to manage IT risk, you may be unaware of your severest IT risks.
    • The business could be making decisions that are not informed by risk.
    • Reacting to risks AFTER they occur can be costly and crippling, yet it is one of the most common tactics used by IT departments.

    Our Advice

    Critical Insight

    • IT risk is business risk. Every IT risk has business implications. Create an IT risk management program that shares accountability with the business.

    Impact and Result

    • Transform your ad hoc IT risk management processes into a formalized, ongoing program, and increase risk management success.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest risks before they occur.
    • Involve key stakeholders including the business senior management team to gain buy-in and to focus on IT risks most critical to the organization.

    Build an IT Risk Management Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build an IT Risk Management Program – A holistic approach to managing IT risks within your organization and involving key business stakeholders.

    Gain business buy-in to understanding the key IT risks that could negatively impact the organization and create an IT risk management program to properly identify, assess, respond, monitor, and report on those risks.

    • Build an IT Risk Management Program – Phases 1-3

    2. Risk Management Program Manual – A single source of truth for the risk management program to exist and be updated to reflect changes.

    Leverage this Risk Management Program Manual to ensure that the decisions around how IT risks will be governed and managed can be documented in a single source accessible by those involved.

    • Risk Management Program Manual

    3. Risk Register & Risk Costing Tool – A set of tools to document identified risk events. Assess each risk event and consider the appropriate response based on your organization’s threshold for risk.

    Engage these tools in your organization if you do not currently have a GRC tool to document risk events as they relate to the IT function. Consider the best risk response to high severity risk events to ensure all possible situations are considered.

    • Risk Register Tool
    • Risk Costing Tool

    4. Risk Event Action Plan and Risk Report – A template to document the chosen risk responses and ensure accountable owners agree on selected response method.

    Establish clear guidelines and responses to risk events that will leave your organization vulnerable to unwanted threats. Ensure risk owners have agreed to the risk responses and are willing to take accountability for that response.

    • Risk Event Action Plan
    • Risk Report

    Infographic

    Workshop: Build an IT Risk Management Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Review IT Risk Fundamentals and Governance

    The Purpose

    To assess current risk management maturity, develop goals, and establish IT risk governance.

    Key Benefits Achieved

    Identified obstacles to effective IT risk management.

    Established attainable goals to increase maturity.

    Clearly laid out risk management accountabilities and responsibilities for IT and business stakeholders.

    Activities

    1.1 Assess current program maturity

    1.2 Complete RACI chart

    1.3 Create the IT risk council

    1.4 Identify and engage key stakeholders

    1.5 Add organization-specific risk scenarios

    1.6 Identify risk events

    Outputs

    Maturity Assessment

    Risk Management Program Manual

    Risk Register

    2 Identify IT Risks

    The Purpose

    Identify and assess all IT risks.

    Key Benefits Achieved

    Created a comprehensive list of all IT risk events.

    Risk events prioritized according to risk severity – as defined by the business.

    Activities

    2.1 Identify risk events (continued)

    2.2 Augment risk event list using COBIT 5 processes

    2.3 Determine the threshold for (un)acceptable risk

    2.4 Create impact and probability scales

    2.5 Select a technique to measure reputational cost

    2.6 Conduct risk severity level assessment

    Outputs

    Finalized List of IT Risk Events

    Risk Register

    Risk Management Program Manual

    3 Identify IT Risks (continued)

    The Purpose

    Prioritize risks, establish monitoring responsibilities, and develop risk responses for top risks.

    Key Benefits Achieved

    Risk monitoring responsibilities are established.

    Risk response strategies have been identified for all key risks.

    Activities

    3.1 Conduct risk severity level assessment

    3.2 Document the proximity of the risk event

    3.3 Conduct expected cost assessment

    3.4 Develop key risk indicators (KRIs) and escalation protocols

    3.5 Root cause analysis

    3.6 Identify and assess risk responses

    Outputs

    Risk Register

    Risk Management Program Manual

    Risk Event Action Plans

    4 Monitor, Report, and Respond to IT Risk

    The Purpose

    Assess and select risk responses for top risks and effectively communicate recommendations and priorities to the business.

    Key Benefits Achieved

    Thorough analysis has been conducted on the value and effectiveness of risk responses for high severity risk events.

    Authoritative risk response recommendations can be made to senior leadership.

    A finalized Risk Management Program Manual is ready for distribution to key stakeholders.

    Activities

    4.1 Identify and assess risk responses

    4.2 Risk response cost-benefit analysis

    4.3 Create multi-year cost projections

    4.4 Review techniques for embedding risk management in IT

    4.5 Finalize the Risk Report and Risk Management Program Manual

    4.6 Transfer ownership of risk responses to project managers

    Outputs

    Risk Report

    Risk Management Program Manual

    Further reading

    Build an IT Risk Management Program

    Mitigate the IT risks that could negatively impact your organization.

    Table of Contents

    3 Executive Brief

    4 Analyst Perspective

    5 Executive Summary

    19 Phase 1: Review IT Risk Fundamentals & Governance

    43 Phase 2: Identify and Assess IT Risk

    74 Phase 3: Monitor, Communicate, and Respond to IT Risk

    102 Appendix

    108 Bibliography

    Build an IT Risk Management Program

    Mitigate the IT risks that could negatively impact your organization.

    EXECUTIVE BRIEF

    Analyst Perspective

    Siloed risks are risky business for any enterprise.

    Photo of Valence Howden, Principal Research Director, CIO Practice.
    Valence Howden
    Principal Research Director, CIO Practice    		 Photo of Brittany Lutes, Senior Research Analyst, CIO Practice.
    Brittany Lutes
    Senior Research Analyst, CIO Practice

    Risk is an inherent part of life but not very well understood or executed within organizations. This has led to risk being avoided or, when it’s implemented, being performed in isolated siloes with inconsistencies in understanding of impact and terminology.

    Looking at risk in an integrated way within an organization drives a truer sense of the thresholds and levels of risks an organization is facing – making it easier to manage and leverage risk while reducing risks associated with different mitigation responses to the same risk events.

    This opens the door to using risk information – not only to prevent negative impacts but as a strategic differentiator in decision making. It helps you know which risks are worth taking, driving strong positive outcomes for your organization.

    Executive Summary

    Your Challenge

    IT has several challenges when it comes to addressing risk management:

    • Risk is unavoidable. Without a formal program to manage IT risk, you may be unaware of your severest IT risks.
    • The business could be making decisions that are not informed by risk.
    • Reacting to risks after they occur can be costly and crippling, yet it is one of the most common tactics used by IT departments.

    Common Obstacles

    Many IT organizations realize these obstacles:

    • IT risks and business risks are often addressed separately, causing inconsistencies in the approach.
    • Security risk receives such a high profile that it often eclipses other important IT risks, leaving the organization vulnerable.
    • Failing to include the business in IT risk management leaves IT leaders too accountable; the business must have accountability as well.

    Info-Tech’s Approach

    • Transform your ad hoc IT risk management processes into a formalized, ongoing program and increase risk management success.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest risks before they occur.
    • Involve key stakeholders, including the business senior management team, to gain buy-in and to focus on the IT risks most critical to the organization.

    Info-Tech Insight

    IT risk is business risk. Every IT risk has business implications. Create an IT risk management program that shares accountability with the business.

    Ad hoc approaches to managing risk fail because…

    If you are like the majority of IT departments, you do not have a consistent and comprehensive strategy for managing IT risk.

    1. Ad hoc risk management is reactionary.
    2. Ad hoc risk management is often focused only on IT security.
    3. Ad hoc risk management lacks alignment with business objectives.

    The results:

    • Increased business risk exposure caused by a lack of understanding of the impact of IT risks on the business.
    • Increased IT non-compliance, resulting in costly settlements and fines.
    • IT audit failure.
    • Ineffective management of risk caused by poor risk information and wrong risk response decisions.
    • Increased unnecessary and avoidable IT failures and fixes.

    58% of organizations still lack a systematic and robust method to actually report on risks (Source: AICPA, 2021)

    Data is an invaluable asset – ensure it’s protected

    Case Studies

    Logo for Cognyte.

    Cognyte, a vendor hired to be a cybersecurity analytics company, had over five billion records exposed in Spring 2021. The data was compromised for four days, providing attackers with plenty of opportunities to obtain personally identifying information. (SecureBlink., 2021 & Security Magazine, 2021)

    Logo for Facebook.

    Facebook, the world’s largest social media giant, had over 533 million Facebook users’ personal data breached when data sets were able to be cross-listed with one another. (Business Insider, 2021 & Security Magazine, 2021)

    Logo for MGM Resorts.

    In 2020, over 10.6 million customers experienced some sort of data being accessible, with 1,300 having serious personally identifying information breached. (The New York Times, 2020)

    Risk management is a business enabler

    Formalize risk management to increase your likelihood of success.

    By identifying areas of risk exposure and creating solutions proactively, obstacles can be removed or circumvented before they become a real problem.

    A certain amount of risk is healthy and can stimulate innovation:

    • A formal risk management strategy doesn’t mean trying to mitigate every possible risk; it means exposing the organization to the right amount of risk.
    • Taking a formal risk management approach allows an organization to thoughtfully choose which risks it is willing to accept.
    • Organizations with high risk management maturity will vault themselves ahead of the competition because they will be aware of which risks to prepare for, which risks to ignore, and which risks to take.

    Only 12% of organizations are using risk as a strategic tool most or all of the time (Source: AICPA, 2021)

    IT risk is enterprise risk

    Accountability for IT risks and the decisions made to address them should be shared between IT and the business.

    Multiple types of risk, 'Finance', 'IT', 'People', and 'Digital', funneling into 'ENTERPRISE RISKS'. IT risks have a direct and often aggregated impact on enterprise risks and opportunities in the same way other business risks can. This relationship must be understood and addressed through integrated risk management to ensure a consistent approach to risk.

    Follow the steps of this blueprint to build or optimize your IT risk management program

    Cycle of 'Goverance' beginning with '1. Identify', '2. Assess', '3. Respond', '4. Monitor', '5. Report'.

    Start Here

    		 PHASE 1
    Review IT Risk Fundamentals and Governance
    		 PHASE 2
    Identify and Assess IT Risk
    		 PHASE 3
    Monitor, Report, and Respond to IT Risk

    1.1

    Review IT Risk Management Fundamentals

    1.2

    Establish a Risk Governance Framework

    2.1

    Identify IT Risks

    2.2

    Assess and Prioritize IT Risks

    3.1

    Monitor IT Risks and Develop Risk Responses

    3.2

    Report IT Risk Priorities

    Integrate Risk and Use It to Your Advantage

    Accelerate and optimize your organization by leveraging meaningful risk data to make intelligent enterprise risk decisions.

    Risk management is more than checking an audit box or demonstrating project due diligence.

    Risk Drivers
    • Audit & compliance
    • Preserve value & avoid loss
    • Previous risk impact driver
    • Major transformation
    • Strategic opportunities
    		 Arrow pointing right. Only 7% of organizations are in a “leading” or “aspirational” level of risk maturity. (OECD, 2021) 63% of organizations struggle when it comes to defining their appetite toward strategy related risks. (“Global Risk Management Survey,” Deloitte, 2021) Late adopters of risk management were 70% more likely to use instinct over data or facts to inform an efficient process. (Clear Risk, 2020) 55% of organizations have little to no training on ERM to properly implement such practices. (AICPA, NC State Poole College of Management, 2021)
    1. Assess Enterprise Risk Maturity 3. Build a Risk Management Program Plan 4. Establish Risk Management Processes 5. Implement a Risk Management Program
    2. Determine Authority with Governance
    Unfortunately, less than 50% of those in risk focused roles are also in a governance role where they have the authority to provide risk oversight. (Governance Institute of Australia, 2020)
    IT can improve the maturity of the organization’s risk governance and help identify risk owners who have authority and accountability.

    Governance and related decision making is optimized with integrated and aligned risk data.

    		 List of 'Integrated Risk Maturity Categories': '1. Context & Strategic Direction', '2. Risk Culture and Authority', '3. Risk Management Process', and '4. Risk Program Optimization'. The five types of a risk in 'Enterprise Risk Management (ERM)': 'IT', 'Security', 'Digital', 'Vendor/TPRM', and 'Other'.

    ERM incorporates the different types of risk, including IT, security, digital, vendor, and other risk types.

    The program plan is meant to consider all the major risk types in a unified approach.

    		 The 'Risk Process' cycle starting with '1. Identify', '2. Assess', '3. Respond', '4. Monitor', '5. Report', and back to the beginning. Implementation of an integrated risk management program requires ongoing access to risk data by those with decision making authority who can take action.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Risk Management Program Manual

    Use the tools and activities in each phase of the blueprint to create a comprehensive, customized program manual for the ongoing management of IT risk.

    Sample of the key deliverable, Risk Manangement Program Fund.    		 Integrated Risk Maturity Assessment

    Assess the organization's current maturity and readiness for integrated risk management (IRM).

    		 Sample of the Integrated Risk Maturity Assessment blueprint. Centralized Risk Register

    The repository for all the risks that have been identified within your environment.

    		 Sample of the Centralized Risk Register blueprint.
    Risk Costing Tool

    A potential cost-benefit analysis of possible risk responses to determine a good method to move forward.

    		 Sample of the Risk Costing Tool blueprint. Risk Report & Risk Event Action Plan

    A method to report risk severity and hold risk owners accountable for chosen method of responding.

    		 Samples of the Risk Report & Risk Event Action Plan blueprints.

    Benefit from industry-leading best practices

    As a part of our research process, we used the COSO, ISO 31000, and COBIT 2019 frameworks. Contextualizing IT risk management within these frameworks ensured that our project-focused approach is grounded in industry-leading best practices for managing IT risk.

    Logo for COSO.

    COSO’s Enterprise Risk Management — Integrating with Strategy and Performance addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment. (COSO)

    Logo for ISO.

    ISO 31000
    Risk Management can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats, and effectively allocate and use resources for risk treatment. (ISO 31000)

    Logo for COBIT.

    COBIT 2019’s IT functions were used to develop and refine our Ten IT Risk Categories used in our top-down risk identification methodology. (COBIT 2019)

    Abandon ad hoc risk management

    A strong risk management foundation is valuable when building your IT risk management program.

    This research covers the following IT risk fundamentals:

    • Benefits of formalized risk management
    • Key terms and definitions
    • Risk management within ERM
    • Risk management independent of ERM
    • Four key principles of IT risk management
    • Importance of a risk management program manual
    • Importance of buy-in and support from the business

    Drivers of Formalized Risk Management:
    Drivers External to IT
    External Audit Internal Audit
    Mandated by ERM
    Occurrence of Risk Event
    Demonstrating IT’s value to the business Proactive initiative
    Emerging IT risk awareness
    Grassroots Drivers

    Blueprint benefits

    IT Benefits

    • Increased on-time, in-scope, and on-budget completion of IT projects.
    • Meet the business’ service requirements.
    • Improved satisfaction with IT by senior leadership and business units.
    • Fewer resources wasted on fire-fighting.
    • Improved availability, integrity, and confidentiality of sensitive data.
    • More efficient use of resources.
    • Greater ability to respond to evolving threats.

    Business Benefits

    • Reduced operational surprises or failures.
    • Improved IT flexibility when responding to risk events and market fluctuations.
    • Reduced budget uncertainty.
    • Improved ability to make decisions when developing long-term strategies.
    • Improved stakeholder and shareholder confidence.
    • Achieved compliance with external regulations.
    • Competitive advantage over organizations with immature risk management practices.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 6 to 8 calls over the course of 3 to 6 months.

    What does a typical GI on this topic look like?

      Phase 1

    • Call #1: Assess current risk maturity and organizational buy-in.
    • Call #2: Establish an IT risk council and determine IT risk management program goals.

      • Phase 2

    • Call #3: Identify the risk categories used to organize risk events.
    • Call #4: Identify the threshold for risk the organization can withstand.

      • Phase 3

    • Call #5: Create a method to assess risk event severity.
    • Call #6: Establish a method to monitor priority risks and consider possible risk responses.
    • Call #7: Communicate risk priorities to the business and implement risk management plan.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Review IT Risk Fundamentals and Governance

    1.1 Assess current program maturity

    1.2 Complete RACI chart

    1.3 Create the IT risk council

    1.4 Identify and engage key stakeholders

    1.5 Add organization-specific risk scenarios

    1.6 Identify risk events
    Identify IT Risks

    2.1 Identify risk events (continued)

    2.2 Augment risk event list using COBIT5 processes

    2.3 Determine the threshold for (un)acceptable risk

    2.4 Create impact and probability scales

    2.5 Select a technique to measure reputational cost

    2.6 Conduct risk severity level assessment
    Assess IT Risks

    3.1 Conduct risk severity level assessment

    3.2 Document the proximity of the risk event

    3.3 Conduct expected cost assessment

    3.4 Develop key risk indicators (KRIs) and escalation protocols

    3.5 Perform root cause analysis

    3.6 Identify and assess risk responses
    Monitor, Report, and Respond to IT Risk

    4.1 Identify and assess risk responses

    4.2 Risk response cost-benefit analysis

    4.3 Create multi-year cost projections

    4.4 Review techniques for embedding risk management in IT

    4.5 Finalize the Risk Report and Risk Management Program Manual

    4.6 Transfer ownership of risk responses to project managers
    Next Steps and Wrap-Up (offsite)

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps
    Outcomes
    1. Maturity Assessment
    2. Risk Management Program Manual
    1. Finalized List of IT Risk Events
    2. Risk Register
    3. Risk Management Program Manual
    1. Risk Register
    2. Risk Event Action Plans
    3. Risk Management Program Manual
    1. Risk Report
    2. Risk Management Program Manual
    1. Workshop Report
    2. Risk Management Program Manual

    Build an IT Risk Management Program

    Phase 1

    Review IT Risk Fundamentals and Governance

    Phase 1

    • 1.1 Review IT Risk Management Fundamentals
    • 1.2 Establish a Risk Governance Framework
      •

    Phase 2

    • 2.1 Identify IT Risks
    • 2.2 Assess and Prioritize IT Risks

    Phase 3

    • 3.1 Develop Risk Responses and Monitor IT Risks
    • 3.2 Report IT Risk Priorities

    This phase will walk you through the following activities:

    • Gain buy-in from senior leadership
    • Assess current program maturity
    • Identify obstacles and pain points
    • Determine the risk culture of the organization
    • Develop risk management goals
    • Develop SMART project metrics
    • Create the IT risk council
    • Complete a RACI chart

    This phase involves the following participants:

    • IT executive leadership
    • Business executive leadership

    Step 1.1

    Review IT Risk Management Fundamentals

    Activities
    • 1.1.1 Gain buy-in from senior leadership
    • 1.1.2 Assess current program maturity

    This step involves the following participants:

    • IT executive leadership
    • Business executive leadership

    Outcomes of this step

    • Reviewed key IT principles and terminology
    • Gained understanding of the relationship between IT risk management and ERM
    • Introduced to Info-Tech’s IT Risk Management Framework
    • Obtained the support of senior leadership
    Step 1.1 Step 1.2

    Effective IT risk management is possible with or without ERM

    Whether or not your organization has ERM, integrating your IT risk management program with the business is possible.

    Most IT departments find themselves in one of these two organizational frameworks for managing IT risk:

    Core Responsibilities With an ERM Without an ERM
    • Risk Decision-Making Authority
    • Final Accountability
    		 Senior Leadership Team Senior Leadership Team
    • Risk Governance
    • Risk Prioritization & Communication
    		 ERM IT Risk Management
    • Risk Identification
    • Risk Assessment
    • Risk Monitoring
    		 IT Risk Management
    Pro: IT’s risk management responsibilities are defined (assessment schedules, escalation and reporting procedures).
    Con: IT may lack autonomy to implement IT risk management best practices.    		 Pro: IT is free to create its own IT risk council and develop customized processes that serve its unique needs.
    Con: Lack of clear reporting procedures and mechanisms to share accountability with the business.

    Info-Tech’s IT risk management framework walks you through each step to achieve risk readiness

    IT Risk Management Framework

    Risk Governance
    • Optimize Risk Management Processes
    • Assess Risk Maturity
    • Measure the Success of the Program
    		 A cycle surrounds the words 'Business Objectives', referring to the surrounding lists. On the top half is 'Communication', and the bottom is 'Monitoring'. Risk Identification
    • Engage Stakeholder Participation
    • Use Risk Identification Frameworks
    • Compile IT-Related Risks
    Risk Response
    • Establish Monitoring Responsibilities
    • Perform Cost-Benefit Analysis
    • Report Risk Response Actions
    		 Risk Assessment
    • Establish Thresholds for Unacceptable Risk
    • Calculate Expected Cost
    • Determine Risk Severity & Prioritize IT Risks

    Effective IT risk management benefits

    Obtain the support of the senior leadership team or IT steering committee by communicating how IT risk impacts their priorities.

    Risk management benefits To engage the business...
    IT is compliant with external laws and regulations. Identify the industry or legal legislation and regulations your organization abides by.
    IT provides support for business compliance. Find relevant business compliance issues, and relate compliance failures to cost.
    IT regularly communicates costs, benefits, and risks to the business. Acknowledge the number of times IT and the business miscommunicate critical information.
    Information and processing infrastructure are very secure. Point to past security breaches or potential vulnerabilities in your systems.
    IT services are usually delivered in line with business requirements. Bring up IT services that the business was unsatisfied with. Explain that their inputs in identifying risks are correlated with project quality.
    IT related business risks are managed very well. Make it clear that with no risk tracking process, business processes become exposed and tend to slow down.
    IT projects are completed on time and within budget. Point out late or over-budget projects due to the occurrence of unforeseen risks.

    1.1.1 Gain buy-in from senior leadership

    1-4 hours

    Input: List of IT personnel and business stakeholders

    Output: Buy-in from senior leadership for an IT risk management program

    Materials: Risk Management Program Manual

    Participants: IT executive leadership, Business executive leadership

    The resource demands of IT risk management will vary from organization to organization. Here are typical requirements:

    • Occasional participation of key IT personnel and select business stakeholders in IT risk council meetings (e.g. once every two weeks).
    • Periodic risk assessments (e.g. 4 days, twice a year).
    • IT personnel must take on risk monitoring responsibilities (e.g. 1-4 hours per week).
    • Record the results in the Program Manual sections 3.3, 3.4 and 3.5.

    Record the results in the Risk Management Program Manual.

    Integrated Risk Maturity Assessment

    The purpose of the Integrated Risk Maturity Assessment is to assess the organization's current maturity and readiness for integrated risk management (IRM)

    Frequently and continually assessing your organization’s maturity toward integrated risk ensures the right risk management program can be adopted by your organization.

    Integrated Risk Maturity Assessment
    A simple tool to understand if your organization is ready to embrace integrated risk management by measuring maturity across four key categories: Context & Strategic Direction, Risk Culture & Authority, Risk Management Process, and Risk Program Optimization.    		 Sample of the Integrated Risk Maturity Assessment deliverable.

    Use the results from this integrated risk maturity assessment to determine the type of risk management program that can and should be adopted by your organizations.

    Some organizations will need to remain siloed and focused on IT risk management only, while others will be able to integrate risk-related information to start enabling automatic controls that respond to this data.

    1.1.2 Assess current program maturity

    1-4 hours

    Input: List of IT personnel and business stakeholders

    Output: Maturity scores across four key risk categories

    Materials: Integrated Risk Maturity Assessment Tool

    Participants: IT executive leadership, Business executive leadership

    This assessment is intended for frequent use; process completeness should be re-evaluated on a regular basis.

    How to Use This Assessment:

    1. Download the Integrated Risk Management Maturity Assessment Tool.
    2. Tab 2, "Data Entry:" This is a qualitative assessment of your integrated risk management process and is organized by the categories of integrated risk maturity. You will be asked to rate the extent to which you are executing the activities required to successfully complete each phase of the assessment. Use the drop-down menus provided to select the appropriate level of execution for each activity listed.
    3. Tab 3, "Results:" This tab will display your rate of IRM completeness/maturity. You will receive a score for each category as well as an overall score. The results will be displayed numerically, by percentage, and graphically.

    Record the results in the Integrated Risk Maturity Assessment.

    Integrated Risk Maturity Categories

    		 Semi-circle with colored points indicating four categories.

    1

    		Context & Strategic Direction Understanding of the organization’s main objectives and how risk can support or enhance those objectives.

    2

    		Risk Culture and Authority Examine if risk-based decisions are being made by those with the right level of authority and if the organization’s risk appetite is embedded in the culture.

    3

    		Risk Management Process Determine if the current process to identify, assess, respond to, monitor, and report on risks is benefitting the organization.

    4

    		Risk Program Optimization Consider opportunities where risk-related data is being gathered, reported, and used to make informed decisions across the enterprise.

    Step 1.2

    Establish a Risk Governance Framework

    Activities
    • 1.2.1 Identify pain points/obstacles and opportunities
    • 1.2.2 Determine the risk culture of the organization
    • 1.2.3 Develop risk management goals
    • 1.2.4 Develop SMART project metrics
    • 1.2.5 Create the IT risk council
    • 1.2.6 Complete a RACI chart

    This step involves the following participants:

    • IT executive leadership
    • Business executive leadership

    Outcomes of this step

    • Developed goals for the risk management program
    • Established the IT risk council
    • Assigned accountability and responsibility for risk management processes

    Review IT Risk Fundamentals and Governance

    Step 1.1 Step 1.2

    Create an IT risk governance framework that integrates with the business

    Follow these best practices to make sure your requirements are solid:

    1. Self-assess your current approach to IT risk management.
    2. Identify organizational obstacles and set attainable risk management goals.
    3. Track the effectiveness and success of the program using SMART risk management metrics.
    4. Establish an IT risk council tasked with managing IT risk.
    5. Set clear risk management accountabilities and responsibilities for IT and business stakeholders.

    Key metrics for your IT risk governance framework

    Challenges:
    • Key stakeholders are left out or consulted once risks have already occurred.
    • Failure to employ consistent risk identification methodologies results in omitted and unknown risks.
    • Risk assessments do not reflect organizational priorities and may not align with thresholds for acceptable risk.
    • Risk assessment occurs sporadically or only after a major risk event has already occurred.
    		 Key metrics:
    • Number of risk management processes done ad hoc.
    • Frequency that IT risk appears as an agenda item at IT steering committee meetings.
    • Percentage of IT employees whose performance evaluations reflect risk management objectives.
    • Percentage of IT risk council members who are trained in risk management activities.
    • Number of open positions in the IT risk council.
    • Cost of risk management program operations per year.

    Info-Tech Insight

    Metrics provide the foundation for determining the success of your IT risk management program and ensure ongoing funding to support appropriate risk responses.

    IT risk management success factors

    Support and sponsorship from senior leadership

    IT risk management has more success when initiated by a member of the senior leadership team or the board, rather than emerging from IT as a grassroots initiative.

    Sponsorship increases the likelihood that risk management is prioritized and receives the necessary resources and attention. It also ensures that IT risk accountability is assumed by senior leadership.

    		 Risk culture and awareness

    A risk-aware organizational culture embraces new policies and processes that reflect a proactive approach to risk.

    An organization with a risk-aware culture is better equipped to facilitate communication vertically within the organization.

    Risk awareness can be embedded by revising job descriptions and performance assessments to reflect IT risk management responsibilities.

    		 Organization size

    Smaller organizations can often institute a mature risk management program much more quickly than larger organizations.

    It is common for key personnel within smaller organizations to be responsible for multiple roles associated with risk management, making it easier to integrate IT and business risk management.

    Larger organizations may find it more difficult to integrate a more complex and dispersed network of individuals responsible for various risk management responsibilities.

    1.2.1 Identify obstacles and pain points

    1-4 hours

    Input: Integrated Risk Maturity Assessment

    Output: Obstacles and pain points identified

    Materials: IT Risk Management Success Factors

    Participants: IT executive leadership, Business executive leadership

    Anticipate potential challenges and “blind spots” by determining which success factors are missing from your current situation.

    Instructions:

    1. List the potential obstacles and missing success factors that you must overcome to effectively manage IT risk and build a risk management program.
    2. Consider some opportunities that could be leveraged to increase the success of this program.
    3. Use this list in Activity 1.2.3 to develop program goals.

    Risk Management

    Replace the example pain points and opportunities with real scenarios in your organization.

    Pain Points/Obstacles
    • Lack of leadership buy-in
    • Skills and understanding around risk management within IT
    • Skills and understanding around risk management within the organization
    • Lack of a defined risk management posture
    		 Opportunities
    • Changes in regulations related to risk
    • Organization moving toward an integrated risk management program
    • Ability to leverage lessons learned from similar companies
    • Strong process management and adherence to policies by employees in the organization

    1.2.2 Determine the risk culture of your organization

    1-3 hours

    Determine how your organization fits the criteria listed below. Descriptions and examples do not have to match your organization perfectly.

    Risk Tolerant
    • You have no compliance requirements.
    • You have no sensitive data.
    • Customers do not expect you to have strong security controls.
    • Revenue generation and innovative products take priority and risk is acceptable.
    • The organization does not have remote locations.
    • It is likely that your organization does not operate within the following industries:
      • Finance
      • Health care
      • Telecom
      • Government
      • Research
      • Education
    		 Moderate
    • You have some compliance requirements, e.g.:
      • HIPAA
      • PIPEDA
    • You have sensitive data, and are required to retain records.
    • Customers expect strong security controls.
    • Information security is visible to senior leadership.
    • The organization has some remote locations.
    • Your organization most likely operates within the following industries:
      • Government
      • Research
      • Education
    		 Risk Averse
    • You have multiple, strict compliance and/or regulatory requirements.
    • You house sensitive data, such as medical records.
    • Customers expect your organization to maintain strong and current security controls.
    • Information security is highly visible to senior management and public investors.
    • The organization has multiple remote locations.
    • Your organization operates within the following industries:
      • Finance
      • Healthcare
      • Telecom

    Be aware of the organization’s attitude towards risk

    Risk culture is an organization’s attitude towards taking risks. This attitude manifests itself in two ways:

    One element of risk culture is what levels of risk the organization is willing to accept to pursue its objectives and what levels of risk are deemed unacceptable. This is often called risk appetite.
    Risk tolerant

    Risk-tolerant organizations embrace the potential of accelerating growth and the attainment of business objectives by taking calculated risks.

    		 Risk averse

    Risk-averse organizations prefer consistent, gradual growth and goal attainment by embracing a more cautious stance toward risk.
    The other component of risk culture is the degree to which risk factors into decision making.
    Risk conscious

    Risk-conscious organizations place a high priority on being aware of all risks impacting business objectives, regardless of whether they choose to accept or respond to those risks.

    		 Unaware

    Organizations that are largely unaware of the impact of risk generally believe there are few major risks impacting business objectives and choose to invest resources elsewhere.

    Info-Tech Insight

    Organizations typically fall in the middle of these spectrums. While risk culture will vary depending on the industry and maturity of the organization, a culture with a balanced risk appetite that is extremely risk conscious is able to make creative, dynamic decisions with reasonable limits placed on risk-related decision making.

    1.2.3 Develop goals for the IT risk management program

    1-4 hours

    Input: Integrated Risk Maturity Assessment, Risk Culture, Pain Points and Opportunities

    Output: Goals for the IT risk management program

    Materials: Risk Management Program Manual

    Participants: IT executive leadership, Business executive leadership

    Translate your maturity assessment and knowledge about organizational risk culture, potential obstacles, and success factors to develop goals for your IT risk management program.

    Instructions:

    1. In the Risk Management Program Manual, revise, replace, or add to the high-level goals provided in section 2.4.
    2. Make sure that you have three to five high-level goals that reflect the current and targeted maturity of IT risk management processes.
    3. Integrate potential obstacles, pain points, and insights from the organization’s risk culture.

    Record the results in the Risk Management Program Manual.

    1.2.4 Develop SMART project metrics

    1-3 hours

    Create metrics for measuring the success of the IT risk management program.

    Ensure that all success metrics are SMART Instructions
    1. Document a list of appropriate metrics to assess the success of the IT risk management program on a whiteboard.
    2. Use the sample metrics listed in the table on the next slide as a starting point.
    3. Fill in the chart to indicate the:
      1. Name of the success metric
      2. Method for measuring success
      3. Baseline measurement
      4. Target measurement
      5. Actual measurements at various points throughout the process of improving the risk management program
      6. A deadline for each metric to meet the target measurement
    Strong Make sure the objective is clear and detailed.
    Measurable Objectives are measurable if there are specific metrics assigned to measure success. Metrics should be objective.
    Actionable Objectives become actionable when specific initiatives designed to achieve the objective are identified.
    Realistic Objectives must be achievable given your current resources or known available resources.
    Time-Bound An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.

    1.2.4 Develop SMART project metrics (continued)

    1-3 hours

    Attach metrics to your goals to gauge the success of the IT risk management program.

    Replace the example metrics with accurate KPIs or metrics for your organization.

    Sample Metrics
    Name Method Baseline Target Deadline Checkpoint 1 Checkpoint 2 Final
    Number of risks identified (per year) Risk register 0 100 Dec. 31
    Number of business units represented (risk identification) Meeting minutes 0 5 Dec. 31
    Frequency of risk assessment Assessments recorded in risk management program manual 0 2 per year Year 2
    Percentage of identified risk events that undergo expected cost assessment Ratio of risks assessed in the risk costing tool to risks assessed in the risk register 0 20% Dec. 31
    Number of top risks without an identified risk response Risk register 5 0 March 1
    Cost of risk management program operations per year Meeting frequency and duration, multiplied by the cost of participation $2,000 $5,000 Dec. 31

    Create the IT risk committee (ITRC)

    Responsibilities of the ITRC:
    1. Formalize risk management processes.
    2. Identify and review major risks throughout the IT department.
    3. Recommend an appropriate risk appetite or level of exposure.
    4. Review the assessment of the impact and likelihood of identified risks.
    5. Review the prioritized list of risks.
    6. Create a mitigation plan to minimize risk likelihood and impact.
    7. Review and communicate overall risk impact and risk management success.
    8. Assign risk ownership responsibilities of key risks to ensure key risks are monitored and risk responses are effectively implemented.
    9. Address any concerns in regards to the risk management program, including, but not limited to, reviewing their risk management duties and resourcing.
    10. Communicate risk reports to senior management annually.
    11. Make any alterations to the committee roster and the individuals’ responsibilities as needed and document changes.
    		 Must be on the ITRC:
    • CIO
    • CRO (if applicable)
    • Senior Directors
    • Security Officer
    • Head of Operations

    Must be on the ITRC:

    • CFO
    • Senior representation from every business unit impacted by IT risk

    1.2.5 Create the IT risk council

    1-4 hours

    Input: List of IT personnel and business stakeholders

    Output: Goals for the IT risk management program

    Materials: Risk Management Program Manual

    Participants: CIO, CRO (if applicable), Senior Directors, Head of Operations

    Identify the essential individuals from both the IT department and the business to create a permanent committee that meets regularly and carries out IT risk management activities.

    Instructions:

    1. Review sections 3.1 (Mandate) and 3.2 (Agenda and Responsibilities) of the IT Risk Committee Charter, located in the Risk Management Program Manual. Make any necessary revisions.
    2. In section 3.3, document how frequently the council is scheduled to meet.
    3. In section 3.4, document members of the IT risk council.
    4. Obtain sign-off for the IT risk council from the CIO or another member of the senior leadership team in section 3.5 of the manual.

    Record the results in the Risk Management Program Manual.

    1.2.6 Complete RACI chart

    1-3 hours

    A RACI diagram is a useful visualization that identifies redundancies and ensures that every role, project, or task has an accountable party.

    RACI is an acronym made up of four participatory roles: Instructions
    1. Use the template provided on the following slide, and add key stakeholders who do not appear and are relevant for your organization.
    2. For each activity, assign each stakeholder a letter.
    3. There must be an accountable party for each activity (every activity must have an “A”).
    4. For activities that do not apply to a particular stakeholder, leave the space blank.
    5. Once the chart is complete, copy/paste it into section 4.1 of the Risk Management Program Manual.
    Responsible Stakeholders who undertake the activity.
    Accountable Stakeholders who are held responsible for failure or take credit for success.
    Consulted Stakeholders whose opinions are sought.
    Informed Stakeholders who receive updates.

    1.2.6 Complete RACI chart (continued)

    1-3 hours

    Assign risk management accountabilities and responsibilities to key stakeholders:

    Stakeholder Coordination Risk Identification Risk Thresholds Risk Assessment Identify Responses Cost-Benefit Analysis Monitoring Risk Decision Making
    ITRC A R I R R R A C
    ERM C I C I I I I C
    CIO I A A A A A I R
    CRO I R C I R
    CFO I R C I R
    CEO I R C I A
    Business Units I C C C
    IT I I I I I I R C
    PMO C C C
    Legend: Responsible Accountable Consulted Informed

    Build an IT Risk Management Program

    Phase 2

    Identify and Assess IT Risk

    Phase 1

    • 1.1 Review IT Risk Management Fundamentals
    • 1.2 Establish a Risk Governance Framework

    Phase 2

    • 2.1 Identify IT Risks
    • 2.2 Assess and Prioritize IT Risks
      •

    Phase 3

    • 3.1 Develop Risk Responses and Monitor IT Risks
    • 3.2 Report IT Risk Priorities

    This phase will walk you through the following activities:

    • Add organization-specific risk scenarios
    • Identify risk events
    • Augment risk event list using COBIT 2019 processes
    • Conduct a PESTLE analysis
    • Determine the threshold for (un)acceptable risk
    • Create a financial impact assessment scale
    • Select a technique to measure reputational cost
    • Create a likelihood scale
    • Assess risk severity level
    • Assess expected cost

    This phase involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Business Risk Owners

    Step 2.1

    Identify IT Risks

    Activities
    • 2.1.1 Add organization-specific risk scenarios
    • 2.1.2 Identify risk events
    • 2.1.3 Augment risk event list using COBIT 19 processes
    • 2.1.4 Conduct a PESTLE analysis

    This step involves the following participants:

    • IT executive leadership
    • IT Risk Council
    • Business executive leadership
    • Business risk owners

    Outcomes of this step

    • Participation of key stakeholders
    • Comprehensive list of IT risk events
    Identify and Assess IT Risk
    Step 2.1 Step 2.2

    Get to know what you don’t know

    1. Engage the right stakeholders in risk identification.
    2. Employ Info-Tech’s top-down approach to risk identification.
    3. Augment your risk event list using alternative frameworks.
    		 Key metrics:
    • Total risks identified
    • New risks identified
    • Frequency of updates to the Risk Register Tool
    • Number of realized risk events not identified in the Risk Register Tool
    • Level of business participation in enterprise IT risk identification
      • Number of business units represented
      • Number of meetings attended in person
      • Number of risk reports received

    Info-Tech Insight

    What you don’t know CAN hurt you. How do you identify IT-related threats and vulnerabilities that you are not already aware of? Now that you have created a strong risk governance framework that formalizes risk management within IT and connects it to the enterprise, follow the steps outlined in this section to reveal all of IT’s risks.

    Engage key stakeholders

    Ensure that all key risks are identified by engaging key business stakeholders.

    Benefits of obtaining business involvement during the risk identification stage:
    • You will identify risk events you had not considered or you weren’t aware of.
    • You will identify risks more accurately.
    • Risk identification is an opportunity to raise awareness of IT risk management early in the process.

    Executive Participation:

    • CIO participation is integral when building a comprehensive register of risk events impacting IT.
    • CIOs and IT directors possess a holistic view of all of IT’s functions.
    • CIOs and IT directors are uniquely placed to identify how IT affects other business units and the attainment of business objectives. If applicable, CRO and CTO participation is also critical.

    Prioritizing and Selecting Stakeholders

    1. Reliance on IT services and technologies to achieve business objectives.
    2. Relationship with IT, and willingness to engage in risk management activities.
    3. Unique perspectives, skills, and experiences that IT may not possess.

    Info-Tech Insight

    While IT personnel are better equipped to identify IT risk than anyone, IT does not always have an accurate view of the business’ exposure to IT risk. Strive to maintain a 3 to 1 ratio of IT to non-IT personnel involved in the process.

    Enable IT to target risk holistically

    Take a top-down approach to risk identification to guide brainstorming

    Info-Tech’s risk categories are consistent with a risk identification method called Risk Prompting.

    A risk prompt list is a list that categorizes risks into types or areas. The n10 risk categories encapsulate the services, activities, responsibilities, and functions of most IT departments. Use these categories and the example risk scenarios provided as prompts to guide brainstorming and organize risks.

    Risk Category: High-level groupings that describe risk pertaining to major IT functions. See the following slide for all ten of Info-Tech’s IT risk categories. Risk Scenario: An abstract profile representing common risk groups that are more specific than risk categories. Typically, organizations are able to identify two to five scenarios for each category. Risk Event: Specific threats and vulnerabilities that fall under a particular risk scenario. Organizations are able to identify anywhere between 1 and 20 events for each scenario. See the Appendix of the Risk Management Program Manual for a list of risk event examples.

    Risk Category

    Risk Scenario

    Risk Event
    Compliance Regulatory compliance Being fined for not complying/being aware of a new regulation.
    Externally originated attack Phishing attack on the organization.
    Operational Technology evaluation & selection Partnering with a vendor that is not in compliance with a key regulation.
    Capacity planning Not having sufficient resources to support a DRP.
    Third-Party Risk Vendor management Vendor performance requirements are improperly defined.
    Vendor selection Vendors are improperly selected to meet the defined use case.

    2.1.1 Add organization-specific risk scenarios

    1-3 hours

    Review Info-Tech’s ten IT risk categories and add risk scenarios to the examples provided.

    IT Reputational
    • Negative PR
    • Consumers writing negative reviews
    • Employees writing negative reviews
    		 IT Financial
    • Stock prices drop
    • Value of the organization is reduced
    		 IT Strategic
    • Organization prioritizes innovation but remains focused on operational
    • Unable to access data to support strategic initiative
    		 Operational
    • Enterprise architecture
    • Technology evaluation and selection
    • Capacity planning
    • Operational errors
    		 Availability
    • Power outage
    • Increased data workload
    • Single source of truth
    • Lacking knowledge transfer processes for critical tasks
    Performance
    • Network failure
    • Service levels not being met
    • Capacity overload
    		 Compliance
    • Regulatory compliance
    • Standards compliance
    • Audit compliance
    		Security
    • Malware
    • Internally originated attack
    		 Third Party
    • Vendor selection
    • Vendor management
    • Contract termination
    		 Digital
    • No back-up process if automation fails

    2.1.2 Identify risk events

    1-4 hours

    Input: IT risk categories

    Output: Risk events identified and categorized

    Materials: Risk Register Tool

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owners, CRO (if applicable)

    Use Info-Tech’s IT risk categories and scenarios to brainstorm a comprehensive list of IT-related threats and vulnerabilities impacting your organization.

    Instructions:

    1. Document risk events in the Risk Register Tool.
    2. List risk scenarios (organized by risk category) in the Risk Events/Threats column.
    3. Disseminate the list to key stakeholders who were unable to participate and solicit their feedback.
      • Consult the RACI chart located in section 4.1 of the Risk Management Program Manual.
    4. Attack one scenario at a time, exhausting all realistic risk events for that grouping before moving onto the next scenario. Each scenario should take approximately 45-60 minutes.

    Tip: If disagreement arises regarding whether a specific risk event is relevant to the organization or not and it cannot be resolved quickly, include it in the list. The applicability of these risks will become apparent during the assessment process.

    Record the results in the Risk Register Tool.

    2.1.3 Augment the risk event list using COBIT 2019 processes (Optional)

    1-3 hours

    Other industry-leading frameworks provide alternative ways of conceptualizing the functions and responsibilities of IT and may help you uncover additional risk events.

    1. Managed IT Management Framework
    2. Managed Strategy
    3. Managed Enterprise Architecture
    4. Managed Innovation
    5. Managed Portfolio
    6. Managed Budget and Costs
    7. Managed Human Resources
    8. Managed Relationships
    9. Managed Service Agreements
    10. Managed Vendors
    11. Managed Quality
    12. Managed Risk
    13. Managed Security
    14. Managed Data
    15. Managed Programs
    16. Managed Requirements Definition
    17. Managed Solutions Identification and Build
    18. Managed Availability and Capacity
    19. Managed Organizational Change Enablement
    20. Managed IT Changes
    1. Managed IT Change Acceptance and Transitioning
    2. Managed Knowledge
    3. Managed Assets
    4. Managed Configuration
    5. Managed Projects
    6. Managed Operations
    7. Managed Service Requests and Incidents
    8. Managed Problems
    9. Managed Continuity
    10. Managed Security Services
    11. Managed Business Process Controls
    12. Managed Performance and Conformance Monitoring
    13. Managed System of Internal Control
    14. Managed Compliance with External Requirements
    15. Managed Assurance
    16. Ensured Governance Framework Setting and Maintenance
    17. Ensured Benefits Delivery
    18. Ensured Risk Optimization
    19. Ensured Resource Optimization
    20. Ensured Stakeholder Engagement

    Instructions:

    1. Review COBIT 2019’s 40 IT processes and identify additional risk events.
    2. Match risk events to the corresponding risk category and scenario and add them to the Risk Register Tool.

    2.1.4 Finalize your risk register by conducting a PESTLE analysis (Optional)

    1-3 hours

    Explore alternative identification techniques to incorporate external factors and avoid “groupthink.”

    Consider the External Environment – PESTLE Analysis

    Despite efforts to encourage equal participation in the risk identification process, key risks may not have been shared in previous exercises.

    Conduct a PESTLE analysis as a final safety net to ensure that all key risk events have been identified.

    		 Avoid “Groupthink” – Nominal Group Technique

    The Nominal Group Technique uses the silent generation of ideas and an enforced “safe” period of time where ideas are shared but not discussed to encourage judgement-free idea generation.

    • Ideas are generated silently and independently.
    • Ideas are then shared and documented; however, discussion is delayed until all of the group’s ideas have been recorded.
    • Idea generation can occur before the meeting and be kept anonymous.

    Note: Employing either of these techniques will lengthen an already time-consuming process. Only consider these techniques if you have concerns regarding the homogeneity of the ideas being generated or if select individuals are dominating the exercise.
    List the following factors influencing the risk event:
    • Political factors
    • Economic factors
    • Social factors
    • Technological factors
    • Legal factors
    • Environmental factors
    		 'PESTLE Analysis' presented as a wheel with the acronym's meanings surrounding the title. 'Political Factors', 'Economic Factors', 'Social Factors', 'Technological Factors', 'Legal Factors', and 'Environmental Factors'.

    Step 2.2

    Assess and Prioritize IT Risks

    Activities
    • 2.2.1 Determine the threshold for (un)acceptable risk
    • 2.2.2 Create a financial impact assessment scale
    • 2.2.3 Select a technique to measure reputational cost
    • 2.2.4 Create a likelihood scale
    • 2.2.5 Risk severity level assessment
    • 2.2.6 Expected cost assessment

    This step involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Business risk owners

    Outcomes of this step

    • Business-approved thresholds for unacceptable risk
    • Completed Risk Register Tool with risks prioritized according to severity
    • Expected cost calculations for high-priority risks

    Identify and Assess IT Risk

    Step 2.1 Step 2.2

    Reveal the organization’s greatest IT threats and vulnerabilities

    1. Establish business-approved risk thresholds for acceptable and unacceptable risk.
    2. Conduct a streamlined assessment of all risks to separate acceptable and unacceptable risks.
    3. Perform a deeper, cost-based assessment of prioritized risks.
    		 Key metrics:
    • Frequency of IT risk assessments
      • (Annually, bi-annually, etc.)
    • Assessment accuracy
      • Percentage of risk assessments that are substantiated by later occurrences or testing
      • Ratio of cumulative actual costs to expected costs
    • Assessment consistency
      • Percentage of risk assessments that are substantiated by third-party audit
    • Assessment rigor
      • Percentage of identified risk events that undergo first-level assessment (severity scores)
      • Percentage of identified risk events that undergo second-level assessment (expected cost)
    • Stakeholder oversight and participation
      • Level of executive participation in IT risk assessment (attend in person, receive report, etc.)
      • Number of business stakeholder reviews per risk assessment

    Info-Tech Insight

    Risk is money. It’s impossible to make intelligent decisions about risks without knowing what their financial impact will be.

    Review risk assessment fundamentals

    Risk assessment provides you with the raw materials to conduct an informed cost-benefit analysis and make robust risk response decisions.

    In this section, you will be prioritizing your IT risks according to their risk severity, which is a reflection of their expected cost.

    Calculating risk severity

    How much you expect a risk event to cost if it were to occur:

    Likelihood of Risk Impact

    e.g. $250,000 or “High”

    X

    		 Calibrated by how likely the risk is to occur:

    Likelihood of Risk Occurrence

    e.g. 10% or “Low”

    =

    		 Produces a dollar value or “severity level” for comparing risks:

    Risk Severity

    e.g. $25,000 or “Medium”    		 Which must be evaluated against thresholds for acceptable risk and the cost of risk responses.

    Risk Tolerance
    Risk Response
    CBA
    Cost-benefit analysis

    Maintain the engagement of key stakeholders in the risk assessment process

    1

    Engage the Business During Assessment Process

    Asking business stakeholders to make significant contributions to the assessment exercise may be unrealistic (particularly for members of the senior leadership team, other than the CIO).

    Ensure that they work with you to finalize thresholds for acceptable or unacceptable risk.

    2

    Verify the Risk Impact and Assessment

    If IT has ranked risk events appropriately, the business will be more likely to offer their input. Share impact and likelihood values for key risks to see if they agree with the calculated risk severity scores.

    3

    Identify Where the Business Focuses Attention

    While verifying, pay attention to the risk events that the business stresses as key risks. Keep these risks in mind when prioritizing risk responses as they are more likely to receive funding.

    Try to communicate the assessments of these risk events in terms of expected cost to attract the attention of business leaders.

    Info-Tech Insight

    If business executives still won’t provide the necessary information to update your initial risk assessments, IT should approach business unit leaders and lower-level management. Lean on strong relationships forged over time between IT and business managers or supervisors to obtain any additional information.

    Info-Tech recommends a two-level approach to risk assessment

    Review the two levels of risk assessment offered in this blueprint.

    Risk severity level assessment (mandatory)

    1

    		Information

    Number of risks: Assess all risk events identified in Phase 1.
    Units of measurement: Use customized likelihood and impact “levels.”
    Time required: One to five minutes per risk event.

    		Assess Likelihood

    Negligible
    Low
    Moderate
    High
    Very High

    X

    		Assess Likelihood

    Negligible
    Low
    Moderate
    High
    Very High

    =

    		Output


    Risk Security Level:

    Moderate

    Example of a risk severity level assessment chart.
    Chart risk events according to risk severity as this allows you to organize and prioritize IT risks.

    Assess all of your identified risk events with a risk severity-level assessment.

    • By creating a likelihood and impact assessment scale divided into three to nine “levels” (sometimes referred to as “buckets”), you can evaluate every risk event quickly while being confident that risks are being assessed accurately.
    • In the following activities, you will create likelihood and impact scales that align with your organizational risk appetite and tolerance.
    • Severity-level assessment is a “first pass” of your risk list, revealing your organization’s most severe IT risks, which can be assessed in greater detail by incorporating expected cost into your evaluation.

    Info-Tech recommends a two-level approach to risk assessment (continued)

    Expected cost assessment (optional)

    2

    		Information

    Number of risks: Only assess high-priority risks revealed by severity-level assessment.
    Units of measurement: Use actual likelihood values (%) and impact costs ($).
    Time required: 10-20 minutes per risk event.

    		Assess Likelihood

    15%

    Moderate

    X

    		Assess Likelihood

    $100,000

    High

    =

    		Output


    Expected Cost:

    $15,000

    Expected cost is useful for conducting cost-benefit analysis and comparing IT risks to non-IT risks and other budget priorities for the business.

    Conduct expected cost assessments for IT’s greatest risks.

    For risk events warranting further analysis, translate risk severity levels into hard expected-cost numbers.

    Why conduct expected cost assessments?
    • Expected cost represents how much you would expect to pay in an average year for each risk event.
    • Communicate risk priorities to the business in language they can understand.
    • While risk severity levels are useful for comparing one IT risk to another, expected cost data allows the business to compare IT risks to non-IT risks that may not use the same scales.
    		 Why is expected cost assessment optional?
    • Determining robust likelihood values and precise impact estimates can be challenging and time consuming.
    • Some risk events may require extensive data gathering and industry analysis.

    Implement and leverage a centralized risk register

    The purpose of the risk register is to act as the repository for all the risks that have been identified within your environment.

    Use this tool to:

    1. Collect and maintain a repository for all IT risk events impacting the organization and relevant information for each risk.
      • Capture all relevant IT risk information in one location.
      • Organize risk identification and assessment information for transparent risk management, stakeholder review, and/or internal audit.
    2. Calculate risk severity scores to prioritize risk events and determine which risks require a risk response.
      • Separate acceptable and unacceptable risks (as determined by the business).
      • Rank risks based on severity levels.
    3. Assess risk responses and calculate residual risk.
      • Evaluate the effect that proposed risk response actions will have on top risk events and quantify residual risk magnitude.
      • This step will be completed in section 3.1

    2.2.1 Determine the threshold for (un)acceptable risk

    1-4 hours

    Input: Risk events, Risk appetite

    Output: Threshold for risk identified

    Materials: Risk Register Tool, Risk Management Program Manual

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owner

    Instructions:

    There are times when the business needs to know about IT risks with high expected costs.

    1. Create an expected cost threshold that defines what constitutes an acceptable and unacceptable risk for the organization. This figure should be a concrete dollar value. In the next exercises, you will build risk impact and likelihood scales with this value in mind, ensuring that “high” or “extreme” risks are immediately communicated to senior leadership.
    2. Do not consider IT budget restrictions when developing this number. The acceptable risk threshold should reflect the business’ tolerance/appetite for risk.

    This threshold is typically based on the organization’s ability to absorb financial losses, and its tolerance/appetite towards risk.

    If your organization has ERM, adopt the existing acceptability threshold.

    Record this threshold in section 5.3 of the Risk Management Program Manual

    2.2.2 Create a financial impact assessment scale

    1-4 hours

    Input: Risk events, Risk threshold

    Output: Financial impact scale created

    Materials: Risk Register Tool, Risk Management Program Manual

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owner

    Instructions:

    1. Create a scale to assess the financial impact of risk events.
      • Typically, risk impacts are assessed on a scale of 1-5; however, some organizations may prefer to assess risks using 3, 4, 7, or 9-point scales.
    2. Ensure that the unacceptable risk threshold is reflected in the scale.
      • In the example provided, the unacceptable risk threshold ($100,000) is represented as “High” on the impact scale.
    3. Attach labels to each point on the scale. Effective labels will easily distinguish between risks on either side of the unacceptable risk threshold.

    Record the risk impact scale in section 5.3 of the Risk Management Program Manual

    Convert project overruns and service outages into costs

    Use the tables below to quickly convert impacts typically measured in units of time to financial cost. Replace the values in the table with those that reflect your own costs.

    • While project overruns and service outages may have intangible impacts beyond the unexpected costs stemming from paying employees and lost revenue (such as adding complexity to project management and undermining the business’ confidence in IT), these measurements will provide adequate impact estimations for risk assessment.
    • Remember, complex risk events can be analyzed further with an expected cost assessment.
    Project Overruns Scale for the use of cost assessment with dollar amounts associated with impact levels. '$250,000 - Extreme', '$100,000 - High', '$60,000 - Moderate', '$35,000 - Low', '$10,000 - Negligible'.

    Project

    Time (days)

    20 days

    Number of employees

    8

    Average cost per employee (per day)

    $300

    Estimated cost

    $48,000
    Service Outages

    Service

    Time (hours)

    4 hours

    Lost revenue (per hour)

    $10,000

    Estimated cost

    $40,000

    Impact scale

    Low

    2.2.3 Select a technique to measure reputational cost (1 of 3)

    1-3 hours

    Realized risk events may have profound reputational costs that do not immediately impact your bottom line.

    Reputational cost can take several forms, including the internal and external perception of:
    1. Brand likeability
    2. Product quality
    3. Leadership capability
    4. Social responsibility

    Based on your industry and the nature of the risk, select one of the three techniques described in this section to incorporate reputational costs into your risk assessment.

    		 Technique #1 – Use financial indicators:

    For-profit companies typically experience reputational loss as a gradual decline in the strength of their brand, exclusion from industry groups, or lost revenue.

    If possible, use these measures to put a price on reputational loss:

    • Lost revenue attributable to reputation loss
    • Loss of market share attributable to reputation loss
    • Drops in share price attributable to reputation loss (for public companies)

    Match this dollar value to the corresponding level on the impact scale created in Activity 2.2.2.

    • If you are not able to effectively translate all reputational costs into financial costs, proceed to techniques 2 and 3 on the following slides.

    2.2.3 Select a technique to measure reputational cost (2 of 3)

    1-3 hours
    It is common for public sector or not-for-profit organizations to have difficulty putting a price tag on intangible reputational costs.
    • For example, a government organization may be unable to directly quantify the cost of losing the confidence and/or support of the public.
    • A helpful technique is to reframe how reputation is assigned value.
    		 Technique #2 – Calculate the value of avoiding reputational cost:
    1. Imagine that the particular risk event you are assessing has occurred. Describe the resulting reputational cost using qualitative language.

    For example:

    A data breach, which caused the unsanctioned disclosure of 2,000 client files, has inflicted high reputational costs on the organization. These have impacted the organization in the following ways:

    • Loss of organizational trust in IT
    • IT’s reputation as a value provider to the organization is tarnished
    • Loss of client trust in the organization
    • Potential for a public reprimand of the organization by the government to restore public trust
  • Then, determine (hypothetically) how much money the organization would be willing to spend to prevent the reputational cost from being incurred.
  • Match this dollar value to the corresponding level on the impact scale created in Activity 2.2.2.
    		•

    2.2.3 Select a technique to measure reputational cost (3 of 3)

    1-3 hours

    If you feel that the other techniques have not reflected reputational impacts in the overall severity level of the risk, create a parallel scale that roughly matches your financial impact scale.

    Technique #3 – Create a parallel scale for reputational impact:

    Visibility is a useful metric for measuring reputational impact. Visibility measures how widely knowledge of the risk event has spread and how negatively the organization is perceived. Visibility has two main dimensions:

    • Internal vs. External
    • Low Amplification vs. High Amplification

      • Internal/External: The further outside of the organization that the risk event is visible, the higher the reputational impact.
      Low/High Amplification: The greater the ability of the actor to communicate and amplify the occurrence of a risk event, the higher the reputational impact.
      After establishing a scale for reputational impact, test whether it reflects the severity of the financial impact levels in the financial impact scale.

    • For example, if the media learns about a recent data breach, does that feel like a $100,000 loss?
    		 Example:
    Scale for the use of cost assessment of reputational impact with dimension combinations associated with impact levels. 'External, High Amp, (regulators, lawsuits) - Extreme', 'Internal, High Amp, (CEO) - Low', 'Internal, Low Amp (IT) - Negligible'.

    2.2.4 Create a likelihood scale

    1-3 hours

    Instructions:
    1. Create a scale to assess the likelihood that a risk event will occur over a given period of time.
      • Info-Tech recommends assessing the likelihood that the risk event will occur over a period of one year (the IT risk council should be reassessing the risk event no less than once per year).
    2. Ensure that the likelihood scale contains the same number of levels as the financial impact scale (3, 4, 5, 7, or 9).
    3. The example provided is likely to satisfy most IT departments; however, you may customize the distribution of likelihood values to reflect the organization’s aversion towards uncertainty.
      • For example, an extremely risk-averse organization may consider any risk event with a likelihood greater than 20% to have a “High” likelihood of occurrence.
    4. Attach the same labels used for the financial impact scale (Low, Moderate, High, etc.)

    Record the risk impact scale in section 5.3 of the Risk Management Program Manual

    		 Scale to assess the likelihood that a risk event will occur. '80-99% - Extreme', '60-79% - High', '40-59% - Moderate' '20-39% - Low', '1-19% - Negligible'.

    Info-Tech Insight

    Note: Info-Tech endorses the use of likelihood values (1-99%) rather than frequency (3 times per year) as a measurement.
    For an explanation of why likelihood values lead to more precise and robust risk assessment, see the Appendix.

    2.2.5 Risk severity level assessment

    6-10 hours

    Input: Risk events identified

    Output: Assessed the likelihood of occurrence and impact for all identified risk events

    Materials: Risk Register Tool

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owner

    Instructions:

    1. Document the “Risk Category” and “Existing Controls.” in the Risk Register Tool.
      • (See the slide following this activity for tips on identifying existing controls.)
    2. Assign each risk event a likelihood and impact level.
      • Remember, you are assessing the impact that a risk event will have on the organization as a whole, not just on IT.
    3. When assigning a financial impact level to a risk event, factor in the likely number of instances that the event will occur within the time frame for which you are assessing (usually one year).
      • For risk events like third-party service outages that typically occur a few times each year, assign them an impact level that reflects the likelihood of financial impact the risk event will have over the entire year.
      • E.g. If your organization is likely to experience two major service outages next year and each outage costs the organization approximately $15,000, the total financial impact is $30,000.

    Record results in the Risk Register Tool

    2.2.5 Risk severity level assessment (continued)

    Instructions (continued):
    1. Assign a risk owner to non-negligible risk events.
      • For organizations that practice ongoing risk management and frequently reassess their risk portfolio (minimum once per year), risk ownership does not need to be assigned to “Negligible” or low-level risks.
      • View the following slides for advice on how to select a risk owner and information on their responsibilities.
    2. As you input the first few likelihood and impact values, compare them to one another to ensure consistency and accuracy:
      • Is a service outage really twice as impactful as our primary software provider going out of business?
      • Is a data breach far more likely than a ›1 hour web-services outage?
    		 Tips for Selecting Likelihood Values:

    Does ~10% sound right?

    Test a likelihood estimate by assessing the truth of the following statements:

    • The risk event will likely occur once in the next ten years (if the environment remains nearly identical).
    • If ten organizations existed that were nearly identical to our own, it is likely that one out of ten would experience the risk event this year.

    Screenshot of a risk severity level assessment.

    Identify current risk controls

    Consider how IT is already addressing key risks.

    Types of current risk control

    Tactical controls

    Apply to individual risks only.

    Example: A tactical control for backup/replication failure is faster WAN lines.

    		 Tactical risk control Strategic controls

    Apply to multiple risks.

    Example: A strategic control for backup/replication failure is implementing formal DR plans.

    		 Strategic risk control
    Risk event Risk event Risk event

    Screenshot of the column headings on the risk severity level assessment with 'Current Controls' highlighted.
    Consider both tactical and strategic controls already in place when filling out risk event information in the Risk Register Tool.

    Info-Tech Insight

    Identifying existing risk controls (past risk responses) provides a clear picture of the measures already in place to avoid, mitigate, or transfer key risks. This reveals opportunities to improve existing risk controls, or where new strategies are needed, to reduce risk severity levels below business thresholds.

    Assign a risk owner for each risk event

    Designate a member of the IT risk council to be responsible for each risk event.

    Selecting the Appropriate Risk Owner

    Use the following considerations to determine the best owner for each risk:

    • The risk owner should be familiar with the process, project, or IT function related to the risk event.
    • The risk owner should have access to the necessary data to monitor and measure the severity of the risk event.
    • The risk owner’s performance assessment should reflect their ability to demonstrate the ongoing management of their assigned risk events.

    Screenshot of the column headings on the risk severity level assessment with 'Risk Owner' highlighted.

    		 Risk Owner Responsibilities

    Risk ownership means that an individual is responsible for the following activities:

    • Monitoring the threat or vulnerability for changes in the likelihood of occurrence and/or likely impact.
    • Monitoring changes in the market and external environment that may alter the severity of the risk event.
    • Monitoring changes of closely related risks with interdependencies.
    • Developing and using key risk indicators (KRIs) to measure changes in risk severity.
    • Regularly reporting changes in risk severity to the IT risk council.
    • If necessary, escalating the risk event to other IT risk council personnel or senior management for reassessment.
    • Monitoring risk severity levels for risk events after a risk response has been implemented.

    Use Info-Tech’s Risk Costing Tool to calculate the expected cost of IT’s high-priority risks (optional)

    Sample of the Risk Costing Tool.

    Use this tool to:

    1. Conduct a deeper analysis of severe risks.
      • Determine specific likelihood and financial impact values to communicate the severity of the risk in the Expected Cost tab.
      • Identify the maximum financial impact that the risk event may inflict.
    2. Assess the effectiveness of multiple risk responses for each risk event.
      • Determine how proposed risk events will change the likelihood of occurrence and financial impact of the risk event.
    3. Incorporate risk proximity into your cost-benefit analysis of risk responses.
      • Illustrate how spending decisions will impact the expected cost of the risk event over time.

    2.2.6 Expected cost assessment (optional)

    Assign likelihood and financial impact values to high-priority risks.

    Select risks with these characteristics:

    Strongly consider conducting an expected cost assessment for risk events that meet one or more of the following criteria.

    The risk:

    • Has been assigned to the highest risk severity level.
    • Has exposed the organization previously and had severe implications.
    • Exceeds the organization’s threshold for financial impact.
    • Involves an IT function that is highly visible to the business.
    • Will likely require risk response actions that will exceed current IT budgetary constraints.
    • Is conducive to expected cost assessment:
      • There is general consensus on likelihood estimates.
      • There is general consensus on financial impact estimates.
      • Historical data exists to support estimates.
    		 Determine which risks require a deeper assessment:

    Info-Tech recommends conducting a second-level assessment for 5-15% of your IT risk register.

    Communicating the expected cost of high-priority risks significantly increases awareness of IT risks by the business.

    Communicating risks to the business using their language also increases the likelihood that risk responses will receive the necessary support and investment


    Record the list of risk events requiring second-level assessment in the Risk Costing Tool.

    • Transfer the likelihood and impact levels for each event into the Risk Costing Tool using data from the Risk Register Tool.

    2.2.6 Expected cost assessment (continued)

    Assign likelihood and financial impact values to high-priority risks.

    Instructions:
    1. Go through the list of prioritized risks in the Risk Costing Tool one by one. Indicate the likelihood and impact level (from the Risk Register Tool) for the risk event being assessed.
    2. Record likelihood values (1-99%) and impact values ($) from participants.
      • Only record values from individuals that indicate they are fairly confident with their estimates.
      • Keep likelihood estimates to values that are multiples of five.
    3. Estimate and record the maximum impact that the risk event could inflict.
      • See Appendix III for information on how the possibility of high-impact scenarios may influence your decision making.
    4. Discuss the estimates provided. Eliminate outliers and retracted estimates.
      • If you are unable to achieve consensus, take the average of the values provided.
    5. If you are having difficulty arriving at a likelihood or impact value, select the median value of the level assigned to the risk during the risk severity level assessment.
      • E.g. Risk event assigned to likelihood level “Moderate” (20-39%). Select a likelihood value of 30%.

    Screenshot of the column headings on the risk severity level assessment with 'Optional Inherent Likelihood Parameters' and 'Optional Inherent Impact Parameters' highlighted.

    		 Who should participate?
    • Depending on the size of your IT risk council, you may want to consider conducting this exercise in a smaller group.
    • Ideally, you should try to find the right balance between ensuring that the necessary experience and knowledge is in the room while insulating the exercise from outlier opinions, noise, and distractions.

    Evaluate likelihood and impact

    Refine your risk assessment process by developing more accurate measurements of likelihood and impact.

    Intersubjective likelihood

    The goal of the expected cost assessment is to develop robust intersubjective estimates of likelihood and financial impact.

    By aggregating a number of expert opinions of what they deem to be the “correct” value, you will arrive at a collectively determined value that better reflects reality than an individual opinion.

    Example: The Delphi Method

    The Delphi Method is a common technique to produce a judgement that is representative of the collective opinion of a group.

    • Participants are sent a series of sequential questionnaires (typically by email).
    • The first questionnaire asks them what the likelihood, likely impact, and expected cost is for a specific risk event.
    • Data from the questionnaire is compiled and then communicated in a subsequent questionnaire, which encourages participants to restate or revise their estimates given the group’s judgements.
    • With each successive questionnaire, responses will typically converge around a single intersubjective value.
    		Justifying Your Estimates:

    When asked to explain the numbers you arrived at during the risk assessment, pointing to an assessment methodology gives greater credibility to your estimates.

    • Assign one individual to take notes during the assessment exercise.
    • Have them document the main rationale behind each value and the level of consensus.

    Info-Tech Insight

    The underlying assumption behind intersubjective forecasting is that group judgements are more accurate than individual judgements. However, this may not be the case at all.

    Sometimes, a single expert opinion is more valuable than many uninformed opinions. Defining whose opinion is valuable and whose is not is an unpleasant exercise; therefore, selecting the right personnel to participate in the exercise is crucially important.

    Build an IT Risk Management Program

    Phase 3

    Monitor, Respond, and Report on IT Risk

    Phase 1

    • 1.1 Review IT Risk Management Fundamentals
    • 1.2 Establish a Risk Governance Framework

    Phase 2

    • 2.1 Identify IT Risks
    • 2.2 Assess and Prioritize IT Risks

    Phase 3

    • 3.1 Develop Risk Responses and Monitor IT Risks
    • 3.2 Report IT Risk Priorities
      •

    This phase will walk you through the following activities:

    • Develop key risk indicators (KRIs) and escalation protocols
    • Establish the reporting schedule
    • Identify and assess risk responses
    • Analyze risk response cost-benefit
    • Create multi-year cost projections
    • Obtain executive approval for risk action plans
    • Socialize the Risk Report
    • Transfer ownership of risk responses to project managers
    • Finalize the Risk Management Program Manual

    This phase involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Risk business owner

    Step 3.1

    Monitor IT Risks and Develop Risk Responses

    Activities
    • 3.1.1 Develop key risk indicators (KRIs) and escalation protocols
    • 3.1.2 Establish the reporting schedule
    • 3.1.3 Identify and assess risk responses
    • 3.1.4 Risk response cost-benefit analysis
    • 3.1.5 Create multi-year cost projections

    This step involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Business risk owner

    Outcomes of this step

    • Completed risk event action plans
    • Risk responses identified and assessed for top risks
    • Risk response selected for top risks

    Monitor, Respond, and Report on IT Risk

    Step 3.1 Step 3.2

    Use Info-Tech’s Risk Event Action Plan to manage high-priority risks

    Manage risks in between risk assessments and create a paper trail for key risks that exceed the unacceptable risk threshold. Use a new form for every high-priority risk that requires tracking.

    Risk Event Action Plan Sample of the Risk Event Action Plan deliverable.

    Obtaining sign-off from the senior leadership team or from the ERM office is an important step of the risk management process. The Risk Event Action Plan ensures that high-priority risks are closely monitored and that changes in risk severity are detected and reported.

    Clear documentation is a way to ensure that critical information is shared with management so that they can make informed risk decisions. These reports should be succinct yet comprehensive; depending on time and resources, it is good practice to fill out this form and obtain sign-off for the majority of IT risks.

    3.1.1 Develop key risk indicators (KRIs) and escalation protocols

    The risk owner should be held accountable for monitoring their assigned risks but may delegate responsibility for these tasks.

    Instructions:
    1. Design key risk indicators (KRIs) for risks that measure changes in their severity and document them in the Risk Event Action Plan.
      • See the following slide for examples.
    2. Clearly document the risk owner and the individual(s) carrying out risk monitoring activities (delegates) in the Risk Event Action Plan.

    Note: Examples of KRIs can be found on the following slide.

    		 What are KRIs?
    • KRIs should be observable metrics that alert the IT risk council and management when risk severity exceeds acceptable risk thresholds.
    • KRIs should serve as tripwires or early-warning indicators that trigger further actions to be taken on the risk.
    • Further actions may include:
      • Escalation to the risk owner (if delegated) or to a member of the senior leadership team.
      • Reporting to the IT risk council or IT steering committee.
      • Reassessment.
      • Updating the risk monitoring schedule.

    Document KRIs, escalation thresholds, and escalation protocols for each risk in a Risk Event Action Plan.

    Developing KRIs for success

    Visualization of KRI development, from the 'Risk Event' to the 'Intermediate Steps' with 'KRI Measurements' to the image of a growing seed.

    Examples of KRIs

    • Number of resources who quit or were fired who had access to critical data
    • Number of risk mitigation initiatives unfunded
    • Changes in time horizon of mitigation implementation
    • Number of employees who did not report phishing attempts
    • Amount of time required to get critical operations access to necessary data
    • Number of days it takes to implement a new regulation or compliance control

    3.1.2 Establish the reporting schedule

    For each risk event, document how frequently the risk owner must report to the IT risk council in the Risk Event Action Plan.

    • A clear reporting schedule enforces accountability for each risk event, ensuring that risk owners are fulfilling their monitoring responsibilities.
    • The ongoing discussion of risks between assessment cycles also increases overall awareness of how IT risks are not static but constantly evolving.
    Reporting Risk Event
    Weekly reports to ITRC Risk event severity represented as a thermometer with levels 'Extreme', 'High', 'Moderate', 'Low', and 'Negligible'.
    Bi-weekly reports to ITRC
    Monthly reports to ITRC
    Report to ITRC only if KRI thresholds triggered
    No reports; reassessed bi-annually

    Use Info-Tech’s tools to identify, analyze, and select risk responses

    1

    (Mandatory)    		Tool

    Screenshot of the Risk Register Tool.

    Risk Register Tool

    		Information
    • Develop risk responses for all risk events pre-populated on the “2. Risk Register” sheet of the Risk Register Tool.
    • Document the root cause of the risk (Activity 3.1.3) and other contributing factors (Activity 3.1.4).
    • Identify risk responses (Activity 3.1.5).
    • Predict the effectiveness of the risk response, if implemented, by estimating the residual likelihood and impact of the risk (Activity 3.1.5).
    • The tool will calculate the residual severity of the risk after applying the risk response.

    2

    (Optional)    		Tool

    Screenshot of the Risk Costing Tool.

    Risk Costing Tool

    		Information
    • Continue your second-level risk analysis for top risks for which you calculated expected cost in section 2.2.
    • Activity 3.1.5:
      • Identify between one and four risk response options for each risk.
      • Develop precise values for residual likelihood and impact.
      • Compare expected cost of the risk event to expected residual cost.
      • Select the risk response to recommend to senior leadership and document it in the Risk Register Tool.

    Determine the root cause of IT risks

    Root cause analysis

    Use the “Five Whys” methodology to identify the root cause and contributing/exacerbating factors for each risk event.

    Diagnosing the root cause of a risk as well as the environmental factors that increase its potential impact and likelihood of occurring allow you to identify more effective risk responses.

    Risk responses that only address the symptoms of the risk are less likely to succeed than responses that address the core issue.

    Concentric circles with 'Root Cause' at the center, 'Contributing Factors' around it, and 'Symptoms' on the outer circle.

    		 Example of 'The Five Whys Methodology', tracing symptoms to their root cause. In 'Symptoms' we see 'Risk Event: Network outage', Why? 'Network congestion', Why? Then on to 'Contributing Factors' the answer is 'Inadequate bandwidth for latency-sensitive applications', Why? 'Increased business use of latency-sensitive applications', Why? And finally to the 'Root Cause', 'Business units rely on 'real-time' data gathered from latency-sensitive applications', Why?

    Identify factors that contribute to the severity of the risk

    Environmental factors interact with the root cause to increase the likelihood or impact of the risk event.

    What factors matter?

    Identify relevant actors and assets that amplify or diminish the severity of the risk.

    Actors

    • Internal (business units)
    • External (vendor, regulator, market, competitor, hostile actor)

    Assets/Resources

    • Infrastructure
    • Applications
    • Processes
    • Information/data
    • Personnel
    • Reputation
    • Operations
    		 Develop risk responses that target contributing factors.
    Root cause:
    Business units rely on “real-time” data gathered from latency-sensitive applications

    Actors: Enterprise App users (Finance, Product Development, Product Management)

    Asset/resource: Applications, network

    Risk response:
    Decrease the use of latency-sensitive applications.

    X

    Decreasing the use of key apps contradicts business objectives.

    		 Contributing factors:
    Unreliable router software

    Actors: Network provider, router vendor, router software vendor, IT department

    Asset/resource: Network, router, router software

    Risk response:
    Replace the vendor that provides routers and router software.

    Replacing the vendor would reduce network outages at a relatively low cost.

    		 Symptoms:
    Network outage

    Actors: All business units, network provider

    Asset/resource: Network, business operations, employee productivity

    Risk response:
    Replace legacy systems.

    X

    Replacing legacy systems would be too costly.

    3.1.3 Identify and assess risk responses

    Instructions:
    Complete the following steps for each risk event.
    1. Identify a risk response action that will help reduce the likelihood of occurrence or the impact if the event were to occur.
      • Indicate the type of risk response (avoidance, mitigation, transfer, acceptance, or no risk exists).
    2. Assign each risk response action a residual likelihood level and a residual impact level.
      • This is the same step performed in Activity 2.2.6, when initial likelihood and impact levels were determined; however, now you are estimating the likelihood and impact of the risk event after the risk response action has been implemented successfully.
      • The Risk Register Tool will generate a residual risk severity level for each risk event.
    3. Identify the potential Risk Action Owner (Project Manager) if the response is selected and turned into an IT project, and document this in the Risk Register Tool.
    		 Document the following in the Risk Event Action Plan for each risk event:
      • Risk response actions
      • Residual likelihood and impact levels
      • Residual risk severity level
    • Review the following slides about the four types of risk response to help complete the activity.
      1. Avoidance
      2. Mitigation
      3. Transfer
      4. Acceptance

    Record the results in the Risk Event Action Plan.

    Take actions to avoid the risk entirely

    Risk Avoidance

    • Risk avoidance involves taking evasive maneuvers to avoid the risk event.
    • Risk avoidance targets risk likelihood, decreasing the likelihood of the risk event occurring.
    • Since risk avoidance measures are fairly drastic, the likelihood is often reduced to negligible levels.
    • However, risk avoidance response actions often sacrifice potential benefits to eliminate the possibility of the risk entirely.
    • Typically, risk avoidance measures should only be taken for risk events with extremely high severity and when the severity (expected cost) of the risk event exceeds the cost (benefits sacrificed) of avoiding the risk.

    Example

    Risk event: Information security vulnerability from third-party cloud services provider.

    • Risk avoidance action: Store all data in-house.
    • Benefits sacrificed: Cost savings, storage flexibility, etc.
    		 Stock photo of a person hikiing along a damp, foggy, valley path.

    Pursue projects that reduce the likelihood or impact of the risk event

    Risk Mitigation

    • Risk mitigation actions are risk responses that reduce the likelihood and impact of the risk event.
    • Risk mitigation actions can be to either implement new controls or enhance existing ones.
    Example 1

    Most risk responses will reduce both the likelihood of the risk event occurring and its potential impact.

    Example

    Mitigation: Purchase and implement enterprise mobility management (EMM) software with remote wipe capability.

    • EMM reduces the likelihood that sensitive data is accessed by a nefarious actor.
    • The remote-wipe capability reduces the impact by closing the window that sensitive data can be accessed from.
    		 Example 2

    However, some risk responses will have a greater effect on decreasing the likelihood of a risk event with little effect on decreasing impact.

    Example

    Mitigation: Create policies that restrict which personnel can access sensitive data on mobile devices.

    • This mitigation decreases the number of corporate phones that have access to (or are storing) sensitive data, thereby decreasing the likelihood that a device is compromised.
    		 Example 3

    Others will reduce the potential impact without decreasing its likelihood of occurring.

    Example

    Mitigation: Use robust encryption for all sensitive data.

    • Corporate-issued mobile phones are just as likely to fall into the hands of nefarious actors, but the financial impact they can inflict on the organization is greatly reduced.

    Pursue projects that reduce the likelihood or impact of the risk event (continued)

    Use the following IT functions to guide your selection of risk mitigation actions:

    Process Improvement

    Key processes that would most directly improve the risk profile:

    • Change Management
    • Project Management
    • Vendor Management
    		 Infrastructure Management
    • Disaster Recovery Plan/Business Continuity Plan
    • Redundancy and Resilience
    • Preventative Maintenance
    • Physical Environment Security
    Personnel
    • Greater staff depth in key areas
    • Increased discipline around documentation
    • Knowledge Management
    • Training
    		 Rationalization and Simplification

    This is a foundational activity, as complexity is a major source of risk:

    • Application Rationalization – reducing the number of applications
    • Data Management – reducing the volume and locations of data

    Transfer risks to a third party

    Risk transfer: the exchange of uncertain future costs for fixed present costs.

    Insurance

    The most common form of risk transfer is the purchase of insurance.

    • The uncertain future cost of an IT risk event can be transferred to an insurance company who assumes the risk in exchange for insurance premiums.
    • The most common form of IT-relevant insurance is cyberinsurance.

    Not all risks can be insured. Insurable risks typically possess the following five characteristics:

    1. The loss must be accidental (the risk event cannot be insured if it could have been avoided by taking reasonable actions).
    2. The insured cannot profit from the occurrence of the risk event.
    3. The loss must be able to be measured in monetary terms.
    4. The organization must have an insurable interest (it must be the party that incurs the loss).
    5. An insurance company must offer insurance against that risk.
    		 Other Forms of Risk Transfer

    Other forms of risk transfer include:

    • Self-insurance
      • Appropriate funds can be set aside in advance to address the financial impact of a risk event should it occur.
    • Warranties
    • Contractual transfer
      • The financial impact of a risk event can be transferred to a third party through clauses agreed to in a contract.
      • For example, a vendor can be contractually obligated to assume all costs resulting from failing to secure the organization’s data.

      • Example email addressing fields of an IT Risk Transfer to an insurance company.

    Accept risks that fall below established thresholds

    Risk Acceptance

    Accepting a risk means tolerating the expected cost of a risk event. It is a conscious and deliberate decision to retain the threat.

    You may choose to accept a risk event for one of the following three reasons:

    1. The risk severity (expected cost) of the risk event falls below acceptability thresholds and does not justify an investment in a risk avoidance, mitigation, or transfer measure.
    2. The risk severity (expected cost) exceeds acceptability thresholds but all effective risk avoidance, mitigation, and transfer measures are ineffective or prohibitively expensive.
    3. The risk severity (expected cost) exceeds acceptability thresholds but there are no feasible risk avoidance, mitigation, and transfer measures to be implemented.

    Info-Tech Insight

    Constant monitoring and the assignment of responsibility and accountability for accepted risk events is crucial for effective management of these risks. No IT risk should be accepted without detailed documentation outlining the reasoning behind that decision and evidence of approval by senior management.

    3.1.4 Risk response cost-benefit analysis (optional)

    The purpose of a cost-benefit analysis (CBA) is to guide financial decision making.

    This helps IT make risk-conscious investment decisions that fall within the IT budget and helps the organization make sound budgetary decisions for risk response projects that cannot be addressed by IT’s existing budget.

    Instructions:
    1. Reopen the Risk Costing Tool. For each risk that you conducted an expected cost assessment in section 2.2 for, find the Excel sheet that corresponds to the risk number (e.g. R001).
    2. Identify between one and four risk response options for the risk event and document them in the Risk Costing Tool.
      • The “Risk Response 1” field will be automatically populated with expected cost data for a scenario where no action was taken (risk acceptance). This will serve as a baseline for comparing alternative responses.
      • For the following steps, go through the risk responses one by one.
    3. Estimate the first-year cost for the risk response.
      • This cost should reflect initial capital expenditures and first-year operating expenditures.
    		 Screenshot of the Risk Response cost-benefit-analysis from the Risk Costing Tool with 'Capital Expenditures' and 'Operating Expenditures' highlighted.

    Record the results in the Risk Costing Tool.

    3.1.4 Risk response cost-benefit analysis (continued)

    The purpose of a cost-benefit analysis (CBA) is to guide financial decision making.

    Instructions:

    1. Estimate residual risk likelihood and financial impact for Year 1 with the risk response in place.
      • Rather than estimating the likelihood level (low, medium, high), determine a precise likelihood value of the risk event occurring once the response has been implemented.
      • Estimate the dollar value of financial impacts if the risk event were to occur with the risk response in place.
        • Screenshot of the Risk Response cost-benefit-analysis from the Risk Costing Tool with figured for 'Financial Impact' and 'Probability' highlighted. The tool will calculate the expected residual cost of the risk event: (Financial Impact x Likelihood) - Costs = Expected Residual Cost
    2. Select the highest value risk response and document it in the Risk Register Tool.
    3. Document your analysis and recommendations in the Risk Event Action Plan.

    Note: See Activity 3.1.5 to build multi-year cost projections for risk responses.

    3.1.5 Create multi-year cost projections (optional)

    Select between risk response options by projecting their costs and benefits over multiple years.

    • It can be difficult to choose between risk response options that require different payment schedules. A risk response project with costs spread out over more than one year (e.g. incremental upgrades to an IT system) may be more advantageous than a project with costs concentrated up front that may cost less in the long run (e.g. replacing the system).
    • However, the impact that risk response projects have on reducing risk severity is not necessarily static. For example, an expensive project like replacing a system may drastically reduce the risk severity of a system failure. Whereas, incremental system upgrades may only marginally reduce risk severity in the short term but reach similar levels as a full system replacement in a few years.
    Instructions:

    Calculate expected cost for multiple years using the Risk Costing Tool for:

    • Risk events that are subject to change in severity over time.
    • Risk responses that reduce the severity of the risk gradually.
    • Risk responses that cannot be implemented immediately.

    Copy and paste the graphs into the Risk Report and the Risk Event Action Plan for the risk event.

    		Sample charts on the cost of risk responses from the Risk Costing Tool.

    Record the results in the Risk Costing Tool.

    Step 3.2

    Report IT Risk Priorities

    Activities
    • 3.2.1 Obtain executive approval for risk action plans
    • 3.2.2 Socialize the Risk Report
    • 3.2.3 Transfer ownership of risk responses to project managers
    • 3.2.4 Finalize the Risk Management Program Manual

    This step involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team

    Outcomes of this step

    • Obtained approval for risk action plans
    • Communicated IT’s risk recommendations to senior leadership
    • Embedded risk management into day-to-day IT operations

    Monitor, Respond, and Report on IT Risk

    Step 3.1 Step 3.2

    Effectively deliver IT risk expertise to the business

    Communicate IT risk management in two directions:

    1. Up to senior leadership (and ERM if applicable)
    2. Down to IT employees (embedding risk awareness)

      3. Visualization of communicating Up to 'Senior Leadership' and Down to 'IT Personnel'.

    		 Create a strong paper trail and obtain sign-off for the ITRC’s recommendations.

    Now that you have collected all of the necessary raw data, you must communicate your insights and recommendations effectively.

    A fundamental task of risk management is communicating risk information to senior management. It is your responsibility to enable them to make informed risk decisions. This can be considered upward communication.

    The two primary goals of upward communication are:

    1. Transferring accountability for high-priority IT risks to the ERM or to senior leadership.
    2. Obtaining funds for risk response projects recommended by the ITRC.

    Good risk management also has a trickle-down effect impacting all of IT. This can be considered downward communication.

    The two primary goals of downward communication are:

    1. Fostering a risk-aware IT culture.
    2. Ensuring that the IT risk management program maintains momentum and runs effectively.

    3.2.1 Obtain executive approval for risk action plans

    Best Practices and Key Benefits

    Best practice is for all acceptable risks to also be signed-off by senior leadership. However, for ITRCs that brainstorm 100+ risks, this may not be possible. If this is the case, prioritize accepted risks that were assessed to be closest to the organization’s thresholds.

    By receiving a stamp of approval for each key risk from senior management, you ensure that:

    1. The organization is aware of important IT risks that may impact business objectives.
    2. The organization supports the risk assessment conducted by the ITRC.
    3. The organization supports the plan of action and monitoring responsibilities proposed by the ITRC.
    4. If a risk event were to occur, the organization holds ultimate accountability.
    		 Sample of the Risk Event Action Plan template.

    Task:
    All IT risks that were flagged for exceeding the organization’s severity thresholds must obtain sign-off by the CIO or another member of the senior leadership team.

    • In the assessment phase, you evaluated risks using severity thresholds approved by the business and determined whether or not they justified a risk response.
    • Whether your recommendation was to accept the risk or to analyze possible risk responses, the business should be made aware of most IT risks.

    3.2.2 Socialize the risk report

    Create a succinct, impactful document that summarizes the outcomes of risk assessment and highlights the IT risk council’s top recommendations to the senior leadership team.

    The Risk Report contains:
    • An executive summary page highlighting the main takeaways for senior management:
      • A short summary of results from the most recent risk assessment
      • Dashboard
      • A list of top 10 risks ordered from most severe to least
    • Subsequent individual risk analyses (1 to 10)
      • Detailed risk assessment data
      • Risk responses
      • Risk response analysis
      • Multi-year cost projection (see the following slide)
      • Dashboard
      • Recommendations
    		 Sample of the Risk Report template.

    Risk Report

    Pursue projects that reduce the likelihood or impact of the risk event

    Encourage risk awareness to extend the benefits of risk management to every aspect of IT.

    Benefits of risk awareness:

    • More preventative and proactive approaches to IT projects are discussed and considered.
    • Changes to the IT threat landscape are more likely to be detected, communicated, and acted upon.
    • IT possesses a realistic perception of its ability to perform functions and provide services.
    • Contingency plans are put in place to hedge against risk events.
    • Fewer IT risks go unidentified.
    • CIOs and business executives make better risk decisions.

    Consequences of low risk awareness:

    • False confidence about the number of IT risks impacting the organization and their severity.
    • Risk-relevant information is not communicated to the ITRC, which may result in inaccurate risk assessments.
    • Confusion surrounding whose responsibility it is to consider how risk impacts IT decision making.
    • Uncertainty and panic when unanticipated risks impact the IT department and the organization.

    Embedding risk management in the IT department is a full-time job

    Take concrete steps to increase risk-aware decision making in IT.

    The IT risk council plays an instrumental role in fostering a culture of risk awareness throughout the IT department. In addition to periodic risk assessments, fulfilling reporting requirements, and undertaking ongoing monitoring responsibilities, members of the ITRC can take a number of actions to encourage other IT employees to adopt a risk-focused approach, particularly at the project planning stage.

    Embed risk management in project planning

    Make time for discussing project risks at every project kick-off.
    • A main benefit of including senior personnel from across IT in the ITRC is that they are able to disseminate the IT risk council’s findings to their respective practices.
    • At project kick-off meetings, schedule time to identify and assess project-specific risks.
    • Encourage the project team to identify strategies to reduce the likelihood and impact of those risks and document these in the project charter.
    • Lead by example by being clear and open about what constitutes acceptable and unacceptable risks.

    Embed risk management with employee

    Train IT staff on the ITRC’s planned responses to specific risk events.
    • If a response to a particular risk event is not to implement a project but rather to institute new policies or procedures, ensure that changes are communicated to employees and that they receive training.
    Provide risk management education opportunities.
    • Remember that a more risk-aware IT employee provides more value to the organization.
    • Invest in your employees by encouraging them to pursue education opportunities like receiving risk management accreditation or providing them with educational experiences such as workshops, seminars, and eLearning.

    Embedding risk management in the IT department is a full-time job (continued)

    Encourage risk awareness by adjusting performance metrics and job titles.

    Performance metrics:

    Depending on the size of your IT department and the amount of resources dedicated to ongoing risk management, you may consider embedding risk management responsibilities into the performance assessments of certain ITRC members or other IT personnel.

    • Personalize the risk management program metrics you have documented in your Risk Management Program Manual.
    • Evidence that KPIs are monitored and frequently reported is also a good indicator that risk owners are fulfilling their risk management responsibilities.

      • Info-Tech Insight

      If risk management responsibilities are not built into performance assessments, it is less likely that they will invest time and energy into these tasks. Adding risk management metrics to performance assessments directly links good job performance with good risk management, making it more likely that ITRC activities and initiatives gain traction throughout the IT department.

    Job descriptions:

    Changing job titles to reflect the focus of an individual’s role on managing IT risk may be a good way to distinguish personnel tasked with developing KRIs and monitoring risks on a week-to-week basis.

    • Some examples include IT Risk Officer, IT Risk Manager, and IT Risk Analyst.

    3.2.3 Transfer ownership of risk responses to project managers

    Once risk responses have obtained approval and funding, it is time to transform them into fully-fledged projects.

    Image of a hand giving a key to another hand and a circle split into quadrants of Governance with 'Governance of Risks' being put into 'Governance of Projects'.

    3.2.4 Finalize the Risk Management Program Manual

    Go back through the Risk Management Program Manual and ensure that the material will accurately reflect your approach to risk management going forward.

    Remember, the program manual is a living document that should be evolving alongside your risk management program, reflecting best practices, knowledge, and experiences accrued from your own assessments and experienced risk events.

    The best way to ensure that the program manual continues to guide and document your risk management program is to make it the focal point of every ITRC meeting and ensure that one participant is tasked with making necessary adjustments and additions.

    Sample of the Risk Management Program Manual. Risk Management Program Manual

    “Upon completing the Info-Tech workshop, the deliverables that we were left with were really outstanding. We put together a 3-year project plan from a high level, outlining projects that will touch upon our high risk areas.” (Director of Security & Risk, Water Management Company)

    Don’t allow your risk management program to flatline

    54% of small businesses haven’t implemented controls to respond to the threat of cyber attacks (Source: Insurance Bureau of Canada, 2021)

    Don’t be lulled into a false sense of security. It might be your greatest risk.

    So you’ve identified the most important IT risks and implemented projects to protect IT and the business.

    Unfortunately, your risk assessment is already outdated.

    Perform regular health checks to keep your finger on the pulse of the key risks threatening the business and your reputation.

    To continue the momentum of your newly forged IT risk management program, read Info-Tech’s research on conducting periodic risk assessments and “health checks”:

    Revive Your Risk Management Program With a Regular Health Check

    • Complete Info-Tech’s Risk Management Health Check to seize the momentum you created by building a robust IT risk management program and create a process for conducting periodic health checks and embedding ongoing risk management into every aspect of IT.
    • Our focus is on using data to make IT risk assessment less like an art and more like a science. Ongoing data-driven risk management is self-improving and grounded in historical data.

    Appendix I: Familiarize yourself with key risk terminology

    Review important risk management terms and definitions.

    Risk

    		An uncertain event or set of events which, should it occur, will have an effect on the achievement of objectives. A risk consists of a combination of the likelihood of a perceived threat or opportunity occurring and the magnitude of its impact on objectives (Office of Government Commerce, 2007).

    Threat

    		An event that can create a negative outcome (e.g. hostile cyber/physical attacks, human errors).

    Vulnerability

    		A weakness that can be taken advantage of in a system (e.g. weakness in hardware, software, business processes).

    Risk Management

    		The systematic application of principles, approaches, and processes to the tasks of identifying and assessing risks, and then planning and implementing risk responses. This provides a disciplined environment for proactive decision making (Office of Government Commerce, 2007).

    Risk Category

    		Distinct from a risk event, a category is an abstract profile of risk. It represents a common group of risks. For example, you can group certain types of risks under the risk category of IT Operations Risks.

    Risk Event

    		A specific occurrence of an event that falls under a particular risk category. For example, a phishing attack is a risk event that falls under the risk category of IT Security Risks.

    Risk Appetite

    		An organization’s attitude towards risk taking, which determines the amount of risk that it considers acceptable. Risk appetite also refers to an organization’s willingness to take on certain levels of exposure to risk, which is influenced by the organization’s capacity to financially bear risk.

    Enterprise Risk Management

    		(ERM) – A strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of organizational risks and managing the combined impact of those risks as an interrelated risk portfolio (RIMS, 2015).

    Appendix II: Likelihood vs. Frequency

    Why we measure likelihood, not frequency:

    The basic formula of Likelihood x Impact = Severity is a common methodology used across risk management frameworks. However, some frameworks measure likelihood using Frequency rather than Likelihood.

    Frequency is typically measured as the number of instances an event occurs over a given period of time (e.g. once per month).

    • For risk assessment, historical data regarding the frequency of a risk event is commonly used to indicate the likelihood that the event will happen in the future.

    Likelihood is a numerical representation of the “degree of belief” that the risk event will occur in a given future timeframe (e.g. 25% likelihood that the event will occur within the next year).

    False Objectivity

    While some may argue that frequency provides an objective measurement of likelihood, it is well understood in the field of likelihood theory that historical data regarding the frequency of a risk event may have little bearing over the likelihood of that event happening in the future. Frequency is often an indication of future likelihood but should not be considered an objective measurement of it.

    Likelihood scales that use frequency underestimate the magnitude of risks that lack historical precedent. For example, an IT department that has never experienced a high-impact data breach would adopt a very low likelihood score using the frequentist approach. However, if all of the organization’s major competitors have suffered a major breach within the last two years, they ought to possess a much higher degree of belief that the risk event will occur within the next year.

    Likelihood is a more comprehensive measurement of future likelihood, as frequency can be used to inform the selection of a likelihood value. The process of selecting intersubjective likelihood values will naturally internalize historical data such as the frequency that the event occurred in the past. Further, the frequency that the event is expected to occur in the future can be captured by the expected impact value. For example, a risk event that has an expected impact per occurrence of $10,000 that is expected to occur three times over the next year has an expected impact of $30,000.

    Appendix III: Should max impacts sway decision making?

    Don’t just fixate on the most likely impact – be aware of high-impact outcomes.

    During assessment, risks are evaluated according to their most likely financial impact.

    • For example, a service outage will likely last for two hours and may have an expected cost of $14,000.

    Naturally, focusing on the most likely financial impact will exclude higher impacts that – while theoretically possible – are so unlikely that they do not warrant any real consideration.

    • For example, it is possible that a service outage could last for days; however, the likelihood for such an event may be well below 1%.

    While the risk severity level assessment allows you to present impacts as a range of values (e.g. $50,000 to $75,000), the expected cost assessment requires you to select specific values.

    • However, this analysis may fail to consider much higher potential impacts that have non-negligible likelihood values (likelihood values that you cannot ignore).
    • What you consider “non-negligible” will depend on your organizational risk tolerance/appetite.

    Sometimes called Black Swan events or Fat-Tailed outcomes, high-impact events may occur when the far right of the likelihood distribution – or the “tail” – is thicker than a normal distribution (see fig. 2).

    • A good example is a data breach. While small to medium impacts are far more likely to occur than a devastating intrusion, the high-impact scenario cannot be ignored completely.

    For risk events that contain non-negligible likelihoods (too high to be ignored) consider elevating the risk severity level or expected cost.

    		 Figure 1 is a graph presenting a 'Normal Likelihood Distribution', the axes being 'Likelihood' and 'Financial Impact'.
    Figure 2 is a graph presenting a 'Fat-Tailed Likelihood Distribution' with a point at the top of the parabola labelled 'Most Likely Impact' but with a much wider bottom labelled 'Fat-Tailed Outcomes', the axes being 'Likelihood' and 'Financial Impact'.

    Leverage Info-Tech’s research on security and compliance risk to identify additional risk events

    Title card of the Info-tech blueprint 'Take Control of Compliance Improvement to Conquer Every Audit' with subtitle 'Don't gamble recklessly with external compliance. Play a winning system and take calculated risks to stack the odds in your favor.


    Take Control of Compliance Improvement to Conquer Every Audit

    Info-Tech Insight

    Don’t gamble recklessly with external compliance. Play a winning system and take calculated risks to stack the odds in your favor.

    Take an agile approach to analyze your gaps and prioritize your remediations. You don’t always have to be fully compliant as long as your organization understands and can live with the consequences.

    Stock photo of a woman sitting at a computer surrounded by rows of computers.


    Develop and Implement a Security Risk Management Program

    Info-Tech Insight

    Security risk management equals cost effectiveness.

    Time spent upfront identifying and prioritizing risks can mean the difference between spending too much and staying on budget.

    Research Contributors and Experts

    Sandi Conrad
    Principal Research Director
    Info-Tech Research Group

    Christine Coz
    Executive Counsellor
    Info-Tech Research Group

    Milena Litoiu
    Principal Research Director
    Info-Tech Research Group

    Scott Magerfleisch
    Executive Advisor
    Info-Tech Research Group

    Aadil Nanji
    Research Director
    Info-Tech Research Group

    Andy Neill
    Associate Vice-President of Research
    Info-Tech Research Group

    Daisha Pennie
    IT Risk Management
    Oklahoma State University

    Ken Piddington
    CIO and Executive Advisor
    MRE Consulting

    Frank Sewell
    Research Director
    Info-Tech Research Group

    Andrew Sharpe
    Research Director
    Info-Tech Research Group

    Chris Warner
    Consulting Director- Security
    Info-Tech Research Group

    Sterling Bjorndahl
    Director of IT Operations
    eHealth Saskatchewan

    Research Contributors and Experts

    Ibrahim Abdel-Kader
    Research Analyst
    Info-Tech Research Group

    Tamara Dwarika
    Internal Auditor
    A leading North American Utility

    Anne Leroux
    Director
    ES Computer Training

    Ian Mulholland
    Research Director
    Info-Tech Research Group

    Michel Fossé
    Consulting Services Manager
    IBM Canada (LGS)

    Petar Hristov
    Research Director
    Info-Tech Research Group

    Steve Woodward
    Research Director
    CEO, Cloud Perspectives

    *Plus 10 additional interviewees who wish to remain anonymous.

    Bibliography

    “2021 State of the CIO.” IDG, 28 January 2021. Web.

    “4 Reasons Why CIOs Lose Their Jobs.” Silverton Consulting, 2012. Web.

    Beasley, Mark, Bruce Branson, and Bonnie Hancock. “The State of Risk Oversight,” AICPA, April 2021. Web.

    COBIT 2019. ISACA, 2019. Web.

    “Cognyte jeopardized its database exposing 5 billion records, including earlier data breaches.” SecureBlink, 21 June 2021. Web.

    Culp, Steve. “Accenture 2019 Global Risk Management Study, Financial Services Report.” Accenture, 2019. Web.

    Curtis, Patchin, and Mark Carey. “Risk Assessment in Practice.” COSO Committee of Sponsoring Organizations of the Treadway Commission, Deloitte & Touche LLP, 2012. Web.

    “Cyber Risk Management.” Insurance Bureau of Canada (IBC), 2022. Web.

    Eccles, Robert G., Scott C. Newquist, and Roland Schatz. “Reputation and Its Risks.” Harvard Business Review, February 2007. Web.

    Eden, C. and F. Ackermann. Making Strategy: The Journey of Strategic Management. Sage Publications, 1998.

    “Enterprise Risk Management Maturity Model.” OECD, 9 February 2021. Web.

    Ganguly, Saptarshi, Holger Harreis, Ben Margolis, and Kayvaun Rowshankish. “Digital Risks: Transforming risk management for the 2020s.” McKinsey & Company, 10 February 2017. Web.

    “Governance Institute of Australia Risk Management Survey 2020.” Governance Institute of Australia, 2020. Web.

    “Guidance on Enterprise Risk Management.” COSO, 2022. Web.

    Henriquez, Maria. “The Top 10 Data Breaches of 2021” Security Magazine, 9 December 2021. Web.

    Holmes, Aaron. “533 million Facebook users’ phone numbers and personal data have been leaked online.” Business Insider, 3 April 2021. Web.

    Bibliography

    “Integrated Risk and Compliance Management for Banks and Financial Services Organizations: Benefits of a Holistic Approach.” MetricStream, 2022. Web.

    “ISACA’s Risk IT Framework Offers a Structured Methodology for Enterprises to Manage Information and Technology Risk.” ISACA, 25 June 2020. Web.

    ISO 31000 Risk Management. ISO, 2018. Web.

    Lawton, George. “10 Enterprise Risk Management Trends in 2022.” TechTarget, 2 February 2022. Web.

    Levenson, Michael. “MGM Resorts Says Data Breach Exposed Some Guests’ Personal Information.” The New York Times, 19 February 2020. Web.

    Management of Risk (M_o_R): Guidance for Practitioners. Office of Government Commerce, 2007. Web.

    “Many small businesses vulnerable to cyber attacks.” Insurance Bureau of Canada (IBC), 5 October 2021.

    Maxwell, Phil. “Why risk-informed decision-making matters.” EY, 3 December 2019. Web.

    “Measuring and Mitigating Reputational Risk.” Marsh, September 2014. Web.

    Natarajan, Aarthi. “The Top 6 Business Risks you should Prepare for in 2022.” Diligent, 22 December 2021. Web.

    “Operational Risk Management Excellence – Get to Strong Survey: Executive Report.” KMPG and RMA, 2014. Web.

    “Third-party risk is becoming a first priority challenge.” Deloitte, 2022. Web.

    Thomas, Adam, and Dan Kinsella. “Extended Enterprise Risk Management Survey, 2020.” Deloitte, 2021. Web.

    Treasury Board Secretariat. “Guide to Integrated Risk Management.” Government of Canada, 12 May 2016. Web.

    Webb, Rebecca. “6 Reasons Data is Key for Risk Management.” ClearRisk, 13 January 2021. Web.

    “What is Enterprise Risk Management (ERM)?” RIMS, 2015. Web.

    Wiggins, Perry. “Do you spend enough time assessing strategic risks?” CFO, 26 January 2022. Web.

    Build a More Effective Brand Architecture

    • Buy Link or Shortcode: {j2store}571|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Neglecting to maintain the brand architecture can have the following consequences:

    • Inconsistent branding across product lines, services, and marketing communications.
    • Employee confusion regarding product lines, services, and brand structure.
    • Difficulties in launching new products or services or integrating acquired brands.
    • Poor customer experience in navigating the website or understanding the offerings.
    • Inability to differentiate from competitors.
    • Weak brand equity and a lack of brand loyalty.

    Our Advice

    Critical Insight

    Brand architecture is the way a company organizes and manages its portfolio of brands to achieve strategic goals. It encompasses the relationships between brands, from sub-brands to endorsed brands to independent brands, and how they interact with each other and with the master brand. With a clear brand architecture, businesses can optimize their portfolio, enhance their competitive position, and achieve sustainable growth and success in the long run.

    Impact and Result

    Establishing and upholding a well-defined brand architecture is critical to achieve:

    • Easy recognition and visibility
    • Consistent branding
    • Operational efficiency
    • Customer loyalty
    • Ability to easily adapt to changes
    • Competitive differentiation
    • Distinctive brand image
    • Business success

    Build a More Effective Brand Architecture Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a More Effective Brand Architecture Storyboard – Develop a brand architecture that supports your business goals, clarifies your brand portfolio, and enhances your overall brand equity.

    We recommend a two-step approach that involves defining or reimagining the brand architecture. This means choosing the right strategy by analyzing the current brand portfolio, identifying the core brand elements, and determining and developing the structure that fits with the brand and business goals. A well-thought-out brand architecture also facilitates the integration of new brands and new product launches.

    • Build a More Effective Brand Architecture Storyboard

    2. Brand Architecture Strategy Template – The brand architecture template is a tool for creating a coherent brand identity.

    Create a brand identity that helps you launch new products and services, prepare for acquisitions, and modify your brand strategy. Allocate resources more effectively and identify new opportunities for growth. A brand architecture can provide insights into how different brands fit together and contribute to the overall brand strategy.

    • Brand Architecture Strategy Template

    Infographic

    Workshop: Build a More Effective Brand Architecture

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Brand Mind Mapping

    The Purpose

    The brand mind mapping workshop is an exercise that helps with visualizing brand architecture and improving coherence and effectiveness in brand portfolio management.

    Key Benefits Achieved

    This exercise can help businesses:

    Allocate their resources more effectively.

    Identify new opportunities for growth.

    Gain a competitive advantage in their market.

    Activities

    1.1 Brand Mind Mapping

    Outputs

    Visual representation of the brand architecture and its various components

    Further reading

    Build a More Effective Brand Architecture

    Strategically optimize your portfolio to increase brand recognition and value.

    Analyst perspective

    Brand Architecture

    Nathalie Vezina, Marketing Research Director, SoftwareReviews Advisory

    Nathalie Vezina
    Marketing Research Director
    SoftwareReviews Advisory

    This blueprint highlights common brand issues faced by companies, such as inconsistencies in branding and sub-branding due to absent or inadequate planning and documentation or non-compliance with the brand architecture. It emphasizes the importance of aligning or modifying the company's brand strategy with the existing architecture to create a consistent brand when launching new products, services, or divisions or preparing for acquisitions.

    Changing the brand architecture can be challenging, as it often requires significant resources, time, and effort. Additionally, there may be resistance from stakeholders who have become attached to the existing brand architecture and may not see the value in making changes. However, it's important for companies to address suboptimal brand architecture to ensure consistency and clarity in brand messaging and support business growth and success.

    This blueprint guides brand leaders on building and updating their brand architecture for optimal clarity, consistency, adaptability, and efficiency.

    Executive summary

    Your Challenge Common Obstacles SoftwareReviews’ Approach
    A company's brand architecture can help brand managers build a stronger brand that supports the company's goals and increases brand value. Failing to maintain the brand architecture can have the following consequences:
    • Inconsistent branding across product lines, services, and marketing communications
    • Employee confusion regarding product lines, services, and brand structure.
    • Difficulties in launching new products or services or integrating acquired brands.
    • Poor customer experience in navigating the website or understanding the offerings.
    • Inability to differentiate from competitors.
    • Weak brand equity and a lack of brand loyalty.
    		 Establishing and maintaining a clear brand architecture can pose significant issues for brand leaders. Despite these obstacles, defining the brand architecture can yield substantial benefits for businesses. Common constraints are:
    • Lack of knowledge on the subject, resulting in difficulties securing buy-in from stakeholders.
    • Siloed teams and competing priorities.
    • Limited resources and time constraints.
    • Resistance to change from employees or customers.
    • Inconsistent execution and adherence to brand guidelines.
    • Lack of communication and coordination when acquiring new brands.
    		 With focused and effective efforts and guidance, brand leaders can define or reimagine their brand architecture. Developing and maintaining a clear and consistent brand architecture involves:
    • Defining the brand architecture strategy.
    • Analyzing the current brand portfolio and identifying the core brand elements.
    • Determining and developing the proper brand structure.
    • Updating brand guidelines and messaging.
    • Rolling out the brand architecture across touchpoints and assets.
    • Facilitating the integration of new brands.
    • Monitoring and adjusting the architecture as needed for relevance to business goals.

    "[B]rand architecture is like a blueprint for a house...the foundation that holds all the pieces together, making sure everything fits and works seamlessly."
    Source: Verge Marketing

    The basics of brand architecture

    The significance of brand hierarchy organization

    Brand architecture is the hierarchical organization and its interrelationships. This includes shaping the brand strategy and structuring the company's product and service portfolio.

    A well-designed brand architecture helps buyers navigate a company's product offerings and creates a strong brand image and loyalty.

    A company's brand architecture typically includes three levels:

    • Master or parent brand
    • Sub-brands
    • Endorsed brands

    Choosing the right architecture depends on business strategy, products and services, and target audience. It should be reviewed periodically as the brand evolves, new products and services are launched, or new brands are acquired.

    "A brand architecture is the logical, strategic, and relational structure for your brands, or put another way, it is the entity's 'family tree' of brands, sub-brands, and named products."
    Source: Branding Strategy Insider

    Enhancing a company's brand hierarchy for better business outcomes

    Maximize brand strategy with a well-defined and managed brand architecture.

    Align brand architecture with business goals
    A well-defined brand architecture aligned with business objectives contributes to building brand recognition, facilitating brand extension, and streamlining brand portfolio management. In addition, it improves marketing effectiveness and customer experience.
    With a clear and consistent brand architecture, companies can strengthen their brand equity, increase awareness and loyalty, and grow in their competitive environment.

    Effectively engage with the desired buyers
    A clear and consistent brand architecture enables companies to align their brand identity and value proposition with the needs and preferences of their target audience, resulting in increased customer loyalty and satisfaction.
    Establishing a unique market position and reinforcing brand messaging and positioning allows companies to create a more personalized and engaging customer experience, driving business growth.

    Maintain a competitive edge
    An effective brand architecture allows companies to differentiate themselves from their competitors by establishing their unique position in the market. It also provides a structured framework for introducing new products or services under the same brand, leveraging the existing one.
    By aligning their brand architecture with their business objectives, companies can achieve sustainable growth and outperform their competitors in the marketplace.

    "A well-defined brand architecture provides clarity and consistency in how a brand is perceived by its audience. It helps to create a logical framework that aligns with a brand's overall vision and objectives."
    Source: LinkedIn

    Pitfalls of neglecting brand guidelines

    Identifying the negative effects on business and brand value.

    Deficient brand architecture can manifest in various ways.

    Here are some common symptoms:

    • Lack of clarity around the brand's personality and values
    • Inconsistent messaging and branding
    • Inability to differentiate from competitors
    • Weak brand identity
    • Confusion among customers and employees
    • Difficulty launching new products/services or integrating acquired brands
    • Lack of recognition and trust from consumers, leading to potential negative impacts on the bottom line

    Brand architecture helps to ensure that your company's brands are aligned with your business goals and objectives, and that they work together to create a cohesive and consistent brand image.

    The most common obstacles in developing and maintaining a clear brand architecture

    Establishing and maintaining a clear brand architecture requires the commitment of the entire organization and a collaborative effort.

    Lack of stakeholder buy-in > Resistance to change

    Siloed teams > Inconsistent execution

    Limited resources > Lack of education and communication

    Types of brand architectures

    Different approaches to structuring brand hierarchy

    Brand architecture is a framework that encompasses three distinct levels, each comprising a different type of branding strategy.

    Types of brand architectures

    Examples of types of brand architectures

    Well-known brands with different brand and sub-brands structures

    Examples of types of brand architectures

    Pros and cons of each architecture types

    Different approaches to organizing a brand portfolio

    The brand architecture impacts the cohesiveness, effectiveness, and market reach. Defining or redefining organization changes is crucial for company performance.

    Branded House Endorsed Brands House of Brands
    Other Designations
    • "Monolithic brands"
    • "Sub-brands"
    • "Freestanding brands"
    Description
    • Single brand name for all products/services
    • Creates a unique and powerful image that can easily be identified
    • The master brand name endorses a range of products/services marketed under different sub-brands
    • Decentralized brands
    • Can target diverse markets with separate brand names for each product/service
    Marketing & Comms
    • Highly efficient
    • Eliminates split branding efforts by product/service
    • Product differentiation and tailoring messages to specific customer segments are limited
    • Each brand has its unique identity
    • Benefit from the support and resources of the master brand
    • Allows for unique branding and messaging per products/services for specific customer segments
    • Can experiment with different offerings and strategies
    Impact on Sales
    • Good cross-selling opportunities by leveraging a strong brand name
    • Benefit from the master brand's credibility, building customer trust and increasing sales
    • Tailored marketing to specific segments can increase market share and profitability
    • Creates competitive advantage and builds loyalty
    Cost Effectiveness
    • Cost-effective
    • No separate branding efforts per product/service
    • Lack of economy of scale
    • Fragmentation of resources and duplication of effort
    • Lack of economy of scale
    • Fragmentation of resources and duplication of effort
    Reputation and Image
    • More control over the brand image, messages, and perception, leading to strong recognition
    • Increased vulnerability to negative events can damage the entire brand, products/services offered
    • Mitigated risk, protecting the master brand's reputation and financial performance
    • Negative events with one brand can damage the master and other brands, causing a loss of credibility
    • Reduced risk, safeguarding the master brand's reputation and financial performance
    • Each brand builds its own equity, enhancing the company's financial performance and value
    Consistency
    • Ensures consistency with the company's brand image, values, and messaging
    • Helps build trust and loyalty
    • Inconsistent branding and messaging can cause confusion and misunderstandings
    • Unclear link between master/endorsed brands
    • Reduces trust and brand loyalty
    • Difficult to establish a clear and consistent corporate identity
    • Can reduce overall brand recognition and loyalty

    Brand naming decision tree

    Create a naming process for brand alignment and resonance with the target audience

    To ensure a chosen name is effective and legally/ethically sound, consider the ease of pronunciation/spelling, the availability for registration of brand/domain name, any negative connotations/associations in any language/culture, and potential legal/ethical issues.

    Brand naming decision tree

    To ensure a chosen name is effective and legally/ethically sound, consider the ease of pronunciation/spelling, the availability for registration of brand/domain name, any negative connotations/associations in any language/culture, and potential legal/ethical issues.

    Advantages of defining brand architecture

    Maximize your brand potential with a clear architecture strategy.

    Clear offering

    Adaptability

    Consistent branding

    Competitive differentiation

    Operational efficiency

    Strong brand identity

    Customer loyalty

    Business success

    "Responding to external influences, all brands must adapt and change over time. A clear system can aid in managing the process, ensuring that necessary changes are implemented effectively and efficiently."
    Source: The Branding Journal

    SoftwareReviews' brand architecture creation methodology

    Develop and Implement a Robust Brand Architecture

    Phase Steps

    		 Step 1 Research and Analysis
    1.1 Define brand architecture strategy
    1.2 Brand audit
    1.3 Identify brand core elements

    Step 2 Development and Implementation
    2.1 Determine brand hierarchy
    2.2 Develop or update brand guidelines
    2.3 Roll out brand architecture
    Phase Outcomes
    • Brand current performance is assessed
    • Issues are highlighted and can be addressed
    • Brand structure is developed and implemented across touchpoints and assets
    • Adjustments are made on an ongoing basis for consistency and relevance to business goals

    Insight summary

    Brand Architecture: Organize and manage your portfolio of brands
    Brand architecture is the way a company organizes and manages its portfolio of brands to achieve strategic goals. It encompasses the relationships between brands, from sub-brands to endorsed brands to independent brands, and how they interact with each other and with the master brand. With a clear brand architecture, businesses can optimize their portfolio, enhance their competitive position, and achieve sustainable growth and success in the long run.

    Aligning brand architecture to business strategy
    Effective brand architecture aligns with the company's business strategy, marketing objectives, and customer needs. It provides clarity and coherence to the brand portfolio, helps customers navigate product offerings, and maximizes overall equity of the brand.

    Choosing between three types of brand architecture
    A company's choice of brand architecture depends on factors like product range, target markets, and strategic objectives. Each approach, Branded House, Endorsed, or House of Brands, has its own pros and cons, and the proper option relies on the company's goals, resources, and constraints.

    A logical brand hierarchy for more clarity
    The order of importance of brands in the portfolio, including the relationships between the master and sub-brands, and the positioning of each in the market is fundamental. A clear and logical hierarchy helps customers understand the value proposition of each brand and reduces confusion.

    A win-win approach
    Clear brand architecture can help customers easily navigate and understand the product offering, reinforce the brand identity and values, and improve customer loyalty and retention. Additionally, it can help companies optimize their marketing strategies, streamline their product development and production processes, and maximize their revenue and profitability.

    Brand architecture, an ongoing process
    Brand architecture is not a one-time decision but an ongoing process that requires regular review and adjustment. As business conditions change, companies may need to revise their brand portfolio, brand hierarchy, or brand extension and acquisition strategies to remain competitive and meet customer needs.

    Brand architecture creation tools

    This blueprint comes with tools to help you develop your brand architecture.

    Brand Architecture Toolkit

    This kit includes a Brand Architecture Mini-Audit, a Brand Architecture template, and templates for Brand Matrix, Ecosystem, and Development Strategy.

    Use this kit to develop a strong brand architecture that aligns with your business goals, clarifies your brand portfolio, and enhances overall brand equity.

    Brand Architecture Toolkit

    Brand Architecture

    Develop a robust brand architecture that supports your business goals, clarifies your brand portfolio, and enhances your overall brand equity.

    "A brand architecture is the logical, strategic, and relational structure for your brands, or put another way, it is the entity's 'family tree' of brands, sub-brands, and named products."
    Source: Branding Strategy Insider

    Consequences of Neglected Brand Guidelines

    When a company neglects its brand architecture and guidelines, it can result in a number of negative consequences, such as:

    • Lack of clarity around the brand's personality and values
    • Inconsistent messaging and branding
    • Inability to differentiate from competitors
    • Weak brand identity
    • Confusion among customers and employees
    • Difficulty launching new products/services or integrating acquired brands
    • Lack of recognition and trust from consumers, leading to potential negative impacts on the bottom line.

    Benefits of SoftwareReviews' Methodology

    By following SoftwareReviews' methodology to develop and maintain a brand architecture, businesses can:

    • Establish a unique market position and stand out from competitors
    • Ensure that marketing efforts are focused and effective
    • Create personalized and engaging customer experiences
    • Reinforce messaging and positioning
    • Increase customer loyalty and satisfaction
    • Build brand recognition and awareness

    Marq, formerly Lucidpress, surveyed over 400 brand management experts and found that "if the brand was consistent, revenue would increase by 10-20%."

    Methodology for Defining Brand Architecture

    Who benefits from this research?

    This research is designed for:

    • Organizations that value their brand and want to ensure that it is communicated effectively and consistently across all touchpoints.
    • Business owners, marketers, brand managers, creative teams, and anyone involved in the development and implementation of brand strategy.

    This research will also assist:

    • Sales and customer experience teams
    • Channel partners
    • Buyers

    This research will help you:

    • Establish a unique market position and stand out from competitors.
    • Create a more personalized and engaging customer experience.
    • Ensure that marketing efforts are focused and effective.
    • Reinforce brand messaging and positioning.

    This research will help them:

    • Increase customer loyalty and satisfaction
    • Build brand recognition and awareness
    • Drive business growth and profitability.

    SoftwareReviews offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."     		Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."    		 Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."    		 Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
    Included Within Advisory Membership Optional Add-Ons

    Guided Implementation

    What does a typical GI on this topic look like?

    Research & Analysis
    Call #1: Discuss brand architecture strategy (define objectives, scope and stakeholders). Call #3: Identify core brand components and ensure they align with the brand strategy. Call #5: Develop or update brand guidelines. Optional Calls:
    • Brand Diagnostic
    • Brand Strategy and Tactics
    • Brand Voice Guidelines
    • Asset Creation and Management
    • Brand Messaging
    Call #2: Conduct a brand audit. Call #4: Define and document the brand hierarchy. Call #6: Roll out the brand architecture and monitoring.

    A Guided Implementation (GI) is a series of calls with a SoftwareReviews Marketing Analyst to help implement our best practices in your organization.

    Your engagement managers will work with you to schedule analyst calls.

    Brand Mind Mapping Workshop Overview

    Total duration: 3-4 hours

    Activities
    Visually map out the different elements of your brand portfolio, including corporate brands, sub-brands, product brands, and their relationships with each other.

    The workshop also aims to explore additional elements, such as brand expansions, acquisitions, and extensions, and brand attributes and positioning.

    Deliverables
    Get a mind map that represents the brand architecture and its various components, which can be used to evaluate and improve the overall coherence and effectiveness of the brand portfolio. The mind map can also provide insights into how different brands fit together and contribute to the overall brand strategy.

    Participants

    • Business owners
    • Head of Branding and anyone involved with the brand strategy

    Tools

    • Brand Architecture Template, slides 7 and 8

    Brand Mind Mapping

    Contact your account representative for more information
    workshops@infotech.com | 1-888-670-8889

    Get started!

    Develop a brand architecture that supports your business goals, clarifies your brand portfolio, and enhances your overall brand equity.

    Develop and Implement a Robust Brand Architecture

    Step 1 Research and Analysis
    1.1 Define architecture strategy
    1.2 Perform brand audit
    1.3 Identify brand core elements

    Step 2 Development and Implementation
    2.1 Determine brand hierarchy
    2.2 Develop or update brand guidelines
    2.3 Roll out brand architecture

    Phase Outcome

    • Brand current performance is assessed
    • Issues are highlighted and can be addressed
    • Brand structure is developed and implemented across touchpoints and assets
    • Adjustments made on an ongoing basis for consistency and relevance to business goals

    Develop and implement a robust brand architecture

    Steps 1.1, 1.2 & 1.3 Define architecture strategy, audit brand, and identify core elements.

    Total duration: 2.5-4.5 hours

    Objective
    Define brand objectives (hierarchy, acquired brand inclusion, product distinction), scope, and stakeholders. Analyze the brand portfolio to identify gaps or inconsistencies. Identify brand components (name, logo, tagline, personality) and align them with the brand and business strategy.

    Output
    By completing these steps, you will assess your current brand portfolio and evaluate its consistency and alignment with the overall brand strategy.

    Participants

    • Business owners
    • Head of Branding and anyone involved with the brand strategy

    Tools

    • Diagnose Brand Health to Improve Business Growth Blueprint (optional)
    • Brand Awareness Strategy Template (optional)

    1.1 Define Brand Architecture Strategy
    (60-120 min.)

    Define

    Define brand objectives (hierarchy, inclusion of an acquired brand, product distinction), scope, and stakeholders.

    1.2 Conduct Brand Audit
    (30-60 min.)

    Assess

    Assess the state of your brand architecture using the "Brand architecture mini-audit checklist," slide 9 of the Brand Architecture Strategy Template. Check the boxes that correspond to the state of your brand architecture. Those left unchecked represent areas for improvement.

    For a more in-depth analysis of your brand performance, follow the instructions and use the tools provided in the Diagnose Brand Health to Improve Business Growth blueprint (optional).

    1.3 Identify Core Brand Elements
    (60-90 min.)

    Identify

    Define brand components (name, logo, tagline, personality). Align usage with strategy. You can develop your brand strategy, if not already existing, using the Brand Awareness Strategy Template (optional).

    Tip!

    Continuously monitor and adjust your brand architecture - it's not static and should evolve over time. You can also adapt your brand strategy as needed to stay relevant and competitive.

    Develop and implement a robust brand architecture

    Steps 2.1. 2.2 & 2.3 Develop brand hierarchy, guidelines, and rollout architecture.

    Total duration: 3.5-5.5 hours

    Objective
    Define your brand structure and clarify the role and market position of each. Create concise brand expression guidelines, implement them across all touchpoints and assets, and adjust as needed to stay aligned with your business goals.

    Output
    This exercise will help you establish and apply your brand structure, with a plan for ongoing updates and adjustments to maintain consistency and relevance.

    Participants

    • Business owners
    • Head of Branding and anyone involved with the brand strategy

    Tools

    • Brand Architecture Template
    • Brand Voice Guidelines
    • Brand Messaging Template
    • Asset Creation and Management List Template

    2.1 Determine Brand Hierarchy
    (30-60 min.)

    Analyze & Document

    In the Brand Architecture Strategy Template, complete the brand matrix, ecosystem, development strategy matrix, mind mapping, and architecture, to develop a strong brand architecture that aligns with your business goals and clarifies your brand portfolio and market position.

    2.2 Develop/Update Brand Guidelines
    (120-180 min.)

    Develop/Update

    Develop (or update existing) clear, concise, and actionable brand expression guidelines using the Brand Voice Guidelines and Brand Messaging Template.

    2.2 Rollout Brand Architecture
    Preparation (60-90 min.)

    Create & Implement

    Use the Asset Creation and Management List Template to implement brand architecture across touchpoints and assets.

    Monitor and Adjust

    Use slide 8, "Brand Strategy Development Matrix," of the Brand Architecture Strategy Template to identify potential and future brand development strategies to build or enhance your brand based on your current brand positioning and business goals. Monitor, and adjust as needed, for relevance to the brand and business strategy.

    Tip!

    Make your brand architecture clear and simple for your target audience, employees, and stakeholders. This will avoid confusion and help your audience understand your brand structure.

    Prioritizing clarity and simplicity will communicate your brand's value proposition effectively and create a strong brand that resonates with your audience and supports your business goals.

    Related SoftwareReviews research

    Diagnose Brand Health to Improve Business Growth

    Have a significant and well-targeted impact on business success and growth by knowing how your brand performs, identifying areas of improvement, and making data-driven decisions to fix them.

    • Increase brand awareness and equity.
    • Build trust and improve customer retention and loyalty.
    • Achieve higher and faster growth.

    Accelerate Business Growth and Valuation by Building Brand Awareness

    Successfully build awareness and help the business grow. Stand out from the competition and continue to grow in a sustainable way.

    • Get a clear understanding of the buyer's needs and your key differentiator.
    • Achieve strategy alignment and readiness.
    • Create and manage assets.

    Bibliography

    "Brand Architecture: Definition, Types, Strategies, and Examples." The Branding Journal, 2022.

    "Brand Architecture: What It Is and How to Build Your Brand's Framework." HubSpot, 2021.

    "Brand Architecture Framework." Verge Marketing, 2021.

    "Brand consistency-the competitive advantage and how to achieve it." Marq/Lucidpress, 2021.

    "Building brands for growth: A fresh perspective." McKinsey & Company. Accessed on 31 March 2023.

    Daye, Derrick. "Brand Architecture Strategy Guide." Branding Strategy Insider, The Blake Project, 13 May 2021.

    Todoran, Adrian. "Choosing the Perfect Brand Architecture Strategy for Your Business." LinkedIn, 2023.

    Understand and Apply Internet-of-Things Use Cases to Drive Organizational Success

    • Buy Link or Shortcode: {j2store}535|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • The Internet of Things (IoT) is a rapidly proliferating technology – connected devices have experienced unabated growth over the last ten years.
    • The business wants to capitalize on the IoT and move the needle forward for proactive customer service and operational efficiency.
    • Moreover, IT wants to maintain its reputation as forward-thinking, and the business wants to be innovative.

    Our Advice

    Critical Insight

    • Leverage Info-Tech’s comprehensive three-phase approach to IoT projects: understand the fundamentals of IoT capabilities, assess where the IoT will drive value within the organization, and present findings to stakeholders.
    • Conduct a foundational IoT discussion with stakeholders to level set expectations about the technology’s capabilities.
    • Determine your organization’s approach to the IoT in terms of both hardware and software.
    • Determine which use case your organization fits into: three of the use cases highlighted in this report include predictive customer service, smart offices, and supply chain applications.

    Impact and Result

    • Our methodology addresses the possible issues by using a case-study approach to demonstrate the “Art of the Possible” for the IoT.
    • With an understanding of the IoT, it is possible to find applicable use cases for this emerging technology and get a leg up on competitors.

    Understand and Apply Internet-of-Things Use Cases to Drive Organizational Success Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why your organization should care about the IoT’s potential to transform the service and the workplace, and how Info-Tech will support you as you identify and build your IoT use cases.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand core IoT use cases

    Analyze the scope of the IoT and the three most prominent enterprise use cases.

    • Understand and Apply Internet-of-Things Use Cases to Drive Organizational Success – Phase 1: Understand Core IoT Use Cases

    2. Build the business case for IoT applications

    Develop and prioritize use cases for the IoT using Info-Tech’s IoT Initiative Framework.

    • Understand and Apply Internet-of-Things Use Cases to Drive Organizational Success – Phase 2: Build the Business Case for IoT Initiatives

    3. Present IoT initiatives to stakeholders

    Present the IoT initiative to stakeholders and understand the way forward for the IoT initiative.

    • Understand and Apply Internet-of-Things Use Cases to Drive Organizational Success – Phase 3: Present IoT Initiatives to Stakeholders
    • Internet of Things Stakeholder Presentation Template
    [infographic]

    Endpoint Management Selection Guide

    • Buy Link or Shortcode: {j2store}65|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications

    Endpoint management solutions are becoming an essential solution: Deploying the right devices and applications to the right user and the need for zero-touch provisioning are indispensable parts of a holistic strategy for improving customer experience. However, selecting the right-sized platform that aligns with your requirements is a big challenge.

    Following improvements in end-user computation strategies, selection of the right endpoint management solution is a crucial next step in delivering a concrete business value.

    Our Advice

    Critical Insight

    Investigate vendors’ roadmaps to figure out which of the candidate platforms can fulfill your long-term requirements, without any unnecessary investment in features that are not currently useful for you. Make sure you don’t purchase capabilities that you will never use.

    Impact and Result

    • Determine what you require from an endpoint management solution.
    • Review the market space and product offerings, and compare capabilities of key players.
    • Create a use case and use top-level requirements to determine use cases and shortlist vendors.
    • Conduct a formal process for interviewing vendors using Info-Tech’s templates to select the best platform for your requirements.

    Endpoint Management Selection Guide Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Endpoint Management Selection Guide Storyboard – A structured guide to walk you through the endpoint management market.

    This storyboard will help you understand endpoint management solution core capabilities and prepare you to select an appropriate tool.

    • Endpoint Management Selection Guide Storyboard

    2. UEM Requirements Workbook – A template to help you build your first draft of requirements for UEM selection.

    Use this spreadsheet to brainstorm use cases and features to satisfy your requirements. This document will be help you score solutions and narrow down the field to a list of candidates who can meet your requirements.

    • UEM Requirements Workbook
    [infographic]

    Further reading

    Endpoint Management Selection Guide

    Streamline your organizational approach to selecting a right-sized endpoint management platform.

    Endpoint Management Selection Guide

    Streamline your organizational approach toward the selection of a right-sized endpoint management platform.

    EXECUTIVE BRIEF

    Analyst Perspective

    Revolutionize your endpoint management with a proper tool selection approach

    The endpoint management market has an ever-expanding and highly competitive landscape. The market has undergone tremendous evolution in past years, from device management to application deployments and security management. The COVID-19 pandemic forced organizations to service employees and end users remotely while making sure corporate data is safe and user satisfaction doesn't get negatively affected. In the meantime, vendors were forced to leverage technology enhancements to satisfy such requirements.

    That being said, endpoint management solutions have become more complex, with many options to manage operating systems and run applications for relevant user groups. With the work-from-anywhere model, customer support is even more important than before, as a remote workforce may face more issues than before, or enterprises may want to ensure more compliance with policies.

    Moreover, the market has become more complex, with lots of added capabilities. Some features may not be beneficial to corporations, and with a poor market validation, businesses may end up paying for some capabilities that are not useful.

    In this blueprint, we help you quickly define your requirements for endpoint management and narrow down a list to find the solutions that fulfill your use cases.

    An image of Mahmoud Ramin, PhD

    Mahmoud Ramin, PhD
    Senior Research Analyst, Infrastructure and Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Endpoint management solutions are becoming increasingly essential – deploying the right devices and applications to the right users and zero-touch provisioning are indispensable parts of a holistic strategy for improving customers' experience. However, selecting the right-sized platform that aligns with your requirements is a big challenge.

    Following improvements in end-user computation strategies, selection of the right endpoint management solution is a crucial next step in delivering concrete business value.

    Common Obstacles

    Despite the importance of selecting the right endpoint management platform, many organizations struggle to define an approach to picking the most appropriate vendor and rolling out the solution in an effective and cost-efficient manner. There are many options available, which can cause business and IT leaders to feel lost.

    The endpoint management market is evolving quickly, making the selection process tedious. On top of that, IT has a hard time defining their needs and aligning solution features with their requirements.

    Info-Tech's Approach

    Determine what you require from an endpoint management solution.

    Review the market space and product offerings, and compare the capabilities of key players.

    Create a use case – use top-level requirements to determine use cases and short-list vendors.

    Conduct a formal process for interviewing vendors, using Info-Tech's templates to select the best platform for your requirements.

    Info-Tech Insight

    Investigate vendors' roadmaps to figure out which of the candidate platforms can fulfill your long-term requirements without any unnecessary investment in features that are not currently useful for you. Make sure you don't purchase capabilities that you will never use.

    What are endpoint management platforms?

    Our definition: Endpoint management solutions are platforms that enable IT with appropriate provisioning, security, monitoring, and updating endpoints to ensure that they are in good health. Typical examples of endpoints are laptops, computers, wearable devices, tablets, smart phones, servers, and the Internet of Things (IoT).

    First, understand differences between mobile management solutions

    • Endpoint management solutions monitor and control the status of endpoints. They help IT manage and control their environment and provide top-notch customer service.
    • These solutions ensure a seamless and efficient problem management, software updates and remediations in a secure environment.
    • Endpoint management solutions have evolved very quickly to satisfy IT and user needs:
    • Mobile Device Management (MDM) helps with controlling features of a device.
    • Enterprise Mobile Management (EMM) controls everything in a device.
    • Unified Endpoint Management (UEM) manages all endpoints.

    Endpoint management includes:

    • Device management
    • Device configuration
    • Device monitoring
    • Device security

    Info-Tech Insight

    As endpoint management encompasses a broad range of solution categories including MDM, EMM, and UEM, look for your real requirements. Don't pay for something that you won't end up using.

    As UEM covers all of MDM and EMM capabilities, we overview market trends of UEM in this blueprint to give you an overall view of market in this space.

    Your challenge: Endpoint management has evolved significantly over the past few years, which makes software selection overwhelming

    An mage showing endpoint management visualzed as positions on an iceberg. at the top is UEM, at the midpoint above the waterline is Enterprise Mobile Management, and below the water is Mobile Device Management.

    Additional challenges occur in securing endpoints

    A rise in the number of attacks on cloud services creates a need to leverage endpoint management solutions

    MarketsandMarkets predicted that global cloud infrastructure services would increase from US$73 billion in 2019 to US$166.6 billion in 2024 (2019).

    A study by the Ponemon Institute showed that 68% of respondents believe that security attacks increased over the past 12 months (2020).

    The study reveals that over half of IT security professionals who participated in the survey believe that organizations are not very efficient in securing their endpoints, mainly because they're not efficient in detecting attacks.

    IT professionals would like to link endpoint management and security platforms to unify visibility and control, to determine potential risks to endpoints, and to manage them in a single solution.

    Businesses will continue to be compromised by the vulnerabilities of cloud services, which pose a challenge to organizations trying to maintain control of their data.

    Trends in endpoint management have been undergoing a tremendous change

    In 2020, about 5.2 million users subscribed to mobile services, and smartphones accounted for 65% of connections. This will increase to 80% by 2025.
    Source: Fortune Business Insights, 2021

    Info-Tech's methodology for selecting a right-sized endpoint management platform

    1. Understand Core Features and Build Your Use Case

    2. Discover the Endpoint Management Market Space and Select the Right Vendor

    Phase Steps

    1. Define endpoint management platforms
    2. Explore endpoint management trends
    3. Classify table stakes & differentiating capabilities
    4. Streamline the requirements elicitation process for a new endpoint management platform
    1. Discover key players across the vendor landscape
    2. Engage the shortlist and select finalists
    3. Prepare for implementation

    Phase Outcomes

    1. Consensus on scope of endpoint management and key endpoint management platform capabilities
    2. Top-level use cases and requirements
    1. Overview of shortlisted vendors
    2. Prioritized list of UEM features

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Understand what an endpoint management platform is and learn how it evolved. Discuss core capabilities and key trends.
    Call #2: Build a use case and define features to fulfill the use case.

    Call #3: Define your core endpoint management platform requirements.
    Call #4: Evaluate the endpoint management platform vendor landscape and shortlist viable options.
    Review implementation considerations.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    The endpoint management purchase process should be broken into segments:

    1. Endpoint management vendor shortlisting with this buyer's guide
    2. Structured approach to selection
    3. Contract review

    Info-Tech's approach

    The Info-Tech difference:
    Analyze needs

    Evaluate solutions

    Determine where you need to improve the tools and processes used to support the company.

    Determine the best fit for your needs by scoring against features.

    Assess existing solution

    Features

    Determine if your solution can be upgraded or easily updated to meet your needs.

    Determine which features will be key to your success

    Create a business case for change

    Use Cases

    A two-part business case will focus on a need to change and use cases and requirements to bring stakeholders onboard.

    Create use cases to ensure your needs are met as you evaluate features

    Improve existing

    High-Level Requirements

    Work with Info-Tech's analysts to determine next steps to improve your process and make better use of the features you have available.

    Use the high-level requirements to determine use cases and shortlist vendors

    Complementary research:

    Create a quick business case and requirements document to align stakeholders to your vision with Info-Tech's Rapid Application Selection Framework.
    See what your peers are saying about these vendors at SoftwareReviews.com.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Phase 1

    Understand core features and build your business case

    Phase 1

    Phase 2

    Define endpoint management platforms

    Explore endpoint management trends

    Classify table stakes & differentiating capabilities

    Streamline the requirements elicitation process for a new endpoint management platform

    Discover key players across the vendor landscape

    Engage the shortlist and select finalist

    Prepare for implementation

    This phase will walk you through the following activity:

    Define use cases and core features for meeting business and technical goals

    This phase involves the following participants:

    • CIO
    • IT manager
    • Infrastructure & Applications directors
    Mobile Device Management

    Enterprise Mobile Management

    MDM applies security over corporate-owned devices.

    What is MDM and what can you do with it?

    1. MDM helps manage and control corporate owned devices.
    2. You can enforce company policies, track, monitor, and lock device remotely by an MDM.
    3. MDM helps with remote wiping of the device when it is lost or stolen.
    4. You can avoid unsecure Wi-Fi connections via MDM.

    EMM solutions solve the restrictions arose with BYOD (Bring Your Own Device) and COPE (Corporate Owned, Personally Enabled) provisioning models.

    • IT needs to secure corporate-owned data without compromising personal and private data. MDM cannot fulfill this requirement. This led to the development of EMM solutions.
    • EMM tools allow you to manage multiple device platforms through MDM protocols. These tools enforce security settings, allow you to push apps to managed devices, and monitor patch compliance through reporting.

    MDM solutions function at the level of corporate devices. Something else was needed to enable personal device management.

    Major components of EMM solutions

    Mobile Application Management (MAM)

    Allows organizations to control individual applications and their associated data. It restricts malicious apps and enables in-depth application management, configuration, and removal.

    Containerization

    Enables separation of work-related data from private data. It provides encrypted containers on personal devices to separate the data, providing security on personal devices while maintaining users' personal data.

    Mobile Content Management (MCM)

    Helps remote distribution, control, management, and access to corporate data.

    Mobile Security Management (MSM)

    Provides application and data security on devices. It enables application analysis and auditing. IT can use MSM to provide strong passwords to applications, restrict unwanted applications, and protect devices from unsecure websites by blacklisting them.

    Mobile Expense Management (MEM)

    Enables mobile data communication expenses auditing. It can also set data limits and restrict network connections on devices.

    Identity Management

    Sets role-based access to corporate data. It also controls how different roles can use data, improving application and data security. Multifactor authentication can be enforced through the identity management featured of an EMM solution.

    Unified endpoint management: Control all endpoints in a single pane of glass

    IT admins used to provide customer service such as installation, upgrades, patches, and account administration via desktop support. IT support is not on physical assistance over end users' desktops anymore.

    The rise of BYOD enhanced the need to be able to control sensitive data outside corporate network connection on all endpoints, which was beyond the capability of MDM and EMM solutions.

    • It's now almost impossible for IT to be everywhere to support customers.
    • This created a need to conduct tasks simultaneously from one single place.
    • UEM enables IT to run, manage, and control endpoints from one place, while ensuring that device health and security remain uncompromised.
    • UEM combines features of MDM and EMM while extending EMM's capabilities to all endpoints, including computers, laptops, tablets, phones, printers, wearables, and IoT.

    Info-Tech Insight

    Organizations once needed to worry about company connectivity assets such as computers and laptops. To manage them, traditional client management tools like Microsoft Configuration Manager would be enough.

    With the increase in the work-from-anywhere model, it is very hard to control, manage, and monitor devices that are not connected to a VPN. UEM solutions enable IT to tackle this challenge and have full visibility into and management of any device.

    UEM platforms help with saving costs and increasing efficiency

    UEM helps corporates save on their investments as it consolidates use-case management in a single console. Businesses don't need to invest in different device and application management solutions.

    From the employee perspective, UEM enables them to work on their own devices while enforcing security on their personal data.

    • Security and privacy are very important criteria for organizations. With the rapid growth of the work-from-anywhere model, corporate security is a huge concern for companies.
    • Working from home has forced companies to invest a lot in data security, which has led to high UEM demand. UEM solutions streamline security management by consolidating device management in a single platform.
    • With the fourth-generation industrial revolution, we're experiencing a significant rise in the use of IoT devices. UEM solutions are very critical for managing, configuring, and securing these devices.
    • There will be a huge increase in cyber threats due to automation, IoT, and cloud services. The pandemic has sped up the adoption of such services, forcing businesses to rethink their enterprise mobility strategies. They are now more cautious about security risks and remediations. Businesses need UEM to simplify device management on multiple endpoints.
    • With UEM, IT environment management gets more granular, while giving IT better visibility on devices and applications.

    UEM streamlines mundane admin tasks and simplifies user issues.

    Even with a COPE or COBO provisioning model, without any IT intervention, users can decide on when to install relevant updates. It also may lead to shadow IT.

    Endpoint management, and UEM more specifically, enables IT to enforce administration over user devices, whether they are corporate or personally owned. This is enabled without interfering with private/personal data.

    Where it's going: The future state of UEM

    Despite the fast evolution of the UEM market, many organizations do not move as fast as technological capabilities. Although over half of all organizations have at least one UEM solution, they may not have a good strategy or policies to maximize the value of technology (Tech Orchard, 2022). As opposed to such organizations, there are others that use UEM to transform their endpoint management strategy and move service management to the next level. That integration between endpoint management and service management is a developing trend (Ivanti, 2021).

    • SaaS tools like Office 365 are built to be used on multiple devices, including multiple computers. Further, the pandemic saw 47% of organizations significantly increase their use of BYOD (Cybersecurity Insiders, 2021).
    • Over 2022, 78% of people worked remotely for at least some amount of time during the week (Tech Orchard, 2022).
    • 84% of organizations believe that cybersecurity threat alarms are becoming very overwhelming, and almost half of companies believe that the best way to tackle this is through consolidating platforms so that everything will be visible and manageable through a single pane of glass (Cybersecurity Insiders, 2022).
    • The UEM market was worth $3.39 billion in 2020. It is expected to reach $53.65 billion by 2030, with an annual growth rate of 31.7% (Datamation, 2022). This demonstrates how dependent IT is becoming on endpoint management solutions.

    An image of a donut chart showing the current state of UEM Strategy.

    Only 27% of organizations have "fully deployed" UEM "with easy management across all endpoints"
    Source: IT Pro Today, 2018.

    Endpoint Management Key Trends

    • Commoditization of endpoint management features. Although their focus is the same, some UEM solutions have unique features.
    • New endpoint management paradigms have emerged. Endpoint management has evolved from client management tools (CMT) and MDM into UEM, also known as "modern management" (Ivanti, 2022).
    • One pane of glass for the entire end-user experience. Endpoint management vendors are integrating their solution into their ITSM, ITOM, digital workspace, and security products.
    • AI-powered insights. UEM tools collect data on endpoints and user behavior. Vendors are using their data to differentiate themselves: Products offer threat reports, automated compliance workflows, and user experience insights. The UEM market is ultimately working toward autonomous endpoint management (Microsoft, 2022).
    • Web apps and cloud storage are the new normal. Less data is stored locally. Fewer apps need to be patched on the device. Apps can be accessed on different devices more easily. However, data can more easily be accessed on BYOD and on new operating systems like Chrome OS.
    • Lighter device provisioning tools. Instead of managing thick images, UEM tools use lighter provisioning packages. Once set up, Autopilot and UEM device enrollment should take less time to manage than thick images.
    • UEM controls built around SaaS. Web apps and the cloud allow access from any device, even unmanaged BYOD. UEM tools allow IT to apply the right level of control for the situation – mobile application management, mobile content management, or mobile device management.
    • Work-from-anywhere and 5G result in more devices outside of your firewalls. Cloud-based management tools are not limited by your VPN connection and can scale up more easily than traditional, on-prem tools.

    Understand endpoint management table stakes features

    Determine high-level use cases to help you narrow down to specific features

    Support the organization's operating systems:
    Many UEM vendors support the most dominant operating systems, Windows and Mac; however, they are usually stronger in one particular OS than the other. For instance, Intune supports both Windows and Mac, although there are some drawbacks with MacOS management by Intune. Conversely, Jamf is mainly for MacOS and iOS management. Enterprises look to satisfy their end users' needs. The more UEM vendors support different systems, the more likely enterprises will pick them. Although, as mentioned, in some instances, enterprises may need to select more than one option, depending on their requirements.

    Support BYOD and remote environments:
    With the impact of the pandemic on work model, 60-70% of workforce would like to have more flexibility for working remotely (Ivanti, 2022). BYOD is becoming the default, and SaaS tools like Office 365 are built to be used on multiple devices, including multiple computers. As BYOD can boost productivity (Samsung Insights, 2016), you may be interested in how your prospective UEM solution will enable this capability with remote wipe (corporate wipe capability vs. wiping the whole device), data and device tracking, and user activity auditing.

    Understand endpoint management table stakes features

    Determine high-level use cases to help you narrow down to specific features

    Integration with the enterprise's IT products:
    To get everything in a single platform and to generate better metrics and dashboards, vendors provide integrations with ticketing and monitoring solutions. Many large vendors have strong integrations with multiple ITSM and ITAM platforms to streamline incident management, request management, asset management, and patch management.

    Support security and compliance policies:
    With the significant boost in work-from-anywhere, companies would like to enable endpoint security more than ever. This includes device threat detection, malware detection, anti-phishing, and more. All UEMs provide these, although the big difference between them is how well they enable security and compliance, and how flexible they are when it comes to giving conditional access to certain data.

    Provide a fully automated vs manual deployment:
    Employees want to get their devices faster, IT wants to deploy devices faster, and businesses want to enable employees faster to get them onboard sooner. UEMs have the capability to provide automated and manual deployment. However, the choice of solution depends on enterprise's infrastructure and policies. Full automation of deployment is very applicable for corporate devices, while it may not be a good option for personally owned devices. Define your user groups and provisioning models, and make sure your candidate vendors satisfy requirements.

    Plan a proper UEM selection according to your requirements

    1. Identify IT governance, policy, and process maturity
      Tools cannot compensate for your bad processes. You should improve deploying and provisioning processes before rolling out a UEM. Automation of a bad process only wraps the process in a nicer package – it does not fix the problem.
      Refer to InfoTech's Modernize and Transform Your End-User Computing Strategy for more information on improving endpoint management procedures.
    2. Consider supported operating systems, cloud services, and network infrastructure in your organization
      Most UEMs support all dominant operating systems, but some solutions have stronger capability for managing a certain OS over the other.
    3. Define enterprise security requirements
      Investigate security levels, policies, and requirements to align with the security features you're expecting in a UEM.
    4. Selection and implementation of a UEM depends on use case. Select a vendor that supports your use cases
      Identify use cases specific to your industry.
      For example, UEM use cases in Healthcare:
      • Secure EMR
      • Enforce HIPAA compliance
      • Secure communications
      • Enable shared device deployment

    Activity: Define use cases and core features for meeting business and technical goals

    1-2 hours

    1. Brainstorm with your colleagues to discuss your challenges with endpoint management.
    2. Identify how these challenges are impacting your ability to meet your goals for managing and controlling endpoints.
    3. Define high-level goals you wish to achieve in the first year and in the longer term.
    4. Identify the use cases that will support your overall goals.
    5. Document use cases in the UEM Requirements Workbook.

    Input

    • List of challenges and goals

    Output

    • Use cases to be used for determining requirements

    Materials

    • Whiteboard/flip charts
    • Laptop to record output

    Participants

    • CIO
    • IT manager
    • Infrastructure & Applications directors

    Download the UEM Requirements Workbook

    Phase 2

    Discover the endpoint management market space and select the right vendor

    Phase 1

    Phase 2

    Define endpoint management platforms

    Explore endpoint management trends

    Classify table stakes & differentiating capabilities

    Streamline the requirements elicitation process for a new endpoint management platform

    Discover key players across the vendor landscape

    Engage the shortlist and select finalist

    Prepare for implementation

    This phase will walk you through the following activity:
    Define top-level features for meeting business and technical goals
    This phase involves the following participants:

    • CIO
    • IT manager
    • Infrastructure & Applications directors
    • Project managers

    Elicit and prioritize granular requirements for your endpoint management platform

    Understanding business needs through requirements gathering is the key to defining everything about what is
    being purchased. However, it is an area where people often make critical mistakes.

    Risks of poorly scoped requirements

    • Fail to be comprehensive and miss certain areas of scope.
    • Focus on how the solution should work instead of what it must accomplish.
    • Have multiple levels of confusing and inconsistent detail in the requirements.
    • Drill down all the way to system-level detail.
    • Add unnecessary constraints based on what is done today rather than focusing on what is needed for tomorrow.
    • Omit constraints or preferences that buyers think are "obvious."

    Best practices

    • Get a clear understanding of what the system needs to do and what it is expected to produce.
    • Test against the principle of MECE – requirements should be "mutually exclusive and collectively exhaustive."
    • Explicitly state the obvious and assume nothing.
    • Investigate what is sold on the market and how it is sold. Use language that is consistent with that of the market and focus on key differentiators – not table stakes.
    • Contain the appropriate level of detail – the level should be suitable for procurement and sufficient for differentiating vendors.

    Review Info-Tech's blueprint Improve Requirements Gathering to improve your requirements gathering process.

    Consider the perspective of each stakeholder to ensure functionality needs are met

    Best of breed vs. "good enough" is an important discussion and will feed your success

    Costs can be high when customizing an ill-fitting module or creating workarounds to solve business problems, including loss of functionality, productivity, and credibility.

    • Start with use cases to drive the initial discussion, then determine which features are mandatory and which are nice-to-haves. Mandatory features will help determine high success for critical functionality and identify where "good enough" is an acceptable state.
    • Consider the implications of implementation and all use cases of:
      • Buying an all-in-one solution.
      • Integration of multiple best-of-breed solutions.
      • Customizing features that were not built into a solution.
    • Be prepared to shelve a use case for this solution and look to alternatives for integration where mandatory features cannot meet highly specialized needs that are outside of traditional endpoint management solutions.

    Pros and Cons

    An image showing the pros and cons of building vs buying

    Evaluate software category leaders through vendor rankings and awards

    SoftwareReviews
    A screenshot of softwareReviews Data Quadrant analyis.. A screenshot of softwareReviews Emotonal Fotprint analyis
    • evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.
    • Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.
    • The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.
    • Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

    Speak with category experts to dive deeper into the vendor landscape

    SoftwareReviews

    • Fact-based reviews of business software from IT professionals.
    • Product and category reports with state-of-the-art data visualization.
    • Top-tier data quality backed by a rigorous quality assurance process.
    • User-experience insight that reveals the intangibles of working with a vendor.

    CLICK HERE to ACCESS

    Comprehensive software reviews
    to make better IT decisions

    We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.

    SoftwareReviews is powered by Info-Tech

    Technology coverage is a priority for Info-Tech, and SoftwareReviews provides the most comprehensive unbiased data on today's technology.
    With the insight of our expert analysts, our members receive unparalleled support in their buying journey.

    Get to Know the Key Players in the Endpoint Management Landscape

    The following slides provide a top-level overview of the popular players you will encounter in the endpoint management shortlisting process in alphabetical order.

    A screenshot showing a series of logos for the companies addressed later in this blueprint. It includes: Ciso; Meraki; Citrix; IBM MaaS360; Ivanti; Jamf|Pro; ManageEngine Endpoint Central; Microsoft Endpoint Manager, and VMWARE.

    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF, and NPS scores are pulled from live data as of January 2023.

    Secure business units and enhance connection by simplifying the digital workplace

    A good option for enterprises that want a single-pane-of-glass UEM that is easy to use, with a modern-looking dashboard, high threat-management capability, and high-quality customer support.

    CISCO Meraki

    Est. 1984 | CA, USA | NASDAQ: CSCO

    8.8

    9.1

    +92

    91%

    COMPOSITE SCORE

    CX SCORE

    EMOTIONAL FOOTPRINT

    LIKELINESS TO RECOMMEND

    DOWNLOAD REPORT

    This is a Screenshot of CISCO Meraki's dashboard.

    Screenshot of CISCO Meraki's dashboard. Source: Cisco

    Strengths:

    Areas to improve:

    • Cisco Meraki offers granular control over what users can and cannot use.
    • The system is user friendly and intuitive, with a variety of features.
    • The anti-malware capability enhances security.
    • Users are very satisfied with being able to control everything in a single platform.
    • System configuration is easy.
    • Vendor relationship is very high with a rate of 96%.
    • System setup is easy, and users don't need much experience for initial configuration of devices.
    • Users are also mostly satisfied with the platform design.
    • Monitoring within the tool is easy.
    • According to SoftwareReviews' survey report, the primary reason for leaving Cisco Meraki and switching over to another vendor is functionality.
    • Regardless of the top-notch offerings and high-quality features, the product is relatively expensive. The quality and price factors make the solution a better fit for large enterprises. However, SoftwareReviews' scorecard for Cisco Meraki shows that small organizations are the most satisfied compared to the medium and large enterprises, with a net promoter score of 81%.

    Transform work experience and support every endpoint with a unified view to ensure users are productive

    A tool that enables you to access corporate resources on personal devices. It is adaptable to your budget. SoftwareReviews reports that 75% of organizations have received a discount at initial purchase or renewal, which makes it a good candidate if looking for a negotiable option.

    Citrix Endpoint Management

    Est. 1989 | TX, USA | Private

    7.9

    8.0

    8.0

    83%

    COMPOSITE SCORE

    CX SCORE

    EMOTIONAL FOOTPRINT

    LIKELINESS TO RECOMMEND

    DOWNLOAD REPORT

    Screenshot of Citrix Endpoint Management's dashboard.

    Screenshot of Citrix Endpoint Management's dashboard. Source: Citrix

    Strengths:

    Areas to improve:

    • Citrix Endpoint Management is a cloud-centric, easy-to-use UEM with an upgradable interface.
    • The solution simplifies endpoint management and provides real-time visibility and notifications.
    • Citrix allows deployments on different operating systems to meet organizations' infrastructure requirements.
    • The vendor offers different licenses and pricing models, allowing businesses of different sizes to use the tool based on their budgets and requirements.
    • Some users believe that integration with external applications should be improved.
    • Deployment is not very intuitive, making implementation process challenging.
    • User may experience some lagging while opening applications on Citrix. Application is even a bit slower when using a mobile device.

    Scale remote users, enable BYOD, and drive a zero-trust strategy with IBM's modern UEM solution

    A perfect option to boost cybersecurity. Remote administration and installation are made very easy and intuitive on the platform. It is very user friendly, making implementation straightforward. It comes with four licensing options: Essential, Deluxe, Premier, and Enterprise. Check IBM's website for information on pricing and offerings.

    IBM MaaS360

    Est. 1911 | NY, USA | NYSE: IBM

    7.7

    8.4

    +86

    76%

    COMPOSITE SCORE

    CX SCORE

    EMOTIONAL FOOTPRINT

    LIKELINESS TO RECOMMEND

    DOWNLOAD REPORT

    Screenshot of IBM MaaS360's dashboard.

    Screenshot of IBM MaaS360's dashboard. Source: IBM

    Strengths:

    Areas to improve:

    • IBM MaaS360 is easy to install and implement.
    • It has different pricing models to fit enterprises' needs.
    • MaaS360 is compatible with different operating systems.
    • Security management is one of the strongest features, making the tool perfect for organizations that want to improve cybersecurity.
    • Vendor support is very effective, and users find knowledge articles very helpful.
    • It has a very intuitive dashboard.
    • The tool can control organizational data, allowing you to apply BYOD policy.
    • AI Advisor with Watson provides AI-driven reporting and insights.
    • Working with iOS may not be as intuitive as other operating systems.
    • Adding or removing users in a user group is not very straightforward.
    • Some capabilities are limited to particular Android or iOS devices.
    • Deploying application packages may be a bit difficult.
    • Hardware deployment may need some manual work and is not fully automated.

    Get complete device visibility from asset discovery to lifecycle management and remediation

    A powerful tool for patch management with a great user interface. You can automate patching and improve cybersecurity, while having complete visibility into devices. According to SoftwareReviews, 100% of survey participants plan to renew their contract with Ivanti.

    Ivanti Neurons

    Est. 1985 | CA, USA | Private

    8.0

    8.0

    +81

    83%

    COMPOSITE SCORE

    CX SCORE

    EMOTIONAL FOOTPRINT

    LIKELINESS TO RECOMMEND

    DOWNLOAD REPORT

    Screenshot of Ivanti Neurons UEM's dashboard.

    Screenshot of Ivanti Neurons UEM's dashboard. Source: Ivanti

    Strengths:

    Areas to improve:

    • The tool is intuitive and user friendly.
    • It's a powerful security management platform, supporting multiple operating systems.
    • Ivanti Neurons is very strong in patch management and inventory management. It helps a seamless application deployment.
    • Users can install their applications via Ivanti's portal.
    • The user interface is very powerful and easy to use.
    • AI-augmented process management automates protocols, streamlining device management and application updates.
    • Vendor is very efficient in training and provides free webinars.
    • Data integration is very easy. According to SoftwareReviews, it had a satisfaction score for ease of data integration of 86%, which makes Ivanti the top solution for this capability.
    • Data analytics is powerful but complicated.
    • Setup is easy for some teams but not as easy for others, which may cause delays for implementation.
    • Software monitoring is not as good as other competitors.

    Improve your end-user productivity and transform enterprise Apple devices

    An Apple-focused UEM with a great interface. Jamf can manage and control macOS and iOS, and it is one of the best options for Apple products, according to users' sentiments. However, it may not be a one-stop solution if you want to manage non-Apple products as well. In this case, you can use Jamf in addition to another UEM. Jamf has some integrations with Microsoft, but it may not be sufficient if you want to fully manage Windows endpoints.

    Jamf PRO

    Est. 2002 | MN, USA | NASDAQ: JAMF

    8.8

    8.7

    +87

    95%

    COMPOSITE SCORE

    CX SCORE

    EMOTIONAL FOOTPRINT

    LIKELINESS TO RECOMMEND

    DOWNLOAD REPORT

    Screenshot of Jamf PRO's dashboard.

    Screenshot of Jamf PRO's dashboard. Source: Jamf

    Strengths:

    Areas to improve:

    • Jamf Pro is a unique product with an easy implementation that enables IT with minimum admin intervention.
    • It can create smart groups (based on MDM profile and user group) to automatically assign users to their pertinent apps and updates.
    • It's a very user-friendly tool, conducting device management in fewer steps than other competitors.
    • Reports are totally customizable and dynamic.
    • Notifications are easy to navigate and monitor.
    • Self-service feature enables end users to download their predefined categories of applications in the App Store.
    • It can apply single sign-on integrations to streamline user access to applications.
    • Businesses can personalize the tool with corporate logos.
    • Vendor does great for customer service when problems arise.
    • It is a costly tool relative to other competitors, pushing prospects to consider other products.
    • The learning process may be long and not easy, especially if admins do not script, or it's their first time using a UEM.

    Apply automation of traditional desktop management, software deployment, endpoint security, and patch management

    A strong choice for patch management, software deployment, asset management, and security management. There is a free version of the tool available to try get an understanding of the platform before purchasing a higher tier of the product.

    ManageEngine Endpoint Central

    Est. 1996 | India | Private

    8.3

    8.3

    +81

    88%

    COMPOSITE SCORE

    CX SCORE

    EMOTIONAL FOOTPRINT

    LIKELINESS TO RECOMMEND

    DOWNLOAD REPORT

    Screenshot of ME Endpoint Central's dashboard.

    Screenshot of ME Endpoint Central's dashboard. Source: ManageEngine

    Strengths:

    Areas to improve:

    • It supports several operating systems including Windows, Mac, Linux, Android, and iOS.
    • Endpoint Central provides end-to-end monitoring, asset management, and security in a single platform.
    • Setup is simple and intuitive, and it's easy to learn and configure.
    • The reporting feature is very useful and gives you clear visibility into dashboard.
    • Combined with ME Service Desk Plus, we can call Endpoint Central an all-in-one solution.
    • The tool provides a real-time report on devices and tracks their health status.
    • It has multiple integrations with third-party solutions.
    • Tool does not automate updates, making application updates time-consuming.
    • Sometimes, patches and software deployments fail, and the tool doesn't provide any information on the reason for the failure.
    • There is no single point of contact/account manager for the clients when they have trouble with the tool.
    • Remote connection to Android devices can sometimes get a little tedious.

    Get device management and security in a single platform with a combination of Microsoft Intune and Configuration Manager

    A solution that combines Intune and ConfigMgr's capabilities into a single endpoint management suite for enrolling, managing, monitoring, and securing endpoints. It's a very cost-effective solution for enterprises in the Microsoft ecosystem, but it also supports other operating systems.

    Microsoft Endpoint Manager

    Est. 1975 | NM, USA | NASDAQ: MSFT

    8.0

    8.5

    +83

    85%

    COMPOSITE SCORE

    CX SCORE

    EMOTIONAL FOOTPRINT

    LIKELINESS TO RECOMMEND

    DOWNLOAD REPORT

    Screenshot of MS Endpoint Manager's dashboard.

    Screenshot of MS Endpoint Manager's dashboard. Source: Microsoft

    Strengths:

    Areas to improve:

    • Licensing for the enterprises that use Windows as their primary operating system is more efficient and cost effective.
    • Endpoint Manager is very customizable, with the ability to assign personas to device groups.
    • Besides Windows, it manages other operating systems, such as Linux, Android, and iOS.
    • It creates endpoint security and compliance policies for BitLocker that streamlines data protection and security. It also provides SSO.
    • It provides very strong documentation and knowledgebase.
    • User interface is not as good as competitors. It's a bit clunky and complex to use.
    • The process of changing configurations on devices can be time consuming.
    • Sometimes there are service outages such as Autopilot failure, which push IT to deploy manually.
    • Location tracking is not very accurate.

    Simplify and consolidate endpoint management into a single solution and secure all devices with real-time, "over-the-air" modern management across all use cases

    A strong tool for managing and controlling mobile devices. It can access all profiles through Google and Apple, and it integrates with various IT management solutions.

    VMware Workspace ONE

    Est. 1998 | CA, USA | NYSE: VMW

    7.5

    7.4

    +71

    75%

    COMPOSITE SCORE

    CX SCORE

    EMOTIONAL FOOTPRINT

    LIKELINESS TO RECOMMEND

    DOWNLOAD REPORT

    Screenshot of Workspace ONE's dashboard.

    Screenshot of Workspace ONE's dashboard. Source: VMware

    Strengths:

    Areas to improve:

    • Workspace ONE provides lots of information about devices.
    • It provides a large list of integrations.
    • The solution supports various operating systems.
    • The platform has many out-of-the-box features and helps with security management, asset management, and application management.
    • The vendor has a community forum which users find helpful for resolving issues or asking questions about the solution.
    • It is very simple to use and provides SSO capability.
    • Implementation is relatively easy and straightforward.
    • Customization may be tricky and require expertise.
    • The solution can be more user friendly with a better UI.
    • Because of intensive processing, updates to applications take a long time.
    • The tool may sometimes be very sensitive and lock devices.
    • Analytics and reporting may need improvement.

    Review your use cases to start your shortlist

    Your Info-Tech analysts can help you narrow down the list of vendors that will meet your requirements.

    Next steps will include:

    1. Reviewing your requirements
    2. Checking out SoftwareReviews
    3. Shortlisting your vendors
    4. Conducting demos and detailed proposal reviews
    5. Selecting and contracting with a finalist!

    Activity: Define high-level features for meeting business and technical goals

    Input

    • List of endpoint management use cases
    • List of prioritized features

    Output

    • Vendor evaluation
    • Final list of candidate vendors

    Materials

    • Whiteboard/flip charts
    • Laptop
    • UEM Requirements Workbook

    Participants

    • CIO
    • IT manager
    • Infrastructure & Applications directors
    • Project managers

    Activity: Define top-level features for meeting business and technical goals

    As there are many solutions in the market that share capabilities, it is imperative to closely evaluate how well they fulfill your endpoint management requirements.
    Use the UEM Requirements Workbook to identify your desired endpoint solution features and compare vendor solution functionality based on your desired features.

    1. Refer to the output of the previous activity, the identified use cases in the spreadsheet.
    2. List the features you want in an endpoint solution for your devices that will fulfill these use cases. Record those features in the second column ("Detailed Feature").
    3. Prioritize each feature (must have, should have, nice to have, not required).
    4. Send this list to candidate vendors.
    5. When you finish your investigation, review the spreadsheet to compare the various offerings and pros and cons of each solution.

    Info-Tech Insight

    The output of this activity can be used for a detailed evaluation of UEM vendors. The next steps will be vendor briefing and having further discussion on technical capabilities and conducting demos of solutions. Info-Tech's blueprint, The Rapid Application Selection Framework, takes you to these next steps.

    This is a screenshot showing the high value use cases table from The Rapid Application Selection Framework.

    Download the UEM Requirements Workbook

    Leverage Info-Tech's research to plan and execute your endpoint management selection and implementation

    Use Info-Tech Research Group's blueprints for selection and implementation processes to guide your own planning.

    • Assess
    • Prepare
    • Govern & Course Correct

    This is a screenshot of the title pages from INfo-tech's Governance and management of enterprise Software Implementaton; and The Rapid Applicaton Selection Framework.

    Ensure your implementation team has a high degree of trust and communication

    If external partners are needed, dedicate an internal resource to managing the vendor and partner relationships.

    Communication

    Teams must have some type of communication strategy. This can be broken into:

    • Regularity: Having a set time each day to communicate progress and a set day to conduct retrospectives.
    • Ceremonies: Injecting awards and continually emphasizing delivery of value can encourage relationship building and constructive motivation.
    • Escalation: Voicing any concerns and having someone responsible for addressing those concerns.

    Proximity

    Distributed teams create complexity because communication can break down more easily. This can be mitigated by:

    • Location: Placing teams in proximity can close the barrier of geographical distance and time zone differences.
    • Inclusion: Making a deliberate attempt to pull remote team members into discussions and ceremonies.
    • Communication Tools: Having the right technology (e.g. video conference) can help bring teams closer together virtually.

    Trust

    Members should trust other members are contributing to the project and completing their required tasks on time. Trust can be developed and maintained by:

    Accountability: Having frequent quality reviews and feedback sessions. As work becomes more transparent, people become more accountable.

    • Role Clarity: Having a clear definition of what everyone's role is.

    Implementation with a partner typically results in higher satisfaction

    Align your implementation plans with both the complexity of the solution and internal skill levels

    Be clear and realistic in your requirements to the vendor about the level of involvement you need to be successful.

    Primary reasons to use a vendor:

    • Lack of skilled resources: For solutions with little configuration change happening after the initial installation, the ramp-up time for an individual to build skills for a single event is not practical.
    • Complexity of solution: Multiple integrations, configurations, modules, and even acquisitions that haven't been fully integrated in the solution you choose can make it difficult to complete the installation and rollout on time and on budget. Troubleshooting becomes even more complex if multiple vendors are involved.
    • Data migration: Decide what information will be valuable to transfer to the new solution and which will not benefit your organization. Data structure and residency can both be factors in the complexity of this exercise.

    This is an image of a bar graph showing the Satisfaction Net Promotor Score by Implementation type and Organization Size.

    Source: SoftwareReviews, January 2020 to January 2023, N= 20,024 unique reviews

    To ensure your SOW is mutually beneficial, download the blueprint Improve Your Statements of Work to Hold Your Vendors Accountable.

    Consider running a proof of concept if concerns are expressed about the feasibility of the chosen solution

    Proofs of concept (PoCs) can be time consuming, so make good choices on where to spend the effort

    Create a PoC charter that will enable a quick evaluation of the defined use cases and functions. These key dimensions should form the PoC.

    1. Objective – Giving an overview of the planned PoC will help to focus and clarify the rest of this section. What must the PoC achieve? Objectives should be specific, measurable, attainable, relevant, and time bound. Outline and track key performance indicators.
    2. Key Success Factors – These are conditions that will positively impact the PoC's success.
    3. Scope – High-level statement of scope. More specifically, state what is in scope and what is out of scope.
    4. Project Team – Identify the team's structure, e.g. sponsors, subject matter experts.
    5. Resource Estimation – Identify what resources (time, materials, space, tools, expertise, etc.) will be needed to build and socialize your prototype. How will they be secured?

    An image of two screenshots from Info-Tech Research Group showing documentaton used to generate effective proof of concepts.

    To create a full proof of concept plan, download the Proof of Concept Template and see the instructions in Phase 3 of the blueprint Exploit Disruptive Infrastructure Technology.

    Selecting a right-sized endpoint management platform

    This selection guide allows organizations to execute a structured methodology for picking a UEM platform that aligns with their needs. This includes:

    • Identifying and prioritizing key business and technology drivers for an endpoint management selection business case.
    • Defining key use cases and requirements for a right-sized UEM platform.
    • Reviewing a comprehensive market scan of key players in the UEM marketspace.

    This formal UEM selection initiative will map out requirements and identify technology capabilities to fill the gap for better endpoint management. It also allows a formal roll-out of a UEM platform that is highly likely to satisfy all stakeholder needs.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    Contact your account representative for more information

    workshops@infotech.com
    1-888-670-8889

    Summary of Accomplishment

    Knowledge Gained

    • What endpoint management is
    • Historical origins and evolution of endpoint management platforms
    • Current trends and future state of endpoint management platforms

    Processes Optimized

    • Identifying use cases
    • Gathering requirements
    • Reviewing market key players and their capabilities
    • Selecting a UEM tool that fulfills your requirements

    UEM Solutions Analyzed

    • CISCO Meraki
    • Citrix Endpoint Management
    • IBM MaaS360
    • Ivanti Neurons UEM
    • Jamf Pro
    • ManageEngine Endpoint Central
    • Microsoft Endpoint Manager
    • VMware Workspace ONE

    Related Info-Tech Research

    Modernize and Transform Your End-User Computing Strategy

    This project helps support the workforce of the future by answering the following questions: What types of computing devices, provisioning models, and operating systems should be offered to end users? How will IT support devices? What are the policies and governance surrounding how devices are used? What actions are we taking and when? How do end-user devices support larger corporate priorities and strategies?

    Best Unified Endpoint Management (UEM) Software | SoftwareReviews

    Compare and evaluate Unified Endpoint Management vendors using the most in-depth and unbiased buyer reports available. Download free comprehensive 40+ page reports to select the best Unified Endpoint Management software for your organization.

    The Rapid Application Selection Framework

    This blueprint walks you through a process for a fast and efficient selection of your prospective application. You will be enabled to use a data-driven approach to select the right application vendor for your needs, shatter stakeholder expectations with truly rapid application selections, boost collaboration and crush the broken telephone with concise and effective stakeholder meetings, and lock in hard savings.

    Bibliography

    "BYOD Security Report." Cybersecurity Insiders, 2021. Accessed January 2023.
    "Cloud Infrastructure Services Market." MarketsAnd Markets, 2019. Accessed December 2022.
    Evans, Alma. "Mastering Mobility Management: MDM Vs. EMM Vs. UEM." Hexnode, 2019. Accessed November 2022.
    "Evercore-ISI Quarterly Enterprise Technology Spending Survey." Evercore-ISI, 2022. Accessed January 2023.
    "5G Service Revenue to Reach $315 Billion Globally in 2023." Jupiter Research, 2022. Accessed January 2023.
    Hein, Daniel. "5 Common Unified Endpoint Management Use Cases You Need to Know." Solutions Review, 2020. Accessed January 2023.
    "Mobile Device Management Market Size, Share & COVID-19 Impact Analysis." Fortune Business Insights, 2021. Accessed December 2022.
    Ot, Anina. "The Unified Endpoint Management (UEM) Market." Datamation, 14 Apr. 2022. Accessed Jan. 2023.
    Poje, Phil. "CEO Corner: 4 Trends in Unified Endpoint Management for 2023." Tech Orchard, 2022. Accessed January 2023.
    "The Future of UEM November 2021 Webinar." Ivanti, 2021. Accessed January 2023.
    "The Third Annual Study on the State of Endpoint Security Risk." Ponemon Institute, 2020. Accessed December 2022.
    "The Ultimate Guide to Unified Endpoint Management (UEM)." MobileIron. Accessed January 2023.
    "Trends in Unified Endpoint Management." It Pro Today, 2018. Accessed January 2023.
    Turek, Melanie. "Employees Say Smartphones Boost Productivity by 34 Percent: Frost & Sullivan Research." Samsung Insights, 3 Aug. 2016.
    "2023 State of Security Report." Cybersecurity Insiders, 2022. Accessed January 2023.
    Violino, Bob. "Enterprise Mobility 2022: UEM Adds User Experience, AI, Automation." Computerworld, 2022. Accessed January 2023.
    Violino, Bob. "How to Choose the Right UEM Platform." Computerworld, 2021. Accessed January 2023.
    Violino, Bob. "UEM Vendor Comparison Chart 2022." Computerworld, 2022. Accessed January 2023.
    Wallent, Michael. "5 Endpoint Management Predictions for 2023." Microsoft, 2022. Accessed January 2023.
    "What Is the Difference Between MDM, EMM, and UEM?" 42Gears, 2017. Accessed November 2022.

    Create Stakeholder-Centric Architecture Governance

    • Buy Link or Shortcode: {j2store}583|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $3,099 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model
    • Traditional enterprise architecture management (EAM) caters to only 10% – the IT people, and not to the remaining 90% of the organization.
    • EAM practices do not scale well with the agile way of working and are often perceived as "bottlenecks” or “restrictors of design freedom.”
    • The organization scale does not justify a full-fledged EAM with many committees, complex processes, and detailed EA artifacts.

    Our Advice

    Critical Insight

    Architecture is a competency, not a function. Project teams, including even business managers outside of IT, can assimilate “architectural thinking.”

    Impact and Result

    Increase business value through the dissemination of architectural thinking throughout the organization. Maturing your EAM practices beyond a certain point does not help.

    Create Stakeholder-Centric Architecture Governance Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Start here

    Improve benefits from your enterprise architecture efforts through the dissemination of architecture thinking throughout your organization.

    • Create Stakeholder-Centric Architecture Governance Storyboard
    [infographic]

    Document Business Goals and Capabilities for Your IT Strategy

    • Buy Link or Shortcode: {j2store}77|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • As a strategic driver, IT needs to work with the business. Yet, traditionally IT has not worked hand-in-hand with the business. IT does not know what information it needs from the business to execute on its initiatives.
    • A faster time to new investment decisions mean that IT needs a repeatable and efficient process to understand what the business needs.
    • CIOs must execute strategic initiatives to create an IT function that can support the business. Most CIOs fail because of low business support.

    Our Advice

    Critical Insight

    • Understanding the business context is a must for all strategic IT initiatives. At its core, each strategic IT project requires answers to a specific set of questions regarding the business.
    • An effective CIO understands which part of the business context applies to which strategic IT project and, in turn, what questions to ask to uncover those insights.

    Impact and Result

    • Uncover what IT knows and needs to know about the business context. This is a necessary first step to begin each of Info-Tech’s strategic IT initiatives, which any CIO should complete.
    • Conduct efficient and repeatable business context discovery activities to uncover business context gaps.
    • Document the business context you have uncovered and streamline the process for executing on Info-Tech’s strategic CIO blueprints.

    Document Business Goals and Capabilities for Your IT Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should define the business context, review Info-Tech’s methodology, and understand how we can support you in completing key CIO strategic initiatives.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and document the business needs of the organization

    Define the business context needed to complete strategic IT initiatives.

    • Document Business Goals and Capabilities for Your IT Strategy – Storyboard
    • Business Context Discovery Tool
    • Business Context Discovery Record Template
    • PESTLE Analysis Template
    • Strategy Alignment Map Template
    [infographic]

    Workshop: Document Business Goals and Capabilities for Your IT Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify the Missing Business Context (pre-work)

    The Purpose

    Conduct analysis and facilitate discussions to uncover business needs for IT.

    Key Benefits Achieved

    A baseline understanding of what business needs mean for IT

    Activities

    1.1 Define the strategic CIO initiatives our organization will pursue.

    1.2 Complete the Business Context Discovery Tool.

    1.3 Schedule relevant interviews.

    1.4 Select relevant Info-Tech diagnostics to conduct.

    Outputs

    Business context scope

    Completed Business Context Discovery Tool

    Completed Info-Tech diagnostics

    2 Uncover and Document the Missing Context

    The Purpose

    Analyze the outputs from step 1 and uncover the business context gaps.

    Key Benefits Achieved

    A thorough understanding of business needs and why IT should pursue certain initiatives

    Activities

    2.1 Conduct group or one-on-one interviews to identify the missing pieces of the business context.

    Outputs

    Documentation of answers to business context gaps

    3 Uncover and Document the Missing Context

    The Purpose

    Analyze the outputs from step 1 and uncover the business context gaps.

    Key Benefits Achieved

    A thorough understanding of business needs and why IT should pursue certain initiatives

    Activities

    3.1 Conduct group or one-on-one interviews to identify the missing pieces of the business context.

    Outputs

    Documentation of answers to business context gaps

    4 Review Business Context and Next Steps

    The Purpose

    Review findings and implications for IT’s strategic initiative.

    Key Benefits Achieved

    A thorough understanding of business needs and how IT’s strategic initiatives addresses those needs

    Activities

    4.1 Review documented business context with IT team.

    4.2 Discuss next steps for strategic CIO initiative execution.

    Outputs

    Finalized version of the business context

    Exit Plans: Escape from the black hole

    • Large vertical image:
    • member rating overall impact: Highly Valued
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    In early April, I already wrote about exit plans and how they are the latest burning platform.

    As of the end of May 2025, we have both Microsoft and Google reassuring European clients about their sovereign cloud solutions. There are even air-gapped options for military applications. These messages come as a result of the trade war between the US and the rest of the world.

    There is also the other, more mundane example of over-reliance on a single vendor: the Bloomberg-terminal outage of May 21st, 2025. That global outage severely disrupted financial markets. It caused traders to lose access to real-time data, analytics, and pricing information for approximately 90 minutes. This widespread system failure delayed critical government bond auctions in the UK, Portugal, Sweden, and the EU.

    It serves as a reminder of the heavy reliance on the Bloomberg Terminal, which is considered an industry standard despite its high annual cost. While some Bloomberg services like instant messaging remained functional, allowing limited communication among traders, the core disruption led to significant frustration and slowed down trading activities.

    You want to think about this for a moment. Bloomberg is, just like Google and Microsoft are, cornerstones in their respective industries. MS, Google, and Amazon even in many more industries. 

    So the issue goes beyond the “panic of the day.” Every day, there will be some announcement that sends markets reeling and companies fearing. Granted, the period we go through today can have grave consequences, but at the same time, it may be over in the coming months or years.

    Contractual cover

    Let's take a step back and see if we can locate the larger issue at stake. I dare to say that the underlying issue is trust. We are losing trust in one another at a fast pace. Not between business partners, meaning companies who are, in a transaction or relationship, are more or less equal. Regardless of their geolocation, people are keen to do business together in a predictable, mutually beneficial way. And as long as that situation is stable, there is little need, beyond compliance and normal sound practices, to start to distrust each other.

    Trouble brews when other factors come into play. I want to focus on two of them in this article.

    1. Market power
    2. Government interference

    Market Power

    The past few years have seen a large increase in power of the cloud computing platforms. The pandemic of 2019 through to 2023 changed our way of working and gave a big boost to these platforms. Of course, they were already establishing their dominance in the early 2010s.

    Amazon launched SQS in 2004 with S3 (storage)  and EC2 (compute) in 2006. Azure launched in 2008 as a PaaS platform for .NET developers, and became really available in 2010. Since then, it grew into the IaaS (infrastructure as a service) platform we know today. Google's Cloud Platform (GCP) launched in 2008 and added components such as BigQuery, Compute Engine and Storage in the 2010s.

    Since the pandemic, we've seen another boost to their popularity. These platforms solidified their lead through several vectors:

    • Remote working
    • Business continuity and resilience promises
    • Acceleration of digital transformation
    • Scalability
    • Cost optimization 

    Companies made decisions on these premises. A prime example is the use of native cloud functions. These make life easier for developers. Native functions allow for serverless functionality to be made available to clients, and to do so in a non-infra-based way. It gives the impression of less complexity to the management. They are also easily scalable. 

    This comes at a cost, however. The cost is vendor lock-in. And with vendor lock-in, comes increased pricing power for the vendor.

    For a long time, it seems EU companies' attitude was: “It won't be such an issue, after all, there are multiple cloud vendors and if all else fails, we just go back.” The reality is much starker, I suspect that cloud providers with this level of market power will increase their pricing significantly.

     Government interference

    in come two elements:

    • EU laws
    • US laws and unpredictability
    EU laws

     The latest push to their market power came as an unintended consequence of EU Law: DORA. That EU law requires companies to have testable exit plans in place. But it goes well beyond this. The EU has increased the regulatory burden on companies significantly. BusinessEurope, a supranational organization, estimates that in the past five years, the Eu managed to release over 13,000 legislative acts. This is compared to 3,500 in the US.

    Coming back to DORA, this law requires EU companies to actually test their exit plans and show proof of it to the EU ESAs (European Supervisory Agency).  The reaction I have seen in industry representative organizations is complacency. 

    The cost of compliance is significant; hence, companies try to limit their exposure to the law as much as possible. They typically do this by limiting the applicability scope of the law to their business, based on the wording of the law. And herein lies the trap. This is not lost on the IT providers. They see that companies do the heavy lifting for them. What do I mean by that?  Several large providers are looked at by the EU as systemic providers. They fall under direct supervision by the ESAs. 

    For local EU providers, it is what it is, but for non-EU providers, they get to show their goodwill, using sovereign IT services.  I will come back to this in the next point, US unpredictability and laws. But the main point is: we are giving them more market power, and we have less contractual power. Why? Because we are showing them that we will go to great lengths to keep using their services.

    US laws and unpredictability

    US companies must comply with US law. So far, so good. Current US legislation also already requires US companies to share data on non-US citizens.

    • Foreign Intelligence Surveillance Act (FISA), particularly Section 702
    • The CLOUD (Clarifying Lawful Overseas Use of Data) Act of 2018
    • The USA PATRIOT Act (specifically relevant sections like 215 and 314(a)/314(b))
    • Executive Order 14117 and related DOJ Final Rule (Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern)

    This last one is of particular concern. Not so much because of its contents, but because it is an Executive Order.

    We know that the current (May 2025) US government mostly works through executive orders. Let's not forget that executive orders are a legitimate way to implement policy, This means that the US government could use access to cloud services as a lever to obtain more favorable trade rules.

    The EU responds to this (the laws and executive order) by implementing several sovereignty countermeasures like GDPR, DORA, Digital markets Act (DMA), Data Governance Act (DGA), Cybersecurity Act and the upcoming European Health Data Act (EHDS). This is called the “Brussels Effect.”

    EU Answers

    Europe is also investing in several strategic initiatives such as

    This points to a new dynamic between the EU and the US, EU-based companies simply cannot trust their US counterparts anymore to the degree they could before. The sad thing is, that there is no difference on the interpersonal level. It is just that companies must comply with their respective laws.

    Hence, Microsoft, Google, and AWS and any other US provider cannot legally provide sovereign cloud services. In a strict legal sense, Microsoft and Google cannot absolutely guarantee that they can completely insulate EU companies and citizens from all US law enforcement requests for data, despite their robust efforts and sovereign cloud offerings. This is because they are US companies, subject to US law and US jurisdiction. The CLOUD act and FISA section 702 compel US companies to comply. 

    Moreover, there is the nature of sovereign cloud offerings:

    • Increased Control, Not Absolute Immunity: Services like Microsoft's EU Data Boundary and Google's Cloud for Sovereignty are designed to provide customers with greater control over data residency, administrative access (e.g., limiting access to EU-based personnel), and encryption keys
    • Customer-Managed Keys (CMEK): If an EU customer controls their encryption keys, and the data remains encrypted at rest and in transit, it theoretically makes it harder for the cloud provider to provide plaintext data if compelled. However, metadata and other operational data might still be accessible, and the extent to which US authorities could compel a US company to decrypt data remains a point of contention and legal ambiguity.
    • Partnerships and Local Entities: Some “sovereign cloud” models involve partnerships with local EU entities (e.g., Google's partnership with S3NS in France, or Microsoft's with Capgemini and Orange). While this might create a legal buffer, if the core cloud infrastructure and controlling entity are still ultimately US-based, the risk of US legal reach persists.
    • “Limited Security Instances”: Even with the EU Data Boundary, Microsoft explicitly states, “in limited security instances that require a coordinated global response, essential data may be transferred with robust protections that safeguard customer data.” This phrasing acknowledges that some data may still leave the EU boundary under certain circumstances.

     And lastly, there are the legal challenges to the EU data privacy Framework (DPF)

    • Ongoing Scrutiny: The DPF is the current legal basis for EU-US data transfers, but it is under continuous scrutiny and is highly likely to face further legal challenges in the CJEU (a “Schrems III” case is widely anticipated). This uncertainty means that the current framework's longevity and robustness are not guaranteed.
    • Fundamental Conflict: The core legal conflict between the broad scope of US surveillance laws and the EU's fundamental right to privacy has not been fully resolved by the DPF, according to many EU legal experts and privacy advocates.

    This all means that while the cloud providers are doing everything they can, and I'm assuming they are acting in good faith. The fact that they are US entities means however that they are subject to all US legislation and executive orders.  And we cannot trust this last part. Again, this is why the EU is pursuing its digital sovereignty initiatives and why some highly sensitive EU public sector entities are gravitating towards truly EU-owned and operated cloud solutions.

    Bankruptcy

    If your provider goes bankrupt, you do not have a leg to stand on. Most jurisdictions, including the EU and US, have the following elements regarding bankruptcy:

    • Automatic Stay: Upon a bankruptcy filing (in most jurisdictions, including the US and EU), an “automatic stay” is immediately imposed. This is a court order that stops most collection activities against the debtor. For you as a customer, this can mean you might be prevented from:

      • Terminating the contract immediately, even if your contract allows it.
      • Initiating legal proceedings against the provider.
      • Trying to recover your data directly without court permission.

    • Debtor's Estate and Creditor Priority

      • Property of the Estate: All the bankrupt provider's assets become part of the “bankruptcy estate,” to be managed by a court-appointed trustee or receiver. The crucial question becomes: Is your data considered the property of the estate, or does ownership remain unequivocally with you? While most cloud contracts explicitly state that the customer owns their data, a bankruptcy court might still view the possession of that data by the provider as an asset of the estate, potentially subject to monetization to pay off creditors.
      • Secured vs. Unsecured Creditors: You, as a customer seeking to retrieve your data or continue services, are likely to be an “unsecured creditor.” Secured creditors (e.g., banks with liens on assets) get paid first. Your claim for data or service continuity will be far down the priority list, meaning you might recover little, if anything, in compensation.
    • Executory contracts and the Trustee's power
      • Assumption or Rejection: Bankruptcy law generally allows the trustee (or debtor in possession in a Chapter 11 case) to assume (continue) or reject (terminate) “executory contracts” – those where both parties still have significant performance obligations.
      • Trustee's Discretion: The trustee will make this decision based on what benefits the bankruptcy estate and the creditors. If your contract is loss-making for the provider, or if continuing it is not in the best interest of the creditors, the trustee can reject it, even if it has a termination clause unfavorable to them.
      • No Customer Right to Demand Continuation: You typically cannot compel the trustee to continue the service if they choose to reject the contract. Your recourse would then be a claim for damages, which, as noted, is usually a low-priority claim.
    • The practical challenges of data retrieval
        • Even if your contract has strong data return clauses, the practicalities of a bankrupt provider make enforcement difficult. The provider's staff might be laid off, systems might be shut down, and there might be no one left with the technical knowledge or resources to facilitate data export. Not to mention that the trustee may simply refuse to honor the agreement (which is completely within the legal rights of the trustee.)
        • The receiver's priority is liquidation and asset sale, not customer service. They may limit data export speeds or volumes, or prioritize the sale of the business, which might include your data, making retrieval a slow and arduous process.

    Conclusion

    So, while I understand the wait and see stance in regard to exit plans, given where we are, it is in my opinion the wrong thing to do. Companies must make actionable exit plans and prepare beforehand for the exit. That means that you have to:

    1. Design your architecture so that you can port your applications to somewhere else.
    2. Prioritize your data portability and data ownership.
    3. Develop and practice your exit strategy and plans.
    4. Maintain your in-house expertise, especially for all critical business services.
    5. Continuously monitor your vendors and update your risk assessments.

      If you want more detailed steps on how to get there, feel free to contact me.

    Create a Game Plan to Implement Cloud Backup the Right Way

    • Buy Link or Shortcode: {j2store}469|cart{/j2store}
    • member rating overall impact: 7.0/10 Overall Impact
    • member rating average dollars saved: $2,000 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • Cloud adoption is frequently driven by hype rather than careful consideration of the best-fit solution.
    • IT is frequently rushed into cloud adoption without appropriate planning.
    • Organizations frequently lack appropriate strategies to deal with cloud-specific backup challenges.
    • Insufficient planning for cloud backup can exacerbate problems rather than solving them, leading to poor estimates of the cost and effort involved, budget overruns, and failure to meet requirements.

    Our Advice

    Critical Insight

    • The cloud isn’t a magic bullet, but it tends to deliver the most value to organizations with specific use cases – frequently smaller organizations who are looking to avoid the cost of building or upgrading a data center.
    • Cloud backup does not necessarily reduce backup costs so much as it moves them around. Cloud backup distributes costs over a longer term. Organizations need to compare the difference in CAPEX and OPEX to determine if making the move makes financial sense.
    • The cloud can deliver a great deal of value for organizations who are looking to reduce the operational effort demanded by an existing tape library for second- or third-tier backups.
    • Data security risks in some cases may be overstated, depending on what on-premises security is available. However, targeting backup to the cloud introduces other risks that need to be considered before implementation is given the green light.

    Impact and Result

    • Understand if cloud backup is the right solution for actual organizational needs.
    • Make an informed decision about targeting backup to the cloud by considering the big picture TCO and effort level involved in adoption.
    • Have a ready strategy to mitigate the most common challenges with cloud adoption projects.
    • Develop a roadmap that lays out the required step-by-step to implement cloud backup.

    Create a Game Plan to Implement Cloud Backup the Right Way Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the benefits and risks of targeting backups to the cloud

    Build a plan to mitigate the risks associated with backing data up in the cloud.

    • Storyboard: Create a Game Plan to Implement Cloud Backup the Right Way

    2. Determine if the cloud can meet the organization's data requirements

    Assess if the cloud is a good fit for your organization’s backup data.

    • Cloud Backup Implementation Game Plan Tool

    3. Mitigate the Challenges of Backing Up to the Cloud

    Build a cloud challenge contingency plan.

    4. Build a Cloud Backup Implementation Roadmap

    Perform a gap analysis to determine cloud backup implementation initiatives.

    Infographic

    Workshop: Create a Game Plan to Implement Cloud Backup the Right Way

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Evaluate the business case for targeting backup at the cloud

    The Purpose

    Understand how cloud backup will affect backup and recovery processes

    Determine backup and recovery objectives

    Assess the value proposition of cloud backup

    Key Benefits Achieved

    A high-level understanding of the benefits of moving to cloud backup

    A best-fit analysis of cloud backup in comparison to organizational needs

    Activities

    1.1 Document stakeholder goals for cloud backup

    1.2 Document present backup processes

    1.3 Document ideal backup processes

    1.4 Review typical benefits of cloud backup

    Outputs

    Documented stakeholder goals

    Current backup process diagrams

    Ideal backup process diagram

    2 Identify candidate data sets and assess opportunities and readiness

    The Purpose

    Identify candidate data sets for cloud-based backup

    Determine RPOs and RTOs for candidate data sets

    Identify potential value specific to each data set for targeting backup at the cloud

    Evaluate organizational readiness for targeting backup at the cloud

    Key Benefits Achieved

    Documented recovery objectives

    Recommendations for cloud backup based on actual organizational needs and readiness

    Activities

    2.1 Document candidate data sets

    2.2 Determine recovery point and recovery time objectives for candidate data sets

    2.3 Identify potential value of cloud-based backup for candidate data sets

    2.4 Discuss the risk and value of cloud-based backup versus an on-premises solution

    2.5 Evaluate organizational readiness for cloud backup

    2.6 Identify data sets to move to the cloud

    Outputs

    Validated list of candidate data sets

    Specific RPOs and RTOs for core data sets

    An assessment of the value of cloud backup for data sets

    A tool-based recommendation for moving backups to the cloud

    3 Mitigate the challenges of backing up to the cloud

    The Purpose

    Understand different cloud provider models and their specific risks

    Identification of how cloud backup will affect IT infrastructure and personnel

    Strategize ways to mitigate the most common challenges of implementing cloud backup

    Understand the client/vendor relationship in cloud backup

    Understand the affect of cloud backup on data security

    Key Benefits Achieved

    Verified best-fit cloud provider model for organizational needs

    Verified strategy for meeting the most common challenges for cloud-based backup

    A strong understanding of how cloud backup will change IT

    Strategies for approaching vendors to ensure a strong footing in negotiations and clear expectations for the client/vendor relationship

    Activities

    3.1 Discuss the impact of cloud backup on infrastructure and IT environment

    3.2 Create a cloud backup risk contingency plan

    3.3 Document compliance and security regulations

    3.4 Identify client and vendor responsibilities for cloud backup

    3.5 Discuss and document the impact of cloud backup on IT roles and responsibilities

    3.6 Compile a list of implementation intiatives

    3.7 Evaluate the financial case for cloud backup

    Outputs

    Cloud risk assessment

    Documented contingency strategies for probabe risks

    Negotiation strategies for dealing with vendors

    A committed go/no-go decision on the value of cloud backup weighted against the effort of implementation

    4 Build a cloud backup implementation roadmap

    The Purpose

    Create a road map for implementing cloud backup

    Key Benefits Achieved

    Determine any remaining gaps between the present state and the ideal state for cloud backup

    Understand the steps and time frame for implementing cloud backup

    Allocate roles and responsibilities for the implementation intitiative

    A validated implementation road map

    Activities

    4.1 Perform a gap analysis to generate a list of implementation intiatives

    4.2 Prioritize cloud backup initiatives

    4.3 Assess risks and dependencies for critical implementation initiatives

    4.4 Assign ownership over implementation tasks

    4.5 Determine road map time frame and structure

    4.6 Populate the roadmap with cloud backup initiatives

    Outputs

    A validated gap analysis

    A prioritized list of cloud backup initiatives

    Documented dependencies and risks associated with implementation tasks

    A roadmap for targeting backups at the cloud

    Bring Visibility to Your Day-to-Day Projects

    • Buy Link or Shortcode: {j2store}444|cart{/j2store}
    • member rating overall impact: 9.8/10 Overall Impact
    • member rating average dollars saved: $9,649 Average $ Saved
    • member rating average days saved: 24 Average Days Saved
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • As an IT leader, you are responsible for getting new things done while keeping the old things running. These “new things” can come in many forms, e.g. service requests, incidents, and officially sanctioned PMO projects, as well as a category of “unofficial” projects that have been initiated through other channels.
    • These unofficial projects get called many things by different organizations (e.g. level 0 projects,BAU projects, non-PMO projects, day-to-day projects), but they all have the similar characteristics: they are smaller and less complex than larger projects or officially sanctioned projects; they are larger and more risky than operational tasks or incidents; and they are focused on the needs of a specific functional unit and tend to stay within those units to get done.
    • Because these day-to-day projects are small, emergent, team-specific, operationally vital, yet generally perceived as being strategically unimportant, top-level leadership has a limited understanding of them when they are approving and prioritizing major projects. As a result, they approve projects with no insight into how your team’s capacity is already stretched thin by existing demands.

    Our Advice

    Critical Insight

    • Senior leadership cannot contrast the priority of things that are undocumented. As an IT leader, you need to ensure day-to-day projects receive the appropriate amount of documentation without drowning your team in a process that the types of project don’t warrant.
    • Don’t bleed your project capacity dry by leaving the back door open. When executive oversight took over the strategic portfolio, we assumed they’d resource those projects as a priority. Instead, they focused on “alignment,” “strategic vision,” and “go to market” while failing to secure and defend the resource capacity needed. To focus on the big stuff, you need to sweat the small stuff.

    Impact and Result

    • Develop a method to consistently identify and triage day-to-day projects across functional teams in a standard and repeatable way.
    • Establish a way to balance and prioritize the operational necessity of day-to-day projects against the strategic value of major projects.
    • Build a repeatable process to document and report where the time goes across all given pockets of demand your team faces.

    Bring Visibility to Your Day-to-Day Projects Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should put more portfolio management structure around your day-to-day projects, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Uncover your organization’s hidden pockets of day-to-day projects

    Define an organizational standard for identifying day-to-day projects and triaging them in relation to other categories of projects.

    • Bring Visibility to Your Day-to-Day Projects – Phase 1: Uncover Your Organization’s Hidden Pockets of Day-to-Day Projects
    • Day-to-Day Project Definition Tool
    • Day-to-Day Project Supply/Demand Calculator

    2. Establish ongoing day-to-day project visibility

    Build a process for maintaining reliable day-to-day project supply and demand data.

    • Bring Visibility to Your Day-to-Day Projects – Phase 2: Establish Ongoing Day-to-Day Project Visibility
    • Day-to-Day Project Process Document
    • Day-to-Day Project Intake and Prioritization Tool
    [infographic]

    Workshop: Bring Visibility to Your Day-to-Day Projects

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Analyze the Current State of Day-to-Day Projects

    The Purpose

    Assess the current state of project portfolio management and establish a realistic target state for the management of day-to-day projects.

    Key Benefits Achieved

    Realistic and well-informed workshop goals.

    Activities

    1.1 Begin with introductions and workshop expectations activity.

    1.2 Perform PPM SWOT analysis.

    1.3 Assess pain points and analyze root causes.

    Outputs

    Realistic workshop goals and expectations

    PPM SWOT analysis

    Root cause analysis

    2 Establish Portfolio Baselines for Day-to-Day Projects

    The Purpose

    Establish a standard set of baselines for day-to-day projects that will help them to be identified and managed in the same way across different functional teams.

    Key Benefits Achieved

    Standardization of project definitions and project value assessments across different functional teams.

    Activities

    2.1 Formalize the definition of a day-to-day project and establish project levels.

    2.2 Develop a project value scorecard for day-to-day projects.

    2.3 Analyze the capacity footprint of day-to-day projects.

    Outputs

    Project identification matrix

    Project value scorecard

    A capacity overview to inform baselines

    3 Build a Target State Process for Day-to-Day Projects

    The Purpose

    Establish a target state process for tracking and monitoring day-to-day projects at the portfolio level.

    Key Benefits Achieved

    Standardization of how day-to-day projects are managed and reported on across different functional teams.

    Activities

    3.1 Map current state workflows for the intake and resource management practices (small and large projects).

    3.2 Perform a right-wrong-missing-confusing analysis.

    3.3 Draft a target state process for the initiation of day-to-day projects and for capacity planning.

    Outputs

    Current state workflows

    Right-wrong-missing-confusing analysis

    Target state workflows

    4 Prepare to Implement Your New Processes

    The Purpose

    Start to plan the implementation of your new processes for the portfolio management of day-to-day projects.

    Key Benefits Achieved

    An implementation plan, complete with communication plans, timelines, and goals.

    Activities

    4.1 Perform a change impact and stakeholder management analysis.

    4.2 Perform a start-stop-continue activity.

    4.3 Define an implementation roadmap.

    Outputs

    Change impact and stakeholder analyses

    Start-stop-continue retrospective

    Implementation roadmap

    The Accessibility Business Case for IT

    • Buy Link or Shortcode: {j2store}519|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Lead
    • Parent Category Link: /lead
    • Laws requiring digital accessibility are changing and differ by location.
    • You need to make sure your digital assets, products, and services (internal and external) are accessible to everyone, but getting buy-in is difficult.
    • You may not know where your gaps in understanding are because conventional thinking is driven by compliance and risk mitigation.

    Our Advice

    Critical Insight

    • The longer you put off accessibility, the more tech debt you accumulate and the more you risk losing access to new and existing markets. The longer you wait to adopt standards and best practices, the more interest you’ll accumulate on accessibility barriers and costs for remediation.
    • Implementing accessibility feels counterintuitive to IT departments. IT always wants to optimize and move forward, but with accessibility you may stay at one level for what feels like an uncomfortably long period. Don’t worry; building consistency and shifting culture takes time.
    • Accessibility goes beyond compliance, which should be an outcome, not the objective. With 1 billion people worldwide with some form of disability, nearly everyone likely has a connection to disability, whether it be in themselves, family, or colleagues. The market of people with disabilities has a spending power of more than $6 trillion (WAI, 2018).

    Impact and Result

    • Take away the overwhelm that many feel when they hear “accessibility” and make the steps for your organization approachable.
    • Clearly communicate why accessibility is critical and how it supports the organization’s key objectives and initiatives.
    • Understand your current state related to accessibility and identify areas for key initiatives to become part of the IT strategic roadmap.

    The Accessibility Business Case for IT Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. The Accessibility Business Case for IT – Clearly communicate why accessibility is critical and how it supports the organization’s key objectives and initiatives.

    A step-by-step approach to walk you through understanding your current state related to accessibility maturity, identifying your desired future state, and building your business case to seek buy-in. This storyboard will help you figure out what’s right for your organization and build the accessibility business case for IT.

    • The Accessibility Business Case for IT – Phases 1-3

    2. Accessibility Business Case Template – A clear, concise, and compelling business case template to communicate the criticality of accessibility.

    The business case for accessibility is strong. Use this template to communicate to senior leaders the benefits, challenges, and risks of inaction.

    • Accessibility Business Case Template

    3. Accessibility Maturity Assessment – A structured tool to help you identify your current accessibility maturity level and identify opportunities to ensure progress.

    This tool uses a capability maturity model framework to evaluate your current state of accessibility. Maturity level is assessed on three interconnected aspects (people, process, and technology) across six dimensions proven to impact accessibility. Complete the assessment to get recommendations based on where you’re at.

    • Accessibility Maturity Assessment

    Infographic

    Further reading

    The Accessibility Business Case for IT

    Accessibility goes beyond compliance

    Analyst Perspective

    Avoid tech debt related to accessibility barriers

    Accessibility is important for individuals, businesses, and society. Diverse populations need diverse access, and it’s essential to provide access and opportunity to everyone, including people with diverse abilities. In fact, access to information and communications technologies (ICT) is a basic human right according to the United Nations.

    The benefits of ICT accessibility go beyond compliance. Many innovations that we use in everyday life, such as voice activation, began as accessibility initiatives and ended up creating a better lived experience for everyone. Accessibility can improve user experience and satisfaction, and it can enhance your brand, drive innovation, and extend your market reach (WAI, 2022).

    Although your organization might be required by law to ensure accessibility, understanding your users’ needs and incorporating them into your processes early will determine success beyond just compliance.

    Heather Leier-Murray, Senior Research Analyst, People and Leadership

    Heather Leier-Murray
    Senior Research Analyst, People and Leadership
    Info-Tech Research Group

    Executive Summary

    Your Challenge Common Obstacles Info-Tech’s Approach

    Global IT and business leaders are challenged to make digital products and services accessible because inaccessibility comes with increasing risk to brand reputation, legal ramifications, and constrained market reach.

    • Laws requiring digital accessibility are changing and differ by location.
    • You need to make sure your digital assets, products, and services (internal and external) are accessible to everyone.
    • The cost of inaction is rising.

    Understanding where to start, where accessibility lives, and if or when you’re done can be overwhelmingly difficult.

    • Executive leadership buy-in is difficult to get.
    • Conventional thinking is driven by compliance and risk mitigation.
    • You don’t know where your gaps in understanding are.

    Conventional approaches to accessibility often fail because users are expected to do the hard work. You have to be doing 80% of the hard work.1

    Use Info-Tech’s research and resources to do what’s right for your organization. This framework takes away the overwhelm that many feel when they hear “accessibility” and makes the steps for your organization approachable.

    • Clearly communicate why accessibility is critical and how it supports the organization’s key objectives and initiatives.
    • Understand your current state related to accessibility and identify areas for key initiatives to become part of the IT strategic roadmap.

    1. Harvard Business Review, 2021

    Info-Tech Insight
    The longer you put off accessibility, the more tech debt you accumulate and the more you risk losing access to new and existing markets. The longer you wait to adopt standards and best practices, the more interest you’ll accumulate on accessibility barriers and costs for remediation.

    Your challenge

    This research is designed to help organizations who are looking to:

    • Build a business case for accessibility.
    • Ensure that digital assets, products, and services are accessible to everyone, internally and externally.
    • Support staff and build skills to support the organization with accessibility and accommodation.
    • Get assistance figuring out where to start on the road to accessibility compliance and beyond.

    The cost of inaction related to accessibility is rising. Preparing for accessibility earlier helps prevent tech debt; the longer you wait to address your accessibility obligations, the more costly it gets.

    More than 3,500 digital accessibility lawsuits were filed in the US in 2020, up more than 50% from 2018.

    Source: UsableNet. Inc.

    Common obstacles

    These barriers make accessibility difficult to address for many organizations:

    • You don’t know where your gaps in understanding are. Recognizing the importance of accessibility and how it fits into the bigger picture is key to developing buy-in.
    • Too often organizations focus on mitigating risk by being compliance driven. Shifting focus to the user experience, internally and externally, will realize better results.
    • Conventional approaches to accessibility often fail because the expectation is for users to do the hard work. One in five people have a permanent disability, but it’s likely everyone will be faced with some sort of disability at some point in their lives.1 Your organization has to be doing at least 80% of the hard work.2
    • Other types of compliance reside clearly with one area of the organization. Accessibility, however, has many homes: IT, user experience (UX), customer experience (CX), and even HR.

    1. Smashing Magazine

    2. Harvard Business Review, 2021

    90% of companies claim to prioritize diversity.

    Source: Harvard Business Review, 2020

    Only 4% of those that claim to prioritize diversity consider disability in those initiatives.

    Source: Harvard Business Review, 2020

    The four principles of accessibility

    WCAG (Web Content Accessibility Guidelines) identifies four principles of accessibility. WCAG is the most referenced standard in website accessibility lawsuits.

    The four principles of accessibility

    Source: eSSENTIAL Accessibility, 2022

    Why organizations address accessibility

    Top three reasons:

    61% 62% 78%
    To comply with laws To provide the best UX To include people with disabilities

    Source: Level Access

    Still, most businesses aren’t meeting compliance standards. Even though legislation has been in place for over 30 years, a 2022 study by WebAIM of 1,000,000 homepages returned a 96.8% WCAG 2.0 failure rate.

    Source: Institute for Disability Research, Policy, and Practice

    How organizations prioritize digital accessibility

    43% rated it as a top priority.

    36% rated it as important.

    Fewer than 5% rated as either low priority or not even on the radar.

    More than 65% agreed or strongly agreed it’s a higher priority than last year.

    Source: Angel Business Communications

    Organizations expect consumers to do more online

    The pandemic led to many businesses going digital and more people doing things online.

    Chart of activities performed more often compared to before COVID-19

    Chart of activities performed for the first time during COVID-19

    Source: Statistics Canada

    Disability is part of being human

    Merriam-Webster defines disability as a “physical, mental, cognitive, or developmental condition that impairs, interferes with, or limits a person’s ability to engage in certain tasks or actions or participate in typical daily activities and interactions.”1

    The World Health Organization (WHO) points out that a crucial part of the definition of disability is that it’s not just a health problem, but the environment impacts the experience and extent of disability. Inaccessibility creates barriers for full participation in society.2

    The likelihood of you experiencing a disability at some point in your life is very high, whether a physical or mental disability, seen or unseen, temporary or permanent, severe or mild.2

    Many people acquire disabilities as they age yet may not identify as “a person with a disability.”3 Where life expectancies are over 70 years of age, 11.5% of life is spent living with a disability. 4

    “Extreme personalization is becoming the primary difference in business success, and everyone wants to be a stakeholder in a company that provides processes, products, and services to employees and customers with equitable, person-centered experiences and allows for full participation where no one is left out.”
    – Paudie Healy, CEO, Universal Access

    1. Merriam-Webster
    2. World Health Organization
    3. Digital Leaders, as cited in WAI, 2018
    4. Disabled World, as cited in WAI, 2018

    Untapped talent resource

    Common myths about people with disabilities:

    • They can’t work.
    • They need more time off or are absent more often.
    • Only basic, unskilled work is appropriate for them.
    • Their productivity is lower than that of coworkers.
    • They cost more to recruit, train, and employ.
    • They decrease others’ productivity.
    • They’re not eligible for governmental financial incentives (e.g. apprentices).
    • They don’t fit in.

    These assumptions prevent organizations from hiring valuable people into the workforce and retaining them.

    Source: Forbes

    50% to 70% of people with disabilities are unemployed in industrialized countries. In the US alone, 61 million adults have a disability.

    Source: United Nations, as cited in Forbes

    Thought Model

    Info-Tech’s methodology for the accessibility business case for IT

    1. Understand Current State 2. Plan for Buy-in 3. Prepare Your Business Case
    Phase Steps
    1. Understand standards and legislation
    2. Build awareness
    3. Understand current accessibility maturity level Define desired future state
    1. Define desired future state
    2. Define goals and objectives
    3. Document roles and responsibilities
    1. Customize and populate the Accessibility Business Case Template and gain approval
    2. Validate post-approval steps and establish timelines
    Phase Outcomes
    • Accessibility maturity assessment
    • Accessibility drivers determined
    • Goals defined
    • Objectives identified
    • Roles and responsibilities documented
    • Business case drafted
    • Approval to move forward with implementing your accessibility program
    • Next steps and timelines

    Insight Summary

    Insight 1 The longer you put off accessibility, the more tech debt you accumulate and the more you risk losing access to new and existing markets. The longer you wait to adopt standards and best practices, the more interest you’ll accumulate on accessibility barriers and costs for remediation.
    Insight 2 Implementing accessibility feels counterintuitive to IT departments. IT always wants to optimize and move forward, but with accessibility you may stay at one level for what feels like an uncomfortably long period. Don’t worry; building consistency and shifting culture takes time.
    Insight 3 Accessibility goes beyond compliance, which should be an outcome, not the objective. With 1 billion people worldwide with some form of disability, nearly everyone likely has a connection to disability, whether it be in themselves, family, or colleagues. The market of people with disabilities has a spending power of more than $6 trillion.1

    1. WAI, 2018

    Blueprint deliverables

    This blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    Accessibility Business Case Template

    The business case for accessibility is strong. Use this template to communicate to senior leaders the benefits and challenges of accessibility and the risks of inaction.

    Accessibility Maturity Assessment

    Use this assessment to understand your current accessibility maturity.

    Blueprint benefits

    Business Benefits IT Benefits
    • Don’t lose out on a 6-trillion-dollar market.
    • Don’t miss opportunities to work with organizations because you’re not accessible.
    • Enable and empower current employees with disabilities.
    • Minimize potential for negative brand reputation due to a lack of consideration for people with disabilities.
    • Decrease the risk of legal action being brought upon the organization.
    • Understand accessibility and know your role in it for your organization and your team members.
    • Be prepared and able to provide the user experience you want.
    • Decrease tech debt – start early to ensure accessibility for everyone.
    • Access an untapped labor market.
    • Mitigate IT retention challenges.

    Measure the value of this blueprint

    Improve stakeholder satisfaction and engagement

    • Tracking measures to understand the value of this blueprint is a critical part of the process.
    • Monitor employee engagement, overall stakeholder satisfaction with IT, and the overall end-customer satisfaction.
    • Remember, accessibility is not a one-and-done project – just because measures are positive does not mean your work is done.

    In phase 2 of this blueprint, we will help you establish current-state and target-state metrics for your organization.

    Suggested Metrics
    Overall end-customer satisfaction
    Monies saved through cost optimization efforts
    Employee engagement
    Monies save through application rationalization and standardization

    For more metrics ideas, see the Info-Tech IT Metrics Library.

    Executive Brief Case Study

    INDUSTRY
    Technology

    SOURCE
    W3C Web Accessibility Initiative (WAI), 2018

    Google

    Investing in accessibility
    With an innovative edge, Google invests in accessibility with the objective of making life easier for everyone. Google has created a broad array of accessibility innovations in its products and services so that people with disabilities get as much out of them as anyone else.

    Part of Google’s core mission, accessibility means more to Google than implementing fixes. It is viewed positively by the organization and drives it to be more innovative to make information available to everyone. Google approaches accessibility problems not as barriers but as ways to innovate and discover breakthroughs that will become mainstream in the future.

    Results
    Among Google’s innovations are contrast minimums, auto-complete, voice-control, AI advances, and machine learning auto-captioning. All of these were created for accessibility purposes but have positively impacted the user experience in general for Google.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 4 to 6 calls over the course of 2 to 4 months.

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1: Discuss motivation for the initiative and foundational knowledge requirements.

    Call #2: Discuss next steps to assess current accessibility maturity.

    Call #3: Discuss stakeholder engagement and future-state analysis.

    Call #4: Discuss defining goals and objectives, along with roles and responsibilities.

    Call #5: Review draft business case presentation.

    Call #6: Discuss post-approval steps and timelines.

    Phase 1

    Understand Your Current State

    Phase 1
    1.1 Understand standards and legislation
    1.2 Build awareness
    1.3 Understand maturity level

    Phase 2
    2.1 Define desired future state
    2.2 Define goals and objectives
    2.3 Document roles and responsibilities

    Phase 3
    3.1 Prepare business case template for presentation and approval
    3.2 Validate post-approval steps and establish timelines

    The Accessibility Business Case for IT

    This phase will walk you through the following activities:

    • Identifying and understanding accessibility and compliance requirements and the ramifications of noncompliance.
    • Defining accessibility, disability, and disability inclusion and building awareness of these with senior leaders.
    • Completing the Accessibility Maturity Assessment to help you understand your current state.

    Step 1.1

    Understand standards and legislation

    Activities

    1.1.1 Make a list of the legislation you need to comply with

    1.1.2 Seek legal and/or professional services’ input on compliance

    1.1.3 Detail the risks of inaction for your organization

    Understand Your Current State

    Outcomes of this step
    You will gain foundational understanding of the breadth of the regulation requirements for your organization. You will have reviewed and understand what is applicable to your organization.

    The regulatory landscape is evolving

    Canada

    • Canadian Human Rights Act
    • Policy on Communications and Federal Identity
    • Canadian Charter of Rights and Freedoms
    • Accessibility for Ontarians with Disabilities Act
    • Accessible Canada Act of 2019 (ACA)

    Europe

    • UK Equality Act 2010
    • EU Web and Mobile Accessibility Directive (2016)
    • EN 301 549 European Standard – Accessibility requirements for public procurement of ICT products and services

    United States

    • Section 508 of the US Rehabilitation Act of 1973
    • Americans with Disabilities Act of 1990 (ADA)
    • Section 255 of the Telecommunications Act of 1996
    • Air Carrier Access Act of 1986
    • 21st Century Communications and Video Accessibility Act of 2010 (CVAA)

    New Zealand

    • Human Rights Act 1993
    • Online Practice Guidelines for Government

    Australia

    • Disability Discrimination Act 1992 (DDA)

    Regulatory systems are moving toward an international standard.

    1.1.1 Make a list of the legislation you need to comply with

    1. Download the Accessibility Business Case Template.
    2. Conduct research and investigate what legislation and standards are applicable to your organization.
      3. a) Start by looking at your local legislation.
      b) Then consider any other regions you conduct business in.
      c) Also account for the various industries you are in.
    3. While researching, build a list of legislation requirements. Document these in your Accessibility Business Case Template as part of the Project Context section.
    Input Output
    • Research
    • Websites
    • Articles
    • List of legislation that applies to the organization related to accessibility
    Materials Participants
    • Accessibility Business Case Template
    • Project leader/initiator

    Download the Accessibility Business Case Template

    1.1.2 Seek professional advice on compliance

    1. Have general counsel review your list of regulations and standards related to accessibility or seek legal and/or professional support to review your list.
    2. Review or research further the implications of any suggestions from legal counsel.
    3. Make any updates to the Legal Landscape slide in the Accessibility Business Case Template.
    Input Output
    • Compiled list of applicable legislation and standards
    • Confirmed list of regulations that are applicable to your organization related to accessibility
    Materials Participants
    • Accessibility Business Case Template
    • Project leader/initiator
    • General counsel/professional services

    Download the Accessibility Business Case Template

    Ramifications of noncompliance

    Go beyond financial consequences

    Beyond the costs resulting from a claim, noncompliance can damage your organization in several ways.

    Financial Impact

    ADA Warning Shot: A complaint often indicates pending legal action to come. Addressing issues on a reactive, ad hoc basis can be quite expensive. It can cost almost $10,000 to address a single complaint, and chances are if you have one complaint, you have many.

    Lawsuit Costs: In the US, 265,000 demand letters were sent in 2020 under the ADA for inaccessible websites. On average, a demand letter could cost the company $25,000 (conservatively). These are low-end numbers; another estimate is that a small, quickly settled digital accessibility lawsuit could cost upwards of $350,000 for the defendant.

    Non-Financial Impact

    Reputational Impact: Claims brought upon a company can bring negative publicity with them. In contrast, having a clear commitment to accessibility demonstrates inclusion and can enhance brand image and reputation. Stakeholder expectations are changing, and consumers, investors, and employees alike want to support businesses with a purpose.

    Technology Resource Strains: Costly workarounds and ad hoc accommodation processes take away from efficiency and effectiveness. Updates and redesigns for accessibility and best practices will reduce costs associated with maintenance and service, including overall stakeholder satisfaction improvements.

    Access to Talent: 2022 saw a record high number of job openings, over 11.4 million in the US alone. Ongoing labor shortages require eliminating bias and keeping an open mind about who is qualified.

    Source: May Hopewell

    In the last four years, 83% of the retail 500 have been sued. Since 2018, 417 of the top 500 have received ADA-based digital lawsuits.

    Source: UsableNet

    1.1.3 Detail the risks of inaction for your organization

    1. Using the information that you’ve gathered through your research and legal/professional advice, detail the risks of inaction for your organization.
      2. a) Consider legal risks, consumer risks, brand risks, and employee risks. (Remember, risks aren’t just monetary.)
    2. Document the risks in your Accessibility Business Case Template.
    InputOutput
    • List of applicable legislation and standards
    • Information about risks
    • Identified accessibility maturity level
    MaterialsParticipants
    • Accessibility Business Case Template
    • Project leader/initiator

    Download the Accessibility Business Case Template

    Step 1.2

    Build awareness of accessibility and disability inclusion

    Activities

    1.2.1 Identify gaps in understanding

    1.2.2 Brainstorm how to reframe accessibility positively

    Understand Your Current State

    Outcomes of this step
    You’ll have a better understanding of accessibility so that you can effectively implement and promote it.

    Where to look for understanding

    First-hand experience of how people with disabilities interact with your organization is often eye-opening. It will help you understand the benefits and value of accessibility.

    Where to look for understanding

    • Talk with people you know with disabilities that are willing to share.*
    • Find role-specific training that’s appropriate.
    • Research. Articles and videos are easy to find.
    • Set up assistive technology trials.
    • Seek out first-hand experience from people with disabilities and how they work and use digital assets.

    Source: WAI, 2016

    * Remember, people with disabilities aren't obligated to discuss or explain their disabilities and may not be comfortable sharing. If you're asking for their time, be respectful, only ask if appropriate, and accept a "no" answer if the person doesn't wish to assist.

    1.2.1 Identify gaps in understanding

    Find out what accessibility is and why it is important. Learn the basics.

    1. Using the information that you’ve gathered through your research and legal counsel, conduct further research to understand the importance of accessibility.
    2. Answer these questions:
      3. a) What is accessibility? Why is it important?
      b) From the legislation and standards identified in step 1.1, what gaps exist?
      c) What is the definition of disability?
      d) How does your organization currently address accessibility?
      e) What are your risks?
      f) Do you have any current employees who have disabilities?
    3. Review the previous slide for suggestions on where to find more information to answer the above questions.
    4. Document any changes to the risks in your Accessibility Business Case Template.
    InputOutput
    • Articles
    • Interviews
    • Websites
    • Greater understanding of the lived experience of people with disabilities
    MaterialsParticipants
    • Articles
    • Websites
    • Accessibility Business Case Template
    • Project leader/initiator

    Download the Accessibility Business Case Template

    Reframe accessibility as a benefit, not a burden

    A clear understanding of accessibility and the related standards and regulations can turn accessibility from something big and scary to an achievable part of the business.

    The benefits of accessibility are:

    Market Reach Minimized Legal Risks Innovation Retention
    Over 1 billion people with a spending power of $6 trillion make up the global market of people with disabilities.1 Accessibility improves the experience for all users. In addition, many organizations require you to provide proof you meet accessibility standards during the RFP process. Accessibility regulations are changing, and claims are rising. Costs associated with legal proceedings can be more than just financial. Many countries have laws you need to follow. People with disabilities bring diversity of thought, have different lived experiences, and benefit inclusivity, which helps drive engagement. Plus accessibility features often solve unanticipated problems. Employing and supporting people with disabilities can reduce turnover and improve retention, reliability, company image, employee loyalty, ability awareness, and more.

    Source 1: WAI, 2018

    1.2.2 Brainstorm ways to reframe accessibility positively

    1. Using the information that you’ve gathered through your research, brainstorm additional positives of accessibility for your organization.
    2. Clearly identify the problem you want to solve (e.g., reframing accessibility positively in your organization).
    3. Collect any tools you want to use to during brainstorming (e.g., whiteboard, markers, sticky notes)
    4. Write down all the ideas that come to mind.
    5. Review all the points and group them into themes.
    6. Update the Accessibility Business Case Template with your findings.
    InputOutput
    • Research you have gathered
    • List of ways to positively reframe accessibility for your organization
    MaterialsParticipants
    • Sticky notes, whiteboard, pens, paper, markers.
    • Accessibility Business Case Template
    • Project leader/initiator

    Download the Accessibility Business Case Template

    Make it part of the conversation

    A first step to disability and accessibility awareness is to talk about it. When it is talked about as freely as other things are in the workplace, this can create a more welcoming workplace.

    Accessibility goes beyond physical access and includes technological access and support as well as our attitudes.

    Accessibility is making sure everyone (disabled or abled) can access the workplace equally.

    Adjustments in the workplace are necessary to create an accessible and welcoming environment. Understanding the three dimensions of accessibility in the workplace is a good place to start.

    Source: May Hopewell

    Three dimensions of accessibility in the workplace

    Three dimensions of accessibility in the workplace

    Case Study

    INDUSTRY
    Professional Services

    SOURCE
    Accenture

    Accenture takes an inclusive approach to increase accessibility.

    Accessibility is more than tools

    Employee experience was the focus of embarking on the accessibility journey, ensuring inclusivity was built in and every employee was able to use the tools they needed and could achieve their goals.

    "We are removing barriers in technology to make all of our employees, regardless of their ability, more productive.”
    — Melissa Summers, Managing Director – Global IT, Corporate Technology, Accenture

    Accessibility is inclusive

    The journey began with formalizing a Global IT Accessibility practice and defining an accessibility program charter. This provided direction and underpinned the strategy used to create a virtual Accessibility Center of Excellence and map out a multiyear plan of initiatives.

    The team then identified all the technologies they wanted to enhance by prioritizing ones that were high use and high impact. Involving disability champions gave insight into focus areas.

    Accessibility is innovation

    Working with partners like Microsoft and over 100 employees, Accenture continues toward the goal of 75% accessibility for all its global high-traffic internal platforms.

    Achievements thus far include:

    • 100% of new Accenture video and broadcast content is automatically captioned.
    • Accenture received a perfect Disability Equality Index (US) score of 100 out of 100 for 2017, 2018, and 2019.

    Step 1.3

    Understand your current accessibility maturity level

    Activities

    1.3.1 Complete the Accessibility Maturity Assessment

    Understand Your Current State

    Outcomes of this step
    Completed Accessibility Maturity Assessment to inform planning for and building your business case in Phases 2 and 3.

    Know where you are to know where to go

    Consider accessibility improvements from three interconnected aspects to determine current maturity level

    Accessibility Maturity

    People

    • Consider employee, customer, and user experience.

    Process

    • Review processes to ensure accessibility is considered early.

    Technology

    • Whether it’s new or existing, technology is an important tool to increase accessibility.

    Accessibility maturity levels

    INITIAL DEVELOPING DEFINED MANAGED OPTIMIZE
    At this level, accessibility processes are mostly undocumented, if they exist. Accessibility is most likely happening on a reactive, ad hoc basis. No one understands who is responsible for accessibility or what their role is. At this stage the organization is driven by the need for compliance. At the developing level, the organization is taking steps to increase accessibility but still has a lot of opportunity for improvements. The organization is defining and refining processes and is working toward building a library of assistive tools. At this level, processes related to accessibility are repeatable. However, there’s a tendency to resort to old habits under stress. The organization has tools in place to facilitate accommodation requests and technology is compatible with assistive technologies. Accessibility initiatives are driven by the desire to make the user experience better. The managed level is defined by its effective accessibility controls, processes, and metrics. The organization can mostly anticipate preferences of customers, employees, and users. The roles and responsibilities are defined, and disability is included as part of the organization’s diversity, equity, and inclusion (DEI) initiatives. This level is not the goal for all organizations. At this level there is a shift in the organization’s culture to a feeling of belonging. The organization also demonstrates ongoing process improvements. Everyone can experience a seamless interaction with the organization. The focus is on continuous improvement and using feedback to inform future initiatives.

    Determine your level of maturity

    Use Info-Tech’s Accessibility Maturity Assessment

    • On the accessibility questionnaire, tab 2, choose how much the statements apply to your organization. Answer the questions based on your knowledge of your current state organizationally.
    • Once you’ve answered all the questions, see the results on the tab 3, Accessibility Results. You can see your overall maturity level and the maturity level for each of six dimensions that are necessary to increase the success of an accessibility program.
    • Click through to tab 4, Recommendations, to see specific recommendations based on your results and proven research to progress through the maturity levels. Keep in mind that not all organizations will or should aspire to the “Optimize” maturity level.

    1.3.1 Complete the Accessibility Maturity Assessment

    1. Download the Accessibility Maturity Assessment and save it with the date so that as you work on your accessibility program, you can reassess later and track your progress.
    2. Once you have saved the assessment, select the appropriate answer for each statement on tab 2, Accessibility Questions, based on your knowledge of the organization’s approach.
    3. After reviewing all the accessibility statements, see your maturity level results on tab 3, Accessibility Results. Then see tab 4, Recommendations, for suggestions based on your answers.
    4. Document your accessibility maturity results in your Accessibility Business Case Template.
    Input Output
    • Assess your current state of accessibility by choosing all the statements that apply to your organization
    • Identified accessibility maturity level
    Materials Participants
    • Accessibility Maturity Assessment
    • Accessibility Business Case Template
    • Project leader/sponsor
    • IT leadership team

    Download the Accessibility Business Case Template

    Phase 2

    Plan for Senior Leader Buy-In

    Phase 1
    1.1 Understand standards and legislation
    1.2 Build awareness
    1.3 Understand maturity level

    Phase 2
    2.1 Define desired future state
    2.2 Define goals and objectives
    2.3 Document roles and responsibilities

    Phase 3
    3.1 Prepare business case template for presentation and approval
    3.2 Validate post-approval steps and establish timelines

    The Accessibility Business Case for IT

    This phase will walk you through the following activities:

    • Defining your desired future state.
    • Determining your accessibility program goals and objectives.
    • Clarifying and documenting roles and responsibilities related to accessibility in IT.

    This phase involves the following participants:

    • Project lead/sponsor
    • IT leadership team
    • Senior leaders/decision makers

    Step 2.1

    Define the desired future state of accessibility

    Activities

    2.1.1 Identify key stakeholders

    2.1.2 Hold a key stakeholder focus group

    2.1.3 Conduct a future-state analysis

    Outcomes of this step
    Following this step, you will have identified your aspirational maturity level and what your accessibility future state looks like for your organization.

    Plan for Senior Leader Buy-In

    Cheat sheet: Identify stakeholders

    Ask stakeholders, “Who else should I be talking to?” to discover additional stakeholders and ensure you don’t miss anyone.

    Identify stakeholders through the following questions:
    • Who in areas of influence will be adversely affected by potential environmental and social impacts of what you are doing?
    • At which stage will stakeholders be most affected (e.g. procurement, implementation, operations, decommissioning)?
    • Will other stakeholders emerge as the phases are started and completed?
    • Who is sponsoring the initiative?
    • Who benefits from the initiative?
    • Who is negatively impacted by the initiative?
    • Who can make approvals?
    • Who controls resources?
    • Who has specialist skills?
    • Who implements the changes?
    • Who are the owners, governors, customers, and suppliers of impacted capabilities or functions?
    Take a 360-degree view of potential internal and external stakeholders who might be impacted by the initiative.
    • Executives
    • Peers
    • Direct reports
    • Partners
    • Customers
    • Subcontractors
    • Subcontractors
    • Contractors
    • Lobby groups
    • Regulatory agencies

    Categorize your stakeholders with a stakeholder prioritization map

    A stakeholder prioritization map helps teams categorize their stakeholders by their level of influence and ownership.

    There are four areas in the map, and the stakeholders within each area should be treated differently.

    Players – Players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.

    Mediators – Mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.

    Noisemakers – Noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.

    Spectators – Generally, spectators are apathetic and have little influence over or interest in the initiative.

    Stakeholder prioritization map

    Define strategies for engaging stakeholders by type

    Each group of stakeholders draws attention and resources away from critical tasks.

    By properly identifying your stakeholder groups, you can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of the Mediators and Players are met.

    Type Quadrant Actions
    Players High influence, high interest Actively Engage
    Keep them engaged through continuous involvement. Maintain their interest by demonstrating their value to its success.
    Mediators High influence, low interest Keep Satisfied
    They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust, and include them in important decision-making steps. In turn, they can help you influence other stakeholders.
    Noisemakers Low influence, high interest Keep Informed
    Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
    Spectators Low influence, low interest Monitor
    They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    2.1.1 Identify key stakeholders

    Collect this information by:

    1. List direct stakeholders for your area. Include stakeholders across the organization (both IT and business units) and externally.
    2. Create a stakeholder map to capture your stakeholders’ interest in and influence on digital accessibility.
    3. Shortlist stakeholders to invite as focus group participants in activity 2.1.2.
      • Aim for a combination of Players, Mediators, and Noisemakers.
    Input Output
    • List of stakeholders
    • Stakeholder requirements
    • A stakeholder map
    • List of stakeholders to include in the focus group in step 2.1.2
    Materials Participants
    • Sticky notes, pens, whiteboard, markers (optional)
    • Project leader/sponsor

    Hold a focus group to initiate planning

    Involve key stakeholders to determine the organizational drivers of accessibility, identify target maturity and key performance indicators (KPIs), and ultimately build the project charter.

    Building the project charter as a group will help you to clarify your key messages and secure buy-in from critical stakeholders up-front, which is key.

    Executing the business case for accessibility requires significant involvement from your IT leadership team. The challenge is that accessibility can be overwhelming because of inherent bias. Members of your IT leadership team will also need to participate in knowledge transfer, so get them involved up-front. The focus group will help stakeholders feel more engaged in the project, which is pivotal for success.

    You may feel like a full project charter isn’t necessary, and depending on your organizational size, it might not be. However, the exercise of building the charter is important regardless. No matter your current climate, some level of socializing the value of and plans for accessibility will be necessary.

    Meeting Agenda

    1. Short introduction
      Led by: Project Sponsor
      • Why the initiative is being considered.
    2. Make the case for the project
      Led by: Project Manager
      • Current state: What does the initiative address?
      • Future state: What is our target state of maturity?
    3. Success criteria
      Led by: Project Manager
      • How will success be measured?
    4. Define the project team
      Led by: Project Manager
      • Description of planned approach.
      • Stakeholder assessment.
      • What is required of the sponsor and stakeholders?
    5. Determine next steps
      Led by: Project Manager

    2.1.2 Hold a stakeholder focus group

    Identify the pain points you want to resolve and some of the benefits that you’d like to see from a program. By doing so, you’ll get a holistic view of what you need to achieve and what your drivers are.

    1. Ask the working group participants (as a whole or in smaller groups) to discuss pain points created by inaccessibility.
      • Challenges related to stakeholders.
      • Challenges created by process issues.
      • Difficulties improving accessibility practices.
    2. Discuss opportunities to be gained from improving these practices.
    3. Have participants write these down on sticky notes and place them on a whiteboard or flip chart.
    4. Review all the points as a group. Group challenges and benefits into themes.
    5. Have the group prioritize the risks and benefits in terms of what the solution must have, should have, could have, and won’t have.
    Input Output
    • Reasons for the project
    • Stakeholder requirements
    • Pain points and risks
    • A prioritized list of risks and benefits of the solution
    Materials Participants
    • Agenda (see previous slide)
    • Sticky notes, pens, whiteboard, markers (optional)
    • IT leadership
    • Other key stakeholders

    While defining future state, consider your drivers

    The Info-Tech Accessibility Maturity Framework identifies three key strategic drivers: compliance, experience, and incorporation.

    • Over 30% of organizations are focused on compliance, according to a 2022 survey by Harvard Business Review and Slack’s Future Forum. The survey asked more than 10,000 workers in six countries about their organizations’ approach to DEI.2

    Even though 90% of companies claim to prioritize diversity,1 over 30% are focused on compliance.2

    1. Harvard Business Review, 2020
    2. Harvard Business Review, 2022

    31.6% of companies remain in the Compliant stage, where they are focused on DEI compliance and not on integrating DEI throughout the organization or on creating continual improvement.

    Source: Harvard Business Review, 2022

    Align the benefits of program drivers to organizational goals or outcomes

    Although there will be various motivating factors, aligning the drivers of your accessibility program provides direction to the program. Connecting the advantages of program drivers to organizational goals builds the confidence of senior leaders and decision makers, increasing the continued commitment to invest in accessibility programming.

    Drivers Compliance Experience Incorporation
    Maturity level Initial Developing Defined Managed Optimized
    Description Any accessibility initiative is to comply with the minimum legislated requirement. Desire to avoid/decrease legal risk. Accessibility initiatives are focused on improving the experience of everyone from the start. Most organizations will be experience driven. Desire to increase accessibility and engagement. Accessibility is a seamless part of the whole organization and initiatives are focused on impacting social issues.
    Advantages Compliance is a good starting place for accessibility. It will reduce legal risk. Being people focused from the start of processes enables the organization to reduce tech debt, provide the best user experience, and realize other benefits of accessibility. There is a sense of belonging in the organization. The entire organization experiences the benefits of accessibility.
    Disadvantages Accessibility is about more than just compliance. Being compliance driven won’t give you the full benefits of accessibility. This can mean a culture change for the organization, which can take a long time. IT is used to moving quickly – it might feel counterintuitive to slow down and take time. It takes much longer to reach the associated level of maturity. Not possible for all organizations.

    Info-Tech Accessibility Maturity Framework

    Info-Tech Accessibility Maturity Framework

    After initially ensuring your organization is compliant with regulations and standards, you will progress to building disciplined process and consistent standardized processes. Eventually you will build the ability for predictable process, and lastly, you’ll optimize by continuously improving.

    Depending on the level of maturity you are trying to achieve, it could take months or even years to implement. The important thing to understand, however, is that accessibility work is never done.

    At all levels of the maturity framework, you must consider the interconnected aspects of people, process, and technology. However, as the organization progresses, the impact will shift from largely being focused on process and technology improvement to being focused on people.

    Info-Tech Insight
    IT typically works through maturity frameworks from the bottom to the top, progressing at each level until they reach the end. When it comes to digital accessibility initiatives, being especially thorough, thoughtful, and collaborative is critical to success. This will mean spending more time in the Developing, Defined, and Managed levels of maturity rather than trying to reach Optimized as quickly as you can. This may feel contrary to what IT historically considers as a successful implementation.

    Accessibility maturity levels

    Driver Description Benefits
    Initial Compliance
    • Accessibility processes are mostly undocumented.
    • Accessibility happens mostly on a reactive or ad hoc basis.
    • No one is aware of who is responsible for accessibility or what role they play.
    • Heavily focused on complying with regulations and standards to decrease legal risk.
    • The organization is aware of the need for accessibility.
    • Legal risk is decreased.
    Developing Experience
    • The organization is starting to take steps to increase accessibility beyond compliance.
    • Lots of opportunity for improvement.
    • Defining and refining processes.
    • Working toward building a library of assistive tools.
    • Awareness of the need for accessibility is growing.
    • Process review for accessibility increases process efficiency through avoiding rework.
    Defined Experience
    • Accessibility processes are repeatable.
    • There is a tendency to resort to old habits under stress.
    • Tools are in place to facilitate accommodation.
    • Employees know accommodations are available to them.
    • Accessibility is becoming part of daily work.
    Managed Experience
    • Defined by effective accessibility controls, processes, and metrics.
    • Mostly anticipating preferences.
    • Roles and responsibilities are defined.
    • Disability is included as part of DEI.
    • Employees understand their role in accessibility.
    • Engagement is positively impacted.
    • Attraction and retention are positively impacted.
    Optimized Incorporation
    • Not the goal for every organization.
    • Characterized by a dramatic shift in organizational culture and a feeling of belonging.
    • Ongoing continuous improvement.
    • Seamless interactions with the organization for everyone.
    • Using feedback to inform future initiatives.
    • More likely to be innovative and inclusive, reach more people positively, and meet emerging global legal requirements.
    • Better equipped for success.

    2.1.3 Conduct future-state analysis

    Identify your target state of maturity

    1. Provide the group with your maturity assessment results to review as well as the slides on the maturity levels, framework, and drivers.
    2. Compare the benefits listed on the Accessibility maturity levels slide to those that you named in the previous exercise and determine which maturity level best describes your target state.
    3. Discuss as a group and agree on one desired maturity level to reach.
    4. Review the other levels of maturity and determine what is in and out of scope for the project (higher-level benefits would be considered out of scope).
    5. Document your target state of maturity in your Accessibility Business Case Template.
    Input Output
    • Accessibility maturity levels chart on previous slide
    • Maturity level assessment results
    • Target maturity level documented
    Materials Participants
    • Paper and pens
    • Handouts of maturity levels
    • Accessibility Business Case Template
    • IT leadership team

    Download the Accessibility Business Case Template

    Case Study

    Accessibility as a differentiator

    INDUSTRY
    Financial

    SOURCE
    WAI-Engage

    Accessibility inside and out

    As a financial provider, Barclays embarked on the accessibility journey to engage customers and employees with the goal of equal access for all. One key statement that provided focus was “Essential for some, easier for all. ”

    “It's about helping everyone to work, bank and live their lives regardless of their age, situation, abilities or circumstances.”

    Embedding into experiences

    “The Barclays Accessibility team [supports] digital teams to embed accessibility into our services and culture through effective governance, partnering, training and tools. Establishing an enterprise-wide accessibility strategy, standards and programmes coupled with senior sponsorship helps support our publicly stated ambition of becoming the most accessible and inclusive FTSE company.”

    – Paul Smyth, Head of Digital Accessibility, Barclays

    It’s a circle, not a roadmap

    • Barclays continues the journey through partnerships with disability charities and accessibility experts and through regularly engaging with customers and colleagues with disabilities directly.
    • More accessible, inclusive products and services engage and attract more people with disabilities. This translates to a more diverse workforce that identifies opportunities for innovation. This leads to being attractive to diverse talent, and the circle continues.
    • Barclays’ mobile banking app was first to be accredited by accessibility consultants AbilityNet.

    Step 2.2

    Define your accessibility program goals and objectives

    Activities

    2.2.1 Create a list of goals and objectives

    2.2.2 Finalize key metrics

    Plan for Senior Leader Buy-In

    Outcomes of this step
    You will have clear measurable goals and objectives to respond to identified accessibility issues and organizational goals.

    What does a good goal look like?

    Use the SMART framework to build effective goals.

    S Specific: Is the goal clear, concrete, and well defined?
    M Measurable: How will you know when the goal is met?
    A Achievable: Is the goal possible to achieve in a reasonable time?
    R Relevant: Does this goal align with your responsibilities and with departmental and organizational goals?
    T Time-based: Have you specified a time frame in which you aim to achieve the goal?

    SMART is a common framework for setting effective goals. Make sure your goals satisfy these criteria to ensure you can achieve real results.

    2.2.1 Create a list of goals and objectives

    Use the outcomes from activity 2.1.2.

    1. Using the prioritized list of what your solution must have, should have, could have, and won’t have from activity 2.1.2, develop goals.
    2. Remember to use the SMART goal framework to build out each goal (see the previous slide for more information on SMART goals).
    3. Ensure each goal supports departmental and organizational goals to ensure it is meaningful.
    4. Document your goals and objectives in your Accessibility Business Case Template.
    InputOutput
    • Outcomes of activity 2.1.2
    • Organizational and departmental goals
    • Goals and objectives added to your Accessibility Business Case Template
    MaterialsParticipants
    • Accessibility Business Case Template
    • IT leadership team

    Download the Accessibility Business Case Template

    2.2.1 Create a list of goals and objectives

    Use the outcomes from activity 2.1.2.

    1. Using the prioritized list of what your solution must have, should have, could have, and won’t have from activity 2.1.2, develop goals.
    2. Remember to use the SMART goal framework to build out each goal (see the previous slide for more information on SMART goals).
    3. Ensure each goal supports departmental and organizational goals to ensure it is meaningful.
    4. Document your goals and objectives in your Accessibility Business Case Template.

    Establish Baseline Metrics

    Baseline metrics will be improved through:

    1. Progressing through the accessibility maturity model.
    2. Addressing accessibility earlier in processes to avoid tech debt and rework late in projects or releases.
    3. Making accessibility part of the procurement process as a scoring consideration and vendor choice.
    4. Ensuring compliance with regulations and standards.
    Metric Current Goal
    Overall end-customer satisfaction 90 120
    Monies saved through cost optimization efforts
    Employee engagement
    Monies save through application rationalization and standardization

    For more metrics ideas, see the Info-Tech IT Metrics Library.

    2.2.2 Finalize key metrics

    Finalize key metrics the organization will use to measure accessibility success

    1. Brainstorm how you would measure the success of each goal based on the benefits, challenges, and risks you previously identified.
    2. Write each of the metric ideas down and finalize three to five key metrics which you will track. The metrics you choose should relate to the key challenges or risks you have identified and match your desired maturity level and driver.
    3. Document your key metrics in the Accessibility Business Case Template.
    InputOutput
    • Accessibility challenges and benefits
    • Goals from activity 2.2.1
    • Three to five key metrics to track
    MaterialsParticipants
    • Accessibility Business Case Template
    • IT leadership team
    • Project lead/sponsor

    Download the Accessibility Business Case Template

    Step 2.3

    Document accessibility program roles and responsibilities

    Activities

    2.3.1 Populate a RACI chart

    Plan for Senior Leader Buy-In

    Outcomes of this step
    At the end of this step, you will have a completed RACI chart documenting the roles and responsibilities related to accessibility for your accessibility business case.

    2.3.1 Populate a RACI

    Populate a RACI chart to identify who should be responsible, accountable, consulted, and informed for each key activity.

    Define who is responsible, accountable, consulted, and informed for the project team:

    1. Write out the list of all stakeholders along the top of a whiteboard. Write out the key project steps along the left-hand side.
    2. For each initiative, identify each team member’s role. Are they:
      Responsible: The one responsible for getting the job done.
      Accountable: Only one person can be accountable for each task.
      Consulted: Are involved by providing knowledge.
      Informed: Receive information about execution and quality.
    3. As you proceed, continue to add tasks and assign responsibility to the RACI chart in the appendix of the Accessibility Business Case Template.
    InputOutput
    • Stakeholder list
    • Key project steps
    • Project RACI chart
    MaterialsParticipants
    • Whiteboard
    • Accessibility Business Case Template
    • IT leadership team

    Download the Accessibility Business Case Template

    Phase 3

    Prepare your business case and get approval

    Phase 1
    1.1 Understand standards and legislation
    1.2 Build awareness
    1.3 Understand maturity level

    Phase 2
    2.1 Define desired future state
    2.2 Define goals and objectives
    2.3 Document roles and responsibilities

    Phase 3
    3.1 Prepare business case template for presentation and approval
    3.2 Validate post-approval steps and establish timelines

    The Accessibility Business Case for IT

    This phase will walk you through the following activities:

    • Compiling the work and learning you’ve done so far into a business case presentation.

    This phase involves the following participants:

    • Project lead/sponsor
    • Senior leaders/approval authority

    There is a business case for accessibility

    • When planning for initiatives, a business case is a necessary tool. Although it can feel like an administrative exercise, it helps create a compelling argument to senior leaders about the benefits and necessity of building an accessibility program.
    • No matter the industry, you need to justify how the budget and effort you require for the initiative support organizational goals. However, senior leaders of different industries might be motivated by different reasons. For example, government is strongly motivated by legal and equity aspects, commercial companies may be attracted to the increase in innovation or market reach, and educational and nonprofit companies are likely motivated by brand enhancement.
    • The organizational focus and goals will guide your business case for accessibility. Highlight the most relevant benefits to your operational landscape and the risk of inaction.

    Source: WAI, 2018

    “Many organizations are waking up to the fact that embracing accessibility leads to multiple benefits – reducing legal risks, strengthening brand presence, improving customer experience and colleague productivity.”
    – Paul Smyth, Head of Digital Accessibility, Barclays
    Source: WAI, 2018

    Step 3.1

    Customize and populate the Accessibility Business Case Template

    Activities

    3.1.1 Prepare your business case template for presentation and approval

    Build Your Business Case

    Outcomes of this step
    Following this step, you will have a customized business case presentation that you can present to senior leaders.

    Use Info-Tech’s template to communicate with stakeholders

    Obtain approval for your accessibility program by customizing Info-Tech’s Accessibility Business Case Template, which is designed to effectively convey your key messages. Tailor the template to suit your needs.

    It includes:

    • Project context
    • Project scope and objectives
    • Knowledge transfer roadmap
    • Next steps

    Info-Tech Insight
    The support of senior leaders is critical to the success of your accessibility program development. Remind them of the benefits and impact and the risks associated with inaction.

    Download the Accessibility Business Case Template

    3.1.1 Prepare a presentation for senior leaders to gain approval

    Now that you understand your current and desired accessibility maturity, the next step is to get sign-off to begin planning your initiatives.

    Know your audience:

    1. Consider who will be included in your presentation audience.
    2. You want your presentation to be succinct and hard-hitting. Management’s time is tight, and they will lose interest if you drag out the delivery. Impact them hard and fast with the challenges, benefits, and risks of inaction.
    3. Contain the presentation to no more than an hour. Depending on your audience, the actual presentation delivery could be quite short. You want to ensure adequate time for questions and answers.
    4. Schedule a meeting with the key decision makers who will need to approve the initiatives (IT leadership team, executive team, the board, etc.) and present your business case.
    InputOutput
    • Activity results
    • Accessibility Maturity Assessment results
    • A completed presentation to communicate your accessibility business case
    MaterialsParticipants
    • Accessibility Business Case Template
    • IT leadership team
    • Project sponsor
    • Project stakeholders
    • Senior leaders

    Download the Accessibility Business Case Template

    Step 3.2

    Validate post-approval steps and establish timelines

    Activities

    3.2.1 Prepare for implementation: Complete the implementation prep to-do list and assign proposed timelines

    Build Your Business Case

    Outcomes of this step
    This step will help you gain leadership’s approval to move forward with building and implementing the accessibility program.

    Prepare to implement your program

    Complete the to-do list to ensure you are ready to move your accessibility program forward.

    To Do Proposed Timeline
    Reach out to your change management team for assistance.
    Discuss your plan with HR.
    Build a project team.
    Incorporate any necessary changes from senior leaders into your business case.
    [insert your own addition here]
    [insert your own addition here]
    [insert your own addition here]
    [insert your own addition here]

    3.2.1 Prep for implementation (action planning)

    Use the implementation prep to-do list to make sure you have gathered relevant information and completed critical steps to be ready for success.

    Use the list on the previous slide to make sure you are set up for implementation success and that you’re ready to move your accessibility program forward.

    1. Assign proposed timelines to each of the items.
    2. Work through the list, collecting or completing each item.
    3. As you proceed, keep your identified drivers, current state, desired future state, goals, and objectives in mind.
    Input Output
    • Accessibility Maturity Assessment
    • Business case presentation and any feedback from senior leaders
    • Goals, objectives, identified drivers, and desired future state
    • High-level action plan
    Materials Participants
    • Previous slide containing the checklist
    • Project lead

    Related Info-Tech Research

    Implement and Mature Your User Experience Design Practice

    • Create a practice that is focused on human outcomes; it starts and ends with the people you are designing for. This includes:
      • Establishing a practice with a common vision.
      • Enhancing the practice through four design factors.
      • Communicating a roadmap to improve your business through design.

    Modernize Your Corporate Website to Drive Business Value

    • Users are demanding more valuable web functionalities and improved access to your website services.
    • The criteria of user acceptance and satisfaction involves more than an aesthetically pleasing user interface (UI). It also includes how emotionally attached the user is to the website and how it accommodates user behaviors.

    IT Diversity & Inclusion Tactics

    • Although inclusion is key to the success of a diversity and inclusion (D&I) strategy, the complexity of the concept makes it a daunting pursuit.
    • This is further complicated by the fact that creating inclusion is not a one-and-done exercise. Rather, it requires the ongoing commitment of employees and managers to reassess their own behaviors and to drive a cultural shift.

    Fix Your IT Culture

    • Go beyond value statements to create a culture that enables the departmental strategy.
    • There is confusion about how to translate culture from an abstract concept to something that is measurable, actionable, and process driven.
    • Organizations lack clarity about who is accountable and responsible for culture, with groups often pointing fingers at each other.

    Works cited

    “2021 State of Digital Accessibility.” Level Access, n.d. Accessed 10 Aug. 2022

    ”2022 Midyear Report: ADA Digital Accessibility Lawsuits.” UsableNet, 2022. Accessed 9 Nov. 2022

    “Barclay’s Bank Case Study.” WAI-Engage, 12 Sept. 2018. Accessed 7 Nov. 2022.

    Bilodeau, Howard, et al. “StatCan COVID-19 Data to Insights for a Better Canada.” Statistics Canada, 24 June 2021. Accessed 10 Aug. 2022.

    Casey, Caroline. “Do Your D&I Efforts Include People With Disabilities?” Harvard Business Review, 19 March 2020. Accessed 28 July 2022.

    Digitalisation World. “Organisations failing to meet digital accessibility standards.” Angel Business Communications, 19 May 2022. Accessed Oct. 2022.

    “disability.” Merriam-Webster.com Dictionary, Merriam-Webster, https://www.merriam-webster.com/dictionary/disability. Accessed 10 Aug. 2022.

    “Disability.” World Health Organization, 2022. Accessed 10 Aug 2022.

    “Driving the Accessibility Advantage at Accenture.” Accenture, 2022. Accessed 7 Oct. 2022.

    eSSENTIAL Accessibility. The Must-Have WCAG 2.1 Checklist. 2022

    Hopewell, May. Accessibility in the Workplace. 2022.

    “Initiate.” W3C Web Accessibility Initiative (WAI), 31 March 2016. Accessed 18 Aug. 2022.

    Kalcevich, Kate, and Mike Gifford. “How to Bake Layers of Accessibility Testing Into Your Process.” Smashing Magazine, 26 April 2021. Accessed 31 Aug. 2022.

    Noone, Cat. “4 Common Ways Companies Alienate People with Disabilities.” Harvard Business Review, 29 Nov. 2021. Accessed Jul. 2022.

    Taylor, Jason. “A Record-Breaking Year for ADA Digital Accessibility Lawsuits.” UsableNet, 21 December 2020. Accessed Jul. 2022.

    “The Business Case for Digital Accessibility.” W3C Web Accessibility Initiative (WAI), 9 Nov. 2018. Accessed 4 Aug. 2022.

    “The WebAIM Million.” Web AIM, 31 March 2022. Accessed 28 Jul. 2022.

    Washington, Ella F. “The Five Stages of DEI Maturity.” Harvard Business Review, November - December 2022. Accessed 7 Nov. 2022.

    Wyman, Nicholas. “An Untapped Talent Resource: People With Disabilities.” Forbes, 25 Feb. 2021. Accessed 14 Sep. 2022.

    ChatGPT Beyond the hype. What can it do for you?

    ChatGPT Beyond The Hype Tymans Group

    Summary of the deck.

    ChatGPT is a generative AI tool developed by OpenAI, a non-profit founded by Silicon Valley titans, including Elon Musk and Sam Altman. It is designed to interact with users in a way that mimics human dialogue. The tool became available via a research release on November 30, 2022, and was an immediate hit – within a week; it attracted more than a million users. Functionally, ChatGPT is designed to answer questions, but it is not the first one. The concept has existed for decades. While it is very powerful, it has also attracted criticism. 

    IT Operations, strategy

    Register to read more …

    Streamline Your Workforce During a Pandemic

    • Buy Link or Shortcode: {j2store}515|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Lead
    • Parent Category Link: /lead

    Reduced infection rates in compromised areas are providing hope that these difficult times will pass. However, organizations are facing harsh realities in real time. With significant reductions in revenue, employers are facing pressure to quickly implement cost-cutting strategies, resulting in mass layoffs of valuable employees.

    Our Advice

    Critical Insight

    Employees are an organization’s greatest asset. When faced with cost-cutting pressures, look for redeployment opportunities that use talent as a resource to get through hard times before resorting to difficult layoff decisions.

    Impact and Result

    Make the most of your workforce in this unprecedented situation by following McLean & Company’s process to initiate redeployment efforts and reduce costs. If all else fails, follow our guidance on planning for layoffs and considerations when doing so.

    Streamline Your Workforce During a Pandemic Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Meet with leadership

    Set a strategy with senior leadership, brainstorm underused and understaffed employee segments and departments, then determine an approach to redeployments and layoffs.

    • Streamline Your Workforce During a Pandemic Storyboard
    • Redeployment and Layoff Strategy Workbook

    2. Plan individual and department redeployment

    Collect key information, prepare and redeploy, and roll up information across the organization.

    • Short-Term Survival Segment Evaluation Tool
    • Skills Inventory for Redeployment Tool
    • Redeployment Action and Communication Plan
    • Crisis Communication Guide for HR
    • Crisis Communication Guide for Leaders
    • Leadership Crisis Communication Guide Template
    • 3i's of Engaging Management – Manager Guide
    • Feedback and Coaching Guide for Managers
    • Redeployment Communication Roll-up Template

    3. Plan individual and department layoffs

    Plan for layoffs, execute on the layoff plan, and communicate to employees.

    • Employee Departure Checklist Tool
    • 10 Communication Best Practices in the Face of Crisis
    • Termination Logistics Tool
    • Termination Costing Tool
    • COVID-19: Employee-Facing Frequently Asked Questions Template
    • COVID-19: Employee-Facing Frequently Asked Questions
    • Standard Internal Communications Plan

    4. Monitor and manage departmental effectiveness

    Monitor departmental performance, review organizational performance, and determine next steps.

    • HR Metrics Library
    • Standard HR Scorecard
    [infographic]

    Prepare for Negotiations More Effectively

    • Buy Link or Shortcode: {j2store}224|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $6,000 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • IT budgets are increasing, but many CIOs feel their budgets are inadequate to accomplish what is being asked of them.
    • Eighty percent of organizations don’t have a mature, repeatable, scalable negotiation process.
    • Training dollars on negotiations are often wasted or ineffective.

    Our Advice

    Critical Insight

    • Negotiations are about allocating risk and money – how much risk is a party willing to accept at what price point?
    • Using a cross-functional/cross-insight team structure for negotiation preparation yields better results.
    • Soft skills aren’t enough and theatrical negotiation tactics aren’t effective.

    Impact and Result

    A good negotiation process can help:

    • Maximize budget dollars.
    • Improve vendor performance.
    • Enhance relationships internally and externally.

    Prepare for Negotiations More Effectively Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create and follow a scalable process for preparing to negotiate with vendors, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Before

    Throughout this phase, the 12 steps for negotiation preparation are identified and reviewed.

    • Prepare for Negotiations More Effectively – Phase 1: Before
    • Before Negotiating Tool
    [infographic]

    Workshop: Prepare for Negotiations More Effectively

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 12 Steps to Better Negotiation Preparation

    The Purpose

    Improve negotiation preparation.

    Understand how to use the Info-Tech Before Negotiating Tool.

    Key Benefits Achieved

    A scalable framework for negotiation preparation will be created.

    The Before Negotiating Tool will be configured for the customer’s environment.

    Activities

    1.1 Establish specific negotiation goals and ranges.

    1.2 Identify and assess alternatives to a negotiated agreement.

    1.3 Identify and evaluate assumptions made by the parties.

    1.4 Conduct research.

    1.5 Identify and evaluate relationship issues.

    1.6 Identify and leverage the team structure.

    1.7 Identify and address leverage issues.

    1.8 Evaluate timeline considerations.

    1.9 Create a strategy.

    1.10 Draft a negotiation agenda.

    1.11 Draft and answer questions.

    1.12 Rehearse (informal and formal).

    Outputs

    Sample negotiation goals and ranges will be generated via a case study to demonstrate the concepts and how to use the Before Negotiating Tool (this will apply to each Planned Activity)

    Sample alternatives will be generated

    Sample assumptions will be generated

    Sample research will be generated

    Sample relationship issues will be generated

    Sample teams will be generated

    Sample leverage items will be generated

    Sample timeline issues will be generated

    A sample strategy will be generated

    A sample negotiation agenda will be generated

    Sample questions and answers will be generated

    Sample rehearsals will be conducted

    Security Priorities 2022

    • Buy Link or Shortcode: {j2store}244|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Ransomware activities and the cost of breaches are on the rise.
    • Cybersecurity talent is hard to find, and an increasing number of cybersecurity professionals are considering leaving their jobs.
    • Moving to the digital world increases the risk of a breach.

    Our Advice

    Critical Insight

    • The pandemic has fundamentally changed the technology landscape. Security programs must understand how their threat surface is now different and adapt their controls to meet the challenge.
    • The upside to the upheaval in 2021 is new opportunities to modernize your security program.

    Impact and Result

    • Use the report to ensure your plan in 2022 addresses what’s important in cybersecurity.
    • Understand the current situation in the cybersecurity space.

    Security Priorities 2022 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Security Priorities 2022 – A report that describes priorities and recommendations for CISOs in 2022.

    Use this report to understand the current situation in the cybersecurity space and inform your plan for 2022. This report includes sections on protecting against and responding to ransomware, acquiring and retaining talent, securing a remote workforce, securing digital transformation, and adopting zero trust.

    • Security Priorities for 2022 Report

    Infographic

    Further reading

    Security Priorities 2022

    The pandemic has changed how we work

    disruptions to the way we work caused by the pandemic are here to stay.

    The pandemic has introduced a lot of changes to our lives over the past two years, and this is also true for various aspects of how we work. In particular, a large workforce moved online overnight, which shifted the work environment rapidly.

    People changed how they communicate, how they access company information, and how they connect to the company network. These changes make cybersecurity a more important focus than ever.

    Although changes like the shift to remote work occurred in response to the pandemic, they are largely expected to remain, regardless of the progression of the pandemic itself. This report will look into important security trends and the priorities that stemmed from these trends.

    30% more professionals expect transformative permanent change compared to one year ago.

    47% of professionals expect a lot of permanent change; this remains the same as last year. (Source: Info-Tech Tech Trends 2022 Survey; N=475)

    The cost of a security breach is rising steeply

    The shift to remote work exposes organizations to more costly cyber incidents than ever before.

    $4.24 million

    Average cost of a data breach in 2021    		 The cost of a data breach rose by nearly 10% in the past year, the highest rate in over seven years.

    $1.07 million

    More costly when remote work involved in the breach

    The average cost of breaches where remote work is involved is $1.07 million higher than breaches where remote work is not involved.

    The ubiquitous remote work that we saw in 2021 and continue to see in 2022 can lead to more costly security events. (Source: IBM, 2021)

    Remote work is here to stay, and the cost of a breach is higher when remote work is involved.

    The cost comes not only directly from payments but also indirectly from reputational loss. (Source: IBM, 2021)

    Security teams can participate in the solution

    The numbers are clear: in 2022, when we face a threat environment like WE’VE never EXPERIENCED before, good security is worth the investment

    $1.76 million

    Saved when zero trust is deployed facing a breach

    Zero trust controls are realistic and effective controls.

    Organizations that implement zero trust dramatically reduce the cost of an adverse security event.

    35%

    More costly if it takes more than 200 days to identify and contain a breach

    With increased BYOD and remote work, detection and response is more challenging than ever before – but it is also highly effective.

    Organizations that detect and respond to incidents quickly will significantly reduce the impact. (Source: IBM, 2021)

    Breaches are 34% less costly when mature zero trust is implemented.

    A fully staffed and well-prepared security team could save the cost through quick responses. (Source: IBM, 2021)

    Top security priorities and constraints in 2022

    Survey results

    As part of its research process for the 2022 Security Priorities Report, Info-Tech Research Group surveyed security and IT leaders (N=97) to ask their top security priorities as well as their main obstacles to security success in 2022:

    Top Priorities
    A list of the top three priorities identified in the survey with their respective percentages, 'Acquiring and retaining talent, 30%', 'Protecting against and responding to ransomware, 23%', and 'Securing a remote workforce, 23%'.

    Survey respondents were asked to force-rank their security priorities.

    Among the priorities chosen most frequently as #1 were talent management, addressing ransomware threats, and securing hybrid/remote work.

    		 Top Obstacles
    A list of the top three obstacles identified in the survey with their respective percentages, 'Staffing constraints, 31%', 'Demand of ever-changing business environment, 23%', and 'Budget constraints, 15%'.

    Talent management is both the #1 priority and the top obstacle facing security leaders in 2022.

    Unsurprisingly, the ever-changing environment in a world emerging from a pandemic and budget constraints are also top obstacles.

    We know the priorities…

    But what are security leaders actually working on?

    This report details what we see the world demanding of security leaders in the coming year.

    Setting aside the demands – what are security leaders actually working on?

    A list of 'Top security topics among Info-Tech members' with accompanying bars, 'Security Strategy', 'Security Policies', 'Security Operations', 'Security Governance', and 'Security Incident Response'.

    Many organizations are still mastering the foundations of a mature cybersecurity program.

    This is a good idea!

    Most breaches are still due to gaps in foundational security, not lack of advanced controls.

    We know the priorities…

    But what are security leaders actually working on?

    A list of industries with accompanying bars representing their demand for security. The only industry with a significant positive percentage is 'Government'. Security projects included in annual plan relative to industry.

    One industry plainly stands out from the rest. Government organizations are proportionally much more active in security than other industries, and for good reason: they are common targets.

    Manufacturing and professional services are proportionally less interested in security. This is concerning, given the recent targeting of supply chain and personal data holders by ransomware gangs.

    5 Security Priorities for 2022 Logo for Info-Tech. Logo for ITRG.

    People

    1. Acquiring and Retaining Talent
      Create a good working environment for existing and potential employees. Invest time and effort into talent issues to avoid being understaffed.
    2. Securing a Remote Workforce
      Create a secure environment for users and help your people build safe habits while working remotely.

    Process

    1. Securing Digital Transformation
      Build in security from the start and check in frequently to create agile and secure user experiences.

    Technology

    1. Adopting Zero Trust
      Manage access of sensitive information based on the principle of least privilege.
    2. Protecting Against and Responding to Ransomware
      Put in your best effort to build defenses but also prepare for a breach and know how to recover.

    Main Influencing Factors
    COVID-19 Pandemic
    The pandemic has changed the way we interact with technology. Organizations are universally adapting their business and technology processes to fit the post-pandemic paradigm.    		 Rampant Cybercrime Activity
    By nearly every conceivable metric, cybercrime is way up in the past two years. Cybercriminals smell blood and pose a more salient threat than before. Higher standards of cybersecurity capability are required to respond to this higher level of threat.    		 Remote Work and Workforce Reallocation
    Talented IT staff across the globe enabled an extraordinarily fast shift to remote and distance work. We must now reckon with the security and human resourcing implications of this huge shift.

    Acquire and Retain Talent

    Priority 01

    Security talent was in short supply before the pandemic, and it's even worse now.

    Executive summary

    Background

    Cybersecurity talent has been in short supply for years, but this shortage has inflected upward since the pandemic.

    The Great Resignation contributed to the existing talent gap. The pandemic has changed how people work as well as how and where they choose work. More and more senior workers are retiring early or opting for remote working opportunities.

    The cost to acquire cybersecurity talent is huge, and the challenge doesn’t end there. Retaining top talent can be equally difficult.

    Current situation

    • A 2021 survey by ESG shows that 76% of security professional agree it’s difficult to recruit talent, and 57% said their organization is affected by this talent shortage.
    • (ISC)2 reports there are 2.72 million unfilled job openings and an increasing workforce gap (2021).

    2.72 million unfilled cybersecurity openings (Source: (ISC)2, 2021)

    IT leaders must do more to attract and retain talent in 2022

    • Over 70% of IT professionals are considering quitting their jobs (TalentLMS, 2021). Meanwhile, 51% of surveyed cybersecurity professionals report extreme burnout during the last 12 months and many of them have considered quitting because of it (VMWare, 2021).
    • Working remotely makes it easier for people to look elsewhere, lowering the barrier to leaving.
    • This is a big problem for security leaders, as cybersecurity talent is in very short supply. The cost of acquiring and retaining quality cybersecurity staff in 2022 is significant, and many organizations are unwilling or unable to pay the premium.
    • Top talent will demand flexible working conditions – even though remote work comes with security risk.
    • Most smart, talented new hires in 2022 are demanding to work remotely most of the time.
    Top reasons for resignations in 2021
    Burnout 30%
    Other remote opportunities 20%
    Lack of growth opportunities 20%
    Poor culture 20%
    Acquisition concerns 10%
    (Source: Survey of West Coast US cybersecurity professionals; TechBeacon, 2021)

    Talent will be 2022’s #1 strength and #1 weakness

    Staffing obstacles in 2022:

    “Attracting and retaining talent is always challenging. We don’t pay as well and my org wants staff in the office at least half of the time. Most young, smart, talented new hires want to work remotely 100 percent of the time.“

    “Trying to grow internal resources into security roles.”

    “Remote work expectations by employees and refusal by business to accommodate.”

    “Biggest obstacle: payscales that are out of touch with cybersecurity market.”

    “Request additional staff. Obtaining funding for additional position is most significant obstacle.”

    (Info-Tech Tech Security Priorities Survey 2022)    		 Top obstacles in 2022:

    As you can see, respondents to our security priorities survey have strong feelings on the challenges of staffing a cybersecurity team.

    The growth of remote work means local talent can now be hired by anybody, vastly increasing your competition as an employer.

    Hiring local will get tougher – but so will hiring abroad. People who don’t want to relocate for a new job now have plenty of alternatives. Without a compelling remote work option, you will find non-local prospects unwilling to move for a new job.

    Lastly, many organizations are still reeling at the cost of experienced cybersecurity talent. Focused internal training and development will be the answer for many organizations.

    Recommended Actions

    Provide career development opportunities

    Many security professionals are dissatisfied with their unclear career development paths. To improve retention, organizations should provide their staff with opportunities and clear paths for career and skills advancement.

    		 Be open-minded when hiring

    To broaden the candidate pool, organizations should be open-minded when considering who to hire.

    • Enable remote work.
    • Do not fixate on certificates and years of experience; rather, be open to developing those who have the right interest and ability.
    • Consider using freelance workers.
    Facilitate work-life balance

    Many security professionals say they experience burnout. Promoting work-life balance in your organization can help retain critical skills.

    		 Create inclusive environment

    Hire a diverse team and create an inclusive environment where they can thrive.

    Talent acquisition and retention plan

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    Address a top priority and a top obstacle with a plan to attract and retain top organizational and cybersecurity talent.

    Initiative Description:

    • Provide secure remote work capabilities for staff.
    • Work with HR to refine a hiring plan that addresses geographical and compensation gaps with cybersecurity and general staff.
    • Survey staff engagement to identify points of friction and remediate where needed.
    • Define a career path and growth plan for staff.
    		 Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing down.
    Reduction in costs due to turnover and talent loss

    Other Expected Business Benefits:

    Arrow pointing up.
    Productivity due to good morale/ engagement    		 Arrow pointing up.
    Improved corporate culture
    		Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Big organizational and cultural changes
    • Increased attack surface of remote/hybrid workforce

    Related Info-Tech Research:

    Secure a Remote Workforce

    Priority 02

    Trends suggest remote work is here to stay. Addressing the risk of insecure endpoints can no longer be deferred.

    Executive summary

    Remote work poses unique challenges to cybersecurity teams. The personal home environment may introduce unauthorized people and unknown network vulnerabilities, and the organization loses nearly all power and influence over the daily cyber hygiene of its users.

    In addition, the software used for enabling remote work itself can be a target of cybersecurity criminals.

    Current situation

    • 70% of workers in technical services work from home.
    • Employees of larger firms and highly paid individuals are more likely to be working outside the office.
    • 80% of security and business leaders find that remote work has increased the risk of a breach.
      • (Source: StatCan, 2021)

    70% of tech workers work from home (Source: Statcan, 2021)

    Remote work demands new security solutions

    The security perimeter is finally gone

    The data is outside the datacenter.
    The users are outside the office.
    The endpoints are … anywhere and everywhere.

    Organizations that did not implement digital transformation changes following COVID-19 experience higher costs following a breach, likely because it is taking nearly two months longer, on average, to detect and contain a breach when more than 50% of staff are working remotely (IBM, 2021).

    In 2022 the cumulative risk of so many remote connections means we need to rethink how we secure the remote/hybrid workforce.

    		 Security
    • Distributed denial of service
    • DNS hijacking
    • Weak VPN protocols
    Identity
    • One-time verification allowing lateral movement
    		 Colorful tiles representing the surrounding security solutions. Network
    • Risk perimeter stops at corporate network edge
    • Split tunneling
    Authentication
    • Weak authentication
    • Weak password
    Access
    • Man-in-the-middle attack
    • Cross-site scripting
    • Session hijacking

    Recommended Actions

    Mature your identity management

    Compromised identity is the main vector to breaches in recent years. Stale accounts, contractor accounts, misalignment between HR and IT – the lack of foundational practices leads to headline-making breaches every week.
    Tighten up identity control to keep your organization out of the newspaper.

    		 Get a handle on your endpoints

    Work-from-home (WFH) often means unknown endpoints on unknown networks full of other unknown devices…and others in the home potentially using the workstation for non-work purposes. Gaining visibility into your endpoints can help to keep detection and resolution times short.
    Educate users

    Educate everyone on security best practices when working remotely:

    • Apply secure settings (not just defaults) to the home network.
    • Use strong passwords.
    • Identify suspicious email.
    		 Ease of use

    Many workers complain that the corporate technology solution makes it difficult to get their work done.

    Employees will take productivity over security if we force them to choose, so IT needs to listen to end users’ needs and provide a solution that is nimble and secure.

    Roadmap to securing remote/hybrid workforce

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    The corporate network now extends to the internet – ensure your security plan has you covered.

    Initiative Description:

    • Reassess enterprise security strategy to include the WFH attack surface (especially endpoint visibility).
    • Ensure authentication requirements for remote workers are sufficient (e.g. MFA, strong passwords, hardware tokens for high-risk users/connections).
    • Assess the value of zero trust networking to minimize the blast radius in the case of a breach.
    • Perform penetration testing annually.
    		Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing down.


    Reduced cost of security incidents/reputational damage

    Other Expected Business Benefits:

    Arrow pointing up.
    Improved ability to attract and retain talent    		 Arrow pointing up.
    Increased business adaptability
    		Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Potential disruption to traditional working patterns
    • Cost of investing in WFH versus risk of BYOD

    Related Info-Tech Research:

    Secure Digital Transformation

    Priority 03

    Digital transformation could be a competitive advantage…or the cause of your next data breach.

    Executive summary

    Background

    Digital transformation is occurring at an ever-increasing rate these days. As Microsoft CEO Satya Nadella said early in the pandemic, “We’ve seen two years’ worth of digital transformation in two months.”

    We have heard similar stories from Info-Tech members who deployed rollouts that were scheduled to take months over a weekend instead.

    Microsoft’s own shift to rapidly expand its Teams product is a prime example of how quickly the digital landscape has changed. The global adaption to a digital world has largely been a success story, but rapid change comes with risk, and there is a parallel story of rampant cyberattacks like we have never seen before.

    Insight

    There is an adage that “slow is smooth, and smooth is fast” – the implication being that fast is sloppy. In 2022 we’ll see a pattern of organizations working to catch up their cybersecurity with the transformations we all made in 2020.

    $1.78 trillion expected in digital transformation investments (Source: World Economic Forum, 2021)

    An ounce of security prevention versus a pound of cure

    The journey of digital transformation is a risky one.

    Digital transformations often rely heavily on third-party cloud service providers, which increases exposure of corporate data.

    Further, adoption of new technology creates a new threat surface that must be assessed, mitigations implemented, and visibility established to measure performance.

    However, digital transformations are often run on slim budgets and without expert guidance.

    Survey respondents report as much: rushed deployments, increased cloud migration, and shadow IT are the top vulnerabilities reported by security leaders and executives.

    In a 2020 Ponemon survey, 82% of IT security and C-level executives reported experiencing at least one data breach directly resulting from a digital transformation they had undergone.

    Scope creep is inevitable on any large project like a digital transformation. A small security shortcut early in the project can have dire consequences when it grows to affect personal data and critical systems down the road.

    Recommended Actions

    Engage the business early and often

    Despite the risks, organizations engage in digital transformations because they also have huge business value.

    Security leaders should not be seeking to slow or stop digital transformations; rather, we should be engaging with the business early to get ahead of risks and enable successful transformation.

    		 Establish a vendor security program

    Data is moving out of datacenters and onto third-party environments. Without security requirements built into agreements, and clear visibility into vendor security capabilities, that data is a major source of risk.

    A robust vendor security program will create assurance early in the process and help to reinforce the responsibility of securing data with other parts of the organization.
    Build/revisit your security strategy

    The threat surface has changed since before your transformation. This is the right time to revisit or rebuild your security strategy to ensure that your control set is present throughout the new environment – and also a great opportunity to show how your current security investments are helping secure your new digital lines of business!

    		 Educate your key players

    Only 16% of security leaders and executives report alignment between security and business processes during digital transformation.

    If security is too low a priority, then key players in your transformation efforts are likely unaware of how security risks impact their own success. It will be incumbent upon the CISO to start that conversation.

    Securing digital transformation

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    Ensure your investment in digital transformation is appropriately secured.

    Initiative Description:

    • Engage security with digital transformation and relevant governance structures (steering committees) to ensure security considerations are built into digital transformation planning.
    • Incorporate security stage gates in project management procedures.
    • Establish a vendor security assessment program.
    		Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing up.


    Increased likelihood of digital transformation success

    Other Expected Business Benefits:

    Arrow pointing up.
    Ability to make informed decisions for the field rep strategy     		Arrow pointing down.
    Reduced long-term cost of digital transformation
    		Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Potential increased up front cost (reduced long-term cost)
    • Potential slowed implementation with security stage gates in project management

    Related Info-Tech Research:

    Adopt Zero Trust

    Priority 04

    Governments are recognizing the importance of zero trust strategies. So should your organization.

    Why now for zero trust?

    John Kindervag modernized the concept of zero trust back in 2010, and in the intervening years there has been enormous interest in cybersecurity circles, yet in 2022 only 30% of organizations report even beginning to roll out zero trust capabilities (Statista, 2022).

    Why such little action on a revolutionary and compelling model?

    Zero trust is not a technology; it is a principle. Zero trust adoption takes concerted planning, effort, and expense, for which the business value has been unclear throughout most of the last 10 years. However, several recent developments are changing that:

    • Securing technology has become very hard! The size, complexity, and attack surface of IT environments has grown significantly – especially since the pandemic.
    • Cyberattacks have become rampant as the cost to deploy harmful ransomware has become lower and the impact has become higher.
    • The shift away from on-premises datacenters and offices created an opening for zero trust investment, and zero trust technology is more mature than ever before.

    The time has come for zero trust adoption to begin in earnest.

    97% will maintain or increase zero trust budget (Source: Statista, 2022)

    Traditional perimeter security is not working

    Zero trust directly addresses the most prevalent attack vectors today

    A hybrid workforce using traditional VPN creates an environment where we are exposed to all the risks in the wild (unknown devices at any location on any network), but at a stripped-down security level that still provides the trust afforded to on-premises workers using known devices.

    What’s more, threats such as ransomware are known to exploit identity and remote access vulnerabilities before moving laterally within a network – vectors that are addressed directly by zero trust identity and networking. Ninety-three percent of surveyed zero trust adopters state that the benefits have matched or exceeded their expectations (iSMG, 2022).

    Top reasons for building a zero trust program in 2022

    (Source: iSMG, 2022)

    44%

    Enforce least privilege access to critical resources

    44%

    Reduce attacker ability to move laterally

    41%

    Reduce enterprise attack surface

    The business case for zero trust is clearer than ever

    Prior obstacles to Zero Trust are disappearing

    A major obstacle to zero trust adoption has been the sheer cost, along with the lack of business case for that investment. Two factors are changing that paradigm in 2022:

    The May 2021 US White House Executive Order for federal agencies to adopt zero trust architecture finally placed zero trust on the radar of many CEOs and board members, creating the business interest and willingness to consider investing in zero trust.

    In addition, the cost of adopting zero trust is quickly being surpassed by the cost of not adopting zero trust, as cyberattacks become rampant and successful zero trust deployments create a case study to support investment.

    Bar chart titled 'Cost to remediate a Ransomware attack' with bars representing the years '2021' and '2020'. 2021's cost sits around $1.8M while 2020's was only $750K The cost to remediate a ransomware attack more than doubled from 2020 to 2021. Widespread adoption of zero trust capabilities could keep that number from doubling again in 2022. (Source: Sophos, 2021)

    The cost of a data breach is on average $1.76 million less for organizations with mature zero trust deployments.

    That is, the cost of a data breach is 35% reduced compared to organizations without zero trust controls. (Source: IBM, 2021)

    Recommended Actions

    Start small

    Don’t put all your eggs in one basket by deploying zero trust in a wide swath. Rather, start as small as possible to allow for growing pains without creating business friction (or sinking your project altogether).

    		 Build a sensible roadmap

    Zero trust principles can be applied in a myriad of ways, so where should you start? Between identities, devices, networking, and data, decide on a use case to do pilot testing and then refine your approach.
    Beware too-good-to-be-true products

    Zero trust is a powerful buzzword, and vendors know it.

    Be skeptical and do your due diligence to ensure your new security partners in zero trust are delivering what you need.

    Zero trust roadmap

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    Develop a practical roadmap that shows the business value of security investment.

    Initiative Description:

    • Define desired business and security outcomes from zero trust adoption.
    • Assess zero trust readiness.
    • Build roadmaps for zero trust:
      1. Identity
      2. Networking
      3. Devices
      4. Data
    		Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing up.


    Increased security posture and business agility

    Other Expected Business Benefits:

    Arrow pointing down.
    Reduced impact of security events    		 Arrow pointing down.
    Reduced cost of managing complex control set    		 Arrow pointing up.
    More secure business transformation (i.e. cloud/digital)
    		Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Learning curve of implementation (start small and slow)
    • Transition from current control set to zero trust model

    Related Info-Tech Research:

    Protect Against and Respond to Ransomware

    Priority 05

    Ransomware is still the #1 threat to the safety of your data.

    Executive summary

    Background

    • Ransomware attacks have transformed in 2021 and show no sign of slowing in 2022. There is a new major security breach every week, despite organizations spending over $150 billion in a year on cybersecurity (Nasdaq, 2021).
    • Ransomware as a service (RaaS) is commonplace, and attackers are doubling down by holding encrypted data ransom and also demanding payment under threat to disclose exfiltrated data – and they are making good on their threats.
    • The global cost of ransomware is expected to rise to $265 billion by 2031 (Cybersecurity Ventures, 2021).
    • We expect to see an increase in ransomware incidents in 2022, both in severity and volume – multiple attacks and double extortion are now the norm.
    • High staff turnover increases risk because new employees are unfamiliar with security protocols.

    150% increase ransomware attacks in 2020 (Source: ENISA)

    This is a new golden age of ransomware

    What is the same in 2022

    Unbridled ransomware attacks make it seem like attackers must be using complex new techniques, but prevalent ransomware attack vectors are actually well understood.

    Nearly all modern variants are breaching victim systems in one of three ways:

    • Email phishing
    • Software vulnerabilities
    • RDP/Remote access compromise
      •
    		What is new in 2022
    The sophistication of victim targeting

    Victims often find themselves asking, “How did the attackers know to phish the most security-oblivious person in my staff?” Bad actors have refined their social engineering and phishing to exploit high-risk individuals, meaning your chain is only as strong as the weakest link.

    Ability of malware to evade detection

    Modern ransomware is getting better at bypassing anti-malware technology, for example, through creative techniques such as those seen in the MedusaLocker variant and in Ghost Control attacks.

    Effective anti-malware is still a must-have control, but a single layer of defense is no longer enough. Any organization that hopes to avoid paying a ransom must prepare to detect, respond, and recover from an attack.

    Many leaders still don’t know what a ransomware recovery would look like

    Do you know what it would take to recover from a ransomware incident?

    …and does your executive leadership know what it would take to recover?

    The organizations that are most likely to pay a ransom are unprepared for the reality of recovering their systems.

    If you have not done a tabletop or live exercise to simulate a true recovery effort, you may be exposed to more risk than you realize.

    		 Are your defenses sufficiently hardened against ransomware?

    Organizations with effective security prevention are often breached by ransomware – but they are prepared to contain, detect, and eradicate the infection.

    Ask yourself whether you have identified potential points of entry for ransomware. Assume that your security controls will fail.

    How well are your security controls layered, and how difficult would it be for an attacker to move east/west within your systems?

    Recommended Actions

    Be prepared for a breach

    There is no guarantee that an organization will not fall victim to ransomware, so instead of putting all their effort into prevention, organizations should also put effort into planning to respond to a breach.

    		 Security awareness training/phishing detection

    Phishing continues to be the main point of entry for ransomware. Investing in phishing awareness and detection among your end users may be the most impactful countermeasure you can implement.
    Zero trust adoption

    Always verify at every step of interaction, even when access is requested by internal users. Manage access of sensitive information based on the principle of least privilege access.

    		 Encrypt and back up your data

    Encrypt your data so that even if there is a breach, the attackers don’t have a copy of your data. Also, keep regular backups of data at a separate location so that you still have data to work with after a breach occurs.

    You never want to pay a ransom. Being prepared to deal with an incident is your best chance to avoid paying!

    Prevent and respond to ransomware

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    Determine your current readiness, response plan, and projects to close gaps.

    Initiative Description:

    • Execute a systematic assessment of your current security and ransomware recovery capabilities.
    • Perform tabletop activities and live recoveries to test data recovery capabilities.
    • Train staff to detect suspicious communications and protect their identities.
    		Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing up.


    Improved productivity and brand protection

    Other Expected Business Benefits:

    Arrow pointing down.
    Reduced downtime and disruption    		 Arrow pointing down.
    Reduced cost due to incidents (ransom payments, remediation)
    		Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Friction with existing staff

    Related Info-Tech Research:

    Deepfakes: Dark-horse threat for 2022

    Deepfake video

    How long has it been since you’ve gone a full workday without having a videoconference with someone?

    We have become inherently trustful that the face we see on the screen is real, but the technology required to falsify that video is widely available and runs on commercially available hardware, ushering in a genuinely post-truth online era.

    Criminals can use deepfakes to enhance social engineering, to spread misinformation, and to commit fraud and blackmail.

    Deepfake audio

    Many financial institutions have recently deployed voiceprint authentication. TD describes its VoicePrint as “voice recognition technology that allows us to use your voiceprint – as unique to you as your fingerprint – to validate your identity” over the phone.

    However, hackers have been defeating voice recognition for years already. There is ripe potential for voice fakes to fool both modern voice recognition technology and the accounts payable staff.

    Bibliography

    “2021 Ransomware Statistics, Data, & Trends.” PurpleSec, 2021. Web.

    Bayern, Macy. “Why 60% of IT security pros want to quit their jobs right now.” TechRepublic, 10 Oct. 2018. Web.

    Bresnahan, Ethan. “How Digital Transformation Impacts IT And Cyber Risk Programs.” CyberSaint Security, 25 Feb. 2021. Web.

    Clancy, Molly. “The True Cost of Ransomware.” Backblaze, 9 Sept. 2021.Web.

    “Cost of a Data Breach Report 2021.” IBM, 2021. Web.

    Cybersecurity Ventures. “Global Ransomware Damage Costs To Exceed $265 Billion By 2031.” Newswires, 4 June 2021. Web.

    “Digital Transformation & Cyber Risk: What You Need to Know to Stay Safe.” Ponemon Institute, June 2020. Web.

    “Global Incident Response Threat Report: Manipulating Reality.” VMware, 2021.

    Granger, Diana. “Karmen Ransomware Variant Introduced by Russian Hacker.” Recorded Future, 18 April 2017. Web.

    “Is adopting a zero trust model a priority for your organization?” Statista, 2022. Web.

    “(ISC)2 Cybersecurity Workforce Study, 2021: A Resilient Cybersecurity Profession Charts the Path Forward.” (ISC)2, 2021. Web.

    Kobialka, Dan. “What Are the Top Zero Trust Strategies for 2022?” MSSP Alert, 10 Feb. 2022. Web.

    Kost, Edward. “What is Ransomware as a Service (RaaS)? The Dangerous Threat to World Security.” UpGuard, 1 Nov. 2021. Web.

    Lella, Ifigeneia, et al., editors. “ENISA Threat Landscape 2021.” ENISA, Oct. 2021. Web.

    Mello, John P., Jr. “700K more cybersecurity workers, but still a talent shortage.” TechBeacon, 7 Dec. 2021. Web.

    Naraine, Ryan. “Is the ‘Great Resignation’ Impacting Cybersecurity?” SecurityWeek, 11 Jan. 2022. Web.

    Oltsik, Jon. “ESG Research Report: The Life and Times of Cybersecurity Professionals 2021 Volume V.” Enterprise Security Group, 28 July 2021. Web.

    Osborne, Charlie. “Ransomware as a service: Negotiators are now in high demand.” ZDNet, 8 July 2021. Web.

    Osborne, Charlie. “Ransomware in 2022: We’re all screwed.” ZDNet, 22 Dec. 2021. Web.

    “Retaining Tech Employees in the Era of The Great Resignation.” TalentLMS, 19 Oct. 2021. Web.

    Rubin, Andrew. “Ransomware Is the Greatest Business Threat in 2022.” Nasdaq, 7 Dec. 2021. Web.

    Samartsev, Dmitry, and Daniel Dobrygowski. “5 ways Digital Transformation Officers can make cybersecurity a top priority.“ World Economic Forum, 15 Sept. 2021. Web.

    Seymour, John, and Azeem Aqil. “Your Voice is My Passport.” Presented at black hat USA 2018.

    Solomon, Howard. “Ransomware attacks will be more targeted in 2022: Trend Micro.” IT World Canada, 6 Jan. 2022. Web.

    “The State of Ransomware 2021.” Sophos, April 2021. Web.

    Tarun, Renee. “How The Great Resignation Could Benefit Cybersecurity.” Forbes Technology Council, Forbes, 21 Dec. 2021. Web.

    “TD VoicePrint.” TD Bank, n.d. Web.

    “Working from home during the COVID-19 pandemic, April 202 to June 2021.” Statistics Canada, 4 Aug. 2021. Web.

    “Zero Trust Strategies for 2022.” iSMG, Palo Alto Networks, and Optiv, 28 Jan. 2022. Web.

    Microsoft Teams Cookbook

    • Buy Link or Shortcode: {j2store}408|cart{/j2store}
    • member rating overall impact: 8.8/10 Overall Impact
    • member rating average dollars saved: $6,299 Average $ Saved
    • member rating average days saved: 27 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity

    Remote work calls for leveraging your Office 365 license to use Microsoft Teams – but IT is unsure about best practices for governance and permissions. Moreover, IT has few resources to help train end users with Teams best practices.

    Our Advice

    Critical Insight

    Microsoft Teams is not a standalone app. Successful utilization of Teams occurs when conceived in the broader context of how it integrates with Office 365. Understanding how information flows between Teams, SharePoint Online, and OneDrive for Business, for instance, will aid governance with permissions, information storage, and file sharing.

    Impact and Result

    Use Info-Tech’s Microsoft Teams Cookbook to successfully implement and use Teams. This cookbook includes recipes for:

    • IT best practices concerning governance of the creation process and Teams rollout.
    • End-user best practices for Teams functionality and common use cases.

    Microsoft Teams Cookbook Research & Tools

    Start here – read the Executive Brief

    Learn critical insights for an effective Teams rollout.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Microsoft Teams Cookbook – Sections 1-2

    1. Teams for IT

    Understand best practices for governance of the Teams creation process and Teams rollout.

    • Microsoft Teams Cookbook – Section 1: Teams for IT

    2. Teams for end users

    Get end users on board with this series of how-tos and common use cases for Teams.

    • Microsoft Teams Cookbook – Section 2: Teams for End Users

    [infographic]

     

    Further reading

    Microsoft Teams Cookbook

    Recipes for best practices and use cases for Microsoft Teams.

    Table of contents

    Executive Brief

    Section 1: Teams for IT

    Section 2: Teams for End Users

    Executive Summary

    Situation

    Remote work calls for leveraging your Office 365 license to utilize Teams – but IT is unsure about best practices for governance and permissions.

    Without a framework or plan for governing the rollout of Teams, IT risks overlooking secure use of Teams, the phenomenon of “teams sprawl,” and not realizing how Teams integrates with Office 365 more broadly.

    Complication

    Teams needs to be rolled out quickly, but IT has few resources to help train end users with Teams best practices.

    With teams, channels, chats, meetings, and live events to choose from, end users may get frustrated with lack of guidance on how to use Teams’ many capabilities.

    Resolution

    Use Info-Tech’s Microsoft Teams Cookbook to successfully implement and utilize Teams. This cookbook includes recipes for:

    • IT best practices concerning governance of the creation process and Teams rollout.
    • End-user best practices for Teams functionality and common use cases.

    Key Insights

    Teams is not a standalone app

    Successful utilization of Teams occurs when conceived in the broader context of how it integrates with Office 365. Understanding how information flows between Teams, SharePoint Online, and OneDrive for Business, for instance, will aid governance with permissions, information storage, and file sharing.

    IT should paint the first picture for team creation

    No initial governance for team creation can lead to “teams sprawl.” While Teams was built to allow end users’ creativity to flow in creating teams and channels, this can create problems with a cluttered interface and keeping track of information. To prevent end-user dissatisfaction here, IT’s initial Teams rollout should offer a basic structure for end users to work with first, limiting early teams sprawl.

    The Teams admin center can only take you so far with permissions

    Knowing how Teams integrates with other Office 365 apps will help with rolling out sensitivity labels to protect important information being accidentally shared in Teams. Of course, technology only does so much – proper processes to train and hold people accountable for their actions with data sharing must be implemented, too.

    Related Info-Tech Research

    Establish a Communication and Collaboration System Strategy

    Don’t waste your time deploying yet another collaboration tool that won’t get used.

    Modernize Communication and Collaboration Infrastructure

    Your legacy telephony infrastructure is dragging you down – modern communications and collaboration technology will dramatically improve productivity.

    Migrate to Office 365 Now

    One small step to cloud, one big leap to Office 365. The key is to look before you leap.

    Section 1: Teams for IT

    Governance best practices and use cases for IT

    Section 1

    Teams for IT

    		 Section 2

    Teams for end users

    From determining prerequisites to engaging end users.

    IT fundamentals
    • Creation process
    • Teams rollout
    Use cases
    • Retain and search for legal/regulatory compliance
    • Add an external user to a team
    • Delete/archive a team

    Overview: Creation process

    IT needs to be prepared to manage other dependent services when rolling out Teams. See the figure below for how Teams integrates with these other Office 365 applications.

    A flow chart outlining how Teams integrates with other Office 365 applications. Along the side are different applications, from the top: 'Teams client', 'OneDrive for Business', 'Sharepoint Online', 'Planner (Tasks for Teams)', 'Exchange Online', and 'Stream'. Along the top are services of 'Teams client', 'Files', 'Teams', 'Chat', 'Meeting', and 'Calls'.

    Which Microsoft 365 license do I need to access Teams?

    • Microsoft 365 Business Essentials
    • Microsoft 365 Business Premium
    • Office 365 Enterprise, E1, E3, or E5
    • Office 365 Enterprise E4 (if purchased prior to its retirement)

    Please note: To appeal to the majority of Info-Tech’s members, this blueprint refers to Teams in the context of Office 365 Enterprise licenses.

    Assign admin roles

    You will already have at least one global administrator from setting up Office 365.

    Global administrators have almost unlimited access to settings and most of the data within the software, so Microsoft recommends having only two to four IT and business owners responsible for data and security.

    Info-Tech Best Practice

    Configure multifactor authentication for your dedicated Office 365 global administrator accounts and set up two-step verification.

    Once you have organized your global administrators, you can designate your other administrators with “just-enough” access for managing Teams. There are four administrator roles:

    Teams Service Administrator Manage the Teams service; manage and create Microsoft 365 groups.
    Teams Communications Administrator Manage calling and meetings features with Teams.
    Teams Communications Support Engineer Troubleshoot communications issues within Teams using the advanced troubleshooting toolset.
    Teams Communications Support Specialist Troubleshoot communications issues using Call Analytics.

    Prepare the network

    There are three prerequisites before Teams can be rolled out:

    • UDP ports 3478 through 3481 are opened.
    • You have a verified domain for Office 365.
    • Office 365 has been rolled out, including Exchange Online and SharePoint Online.

    Microsoft then recommends the following checklist to optimize your Teams utilization:

    • Optimize calls and performance using the Call Quality Dashboard.
    • Assess network requirements in the Network Planner in the Teams admin center.
    • Ensure all computers running Teams client can resolve external DNS queries.
    • Check adequate public IP addresses are assigned to the NAT pools to prevent port exhaustion.
    • Route to local or regional Microsoft data centers.
    • Whitelist all Office 365 URLs to move through security layers, especially IDS/IPS.
    • Split tunnel Teams traffic so it bypasses your organization’s VPN.

    Info-Tech Best Practice

    For online support and walkthroughs, utilize Advisor for Teams. This assistant can be found in the Teams admin center.

    Team Creation

    You can create and manage Teams through the Teams PowerShell module and the Teams admin center. Only the global administrator and Teams service administrator have full administrative capabilities in this center.

    Governance over team creation intends to prevent “teams sprawl” – the phenomenon whereby end users create team upon team without guidance. This creates a disorganized interface, with issues over finding the correct team and sharing the right information.

    Prevent teams sprawl by painting the first picture for end users:

    1. Decide what kind of team grouping would best fit your organization: by department or by project.
    2. Start with a small number of teams before letting end users’ creativity take over. This will prevent initial death by notifications and support adoption.
    3. Add people or groups to these teams. Assign multiple owners for each team in case people move around at the start of rollout or someone leaves the organization.
    4. Each team has a general channel that cannot be removed. Use it for sharing an overview of the team’s goals, onboarding, and announcements.

    Info-Tech Best Practice

    For smaller organizations that are project-driven, organize teams by projects. For larger organizations with established, siloed departments, organize by department; projects within departments can become channels.

    Integrations with SharePoint Online

    Teams does not integrate with SharePoint Server.

    Governance of Teams is important because of how tightly it integrates with other Office 365 apps, including SharePoint Online.

    A poor rollout of Teams will have ramifications in SharePoint. A good rollout will optimize these apps for the organization.

    Teams and SharePoint integrate in the following ways:

    • Each team created in Teams automatically generates a SharePoint team site behind it. All documents and chat shared through a team are stored in that team’s SharePoint document library.
    • As such, all files shared through Teams are subject to SharePoint permissions.
    • Existing SharePoint folders can be tied to a team without needing to create a new one.
    • If governance over resource sharing in Teams is poor, information can get lost, duplicated, or cluttered throughout both Teams and SharePoint.

    Info-Tech Best Practice

    End users should be encouraged to integrate their teams and channels with existing SharePoint folders and, where no folder exists, to create one in SharePoint first before then attaching a team to it.

    Permissions

    Within the Teams admin center, the global or Teams service administrator can manage Teams policies.

    Typical Teams policies requiring governance include:

    • The extent end users can discover or create private teams or channels
    • Messaging policies
    • Third-party app use

    Chosen policies can be either applied globally or assigned to specific users.

    Info-Tech Best Practice

    If organizations need to share sensitive information within the bounds of a certain group, private channels help protect this data. However, inviting users into that channel will enable them to see all shared history.

    External and guest access

    Within the security and compliance center, the global or Teams service administrator can set external and guest access.

    External access (federation) – turned on by default.

    • Lets you find, call, and chat with users in other domains. External users will have no access to the organization’s teams or team resources.

    Guest access – turned off by default.

    • Lets you add individual users with their own email address. You do this when you want external users to access teams and team resources. Approved guests will be added to the organization’s active directory.

    If guest access is enabled, it is subject to Azure AD and Office 365 licensing and service limits. Guests will have no access to the following, which cannot be changed:

    • OneDrive for Business
    • An organization’s calendar/meetings
    • PSTN
    • Organization’s hierarchical chart
    • The ability to create, revise, or browse a team
    • Upload files to one-on-one chat

    Info-Tech Best Practice

    Within the security and compliance center, you can allow users to add sensitivity labels to their teams that can prevent external and guest access.

    Expiration and archiving

    To reduce the number of unused teams and channels, or delete information permanently, the global or Teams service administrator can implement an Office 365 group expiration and archiving policy through the Teams admin center.

    If a team has an expiration policy applied to it, the team owner will receive a notification for team renewal 30 days, 15 days, and 1 day before the expiry date. They can renew their team at any point within this time.

    • To prevent accidental deletion, auto-renewal is enabled for a team. If the team owner is unable to manually respond, any team that has one channel visit from a team member before expiry is automatically renewed.
    • A deleted Office 365 group is retained for 30 days and can be restored at any point within this time.

    Alternatively, teams and their channels (including private) can be archived. This will mean that all activity for the team ceases. However, you can still add, remove, and update roles of the members.

    Retention and data loss prevention

    Retention policies can be created and managed in the Microsoft 365 Compliance Center or the security and compliance center PowerShell cmdlets. This can be applied globally or to specific users.

    By default, information shared through Teams is retained forever.

    However, setting up retention policies ensures data is retained for a specified time regardless of what happens to that data within Teams (e.g. user deletes).

    Info-Tech Best Practice

    To prevent external or guest users accessing and deleting sensitive data, Teams is able to block this content when shared by internal users. Ensure this is configured appropriately in your organization:

    • For guest access in teams and channels
    • For external access in meetings and chat

    Please note the following limitations of Teams’ retention and data loss prevention:

    • Organization-wide retention policies will need to be manually inputted into Teams. This is because Teams requires a retention policy that is independent of other workloads.
    • As of May 2020, retention policies apply to all information in Teams except private channel messages. Files shared in private channels, though, are subject to retention policies.
    • Teams does not support advanced retention settings, such as a policy that pertains to specific keywords or sensitive information.
    • It will take three to seven days to permanently delete expired messages.

    Teams telephony

    Teams has built-in functionality to call any team member within the organization through VoIP.

    However, Teams does not automatically connect to the PSTN, meaning that calling or receiving calls from external users is not immediately possible.

    Bridging VoIP calls with the PSTN through Teams is available as an add-on that can be attached to an E3 license or as part of an E5 license.

    There are two options to enable this capability:

    • Enable Phone System. This allows for call control and PBX capabilities in Office 365.
    • Use direct routing. You can use an existing PSTN connection via a Session Border Controller that links with Teams (Amaxra).

    Steps to implement Teams telephony:

    1. Ensure Phone System and required (non-Microsoft-related) services are available in your country or region.
    2. Purchase and assign Phone System and Calling Plan licenses. If Calling Plans are not available in your country or region, Microsoft recommends using Direct Routing.
    3. Get phone numbers and/or service numbers. There are three ways to do this:
      • Get new numbers through the Teams admin center.
      • If you cannot get new numbers through the Teams admin center, you can request new numbers from Microsoft directly.
      • Port or transfer existing numbers. To do this, you need to send Microsoft a letter of authorization, giving them permission to request and transfer existing numbers on your behalf.
    4. To enable service numbers, including toll-free numbers, Microsoft recommends setting up Communications Credits for your Calling Plans and Audio Conferencing.

    Overview: Teams rollout

    1. From Skype (and Slack) to Teams
    2. Gain stakeholder purchase
    3. Employ a phased deployment
    4. Engage end users

    Skype for Business is being retired; Microsoft offers a range of transitions to Teams.

    Combine the best transition mode with Info-Tech’s adoption best practices to successfully onboard and socialize Teams.

    From Skype to Teams

    Skype for Business Online will be retired on July 31, 2021. Choose from the options below to see which transition mode is right for your organization.

    Skype for Business On-Premises will be retired in 2024. To upgrade to Teams, first configure hybrid connectivity to Skype for Business Online.

    Islands mode (default)

    • Skype for Business and Teams coexist while Teams is rolled out.
    • Recommended for phased rollouts or when Teams is ready to use for chat, calling, and meetings.
    • Interoperability is limited. Teams and Skype for Business only transfer information if an internal Teams user sends communications to an external Skype for Business user.

    Teams only mode (final)

    • All capabilities are enabled in Teams and Skype for Business is disabled.
    • Recommended when end users are ready to switch fully to Teams.
    • End users may retain Skype for Business to join meetings with non-upgraded or external parties. However, this communication is only initiated from the Skype for Business external user.

    Collaboration first mode

    • Skype for Business and Teams coexist, but only Teams’ collaboration capabilities are enabled. Teams communications capabilities are turned off.
    • Recommended to leverage Skype for Business communications yet utilize Teams for collaboration.

    Meetings first mode

    • Skype for Business and Teams coexist, but only Teams’ meetings capabilities are enabled.
    • Recommended for organizations that want to leverage their Skype for Business On-Premises’ Enterprise Voice capability but want to benefit from Teams’ meetings through VoIP.

    From Slack to Teams

    The more that’s left behind in Slack, the easier the transition. As a prerequisite, pull together the following information:

    • Usage statistics of Slack workspaces and channels
    • What apps end users utilize in Slack
    • What message history you want to export
    • A list of users whose Slack accounts can map on to required Microsoft accounts
    Test content migration

    Your Slack service plan will determine what you can and can’t migrate. By default, public channels content can be exported. However, private channels may not be exportable, and a third-party app is needed to migrate Direct Messages.

    Files migration

    Once you have set up your teams and channels in Teams, you can programmatically copy files from Slack into the target Teams channel.

    Apps migration

    Once you have a list of apps and their configurations used in Slack’s workspaces, you can search in Teams’ app store to see if they’re available for Teams.

    User identity migration

    Slack user identities may not map onto a Microsoft account. This will cause migration issues, such as problems with exporting text content posted by that user.

    Follow the migration steps to the right.

    Importantly, determine which Slack workspaces and channels should become teams and channels within Teams.

    Usage statistics from Slack can help pinpoint which workspaces and channels are redundant.

    This will help IT paint an ordered first picture for new Teams end users.
    1. Create teams and channels in Teams
    2. Copy files into Teams
    3. Install apps, configure Office 365 Connecters
    4. Import Slack history
    5. Disable Slack user accounts

    Info-Tech Best Practice

    Avoid data-handling violations. Determine what privacy and compliance regulations (if any) apply to the handling, storage, and processing of data during this migration.

    Gain stakeholder purchase

    Change management is a challenging aspect of implementing a new collaboration tool. Creating a communication and adoption plan is crucial to achieving universal buy-in for Teams.

    To start, define SMART objectives and create a goals cascade.

    Specific Measurable Actionable Realistic Time Bound
    Make sure the objective is clear and detailed. Objectives are `measurable` if there are specific metrics assigned to measure success. Metrics should be objective. Objectives become actionable when specific initiatives designed to achieve the objective are identified. Objectives must be achievable given your current resources or known available resources. An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.
    Who, what, where, why? How will you measure the extent to which the goal is met? What is the action-oriented verb? Is this within my capabilities? By when: deadline, frequency?

    Sample list of stakeholder-specific benefits from improving collaboration

    Stakeholder Driver Benefits
    Senior Leadership Resource optimization Increased transparency into IT operational costs.
    Better ability to forecast hardware, resourcing costs.
    All employees Increasing productivity Apps deployed faster.
    Issues fixed faster.
    Easier access to files.
    Able to work more easily offsite.
    LBU-HR, legal, finance Mitigating risk Better able to verify compliance with external regulations.
    Better understanding of IT risks.
    Service desk Resource optimization Able to resolve issues faster.
    Fewer issues stemming from updates.
    Tier 2 Increasing productivity Less time spent on routine maintenance.

    Use these activities to define what pain points stakeholders face and how Teams can directly mitigate those pain points.

    (Source: Rationalize Your Collaboration Tools (coming soon), Activities: 3.1C – 3.1D)

    Employ a phased deployment

    Info-Tech Best Practice

    Deploy Teams over a series of phases. As such, if you are already using Skype for Business, choose one of the coexistence phases to start.

      1. Identify and pilot Teams with early adopters that will become your champions. These champions should be formally trained, be encouraged to help and train their colleagues, and be positively reinforced for their efforts.
      2. Iron out bugs identified with the pilot group and train middle management. Enterprise collaboration tool adoption is strongly correlated with leadership adoption.
        1. Top-level management
          Control and direct overall organization.
        2. Middle management
          Execute top-level management’s plans in accordance with organization’s norms.
        3. First-level management
          Execute day-to-day activities.
      3. Use Info-Tech’s one-pager marketing template to advertise the new tool to stakeholders. Highlight how the new tool addresses specific pain points. Address questions stemming from fear and uncertainty to avoid employees’ embarrassment or their rejection of the tool.
    A screenshot of Info-Tech's one-pager marketing template.
    1. Extend the pilot to other departments and continue this process for the whole organization.

    (Source: Rationalize Your Collaboration Tools (coming soon), Tools:GANTT Chart and Marketing Materials, Activities: 3.2A – 3.2B)

    Info-Tech Insight

    Be in control of setting and maintaining expectations. Aligning expectations with reality and the needs of employees will lower onboarding resistance.

    Engage end users

    Short-term best practices

    Launch day:
    • Hold a “lunch and learn” targeted training session to walk end users through common use cases.
    • Open a booth or virtual session (through Teams!) and have tool representatives available to answer questions.
    • Create a game to get users exploring the new tool – from scavenger hunts to bingo.
    Launch week:
    • Offer incentives for using the tool and helping others, including small gift cards.
    • Publicize achievements if departments hit adoption milestones.

    Long-term best practices

    • Make available additional training past launch week. End users should keep learning new features to improve familiarity.
    • Distribute frequent training clips, slowly exposing end users to more complex ways of utilizing Teams.
    • Continue to positively reinforce and recognize those who use Teams well. This could be celebrating those that help others use the tool, how active certain users are, and attendance at learning events.

    Info-Tech Best Practice

    Microsoft has a range of training support that can be utilized. From instructor-led training to “Coffee in the Cloud” sessions, leverage all the support you can.

    Use case #1: Retain and search data for legal/regulatory compliance

    Scenario:

    Your organization requires you to retain data and documents for a certain period of time; however, after this period, your organization wishes to delete or archive the data instead of maintaining it indefinitely. Within the timeframe of the retention policy, the admin may be asked to retrieve information that has been requested through a legal channel.

    Purpose:
    • Maintain compliance with the legal and regulatory standards to which the organization is subject.
    Jobs:
    • Ensure the data is retained for the approved time period.
    • Ensure the policy applies to all relevant data and users.
    Solution: Retention Policies
    • Ensure that your organization has an Office 365 E3 or higher license.
    • Set the desired retention policy through the Security & Compliance Center or PowerShell by deciding which teams, channels, chats, and users the policies will apply to and what will happen once the retention period ends.
    • Ensure that matching retention policies are applied to SharePoint and OneDrive, since this is where files shared in Teams are stored.
    • Be aware that Teams retention policies cannot be applied to messages in private channels.
    Solution: e-Discovery
    • If legally necessary, place users or Teams on legal hold in order to retain data that would be otherwise deleted by your organization’s retention policies.
    • Perform e-discovery on Teams messages, files, and summaries of meetings and calls through the Security & Compliance Center.
    • See Microsoft’s chart on the next slide for what is e-discoverable.

    Content subject to e-discovery

    Content type eDiscoverable Notes
    Teams chat messages Yes Chat messages from chats where guest users are the only participants in a 1:1 or 1:N chat are not e-discoverable.
    Audio recordings No  
    Private channel messages Yes  
    Emojis, GIFs, stickers Yes  
    Code snippets No  
    Chat links Yes  
    Reactions (likes, hearts, etc) No  
    Edited messages Yes If the user is on hold, previous versions of edited messages are preserved.
    Inline images Yes  
    Tables Yes  
    Subject Yes  
    Quotes Yes Quoted content is searchable. However, search results don’t indicate that the content was quoted.
    Name of channel No  

    E-discovery does not capture audio messages and read receipts in MS Teams.

    Since files shared in private channels are stored separately from the rest of a team, follow Microsoft’s directions for how to include private channels in e-discovery. (Source: “Conduct an eDiscovery investigation of content in Microsoft Teams,” Microsoft, 2020.)

    Use case #2: Add external person to a team

    Scenario:

    A team in your organization needs to work in an ongoing way with someone external to the company. This user needs access to the relevant team’s work environment, but they should not be privy to the goings-on in the other parts of the organization.

    Jobs:

    This external person needs to be able to:

    • Attend meetings
    • Join calls
    • Chat with individual team members
    • View and collaborate on the team’s files
    Solution:
    • If necessary, set a data loss prevention policy to prevent your users from sharing certain types of information or files with external users present in your organization’s Teams chats and public channels.
    • Ensure that your Microsoft license includes DLP protection. However:
      • DLP cannot be applied to private channel messages.
      • DLP cannot block messages from external Skype for Business users nor external users who are not in “Teams only” mode.
    • Ensure that you have a team set up for the project that you wish the external user to join. The external user will be able to see all the channels in this team, unless you create a private channel they are restricted from.
    • Complete Microsoft’s “Guest Access Checklist” to enable guest access in Teams, if it isn’t already enabled.
    • As admin, give the external user guest access through the Teams admin center or Azure AD B2B collaboration. (If given permission, team owners can also add guests through the Teams client).
    • Decide whether to set a policy to monitor and audit external user activity.

    Use case #3: Delete/archive a team

    Scenario:

    In order to avoid teams sprawl, organizations may want IT to periodically delete or archive unused teams within the Teams client in order to improve the user interface.

    Alternately, if you are using a project-based approach to organizing Teams, you may wish to formalize a process to archive a team once the project is complete.

    Delete:
    • Determine if the team owner anticipates the team will need to be restored one day.
    • Ensure that deletion does not contradict the organization’s retention policy.
    • If not, proceed with deletion. Find the team in the Teams admin center and delete.
    • Restore a deleted team within 30 days of its initial deletion through PowerShell.
    Archive:
    • Determine if the team owner anticipates the team will need to be restored one day.
    • Find the relevant team in the Teams admin center and change its status to “Archived.”
    • Restore the archived team if the workspace becomes relevant once again.

    Info-Tech Best Practice

    Remind end users that they can hide teams or channels they do not wish to see in their Teams interface. Knowing a team can be hidden may impact a team owner’s decision to delete it.

    Section 2: Teams for End Users

    Best practices for utilizing teams, channels, chat, meetings, and live events

    Section 1

    Teams for IT

    		 Section 2

    Teams for end users

    From Teams how-tos to common use cases for end users.

    End user basics
    • Teams, channels, and chat
    • Meetings and live events
    Common use cases: Workspaces
    • WS#1: Departments
    • WS#2: A cross-functional committee
    • WS#3: An innovation day event
    • WS#4: A non-work-related social event
    • WS#5: A project team with a defined end time
    Common use cases: Meetings
    • M#1: Job interview with an external candidate
    • M#2: Quarterly board meeting
    • M#3: Weekly recurring team meeting
    • M#4: Morning stand-up/scrum
    • M#5: Phone call between two people

    Overview: Teams, channels, and chat

    Teams

    • Team: A workspace for a group of collaborative individuals.
      • Public channel: A focused area where all members of a team can meet, communicate, and share ideas and content.
      • Private channel: Like a public channel but restricted to a subset of team members, defined by channel owner.

    Chat

    • Chat: Two or more users collected into a common conversation thread.
    (Source: “Overview of teams and channels in Microsoft Teams,” Microsoft, 2020.)

    For any Microsoft Teams newcomer, the differences between teams, channels, and chat can be confusing.

    Use Microsoft’s figure (left) to see how these three mediums differ in their role and function.

    Best practices: Workspaces 1/2

      Team
    A workspace for a group of collaborative individuals.    		 Public Channel
    A focused area where all members of a team can meet, communicate, and share ideas and content.    		 Private Channel
    Like a public channel but restricted to a subset of team members, defined by channel owner.    		 Group Chat
    Two or more users collected into a common conversation thread.
    Limits and Administrative Control
    Who can create? Default setting: All users in an organization can create a team

    Maximum 500,000 teams per tenant

    		 Any member of a team can create a public channel within the team

    Maximum 200 public channels per team

    		 Any member of a team can create a private channel and define its members

    Maximum 30 private channels per team

    		 Anyone
    Who can add members? Team owner(s); max 5,000 members per team N/A Channel owner(s) can add up to 250 members Anyone can bring new members into the chat (and decide if they can see the previous history) up to 100 members
    Who can delete? Team owner/admin can delete Any team member Channel owner(s) Anyone can leave a chat but cannot delete chat, but they are never effectively deleted
    Social Context
    Who can see it? Public teams are indexed and searchable

    Private teams are not indexed and are visible only to joined members

    		 All members of the team can see all public channels. Channels may be hidden from view for the purposes of cleaning up the UI. Individuals will only see private channels for which they have membership Only participants in the group chat can see the group chat
    Who can see the content? Team members can see any content that is not otherwise part of a private channel All team members All members of the private channel Only members of the group chat

    When does a Group Chat become a Channel?

    • When it’s appropriate for the conversation to have a gallery – an audience of members who may not be actively participating in the discussion.
    • When control over who joins the conversation needs to be centrally governed and not left up to anyone in the discussion.
    • When the discussion will persist over a longer time period.
    • When the number of participants approaches 100.

    When does a Channel become a Team?

    • When a team approaches 30 private channels, many of those private channels are likely candidates to become their own team.
    • When the channel membership needs to extend beyond the boundary of the team membership.

    Best practices: Workspaces 2/2

      Team
    A workspace for a group of collaborative individuals.    		 Public Channel
    A focused area where all members of a team can meet, communicate, and share ideas and content.    		 Private Channel
    Like a public channel but restricted to a subset of team members, defined by channel owner.    		 Group Chat
    Two or more users collected into a common conversation thread.
    Data and Applications
    Where does the content live? SharePoint: Every team resides in its own SharePoint site SharePoint: Each team (public and private) has its own folder off the root of the SharePoint site’s repository SharePoint: Each team (public and private) has its own folder off the root of the SharePoint site’s repository OneDrive: Files that are shared in a chat are stored in the OneDrive folder of the original poster and shared to the other members
    How does the data persist or be retained? If a team expires/is deleted, its corresponding SharePoint site and those artifacts are also deleted Available for 21 days after deletion. Any member of the team can delete a public channel. The team owner and private channel owner can delete/restore a private channel Chats are never effectively deleted. They can be hidden to clean up the user interface.
    Video N/A Yes, select “Meet now” in channel below text entry box Yes, select “Meet now” in channel below text entry box Yes
    Phone calls N/A Yes, select “Meet now” in channel below text entry box Yes, select “Meet now” in channel below text entry box Yes
    Shared computer audio/screen N/A Yes, select “Meet now” in channel below text entry box Yes, select “Meet now” in channel below text entry box Yes
    File-sharing Within channels Yes. Frequently used/collaborated files can be turned into discrete tab. Yes. Frequently used/collaborated files can be turned into discrete tab. Yes
    Wikis Within channels Yes Yes No
    Whiteboarding No No No No

    When does a Team become a Channel?

    • When a team’s purpose for existing can logically be subsumed by another team that has a larger scope.

    When does a Channel become a Group Chat?

    • When a conversation within a channel between select users does not pertain to that channel’s scope (or any other existing channel), they should move the conversation to a group chat.
    • However, this is until that group chat desires to form a channel of its own.

    Create a new team

    Team owner: The person who creates the team. It is possible for the team owner to then invite other members of the team to become co-owners to distribute administrative responsibilities.

    Team members: People who have accepted their invitation to be a part of the team.

    NB: Your organization can control who has permission to set up a team. If you can’t set a up a team, contact your IT department.

    Screenshots detailing how to create a new team in Microsoft Teams, steps 1 to 3. Step 1: 'Click the <Teams data-verified= tab on the left-hand side of the app'. Step 2: 'At the bottom of the app, click '. Step 3: 'Under the banner , click '.">

    Create a new team

    Screenshot detailing how to create a new team in Microsoft Teams, the step 4 starting point with an arrow pointing to the 'Build a team from scratch' button.

    Decide from these two options:

    • Building a team from scratch, which will create a new group with no prior history imported (steps 4.1–4.3).
    • Creating a team from an existing group in Office 365, including an already existing team (steps 4.4–4.6).

    NB: You cannot create a team from an existing group if:

    • That group has 5,000 members or more.
    • That group is in Yammer.

    Screenshot detailing how to create a new team in Microsoft Teams, step 4.1. There are buttons for 'Private' and 'Public'.

    Decide if you want you new team from scratch to be private or public. If you set up a private team, any internal or external user you invite into the team will have access to all team history and files shared.

    Screenshot detailing how to create a new team in Microsoft Teams, step 4.2 and 4.3. 4.2 has a space to give your team a name and another for a description. 4.3 says 'Then click <Create data-verified='.">

    Create a new team

    Screenshot detailing how to create a new team in Microsoft Teams, the step 4 starting point with an arrow pointing to the 'Create from...' button.

    Decide from these two options:

    • Building a team from scratch, which will create a new group with no prior history imported (steps 4.1–4.3).
    • Creating a team from an existing group in Office 365, including an already existing team (steps 4.4–4.6).

    NB: You cannot create a team from an existing group if:

    • That group has 5,000 members or more.
    • That group is in Yammer.

    Screenshot detailing how to create a new team in Microsoft Teams, step 4.4. It reads 'Create a new team from something you already own' with a button for 'Team'.

    Configure your new team settings, including privacy, apps, tabs, and members.

    Screenshot detailing how to create a new team in Microsoft Teams, step 4.5 and 4.6. 4.5 has a space to give your team a name, a description, choose privacy settings, and what you'd like to include from the original team. 4.6 says 'Then click <Create data-verified='.">

    Add team members

    Remove team members
    Screenshot detailing how to add team members in Microsoft Teams, step 1.

    To add a team member, on the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Add member.”

    		 Screenshot detailing how to remove team members in Microsoft Teams, step 1.

    Only team owners can remove a team member. To do so, on the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Manage team.”
    Screenshot detailing how to add team members in Microsoft Teams, step 2.

    If you’re a team owner, you can then type a name or an email address to add another member to the team.

    If you’re a team member, typing a name or an email address will send a request to the team owner to consider adding the member.

    		 Screenshot detailing how to remove team members in Microsoft Teams, step 2.

    Under the “Members” tab, you’ll see a list of the members in the team. Click the “X” at the far right of the member’s name to remove them.

    Team owners can only be removed if they change their role to team member first.

    Create a new channel

    Screenshot detailing how to create a new channel in Microsoft Teams, step 1.

    On the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Add channel.”

    		 Screenshot detailing how to create a new channel in Microsoft Teams, step 2.

    Name your channel, give a description, and set your channel’s privacy.
    Screenshot detailing how to create a new channel in Microsoft Teams, step 3.

    To manage subsequent permissions, on the right-hand side of the channel name, click “More options.”

    Then, from the drop-down menu, click “Manage channel.”

    Adding and removing members from channels:

    Only members in a team can see that team’s channels. Setting channel privacy as “standard” means that the channel can be accessed by anyone in a team. Unless privacy settings for a channel are set as “private” (from which the channel creator can choose who can be in that channel), there is no current way to remove members from channels.

    It will be up to the end user to decide which channels they want to hide.

    Link team/channel to SharePoint folder

    Screenshot detailing how to link a team or channel to a SharePoint folder in Microsoft Teams, steps 1, 2, and 3. Step 1: 'Along the top of the team/channel tab bar, click the “+” symbol'. Step 2: 'Select “Document Library” to link the team/channel to a SharePoint folder'. Step 3: 'Copy and paste the SharePoint URL for the desired folder, or search in “Relevant sites” if the folder can be found there'.

    Need to find the SharePoint URL?

    Screenshot detailing how to find the SharePoint URL in Microsoft Teams. 'Locate the folder in SharePoint and click <Show actions data-verified=', 'Click to access the folder's SharePoint URL.'">

    Hide/unhide teams

    Hide/unhide channels
    Screenshot detailing how to hide and unhide teams in Microsoft Teams, step 1.

    To hide a team, on the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Hide.” Hidden teams are moved to the “hidden teams” menu at the bottom of your team list.

    		 Screenshot detailing how to hide and unhide channels in Microsoft Teams, step 1.

    To hide a channel, on the right-hand side of the channel name, click “More options.”

    Then, from the drop-down menu, click “Hide.” Hidden channels are moved to the “hidden channels” menu at the bottom of your channel list in that team.
    Screenshot detailing how to hide and unhide teams in Microsoft Teams, step 2. Screenshot of a button that says 'Hidden teams'.

    To unhide a team, click on the “hidden teams” menu. On the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Show.”

    		 Screenshot detailing how to hide and unhide channels in Microsoft Teams, step 2.

    To unhide a channel, click on the “hidden channels” menu at the bottom of the team. This will produce a drop-down menu of all hidden channels in that team.

    Hover over the channel you want to unhide and click “Show.”

    Find/join teams

    Leave teams
    Screenshot detailing how to find and join teams in Microsoft Teams, step 1. Click the “Teams” tab on the left-hand side of the app. Screenshot detailing how to find and join teams in Microsoft Teams, step 2.

    At the bottom of the app, click “Join or create a team.” Teams will then suggest a range of teams that you might be looking for. You can join public teams immediately. You will have to request approval to join a private team.

    		 Screenshot detailing how to leave teams in Microsoft Teams.

    To leave a team, on the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Leave the team.”
    NB: If the owner of a private team has switched off discoverability, you will have to contact that owner to join that team. Screenshot detailing how to find and join teams in Microsoft Teams, step 3. If you can’t immediately see the team, you have two options: either search for the team or enter that team’s code under the banner “Join a team with a code.” Can I find a channel?

    No. To join a channel, you need to first join the team that channel belongs to.

    Can I leave a channel?

    No. The most you can do is hide the channel. By default, if you join a team you will have access to all the channels within that team (unless a channel is private, in which case you’ll have to request access to that channel).

    Create a chat

    Screenshots detailing how to create a chat in Microsoft Teams, steps 1 to 5. Step 1:'Click the “Chat” tab on the left hand side of the app (or keyboard shortcut Ctrl+N)'. Step 2: 'Search the name of the person you want to chat with'. Step 3: 'You’re now ready to start the chat! You can also send a chat message while working in a separate channel by typing/chat into the search bar and entering the recipient’s name'. Step 4: 'For group chat, click the “Add people” button in the top right hand corner of the app to add other persons into the existing chat'. Step 5: 'You can then rename the group chat (if there are 3+ people) by clicking the “Name group chat” option to the right of the group chat members’ names'.

    Hide a chat

    Unhide a chat
    Screenshots detailing how to hide a chat in Microsoft Teams, steps 1 to 3. Step 1:'Click the “Chat” tab on the left-hand side of the app'. Step 2: 'Search the name of the chat or group chat that you want to hide'. Step 3: In either 'Single person chat options' or 'Group chat options' Click “More options.” Then click “Hide.”' To unhide a chat, search for the hidden person or name of the group chat in the search bar. Click “More options.” Then click “Unhide.” Screenshot detailing how to unhide a chat in Microsoft Teams.

    Leave a chat
    You can only leave group chats. To do so, click “More options.” Then click “Leave.” Screenshot detailing how to leave a chat in Microsoft Teams.

    Overview: Meetings and live events

    Teams Meetings: Real-time communication and collaboration between a group, limited to 250 people.

    Teams Live Events: designed for presentations and webinars to a large audience of up to 10,000 people, in which attendees watch rather than interact.

     

    Office 365 and Microsoft 365 Licenses
    I want to: F1 F3 E1 E3 E5 Audio conferencing add-on
    Join a Teams meeting No license required. Any email address can participate in a Teams meeting.
    Attend a Teams meeting with a dial-in phone number No license required. Any phone number can dial into a Teams meeting. (Meeting organizers need to have an Audio Conferencing add-on license to send an invite that includes dial-in conferencing.)
    Attend a Teams live event No license required. Any phone number can dial into a Teams live event.
    Create a Teams meeting for up to 250 attendees   One of these licensing plans
    Create a Teams meeting for up to 250 attendees with a dial-in phone number   One of these licensing plans + Audio Conferencing (Meeting organizers need to have an Audio Conferencing add-on license to send an invite that includes dial-in conferencing.)
    Create a Teams live event for up to 10,000 attendees     One of these licensing plans
    Dial out from a Teams meeting to add someone at their Call me at number   One of these licensing plans + Audio Conferencing (Meeting dial out to a Call me at number requires organizers to have an E5 or Audio Conference add-in license. A dial plan may also be needed.)

    Depending on the use case, end users will have to determine whether they need to hold a meeting or a live event.

    Use Microsoft’s table (left) to see what license your organization needs to perform meetings and live events.

    (Source: “Admin quick start – Meetings and live events in Microsoft Teams,” Microsoft, 2020.)

    Best practices: Meetings

      Ad Hoc Call
    Direct audio/video call    		 Scheduled Meeting Live Event
    Limits and Administrative Control
    Who can create? Anyone Anyone Anyone, unless altered by admin (permission to create MS Stream events also required if external production tools are used).
    Who can add members? Anyone in the session. The meeting organizer can add new attendees to the meeting. The event creator (the “organizer”) sets attendee permissions and assigns event group roles (“producer” and “presenter”).
    Can external stakeholders attend? Yes, through email invite. However, collaboration tools are restricted. Yes, through email invite. However, collaboration tools are restricted. Public events: yes, through shared invite link.
    Org-wide event: yes, if guest/external access granted.
    Who can delete? Anyone can leave the session. There is no artifact to delete. The meeting organizer Any attendee can leave the session.
    The organizer can cancel the event.
    Maximum attendees 100 250 10,000 attendees and 10 active presenters/producers (250 presenters and producers can be present at the event).
    Social Context
    How does the request come in? Unscheduled.
    Notification of an incoming audio or video call.    		 Scheduled.
    Meeting invite, populated in the calendar, at a scheduled time.    		 Meeting only auto-populated in event group’s calendars. Organizer must circulate event invite link to attendees – for instance, by pasting link into an Outlook meeting invite.
    Available Functionality
    Screen-sharing Yes Yes Producers and Presenters (through Teams, no third-party app).
    Whiteboard No Yes Yes
    OneNote (for minutes) Yes (from a member’s OneDrive) Yes, part of the meeting construct. No. A Meeting Notes tab is available instead.
    Dedicated chat space Yes. Derived from a group chat. Meeting has its own chat room. The organizer can set up a moderated Q&A (not chat) when creating the event. Only Presenters and Producers can chat.
    Recording Yes Yes Yes. Event can last up to 4 hours.

    When should an Ad Hoc Call become a Scheduled Meeting?

    • When the participants need time to prepare content for the call.
    • When an answer is not required immediately.
    • When bringing a group of people together requires logistical organizing.

    When should a Scheduled Meeting become an Ad Hoc Call?

    • When the participants can meet on short notice.
    • When a topic under discussion requires creating alignment quickly.

    When should a Live Event be created?

    • When the expected attendance exceeds 250 people.
    • If the event does not require collaboration and is mostly a presenter conveying information.

    Create a scheduled meeting

    Screenshots detailing how to create a scheduled meeting in Microsoft Teams, steps 1 to 4. Step 1:'Click the “Calendar” tab on the left-hand side of the app'. Step 2: 'On the top-right of the app, click the drop-down menu for “+ New meeting” and then “Schedule meeting.”' Step 3: 'Fill in the meeting details. When inputting internal attendees, their names will drop down without needing their email. You will need to input email addresses for external attendees'. Step 4: 'To determine internal attendees’ availability, click “Scheduling assistant” on the top left. Then click “Save” to create the meeting'.

    Create an ad hoc meeting

    Screenshots detailing how to create an ad hoc meeting in Microsoft Teams, steps 1 to 4. Step 1:'Click the “Calendar” tab on the left-hand side of the app'. Step 2: 'Along the top-right, click “Meet now.”' Step 3: 'Name your meeting, choose your audio and video settings, and click “Join now.”'. Step 4: 'To determine internal attendees’ availability, click “Scheduling assistant” on the top left. Then click “Save” to create the meeting. You’ll then be prompted to fill in the meeting details. When inputting internal attendees, their names will drop down without needing their email. You will need to input email addresses for external attendees'.

    Tip: Use existing channels to host the chatrooms for your online meetings

    When you host a meeting online with Microsoft Teams, there will always be a chatroom associated with the meeting. While this is a great place for meeting participants to interact, there is one particular downside.

    Problem: The never-ending chat. Often the activity in these chatrooms can persist long after the meeting. The chatroom itself becomes, unofficially, a channel. When end users can’t keep up with the deluge of communication, the tools have failed them.

    Solution: Adding an existing channel to the meeting. This ensures that discussion activity is already hosted in the appropriate venue for the group, during and after the meeting. Furthermore, it provides non-attendees with a means to catch up on the discussion they have missed.

    In section two of this cookbook, we will often refer to this tactic.

    A screenshot detailing how to add an existing channel to a meeting in Microsoft Teams. 'Break the habit of online booking meetings in Outlook – use the Teams Calendar View instead! In order to make use of this function, the meeting must be setup in Microsoft Teams, not Microsoft Outlook. The option to assign a channel to the meeting will then be available to the meeting organizer.'

    Don’t have a channel for the chat session of your online meeting? Perhaps you should!

    If your meeting is with a group of individuals that will be collaborating frequently, they may need a workspace that persists beyond the meeting.

    Guests can still attend the meeting, but they can’t chat!

    If there are attendees in your meeting that do not have access to the channel you select to host the chat, they will not see the chat discussion nor have any ability to use this function.

    This may be appropriate in some cases – for example, a vendor providing a briefing as part of a regular team meeting.

    However, if there are attendees outside the channel membership that need to see the meeting chat, consider another channel or simply default to not assigning one.

    Meeting settings explained

    Show device settings. For settings concerning audio, video, and whether viewing is private.

    Show meeting notes. Use to take notes throughout the meeting. The notes will stay attached to this event.

    Show meeting details. Find meeting information for: a dial-in number, conference ID, and link to join.

    Enter full screen.

    Show background effects. Choose from a range of video backgrounds to hide/blur your location.

    Turn on the captions (preview). Turn on live speech-to-text captions.

    Keypad. For dialing a number within the meeting (when enabled as an add-on with E3 or as part of E5).

    Start recording. Recorded and saved using Microsoft Stream.

    End meeting.

    Turn off incoming video. To save network bandwidth, you can decline receiving attendee’s video.

    Click “More options” to access the meetings settings.

    Screen share. In the tool tray, select “Share” to share your screen. Select particular applications if you only want to share certain information; otherwise, you can share your whole desktop.

    System audio share. To share your device’s audio while screen sharing, checkbox the “Include system audio” option upon clicking “Share.”

    If you didn’t click that option at the start but now want to share audio during screen share, click the “Include systems audio” option in the tool tray along the top of the screen.

    Give/take control of screen share. To give control, click “Give control” in the tool tray along the top of the screen when sharing content. Choose from the drop-down who you would like to give control to. In the same spot, click “Take back control” when required.

    To request control, click “Request control” in the same space when viewing someone sharing their content. Click “Release control” once finished.

    Start whiteboarding

    1. You’ll first need to enable Microsoft Whiteboard in the Microsoft 365 admin center. Ask your relevant admin to do so if Whiteboard is not already enabled.
    2. Once enabled, click “Share” in a meeting. This feature only appears if you have 3+ participants in the meeting.
    3. Under the “Whiteboard” section in the bottom right, click “Microsoft Whiteboard.”
    4. Click the pen icons to the right of the screen to begin sketching.

    NB: Anonymous, federated, or guest users are currently not supported to start, view, or ink a whiteboard in a Teams meeting.

    Will the whiteboard session be recorded if the meeting is being recorded?

    No. However, the final whiteboard will be available to all meeting attendees after the meeting, under “Board Gallery” in the Microsoft Whiteboard app. Attendees can then continue to work on the whiteboard after the meeting has ended.

    Create a live event

    Screenshots detailing how to create a live event in Microsoft Teams, steps 1 to 3. Step 1: 'Click the “Calendar” tab on the left-hand side of the app'. Step 2: 'On the top right of the app, click the drop-down menu for “+ New meeting” and then “Live event.”' Step 3: 'You will be labeled the “Event organizer.” First, fill in the live event details on the left'. Screenshot detailing how to create a live event in Microsoft Teams, step 4.

    As the organizer, you can invite other people to the event who will be the “producers” or “presenters.”

    Producers: Control the live event stream, including being able to start and stop the event, share their own and others’ video, share desktop or window, and select layout.

    Presenters: Present audio, video, or a screen.
    Screenshot detailing how to create a live event in Microsoft Teams, step 5.

    Select who your audience will be for your live event from three options: specified people and groups, the organization, or the public with no sign-in required.

    Edit the setting for whether you want recording to be available for attendees.

    Then click “Schedule” to finish.

    Live event settings explained

    When you join the live event as a producer/presenter, nothing will be immediately broadcast. You’ll be in a pre-live state. Decide what content to share and in what order. Along the bottom of the screen, you can share your video and audio, share your screen, and mute incoming attendees.

    Once your content is ready to share along the bottom of the screen, add it to the screen on the left, in order of viewing. This is your queue – your “Pre-live” state. Then, click “Send now.”

    This content will now move to the right-hand screen, ready for broadcasting. Once you’re ready to broadcast, click “Start.” Your state will change from “Pre-live” to “Live.”

    Along the top right of the app will be a tools bar.

    		 Screenshot listing live events settings icons in Microsoft Teams. Beside the heart monitor icon is 'Monitor health and performance of network, devices, and media sharing'. Beside the notepad icon is 'Take meeting notes'. Beside the chatbox icon is 'Chat function'. Beside the two little people with a plus sign icon is 'Invite and show participants'. Beside the gear icon is 'Device settings'. Beside the small 'i' in a circle is 'Meeting details, including schedule, meeting link, and dial-in number'.

    Workspace #1: Departments

    Scenario: Most of your organization’s communication and collaboration occurs within its pre-existing departmental divisions.

    Conventional communication channels:

    • Oral communication: Employees work in proximity to each other and communicate in person, by phone, in department meetings
    • Email: Department-wide announcements
    • Memos: Typically posted/circulated in mailboxes

    Solution: Determine the best way to organize your organization’s departments in Teams based on its size and your requirements to keep information private between departments.

    Option A:

    • Create a team for the organization/division.
    • Create channels for each department. Remember that all members of a team can view all public channels created in that team and the default General channel.
    • Create private channels if you wish to have a channel that only select members of that team can see. Remember that private channels have some limitations in functionality.

    Option B:

    • Create a new team for each department.
    • Create channels within this team for projects or topics that are recurring workflows for the department members. Only department members can view the content of these channels.

    Option C:

    • Post departmental memos and announcements in the General channel.
    • Use “Meet now” in channels for ad hoc meetings. For regular department meetings, create a recurring Teams calendar event for the specific department channel (Option A) or the General channel (Option B). Remember that all members of a team can join a public channel meeting.

    Workspace #2: A cross-functional committee

    Scenario: Your organization has struck a committee composed of members from different departments. The rest of the organization should not have access to the work done in the committee.

    Purpose: To analyze a particular organizational challenge and produce a plan or report; to confidentially develop or carry out a series of processes that affect the whole organization.

    Jobs: Committee members must be able to:

    • Attend private meetings.
    • Share files confidentially.

    Solution:

    Ingredients:

    • Private team

    Construction:

    • Create a new private team for the cross-functional committee.
    • Add only committee members to the team.
    • Create channels based on the topics likely to be the focal point of the committee work.
    • Decide how you will use the mandatory General channel. If the committee is small and the work limited in scope, this channel may be the main communication space. If the committee is larger or the work more complex, use the General channel for announcements and move discussions to new topic-related channels.
    • Schedule recurring committee meetings in the Teams calendar. Add the relevant channel to the meeting invite to keep the meeting chat attached to this team and channel (as meeting organizer, put your name in the meeting invite notes, as the channel will show as the organizer in the Outlook invite).
    • Remember that all members of this team will have access to these meetings and be able to view that they are occurring.

    Workspace #3: An innovation day event

    Scenario: The organization holds a yearly innovation day event in which employees form small groups and work on a defined, short-term problem or project.

    Purpose: To develop innovative solutions and ideas.

    Jobs:

    • Convene small groups.
    • Work toward time-sensitive goals.
    • Communicate synchronously.
    • Share files.

    Solution:

    Ingredients:

    • Public team
    • Channel tabs
    • Whiteboard
    • Planner

    Construction:

    • Create a team for the innovation day event.
    • Add channels for each project working group.
    • Communicate to participants the schedule for the day and their assigned channel.
    • Use the General channel for announcements and instructions throughout the day. Ensure someone moderates the General channel for participants’ questions.
    • Pre-populate the channel tabs with files the participants need to work with. To add a scrum board, refer to M#4 (Morning stand-up/Scrum) in this slide deck.
    • For breakouts, instruct participants to use the “meet now” feature in their channel and how to use the Whiteboard during these meetings.
    • Arrange to have your IT admin archive the team after a certain point so the material is still viewable but not editable.

    Workspace #4: A non-work-related social event

    Scenario: Employees within the organization wish to organize social events around shared interests: board game clubs, book clubs, TV show discussion groups, trivia nights, etc.

    Purpose: To encourage cohesion among coworkers and boost morale.

    Jobs:

    • Schedule the event.
    • Invite participants.
    • Prepare the activity.
    • Host and moderate the discussion.

    Solution:

    Ingredients:

    • Public team
    • Private channels
    • Screen-sharing

    Construction:

    • Create a public team for the social event so that interested people can find and join it.
    • Example: Trivia Night
      • Schedule the event in the Teams calendar.
      • Publish the link to the Trivia Night team where other employees will see it.
      • Create private channels for each trivia team so they cannot see the other competitors’ discussions. Add yourself to each private channel so you can see their answers.
      • As the host, begin a meeting in the General channel. Pose the trivia questions live or present the questions on PowerPoint via screen-sharing.
      • Ask each team to post its answers to its private channel.
    • To avoid teams sprawl, ask your IT admin to set a deletion policy for the team, as long as this request does not contradict your organization’s policies on data retention. If the team becomes moribund, it can be set to auto-delete after a certain period of time.

    Workspace #5: A project team with a defined end time

    Scenario: Within a department/workplace team, employees are assigned to projects with defined end times, after which they will be assigned to a new project.

    Purpose: To complete project-based work that fulfills business needs.

    Jobs:

    • Oral communication with team members.
    • Synchronous and asynchronous work on project files.
    • The ability to attend scheduled meetings and ad hoc meetings.
    • The ability to access shared resources related to the project.

    Solution:

    If your working group already has its own team within Teams:

    • Create a new public or private channel for the project. Remember that some functionality is not available in private channels (such as Microsoft Planner).
    • Use the channel for the project team’s meetings (scheduled in Teams calendar or through Meet Now).
    • Add a tab that links to the team’s project folder in SharePoint.

    If your workplace team does not already have its own team in Teams:

    • Determine if there is a natural fit for this project as a new channel in an existing team. Remember that all team members will be able to see the channel if it is public and that all relevant project members need to belong to the Team to participate in the channel.
    • If necessary, create a new team for the project. Add the project members.
    • Create channels based on the type of work that comprises the project.
    • Use the channel for the project team’s meetings (scheduled in Teams calendar or through Meet Now)
    • Add a tab to link to the team’s project folder in SharePoint.

    Info-tech Best Practice

    Hide the channel after the project concludes to de-clutter your Teams user interface.

    Meeting #1: Job interview with external candidate

    Scenario: The organization must interview a slate of candidates to fill an open position.

    Purpose:

    • Select the most qualified candidate for the job.

    Jobs:

    • Create a meeting, ensuring the candidate and other attendees know when and where the meeting will happen.
    • Ensure the meeting is secure to protect confidential information.
    • Ensure the meeting is accessible, allowing the candidate to present themselves through audio and/or visual means.
    • Create a professional environment for the meeting to take place.
    • Engender a space for the candidate to share their CV, research, or other relevant file.
    • The interview must be transcribed and recorded.

    Solution:

    Ingredients:

    • Private Teams meeting
    • Screen-sharing
    • Microsoft Stream

    Construction:

    • Create a Teams meeting, inviting the candidate with their email, alongside other internal attendees. The Teams meeting invite will auto-generate a link to the meeting itself.
    • The host can control who joins the meeting through settings for the “lobby.”
    • Through the Teams meeting, the attendees will be able to use the voice and video chat functionality.
    • All attendees can opt to blur their backgrounds to maintain a professional online presence.
    • The candidate can share their screen, either specific applications or their whole desktop, during the Teams meeting.
    • A Teams meeting can be recorded and transcribed through Stream. After the meeting, the transcript can be searched, edited, and shared

    NB: The external candidate does not need the Teams application. Through the meeting invite, the external candidate will join via a web browser.

    Meeting #2: Quarterly board meeting

    Scenario: Every quarter, the organization holds its regular board meeting.

    Purpose: To discuss agenda items and determine the company’s future direction.

    Jobs:

    During meeting:
      • Attendance and minutes must be taken.
      • Votes must be recorded.
      • In-camera sessions must occur.
      • External experts must be included.
    After meeting:
    • Follow-up items must be assigned.
    • Reports must be submitted.

    Solution:

    Ingredients:

    • Teams calendar invite
    • Planner; Forms
    • Private channel
    • Microsoft Stream

    Construction:

    • Guest Invite: Invites can be sent to any non-domain-joined email address to join a private, invitation-only channel within the team controlled by the board chair.
    • SharePoint & Flow: Documents are emailed to the Team addresses, which kicks off an MS Flow routine to collect review notes.
    • Planner: Any board member can assign tasks to any employee.
    • Forms/Add-On: Chair puts down the form of the question and individual votes are tracked.
    • Teams cloud meeting recording: Recording available through Stream. Manual edits can be made to VTT caption file. Greater than acceptable transcription error rate.
    • Meeting Log: Real-time attendance is viewable but a point-in-time record needs admin access.

    NB: The external guests do not need the Teams application. Through the meeting invite, the guests will join via a web browser.

    Meeting #3: Weekly team meeting

    Scenario: A team meets for a weekly recurring meeting. The meeting is facilitated by the team lead (or manager) who addresses through agenda items and invites participation from the attendees.

    Purpose: The purpose of the meeting is to:

    • Share information verbally
    • Present content visually
    • Achieve consensus
    • Build team morale

    Jobs: The facilitator must:

    • Determine participants
    • Book room
    • Book meeting in calendar

    Solution:

    Ingredients:

    • Meeting Place: A channel in Microsoft Teams (must be public) where all members of the meeting make up the entirety of the audience.
    • Calendar Recurrence: A meeting is booked through Teams and appears in all participants’ Outlook calendar.
    • Collaboration Space: Participants join the meeting through video or audio and can share screens and contribute text, images, and links to the meeting chat.

    Construction:

    • Ensure your team already has a channel created for it. If not, create one in the appropriate team.
    • Create the meeting using the calendar view within Microsoft Teams:
      • Set the meeting’s name, attendees, time, and recurrence.
      • Add the team channel that serves as the most appropriate workplace for the meeting. (Any discussion in the meeting chat will be posted to this channel.)

    NB: Create the meeting in the Teams calendar, not Outlook, or you will not be able to add the Teams channel. As meeting organizer, put your name in the meeting invite notes, as the channel will show as the organizer in the Outlook invite.

    Meeting #4: Morning stand-up/scrum

    Scenario: Each morning, at 9am, members of the team meet online.

    Purpose: After some pleasantries, the team discusses what tasks they each plan to complete in the day.

    Jobs: The team leader (or scrum master) must:

    • Place all tasks on a scrum board, each represented by a sticky note denoting the task name and owner.
    • Move the sticky notes through the columns, adjusting assignments as needed.
    • Sort tasks into the following columns: “Not Started,” “In Progress,” and “Done.”

    Solution:

    Ingredients:

    • Meeting Place: A channel in Microsoft Teams (must be public) where all members of the meeting make up the entirety of the audience.
    • Scrum Board: A tab within that channel where a persistent scrum board has been created and is visible to all team members.

    Meeting Place Construction:

    • Create the meeting using the calendar view in Teams.
    • Set the meeting’s name, attendees, time, and work-week daily recurrence (see left).
    • Add the channel that is the most appropriate workplace for the meeting. Any meeting chat will be posted to this channel rather than a separate chat.

    Scrum Board Construction:

    • Add a tab to the channel using Microsoft Planner as the app. (You can use other task management apps such as Trello, but the identity integration of first-party Office 365 tools may be less hassle.)
    • Create a new (or import an existing) Plan to the channel. This will be used as the focal point.

    Meeting #5: Weekly team meeting

    Scenario: An audio-only conversation that could be a regularly scheduled event but is more often conducted on an ad-hoc basis.

    Purpose: To quickly share information, achieve consensus, or clarify misunderstandings.

    Jobs:

    • Dial recipient
    • See missed calls
    • Leave/check voicemail
    • Create speed-dial list
    • Conference call

    Solution:

    Ingredients:

    • Audio call begun through Teams chat.

    Construction:

    • Voice over IP calls between users in the same MS Teams tenant can begin in multiple ways:
      • A call can be initiated through any appearance of a user’s profile picture: hover over user’s profile photo in the Chat list and select the phone icon.
      • Enter your last chat with a user and click phone icon in upper-right corner.
      • Go to the Calls section and type the name in the “Make a call” text entry form.
    • Voicemail: Voicemail, missed calls, and call history are available in the Calls section.
    • Speed dial: Speed dial lists can be created in the Calls section.
    • Conference call: Other users can be added to an ongoing call.

    NB: Microsoft Teams can be configured to provide an organization’s telephony for external calls, but this requires an E5 license. Additional audio-conferencing licenses are required to call in to a Teams meeting over a phone.

    Bibliography 1/4

    Section 1: Teams for IT › Creation Process

    Overview: Creation process
    Assign admin roles
    Prepare the network
    Team creation
    Integrations with SharePoint Online
    Permissions

    Bibliography 2/4

    Section 1: Teams for IT › Creation Process (cont'd.)

    External and guest access
    Expiration and archiving
    Retention and data loss prevention
    Teams telephony

    Bibliography 3/4

    Section 1: Teams for IT › Teams Rollout

    From Skype to Teams
    From Slack to Teams
    Teams adoption

    Section 1: Teams for IT › Use Cases

    Bibliography 4/4

    Section 2: Teams for End Users › Teams, Channels, Chat

    Section 2: Teams for End Users › Meetings and Live Events

    Section 2: Teams for End Users › Use Cases

    Succeed With Digital Strategy Execution

    • Buy Link or Shortcode: {j2store}527|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Rising customer expectations and competitive pressures have accelerated the pace at which organizations are turning to digital transformation to drive revenue or cut costs.
    • Many digital strategies are not put into action, and instead sit on the shelf. A digital strategy that is not translated into specific projects and initiatives will provide no value to the organization.
    • Executing a digital strategy is easier said than done: IT often lacks the necessary framework to create a roadmap, or fails to understand how new applications can enable the vision outlined in the strategy.

    Our Advice

    Critical Insight

    • A digital strategy needs a clear roadmap to succeed. Too many digital strategies are lofty statements of objective with no clear avenue for actual execution: create a digital strategy application roadmap to avoid this pitfall.
    • Understand the art of execution. Application capabilities are rapidly evolving: IT must stand ready to educate the business on how new applications can be used to pursue the digital strategy.

    Impact and Result

    • IT must work with the business to parse specific technology drivers from the digital strategy, distill strategic requirements, and create a prescriptive roadmap of initiatives that will close the gaps between the current state and the target state outlined in the digital strategy. Doing so well is a path to the CIO’s office.
    • To better serve the organization, IT leaders must stay abreast of key application capabilities and trends. Exciting new developments such as artificial intelligence, IoT, and machine learning have opened up new avenues for process digitization, but IT leaders need to make a concerted effort to understand what modern applications bring to the table for technology enablement of the digital strategy.
    • Taking an agile approach to application roadmap development will help to provide a clear path forward for tackling digital strategy execution, while also allowing for flexibility to update and iterate as the internal and external environment changes.

    Succeed With Digital Strategy Execution Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should have a structured approach to translating your digital strategy to specific application initiatives, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Parse digital strategy drivers

    Parse specific technology drivers out of the formal enterprise digital strategy.

    • Succeed With Digital Strategy Execution – Phase 1: Parse Your Digital Strategy for Critical Technology Drivers

    2. Map drivers to enabling technologies

    Review and understand potential enabling applications.

    • Succeed With Digital Strategy Execution – Phase 2: Map Your Drivers to Enabling Applications

    3. Create the application roadmap to support the digital strategy

    Use the drivers and an understanding of enabling applications to put together an execution roadmap that will support the digital strategy.

    • Succeed With Digital Strategy Execution – Phase 3: Create an Application Roadmap That Supports the Digital Strategy
    • Digital Strategy Roadmap Tool
    • Application Roadmap Presentation Template
    • Digital Strategy Communication and Execution Plan Template
    [infographic]

    Workshop: Succeed With Digital Strategy Execution

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Validate the Digital Strategy

    The Purpose

    Review and validate the formal enterprise digital strategy.

    Key Benefits Achieved

    Confirmation of the goals, objectives, and direction of the organization’s digital strategy.

    Activities

    1.1 Review the initial digital strategy.

    1.2 Determine gaps.

    1.3 Refine digital strategy scope and vision.

    1.4 Finalize digital strategy and validate with stakeholders.

    Outputs

    Validated digital strategy

    2 Parse Critical Technology Drivers

    The Purpose

    Enumerate relevant technology drivers from the digital strategy.

    Key Benefits Achieved

    List of technology drivers to pursue based on goals articulated in the digital strategy.

    Activities

    2.1 Identify affected process domains.

    2.2 Brainstorm impacts of digital strategy on technology enablement.

    2.3 Distill critical technology drivers.

    2.4 Identify KPIs for each driver.

    Outputs

    Affected process domains (based on APQC)

    Critical technology drivers for the digital strategy

    3 Map Drivers to Enabling Applications

    The Purpose

    Relate your digital strategy drivers to specific, actionable application areas.

    Key Benefits Achieved

    Understand the interplay between the digital strategy and impacted application domains.

    Activities

    3.1 Build and review current application inventory for digital.

    3.2 Execute fit-gap analysis between drivers and current state inventory.

    3.3 Pair technology drivers to specific enabling application categories.

    Outputs

    Current-state application inventory

    Fit-gap analysis

    4 Understand Applications

    The Purpose

    Understand how different applications support the digital strategy.

    Understand the art of the possible.

    Key Benefits Achieved

    Knowledge of how applications are evolving from a features and capabilities perspective, and how this pertains to digital strategy enablement.

    Activities

    4.1 Application spotlight: customer experience.

    4.2 Application spotlight: content and collaboration.

    4.3 Application spotlight: business intelligence.

    4.4 Application spotlight: enterprise resource planning.

    Outputs

    Application spotlights

    5 Build the Digital Application Roadmap

    The Purpose

    Create a concrete, actionable roadmap of application and technology initiatives to move the digital strategy forward.

    Key Benefits Achieved

    Clear, concise articulation of application roadmap for supporting digital that can be communicated to the business.

    Activities

    5.1 Build list of enabling projects and applications.

    5.2 Create prioritization criteria.

    5.3 Build the digital strategy application roadmap.

    5.4 Socialize the roadmap.

    5.5 Delineate responsibility for roadmap execution.

    Outputs

    Application roadmap for the digital strategy

    RACI chart for digital strategy roadmap execution

    Next-Generation InfraOps

    • Buy Link or Shortcode: {j2store}457|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Traditional IT capabilities, activities, organizational structures, and culture need to adjust to leverage the value of cloud, optimize spend, and manage risk.
    • Different stakeholders across previously separate teams rely on one another more than ever, but rules of engagement do not yet exist.

    Our Advice

    Critical Insight

    • By defining your end goals and framing solutions based on the type of visibility and features you need, you can enable speed and reliability without losing control of the work.

    Impact and Result

    • Understand the xOps spectrum and what approaches benefit your organization.
    • Make sense of the architectural approaches and enablement tools available to you.
    • Evolve from just improving your current operations to a continuous virtuous cycle of development and deployment.

    Next-Generation InfraOps Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Next-Generation InfraOps Storyboard – A deck that will help you use Ops methodologies to build a virtuous cycle.

    This storyboard will help you understand the spectrum of different Agile xOps working modes and how best to leverage them and build an architecture and toolset that support rapid continuous IT operations

    • Next-Generation InfraOps Storyboard
    [infographic]

    Further reading

    Next-Generation InfraOps

    Embrace the spectrum of Ops methodologies to build a virtuous cycle.

    Executive summary

    Your Challenge

    IT Operations continue to be challenged by increasing needs for scale and speed, often in the face of constrained resources and time. For most, Agile methodologies have become a foundational part of tackling this problem. Since then, we've seen Agile evolve into DevOps, which started a trend into different categories of "xOps" that are too many to count. How does one make sense of the xOps spectrum? What is InfraOps and where does it fit in?

    Common Obstacles

    Ultimately, all these methodologies and approaches are there to serve the same purpose: increase effectiveness through automation and improve governance through visibility. The key is to understand what tools and methodologies will deliver actual benefits to your IT operation and to the organization as a whole.

    Info-Tech's Approach

    By defining your end goals and framing solutions based on the type of visibility and features you need, you can enable speed and reliability without losing control of the work.

    1. Understand the xOps spectrum and what approaches will benefit your organization.
    2. Make sense of the architectural approaches and enablement tools available to you.
    3. Evolve from just improving your current operations to a continuous virtuous cycle of development and deployment.

    Info-Tech Insight

    InfraOps, when applied well, should be the embodiment of the governance policies as expressed by standards in architecture and automation.

    Project overview

    Understand the xOps spectrum

    There are as many different types of "xOps" as there are business models and IT teams. To pick the approaches that deliver the best value to your organization and that align to your way of operating, it's important to understand the different major categories in the spectrum and how they do or don't apply to your IT approach.

    How to optimize the Ops in DevOps

    InfraOps is one of the major methodologies to address a key problem in IT at cloud scale: eliminating friction and error from your deliveries and outputs. The good news is there are architectures, tools, and frameworks you can easily leverage to make adopting this approach easier.

    Evolve to integration and build a virtuous cycle

    Ultimately your DevOps and InfraOps approaches should embody your governance needs via architecture and process. As time goes on, however, both your IT footprint and your business environment will shift. Build your tools, telemetry, and governance to anticipate and adapt to change and build a virtuous cycle between development needs and IT Operations tools and governance.

    The xOps spectrum

    This is an image of the xOps spectrum. The three main parts are: Code Acceleration (left), Governance(middle), and Infrastructure Acceleration (right)

    xOps categories

    There is no definitive list of x's in the xOps spectrum. Different organizations and teams will divide and define these in different ways. In many cases, the definitions and domains of various xOps will overlap.

    Some of the commonly adopted and defined xOps models are listed here.

    Shift left? Shift right?

    Cutting through the jargon

    • Shifting left is about focusing on the code and development aspects of a delivery cycle.
    • Shifting right is about remembering that infrastructure and tools still do matter.

    Info-Tech Insight

    Shifting left or right isn't an either/or choice. They're more like opposite sides of the same coin. Like the different xOps approaches, usually more than one shift approach will apply to your IT Operations.

    IT Operations in the left-right spectrum

    Shifting from executing and deploying to defining the guardrails and standards

    This is an image of the left-right spectrum for your XOps position

    Take a middle-out approach

    InfraOps and DevOps aren't enemies; they're opposite sides of the same coin.

    • InfraOps is about the automation and standardization of execution. It's an essential element in any fully automated CI/CD pipeline.
    • Like DevOps, InfraOps is built on similar values (the pillars of DevOps).
    • It builds on the principle of Lean to focus on removing friction, or turn-and-type activities, from the pipeline/process.
    • In InfraOps, one of the key methods for removing friction is through automation of the interstitia between different phases of a DevOps or CI/CD cycle.

    Optimize the Ops in DevOps

    Focus on eliminating friction

    This is an image of an approach to optimizing the ops in DevOps.

    With the shift from execution to governing and validating, the role of deployment falls downstream of IT Operations.

    IT Operations needs to move to a mindset that focuses on creating the guardrails, enforced standards, and compliance rules that need to be used downstream, then apply those standards using automation and tooling to remove friction and error from the interstitia (the white spaces between chevrons) of the various phases.

    InfraOps tools

    Four quadrants in the shape of a human head, in the boxes are the following: Hyperconverged Infrastructure; Composable Infrastructure; Infrastructure as code and; Automation and Orchestration

    Info-Tech Insight

    Your tools can be broken into two categories:

    • Infrastructure Architecture
      • HCI vs. CI
    • Automation Tooling
      • IaC and A&O

    Keep in mind that while your infrastructure architecture is usually an either/or choice, your automation approach should use any and all tooling that helps.

    Infrastructure approach

    • Hyperconverged

    • Composable

    Hyperconverged Infrastructure (HCI)

    Hyperconvergence is the next phase of convergence, virtualizing servers, networks, and storage on a single server/storage appliance. Capacity scales as more appliances are added to a cluster or stack.
    The disruptive departure:

    • Even though servers, networks, and storage were each on their own convergence paths, the three remained separate management domains (or silos). Even single-SKU converged infrastructures like VCE Vblocks are still composed of distinct server, network, and storage devices.
    • In hyperconvergence, the silos collapse into single-software managed devices. This has been disruptive for both the vendors of technology solutions (especially storage) and for infrastructure management.
    • Large storage array vendors are challenged by hyperconvergence alternatives. IT departments need to adapt IT skills and roles away from individual management silos and to more holistic service management.

    A comparison between converged and hyperconverged systems.

    Info-Tech Insight

    HCI follows convergence trends of the past ten years but is also a departure from how IT infrastructure has traditionally been provisioned and managed.

    HCI is at the same time a logical progression of infrastructure convergence and a disruptive departure.

    Hyperconverged (HCI) – SWOT

    HCI can be the foundation block for a fully software defined data center, a prerequisite for private cloud.

    Strengths

    • Potentially lower TCO through further infrastructure consolidation, reducing CapEx and OpEx expenditures through facilities optimization and cost consolidation.
    • Operations in particular can be streamlined, since storage, network connections, and processors/memory are all managed as abstractions via a single control pane.
    • HCI comes with built-in automation and analytics that lead to quicker issue resolution.

    Opportunities

    • Increased business agility by paving the way for a fully software defined infrastructure stack and cloud automation.
    • Shift IT human assets from hardware asset maintainers and controllers to service delivery managers.
    • Better able to compete with external IT service alternatives.
    • Move toward a hybrid cloud service offering where the service catalog contains both internal and external offerings.

    Key attributes of a cloud are automation, resource elasticity, and self-service. This kind of agility is impossible if physical infrastructure needs intervention.

    Info-Tech Insight

    Virtualization alone does not a private cloud make, but complete stack virtualization (software defined) running on a hands-off preconfigured HCI appliance (or group of appliances) provides a solid foundation for building cloud services.

    Hyperconverged (HCI) – SWOT

    Silo-busting and private cloud sound great, but are your people and processes able to manage the change?

    Weaknesses

    • HCI typically scales out linearly (CPU & storage). This does not suit traditional scale-up applications such as high-performance databases and large-capacity data warehouses.
    • Infrastructure stacks are perceived as more flexible for variable growth across segments. For example, if storage is growing but processing is not, storage can scale separately from processing.

    Threats

    • HCI will be disruptive to roles within IT. Internal pushback is a real threat if necessary changes in skills and roles are not addressed.
    • HCI is not a simple component replacement but an adoption of a different kind of infrastructure. Different places in the lifecycles for each of storage, network, and processing devices could make HCI a solution where there is no immediate problem.

    In traditional infrastructure, performance and capacity are managed as distinct though complementary jobs. An all-in-one approach may not work.

    Composable Infrastructure (CI)

    • Composable infrastructure in many ways represents the opposite of an HCI approach. Its focus is on further disaggregating resources and components used to build systems.
      • Unlike traditional cloud virtual systems, composable infrastructure provides virtual bare metal resources, allowing tightly coupled resources like CPU, RAM, and GPU – or any device/card/module – to be released back and forth into the resource pool as required by a given workload.
      • This is enabled by the use of high-speed, low-latency PCI Express (PCI-e) and Compute Express Link (CXL) fabrics that allow these resources to be decoupled.
      • It also supports the ability to present other fabric types critical for building out enterprise systems (e.g. Ethernet, InfiniBand).
    • Accordingly, CI systems are also based on next-generation network architecture that supports moving critical functions to the network layer, which enables more efficient use of the application-layer resources.

    Composable Infrastructure (CI)

    • CI may also leverage network-resident data/infrastructure processing units (DPUs/IPUs), which offload many network, security, and storage functions.
      • As new devices and functions become available, they can be added into the catalog of resources/functions available in a CI pool.

    Use Case Example: Composable AI flow

    Data Ingestion > Data Cleaning/Tagging > Training > Conclusion

    • At each phase of the process, resources, including specialized hardware like memory and GPU cores, can be dynamically allocated and reallocated to the workload on demand

    Composable Infrastructure (CI)

    Use cases and considerations

    Where it's useful

    • Enable even more efficient allocation/utilization of resources for workloads.
    • Very large memory or shared memory requirements can benefit greatly.
    • Decouple purchasing decisions for underlying resources.
    • Leverage the fabric to make it easier to incrementally upgrade underlying resources as required.
    • Build "the Impossible Server."

    Considerations

    • Requires significant footprint/scale to justify in many cases
    • Not necessarily good value for environments that aren't very volatile and heterogeneous in terms of deployment requirements
    • May not be best value for environments where resource-stranding is not a significant issue

    Info-Tech Insight

    Many organizations using a traditional approach report resource stranding as having an impact of 20% or more on efficiency. When focusing specifically on the stranding of memory in workloads, the number can often approach 40%.

    The CI ecosystem

    This is an image of the CI ecosystem.

    • The CI ecosystem has many players, large and small!
    • Note that the CI ecosystem is dependent on a large ecosystem of underlying enablers and component builders to support the required technologies.

    Understanding the differences

    This image shows the similarities and differences between traditional, cloud, hyperconverged, and composable.

    Automation approach

    • Infrastructure as Code
    • Automation & Orchestration
    • Metaorchestration

    Infrastructure as Code (IaC)

    Infrastructure as code (IaC) is the process of managing and provisioning computer data centers through machine-readable definition files rather than physical hardware configuration or interactive configuration tools.

    Before IaC, IT personnel would have to manually change configurations to manage their infrastructure. Maybe they would use throwaway scripts to automate some tasks, but that was the extent of it.

    With IaC, your infrastructure's configuration takes the form of a code file, making it easy to edit, copy, and distribute.

    Info-Tech Insight
    IaC is a critical tool in enabling key benefits!

    • Reduced costs
    • Increased scalability, flexibility, and speed
    • Better consistency and version control
    • Reduced deployment errors

    Infrastructure as Code (IaC)

    1. IaC uses a high-level descriptive coding language to automate the provisioning of IT infrastructure. This eliminates the need to manually provision and manage servers, OS, database connections, storage, and other elements every time we want to develop, test, or deploy an application.
    2. IaC allows us to define the computer systems on which code needs to run. Most commonly, we use a framework like Chef, Ansible, Puppet, etc., to define their infrastructure. These automation and orchestration tools focus on the provisioning and configuring of base compute infrastructure.
    3. IaC is also an essential DevOps practice. It enables teams to rapidly create and version infrastructure in the same way they version source code and to track these versions so as to avoid inconsistency among IT environments that can lead to serious issues during deployment.
    • Idempotence is a principle of IaC. This means a deployment command always sets the target environment into the same configuration, regardless of the environment's starting state.
      • Idempotency is achieved by either automatically configuring an existing target or discarding the existing target and recreating a fresh environment.

    Automation/Orchestration

    Orchestration describes the automated arrangement, coordination, and management of complex computer systems, middleware, and services.

    This usage of orchestration is often discussed in the context of service-oriented architecture, virtualization, provisioning, converged infrastructure, and dynamic data center topics. Orchestration in this sense is about aligning the business request with the applications, data, and infrastructure.

    It defines the policies and service levels through automated workflows,
    provisioning, and change management. This creates an application-aligned infrastructure that can be scaled up or down based on the needs of each application.

    As the requirement for more resources or a new application is triggered, automated tools now can perform tasks that previously could only be done by multiple administrators operating on their individual pieces of the physical stack.

    Orchestration also provides centralized management of the resource pool, including billing, metering, and chargeback for consumption. For example, orchestration reduces the time and effort for deploying multiple instances of a single application.

    Info-Tech Insight

    Automation and orchestration tools can be key components of an effective governance toolkit too! Remember to understand what data can be pulled from your various tools and leveraged for other purposes such as cost management and portfolio roadmapping.

    Automation/Orchestration

    There are a wide variety of orchestration and automation tools and technologies.

    Configuration Management

    Configuration Management

    		The logos for companies which fall in each of the categories in the column to the left of the image.

    CI/CD
    Orchestration

    Container
    Orchestration

    Cloud-Specific
    Orchestration

    PaaS
    Orchestration

    Info-Tech Insight

    Automation and orchestration tools and software offerings are plentiful, and many of them have a different focus on where in the application delivery ecosystem they provide automation functionality.

    Often there are different tools for different deployment and service models as well as for different functional phases for each service model.

    Automation/Orchestration

    Every tool focuses on different aspects or functions of the deployment of resources and applications.

    • Resources
      • Compute
      • Storage
      • Network
    • Extended Services
      • Platforms
      • Infrastructure Services
      • Web Services
    • Application Assets
      • Images
      • Templates
      • Containers
      • Code

    Info-Tech Insight

    Let the large ecosystem of tools be your ally. Leverage the right tools where needed and then address the complexity of tools using a master orchestration scheme.

    Metaorchestration

    A Flow chart for the approach to metaorchestration.

    Additionally, most tools do not cover all aspects required for most automation implementations, especially in hybrid cloud scenarios.

    As such, often multiple tools must be deployed, which can lead to fragmentation and loss of unified controls.

    Many enterprises address this fragmentation using a cloud management platform approach.

    One method of achieving this is to establish a higher layer of orchestration – an "orchestrator of orchestrators," or metaorchestration.

    In complex scenarios, this can be a challenge that requires customization and development.

    InfraOps tools ecosystem

    Toolkit Pros Cons Tips
    HCI Easy scale out Shift in skills required Good for enabling automation and hybridization with current-gen public cloud services
    CI Maximal workload resource efficiency Investment in new fabrics and technologies Useful for very dynamic or highly scalable workloads like AI
    IaC Error reduction and standardization Managing drift in standards and requirements Leverage a standards and exception process to keep track of drift
    A&O Key enabler of DevOps automation within phases Usually requires multiple toolsets/frameworks Use the right tools and stitch together at the metaorchestration layer
    Metaorchestration Reduces the complexity of a diverse A&O and IaC toolkit Requires understanding of the entire ecosystems of tools used Key layer of visibility and control for governance

    Build a virtuous cycle

    Remember, the goal is to increase speed AND reliability. That's why we focus on removing friction from our delivery pipelines.

    • The first step is to identify the points of friction in your cycle and understand the intensity and frequency of these friction points.
    • Depending on your delivery and project management methodology, you'll have a different posture of the different tools that make sense for your pipeline.
    • For example, if you are focused on delivering raw resources for sysadmins and/or you're in a Waterfall methodology where the friction points are large but infrequent, hyperconverged is likely to delivery good value, whereas tools like IaC and orchestration may not be as necessary.

    Info-Tech Insight

    Remember that, especially in modern and rapid methodologies, your IT footprint can drift unexpectedly. This means you need a real feedback mechanism on where the friction moves to next.

    This is particularly important in more Agile methodologies.

    Activity: Map your IT operations delivery

    Identify your high-friction interstitial points

    • Using the table below, or a table modified to your delivery phases, map out the activities and tasks that are not standardized and automated.
    • For the incoming and outgoing sections, think about what resources and activities need to be (or could be) created, destroyed, or repurposed to efficiently manage each cycle and the spaces between cycles.
    Plan Code Test Deploy Monitor
    Incoming Friction
    In-Cycle Friction
    Outgoing Friction

    Info-Tech Insight

    Map your ops groups to the delivery cycles in your pipeline. How many delivery cycles do you have or need?

    Good InfraOps is a reflection of governance policies, expressed by standards in architecture and automation.

    Related Info-Tech Research

    Evaluate Hyperconverged Infrastructure for Your Infrastructure Roadmap

    • This Info-Tech note covers evaluation of HCI platforms.

    Design Your Cloud Operations

    • This Info-Tech blueprint covers organization of operations teams for various deployment and Agile modes.

    Bibliography

    Banks, Ethan, host. "Choosing Your Next Infrastructure." Datanauts, episode 094, Packet Pushers, 26 July 2017. Podcast.
    "Composable Infrastructure Solutions." Hewlett Packard Canada, n.d. Web.
    "Composable Infrastructure Technology." Liqid Inc., n.d. Web.
    "DataOps architecture design." Azure Architecture Center, Microsoft Learn, n.d. Web.
    Tan, Pei Send. "Differences: DevOps, ITOps, MLOps, DataOps, ModelOps, AIOps, SecOps, DevSecOps." Medium, 5 July 2021. Web.

    pricing

    • TymansGroupVideosExcerpt: BasicFor freelancers$19/ month 10 presentations/monthSupport at $25/hour1 campaign/month Choose plan StandardFor medium sized teams$29/ month 50 presentations/month5 hours of free support10 campaigns/month Choose plan EnterpriseFor large companies$79/ month Unlimited presentationsUnlimited supportUnlimited campaigns Choose plan

    Pricing

    Our pricing options will be available soon for simple download,

    In the meantime, please book a free discovery call. No cost, no sales pitch.

    Continue reading

    Implement Your Negotiation Strategy More Effectively

    • Buy Link or Shortcode: {j2store}225|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Forty-eight percent of CIOs believe their budgets are inadequate.
    • CIOs and IT departments are getting more involved with negotiations to reduce costs and risk.
    • Not all negotiators are created equal, and the gap between a skilled negotiator and an average negotiator is not always easy to identify objectively.
    • Skilled negotiators are in short supply.

    Our Advice

    Critical Insight

    • Preparation is critical for the success of your negotiation, but you cannot prepare for every eventuality.
    • Communication is the heart and soul of negotiations, but what is being “said” is only part of the picture.
    • Skilled negotiators separate themselves based on skillsets, and outcomes alone may not provide an accurate assessment of a negotiator.

    Impact and Result

    Addressing and managing critical negotiation elements helps:

    • Improve negotiation skills.
    • Implement your negotiation strategy more effectively.
    • Improve negotiation results.

    Implement Your Negotiation Strategy More Effectively Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create and follow a scalable process for preparing to negotiate with vendors, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. During

    Throughout this phase, ten essential negotiation elements are identified and reviewed.

    • Implement Your Negotiation Strategy More Effectively – Phase 1: During
    • During Negotiations Tool
    [infographic]

    Workshop: Implement Your Negotiation Strategy More Effectively

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 12 Steps to Better Negotiation Preparation

    The Purpose

    Improve negotiation skills and outcomes.

    Understand how to use the Info-Tech During Negotiations Tool.

    Key Benefits Achieved

    A better understanding of the subtleties of the negotiation process and an identification of where the negotiation strategy can go awry.

    The During Negotiation Tool will be reviewed and configured for the customer’s environment (as applicable).

    Activities

    1.1 Manage six key items during the negotiation process.

    1.2 Set the right tone and environment for the negotiation.

    1.3 Focus on improving three categories of intangibles.

    1.4 Improve communication skills to improve negotiation skills.

    1.5 Customize your negotiation approach to interact with different personality traits and styles.

    1.6 Maximize the value of your discussions by focusing on seven components.

    1.7 Understand the value of impasses and deadlocks and how to work through them.

    1.8 Use concessions as part of your negotiation strategy.

    1.9 Identify and defeat common vendor negotiation ploys.

    1.10 Review progress and determine next steps.

    Outputs

    Sample negotiation ground rules

    Sample vendor negotiation ploys

    Sample discussion questions and evaluation matrix

    GDPR, Implemented!

    GDPR, Are You really ready?

    It is now 2020 and the GDPR has been in effect for almost 2 years. Many companies thought: been there, done that. And for a while the regulators let some time go by.

    The first warnings appeared quickly enough. Eg; in September 2018, the French regulator warned a company that they needed to get consent of their customers for getting geolocation based data.

    That same month, an airline was hacked and, on top of the reputational damage and costs to fix the IT systems, it faced the threat of a stiff fine.

    Even though we not have really noticed, fines started being imposed as early as January 2019.

    But these fines, that is when you have material breaches...

    Wrong! The fines are levied in a number of cases. And to make it difficult to estimate, there are guidelines that will shape the decision making process, but no hard and fast rules!

    The GDPR is very complex and consists of both articles and associated recitals that you need to be in compliance with. it is amuch about the letter as it is about the spirit.

    We have a clear view on what most of those cases are.
    And more importantly, when you follow our guidelines, you will be well placed to answer any questions by your clients and cooperate with the regulator in a proactive way.

    They will never come after me. I'm too small.

    And besides, I have my privacy policy and cookie notice in place

    Company size has nothing to do with it.

    While in the beginning, it seemed mostly a game for the big players (for names, you have to contact us) that is just perception.

    As early as March 2018 a €10M revenue company was fined around €120,000. 2 days later another company with operating revenues of  around €6.2M was fined close to €200.000 for failing to abide by the DSRR stipulatons.

    Don't know what these are?
    Fill out the form below and we'll let you in on the good stuff.

     

    Continue reading

    First 30 Days Pandemic Response Plan

    • Buy Link or Shortcode: {j2store}418|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Given the speed and scope of the spread of the pandemic, governments are responding with changes almost daily as to what organizations and people can and can’t do. This volatility and uncertainty challenges organizations to respond, particularly in the absence of a business continuity or crisis management plan.

    Our Advice

    Critical Insight

    • Assess the risk to and viability of your organization in order to create appropriate action and communication plans quickly.

    Impact and Result

    • HR departments must be directly involved in developing the organization’s pandemic response plan. Use Info-Tech's Risk and Viability Matrix and uncover the crucial next steps to take during the first 30 days of the COVID-19 pandemic.

    First 30 Days Pandemic Response Plan Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a response plan for the first 30 days of a pandemic

    Manage organizational risk and viability during the first 30 days of a crisis.

    • First 30 Days Pandemic Response Plan Storyboard
    • Crisis Matrix Communications Template: Business As Usual
    • Crisis Matrix Communications Template: Organization Closing
    • Crisis Matrix Communications Template: Manage Risk and Leverage Resilience
    • Crisis Matrix Communications Template: Reduce Labor and Mitigate Risk
    [infographic]

    Enterprise Storage Solution Considerations

    • Buy Link or Shortcode: {j2store}507|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • Enterprise storage technology and options are challenging to understand.
    • There are so many options. How do you decide what the best solution is for your storage challenge??
    • Where do you start when trying to solve your enterprise storage challenge?

    Our Advice

    Critical Insight

    Take the time to understand the various data storage formats, disk types, and associated technology, as well as the cloud-based and on-premises options. This will help you select the right tool for your needs.

    Impact and Result

    Look to existing use cases based on actual Info-Tech analyst calls to help in your decision-making process.

    Enterprise Storage Solution Considerations Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Enterprise Storage Solution Considerations – Narrow your focus with the right product type and realize efficiencies.

    Explore the building blocks of enterprise storage so you can select the best solution, narrow your focus with the correct product type, explore the features that should be considered when evaluating enterprise storage offerings, and examine use cases based on actual Info-Tech analyst calls to find a storage solution for your situation.

    • Enterprise Storage Solution Considerations Storyboard

    2. Modernize Enterprise Storage Workbook – Understand your data requirements.

    The first step in solving your enterprise storage challenge is identifying your data sources, data volumes, and growth rates. This information will give you insight into what data sources could be stored on premises or in the cloud, how much storage you will require for the coming five to ten years, and what to consider when exploring enterprise storage solutions. This tool can be a valuable asset for determining your current storage drivers and future storage needs, structuring a plan for future storage purchases, and determining timelines and total cost of ownership.

    • Modernize Enterprise Storage Workbook
    [infographic]

    Further reading

    Enterprise Storage Solution Considerations

    Narrow your focus with the right product type and realize efficiencies.

    Analyst Perspective

    The vendor landscape is continually evolving, as are the solutions they offer. The options and features are increasing and appealing.

    The image contains a picture of P.J. Ryan.

    To say that the current enterprise storage landscape looks interesting would be an understatement. The solutions offered by vendors continue to grow and evolve. Flash and NVMe are increasing the speed of storage media and reducing latency. Software-defined storage is finding the most efficient use of media to store data where it is best served while managing a variety of vendor storage and older storage area networks and network-attached storage devices.

    Storage as a service is taking on a new meaning with creative solutions that let you keep the storage appliance on premises or in a colocated data center while administration, management, and support are performed by the vendor for a nominal monthly fee.

    We cannot discuss enterprise storage without mentioning the cloud. Bring a thermometer because you must understand the difference between hot, warm, and cold storage when discussing the cloud options. Very hot and very cold may also come into play.

    Storage hardware can assume a higher total cost of ownership with support options that replace the controllers on a regular basis. The options with this type of service are also varied, but the concept of not having to replace all disks and chassis nor go through a data migration is very appealing to many companies.

    The cloud is growing in popularity when it comes to enterprise storage, but on-premises solutions are still in demand, and whether you choose cloud or on premises, you can be guaranteed an array of features and options to add stability, security, and efficiency to your enterprise storage.

    P.J. Ryan
    Research Director, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Info-Tech Insight

    The vendor landscape is continually evolving, as are the solutions they offer.

    Storage providers are getting acquired by bigger players, “outside the box” thinking is disrupting the storage support marketplace, “as a service” storage offerings are evolving, and what is a data lake and do I need one? The traditional storage vendors are not alone in the market, and the solutions they offer are no longer traditional either. Explore the landscape and understand your options before you make any enterprise storage solution purchases.

    Understand the building blocks of storage so you can select the best solution.

    There are multiple storage formats for data, along with multiple hardware form factors and disk types to hold those various data formats. Software plays a significant role in many of these storage solutions, and cloud offerings take advantage of all the various formats, form factors, and disks. The challenge is matching your data type with the correct storage format and solution.

    Look to existing use cases to help in your decision-making process.

    Explore previous experiences from others by reading use cases to determine what the best solution is for your challenge. You’re probably not the first to encounter the challenge you’re facing. Another organization may have previously reached out for assistance and found a viable solution that may be just what you also need.

    Enterprise storage has evolved, with more options than ever

    Data is growing, data security will always be a concern, and vendors are providing more and more options for enterprise storage.

    “By 2025, it’s estimated that 463 exabytes of data will be created each day globally – that’s the equivalent of 212,765,957 DVDs per day!” (Visual Capitalist)

    “Modern criminal groups target not only endpoints and servers, but also central storage systems and their backup infrastructure.” (Continuity Software)

    Cloud or on premises? Maybe a hybrid approach with both cloud and on premises is best for you. Do you want to remove the headaches of storage administration, management, and support with a fully managed storage-as-a-service solution? Would you like to upgrade your controllers every three or four years without a major service interruption? The options are increasing and appealing.

    High-Level Considerations

    1. Understand Your Data

    Understand how much data you have and where it is located. This will be crucial when evaluating enterprise storage solutions.

    2. Plan for Growth

    Your enterprise storage considerations should include your data needs now and in the future.

    3. Understand the Mechanics

    Take the time to understand the various data storage formats, disk types, and associated technology, as well as the cloud-based and on-premises options. This will help you select the right tool for your needs.

    Storage formats, disk drives, and technology

    Common data storage formats, technology, and drive types are outlined below. Understanding how data is stored as well as the core building blocks for larger systems will help you decide which solution is best for your storage needs.

    Format

    What it is

    Disk Drives and Technology

    File Storage

    File storage is hierarchical storage that uses files, folders, subfolders, and directories. You enter a specific filename and path to access the file, such as P:\users\johndoe\strategy\cloud.doc. If you ever saved a file on a server, you used file storage. File storage is usually managed by some type of file manager, such as File Explorer in Windows. Network-attached storage (NAS) devices use file storage.

    Hard Disk Drives (HDD)

    HDD use a platter of spinning disks to magnetically store data. The disks are thick enough to make them rigid and are referred to as hard disks.

    HDD is older technology but is still in demand and offered by vendors.

    Object Storage

    Object storage is when data is broken into distinct units, called objects. These objects are stored in a flat, non-hierarchical structure in a single location or repository. Each object is identified by its associated ID and metadata. Objects are accessed by an application programming interface (API).

    Flash

    Flash storage uses flash memory chips to store data. The flash memory chips are written with electricity and contain no moving parts. Flash storage is very fast, which is how the technology got its name (“Flash vs. SSD Storage,” Enterprise Storage Forum, 2018).

    Block Storage

    Block storage is when data is divided up into fixed-size blocks and stored with a unique identifier. Blocks can be stored in different environments, such as Windows or Linux. Storage area networks (SANs) use block storage.

    Solid-State Drive (SSD)

    SSD is a storage mechanism that also does not use any moving parts. Most SSD drives use flash storage, but other options are available for SSD.

    Nonvolatile Memory Express (NVMe)

    NVMe is a communications standard developed specially for SSDs by a consortium of vendors including Intel, Samsung, SanDisk, Dell, and Seagate. It operates across the PCIe bus (hence the “Express” in the name), which allows the drives to act more like the fast memory that they are rather than the hard disks they imitate (PCWorld).

    Narrow your focus with the right product type

    On-premises enterprise storage solutions fit into a few distinct product types.

    Network-Attached Storage

    Storage Area Network

    Software-Defined Storage

    Hyperconverged Infrastructure

    NAS refers to a storage device that is connected directly to your network. Any user or device with access to your network can access the available storage provided by the NAS. NAS storage is easily scalable and can add data redundancy through RAID technology. NAS uses the file storage format.

    NAS storage may or may not be the first choice in terms of enterprise storage, but it does have a solid market appeal as an on-premises primary backup storage solution.

    A SAN is a dedicated network of pooled storage devices. The dedicated network, separate from the regular network, provides high speed and scalability without concern for the regular network traffic. SANs use block storage format and can be divided into logical units that can be shared between servers or segregated from other servers. SANs can be accessed by multiple servers and systems at the same time. SANs are scalable and offer high availability and redundancy through RAID technology.

    SANs can use a variety of disk types and sizes and are quite common among on-premises storage solutions.

    “Software-defined storage (SDS) is a storage architecture that separates storage software from its hardware. Unlike traditional network-attached storage (NAS) or storage area network (SAN) systems, SDS is generally designed to perform on any industry-standard or x86 system, removing the software’s dependence on proprietary hardware.” (RedHat)

    SDS uses software-based policies and rules to grow and protect storage attached to applications.

    SDS allows you to use server-based storage products to add management, protection, and better usage.

    Hyperconverged storage uses virtualization and software-defined storage to combine the storage, compute, and network resources along with a hypervisor into one appliance.

    Hyperconverged storage can scale out by adding more nodes or appliances, but scaling up, or adding more resources to each appliance, can have limitations. There is flexibility as hyperconverged storage can work with most network and compute manufacturers.

    Cloud storage

    • Cloud storage is online storage offered by a cloud provider. Cloud storage is available almost anywhere and is set up with high availability features such as data duplication, redundancy, backup, and power failure protection.
    • Cloud storage is very scalable and typically is offered as object storage, block storage, or file storage. Cloud storage vendors may have their own naming scheme for object, block, or file storage.
    • Cloud-hosted data is marketed according to the frequency of access and length of time in storage. There are typically three main levels of storage: hot, warm, or cold. Vendors may have their own naming convention for hot, warm, and cold storage. Some may also add more layers such as very hot or very cold.
      • Hot storage is for data that is frequently accessed and modified. It is available on demand and is the most costly of the storage levels.
      • Cold storage is for data that will sit for a long period of time and not need to be accessed. Cold storage is usually only available after several hours or days. Cold storage is very low cost and, in some cases, even free, but retrieval or restoration for the free services can be costly.
      • Warm storage sits in between hot and cold storage. It is for data that is infrequently needed. The cost of warm storage is also in between hot and cold storage costs, and access times are measured in terms of minutes or hours.
      • It is not uncommon for data to start in hot storage and, as it ages, move to warm and eventually cold storage.

    “Enterprise cloud storage offers nearly unlimited scalability. Enterprises can add storage quickly and easily as it is needed, eliminating the risk and cost of over-provisioning.”

    – Spectrum Enterprise

    “Hot data will operate on fresh data. Cold data will operate on less frequent data and [is] used mainly for reporting and planning. Warm data is a balance between the two.”

    – TechBlost

    Enterprise storage features

    The features listed below, while not intended to cover all features offered by all vendors, should be considered and could act as a baseline for discussions with storage providers when evaluating enterprise storage offerings.

    • Scalability
      • What are the options to expand, and how easy or difficult it is to expand capacity in the future?
    • Security
      • Does the solution offer data encryption options as well as ransomware protections?
    • Integration options
      • Can the solution support seamless connectivity with other solutions and applications, such as cloud-based storage or backup software?
    • Storage reduction
      • Does the solution offer space-reduction options such as deduplication or data compression?
    • Replication
      • Does the solution offer replication options such as device to device on premises, device to device when geographically separated, device to cloud, or a combination of these scenarios?
    • Performance
      • “Enterprise storage systems have two main ‘speed’ measurements: throughput and IOPS. Throughput is the data transfer rate to and from storage media, measured in bytes per second; IOPS measures the number of reads and writes – input/output (I/O) operations – per second.” (Computer Weekly)
    • Protocol support
      • Does the solution support object-based, block-based, and file-based storage protocols?
    • Storage Efficiency
      • How efficient is the solution? Can they prove it?
      • Storage efficiencies must be available and baselined.
    • Management platform
      • A management/reporting platform should be a component included in the system.
    • Multi-parity
      • Does the solution offer multi-level block “parity” for RAID 6 protection equivalency, which would allow for the simultaneous failure of two disks?
    • Proactive support
      • Features such as call home, dial in, or remote support must be available on the system.
    • Financial considerations
      • The cost is always a concern, but are there subscription-based or “as-a-service” options?
      • Internally, is it better for this expenditure to be a capital expenditure or an ongoing operating expense?

    What’s new in enterprise storage

    • Data warehouses are not a new concept, but the data storage evolution and growth of data means that data lakes and data lakehouses are growing in popularity.
      • “A data lake is a centralized repository that allows you to store all your structured and unstructured data at any scale. You can store your data as-is, without having to first structure the data” (Amazon Web Services).
      • Analytics with a data lake is possible, but manipulation of the data is hindered due to the nature of the data. A data lakehouse adds data management and analytics to a data lake, similar to the data warehouse functionality added to databases.
    • Options for on-premises hardware support is changing.
      • Pure Storage was the first to shake up the SAN support model with its Evergreen support option. Evergreen//Forever support allows for storage controller upgrades without having to migrate data or replace your disks or chassis (Pure Storage).
      • In response to the Pure Storage Evergreen offering, Dell, HPE, NetApp, and others have come out with similar programs that offer controller upgrades while maintaining the data, disks, and chassis.
    • “As a service” is available as a hybrid solution.
      • Storage as a service (STaaS) originally referred to hosted, fully cloud-based offerings without the need for any on-premises hardware.
      • The latest STaaS offerings provide on-premises or colocated hardware with pay-as-you-go subscription pricing for data consumption. Administration, management, and support are included. The vendor will supply support and manage everything on your behalf.
      • Most of the major storage vendors offer a variation of storage as a service.

    “Because data lakes mostly consist of raw unprocessed data, a data scientist with specialized expertise is typically needed to manipulate and translate the data.”

    – DevIQ

    “A Lakehouse is also a type of centralized data repository, integrated from heterogeneous sources. As can be expected from its name, It shares features with both datawarehouses and data lakes.”

    – Cesare

    “Storage as a service (STaaS) eliminates Capex, simplifies management and offers extensive flexibility.”

    – TechTarget

    Major vendors

    The current vendor landscape for enterprise storage solutions represents a range of industry veterans and the brands they’ve aggregated along the way, as well as some relative newcomers who have come to the forefront within the past ten years.

    Vendors like Dell EMC and HPE are longstanding veterans of storage appliances with established offerings and a back catalogue of acquisitions fueling their growth. Others such as Pure Storage offer creative solutions like all-flash arrays, which are becoming more and more appealing as flash storage becomes more commoditized.

    Cloud-based vendors have become popular options in recent years. Cloud storage provides many options and has attracted many other vendors to provide a cloud option in addition to their on-premises solutions. Some software and hardware vendors also partner with cloud vendors to offer a complete solution that includes storage.

    Info-Tech Insight

    Explore your current vendor’s solutions as a starting point, then use that understanding as a reference point to dive into other players in the market

    Key Players

    • Amazon
    • Cisco
    • Dell EMC
    • Google
    • Hewlett Packard Enterprise
    • Hitachi Vantara
    • IBM
    • Microsoft
    • NetApp
    • Nutanix
    • Pure Storage

    Enterprise Storage Use Cases

    Block, object, or file storage? NAS, SAN, SDS, or HCI? Cloud or on prem? Hot, warm, or cold?
    Which one do you choose?
    The following use cases based on actual Info-Tech analyst calls may help you decide.

    1. Offsite backup solution
    2. Infrastructure consolidation
    3. DR/BCP datacenter duplication
    4. Expansion of existing storage
    5. Complete backup solution
    6. Existing storage solution going out of support soon
    7. Video storage
    8. Classify and offload storage

    Offsite backup solution

    “Offsite” may make you think of geographical separation or even cloud-based storage, but what is the best option and why?

    Use Case: How a manufacturing company dealt with retired applications

    • A leading manufacturing company had to preserve older applications no longer in use.
    • The company had completed several acquisitions and ended up with multiple legacy applications that had been merged or migrated into replacement solutions. These legacy applications were very important to the original companies, and although the data they held had been migrated to a replacement solution, executives felt they should hold on to these applications for a period of time, just in case.
    • A modern archiving solution was considered, but a research advisor from Info-Tech Research joined a call with the manufacturing company and helped the client realize that the solution was a modified backup. The application data had already been preserved through the migration, so data could be accessed in the production environment.
    • The data could be exported from the legacy application into a nonsequential database, compressed, and stored in cloud-based cold storage for less than $5 per terabyte per month. The manufacturing company staff realized that they could apply this same approach to several of their legacy applications and save tens of thousands of dollars in the process.
    • Cold storage is inexpensive until you start retrieving that data frequently. The manufacturing company knew they did not have a requirement to retrieve the application and data for a very long time, so cloud-based cold storage was ideal.

    “Data retrieval from cold storage is harder and slower than it is from hot storage. … Because of the longer retrieval time, online cold storage plans are often much cheaper. … The downside is that you’d incur additional costs when retrieving the data.”

    – Ben Stockton, Cloudwards

    Infrastructure consolidation

    Hyperconverged infrastructure combines storage, virtual infrastructure, and associated management into one piece of equipment.

    Use Case: How one company dealt with equipment and storage needs

    • One Info-Tech client had recently started in the role of IT director and realized he had inherited aging infrastructure along with a serious data challenge. The storage appliances were old and out of support. The appliances were performing inadequately, and the client was in need of more data due to ongoing growth, but he also realized that the virtual environment was running on very old servers that were no longer supported. The IT director reached out to Info-Tech to find solutions to the virtualization challenge, but the storage problem also came up throughout the course of the conversation with an analyst.
    • The analyst quickly realized that the IT director was an ideal candidate for a hyperconverged infrastructure (HCI) storage solution, which would also provide the necessary virtual environment.
    • The analyst explained the benefits of having a single appliance that would provide virtualization needs as well as storage needs. The built-in management features would ease the burden of administration, and the software-defined nature of the HCI would allow for the migration of data as well as future expansion options.
    • Hyperconverged infrastructure is offered by many vendors under a variety of names. Most are similar but some may have a better interface or other features. The expansion process is simple, and HCI is a good fit for many organizations looking to consolidate virtual infrastructure and storage.

    “HCI environments use a hypervisor, usually running on a server that uses direct-attached storage (DAS), to create a data center pool of systems and resources.”

    – Samuel Greengard, Datamation

    Datacenter duplication

    SAN providers offer a varied range of options for their products, and those options are constantly evolving.

    Use Case: Independent school district provides better data access using SAN technology

    • An independent school district was expanding by adding a second data center in a new school. This new data center would be approximately 20 miles away from the original data center used by the district. The intent was not to replace the original data center but to use both centers to store data and provide services concurrently. The district’s ideal scenario would be that users would not know or care which data center they were reaching, and there would be no difference in the service received from each data center. The school district reached out to Info-Tech when planning discussions reached the topic of data duplication and replication software.
    • An Info-Tech analyst joined a call with the school district and guided the conversation toward the existing environment to understand what options might be available. The analyst quickly discovered that all the district’s servers were virtual, and all associated data was stored on a single SAN.
    • The analyst informed the school district staff about SAN options, including SAN-to-SAN replication. If the school district had a sufficient link between the two data centers, SAN-to-SAN replication would work for them and provide the two identical copies of data at two locations.
    • The analyst continued to offer explanations of other features that some vendors offer with their SANs, such as the ability to turn on or off deduplication and compression, as well as disk options such as flash or NVMe.
    • The school district was moving to the request for proposal (RFP) stage but hoped to have SAN-to-SAN replication implemented before the next academic year started.

    “SAN-to-SAN replication is a low-cost, highly efficient way to manage mounting quantities of stored data.”

    – Secure Infrastructure & Services

    Expansion of existing storage

    That old storage area network may still have some useful life left in it.

    Use Case: Municipality solves data storage aging and growth challenge

    • A municipality in the United States reached out to Info-Tech for guidance on its storage challenge. The municipality had accumulated multiple SANs from different vendors over the years. These SANs were running out of storage, and more data storage was needed. The municipality’s data was growing at a rapid pace, thanks to municipal growth and expansion of services. The IT team was also concerned with modernizing their storage and not hindering their long-term growth by making the wrong purchase decision for their current storage needs.
    • An analyst from Info-Tech discussed several options with the municipality but in the end advised that software-defined storage may be the best solution.
    • Software-defined storage (SDS) would allow the municipality to gain better visibility into existing storage while making more efficient use of existing and new storage. SDS could take over the management of the existing storage from multiple vendors and add additional storage as required. SDS would also be able to integrate cloud-based storage if that was the direction taken by the municipality in the future.
    • The municipality moved forward with an SDS solution and added some additional storage capacity. They used some of their existing SANs but retired the more troublesome ones. The SDS system managed all the storage instances and data management. The administration of the storage environment was easier for the storage admins, and long-term savings were achieved through better storage management.

    “Often enterprises have added storage on an ad hoc basis as they needed it for various applications. That can result in a mishmash of heterogenous storage hardware from a wide variety of vendors. SDS offers the ability to unify management of these different storage devices, allowing IT to be more efficient.”

    – Cynthia Harvey, Enterprise Storage Forum (“What Is Software Defined Storage?”, 2018)

    Complete backup solution

    Many backup software solutions can provide backups to multiple locations, making two-location backups simple.

    Use Case: How an oil refinery modernized its backup solution

    • A large oil refinery needed a better solution for the storage of backups. The refinery was replacing its backup software solution but also wanted to improve the backup storage situation and move away from tape-based storage. All other infrastructure was reasonably modern and not in need of replacement at this time.
    • A research analyst from Info-Tech helped the client realize that the solution was a modified backup. The general guidance for backups is have a least one copy offsite, so the cloud was the obvious focal point. The analyst also explained that it would be beneficial to have a recent copy of the backup available on site for common restoration requests in addition to having the offsite copy for disaster recovery (DR) purposes.
    • The refinery staff conducted a data analysis to determine how much data was being backed up on a daily basis. The solution proposed by the analyst included network-attached storage (NAS) with adequate storage to hold 30 days' worth of on-premises data. The backup software would also simultaneously copy each backup to a cloud-based storage repository. The backup software was smart enough to only back up and transfer data that had changed since the previous backup, so transfer time and capacity was not a factor.
    • The NAS would allow for the restoration of any local, on-premises data while the cloud storage would provide a safe location offsite for backup data. It could also serve as the backup location for other cloud-based services that required a backup.

    “Data protection demands that enterprises have multiple methods of keeping data safe and replicating it in case of disaster or loss.”

    – Drew Robb, Enterprise Storage Forum, 2021

    Storage going out of support

    SAN solutions have come a long way with improvements in how data is stored and what is used to store the data.

    Use Case: How one organization replaced its old storage with a similar solution

    • A government organization was looking for a solution for its aging storage area network appliances. The SANs were old and would be no longer supported by the manufacturer within four months. The SANs had slower spinning disks and their individual capacity was at its limit through the addition of extra shelves and disks over the years.
    • The organization reached out to Info-Tech for guidance. An analyst arranged a call with them, and they discussed the storage situation in detail, including desired benefits from a storage solution and growth requirements. They also discussed cloud storage, but the government organization was not in a position to move its data to the cloud for a variety of reasons.
    • Although the individual SANs were at their storage capacity limit, the total amount of data was well within the limits of many modern on-premises storage solutions. SSD and flash or NVMe storage can store large amounts of data in small footprints and form factors.
    • The analyst reviewed several vendors with the client and discussed some advantages and disadvantages of each. They explored the features offered as well as scalability options.
    • SANs have been around for a long time but the features and capabilities that come with them has evolved. They are still a very viable solution for many organizations in a variety of scenarios.

    “A rapidly growing portion of SAN deployments leverages all-flash storage to gain its high performance, consistent low latency, and lower total cost when compared to spinning disk.”

    – NetApp

    Video storage

    Cloud storage would not be sufficient if you were using a dial up connection, just as on-premises storage solutions would not suffice if they were using floppy disks.

    Use Case: Body cams and public cameras in municipalities are driving storage growth

    • Municipal law enforcement agencies are wearing body cameras more frequently, for their own protection as well as for the protection of the public. Camera footage can be useful in legal situations as well. Municipalities are also installing more and more public cameras for the purposes of public safety. The recorded video footage from these cameras can result in large data files, which in turn drive data storage requirements.
    • Info-Tech analysts are joining calls about video data storage with increasing frequency. The concerns are repetitive, and the guidance is similar on most of these calls.
    • The “object” storage format is ideal for video and media data. Most cloud-based storage solutions use object storage, but it is also available with on-premises solutions such as NAS or SAN. The challenges clients are expressing are typically related to inadequate bandwidth for cloud-based storage or other storage formats instead of “object” storage. Cloud-based storage can also grow beyond the budgeted numbers, causing an increase in the monthly cloud cost. Older, slower on-premises hardware sometimes reveals itself as the latency culprit.
    • Object storage is well suited for the unstructured data that is video footage. It uses metadata to tag the video file for future retrieval and is easily expandable, which also makes it cost effective.
    • Video data stored in a cloud-based repository will work fine as long as the bandwidth is adequate. On-premises storage of video data is also quite adequate on the right storage format, with fast disks and a reasonably up-to-date network infrastructure.

    “The captured video is stored for days, weeks, months and sometimes years and consumes a lot of space. Data storage plays a new and important role in these systems. Object storage is ideal to store the video data.”

    – Object-Storage.Info

    Classify and offload primary storage

    Some software products have storage options available as a result of agreements with other storage vendors. Several backup and archive software products fall into this category.

    Use Case: Enterprise storage can help reduce data sprawl

    • A large engineering firm was trying to manage its data sprawl. The team sampled a small percentage of their data and quickly realized that when they applied their findings on the 1% of data to their entire data estate, the sheer volume of personal files, older files, and unclassified data was going to be a challenge.
    • They found a solution in archiving software. The archiving software would tag data based on several factors. The software would move older files away from primary storage to an alternate storage platform but still leave a stub of the moved file in place and maintain limited access to those files. This would reduce primary storage requirements and allow the firm to eliminate multiple file servers
    • The engineering firm reached out to Info-Tech and participated in an analyst call. During that call, they laid out their plans, and the analyst made them aware of cloud storage. The positive and negative aspects of cloud storage were discussed, and the firm fully understood that the colder the storage tier, the slower the recovery. The firm's stance was if the files had not been accessed in the past six months, waiting a day or two for retrieval would not be a concern, and the firm was content with cold storage in the cloud.
    • The firm had not purchased the archiving software at the time of the analyst call, and the analyst also explained to them that the archiving software may have an existing agreement with a cloud provider for storage options, which could be more cost effective than purchasing cloud storage separately.
    • Cold cloud-based storage was the preferred solution for this firm, but this use case also highlights the option that some software products carry regarding storage. Several backup and archive products have a cloud storage option that should be investigated, as they may be cost-effective options.

    “Cold storage is perfect for archiving your data. Online backup providers offer low-cost, off-site data backups at the expense of fast speeds and easy access, even though data retrieval often comes at an added cost. If you need to keep your data long-term, but don’t need to access it often, this is the kind of storage you need.”

    – Ben Stockton, Cloudwards

    Understand your data requirements

    Activity

    The first step in solving your enterprise storage challenge is identifying your data sources or drivers, data volume size, and growth rates. This information will give you insight into what data sources could be stored on premises or in the cloud, how much storage you will require for the coming five to ten years, and what to consider when exploring enterprise storage solutions.

    • Info-Tech’s Modernize Enterprise Storage Workbook can be a valuable asset for determining your current storage drivers and future storage needs, structuring a plan for future storage purchases, and determining timelines and total cost of ownership.
    • An example of the Storage Capacity Calculator tab from that workbook is displayed on the right. Using the Storage Capacity Requirements Calculator requires minimal steps.
    1. Enter the current date and planning timeline (horizon) in months
    2. Identify the top sources of data within the business – the current data drivers. Areas of focus could include business applications, file shares, backup, and archives.
    3. For each of these data drivers, include your best estimate of:
    • Current data volume
    • Growth rate
  • Identify the top future data drivers, such as new applications or initiatives that will result from current business plans and priorities, and record the following details:
    • Initial data volumes
    • Projected growth rates
    • Planned implementation date
  • The spreadsheet will automatically calculate the data volume at the planning horizon based on the growth rate.

    • Download the Modernize Enterprise Storage Workbook and take the first step toward understanding your data requirements.

    The image contains a screenshot of the Modernize Enterprise Storage Workbook.

    Download the Modernize Enterprise Storage Workbook

    Related Info-Tech Research

    Modernize Enterprise Storage

    Current and emerging storage technologies are disrupting the status quo – prepare your infrastructure for the exponential rise in data and its storage requirements.

    Modernize Enterprise Storage Workbook

    This workbook will complement the discussions and activities found in the Modernize Enterprise Storage blueprint. Use this workbook in conjunction with the blueprint to develop a strategy for storage modernization.

    Bibliography

    Bakkianathan, Raghunathan. “What is the difference between Hot Warm and Cold data storage?” TechBlost, n.d.. Accessed 14 July 2022.
    Cesare. “Data warehouse vs Data lake vs Lakehouse… and DeltaLake?“ Medium, 14 June 2021. Accessed 26 July 2022.
    Davison, Shawn and Ryan Sappenfield. “Data Lake Vs Lakehouse Vs Data Mesh: The Evolution of Data Transformation.” DevIQ, May 2022. Accessed 23 July 2022.
    Desjardins, Jeff. “Infographic: How Much Data is Generated Each Day?” Visual Capitalist, 15 April 2019. Accessed 26 July 2022.
    Greengard, Samuel. “Top 10 Hyperconverged Infrastructure (HCI) Solutions.” Datamation, 22 December 2020. Accessed 23 July 2022.
    Harvey, Cynthia. “Flash vs. SSD Storage: Is there a Difference?” Enterprise Storage Forum, 10 July 2018. Accessed 23 July 2022.
    Harvey, Cynthia. “What Is Software Defined Storage? Features & Benefits.” Enterprise Storage Forum, 22 February 2018. Accessed 23 July 2022.
    Hecht, Gil. “4 Predictions for storage and backup security in 2022.” Continuity Software, 09 January 2022. Accessed 22 July 2022.
    Jacobi, Jonl. “NVMe SSDs: Everything you need to know about this insanely fast storage.” PCWorld, 10 March 2019. Accessed 22 July 2022
    Pritchard, Stephen. “Briefing: Cloud storage performance metrics.” Computer Weekly, 16 July 2021. Accessed 23 July 2022
    Robb, Drew. “Best Enterprise Backup Software & Solutions 2022.” Enterprise Storage Forum, 09 April 2021. Accessed 23 July 2022.
    Sheldon, Robert. “On-premises STaaS shifts storage buying to Opex model.” TechTarget, 10 August 2020. Accessed 22 July 2022.
    “Simplify Your Storage Ownership, Forever.” PureStorage. Accessed 20 July 2022.
    Stockton, Ben. “Hot Storage vs Cold Storage in 2022: Instant Access vs Long-Term Archives.” Cloudwards, 29 September 2021. Accessed 22 July 2022.
    “The Cost Savings of SAN-to-SAN Replication.” Secure Infrastructure and Services, 31 March 2016. Accessed 16 July 2022.
    “Video Surveillance.” Object-Storage.Info, 18 December 2019. Accessed 25 July 2022.
    “What is a Data Lake?” Amazon Web Services, n.d. Accessed 17 July 2022.
    “What is enterprise cloud storage?” Spectrum Enterprise, n.d. Accessed 28 July 2022.
    “What is SAN (Storage Area Network).” NetApp, n.d. Accessed 25 July 2022.
    “What is software-defined storage?” RedHat, 08 March 2018. Accessed 16 July 2022.

    Agile Enterprise Architecture Operating Model

    • Buy Link or Shortcode: {j2store}581|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $31,106 Average $ Saved
    • member rating average days saved: 33 Average Days Saved
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model

    Establish an enterprise architecture practice that:

    • Leverages an operating model that promotes/supports agility within the organization.
    • Embraces business, data, application, and technology architectures in an optimal mix.
    • Is Agile in itself and will be sustainable and reactive to business needs, staying relevant and “profitable” – continuously delivering business value.

    Our Advice

    Critical Insight

    • Use your business and EA strategy and design principles to right-size standardized operating models to fit your EA organization’s needs.
    • You need to define a sound set of design principles before commencing with the design of your EA organization.
    • The EA operating model structure should be rigid but pliable enough to fit the needs of the stakeholders it provides services to.
    • A phased approach and a good communication strategy is key to the success of the new EA organization.
    • Start with one group and work out the hurdles before rolling it out organization-wide.
    • Make sure that you communicate regularly on wins but also on hurdles and how to overcome them.

    Impact and Result

    • The organization design approach proposed will aim to provide twofold agility: the ability to stretch and shrink depending on business requirements and the promotion of agility in architecture delivery.
    • By recognizing that agility comes in different flavors, organizations using more traditional design patterns will also benefit from the approach advocated by this blueprint.

    Agile Enterprise Architecture Operating Model Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out create an Agile EA operating model to execute the EA function, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Design your EA operating model

    You need to define a sound set of design principles before commencing with the design of your EA organization.

    • Agile EA Operating Model Communication Deck
    • Agile EA Operating Model Workbook
    • Business Architect
    • Application Architect
    • Data Architect
    • Enterprise Architect

    2. Define your EA organizational structure

    The EA operating model structure should be rigid but pliable enough to fit the needs of the stakeholders it provide services to.

    • EA Views Taxonomy
    • EA Operating Model Template
    • Architecture Board Charter Template
    • EA Policy Template
    • EA Compliance Waiver Form Template

    3. Implement the EA operating model

    A phased approach and a good communications strategy are key to the success of the new EA organization.

    • EA Roadmap
    • EA Communication Plan Template
    [infographic]

    Workshop: Agile Enterprise Architecture Operating Model

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 EA Function Design

    The Purpose

    Identify how EA looks within the organization and ensure all the necessary skills are accounted for within the function.

    Key Benefits Achieved

    EA is designed to be the most appropriately placed and structured for the organization.

    Activities

    1.1 Place the EA department.

    1.2 Define roles for each team member.

    1.3 Find internal and external talent.

    1.4 Create job descriptions with required proficiencies.

    Outputs

    EA organization design

    Role-based skills and competencies

    Talent acquisition strategy

    Job descriptions

    2 EA Engagement Model

    The Purpose

    Create a thorough engagement model to interact with stakeholders.

    Key Benefits Achieved

    An understanding of each process within the engagement model.

    Create stakeholder interaction cards to plan your conversations.

    Activities

    2.1 Define each engagement process for your organization.

    2.2 Document stakeholder interactions.

    Outputs

    EA Operating Model Template

    EA Stakeholder Engagement Model Template

    3 EA Governance

    The Purpose

    Develop EA boards, alongside a charter and policies to effectively govern the function.

    Key Benefits Achieved

    Governance that aids the EA function instead of being a bureaucratic obstacle.

    Adherence to governace.

    Activities

    3.1 Outline the architecture review process.

    3.2 Position the architecture review board.

    3.3 Create a committee charter.

    3.4 Make effective governance policy.

    Outputs

    Architecture Board Charter Template

    EA Policy Template

    4 Architecture Development Framework

    The Purpose

    Create an operating model that is influenced by universal standards including TOGAF, Zachmans, and DoDAF.

    Key Benefits Achieved

    A thoroughly articulated development framework.

    Understanding of the views that influence each domain.

    Activities

    4.1 Tailor an architecture development framework to your organizational context.

    Outputs

    EA Operating Model Template

    Enterprise Architecture Views Taxonomy

    5 Operational Plan

    The Purpose

    Create a change management and communication plan or roadmap to execute the operating model.

    Key Benefits Achieved

    Build a plan that takes change management and communication into consideration to achieve the wanted benefits of an EA program.

    Effectively execute the roadmap.

    Activities

    5.1 Create a sponsorship action plan.

    5.2 Outline a communication plan.

    5.3 Execute a communication roadmap.

    Outputs

    Sponsorship Action Plan

    EA Communication Plan Template

    EA Roadmap

    Adopt an Exponential IT Mindset

    • Buy Link or Shortcode: {j2store}103|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    New technologies such as generative AI, quantum computing, 5G cellular networks, and next-generation robotics are ushering in an exciting new era of business transformation. By adopting an exponential IT mindset, IT leaders will be able to lead the autonomization of business capabilities.

    To capitalize on this upcoming opportunity, exponential IT leaders will have to become business advisors who unlock exponential value for the business and help mitigate exponential risk.

    Adopt a renewed focus on business outcomes to achieve autonomization

    An exponential IT mindset means that IT leaders will need to take a lead role in transforming business capabilities.

    • Embrace an expanded role as business advisors: CIOs will be tasked with greater responsibility for determining business strategy alongside the C-suite.
    • Know the rewards and mitigate the risks: New value chain opportunities and efficiency gains will create significant ROI. Protect these returns by mitigating higher risks to business continuity, information security, and delivery performance.
    • Plan to fully leverage technologies such as AI: It will be integral for IT to enable autonomous technologies in this new era of exponential technology progress.

    Adopt an Exponential IT Mindset Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Adopt an Exponential IT Mindset Deck – An introduction to IT’s role in the autonomization era

    The role of IT has evolved throughout the past couple generations to enable fundamental business transformations. In the autonomization era, it will have to evolve again to lead the business through a world of exponential opportunity.

    • Adopt an Exponential IT Mindset Storyboard

    Infographic

    Further reading

    Adopt an Exponential IT Mindset

    Thrive through the next paradigm shift

    Executive Summary

    For more than 40 years, information technology has significantly transformed businesses, from the computerization of operations to the digital transformation of business models. As technological disruption accelerates exponentially, a world of exponential business opportunity is within reach.

    Newly emerging technologies such as generative AI, quantum computing, 5G cellular networks, and next-generation robotics are enabling autonomous business capabilities.

    The role of IT has evolved throughout the past couple generations to enable business transformations. In the autonomization era, it will have to evolve again. IT will have a new mission, an adapted governance structure, innovative capabilities, and an advanced partnership model.

    CIOs embracing exponential IT require a new mindset. Their IT practices will need to progress to the top of the maturity ladder as they make business outcomes their own.

    Over the past two generations, we have witnessed major technology-driven business transformations

    1980s

    Computerization

    The use of computer devices, networks, and applications became widespread in the enterprise. The focus was on improving the efficiency of back-office tasks.

    2000s

    Digitalization

    As the world became connected through the internet, new digitally enabled business models emerged in the enterprise. Orders were now being received online, and many products and services were partially or fully digitized for online fulfillment.

    Recent pandemic measures contributed to a marked acceleration in the digitalization of organizations

    The massive disruption resulting from pandemic measures led businesses to shift to more digital interactions with customers.

    The global average share of customer interactions that are digital went from 36% in December 2019 to 58% in July 2020.

    The global average share of customer interactions that are digital went from 36% to 58% in less than a year.*

    Moreover, companies across business areas have accelerated the digitization of their offerings.

    The global average share of partially or fully digitized products went from 35% in 2019 to 55% in July 2020.

    The global average share of partially or fully digitized products went from 35% to 55% in the same period.*

    The adoption of digitalized business models has accelerated during the pandemic. Post-pandemic, it is unlikely for adoption to recede.

    With more business applications ported to the cloud and more data available online, “digital-first” organizations started to envisage a next wave of automation.

    *Source: “How COVID-19 has pushed companies over the technology tipping point—and transformed business forever,” McKinsey & Company, 2020

    A majority of IT leaders plan to use artificial intelligence within their organizations in 2023

    In August 2022, Info-Tech surveyed 506 IT leaders and asked which tasks would involve AI in their organizations in 2023.

    Graph showing tasks that would involve AI in organizations in 2023.

    We found that 63% of IT leaders plan to use AI within their organizations to automate repetitive, low-level tasks by the end of 2023.

    With the release of the ChatGPT prototype in November 2022, setting a record for the fastest user growth (reaching 100 million active users just two months after launch), we foresee that AI adoption will accelerate significantly and its use will extend to more complex tasks.

    Newly emerging technologies and business realities are ushering in the next business transformation

    1980s

    Computerization

    2000s

    Digitalization

    2020s

    Autonomization

    As digitalization accelerates, a post-pandemic world with a largely online workforce and digitally transformed enterprise business models now enters an era where more business capabilities become autonomous, with humans at the center of a loop* that is gradually becoming larger.

    Deep Learning, Quantum Computing, 5G Networks, Robotics

    * Download Info-Tech’s CIO Trend Report 2019 – Become a Leader in the Loop

    The role of IT needs to evolve as it did through the previous two generations

    1980s

    Computerization

    IT professionals gathered functional requirements from the business to help automate back-office tasks and improve operational efficiency.

    2000s

    Digitalization

    IT professionals acquired business analysis skills and leveraged the SMAC (social, mobile, analytics, and cloud) stack to accelerate the automation of the front office and enable the digital transformation of business models.

    2020s

    Autonomization

    IT professionals will become business advisors and enable the establishment of autonomous yet differentiated business processes and capabilities.

    The autonomization era brings enormous opportunity for organizations, coupled with enormous risk

    Graph of Risk Severity versus Value Opportunity. Autonomization has a high value of opportunity and high risk severity.

    While some analysts have been quick to announce the demise of the IT department and the transition of the role of IT to the business, the budgets that CIOs control have continued to rise steadily over time.

    In a high-risk, high-reward endeavor to make business processes autonomous, the role of IT will continue to be pivotal, because while everyone in the organization will rush to seize the value opportunity, the technology risk will be left for IT to manage.

    Exponential IT represents a necessary change in a CIO’s focus to lead through the next paradigm shift

    EXPONENTIAL RISK

    Autonomous processes will integrate with human-led processes, creating risks to business continuity, information security, and quality of delivery. Supplier power will exacerbate business risks.

    EXPONENTIAL REWARD

    The efficiency gains and new value chains created through artificial intelligence, robotics, and additive manufacturing will be very significant. Most of this value will be realized through the augmentation of human labor.

    EXPONENTIAL DEMAND

    Autonomous solutions for productivity and back-office applications will eventually become commoditized and provided by a handful of large vendors. There will, however, be a proliferation of in-house algorithms and workflows to autonomize the middle and front office, offered by a busy landscape of industry-centric capability vendors.

    EXPONENTIAL IT

    Exponential IT involves IT leading the cognitive reengineering of the organization with evolved practices for:

    • IT governance
    • Asset management
    • Vendor management
    • Data management
    • Business continuity management
    • Information security management

    To succeed, IT will have to adopt different priorities in its mission, governance, capabilities, and partnerships

    Digitalization

    A Connected World

    Progressive IT

    • Mission

      Enable the digital transformation of the business

    • Governance

      Service metrics, security perimeters, business intelligence, compliance management

    • Capabilities

      Service management, business analysis, application portfolio management, data management

    • Partnerships

      Management of technology service agreements

    Autonomization

    An Exponential World

    Exponential IT

    • Mission

      Lead the business through autonomization.

    • Governance

      Outcome-based metrics, zero trust, ESG reporting, digital trust

    • Capabilities

      Experience management, business advisory, enterprise innovation, data differentiation

    • Partnerships

      Management of business capability agreements

    Fortune favors the bold: The CIO now has an opportunity to cement their role as business leader

    Levels of digital maturity. From bottom: Unstable - inability to consistently deliver basic services, Firefighter - Reliable infrastructure and IT service desk, Trusted Operator - Enablement of business through applications and work orders, Business Partner - Effective delivery of strategic business projects, Innovator - Information and technology as a competitive advantage.

    Research has shown that companies that are more digitally mature have higher growth than the industry average. In these companies, the CIO is part of the executive management team.

    And while the role of the CIO is generally tied to their mandate within the organization, we have seen their role progress from doer to leader as IT climbs the maturity ladder.

    As companies strive to succeed in the next phase of technology-driven transformation, CIOs have an opportunity to demonstrate their business leadership. To do so, they will have to provide exceptionally mature services while owning business targets.

    Data security consultancy

    Data security consultancy

    Based on experience
    Implementable advice
    human-based and people-oriented

    Data security consultancy makes up one of Tymans Group’s areas of expertise as a corporate consultancy firm. We are happy to offer our insights and solutions regarding data security and risk to businesses, both through online and offline channels. Read on and discover how our consultancy company can help you set up practical data security management solutions within your firm.

    How our data security consultancy services can help your company

    Data security management should be an important aspect of your business. As a data security consultancy firm, Tymans Group is happy to assist your small or medium-sized enterprise with setting up clear protocols to keep your data safe. As such, we can advise on various aspects comprising data security management. This ranges from choosing a fit-for-purpose data architecture to introducing IT incident management guidelines. Moreover, we can perform an external IT audit to discover which aspects of your company’s data security are vulnerable and which could be improved upon.

    Security and risk management

    Our security and risk services

    Security strategy

    Security Strategy

    Embed security thinking through aligning your security strategy to business goals and values

    Read more

    Disaster Recovery Planning

    Disaster Recovery Planning

    Create a disaster recovey plan that is right for your company

    Read more

    Risk Management

    Risk Management

    Build your right-sized IT Risk Management Program

    Read more

    Check out all our services

    Discover our practical data security management solutions

    Data security is just one aspect with which our consultancy firm can assist your company. Tymans Group offers its extensive expertise in various corporate management domains, such as quality management and risk management. Our solutions all stem from our vast expertise and have proven their effectiveness. Moreover, when you choose to employ our consultancy firm for your data security management, you benefit from a holistic, people-oriented approach.

    Set up an appointment with our experts

    Do you wish to learn more about our data security management solutions and services for your company? We are happy to analyze any issues you may be facing and offer you a practical solution if you contact us for an appointment. You can book a one-hour online talk or elect for an on-site appointment with our experts. Contact us to set up your appointment now.

    Register to read more …

    Considerations to Optimize Container Management

    • Buy Link or Shortcode: {j2store}499|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Center & Facilities Strategy
    • Parent Category Link: /data-center-and-facilities-strategy

    Do you experience challenges with the following:

    • Equipping IT operations processes to manage containers.
    • Choosing the right container technology.
    • Optimizing your infrastructure strategy for containers.

    Our Advice

    Critical Insight

    • Plan ahead to ensure your container strategy aligns with your infrastructure roadmap. Before deciding between bare metal and cloud, understand the different components of a container management solution and plan for current and future infrastructure services.
    • When selecting tools from multiple sources, it is important to understand what each tool should and should not meet. This holistic approach is necessary to avoid gaps and duplication of effort.

    Impact and Result

    Use the reference architecture to plan for the solution you need and want to deploy. Infrastructure planning and strategy optimizes the container image supply chain, uses your current infrastructure, and reduces costs for compute and image scan time.

    Considerations to Optimize Container Management Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Considerations to Optimize Container Management Deck – A document to guide you design your container strategy.

    A document that walks you through the components of a container management solution and helps align your business objectives with your current infrastructure services and plan for your future assets.

    • Considerations to Optimize Container Management Storyboard

    2. Container Reference Architecture – A best-of-breed template to help you build a clear, concise, and compelling strategy document for container management.

    Complete the reference architecture tool to strategize your container management.

    • Container Reference Architecture
    [infographic]

    Further reading

    Considerations to Optimize Container Management

    Design a custom reference architecture that meets your requirements.

    Analyst Perspective

    Containers have become popular as enterprises use DevOps to develop and deploy applications faster. Containers require managed services because the sheer number of containers can become too complex for IT teams to handle. Orchestration platforms like Kubernetes can be complex, requiring management to automatically deploy container-based applications to operating systems and public clouds. IT operations staff need container management skills and training.

    Installing and setting up container orchestration tools can be laborious and error-prone. IT organizations must first implement the right infrastructure setup for containers by having a solid understanding of the scope and scale of containerization projects and developer requirements. IT administrators also need to know how parts of the existing infrastructure connect and communicate to maintain these relationships in a containerized environment. Containers can run on bare metal servers, virtual machines in the cloud, or hybrid configurations, depending on your IT needs

    Nitin Mukesh, Senior Research Analyst, Infrastructure and Operations

    Nitin Mukesh
    Senior Research Analyst, Infrastructure and Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge Common Obstacles Info-Tech’s Approach

    The container software market is constantly evolving. Organizations must consider many factors to choose the right container management software for their specific needs and fit their future plans.

    It's important to consider your organization's current and future infrastructure strategy and how it fits with your container management strategy. The container management platform you choose should be compatible with the existing network infrastructure and storage capabilities available to your organization.

    		 IT operations staff have not been thinking the same way as developers who have now been using an agile approach for some time. Container image builds are highly automated and have several dependencies including scheduling, testing, and deployment that the IT staff is not trained for or lack the ability to create anything more than a simple image.

    Use the reference architecture to plan for the solution you need and want to deploy. Infrastructure planning and strategy optimizes the container image supply chain and reduces costs for compute and image scan time.

    Plan ahead to ensure your container strategy aligns with your infrastructure roadmap. Before deciding between bare metal and cloud, understand the different components of a container management solution and plan for current and future infrastructure services.

    Your challenge

    Choosing the right container technology: IT is a rapidly changing and evolving market, with startups and seasoned technology vendors maintaining momentum in everything from container platforms to repositories to orchestration tools. The rapid evolution of container platform components such as orchestration, storage, networking, and system services such as load balancing has made the entire stack a moving target.

    However, waiting for the industry to be standardized can be a recipe for paralysis, and waiting too long to decide on solutions and approaches can put a company's IT operations in catch-up mode.

    Keeping containers secure: Security breaches in containers are almost identical to operating system level breaches in virtual machines in terms of potential application and system vulnerabilities. It is important for any DevOps team working on container and orchestration architecture and management to fully understand the potential vulnerabilities of the platforms they are using.

    Optimize your infrastructure strategy for containers: One of the challenges enterprise IT operations management teams face when it comes to containers is the need to rethink the underlying infrastructure to accommodate the technology. While you may not want to embrace the public cloud for your critical applications just yet, IT operations managers will need an on-premises infrastructure so that applications can scale up and down the same way as they are containerized.

    Common ways organizations use containers

    A Separation of responsibilities
    Containerization provides a clear separation of responsibilities as developers can focus on application logic and dependencies, while IT operations teams can focus on deployment and management instead of application details such as specific software versions and configurations.

    B Workload portability
    Containers can run almost anywhere: physical servers or on-premise data centers on virtual machines or developer machines, as well as public clouds on Linux, Windows, or Mac operating systems, greatly easing development and deployment.

    “Lift and shift” existing applications into a modern cloud architecture. Some organizations even use containers to migrate existing applications to more modern environments. While this approach provides some of the basic benefits of operating system virtualization, it does not provide all the benefits of a modular, container-based application architecture.

    C Application isolation
    Containers virtualize CPU, memory, storage, and network resources at the operating system level, providing developers with a logically isolated view of the operating system from other applications.

    Source: TechTarget, 2021

    What are containers and why should I containerize?

    A container is a partially isolated environment in which an application or parts of an application can run. You can use a single container to run anything from small microservices or software processes to larger applications. Inside the container are all the necessary executable, library, and configuration files. Containers do not contain operating system images. This makes them lighter and more portable with much less overhead. Large application deployments can deploy multiple containers into one or more container clusters (CapitalOne, 2020).

    Containers have the following advantages:

    • Reduce overhead costs: Because containers do not contain operating system images, they require fewer system resources than traditional or hardware virtual machine environments.
    • Enhanced portability: Applications running in containers can be easily deployed on a variety of operating systems and hardware platforms.
    • More consistent operations: DevOps teams know that applications in containers run the same no matter where they are deployed.
    • Efficiency improvement: Containers allow you to deploy, patch, or scale applications faster.
    • Develop better applications: Containers support Agile and DevOps efforts to accelerate development and production cycles.

    Source: CapitalOne, 2020

    Container on the cloud or on-premise?

    On-premises containers Public cloud-based containers

    Advantages:

    • Full control over your container environment.
    • Increased flexibility in networking and storage configurations.
    • Use any version of your chosen tool or container platform.
    • No need to worry about potential compliance issues with data stored in containers.
    • Full control over the host operating system and environment.

    Disadvantages:

    • Lack of easy scalability. This can be especially problematic if you're using containers because you want to be more agile from a DevOps perspective.
    • No turnkey container deployment solution. You must set up and maintain every component of the container stack yourself.

    Advantages:

    • Easy setup and management through platforms such as Amazon Elastic Container Service or Azure Container Service. These products require significant Docker expertise to use but require less installation and configuration than on-premise installations.
    • Integrates with other cloud-based tools for tasks such as monitoring.
    • Running containers in the cloud improves scalability by allowing you to add compute and storage resources as needed.

    Disadvantages:

    • You should almost certainly run containers on virtual machines. That can be a good thing for many people; however, you miss out on some of the potential benefits of running containers on bare metal servers, which can be easily done.
    • You lose control. To build a container stack, you must use the orchestrator provided by your cloud host or underlying operating system.

    Info-Tech Insight
    Start-ups and small businesses that don't typically need to be closely connected to hardware can easily move (or start) to the cloud. Large (e.g. enterprise-class) companies and companies that need to manage and control local hardware resources are more likely to prefer an on-premises infrastructure. For enterprises, on-premises container deployments can serve as a bridge to full public cloud deployments or hybrid private/public deployments. The answer to the question of public cloud versus on premises depends on the specific needs of your business.

    Container management

    From container labeling that identifies workloads and ownership to effective reporting that meets the needs of different stakeholders across the organization, it is important that organizations establish an effective framework for container management.

    Four key considerations for your container management strategy:

    01 Container Image Supply Chain
    How containers are built

    02 Container Infrastructure and Orchestration
    Where and how containers run together

    03 Container Runtime Security and Policy Enforcement
    How to make sure your containers only do what you want them to do

    04 Container Observability
    Runtime metrics and debugging

    To effectively understand container management solutions, it is useful to define the various components that make up a container management strategy.

    1: Container image supply chain

    To run a workload as a container, it must first be packaged into a container image. The image supply chain includes all libraries or components that make up a containerized application. This includes CI/CD tools to test and package code into container images, application security testing tools to check for vulnerabilities and logic errors, registries and mirroring tools for hosting container images, and attribution mechanisms such as image signatures for validating images in registries.

    Important functions of the supply chain include the ability to:

    • Scan container images in registries for security issues and policy compliance.
    • Verify in-use image hashes have been scanned and authorized.
    • Mirror images from public registries to isolate yourself from outages in these services.
    • Attributing images to the team that created them.

    Source: Rancher, 2022

    Info-Tech Insight
    It is important to consider disaster recovery for your image registry. As mentioned above, it is wise to isolate yourself from registry disruptions. However, external registry mirroring is only one part of the equation. You also want to make sure you have a high availability plan for your internal registry as well as proper backup and recovery processes. A highly available, fault-tolerant container management platform is not just a runtime environment.

    2: Container infrastructure and orchestration

    Orchestration tools

    Once you have a container image to run, you need a location to run it. That means both the computer the container runs on and the software that schedules it to run. If you're working with a few containers, you can make manual decisions about where to run container images, what to run with container images, and how best to manage storage and network connectivity. However, at scale, these kinds of decisions should be left to orchestration tools like Kubernetes, Swarm, or Mesos. These platforms can receive workload execution requests, determine where to run based on resource requirements and constraints, and then actually launch that workload on its target. And if a workload fails or resources are low, it can be restarted or moved as needed.

    Source: DevOpsCube, 2022

    Storage

    Storage is another important consideration. This includes both the storage used by the operating system and the storage used by the container itself. First, you need to consider the type of storage you actually need. Can I outsource my storage concerns to a cloud provider using something like Amazon Relational Database Service instead? If not, do you really need block storage (e.g. disk) or can an external object store like AWS S3 meet your needs? If your external object storage service can meet your performance and durability requirements as well as your governance and compliance needs, you're in luck. You may not have to worry about managing the container's persistent storage. Many external storage services can be provisioned on demand, support discrete snapshots, and some even allow dynamic scaling on demand.

    Networking

    Network connectivity inside and outside the containerized environment is also very important. For example, Kubernetes supports a variety of container networking interfaces (CNIs), each providing different functionality. Questions to consider here are whether you can set traffic control policies (and the OSI layer), how to handle encryption between workloads and between workloads and external entities, and how to manage traffic import for containerized workloads. The impact of these decisions also plays a role on performance.

    Backups

    Backups are still an important task in containerized environments, but the backup target is changing slightly. An immutable, read-only container file system can be recreated very easily from the original container image and does not need to be backed up. Backups or snapshots on permanent storage should still be considered. If you are using a cloud provider, you should also consider fault domain and geo-recovery scenarios depending on the provider's capabilities. For example, if you're using AWS, you can use S3 replication to ensure that EBS snapshots can be restored in another region in case of a full region outage.

    3: Container runtime security and policy enforcement

    Ensuring that containers run in a place that meets the resource requirements and constraints set for them is necessary, but not sufficient. It is equally important that your container management solution performs continuous validation and ensures that your workloads comply with all security and other policy requirements of your organization. Runtime security and policy enforcement tools include a function for detecting vulnerabilities in running containers, handling detected vulnerabilities, ensuring that workloads are not running with unnecessary or unintended privileges, and ensuring that only other workloads that need to be allowed can connect.

    One of the great benefits of (well implemented) containerized software is reducing the attackable surface of the application. But it doesn't completely remove it. This means you need to think about how to observe running applications to minimize security risks. Scanning as part of the build pipeline is not enough. This is because an image without vulnerabilities at build time can become a vulnerable container because new flaws are discovered in its code or support libraries. Instead, some modern tools focus on detecting unusual behavior at the system call level. As these types of tools mature, they can make a real difference to your workload’s security because they rely on actual observed behavior rather than up-to-date signature files.

    4: Container observability

    What’s going on in there?

    Finally, if your container images are being run somewhere by orchestration tools and well managed by security and policy enforcement tools, you need to know what your containers are doing and how well they are doing it. Orchestration tools will likely have their own logs and metrics, as will networking layers, and security and compliance checking tools; there is a lot to understand in a containerized environment. Container observability covers logging and metrics collection for both your workloads and the tools that run them.

    One very important element of observability is the importance of externalizing logs and metrics in a containerized environment. Containers come and go, and in many cases the nodes running on them also come and go, so relying on local storage is not recommended.

    The importance of a container management strategy

    A container management platform typically consists of a variety of tools from multiple sources. Some container management software vendors or container management services attempt to address all four key components of effective container management. However, many organizations already have tools that provide at least some of the features they need and don't want to waste existing licenses or make significant changes to their entire infrastructure just to run containers.

    When choosing tools from multiple sources, it's important to understand what needs each tool meets and what it doesn't. This holistic approach is necessary to avoid gaps and duplication of effort.

    For example, scanning an image as part of the build pipeline and then rescanning the image while the container is running is a waste of CPU cycles in the runtime environment. Similarly, using orchestration tools and separate host-based agents to aggregate logs or metrics can waste CPU cycles as well as storage and network resources.

    Planning a container management strategy

    1 DIY, Managed Services, or Packaged Products
    Developer satisfaction is important, but it's also wise to consider the team running the container management software. Migrating from bare metal or virtual machine-based deployment methodologies to containers can involve a significant learning curve, so it's a good idea to choose a tool that will help smooth this curve.
    2 Kubernetes
    In the world of container management, Kubernetes is fast becoming the de facto standard for container orchestration and scheduling. Most of the products that address the other aspects of container management discussed in this post (image supply chain, runtime security and policy enforcement, observability) integrate easily with Kubernetes. Kubernetes is open-source software and using it is possible if your team has the technical skills and the desire to implement it themselves. However, that doesn't mean you should automatically opt to build yourself.
    3 Managed Kubernetes
    Kubernetes is difficult to implement well. As a result, many solution providers offer packaged products or managed services to facilitate Kubernetes adoption. All major cloud providers now offer Kubernetes services that reduce the operational burden on your teams. Organizations that have invested heavily in the ecosystem of a particular cloud provider may find this route suitable. Other organizations may be able to find a fully managed service that provides container images and lets the service provider worry about running the images which, depending on the cost and capacity of the organization, may be the best option.
    4 Third-Party Orchestration Products
    A third approach is packaged products from providers that can be installed on the infrastructure (cloud or otherwise). These products can offer several potential advantages over DIY or cloud provider offerings, such as access to additional configuration options or cluster components, enhanced functionality, implementation assistance and training, post-installation product support, and reduced risk of cloud provider lock-in.

    Source: Kubernetes, 2022; Rancher, 2022

    Infrastructure considerations

    It's important to describe your organization’s current and future infrastructure strategy and how it fits into your container management strategy. It’s all basic for now, but if you plan to move to a virtual machine or cloud provider next year, your container management solution should be able to adapt to your environment now and in the future. Similarly, if you’ve already chosen a public cloud, you may want to make sure that the tool you choose supports some of the cloud options, but full compatibility may not be an important feature.

    Infrastructure considerations extend beyond computing. Choosing a container management platform should be compatible with the existing network infrastructure and storage capacity available to your organization. If you have existing policy enforcement, monitoring, and alerting tools, the ideal solution should be able to take advantage of them. Moving to containers can be a game changer for developers and operations teams, so continuing to use existing tools to reduce complexity where possible can save time and money.

    Leverage the reference architecture to guide your container management strategy

    Questions for support transition

    Using the examples as a guide, complete the tool to strategize your container management

    Download the Reference Architecture

    Bibliography

    Mell, Emily. “What is container management and why is it important?” TechTarget, April 2021.
    https://www.techtarget.com/searchitoperations/definition/container-management-software#:~:text=A%20container%20management%20ecosystem%20automates,operator%20to%20keep%20up%20with

    Conrad, John. “What is Container Orchestration?” CapitalOne, 24 August 2020.
    https://www.capitalone.com/tech/cloud/what-is-container-orchestration/?v=1673357442624

    Kubernetes. “Cluster Networking.” Kubernetes, 2022.
    https://kubernetes.io/docs/concepts/cluster-administration/networking/

    Rancher. “Comparing Kubernetes CNI Providers: Flannel, Calico, Canal, and Weave.” Rancher, 2022.
    https://www.suse.com/c/rancher_blog/comparing-kubernetes-cni-providers-flannel-calico-canal-and-weave/

    Wilson, Bob. “16 Best Container Orchestration Tools and Services.” DevopsCube, 5 January 2022.
    https://devopscube.com/docker-container-clustering-tools/

    Data Protection Notice

    Tymans Group BV processes personal information in compliance with this privacy statement. For further information, questions or comments on our privacy policy, please contact Gert Taeymans at https://tymansgroup.com/gdpr-contact.

    Purposes of the processing

    Tymans Group BV collects and processes customers’ personal data for customer and order management (customer administration, order / delivery follow-up, invoicing, solvency follow-up, profiling and the sending of marketing and personalised advertising).

    Legal foundation for the processing

    Personal data is processed based on several provisions of Article 6.1.

    (a)  consent, which you can revoke at any time,

    (b) required for the implementation of an agreement between you and Tymans Group BV, eg. when you enter into a contract with us,

    (c)  required to satisfy a legal obligation

    (f)  (required for the protection of our legitimate interest in entrepreneurship)] of the General Data Protection Regulation. An actual data item may be subject to multiple provisions.

    Insofar as the processing of personal data takes place based on Article 6.1. a) (consent), customers always have the right to withdraw the given consent.

    Transfer to third parties

    If required to achieve the set purposes, your personal data will be shared with other companies within the European Economic Area, which are linked directly or indirectly with Gert Taeymans BV or with any other partner of Tymans Group BV

    Tymans Group BV guarantees that these recipients will take the necessary technical and organisational measures for the protection of personal data.

    Third party categories that are subject to this provision are:

        Accounting
        Hosting
        Software Engineering (when you order websites or custom development with us)
        Social Media (only as part of Social Media Marketing contracted services by you)

    Due to the ECJ striking down the  EU-US Privacy Shield agreement, this leaves us with a open gap. The resulting implications and actions to take are not yet clear. You must be aware that one can argue that any data transfer from the EU towards the US is now in breach of the law. Other argue that necessary transfers are still allowed, whithout however defining, as far as we know, what "necessary" actually means. This website runs on servers within the EU. We also closely follow the opinions by the scholars and our regulator.

    Retention period

    Personal data processed for customer management will be stored for the time necessary to satisfy legal requirements (in terms of bookkeeping, among others).

    Right to inspection, improvement, deletion, limitation, objection and transferability of personal data

    You have at all times the right to inspect your personal data and can have it improved should it be incorrect or incomplete, have it removed, limit its processing an object to the processing of their personal data based on Article 6.1 (f), including profiling based on said provisions. Any personal data however that is needed for the legal processing of your order cannot be removed after you placed an order, as we need to keep it for legal purposes.

    Furthermore, you are entitled to obtain a copy of your personal data and to have said personal data forwarded to another company.

    In order to exercise the aforementioned rights, you are requested to send an e-mail the following address: dataprivacy@tymansgroup.com.

    Direct marketing

    You are entitled to object free of charge to the processing of any processing of their personal data aimed at direct marketing.

    Complaint

    You have the right to file a complaint with the Belgian Privacy Protection Commission (35 Rue de la Presse, 1000 Brussels - contact@adp-gba.be - 02/ 274 48 00 or 02/ 274 48 35).

    Build a More Effective Go-to-Market Strategy

    • Buy Link or Shortcode: {j2store}559|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • A weak or poorly defined Go-to-Market strategy is often the root cause of slow product revenue growth or missed product revenue targets.
    • Many agile-driven product teams rush to release, skipping key GTM steps leaving Sales and Marketing misaligned and not ready to fully monetize precious product investments.
    • Guessing at buyer persona and journey or competitive SWOT analyses – two key deliverables of an effective GTM strategy – cause poor marketing and sales outcomes.
    • Without the sales and product-aligned business case for launch called for in a successful GTM strategy, companies see low buyer adoption, wasted sales and marketing investments, and a failure to claim product and launch campaign success.

    Our Advice

    Critical Insight

    • Having an updated and compelling Go-to-Market strategy is a critical capability – as important as financial strategy, sales operations, and even corporate business development, given its huge impact on the many drivers of sustainable growth.
    • Establishing alignment through the GTM process builds long-term operational strength.
    • With a sound GTM strategy, marketers give themselves a 50% greater chance of product launch success.

    Impact and Result

    • Align stakeholders on a common vision and execution plan prior to the Build and Launch phases.
    • Build a foundation of buyer and competitive understanding to drive a successful product hypothesis, then validate with buyers.
    • Deliver a team-aligned launch plan that enables launch readiness and outlines commercial success.

    Build a More Effective Go-to-Market Strategy Research & Tools

    Build Your Go-to-Market Strategy

    Use this storyboard and its deliverables to build a baseline market, understand your buyer, and gain competitive insights. It will also help you design your initial product and business case, and align stakeholder plans to prep for build.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Build a More Effective Go-to-Market Strategy – Executive Brief

      Almost there!

      Please enter your email and a few details and you're on your way to an efficient process.

      Download

      You can always get support via our Contact options.

      ×
    • Build a More Effective Go-to-Market Strategy – Phases 1-3
    • Go-to-Market Strategy Presentation Template
    • Go-to-Market Strategy RACI and Launch Checklist Workbook
    • Product Market Opportunity Sizing Workbook
    • Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Infographic

    Workshop: Build a More Effective Go-to-Market Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Align on GTM Vision & Plan, Craft Initial Strategy

    The Purpose

    Align on GTM vision and plan; craft initial strategy.

    Key Benefits Achieved

    Confidence that market opportunity is sufficient.

    Deeper buyer understanding to drive product design and messaging and launch campaign asset design.

    Steering committee approval for next phase.

    Activities

    1.1 Outline a vision for GTM, roles required, identify Steering Committee lead, workstream leads, and teams.

    1.2 Capture GTM strategy hypothesis by working through initial draft of the Go-to-Market Strategy Presentation and business case.

    1.3 Capture team knowledge on buyer persona and journey and competitive SWOT.

    1.4 Identify info./data gaps, sources, and plan for capturing/gathering including buyer interviews.

    Outputs

    Documented Steering Committee and Working team.

    Aligned on GTM vision and process.

    Documented buyer persona and journey. Competitive SWOT analysis.

    Document team knowledge on initial GTM strategy, buyer personas, and business case.

    2 Identify Initial Business Case, Sales Forecast, and Launch Plan

    The Purpose

    Identify Initial Business Case, Sales Forecast, and Launch Plan.

    Key Benefits Achieved

    Confidence in size of market opportunity.

    Alignment of Sales and Product on product forecast.

    Assessment of marketing tech stack.

    Initial business case.

    Activities

    2.1 Size Product Market Opportunity and initial revenue forecast.

    2.2 Craft initial product hypothesis from buyer interviews including feature priorities, pricing, packaging, competitive differentiation, channel/route to market.

    2.3 Craft initial launch campaign, product release and sales and CX readiness plans.

    2.4 Identify launch budgets across each investment area.

    2.5 Discuss initial product launch business case and key activities.

    Outputs

    Product Serviceable Obtainable Market (SOM), Serviceable Available Market (SAM) and Total Available Market (TAM).

    Definition of product-market fit, uniqueness, and competitive differentiation.

    Preliminary campaign, targets, and readiness plans.

    Incremental budgets for each key stakeholder area.

    Preliminary product launch business case.

    3 Develop Launch Plans (I of II)

    The Purpose

    Develop final Launch plans and budgets in product and marketing.

    Key Benefits Achieved

    Align Product release/launch plans with the marketing campaign for launch.

    Understand incremental budgets from product and marketing for launch.

    Activities

    3.1 Apply product interviews to scope, MVP, roadmap, competitive differentiation, pricing, feature prioritization, routes to market, and sales forecast.

    3.2 Develop a more detailed launch campaign plan complete with asset-types, messaging, digital plan to support buyer journey, media buy plan and campaign metrics.

    Outputs

    Minimally Viable Product defined with feature prioritization. Product competitive differentiation documented Routes to market identified Sales forecast aligned with product team expectations.

    Marketing campaign launch plan Content marketing asset-creation/acquisition plan Campaign targets and metrics.

    4 Develop Launch Plans (II of II)

    The Purpose

    Develop final Launch Plans and budgets for remaining areas.

    Key Benefits Achieved

    Align Product release/launch plans with the marketing campaign for launch.

    Understand incremental budgets from Product and Marketing for launch.

    Activities

    4.1 Develop detailed launch/readiness plans with final budgets for: Sales enablement , Sales training, Tech stack, Customer onboarding & success, Product marketing, AR, PR, Corp Comms/Internal Comms, Customer Events, Employee Events, etc.

    Outputs

    Detailed launch plans, budgets for Product Marketing, Sales, Customer Success, and AR/PR/Corp. Comms.

    5 Present Final Business Case

    The Purpose

    To gain approval to move to Build and Launch phases.

    Key Benefits Achieved

    Align business case with Steering Committee expectations

    Approvals to Build and Launch targeted offering

    Activities

    5.1 Review final launch/readiness plans with final budgets for all key areas.

    5.2 Move all key findings into Steering Committee presentation slides.

    5.3 Present to Steering Committee; receive feedback.

    5.4 Incorporate Steering Committee feedback; update finial business case.

    Outputs

    Combined budgets across all areas. Final launch/readiness plans.

    Final Steering Committee-facing slides.

    Final approvals for Build and Launch.

    Further reading

    Build a More Effective Go-to-Market Strategy

    Maximize GTM success through deeper market and buyer understanding and competitive differentiation and launch team readiness that delivers target revenues.

    Table of Contents

    Section Title
    1 Executive Brief
    • Executive Summary
    • Analyst Perspective
    • Go-to-Market (GTM) strategy critical success factors
    • Key GTM challenges
    • Essential deliverables for GTM success
    • Benefits of a more effective GTM Strategy
    • Our methodology to support your success
    • Insight Summary
    • Blueprint deliverables and guided implementation steps
    2 Build baseline market, buyer, and competitive insights
    • Establish your team
    • Build buyer personas and journeys – develop initial messaging
    • Build initial product hypothesis
    • Size product market opportunity
    • Outline your key tech, app, and digital requirements
    • Develop your competitive differentiation
    • Select routes to market
    3 Design initial product and business case
    • Branding check
    • Formulate packaging and pricing
    • Craft buyer-valid product concept
    • Build campaign plan and targets
    • Develop budgets for creative, content, and media purchases
    • Draft product business case
    • Update GTM Strategy deck
    4 Align stakeholder plans to prep for build
    • Assess tech/tools support for all GTM phases
    • Outline sales enablement and customer success plan
    • Build awareness plan
    • Finalize business case
    • Final GTM plan deck

    Executive Brief

    Analyst Perspective

    Go-to-Market Strategy.

    A successful go-to-market (GTM) strategy aligns marketing, product, sales and customer success, sees decision making based on deep buyer understanding, and tests many basic assumptions often overlooked in today’s agile-driven product development/management environment.

    The disciplines you build using our methodology will not only support your team’s effort building and launching more successful products, but also can be modified for use in other strategic initiatives such as branding, M&A integration, expanding into new markets, and other initiatives that require a cross-functional and multidisciplined process.

    Photo of Jeff Golterman, Managing Director, SoftwareReviews Advisory.

    Jeff Golterman
    Managing Director
    SoftwareReviews Advisory

    Executive Summary

    An ineffective go-to-market strategy is often a root cause of:
    • Failure to attain new product revenue targets.
    • A loss of customer focus and poor new product/feature release buyer adoption.
    • Product releases misaligned with marketing, sales, and customer success readiness.
    • Low win rates compared to key competitors’.
    • Low contact-to-lead conversion rates.
    • Loss of executive/investor support for further new product development and marketing investments.
    		 Hurdles to go-to-market success include:
    • An unclear product-market opportunity.
    • A lack of well defined and prioritized buyer personas and needs that are well understood.
    • Poor competitive analysis that fails to pinpoint key areas of competitive differentiation.
    • Guessing at buyer journey and buyer-described ideal engagement within your lead gen engine.
    • A business case that calls for levels of customer value delivery (vs. feature MVPs) that can actually deliver wins and targeted revenue goals.
    		 Apply SoftwareReviews approach for greater GTM success.

    Our blueprint is designed to help you:

    • Align stakeholders on a common vision and execution plan prior to the build and launch phases.
    • Build a foundation of buyer and competitive understanding to drive a successful product hypothesis, then validate with buyers.
    • Deliver a team-aligned launch plan that enables launch readiness and outlines commercial success.

    SoftwareReviews Insight

    Creating a compelling go-to-market strategy, and keeping it current, is a critical software company function – as important as financial strategy, sales operations, and even corporate business development – given its huge impact on the many drivers of sustainable growth.

    Go-to-Market Strategy Critical Success Factors

    Your GTM Strategy is where a multi-disciplined team builds a strong foundation for overall product plan, build, launch, and manage success

    A GTM Strategy is not all art and not all science but requires both. Software leaders will establish a set of core capabilities upon which they will plan, build, launch and manage product success. Executives, when resourcing their GTM strategies, will begin with:
    • Strong Program Leadership – An experienced Program Manager will guide the team through each step of GTM Strategy and test team readiness before advancing to the next step.
    • Few Shortcuts – Successful teams will have navigated the process through all steps together at least once. Then future launches can skip steps where prior decisions still hold.
    • Stakeholder Buy-In – Strong collaboration among Sales, Marketing, and Product wins the day.
    • Strong Team Skills – Success depends on having the right talent, making the right decisions, and delivering the right outcomes enabled with the right set of technologies and integrated to reach the right buyers at the right moment.
    • Discipline and perseverance – Given that GTM Strategy is not easy, it’s not surprising that 75% of marketers cite a significant level of dissatisfaction with the outcomes of their GTM plan, build, and launch phases.
    		 Diagram titled 'Go-to-Market Phases' with phases 'Manage', 'Launch', 'Build', and highlighted as 'This blueprint focus': 'Plan'.

    SoftwareReviews Advisory Insight:
    Marketers who get GTM Strategy “right” give themselves a 50% greater chance of Build and Launch success.

    Sample of the 'PLAN' section of the GTM Strategy optimization diagram shown later.

    Go-to-Market Success is Challenging

    Getting GTM right is like winning an Olympic first-place crew finish. It takes teamwork, practice, and well-functioning tools and equipment.

    Stock image of a rowing team.

    • The goal of any Go-to-Marketing Strategy is not only to do it right once, but to do it over and over consistently.
    • A lack of GTM consistency often results in decelerating growth, and a weak GTM Strategy is likely the root cause when companies observe any of the following challenges:
      • Product opportunity is unclear and well-defined business cases are lacking
      • Buyer adoption slows of new features and launch revenue targets are missed
      • Sales and marketing are not ready when development releases new features
      • Sales win/loss ratios drop as customers tell us products are not competitively differentiated
      • Loss of executive support for new product investments
    • A company experiencing any one of these symptoms will find a remedy in plugging gaps in the way they Go-to-Market.

    “Figuring out a Go-to-Market approach is no trivial exercise – it separates the companies that will be successful and sustainable from those that won’t.” (Harvard Business Review)

    Slowing growth may be due to missing GTM Strategy essentials

    Marketers – Large and Small – will further test their GTM Strategy strength by asking “Are we missing any of the following?”

    • Product, Marketing, and Sales Alignment
    • Buyer personas and journeys
    • Product market opportunity size
    • Competitively differentiated product hypothesis
    • Buyer validated commercial concept
    • Sales revenue plan and program cost budget
    • Compelling business case for build and launch

    SoftwareReviews Advisory Insight:

    Marketers will go through the GTM Strategy process together across all disciplines at least once in order to establish a consistent process, make key foundational decisions (e.g. tech stack, channel strategy, pricing structure, etc.), and assess strengths and weaknesses to be addressed. Future releases to existing products don’t need to be re-thought but instead check-listed against prior foundational decisions.

    Is Your GTM Strategy Led and Staffed Properly?

    Staffing tree outlining GTM Strategy essentials. At the top are 'Steering Committee: CEO/GM in larger company, CFO/Senior Finance, Key functional leaders'. Next is 'Program Manager: Leads the GTM program. Workstream leads are “dotted line” for the program.' Followed by 'Workstream Leads: (PM) Product Marketing – Program leadership, (PD) Product Mgt. – Aligned with PM, (MO) Marketing Ops – SMB optional, (BR) Branding/Creative – SMB optional, (CI) Competitive Intel. – SMB optional, (DG) Demand Gen./Field Marketing. – crucial, (SE) Sales Enablement – crucial, (PR) PR/AR/Comms – SMB optional, and (CS) Customer Success – SMB optional'. In a 'Large Enterprise' each role is assigned to a separate person, but in a 'Small' Enterprise each person has multiple roles. 'SMB – as employees wear many hats, teams comprise members with requisite skills vs. specific roles/titles.'

    Benefits of a more effective go-to-market strategy

    Our research shows a more effective GTM Strategy delivers key benefits, including:
    • Increased product development ROI – with a finance-aligned business case, a buyer-validated value proposition, and the readiness of marketing and sales to product launch.
    • Launch campaign effectiveness – increases dramatically when messaging resonates with buyers and where they are in their journey.
    • Seller effectiveness – increases with buyer validated value proposition, competitive differentiation, and the ability to articulate to buyers.
    • Executive support – is achieved when an aligned sales, marketing, and product team proves consistent in delivering against release targets over and over again.

    SoftwareReviews Advisory Insight:
    Many marketers experiencing the value of the GTM Steering Committee, extend its use into a “Product and Pricing Council” (PPC) in order to move product-related decision making from ad-hoc to structured, and to reinforce GTM Strategy guardrails and best practices across the company.

    		“Go-to-Market Strategies aren’t just for new products or services, they can also be used for:
    • Acquiring other businesses
    • Changing your business’s focus
    • Announcing a new feature
    • Entering a new market
    • Rebranding
    • Positioning or repositioning

    And while each GTM strategy is unique, there are a series of steps that every product marketer should follow.” (Product Marketing Alliance)

    Is your GTM Strategy optimized?

    Large detailed layout of the steps needed to 'Make Your Go-to-Market Strategy More Successful'. 'GTM Planning Success Can Be Elusive'; '75% of high-tech marketers desire a more effective GTM strategy...'. Steps: '1 Your Challenges - Are You Feeling Any of These Pains?', '2 Framework - Stay Aligned', '3 Planning - Check Your GTM Plan Steps', '4 Insight - Deliver Key Output', and '5 Results - Reap Key Benefits'. Source: SoftwareReviews, powered by Info-Tech Research Group.

    Marketers, in order to optimize a go-to-market strategy, will:

    1. Self assess for symptoms of a sub-optimized approach.
    2. Align marketing, sales, product, and customer success with a common vision and execution plan.
    3. Diagnose for missing steps.
    4. Ensure creation of key deliverables.
    5. And then be able to reap the rewards.

    Who benefits from an optimized go-to-market strategy?

    This research is designed for:
    • High-tech marketers who are:
      • Looking to improve any aspect of their go-to-market strategy.
      • Looking for a checklist of roles and responsibilities across the product planning, build, and launch processes.
      • Looking to foster better alignment among key stakeholders such as product marketing, product management, sales, field marketing/campaigners, and customer success.
      • Looking to build a stronger business case for new product development and launch.
    		 This research will help you:
    • Explain the benefits of a more effective go-to-market strategy to stakeholders.
    • Size the market opportunity for a product/solution.
    • Organize stakeholders for GTM operational success.
    • More easily present the GTM strategy to executives and colleagues.
    • Build and present a solid business case for product build and launch.
    This research will also assist:
    • High-tech marketing and product leaders who are:
      • Looking for a framework of best practices to improve and scale their GTM planning.
      • Looking to align team members from all the key teams that support high-tech product planning, build, launch, and manage.
    		 This research will help them:
    • Align stakeholders on an overall GTM strategy.
    • Coordinate tasks and activities involved across plan, build, launch, and manage – the product lifecycle.
    • Avoid low market opportunity pursuits.
    • Avoid poorly defined product launch business cases.
    • Build competence in managing cross-functional complex programs.

    SoftwareReviews’ Approach

    1

    		 Build baseline market, buyer, and competitive insights

    Sizing your opportunity, building deep buyer understanding, competitive differentiation, and routes to market are fundamental first steps.

    2

    		 Design initial product and business case

    Validate positioning and messaging against brand, develop packaging and pricing, and develop digital approach, launch campaign approach and supporting budgets across all areas.

    3

    		 Align stakeholder plans to prep for build

    Rationalize product release and concept to sales/financial plan and further develop customer success, PR/AR, MarTech, and analytics/metrics plans.

    Our methodology provides a step-by-step approach to build a more effective go-to-market strategy

    1.Build baseline market, buyer, and competitive insights 2. Design initial product and business case 3. Align stakeholder plans to prep for build
    Phase Steps
    1. Select Steering Committee, GTM team, and outline roles and responsibilities. Build an aligned vision.
    2. Build initial product hypothesis based on sales and buyer “jobs to be done” research.
    3. Size the product market opportunity.
    4. Outline digital and tech requirements to support the full GTM process.
    5. Clarify target buyer personas and the buyer journey.
    6. Identify competitive gaps, parity, and differentiators.
    7. Select the most effective routes to market.
    8. Craft initial GTM Strategy presentation for executive review and status check.
    1. Compare emerging messaging and positioning with existing brand for consistency.
    2. Formulate packaging and pricing.
    3. Build a buyer-validated product concept.
    4. Build an initial campaign plan and targets.
    5. Develop initial budgets across all areas.
    6. Draft an initial product business case.
    7. Update GTM Strategy for executive review and status check.
    1. Assess technology and tools support for GTM strategy as well as future phases of GTM build, launch, and manage.
    2. Outline support for customer onboarding and ongoing engagement.
    3. Build an awareness plan covering media, social media, and industry analysts.
    4. Finalize product business case with collaborative input from product, sales, and marketing.
    5. Develop a final executive presentation for request for approval to proceed to GTM build phase.
    Phase Outcomes
    1. Properly sized market opportunity and a unique buyer value proposition
    2. Buyer persona and journey mapping with buyer needs and competitive SWOT
    3. Tech stack modernization requirements
    4. First draft of business case
    1. Customer-validated value proposition and product-market fit
    2. Initial product business case with sales alignment
    3. Initial launch plans including budgets across all areas
    1. Key stakeholders and their plans are fully aligned
    2. Executive sign-off to move to GTM build phases

    Insight summary

    Your go-to-market strategy ability is a strategic asset

    Having an updated and compelling go-to-market strategy is a critical capability – as important as financial strategy, sales operations, and even corporate business development – given its huge impact on the many drivers of sustainable growth.

    Build the GTM Steering Committee into a strategic decision-making body

    Many marketers experiencing the value of the GTM Steering Committee extend its use into a “Product and Pricing Council” (PPC) in order to move product-related decision making from ad-hoc to structured, and to reinforce GTM Strategy guardrails and best practices across the company.

    A strong MarTech apps and analytics stack differentiates GTM leaders from laggards

    Marketers that collaborate closely with Marketing Ops., Sales Ops., and IT early in the process of a go-to-market strategy will be best able to assess whether current website/digital, marketing applications, CRM/sales automation apps, and tools can support the complete Go-to-Market process effectively.

    Establishing alignment through the GTM process builds long term operational strength

    Marketers will go through the GTM Strategy process together across all disciplines at least once in order to establish a consistent process, make key foundational decisions (e.g. tech stack, channel strategy, pricing structure, etc.), and assess strengths and weaknesses to be addressed.

    Build speed and agility

    Future releases to existing products don’t need be re-thought but instead check-listed against prior foundational decisions.

    GTM Strategy builds launch success

    Marketers who get GTM Strategy “right” give themselves a 50% greater chance of build and launch success.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Go-to-Market Strategy Presentation Template

    Capture key findings for your GTM Strategy within the Go-to-Market Strategy Presentation Template.

    Sample of the key deliverable, the Go-to-Market Strategy Presentation Template.

    Go-to-Market Strategy RACI and Launch Checklist Workbook

    Includes a RACI model and launch checklist that helps scope your working team’s roles and responsibilities.

    		Sample of the Go-to-Market Strategy RACI and Launch Checklist Workbook deliverable.

    Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Capture launch incremental costs that, when weighed against the forecasted revenue, illustrate gross margins as a crucial part of the business case.

    		Sample of the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook deliverable.

    Product Market Opportunity Sizing

    While not a deliverable of this blueprint per se, the Product Market Opportunity blueprint is required.

    		Sample of the Product Market Opportunity Sizing deliverable. This blueprint calls for downloading the following additional blueprint:

    Buyer Persona and Journey blueprint

    While not a deliverable of this blueprint per se, the Buyer Persona and Journey blueprint is required

    		Sample of the Buyer Persona and Journey blueprint deliverable.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
    Included within advisory membership Optional add-ons

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization.

    For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst.

    Your engagement managers will work with you to schedule analyst calls.

    What does our GI on Build a More Effective Go-to-Market Strategy look like?

    Build baseline market, buyer, and competitive insights

    Design initial product and business case

    Align stakeholder plans to prep for build
    Call #1: Share GTM vision and outline team activities for the GTM Strategy process. Plan next call – 1 week.

    Call #2: Outline product market opportunity approach and steps to complete. Plan next call – 1 week.

    Call #3: Hold a series of inquiries to do a modernization check on tech stack. Plan next call – 2 weeks.

    Call #4: Discuss buyer interview process, persona, and journey steps. Plan next call – 2 weeks.

    Call #5: Outline competitive differentiation analysis, routes to market, and review of to-date business case. Plan next call – 1 week.

    		Call #6: Discuss brand strength/weakness, pricing, and packaging approach. Plan next call – 3 weeks.

    Call #7: Outline needs to craft assets with right messaging across campaign launch plan and budget. Outline needs to create plans and budgets across rest of marketing, sales, CX, and product. Plan next call – 1 week.

    Call #8: Review template and approach for initial business case and sales and product alignment. Plan next call – 1 week.

    Call #9: Review initial business case and launch plans across marketing, sales, CX, and product. Plan next call – 1 week.

    		Call #10: Discuss plans/needs/budgets for tech stack modernization. Plan next call – 3 days.

    Call #11: Discuss plans/needs/budgets for CX readiness for launch. Plan next call – 3 days.

    Call #12: Discuss plans/needs/budgets for digital readiness for launch. Plan next call – 3 days.

    Call #13: Discuss plans/needs/budgets for marketing and sales readiness for launch. Plan next call – 3 days.

    Call #14: Review final business case and coach on Steering Committee Presentation. Plan next call – 1 week.

    A Go-to-Market Workshop Overview
    Contact your engagement manager for more information.
    Day 1 Day 2 Day 3 Day 4 Day 5
    Align on GTM Vision & Plan, Craft Initial Strategy
    Identify Initial Business Case, Sales Forecast and Launch Plan
    Develop Launch Plans (i of ii)
    Develop Launch Plans (ii of ii)
    Present Final Business Case to Steering Committee
    Activities

    1.1 Outline a vision for GTM and roles required, identify Steering Committee lead, workstream leads, and teams.

    1.2 Capture GTM strategy hypothesis by working through initial draft of GTM Strategy Presentation and business case.

    1.3 Capture team knowledge on buyer persona and journey and competitive SWOT.

    1.4 Identify information/data gaps and sources and plan for capturing/gathering including buyer interviews.

    Plan next day 2-3 weeks after buyer persona/journey interviews.

    2.1 Size product market opportunity and initial revenue forecast.

    2.2 Craft initial product hypothesis from buyer interviews including feature priorities, pricing, packaging, competitive differentiation, and channel/route to market.

    2.3 Craft initial launch campaign, product release, sales, and CX readiness plans.

    2.4 Identify launch budgets across each investment area.

    2.5 Discuss initial product launch business case and key activities.

    Plan next day 2-3 weeks after product hypothesis-validation interviews with customers and prospects.

    3.1 Apply product interviews to scope, MVP, and roadmap competitive differentiation, pricing, feature prioritization, routes to market and sales forecast.

    3.2 Develop more detailed launch campaign plan complete with asset-types, messaging, digital plan to support buyer journey, media buy plan and campaign metrics.

    4.1 Develop detailed launch/readiness plans with final budgets for:

    • Sales enablement
    • Sales training
    • Tech stack
    • Customer onboarding & success
    • Product marketing
    • AR
    • PR
    • Corp comms/Internal comms
    • Customer events
    • Employee events
    • etc.

    5.1 Review final launch/readiness plans with final budgets for all key areas.

    5.2 Move all key findings up into Steering Committee presentation slides.

    5.3 Present to Steering Committee, receive feedback.

    5.4 incorporate Steering Committee feedback; update finial business case.

    Deliverables
    1. Documented Steering Committee and working team, aligned on GTM vision and process.
    2. Document team knowledge on initial GTM strategy, buyer persona and business case.
    1. Definition of product market fit, uniqueness and competitive differentiation.
    2. Preliminary product launch business case, campaign, targets, and readiness plans.
    1. Detailed launch plans, budgets for product and marketing launch.
    1. Detailed launch plans, budgets for product marketing, sales, customer success, and AR/PR/Corp. comms.
    1. Final GTM Strategy, launch plan and business case.
    2. Approvals to move to GTM build and launch phases.

    Build a More Effective Go-to-Market Strategy

    Phase 1

    Build baseline market, buyer, and competitive insights

    Phase 1

    1.1 Select Steering Cmte/team, build aligned vision for GTM

    1.2 Buyer personas, journey, initial messaging

    1.3 Build initial product hypothesis

    1.4 Size market opportunity

    1.5 Outline digital/tech requirements

    1.6 Competitive SWOT

    1.7 Select routes to market

    1.8 Craft GTM Strategy deck

    		Phase 2

    2.1 Brand consistency check

    2.2 Formulate packaging and pricing

    2.3 Craft buyer-valid product concept

    2.4 Build campaign plan and targets

    2.5 Develop cost budgets across all areas

    2.6 Draft product business case

    2.7 Update GTM Strategy deck

    		Phase 3

    3.1 Assess tech/tools support for all GTM phases

    3.2 Outline sales enablement and Customer Success plan

    3.3 Build awareness plan

    3.4 Finalize business case

    3.5 Final GTM Plan deck

    This phase will walk you through the following activities:

    • Steering Committee and Team formulation
    • A vision for go-to-market strategy
    • Initial product hypothesis
    • Market Opportunity sizing
    • Tech stack/digital requirements
    • Buyer persona and journey
    • Competitive gaps, parity, differentiators
    • Routes to market
    • GTM Strategy deck

    This phase involves the following stakeholders:

    • Steering Committee
    • Working group leaders

    To complete this phase, you will need:

    Go-to-Market Strategy Presentation Template Go-to-Market Strategy RACI and Launch Checklist Workbook Buyer Persona and Journey blueprint Product Market Opportunity Sizing Workbook
    Sample of the Go-to-Market Strategy Presentation Template deliverable. Sample of the Go-to-Market Strategy RACI and Launch Checklist Workbook deliverable. Sample of the Buyer Persona and Journey blueprint deliverable. Sample of the Product Market Opportunity Sizing Workbook deliverable.
    Use the Go-to-Market Strategy Presentation Template to document the results from the following activities:
    • Documenting your GTM Strategy stakeholders
    • Documenting your GTM Strategy working team
    		 Use the Go-to-Market Strategy RACI and Launch Checklist Workbook to:
    • Review the scope of roles and responsibilities required
    • Document the roles and responsibilities of your teams
    		 Use the Buyer Persona and Journey blueprint to:
    • Interview sales and customers/prospects to inform product concepts, understand persona and later, flush out buyer journey
    		 Use the Product Market Opportunity Sizing blueprint to:
    • Project Serviceable Obtainable Market (SOM), Serviceable Available Market (SAM), and Total Available Market (TAM) from your current penetrated market

    Step 1.1

    Identify a GTM Program Steering Committee and Team. Build an Aligned Vision for Your Go-to-Market Strategy Approach

    Activities
    • 1.1.1 Identify the Steering Committee of key stakeholders whose support will be critical to success
    • 1.1.2 Select your go-to-market strategy program team
    • 1.1.3 Discuss an overview of the GTM process and program roles and responsibilities with stakeholders and GTM workstream leads
    • 1.1.4 Develop a Go-to-Market launch, tiering, time-line, and overall program plan
    • 1.1.5 Work with each workstream lead on their overall project plan and incremental budget requirements

    This step will walk you through the following activities:

    • Identify stakeholders – your Steering Committee
    • Identify team members
    • Present a vision of GTM Strategy

    This step involves the following participants:

    • Steering Committee
    • Program workstream leads

    Outcomes of this step

    • Steering Committee identified
    • Team members identified
    • All aligned on the GTM process
    • Go-to-market strategy timeline and program plan
    Phase 1 - Formulate a hypothesis and run discovery on key fundamentals
    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5 Step 1.6 Step 1.7 Step 1.8

    1.1.1 Identify stakeholders critical to success

    1-2 hours

    Input: Steering Committee interviews, Recognition of Steering Committee interest

    Output: List of GTM Strategy stakeholders as Steering Committee members

    Materials: Following slide outlining the key responsibilities required of the Steering Committee members, A high-Level timeline of GTM Strategy phases and key milestone meetings

    Participants: CMO, sponsoring executive, Functional leads - Marketing, Product Marketing, Product Management, Sales, Customer Success

    1. The GTM Strategy initiative manager should meet with the CMO to determine who will comprise the Steering Committee for your GTM Strategy.
    2. Finalize selection of steering committee members.
    3. Meet with members to outline their roles and responsibilities and ensure their willingness to participate.
    4. Document the steering committee members and the milestone/presentation expectations for reporting project progress and results.

    SoftwareReviews Advisory Insight:
    Go To Market Steering Committee’s can become an important ongoing body to steer overall product, pricing and other GTM decisions. Some companies have done so by adding the CEO and CFO to this committee and designated it as a permanent body that meets monthly to give go/no decisions to “all things product related” across all products and business units. Leaders that use this tool well, stay aligned, demonstrate consistency across business units and leverage outcomes across business units to drive greater scale.

    Go-to-Market Strategy Stakeholders

    Understand that aligning key stakeholders around the way your company goes to market is an essential company function.

    Title Key Roles Supporting an Effective Go-to-Market Strategy
    Go-to-Market Strategy Sponsor
    • Owns the function at the management/C-suite level
    • Responsible for breaking down barriers and ensuring alignment with organizational strategy
    • CMO, VP of Marketing, and in SMB Providers, the CEO
    Go-to-Market Strategy Program Manager
    • Typically a senior member of the marketing team
    • Responsible for organizing the GTM Strategy process, preparing summary executive-level communications and approval requests
    • Program manages the GTM Strategy process, and in many cases, the continued phases of build and launch.
    • Product Marketing Director, or other marketing director, that has strong program management skills, has run large scale marketing and/or product programs, and is familiar with the stakeholder roles and enabling technologies
    Functional Workstream Leads
    • Works alongside the Go-to-Market Strategy Initiative Manager on a specific product launch, campaign, rebranding, new market development, etc. and ensures their functional workstreams are aligned with the GTM Strategy
    • With typical GTM B2B a representative from each of the following functions will comprise the team:
      • Product Marketing, Product Management, Field Marketing, Creative, Marketing Ops/Digital, PR/Corporate Comms/AR, Social Media Marketing, Sales Operations, Sales Enablement/Training, and Customer Success
    Digital, Marketing/Sales Ops/IT Team
    • Comprised of individuals whose application and tech tools knowledge and skills are crucial to supporting the entire marketing tech stack and its integration with Sales/CRM
    • Responsible for choosing technology that supports the business requirements behind Go-to-Market Strategy, and eventually the build and launch phases as well
    • Digital Platforms, CRM, Marketing Applications and Analytics managers
    Steering Committee
    • Comprised of C-suite/management-level individuals that guide key decisions, approve of requests, and mitigate any functional conflicts
    • Responsible for validating goals and priorities, defining the scope, enabling adequate resourcing, and managing change especially among C-level leaders in Sales & Product
    • CMO, CTO/CPO, CRO, Head of Customer Success

    Download the Go-to-Market Strategy Presentation Template

    Roles vary by company size. Launch success depends on clear responsibilities

    Sample of the Go-to-Market Strategy RACI and Launch Checklist Workbook.

    Download the Go-to-Market Strategy RACI and Launch Checklist Workbook

    		Success improves when you align & assign
    • Go-to-Market, build, and launch success improves when:
      • Phases and steps are outlined
      • Key activities are documented
      • Roles/functions are described
      • At the intersection of activities and role, whether the role is “Responsible,” “Accountable,” “Consulted,” or “Informed” is established across the team
    • Leaders will hold a workshop to establish RACI that fits with the scope and scale of your organization.
    • Confusion, conflict, and friction can be dramatically reduced/eliminated with RACI adoption and practice.
    • Review the RACI model and launch checklist within the Go-to-Market Strategy RACI and Launch Checklist Workbook in order to identify the full scope of roles and responsibilities needed.

    Go-to-Market Strategy Working Team

    Consider the skills and knowledge required for GTM Strategy as well as build and launch functions when choosing teams.

    Work with functional leaders to select workstream leads

    Workstream leads should be strong in collaboration, coordination of effort among others, knowledgeable about their respective function, and highly organized as they may be managing a team of colleagues within their function to deliver their responsible portion of GTM.

    Required Skills/Knowledge

    • Target Buyer
    • Product Roadmap
    • Brand
    • Competitors
    • Campaigns/Lead Gen
    • Sales Enablement
    • Media/Analysts
    • Customer satisfaction

    Suggested Functions

    • Product Marketing
    • Product Management
    • Creative Director
    • Competitive Intelligence
    • Demand Gen./Field Marketing
    • Sales Ops/Training/Enablement
    • PR/AR/Corporate Comms.
    • Customer Success
    Roles Required in Successful GTM Strategy
    For SMB companies, as employees wear many different hats, assign people that have the requisite skills and knowledge vs. the role title.

    Download the Go-to-Market Strategy RACI and Launch Checklist Workbook

    1.1.2 Select the GTM Strategy working team

    1-2 hours

    Input: Stakeholders and leaders across the various functions outlined to the left

    Output: List of go-to-market strategy team members

    Materials: Go-to-Market Strategy Workbook

    Participants: Initiative Manager, CMO, Sponsoring executive, Departmental Leads – Sales, Marketing, Product Marketing, Product Management (and others), Marketing Applications Director, Senior Digital Business Analyst

    1. The GTM Strategy Initiative Manager should meet with the GTM Strategy Sponsor and functional leaders of workstream areas/functions to determine which team members will serve as Steering Committee members and who will serve as workstream leads.
    2. The working team for your go-to-market strategy should have the following roles represented in the working team:
      • Depending on the initiative and the size of the organization, the team will vary.
      • Key business leaders in key areas – Product Marketing, Field Marketing, Digital Marketing, Inside Sales, Sales, Marketing Ops., Product Management, and IT – should be involved.
    3. Document the members of your go-to-market strategy team in the Go-to-Market Strategy Presentation slide entitled “Our Team.”

    Download the Go-To-Market Strategy RACI and Launch Checklist Workbook

    1.1.3 Develop a timeline for key milestones

    1 hour

    Timeline for Key Milestones with row headers 'Go-to-Market Phases', 'Major Milestones', and 'Key Phase Activities'. The phases (each column) and their associated activities are 'PLAN - Create buyer-validated product concept, size opportunity, and build business case', 'BUILD - Build product and enable readiness across the rest of marketing sales and customer success', 'LAUNCH - Release product, launch campaigns, and measure progress toward objectives', and then post-phase is 'MANAGE'. Notes in the 'Major Milestones' row: 'Outline key dates', 'Update with 'Today's Date' as you make progress', and 'Use GTM Plan major milestones or create your own'.

    GTM Program Managers:

    1. Will establish key program milestones working collaboratively with the Steering Cmte. and workstream leads.
    2. Outline key ”Market-facing” or external deliverables & dates, as well as internal.
    3. More detailed deliverable plans are called for working with workstream leads.
    4. This high-level overview will be used in regular Steering Cmte. and working team meets
    5. Record in the Go-to-Market Strategy Presentation

    Download the Go-to-Market Strategy Presentation Template

    1.1.5 Share your GTM strategy vision with your team

    1-2 hours

    Input: N/A

    Output: Team understanding of an effective go-to-market strategy, team roles and responsibilities and initial product and launch concept.

    Materials: The Build a More Effective Go-to-Market Strategy Executive Brief

    Participants: GTM Program Manager, CMO, Sponsoring executive, Workstream leads

    1. Download the Build a More Effective Go-to-Market Strategy Executive Brief and add the additional slides on Team Composition and Key Milestones you have created in prior steps as appropriate.
    2. Convene the Steering Committee and Working Team and take them through the Build a More Effective Go-to-Market Strategy Executive Brief with your additional slides to:
      1. Communicate team composition, roles and responsibilities, and key GTM Strategy program milestones.
      2. Educate them on what comprises a complete GTM Strategy from the Executive Brief.
    3. Optional: As a SoftwareReviews Advisory client, invite a SoftwareReviews analyst to present the Executive Brief if that is of help to you and your team.

    Go to the Build a More Effective Go-to-Market Strategy Executive Brief

    GTM program managers and workstream leads will collaborate on detailed project plans

    Timeline titled 'Workstreams Status' with a legend of shapes and colors, activities listed as row headers, timeline sections 'EXPLORE', 'DESIGN', 'ALIGN', and 'BUILD', and a column at the end of the timelines for the name of the workstream lead. Notes: 'Change names to actual workstream. Create separate pages for each', 'Overlay colored bars to indicate on/off track', 'Describe major deliverables & due dates', 'Outline major milestones', 'Update with your actual month and week-ending dates', 'Add workstream lead names'.

    Program managers will:

    • Outline an overall more detailed way of tracking GTM program workstreams, key dates and on/off track status

    Program managers & workstream leads will:

    • Call out each key workstream and workstream lead
    • Outline key deliverables and due dates
    • Track weekly for communicating status to Steering Cmte and working team meetings

    Use the Launch Checklist when building out full project plans

    Sample Launch Checklist table with project info above, and table columns 'Component', 'Owner', 'Start Date', 'Finish Date', 'G2M Plan', and 'Build'.

    Download the Go-to-Market Strategy RACI and Launch Checklist Workbook

    		Continuous improvement is enabled with a repeatable process
    • With ownership assigned and set-back schedules in place, product marketing and management leaders can take the guesswork out of the GTM plan and build and launch process for the entire team.
    • “Lighter” versions are created for lower-tier releases.
    • Checklists ensure “we haven’t missed anything” and drive clarity among the team.
    • Articulating where we are now and what’s next increases management confidence.
    • Rinse and repeat improves overall quality and drives scale.

    1.1.6 Develop a project plan for each workstream

    Work with your workstream leads to see them develop a detailed project plan that spans all their deliverables for a GTM Strategy
    1. It’s essential that GTM initiative managers can rely upon workstream leads to provide the status of their respective workstreams in a shared environment for easy weekly updating and reporting.
    2. We suggest the following approach:
      1. GTM initiative managers should maintain a copy of the GTM Strategy Presentation in a shared drive so workstream leads can provide updates.
      2. Workstream leads should work with their GTM initiative manager to populate a version of the workstream tracker shown on the previous slide that enables team status reporting.
      3. Additional slides that actually show “work completed” (e.g. images of assets created, training plans, screen caps of software functionality, etc.) should be reviewed each week as well.
      4. GTM initiative leaders/program managers are advised to summarize the to-date work completed across the team into the Go-To-Market Product and Launch Business Case slides to demonstrate progress to the Steering Committee.
    3. The goal is to keep tracking manageable. Because status is most easily shown during Steering Committee and Working Team meetings using PowerPoint, we recommend a simple approach to program management by using PowerPoint.
    		 Using the Go-to-Market Strategy Presentation:
    3-4 hours Initial, 1-2 hours weekly
    1. Work with your workstream leads to create a slide for each workstream that will contain all the key milestones.
    2. Some teams will choose to use project management software, others a PowerPoint representation, which makes for easy presentation during status meets.
    3. Use the following resources:
      • In the Go-to-Market Strategy RACI and Launch Checklist Workbook, reference the Launch Checklist.
      • In the Go-to-Market Presentation, use the Appendix slides and complete for each workstream.
    4. The GTM initiative manager must be able to track status with workstream leads and present status to the rest of the team during Steering Committee and workstream lead meetings.

    Download the Go-to-Market Strategy Presentation Template

    Download the Go-To-Market Strategy RACI and Launch Checklist Workbook

    Step 1.2

    Hold Interviews With Sales Then Customers and Prospects to Inform Your Initial Product Concept

    Activities
    • 1.2.1 Use the SoftwareReviews Buyer Persona and Journey Interview Guide and Data Capture Tool found within the SoftwareReviews Buyer Persona and Journey blueprint.
    • 1.2.2 Follow the instructions within the above blueprint and hold interviews with Sales and customers and prospects to inform your buyer persona, initial product hypothesis, and buyer journey.
    • 1.2.3 Flush out the initial product and launch concept using the slides found within the Go-to-Market Strategy Presentation Template. You will continually refine the Go-to-Market Strategy Presentation Template such that you turn the Product and Launch descriptions into a business case for product build and launch. We advise you and your team to populate the slides to begin to inform an initial concept, then hold interviews with Sales, customers, and prospects to refine. The best way to capture customer and prospect insights is to use the Buyer Persona and Journey blueprint.

    This step will walk you through the following activities:

    • Schedule time with sales/sales advisory to flush out the product concept
    • Develop your customer and prospect interviewee list
    • Consolidate findings for your GTM Strategy program slide deck

    This step involves the following participants:

    • Sales/sales advisory, product management, initiative leader (product marketing)
    • Customers and prospects

    Outcomes of this step

    • Guidance from sales on product concept
    • Initial guidance from customers and prospective buyers
    • Agreement to proceed further

    Phase 1 - Formulate a hypothesis and run discovery on key fundamentals

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5 Step 1.6 Step 1.7 Step 1.8

    Documenting buyer personas enables success beyond marketing

    Documenting buyer personas has several essential benefits to marketing, sales, and product teams:
    • Achieve a better understanding of your target buyer – by building a detailed buyer persona for each type of buyer and keeping it fresh, you take a giant step in becoming a customer-centric organization.
    • Align the team on a common definition – will happen when you build buyer personas collaboratively and among teams that touch the customer.
    • Improved lead generation – increases dramatically when messaging and marketing assets across your lead generation engine better resonate with buyers because you have taken the time to understand them deeply.
    • More effective selling – is possible when sellers apply persona development output to their interactions with prospects and customers.
    • Better product-market fit – increases when product teams more deeply understand for whom they are designing products. Documenting buyer challenges, pain points, and unmet buyer needs gives product teams what they need to optimize product adoption.
    		 “It’s easier buying gifts for your best friend or partner than it is for a stranger, right? You know their likes and dislikes, you know the kind of gifts they’ll have use for, or the kinds of gifts they’ll get a kick out of. Customer personas work the same way. By knowing what your customer wants and needs, you can present them with content targeted specifically to those wants and needs.” (Emma Bilardi, Product Marketing Alliance, July 8, 2020)

    Buyer persona attributes that need defining

    A well defined buyer persona enables us to:

    • Clarify target org-types, identify buying decision makers and key personas, and determine how they make decisions
    • Align colleagues around a common definition of target buyer(s) to drive improvements in messaging and engagement across marketing, sales, and customer success
    • Identify specific asset-types and tools that, when activated within our lead gen engine and in the hands of sellers, helps a buyer move through a decision process
    Functional – “to find them”
    Job Role Titles Org Chart Dynamics Buying Center Firmographics

    Emotive – “what they do and jobs to be done”
    Initiatives – What programs/projects the persona is tasked with and what are their feelings and aspirations about these initiatives? Motivations? Build credibility? Get promoted? Challenges – Identify the business issues, problems, and pain points, that impede attainment of objectives. What are their fears, uncertainties, and doubts about these challenges? Buyer need – They may have multiple needs; which need is most likely met with the offering? Terminology – What are the keywords/phrases they organically use to discuss the buyer need or business issue?

    Decision Criteria – “how they decide”
    Buyer role – List decision-making criteria and power level. The five common buyer roles are champion, influencer, decision maker, user, and ratifier (purchaser/negotiator). Evaluation and decision criteria – The lens, either strategic, financial, or operational, through which the persona evaluates the impact of purchase.

    Solution Attributes – “what the ideal solution looks like”
    Steps in “Jobs to be Done” Elements of the “Ideal Solution” Business outcomes from ideal solution Opportunity scope – other potential users Acceptable price for value delivered Alternatives that see consideration Solution sourcing – channel, where to buy

    Behavioral Attributes – “how to approach them successfully”
    Content preferences – List the persona’s content preferences, could be blog, infographic, demo, video, or other, vs. long-form assets (e.g. white paper, presentation, analyst report). Interaction preferences – Which among in-person meetings, phone calls, emails, video conferencing, conducting research via web, mobile, and social. Watering holes – Which physical or virtual places do they go to network or exchange info with peers e.g. LinkedIn, etc.

    Buyer journeys are constantly shifting

    If you haven’t re-mapped buyer journeys recently, you may be losing to competitors that have. Leaders re-map buyer journeys frequently.
    • The multi-channel buyer journey is constantly changing – today’s B2B buyer uses industry research sites, vendor content marketing assets, software reviews sites, contacts with vendor salespeople, events participation, peer networking, consultants, emails, social media sites, and electronic media to research purchasing decisions.
    • COVID has dramatically decreased face-to-face – we estimate a B2B buyer spent between 20-25% more time online researching software buying decisions in 2021 than they did pre-COVID. This has diminished the importance of face-to-face selling and has given dramatic rise to digital selling and outbound marketing.
    • Content marketing has exploded – but without mapping the buyer journey and knowing where (by channel) and when (which buyer journey step) to offer content marketing assets, we will fail to convert prospects into buyers.

    SoftwareReviews Advisory Insight:
    Marketers are advised to update their buyer journey annually and with greater frequency when the human vs. digital mix is effected due to events such as COVID, and as emerging media such as Augmented Reality shifts asset-type usage and engagement options.

    		“Two out of three B2B buyers today prefer remote human interactions or digital self service.

    And during August 2020-February 2021, use of digital self service leapt by 10%” (McKinsey & Company, 2021.)

    Challenges of not mapping persona and journey

    A lack of buyer persona and journey understanding is frequently the root cause of the following symptoms:
    • Lead generation results are way below expectations.
    • Inconsistent product-market fit.
    • Sellers have low success rates doing discovery with new prospects.
    • Website abandonment rates are really high.
      •

    These challenges are often attributed to messaging and talk tracks that fail to resonate with prospects and products that fail to meet the needs of targeted buyers.

    SoftwareReviews Advisory Insight:
    Marketers developing buyer personas and journeys that lack agreement among Marketing, Sales, and Product of personas to target will squander precious time and resources throughout the customer targeting and acquisition process.

    		“Forty-four percent of B2B marketers have already discovered the power of personas.” (Boardview, 2016.)

    1.2.1 Interview Sales and customers/prospects

    12 - 15 Hours, over course of 2-3 weeks

    Input: Insights from Sellers, Insights from customers and prospects

    Output: Completed slides outlining buyer persona, buyer journey, overall product concept, and detailed features and capabilities needed

    Materials: Create a Buyer Persona and Journey blueprint, Go-to-Market Strategy Presentation

    Participants: Product management lead, GTM Program Manager, Select sellers, Workstream leads that wish to participate in interviews

    1. Using the Create a Buyer Journey and Persona Journey blueprint:
      • Follow the instructions to interview a group of Sellers, and most importantly, several customers and prospects
        • For this stage in the GTM Strategy process, the goal is to validate your initial product and launch concept.
        • We urge getting through all the interview questions with interviewees as the answers inform:
          • Product market fit and Minimal Viable Product
          • Competitive differentiation
          • Messaging, positioning, and campaign targeting
          • Launch campaign asset creation.
      • Place summary findings into the Go-to-Market Strategy Presentation, and for reference, place the Buyer Persona and Journey Summaries into the Go-to-Market Strategy Presentation Appendix.

    Download the Go-to-Market Strategy Presentation Template

    Download the Create a Buyer Journey and Persona Journey blueprint

    Step 1.3

    Update Your Product Concept

    Activities
    • 1.3.1 Based on Sales and Customer/Prospect interviews, update:
      • Your product concept slide
      • Detailed prioritization of features and capabilities

    This step calls for the following activities:

    • Update the product concept slide based on interview findings
    • Update/create the stack-ranking of buyer requested feature and capability priorities

    This step involves the following participants:

    • Product management lead
    • GTM initiative leader
    • Select workstream leads who sat in on interview findings

    Outcomes of this step

    • Advanced product concept
    • Prioritized features for development during Build phase
    • Understanding of MVP to deliver customer value and deal “wins”

    Phase 1 - Formulate a hypothesis and run discovery on key fundamentals

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5 Step 1.6 Step 1.7 Step 1.8

    1.3.1 Update Product and Launch concept

    2 Hours

    Input: Insights from Sellers, Insights from customers and prospects

    Output: Completed slides outlining product concept and detailed features and capabilities needed

    Materials: Go-to-Market Strategy Presentation

    Participants: Product management lead, GTM Program Manager, Select sellers, Workstream leads that wish to participate in interviews

    1. Using the Go-to-Market Strategy Presentation:
      • With interview findings, update the Product and Launch Concept, Buyer Journey, and Capture Key Features/Capabilities of High Importance to Buyers slides

    Download the Go-to-Market Strategy Presentation Template

    Product and Launch Concept

    At this early stage, summarize findings from concept interviews to guide further discovery, as well as go-to-market concepts and initial campaign concepts in upcoming steps.

    Job Function Attributes

    Target Persona(s):
    Typical Title:
    Buying Center/functional area/dept.:

    Firmographics:
    Industry specific/All:
    Industry subsegments:
    Sizes (by revenues, # of employees):
    Geographical focus:

    Emotive Attributes

    Initiative descriptions: Buyer description of project/program/initiative. What terms used?

    Business issues: What are the business issues related to this initiative? How is this linked to a CEO-level mission-critical priority?

    Key challenges: What business/process hurdles need to be overcome?

    Pain points: What are the pain points to the business/personally in their role related to the challenges that drove them to seek a solution?

    Success motivations: What motivates our persona to be successful in this area?

    Solution and Opportunity

    Steps to do the job: What are the needed steps to do this job today?

    Key features and capabilities: What are the key solution elements the buyer sees in the ideal solution? (See additional detail slide with prioritized features.)

    Key business outcomes: In business terms, what value (e.g. cost/time/FTE savings, deals won, smarter, etc.) is expected by implementing this solution?

    Other users/opportunities: Are there other users in the role team/company that would benefit from this solution?

    Pricing/Packaging

    What is an acceptable price to pay for this solution? Based on financial benefits and ROI hurdles, what’s a good price to pay? A high price? What are packaging options? Any competitive pricing to compare?

    Alternatives/Competition

    What are alternatives to this solution: How else would you solve this problem? Are there other solutions you’ve investigated?

    Channel Preferences

    Where would it be most convenient to buy?: Direct from provider? Channel partner/reseller? Download from the web?

    Decision Criteria Attributes

    Decision maker – Role, criteria/decision lens:
    User(s) – Role, criteria/decision lens:
    Influencer(s) – Role, criteria/decision lens:
    Ratifier(s) – Role, criteria/decision lens:

    Behavioral Attributes

    Interaction preferences: Best way for us to reach this role? Email? At events? Texting? Video calls?

    Content types: Which content types (specifics; videos, short blog/article, longer whitepapers, etc.) help us stay educated about this initiative area?

    Content sources: What news, data, and insight sources (e.g. specifics) do you use to stay abreast of what’s important for this initiative area?

    Update the Go-to-Market Strategy Presentation with findings from Sales and customer/prospect interviews.

    Capture key features/capabilities of high importance to buyers

    Ask buyers during interviews, as outlined in the Buyer Persona and Journey blueprint, to describe and rate key features by need. You will also review with buyers during the GTM Build phase, so it’s important to establish high priority features now.

    Example bar chart for 'Buyer Feature Importance Ratings' where 'Buyer Need' is rated for each 'Feature'.
    • List key feature areas for buyer importance rating.
    • Establish a rating scheme.
        E.g. a rating of:
      • 4.5 or higher = critical ROI driver
      • 3.5 to 4.5 = must haves
      • 2 to 3.5 = nice to have
      • Less than 2 = low importance
    • Have buyers rate each possible feature 0-5 after explaining the rating scheme. Ask – are we missing any key features?
    • Update this slide, found within the Go-to-Market Strategy Presentation, with customer/prospect interview findings.
    Perform the same buyer interviews for non-feature “capabilities” such as:
    • Ease of use, security, availability of training, service model, etc. – and other “non-feature” areas that you need for your product hypothesis.

    Step 1.4

    Size the Product Market Opportunity

    Activities
    • 1.3.1 Based on the product concept, size, and the product market opportunity and with a focus on your “Obtainable Market”:
      • Clarify the definitions used to size market opportunity.
      • Source data both internally and externally.
      • Calculate the available, obtainable market for your software product.

    This step will walk you through the following activities:

    • Review market sizing definitions and identify required data
    • Identify the target market for your software application
    • Source market and internal data that will support your market sizing
    • Document and validate with team members

    This step involves the following participants:

    • GTM initiative leader
    • CMO, select workstream leads

    Outcomes of this step

    • Definitions on market sizing views
    • Data sourcing established
    • Market sizing and estimated penetration calculations

    Phase 1 - Formulate a hypothesis and run discovery on key fundamentals

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5 Step 1.6 Step 1.7 Step 1.8

    Market opportunity sizing definitions

    Your goal is to assess whether or not the opportunity is significantly sized and if you are well positioned to capture it

    1. This exercise is designed to help size the market opportunity for this particular product GTM launch and not the market opportunity for the entire product line or company. First a few market sizes to define:
      1. Penetrated – is your current revenues and can be expressed in your percentage vs. competitors’.
      2. Serviceable Obtainable Market (SOM) – larger than your currently penetrated market, and a percentage of SAM that can realistically be achieved. It accounts for your current limitations to reach and your ability to sell to buyers. It is restricted by your go-to-market ability and reduced by competitive market share. SOM answers: What increased market can we obtain by further penetrating accounts within current geographical coverage and go-to-market abilities and within our ability to finance our growth?
      3. Serviceable Available Market (SAM) – larger than SOM yet smaller than TAM, SAM accounts for current products and current go-to-market capabilities and answers: What if every potential buyer bought the products we have today and via the type of go-to-market (GTM) especially geographical coverage, we have today? SAM calls for applying our current GTM into unpenetrated portions of currently covered customer segments and regions.
      4. Total Available Market (TAM) – larger than SAM, TAM sizes a market assuming we could penetrate other customer segments within currently covered regions without regard for resources, capabilities, or competition. It answers the question: If every potential buyer within our available market – covered regions – bought, how big would the market be?
      5. Total Global Market – estimates market opportunity if all orgs in all segments and regions bought – with full disregard for resources and without the restrictions of our current GTM abilities.
      6. Develop your market opportunity sizing using the Product Market Opportunity Sizing Workbook.

    Download the Product Market Opportunity Sizing Workbook

    SoftwareReviews Advisory Insight:
    Product marketers that size the product market opportunity and account for the limitations posed by competitors, current sales coverage, brand permission, and awareness, provide their organizations with valuable insights into which inhibitors to growth should be addressed.

    Visualization of market opportunity sizes as circles within bigger circles, 'Penetrated Market' being the smallest and 'Global Market' being the largest.

    1.4.1 Size the product market opportunity

    Your goal is two-fold: Determine the target market size, and develop a realistic 12–24 month forecast to support your business case
    1. Open the Product Market Opportunity Sizing Workbook.
    2. Follow the instructions within.
    3. When finished, download the Go-to-Market Strategy Presentation and update the Product Market Opportunity Size slide with your calculated Product Market Opportunity Size.

    Download the Product Market Opportunity Sizing Workbook

    Download the Go-to-Market Strategy Presentation Template

    “Segmentation, targeting and positioning are the three pillars of modern marketing. Great segmentation is the bedrock for GTM success but is overlooked by so many.” (Product Marketing Alliance)

    Step 1.5

    Outline Digital and Tech Requirements

    Activities

    Designing your go-to-market strategy does not require a robust customer experience management (CXM) platform, but implementing your strategy during the next steps of Go-to-Market – Build then Launch – certainly does.

    Review info-Tech’s CXM blueprint to build a more complete, end-to-end customer interaction solution portfolio that encompasses CRM alongside other critical components.

    The CXM blueprint also allows you to develop strategic requirements for CRM based on customer personas and external market analysis called for during your GTM Strategy design.

    Diagram of 'Customer Relationship Management' surrounded by its components: 'Web Experience Management Platform', 'E-Commerce & Point-of-Sale Solutions', 'Social Media Management Platform', 'Customer Intelligence Platform', 'Customer Service Management Tools', and 'Marketing Management Suite'.

    These steps outlined in the CXM blueprint, will help you:

    • Assess your CRM application(s) and the environment in which they exist. Take a business-first strategy to prioritize optimization efforts.
    • Validate CRM capabilities, user satisfaction, issues around data, vendor management, and costs to build out an optimization strategy
    • Pull this all together to develop a prioritized optimization roadmap.

    This step involves the following participants:

    • Marketing Operations, Digital, IT
    • Project workstream leads as appropriate

    Outcomes of this step

    • After inquiries with appropriate analysts, client will be able to assess what new application and technology support is required to support Go To Market process.

    Phase 1 - Formulate a hypothesis and run discovery on key fundamentals

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5 Step 1.6 Step 1.7 Step 1.8

    Step 1.6

    Identify features and capabilities that will drive competitive differentiation

    Activities
    • 1.6.1 Hold a session with key stakeholders including sales, customer success, product, and product marketing to develop a hypothesis of features and capabilities vs. competitors: differentiators, parity areas, and gaps (DPG).
    • Optional for clients with buyer reviews and key competitive reviews within target product category:
      • 1.6.2 Request from SoftwareReviews a 2X2 Matrix Report of Importance vs. Satisfaction for both features and capabilities within your product market/category to identify areas of competitive DPG.
      • 1.6.3 Hold an Inquiry with covering ITRG analysts in your product category to have them validate key areas of competitive DPG.
    • 1.6.4 Document competitive DPG and build out your hypothesis for product build as you ready for customer interviews to validate that hypothesis.

    This step will provide processes to help you:

    • Understand and document competitive differentiation, parity, and gaps

    This step involves the following participants:

    • Project workstream leads in product marketing, competitive intelligence, product management, and customer success

    Outcomes of this step

    • Develop a clear understanding of what differentiated capabilities to promote, which parity items to mention in marketing, and which areas are competitive gaps
    • Develop a hypothesis of what areas need to be developed during the Build phase of the Go-to-Market lifecycle

    Phase 1 - Formulate a hypothesis and run discovery on key fundamentals

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5 Step 1.6 Step 1.7 Step 1.8

    Assess current capabilities and competitive differentiation vs. buyer needs

    Taking buyer needs ratings from step 1.3, assess your current and key competitive capabilities against buyer needs for both feature and non-feature capabilities. Incorporate into your initial product hypothesis.

    Example bar chart for 'Competitive Differentiation, Parity and Gaps – Features' comparing ratings of 'Buyer Need', 'Our Current Capabilities', and 'Competitive Capabilities' for each 'Feature'.

    • Rank features in order of buyer need from step 1.3.
    • Prioritize development needs where current capabilities are rated low. Spot areas for competitive differentiation especially in high buyer-need areas.
    Perform the analysis for non-feature capabilities such as:
    • ease of use
    • security
    • availability of training
    • service model

    Optional: Validate feature and capability importance with buyer reviews

    Request from your SoftwareReviews Engagement Manager the “Importance vs. Satisfaction” analysis for your product(s) feature and non-feature capabilities under consideration for your GTM Strategy

    Satisfaction
    Fix Promote
    Importance

    Low Satisfaction
    High Importance

    These features are important to their market and will highlight any differentiators to avoid market comparison.

    High Satisfaction
    High Importance

    These are real strengths for the organization and should be promoted as broadly as possible.

    Low Satisfaction
    Low Importance

    These features are not important for the market and are unlikely to drive sales if marketing material focuses on them. Rationalize investment in these areas.

    High Satisfaction
    Low Importance

    Features are relatively strong, so highlight that these features can meet customer needs
    Review Maintain

    Overall Category Product Feature Satisfaction Importance

    • Importance is based on how strongly satisfaction for a feature of a software suite correlates to the overall Likeliness to Recommend
    • Importance is relative – low scores do not necessarily indicate the product is not important, just that it’s not as important as other features

    (Optional for clients with buyer reviews and key competitive reviews within target product category.)

    Optional: Feature importance vs. satisfaction

    Example: ERP “Vendor A” ratings and recommended key actions. Incorporate this analysis into your product concept if updating an existing solution. Have versions of the below run for specific competitors.

    Importance vs. Satisfaction map for Features, as shown on the previous slide, but with examples mapped onto it using a legend, purple squares are 'Enterprise Resource Planning' and green triangles are 'Vendor A'.

    Features in the “Fix” quadrant should be addressed in this GTM Strategy cycle.

    Features in the “Review” quadrant are low in both buyer satisfaction and importance, so vendors are wise to hold on further investments and instead focus on “Fix.”

    Features in the “Promote” quadrant are high in buyer importance and satisfaction, and should be called out in marketing and selling.

    Features in the “Maintain” quadrant are high in buyer satisfaction, but lower in importance than other features – maintain investments here.

    (Optional for clients with buyer reviews and key competitive reviews within target product category.)

    Optional: Capabilities importance vs. satisfaction

    Example: ERP “Vendor A” capabilities ratings and recommended key actions. Incorporate this analysis into your product concept for non-feature areas if updating an existing solution. Have versions of the below run for specific competitors.

    Importance vs. Satisfaction map for Capabilities with examples mapped onto it using a legend, purple squares are 'Enterprise Resource Planning' and green triangles are 'Vendor A'.

    Capabilities in the “Fix” quadrant should be addressed in this GTM Strategy cycle.

    Capabilities in the “Review” quadrant are low in both buyer satisfaction and importance, so vendors are wise to hold on further investments and instead focus on “Fix.”

    Capabilities in the “Promote” quadrant are high in buyer importance and satisfaction, and should be called out in marketing and selling.

    Capabilities in the “Maintain” quadrant are high in buyer satisfaction, but lower in importance than other features – maintain investments here.

    (Optional for clients with buyer reviews and key competitive reviews within target product category.)

    Develop a competitively differentiated value proposition

    Combining internal competitive knowledge with insights from buyer interviews and buyer reviews; establish which key features that will competitively differentiate your product when delivered

    Example bar chart for 'Competitive Differentiation, Parity and Gaps – Features and Capabilities' comparing ratings of 'Your Product' and 'Competitor A' with high buyer importance at the top, low at the bottom, and rankings of each 'Differentiator', 'Parity', and 'Gap'.

    • Identify what buyers need that will differentiate your product features and company capabilities from key competitors.
    • Determine which features and company capabilities, ideally lower in buyer importance, can achieve/maintain competitive parity.
    • Determine which features and company capabilities, ideally much lower in buyer importance, that can exist in a state of competitive gap.

    Step 1.7

    Select the Most Effective Routes to Market

    Activities
    • 1.7.1 Understand a framework for deciding how to approach evaluating each available channel including freemium/ecommerce, inside sales, field sales, and channel partner.
    • 1.7.2 Gather data that will inform option consideration.
    • 1.7.3 Apply to decision framework and present to key stakeholders for a decision.

    This step will provide processes to help you:

    • Understand the areas to consider when choosing a sales channel
    • Support your decision by making a specific channel recommendation

    This step involves the following participants:

    • Project workstream leads in Sales, Sales Operations, Product Marketing, and Customer Success

    Outcomes of this step

    • Clarity around channel choice for this specific go-to-market strategy cycle
    • Pros and cons of choices with rationale for selected channel

    Phase 1 - Formulate a hypothesis and run discovery on key fundamentals

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5 Step 1.6 Step 1.7 Step 1.8

    Your “route-to-market” – channel strategy

    Capture buyer channel preferences in Step 1.3, and research alternatives using the following framework

    Inside vs. Field Sales – Selling software during COVID has taught us that you can successfully sell software using virtual conferencing tools, social media, the telephone, and even texting and webchat – so is the traditional model of field/territory-based sellers being replaced with inside/virtual sellers who can either work at home, or is there a benefit to being in the office with colleagues?

    Solutions vs. Individual Products – Do your buyers prefer to buy a complete solution from a channel partner or a solutions integrator that puts all the pieces together, and can handle training and servicing, for a more complete buyer solution?

    Channel Partner vs. Build Sales Force – Are there channel partners that, given your product is targeting a new buyer with whom you have no relationship, can leverage their existing relationships, quicken adoption of your products, and lower your cost of sales?

    Fully Digital – Is your application one where users can get started for free then upgrade with more advanced features without the use of a field or inside sales person? Do you possess the e-commerce platform to support this?

    While there are other considerations beyond the above to consider, decide which channel approach will work best for this GTM Strategy.

    Flowchart on how to capture 'Buyer Channel Preferences' with five possible outcomes: 'Freemium/e-commerce', 'Use specified channel partner', 'Establish channel partner', 'Use Inside Sales', and 'Use Field Sales'.

    Channel Partnerships are Expanding

    “One estimate is that for every dollar a firm spends on its SaaS platform, it spends four times that amount with systems integrators and other channel partners.

    And as technologies are embedded inside other products, services, and solutions, effective selling requires more partners.

    Salesforce, for example, is recruiting thousands of new partners, while Microsoft is reportedly adding over 7,000 partners each month.” (HBR, 2021)

    Step 1.8

    Craft an Initial GTM Strategy Presentation for Executive Review and Status Check

    Activities
    • 1.8.1 Finalize the set of slides within the Go-to-Market Strategy Presentation that best illustrates the many key findings and recommended decisions that have been made during the Explore phase of the GTM Strategy.
      • Test whether all key deliverables have been created, especially those that must be in place in order to support future phases and steps.
      • Schedule a Steering Committee meeting and present your findings with the goal to gain support to proceed to the Design phase of GTM Strategy.

    This step will provide processes to help you:

    • Work with your colleagues to consolidate the findings from Phase 1 of the GTM Strategy
    • Create a slide deck with your colleagues for presentation to the Steering Committee to gain approvals to proceed to Phase 2

    This step involves the following participants:

    • Project workstream leads in Sales, Sales Operations, Product Marketing, and Customer Success
    • Steering Committee

    Outcomes of this step

    • Slide deck to present to the Steering Committee
    • Approvals to move to Phase 2 of the GTM Strategy

    Phase 1 - Formulate a hypothesis and run discovery on key fundamentals

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5 Step 1.6 Step 1.7 Step 1.8

    1.8.1 Build your GTM Strategy deck for Steering Committee approval

    1. As you near completion of the Go-to-Market Strategy Phase, Explore Step, an important test to pass before proceeding to the Design step of GTM Strategy, is to answer several key questions:
      1. Have you properly sized the market opportunity for the focus of this GTM cycle?
      2. Have you defined a unique value proposition of what buyers are looking for?
      3. And have you aligned stakeholders on the target customer persona and flushed out an accurate buyer journey?
    2. If the answer is “no” you need to return to these steps and ensure completion.
    3. Pull together a summary review deck, schedule a meeting with the Steering Committee, present to-date findings for approval to move on to Phase 2.

    Download the Go-to-Market Strategy Presentation Template

    Sample of the 'PLAN' section of the GTM Strategy optimization diagram with 'GTM Explore Review' circled in red.

    The presentation you create contains:

    • Team composition and roles and responsibilities
    • Steps in overall process
    • Goals and objectives
    • Timelines and work plan
    • Initial product and launch concept
    • Buyer persona and journey
    • Competitive differentiation
    • Channel strategy

    Build a More Effective Go-to-Market Strategy

    Phase 2

    Design your initial product and business case

    Phase 1

    1.1 Select Steering Cmte/team, build aligned vision for GTM

    1.2 Buyer personas, journey, initial messaging

    1.3 Build initial product hypothesis

    1.4 Size market opportunity

    1.5 Outline digital/tech requirements

    1.6 Competitive SWOT

    1.7 Select routes to market

    1.8 Craft GTM Strategy deck

    		Phase 2

    2.1 Brand consistency check

    2.2 Formulate packaging and pricing

    2.3 Craft buyer-valid product concept

    2.4 Build campaign plan and targets

    2.5 Develop cost budgets across all areas

    2.6 Draft product business case

    2.7 Update GTM Strategy deck

    		Phase 3

    3.1 Assess tech/tools support for all GTM phases

    3.2 Outline sales enablement and Customer Success plan

    3.3 Build awareness plan

    3.4 Finalize business case

    3.5 Final GTM Plan deck

    This phase will walk you through the following activities:

    • Branding consistency check
    • Formulate packaging and pricing
    • Craft buyer-validated product concept
    • Build initial campaign plan and targets
    • Develop budgets for creative, content, and media purchases
    • Draft product business case
    • Update GTM Strategy deck

    This phase involves the following stakeholders:

    • Steering Committee
    • Working group leaders

    To complete this phase, you will need:

    Go-to-Market Strategy Presentation TemplateGo-to-Market Strategy RACI and Launch Checklist WorkbookBuyer Persona and Journey blueprintGo-to-Market Strategy Cost Budget and Revenue Forecast Workbook
    Sample of the Go-to-Market Strategy Presentation Template deliverable.Sample of the Go-to-Market Strategy RACI and Launch Checklist Workbook deliverable.Sample of the Buyer Persona and Journey blueprint deliverable.Sample of the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook deliverable.
    Use the Go-to-Market Strategy Presentation Template to document the results from the following activities:
    • Documenting your GTM strategy stakeholders
    • Documenting your GTM strategy working team
    		Use the Go-to-Market Strategy RACI and Launch Checklist Workbook to:
    • Review the scope of roles and responsibilities required
    • Document the roles and responsibilities of your teams
    		Use the Buyer Persona and Journey blueprint to:
    • Interview sales and customers/prospects to inform product concepts, understand persona and later, flesh out buyer journeys
    		Use the Go-to-Market Cost Budget and Revenue Forecast Workbook to:
    • Tally budgets from across key functions involved in GTM Strategy
    • Compare with forecasted revenues to assess gross margins

    Step 2.1

    Compare Emerging Messaging and Positioning With Existing Brand for Consistency

    Activities

    Share messaging documented with the buyer journey with branding/creative and/or Marketing VP/CMO to ensure consistency with overall corporate messaging. Use the “Brand Diagnostic” on the following slide as a quick check.

    For those marketers that see the need for a re-brand, please:
    Download the Go-to-Market Strategy Presentation Template

    Later during the Build phase of GTM, marketing assets, digital platforms, sales enablement, and sales training will be created where actual messaging can be written with brand guidelines aligned.

    This step is to assess whether you we need to budget extra funds for any rebranding.

    This step will walk you through the following activities:

    • After completing the buyer journey and identifying messaging, test with branding/CMO that new messaging aligns with current:
      • Company positioning
      • Messaging
      • Brand imagery

    This step involves the following participants:

    • Project lead
    • Product marketing
    • Branding/creative
    • CMO

    Outcomes of this step

    • Check – Y/N on brand alignment
    • Adjustments made to current branding or new product messaging to gain alignment

    Phase 2 – Validate designs with buyers and solidify product business case

    Step 2.1 Step 2.2 Step 2.3 Step 2.4 Step 2.5 Step 2.6 Step 2.7

    Brand identity

    Re-think tossing a new product into the same old marketing engine. Ask if your branding today and on this new offering needs help.

    If you answer “no” to any of the following questions, you may need to re-think your brand. Does your brand:

    • recognize buyer pain points and convey clear pain-relief?
    • convey unique value that is clearly distanced from key competitors?
    • resonate with how target personas see themselves (e.g. rebellious, intelligent, playful, wise, etc.) and convey the “feeling” (e.g. relief, security, confidence, inspiration, etc.) buyers seek?
    • offer proof points via customer testimonials (vs. claimed value)?
    • tell a truly customer-centric story that is all about them (vs. what you want them to know about you)?
    • use words (e.g. quality, speed, great service, etc.) that equate to how buyers actually see you? Is your tone of voice going to resonate with your target buyer?
    • present in a clean, simple, and truly unique way? And will your brand identity stand the test of time?
    • represent feedback gleaned from prospects as well as customers?

    “Nailing an impactful brand identity is a critical part of Growth Marketing.

    Without a well-crafted and maintained brand identity, your marketing will always feel flat and one-dimensional.” (Lean Labs, 2021)

    Step 2.2

    Formulate Packaging and Pricing

    Activities
    • 2.2.1 Leverage what was learned in Phase 1 from buyer interviews to create an initial packaging and initial pricing approach.
      • Packaging success is driven by knowing what the buyer values are, how newly proposed functionality may work with other applications, and how well the buyer(s) work in teams.
      • Develop pricing using cost-plus, value/ROI, and competitive/market pricing comparisons.

    This step will walk you through the following activities:

    • Approaches to establishing price points for software products
    • Checking if pricing supports emerging product revenue plan

    This step involves the following participants:

    • Project lead
    • Product Marketing
    • Product Management
    • Pricing (if a function)

    Outcomes of this step

    • Pricing that is validated through buyer interviews and consistent with overall company pricing guardrails
    • Packaging that can be delivered

    Phase 2 – Validate designs with buyers and solidify product business case

    Step 2.1 Step 2.2 Step 2.3 Step 2.4 Step 2.5 Step 2.6 Step 2.7

    2.2.1 Formulate packaging and pricing

    Goal: Incorporate buyer benefits into your MVP that delivers the buyer value that compels them to purchase and drives the business case

    1. Leverage findings from buyer interviews and feature prioritization found in Step 1.3 to arrive at initial feature inclusion.
    2. Leverage feedback from customer interviews and competitive pricing analysis to arrive at an initial target price offer.
    3. Go to the Go-to-Market Strategy Presentation and use the slides labeled “Go-to-Market Strategy, Overall Project Plan.”

    Download the Go-to-Market Strategy Presentation Template

    		Refer to the findings from buyer persona interviews

    Sample of the Buyer Persona and Journey blueprint deliverable.

    Step 2.3

    Build a Buyer-Validated Product Concept

    Activities
    • 2.2.1 Add to your initial product concept from Phase 1, the pricing and packaging approach.
      • Take the concept out to buyers to get their feedback – not on UX design, that will come later, but to ensure the value is clear to the buyers, and to raise confidence in the product concept.
      • As with previous customer and prospect interviews, use the Buyer Persona and Journey blueprint with its accompanying interview guide and focus on the product related questions.
      • Generate your slides to present and discuss with buyers, capture feedback, and refine the product concept.

    This step will walk you through the following activities:

    • Hold buyer interviews to review the product design
    • Validate concept and commercial variables – not UX design, that comes later

    This step involves the following participants:

    • Project lead
    • Product Marketing
    • Product Management

    Outcomes of this step

    • Customer validated product concept that meets the business plan

    Phase 2 – Validate designs with buyers and solidify product business case

    Step 2.1 Step 2.2 Step 2.3 Step 2.4 Step 2.5 Step 2.6 Step 2.7

    2.3.1 The best new product hypothesis doesn’t always come from your best customers

    Goal: Validate your product concept and business case

    1. Key areas to validate during product concept feedback:
      1. Feature/capability-build priorities – Which set of features and capabilities (i.e. service model, etc.) must be delivered in a minimum viable product (MVP) that delivers unique and competitively differentiating buyer value so we have win rates that support the business case?
      2. Packaging/Pricing – Are their features/capabilities that are not in base offering but offered as add-ons or not at all? Are their different packaging options that must be delivered given different customer segments and appropriate price points? (E.g. a small- to-medium sized business (SMB) version, Freemium, or Basic vs. Premium offerings?
      3. Routes to Market/Channel – Ensure you validate your channel strategy as work/effort will be needed to arrive at channel sales and marketing enablement.

    Download the Go-to-Market Strategy Presentation Template

    “Innovation opportunities almost always come from understanding a company’s worst customers or customers it doesn’t serve” (Harvard Business School Press, 1997)

    2.3.2 How your prospects buy will inform upcoming campaign design

    Goal: During product validation interviews, further validate the buyer journey to identify asset types to be created/sourced for launch campaign design

    1. Leverage findings from buyer interviews with a focus on buyer journey questions/answers found in Step 1.3 and further validated during product concept feedback in step 2.3.
    2. Your goal is to uncover the following key areas (see next slide for illustration):
      1. Validate the steps buyers take throughout the buyer journey – when you validate buyer steps and what the buyer is doing and thinking as they make a buying decision determines if you are supporting the right process.
      2. Validate the human vs. non-human/digital interaction type for each step – this determines whether your lead gen engine or your salesforce (or channel partner) will deliver the marketing assets and sales collateral.
      3. Describe the asset-types most valued by buyers during each step – this will provide the guidance your demand gen/field marketers need to either work with product marketing and creative to design and build, or source the right marketing asset and sales collateral for your lead gen engine and to support sales enablement.
      4. Identify which channels – this will give your digital team the guidance they need to design the “where” to place the assets within your lead gen engine. Feedback from customer interviews and competitive pricing analysis to arrive at an initial target price for offering is shown on the next slide.
    3. Use the Go-to-Market Strategy Presentation to complete the buyer journey slide with key findings.

    Download the Go-to-Market Strategy Presentation Template

    		Refer to the findings from buyer persona interviews

    Sample of the Buyer Persona and Journey blueprint deliverable.

    Answers you need to map buyer journey

    Your buyer interviews – whether during earlier steps or here during product concept validation – will give specific answers to all areas in green text below. Understanding channels, asset-types, and crafting your key messaging are essential for next steps.

    Table outlining an example buyer's journey with fields in green text that are to be to replaced with answers from your buyer interviews.

    Step 2.4

    Build Your Initial Campaign Plan and Targets

    Activities
    • 2.4.1. While product management and marketing is working on the business case, the campaign team is designing their launch campaign.
    • Expand from the product concept and build out the entire launch campaign identifying dates, CTA’s, channels, and asset types needed that will be built during the Build phase.

    This step will walk you through the following activities:

    • Outline deployment plan of activities and outcomes
    • Draw up specs for needed assets, web-page changes, emails, target segments, and targets for leads generated

    This step involves the following participants:

    • Project lead
    • Field Marketing
    • Product Marketing

    Outcomes of this step

    • The initial draft of the campaign plan that outlines multichannel activities, dates, and assets that need to be sourced and/or created

    Phase 2 – Validate designs with buyers and solidify product business case

    Step 2.1 Step 2.2 Step 2.3 Step 2.4 Step 2.5 Step 2.6 Step 2.7

    2.4.1 Document your campaign plan

    2 hours

    On the following Awareness and Lead Gen Engine slide:
    1. Tailor the slide to describe your lead generation engine as you will use it when you get to latter steps to describe the activities in your lead gen engine and weigh them for go-to-market strategy.
    2. Use the template to see what makes up a typical lead gen and awareness building engine to see what you may be missing, as well as to record your current engine “parts.”
      • Note: The “Goal” image in upper right is meant as a reminder that marketers should establish a goal for Sales Qualified Leads (SQL’s) delivered to field sales for each campaign.

    On the Product and Launch Concept slides:

    1. Update the slides with findings from 2.3 and 2.4.

    Download the Go-to-Market Strategy Presentation Template

    “Only 32% of marketers – and 29% of B2B marketers – said the process of planning campaigns went very well. Just over half were sure they had selected the right business goal for a given marketing project and only 42% were confident they identified the right audience – which is, of course, a critical determinant for achieving success.” (MIT Sloan Management Review)

    Launch campaign

    Our Goal for [Campaign name] is to generate X SQL’s

    Flowchart of the steps to take when a campaign is launched, from 'Organic Website Visits' and 'Go Live' to future 'Sales Opportunities'. A key is present to decipher various icons.

    Awareness

    PR/EXTERNAL COMMS:

    Promote release in line with company story

    • [Executive Name] interview with [Publication Y] on [Launch Topic X] – Mo./Day
    • Press Release on new enhancements – Mo./Day
    • [Executive Name] interview with [Publication Z] on [Launch Topic X] – Mo./Day
    ANALYST RELATIONS:

    Receive analyst feedback pre-launch and brief with final releases messaging/positioning

    • Inquiry with [Key Analysts] on [Launch Topic X] – Mo./Day, pre launch
    • Press Release shared on new enhancements – Launch day minus two days
    • Analyst briefing with [Key Analysts] on [Launch Topic X] – Launch day minus two days

    Download the Go-to-Market Strategy Presentation Template

    2.4.2 Campaign targets

    Goal: Establish a Marketing-Influenced Win target that will be achieved for this launch

    We advise setting a target for the launch campaign. Here is a suggested approach:
    1. Understand what % of all sales wins are touched by marketing either through first or last touch attribution. This is the % of Marketing-Influenced Wins (MIWs).
    2. Determine what sales wins are needed to attain product revenue targets for this launch.
    3. Apply the actual company MIW % to the number of deals that must be closed to achieve target product launch revenues. This becomes the MIW target for this launch campaign.
    4. Then, using your average marketing funnel conversion rates working backwards from MIWs to Opportunities, Sales Accepted Leads (SALs), Sales Qualified Leads (SQLs), Marketing Qualified Leads (MQLs), up to website visits.
    5. Update the slides with findings from 2.3 and 2.4.

    Download the Go-to-Market Strategy Presentation Template

    “Marketing should quantify its contribution to the business. One metric many clients have found valuable is Marketing Influenced Wins (MIW). Measured by what % of sales wins had a last-touch marketing attribution, marketers in the 30% – 40% MIW range are performing well.” (SoftwareReviews Advisory Research)

    Step 2.5

    Develop Initial Budgets Across All Areas

    Activities
    • 2.5.1 Use the Go-to-Market Budget Workbook and work with your workstream leads.
      • Capture the costs associated with this GTM Strategy and Launch.
      • Summarize your GTM budget in the Go-to-Market Strategy Presentation, including the details behind the gross margin calculation for your GTM Strategy/campaign if required.

    This step will walk you through the following activities:

    • Field marketing, product marketing, creative, others to identify the specific budget elements needed for this campaign/launch

    This step involves the following participants:

    • Project lead
    • Field Marketing
    • Product Marketing
    • Branding/creative

    Outcomes of this step

    • The initial marketing budget for this campaign/launch

    Phase 2 – Validate designs with buyers and solidify product business case

    Step 2.1 Step 2.2 Step 2.3 Step 2.4 Step 2.5 Step 2.6 Step 2.7

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    2.5.1 Develop your GTM Strategy/product launch campaign budget

    Goal: Work with your workstream leads to identify all incremental costs associated with this GTM strategy and product launch

    1. Use the Go-to-Market Budget Workbook and adjust to include the areas that are identified by your workstream leads as being applicable to this GTM Strategy and Launch.
      • These should be incremental costs to normal operating and capital budgets and those areas that are fully approved for inclusion by your Steering Committee/Sponsoring Executive.
    2. Begin to Catalog all applicable costs to include all key areas such as:
      • Technology costs for internal use (typically from Marketing Ops), and “core” to product technology costs working with the product team
      • Channel marketing programs, agency (e.g. branding, naming, web design, SEO, content marketing, etc.), T&E, paid media, events, marketing assets, etc.

      3. Note that in the Align Step – Step 3, you will see your workstream leads each develop their individual contributions to both the launch plan as well a budget.

    3. Summarize your initial GTM budget findings in the Go-to-Market Strategy Presentation, including the details behind the gross margin calculation for your GTM Strategy/campaign if required. Again, you will flush out the final costs within each workstream areas in Phase 3, ”Align.”

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Download the Go-to-Market Strategy Presentation Template

    Step 2.6

    Draft Initial Product Business Case

    Activities
    • 2.6.1 Here’s where you begin to pull together all the essential elements of your final business case.
      • For many organizations that require a view of return on investment, you will begin here to shape the key elements that your organization requires for a complete business case to go ahead with the needed investments.
      • The goal is to compare estimated costs to estimated revenues to ensure acceptable margins will be delivered for this GTM strategy/product launch.
      • The culmination of work to get to this calculation will continue through Phase 3; however, the following slide illustrates the kind of visualization that will be possible with our approach.

    This step will walk you through the following activities:

    • A product revenue forecast is created, alignment with sales/sales targets is created for a minimum viable product (MVP) that meets the buyer’s needs at the price point established/validated

    This step involves the following participants:

    • Project lead
    • Product management
    • Product marketing
    • Sales leadership

    Outcomes of this step

    • The important measures of:
      • Product revenue forecast
      • Supported MVP features

    Phase 2 – Validate designs with buyers and solidify product business case

    Step 2.1 Step 2.2 Step 2.3 Step 2.4 Step 2.5 Step 2.6 Step 2.7

    Gross Margin Estimates – part of a complete product business case

    Your goal: Earn more than you spend! This projection of estimated gross margins should be part of your product launch business case. The GTM initiative lead and workstream leads are charged with estimating incremental costs, and product and sales must work together on the revenue forecast.

    Net Return

    We estimate our 12 month gross profit to be ….

    Quarterly Revenues

    Based on sales forecast, our quarterly/monthly revenues are ….

    Estimated Expenses

    Incremental up-front costs are expected to be ….

    		Example 'P&L waterfall for Product X Launch' with notes. Green bars are 'Increase', red bars are 'Decrease', and blue bars are 'Total'. Red bar note: 'Your estimated incremental up-front costs', Green bar note: 'Your estimated net incremental revenues vs. costs', Blue bar note: 'Your estimated net gross profit for this product launch and campaign', 'END' note: 'Extend for suitable period'.

    2.6.1 Develop your initial product business case

    Goal: Focused on the Product Concept areas related to product Market Fit, Buyer Needs and Market Opportunity, Product Managers will summarize in order to gain approval for Build

    1. Using the Go-to-Market Strategy Presentation, product managers should ensure the product concept slide(s) support the rationale to move to Build phase. Key areas include:
      1. Adequate market opportunity size – that is worth the incremental investment
      2. Acceptable costs/investment to pursue the opportunity – design, creative services for branding, web design, product naming, asset creation, copywriting, translation services not available in-house
      3. Well-defined product market fit – review buyer interviews that identify buyer pain points and ideas that will deliver needed business value
      4. Buyer-validated commercials – buyer-validated pricing and packaging
      5. Product development budget and staffing support to build viable MVP & beyond roadmap – development budget and staffing is in place/budgeted to deliver MVP by target date and continue to ensure attainment of product revenue targets
      6. Unique product value proposition that is competitively differentiated – to drive acceptable win rates
      7. Product Sales Forecast – that when compared to costs meets company investment hurdle rates
      8. Sales Leadership support for achieving sales forecast and supported sales/channel resourcing plan – sales leadership has taken on forecasted revenues as an incremental sales quota and has budget for additional hiring, enablement, and training for attainment.
    2. Go to the Go-to-Market Strategy Presentation and complete the slides summarizing these key areas that support the business case for the next phases of Build and Launch.

    Product Business Case Checklist:

    • Acceptably large enough product market opportunity
    • Well-defined competitive differentiation
    • Buyer-validated product-market fit
    • Buyer-validated and competitive commercials (i.e. pricing, packaging)
    • An MVP with roadmap that aligns to buyer needs and buyer-validated price points
    • A 24–36 month sales forecast with CRO sign-up and support for attainment
    • Costs of launch vs. forecasted revenues to gauge gross margins

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Download the Go-to-Market Strategy Presentation Template

    Step 2.7

    Update the GTM Strategy Presentation Deck for Executive Review and Sign-off

    Activities
    • 2.7.1 Update the deck with Phase 2 findings culminating in the business case.

    This step will walk you through the following activities:

    • Drop into the GTM Strategy deck the summary findings from the team’s work
    • Write an executive summary that garners executive support for needed funds, signed-up-for sales targets, agreed upon launch timing
    • Steering Committee alignment on above and next steps

    This step involves the following participants:

    • Project lead
    • Steering Committee
    • Workstream leads

    Outcomes of this step

    • Executive support for the GTM Strategy plan and approval to proceed to Phase 3

    Phase 2 – Validate designs with buyers and solidify product business case

    Step 2.1 Step 2.2 Step 2.3 Step 2.4 Step 2.5 Step 2.6 Step 2.7

    2.7.1 Update your GTM Strategy deck for Design Steering Committee approval

    1. As you near completion of the Go-to-Market Strategy Phase – Design Step, while your emerging business case is important, it will be finalized in the Align Step.
    2. An important test to pass before proceeding to the Align step of the GTM Strategy, is to answer several key questions:
      1. Have you validated the product value proposition with buyers?
      2. Is the competitive differentiation clear for this offering?
      3. Did Sales support the business case by signing up for the incremental quota?
      4. Has product defined an MVP that aligns with the buyer value needed to drive purchases?
      • If the answer is “no” you need to return to these steps and ensure completion
    3. Pull together a summary review deck, schedule a meeting with the Steering Committee, and present to-date findings for approval to move onto Phase 3.

    Download the Go-to-Market Strategy Presentation Template

    Sample of the 'PLAN' section of the GTM Strategy optimization diagram with 'GTM Design Review' circled in red.

    The presentation you create contains:

    • Timelines and a work plan
    • Expanded product concept to include your packaging and pricing approach
    • Feedback from buyers on validated product concept especially commercial elements
    • Expanded campaign plan and marketing budget
    • Initial product business case

    Build a More Effective Go-to-Market Strategy

    Phase 3

    Align stakeholder plans to prep for build

    Phase 1

    1.1 Select Steering Cmte/team, build aligned vision for GTM

    1.2 Buyer personas, journey, initial messaging

    1.3 Build initial product hypothesis

    1.4 Size market opportunity

    1.5 Outline digital/tech requirements

    1.6 Competitive SWOT

    1.7 Select routes to market

    1.8 Craft GTM Strategy deck

    		Phase 2

    2.1 Brand consistency check

    2.2 Formulate packaging and pricing

    2.3 Craft buyer-valid product concept

    2.4 Build campaign plan and targets

    2.5 Develop cost budgets across all areas

    2.6 Draft product business case

    2.7 Update GTM Strategy deck

    		Phase 3

    3.1 Assess tech/tools support for all GTM phases

    3.2 Outline sales enablement and Customer Success plan

    3.3 Build awareness plan

    3.4 Finalize business case

    3.5 Final GTM Plan deck

    This phase will walk you through the following activities:

    1. Assess tech/tools support for all GTM phases
    2. Map lead generation plan
    3. Outline Customer Success plan
    4. Build awareness plan (PR/AR, etc.)
    5. Finalize product business case
    6. Final GTM planning deck and Steering Committee review

    This phase involves the following stakeholders:

    • Steering Committee
    • Working group leaders

    To complete this phase, you will need:

    Go-to-Market Strategy Presentation Template Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook
    Sample of the Go-to-Market Strategy Presentation Template deliverable. Sample of the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook deliverable.
    Use the Go-to-Market Strategy Presentation Template to document the results from the following activities:
    • Documenting your GTM Strategy Stakeholders
    • Documenting your GTM Strategy Working Team
    		 Use the Go-to-Market Cost Budget and Revenue Forecast Workbook to:
    • Tally budgets from across key functions involved in the GTM Strategy
    • Compare with forecasted revenues to assess gross margins

    Step 3.1

    Assess Technology and Tools Support for Your GTM Strategy as Well as Future Phases of GTM

    Activities
    • 3.1.1 Have Marketing Operations document what tech stack improvements are required in order to get the team to a successful launch. Understand costs and implementation timelines and work it into the Go-to-Market Budget Workbook.

    This step will walk you through the following activities:

    • After completing your initial survey in Step 1, complete requirements building for needed technology and tools acquisition/upgrade in campaign management, sales opportunity management, and analytics.

    This step involves the following participants:

    • Project lead
    • Marketing operations/digital
    • IT

    Outcomes of this step

    • Build a business requirement against which to evaluate new/upgraded vendor tools to support the entire GTM process

    Phase 3 – Align functional plans with a compelling business case for product build

    Step 3.1 Step 3.2 Step 3.3 Step 3.4 Step 3.5

    3.1.1 Technology plan and investments

    Goal: Outline the results of our analysis and Info-Tech analyst guidance regarding supporting systems, tools, and technologies to support our go-to-market strategy

    1. Plans, timings, and incremental costs related to, but not limited to, the following apps/tools/technologies:
      1. Lead management/Marketing automation
      2. Marketing analytics
      3. Sales Opportunity Management System (OMS) and Configure, Price, and Quote (CPQ) applications
      4. Sales engagement
      5. Sales analytics
      6. Customer service and support/Customer interaction hub
      7. Customer data management and analytics
      8. Customer experience platforms
      9. Marketing content management
      10. Creative tools
      11. Share of voice and social platform management
      12. Etc.
    2. Go to the Go-to-Market Budget Workbook and complete by adding costs identified in above areas that are specific to this go-to-market strategy, Build, and Launch initiative. Record in the Go-to-Market Strategy Presentation completing the areas within the slides related to the Product and Launch Concepts and Business Case.

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Download the Go-to-Market Strategy Presentation Template

    Step 3.2

    Outline Sales Enablement and Support for Customer Success to Include Onboarding and Ongoing Engagement

    Activities
    • 3.3.1 Sales Enablement – develop the sales enablement and training plan for Launch to include activities, responsible parties, dates for delivery, etc.

    This step will walk you through the following activities:

    • Finalize the customer success training and support plan
    • Onboarding scripts
    • Changes to help screens in application
    • Timing to plan for Quality Acceptance

    This step involves the following participants:

    • Project lead
    • Customer Success lead
    • Product management
    • Product marketing

    Outcomes of this step

    • Plan for creation of copy, assets, and rollout pan to support clients and client segments for Launch

    Phase 3 – Align functional plans with a compelling business case for product build

    Step 3.1 Step 3.2 Step 3.3 Step 3.4 Step 3.5

    3.2.1 Outline sales enablement

    Goal: Outline sales collateral, updates to sales proposals, CPQ, Opportunity Management Systems, and sales training

    1. Describe the requirements for sales enablement to include elements such as:
      1. Sales collateral
      2. Client-facing presentations
      3. Sales proposal updates
      4. Updates to Configure, Price, and Quote (CPQ) applications
      5. Updates to Opportunity Management System (OMS) applications
      6. Sales demo versions of the new product
      7. Sales communication plans
      8. Sales training and certification programs
    2. Go to the Go-to-Market Budget Workbook and add the costs identified in above areas that are specific to this go-to-market strategy, Build, and Launch initiative. Record as well in the Go-to-Market Strategy Presentation completing the areas within the slides related to the Product and Launch Concepts and Business Case.

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Download the Go-to-Market Strategy Presentation Template

    3.2.2 Outline customer success

    Goal: Outline customer support/success requirements and plan

    1. Plans, timings, and incremental costs for the following:
      1. Onboarding scripts for the new solution
      2. Updates to retention lifecycle
      3. FAQ answers
      4. Updates to online help/support system
      5. “How-to” videos
      6. Live chat updates
      7. Updates to “provide feedback” system
      8. Updates to Quarterly Business Review slides
    2. Go to the Go-to-Market Budget Workbook and add the costs identified in above areas that are specific to this go-to-market strategy, Build, and Launch initiative. Record in the Go-to-Market Strategy Presentation and complete the areas within the slides related to the Product and Launch Concepts and Business Case.

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Download the Go-to-Market Strategy Presentation Template

    Step 3.3

    Build an Awareness Plan Covering Media, Social Media, and Industry Analysts

    Activities
    • 3.4.1 Corp Comms/PR/AR – develop the overall awareness plans for executive interviews, articles placed, social drops, analyst briefing dates, and internal associate comms if required.

    This step will walk you through the following activities:

    • Outline outbound communications plans including press releases, social posts, etc.
    • Describe dates for AR outreach to covering analysts
    • Develop the internal communications plan

    This step involves the following participants:

    • Project lead
    • Corporate Comms lead
    • Creative
    • Analyst relations
    • Social media marketing lead

    Outcomes of this step

    • Plan for creation of copy, assets, and rollout pan to support awareness building, external communications, and internal communications if required

    Phase 3 – Align functional plans with a compelling business case for product build

    Step 3.1 Step 3.2 Step 3.3 Step 3.4 Step 3.5

    3.3.1 Internal communications plan

    Goal: Outline complete internal communications plan. For large-scale changes (i.e. rebranding, M&A, etc.) HR may drive significant volume of employee communications working with Corporate Comms

    1. Plans, timings, and incremental costs for the following:
      1. Complete a comms plan with dates, messages, and channels
      2. Team member roles and responsibilities
      3. Intranet article and posting schedules
      4. Creation of new office signage, merchandise, etc. for employee kits
      5. Pre-launch announcements schedule
      6. Launch day communications, events, and activities
      7. Post launch update schedule and messages for launch success
      8. Incremental staffing and resources/budget requirements
    2. Go to the Go-to-Market Budget Workbook and add costs identified in above areas that are specific to this go-to-market strategy, Build, and Launch initiative. Record as well in the Go-to-Market Strategy Presentation completing the areas related to the Product and Launch Concepts and Business Case.

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Download the Go-to-Market Strategy Presentation Template

    3.3.2 PR and External Communications Plan

    Goal: Outline complete internal communications plan. For large scale changes (i.e. rebranding, M&A, etc.) HR may drive significant volume of employee communications working with Corporate Comms

    1. Plans, timings, and incremental costs for the following:
      1. List of Tier 1 and Tier 2 media authors covering the [product/initiative] market area
      2. Schedule of launch briefings, with any non-analyst influencers
      3. Timing of press releases
      4. Required supporting executives and stakeholders for each of the above meetings
      5. Slide deck/media kit for the above and planned questions to support needed feedback
      6. Media Site materials especially to support media questions and requests for briefings
      7. Social postings calendar of activities and key messages plan
      8. Publish data of [product/initiative] relevant articles with set-back schedules
      9. Cultivation of reference customers and client testimonials for media outreach
      10. Requirements for additional staffing to cover product/initiative new market and analysts
      11. Internal and external events calendar to invite media
    2. Go to the Go-to-Market Budget Workbook and add the costs identified in the above areas that are specific to this go-to-market strategy, Build, and Launch initiative. Record in the Go-to-Market Strategy Presentation by completing the areas related to the Product and Launch Concepts and Business Case.

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Download the Go-to-Market Strategy Presentation Template

    3.3.3 Analyst relations plan

    Goal: Outline incremental costs in analyst communications, engagement, and access to research

    1. Plans, timings, and incremental costs for the following:
      1. List of Tier 1 and Tier 2 analysts for the [product/initiative] market area
      2. Schedule of inquiries, pre-launch briefings, launch briefings, and post-launch feedback
      3. Required supporting executives and stakeholders for each of the above meetings
      4. Analyst deck for each of the above and planned questions to support needed feedback
      5. Analyst Site materials to support 2nd and 3rd Tier analysts’ questions and requests for briefings
      6. Social postings calendar of activities and key messages
      7. Resources to respond to analyst blogs and/or social posts regarding your product/initiative area
      8. Timing of important and relevant analyst document/methodology publishing dates with set-back schedules
      9. Cultivation of reference customers and client testimonials to coincide with analyst outreach for research and for buyer review sites/reviews data gathering
      10. Requirements for additional staffing to cover product/initiative new market and analysts
      11. Events calendar where analysts will be presenting on this product/initiative market
    2. Go to the Go-to-Market Budget Workbook and add the costs identified in the above areas that are specific to this go-to-market strategy, Build and Launch initiative. Record in the Go-to-Market Strategy Presentation by completing the areas related to the Product and Launch Concepts and Business Case.

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Download the Go-to-Market Strategy Presentation Template

    Step 3.4

    Finalize Product Business Case With Collaborative Input From Product, Sales, and Marketing

    Activities
    • 3.5.1 Convene the team to align sales, marketing, and product around the business case.

    This step will walk you through the following activities:

    • Refine the product business case initiated in Phase 2
    • Align product revenue forecast with sales revenue forecast
    • Align MVP features to be developed during “GTM – Build” with customer validated product-market fit

    This step involves the following participants:

    • Project lead
    • Product management
    • Product marketing

    Outcomes of this step

    • Product business case

    Phase 3 – Align functional plans with a compelling business case for product build

    Step 3.1 Step 3.2 Step 3.3 Step 3.4 Step 3.5

    3.4.1 Final product Build and Launch business case

    Goal: Beyond the product business case, factor in costs for technology, campaigning, sales enablement, and customer success in order to gain approval for Build and Launch

    1. Using the Go-to-Market Strategy Presentation, workstream leads and Go-to-Market Initiative leaders will finalize the anticipated incremental costs, and when compared to projected product revenues, present to the Steering Committee including CFO for final approval before moving to Build and Launch.
    2. To present a complete business case, key cost areas include:
      1. All the areas outlined up through Step 3.4 plus:
      2. Technology/MarTech Stack incremental costs
      3. Channel programs, branding/agency, pricing, packaging/product, and T&E incremental costs
      4. Campaign related – creative, content marketing, paid media, events, SEO, lists/data
      5. Sales Enablement, Customer Support/Success incremental costs
      6. Internal communications/events/activities/signage costs
      7. PR/AR/Media incremental costs
    3. Compare to final Sales/Product agreed projected revenues, in order to calculate estimated gross margins

    Go to the Go-to-Market Budget Workbook as outlined in prior steps and document final incremental costs and projected revenues and summarize within the Go-to-Market Strategy Presentation.

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Download the Go-to-Market Strategy Presentation Template

    Product Build and Launch Business Case Checklist:

    • Acceptably large enough product market opportunity
    • Well-defined competitive differentiation
    • Buyer-validated product-market fit
    • Buyer-validated and competitive commercials (i.e. pricing, packaging)
    • An MVP with roadmap that aligns with buyer needs and buyer validated price points
    • A 24–36 month sales forecast with CRO sign-up and support for attainment
    • Incremental product development, tech, marketing, sales, customer success, AR/PR costs vs. forecasted revenues fall within acceptable margins

    Step 3.5

    Develop Your Final Executive Presentation to Request Approval and Proceed to GTM Build Phase

    Activities
    • 3.6.1 Update the Product, Launch, Journey, and Business Case slides included within the Go-to-Market Strategy Presentation Template with Phase 3 findings culminating in the business case.

    This step will walk you through the following activities:

    • Update the previously created slides with findings from Phase 3
    • Hold a Steering Committee meeting and present findings for approval

    This step involves the following participants:

    • Steering Committee
    • Workstream leads

    Outcomes of this step

    • GTM Strategy approved to move to GTM Build

    Phase 3 – Align functional plans with a compelling business case for product build

    Step 3.1 Step 3.2 Step 3.3 Step 3.4 Step 3.5

    3.5.1 Update your GTM Strategy deck for Align Steering Committee approval

    1. As you near completion of the Go-to-Market Strategy Phase – Align Step, an important test to pass before proceeding to the Design step of GTM Strategy, is to answer several key questions:
      1. Are Sales, Product, and Marketing all aligned and in agreement on the business case?
      2. Are the gross margin calculations acceptable to the Steering Committee? CFO? CEO?
    2. If the answer is “no” you need to return to prior steps and ensure completion.
    3. Pull together a summary review deck, schedule a meeting with the Steering Committee, present to-date findings for approval to move on to Build Phase.
    4. Once your final business case is accepted, you are ready to move on to the GTM Build and Launch phases. These phases are covered in sperate SoftwareReviews blueprints.

    Download the Go-to-Market Strategy Presentation Template

    Sample of the 'PLAN' section of the GTM Strategy optimization diagram with 'GTM Align Review' circled in red.

    The presentation you create contains:

    • Timelines and work plan updates
    • Tech stack needs/modifications
    • An expanded product concept to include packaging and pricing approach
    • Asset-type concepts for marketing campaigns, sales collateral, website, and social
    • Outline of initial Launch dates
    • Outline of initial customer success, awareness/PR/AR plans, and sales training plans
    • Final business case

    Summary of Accomplishment

    Problem Solved – A More Effective Go-to-Market Strategy

    By guiding your team through the Go-to-Market planning process applied to an actual GTM Strategy, you have built an important set of capabilities that underpins today’s well-managed software companies. By following the step-by-step process outlined in this blueprint, you have delivered a host of benefits that include the following:

    • Alignment of Product, Marketing, Sales, and Customer Success around a deeper understanding of your target buyers and what it takes to build competitive differentiation.
    • You have calculated your product market opportunity and whether it’s worth the investment in the long-term, and for the short term you have estimated gross margins as an important part of the business case.
    • Built executive support and confidence by leading a disparate team in complex decision making that is fact and evidence based to make more effective go/no go decisions related to investing in new products.
    • And finally, because you and your team have demonstrated their ability to align programs toward a common goal and program-manage a complex initiative through to successful completion, you have led your team to develop the “institutional muscle” to take on equally complex initiatives such as acquisition integration, rebranding, launching in a new region, etc.

    Therefore, developing the capabilities to manage a complex go-to-market strategy is akin to building company scalability and is sought after as a professional development opportunity that each executive should have on his/her résumé.

    If you would like additional support, contact us and we’ll make sure you get the professional expertise you need.

    Contact your account representative for more information.

    info@softwarereviews.com 1-888-670-8889

    Bibliography

    Acosta, Danette. “Average Customer Retention Rate by Industry.” Profitwell.com. Accessed Jan. 2022.

    Ashkenas, Ron, and Patrick Finn. “The Go-To-Market Approach Startups Need to Adopt.” Harvard Business Review, June 2016. Accessed Jun. 2021.

    Bilardi, Emma. “ How to Create Buyer Personas.” Product Marketing Alliance, July 2020. Accessed Dec. 2021.

    Cespedes, Frank V. “Defining a Post-Pandemic Channel Strategy.” Harvard Business Review, Apr. 2021. Accessed Jul. 2021.

    Chapman, Lawrence. “A Visual Guide to Product Launches.” Product Marketing Alliance. Accessed Jul. 2021.

    Chapman, Lawrence. “Everything You Need To Know About Go-To-Market Strategies.” Product Marketing Alliance. Accessed Jul. 2021.

    Christiansen, Clayton. “The Innovators Dilemma.” Harvard Business School Press, 1997.

    Drzewicki, Matt. “Digital Marketing Maturity: The Path to Success.” MIT Sloan Management Review. Accessed Dec. 2021.

    “Go-To-Market Refresher,” Product Marketing Alliance. Accessed Jul. 2021

    Harrison, Liz; Dennis Spillecke, Jennifer Stanley, and Jenny Tsai. “Omnichannel in B2B sales: The new normal in a year that has been anything but.” McKinsey & Company, 15 March, 2021. Accessed Dec. 2021.

    Jansen, Hasse. “Buyer Personas – 33 Mind Blowing Stats.” Boardview, 19 Feb. 2016. Accessed Jan. 2022.

    Scott, Ryan. “Creating a Brand Identity: 20 Questions to Consider.” Lean Labs, Jun 2021. Accessed Jul. 2021.

    Smith, Michael L., and James Erwin. “Role and Responsibility Charting (RACI).” DOCSearch. Accessed Jan. 2022. Web.

    “What is the Total Addressable Market (TAM).” Corporate Finance Institute (CFI), n.d. Accessed Jan. 2022.

    Related Software Reviews Research

    Sample of the Create a Buyer Persona and Journey research Create a Buyer Persona and Journey
    • A successful go-to-market strategy depends upon deep buyer understanding. Our Create a Buyer Persona and Journey blueprint will give you a step-by-step process that when followed will provide you and your team with that deep buyer understanding you need.
    • The Create a Buyer Persona and Journey blueprint provides you with an interview containing over 75 questions that, after capturing buyer answers and insights during interviews, will strengthen your value proposition, product market fit, lead gen engine and sales effectiveness.
    Sample of the Optimize Lead Generation With Lead Scoring research Optimize Lead Generation With Lead Scoring
    • Save time and money and improve your sales win rates when you apply our methodology to score contacts with your lead gen engine more accurately and pass better qualified leads over to your sellers.
    • Our methodology teaches marketers to develop your own lead scoring approach based upon lead/contact profile vs. your Ideal Customer Profile (ICP) and scores contact engagement. Applying the methodology to arrive at your own approach to scoring will mean reduced lead gen costs, higher conversion rates, and increased marketing influenced wins.

    Develop a Targeted Flexible Work Program for IT

    • Buy Link or Shortcode: {j2store}542|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $18,909 Average $ Saved
    • member rating average days saved: 13 Average Days Saved
    • Parent Category Name: Attract & Select
    • Parent Category Link: /attract-and-select
    • Workplace flexibility continues to be top priority for IT employees. Organizations who fail to offer flexibility will have a difficult time attracting, recruiting, and retaining talent.
    • When the benefits of remote work are not available to everyone, this raises fairness and equity concerns.

    Our Advice

    Critical Insight

    IT excels at hybrid location work and is more effective as a business function when location flexibility is an option for its employees. But hybrid work is just a start. A comprehensive flex work program extends beyond flexible location, so organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent.

    Impact and Result

    • Uncover the needs of unique employee segments to shortlist flexible work options that employees want and will use.
    • Assess the feasibility of various flexible work options and select ones that meet employee needs and are feasible for the organization.
    • Equip leaders with the information and tools needed to implement and sustain a flexible work program.

    Develop a Targeted Flexible Work Program for IT Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess employee and organizational flexibility needs

    Identify prioritized employee segments, flexibility challenges, and the desired state to inform program goals.

    • Develop a Targeted Flexible Work Program for IT – Phases 1-3
    • Talent Metrics Library
    • Targeted Flexible Work Program Workbook
    • Fast-Track Hybrid Work Program Workbook

    2. Identify potential flex options and assess feasibility

    Review, shortlist, and assess the feasibility of common types of flexible work. Identify implementation issues and cultural barriers.

    • Flexible Work Focus Group Guide
    • Flexible Work Options Catalog

    3. Implement selected option(s)

    Equip managers and employees to adopt flexible work options while addressing implementation issues and cultural barriers and aligning HR programs.

    • Guide to Flexible Work for Managers and Employees
    • Flexible Work Time Policy
    • Flexible Work Time Off Policy
    • Flexible Work Location Policy

    Infographic

    Workshop: Develop a Targeted Flexible Work Program for IT

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare to Assess Flex Work Feasibility

    The Purpose

    Gather information on organizational and employee flexibility needs.

    Key Benefits Achieved

    Understand the flexibility needs of the organization and its employees to inform a targeted flex work program.

    Activities

    1.1 Identify employee and organizational needs.

    1.2 Identify employee segments.

    1.3 Establish program goals and metrics.

    1.4 Shortlist flexible work options.

    Outputs

    Organizational context summary

    List of shortlisted flex work options

    2 Assess Flex Work Feasibility

    The Purpose

    Perform a data-driven feasibility analysis on shortlisted work options.

    Key Benefits Achieved

    A data-driven feasibility analysis ensures your flex work program meets its goals.

    Activities

    2.1 Conduct employee/manager focus groups to assess feasibility of flex work options.

    Outputs

    Summary of flex work options feasibility per employee segment

    3 Finalize Flex Work Options

    The Purpose

    Select the most impactful flex work options and create a plan for addressing implementation challenge

    Key Benefits Achieved

    A data-driven selection process ensures decisions and exceptions can be communicated with full transparency.

    Activities

    3.1 Finalize list of approved flex work options.

    3.2 Brainstorm solutions to implementation issues.

    3.3 Identify how to overcome cultural barriers.

    Outputs

    Final list of flex work options

    Implementation barriers and solutions summary

    4 Prepare for Implementation

    The Purpose

    Create supporting materials to ensure program implementation proceeds smoothly.

    Key Benefits Achieved

    Employee- and manager-facing guides and policies ensure the program is clearly documented and communicated.

    Activities

    4.1 Design employee and manager guide prototype.

    4.2 Align HR programs and policies to support flexible work.

    4.3 Create a communication plan.

    Outputs

    Employee and manager guide to flexible work

    Flex work roadmap and communication plan

    5 Next Steps and Wrap-Up

    The Purpose

    Put everything together and prepare to implement.

    Key Benefits Achieved

    Our analysts will support you in synthesizing the workshop’s efforts into a cohesive implementation strategy.

    Activities

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Outputs

    Completed flexible work feasibility workbook

    Flexible work communication plan

    Further reading

    Develop a Targeted Flexible Work Program for IT

    Select flexible work options that balance organizational and employee needs to drive engagement and improve attraction and retention.

    Executive Summary

    Your Challenge

    • IT leaders continue to struggle with workplace flexibility, and it is a top priority for IT employees; as a result, organizations who fail to offer flexibility will have a difficult time attracting, recruiting, and retaining talent.
    • The benefits of remote work are not available to everyone, raising fairness and equity concerns for employees.

    Common Obstacles

    • A one-size-fits-all approach to selecting and implementing flexible work options fails to consider unique employee needs and will not reap the benefits of offering a flexible work program (e.g. higher engagement or enhanced employer brand).
    • Improper structure and implementation of flexible work programs exacerbates existing challenges (e.g. high turnover) or creates new ones.

    Info-Tech's Approach

    • Uncover the needs of unique employee segments to shortlist flexible work options that employees want and will use.
    • Assess the feasibility of various flexible work options and select ones that meet employee needs and are feasible for the organization.
    • Equip leaders with the information and tools needed to implement and sustain a flexible work program.

    Info-Tech Insight

    IT excels at hybrid location work and is more effective as a business function when location flexibility is an option for its employees. But hybrid work is just a start. A comprehensive flex work program extends beyond flexible location, so organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent.

    Flexible work arrangements are a requirement in today's world of work

    Flexible work continues to gain momentum…

    A 2022 LinkedIn report found that the following occurred between 2019 and 2021:

    +362%

    Increase in LinkedIn members sharing content with the term "flexible work."

    +83%

    Increase in job postings that mention "flexibility."
    (LinkedIn, 2022)

    In 2022, Into-Tech found that hybrid was the most commonly used location work model for IT across all industries.

    ("State of Hybrid Work in IT," Info-Tech Research Group, 2022)

    …and employees are demanding more flexibility

    90%

    of employees said they want schedule and location flexibility ("Global Employee Survey," EY, 2021).

    17%

    of resigning IT employees cited lack of flexible work options as a reason ("IT Talent Trends 2022," Info-Tech Research Group, 2022).

    71%

    of executives said they felt "pressure to change working models and adapt workplace policies to allow for greater flexibility" (LinkedIn, 2021).

    Therefore, organizations who fail to offer flexibility will be left behind

    Difficulty attracting and retaining talent

    98% of IT employees say flexible work options are important in choosing an employer ("IT Talent Trends 2022," Info-Tech Research Group, 2022).

    Worsening employee wellbeing and burnout

    Knowledge workers with minimal to no schedule flexibility are 2.2x more likely to experience work-related stress and are 1.4x more likely to suffer from burnout (Slack, 2022; N=10,818).

    Offering workplace flexibility benefits organizations and employees

    Higher performance

    IT departments that offer some degree of location flexibility are more effective at supporting the organization than those who do not.

    35% of service desk functions report improved service since implementing location flexibility.
    ("State of Hybrid Work in IT," Info-Tech Research Group, 2023).

    Enhanced employer brand

    Employees are 2.1x more likely to recommend their employer to others when they are satisfied with their organization's flexible work arrangements (LinkedIn, 2021).

    Improved attraction

    41% of IT departments cite an expanded hiring pool as a key benefit of hybrid work.

    Organizations that mention "flexibility" in their job postings have 35% more engagement with their posts (LinkedIn, 2022).

    Increased job satisfaction

    IT employees who have more control over their working arrangement experience a greater sense of contribution and trust in leadership ("State of Hybrid Work in IT," Info-Tech Research Group, 2023).

    Better work-life balance

    81% of employees say flexible work will positively impact their work-life balance (FlexJobs, 2021).

    Boosted inclusivity

    • Caregivers regardless of gender, supporting them in balancing responsibilities
    • Individuals with disabilities, enabling them to work from the comfort of their homes
    • Women who may have increased responsibilities
    • Women of color to mitigate the emotional tax experienced at work

    Info-Tech Insight

    Flexible work options are not a concession to lower productivity. Properly implemented, flex work enables employees to be more productive at reaching business goals.

    Despite the popularity of flexible work options, not all employees can participate

    IT organizations differ on how much flexibility different roles can have.

    IT employees were asked what percentage of IT roles were currently in a hybrid or remote work arrangement ("State of Hybrid Work in IT," Info-Tech Research Group, 2023).

    However, the benefits of remote work are not available to all, which raises fairness and equity concerns between remote and onsite employees.

    45%

    of employers said, "one of the biggest risks will be their ability to establish fairness and equity among employees when some jobs require a fixed schedule or location, creating a 'have and have not' dynamic based on roles" ("Businesses Suffering," EY, 2021).

    Offering schedule flexibility to employees who need to be fully onsite can be used to close the fairness and equity gap.

    When offered the choice, 54% of employees said they would choose schedule flexibility over location flexibility ("Global Employee Survey," EY, 2021).

    When employees were asked "What choice would you want your employer to provide related to when you have to work?" The top three choices were:

    68%

    Flexibility on when to start and finish work

    38%

    Compressed or four-day work weeks

    33%

    Fixed hours (e.g. 9am to 5pm)

    Disclaimer: "Percentages do not sum to 100%, as each respondent could choose up to three of the [five options provided]" ("Global Employee Survey," EY, 2021).

    Beware of the "all or nothing" approach

    There is no one-size-fits-all approach to workplace flexibility.

    Understanding the needs of various employee segments in the organization is critical to the success of a flexible work program.

    Working parents want more flexibility

    82%

    of working mothers desire flexibility in where they work.

    48%

    of working fathers "want to work remotely 3 to 5 days a week."

    Historically underrepresented groups value more flexibility

    38%

    "Thirty-eight percent of Black male employees and 33% of Black female employees would prefer a fully flexible schedule, compared to 25% of white female employees and 26% of white male employees."
    (Slack, 2022; N=10,818)

    33%

    Workplace flexibility must be customized to the organization to avoid longer working hours and heavy workloads that impact employee wellbeing

    84%

    of remote workers and 61% of onsite workers reported working longer hours post pandemic. Longer working hours were attributed to reasons such as pressure from management and checking emails after working hours (Indeed, 2021).

    2.6x

    Respondents who either agreed or strongly agreed with the statement "Generally, I find my workload reasonable" were 2.6x more likely to be engaged compared to those who stated they disagreed or strongly disagreed (McLean & Company Engagement Survey Database;2022; N=5,615 responses).

    Longer hours and unsustainable workloads can contribute to stress and burnout, which is a threat to employee engagement and retention. With careful management (e.g. setting clear expectations and establishing manageable workloads), flexible work arrangement benefits can be preserved.

    Info-Tech Insight

    Employees' lived experiences and needs determine if people use flexible work programs – a flex program that has limited use or excludes people will not benefit the organization.

    Develop a flexible work program that meets employee and organizational needs

    This is an image of a sample flexible work program which meets employee and organizational needs.

    Insight summary

    Overarching insight: IT excels at hybrid location work and is more effective as a business function when location, time, and time-off flexibility are an option for its employees.

    Introduction

    Step 1 insight

    Step 2 insight

    Step 3 insight

    • Flexible work options are not a concession to lower productivity. Properly implemented, flex work enables employees to be more productive at reaching business goals.
    • Employees' lived experiences and needs determine if people use flexible work programs – a flex program that has limited use or excludes people will not benefit the organization.
    • Flexible work benefits everyone. IT employees experience greater engagement, motivation, and company loyalty. IT organizations realize benefits such as better service coverage, reduced facilities costs, and increased productivity.
    • Hybrid work is a start. A comprehensive flex work program extends beyond flexible location to flexible time and time off. Organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent. Provide greater inclusivity to employees by broadening the scope to include flex location, flex time, and flex time off.
    • No two employee segments are the same. To be effective, flexible work options must align with the expectations and working processes of each segment.
    • Every role is eligible for hybrid location work. If onsite work duties prevent an employee group from participating, see if processes can be digitized or automated. Flexible work is an opportunity to go beyond current needs to future proofing your organization.
    • Flexible work options must balance organizational and employee needs. If an option is beneficial to employees but there is little or no benefit to the organization, or if the cost of the option is too high, it will not support the long-term success of the organization.
    • Prioritize flexible work options that employees want. Providing too many options often leads to information overload and results in employees not understanding what is available, lowering adoption of the flexible work program.
    • Leaders' collective support of the flexible program determines the program's successful adoption. Don't sweep cultural barriers under the rug; acknowledge and address them to overcome them.
    • Negative performance of a flexible work option does not necessarily mean failure. Take the time to evaluate whether the option simply needs to be tweaked or whether it truly isn't working for the organization.
    • A set of formal guidelines for IT ensures flexible work is:
      1. Administered fairly across all IT employees.
      2. Defensible and clear.
      3. Scalable to the rest of the organization.

    Case Study

    Expanding hybrid work at Info-Tech

    Challenge

    In 2020, Info-Tech implemented emergency work-from-home for its IT department, along with the rest of the organization. Now in 2023, hybrid work is firmly embedded in Info-Tech's culture, with plans to continue location flexibility for the foreseeable future.

    Adjusting to the change came with lessons learned and future-looking questions.

    Lessons Learned

    Moving into remote work was made easier by certain enablers that had already been put in place. These included issuing laptops instead of desktops to the user base and using an existing cloud-based infrastructure. Much support was already being done remotely, making the transition for the support teams virtually seamless.

    Continuing hybrid work has brought benefits such as reduced commuting costs for employees, higher engagement, and satisfaction among staff that their preferences were heard.

    Looking Forward

    Every flexible work implementation is a work in progress and must be continually revisited to ensure it continues to meet organizational and employee needs. Current questions being explored at Info-Tech are:

    • The concept of the "office as a tool" – how does use of the office change when it is used for specific collaboration-related tasks, rather than everything? How should the physical space change to support this?
    • What does a viable replacement for quick hallway meetings look like in a remote world where communication is much more deliberate? How can managers adjust their practices to ensure the benefits of informal encounters aren't lost?

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Preparation

    Step 1

    Step 2

    Step 3

    Follow-up

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Assess employee and organizational needs.

    Call #3: Shortlist flex work options and assess feasibility.

    Call #4: Finalize flex work options and create rollout plan.

    Call #5: (Optional) Review rollout progress or evaluate pilot success.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 3 to 5 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Activities

    Prepare to assess flex work feasibility

    Assess flex work feasibility

    Finalize flex work options

    Prepare for implementation

    Next Steps and Wrap-Up (offsite)

    1.1 Identify employee and organizational needs.

    1.2 Identify employee segments.

    1.3 Establish program goals and metrics.

    1.4 Shortlist flex work options.

    2.1 Conduct employee/manager focus groups to assess feasibility of flex work options.

    3.1 Finalize list of approved flex work options.

    3.2 Brainstorm solutions to implementation issues.

    3.2 Identify how to overcome cultural barriers.

    4.1 Design employee and manager guide prototype.

    4.2 Align HR programs and policies to support flexible work.

    4.3 Create a communication plan.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables
    1. Organizational context summary
    2. List of shortlisted flex work options
    1. Summary of flex work options' feasibility per employee segment
    1. 1.Final list of flex work options
    2. 2.Implementation barriers and solutions summary
    1. Employee and manager guide to flexible work
    2. Flex work roadmap and communication plan
    1. Completed flexible work feasibility workbook
    2. Flexible work communication plan

    Step 1

    Assess employee and organizational needs

    1. Assess employee and organizational flexibility needs
    2. Identify potential flex options and assess feasibility
    3. Implement selected option(s)

    After completing this step you will have:

    • Identified key stakeholders and their responsibilities
    • Uncovered the current and desired state of the organization
    • Analyzed feedback to identify flexibility challenges
    • Identified and prioritized employee segments
    • Determined the program goals
    • Identified the degree of flexibility for work location, timing, and deliverables

    Identify key stakeholders

    Organizational flexibility requires collaborative and cross-functional involvement to determine which flexible options will meet the needs of a diverse workforce. HR leads the project to explore flexible work options, while other stakeholders provide feedback during the identification and implementation processes.

    HR
    • Assist with the design, implementation, and maintenance of the program.
    • Provide managers and employees with guidance to establish successful flexible work arrangements.
    • Help develop communications to launch and maintain the program.

    Senior Leaders
    • Champion the project by modeling and promoting flexible work options
    • Help develop and deliver communications; set the tone for flexible work at the organization.
    • Provide input into determining program goals.

    Managers
    • Model flexible work options and encourage direct reports to request and discuss options.
    • Use flexible work program guidelines to work with direct reports to select suitable flexible work options.
    • Develop performance metrics and encourage communication between flexible and non-flexible workers.

    Flexible Workers
    • Indicate preferences of flexible work options to the manager.
    • Identify ways to maintain operational continuity and communication while working flexibly.
    • Flag issues and suggest improvements to the manager.
    • Develop creative ways to work with colleagues who don't work flexibly.

    Non-Flexible Workers
    • Share feedback on issues with flexible arrangements and their impact on operational continuity.

    Info-Tech Insight

    Flexible work is a holistic team effort. Leaders, flexible workers, teammates, and HR must clearly understand their roles to ensure that teams are set up for success.

    Uncover the current and desired state of flexibility in the organization

    Current State

    Target State

    Review:

    • Existing policies related to flexibility (e.g. vacation, work from anywhere)
    • Existing flexibility programs (e.g. seasonal hours) and their uptake
    • Productivity of employees
    • Current culture at the organization. Look for:
      • Employee autonomy
      • Reporting structure and performance management processes
      • Trust and psychological safety of employees
      • Leadership behavior (e.g. do leaders model work-life balance, or does the organization have a work 24/7 mentality?)

    Identify what is driving the need for flexible work options. Ask:

    • Why does the organization need flexible options?
      • For example, the introduction of flexibility for some employees has created a "have and have not" dynamic between roles that must be addressed.
    • What does the organization hope to gain from implementing flexible options? For example:
      • Improved retention
      • Increased attraction, remaining competitive for talent
      • Increased work-life balance for employees
      • Reduced burnout
    • What does the organization aspire to be?
      • For example, an organization that creates an environment that values output, not face time.

    These drivers identify goals for the organization to achieve through targeted flexible work options.

    Info-Tech Insight

    Hybrid work is a start. A comprehensive flex work program extends beyond flexible location, so organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent. Provide greater inclusivity to employees by broadening the scope to include flex location, flex time, and flex time off.

    Identify employee segments

    Using the data, feedback, and challenges analyzed and uncovered so far, assess the organization and identify employee segments.

    Identify employee segments with common characteristics to assess if they require unique flexible work options. Assess the feasibility options for the segments separately in Step 2.

    • Segments' unique characteristics include:
      • Role responsibilities (e.g. interacting with users, creating reports, development and testing)
      • Work location/schedule (e.g. geographic, remote vs. onsite, 9 to 5)
      • Work processes (e.g. server maintenance, phone support)
      • Group characteristics (e.g. specific teams, new hires)

    Identify employee segments and sort them into groups based on the characteristics above.

    Examples of segments:

    • Functional area (e.g. Service Desk, Security)
    • Job roles (e.g. desktop support, server maintenance)
    • Onsite, remote, or hybrid
    • Full-time or part-time
    • Job level (e.g. managers vs. independent contributors)
    • Employees with dependents

    Prioritize employee segments

    Determine whether the organization needs flexible work options for the entire organization or specific employee segments.
    For specific employee segments:

    • Answer the questions on the right to identify whether an employee segment is high, medium, or low priority. Complete slides 23 to 25 for each high-priority segment, repeating the process for medium-priority segments when resources allow.

    For the entire organization:

    • When identifying an option for the entire organization, consider all segments. The approach must create consistency and inclusion; keep this top of mind when identifying flexibility on slides 23 to 25. For example, the work location flexibility would be low in an organization where some segments can work remotely and others must be onsite due to machinery requirements.

    High priority: The employee segment has the lowest engagement scores or highest turnover within the organization. Segment sentiment is that current flexibility is nonexistent or not sufficiently meeting needs.
    Medium priority: The employee segment has low engagement or high turnover. Segment sentiment is that currently available flexibility is minimal or not sufficiently meeting needs.
    Low priority: The segment does not have the lowest engagement or the highest turnover rate. Segment sentiment is that currently available flexibility is sufficiently meeting needs.

    1. What is the impact on the organization if this segment's challenges aren't addressed (e.g. if low engagement and high turnover are not addressed)?
    2. How critical is flexibility to the segment's needs/engagement?
    3. How time sensitive is it to introduce flexibility to this segment (e.g. is the organization losing employees in this segment at a high rate)?
    4. Will providing flexibility to this segment increase organizational productivity or output

    Identify challenges to address with flexibility

    Uncover the lived experiences and expectations of employees to inform selection of segments and flexible options.

    1. Collect data from existing sources, such as:
      • Engagement surveys
      • New hire/exit surveys
      • Employee experience monitor surveys
      • Employee retention pulse surveys
      • Burnout surveys
      • DEI pulse surveys
    2. Analyze employee feedback on experiences with:
      • Work duties
      • Workload
      • Work-life balance
      • Operating processes and procedures
      • Achieving operational outcomes
      • Collaboration and communication
      • Individual experience and engagement
    3. Evaluate the data and identify challenges

    Example challenges:

    • Engagement: Low average score on work-life balance question; flexible work suggested in open-ended responses.
    • Retention: Exit survey indicating that lack of work-life balance is consistently a reason employees leave. Include the cost of turnover (e.g. recruitment, training, severance).
    • Burnout: Feedback from employees through surveys or HR business partner anecdotes indicating high burnout; high usage of wellness services or employee assistance programs.
    • Absenteeism: High average number of days employees were absent in the past year. Include the cost of lost productivity.
    • Operational continuity: Provide examples of when flexible work would have enabled operational continuity in the case of disaster or extended customer service coverage.
    • Program uptake: If the organization already has a flexible work program, provide data on the low proportion of eligible employees using available options.

    1.1 Prepare to evaluate flexible work options

    1-3 hours

    Follow the guidance on preceding slides to complete the following activities.
    Note: If you are only considering remote or hybrid work, use the Fast-Track Hybrid Work Program Workbook. Otherwise, proceed with the Targeted Flexible Work Program Workbook.

    1. Identify key stakeholders. Be sure to record the level of involvement and responsibility expected from each stakeholder. Use the "Stakeholders" tab of the workbook.
    2. Uncover current and desired state. Review and record your current state with respect to culture, productivity, and current flexible work options, if any. Next, record your desired future state, including reasons for implementing flexible work, and goals for the program. Record this in the "Current and Desired State" tab of the workbook.
    3. Identify and prioritize employee segments. Identify and record employee segments. Depending on the size of your department, you may identify a few or many. Be as granular as necessary to fully separate employee groups with different needs. If your resources or needs prevent you from rolling out flexible work to the entire department, record the priority level of each segment so you can focus on the highest priority first.
    4. Identify challenges with flexibility. With each employee segment in mind, analyze your available data to identify and record each segment's main challenges regarding flexible work. These will inform your program goals and metrics.

    Download the Targeted Flexible Work Program Workbook

    Download the Fast-Track Hybrid Work Program Workbook

    Input

    • List of departmental roles
    • Data on employee engagement, productivity, sentiment regarding flexible work, etc.

    Output

    • List of stakeholders and responsibilities
    • Flexible work challenges and aims
    • Prioritized list of employee segments

    Materials

    • Targeted Flexible Work Program Workbook
      Or
    • Fast-Track Hybrid Work Program Workbook

    Participants

    • IT department head
    • HR business partner
    • Flexible work program committee

    Determine goals and metrics for the flexible work program

    Sample program goals

    Sample metrics

    Increase productivity
    • Employee, team, and department key performance indicators (KPIs) before and after flexible work implementation
    • Absenteeism rate (% of lost working days due to all types of absence)

    Improve business satisfaction and perception of IT value

    Increase retention
    • % of exiting employees who cite lack of flexible work options or poor work-life balance as a reason they left
    • Turnover and retention rates

    Improve the employee value proposition (EVP) and talent attraction
    • # of responses on the new hire survey where flexible work options or work-life balance are cited as a reason for accepting an employment offer
    • # of views of career webpage that mentions flexible work program
    • Time-to-fill rates

    Improve engagement and work-life balance

    • Overall engagement score – deploy Info-Tech's Employee Engagement Diagnostics
    • Score for questions about work-life balance on employee engagement or pulse survey, including:
      • "I am able to maintain a balance between my work and personal life."
      • "I find my stress levels at work manageable."

    Info-Tech Insight

    Implementing flex work without solid performance metrics means you won't have a way of determining whether the program is enabling or hampering your business practices.

    1.2 Determine goals and metrics

    30 minutes

    Use the examples on the preceding slide to identify program goals and metrics:

    1. Brainstorm program goals. Be sure to consider both the business benefits (e.g. productivity, retention) and the employee benefits (work-life balance, engagement). A successful flexible work program benefits both the organization and its employees.
    2. Brainstorm metrics for each goal. Identify metrics that are easy to track accurately. Use Info-Tech's IT and HR metrics libraries for reference. Ideally, the metrics you choose should already exist in your organization so no extra effort will be necessary to implement them. It is also important to have a baseline measure of each one before flexible work is rolled out.
    3. Record your outputs on the "Goals and Metrics" tab of the workbook.

    Download the Targeted Flexible Work Program Workbook

    Download the IT Metrics Library

    Download the HR Metrics Library

    Input

    • Organizational and departmental strategy

    Output

    • List of program goals and metrics

    Materials

    • Targeted Flexible Work Program Workbook
      Or
    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee

    Determine work location flexibility for priority segments

    Work location looks at where a segment can complete all or some of their tasks (e.g. onsite vs. remote). For each prioritized employee segment, evaluate the amount of location flexibility available.

    Work Duties

    Processes

    Operational Outcomes

    High degree of flexibility
    • Low dependence on onsite equipment
    • Work easily shifts to online platforms
    • Low dependence on onsite external interactions (e.g. clients, customers, vendors)
    • Low interdependence of work duties internally (most work is independent)
    • Work processes and expectations are or can be formally documented
    • Remote work processes are sustainable long term

    Most or all operational outcomes can be achieved offsite (e.g. products/service delivery not impacted by WFH)
    • Some dependence on onsite equipment
    • Some work can shift to online platforms
    • Some dependence on onsite external interactions
    • Some interdependence of work duties internally (collaboration is critical)
    • Most work processes and expectations have been or can be formally documented
    • Remote work processes are sustainable (e.g. workarounds can be supported and didn't add work)

    Some operational outcomes can be achieved offsite (e.g. some impact of WFH on product/service delivery)

    Low degree of flexibility
    • High dependence on onsite equipment
    • Work cannot shift to online platforms
    • High dependence on onsite external interactions
    • High interdependence of work duties internally (e.g. line work)
    • Few work processes and expectations can be formally documented
    • Work processes cannot be done remotely, and workarounds for remote work are not sustainable long term

    Operational outcomes cannot be achieved offsite (e.g. significant impairment to product/service delivery)

    Note

    If roles within the segment have differing levels of location flexibility, use the lowest results (e.g. if role A in the segment has a high degree of flexibility for work duties and role B has a low degree of flexibility, use the results for role B).

    Identify work timing for priority segments

    Work timing looks at when work can or needs to be completed (e.g. Monday to Friday, 9am to 5pm).

    Work Duties

    Processes

    Operational Outcomes

    High degree of flexibility

    • No need to be available to internal and/or external customers during standard work hours
    • Equipment is available at any time
    • Does not rely on synchronous (occurring at the same time) work duties internally
    • Work processes and expectations are or can be formally documented
    • Low reliance on collaboration
    • Work is largely asynchronous (does not occur at the same time)

    Most or all operational outcomes are not time sensitive

    • Must be available to internal and/or external customers during some standard work hours
    • Some reliance on synchronous work duties internally (collaboration is critical)
    • Most work processes and expectations have been or can be formally documented
    • Moderate reliance on collaboration
    • Some work is synchronous

    Some operational outcomes are time sensitive and must be conducted within set date or time windows

    Low degree of flexibility

    • Must be available to internal and/or external customers during all standard work hours (e.g. Monday to Friday 9 to 5)
    • High reliance on synchronous work duties internally (e.g. line work)
    • Few work processes and expectations can be formally documented
    • High reliance on collaboration
    • Most work is synchronous

    Most or all operational outcomes are time sensitive and must be conducted within set date or time windows

    Note

    With additional coordination, flex time or flex time off options are still possible for employee segments with a low degree of flexibility. For example, with a four-day work week, the segment can be split into two teams – one that works Monday to Thursday and one that works Tuesday to Friday – so that employees are still available for clients five days a week.

    Examine work deliverables for priority segments

    Work deliverables look at the employee's ability to deliver on their role expectations (e.g. quota or targets) and whether reducing the time spent working would, in all situations, impact the work deliverables (e.g. constrained vs. unconstrained).

    Work Duties

    Operational Outcomes

    High degree of flexibility

    • Few or no work duties rely on equipment or processes that put constraints on output (unconstrained output)
    • Employees have autonomy over which work duties they focus on each day
    • Most or all operational outcomes are unconstrained (e.g. a marketing analyst who builds reports and strategies for clients can produce more reports, produce better reports, or identify new strategies)
    • Work quota or targets are achievable even if working fewer hours
    • Some work duties rely on equipment or processes that put constraints on output
    • Employees have some ability to decide which work duties they focus on each day
    • Some operational outcomes are constrained or moderately unconstrained (e.g. an analyst build reports based on client data; while it's possible to find efficiencies and build reports faster, it's not possible to attain the client data any faster)
    • Work quota or targets may be achievable if working fewer hours

    Low degree of flexibility

    • Most or all work duties rely on equipment or processes that put constraints on output (constrained output)
    • Daily work duties are prescribed (e.g. a telemarketer is expected to call a set number of people per day using a set list of contacts and a defined script)
    • Most or all operational outcomes are constrained (e.g. a machine operator works on a machine that produces 100 parts an hour; neither the machine nor the worker can produce more parts)
    • Work quota or targets cannot be achieved if fewer hours are worked

    Note

    For segments with a low degree of work deliverable flexibility (e.g. very constrained output), flexibility is still an option, but maintaining output would require additional headcount.

    1.3 Determine flexibility needs and constraints

    1-2 hours

    Use the guidelines on the preceding slides to document the parameters of each work segment.

    1. Determine work location flexibility. Work location looks at where a segment can complete all or some of their tasks (e.g. onsite vs. remote). For each prioritized employee segment, evaluate the amount of location flexibility available.
    2. Identify work timing. Work timing looks at when work can or needs to be completed (e.g. Monday to Friday, 9am to 5pm).
    3. Examine work deliverables. Work deliverables look at the employee's ability to deliver on their role expectations (e.g. quota or targets) and whether reducing the time spent working would, in all situations, impact the work deliverables (e.g. constrained vs. unconstrained).
    4. Record your outputs on the "Current and Desired State" tab of the workbook.

    Download the Targeted Flexible Work Program Workbook

    Input

    • List of employee segments

    Output

    • Summary of flexibility needs and constraints for each employee segment

    Materials

    • Targeted Flexible Work Program Workbook
      Or
    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee
    • Employee segment managers

    Step 2

    Identify potential flex options and assess feasibility

    1. Assess employee and organizational flexibility needs
    2. Identify potential flex options and assess feasibility
    3. Implement selected option(s)

    After completing this step you will have:

    • Created a shortlist of potential options for each prioritized employee segment
    • Evaluated the feasibility of each potential option
    • Determined the cost and benefit of each potential option
    • Gathered employee sentiment on potential options
    • Finalized options with senior leadership

    Prepare to identify and assess the feasibility of potential flexible work options

    First, review the Flexible Work Solutions Catalog

    Before proceeding to the next slide, review the Flexible Work Options Catalog to identify and shortlist five to seven flexible work options that are best suited to address the challenges faced for each of the priority employee segments identified in Step 1.

    Then, assess the feasibility of implementing selected options using slides 29 to 32

    Assess the feasibility of implementing the shortlisted solutions for the prioritized employee segments against the feasibility factors in this step. Repeat for each employee segment. Use the following slides to consult with and include leaders when appropriate.

    • Document your analysis in tabs 6 to 8 of the Targeted Flexible Work Program Workbook.
    • Note implementation issues throughout the assessment and record them in the tool. They will be addressed in Step 3: Implement Selected Program(s). Don't rule out an option simply because it presents some challenges; careful implementation can overcome many challenges.
    • At the end of this step, determine the final list of flexible work options and gain approval from senior leaders for implementation.

    Evaluate feasibility by reviewing the option's impact on continued operations and job performance

    Operational coverage

    Synchronous communication

    Time zones

    Face-to-face

    communication

    To what extent are employees needed to deliver products or services?

    • If constant customer service is required, stagger employees' schedules (e.g. one team works Monday-Thursday while another works Tuesday-Friday).

    To what extent do employees need to communicate with each other synchronously?

    • Break the workflow down and identify times when employees do and do not have to work at the same time to communicate with each other.

    To what extent do employees need to coordinate work across time zones?

    • If the organization already operates in different time zones, ensure that the option does not impact operations requiring continuous coverage.
    • When employees are located in different time zones, coordinate schedules based on the other operational factors.

    When do employees need to interact with each other or clients in person?

    • Examine the workflow closely to identify times when face-to-face communication is not required. Schedule "office days" for employees to work together when in-person interaction is needed.
    • When the interaction is only required with clients, determine whether employees are able to meet clients offsite.

    Info-Tech Insight

    Every role is eligible for hybrid location work. If onsite work duties prevent an employee group from participating, see if processes can be digitized or automated. Flexible work is an opportunity to go beyond current needs to future-proof your organization.

    Assess the option's alignment with organizational culture

    Symbols

    Values

    		 Behaviors

    How supportive of flexible work are the visible aspects of the organization's culture?

    • For example, the mission statement, newsletters, or office layout.
    • Note: Visible elements will need to be adapted to ensure they reinforce the value of the flexible work option.

    How supportive are both the stated and lived values of the organization?

    • When the flexible work option includes less direct supervision, assess how empowered employees feel to make decisions.
    • Assess whether all types of employees (e.g. virtual) are included, valued, and supported.

    How supportive are the attitudes and behaviors, especially of leaders?

    • Leaders set the expectations for acceptable behaviors in the organization. Determine how supportive leaders are toward flexible workers by examining their attitudes and perceptions.
    • Identify if employees are open to different ways of doing work.

    Determine the resources required for the option

    People

    Process

    		 Technology

    Do employees have the knowledge, skills, and abilities to adopt this option?

    • Identify any areas (e.g. process, technology) employees will need to be trained on and assess the associated costs.
    • Determine whether the option will require additional headcount to ensure operational continuity (e.g. two part-time employees in a job-sharing arrangement) and calculate associated costs (e.g. recruitment, training, benefits).

    How much will work processes need to change?

    • Interview organizational leaders with knowledge of the employee segment's core work processes. Determine whether a significant change will be required.
    • If a significant change is required, evaluate whether the benefits of the option outweigh the costs of the process and behavioral change (see the "net benefit" factor on slide 33).

    What new technologies will be required?

    • Identify the technology (e.g. that supports communication, work processes) required to enable the flexible work option.
    • Note whether existing technology can be used or additional technology will be required, and further investigate the viability and costs of these options.

    Examine the option's risks

    Data

    Health & Safety

    Legal

    How will data be kept secure?

    • Determine whether the organization's data policy and technology covers employees working remotely or other flexible work options.
    • If the employee segment handles sensitive data (e.g. personal employee information), consult relevant stakeholders to determine how data can be kept secure and assess any associated costs.

    How will employees' health and safety be impacted?

    • Consult your organization's legal counsel to determine whether the organization will be liable for the employees' health and safety while working from home or other locations.
    • Determine whether the organization's policies and processes will need to be modified.

    What legal risks might be involved?

    • Identify any policies in place or jurisdictional requirements to avoid any legal risks. Consult your organization's legal counsel about the situations below.
      • If the option causes significant changes to the nature of jobs, creating the risk of constructive dismissal.
      • If there are any risks to providing less supervision (e.g. higher chance of harassment).
      • When only some employee segments are eligible for the option, determine whether there is a risk of inequitable access.
      • If the option impacts any unionized employees or collective agreements.

    Determine whether the benefits of the option outweigh the costs

    Include senior leadership in the net benefit process to ensure any unfeasible options are removed from consideration before presenting to employees.

    1. Document the employee and employer benefits of the option from the previous feasibility factors on slides 29 to 32.
    • Include the benefits of reaching program goals identified in Step 1.
    • Quantify the benefits in dollar value where possible.
  • Document the costs and risks of the option, referring to the costs noted from previous feasibility factors.
    • Quantify the costs in dollar value where possible.
  • Compare the benefits and costs.
    • Add an option to your final list if the benefits are greater than the costs.

    • This is an image of a table with the main heading being Net Benefit, with the following subheadings: Benefits to organization; Benefits to employees; Costs.

    Info-Tech Insight

    Flexible work options must balance organizational and employee needs. If an option is beneficial to employees but there is little or no benefit to the organization as a whole, or if the cost of the option is too high, it will not support the long-term success of the organization.

    2.1a Identify and evaluate flexible work options

    30 minutes per employee segment per work option

    If you are only considering hybrid or remote work, skip to activity 2.1b. Use the guidelines on the preceding slides to conduct feasibility assessments.

    1. Shortlist flexible work options. Review the Flexible Work Options Catalog to identify and shortlist five to seven flexible work options that are best suited to address the challenges faced for each of the priority employee segments. Record these on the "Options Shortlist" tab of the workbook. Even if the decision is simple, ensure you record the rationale to help communicate your decision to employees. Transparent communication is the best way to avoid feelings of unfairness if desired work options are not implemented.
    2. Evaluate option feasibility. For each of the shortlisted options, complete one "Feasibility - Option" tab in the workbook. Make as many copies of this tab as needed.
      • When evaluating each option, consider each employee segment individually as you work through the prompts in the workbook. You may find that segments differ greatly in the feasibility of various types of flexible work. You will use this information to inform your overall policy and any exceptions to it.
      • You may need to involve each segment's management team to get an accurate picture of day-to-day responsibilities and flexible work feasibility.
    3. Weigh benefits and costs. At the end of each flexible work option evaluation, record the anticipated costs and benefits. Discuss whether this balance renders the option viable or rules it out.

    Download the Targeted Flexible Work Program Workbook

    Download the Flexible Work Options Catalog

    Input

    • List of employee segments

    Output

    • Shortlist of flexible work options
    • Feasibility analysis for each work option

    Materials

    • Targeted Flexible Work Program Workbook
    • Flexible Work Options Catalog

    Participants

    • Flexible work program committee
    • Employee segment managers

    2.1b Assess hybrid work feasibility

    30 minutes per employee segment

    Use the guidelines on the preceding slides to conduct a feasibility assessment. This exercise relies on having trialed hybrid or remote work before. If you have never implemented any degree of remote work, consider completing the full feasibility assessment in activity 2.1a.

    1. Evaluate hybrid work feasibility. Review the feasibility prompts on the "Work Unit Remote Work Assessment" tab and record your insight for each employee segment.
      • When evaluating each option, consider each employee segment individually as you work through the prompts in the workbook. You may find that segments differ greatly in their ability to accommodate hybrid work. You will use this information to inform your overall policy and any exceptions to it.
      • You may need to involve each segment's management team to get an accurate picture of day-to-day responsibilities and hybrid work feasibility.

    Download the Fast-Track Hybrid Work Program Workbook

    Input

    • List of employee segments

    Output

    • Feasibility analysis for each work option

    Materials

    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee
    • Employee segment managers

    Ask employees which options they prefer and gather feedback for implementation

    Deliver a survey and/or conduct focus groups with a selection of employees from all prioritized employee segments.

    Share

    • Present your draft list of options to select employees.
    • Communicate that the organization is in the process of assessing the feasibility of flexible work options and would like employee input to ensure flex work meets needs.
    • Be clear that the list is not final or guaranteed.

    Ask

    • Ask which options are preferred more than others.
    • Ask for feedback on each option – how could it be modified to meet employee needs better? Use this information to inform implementation in Step 3.

    Decide

    • Prioritize an option if many employees indicated an interest in it.
    • If employees indicate no interest in an option, consider eliminating it from the list, unless it will be required. There is no value in providing an option if employees won't use it.

    Survey

    • List the options and ask respondents to rate each on a Likert scale from 1 to 5.
    • Ask some open-ended questions with comment boxes for employee suggestions.

    Focus Group

    • Conduct focus groups to gather deeper feedback.
    • See Appendix I for sample focus group questions.

    Info-Tech Insight

    Prioritize flexible work options that employees want. Providing too many options often leads to information overload and results in employees not understanding what is available, lowering adoption of the flexible work program.

    Finalize options list with senior leadership

    1. Select one to three final options and outline the details of each. Include:
      • Scope: To what extent will the option be applied? E.g. work-from-home one or two days a week.
      • Eligibility: Which employee segments are eligible?
      • Cost: What investment will be required?
      • Critical implementation issues: Will any of the implementation issues identified for each feasibility factor impact whether the option will be approved?
      • Resources: What additional resources will be required (e.g. technology)?
    2. Present the options to stakeholders for approval. Include:
      • An outline of the finalized options, including what the option is and the scope, eligibility, and critical implementation issues.
      • The feasibility assessment results, including benefits, costs, and employee preferences. Have more detail from the other factors ready if leaders ask about them.
      • The investment (cost) required to implement the option.
    3. Proceed to Step 3 to implement approved options.

    Running an IT pilot of flex work

    • As a technology department, IT typically doesn't own flexible work implementation for the entire organization. However, it is common to trial flexible work options for IT first, before rolling out to the entire organization.
    • During a flex work pilot, ensure you are working closely with HR partners, especially regarding regulatory and compliance issues.
    • Keep the rest of the organizational stakeholders in the loop, especially regarding their agreement on the metrics by which the pilot's success will be evaluated.

    2.2a Finalize flexible work options

    2-3 hours + time to gather employee feedback

    If you are only considering hybrid or remote work, skip to activity 2.2b. Use the guidelines on the preceding slides to gather final feedback and finalize work option selections.

    1. Gather employee feedback. If employee preferences are already known, skip this step. If they are not, gather feedback to ascertain whether any of the shortlisted options are preferred. Remember that a successful flexible work program balances the needs of employees and the business, so employee preference is a key determinant in flexible work program success. Document this on the "Employee Preferences" tab of the workbook.
    2. Finalize flexible work options. Use your notes on the cost-benefit balance for each option, along with employee preferences, to decide whether the move forward with it. Record this decision on the "Options Final List" tab. Include information about eligible employee segments and any implementation challenges that came up during the feasibility assessments. This is the final decision summary that will inform your flexible program parameters and policies.

    Download the Targeted Flexible Work Program Workbook

    Input

    • Flexible work options shortlist

    Output

    • Final flexible work options list

    Materials

    • Targeted Flexible Work Program Workbook

    Participants

    • Flexible work program committee

    2.2b Finalize hybrid work parameters

    2-3 hours + time to gather employee feedback

    Use the guidelines on the preceding slides to gather final feedback and finalize work option selections.

    1. Summarize feasibility analysis. On the "Program Parameters" tab, record the main insights from your feasibility analysis. Finalize important elements, including eligibility for hybrid/remote work by employee segment. Additionally, record the standard parameters for the program (i.e. those that apply to all employee segments) and variable parameters (i.e. ones that differ by employee segment).

    Download the Fast-Track Hybrid Work Program Workbook

    Input

    • Hybrid work feasibility analysis

    Output

    • Final hybrid work program parameters

    Materials

    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee

    Step 3

    Implement selected option(s)

    1. Assess employee and organizational flexibility needs
    2. Identify potential flex options and assess feasibility
    3. Implement selected option(s)

    After completing this step, you will have:

    • Addressed implementation issues and cultural barriers
    • Equipped the organization to adopt flexible work options successfully
    • Piloted the program and assessed its success
    • Developed a plan for program rollout and communication
    • Established a program evaluation plan
    • Aligned HR programs to support the program

    Solve the implementation issues identified in your feasibility assessment

    1. Identify a solution for each implementation issue documented in the Targeted Flexible Work Program Workbook. Consider the following when identifying solutions:
      • Scope: Determine whether the solution will be applied to one or all employee segments.
      • Stakeholders: Identify stakeholders to consult and develop a solution. If the scope is one employee segment, work with organizational leaders of that segment. When the scope is the entire organization, consult with senior leaders.
      • Implementation: Collaborate with stakeholders to solve implementation issues. Balance the organizational and employee needs, referring to data gathered in Steps 1 and 2.

    Example:

    Issue

    Solution

    Option 1: Hybrid work

    Brainstorming at the beginning of product development benefits from face-to-face collaboration.

    Block off a "brainstorming day" when all team members are required in the office.

    Employee segment: Product innovation team

    One team member needs to meet weekly with the implementation team to conduct product testing.

    Establish a schedule with rotating responsibility for a team member to be at the office for product testing; allow team members to swap days if needed.

    Address cultural barriers by involving leaders

    To shift a culture that is not supportive of flexible work, involve leaders in setting an example for employees to follow.

    Misconceptions

    Tactics to overcome them
    • Flexible workers are less productive.
    • Flexible work disrupts operations.
    • Flexible workers are less committed to the organization.
    • Flexible work only benefits employees, not the organization.
    • Employees are not working if they aren't physically in the office.

    Make the case by highlighting challenges and expected benefits for both the organization and employees (e.g. same or increased productivity). Use data in the introductory section of this blueprint.

    Demonstrate operational feasibility by providing an overview of the feasibility assessment conducted to ensure operational continuity.

    Involve most senior leadership in communication.

    Encourage discovery and exploration by having managers try flexible work options themselves, which will help model it for employees.

    Highlight success stories within the organization or from competitors or similar industries.

    Invite input from managers on how to improve implementation and ownership, which helps to discover hidden options.

    Shift symbols, values, and behaviors

    • Work with senior leaders to identify symbols, values, and behaviors to modify to align with the selected flexible work options.
    • Validate that the final list aligns with your organization's mission, vision, and values.

    Info-Tech Insight

    Leaders' collective support of the flexible program determines the program's successful adoption. Don't sweep cultural barriers under the rug; acknowledge and address them to overcome them.

    Equip the organization for successful implementation

    Info-Tech recommends providing managers and employees with a guide to flexible work, introducing policies, and providing training for managers.

    Provide managers and employees with a guide to flexible work

    Introduce appropriate organization policies

    Equip managers with the necessary tools and training

    Use the guide to:

    • Familiarize employees and managers with the flexible work program.
    • Gain employee and manager buy-in and support for the program.
    • Explain the process and give guidance on selecting flexible work options and working with their colleagues to make it a success.

    Use Info-Tech's customizable policy templates to set guidelines, outline arrangements, and scope the organization's flexible work policies. This is typically done by, or in collaboration with, the HR department.

    Download the Guide to Flexible Work for Managers and Employees

    Download the Flex Location Policy

    Download the Flex Time-Off Policy

    Download the Flex Time Policy

    3.1 Prepare for implementation

    2-3 hours

    Use the guidelines on the preceding slides to brainstorm solutions to implementation issues and prepare to communicate program rollout to stakeholders.

    1. Solve implementation issues.
      • If you are working with the Targeted Flexible Work Program Workbook: For each implementation challenge identified on the "Final Options List" tab, brainstorm solutions. If you are working with the Fast-Track Hybrid Work Program Workbook: Work through the program enablement prompts on the "Program Enablement" tab.
      • You may need to involve relevant stakeholders to help you come up with appropriate solutions for each employee segment.
      • Ensure that any anticipated cultural barriers have been documented and are addressed during this step. Don't underestimate the importance of a supportive organizational culture to the successful rollout of flexible work.
    2. Prepare the employee guide. Modify the Guide to Flexible Work for Managers and Employees template to reflect your final work options list and the processes and expectations employees will need to follow.
    3. Create a communication plan. Use Info-Tech's Communicate Any IT Initiative blueprint and Appendix II to craft your messaging.

    Download the Guide to Flexible Work for Managers and Employees

    Download the Targeted Flexible Work Program Workbook

    Input

    • Flexible work options final list

    Output

    • Employee guide to flexible work
    • Flexible work rollout communication plan

    Materials

    • Guide to Flexible Work for Managers and Employees
    • Targeted Flexible Work Program Workbook
      Or
    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee
    • Employee segment managers

    Run an IT pilot for flexible work

    Prepare for pilot

    Launch Pilot

    Identify the flexible work options that will be piloted.

    • Refer to the final list of selected options for each priority segment to determine which options should be piloted.

    Select pilot participants.

    • If not rolling out to the entire IT department, look for the departments and/or team(s) where there is the greatest need and the biggest interest (e.g. team with lowest engagement scores).
    • Include all employees within the department, or team if the department is too large, in the pilot.
    • Start with a group whose managers are best equipped for the new flexibility options.

    Create an approach to collect feedback and measure the success of the pilot.

    • Feedback can be collected using surveys, focus groups, and/or targeted in-person interviews.

    The length of the pilot will greatly vary based on which flexible work options were selected (e.g. seasonal hours will require a shorter pilot period compared to implementing a compressed work week). Use discretion when deciding on pilot length and be open to extending or shortening the pilot length as needed.

    Launch pilot.

    • Launch the program through a town hall meeting or departmental announcement to build excitement and buy-in.
    • Develop separate communications for employee segments where appropriate. See Appendix II for key messaging to include.

    Gather feedback.

    • The feedback will be used to assess the pilot's success and to determine what modifications will be needed later for a full-scale rollout.
    • When gathering feedback, tailor questions based on the employee segment but keep themes similar. For example:
      • Employees: "How did this help your day-to-day work?"
      • Managers: "How did this improve productivity on your team?"

    Track metrics.

    • The success of the pilot is best communicated using your department's unique KPIs.
    • Metrics are critical for:
      • Accurately determining pilot success.
      • Getting buy-in to expand the pilot beyond IT.
      • Justifying to employees any changes made to the flexible work options.

    Assess the pilot's success and determine next steps

    Review the feedback collected on the previous slide and use this decision tree to decide whether to relaunch a pilot or proceed to a full-scale rollout of the program.

    This is an image of the flow chart used to assess the pilot's success and determine the next steps. It will help you to determine whether you will Proceed to full-scale rollout on next slide, Major modifications to the option/launch (e.g. change operating time) – adjust and relaunch pilot or select a new employee segment and relaunch pilot, Minor modifications to the option/launch (e.g. introduce additional communications) – adjust and proceed to full scale rollout, or Return to shortlist (Step 2) and select a different option or launch pilot with a different employee segment.

    Prepare for full-scale rollout

    If you have run a team pilot prior to rolling out to all of IT, or run an IT pilot before an organizational rollout, use the following steps to transition from pilot to full rollout.

    1. Determine modifications
      • Review the feedback gathered during the pilot and determine what needs to change for a full-scale implementation.
      • Update HR policies and programs to support flexible work. Work closely with your HR business partner and other organizational leaders to ensure every department's needs are understood and compliance issues are addressed.
    2. Roll out and evaluate
      • Roll out the remainder of the program (e.g. to other employee segments or additional flexible work options) once there is significant uptake of the pilot by the target employee group and issues have been addressed.
      • Determine how feedback will be gathered after implementation, such as during engagement surveys, new hire and exit surveys, stay interviews, etc., and assess whether the program continues to meet employee and organizational needs.

    Rolling out beyond IT

    For a rollout beyond IT, HR will likely take over.

    However, this is your chance to remain at the forefront of your organization's flexible work efforts by continuing to track success and gather feedback within IT.

    Align HR programs and organizational policies to support flexible work

    Talent Management

    Learning & Development

    Talent Acquisition

    Reinforce managers' accountability for the success of flexible work in their teams:

    • Include "managing virtual teams" in the people management leadership competency.
    • Recognize managers who are modeling flexible work.

    Support flexible workers' career progression:

    • Monitor the promotion rates of flexible workers vs. non-flexible workers.
    • Make sure flexible workers are discussed during talent calibration meetings and have access to career development opportunities.

    Equip managers and employees with the knowledge and skills to make flexible work successful.

    • Provide guidance on selecting the right options and maintaining workflow.
    • If moving to a virtual environment, train managers on how to make it a success.

    Incorporate the flexible work program into the organization's employee value proposition to attract top talent who value flexible work options.

    • Highlight the program on the organization's career site and in job postings.

    Organizational policies

    Determine which organizational policies will be impacted as a result of the new flexible work options. For example, the introduction of flex time off can result in existing vacation policies needing to be updated.

    Plan to re-evaluate the program and make improvements

    Collect data

    Collect data

    Act on data

    Uptake

    Gather data on the proportion of employees eligible for each option who are using the option.

    If an option is tracking positively:

    • Maintain or expand the program to more of the organization.
    • Conduct a feasibility assessment (Step 2) for new employee segments.

    Satisfaction

    Survey managers and employees about their satisfaction with the options they are eligible for and provide an open box for suggestions on improvements.

    If an option is tracking negatively:

    • Investigate why. Gather additional data, interview organizational leaders, and/or conduct focus groups to gain deeper insight.
    • Re-assess the feasibility of the option (Step 2). If the costs outweigh the benefits based on new data, determine whether to cancel the option.
    • Take appropriate action based on the outcome of the evaluation, such as modifying or cancelling the option or providing employees with more support.
      • Note: Cancelling an option can impact the engagement of employees using the option. Ensure that the data, reasons for cancelling the option, and potential substitute options are communicated to employees in advance.

    Program goal progress

    Monitor progress against the program goals and metrics identified in Step 1 to evaluate the impact on issues that matter to the organization (e.g. retention, productivity, diversity).

    Career progression

    Evaluate flexible workers' promotion rates and development opportunities to determine if they are developing.

    Info-Tech Insight

    Negative performance of a flexible work option does not necessarily mean failure. Take the time to evaluate whether the option simply needs to be tweaked or whether it truly isn't working for the organization.

    Insight summary

    Overarching insight: IT excels at hybrid location work and is more effective as a business function when location, time, and time-off flexibility are an option for its employees.

    Introduction

    • Flexible work options are not a concession to lower productivity. Properly implemented, flex work enables employees to be more productive at reaching business goals.
    • Employees' lived experiences and needs determine if people use flexible work programs – a flex program that has limited use or excludes people will not benefit the organization.
    • Flexible work benefits everyone. IT employees experience greater engagement, motivation, and company loyalty. IT organizations realize benefits such as better service coverage, reduced facilities costs, and increased productivity.

    Step 1 insight

    • Hybrid work is a start. A comprehensive flex work program extends beyond flexible location to flexible time and time off. Organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent. Provide greater inclusivity to employees by broadening the scope to include flex location, flex time, and flex time off.
    • No two employee segments are the same. To be effective, flexible work options must align with the expectations and working processes of each segment.

    Step 2 insight

    • Every role is eligible for hybrid location work. If onsite work duties prevent an employee group from participating, see if processes can be digitized or automated. Flexible work is an opportunity to go beyond current needs to future proofing your organization.
    • Flexible work options must balance organizational and employee needs. If an option is beneficial to employees but there is little or no benefit to the organization, or if the cost of the option is too high, it will not support the long-term success of the organization.
    • Prioritize flexible work options that employees want. Providing too many options often leads to information overload and results in employees not understanding what is available, lowering adoption of the flexible work program.

    Step 3 insight

    • Leaders' collective support of the flexible program determines the program's successful adoption. Don't sweep cultural barriers under the rug; acknowledge and address them to overcome them.
    • Negative performance of a flexible work option does not necessarily mean failure. Take the time to evaluate whether the option simply needs to be tweaked or whether it truly isn't working for the organization.
    • A set of formal guidelines for IT ensures flexible work is:
      1. Administered fairly across all IT employees.
      2. Defensible and clear.
      3. Scalable to the rest of the organization.

    Research Contributors and Experts

    Quinn Ross
    CEO
    The Ross Firm Professional Corporation

    Margaret Yap
    HR Professor
    Ryerson University

    Heather Payne
    CEO
    Juno College

    Lee Nguyen
    HR Specialist
    City of Austin

    Stacey Spruell
    Division HR Director
    Travis County

    Don MacLeod
    Chief Administrative Officer
    Zorra Township

    Stephen Childs
    CHRO
    Panasonic North America

    Shawn Gibson
    Sr. Director
    Info Tech Research Group

    Mari Ryan
    CEO/Founder
    Advancing Wellness

    Sophie Wade
    Founder
    Flexcel Networks

    Kim Velluso
    VP Human Resources
    Siemens Canada

    Lilian De Menezes
    Professor of Decision Sciences
    Cass Business School, University of London

    Judi Casey
    WorkLife Consultant and former Director, Work and Family Researchers Network
    Boston College

    Chris Frame
    Partner – Operations
    LiveCA

    Rose M. Stanley, CCP, CBP, WLCP, CEBS
    People Services Manager
    Sunstate Equipment Co., LLC

    Shari Lava
    Director, Vendor Research
    Info-Tech Research Group

    Carol Cochran
    Director of People & Culture
    FlexJobs

    Kidde Kelly
    OD Practitioner

    Dr. David Chalmers
    Adjunct Professor
    Ted Rogers School of Management, Ryerson University

    Kashmira Nagarwala
    Change Manager
    Siemens Canada

    Dr. Isik U. Zeytinoglu
    Professor of Management and Industrial Relations McMaster University, DeGroote School of Business

    Claire McCartney
    Diversity & Inclusion Advisor
    CIPD

    Teresa Hopke
    SVP of Client Relations
    Life Meets Work – www.lifemeetswork.com

    Mark Tippey
    IT Leader and Experienced Teleworker

    Dr. Kenneth Matos
    Senior Director of Research
    Families and Work Institute

    1 anonymous contributor

    Appendix I: Sample focus group questions

    See Info-Tech's Focus Group Guidefor guidance on setting up and delivering focus groups. Customize the guide with questions specific to flexible work (see sample questions below) to gain deeper insight into employee preferences for the feasibility assessment in Step 2 of this blueprint.

    Document themes in the Targeted Flexible Work Program Workbook.

    • What do you need to balance/integrate your work with your personal life?
    • What challenges do you face in achieving work-life balance/integration?
    • What about your job is preventing you from achieving work-life balance/integration?
    • How would [flexible work option] help you achieve work-life balance/integration?
    • How well would this option work with the workflow of your team or department? What would need to change?
    • What challenges do you see in adopting [flexible work option]?
    • What else would be helpful for you to achieve work-life balance/integration?
    • How could we customize [flexible work option] to ensure it meets your needs?
    • If this program were to fail, what do you think would be the top reasons and why?

    Appendix II: Communication key messaging

    1. Program purpose

    Start with the name and high-level purpose of the program.

    2. Business reasons for the program

    Share data you gathered in Step 1, illustrating challenges causing the need for the program and the benefits.

    3. Options selection process

    Outline the process followed to select options. Remember to share the involvement of stakeholders and the planning around employees' feedback, needs, and lived experiences.

    4. Options and eligibility

    Provide a brief overview of the options and eligibility. Specify that the organization is piloting these options and will modify them based on feedback.

    5. Approval not guaranteed

    Qualify that employees need to be "flexible about flexible work" – the options are not guaranteed and may sometimes be unavailable for business reasons.

    6. Shared responsibility

    Highlight the importance of everyone (managers, flexible workers, the team) working together to make flexible work achievable.

    7. Next steps

    Share any next steps, such as where employees can find the organization's Guide to Flexible Work for Managers and Employees, how to make flexible work a success, or if managers will be providing further detail in a team meeting.

    8. Ongoing communications

    Normalize the program and embed it in organizational culture by continuing communications through various media, such as the organization's newsletter or announcements in town halls.

    Works Cited

    Baziuk, Jennifer, and Duncan Meadows. "Global Employee Survey - Key findings and implications for ICMIF." EY, June 2021. Accessed May 2022.
    "Businesses suffering 'commitment issues' on flexible working," EY, 21 Sep. 2021. Accessed May 2022.
    "IT Talent Trends 2022". Info-Tech Research Group, 2022.
    "Jabra Hybrid Ways of Working: 2021 Global Report." Jabra, Aug. 2021. Accessed May 2022.
    LinkedIn Talent Solutions. "2022 Global Talent Trends." LinkedIn, 2022. Accessed May 2022.
    Lobosco, Mark. "The Future of Work is Flexible: 71% of Leaders Feel Pressure to Change Working Models." LinkedIn, 9 Sep. 2021. Accessed May 2022.
    Ohm, Joy, et al. "Covid-19: Women, Equity, and Inclusion in the Future of Work." Catalyst, 28 May 2020. Accessed May 2022.
    Pelta, Rachel. "Many Workers Have Quit or Plan to After Employers Revoke Remote Work." FlexJobs, 2021. Accessed May 2022.
    Slack Future Forum. "Inflexible return-to-office policies are hammering employee experience scores." Slack, 19 April 2022. Accessed May 2022.
    "State of Hybrid Work in IT: A Trend Report". Info-Tech Research Group, 2023.
    Threlkeld, Kristy. "Employee Burnout Report: COVID-19's Impact and 3 Strategies to Curb It." Indeed, 11 March 2021. Accessed March 2022.

    Transition Projects Over to the Service Desk

    • Buy Link or Shortcode: {j2store}495|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • IT suffers from a lack of strategy and plan for transitioning support processes to the service desk.
    • Lack of effective communication between the project delivery team and the service desk, leads to an inefficient knowledge transfer to the service desk.
    • New service is not prioritized and categorized, negatively impacting service levels and end-user satisfaction.

    Our Advice

    Critical Insight

    Make sure to build a strong knowledge management strategy to identify, capture, and transfer knowledge from project delivery to the service desk.

    Impact and Result

    • Build touchpoints between the service desk and project delivery team and make strategic points in the project lifecycles to ensure service support is done effectively following the product launch.
    • Develop a checklist of action items on the initiatives that should be done following project delivery.
    • Build a training plan into the strategy to make sure service desk agents can handle tickets independently.

    Transition Projects Over to the Service Desk Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Transition Projects Over to the Service Desk – A guideline to walk you through transferring project support to the service desk.

    This storyboard will help you craft a project support plan to document information to streamline service support.

    • Transition Projects Over to the Service Desk Storyboard

    2. Project Handover and Checklist – A structured document to help you record information on the project and steps to take to transfer support.

    Use these two templates as a means of collaboration with the service desk to provide information on the application/product, and steps to take to make sure there are efficient service processes and knowledge is appropriately transferred to the service desk to support the service.

    • Project Handover Template
    • Service Support Transitioning Checklist
    [infographic]

    Further reading

    Transition Projects Over to the Service Desk

    Increase the success of project support by aligning your service desk and project team.

    Analyst Perspective

    Formalize your project support plan to shift customer service to the service desk.

    Photo of Mahmoud Ramin, Senior Research Analyst, Infrastructure and Operations, Info-Tech Research Group

    As a service support team member, you receive a ticket from an end user about an issue they’re facing with a new application. You are aware of the application release, but you don’t know how to handle the issue. So, you will need to either spend a long time investigating the issue via peer discussion and research or escalate it to the project team.

    Newly developed or improved services should be transitioned appropriately to the support team. Service transitioning should include planning, coordination, and communication. This helps project and support teams ensure that upon a service failure, affected end users receive timely and efficient customer support.

    At the first level, the project team and service desk should build a strategy around transitioning service support to the service desk by defining tasks, service levels, standards, and success criteria.

    In the second step, they should check the service readiness to shift support from the project team to the service desk.

    The next step is training on the new services via efficient communication and coordination between the two parties. The project team should allocate some time, according to the designed strategy, to train the service desk on the new/updated service. This will enable the service desk to provide independent service handling.

    This research walks you through the above steps in more detail and helps you build a checklist of action items to streamline shifting service support to the service desk.

    Mahmoud Ramin, PhD

    Senior Research Analyst
    Infrastructure and Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • IT suffers from a lack of strategy and planning for transitioning support processes to the service desk.
    • Lack of effective communication between the project delivery team and the service desk leads to an inefficient knowledge transfer to the service desk.
    • New service is not prioritized and categorized, negatively impacting service levels and end-user satisfaction.

    Common Obstacles

    • Building the right relationship between the service desk and project team is challenging, making support transition tedious.
    • The service desk is siloed; tasks and activities are loosely defined. Service delivery is inconsistent, which impacts customer satisfaction.
    • Lack of training on new services forces the service desk to unnecessarily escalate tickets to other levels and delays service delivery.

    Info-Tech’s Approach

    • Build touchpoints between the service desk and project delivery team and make strategic points in the project lifecycles to ensure service support is done effectively following the product launch.
    • Develop a checklist of action items on the initiatives that should be done following project delivery.
    • Build a training plan into the strategy to make sure service desk agents can handle tickets independently.

    Info-Tech Insight

    Make sure to build a strong knowledge management strategy to identify, capture, and transfer knowledge from project delivery to the service desk.

    A lack of formal service transition process presents additional challenges

    When there is no formal transition process following a project delivery, it will negatively impact project success and customer satisfaction.

    Service desk team:

    • You receive a request from an end user to handle an issue with an application or service that was recently released. You are aware of the features but don’t know how to solve this issue particularly.
    • You know someone in the project group who is familiar with the service, as he was involved in the project. You reach out to him, but he is very busy with another project.
    • You get back to the user to let them know that this will be done as soon as the specialist is available. But because there is no clarity on the scope of the issue, you cannot tell them when this will be resolved.
    • Lack of visibility and commitment to the service recovery will negatively impact end-user satisfaction with the service desk.

    Project delivery team:

    • You are working on an exciting project, approaching the deadline. Suddenly, you receive a ticket from a service desk agent asking you to solve an incident on a product that was released three months ago.
    • Given the deadline on the current project, you are stressed, thinking about just focusing on the projects. On the other hand, the issue with the other service is impacting multiple users and requires much attention.
    • You spend extra time handling the issue and get back to your project. But a few days later the same agent gets back to you to take care of the same issue.
    • This is negatively impacting your work quality and causing some friction between the project team and the service desk.

    Link how improvement in project transitioning to the service desk can help service support

    A successful launch can still be a failure if the support team isn't fully informed and prepared.

    • In such a situation, the project team sends impacted users a mass notification without a solid plan for training and no proper documentation.
    • To provide proper customer service, organizations should involve several stakeholder groups to collaborate for a seamless transition of projects to the service desk.
    • This shift in service support takes time and effort; however, via proper planning there will be less confusion around customer service, and it will be done much faster.
      • For instance, if AppDev is customizing an ERP solution without considering knowledge transfer to the service desk, relevant tickets will be unnecessarily escalated to the project team.
    • On the other hand, the service desk should update configuration items (CIs) and the service catalog and related requests, incidents, problems, and workarounds to the relevant assets and configurations.
    • In this transition process, knowledge transfer plays a key role. Users, the service desk, and other service support teams need to know how the new application or service works and how to manage it when an issue arises.
    • Without a knowledge transfer, service support will be forced to either reinvent the wheel or escalate the ticket to the development team. This will unnecessarily increase the time for ticket handling, increase cost per ticket, and reduce end-user satisfaction.

    Info-Tech Insight

    Involve the service desk in the transition process via clear communication, knowledge transfer, and staff training.

    Integrate the service desk into the project management lifecycle for a smooth transition of service support

    Service desk involvement in the development, testing, and maintenance/change activity steps of your project lifecycle will help you logically define the category and priority level of the service and enable service level improvement accordingly after the project goes live.

    Project management lifecycle

    As some of the support and project processes can be integrated, responsibility silos should be broken

    Processes are done by different roles. Determine roles and responsibilities for the overlapping processes to streamline service support transition to the service desk.

    The project team is dedicated to projects, while the support team focuses on customer service for several products.

    Siloed responsibilities:

    • Project team transfers the service fully to the service desk and leaves technicians alone for support without a good knowledge transfer.
    • Specialists who were involved in the project have deep knowledge about the product, but they are not involved in incident or problem management.
    • Service desk was not involved in the planning and execution processes, which leads to lack of knowledge about the product. This leaves the support team with some vague knowledge about the service, which negatively impacts the quality of incident and problem management.

    How to break the silos:

    Develop a tiered model for the service desk and include project delivery in the specialist tier.

    • Use tier 1 (service desk) as a single point of contact to support all IT services.
    • Have tier 2/3 as experts in technology. These agents are a part of the project team. They are also involved in incident management, root-cause analysis, and change management.

    Determine the interfaces

    At the project level, get a clear understanding of support capabilities and demands, and communicate them to the service desk to proactively bring them into the planning step.

    The following questions help you with an efficient plan for support transition

    Questions for support transition

    Clear responsibilities help you define the level of involvement in the overlapping processes

    Conduct a stakeholder analysis to identify the people that can help ensure the success of the transition.

    Goal: Create a prioritized list of people who are affected by the new service and will provide support.

    Why is stakeholder analysis essential?

    Why is stakeholder analysis essential

    Identify the tasks that are required for a successful project handover

    Embed the tasks that the project team should deliver before handing support to the service desk.

    Task/Activity Example

    Conduct administrative work in the application
    • New user setup
    • Password reset

    Update documentation
    • Prepare for knowledge transfer>
    Service request fulfillment/incident management
    • Assess potential bugs
    Technical support for systems troubleshooting
    • Configure a module in ITSM solution

    End-user training
    • FAQs
    • How-to questions
    Service desk training
    • Train technicians for troubleshooting

    Support management (monitoring, meeting SLAs)
    • Monitoring
    • Meeting SLAs

    Report on the service transitioning
    • Transition effectiveness
    • Four-week warranty period
    Ensure all policies follow the transition activities
    • The final week of transition, the service desk will be called to a meeting for final handover of incidents and problems

    Integrate project description and service priority throughout development phase

    Include the service desk in discussions about project description, so it will be enabled to define service priority level.

    • Project description will be useful for bringing the project forward to the change advisory board (CAB) for approval and setting up the service in the CMDB.
    • Service priority is used for adding the next layer of attributes to the CMDB for the service and ensuring the I&O department can set up systems monitoring.
    • This should be done early in the process in conjunction with the project manager and business sponsors.
    • It should be done as the project gets underway and the team can work on specifically where that milestone will be in each project.
    • What to include in the project description:
      • Name
      • Purpose
      • Publisher
      • Departments that will use the service
      • Service information
      • Regulatory constrains
    • What to include in the service priority information:
      • Main users
      • Number of users
      • Service requirements
      • System interdependencies
      • Criticality of the dependent systems
      • Service category
      • Service SME and support backup
      • System monitoring resources
      • Alert description and flow

    Document project description and service priority in the Project Handover Template.

    Embed service levels and maintenance information

    Include the service desk in discussions about project description, so it will be enabled to define service priority level.

    • Service level objectives (SLOs) will be added to CMDB to ensure the product is reviewed for business continuity and disaster recovery and that the service team knows what is coming.
    • This step will be good to start thinking about training agents and documenting knowledgebase (KB) articles.
    • What to include in SLO:
      • Response time
      • Resolution time
      • Escalation time
      • Business owner
      • Service owner
      • Vendor(s)
      • Vendor warranties
      • Data archiving/purging
      • Availability list
      • Business continuity/recovery objectives
      • Scheduled reports
      • Problem description
    • Maintenance and change requirements: You should add maintenance windows to the change calendar and ensure the maintenance checklist is added to KB articles and technician schedules.
    • What to include in maintenance and change requirements:
      • Scheduled events for the launch
      • Maintenance windows
      • Module release
      • Planned upgrades
      • Anticipated intervals for changes and trigger points
      • Scheduled batches

    Document service level objectives and maintenance in the Project Handover Template.

    Enhance communication between the project team and the service desk

    Communicating with the service desk early and often will ensure that agents fully get a deep knowledge of the new technology.

    Transition of a project to the service desk includes both knowledge transfer and execution transfer.

    01

    Provide training and mentoring to ensure technical knowledge is passed on.

    02

    Transfer leadership responsibilities by appointing the right people.

    03

    Transfer support by strategically assigning workers with the right technical and interpersonal skills.

    04

    Transfer admin rights to ensure technicians have access rights for troubleshooting.

    05

    Create support and a system to transfer work process. For example, using an online platform to store knowledge assets is a great way for support to access project information.

    Info-Tech Insight

    A communication plan and executive presentation will help project managers outline recommendations and communicate their benefits.

    Communicate reasons for projects and how they will be implemented

    Proactive communication of the project to affected stakeholders will help get their buy-in for the new technology and feedback for better support.

    Leaders of successful change spend considerable time developing a powerful change message, i.e. a compelling narrative that articulates the desired end state, that makes the change concrete and meaningful to staff.

    The message should:

    • Explain why the change or new application is needed.
    • Summarize what will stay the same.
    • Highlight what will be left behind.
    • Emphasize what is being changed due to the new or updated product.
    • Explain how the application will be implemented.
    • Address how this will affect various roles in the organization.
    • Discuss the staff’s role in making the project successful.
    • Communicate the supporting roles in the early implementation stages and later on.

    Five elements of communicating change

    Implement knowledge transfer to the service desk to ensure tickets won’t be unnecessarily escalated

    The support team usually uses an ITSM solution, while the project team mostly uses a project management solution. End users’ support is done and documented in the ITSM tool.

    Even terminologies used by these teams are different. For instance, service desk’s “incident” is equivalent to a project manager’s “defect.” Without proper integration of the development and support processes, the contents get siloed and outdated over time.

    Potential ways to deal with this challenge:

    Use the same platform for both project and service support

    This helps you document information in a single platform and provides better visibility of the project status to the support team as well. It also helps project team find out change-related incidents for a faster rollback.

    Note: This is not always feasible because of the high costs incurred in purchasing a new application with both ITSM and PM capabilities and the long time it takes for implementing such a solution.

    Integrate the PM and ITSM tools to improve transition efficiency

    Note: Consider the processes that should be integrated. Don’t integrate unnecessary steps in the development stage, such as design, which will not be helpful for support transition.

    Build a training plan for the new service

    When a new system is introduced or significant changes are applied, describe the steps and timeline for training.

    Training the service desk has two-fold benefits:
    Improve support:
    • Support team gets involved in user acceptance testing, which will provide feedback on potential bugs or failures in the technology.
    • Collaboration between specialists and tier 1 technicians will allow the service desk to gather information for handling potential incidents on the application.
    Shift-left enablement:
    • At the specialist level, agents will be more focused on other projects and spend less time on application issues, as they are mostly handled by the service desk.
    • As you shift service support left:
      • Cost per ticket decreases as more of the less costly resources are doing the work.
      • Average time to resolve decreases as the ticket is handled by the service desk.
      • End-user satisfaction increases as they don’t need to wait long for resolution.

    Who resolves the incident

    For more information about shift-left enablement, refer to InfoTech’s blueprint Optimize the Service Desk With a Shift-Left Strategy.

    Integrate knowledge management in the transition plan

    Build a knowledge transfer process to streamline service support for the newly developed technology.

    Use the following steps to ensure the service desk gets trained on the new project.

    1. Identify learning opportunities.
    2. Prioritize the identified opportunities based on:
    • Risk of lost knowledge
    • Impact of knowledge on support improvement
  • Define ways to transfer knowledge from the project team to the service desk. These could be:
    • One-on-one meetings
    • Mentoring sessions
    • Knowledgebase articles
    • Product road test
    • Potential incident management shadowing
  • Capture and transfer knowledge (via the identified means).
  • Support the service desk with further training if the requirement arises.
    		•
    Info-Tech Insight

    Allocate knowledge transfer within ticket handling workflows. When incident is resolved by a specialist, they will assess if it is a good candidate for technician training and/or a knowledgebase article. If so, the knowledge manager will be notified of the opportunity to assign it to a SME for training and documentation of an article.

    For more information about knowledge transfer, refer to phase 3 of Info-Tech’s blueprint Standardize the Service Desk.

    Focus on the big picture first

    Identify training functions and plan for a formal knowledge transfer

    1. Brainstorm training functions for each group.
    2. Determine the timeline needed to conduct training for the identified training topics.
    RoleTraining FunctionTimeline

    Developer/Technical Support
    • Coach the service desk on the new application
    • Document relevant KB articles
    Business Analysts
    • Conduct informational interviews for new business requirements

    Service Desk Agents
    • Conduct informational interviews
    • Shadow incident management procedures
    • Document lessons learned
    Vendor
    • Provide cross-training to support team

    Document your knowledge transfer plan in the Project Handover Template.

    Build a checklist of the transition action items

    At this stage, the project is ready to go live and support needs to be independently done by the service desk.

    Checklist of the transition action items

    Info-Tech Insight

    No matter how well training is done, specialists may need to work on critical incidents and handle emergency changes. With effective service support and transition planning, you can make an agreement between the incident manager, change manager, and project manager on a timeline to balance critical incident or emergency change management and project management and define your SLA.

    Activity: Prepare a checklist of initiatives before support transition

    2-3 hours

    Document project support information and check off each support transition initiative as you shift service support to the service desk.

    1. As a group, review the Project Handover Template that you filled out in the previous steps.
    2. Download the Service Support Transitioning Checklist, and review the items that need to be done throughout the development, testing, and deployment steps of your project.
    3. Brainstorm at what step service desk needs to be involved.
    4. As you go through each initiative and complete it, check it off to make sure you are following the agreed document for a smooth transition of service support.
    Input Output
    • Project information
    • Support information for developed application/service
    • List of transitioning initiatives
    MaterialsParticipants
    • Project Handover Template
    • Service Support Transitioning Checklist
    • Project Team
    • Service Desk Manager
    • IT Lead

    Download the Project Handover Template

    Download the Service Support Transitioning Checklist

    Define metrics to track the success of project transition

    Consider key metrics to speak the language of targeted end users.

    You won’t know if transitioning support processes are successful unless you measure their impact. Find out your objectives for project transition and then track metrics that will allow you to fulfill these goals.

    Determine critical success factors to help you find out key metrics:

    High quality of the service

    Effectiveness of communication of the transition

    Manage risk of failure to help find out activities that will mitigate risk of service disruption

    Smooth and timely transition of support to the service desk

    Efficient utilization of the shared services and resources to mitigate conflicts and streamline service transitioning

    Suggested metrics:

    • Time to fulfill requests and resolve incidents for the new project
    • Time spent training the service desk
    • Number of knowledgebase articles created by the project team
    • Percentage of articles used by the service desk that prevented ticket escalation
    • First-level resolution
    • Ratio of escalated tickets for the new project
    • Problem ticket volume for the new project
    • Average customer satisfaction with the new project support
    • SLA breach rate

    Summary of Accomplishment

    Problem Solved

    Following the steps outlined in this research has helped you build a strategy to shift service support from the project team to the service desk, resulting in an improvement in customer service and agent satisfaction.

    You have also developed a plan to break the silo between the service desk and specialists and enable knowledge transfer so the service desk will not need to unnecessarily escalate tickets to developers. In the meantime, specialists are also responsible for service desk training on the new application.

    Efficient communication of service levels has helped the project team set clear expectations for managers to create a balance between their projects and service support.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Related Info-Tech Research

    Standardize the Service Desk

    Improve customer service by driving consistency in your support approach and meeting SLAs.

    Optimize the Service Desk With a Shift-Left Strategy

    The best type of service desk ticket is the one that doesn’t exist.

    Tailor IT Project Management Processes to Fit Your Projects

    Right-size PMBOK for all of your IT projects.

    Works Cited

    Brown, Josh. “Knowledge Transfer: What it is & How to Use it Effectively.” Helpjuice, 2021. Accessed November 2022.

    Magowan, Kirstie. “Top ITSM Metrics & KPIs: Measuring for Success, Aiming for Improvement.” BMC Blogs, 2020. Accessed November 2022.

    “The Complete Blueprint for Aligning Your Service Desk and Development Teams (Process Integration and Best Practices).” Exalate, 2021. Accessed October 2022.

    “The Qualities of Leadership: Leading Change.” Cornelius & Associates, 2010. Web.

    Considerations for a Move to Virtual Desktops

    • Buy Link or Shortcode: {j2store}69|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Strategy
    • Parent Category Link: /end-user-computing-strategy
    • Hybrid work environments, remote from anywhere and any device, and the security concerns that go hand-in-hand with these strategies have accelerated the move to VDI and DaaS.
    • IT departments can encounter many obstacles to VDI and DaaS, many of which will be determined by your business model and other factors, including complicated shared infrastructure, inadequate training or insufficient staff, and security and compliance concerns.
    • If you do not consider how your end user will be impacted, you will run into multiple issues that affect end-user satisfaction, productivity, and adoption.
    • How will you manage and navigate the right solution for your organization?

    Our Advice

    Critical Insight

    • In the world of VDI and DaaS, if you do not get buy-in from the end user, the rate of adoption and the overall success of the implementation will prove difficult to measure. It will be impossible to calculate ROI even as you feel the impact of your TCO.

    Impact and Result

    • The dimensions of end-user experience can be broken down into four distinct categories that will impact not only the end user but also the business: performance, availability, functionality, and security.
    • Picturing your landscape in this framework will help clearly define your considerations when deciding on whether a VDI or DaaS solution is right for your business.

    Considerations for a Move to Virtual Desktops Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Considerations for a Move to Virtual Desktops Storyboard – A guide to the strategic, technical, and support implications that should be considered in support of a move to VDI or DaaS.

    By defining your goals, framing solutions based on end-user workloads, and understanding the pros and cons of various solutions, you can visualize what success looks like for your VDI/DaaS deployment. This includes defining your KPIs by end-user experience, knowing the decision gates for a successful deployment, and defining your hypothesis for value to make your decision more accurate and gain C-suite buy-in.

    • Considerations for a Move to Virtual Desktops Storyboard
    [infographic]

    Further reading

    What strategic, technical, and support implications should be considered in support of a move to VDI or DaaS?

    Executive Summary

    Insight

    End-user experience is your #1 consideration

    Virtual desktop infrastructure (VDI)/desktop as a service (DaaS) users expect their user experience to be at least equal to that provided by a physical PC, and they do not care about the underlying infrastructure. If the experience is less, then IT has failed in the considerations for VDI/ DaaS. In this research we analyze the data that the IT industry tracks but doesn't use or sometimes even look at regarding user experience (UX).

    Identify the gaps in your IT resources that are critical to success

    Understanding the strengths and weaknesses in your in-house technical skills and business requirements will assist you in making the right decision when it comes to VDI or DaaS solutions. In the case of DaaS this will include a managed service provider for small to medium-sized IT teams. Many IT teams lack a seasoned IT project manager who can identify gaps, risks, and weaknesses in the organization's preparedness. Redeploy your IT staff to new roles that impact management and monitoring of UX.

    IT should think about VDI and DaaS solutions

    Ultimately, IT needs to reduce its complexity, increase user satisfaction, reduce management and storage costs, and maintain a secure and effective environment for both the end user and the business. They must also ensure productivity standards throughout the considerations, strategically, tactically, and in support of a move to a VDI or DaaS solution.

    Executive Summary

    Your Challenge

    With the evolution of VDI over the last 15-plus years, there has been a proliferation of solutions, such as Citrix desktop services, VMware Horizon, and in-house hypervisor solutions (e.g. ESX hosts). There has also been a great deal of growth and competition of DaaS and SaaS solutions in the cloud space. Hybrid work environments, remote from anywhere and any device, and the security concerns that go hand-in-hand with these strategies have certainly accelerated the move to VDI and DaaS.

    How will you manage and navigate the right solution for your organization?

    		Common Obstacles

    IT departments can encounter many obstacles to VDI and DaaS, many of which will be determined by your business model and other factors, such as:

    • Complicated shared infrastructure such as federated multitenant partners and legacy app servers.
    • Inadequate in-house training or insufficient staff to execute migration or manage post-migration activates such as governance and retention policies.
    • Security, compliance, legal, and data classification concerns. Some security tools cannot be deployed in the cloud, limiting you to an on-premises solution.
    		Info-Tech’s Approach

    By defining your end goals, framing solutions based on end-user workloads, and understanding the pros and cons of what solution(s) will meet your needs, you can visualize what success looks like.

    1. Define your KPIs by end-user experience.
    2. Knowing what the decision gates are for a successful VDI/DaaS deployment will prove out your selection process.
    3. Define your hypothesis for value. How you determine value will make your decision more accurate and gain C-suite buy-in.

    Info-Tech Insight

    Every IT organization needs to be asking what success looks like. If you do not consider how your end user will be impacted, whether they are doing something as simple as holding a team meeting with voice and video or working with highly technical workloads on a virtual environment, you will run into multiple issues that affect end-user satisfaction, productivity, and adoption. Understand the tension metrics that may conflict with meeting business objectives and KPIs.

    Voice of the customer

    Client-Driven Insight

    Different industries have different requirements and issues, so they look at solutions differently.

    Info-Tech Insight

    If end-user experience is at the forefront of business requirements, then any solution that fits the business KPIs can be successful.

    Client Pain Point

    Description Indicators

    Flexible work environmentWhat VDI solution can support a work-from-anywhere scenario? Possible solutions: Azure Virtual Desktop, IGEL client, Citrix virtual apps, and desktop services.
    Security concerns Corporate resources need to be secure. Working with untrusted endpoints or unsecured locations. Using VPN-type solution.
    End-user experience What performance metrics should be used to evaluate UX? Are there issues around where the endpoint is located? What kind of link do they have to the virtual desktop? What solutions are there?
    Optimization of routing What routings need to take place to achieve reduced latency and improved experience?
    Multifactor authenticationSecurity features such as a multilayered MFA and corporate data protection.
    Business continuity What are the options when dealing with cloud outages, meeting SLAs, and building resilience?
    Optimizing app performance and response times Define users based on a multiuser environment. Engineers and designers require more CPU resources, which negatively impacts on other users. Optimize CPU to avoid this situation. MS Teams and video streaming apps are not performing in an optimized manner.
    Optimization of cloud costs Scalability and usage schedule. Minimize cloud costs with tools to handle workloads and usage.
    Third-party access outsourcingContractors and third parties accessing business resources need to control data and source code along with developer tools in a centrally managed SaaS.

    The enterprise end-user compute landscape is changing

    Starting on the left are three computer types 'Windows on a PC', 'Mac', and 'VDI on a Thick Client'. In the next part, the first two are combined into 'BYOD', and the tree begins at 'Win11'. Branches from Win11 are: 'DIY' which branches to 'Autopilot & Endpoint Manager (Intune)'; 'Outsource' which branches to 'Device as a Service' which brances to 'Dell', 'Lenovo', and 'HP'; and another branch from 'Outsource', 'Azure Desktop', Which snakes us around to the top of the diagram at 'VDI'. VDI branches to 'VDI on a thin client' and 'VDI on a Browser', then they both branch into 'DIY' which branches to 'Citrix', 'VMware', and 'Azure', and 'Outsource' which branches to 'Desktop as a Service Vendor'.

    Surveys are telling us a story

    Questions you should be asking before you create your RFP
    • What are the use cases and types of workloads?
    • What is the quality of the network connection and bandwidth for the user base?
    • What are the application requirements?
    • What type of end points does the user have and what is the configuration?
    • Where are the data storage containers, how are they accessed, and are there proximity constraints?
    • What is the business security and identity policy requirements?
    • What are the functional and nonfunctional requirements?
    • Will the virtual desktops be persistent or non-persistent?

    How would you rate the user experience on your VDI/DaaS solution?


    (Source: Hysolate, 2020)

    • 18% of CISOs say htue employees are happy with their company's VDI/DaaS solution
    • 82% say their employees are neutral or unhappy with their company's VDI/DaaS solution

    Info-Tech Insight

    Asking critical use-case questions should give you a clear picture of the end-user experience outcome.

    End-user KPI metrics are difficult to gather

    Security is always quoted as a primary justification for VDI/DaaS, while UX is far down the list of KPIs. WHY?

    IT engineers use network and performance metrics to manage end-user complaints of “slowness,” which in reality is not what the user is experiencing.

    IT needs to invest in more meaningful metrics to manage end-user pain:

    • Logon duration
    • App load time
    • App response time
    • Session response time
    • Graphic quality and responsiveness and latency
    • Application availability and performance
    		Bar chart of justifications used for business investment in VDI/DaaS. The most used justification is 'IT Efficiency' at 38%, and highlighted in the 2nd last place is 'Employee Experience' at 11%.
    (Source: Enterprise Strategy Group, 2020)

    Dimensions of user experience

    The dimensions of end-user experience can be broken down into four distinct categories that will impact not only the end user but also the business.

    Picturing your landscape in this framework will help clearly define your considerations when deciding on whether a VDI or DaaS solution is right for your business. We will investigate how these scenarios impact the end user, what that means, and how that can guide the questions that you are asking as you move to an RFP.

    Info-Tech Insight

    In the world of VDI and DaaS, if you do not get buy-in from the end user, the rate of adoption and the overall success of the implementation will prove difficult to measure. It will be impossible to calculate ROI even as you feel the impact of your TCO.

    Three arrows pointing right with labels in sequence 'Dimensions', 'Operational Metrics', and 'Technical Capabilities/ Controls'

    		Cycle diagram with many tiers, titled 'USER EXPERIENCE'. The first tier from the center has four items cycling clockwise 'Availability', 'Functionality', 'Security', and 'Performance'. The second tier is associated to the first tier: under Availability is 'Maintenance', 'Uptime', and 'Degradation'; under Functionality is 'Graphics Quality', 'User Friction', and 'Usability'; under Security is 'Endpoint Monitoring', 'Plane Control', and 'Identity'; under Performance is 'Response Time', 'Reliability', and 'Latency'. Around the edge on the third tier are many different related terms.

    KPIs and metrics

    • Understand the types of end-user activities that are most likely to be reported as being slow.
    • You need to know what storage, CPU, memory, and network resources are being used when the user performs those activities. In other words, what is the OS doing behind the scenes and what hardware is it using?
    • Once you have determined which resources are being used by the various activities you will have to monitor the UX metrics to see which OS, network, storage, or server configuration issue is causing the performance issue that the user is reporting.

    What IT measures

    Most business KPI objectives concentrate on business goals, whether it be cost containment, security, simplification, ease of management, or centralization of apps and data, but rarely is there a KPI for end-user experience.

    You can’t fix what you can’t see. Putting a cost benefit to end-user satisfaction may come in the form of productivity.

    This may be a central reason why VDI has not been widely adopted as an architecture since it came to the marketplace more than 15 years ago.

    		Samples of different KPIs and metrics.

    VDI processes to monitor

    Monitoring end-user metrics will mitigate the tension between business KPIs and end-user satisfaction

    Metric

    Description

    End-User
    Experience

    		PERFORMANCELogon durationOnce the user puts in their password, how long does it take to get to their desktop? What is the measurement and how do you measure?
    App load timeWhen an app is launched by the user there should be immediate indication that it is loading.
    App response timeWhen the user performs a task, there should be no wait time, or hourglass icon, waiting for the app to catch up to the user input. (There is no succinct way to measure this.)
    Session response timeHow does the user’s OS respond to I/O? The user should not experience any latency issues when doing a drag and drop, clicking on a menu item, or doing a search.
    AVAILABILITYSLAsWhen something goes wrong in the VDI/DaaS environment, how quickly can the user expect to get back to their tasks?
    Geographic locationWhen all other considerations are configured correctly, the user experience may be impacted by their location. So, for example, a user working out of Mexico and logging into a VDI may experience latency based on location compared to a user in California, for example, where the resources are stored, managed, and monitored.
    Application availabilityMuch like app load time and response time, the only factor affecting the user experience is the back-end load on the app itself, for example a CAD or heavy resource app not properly resourced.
    FUNCTIONALITYConfiguration of user desktopDegradation in functionality is caused by improper allocation of CPU, RAM, and GPU for the tasks at hand, creating a bad UX and end-user satisfaction score.
    Graphics quality and responsivenessThe user should have the same experience as if on their own physical machine. A video experience should not have any lag in it, for example. MS Teams should not have latency or sound quality issues.
    Predictive analysisContinuous performance and availability monitoring.
    END USERBrowser real user monitoring (RUM)A real-time view into how the web application is performing from the point of view of a real end user.
    Customer satisfaction scoreSurvey-based metrics on customer satisfaction.

    “If employees are the competitive edge and key differentiator for a business, I&O has a duty of care to ensure that the employees’ digital experience enables and does not impede the value of that asset.” (John Annand, Principal Director, Info-Tech Research Group)

    The case for VDI today

    Is security and data sovereignty the only reason?

    Technical capability
    AVAILABILITYVDI is a better fit than DaaS in organizations that have limited or unreliable internet connectivity.
    FUNCTIONALITYApplication flexibility: Resource-intensive applications may require specific virtual desktop configurations, for example in-house GIS apps, CAD, and gaming software requiring specific GPU configurations.
    SECURITYData protection is often stated as a need to maintain an on-premises VDI solution, ensuring sensitive and highly privileged data does not travel across the internet.
    AVAILABILITYWhile some cloud providers will allow you to bring your OS licensing along with a cloud migration, many subscriptions already include OS licensing, and you may be paying additional licensing costs.
    SECURITYVDI makes sense if security and control are primary business KPIs, the IT resources are experienced virtual infrastructure engineers and administrators, and funding is not a hindrance.
    PERFORMANCEWhen processing power is a functional requirement, such as CPU, GPU, and storage capacity, VDI offers performance benefits over a standard PC, reducing the need to deploy high-powered PCs to end users.

    “Though the desktops are moving to the cloud, accountability is not.” (Gary Bea, Director of Consulting Services and Technical Operations, Goliath Technologies)

    The case for DaaS

    Any device anywhere: key benefits of DaaS

    Technical capabilityChallenges
    AVAILABILITYDelivers a consistent user experience regardless of location or device.

    Info-Tech Insight

    The total cost of the solution will be higher than you anticipate, and management is complex. Additionally, your ability to set your conditions and controls is limited.

    Info-Tech Insight

    Depending on your technical abilities and experience with cloud services, you will likely benefit from professional third-party services, technical services, and consulting, which can be critical when deciding if DaaS can fit into your current IT architecture, processes, and security posture.

    SECURITYEnhances security posture by eliminating your client VPN and keeping sensitive data off the endpoint device.
    FUNCTIONALITYOnboard and offboard users quickly and securely.
    FUNCTIONALITYProvides centralize workspace management.
    FUNCTIONALITYScale up or down on demand with a consumption- and subscription-based contract.
    FUNCTIONALITYSignificantly reduce operational overhead compared to managing a traditional VDI deployment.

    Technical capability comparison

    Table comparing technical capabilities using a scale of circle quarters: zero quarters being 'Poor' and 4 quarters being 'Good'. There are six columns in the body, three of which are under 'VDI': 'Thin Client', 'Thick Client', and 'Web Client', and the other three are 'Desktop as a service', 'Device as a service', and 'Win11 w/ Autopilot & Intune'. Rows are split into four categories: In 'Performance' are 'Reliability', 'Response Time', and 'Latency'; in 'Availability' are 'Uptime' and 'Degradation'; in 'Functionality' are 'Usability', 'Graphics Quality', and 'User Friction'; in 'Security' are 'Endpoint Mgt.', 'Control Plane', and 'Identity'.

    X as an endpoint client

    From an end-user experience perspective, what makes sense in terms of usage and cost?

    Thin Client
    • ✓ Easy provisioning and simple to use and manage
    • ✓ Easy to secure and update
    • ✓ Less vulnerable to data loss
    • ✓ Easily scaled
    • ✓ Requires less power
    • ✓ Cheaper than PCs
    • x compared to a PC
    • x Not powerful enough to manage loads such as CAD
    • x Infrastructure and network must be robust and up to date to avoid possible network latency
    • Examples: Terminals, Dell Wyse 5070, Lenovo M625, IGEL, HP Thin Client, repurposed PCs, Chromebook
    		Desktop as a Service
    • ✓ Flexibility: work from anywhere, on any device, collaboratively
    • ✓ Resource scalability not reliant on on-premises server hardware
    • ✓ Easy to configure, install, and maintain
    • ✓ Reliable and easy to provision
    • ✓ Centralized sensitive data cloud security
    • x Requires high-speed internet, especially for remote users
    • x Learning curve can cause user friction
    • x Workload configuration use cases
    • Examples: Citrix, VM Horizon, AWS WorkSpaces, WVD, BYOD
    		Thick Client
    • ✓ Completely flexible, for use with on-premises or cloud infrastructure
    • ✓ Able to work offline
    • ✓ Multimedia or bandwidth-intensive resource processing
    • ✓ Higher server capacity due to less resource load on servers
    • x Higher maintenance and updates attention
    • x Patching, security, and data migration friction
    • x More security vulnerability
    • x Less cost effective
    • Examples: Windows, MacOS desktops, laptops, smartphones, tablets
    		Device as a Service
    • ✓ Device supply chain flow fulfillment, services, and recovery
    • ✓ Able to update to new equipment more frequently
    • ✓ Scale up and down as needed
    • ✓ Better device backup, asset tracking , security, and EOL disposal
    • x Challenging risk management, regulatory obligations, and liabilities
    • x Change in helpdesk and business workflows
    • x Vendor may limit selection
    • Examples: PCs, smartphones, mobile computing devices, Lenovo, HP, Microsoft, Dell, Macs, iPads, iPhones
    		Web Client
    • ✓ Can be accessed from any computer; only requires username and password
    • ✓ Client works with a URL, so browser-based
    • ✓ Updates are easier than on a Windows client
    • x Security risk and information leakage
    • x Dependent on internet access
    • x Unable to work on high-impact resource apps (e.g. CAD, graphics)
    • x Limited user base, less technical operations
    • Examples: Chrome, Edge, HTML5

    Security: on-premises versus cloud

    Security decisions based on risk tolerance

    • What is your risk tolerance? When deciding between VDI and DaaS, the first consideration is whether the business is better served with an on-premises or a cloud solution.
    • Low risk tolerance: Considerer data sovereignty, complex compliance requirements, and data classification. For example, at the Pentagon, DoD requires heavy compliance with security and data sovereignty. DaaS cloud providers may be in a better position to respond to threats and attacks in a timely manner.
    • Low risk tolerance: If the business mandates security tools that cannot be deployed in cloud solutions, VDI is a better solution.
    • Low risk tolerance: Smaller businesses that don’t have resources with the expertise and skill set to handle security are better served in cloud. Security operations centers (SOCs) are more likely to present in large corporations.
    • Low risk tolerance: When patching requires customization, for example in legacy applications, the ability to test patches is impacted, which may cause possible complications or failures.
    • High risk tolerance: For cloud-based solutions, patching is taken out of the IT team’s hands, and testing is done against the complete cloud solution.

    Info-Tech Insight

    What is the better security posture and control plane? Clarify your stakeholders’ objectives, then see if VDI is an adequate solution.

    Security needs for VDI and DaaS

    • IDENTITY AND ACCESS MANAGEMENT — MFA, authorization, provisioning, SSO, identity federation, data owners, workflows, role-based access control (RBAC), user lifecycle management
    • ENCRYPTION — TLS 1.3, and 256-bit, endpoint encryption, file encryption, AES, PKI, BitLocker
    • DATA LOSS PREVENTION — Centralized policy management, sensitive data detection, HIPAA, GDPR
    • ANTIVIRUS & PATCH MANAGEMENT — Group policy management, AV exclusions, anti-ransomware, keylogger mitigation
    • DDoS protection — HTTP, UDP flood mitigation, content delivery network, always-on services
    • ENDPOINT DETECTION & RESPONSE — Detect and react to advanced active attacks on endpoints

    Activity

    Define the virtual infrastructure solution for your end users

    1. Define and build your value hypothesis/proposition
      1. What is the business case? Who is championing the investment?
      2. Identify the project management team and stakeholders.
      3. Set goals to be achieved based on value.
      4. Identify KPIs and metrics to measure success.
    2. Identify use cases and personas
      1. Identify possible user friction (e.g. emotional, cognitive, interaction).
      2. Understand current infrastructure shortcomings/capabilities (e.g. network, security posture/tolerance, staffing needs, qualified technicians, end-user devices).
    3. Articulate use cases into functional and nonfunctional requirements
      1. Separate must haves and nice to haves.
      2. Categorize requirements into identifiable functionality capabilities.
      3. Review your outputs and identify “gotchas” using the MECE (mutually exclusive, collectively exhaustive) principle.

    Related Info-Tech Research

    Stock image of a dashboard.Modernize and Transform Your End-User Computing Strategy

    Phase 3.2 of this research set covers virtual desktop infrastructure.

    Stock image of a world surrounded by clouds.Implement Desktop Virtualization and Transition to Everything as a Service

    Follow Info-Tech’s process for implementing the right desktop virtualization solution to create a project plan that will help ensure that you not only choose the right solution but also implement it effectively.

    Stock image of a finger pushing a button.Cloud Strategy Workbook

    Use this tool to assess cloud services (desktop-as-a-service).

    Stock image of a world surrounded by clouds.Desktop Virtualization TCO Calculator

    This tool is designed to help you understand what desktop virtualization looks like from a cost perspective.

    Bibliography

    Anderson, Joseph. “Five Ways VDI Will Grow in 2022 Thanks to Hybrid Work.” StratoDesk, 28 Feb. 2022. Web.

    Bowker, Mark. “Are Desktops Doomed? Trends in Digital Workspaces, VDI, and DaaS.” ESG, May 2020. Web.

    “The CISO's Dilemma: How Chief Information Security Officers Are Balancing Enterprise Endpoint Security and Worker Productivity in Response to COVID-19.” Hysolate, Oct. 2020. Web.

    King, Val. “Why the End-User Experience Is Not Good for Your Remote Workforce .” Whitehat Virtual Technologies, 2 Dec. 2021. Web.

    Perry, Yifat. “VDI vs DaaS: 5 Key Differences and 6 Leading Solutions.” NetApp, 26 Aug. 2020. Web.

    Rigg, Christian. “Best virtual desktop services 2022.” TechRadar, 20 Jan. 2022 . Web.

    Seget, Vladan. “Key metrics to consider when assessing the performance of your VDI/DaaS environment.” vladan.fr, 19 April 2021. Web.

    Spruijt, Ruben. “Why Should You Care About VDI and Desktop-as-a-Service?” Nutanix, 28 Jan. 2020. Web.

    Stowers, Joshua. “The Best Desktop as a Service (DaaS) Providers 2022.” business.com, 21 Dec. 2021. Web.

    “Virtual Desktop Infrastructure(VDI) Market 2022.” MarketWatch, 5 Jan. 2022. Web. Press release.

    Zamir, Tal. “VDI Security Best Practices: Busting the Myths.” Hysolate, 29 Nov. 2021. Web.

    Zychowicz, Paul. “Why do virtual desktop deployments fail?” Turbonomic Blog, 16 Dec. 2016. Web.

    Select a Security Outsourcing Partner

    • Buy Link or Shortcode: {j2store}246|cart{/j2store}
    • member rating overall impact: 8.8/10 Overall Impact
    • member rating average dollars saved: $13,739 Average $ Saved
    • member rating average days saved: 8 Average Days Saved
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations
    • Most organizations do not have a clear understanding of their current security posture, their security goals, and the specific security services they require. Without a clear understanding of their needs, organizations may struggle to identify a partner that can meet their requirements.
    • Breakdowns and lack of communication can be a significant obstacle, especially when clear lines of communication with partners, including regular check-ins, reporting, and incident response protocols, have not been clearly established.
    • Ensuring that security partners’ systems and processes integrate seamlessly with existing systems can be a challenge for most organizations in addition to making sure that security partners have the necessary access and permissions to perform their services effectively.
    • Adhering to security policies is rarely a priority to users as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.

    Our Advice

    Critical Insight

    • You can outsource your responsibilities but not your accountability.
    • Be aware that in most cases, the traditional approach is more profitable to MSSPs, and they may push you toward one, so make sure you get the service you want, not what they prescribe.

    Impact and Result

    • Determine which security responsibilities can be outsourced and which should be insourced and the right procedure to outsourcing to gain cost savings, improve resource allocation, and boost your overall security posture.

    Select a Security Outsourcing Partner Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Select a Security Outsourcing Partner Storyboard – A guide to help you determine your requirements and select and manage your security outsourcing partner.

    Our systematic approach will ensure that the correct procedure for selecting a security outsourcing partner is implemented. This blueprint will help you build and implement your security policy program by following our three-phase methodology: determine what to outsource, select the right MSSP, and manage your MSSP.

    • Select a Security Outsourcing Partner – Phases 1-3

    2. MSSP RFP Template – A customizable template to help you choose the right security service provider.

    This modifiable template is designed to introduce consistency and outline key requirements during the request for proposal phase of selecting an MSSP.

    • MSSP RFP Template

    Infographic

    Further reading

    Select a Security Outsourcing Partner

    Outsource the right functions to secure your business.

    Analyst Perspective

    Understanding your security needs and remaining accountable is the key to selecting the right partner.

    The need for specialized security services is fast becoming a necessity to most organizations. However, resource challenges will always mean that organizations will still have to take practical measures to ensure that the time, quality, and service that they require from outsourcing partners have been carefully crafted and packaged to elicit the right services that cover all their needs and requirements.

    Organizations must ensure that security partners are aligned not only with their needs and requirements, but also with the corporate culture. Rather than introducing hindrances to daily operations, security partners must support business goals and protect the organization’s interests at all times.

    And as always, outsource only your responsibilities and do not outsource your accountability, as that will cost you in the long run.

    Photo of Danny Hammond
    Danny Hammond
    Research Analyst
    Security, Risk, Privacy & Compliance Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    A lack of high-skill labor increases the cost of internal security, making outsourcing more appealing.

    A lack of time and resources prevents your organization from being able to enable security internally.

    Due to a lack of key information on the subject, you are unsure which functions should be outsourced versus which functions should remain in-house.

    Having 24/7/365 monitoring in-house is not feasible for most firms.

    There is difficulty measuring the effectiveness of managed security service providers (MSSPs).

    Common Obstacles

    InfoSec leaders will struggle to select the right outsourcing partner without knowing what the organization needs, such as:

    • How to start the process to select the right service provider that will cover your security needs. With so many service providers and technology tools in this field, who is the right partner?
    • Where to obtain guidance on externalization of resources or maintaining internal posture to enable to you confidently select an outsourcing partner.

    InfoSec leaders must understand the business environment and their own internal security needs before they can select an outsourcing partner that fits.

    Info-Tech’s Approach

    Info-Tech’s Select a Security Outsourcing Partner takes a multi-faceted approach to the problem that incorporates foundational technical elements, compliance considerations, and supporting processes:

    • Determine which security responsibilities can be insourced and which should be outsourced, and the right procedure to outsourcing in order to gain cost savings, improve resource allocation, and boost your overall security posture.
    • Understand the current landscape of MSSPs that are available today and the features they offer.
    • Highlight the future financial obligations of outsourcing vs. insourcing to explain which method is the most cost-effective.

    Info-Tech Insight

    Mitigate security risks by developing an end-to-end process that ensures you are outsourcing your responsibilities and not your accountability.

    Your Challenge

    This research is designed to help organizations select an effective security outsourcing partner.

    • A security outsourcing partner is a third-party service provider that offers security services on a contractual basis depending on client needs and requirements.
    • An effective outsourcing partner can help an organization improve its security posture by providing access to more specialized security experts, tools, and technologies.
    • One of the main challenges with selecting a security outsourcing partner is finding a partner that is a good fit for the organization's unique security needs and requirements.
    • Security outsourcing partners typically have access to sensitive information and systems, so proper controls and safeguards must be in place to protect all sensitive assets.
    • Without careful evaluation and due diligence to ensure that the partner is a good fit for the organization's security needs and requirements, it can be challenging to select an outsourcing partner.

    Outsourcing is effective, but only if done right

    • 83% of decision makers with in-house cybersecurity teams are considering outsourcing to an MSP (Syntax, 2021).
    • 77% of IT leaders said cyberattacks were more frequent (Syntax, 2021).
    • 51% of businesses suffered a data breach caused by a third party (Ponemon, 2021).

    Common Obstacles

    The problem with selecting an outsourcing partner isn’t a lack of qualified partners, it’s the lack of clarity about an organization's specific security needs.

    • Most organizations do not have a clear understanding of their current security posture, their security goals, and the specific security services they require. Without a clear understanding of their needs, organizations may struggle to identify a partner that can meet their requirements.
    • Breakdowns and lack of communication can be a significant obstacle, especially when clear lines of communication with partners, including regular check-ins, reporting, and incident response protocols, have not been clearly established.
    • Ensuring that security partner's systems and processes integrate seamlessly with existing systems can be a challenge for most organizations. This is in addition to making sure that security partners have the necessary access and permissions to perform their services effectively.
    • Adhering to security policies is rarely a priority to users, as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.

    A diagram that shows Average cost of a data breach from 2019 to 2022.
    Source: IBM, 2022 Cost of a Data Breach; N=537.


    Reaching an all-time high, the cost of a data breach averaged US$4.35 million in 2022. This figure represents a 2.6% increase from 2021, when the average cost of a breach was US$4.24 million. The average cost has climbed 12.7% since 2020.

    Info-Tech’s methodology for selecting a security outsourcing partner

    Determine your responsibilities

    Determine what responsibilities you can outsource to a service partner. Analyze which responsibilities you should outsource versus keep in-house? Do you require a service partner based on identified responsibilities?

    Scope your requirements

    Refine the list of role-based requirements, variables, and features you will require. Use a well-known list of critical security controls as a framework to determine these activities and send out RFPs to pick the best candidate for your organization.

    Manage your outsourcing program

    Adopt a program to manage your third-party service security outsourcing. Trust your managed security service providers (MSSP) but verify their results to ensure you get the service level you were promised.

    Select a Security Outsourcing Partner

    A diagram that shows your organization responsibilities & accountabilities, framework for selecting a security outsourcing partner, and benefits.

    Blueprint benefits

    IT/InfoSec Benefits

    Reduces complexity within the MSSP selection process by highlighting all the key steps to a successful selection program.

    Introduces a roadmap to clearly educate about the do’s and don’ts of MSSP selection.

    Reduces costs and efforts related to managing MSSPs and other security partners.

    Business Benefits

    Assists with selecting outsourcing partners that are essential to your organization’s objectives.

    Integrates outsourcing into corporate culture, leveraging organizational requirements while maximizing value of outsourcing.

    Reduces security outsourcing risk.

    Insight summary

    Overarching insight: You can outsource your responsibilities but not your accountability.

    Determine what to outsource: Assess your responsibilities to determine which ones you can outsource. It is vital that an understanding of how outsourcing will affect the organization, and what cost savings, if any, to expect from outsourcing is clear in order to generate a list of responsibilities that can/should be outsourced.

    Select the right partner: Create a list of variables to evaluate the MSSPs and determine which features are important to you. Evaluate all potential MSSPs and determine which one is right for your organization

    Manage your MSSP: Align the MSSP to your organization. Adopt a program to monitor the MSSP which includes a long-term strategy to manage the MSSP.

    Identifying security needs and requirements = Effective outsourcing program: Understanding your own security needs and requirements is key. Ensure your RFP covers the entire scope of your requirements; work with your identified partner on updates and adaptation, where necessary; and always monitor alignment to business objectives.

    Measure the value of this blueprint

    Phase

    Purpose

    Measured Value
    Determine what to outsource Understand the value in outsourcing and determining what responsibilities can be outsourced. Cost of determining what you can/should outsource:
    • 120 FTE hours at $90K per year = $5,400
    Cost of determining the savings from outsourcing vs. insourcing:
    • 120 FTE hours at $90K per year = $5,400
    Select the right partner Select an outsourcing partner that will have the right skill set and solution to identified requirements. Cost of ranking and selecting your MSSPs:
    • 160 FTE hours at $90K per year = $7,200
    Cost of creating and distributing RFPs:
    • 200 FTE hours at $90K per year = $9,000
    Manage your third-party service security outsourcing Use Info-Tech’s methodology and best practices to manage the MSSP to get the best value. Cost of creating and implementing a metrics program to manage the MSSP:
    • 80 FTE hours at $90K per year = $3,600

    After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

    Overall Impact: 8.9 /10

    Overall Average Cost Saved: $22,950

    Overall Average Days Saved: 9

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Exploit Disruptive Infrastructure Technology

    • Buy Link or Shortcode: {j2store}298|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Disruptive & Emerging Technologies
    • Parent Category Link: /disruptive-emerging-technologies
    • New technology can hit like a meteor. Not only disruptive to IT, technology provides opportunities for organization-wide advantage.
    • Your role is endangered. If you don’t prepare for the most disruptive technologies, you could be overshadowed. Don’t let the Chief Marketing Officer (CMO) set the technological innovation agenda
    • Predicting the future isn’t easy. Most IT leaders fail to realize how quickly technology increases in capability. Even for the tech savvy, predicting which specific technologies will become disruptive is difficult.
    • Communication is difficult when the sky is falling. Even forward-looking IT leaders struggle with convincing others to devote time and resources to monitoring technologies with a formal process.

    Our Advice

    Critical Insight

    • Establish the core working group, select a leader, and select a group of visionaries to help brainstorm emerging technologies.
    • Brainstorm about creating a better future, begin brainstorming an initial longlist.
    • Train the group to think like futurists.
    • Evaluate the shortlist.
    • Define your PoC list and schedule.
    • Finalize, present the plan to stakeholders and repeat.

    Impact and Result

    • Create a disruptive technology working group.
    • Produce a longlist of disruptive technologies.
    • Evaluate the longlist to produce a shortlist of disruptive technologies.
    • Develop a plan for a proof-of-concept project for each shortlisted technology.

    Exploit Disruptive Infrastructure Technology Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Exploit Disruptive Infrastructure Technology – A guide to help IT leaders make the most of disruptive impacts.

    As a CIO, there is a need to move beyond day-to-day technology management with an ever-increasing need to forecast technology impacts. Not just from a technical perspective but to map out the technical understandings aligned to potential business impacts and improvements. Technology transformation and innovation is moving more quickly than ever before and as an innovation champion, the CIO or CTO should have foresight in specific technologies with the understanding of how the company could be disrupted in the near future.

    • Exploit Disruptive Infrastructure Technology – Phases 1-3

    2. Disruptive Technology Exploitation Plan Template – A guide to develop the plan for exploiting disruptive technology.

    The Disruptive Technology Exploitation Plan Template acts as an implementation plan for developing a long-term strategy for monitoring and implementing disruptive technologies.

    • Disruptive Technology Exploitation Plan Template

    3. Disruptive Technology Look to the Past Tool – A tool to keep track of the missed technology disruption from previous opportunities.

    The Disruptive Technology Look to the Past Tool will assist you to collect reasonability test notes when evaluating potential disruptive technologies.

    • Disruptive Technology Look to the Past Tool

    4. Disruptive Technology Research Database Tool – A tool to keep track of the research conducted by members of the working group.

    The Disruptive Technology Research Database Tool will help you to keep track of the independent research that is conducted by members of the disruptive technology exploitation working group.

    • Disruptive Technology Research Database Tool

    5. Disruptive Technology Shortlisting Tool

    The Disruptive Technology Shortlisting Tool will help you to codify the results of the disruptive technology working group's longlist winnowing process.

    • Disruptive Technology Shortlisting Tool

    6. Disruptive Technology Value-Readiness and SWOT Analysis Tool – A tool to systematize notional evaluations of the value and readiness of potential disruptive technologies.

    The Disruptive Technology Value Readiness & SWOT Analysis Tool will assist you to systematize notional evaluations of the value and readiness of potential disruptive technologies.

    • Disruptive Technology Value-Readiness and SWOT Analysis Tool

    7. Proof of Concept Template – A handbook to serve as a reference when deciding how to proceed with your proposed solution.

    The Proof of Concept Template will guide you through the creation of a minimum-viable proof-of-concept project.

    • Proof of Concept Template

    8. Disruptive Technology Executive Presentation Template – A template to help you create a brief progress report presentation summarizing your project and program progress.

    The Disruptive Technology Executive Presentation Template will assist you to present an overview of the disruptive technology process, outlining the value to your company.

    • Disruptive Technology Executive Presentation Template

    Infographic

    Workshop: Exploit Disruptive Infrastructure Technology

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Pre-work: Establish the Disruptive Tech Process

    The Purpose

    Discuss the general overview of the disruptive technology exploitation process.

    Develop an initial disruptive technology exploitation plan.

    Key Benefits Achieved

    Stakeholders are on board, the project’s goals are outlined, and the working group is selected.

    Activities

    1.1 Get execs and stakeholders on board.

    1.2 Review the process of analyzing disruptive tech.

    1.3 Select members for the working group.

    1.4 Choose a schedule and time commitment.

    1.5 Select a group of visionaries.

    Outputs

    Initialized disruptive tech exploitation plan

    Meeting agenda, schedule, and participants

    2 Hold the Initial Meeting

    The Purpose

    Understand how disruption will affect the organization, and develop an initial list of technologies to explore.

    Key Benefits Achieved

    Knowledge of how to think like a futurist.

    Understanding of organizational processes vulnerable to disruption.

    Outline of potentially disruptive technologies.

    Activities

    2.1 Start the meeting with introductions.

    2.2 Train the group to think like futurists.

    2.3 Brainstorm about disruptive processes.

    2.4 Brainstorm a longlist.

    2.5 Research and brainstorm separate longlists.

    Outputs

    List of disruptive organizational processes

    Initial longlist of disruptive tech

    3 Create a Longlist and Assess Shortlist

    The Purpose

    Evaluate the specific value of longlisted technologies to the organization.

    Key Benefits Achieved

    Defined list of the disruptive technologies worth escalating to the proof of concept stage.

    Activities

    3.1 Converge the longlists developed by the team.

    3.2 Narrow the longlist to a shortlist.

    3.3 Assess readiness and value.

    3.4 Perform a SWOT analysis.

    Outputs

    Finalized longlist of disruptive tech

    Shortlist of disruptive tech

    Value-readiness analysis

    SWOT analysis

    Candidate(s) for proof of concept charter

    4 Create an Action Plan

    The Purpose

    Understand how the technologies in question will impact the organization.

    Key Benefits Achieved

    Understanding of the specific effects of the new technology on the business processes it is intended to disrupt.

    Business case for the proof-of-concept project.

    Activities

    4.1 Build a problem canvas.

    4.2 Identify affected business units.

    4.3 Outline and map the business processes likely to be disrupted.

    4.4 Map disrupted business processes.

    4.5 Recognize how the new technology will impact business processes.

    4.6 Make the case.

    Outputs

    Problem canvas

    Map of business processes: current state

    Map of disrupted business processes

    Business case for each technology

    Further reading

    Analyst Perspective

    The key is in anticipation.

    “We all encounter unexpected changes and our responses are often determined by how we perceive and understand those changes. We react according to the unexpected occurrence. Business organizations are no different.

    When a company faces a major technology disruption in its markets – one that could fundamentally change the business or impact its processes and technology – the way its management perceive and understand the disruption influences how they describe and plan for it. In other words, the way management sets the context of a disruption – the way they frame it – shapes the strategy they adopt. Technology leaders can vastly influence business strategy by adopting a proactive approach to understanding disruptive and innovative technologies by simply adopting a process to review and evaluate technology impacts to the company’s lines of business.”

    This is a picture of Troy Cheeseman

    Troy Cheeseman
    Practice Lead, Infrastructure & Operations Research
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • New technology can hit like a meteor. Not only disruptive to IT, technology provides opportunities for organization-wide advantage.
    • Your role is endangered. If you don’t prepare for the most disruptive technologies, you could be overshadowed. Don’t let the chief marketing officer (CMO) set the technological innovation agenda.

    Common Obstacles

    • Predicting the future isn’t easy. Most IT leaders fail to realize how quickly technology increases in capability. Even for the tech savvy, predicting which specific technologies will become disruptive is difficult.
    • Communication is difficult when the sky is falling. Even forward-looking IT leaders struggle with convincing others to devote time and resources to monitoring technologies with a formal process.

    Info-Tech’s Approach

    • Identify, resolve, and evaluate. Use an annual process as described in this blueprint: a formal evaluation of new technology that turns analysis into action.
    • Lead the analysis from IT. Establish a team to carry out the annual process as a cure for the causes of “airline magazine syndrome” and to prevent it from happening in the future.
    • Train your team on the patterns of progress, track technology over time in a central database, and read Info-Tech’s analysis of upcoming technology.
    • Create your KPIs. Establish your success indicators to create measurable value when presenting to your executive.
    • Produce a comprehensive proof-of-concept plan that will allow your company to minimize risk and maximize reward when engaging with new technology.

    Info-Tech Insight

    Proactively monitoring, evaluating, and exploiting disruptive tech isn’t optional.
    This will protect your role, IT’s role, and the future of the organization.

    A diverse working group maximizes the insight brought to bear.
    An IT background is not a prerequisite.

    The best technology is only the best when it brings immediate value.
    Good technology might not be ready; ready technology might not be good.

    Review

    We help IT leaders make the most of disruptive impacts.

    This research is designed for:

    Target Audience: CIO, CTO, Head of Infrastructure

    This research will help you:

    • Develop a process for anticipating, analyzing, and exploiting disruptive technology.
    • Communicate the business case for investing in disruptive technology.
    • Categorize emerging technologies to decide what to do with them.
    • Develop a plan for taking action to exploit the technology that will most affect your organization.

    Problem statement:

    As a CIO, there is a need to move beyond day-to-day technology management with an ever-increasing need to forecast technology impacts. Not just from a technical perspective but to map out the technical understandings aligned to potential business impacts and improvements. Technology transformation and innovation is moving more quickly than ever before and as an innovation champion, the CIO or CTO should have foresight in specific technologies with the understanding of how the company could be disrupted in the near future. Foresight + Current Technology + Business Understanding = Understanding the Business Disruption. This should be a repeatable process, not an exception or reactionary response.

    Insight Summary

    Establish the core working group, select a leader, and select a group of visionaries to help brainstorm emerging technologies.

    The right team matters. A core working group will keep focus through the process and a leader will keep everyone accountable. Visionaries are out-of-the-box thinkers and once they understand how to think like a "futurists," they will drive the longlist and shortlist actions.

    Train the group to think like futurists

    To keep up with exponential technology growth you need to take a multi-threaded approach.

    Brainstorm about creating a better future; begin brainstorming an initial longlist

    Establish the longlist. The longlist helps create a holistic view of most technologies that could impact the business. Assigning values and quadrant scoring will shortlist the options and focus your PoC option.

    Converge everyone’s longlists

    Long to short...that's the short of it. Using SWOT, value readiness, and quadrant mapping review sessions will focus the longlist, creating a shortlist of potential POC candidates to review and consider.

    Evaluate the shortlist

    There is no such thing as a risk-free endeavor. Use a systematic process to ensure that the risks your organization takes have the potential to produce significant rewards.

    Define your PoC list and schedule

    Don’t be afraid to fail! Inevitably, some proof-of-concept projects will not benefit the organization. The projects that are successful will more than cover the costs of the failed projects. Roll out small scale and minimize losses.

    Finalize, present the plan to stakeholders, and repeat!

    Don't forget the C-suite. Effectively communicate and present the working group’s finding with a well-defined and succinct presentation. Start the process again!

    This is a screenshot of the Thought map for Exploit disruptive infrastructure Technology.
    1. Identify
      • Establish the core working group and select a leader; select a group of visionaries
      • Train the group to think like futurists
      • Hold your initial meeting
    2. Resolve
    • Create and winnow a longlist
    • Assess and create the shortlist
  • Evaluate
    • Create process maps
    • Develop proof of concept charter

    • The Key Is in Anticipation!

    Use Info-Tech’s approach for analyzing disruptive technology in your own disruptive tech working group

    Phase 1: Identify Phase 2: Resolve Phase 3: Evaluate

    Phase Steps

    1. Establish the disruptive technology working group
    2. Think like a futurist (Training)
    3. Hold initial meeting or create an agenda for the meeting
    1. Create and winnow a longlist
    2. Assess shortlist
    1. Create process maps
    2. Develop proof of concept charter

    Phase Outcomes

    • Establish a team of subject matter experts that will evaluate new, emerging, and potentially disruptive technologies.
    • Establish a process for including visionaries from outside of the working group who will provide insight and direction.
    • Introduce the core working group members.
    • Gain a better understanding of how technology advances.
    • Brainstorm a list of organizational processes.
    • Brainstorm an initial longlist.
    • Finalized longlist
    • Finalized shortlist
    • Initial analysis of each technology on the shortlist
    • Finalized shortlist
    • Initial analysis of each technology on the shortlist
    • Business process maps before and after disruption
    • Proof of concept charter
    • Key performance indicators
    • Estimation of required resources
    • Executive presentation

    Four key challenges make it essential for you to become a champion for exploiting disruptive technology

    1. New technology can hit like a meteor. It doesn’t only disrupt IT; technology provides opportunities for organization-wide advantage.
    2. Your role is endangered. If you don’t prepare for the most disruptive technologies, you could be overshadowed. Don’t let the CMO rule technological innovation.
    3. Predicting the future isn’t easy. Most IT leaders fail to realize how quickly technology increases in capability. Even for the tech savvy, predicting which specific technologies will become disruptive is difficult.
    4. Communication is difficult when the sky is falling. Even forward-looking IT leaders struggle with convincing others to devote time and resources to monitoring emerging technologies with a formal process.

    “Look, you have never had this amount of opportunity for innovation. Don’t forget to capitalize on it. If you do not capitalize on it, you will go the way of the dinosaur.”
    – Dave Evans, Co-Founder and CTO, Stringify

    Technology can hit like a meteor

    “ By 2025:

    • 38.6 billion smart devices will be collecting, analyzing, and sharing data.
    • The web hosting services market is to reach $77.8 billion in 2025.
    • 70% of all tech spending is expected to go for cloud solutions.
    • There are 1.35 million tech startups.
    • Global AI market is expected to reach $89.8 billion.”

    – Nick Gabov

    IT Disruption

    Technology disrupts IT by:

    • Affecting the infrastructure and applications that IT needs to use internally.
    • Affecting the technology of end users that IT needs to support and deploy, especially for technologies with a consumer focus.
    • Allowing IT to run more efficiently and to increase the efficiency of other business units.
    • Example: The rise of the smartphone required many organizations to rethink endpoint devices.

    Business Disruption

    Technology disrupts the business by:

    • Affecting the viability of the business.
    • Affecting the business’ standing in relation to competitors that better deal with disruptive technology.
    • Affecting efficiency and business strategy. IT should have a role in technology-related business decisions.
    • Example: BlackBerry failed to anticipate the rise of the apps ecosystem. The company struggled as it was unable to react with competitive products.

    Senior IT leaders are expected to predict disruptions to IT and the business, while tending to today’s needs

    You are expected to be both a firefighter and a forecaster

    • Anticipating upcoming disruptions is part of your job, and you will be blamed if you fail to anticipate future business disruptions because you are focusing on the present.
    • However, keeping IT running smoothly is also part of your job, and you will be blamed if today’s IT environment breaks down because you are focusing on the future.

    You’re caught between the present and the future

    • You don’t have a process that anticipates future disruptions but runs alongside and integrates with operations in the present.
    • You can’t do it alone. Tending to both the present and the future will require a team that can help you keep the process running.

    Info-Tech Insight

    Be prepared when disruptions start coming down, even though it isn’t easy. Use this research to reduce the effort to a simple process that can be performed alongside everyday firefighting.

    Make disruptive tech analysis and exploitation part of your innovation agenda

    A scatter plot graph is depicted, plotting IT Innovative Leadership (X axis), and Satisfaction with IT(Y axis). IT innovative leadership explains 75% of variation in satisfaction with IT

    Organizations without high satisfaction with IT innovation leadership are only 20% likely to be highly satisfied with IT

    “You rarely see a real-world correlation of .86!”
    – Mike Battista, Staff Scientist, Cambridge Brain Sciences, PhD in Measurement

    There is a clear relationship between satisfaction with IT and the IT department’s innovation leadership.

    Prevent “airline magazine syndrome” by proactively analyzing disruptive technologies

    “The last thing the CIO needs is an executive saying ‘I don’t what it is or what it does…but I want two of them!”
    – Tim Lalonde

    Airline magazine syndrome happens to IT leaders caught between the business and IT. It usually occurs in this manner:

    1. While on a flight, a senior executive reads about an emerging technology that has exciting implications for the business in an airline magazine.
    2. The executive returns and approaches IT, demanding that action be taken to address the disruptive technology – and that it should have been (ideally) completed already.

    Without a Disruptive Technology Exploitation Plan:

    “I don’t know”

    With a Disruptive Technology Exploitation Plan:

    “Here in IT, we have already considered that technology and decided it was overhyped. Let me show you our analysis and invite you to join our working group.”

    OR

    “We have already considered that technology and have started testing it. Let me show you our testing lab and invite you to join our working group.”

    Info-Tech Insight

    Airline magazine syndrome is a symptom of a wider problem: poor CEO-CIO alignment. Solve this problem with improved communication and documentation. Info-Tech’s disruptive tech iterative process will make airline magazine syndrome a thing of the past!

    IT leaders who do not keep up with disruptive technology will find their roles diminished

    “Today’s CIO dominion is in a decaying orbit with CIOs in existential threat mode.”
    – Ken Magee

    Protect your role within IT

    • IT is threatened by disruptive technology:
      • Trends like cloud services, increased automation, and consumerization reduce the need for IT to be involved in every aspect of deploying and using technology.
      • In the long term, machines will replace even intellectually demanding IT jobs, such as infrastructure admin and high-level planning.
    • Protect your role in IT by:
      • Anticipating new technology that will disrupt the IT department and your place within it.
      • Defining new IT roles and responsibilities that accurately reflect the reality of technology today.
      • Having a process for the above that does not diminish your ability to keep up with everyday operations that remain a priority today.

    Protect your role against other departments

    • Your role in the business is threatened by disruptive technology:
      • The trends that make IT less involved with technology allow other executives – such as the CMO – to make IT investments.
      • As the CMO gains the power and data necessary to embrace new trends, the CIO and IT managers have less pull.
    • Protect your role in the business by:
      • Being the individual to consult about new technology. It isn’t just a power play; IT leaders should be the ones who know technology thoroughly.
      • Becoming an indispensable part of the entire business’ innovation strategy through proposing and executing a process for exploiting disruptive technology.

    IT leaders who do keep up have an opportunity to solidify their roles as experts and aggregators

    “The IT department plays a critical role in [innovation]. What they can do is identify a technology that potentially might introduce improvements to the organization, whether it be through efficiency, or through additional services to constituents.”
    – Michael Maguire, Management Consultant

    The contemporary CIO is a conductor, ensuring that IT works in harmony with the rest of the business.

    The new CIO is a conductor, not a musician. The CIO is taking on the role of a business engineer, working with other executives to enable business innovation.

    The new CIO is an expert and an aggregator. Conductor CIOs increasingly need to keep up on the latest technologies. They will rely on experts in each area and provide strategic synthesis to decide if, and how, developments are relevant in order to tune their IT infrastructure.

    The pace of technological advances makes progress difficult to predict

    “An analysis of the history of technology shows that technological change is exponential, contrary to the common-sense ‘intuitive linear’ view. So we won’t experience 100 years of progress in the 21st century – it will be more like 20,000 years of progress (at today’s rate).”
    – Ray Kurzweil

    Technology advances exponentially. Rather than improving by the same amount of capability each year, it multiplies in capability each year.

    Think like a futurist to anticipate technology before it goes mainstream.

    Exponential growth happens much faster than linear growth, especially when it hits the knee of the curve. Even those who acknowledge exponential growth underestimate how capabilities can improve.

    To predict new advances, turn innovation into a process

    “We spend 70 percent of our time on core search and ads. We spend 20 percent on adjacent businesses, ones related to the core businesses in some interesting way. Examples of that would be Google News, Google Earth, and Google Local. And then 10 percent of our time should be on things that are truly new.”
    – Eric Schmidt, Google

    • Don’t get caught in the trap of refining your core processes to the exclusion of innovation. You should always be looking for new processes to improve, new technology to pilot, and where possible, new businesses to get into.
    • Devote about 10% of your time and resources to exploring new technology: the potential rewards are huge.

    You and your team need to analyze technology every year to predict where it’s going.

    A bar graph is shown which depicts the proportion of technology use from 2018-2022. the included devices are: Tablets; PCs; TVs; Non-smartphones; Smartphones; M2M
    • Foundational technologies, such as computing power, storage, and networks, are improving exponentially.
    • Disruptive technologies are specific manifestations of foundational advancements. Advancements of greater magnitude give rise to more manifestations; therefore, there will be more disruptive technologies every year.
    • There is a lot of noise to cut through. Remember Google Glasses? As technology becomes ubiquitous and consumerization reigns, everybody is a technology expert. How do you decide which technologies to focus on?

    Protect IT and the business from disruption by implementing a simple, repeatable disruptive technology exploitation process

    “One of the most consistent patterns in business is the failure of leading companies to stay at the top of their industries when technologies or markets change […] Managers must beware of ignoring new technologies that can’t initially meet the needs of their mainstream customers.”
    – Joseph L. Bower and Clayton M. Christensen

    Challenge

    		Solution

    New technology can hit like a meteor, but it doesn’t have to leave a crater:

    Use the annual process described in this blueprint to create a formal evaluation of new technology that turns analysis into action.

    Predicting the future isn’t easy, but it can be done:

    Lead the analysis from the office of the CIO. Establish a team to carry out the annual process as a cure for airline magazine syndrome.

    Your role is endangered, but you can survive:

    Train your team on the patterns of progress, track technology over time in a central database, and read Info-Tech’s analysis of upcoming technology.

    Communication is difficult when the sky is falling, so have a simple way to get the message across:

    Track metrics that communicate your progress, and summarize the results in a single, easy-to-read exploitation plan.

    Info-Tech Insight

    Use Info-Tech’s tools and templates, along with this storyboard, to walk you through creating and executing an exploitation process in six steps.

    Create measurable value by using Info-Tech’s process for evaluating the disruptive potential of technology

    This image contains a bar graph with the following Title: Which are the primary benefits you've either realized or expect to realize by deploying hyperconverged infrastructure in the near term.

    No business process is perfect.

    • Use Info-Tech’s Proof of Concept Template to create a disruptive technology proof of concept implementation plan.
    • Harness your company’s internal wisdom to systematically vet new technology. Engage only in calculated risk and maximize potential benefit.

    Info-Tech Insight

    Inevitably, some proof of concept projects will not benefit the organization. The projects that are successful will more than cover the costs of the failed projects. Roll out small scale and minimize losses.

    Establish your key performance indicators (KPIs)

    Key performance indicators allow for rigorous analysis, which generates insight into utilization by platform and consumption by business activity.

    • Brainstorm metrics that indicate when process improvement is actually taking place.
    • Have members of the group pitch KPIs; the facilitator should record each suggestion on a whiteboard.
    • Make sure to have everyone justify the inclusion of each metric: how does it relate to the improvement that the proof of concept project is intended to drive? How does it relate to the overall goals of the business?
    • Include a list of KPIs, along with a description and a target (ensuring that it aligns with SMART metrics).
    Key Performance Indicator Description Target Result

    Number of Longlist technologies

    		Establish a range of Longlist technologies to evaluate 10-15
    Number of Shortlist technologies Establish a range of Shortlist technologies to evaluate 5-10
    number of "look to the past" likes/dislikes Minimum number of testing characteristics 6
    Number of POCs Total number of POCs Approved 3-5

    Communicate your plan with the Disruptive Technology Exploitation Plan Template

    Use the Disruptive Technology Exploitation Plan Template to summarize everything that the group does. Update the report continuously and use it to show others what is happening in the world of disruptive technology.

    Section Title Description
    1 Rationale and Summary of Exploitation Plan A summary of the current efforts that exist for exploring disruptive technology. A summary of the process for exploiting disruptive technology, the resources required, the team members, meeting schedules, and executive approval.
    2 Longlist of Potentially Disruptive Technologies A summary of the longlist of identified disruptive technologies that could affect the organization, shortened to six or less that have the largest potential impact based on Info-Tech’s Disruptive Technology Shortlisting Tool.
    3 Analysis of Shortlist Individually analyze each technology placed on the shortlist using Info-Tech’s Disruptive Technology Value-Readiness and SWOT Analysis Tool.
    4 Proof of Concept Plan Use the results from Section 3 to establish a plan for moving forward with the technologies on the shortlist. Determine the tasks required to implement the technologies and decide who will complete them and when.
    5 Hand-off Pass the project along to identified stakeholders with significant interest in its success. Continue to track metrics and prepare to repeat the disruptive technology exploitation process annually.

    Whether you need a process for exploiting disruptive technology, or an analysis of current trends, Info-Tech can help

    Two sets of research make up Info-Tech’s disruptive technology coverage:

    This image contains four screenshots from each of the following Info-Tech Blueprints: Exploit disruptive Infrastructure Technology; Infrastructure & operations priorities 2022

    This storyboard, and the associated tools and templates, will walk you through creating a disruptive technology working group of your own.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Disruptive Technology Exploitation Plan Template

    The Disruptive Technology Exploitation Plan Template acts as an implementation plan for developing a long-term strategy for monitoring and implementing disruptive technologies.

    Proof of Concept Template

    The Proof of Concept Template will guide you through the creation of a minimum-viable proof-of-concept project.

    Executive Presentation

    The Disruptive Technology Executive Presentation Template will assist you to present an overview of the disruptive technology process, outlining the value to your company.

    Disruptive Technology Value Readiness & SWOT Analysis Tool

    The Disruptive Technology Value Readiness & SWOT Analysis Tool will assist you to systematize notional evaluations of the value and readiness of potential disruptive technologies.

    Disruptive Technology Research Database Tool

    The Disruptive Technology Research Database Tool will help you to keep track of the independent research that is conducted by members of the disruptive technology exploitation working group.

    Disruptive Technology Shortlisting Tool

    The Disruptive Technology Shortlisting Tool will help you to codify the results of the disruptive technology working group's longlist winnowing process.

    Disruptive Technology Look to the Past Tool

    The Disruptive Technology Look to the Past Tool will assist you to collect reasonability test notes when evaluating potential disruptive technologies.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1: Explore the need for a disruptive technology working group.

    Call #3: Review the agenda for the initial meeting.

    Call #5: Review how you’re brainstorming and your sources of information.

    Call #7: Review the final shortlist and assessment.

    Call #9: Review the progress of your team.

    Call #2: Review the team name, participants, and timeline.

    Call #4: Assess the results of the initial meeting.

    Call #6: Review the final longlist and begin narrowing it down.

    Call #8: Review the next steps.

    Call #10: Review the communication plan.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work Day 1 Day 2 Day 3 Day 4
    Establish the Disruptive Tech Process Hold Your Initial Meeting Create a Longlist and Assess Shortlist Create Process Maps Develop a Proof of Concept Charter

    Activities

    1.1.a Get executives and stakeholders on board.

    1.1.b Review the process of analyzing disruptive tech.

    1.1.c Select members for the working group.

    1.1.d Choose a schedule and time commitment.

    1.1.e Select a group of visionaries.

    1.2.a Start the meeting with introductions.

    1.2.b Train the group to think like futurists.

    1.2.c Brainstorm about disruptable processes.

    1.2.d Brainstorm a longlist.

    1.2.e Research and brainstorm separate longlists.

    2.1.a Converge the longlists developed by the team.

    2.2.b Narrow the longlist to a shortlist.

    2.2.c Assess readiness and value.

    2.2.d Perform a SWOT analysis.

    3.1.a Build a problem canvas.

    3.1.b Identify affected business units.

    3.1.c Outline and map the business processes likely to be disrupted.

    3.1.d Map disrupted business processes.

    3.1.e Recognize how the new technology will impact business processes.

    3.1.f Make the case.

    3.2.a Develop key performance indicators (KPIs).

    3.2.b Identify key success factors.

    3.2.c Outline project scope.

    3.2.d Identify responsible team.

    3.2.e Complete resource estimation.

    Deliverables

    1. Initialized Disruptive Tech Exploitation Plan
    1. List of Disruptable Organizational Processes
    2. Initial Longlist of Disruptive Tech
    1. Finalized Longlist of Disruptive Tech
    2. Shortlist of Disruptive Tech
    3. Value-Readiness Analysis
    4. SWOT Analysis
    5. Candidate(s) for Proof of Concept Charter
    1. Problem Canvas
    2. Map of Business Processes: Current State
    3. Map of Disrupted Business Processes
    4. Business Case for Each Technology
    1. Completed Proof of Concept Charter

    Exploit Disruptive Infrastructure Technology

    Disrupt or be disrupted.

    Identify

    Create your working group.

    PHASE 1

    Use Info-Tech’s approach for analyzing disruptive technology in your own disruptive tech working group

    1. Identify
      1. Establish the core working group and select a leader; select a group of visionaries
      2. Train the group to think like futurists
      3. Hold your initial meeting
    2. Resolve
      1. Create and winnow a longlist
      2. Assess and create the shortlist
    3. Evaluate
      1. Create process maps
      2. Develop proof of concept charter

    The Key Is in Anticipation!

    Phase 1: Identify

    Create your working group.

    Activities:

    Step 1.1: Establish the core working group and select a leader; select a group of visionaries
    Step 1.2: Train the group to think like futurists
    Step 1.3: Hold the initial meeting

    This step involves the following participants:

    IT Infrastructure Manager

    CIO or CTO

    Potential members and visionaries of the working group

    Outcomes of this step:

    • Establish a team of subject matter experts that will evaluate new, emerging, and potentially disruptive technologies.
    • Establish a process for including visionaries from outside of the working group who will provide insight and direction.
    • Introduce the core working group members.
    • Gain a better understanding of how technology advances.
    • Brainstorm a list of organizational processes.
    • Brainstorm an initial longlist.

    Step 1.1

    Establish the core working group and select a leader; select a group of visionaries.

    Activities:

    • Articulate the long- and short-term benefits and costs to the entire organization
    • Gain support by articulating the long- and short-term benefits and costs to the IT department
    • Gain commitment from key stakeholders and executives
    • Help stakeholders understand what goes into formally exploiting disruptive tech by reviewing this process
    • Establish the core working group and select a leader
    • Create a schedule with a time commitment appropriate to your organization’s size; it doesn’t need to take long
    • Select a group of visionaries external to IT to help the working group brainstorm disruptive technologies

    This step involves the following participants:

    • IT Infrastructure Manager
    • CIO or CTO
    • Potential members and visionaries of the working group

    Outcomes of this step

    • Establish a team of subject matter experts that will evaluate new, emerging, and potentially disruptive technologies.
    • Establish a process for including visionaries from outside of the working group that will provide insight and direction.

    1.1.A Articulate the long- and short-term benefits and costs to the entire organization

    A cost/benefit analysis will give stakeholders a picture of how disruptive technology could affect the business. Use the chart as a starting point and customize it based on your organization.

    Disruptive Technology Affects the Organization

    Benefits Costs

    Short Term

    • First-mover advantage from implementing new technology in the business before competitors – and before start-ups.
    • Better brand image as an organization focused on innovation.
    • Increased overall employee satisfaction by implementing new technology that increases employee capabilities or lowers effort.
    • Possibility of increased IT budget for integrating new technology.
    • Potential for employees to reject wide-scale use of unfamiliar technology.
    • Potential for technology to fail in the organization if it is not sufficiently tested.
    • Executive time required for making decisions about technology recommended by the team.

    Long Term

    • Increased internal business efficiencies from the integration of new technology (e.g. energy efficiency, fewer employees needed due to automation).
    • Better services or products for customers, resulting in increased long-term revenue.
    • Lowered costs of services or products and potential to grow market share.
    • Continued relevance of established organizations in a world changed by disruptive technologies.
    • Technology may not reach the capabilities initially expected, requiring waiting for increased value or readiness.
    • Potential for customers to reject new products resulting from technology.
    • Lack of focus on current core capabilities if technology is massively disruptive.

    1.1.B Gain support by articulating the long- and short-term benefits and costs to the IT department

    A cost/benefit analysis will give stakeholders a picture of how disruptive technology could affect the business. Use the chart as a starting point and customize it based on your organization.

    Disruptive Technology Affects IT

    BenefitsCosts

    Short Term

    • Perception of IT as a core component of business practices.
    • Increase IT’s capabilities to better serve employees (e.g. faster network speeds, better uptime, and storage and compute capacity that meet demands).
    • Cost for acquiring or implementing new technology and updating infrastructure to integrate with it.
    • Cost for training IT staff and end users on new IT technology and processes.
    • Minor costs for initial setup of disruptive technology exploitation process and time taken by members.

    Long Term

    • More efficient and powerful IT infrastructure that capitalizes on emerging trends at the right time.
    • Lower help desk load due to self-service and automation technology.
    • Increased satisfaction with IT due to implementation of improved enterprise technology and visible IT influence on improvements.
    • Increased end-user satisfaction with IT due to understanding and support of consumer technology that affects their lives.
    • New technology may result in lower need for specific IT roles. Cultural disruptions due to changing role of IT.
    • Perception of failure if technology is tested and never implemented.
    • Expectation that IT will continue to implement the newest technology available, even when it has been dismissed as not having value.

    1.1.C Gain commitment from key stakeholders and executives

    Gaining approval from executives and key stakeholders is the final obstacle. Ensure that you cover the following items to have the best chance for project approval.

    • Use a sample deck similar to this section for gaining buy-in, ensuring that you add/remove information to make it specific to your organization. Cover this section, including:
      • Who: Who will lead the team and who will be on it (working group)?
      • What: What resources will be required by the team (costs)?
      • Where/When: How often and where will the team meet (meeting schedule)?
      • Why: Why is there a need to exploit disruptive technology (benefits and examples)?
      • How: How is the team going to exploit disruptive technology (the process)?
    • Go through this blueprint prior to presenting the plan to stakeholders so that you have a strong understanding of the details behind each process and tool.
    • Frame the first iteration of the cycle as a pilot program. Use the completed results of the pilot to establish exploiting disruptive technology as a necessary company initiative.

    Insert the resources required by the disruptive tech exploitation team into Section 1.5 of the Disruptive Technology Exploitation Plan Template. Have executives sign-off on the project in Section 1.6.

    Disruption has undermined some of the most successful tech companies

    “The IT department plays a critical role in [innovation]. What they can do is identify a technology that potentially might introduce improvements to the organization, whether it be through efficiency or through additional services to constituents.”
    - Michael Maguire, Management Consultant

    VoIP’s transformative effects

    Disruptive technology:
    Voice over Internet Protocol (VoIP) is a modern means of making phone calls through the internet by sending voice packets using data, as opposed to the traditional circuit transmissions of the PSTN.

    Who won:
    Organizations that realized the cost savings that VoIP provided for businesses with a steady internet connection saved as much as 60% on telephony expenses. Even in the early stages, with a few more limitations, organizations were able to save a significant amount of money and the technology has continued to improve.

    Who lost?
    Telecom-related companies that failed to realize VoIP was a potential threat to their market, and organizations that lacked the ability to explore and implement the disruptive technology early.

    Digital photography — the new norm

    Disruptive technology:
    Digital photography refers to the storing of photographs in a digital format, as opposed to traditional photography, which exposes light to sensitive photographic film.

    Who won:
    Photography companies and new players that exploited the evolution of data storage and applied it to photography succeeded. Those that were able to balance providing traditional photography and exploiting and introducing digital photography, such as Nikon, left competitors behind. Smartphone manufacturers also benefited by integrating digital cameras.

    Who lost?
    Photography companies, such as Kodak, that failed to respond to the digital revolution found themselves outcompeted and insolvent.

    1.1.D Help stakeholders understand what goes into formally exploiting disruptive tech by reviewing this process

    There are five steps to formally exploiting disruptive technology, each with its own individual outputs and tools to take analysis to the next level.

    Step 1.2:
    Hold Initial Meeting

    Output:

    • Initial list of disruptable processes;
    • Initial longlist

    Step 2.1:

    Brainstorm Longlist

    Output:

    • Finalized longlist;
    • Shortlist

    Step 2.2:

    Assess Shortlist

    Output:

    • Final shortlist;
    • SWOT analysis;
    • Tech categorization

    Step 3.1:
    Create Process Maps

    Output:

    • Completed process maps

    Step 3.2:
    Develop a proof of concept charter

    Output:

    • Proof-of-concept template with KPIs

    Info-Tech Insight

    Before going to stakeholders, complete the entire blueprint to better understand the tools and outputs of the process.

    1.1.E Establish the core working group and select a leader

    • Selecting your core membership for the working group is a critical step to the group’s success. Ensure that you satisfy the following criteria:
      • This is a team of subject matter experts. They will be overseeing the learning and piloting of disruptive technologies. Their input will also be valuable for senior executives and for implementing these technologies.
      • Choose members that can take time away from firefighting tasks to dedicate time to meetings.
      • It may be necessary to reach outside of the organization now or in the future for expertise on certain technologies. Use Info-Tech as a source of information.
    Organization Size Working Group Size
    Small 02-Jan
    Medium 05-Mar
    Large 10-May
    • Once the team is established, you must decide who will lead the group. Ensure that you satisfy the following criteria:
      • A leader should be credible, creative, and savvy in both technology and business.
      • The leader should facilitate, acting as both an expert and an aggregator of the information gathered by the team.

    Choose a compelling name

    The working group needs a name. Be sure to select one with a positive connotation within your organization.

    Section 1.3 of the Disruptive Technology Exploitation Plan Template

    1.1.F Create a schedule with a time commitment appropriate to your organization’s size; it doesn’t need to take long

    Time the disruptive technology working group’s meetings to coincide and integrate with your organization’s strategic planning — at least annually.

    Size Meeting Frequency Time per Meeting Example Meeting Activities
    Small Annually One day A one-day meeting to run through phase 2 of the project (SWOT analysis and shortlist analysis).
    Medium Two days A two-day meeting to run through the project. The additional meeting involves phase 3 of this deck, developing a proof-of-concept plan.
    Large Two+ days Two meetings, each two days. Two days to create and winnow the longlist (phase 2), and two further days to develop a proof of concept plan.

    “Regardless of size, it’s incumbent upon every organization to have some familiarity of what’s happening over the next few years, [and to try] to anticipate what some of those trends may be. […] These trends are going to accelerate IT’s importance in terms of driving business strategy.”
    – Vern Brownell, CEO, D-Wave

    Section 1.4 of the Disruptive Technology Exploitation Plan Template

    1.1.G Select a group of visionaries external to IT to help the working group brainstorm disruptive technologies

    Selecting advisors for your group is an ongoing step, and the roster can change.

    Ensure that you satisfy the following criteria:

    • Look beyond IT to select a team representing several business units.
    • Check for self-professed “geeks” and fans of science fiction that may be happy to join.
    • Membership can be a reward for good performance.

    This group does not have to meet as regularly as the core working group. Input from external advisors can occur between meetings. You can also include them on every second or third iteration of the entire process.

    However, the more input you can get into the group, the more innovative it can become.

    “It is … important to develop design fictions based on engagement with directly or indirectly implicated publics and not to be designed by experts alone.”
    – Emmanuel Tsekleves, Senior Lecturer in Design Interactions, University of Lancaster

    Section 1.3 of the Disruptive Technology Exploitation Plan Template

    The following case study illustrates the innovative potential that is created when you include a diverse group of people

    INDUSTRY - Chip Manufacturing
    SOURCE - Clayton Christensen, Intel

    To achieve insight, you need to collaborate with people from outside of your department.

    Challenge

    • Headquartered in California, through the 1990s, Intel was the largest microprocessor chip manufacturer in the world, with revenue of $25 billion in 1997.
    • All was not perfect, however. Intel faced a challenge from Cyrix, a manufacturer of low-end chips. In 18 months, Cyrix’s share of the low-margin entry-level chip manufacturing business mushroomed from 10% to 70%.

    Solution

    • Troubled by the potential for significant disruption of the microprocessor market, Intel brought in external consultants to hold workshops to educate managers about disruptive innovation.
    • Managers would break into groups and discuss ways Intel could facilitate the disruption of its competitors. In one year, Intel hosted 18 workshops, and 2,000 managers went through the process.

    Results

    • Intel launched the Celeron chip to serve the lower end of the PC market and win market share back from Cyrix (which no longer exists as an independent company) and other competitors like AMD.
    • Within one year, Intel had captured 35% of the market.

    “[The models presented in the workshops] gave us a common language and a common way to frame the problem so that we could reach a consensus around a counterintuitive course of action.” – Andy Grove, then-CEO, Intel Corporation

    Phase 1: Identify

    Create your working group.

    Activities:

    Step 1.1: Establish the core working group and select a leader; select a group of visionaries
    Step 1.2: Train the group to think like futurists
    Step 1.3: Hold the initial meeting

    This step involves the following participants:

    • IT Infrastructure Manager
    • CIO or CTO
    • Potential members and visionaries of the working group

    Outcomes of this phase:

    • Establish a team of subject matter experts that will evaluate new, emerging, and potentially disruptive technologies.
    • Establish a process for including visionaries from outside of the working group who will provide insight and direction.
    • Introduce the core working group members.
    • Gain a better understanding of how technology advances.
    • Brainstorm a list of organizational processes.
    • Brainstorm an initial longlist.

    Step 1.2

    Train the group to think like futurists

    Activities:

    1. Look to the past to predict the future:
      • Step 1: Review the technology opportunities you missed
      • Step 2: Review and record what you liked about the tech
      • Step 3: Review and record your dislikes
      • Step 4: Record and test the reasonability
    2. Crash course on futurology principles
    3. Peek into the future

    This step involves the following participants:

    • IT Infrastructure Manager
    • CIO or CTO
    • Core working group members
    • Visionaries

    Outcomes of this step

    • Team members thinking like futurists
    • Better understanding of how technology advances
    • List of past examples and characteristics

    Info-Tech Insight

    Business buy-in is essential. Manage your business partners by providing a summary of the EDIT methodology and process. Validate the process value, which will allow you create a team of IT and business representatives.

    1.2 Train the group to think like futurists

    1 hour

    Ensure the team understands how technology advances and how they can identify patterns in upcoming technologies.

    1. Lead the group through a brainstorming session.
    2. Follow the next phases and steps.
    3. This session should be led by someone who can facilitate a thought-provoking discussion.
    4. This training deck finishes with a video.

    Input

    • Facilitated creativity
    • Training deck [following slides]

    Output

    • Inspiration
    • Anonymous ideas

    Materials

    • Futurist training “steps”
    • Pen and paper

    Participants

    • Core working group
    • Visionaries
    • Facilitator

    1.2.A Look to the past to predict the future

    30 minutes

    Step 1

    		Step 2 Step 3 Step 4

    Review what you missed.

    What did you like?

    What did you dislike?

    Test the reasonability.

    Think about a time you missed a technical disruptive opportunity.

    Start with a list of technologies that changed your business and processes.

    Consider those specifically you could have identified with a repeatable process.

    What were the most impactful points about the technology?

    Define a list of “characteristics” you liked.

    Create a shortlist of items.

    Itemize the impact to process, people, and technology.

    Why did you pass on the tech?

    Define a list of “characteristics” you did not like.

    Create a shortlist of items.

    Itemize the impact to process, people, and technology.

    Avoid the “arm chair quarterback” view.

    Refer to the six positive and negative points.

    Check against your data points at the end of each phase.

    Record the list of missed opportunities

    Record 6 characteristics

    Record 6 characteristics

    Completed “Think like a Futurists” tool

    Use the Disruptive Technology Research Look to the Past Tool to record your output.

    Input

    • Facilitated creativity
    • Speaker’s notes

    Output

    • Inspiration
    • Anonymous ideas
    • Recorded missed opportunities
    • Recorded positive points
    • Recorded dislikes
    • Reasonability test list

    Materials

    • Futurist training “steps”
    • Pen and paper
    • “Look to the Past” tool

    Participants

    • Core working group
    • Visionaries
    • Facilitator

    Understand how the difference between linear and exponential growth will completely transform many organizations in the next decade

    “The last ten years have seen exponential growth in research on disruptive technologies and their impact on industries, supply chains, resources, training, education and employment markets … The debate is still open on who will be the winners and losers of future industries, but what is certain is that change has picked up pace and we are now in a new technology revolution whose impact is potentially greater than the industrial revolution.”
    – Gary L. Evans

    Exponential advancement will ensure that life in the next decade will be very different from life today.

    • Linear growth happens one step at a time.
    • The difference between linear and exponential is hard to notice, at first.
    • We are now at the knee of the curve.

    What about email?

    • Consider the amount of email you get daily
    • Double it
    • Triple it

    Exponential growth happens much faster than linear growth, especially when it hits the knee of the curve. Technology grows exponentially, and we are approaching the knee of the curve.

    This graph is adapted from research by Ray Kurzweil.

    Growth: Linear vs. Exponential

    This image contains a graph demonstrating examples of exponential and linear trends.

    1.2.B Crash course on futurology principles

    1 hour

    “An analysis of the history of technology shows that technological change is exponential, contrary to the common-sense ‘intuitive linear’ view. So we won’t experience 100 years of progress in the 21st century — it will be more like 20,000 years of progress (at today’s rate).”
    - Ray Kurzweil

    Review the differences between exponential and linear growth

    The pace of technological advances makes progress difficult to predict.

    Technology advances exponentially. Rather than improving by the same amount of capability each year, it multiplies in capability each year.

    Think like a futurist to anticipate technology before it goes mainstream.

    Exponential growth happens much faster than linear growth, especially when it hits the knee of the curve. Even those who acknowledge exponential growth underestimate how capabilities can improve.

    The following case study illustrates the rise of social media providers

    “There are 7.7 billion people in the world, with at least 3.5 billion of us online. This means social media platforms are used by one in three people in the world and more than two-thirds of all internet users.”
    – Esteban Ortiz-Ospina

    This graph depicts the trend of the number of people using social media platforms between 2005 and 2019

    The following case study illustrates the rapid growth of Machine to Machine (M2M) connections

    A bar graph is shown which depicts the proportion of technology use from 2018-2022. the included devices are: Tablets; PCs; TVs; Non-smartphones; Smartphones; M2M

    Ray Kurzweil’s Law of Accelerating Returns

    “Ray Kurzweil has been described as ‘the restless genius’ by The Wall Street Journal, and ‘the ultimate thinking machine’ by Forbes. He was ranked #8 among entrepreneurs in the United States by Inc Magazine, calling him the ‘rightful heir to Thomas Edison,’ and PBS included Ray as one of 16 ‘revolutionaries who made America,’ along with other inventors of the past two centuries.”
    Source: KurzweilAI.net

    Growth is linear?

    “Information technology is growing exponentially. That’s really my main thesis, and our intuition about the future is not exponential, it’s really linear. People think things will go at the current pace …1, 2, 3, 4, 5, and 30 steps later, you’re at 30.”

    Better IT strategy enables future business innovation

    “The reality of information technology like computers, like biological technologies now, is it goes exponentially … 2, 4, 8, 16. At step 30, you’re at a billion, and this is not an idle speculation about the future.” [emphasis added]

    “When I was a student at MIT, we all shared a computer that cost tens of millions of dollars. This computer [pulling his smartphone out of his pocket] is a million times cheaper, a thousand times more powerful — that’s a billion-fold increase in MIPS per dollar, bits per dollar… and we’ll do it again in 25 years.”
    Source: “IT growth and global change: A conversation with Ray Kurzweil,” McKinsey & Company

    1.2.C Peak into the future

    1 hour

    Leverage industry roundtables and trend reports to understand the art of the possible

    • Uncover important business and industry trends that can inform possibilities for technology disruption.
    • Market research is critical in identifying factors external to your organization and identifying technology innovation that will provide a competitive edge. It’s important to evaluate the impact each trend or opportunity will have in your organization and market.

    Visit Info-Tech’s Trends & Priorities Research Center

    Visit Info-Tech’s Industry Coverage Research to get started.

    Phase 1: Identify

    Create your working group

    Activities:

    Step 1.1: Establish the core working group and select a leader; select a group of visionaries
    Step 1.2: Train the group to think like futurists
    Step 1.3: Hold the initial meeting

    This step involves the following participants:

    • IT Infrastructure Manager
    • CIO or CTO
    • Potential members and visionaries of the working group

    Outcomes of this phase:

    • Establish a team of subject matter experts that will evaluate new, emerging, and potentially disruptive technologies.
    • Establish a process for including visionaries from outside of the working group who will provide insight and direction.
    • Introduce the core working group members.
    • Gain a better understanding of how technology advances.
    • Brainstorm a list of organizational processes.
    • Brainstorm an initial longlist.

    Info-Tech Insight

    Establish the longlist. The longlist help create a holistic view of most technologies that could impact the business. Assigning values and quadrant scoring will shortlist the options and focus your PoC option.

    Step 1.3

    Hold the initial meeting

    Activities:

    1. Create an agenda for the meeting
    2. Start the kick-off meeting with introductions and a recap
    3. Brainstorm about creating a better future
    4. Begin brainstorming an initial longlist
    5. Have team members develop separate longlists for their next meeting

    This step involves the following participants:

    • IT Infrastructure Manager
    • CIO or CTO
    • Core working group members
    • Visionaries

    Outcomes of this step

    • Introduce the core working group members
    • Gain a better understanding of how technology advances
    • Brainstorm a list of organizational processes
    • Brainstorm an initial longlist

    1.3.A Create an agenda for the meeting

    1 hour

    Kick-off this cycle of the disruptive technology process by welcoming your visionaries and introducing your core working group.

    The purpose of the initial meeting is to brainstorm where new technology will be the most disruptive within the organization. You’ll develop two longlists: one of business processes and one of disruptive technology. These longlists are in addition to the independent research your core working group will perform before Phase 2.

    • Find an outgoing facilitator. Sitting back will let you focus more on ideating, and an engaging presenter will help bring out ideas from your visionaries.
    • The training deck (see step 1.2c) includes presenting a video. We’ve included some of our top choices for you to choose from.
      • Feel free to find your own video or bring in a keynote speaker.
      • The object of the video is to get the group thinking about the future.
      • Customize the training deck as needed.
    • If a cycle has been completed, present your findings and all of the group’s completed deliverables in the first section.
    • This session is the only time you have with your visionaries. Get their ideas on what technologies will be disruptive to start forming a longlist.

    Info-Tech Insight

    The disruptive tech team is prestigious. If your organization is large enough or has the resources, consider having this meeting in an offsite location. This will drive excitement to join the working group if the opportunity arises and incentivize good work.

    Meeting Agenda (Sample)

    Time

    Activity

    8:00am-8:30am Introductions and previous meeting recap
    8:30am-9:30am Training deck
    9:30 AM-10:00am Brainstorming
    10:00am-10:15am Break
    10:15am-10:45am Develop good research techniques
    10:45am-12:00pm Begin compiling your longlist

    Info-Tech Insight

    The disruptive tech team is prestigious. If your organization is large enough or has the resources, consider having this meeting in an offsite location. This will drive excitement to join the working group if the opportunity arises and incentivize good work.

    1.3.B Start the kick-off meeting with introductions and a summary of what work has been done so far

    30 minutes

    1. Start the meeting off with an icebreaker activity. This isn’t an ordinary business meeting – or even group – so we recommend starting off with an activity that will emphasize this unique nature. To get the group in the right mindset, try this activity:
      1. Go around the group and have people present:
      2. Their names and roles
      3. Pose some or all of the following questions/prompts to the group:
        • “Tell me about something you have created.”
        • “Tell me about a time you created a process or program considered risky.”
        • “Tell me about a situation in which you had to come up with several new ideas in a hurry. Were they accepted? Were they successful?”
        • “Tell me about a time you took a risk.”
        • “Tell me about one of your greatest failures and what you learned from it.”
    2. Once everyone has been introduced, present any work that has already been completed.
      1. If you have already completed a cycle, give a summary of each technology that you investigated and the results from any piloting.
      2. If this is the first cycle for the working group, present the information decided in Step 1.1.

    Input

    • Disruptive technology exploitation plan

    Output

    • Networking
    • Brainstorming

    Materials

    • Meeting agenda

    Participants

    • Core working group
    • Visionaries
    • Facilitator

    1.3.C Brainstorm about creating a better future for the company, the stakeholders, and the employees

    30 minutes

    Three sticky notes are depicted, at the top of each note are the following titles: What can we do better; How can we make a better future; How can we continue being successful

    1. Have everyone put up at least two ideas for each chart paper.
    2. Go around the room and discuss their ideas. You may generate some new ideas here.

    These generated ideas are organizational processes that can be improved or disrupted with emerging technologies. This list will be referenced throughout Phases 2 and 3.

    Input

    • Inspiration
    • Anonymous ideas

    Output

    • List of processes

    Materials

    • Chart paper and markers
    • Pen and paper

    Participants

    • Core working group
    • Visionaries

    1.3.D Begin brainstorming a longlist of future technology, and discuss how these technologies will impact the business

    30 minutes

    • Use the Disruptive Technology Research Database Tool to organize technologies and ideas. Longstanding working groups can track technologies here over the course of several years, updating the tool between meetings.
    • Guide the discussion with the following questions, and make sure to focus on the processes generated from Step 1.2.d.

    Focus on

    The Technology

    • What is the technology and what does it do?
    • What processes can it support?

    Experts and Other Organizations

    • What are the vendors saying about the technology?
    • Are similar organizations implementing the technology?

    Your Organization

    • Is the technology ready for wide-scale distribution?
    • Can the technology be tested and implemented now?

    The Technology’s Value

    • Is there any indication of the cost of the technology?
    • How much value will the technology bring?

    Download the Disruptive Technology Database Tool

    Input

    • Inspiration
    • List of processes

    Output

    • Initial longlist

    Materials

    • Chart paper and markers
    • Pen and paper
    • Disruptive Technology Research Database Tool

    Participants

    • Core working group
    • Visionaries

    1.3.E Explore these sources to generate your disruptive technology longlist for the next meeting

    30 Minutes

    There are many sources of information on new and emerging technology. Explore as many sources as you can.

    Science fiction is a valid source of learning. It drives and is influenced by disruptive technology.

    “…the inventor of the first liquid-fuelled rocket … was inspired by H.G. Wells’ science fiction novel War of the Worlds (1898). More recent examples include the 3D gesture-based user interface used by Tom Cruise’s character in Minority Report (2002), which is found today in most touch screens and the motion sensing capability of Microsoft’s Kinect. Similarly, the tablet computer actually first appeared in Stanley Kubrick’s 2001: A Space Odyssey (1968) and the communicator – which we’ve come to refer today as the mobile phone – was first used by Captain Kirk in Star Trek (1966).”
    – Emmanuel Tsekleves, senior lecturer, University of Lancaster

    Right sources: blogs, tech news sites, tech magazines, the tech section of business sites, popular science books about technology, conferences, trade publications, and vendor announcements

    Quantity over quality: early research is not the time to dismiss ideas.

    Discuss with your peers: spark new and innovative ideas

    Insert a brief summary of how independent research is conducted in Section 2.1 of the Disruptive Technology Exploitation Plan Template.

    1.3.E (Cont.) Explore these sources to generate your disruptive technology longlist for the next meeting

    30 Minutes

    There are many sources of information on new and emerging technology. Use this list to kick-start your search.

    Connect with practitioners that are worth their weight in Reddit gold. Check out topic-based LinkedIn groups and subreddits such as r/sysadmin and r/tech. People experienced with technology frequent these groups.

    YouTube is for more than cat videos. Many vendors use YouTube for distributing their previous webinars. There are also videos showcasing various technologies that are uploaded by lecturers, geeks, researchers, and other technology enthusiasts.

    Test your reasonability. Check your “Think Like a Futurist” Tool

    Resolve

    Evaluate Disruptive Technologies

    PHASE 2

    Phase 2: Resolve

    Evaluate disrupted technologies

    Activities:

    Step 2.1: Create and Winnow a Longlist
    Step 2.2: Assess Shortlist

    Info-Tech Insight

    Long to short … that’s the short of it. Using SWOT, value readiness, and quadrant mapping review sessions will focus the longlist, creating a shortlist of potential PoC candidates to review and consider.

    This step involves the following participants:

    • Core working group
    • Infrastructure Management

    Outcomes of this step:

    • Finalized longlist
    • Finalized shortlist
    • Initial analysis of each technology on the shortlist

    Step 2.1

    Create and winnow a longlist

    Activities:

    1. Converge everyone’s longlists
    2. Narrow technologies from the longlist down to a shortlist using Info-Tech’s Disruptive Technology Shortlisting Tool
    3. Use the shortlisting tool to help participants visualize the potential
    4. Input the technologies on your longlist into the Disruptive Technology Shortlisting Tool to produce a shortlist

    This step involves the following participants:

    • Core working group members

    Outcomes of this step:

    • Finalized longlist
    • Finalized shortlist
    • Initial analysis of each technology on the shortlist

    2.1 Organize a meeting with the core working group to combine your longlists and create a shortlist

    1 hour

    Plan enough time to talk about each technology on the list. Each technology was included for a reason.

    • Start with the longlist. Review the longlist compiled at the initial meeting, and then have everyone present the lists that they independently researched.
    • Focus on the company’s context. Make sure that the working group analyzes these disruptive technologies in the context of the organization.
    • Start to compile the shortlist. Begin narrowing down the longlist by excluding technologies that are not relevant.

    Meeting Agenda (Sample)

    TimeActivity
    8:00am-9:30amConverge longlists
    9:30am-10:00amBreak
    10:00am-10:45amDiscuss tech in organizational context
    10:45am-11:15amBegin compiling the shortlist

    Disruptive Technology Exploitation Plan Template

    2.1.A Converge the longlists developed by your team

    90 minutes

    • Start with the longlist developed at the initial meeting. Write this list on the whiteboard.
    • If applicable, have a member present the longlist that was created in the last cycle. Remove technologies that:
      • Are no longer disruptive (e.g. have been implemented or rejected).
      • Have become foundational.
    • Eliminate redundancy: remove items that are very similar.
    • Have members “pitch” items on their lists:
      • Explain why their technologies will be disruptive (2-5 minutes maximum)
      • Add new technologies to the whiteboard
    • Record the following for metrics:
      • Each presented technology
      • Reasons the technology could be disruptive
      • Source of the information
    • Use Info-Tech’s Disruptive Technology Research Database Tool as a starting point.

    Insert the final longlist into Section 2.2 of your Disruptive Technology Exploitation Plan Template.

    Input

    • Longlist developed at first meeting
    • Independent research
    • Previous longlist

    Output

    • Finalized longlist

    Materials

    • Disruptive Technology Research Database Tool
    • Whiteboard and markers
    • Virtual whiteboard

    Participants

    • Core working group

    Review the list of processes that were brainstormed by the visionary group, and ask for input from others

    • IT innovation is most highly valued by the C-suite when it improves business processes, reduces costs, and improves core products and services.
    • By incorporating this insight into your working group’s analysis, you help to attract the attention of senior management and reinforce the group’s necessity.
    • Any input you can get from outside of IT will help your group understand how technology can be disruptive.
      • Visionaries consulted in Phase 1 are a great source for this insight.
    • The list of processes that they helped to brainstorm in Step 1.2 reflects processes that can be impacted by technology.
    • Info-Tech’s research has shown time and again that both CEOs and CIOs want IT to innovate around:
      • Improving business processes
      • Improving core products and services
      • Reducing costs

    Improved business processes

    		80%

    Core product and service improvement

    48%

    Reduced costs

    		48%

    Increased revenues

    		23%

    Penetration into new markets

    		21%

    N=364 CXOs & CIOs from the CEO-CIO Alignment Diagnostic Questions were asked on a 7-point scale of 1 = Not at all to 7 = Very strongly. Results are displayed as percentage of respondents selecting 6 or 7.

    Info-Tech Insight

    The disruptive tech team is prestigious. If your organization is large enough or has the resources, consider having this meeting in an offsite location. This will drive excitement to join the working group if the opportunity arises and incentivize good work.

    2.1.B Narrow technologies from the longlist down to a shortlist using Info-Tech’s Disruptive Technology Shortlisting Tool

    90 minutes

    To decide which technology has potential for your organization, have the working group or workshop participants evaluate each technology:

    1. Record each potentially disruptive technology in the longlist on a whiteboard.
    2. Making sure to carefully consider the meaning of the terms, have each member of the group evaluate each technology as “high” or “low” along each of the axes, innovation and transformation, on a piece of paper.
    3. The facilitator collects each piece of paper and inputs the results by technology into the Disruptive Technology Shortlisting Tool.
    Technology Innovation Transformation
    Conversational Commerce High High

    Insert the final shortlist into Section 2.2 of your Disruptive Technology Exploitation Plan Template.

    Input

    • Longlist
    • Futurist brainstorming

    Output

    • Shortlist

    Materials

    • Disruptive Technology Research Database Tool
    • Whiteboard and markers
    • Virtual whiteboard

    Participants

    • Core working group

    Disruptive technologies are innovative and transformational

    Innovation

    Transformation

    • Elements:
      • Creative solution to a problem that is relatively new on the scene.
      • It is different, counterintuitive, or insightful or has any combination of these qualities.
    • Questions to Ask:
      • How new is the technology?
      • How different is the technology?
      • Have you seen anything like it before? Is it counterintuitive?
      • Does it offer an insightful solution to a persistent problem?
    • Example:
      • The sharing economy: Today, simple platforms allow people to share rides and lodgings cheaply and have disrupted traditional services.
    • Elements:
      • Positive change to the business process.
      • Highly impactful: impacts a wide variety of roles in a company in a nontrivial way or impacts a smaller number of roles more significantly.
    • Questions to Ask:
      • Will this technology have a big impact on business operations?
      • Will it add substantial value? Will it change the structure of the company?
      • Will it impact a significant number of employees in the organization?
    • Example:
      • Flash memory improved storage technology incrementally by building on an existing foundation.

    Info-Tech Insight

    Technology can be transformational but not innovative. Not every new technology is disruptive. Even where technology has improved the efficiency of the business, if it does this in an incremental way, it might not be worth exploring using this storyboard.

    2.1.C Use the shortlisting tool to help participants visualize the potential

    1 hour

    Use the Disruptive Technology Shortlisting Tool, tabs 2 and 3.

    Assign quadrants

    • Input group members’ names and the entire longlist (up to 30 technologies) into tab 2 of the Disruptive Technology Shortlisting Tool.
    • On tab 3 of the Disruptive Technology Shortlisting Tool, input the quadrant number that corresponds to the innovation and transformation scores each participant has assigned to each technology.

    Note

    This is an assessment meant to serve as a guide. Use discretion when moving forward with a proof-of-concept project for any potentially disruptive technology.

    Participant Evaluation Quadrant
    High Innovation, High Transformation 1
    High Innovation, Low Transformation 2
    Low Innovation, Low Transformation 3
    Low Innovation, High Transformation 4

    four quadrants are depicted, labeled 1-4. The quadrants are coloured as follows: 1- green; 2- yellow; 3; red; 4; yellow

    2.1.D Use the Disruptive Technology Shortlisting Tool to produce a shortlist

    1 hour

    Use the Disruptive Technology Shortlisting Tool, tabs 3 and 4.

    Use the populated matrix and the discussion list to arrive at a shortlist of four to six potentially disruptive technologies.

    • The tool populates each quadrant based on how many votes it received in the voting exercise.
    • Technologies selected for a particular quadrant by a majority of participants are placed in the quadrant on the graph. Where there was no consensus, the technology is placed in the discussion list.
    • Technologies in the upper right quadrant – high transformation and high innovation – are more likely to be good candidates for a proof-of-concept project. Those in the bottom left are likely to be poor candidates, while those in the remaining quadrants are strong on one of the axes and are unlikely candidates for further systematic evaluation.

    This image contains a screenshot from tab 3 of the Disruptive Technology Shortlisting Tool.

    Input the results of the vote into tab 3 of the Disruptive Technology Shortlisting Tool.

    This image contains a screenshot from tab 4 of the Disruptive Technology Shortlisting Tool.

    View the results on tab 4.

    Phase 2: Resolve

    Evaluate disrupted technologies

    Activities:

    Step 2.1: Create and Winnow a Longlist
    Step 2.2:- Assess Shortlist

    This step involves the following participants:

    • Core working group
    • Infrastructure Management

    Outcomes of this step:

    • Finalized longlist
    • Finalized shortlist
    • Initial analysis of each technology on the shortlist

    Assess Shortlist

    Activities:

    1. Assess the value of each technology to your organization by breaking it down into quality and cost
    2. Investigate the overall readiness of the technologies on the shortlist
    3. Interpret each technology’s value score
    4. Conduct a SWOT analysis for each technology on the shortlist
    5. Use Info-Tech’s disruptive technology shortlist analysis to visualize the tool’s outputs
    6. Select the shortlisted technologies you would like to move forward with

    This step involves the following participants:

    • Core working group members
    • IT Management

    Outcomes of this step:

    • Finalized shortlist
    • Initial analysis of each technology on the shortlist

    2.2 Evaluate technologies based on their value and readiness, and conduct a SWOT analysis for each one

    Use the Disruptive Technology Value-Readiness and SWOT Analysis Tool

    • A technology monitor diagram prioritizes investment in technology by analyzing its readiness and value.
      • Readiness: how close the technology is to being practical and implementable in your industry and organization.
      • Value: how worthwhile the technology is, in terms of its quality and its cost.
    • Value and readiness questionnaires are included in the tool to help determine current and future values for each, and the next four slides explain the ratings further.
    • Categorize technology by its value-readiness score, and evaluate how much potential value each technology has and how soon your company can realize that value.
    • Use a SWOT analysis to qualitatively evaluate the potential that each technology has for your organization in each of the four categories (strengths, weaknesses, opportunities, and threats).

    The technology monitor diagram appears in tab 9 of the Disruptive Technology Value-Readiness and SWOT Analysis Tool

    This image depicts tab 9 of the Disruptive Technology Value-Readiness and SWOT Analysis Tool

    2.2.A Assess the value of each technology to your organization by breaking it down into quality and cost

    1 hour

    Update the Disruptive Technology Value-Readiness and SWOT Analysis Tool, tab 4.

    Populate the chart to produce a score for each technology’s overall value to the company conceptualized as the interaction of quality and cost.

    Overall Value

    Quality Cost

    Each technology, if it has a product associated with it, can be evaluated along eight dimensions of quality. Consider how well the product performs, its features, its reliability, its conformance, its durability, its serviceability, its aesthetics, and its perceived quality.

    IT budgets are broken down into capital and operating expenditures. A technology that requires a significant investment along either of these lines is unlikely to produce a positive return. Also consider how much time it will take to implement and operate each technology.

    The value assessment is part of the Disruptive Technology Value-Readiness and SWOT Analysis Tool

    This image contains a screenshot from tab 4 of the Disruptive Technology Value-Readiness and SWOT Analysis Tool.

    Info-Tech Insight

    Watch your costs: Technology that seems cheap at first can actually be expensive over time. Be sure to account for operational and opportunity costs as well.

    2.2.B Investigate the overall readiness of the technologies on the shortlist

    1 hour

    Update the Disruptive Technology Value-Readiness and SWOT Analysis Tool, tab 4.

    Overall Readiness

    Age

    How much time has the technology had to mature? Older technology is more likely to be ready for adoption.

    Venture Capital

    The amount of venture capital gathered by important firms in the space is an indicator of market faith.

    Market Size

    How big is the market for the technology? It is more difficult to break into a giant market than a niche market.

    Market Players

    Have any established vendors (Microsoft, Facebook, Google, etc.) thrown their weight behind the technology?

    Fragmentation

    A large number of small companies in the space indicates that the market has yet to reach equilibrium.

    The readiness assessment is part of the Disruptive Technology Value-Readiness and SWOT Analysis Tool

    This image contains a screenshot of the Readiness Scoring tab of the Disruptive Technology Value-Readiness and SWOT Analysis Tool.

    Use a variety of sources to populate the chart

    Google is your friend: search each shortlisted technology to find details about its development and important vendors.

    Websites like Crunchbase, VentureBeat, and Mashable are useful sources for information on the companies involved in a space and the amount of money they have each raised.

    2.2.C Interpret each technology’s value score

    1 hour

    Insert the result of the SWOT analysis into tab 7 of Info-Tech’s Disruptive Technology Value-Readiness and SWOT Analysis Tool.

    Visualize the results of the quality-cost analysis

    • Quality and cost are independently significant; it is essential to understand how each technology stacks up on the axes.
    • Use tab 6 of the Disruptive Technology Value-Readiness and SWOT Analysis Tool for an illustration of how quality and cost interact to produce each technology’s final position on the tech monitor graph.
    • Remember: the score is notional and reflects the values that you have assigned. Be sure to treat it accordingly.

    This image contains a screenshot of the Value Analysis tab of the Disruptive Technology Value-Readiness and SWOT Analysis Tool

    Green represents a technology that scores extremely high on one axis or the other, or quite high on both. These technologies are the best candidates for proof-of-concept projects from a value perspective.

    Red represents a technology that has scored very low on both axes. These technologies will be expensive, time consuming, and of poor quality.

    Yellow represents the fuzzy middle ground. These technologies score moderately on both axes. Be especially careful when considering the SWOT analysis of these technologies.

    2.2.D Conduct a SWOT analysis for each technology on the shortlist

    1 hour

    Use tab 6 of the Disruptive Technology Value-Readiness and SWOT Analysis Tool.

    A formal process for analyzing disruptive technology is the only way to ensure that it is taken seriously.

    Write each technology as a heading on a whiteboard. Spend 10-15 minutes on each technology conducting a SWOT analysis together.

    Consider four categories for each technology:

    • Strengths: Current uses of the technology or supporting technology and ways in which it helps your organization.
    • Weaknesses: Current limitations of the technology and challenges or barriers to adopting it in your organization.
    • Opportunities: Potential uses of the technology, especially as it advances or improves.
    • Threats: Potential negative disruptions resulting from the technology, especially as it advances or improves.

    The list of processes generated at the cycle’s initial meeting is a great source for opportunities and threats.

    Disruptive Technology Value-Readiness and SWOT Analysis Tool

    This image contains screenshots of the technology tab of the Disruptive Technology Value-Readiness and SWOT Analysis Tool.

    2.2.E Use Info-Tech’s disruptive technology shortlist analysis to visualize the tool’s outputs

    1 hour

    Disruptive Technology Value-Readiness and SWOT Analysis Tool, tab 9

    The tool’s final tab displays the results of the value-readiness analysis and the SWOT analysis in a single location.

    This image contains a screenshot from tab 9 of the Disruptive Technology Value-Readiness and SWOT Analysis Tool

    Insert the shortlist analysis report into Section 3 of your Disruptive Technology Exploitation Plan Template.

    2.2.F Select the shortlisted technologies you would like to move forward with

    1 hour

    Present your findings to the working group.

    • The Disruptive Technology Value-Readiness and SWOT Analysis Tool aggregates your inputs in an easy-to-read, consistent way.
    • Present the tool’s outputs to members of the core working group.
    • Explain the scoring and present the graphic to the group. Go over each technology’s strengths and weaknesses as well as the opportunities and threats it presents/poses to the organization.
    • Go through the proof-of-concept planning phase before striking any technologies from the list.

    This image contains a screenshot of the disruptive technology shortlist analysis from the Disruptive Technology Value-Readiness and SWOT Analysis Tool

    Info-Tech Insight

    A technology’s exceptional value and immediate usability make it the best. A technology can be promising and compelling, but it is unsuitable unless it can bring immediate and exceptional value to your organization. Don’t get caught up in the hype.

    Evaluate

    Create an Action Plan to Exploit Disruptive Technologies

    PHASE 3

    Phase 3: Evaluate

    Create an Action Plan to Exploit Disruptive Technologies

    Activities:

    Step 3.1: Create Process Maps
    Step 3.2: Develop Proof of Concept Charter

    This step involves the following participants:

    • Core working group
    • Infrastructure Management
    • Working group leader
    • CIO

    Outcomes of this step:

    • Business process maps before and after disruption
    • Proof of concept charter
    • Key performance indicators
    • Estimation of required resources

    Step 3.1

    Create Process Maps

    Activities:

    1. Creating a problem canvas by identifying stakeholders, jobs, pains, and gains
    2. Clarify the problem the proof-of-concept project will solve
    3. Identify jobs and stakeholders
    4. Outline how disruptive technology will solve the problem
    5. Map business processes
    6. Identify affected business units
    7. Outline and map the business processes likely to be disrupted
    8. Recognize how the new technology will impact business processes
    9. Make the case: Outline why the new business process is superior to the old

    This step involves the following participants:

    • Working group leader
    • CIO

    Outcomes of this step:

    • Business process maps before and after disruption

    3.1 Create an action plan to exploit disruptive technologies

    Clarify the problem in order to make the case. Fill in section 1.1 of Info-Tech’s Proof of Concept Template to clearly outline the problem each proof of concept is designed to solve.

    Establish roles and responsibilities. Use section 1.2 of the template to outline the roles and responsibilities that fall to each member of the team. Ensure that clear lines of authority are delineated and that the list of stakeholders is exhaustive: include the executives whose input will be required for project approval, all the way to the technicians on the frontline responsible for implementing it.

    Outline the solution to the problem. Demonstrate how each proof-of-concept project provides a solution to the problem outlined in section 1.1. Be sure to clarify what makes the particular technology under investigation a potential solution and record the results in section 1.3.

    This image contains a screenshot of the Proof of concept project template

    Use the Proof of Concept Project Template to track the information you gather throughout Phase 3.

    3.1.A Creating a problem canvas by identifying stakeholders, jobs, pains, and gains

    2 hours

    Instructions:

    1. On a whiteboard, draw the visual canvas supplied below.
    2. Select your issue area, and list jobs, pains, and gains in the associated sections.
    3. Record the pains, jobs, and gains in sections 1.1-1.3 of the Proof of Concept Template.

    Gains

    1. More revenue

    2. Job security

    3. ……

    Jobs

    1. Moving product

    2. Per sale value

    3. ……

    Pains

    1. Clunky website

    2. Bad site navigation

    3. ……

    Input

    • Inspiration
    • Anonymous ideas

    Output

    • List of processes

    Materials

    • Chart paper and markers
    • Pen and paper

    Participants

    • Core working group
    • Visionaries

    3.1.B Clarify the problem the proof-of-concept project will solve

    2 hours

    What is the problem?

    • Every technology is designed to solve a problem faced by somebody somewhere. For each technology that your team has decided to move forward with, identify and clearly state the problem it would solve.
    • A clear problem statement is a crucial part of a new technology’s business case. It is impossible to earn buy-in from the rest of the organization without demonstrating the necessity of a solution.
    • Perfection is impossible to achieve: during the course of their work, everyone encounters pain points. Identify those pain points to arrive at the problem that needs to be solved.

    Example:

    List of pains addressed by conversational commerce:

    • Search functions can be clunky and unresponsive.
    • Corporate websites can be difficult to navigate.
    • Customers are uncomfortable in unfamiliar internet environments.
    • Customers do not like waiting in a long queue to engage with customer service representatives when they have concerns.

    “If I were given one hour to solve a problem, I would spend 59 minutes defining the problem and one minute resolving it.”
    – Albert Einstein

    Input the results of this exercise into Section 1.1 of the Proof of Concept Template.

    3.1.C Identify jobs and stakeholders

    1 hour

    Jobs

    Job: Anything that the “customer” (the target of the solution) needs to get done but that is complicated by a pain.

    Examples:
    The job of the conversational commerce interface is to make selling products easier for the company.
    From the customer perspective, the job of the conversational interface is to make the act of purchasing a product simpler and easier.

    Stakeholders

    Stakeholder: Anyone who is impacted by the new technology and who will end up using, approving, or implementing it.

    Examples:
    The executive is responsible for changing the company’s direction and approving investment in a new sales platform.
    The IT team is responsible for implementing the new technology.
    Marketing will be responsible for selling the change to customers.
    Customers, the end users, will be the ones using the conversational commerce user interface.

    Input the results of this exercise into Section 1.2 of the Proof of Concept Template.

    Info-Tech Insight

    Process deconstruction reveals strengths and weaknesses. Promising technology should improve stakeholders’ abilities to do jobs.

    3.1.D Outline how disruptive technology will solve the problem

    1 hour

    How will the technology in question make jobs easier?

    • How will the disruptive technology you have elected to move forward with create gains for the organization?
    • First, identify the gains that are supposed to come with the project. Consider the benefits that the various stakeholders expect to derive from the jobs identified.
    • Second, make note of how the technology in question facilitates the gains you have noted. Be sure to articulate the exclusive features of the new technology that make it an improvement over the current state.

    Note: The goal of this exercise is to make the case for a particular technology. Sell it!

    Expected Gain: Increase in sales.

    Conversational Commerce’s Contribution: Customers are more likely to purchase products using interfaces they are comfortable with.

    Expected Gain: Decrease in costs.

    Conversational Commerce’s Contribution: Customers who are satisfied with the conversational interface are less likely to interact with live agents, saving labor costs.

    Input the results of this exercise into Section 1.3 of the Proof of Concept Template.

    3.1.E Map business processes

    1 hour

    Map the specific business processes the new technology will impact.

    • Disruptive technologies will impact a wide variety of business processes.
    • Map business processes to visualize what parts of your organization (departments, silos, divisions) will be impacted by the new technology, should it be adopted after the proof of concept.
    • Identify how the disruption will take place.
    • Demonstrate the value of each technology by including the results of the Disruptive Technology Value-Readiness and SWOT Analysis Tool with your process map.

    This image contains a screenshot of the Proof of concept project template

    Use the Proof of Concept Project Template to track the information you gather throughout Phase 3.

    3.1.F Identify affected business units

    30 minutes per technology

    Disruptive technology will impact business units.

    • Using the stakeholders identified earlier in the project, map each technology to the business units that will be affected.
    • Make your list exhaustive. While some technologies will have a limited impact on the business as a whole, others will have ripple effects throughout the organization.
    • Examine affected units at all scales: How will the technology impact operations at the team level? The department level? The division level?

    “The disruption is not just in the technology. Sometimes a good business model can be the disruptor.”
    – Jason Hong, Associate Professor, Carnegie Mellon

    Example:

    • Customer service teams: Conversational commerce will replace some of the duties of the customer service representative. They will have to reorganize to account for this development.
    • IT department: The IT department will be responsible for building/maintaining the conversational interface (or, more likely, they will be responsible for managing the contract with the vendor).
    • Sales analytics: New data from customers in natural language might provide a unique opportunity for the analytics team to develop new initiatives to drive sales growth.

    Input the results of this exercise into Section 2.1 of the Proof of Concept Template.

    3.1.G Outline and map the business processes likely to be disrupted

    15 minutes per technology

    Leverage the insights of the diverse working group.

    • Processes are designed to transform inputs into outputs. All business activities can be mapped into processes.
    • A process map illustrates the sequence of actions and decisions that transform an input into an output.
    • Effective mapping gives managers an “aerial” view of the company’s processes, making it easier to identify inefficiencies, reduce waste, and ultimately, streamline operations.
    • To identify business processes, have group members familiar with the affected business units identify how jobs are typically accomplished within those units.

    “To truly understand a business process, we need information from both the top-down and bottom-up points of view. Informants higher in the organizational hierarchy with a strategic focus are less likely to know process details or problems. But they might advocate and clearly articulate an end-to-end, customer-oriented philosophy that describes the process in an idealized form. Conversely, the salespeople, customer service representatives, order processors, shipping clerks, and others who actually carry out the processes will be experts about the processes, their associated documents, and problems or exception cases they encounter.”
    – Robert J. Glushko, Professor at UC Berkeley and Tim McGrath, Business Consultant

    Info-Tech Insight

    Opinions gathered from a group that reflect the process in question are far more likely to align with your organization’s reality. If you have any questions about a particular process, do not be afraid to go outside of the working group to ask someone who might know.

    3.1.G Outline and map the business processes likely to be disrupted (continued)

    15 minutes per technology

    Create a simple diagram of identified processes.

    • Use different shapes to identify different points in the process.
    • Rectangles represent actions, diamonds represent decisions.
    • On a whiteboard, map out the actions and decisions that take place to transform an input into an output.
    • Input the result into section 2.2 of the Proof of Concept Template.

    This image contains a screenshot of the Software Service Cross-Function Process tab from Edraw Visualization Solutions.

    Source: Edraw Visualization Solutions

    Example: simplified process map

    1. User: visits company website
    2. User: engages search function or browses links
    3. User: selects and purchases product from a menu
    4. Company: ships product to customer

    3.1.H Recognize how the new technology will impact business processes

    15 minutes per technology

    Using the information gleaned from the previous activities, develop a new process map that takes the new technology into account.

    Identify the new actions or decisions that the new technology will affect.

    User: visits company website; User: engages conversational; commerce platform; User: engages search function or browses links; User: makes a natural language query; User: selects and purchases product from a menu</p data-verified=

    User: selects and purchases product from a menu; Company: ships product to customer; Company: ships product to customer">

    Info-Tech Insight

    It’s ok to fail! The only way to know you’re getting close to the “knee of curve" is from multiple failed PoC tests. The more PoC options you have, the more likely it will be that you will have two to three successful results.

    3.1.I Make the case: Outline why the new business process is superior to the old

    15 minutes per technology

    Articulate the main benefits of the new process.

    • Using the revised process map, make the case for each new action.
    • Questions to consider: How does the new technology relieve end-user/customer pains? How does the new technology contribute to the streamlining of the business process? Who will benefit from the new action? What are the implications of those benefits?
    • Record the results of this exercise in section 2.4 of the Proof of Concept Template.

    This image contains an example of an outline comparing the benefits of new and the old business processes.

    Info-Tech Insight

    If you cannot articulate how a new technology will benefit a business process, reconsider moving forward with the proof-of-concept project.

    Phase 3: Evaluate

    Create an Action Plan to Exploit Disruptive Technologies

    Activities:

    Step 3.1: Create Process Maps
    Step 3.2: Develop Proof of Concept Charter

    Develop Proof of Concept Charter

    This step involves the following participants:

    • Core working group
    • Infrastructure Management
    • Working group leader
    • CIO

    Outcomes of this step:

    • Business process maps before and after disruption
    • Proof of concept charter
    • Key performance indicators
    • Estimation of required resources

    Step 3.2

    Develop Proof of Concept Charter

    Activities:

    1. Use SMART success metrics to define your objectives
    2. Develop key performance indicators (KPIs)
    3. Identify key success factors for the project
    4. Outline the project’s scope
    5. Identify the structure of the team responsible for the proof-of-concept project
    6. Estimate the resources required by the project
    7. Be aware of common IT project concerns
    8. Communicate your working group’s findings and successes to a wide audience
    9. Hand off the completed proof-of-concept project plan
    10. Disruption is constant: Repeat the evaluation process regularly to protect the business

    This step involves the following participants:

    • Working group leader
    • CIO

    Outcomes of this step:

    • Proof of concept charter
    • Key performance indicators
    • Estimation of required resources

    3.2 Develop a proof of concept charter

    Keep your proof of concept on track by defining five key dimensions.

    1. Objective: Giving an overview of the planned proof of concept will help to focus and clarify the rest of this section. What must the proof of concept achieve? Objectives should be: specific, measurable, attainable, relevant, and time bound. Outline and track key performance indicators.
    2. Key Success Factors: These are conditions that will positively impact the proof of concept’s success.
    3. Scope: High-level statement of scope. More specifically, state what is in scope and what is out of scope.
    4. Project Team: Identify the team’s structure, e.g. sponsors, subject-matter experts.
    5. Resource Estimation: Identify what resources (time, materials, space, tools, expertise, etc.) will be needed to build and socialize your prototype. How will they be secured?

    Input the results of this exercise into Section 3.0 of the Proof of Concept Template.

    3.2.A Use SMART success metrics to define your objectives

    Specific

    Measurable

    Actionable

    Realistic

    Time Bound

    Make sure the objective is clear and detailed.

    Objectives are measurable if there are specific metrics assigned to measure success. Metrics should be objective.

    Objectives become actionable when specific initiatives designed to achieve the objective are identified.

    Objectives must be achievable given your current resources or known available resources.

    An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.

    Who, what, where, why?

    How will you measure the extent to which the goal is met?

    What is the action-oriented verb?

    Is this within my capabilities?

    By when: deadline, frequency?

    Examples:

    1. Increase in sales by $40,000 per month by the end of next quarter.
    2. Immediate increase in web traffic by 600 unique page views per day.
    3. Number of pilots approved per year.
    4. Number of successfully deployed solutions per year.

    Input the results of this exercise into Section 3.0 of the Proof of Concept Template.

    3.2.B Develop key performance indicators (KPIs)

    30 minutes per technology

    Key performance indicators allow for rigorous analysis, which generates insight into utilization by platform and consumption by business activity.

    • Use the process improvements identified in step 3.1 to brainstorm metrics that indicate when process improvement is actually taking place.
    • Have members of the group pitch KPIs; the facilitator should record each suggestion on a whiteboard.
    • Make sure to have everyone justify the inclusion of each metric: How does it relate to the improvement that the proof of concept project is intended to drive? How does it relate to the overall goals of the business?
    • Include a list of KPIs, along with a description and a target (ensuring that it aligns with SMART metrics) in section 3.1 of the Proof of Concept Template.

    “An estimated 70% of performance measurement systems fail after implementation. Carefully select your KPIs and avoid this trap!”
    Source: Collins et al. 2016

    Key Performance Indicator Description Target

    Result

    Conversion rate What percentage of customers who visit the site/open the conversational interface continue on to make a purchase? 40%
    Average order value

    How much does each customer spend per visit to the website?

    		$212
    Repeat customer rate What percentage of customers have made more than one purchase over time? 65%
    Lifetime customer value Over the course of their interaction with the company, what is the typical value each customer brings? $1566

    Input the results of this exercise into Section 3.1 of the Proof of Concept Template.

    3.2.C Identify key success factors for the project

    30 minutes per technology

    Effective project management involves optimizing four key success factors (Clarke, 1999)

    • Communication: Communicate the expected changes to stakeholders, making sure that everyone who needs to know does know. Example: Make sure customer service representatives know their duties will be impacted by the conversational UI well before the proof-of-concept project begins.
    • Clarity: All involved in the project should be apprised of what the project is intended to accomplish and what the project is not intended to accomplish. Example: The conversational commerce project is not intended to be rolled out to the entire customer base all at once; it is not intended to disrupt normal online sales.
    • Compartmentalization: The working group should suggest some ways that the project can be broken down to facilitate its effective implementation. Example: Sales provides details of customers who might be amenable to a trial, IT secures a vendor, customer service writes a script.
    • Flexibility: The working group’s final output should not be treated as gospel. Ensure that the document can be altered to account for unexpected events. Example: The conversational commerce platform might drive sales of a particular product more than others, necessitating adjustments at the warehouse and shipping level.

    Input the results of this exercise into Section 3.0 of the Proof of Concept Template.

    3.2.D Outline the project’s scope

    10 minutes per technology

    Create a high-level outline of the project’s scope.

    • Questions to consider: Broadly speaking, what are the project’s goals? What is the desired future state? Where in the company will the project be rolled out? What are some of the company’s goals that the project is not designed to cover?
    • Be sure to avoid scope creep! Remember: The goal of the proof-of-concept project is to produce a minimum case for viability in a carefully defined area. Reserve a detailed accounting of costs and benefits for the post-proof-of-concept stage.
    • Example: The conversational user interface will only be rolled out in an e-commerce setting. Other business units (HR, for example) are beyond the scope of this particular project.

    “Although scope creep is not the only nemesis a project can have, it does tend to have the farthest reach. Without a properly defined project and/or allowing numerous changes along the way, a project can easily go over budget, miss the deadline, and wreak havoc on project success.”
    – University Alliance, Villanova University

    Input the results of this exercise into Section 3.0 of the Proof of Concept Template.

    3.2.E Identify the structure of the team responsible for the proof-of-concept project

    10 minutes per technology

    Brainstorm who will be involved in project implementation.

    • Refer back to the list of stakeholders identified in 3.1.a. Which stakeholders should be involved in implementing the proof-of-concept plan?
    • What business units do they represent?
    • Who should be accountable for the project? At a high level, sketch the roles of each of the participants. Who will be responsible for doing the work? Who will approve it? Who needs to be informed at every stage? Who are the company’s internal subject matter experts?

    Example

    Name/Title Role
    IT Manager Negotiate the contract for the software with vendor
    CMO Promote the conversational interface to customers

    Input the results of this exercise into Section 3.0 of the Proof of Concept Template.

    3.2.F Estimate the resources required by the project

    10 minutes per technology

    Time and Money

    • Recall: Costs can be operational, capital, or opportunity.
    • Revisit the Disruptive Technology Value-Readiness and SWOT Analysis Tool. Record the capital and operational expenses expected to be associated with each technology, and add detail where possible (use exact figures from particular vendors instead of percentages).
    • Write the names and titles of each expected participant in the project on a whiteboard. Next to each name, write the number of hours they are expected to devote to the project and include a rough estimate of the cost of their participation to the company. Use full-time employee equivalent (FTE measures) as a base.
    • Outline how other necessary resources (space, tools, expertise, etc.) will be secured.

    Example: Conversational Commerce

    • OpEx: $149/month + 2.9¢/transaction* (2,000 estimated transactions)
    • CapEx: $0!
    • IT Manager: 5 hours at $100/hour
    • IT Technician: 40 hours at $45/hour
    • CMO: 1 hour at $300/hour
    • Customer Service Representative: 10 hours at $35/hour
    • *Estimated total cost for a one-month proof-of-concept project: $3,157

    *This number is a sample taken from the vendor Rhombus

    Input the results of this exercise into Section 3.0 of the Proof of Concept Template.

    3.2.G Be aware of common IT project concerns

    Of projects that did not meet business expectations or were cancelled, how significant were the following issues?

    A bar graph is depicted, comparing small, medium, and large businesses for the following datasets: Over budget; Project failed to be delivered on time; Breach of scope; Low quality; Failed to deliver expected benefit or value

    This survey data did not specifically address innovation projects.

    • Disruptive technology projects will be under increased scrutiny in comparison to other projects.
    • Be sure to meet deadlines and stay within budget.
    • Be cognizant that your projects can go out of scope, and there will be projects that may have to be cancelled due to low quality. Remember: Even a failed test is a learning opportunity!

    Info-Tech’s CIO-CEO Alignment Survey, N=225

    Organization size was determined by the number of IT employees within the organization

    Small = 10 or fewer IT staff, medium = 11 to 25 IT staff, and large/enterprise = 26 or greater IT staff

    3.2.H Communicate your working group’s findings and successes to a wide audience

    Advertise the group’s successes and help prevent airline magazine syndrome from occurring.

    • Share your group’s results internally:
      • Run your own analysis by senior management and then share it across the organization.
      • Maintain a list of technologies that the working group has analyzed and solicit feedback from the wider organization.
      • Post summaries of the technologies in a publicly available repository. The C-suite may not read it right away, but it will be easy to provide when they ask.
      • If senior management has declined to proceed with a certain technology, avoid wasting time and resources on it. However, include notes about why the technology was rejected.
    • These postings will also act as an advertisement for the group. Use the garnered interest to attract visionaries for the next cycle.
    • These postings will help to reiterate the innovative value of the IT department and help bring you to the decision-making table.

    “Some CIOs will have to battle the bias that they belong in the back office and shouldn’t be included in product architecture planning. CIOs must ‘sell’ IT’s strength in information architecture.”
    – Chris Curran, Chief Technologist, PwC (Curran, 2014)

    Info-Tech Insight

    Cast a wide net. By sharing your results with as many people as possible within your organization, you’ll not only attract more attention to your working group, but you will also get more feedback and ideas.

    3.2.I Hand off the completed proof-of-concept project plan

    The proof of concept template is filled out – now what?

    • The core working group is responsible for producing a vision of the future and outlining new technology’s disruptive potential. The actual implementation of the proof of concept (purchasing the hardware, negotiating the SLA with the vendor) is beyond the working group’s responsibilities.
    • If the proof of concept goes ahead, the facilitator should block some time to evaluate the completed project against the key performance indicators identified in the initial plan.
    • A cure for airline magazine syndrome: Be prepared when executives ask about new technology. Present them with the results of the shortlist analysis and the proof-of-concept plan. A clear accounting of the value, readiness, strengths, weaknesses, opportunities, and threats posed by each technology, along with its impact on business processes, is an invaluable weapon against poor technology choices.

    Use section 3.2.b to identify the decision-making stakeholder who has the most to gain from a successful proof-of-concept project. Self-interest is a powerful motivator – the project is more likely to succeed in the hands of a passionate champion.

    Info-Tech Insight

    Set a date for the first meeting of the new iteration of the disruptive technology working group before the last meeting is done. Don’t risk pushing it back indefinitely.

    3.2.J Hand off the completed proof-of-concept project plan

    Record the results of the proof of concept. Keep track of what worked and what didn’t.

    Repeat the process regularly.

    • Finalize the proof of concept template, but don’t stop there: Keep your ear to the ground; follow tech developments using the sources identified in step 1.2.
    • Continue expanding the potential longlist with independent research: Be prepared to expand your longlist. Remember, the more technologies you have on the longlist, the more potential airline magazine syndrome cures you have access to.
    • Have the results of the previous session’s proof of concept plan on hand: At the start of each new iteration, conduct a review. What technologies were successful beyond the proof of concept phase? Which parts of the process worked? Which parts did not? How could they be improved?

    Info-Tech Insight

    The key is in anticipation. This is not a one-and-done exercise. Technology innovation operates at a faster pace than ever before, well below the Moores Law "18 month" timeline as an example. Success is in making EDIT a repeatable process.

    Related Info-Tech Research

    Define Your Digital Business Strategy
    After a major crisis, find your place in the digital economy.

    Develop a Project Portfolio Management Strategy
    Drive project throughput by throttling resource capacity.

    Adopt Design Thinking in Your Organization
    Innovation needs design thinking.

    Digital Maturity Improvement Service
    Prepare your organization for digital transformation – or risk falling behind.

    Research contributors and experts

    Nitin Babel

    Nitin Babel, Co-Founder, niki.ai

    Nitin Babel, MSc, co-created conversational commerce platform niki.ai in early 2015. Since then, the technology has been featured on the front page of the Economic Times, and has secured the backing of Ratan Tata, former chairman of the Tata Group, one of the largest companies in the world.

    Mark Hubbard

    Mark Hubbard, Senior Vice President, FirstOnSite

    Mark is the SVP for Information Technology in Canada with FirstOnSite, a full service disaster recovery and property restoration company. Mark has over 25 years of technology leadership guiding global organizations through the development of strategic and tactical plans to strengthen their technology platforms and implement business aligned technology strategies.

    Chris Green

    Chris Green, Enterprise Architect, Boston Private
    Chris is an IT architect with over 15 years’ experience designing, building, and implementing solutions. He is a results-driven leader and contributor, skilled in a broad set of methods, tools, and platforms. He is experienced with mobile, web, enterprise application integration, business process, and data design.

    Andrew Kope

    Andrew Kope, Head of Data Analytics
    Big Blue Bubble
    Andrew Kope, MSc, oversees a team that develops and maintains a user acquisition tracking solution and a real-time metrics dashboard. He also provides actionable recommendations to the executive leadership of Big Blue Bubble – one of Canada’s largest independent mobile game development studios.

    Jason Hong

    Jason Hong, Associate Professor, School of Computer Science, Human-Computer Interaction Institute, Carnegie Mellon University

    Jason Hong is a member of the faculty at Carnegie Mellon’s School of Computer Science. His research focus lies at the intersection of human-computer interaction, privacy and security, and systems. He is a New America National Cyber Security Fellow (2015-2017) and is widely published in academic and industry journals.

    Tim Lalonde

    Tim Lalonde, Vice President, Mid-Range

    Tim Lalonde is the VP of Technical Operations at Mid-Range. He works with leading-edge companies to be more competitive and effective in their industries. He specializes in developing business roadmaps leveraging technology that create and support change from within — with a focus on business process re-engineering, architecture and design, business case development and problem-solving. With over 30 years of experience in IT, Tim’s guiding principle remains simple: See a problem, fix a problem.

    Jon Mavor

    Jon Mavor, Co-Founder and CTO, Envelop VR
    Jon Mavor is a programmer and entrepreneur, whose past work includes writing the graphics engine for the PC game Total Annihilation. As Chief Technology Officer of Envelop VR, a virtual reality start-up focused on software for the enterprise, Jon has overseen the launch of Envelop for Windows’s first public beta.

    Dan Pitt

    Dan Pitt, President, Palo Alto Innovation Advisors
    Dan Pitt is a network architect who has extensive experience in both the academy and industry. Over the course of his career, Dan has served as Executive Director of the Open Networking Foundation, Dean of Engineering at Santa Clara University, Vice President of Technology and Academic Partnerships at Nortel, Vice President of the Architecture Lab at Bay Networks, and, currently, as President of Palo Alto Innovation Advisors, where he advises and serves as an executive for technology start-ups in the Palo Alto area and around the world.

    Courtney Smith

    Courtney Smith, Co-Founder, Executive Creative Director
    PureMatter
    Courtney Smith is an accomplished creative strategist, storyteller, writer, and designer. Under her leadership, PureMatter has earned hundreds of creative awards and been featured in the PRINT International Design Annual. Courtney has juried over 30 creative competitions, including Creativity International. She is an invited member of the Academy of Interactive and Visual Arts.

    Emmanuel Tsekleves

    Emmanuel Tsekleves, Senior Lecturer in Design Interactions, University of Lancaster
    Dr. Emmanuel Tsekleves is a senior lecturer and writer based out of the United Kingdom. Emmanuel designs interactions between people, places, and products by forging creative design methods along with digital technology. His design-led research in the areas of health, ageing, well-being, and defence has generated public interest and attracted media attention by the national press, such as the Daily Mail, Daily Mirror, The Times, the Daily Mail, Discovery News, and several other international online media outlets.

    Bibliography

    Airini Ab Rahman. “Emerging Technologies with Emerging Effects; A Review”. Universiti Teknologi Malaysia. PERINTIS eJournal, June 2017. Web.

    Anthony, Scott. “Kodak’s Downfall Wasn’t About Technology.” Harvard Business Review, 15 July 2016. Web.

    ARM. The Intelligent Flexible Cloud. 26 Feb. 2015. Web.

    Association of Computing Machinery. Communications of the ACM, n.d. Web.

    Barnett, Thomas. “Three Mobile Trends to Watch.” Cisco Blogs, 3 Feb. 2015. Web.

    Batelle, John. “The 70 Percent Solution.” CNN, 1 Dec 2005. Web.

    Booz Allen Hamilton. Managing Technological Change: 7 Ways to Talk Tech with Management, n.d. Web.

    Brynjolfsson, Erik, and Andrew McAfee. The Second Machine Age: Work, Progress, and Prosperity in a Time of Brilliant Technologies. W. W. Norton, 2014. Print.

    Christensen, Clayton M. “What is Disruptive Innovation?” Harvard Business Review, Dec 2015. Web.

    Christensen, Clayton M. and James Euchner. “Managing Disruption: An Interview With Clayton Christensen.” Research-Technology Management, 22 Dec 2015. vol. 54, no. 1. Web.

    Christensen, Clayton M., Rory McDonald, and Elizabeth J. Altman. “Disruptive Innovation: An Intellectual History and Directions for Future Research”. Wiley Online Library. Web.

    Christensen, Clayton M., Taddy Hall, Karen Dillon, and David S. Duncan. “Know Your Customers’ Jobs to be Done.” Harvard Business Review, Sept. 2016. Web.

    Cisco. “Cisco Annual Internet Report.” n.d. Web.

    Cisco. Cisco Visual Networking Index: Forecast and Methodology, 2014-2019, 27 May 2015. Web.

    Clark, Steven. “Elon Musk hopes SpaceX will send humans to Mars in 2024.” Spaceflight Now, 2 June 2016. Web.

    Clarke, Angela. “A practical use of key success factors to improve the effectiveness of project management,” International Journal of Project Management, June 1999 (17): 139-145.

    Collins, Andrew L., Patrick Hester, Barry Ezell, and John Horst. “An improvement selection methodology for key performance indicators.” Environmental Systems and Decisions, June 2016, 36 (2): 196-208.

    Computer Sciences Corporation. CSC Global CIO Survey: 2014-2015: CIOs Emerge as Disruptive Innovators: An Annual Barometer of Global CIOs’ Plans, Priorities, Threats, and Opportunities, 2014. Web.

    Constine, John. “Voice is Chat’s Next Battleground.” TechCrunch, 19 Sept. 2016. Web.

    Cressman, Daryl. “Disruptive Innovation and the Idea of Technology”. Maastricht University, June 2019. Web.

    Crown Prosecution Service. A Guide to Process Mapping and Improvement. n.d. Web.

    Curran, Chris. “The CIO’s Role in the Internet of Things.” PwC, 13 Mar. 2014. Web.

    Darbha, Sheta, Mike Shevenell, and Jason Normandin. “Impact of Software-Defined Networking on Infrastructure Management.” CA Technology Exchange, 4.3, Nov. 2013, pp. 33-43. Web.

    Denecken, Sven. Conquering Disruption Through Digital Transformation: Technologies, Leadership Strategies, and Best Practices to Create Opportunities for Innovation. SAP, 2014. Web.

    DHL Trend Research and Cisco Consulting Services. Internet of Things in Logistics: A Collaborative Report by DHL and Cisco on Implications and Use Cases for the Logistics Industry, 2015. Web.

    Dirican, Cüneyt. “The Impacts of Robotics, Artificial Intelligence on Business and Economics.” Procedia: Social and Behavioral Sciences, vol. 195, 2015, pp. 564-573. Web.

    Edraw Visualization Solutions. Examples of Flowcharts, Org Charts and More. “Cross-Function Flowchart Examples – Service Flowchart.”

    Emerson. Data Center 2025: Exploring the Possibilities, 2014. Web.

    Ericsson. Next-Generation Data Center Infrastructure, Feb. 2015. Web.

    Eurotech. Connecting M2M Applications to the Cloud to Bolster Hardware Sales, 2014. Web.

    Evans Gary, Llewellyn. “Disruptive Technology and the Board: The Tip of the Iceberg”. Economics and Business Review, n.d. Web.

    Evans Gary, Llewellyn. “Disruptive Technology and the Board: The Tip of the Iceberg”. Economics and Business Review, n.d. Web.

    Gage, Deborah. “The Venture Capital Secret: 3 Out of 4 Start-Ups Fail.” Wall Street Journal, 20 Sept. 2012. Web.

    Garvin, David A. “Competing on the Eight Dimensions of Quality.” Harvard Business Review, November 1987. Web.

    Gibbs, Colin. Augmented Reality in the Enterprise: Opportunities and Challenges. Gigaom Research, 26 Jan. 2015. Web.

    Glushko, Robert J. and Tim McGrath. Document Engineering: Analyzing and Designing Documents for Business Informatics and Web Services. MIT Press, 2005.

    Hadfield, Tom. “Facebook’s Messenger Bot Store could be the most important launch since the App Store.” TechCrunch, 17 March 2016. Web.

    Healey, Nic. “Microsoft's mixed reality vision: 80 million devices by 2020.” CNET, 1 June 2016. Web.

    Hewlett-Packard. Go Beyond Cost Reduction: Use Robotic Process Automation, Oct. 2015. Web.

    Hewlett-Packard. HP Composable Infrastructure: Bridging Traditional IT with the New Style of Business, June 2015. Web.

    Hewlett-Packard. HP Labs, n.d. Web.

    Hong, Jason. “Inside the Great Wall.” Communications of the ACM, 25 May 2016. Web.

    IBM Institute for Value. Your Cognitive Future: How Next-Gen Computing Changes the Way We Live and Work, 2015. Web.

    IBM. A New Way to Work: Futurist Insights to 2025 and Beyond, Jan. 2015. Web.

    Infinity. The Evolution of the Data Centre [sic], 2015. Web.

    Intel Corporation. Intel Annual Report, 1997. Web.

    Isaac, Mike. “Facebook Bets on Bots for its Messenger App.” New York Times, 12 April 2016. Web.

    ISACA. COBIT 5: Enabling Processes. ISACA, 2012. Print.

    K-12 Blueprint. “Planning a Proof of Concept.” 2014. Web.

    Kaushik Rukmini, Meenakshi. “The Impact of Pandemic COVID -19 in Workplace.” European Journal of Business Management and Research, May 2020. Web.

    Knight, Will. “Conversational Interfaces Powerful speech technology from China’s leading Internet company makes it much easier to use a smartphone.” MIT Technology Review, n.d. Web.

    Kostoff, Ronald N., Robert Boylan, and Gene R. Simons. “Disruptive Technology Roadmaps.” Technological Forecasting and Social Change, 2004. Vol. 71. Web.

    Kurzweil, Ray. “The Accelerating Power of Technology.” TED, Feb. 2005. Web.

    Kurzweil, Ray. Kurzweil: Accelerating Intelligence, 2015. Web.

    MacFarquhar, Larissa. “When Giants Fall: What Business Has Learned From Clayton Christensen,” New Yorker, 14 May 2012. Web.

    McClintock, Cat. “2016: The Year for Augmented Reality in the Enterprise.” PTC, n.d. Web.

    McKinsey & Company. IT Growth and Global Change: A Conversation with Ray Kurzweil. 29 Feb. 2012, YouTube. Web.

    Messina, Chris. “2016 Will be the Year of Conversational Commerce.” Medium, 19 Jan 2016. Web.

    Microsoft. Microsoft Research, n.d. Web.

    Miller, Ron. “Forget the Apple Watch, Think Drones in the Enterprise.” TechCrunch, 10 Sep. 2015. Web.

    Nokia Networks. FutureWorks [sic]: Teaching Networks to be Self-Aware: Technology Vision 2020. 2014. Web.

    Nokia Networks. Internet of Things. n.d. Web.

    O’Reilly, Charles, and Andrew J. M. Binns, “The Three Stages of Disruptive Innovation: Idea Generation, Incubation, and Scaling”. Sage Journals, n.d. Web.

    Pew Research Center. AI, Robotics, and the Future of Jobs: Experts Envision Automation and Intelligent Digital Agents Permeating Vast Areas of Our Work and Personal Lives by 2025, but they are Divided on Whether these Advances will Displace More Jobs than they Create. Aug. 2014. Web.

    Ramiller, Neil. “Airline Magazine Syndrome: Reading a Myth of Mismanagement.” Information Technology & People, Sept 2001. Print.

    Raymond James & Associates. The Internet of Things: A Study in Hype, Reality, Disruption, and Growth. 2014. Web.

    Richter, Felix. “No Growth in Sight for Global PC Market.” Statista, 14 March 2016. Web.

    Roy, Mekhala. “4 Examples of Digital Transformation Success in Business”. TechTarget, n.d. Web.

    Simon Weinreich, “How to Manage Disruptive Innovation - a conceptional methodology for value-oriented portfolio planning,” Sciencedirect. 31st CIRP Design Conference 2021.

    Spice Works. The Devices are Coming! How the “Internet of Things” will affect IT… and why resistance is futile. May 2014. Web.

    Spradlin, Dwayne. “Are You Solving the Right Problem?” Harvard Business Review, Sept. 2012. Web.

    Statista. “Number of smartphones sold to end users worldwide from 2007 to 2015 (in million units).” N.d. Web.

    Statista. “Worldwide tablet shipments from 2nd quarter 2010 to 2nd quarter 2016 (in million units).” N.d. Web.

    Sven Schimpf, “Disruptive Field Study; How Companies Identify, Evaluate, Develop and Implement Disruptive Technologies.” Fraunhofer Group for Innovation Research, 2020. Web.

    Tsekleves, Emmanuel. “Science fiction as fact: how desires drive discoveries.” The Guardian. 13 Aug. 2015. Web.

    Tsekleves, Emmanuel. “Science fiction as fact: how desires drive discoveries.” The Guardian, 13 Aug. 2015. Web.

    United States Department of Transportation. “National Motor Vehicle Crash Causation Survey: Report to Congress.” National Highway Traffic Safety Administration, July 2008. Web.

    United States Department of Transportation. “National Motor Vehicle Crash Causation Survey: Report to Congress.” National Highway Traffic Safety Administration, July 2008. Web.

    University Alliance (Villanova U). Managing Scope Creep in Project Management. N.d. Web.

    Vavoula, Giasemi N., and Mike Sharples. “Future Technology Workshop: A Collaborative Method for the Design of New Learning Technologies and Activities.” International Journal of Computer Supported Collaborative Learning, Dec 2007. Vol. 2 no. 4. Web.

    Walraven Pieter. “It’s Operating Systems Vs. Messaging Apps In The Battle For Tech’s Next Frontier.” TechCrunch, 11 Aug 2015. Web.

    Webb, Amy. “The Tech Trends You Can’t Ignore in 2015.” Harvard Business Review, 5 Jan. 2015. Web.

    Wenger, Albert. “The Great Bot Rush of 2015-16.” Continuations, 16 Dec 2015. Web.

    White, Chris. “IoT Tipping Point Propels Digital Experience Era.” Cisco Blogs, 12 Nov. 2014. Web.

    World Economic Forum and Accenture. Industrial Internet of Things: Unleashing the Potential of Connected Products and Services. 2015. Web.

    Yu Dan and Hang Chang Chieh, "A reflective review of disruptive innovation theory," PICMET '08 - 2008 Portland International Conference on Management of Engineering & Technology, 2008, pp. 402-414, doi: 10.1109/PICMET.2008.4599648.

    Industry-Specific Digital Transformation

    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Infographic

    IT Management and Policies

    • Buy Link or Shortcode: {j2store}23|cart{/j2store}
    • Related Products: {j2store}23|crosssells{/j2store}
    • InfoTech Academy Title: IT management and policies videos
    • InfoTech Academy Excerpt: More videos are available once you join. Contact us for more information.
    • Teaser Video: Visit Website
    • Teaser Video Title: Policies Academy Overview
    • member rating overall impact: 9.5/10
    • member rating average dollars saved: $23101
    • member rating average days saved: 11
    • Parent Category Name: Strategy and Governance
    • InfotechAcademy-Executivebrief: Visit Website
    • Parent Category Link: /strategy-and-governance
    • byline: Review and improve on your IT Policy Library.
    Create policies that matter most to your organization.

    Management, policy, policies

    Stabilize Release and Deployment Management

    • Buy Link or Shortcode: {j2store}453|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $38,699 Average $ Saved
    • member rating average days saved: 37 Average Days Saved
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management

    Lack of control over the release process, poor collaboration between teams, and manual deployments lead to poor quality releases at a cost to the business.

    Our Advice

    Critical Insight

    • Manage risk. Release management should stabilize the IT environment. A poorly designed release can take down the whole business. Rushing releases out the door leads to increased risk for the business.
    • Quality processes are key. Standardized process will enable your release and deployment management teams to have a framework to deploy new releases with minimal chance of costly downtime further down the production chain.
    • Business must own the process. Release managers need oversight of the business to remain good stewards of the release management process.

    Impact and Result

    • Be prepared with a release management policy. With vulnerabilities discovered and published at an alarming pace, organizations have to build a plan to address and fix them quickly. A detailed release and patch policy should map out all the logistics of the deployment in advance, so that when necessary, teams can handle rollouts like a well-oiled machine.
    • Automate your software deployment and patch management strategy. Replace tedious and time-consuming manual processes with the use of automated release and patch management tools. Some organizations have a variety of release tools for various tasks and processes to ensure all or most of the required processes are covered across a diverse development environment.
    • Test deployments and monitor your releases. Larger organizations may have the luxury of a test environment prior to deployment, but that may be cost prohibitive for smaller organizations. If resources are a constraint, roll out the patch gradually and closely monitor performance to be able to quickly revert in the event of an issue.

    Stabilize Release and Deployment Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should control and stabilize your release and deployment management practice while improving the quality of releases and deployments, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Analyze current state

    Begin improving release management by assessing the current state and gaining a solid understanding of how core operational processes are actually functioning within the organization.

    • Stabilize Release and Deployment Management – Phase 1: Analyze Current State
    • Release Management Maturity Assessment
    • Release Management Project Roadmap Tool
    • Release Management Workflow Library (Visio)
    • Release Management Workflow Library (PDF)
    • Release Management Standard Operating Procedure
    • Patch Management Policy
    • Release Management Policy
    • Release Management Deployment Tracker
    • Release Management Build Procedure Template

    2. Plan releases and deployments

    Plan releases to gather all the pieces in one place and define what, why, when, and how a release will happen.

    • Stabilize Release and Deployment Management – Phase 2: Release and Deployment Planning

    3. Build, test, deploy

    Take a holistic and comprehensive approach to effectively designing and building releases. Get everything right the first time.

    • Stabilize Release and Deployment Management – Phase 3: Build, Test, Deploy

    4. Measure, manage, improve

    Determine desired goals for release management to ensure both IT and the business see the benefits of implementation.

    • Stabilize Release and Deployment Management – Phase 4: Measure, Manage, Improve
    [infographic]

    Workshop: Stabilize Release and Deployment Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Analyze Current State

    The Purpose

    Release management improvement begins with assessment of the current state.

    Key Benefits Achieved

    A solid understanding of how core operational processes are actually functioning within the organization.

    Activities

    1.1 Evaluate process maturity.

    1.2 Assess release management challenges.

    1.3 Define roles and responsibilities.

    1.4 Review and rightsize existing policy suite.

    Outputs

    Maturity Assessment

    Release Management Policy

    Release Management Standard Operating Procedure

    Patch Management Policy

    2 Release Management Planning

    The Purpose

    In simple terms, release planning puts all the pertinent pieces in one place.

    Key Benefits Achieved

    It defines the what, why, when, and how a release will happen.

    Activities

    2.1 Design target state release planning process.

    2.2 Define, bundle, and categorize releases.

    2.3 Standardize deployment plans and models.

    Outputs

    Release Planning Workflow

    Categorization and prioritization schemes

    Deployment models aligned to release types

    3 Build, Test, and Deploy

    The Purpose

    Take a holistic and comprehensive approach to effectively designing and building releases.

    Key Benefits Achieved

    Standardize build and test procedures to begin to drive consistency.

    Activities

    3.1 Standardize build procedures for deployments.

    3.2 Standardize test plans aligned to release types.

    Outputs

    Build procedure for hardware and software releases

    Test models aligned to deployment models

    4 Measure, Manage, and Improve

    The Purpose

    Determine and define the desired goals for release management as a whole.

    Key Benefits Achieved

    Agree to key metrics and success criteria to start tracking progress and establish a post-deployment review process to promote continual improvement.

    Activities

    4.1 Determine key metrics to track progress.

    4.2 Establish a post-deployment review process.

    4.3 Understand and define continual improvement drivers.

    Outputs

    List of metrics and goals

    Post-deployment validation checklist

    Project roadmap

    Design Data-as-a-Service

    • Buy Link or Shortcode: {j2store}129|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $1,007 Average $ Saved
    • member rating average days saved: 31 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Lack of a consistent approach in accessing internal and external data within the organization and sharing data with third parties.
    • Data consumed by most organizations lacks proper data quality, data certification, standards tractability, and lineage.
    • Organizations are looking for guidance in terms of readily accessible data from others and data that can be shared with others or monetized.

    Our Advice

    Critical Insight

    • Despite data being everywhere, most organizations struggle to find accurate, trustworthy, and meaningful data when required.
    • Connecting to data should be as easy as connecting to the internet. This is achievable if all organizations start participating in the data marketplace ecosystem by leveraging a Data-as-a-Service (DaaS) framework.

    Impact and Result

    • Data marketplaces facilitate data sharing between the data producer and the data consumer. The data product must be carefully designed to truly benefit in today’s connected data ecosystem.
    • Follow Info-Tech’s step-by-step approach to establish your DaaS framework:
      1. Understand Data Ecosystem
      2. Design Data Products
      3. Establish DaaS framework

    Design Data-as-a-Service Research & Tools

    Start here – Read the Executive Brief

    Read our concise Executive Brief to find out why you should design Data-as-a-Service (DaaS), review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand data ecosystem

    Provide clear benefits of adopting the DaaS framework and solid rationale for moving towards a more connected data ecosystem and avoiding data silos.

    • Design Data-as-a-Service – Phase 1: Understand Data Ecosystem

    2. Design data product

    Leverage design thinking methodology and templates to document your most important data products.

    • Design Data-as-a-Service – Phase 2: Design Data Product

    3. Establish a DaaS framework

    Capture internal and external data sources critical to data products success for the organization and document an end-to-end DaaS framework.

    • Design Data-as-a-Service – Phase 3: Establish a DaaS Framework
    [infographic]

    Workshop: Design Data-as-a-Service

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Data Marketplace and DaaS Explained

    The Purpose

    The purpose of this module is to provide a clear understanding of the key concepts such as data marketplace, data sharing, and data products.

    Key Benefits Achieved

    This module will provide clear benefits of adopting the DaaS framework and solid rationale for moving towards a more connected data ecosystem and avoiding data silos.

    Activities

    1.1 Review the business context

    1.2 Understand the data ecosystem

    1.3 Draft products ideas and use cases

    1.4 Capture data product metrics

    Outputs

    Data product ideas

    Data sharing use cases

    Data product metrics

    2 Design Data Product

    The Purpose

    The purpose of this module is to leverage design thinking methodology and templates to document the most important data products.

    Key Benefits Achieved

    Data products design that incorporates end-to-end customer journey and stakeholder map.

    Activities

    2.1 Create a stakeholder map

    2.2 Establish a persona

    2.3 Data consumer journey map

    2.4 Document data product design

    Outputs

    Data product design

    3 Assess Data Sources

    The Purpose

    The purpose of this module is to capture internal and external data sources critical to data product success.

    Key Benefits Achieved

    Break down silos by integrating internal and external data sources

    Activities

    3.1 Review the conceptual data model

    3.2 Map internal and external data sources

    3.3 Document data sources

    Outputs

    Internal and external data sources relationship map

    4 Establish a DaaS Framework

    The Purpose

    The purpose of this module is to document end-to-end DaaS framework.

    Key Benefits Achieved

    End-to-end framework that breaks down silos and enables data product that can be exchanged for long-term success.

    Activities

    4.1 Design target state DaaS framework

    4.2 Document DaaS framework

    4.3 Assess the gaps between current and target environments

    4.4 Brainstorm initiatives to develop DaaS capabilities

    Outputs

    Target DaaS framework

    DaaS initiative

    Enterprise Architecture Trends

    • Buy Link or Shortcode: {j2store}584|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model
    • The digital transformation journey brings business and technology increasingly closer.
    • Because the two become more and more intertwined, the role of the enterprise architecture increases in importance, aligning the two in providing additional efficiencies.
    • The current need for an accelerated digital transformation elevates the importance of enterprise architecture.

    Our Advice

    Critical Insight

    • Enterprise architecture is impacted and has an increasing role in the following areas:
      • Business agility
      • Security
      • Innovation
      • Collaborative EA
      • Tools and automation

    Impact and Result

    EA’s role in brokering and negotiating overlapping areas can lead to the creation of additional efficiencies at the enterprise level.

    Enterprise Architecture Trends Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Enterprise Architecture Trends Deck – A trend report to support executives as they digitally transform the enterprise.

    In an accelerated path to digitization, the increasingly important role of enterprise architecture is one of collaboration across siloes, inside and outside the enterprise, in a configurable way that allows for quick adjustment to new threats and conditions, while embracing unprecedented opportunities to scale, stimulating innovation, in order to increase the organization’s competitive advantage.

    • Enterprise Architecture Trends Report

    Infographic

    Further reading

    Enterprise Architecture Trends

    Supporting Executives to Digitally Transform the Enterprise

    Analyst Perspective

    Enterprise architecture, seen as the glue of the organization, aligns business goals with all the other aspects of the organization, providing additional effectiveness and efficiencies while also providing guardrails for safety.

    In an accelerated path to digitization, the increasingly important role of enterprise architecture (EA) is one of collaboration across siloes, inside and outside the enterprise, in a configurable way that allows for quick adjustment to new threats and conditions while embracing unprecedented opportunities to scale, stimulating innovation to increase the organization’s competitive advantage.

    Photo of Milena Litoiu, Principal/Senior Director, Enterprise Architecture, Info-Tech Research Group.

    Milena Litoiu
    Principal/Senior Director, Enterprise Architecture
    Info-Tech Research Group

    Accelerated digital transformation elevates the importance of EA

    The Digital transformation journey brings Business and technology increasingly closer.

    Because the two become more and more intertwined, the role OF Enterprise Architecture increases in importance, aligning the two in providing additional efficiencies.

    THE Current need for an accelerated Digital transformation elevates the importance of Enterprise Architecture.

    More than 70% of organizations revamp their enterprise architecture programs. (Info-Tech Tech Trends 2022 Survey)

    Most organizations still see a significant gap between the business and IT.

    Enterprise Architecture (EA) is impacted and has an increasing role in the following areas

    Accelerated Digital Transformation

    • Business agility Business agility, needed more that ever, increases reliance on enterprise strategies.
      EA creates alignment between business and IT to improve business nimbleness.
    • Security More sophisticated attacks require more EA coordination.
      EA helps adjust to the increasing sophistication of external threats. Partnering with the CISO office to develop strategies to protect the enterprise becomes a prerequisite for survival.
    • Innovation EA's role in an innovation increases synergies at the enterprise level.
      EA plays an increasingly stronger role in innovation, from business endeavors to technology, across business units, etc.
    • Collaborative EA Collaborative EA requires new ways of working.
      Enterprise collaboration gains new meaning, replacing stiff governance.
    • Tools & automation Tools-based automation becomes increasingly common.
      Tools support as well as new artificial intelligence or machine- learning- powered approaches help achieve tools-assisted coordination across viewpoints and teams.

    Info-Tech Insight

    EA's role in brokering and negotiating overlapping areas can lead to the creation of additional efficiencies at the enterprise level.

    EA Enabling Business Agility

    Trend 01 — Business Agility is needed more than ever and THIS increases reliance on enterprise Strategies. to achieve nimbleness, organizations need to adapt timely to changes in the environment.

    Approaches:
    A plethora of approaches are needed (e.g. architecture modularity, data integration, AI/ML) in addition to other Agile/iterative approaches for the entire organization.

    Quality Management

    • Buy Link or Shortcode: {j2store}45|cart{/j2store}
    • Related Products: {j2store}45|crosssells{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Planning and Architecture
    • Parent Category Link: /service-planning-and-architecture
    • byline: Be proactive; it costs exponentially more to fix a problem the longer it goes unnoticed.
    Drive efficiency and agility with right-sized quality management

    Combine Security Risk Management Components Into One Program

    • Buy Link or Shortcode: {j2store}376|cart{/j2store}
    • member rating overall impact: 9.1/10 Overall Impact
    • member rating average dollars saved: $37,798 Average $ Saved
    • member rating average days saved: 32 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Companies are aware of the need to discuss and assess risk, but many struggle to do so in a systematic and repeatable way.
    • Rarely are security risks analyzed in a consistent manner, let alone in a systematic and repeatable method to determine project risk as well as overall organizational risk exposure.

    Our Advice

    Critical Insight

    • The best security programs are built upon defensible risk management. With an appropriate risk management program in place, you can ensure that security decisions are made strategically instead of based on frameworks and gut feelings. This will optimize any security planning and budgeting.
    • All risks can be quantified. Security, compliance, legal, or other risks can be quantified using our methodology.

    Impact and Result

    • Develop a security risk management program to create a standardized methodology for assessing and managing the risk that information systems face.
    • Build a risk governance structure that makes it clear how security risks can be escalated within the organization and who makes the final decision on certain risks.
    • Use Info-Tech’s risk assessment methodology to quantifiably evaluate the threat severity for any new or existing project or initiative.
    • Tie together all aspects of your risk management program, including your information security risk tolerance level, threat and risk assessments, and mitigation effectiveness models.

    Combine Security Risk Management Components Into One Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop and implement a security risk management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish the risk environment

    Lay down the foundations for security risk management, including roles and responsibilities and a defined risk tolerance level.

    • Combine Security Risk Management Components Into One Program – Phase 1: Establish the Risk Environment
    • Security Risk Governance Responsibilities and RACI Template
    • Risk Tolerance Determination Tool
    • Risk Weighting Determination Tool

    2. Conduct threat and risk assessments

    Define frequency and impact rankings then assess the risk of your project.

    • Combine Security Risk Management Components Into One Program – Phase 2: Conduct Threat and Risk Assessments
    • Threat and Risk Assessment Process Template
    • Threat and Risk Assessment Tool

    3. Build the security risk register

    Catalog an inventory of individual risks to create an overall risk profile.

    • Combine Security Risk Management Components Into One Program – Phase 3: Build the Security Risk Register
    • Security Risk Register Tool

    4. Communicate the risk management program

    Communicate the risk-based conclusions and leverage these in security decision making.

    • Combine Security Risk Management Components Into One Program – Phase 4: Communicate the Risk Management Program
    • Security Risk Management Presentation Template
    • Security Risk Management Summary Template
    [infographic]

    Workshop: Combine Security Risk Management Components Into One Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish the Risk Environment

    The Purpose

    Build the foundation needed for a security risk management program.

    Define roles and responsibilities of the risk executive.

    Define an information security risk tolerance level.

    Key Benefits Achieved

    Clearly defined roles and responsibilities.

    Defined risk tolerance level.

    Activities

    1.1 Define the security executive function RACI chart.

    1.2 Assess business context for security risk management.

    1.3 Standardize risk terminology assumptions.

    1.4 Conduct preliminary evaluation of risk scenarios to determine your risk tolerance level.

    1.5 Decide on a custom risk factor weighting.

    1.6 Finalize the risk tolerance level.

    1.7 Begin threat and risk assessment.

    Outputs

    Defined risk executive functions

    Risk governance RACI chart

    Defined quantified risk tolerance and risk factor weightings

    2 Conduct Threat and Risk Assessments

    The Purpose

    Determine when and how to conduct threat and risk assessments (TRAs).

    Complete one or two TRAs, as time permits during the workshop.

    Key Benefits Achieved

    Developed process for how to conduct threat and risk assessments.

    Deep risk analysis for one or two IT projects/initiatives.

    Activities

    2.1 Determine when to initiate a risk assessment.

    2.2 Review appropriate data classification scheme.

    2.3 Identify system elements and perform data discovery.

    2.4 Map data types to the elements.

    2.5 Identify STRIDE threats and assess risk factors.

    2.6 Determine risk actions taking place and assign countermeasures.

    2.7 Calculate mitigated risk severity based on actions.

    2.8 If necessary, revisit risk tolerance.

    2.9 Document threat and risk assessment methodology.

    Outputs

    Define scope of system elements and data within assessment

    Mapping of data to different system elements

    Threat identification and associated risk severity

    Defined risk actions to take place in threat and risk assessment process

    3 Continue to Conduct Threat and Risk Assessments

    The Purpose

    Complete one or two TRAs, as time permits during the workshop.

    Key Benefits Achieved

    Deep risk analysis for one or two IT projects/initiatives, as time permits.

    Activities

    3.1 Continue threat and risk assessment activities.

    3.2 As time permits, one to two threat and risk assessment activities will be performed as part of the workshop.

    3.3 Review risk assessment results and compare to risk tolerance level.

    Outputs

    One to two threat and risk assessment activities performed

    Validation of the risk tolerance level

    4 Establish a Risk Register and Communicate Risk

    The Purpose

    Collect, analyze, and aggregate all individual risks into the security risk register.

    Plan for the future of risk management.

    Key Benefits Achieved

    Established risk register to provide overview of the organizational aggregate risk profile.

    Ability to communicate risk to other stakeholders as needed.

    Activities

    4.1 Begin building a risk register.

    4.2 Identify individual risks and threats that exist in the organization.

    4.3 Decide risk responses, depending on the risk level as it relates to the risk tolerance.

    4.4 If necessary, revisit risk tolerance.

    4.5 Identify which stakeholders sign off on each risk.

    4.6 Plan for the future of risk management.

    4.7 Determine how to present risk to senior management.

    Outputs

    Risk register, with an inventory of risks and a macro view of the organization’s risk

    Defined risk-based initiatives to complete

    Plan for securing and managing the risk register

    Demystify Oracle Licensing and Optimize Spend

    • Buy Link or Shortcode: {j2store}136|cart{/j2store}
    • member rating overall impact: 9.9/10 Overall Impact
    • member rating average dollars saved: $85,754 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • License keys are not needed with optional features accessible upon install. Conducting quarterly checks of the Oracle environment is critical because if products or features are installed, even if they are not actively in use, it constitutes use by Oracle and requires a license.
    • Ambiguous license models and definitions abound: terminology and licensing rules can be vague, making it difficult to purchase licensing even with the best of intentions to keep compliant.
    • Oracle has aggressively started to force new Oracle License and Service Agreements (OLSA) on customers that slightly modify language and remove pre-existing allowances to tilt the contract terms in Oracle's favor.

    Our Advice

    Critical Insight

    • Focus on needs first. Conduct a thorough requirements assessment and document the results. Well-documented license needs will be your core asset in navigating Oracle licensing and negotiating your agreement.
    • Communicate effectively. Be aware that Oracle will reach out to employees at your organization at various levels. Having your executives on the same page will help send a strong message.
    • Manage the relationship. If Oracle is managing you, there is a high probability you are over paying or providing information that may result in an audit.

    Impact and Result

    • Conducting business with Oracle is not typical compared to other vendors. To emerge successfully from a commercial transaction with Oracle, customers must learn the "Oracle way" of conducting business, which includes a best-in-class sales structure, highly unique contracts and license use policies, and a hyper-aggressive compliance function.
    • Map out the process of how to negotiate from a position of strength, examining terms and conditions, discount percentages, and agreement pitfalls.
    • Develop a strategy that leverages and utilizes an experienced Oracle DBA to gather accurate information, and then optimizes it to mitigate and meet the top challenges.

    Demystify Oracle Licensing and Optimize Spend Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you need to understand and document your Oracle licensing strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish licensing requirements

    Begin your proactive Oracle licensing journey by understanding which information to gather and assessing the current state and gaps.

    • Demystify Oracle Licensing and Optimize Spend – Phase 1: Establish Licensing Requirements
    • Oracle Licensing Purchase Reference Guide
    • Oracle Database Inventory Tool
    • Effective Licensing Position Tool
    • RASCI Chart

    2. Evaluate licensing options

    Review current licensing models and determine which licensing models will most appropriately fit your environment.

    • Demystify Oracle Licensing and Optimize Spend – Phase 2: Evaluate Licensing Options

    3. Evaluate agreement options

    Review Oracle’s contract types and assess which best fit the organization’s licensing needs.

    • Demystify Oracle Licensing and Optimize Spend – Phase 3: Evaluate Agreement Options
    • Oracle TCO Calculator

    4. Purchase and manage licenses

    Conduct negotiations, purchase licensing, and finalize a licensing management strategy.

    • Demystify Oracle Licensing and Optimize Spend – Phase 4: Purchase and Manage Licenses
    • Oracle Terms & Conditions Evaluation Tool
    • Controlled Vendor Communications Letter
    • Vendor Communication Management Plan
    [infographic]

    Workshop: Demystify Oracle Licensing and Optimize Spend

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Licensing Requirements

    The Purpose

    Assess current state and align goals; review business feedback

    Interview key stakeholders to define business objectives and drivers

    Key Benefits Achieved

    Have a baseline for requirements

    Assess the current state

    Determine licensing position

    Examine cloud options

    Activities

    1.1 Gather software licensing data

    1.2 Conduct a software inventory

    1.3 Perform manual checks

    1.4 Reconcile licenses

    1.5 Create your Oracle licensing team

    1.6 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Copy of your Oracle License Statement

    Software inventory report from software asset management (SAM) tool

    Oracle Database Inventory Tool

    RASCI Chart

    Oracle Licensing Effective License Position (ELP) Template

    Oracle Licensing Purchase Reference Guide

    2 Evaluate Licensing Options

    The Purpose

    Review licensing options

    Review licensing rules

    Key Benefits Achieved

    Understand how licensing works

    Determine if you need software assurance

    Discuss licensing rules, application to current environment.

    Examine cloud licensing

    Understand the importance of documenting changes

    Meet with desktop product owners to determine product strategies

    Activities

    2.1 Review full, limited, restricted, and AST use licenses

    2.2 Calculate license costs

    2.3 Determine which database platform to use

    2.4 Evaluate moving to the cloud

    2.5 Examine disaster recovery strategies

    2.6 Understand purchasing support

    2.7 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Oracle TCO Calculator

    Oracle Licensing Purchase Reference Guide

    3 Evaluate Agreement Options

    The Purpose

    Review contract option types

    Review vendors

    Key Benefits Achieved

    Understand why a type of contract is best for you

    Determine if ULA or term agreement is best

    The benefits of other types and when you should change

    Activities

    3.1 Prepare to sign or renew your ULA

    3.2 Decide on an agreement type that nets the maximum benefit

    Outputs

    Type of contract to be used

    Oracle TCO Calculator

    Oracle Licensing Purchase Reference Guide

    4 Purchase and Manage Licenses

    The Purpose

    Finalize the contract

    Prepare negotiation points

    Discuss license management

    Evaluate and develop a roadmap for future licensing

    Key Benefits Achieved

    Negotiation strategies

    Licensing management

    Introduction of SAM

    Leverage the work done on Oracle licensing to get started on SAM

    Activities

    4.1 Control the flow of communication terms and conditions

    4.2 Use Info-Tech’s readiness assessment in preparation for the audit

    4.3 Assign the right people to manage the environment

    4.4 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Controlled Vendor Communications Letter

    Vendor Communication Management Plan

    Oracle Terms & Conditions Evaluation Tool

    RASCI Chart

    Oracle Licensing Purchase Reference Guide

    Secure IT-OT Convergence

    • Buy Link or Shortcode: {j2store}382|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $10,499 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations

    IT and OT are both very different complex systems. However, significant benefits have driven OT to be converged to IT. This results in IT security leaders, OT leaders and their teams' facing challenges in:

    • Governing and managing IT and OT security and accountabilities.
    • Converging security architecture and controls between IT and OT environments.
    • Compliance with regulations and standards.
    • Metrics for OT security effectiveness and efficiency.

    Our Advice

    Critical Insight

    • Returning to isolated OT is not beneficial for the organization, therefore IT and OT need to learn to collaborate starting with communication to build trust and to overcome differences between IT and OT. Next, negotiation is needed on components such as governance and management, security controls on OT environments, compliance with regulations and standards, and metrics for OT security.
    • Most OT incidents start with attacks against IT networks and then move laterally into the OT environment. Therefore, converging IT and OT security will help protect the entire organization.
    • OT interfaces with the physical world while IT system concerns more on cyber world. Thus, the two systems have different properties. The challenge is how to create strategic collaboration between IT-OT based on negotiation and this needs top-down support.

    Impact and Result

    Info-Tech’s approach in preparing for IT/OT convergence in the planning phase is coordination and collaboration of IT and OT to

    • initiate communication to define roles and responsibilities.
    • establish governance and build cross-functional team.
    • identify convergence components and compliance obligations.
    • assess readiness.

    Secure IT/OT Convergence Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Secure IT/OT Convergence Storyboard – A step-by-step document that walks you through how to secure IT-OT convergence.

    Info-Tech provides a three-phase framework of secure IT/OT convergence, namely Plan, Enhance, and Monitor & Optimize. The essential steps in Plan are to:

  • Initiate communication to define roles and responsibilities.
  • Establish governance and build a cross-functional team.
  • Identify convergence components and compliance obligations.
  • Assess readiness.

    • Secure IT/OT Convergence Storyboard

    2. Secure IT/OT Convergence Requirements Gathering Tool – A tool to map organizational goals to secure IT-OT goals.

    This tool serves as a repository for information about the organization, compliance, and other factors that will influence your IT/OT convergence.

    • Secure IT/OT Convergence Requirements Gathering Tool

    3. Secure IT/OT Convergence RACI Chart Tool – A tool to identify and understand the owners of various IT/OT convergence across the organization.

    A critical step in secure IT/OT convergence is populating a RACI (Responsible, Accountable, Consulted, and Informed) chart. The chart assists you in organizing roles for carrying out convergence steps and ensures that there are definite roles that different individuals in the organization must have. Complete this tool to assign tasks to suitable roles.

    • Secure IT/OT Convergence RACI Chart Tool
    [infographic]

    Further reading

    Secure IT/OT Convergence

    Create a holistic IT/OT security culture.

    Analyst Perspective

    Are you ready for secure IT/OT convergence?

    IT/OT convergence is less of a convergence and more of a migration. The previously entirely separate OT ecosystem is migrating into the IT ecosystem, primarily to improve access via connectivity and to leverage other standard IT capabilities for economic benefit.

    In the past, OT systems were engineered to be air gapped, relying on physical protection and with little or no security in design, (e.g. OT protocols without confidentiality properties). However, now, OT has become dependent on the IT capabilities of the organization, thus OT inherits IT’s security issues, that is, OT is becoming more vulnerable to attack from outside the system. IT/OT convergence is complex because the culture, policies, and rules of IT are quite foreign to OT processes such as change management, and the culture, policies, and rules of OT are likewise foreign to IT processes.

    A secure IT/OT convergence can be conceived of as a negotiation of a strong treaty between two systems: IT and OT. The essential initial step is to begin with communication between IT and OT, followed by necessary components such as governing and managing OT security priorities and accountabilities, converging security controls between IT and OT environments, assuring compliance with regulations and standards, and establishing metrics for OT security.

    Photo of Ida Siahaan, Research Director, Security and Privacy Practice, Info-Tech Research Group. Ida Siahaan
    Research Director, Security and Privacy Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    IT and OT are both very different complex systems. However, significant benefits have driven OT to converge with IT. This results in IT security leaders, OT leaders, and their teams facing challenges with:

    • Governing and managing IT and OT security and accountabilities.
    • Converging security architecture and controls between IT and OT environments.
    • Compliance with regulations and standards.
    • Metrics for OT security effectiveness and efficiency.
    		 Common Obstacles
    • IT/OT network segmentation and remote access issues, as most OT incidents indicate that the attackers gained access through the IT network, followed by infiltration into OT networks.
    • OT proprietary devices and unsecure protocols use outdated systems which may be insecure by design.
    • Different requirements of OT and IT security – i.e. IT (confidentiality, integrity, and availability) vs. OT (safety, reliability, and availability).
    		 Info-Tech’s Approach

    Info-Tech’s approach in preparing for IT/OT convergence (i.e. the Plan phase) is coordination and collaboration of IT and OT to:

    • Initiate communication to define roles and responsibilities.
    • Establish governance and build a cross-functional team.
    • Identify convergence components and compliance obligations.
    • Assess readiness.

    Info-Tech Insight

    Returning to isolated OT is not beneficial for the organization, so IT and OT need to learn to collaborate, starting with communication to build trust and to overcome their differences. Next, negotiation is needed on components such as governance and management, security controls on OT environments, compliance with regulations and standards, and establishing metrics for OT security.

    Consequences of unsecure IT/OT convergence

    OT systems were built with no or little security design

    90% of organizations that use OT experienced a security incident. (Fortinet, 2021. Ponemon, 2019.)

    		Bar graph comparing three years, 2019-2021, of four different OT security incidents: 'Ransomeware', 'Insider breaches', 'Phishing', and 'Malware'.
    (Source: Fortinet, 2021.)     		Lack of visibility

    86% of OT security-related service engagements lack complete visibility of OT network in 2021 (90% in 2020, 81% in 2019). (Source: “Cybersecurity Year In Review” Dragos, 2022.)

    The need for secure IT/OT convergence

    Important Industrial Control System (ICS) cyber incidents

    2000
    Target: Australian sewage plant. Method: Insider attack. Impact: 265,000 gallons of untreated sewage released.     		2012
    Target: Middle East energy companies. Method: Shamoon. Impact: Overwritten Windows-based systems files.     		2014
    Target: German Steel Mill. Method: Spear-phishing. Impact: Blast furnace failed to shut down.     		2017
    Target: Middle East safety instrumented system (SIS). Method: TRISIS/TRITON. Impact: Modified SIS ladder logic.     		2022
    Target: Viasat’s KA-SAT network. Method: AcidRain. Impact: Significant loss of communication for the Ukrainian military, which relied on Viasat’s services.
    Timeline of Important Industrial Control System (ICS) cyber incidents.
    1903
    Target: Marconi wireless telegraph presentation. Method: Morse code. Impact: Fake message sent “Rats, rats, rats, rats. There was a young fellow of Italy, Who diddled the public quite prettily.”     		2010
    Target: Iranian uranium enrichment plant. Method: Stuxnet. Impact: Compromised programmable logic controllers (PLCs).     		2013
    Target: ICS supply chain. Method: Havex. Impact: Remote Access Trojan (RAT) collected information and uploaded data to command-and-control (C&C) servers     		2016
    Target: Ukrainian power grid. Method: BlackEnergy. Impact: For 1-6 hours, power outages for 230,000 consumers.     		2021
    Target: Colonial Pipeline. Method: DarkSide ransomware. Impact: Compromised billing infrastructure halted the pipeline operation.

    (Source: US Department of Energy, 2018.


    ”Significant Cyber Incidents,” CSIS, 2022


    MIT Technology Review, 2022.)

    Info-Tech Insight

    Most OT incidents start with attacks against IT networks and then move laterally into the OT environment. Therefore, converging IT and OT security will help protect the entire organization.

    Case Study

    Horizon Power     		Logo for Horizon Power.
    INDUSTRY
    Utilities
    SOURCE
    Interview

    Horizon Power is the regional power provider in Western Australia and stands out as a leader not only in the innovative delivery of sustainable power, but also in digital transformation. Horizon Power is quite mature in distributed energy resource management; moving away from centralized generation to decentralized, community-led generation, which reflects in its maturity in converging IT and OT.

    Horizon Power’s IT/OT convergence journey started over six years ago when advanced metering infrastructure (AMI) was installed across its entire service area – an area covering more than one quarter of the Australian continent.

    In these early days of the journey, the focus was on leveraging matured IT approaches such as adoption of cloud services to the OT environment, rather than converging the two. Many years later, Horizon Power has enabled OT data to be more accessible to derive business benefits such as customer usage data using data analytics with the objective of improving the collection and management of the OT data to improve business performance and decision making.

    The IT/OT convergence meets legislation such as the Australian Energy Sector Cyber Security Framework (AESCSF), which has impacts on the architectural layer of cybersecurity that support delivery of the site services.

    		Results

    The lessons learned in converging IT and OT from Horizon Power were:

    • Start with forming relationships to build trust and overcome any divide between IT and OT.
    • Collaborate with IT and OT teams to successfully implement solutions, such as vulnerability management and discovery tools for OT assets.
    • Switch the focus from confidentiality and integrity to availability in solutions evaluation
    • Develop training and awareness programs for all levels of the organization.
    • Actively encourage visible sponsorship across management by providing regular updates and consistent messaging.
    • Monitor cybersecurity metrics such as vulnerabilities, mean time to treat vulnerabilities, and intrusion attempts.
    • Manage third-party vendors using a platform which not only performs external monitoring but provides third-party vendors with visibility or potential threats in their organization.

    The Secure IT/OT Convergence Framework

    IT/OT convergence is less of a convergence and more of a migration. The previously entirely separate OT ecosystem is migrating onto the IT ecosystem, to improve access via the internet and to leverage other standard IT capabilities. However, IT and OT are historically very different, and without careful calculation, simply connecting the two systems will result in a problem. Therefore, IT and OT need to learn to live together starting with communication to build trust and to overcome differences between IT and OT.
    Convergence Elements
    • Process convergence
    • Software and data convergence
    • Network and infrastructure convergence
    		 Target Groups
    • OT leader and teams
    • IT leader and teams
    • Security leader and teams
    		 Security Components
    • Governance and compliance
    • Security strategy
    • Risk management
    • Security policies
    • IR, DR, BCP
    • Security awareness and training
    • Security architecture and controls

    Plan
    • Initiate communication
    • Define roles and responsibilities
    • Establish governance and build a cross-functional team
    • Identify convergence elements and compliance obligations
    • Assess readiness

    Governance

    Compliance

    Enhance
    • Update security strategy for IT/OT convergence
    • Update risk-management framework for IT/OT convergence
    • Update security policies and procedures for IT/OT convergence
    • Update incident response, disaster recovery, and business continuity plan for IT/OT convergence

    Security strategy

    Risk management

    Security policies and procedures

    IR, DR, and BCP

    Monitor &
    Optimize
    • Implement awareness, induction, and cross-training program
    • Design and deploy converging security architecture and controls
    • Establish and monitor IT/OT security metrics on effectiveness and efficiency
    • Red-team followed by blue-team activity for cross-functional team building

    Awareness and cross-training

    Architecture and controls

    Phases
    Color-coded phases with arrows looping back up from the bottom to top phase.
    • Plan
    • Enhance
    • Monitor & Optimize
    		Plan Outcomes
    • Mapping business goals to IT/OT security goals
    • RACI chart for priorities and accountabilities
    • Compliance obligations register
    • Readiness checklist
    Enhance Outcomes
    • Security strategy for IT/OT convergence
    • Risk management framework
    • Security policies & procedures
    • IR, DR, BCP
    Monitor & Optimize Outcomes
    • Security awareness and training
    • Security architecture and controls
    		 Plan Benefits
    • Improved flexibility and less divided IT/OT
    • Improved compliance
    Enhance Benefits
    • Increased strategic common goals
    • Increased efficiency and versatility
    Monitor & Optimize Benefits
    • Enhanced security
    • Reduced costs

    Plan

    Initiate communication

    To initiate communication between the IT and OT teams, it is important to understand how the two groups are different and to build trust to find a holistic approach which overcomes those differences.
    IT OT
    Remote Access Well-defined access control Usually single-level access control
    Interfaces Human Machine, equipment
    Software ERP, CRM, HRIS, payroll SCADA, DCS
    Hardware Servers, switches, PCs PLC, HMI, sensors, motors
    Networks Ethernet Fieldbus
    Focus Reporting, communication Up-time, precision, safety
    Change management Frequent updates and patches Infrequent updates and patches
    Security Confidentiality, integrity, availability Safety, reliability, availability
    Time requirement Normally not time critical Real time

    Info-Tech Insight

    OT interfaces with the physical world while IT system concerns more on cyber world. Thus, the two systems have different properties. The challenge is how to create strategic collaboration between IT and OT based on negotiation, and this needs top-down support.

    Identifying organization goals is the first step in aligning your secure IT/OT convergence with your organization’s vision.

    • Security leaders need to understand the direction the organization is headed in.
    • Wise security investments depend on aligning your security initiatives to the organization.
    • Secure IT/OT convergence should contribute to your organization’s objectives by supporting operational performance and ensuring brand protection and shareholder value.

    Map organizational goals to IT/OT security goals

    Input: Corporate, IT, and OT strategies

    Output: Your goals for the security strategy

    Materials: Secure IT/OT Convergence Requirements Gathering Tool

    Participants: Executive leadership, OT leader, IT leader, Security leader, Compliance, Legal, Risk management

    1. As a group, brainstorm organization goals.
      1. Review relevant corporate, IT, and OT strategies.
    2. Record the most important business goals in the Secure IT/OT Convergence Requirements Gathering Tool. Try to limit the number of business goals to no more than 10 goals. This limitation will be critical to helping focus on your secure IT/OT convergence.
    3. For each goal, identify one to two security alignment goals. These should be objectives for the security strategy that will support the identified organization goals.

    Download the Secure IT/OT Convergence Requirements Gathering Tool

    Record organizational goals

    Sample of the definitions table with columns numbered 1-4.

    Refer to the Secure IT/OT Convergence Framework when filling in the following elements.

    1. Record your identified organization goals in the Goals Cascade tab of the Secure IT/OT Convergence Requirements Gathering Tool.
    2. For each of your organizational goals, identify IT alignment goals.
    3. For each of your organizational goals, identify OT alignment goals.
    4. For each of your organizational goals, select one to two IT/OT security alignment goals from the drop-down lists.

    Establish scope and boundaries

    It is important to know at the outset of the strategy: What are we trying to secure in IT/OT convergence ?
    This includes physical areas we are responsible for, types of data we care about, and departments or IT/OT systems we are responsible for.

    This also includes what is not in scope. For some outsourced services or locations, you may not be responsible for their security. In some business departments, you may not have control of security processes. Ensure that it is made explicit at the outset what will be included and what will be excluded from security considerations.

    Physical Scope and Boundaries

    • How many offices and locations does your organization have?
    • Which locations/offices will be covered by your information security management system (ISMS)?
    • How sensitive is the data residing at each location?
    • You may have many physical locations, and it is not necessary to list each one. Rather, list exceptional cases that are specifically in or out of scope.

    IT Systems Scope and Boundaries

    • There may be hundreds of applications that are run and maintained in your organization. Some of these may be legacy applications. Do you need to secure all your programs or only a select few?
    • Is the system owned or outsourced?
    • Where are you accountable for security?
    • How sensitive is the data that each system handles?

    Organizational Scope and Boundaries

    • Will your ISMS cover all departments within your organization? For example, do certain departments (e.g. operations) not need any security coverage?
    • Do you have the ability to make security decisions for each department?
    • Who are the key stakeholders/data owners for each department?

    OT Systems Scope and Boundaries

    • There may be hundreds of OT systems that are run and maintained in your organization. Do you need to secure all OT or a select subset?
    • Is the system owned or outsourced?
    • Where are you accountable for safety and security?
    • What reliability requirements does each system handle?

    Record scope and boundaries

    Sample Scope and Boundaries table. Refer to the Secure IT/OT Convergence Framework when filling in the following elements:
    • Record your security-related organizational scope, physical location scope, IT systems scope, and OT systems scope in the Scope tab of the Secure IT/OT Convergence Requirements Gathering Tool.
    • For each item scoped, give the rationale for including it in the comments column. Careful attention should be paid to any elements that are not in scope.

    Plan

    Define roles and responsibilities

    Input: List of relevant stakeholders

    Output: Roles and responsibilities for the secure IT/OT convergence program

    Materials: Secure IT/OT Convergence RACI Chart Tool

    Participants: Executive leadership, OT leader, IT leader, Security leader

    There are many factors that impact an organization’s level of effectiveness as it relates to IT/OT convergence. How the two groups interact, what skill sets exist, the level of clarity around roles and responsibilities, and the degree of executive support and alignment are only a few. Thus, it is imperative in the planning phase to identify stakeholders who are:

    • Responsible: The people who do the work to accomplish the activity; they have been tasked with completing the activity and/or getting a decision made.
    • Accountable: The person who is accountable for the completion of the activity. Ideally, this is a single person and will often be an executive or program sponsor.
    • Consulted: The people who provide information. This is usually several people, typically called subject matter experts (SMEs).
    • Informed: The people who are updated on progress. These are resources that are affected by the outcome of the activities and need to be kept up to date.

    Download the Secure IT/OT Convergence RACI Chart Tool

    Define RACI Chart

    Sample RACI chart with only the 'Plan' section enlarged.

    Define responsible, accountable, consulted, and informed (RACI) stakeholders.
    1. Customize the "work units" to best reflect your operation with applicable stakeholders.
    2. Customize the "action“ rows as required.
    		 Info-Tech Insight

    The roles and responsibilities should be clearly defined. For example, IT network should be responsible for the communication and configuration of all access points and devices from the remote client to the control system DMZ, and controls engineering should be responsible from the control system DMZ to the control system.

    Plan

    Establish governance and build cross-functional team

    To establish governance and build an IT/OT cross-functional team, it is important to understand the operation of OT systems and their interactions with IT within the organization, e.g. ad hoc, centralized, decentralized.

    The maturity ladder with levels 'Fully Converged', 'Collaborative Partners', 'Trusted Resources', 'Affiliated Entities', and 'Siloed' at the bottom. Each level has four maturity indicators listed.

    Info-Tech Insight

    To determine IT/OT convergence maturity level, Info-Tech provides the IT/OT Convergence Self-Evaluation Tool.

    Centralized security governance model example

    Example of a centralized security governance model.

    Plan

    Identify convergence elements and compliance obligations

    To switch the focus from confidentiality and integrity to safety and availability for OT system, it is important to have a common language such as the Purdue model for technical communication.
    • A lot of OT compliance standards are technically focused and do not address governance and management, e.g. IT standards like the NIST Cybersecurity Framework. For example, OT system modeling with Purdue model will help IT teams to understand assets, networking, and controls. This understanding is needed to know the possible security solutions and where these solutions could be embedded to the OT system with respect to safety, reliability, and availability.
    • However, deployment of technical solutions or patches to OT system may nullify warranty, so arrangements should be made to manage this with the vendor or manufacturer prior to modification.
    • Finally, OT modernizations such as smart grid together with the advent of IIoT where data flow is becoming less hierarchical have encouraged the birth of a hybrid Purdue model, which maintains segmentation with flexibility for communications.

    Level 5: Enterprise Network

    Level 4: Site Business

    Level 3.5: DMZ
    Example: Patch Management Server, Application Server, Remote Access Server

    Level 3: Site Operations
    Example: SCADA Server, Engineering Workstation, Historian

    Level 2: Area Supervisory Control
    Example: SCADA Client, HMI

    Level 1: Basic Control
    Example: Batch Controls, Discrete Controls, Continuous Process Controls, Safety Controls, e.g. PLCs, RTUs

    Level 0: Process
    Example: Sensors, Actuators, Field Devices

    (Source: “Purdue Enterprise Reference Architecture (PERA) Model,” ISA-99.)

    Identify compliance obligations

    To manage compliance obligations, it is important to use a platform which not only performs internal and external monitoring, but also provides third-party vendors with visibility on potential threats in their organization.
    Example table of compliance obligations standards. Example tables of compliance obligations regulations and guidelines.

    Source:
    ENISA, 2013
    DHS, 2009.

    • OT system has compliance obligations with industry regulations and security standards/regulations/guidelines. See the lists given. The lists are not exhaustive.
    • OT system owner can use the standards/regulations/guidelines as a benchmark to determine and manage the security level provided by third parties.
    • It is important to understand the various frameworks and to adhere to the appropriate compliance obligations, e.g. IEC/ISA 62443 - Security for Industrial Automation and Control Systems Series.

    IEC/ISA 62443 - Security for Industrial Automation and Control Systems Series

    International series of standards for asset owners, system integrators, and product manufacturers.
    Diagram of the international series of standards for asset owners.
    (Source: Cooksley, 2021)
    • IEC/ISA 62443 is a comprehensive international series of standards covering security for ICS systems, which recognizes three roles, namely: asset owner, system integrator, and product manufacturer.
    • In IEC/ISA 62443, requirements flow from the asset owner to the product manufacturer, while solutions flow in the opposite direction.
    • For the asset owner who owns and operates a system, IEC 62443-2 enables defining target security level with reference to a threat level and using the standard as a benchmark to determine the current security level.
    • For the system integrator, IEC 62443-3 assists to evaluate the asset owner’s requirements to create a system design. IEC 62443-3 also provides a method for verification that components provided by the product manufacturer are securely developed and support the functionality required.

    Record your compliance obligations

    Refer to the “Goals Cascade” tab of the Secure IT/OT Convergence Requirements Gathering Tool.
    1. Identify your compliance obligations. Most organizations have compliance obligations that must be adhered to. These can include both mandatory and voluntary obligations. Mandatory obligations include:
      1. Laws
      2. Government regulations
      3. Industry standards
      4. Contractual agreements
      Voluntary obligations include standards that the organization has chosen to follow for best practices and any obligations that are required to maintain certifications. Organizations will have many different compliance obligations. For the purposes of your secure IT/OT convergence, include only those that have OT security requirements.
    2. Record your compliance obligations, along with any notes, in your copy of the Secure IT/OT Convergence Requirements Gathering Tool.
    3. Refer to the “Compliance DB” tab for lists of standards/regulations/guidelines.
    		 Table of mandatory and voluntary security compliance obligations.

    Plan

    Assess readiness

    Readiness checklist for secure IT/OT convergence

    People

    • Define roles and responsibilities on interaction based on skill sets and the degree of support and alignment.
    • Adopt well-established security governance practices for cross-functional teams.
    • Analyze and develop skills required by implementing awareness, induction, and cross-training program.

    Process

    • Conduct a maturity assessment of key processes and highlight interdependencies.
    • Redesign cybersecurity processes for your secure IT/OT convergence program.
    • Develop a baseline and periodically review on risks, security policies and procedures, incident response, disaster recovery, and business continuity plan.

    Technology

    • Conduct a maturity assessment and identify convergence elements and compliance obligations.
    • Develop a roadmap and deploy converging security architecture and controls step by step, working with trusted technology partners.
    • Monitor security metrics on effectiveness and efficiency and conduct continuous testing by red-team and blue-team activities.

    (Source: “Grid Modernization: Optimize Opportunities And Minimize Risks,” Info-Tech)

    Enhance

    Update security strategy

    To update security strategy, it is important to actively encourage visible sponsorship across management and to provide regular updates.

    Cycle for updating security strategy: 'Architecture design', 'Procurement', 'Installation', 'Maintenance', 'Decommissioning'.
    (Source: NIST SP 800-82 Rev.3, “Guide to Operational Technology (OT) Security,” NIST, 2022.)
    • OT system life cycle is like the IT system life cycle, starting with architectural design and ending with decommissioning.
    • Currently, IT only gets involved from installation or maintenance, so they may not fully understand the OT system. Therefore, if OT security is compromised, the same personnel who commissioned the OT system (e.g. engineering, electrical, and maintenance specialists) must be involved. Thus, it is important to have the IT team collaborate with the OT team in each stage of the OT system’s life cycle.
    • Finally, it is necessary to have propositional sharing of responsibilities between IT leaders, security leaders, and OT leaders who have broader responsibilities.

    Enhance

    Update risk management framework

    The need for asset and threat taxonomy

    • One of issues in IT/OT convergence is that OT systems focus on production, so IT solutions like security patching or updates may deteriorate a machine or take a machine offline and may not be applicable. For example, some facilities run with reliability of 99.999%, which only allows maximum of 5 minutes and 35 seconds or less of downtime per year.
    • Managing risks requires an understanding of the assets and threats for IT/OT systems. Having a taxonomy of the assets and the threats cand help.
    • Applying normal IT solutions to mitigate security risks may not be applicable in an OT environment, e.g. running an antivirus tool on OT system may remove essential OT operations files. Thus, this approach must be avoided; instead, systems must be rebuilt from golden images.
    		 Risk management framework.
    (Source: ENISA, 2018.)

    Enhance

    Update security policies and procedures

    • Policy is the link between people, process, and technology for any size of organization. Small organizations may think that having formal policies in place is not necessary for their operations, but compliance is applicable to all organizations, and vulnerabilities affect organizations of all sizes as well. Small organizations partnering with clients or other organizations are sometimes viewed as ideal proxies for attackers.
    • Updating security policies to align with the OT system so that there is a uniform approach to securing both IT and OT environments has several benefits. For example, enhancing the overall security posture as issues are pre-emptively avoided, being better prepared for auditing and compliance requirements, and improving governance especially when OT governance is weak.
    • In updating security policies, it is important to redefine the policy framework to include the OT framework and to prioritize the development of security policies. For example, entities that own or manage US and Canadian electric power grids must comply with North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards, specifically CIP-003 for Policy and Governance. This can be achieved by understanding the current state of policies and by right-sizing the policy suite based on a policy hierarchy.
    		 The White House released an Executive Order on Improving the Nation’s Cybersecurity (EO 14028) in 2021 that establishes new requirements on the scope of protection and security policy such that it must include both IT and OT.

    Policy hierarchy example

    This example of a policy hierarchy features templates from Info-Tech’s Develop and Deploy Security Policies and Identify the Best Framework for Your Security Policies research.

    Example policy hierarchy with four levels, from top-down: 'Governance', 'Process-based policies', 'Prescriptive/ technical (for IT including OT elements)', 'Prescriptive/ technical (for users)'.

    Enhance

    Update IR, DR, and BCP

    A proactive approach to security is important, so actions such as updating and testing the incident response plan for OT are a must. (“Cybersecurity Year In Review” Dragos, 2022.)

    1. Customize organizational chart for IT/OT IR, DR, BCP based on governance and management model.
      E.g. ad hoc, internal distributed, internal centralized, combined distributed, and decentralized. (Software Engineering Institute, 2003)
    2. Adjust the authority of the new organizational chart and decide if it requires additional staffing.
      E.g. full authority, shared authority. (Software Engineering Institute, 2003)
    3. Update IR plan, DR plan, and BCP for IT/OT convergence.
      E.g. incorporate zero trust principles for converge network
    4. Testing updated IR plan, DR plan, and BCP.

    Optimize

    Implement awareness, induction, and cross-training

    To develop training and awareness programs for all levels of the organization, it is important to understand the common challenges in IT security that also affect secure IT/OT convergence and how to overcome those challenges.

    Alert Fatigue

    		 Too many false alarms, too many events to process, and an evolving threat landscape that wastes analysts’ valuable time on mundane tasks such as evidence collection. Meanwhile, only limited time is given for decision and conclusion, which results in fear of missing an incident and alert fatigue.

    Skill Shortages

    		 Obtaining and retaining cybersecurity-skilled talent is challenging. Organizations need to invest in the people, but not all organizations will be able to invest sufficiently to have their own dedicated security team.

    Lack of Insight

    		 To report progress, clear metrics are needed. However, cybersecurity still falls short in this area, as the system itself is complex, and much work is siloed. Furthermore, lessons learned are not yet distilled into insights yet for improving future accuracy.

    Lack of Visibility

    		 Ensuring complete visibility of the threat landscape, risks, and assets requires system integration and consistent workflow across the organization, and the convergence of OT, IoT, and IT enhances this challenge (e.g. machines cannot be scanned during operational uptime).
    (Source: Security Intelligence, 2020.)     		“Cybersecurity staff are feeling burnout and stressed to the extent that many are considering leaving their jobs.” (Danny Palmer, ZDNET News, 2022)

    Awareness may not correspond to readiness

    • An issue with IT/OT convergence training and awareness happens when awareness exists, but the personnel are trained only for IT security and are not trained for OT-specific security. For example, some organizations still use generic topics such as not opening email attachments, when the personnel do not even operate using email nor in a web browsing environment. (“Assessing Operational Readiness,” Dragos, 2022)
    • Meanwhile, as is the case with IT, OT security training topics are broad, such as OT threat intelligence, OT-specific incident response, and tabletop exercises.
    • Hence, it requires the creation of a training program development plan that considers the various audiences and topics and maps them accordingly.
    • Moreover, roles are also evolving due to convergence and modernization. These new roles require an integrative skill set. For example, the grid security & ops team might consist of an IT security specialist, SCADA technician/engineer, and OT/IIOT security specialist where OT/IIOT security specialist is a new role. (Grid Modernization: Optimize Opportunities and Minimize Risks,” Info-Tech)
    • In conclusion, it is important to approach talent development with an open mind. The ability to learn and flexibility in the face of change are important attributes, and technical skill sets can be improved with certifications and training.
    		 “One area regularly observed by Dragos is a weakness in overall cyber readiness and training tailored specific to the OT environment.” (“Assessing Operational Technology,” Dragos, 2022.)

    Certifications

    What are the options?
    • One of issues in certification is the complexity on relevancy in topics with respect to roles and levels.
    • An example solution is the European Union Agency for Cybersecurity (ENISA)’s approach to analyzing existing certifications by orientation, scope, and supporting bodies, grouped into specific certifications, relevant certifications, and safety certifications.

    Specific cybersecurity certification of ICS/SCADA
    Example: ISA-99/IEC 62443 Cybersecurity Certificate Program, GIAC Global Industrial Cyber Security Professional (GICSP), Certified SCADA Security Architect (CSSA), EC-Council ICS/SCADA Cybersecurity Training Course.

    Other relevant certification schemes
    Example: Network and Information Security (NIS) Driving License, ISA Certified Automation Professional (CAP), Industrial Security Professional Certification (NCMS-ISP).

    Safety Certifications
    Example: Board of Certified Safety Professionals (BCSP), European Network of Safety and Health Professional Organisations (ENSHPO).

    		Order of certifications with 'Orientation' at the top, 'Scope', then 'Support'.(Source: ENISA, 2015.)

    Optimize

    Design and deploy converging security architecture and controls

    • IT/OT convergence architecture can be modeled as a layered structure based on security. In this structure, the bottom layer is referred as “OT High-Security Zone” and the topmost layer is “IT Low-Security Zone.” In this model, each layer has its own set of controls configured and acts like an additional layer of security for the zone underneath it.
    • The data flows from the “OT High-Security Zone” to the topmost layer, the “IT Low-Security Zone,” and the traffic must be verified to pass to another zone based on the need-to-know principle.
    • In the normal control flow within the “OT High-Security Zone” from level 3 to level 0, the traffic must be verified to pass to another level based on the principle of least privilege.
    • Remote access (dotted arrow) is allowed under strict access control and change control based on the zero-trust principle with clear segmentation and a point for disconnection between the “OT High-Security Zone” and the “OT Low-Security Zone”
    • This model simplifies the security process, as if the lower layers have been compromised, then the compromise can be confined on that layer, and it also prevents lateral movement as access is always verified.
    		 Diagram for the deployments of converging security architecture.(Source: “Purdue Enterprise Reference Architecture (PERA) model,” ISA-99.)

    Off-the-shelf solutions

    Getting the right recipe: What criteria to consider?

    Image of a shopping cart with the four headlines on the right listed in order from top to bottom.
    Icon of an eye crossed out. Visibility and Asset Management

    Passive data monitoring using various protocol layers, active queries to devices, or parsing configuration files of OT, IoT, and IT environments on assets, processes, and connectivity paths.

    Icon of gears. Threat Detection, Mitigation, and Response (+ Hunting)

    Automation of threat analysis (signature-based, specification-based, anomaly-based, sandboxing) not only in IT but also in relevant environments, e.g. IoT, IIoT, and OT on assets, data, network, and orchestration with threat intelligence sharing and analytics.

    Icon of a check and pen. Risk Assessment and Vulnerability Management

    Risk scoring approach (qualitative, quantitative) based on variables such as behavioral patterns and geolocation. Patching and vulnerability management.

    Icon of a wallet. Usability, Architecture, Cost

    The user and administrative experience, multiple deployment options and extensive integration capabilities, and affordability.

    Optimize

    Establish and monitor IT/OT security metrics for effectiveness and efficiency

    Role of security metrics in a cybersecurity program (EPRI, 2017.)
    • Requirements for secure IT/OT are derived from mandatory or voluntary compliance, e.g. NERC CIP, NIST SP 800-53.
    • Frameworks for secure IT/OT are used to build and implement security, e.g. NIST CSF, AESCSF.
    • Maturity of secure IT/OT is used to measure the state of security, e.g. C2M2, CMMC.
    • Security metrics have the role of measuring effectiveness and efficiency.

    Icon of a person ascending stairs.
    Safety

    OT interfaces with the physical world. Thus, metrics based on risks related with life, health, and safety are crucial. These metrics motivate personnel by making clear why they should care about security. (EPRI, 2017.)

    Icon of a person ascending stairs.
    Business Performance

    The impact of security on the business can be measured in various metrics such as operational metrics, service level agreements (SLAs), and financial metrics. (BMC, 2022.)

    Icon of a person ascending stairs.
    Technology Performance

    Early detection will lead to faster remediation and less damage. Therefore, metrics such as maximum tolerable downtime (MTD) and mean time to recovery (MTR) indicate system reliability. (Dark Reading, 2022)

    Icon of a person ascending stairs.
    Security Culture

    The metrics for the overall quality of security culture with indicators such as compliance and audit, vulnerability management, and training and awareness.

    Further information

    Related Info-Tech Research

    Sample of 'Build an Information Security Strategy'.

    Build an Information Security Strategy

    Info-Tech has developed a highly effective approach to building an information security strategy – an approach that has been successfully tested and refined for over seven years with hundreds of organizations.

    This unique approach includes tools for ensuring alignment with business objectives, assessing organizational risk and stakeholder expectations, enabling a comprehensive current-state assessment, prioritizing initiatives, and building a security roadmap.

    		Sample of 'Preparing for Technology Convergence in Manufacturing'.

    Preparing for Technology Convergence in Manufacturing

    Information technology (IT) and operational technology (OT) teams have a long history of misalignment and poor communication.

    Stakeholder expectations and technology convergence create the need to leave the past behind and build a culture of collaboration.

    		Sample of 'Implement a Security Governance and Management Program'.

    Implement a Security Governance and Management Program

    Your security governance and management program needs to be aligned with business goals to be effective.

    This approach also helps provide a starting point to develop a realistic governance and management program.

    This project will guide you through the process of implementing and monitoring a security governance and management program that prioritizes security while keeping costs to a minimum.

    Bibliography

    Assante, Michael J. and Robert M. Lee. “The Industrial Control System Cyber Kill Chain.” SANS Institute, 2015.

    “Certification of Cyber Security Skills of ICS/SCADA Professionals.” European Union Agency for Cybersecurity (ENISA), 2015. Web.

    Cooksley, Mark. “The IEC 62443 Series of Standards: A Product Manufacturer‘s Perspective.” YouTube, uploaded by Plainly Explained, 27 Apr. 2021. Accessed 26 Aug. 2022.

    “Cyber Security Metrics for the Electric Sector: Volume 3.” Electric Power Research Institute (EPRI), 2017.

    “Cybersecurity and Physical Security Convergence.” Cybersecurity and Infrastructure Security Agency (CISA). Accessed 19 May 2022.

    “Cybersecurity in Operational Technology: 7 Insights You Need to Know,” Ponemon, 2019. Web.

    “Developing an Operational Technology and Information Technology Incident Response Plan.” Public Safety Canada, 2020. Accessed 6 Sep. 2022.

    Gilsinn, Jim. “Assessing Operational Technology (OT) Cybersecurity Maturity.” Dragos, 2021. Accessed 02 Sep. 2022.

    “Good Practices for Security of Internet of Things.” European Union Agency for Cybersecurity (ENISA), 2018. Web.

    Greenfield, David. “Is the Purdue Model Still Relevant?” AutomationWorld. Accessed 1 Sep. 2022

    Hemsley, Kevin E., and Dr. Robert E. Fisher. “History of Industrial Control System Cyber Incidents.” US Department of Energy (DOE), 2018. Accessed 29 Aug. 2022.

    “ICS Security Related Working Groups, Standards and Initiatives.” European Union Agency for Cybersecurity (ENISA), 2013.

    Killcrece, Georgia, et al. “Organizational Models for Computer Security Incident Response Teams (CSIRTs).” Software Engineering Institute, CMU, 2003.

    Liebig, Edward. “Security Culture: An OT Survival Story.” Dark Reading, 30 Aug. 2022. Accessed 29 Aug. 2022.

    Bibliography

    O'Neill, Patrick. “Russia Hacked an American Satellite Company One Hour Before the Ukraine Invasion.” MIT Technology Review, 10 May 2022. Accessed 26 Aug. 2022.

    Palmer, Danny. “Your Cybersecurity Staff Are Burned Out – And Many Have Thought About Quitting.” Zdnet, 08 Aug. 2022. Accessed 19 Aug. 2022.

    Pathak, Parag. “What Is Threat Management? Common Challenges and Best Practices.” SecurityIntelligence, 23 Jan. 2020. Web.

    Raza, Muhammad. “Introduction To IT Metrics & KPIs.” BMC, 5 May 2022. Accessed 12 Sep. 2022.

    “Recommended Practice: Developing an Industrial Control Systems Cybersecurity Incident Response Capability.” Department of Homeland Security (DHS), Oct. 2009. Web.

    Sharma, Ax. “Sigma Rules Explained: When and How to Use Them to Log Events.” CSO Online, 16 Jun. 2018. Accessed 15 Aug. 2022.

    “Significant Cyber Incidents.” Center for Strategic and International Studies (CSIS). Accessed 1 Sep. 2022.

    Tom, Steven, et al. “Recommended Practice for Patch Management of Control Systems.” Department of Homeland Security (DHS), 2008. Web.

    “2021 ICS/OT Cybersecurity Year In Review.” Dragos, 2022. Accessed 6 Sep. 2022.

    “2021 State of Operational Technology and Cybersecurity Report,” Fortinet, 2021. Web.

    Zetter, Kim. “Pre-Stuxnet, Post-Stuxnet: Everything Has Changed, Nothing Has Changed.” Black Hat USA, 08 Aug. 2022. Accessed 19 Aug. 2022.

    Research Contributors and Experts

    Photo of Jeff Campbell, Manager, Technology Shared Services, Horizon Power, AU. Jeff Campbell
    Manager, Technology Shared Services
    Horizon Power, AU

    Jeff Campbell has more than 20 years' experience in information security, having worked in both private and government organizations in education, finance, and utilities sectors.

    Having focused on developing and implementing information security programs and controls, Jeff is tasked with enabling Horizon Power to capitalize on IoT opportunities while maintaining the core security basics of confidentiality, integrity and availability.

    As Horizon Power leads the energy transition and moves to become a digital utility, Jeff ensures the security architecture that supports these services provides safer and more reliable automation infrastructures.

    		Christopher Harrington
    Chief Technology Officer (CTO)
    Carolinas Telco Federal Credit Union

    Frank DePaola
    Vice President, Chief Information Security Officer (CISO)
    Enpro

    Kwasi Boakye-Boateng
    Cybersecurity Researcher
    Canadian Institute for Cybersecurity

    Customer Value Contribution

    I'm proud to announce our new Customer Value Contribution Calculator©, or CVCC© in short.

    It enhances and possibly replaces the BIA (Business Impact Analysis) process with a much simpler way.

    More info to follow shortly.

    Take a Realistic Approach to Disaster Recovery Testing

    • Buy Link or Shortcode: {j2store}414|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity

    You have made significant investments in availability and disaster recovery – but your ability to recover hasn’t been tested in years. Testing will:

    • Improve your DR capabilities.
    • Identify required changes to planning documentation and procedures.
    • Validate DR capabilities for interested customers and auditors.

    Our Advice

    Critical Insight

    • If you treat testing as a pass/fail exercise, you aren’t meeting the end goal of improving organizational resilience.
    • Focus on identifying gaps and risks, and addressing them, before a real disaster hits.
    • Take a realistic, iterative approach to resilience testing that starts with small, low-risk tests and builds on lessons learned.

    Impact and Result

    • Identify testing scenarios and scope that can deliver value to your organization.
    • Create practical test plans with Info-Tech’s template.
    • Demonstrate value from testing to gain buy-in for additional tests.

    Take a Realistic Approach to Disaster Recovery Testing Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take a Realistic Approach to Disaster Recovery Testing Storyboard – A guide to establishing a right-sized approach to DR testing that delivers durable value to your organization.

    Use this research to understand the different types of tests, prioritize and plan tests for your organization, review the results, and establish a cadence for testing.

    • Take a Realistic Approach to Disaster Recovery Testing Storyboard

    2. Disaster Recovery Test Plan Template – A template to document your organization's DR test plan.

    Use this template to document scope and goals, participants, key pre-test milestones, the test-day schedule, and your findings from the testing exercise.

    • Disaster Recovery Test Plan Template

    3. Disaster Recovery Testing Program Summary – A template to outline your organization's DR testing program.

    Identify the tests you will run over the next year and the expertise, governance, process, and funding required to support testing.

    • Disaster Recovery Testing Program Summary

    [infographic]

     

    Further reading

    Take a Realistic Approach to Disaster Recovery Testing

    Reduce costly downtime with a right-sized testing program that improves IT resilience.

    Analyst Perspective

    Reduce costly downtime with a right-sized testing program that improves IT resilience.

    Andrew Sharp

    Most businesses make significant investments in disaster recovery and technology resilience. Redundant sites and systems, monitoring, intrusion prevention, backups, training, documentation: it all costs time and money.

    But does this investment deliver expected value? Specifically, can you deliver service continuity in a way that meets business requirements?

    You can’t know the answer without regularly testing recovery processes and systems. And more than just validation, testing helps you deliver service continuity by finding and addressing gaps in your plans and training your staff on recovery procedures.

    Use the insights, tools, and templates in this research to create a streamlined and effective resilience testing program that helps validate recovery capabilities and enhance service reliability, availability, and continuity.

    Andrew Sharp

    Research Director, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    You have made significant investments in availability and disaster recovery (DR) – but your ability to recover hasn’t been tested in years. Testing will:

    • Improve your DR capabilities.
    • Identify required changes to planning documentation and procedures.
    • Validate DR capabilities for interested customers and auditors.

    Common Obstacles

    Despite the value testing can offer, actually executing on DR tests is difficult because:

    • Testing is often an IT-driven initiative, and it can be difficult to secure business buy-in to redirect resources away from other urgent projects or accept risks that come with testing.
    • Previous tests have been overly complex and challenging to coordinate and leave a hangover so bad that no one wants to do them again.

    Info-Tech's Approach

    Take a realistic approach to resilience testing by starting with small, low-risk tests, then iterating with the lessons you’ve learned:

    • Identify testing scenarios and scope that can deliver value to your organization.
    • Create practical test plans with Info-Tech’s template.
    • Get buy-in for regular DR testing from key stakeholders with a testing program summary.

    Info-Tech Insight

    If you treat testing as a pass/fail exercise, you aren’t meeting the end goal of improving organizational resilience. Focus on identifying gaps and risks so you can address them before a real disaster hits.

    Process and Outputs

    This research is accompanied by templates to help you achieve your goals faster.

    1 - Establish the business rationale for DR testing.
    2 - Review a range of options for testing.
    3 - Prioritize tests that are most valuable to your business.
    4 - Create a disaster recovery test plan.
    5 - Establish a Test Program to support a regular testing cycle.

    Outputs:

    DR Test Plan
    DR Testing Program Summary

    Example Orange Activity slide.
    Orange activity slides like the one on the left provide directions to help you make key decisions.

    Key Deliverable:

    Disaster Recovery Test Plan Template

    Build a plan for your first disaster recovery test.

    This document provides a complete example you can use to quickly build your own plan, including goals, milestones, participants, the test-day schedule, and findings from the after-action review.

    Why test?

    Testing helps you avoid costly downtime

    • In a disaster scenario, speed matters. Immediately after an outage, the impact on the organization is small, but impact increases rapidly the longer the outage continues.
    • A quick and reliable response and recovery can protect the organization from significant losses.
    • A DRP testing and maintenance program helps ensure you’re ready to recover when you need to, rather than figuring it out as you go.

    “Routine testing is vital to survive a disaster… that’s when muscle memory sets in. If you don’t test your DR plan it falls [in importance], and you never see how routine changes impact it.”

    – Jennifer Goshorn
    Chief Administrative Officer
    Gunderson Dettmer LLP

    Info-Tech members estimated even one day of system downtime could lead to significant revenue losses. Estimated loss of revenue over 24 hours. Core Infrastructure has the highest potential for lost revenue.

    Average estimated potential loss* in thousands of USD due to a 24-hour outage (N=41)

    *Data aggregated from 41 business impact analyses (BIAs) conducted with Info-Tech advisory assistance. BIAs evaluate potential revenue loss due to a full day of system downtime, at the worst possible time.

    Run tests to enhance disaster recovery plans

    Testing improves organizational resilience

    • Identify and address gaps in your plans before a real disaster strikes.
    • Cross-train staff on systems recovery.
    • Go beyond testing technology to test recovery processes.
    • Establish a culture that centers resilience in everyday decision-making.

    Testing keeps DR documentation ready for action

    • Update documentation ahead of tests to prepare for the testing exercise.
    • Update documentation after testing to incorporate any lessons learned.

    Testing validates that investments in resilience deliver value

    • Confirm your organization can meet defined recovery time objectives (RTOs) and recovery point objectives (RPOs).
    • Provide proof of testing for auditors, prospective customers, and insurance applications

    Overcome testing challenges

    Despite the value of effective recovery testing, most IT organizations struggle to test recovery plans

    Common challenges

    • Key resources don’t have time for testing exercises.
    • You don’t have the technology to support live recovery testing.
    • Tests are done ad hoc and lessons learned are lost.
    • A lack of business support for test exercises as the value isn’t understood.
    • Tests are always artificially simple because RTOs and RPOs must be met to satisfy customer or auditor inquiries

    Overcome challenges with a realistic approach:

    • Start small with tabletop and recovery tests for specific systems.
    • Include recovery tests in operational tasks (e.g. restore systems when you have a maintenance window).
    • Create testing plans for larger testing exercises.
    • Build on successful tests to streamline testing exercises in the future.
    • Don’t make testing a pass-fail exercise. Focus on identifying gaps and risks so you can address them before a real disaster hits.

    Go beyond traditional testing

    Different test techniques help validate recovery against different threats

    • There are many threats to service continuity, including ransomware, severe weather events, geopolitical conflict, legacy systems, staff turnover, and day-to-day outages caused by human error, software updates, hardware failures, or network outages.
    • At its core, disaster recovery planning is about recovery. A plan for service recovery will help you mitigate against many threats at once. The testing approaches on the right will help you validate different aspects of that recovery process.
    • This research will provide an overview of the approaches outlined on the right and help you prioritize tests that are most valuable to your organization.
    Different test techniques for disaster recover training: System Failover tests, tabletop exercises, ransomware recovery tests, etc.

    00 Identify a working group

    30 minutes

    Identify a group of participants who can fill the following roles and inform the discussions around testing in this research. A single person could fill multiple roles and some roles could be filled by multiple people. Many participants will be drawn from the larger DRP team.

    Roles and expectations for Disaster Recovery Planning. DRP sponsor, Testing coordinator, System testers, business liaisons, executive team.

    Input

    • Organizational context

    Output

    • A list of key participants for test planning and execution

    Participants

    • Typically, start by identifying the sponsor and coordinator and have them identify the other members of the working group.

    Start by updating your disaster recovery plan (DRP)

    Use Info-Tech’s Create a Right-Sized Disaster Recovery Plan research to identify recovery objectives based on business impact and outline recovery processes. Both are tremendously valuable inputs to your test plans.

    Overall Business Continuity Plan

    IT Disaster Recovery Plan

    A plan to restore IT services (e.g. applications and infrastructure) following a disruption. A DRP:

    • Identifies critical applications and dependencies.
    • Defines appropriate recovery objectives based on a business impact analysis (BIA).
    • Creates a step-by-step incident response plan.

    BCP for Each Business Unit

    A set of plans to resume business processes for each business unit. A business continuity plan (BCP) is also sometimes called a continuity of operations plan (COOP).

    BCPs are created and owned by each business unit, and creating a BCP requires deep involvement from the leadership of each business unit.

    Info-Tech’s Develop a Business Continuity Plan blueprint provides a methodology for creating business unit BCPs as part of an overall BCP for the organization.

    Crisis Management Plan

    A plan to manage a wide range of crises, from health and safety incidents to business disruptions to reputational damage.

    Info-Tech’s Implement Crisis Management Best Practices blueprint provides a framework for planning a response to any crisis, from health and safety incidents to reputational damage.

    01 Confirm: why test at all?

    15-30 minutes

    Identify the value recovery testing for your organization. Use language appropriate for a nontechnical audience. Start with the list below and add, modify, or delete bullet points to reflect your own organization.

     

    Drivers for testing – Examples:

     

    • Improve service continuity.
    • Identify and address gaps in recovery plans before a real disaster strikes.
    • Cross-train staff on systems recovery to minimize single points of failure.
    • Identify how we coordinate across teams during a major systems outage.
    • Exercise both recovery processes and technology.
    • Support a culture that centers system resilience in everyday decision-making.
    • Keep recovery documentation up-to-date and ready for action.
    • Confirm that our stated recovery objectives can be met.
    • Provide proof of testing for auditors, prospective customers, and insurance applications.
    • We require proof of testing to pass audits and renew cybersecurity insurance.

    Info-Tech Insight

    Time-strapped technical staff will sometimes push back on planning and testing, objecting that the team will “figure it out” in a disaster. But the question isn’t whether recovery is possible – it’s whether the recovery aligns with business needs. If your plan is to “MacGyver” a solution on the fly, you can’t know if it’s the right solution for your organization.

    Input

    • Business drivers and context for testing

    Output

    • Specific goals that are driving testing

    Participants

    • DR sponsor
    • Test coordinator

    Think about what and how you test

    Different layers of the stack to test: Network, Authentication, compute and storage, visualization platforms, database services, middleware, app servers, web servers.

    Find gaps and risks with tabletop testing

    Tabletop planning had the greatest impact on meeting recovery objectives (RTOs/RPOs).

    In a tabletop planning exercise, the team walks through a disaster scenario to outline the recovery workflow, and risks or gaps that could disrupt that workflow.

    Tabletops are particularly effective because:

    • It enables you to play out a wider range of scenarios than technology-based testing (e.g. full-scale, parallel) due to cost and complexity factors.
    • It is non-intrusive, so it can be executed more easily than other testing methodologies.
    • The exercise translates into recovery documentation: you create a workflow as you go.
    • A major site or service recovery scenario will review all aspects of the recovery process and create the backbone of your recovery plan.

    02 Run a tabletop exercise

    2 hours

    Tabletop testing is part of our core DRP methodology, Create a Right-Sized Disaster Recovery Plan. This exercise can be run using cue cards, sticky notes, or on a whiteboard; many of our facilitators find building the workflow directly in flowchart software to be very effective.

    Use our Recovery Workflow Template as a starting point.

    Some tips for running your first tabletop exercise:

    Do

    • Review the complete workflow from notification all the way to user acceptance testing.
    • Keep focused; stay on task and on time.
    • Revisit each step and record gaps and risks (and known solutions, but don’t dwell on this).
    • Revise and improve the plan with task owners.

    Don't

    • Get weighed down by tools.
    • Try to find solutions to every gap/risk as you go. Save in-depth research/discussion for later.
    • Document the details right away – stick to the high-level plan for the first exercise.
    1. Ahead of the exercise, decide on a scenario, identify participants, and book a meeting time.
      • For your first walkthrough of a DR scenario, we often recommend a scenario that considers a site failure requiring failover to a DR site.
      • For the first exercise, focus on technical aspects of recovery before bringing in members of the business. The technical team may need space to discuss the appropriate steps in the recovery process before you bring in business liaisons to discuss user acceptance testing (UAT).
      • A complete failover considers all systems, the viability of your second site, and can help identify parts of the process that require additional exercises.
    2. Review the scenario with participants. Then, discuss and document the recovery process, starting with initial notification of an event.
      • Record steps in the process on white cards or boxes.
      • On yellow and red cards, document gaps and risks in people process and technology requirements.
    3. Once you’ve walked through the process, return to the start.
      • Record the time required to complete each step. Consider identifying who is responsible for key steps. Identify any additional gaps and risks.
    4. Clean up and record the results of the workflow. Save a copy with your DRP documentation.

    Input

    • Expert knowledge on systems recovery

    Output

    • Recovery workflow, including gaps and risks

    Participants

    • Test coordinator
    • Technical SMEs

    Move from tabletop testing to functional exercises

    See how your plans fare in the real world

    In live exercises, some portion of your recovery plans are executed in a way that mimics a real recovery scenario. Some advantages of live testing:

    • See how standby systems behave. A tabletop exercise can miss small issues that can make or break the recovery process. For example, connectivity or integration issues on a new subnet might be difficult to predict prior to actually running services in that environment.
    • Hands-on practice: Familiarize the team with the steps, commands, and interfaces of your recovery toolset.
    • Manage the pressure of the DR scenario: Nothing’s quite like the real thing, but a live exercise may be the closest your team can get to a disaster situation without experiencing it firsthand.

    Examples of live exercises

    Boot and smoke test Turn on a standby system and confirm it boots up correctly.
    Restore and validate data Restore data or servers from backup. Confirm data integrity.
    Parallel testing Send familiar transactions to production and standby systems. Confirm both systems produce the same result.
    Failover systems Shut down the production system and use the standby system in production.

    Run local tests ahead of releases

    Think small

    Most unacceptable downtime is caused by localized issues, such as hardware or software failures, rather than widespread destructive events. Regular local testing can help validate the recovery plan for local issues and improve overall service continuity.

    Make local testing a standard step in maintenance work and new deployments to embed resilience considerations in day-to-day activities. Run the same tests in both your primary and your DR environment.

    Some examples of localized tests:

    • Review backup logs and check for errors.
    • Restore files or whole systems from backup.
    • Run application-based tests as part of release management, including unit, regression, and performance tests.
      • Ensure application tests are run for both the primary and DR environment.
      • For a deep-dive on application testing, see Info-Tech’s research Automate Testing to Get More Done.

    Info-Tech Insight

    Local tests will vary between different services, and local test design is usually best left to the system SMEs. At the same time, centralize reporting to understand where tests are being done.

    Investigate whether your IT Service Management or ticketing system can create recurring tasks or work orders to schedule, document, and track test exercises. Tasks can be pre-populated with checklists and documentation to support the test and provide a record of completed tests to support oversight and reporting.

    Have the business validate recovery

    If your business doesn’t think a system’s recovered, it’s not recovered.

    User acceptance testing (UAT) after system recovery is a key step in the recovery process. Like any step in the process, there’s value in testing it before it actually needs to be done. Assign responsibility for building UATs to the person who will be responsible for executing them.

    An acceptance test script might look something like the checklist below.

    • Does the application open?
    • Does the interface look right?
    • Do you see any unusual notifications or warnings?
    • Can you conduct a key transaction with dummy data?
    • Can you run key reports?

    “I cannot stress how important it is to assign ownership of responsibilities in a test; this is the only way to truly mitigate against issues in a test.”

    – Robert Nardella
    IT Service Management
    Certified z/OS Mainframe Professional

    Info-Tech Insight

    Build test scripts and test transactions ahead of time to minimize the amount of new work required during a recovery scenario.

    Beyond the Basics: Full Failover Testing

    • A failover test – a full failover of your production environment to a secondary environment – is what many IT and businesspeople think about when they think of disaster recovery testing.
    • A full test can validate previous local or tabletop tests, identify additional gaps and risks, and provide hands-on training experience with recovery processes and technologies.
    • Setting a date for failover testing can also inject some urgency into otherwise low-priority (but high importance) disaster recovery planning and documentation exercises, which need to be completed prior to the test.
    • Despite these benefits, full failover tests carry significant risk and require a great deal of effort and cost. Typically, only businesses that already have an active-active environment capable of supporting in-scope production systems are able to run a full environment failover.
    • This is especially true the first time you test. While in theory a DR plan should be ready to go at any time, there will be documents to update, gaps to address, and risks to mitigate before you go ahead with the test.

    Full Failover Testing

    What you get:

    • Provide hands-on experience with recovery processes and technology.
    • Confirm that site failover works in practice as you assumed in tabletop or local testing exercises.
    • Identify critical gaps you might have missed without a full failover test.

    What you need:

    • An active-active secondary site, with sufficient standby equipment, data, and licensed standby software to support production.
    • A completed tabletop exercise and documented recovery workflow.
    • A documented test plan, backout plan, and formal sign-off.
    • An off-hours downtime window.
    • Time from technical SMEs and business resources, both for creating the plan and executing the test.

    Beyond the Basics: Site Reliability Engineering

    • Site reliability engineering (SRE) is an application of skills and approaches from software engineering to improve system resilience.
    • SRE is focused on “availability, latency, performance, efficiency, change management, monitoring, emergency response, and capacity planning” across a set portfolio of services (Sloss, 2017).
    • In many organizations, SRE is implemented as a team that supports separate applications teams.
    • Applications must have defined and granular resilience requirements, translated into service objectives. The SRE team and applications teams will work together to meet these objectives.
    • Site reliability engineers (the folks that do SRE, and often also abbreviated as SREs) are expected to build solutions and processes to ensure services remain stable and performant, not just respond when they fail. For example, Google allows their SREs to spend just half their time on incident response, with the rest of their time focused on development and automation tasks.

    Site Reliability Testing

    What you get:

    • Improved reliability and reduced frequency and impact of downtime.
    • Increased use of automation to address problems before they cause an incident.
    • Granular resilience objectives.

    What you need:

    • Systems running on software-defined infrastructure.
    • Specialized skills in programming, infrastructure-as-code.
    • Business & product owners able to define and fund acceptable and appropriate resilience objectives.
    • Technical experts able to translate product requirements into technical design requirements.

    Beyond the Basics: Chaos Engineering

    • Chaos engineering, a term and approach first popularized by the team at Netflix, aims to improve the resilience of particularly large and distributed systems by simulating system failures and evaluating performance against a baseline.
    • Experiments simulate a variety of real-world events that could cause outages (e.g. network slowdowns or server failures). Experiments run continuously, and the recommendation is to run them in production where feasible while minimizing the impact on customers.
    • Tools to help you run chaos testing exist, including open-source toolkits like Chaos Monkey or Mangle and paid software as a service (SaaS) solutions like Gremlin.
    • Deciding whether the long-term benefits of tests that can degrade production are worth the potential risk of system slowdowns or outages is a business or product decision. Technical considerations aside, if the business owner of a particular system doesn’t see the value of continuous testing outweighing the introduced risk, this approach to testing isn’t going to happen.

    Chaos Engineering

    What you get:

    • Confidence that systems can weather volatile and unpredictable conditions in a production environment.
    • An embedded resilience culture.

    What you need:

    • High-maturity IT incident, monitoring and event practices.
    • Standby/resilient systems to minimize downtime impact.
    • Business buy-in for introducing risk into the production environment.
    • Specialized skills to identify, develop, and run tests that degrade production performance in a controlled way.
    • Budget and time to act on issues identified through testing.

    Beyond the Basics: Security Event Simulations

    • Ransomware is driving demands for proof of recovery testing from customers, executives, auditors, and insurance companies. Systems recovery is part of ransomware recovery, but recovering from a breach includes detection, analysis, containment, and eradication of the attack vector before systems recovery can begin.
    • Beyond technical recovery, internal legal and communications teams will have a role, as will your insurance provider, consultants specialized in ransomware recovery, or professional ransom negotiators.
    • A tabletop exercise focused on ransomware incident response is a key first step. You can find Info-Tech’s methodology for a ransomware tabletop in Phase 3 of Build Resilience Against Ransomware Attacks.
    • Live testing approaches can offer hands-on experience and further insight into how your systems are vulnerable to malware. A variety of open source and proprietary tools can simulate ransomware and help you identify problems, though it’s important to understand the limitations of different simulators (Allon, 2022).
    • A “red team” exercise simulates an adversarial attack against your processes and systems. A specialized penetration tester will often take on the role of the red team and provide a report of identified gaps and risks after the engagement.

    Security Event Simulation

    What you get:

    • Hands-on experience managing and recovering from a ransomware attack in a controlled environment.
    • A better understanding of gaps in your response process.

    What you need:

    • A completed ransomware tabletop exercise and mature security incident response processes.
    • For Ransomware Simulators: An air-gapped sandbox environment hosting a copy of your production systems and security tools, and time from your technical SMEs.
    • For Red Team Exercises: A trusted provider, scope for your testing plans, and time from your security incident response team.

    Prioritize tests by asking these three questions

    1. Will the scope of this test deliver sufficient value?

    • Yes, these are critical systems with low tolerance for downtime or data loss.
    • Yes, major changes or new systems require validation of DR capabilities.
    • Yes, there’s high probability of an outage, or recent experience of an outage.
    • •Yes, we have audit requirements or customer demands for testing.

    2. Are we ready for this test?

    • Yes, recovery plans and recovery objectives are documented.
    • Yes, key technical and business resources have time to commit to testing exercises.
    • Yes, technology is currently able to support proposed tests.

    3. Is it easy to do?

    • Yes, effort required to complete the test is low (i.e. minimal work, few participants).
    • Yes, the risks related to testing are low.
    • Yes, it won’t cost much.

    Info-Tech Insight

    More complex, challenging, risky, or costly tests, such as full failover tests, can deliver value. But do the high-value, low-effort stuff first!

    03 Brainstorm and prioritize test ideas

    30-60 minutes

    Even if you have an idea of what you need to test and how you want to run those tests, this brainstorming exercise can generate useful ideas for testing that might otherwise have been missed.

      1. Review the slides above to develop ideas on how and what you want to test. These slides may be enough to kickstart a brainstorming process. Don’t debate or discount ideas at this point. Write down these ideas in a space where all participants can see them (e.g. whiteboard or shared screen).

    The next steps will help you prioritize the list – if needed – to tests that are highest value and lowest effort.

    1. Discuss where you have the greatest need to test. Assign a score of 0 – 3 for each test, with a score of 3 being high-need and a score of zero being low-need. Consider whether:
      • These applications have a low tolerance for downtime.
      • There’s a high chance of an outage, or recent experience with an outage.
      • There’s a need to train or cross-train staff on recovery for the system(s) in question.
      • Major changes require a review or validation of DR capabilities.
      • Audit requirements or customer/executive demands can be met via testing.
    2. Discuss which tests will require the least effort to complete – where readiness is high and tests are easier to do. Assign a score between 0 and 3 for each test, with a score of 3 being least effort and a score of 0 being high effort. Consider whether:
      • Recovery plans and recovery objectives are documented for these systems.
      • Technical experts are available to work on testing exercises.
      • For active testing, standby/sandbox systems are available and capable of supporting proposed tests.
      • The effort required to complete the test is low (e.g. minimal new work, few participants).
      • The risks related to testing are low.
      • You will need to secure additional funding.
    3. Sum together the assigned scores for each test. Higher scores should be the highest priority, but of course use your judgement to validate the results and select one or two tests to execute in the coming year.

    “There are different levels of testing and it is very progressive. I do not recommend my clients to do anything, unless they do it in a progressive fashion. Don’t try to do a live failover test with your users, right out of the box.”

    – Steve Tower
    Principal Consultant
    Prompta Consulting Group

    Input

    • Organizational and technical context

    Output

    • Prioritize list of DR testing ideas

    Participants

    • DR sponsor
    • Test coordinator

    04 Build a test plan

    3-5 days

    Building a test plan helps the test run smoothly and can uncover issues with the underlying DRP as you dig into the details.

    The test coordinator will own the plan document but will rely on the sponsor to confirm scope and goals, technical SMEs to develop system recovery plans, and business liaisons to create UAT scripts.

    Download Info-Tech’s Disaster Recovery Test Plan Template. Use the structure of the template to build your own document, deleting example data as you go. Consider saving a separate copy of this document as an example and working from a second copy.

    Key sections of the document include:

    • Goals, scenario, and scope of the test.
    • Assumptions, constraints, risks, and mitigation strategies.
    • Test participants.
    • Key pre-test milestones, and test-day schedule.
    • After-action review.

    Download the Disaster Recovery Test Plan Template

    Input

    • Scope
    • High-level goals

    Output

    • Test plan, including goals, scope, key milestones, risks and mitigations, and test-day schedule

    Participants

    • Test coordinator develops the plan with support from:
      • Technical SMEs
      • Business liaisons
      • DR sponsor

    05 Run an after-action review

    30-60 minutes

    Take time after test exercises – especially large-scale tests with many participants – to consider what went well, what didn’t, and where you can improve future testing exercises. Track lessons learned and next steps at the bottom of your test plan.

    1. Start with a short (5-10 minute) debrief of the test and allow participants to ask questions. Confirm:
      • Did we meet the goals we set for the exercise, including RTOs and RPOs?
      • What was done well? What issues, gaps, and risks were identified?
    2. Work through variations of the following questions:
      • Was the test plan effective, and was the test well organized?
      • Was the documentation effective? Where did we follow the plan as documented, and where did we deviate from the plan?
      • Was our communication/collaboration during the test effective?
      • Have gaps and issues found during the test been reported to the testing coordinator? Could some of the issues uncovered apply more broadly to other IT services as well?
      • What could we test next, based on what was discovered?
      • Are there other tools or approaches that could be useful?

    Input

    • Insights and experience from a recent testing exercise

    Output

    • Identified gaps and risks, and action items to address them
    • Ideas to improve future test exercises

    Participants

    • Test coordinator develops the plan with support from:
      • Test coordinator
      • Test participants

    Follow a testing cycle

    All tests are expected to drive actions to improve resilience, as appropriate. Experience from previous tests will be applied to future testing exercises.

    The testing cycle: 1. Plan a test, 2. Run test, 3. Take action.

    Use your experience to simplify testing

    The fifth testing exercise should be easier than the first

    Outputs and lessons learned from testing should help you run future tests.

    • With past experience under their belt, participants should have a better understanding of their role, and of their peers’ roles, and the goal of the exercise.
    • Facilitators will be more comfortable facilitating the exercise, and everyone should be more confident in the steps required to recover their systems.
    • Gather feedback from participants through after-action reviews to identify what worked and what didn’t.
    • Documentation from previous tests can provide a template for future tests.
    • Gaps identified in previous tests can provide ideas for future tests.

    Experience, lessons learned, improved process, new test targets, repeat.

    Info-Tech Insight

    Testing should get easier over time. But if you’re easily passing every test, it’s a sign that you’re ready to run more challenging tests.

    06 Create a test program summary

    2-4 hours

    Regular testing allows you to build on prior tests and helps keep plans current despite changes to your environment.

    Keeping a regular testing schedule requires expertise, a process to coordinate your efforts, and a level of governance to provide oversight and ensure testing continues to deliver value. Create a call to action using Info-Tech’s Disaster Recovery Testing Program Summary Template.

    The result is a summary document that:

    • Identifies key takeaways and testing goals
    • Presents key elements of the testing program
    • Outlines the testing cycle
    • Lists expected milestones for the next year
    • Identifies participants
    • Recommends next steps

    “It is extremely important in the early stages of development to concentrate the focus on actual recoverability and data protection, enhancing these capabilities over time into a fully matured program that can truly test the recovery, and not simply focusing on the testing process itself.”

    – Joe Starzyk
    Senior Business Development Executive
    IBM Global Services

    Research Contributors and Experts

    • Bernard A. Jones, Business Continuity & Disaster Recovery Expert
    • Robert Nardella, IT Service Management, Certified z/OS Mainframe Professional
    • Larry Liss, Chief Technology Officer, Blank Rome LLP
    • Jennifer Goshorn, Chief Administrative and Chief Compliance Officer, Gunderson Dettmer LLP
    • Paul Kirvan, FBCI, CISA, Independent IT Consultant/Auditor, Paul Kirvan Associates
    • Steve Tower, Principal Consultant, Prompta Consulting Group
    • Joe Starzyk, Senior Business Development Executive, IBM Global Services
    • Thomas Bronack, Enterprise Resiliency and Corporate Certification Consultant, DCAG
    • Paul S. Randal, CEO & Owner, SQLskills.com
    • Tom Baumgartner, Disaster Recovery Analyst, Catholic Health

    Bibliography

    Alton, Yoni. “Ransomware simulators – reality or a bluff?” Palo Alto Blog, 2 May 2022. Accessed 31 Jan 2023.
    https://www.paloaltonetworks.com/blog/security-operations/ransomware-simulators-reality-or-a-bluff/

    Brathwaite, Shimon. “How to Test your Business Continuity and Disaster Recovery Plan,” Security Made Simple, 13 Nov 2022. Accessed 31 Jan 2023.
    https://www.securitymadesimple.org/cybersecurity-blog/how-to-test-your-business-continuity-and-disaster-recovery-plan

    The Business Continuity Institute. Good Practice Guidelines: 2018 Edition. The Business Continuity Institute, 2017.

    Emigh, Jacqueline. “Disaster Recovery Testing: Ensuring Your DR Plan Works,” Enterprise Storage Forum, 28 May 2019. Accessed 31 Jan 2023.
    Disaster Recovery Testing: Ensuring Your DR Plan Works | Enterprise Storage Forum

    Gardner, Dana. "Case Study: Strategic Approach to Disaster Recovery and Data Lifecycle Management Pays off for Australia's SAI Global." ZDNet. BriefingsDirect, 26 Apr 2012. Accessed 31 Jan 2023.
    http://www.zdnet.com/article/case-study-strategic-approach-to-disaster-recovery-and-data-lifecycle-management-pays-off-for-australias-sai-global/.

    IBM. “Section 11. Testing the Disaster Recovery Plan.” IBM, 2 Aug 2021. Accessed 31 Jan 2023. Section 11. Testing the disaster recovery plan - IBM Documentation Lutkevich, Ben and Alexander Gillis. “Chaos Engineering”. TechTarget, Jun 2021. Accessed 31 Jan 2023.
    https://www.techtarget.com/searchitoperations/definition/chaos-engineering

    Monperrus, Martin. “Principles of Antifragility.” Arxiv Forum, 7 June 2017. Accessed 31 Jan 2023.
    https://arxiv.org/ftp/arxiv/papers/1404/1404.3056.pdf

    “Principles of Chaos Engineering.” Principles of Chaos Engineering, 2019 March. Accessed 31 Jan 2023.
    https://principlesofchaos.org/

    Sloss, Benjamin Treynor. “Introduction.” Site Reliability Engineering. Ed. Betsy Beyer. O’Reilly Media, 2017. Accessed 31 Jan 2023.
    https://sre.google/sre-book/introduction/

    Develop Meaningful Service Metrics

    • Buy Link or Shortcode: {j2store}399|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $20,308 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • IT organizations measure services from a technology perspective but rarely from a business goal or outcome perspective.
    • Most organizations do a poor job of identifying and measuring service outcomes over the duration of a service’s lifecycle – never ensuring the services remain valuable and meet expected long-term ROI.

    Our Advice

    Critical Insight

    • Service metrics are critical to ensuring alignment of IT service performance and business service value achievement.
    • Service metrics reinforce positive business and end-user relationships by providing user-centric information that drives responsiveness and consistent service improvement.
    • Poorly designed metrics drive unintended and unproductive behaviors that have negative impacts on IT and produce negative service outcomes.

    Impact and Result

    Effective service metrics will provide the following service gains:

    • Confirm service performance and identify gaps.
    • Drive service improvement to maximize service value.
    • Validate performance improvements while quantifying and demonstrating business value.
    • Ensure service reporting aligns with end-user experience.
    • Achieve and confirm process and regulatory compliance.

    Which will translate into the following relationship gains:

    • Embed IT into business value achievement.
    • Improve the relationship between the business and IT.
    • Achieve higher customer satisfaction (happier end users receiving expected service, the business is able to identify how things are really performing).
    • Reinforce desirable actions and behaviors from both IT and the business.

    Develop Meaningful Service Metrics Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop meaningful service metrics, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Develop Meaningful Service Metrics – Executive Brief
    • Develop Meaningful Service Metrics – Phases 1-3

    1. Design the metrics

    Identify the appropriate service metrics based on stakeholder needs.

    • Develop Meaningful Service Metrics to Ensure Business and User Satisfaction – Phase 1: Design the Metrics
    • Metrics Development Workbook

    2. Design reports and dashboards

    Present the right metrics in the most interesting and stakeholder-centric way possible.

    • Develop Meaningful Service Metrics to Ensure Business and User Satisfaction – Phase 2: Design Reports and Dashboards
    • Metrics Presentation Format Selection Guide

    3. Implement, track, and maintain

    Run a pilot with a smaller sample of defined service metrics, then continuously validate your approach and make refinements to the processes.

    • Develop Meaningful Service Metrics to Ensure Business and User Satisfaction – Phase 3: Implement, Track, and Maintain
    • Metrics Tracking Tool
    [infographic]

    Workshop: Develop Meaningful Service Metrics

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Design the Metrics

    The Purpose

    Define stakeholder needs for IT based on their success criteria and identify IT services that are tied to the delivery of business outcomes.

    Derive meaningful service metrics based on identified IT services and validate that metrics can be collected and measured.

    Key Benefits Achieved

    Design meaningful service metrics from stakeholder needs.

    Validate that metrics can be collected and measured.

    Activities

    1.1 Determine stakeholder needs, goals, and pain points.

    1.2 Determine the success criteria and related IT services.

    1.3 Derive the service metrics.

    1.4 Validate the data collection process.

    1.5 Validate metrics with stakeholders.

    Outputs

    Understand stakeholder priorities

    Adopt a business-centric perspective to align IT and business views

    Derive meaningful business metrics that are relevant to the stakeholders

    Determine if and how the identified metrics can be collected and measured

    Establish a feedback mechanism to have business stakeholders validate the meaningfulness of the metrics

    2 Design Reports and Dashboards

    The Purpose

    Determine the most appropriate presentation format based on stakeholder needs.

    Key Benefits Achieved

    Ensure the metrics are presented in the most interesting and stakeholder-centric way possible to guarantee that they are read and used.

    Activities

    2.1 Understand the different presentation options.

    2.2 Assess stakeholder needs for information.

    2.3 Select and design the metric report.

    Outputs

    Learn about infographic, scorecard, formal report, and dashboard presentation options

    Determine how stakeholders would like to view information and how the metrics can be presented to aid decision making

    Select the most appropriate presentation format and create a rough draft of how the report should look

    3 Implement, Track, and Maintain Your Metrics

    The Purpose

    Run a pilot with a smaller sample of defined service metrics to validate your approach.

    Make refinements to the implementation and maintenance processes prior to activating all service metrics.

    Key Benefits Achieved

    High user acceptance and usability of the metrics.

    Processes of identifying and presenting metrics are continuously validated and improved.

    Activities

    3.1 Select the pilot metrics.

    3.2 Gather data and set initial targets.

    3.3 Generate the reports and validate with stakeholders.

    3.4 Implement the service metrics program.

    3.5 Track and maintain the metrics program.

    Outputs

    Select the metrics that should be first implemented based on urgency and impact

    Complete the service intake form for a specific initiative

    Create a process to gather data, measure baselines, and set initial targets

    Establish a process to receive feedback from the business stakeholders once the report is generated

    Identify the approach to implement the metrics program across the organization

    Set up mechanism to ensure the success of the metrics program by assessing process adherence and process validity

    Further reading

    Develop Meaningful Service Metrics

    Select IT service metrics that drive business value.

    ANALYST PERSPECTIVE

    Are you measuring and reporting what the business needs to know?

    “Service metrics are one of the key tools at IT’s disposal in articulating and ensuring its value to the business, yet metrics are rarely designed and used for that purpose.

    Creating IT service metrics directly from business and stakeholder outcomes and goals, written from the business perspective and using business language, is critical to ensuring that the services that IT provides are meeting business needs.

    The ability to measure, manage, and improve IT service performance in relation to critical business success factors, with properly designed metrics, embeds IT in the value chain of the business and ensures IT’s focus on where and how it enables business outcomes.”

    Valence Howden,
    Senior Manager, CIO Advisory
    Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:
    • CIO
    • IT VPs
    		 This Research Will Help You:
    • Align business/IT objectives (design top-down or outside-in)
    • Significantly improve the relationship between the business and IT aspects of the organization
    • Reinforce desirable actions and behaviors
    This Research Will Also Assist:
    • Service Level Managers
    • Service Owners
    • Program Owners
    		 This Research Will Help Them
    • Identify unusual deviations from the normal operating state
    • Drive service improvement to maximize service value
    • Validate the value of performance improvements while quantifying and demonstrating benefits realization

    Executive summary

    Situation

    • IT organizations measure services from a technology perspective yet rarely measure services from a business goal/outcome perspective.
    • Most organizations do a poor job of identifying and measuring service outcomes over the duration of a service’s lifecycle – never ensuring the services remain valuable and meet expected long-term ROI.

    Complication

    • IT organizations have difficulty identifying the right metrics to demonstrate the value of IT services to the business in tangible terms.
    • IT metrics, as currently designed, reinforce division between the IT and business perspectives of service performance. They drive siloed thinking and finger-pointing within the IT structure, and prevent IT resources from understanding how their work impacts business value.

    Resolution

    • Our program enables IT to develop the right service metrics to tie IT service performance to business value and user experience.
    • Ensure the metrics you implement have immediate stakeholder value, reinforcing alignment between IT and the business while influencing behavior in the desired direction.
    • Make sure that your metrics are defined in relation to the business goals and drivers, ensuring they will provide actionable outcomes.

    Info-Tech Insight

    1. Service metrics are critical to ensuring alignment of IT service performance and business service value achievement.
    2. Service metrics reinforce positive business and end-user relationships by providing user-centric information that drives responsiveness and consistent service improvement.
    3. Poorly designed metrics drive unintended and unproductive behaviors, which have negative impacts on IT and produce negative service outcomes.

    Service metrics 101

    What are service metrics?

    Service metrics measure IT services in a way that relates to a business outcome. IT needs to measure performance from the business perspective using business language.

    		Why do we need service metrics?

    To ensure the business cares about the metrics that IT produces, start with business needs to make sure you’re measuring the right things. This will give IT the opportunity talk to the right stakeholders and develop metrics that will meet their business needs.

    Service metrics are designed with the business perspective in mind, so they are fully aligned with business objectives.

    Perspectives Matter

    Different stakeholders will require different types of metrics. A CEO may require metrics that provide a snapshot of the critical success of the company while a business manager is more concerned about the performance metrics of their department.

    		What are the benefits of implementing service metrics?

    Service metrics help IT communicate with the business in business terms and enables IT to articulate how and where they provide business value. Business stakeholders can also easily understand how IT services contribute to their success.

    The majority of CIOs feel metrics relating to business value and stakeholder satisfaction require significant improvement

    A significantly higher proportion of CIOs than CEOs feel that there is significant improvement necessary for business value metrics and stakeholder satisfaction reporting. Stacked horizontal bar chart presenting survey results from CIOs and CXOs of 'Business Value Metrics'. Answer options are 'Effective', 'Some Improvement Necessary', 'Significant Improvement Necessary', and 'Not Required'.N=364

    Stacked horizontal bar chart presenting survey results from CIOs and CXOs of 'Stakeholder Satisfaction Reporting'. Answer options are 'Effective', 'Some Improvement Necessary', 'Significant Improvement Necessary', and 'Not Required'.N=364

    (Source: Info-Tech CIO-CXO Alignment Diagnostic Survey)

    Meaningless metrics are a headache for the business

    A major pitfall of many IT organizations is that they often provide pages of technical metrics that are meaningless to their business stakeholders.

    1. Too Many MetricsToo many metrics are provided and business leaders don’t know what to do with these metrics.
    2. Metrics Are Too TechnicalIT provides technical metrics that are hard to relate to business needs, and methods of calculating metrics are not clearly understood, articulated, and agreed on.
    3. Metrics Have No Business ValueService metrics are not mapped to business goals/objectives and they drive incorrect actions or spend.
    		 When considering only CEOs who said that stakeholder satisfaction reporting needed significant improvement, the average satisfaction score goes down to 61.6%, which is a drop in satisfaction of 12%.

    A bar that says 73% dropping to a bar that says 61%. Description above.

    (Source: Info-Tech Research Group CIO-CXO Alignment Diagnostic Survey)

    Poorly designed metrics hurt IT’s image within the organization

    By providing metrics that do not articulate the value of IT services, IT reinforces its role as a utility provider and an outsider to strategic decisions.

    When the CIOs believe business value metrics weren’t required, 50% of their CEOs said that significant improvements were necessary.

    Pie Chart presenting the survey results from CEOs regarding 'Business Value Metrics'. Description above.

    (Source: Info-Tech Research Group CIO-CXO Alignment Diagnostic Survey)
    1. Reinforce the wrong behaviorThe wrong metrics drive us-against-them, siloed thinking within IT, and meeting metric targets is prioritized over providing meaningful outcomes.
    2. Do not reflect user experienceMetrics don’t align with actual business/user experience, reinforcing a poor view of IT services.
    3. Effort ≠ ValueInvesting dedicated resources and effort to the achievement of the wrong metrics will only leave IT more constrained for other important initiatives.

    Articulate meaningful service performance that supports the achievement of business outcomes

    Service metrics measure the performance of IT services and how they enable or drive the activity outcomes.

    A business process consists of multiple business activities. In many cases, these business activities require one or more supporting IT services.

    A 'Business Process' broken down to its parts, multiple 'Business Activities' and their 'IT Services'. For each business process, business stakeholders and their goals and objectives should be identified.

    For each business activity that supports the completion of a business process, define the success criteria that must be met in order to produce the desirable outcome.

    Identify the IT services that are used by business stakeholders for each business activity. Measure the performance of these services from a business perspective to arrive at the appropriate service metrics.

    Differentiate between different types of metrics

    Stakeholders have different goals and objectives; therefore, it is critical to identify what type of metrics should be presented to each stakeholder.

    Business Metrics

    Determine Business Success

    Business metrics are derived from a pure business perspective. These are the metrics that the business stakeholders will measure themselves on, and business success is determined using these metrics.

    Arrow pointing right.

    		Service Metrics

    Manage Service Value to the Business

    Service metrics are used to measure IT service performance against business outcomes. These metrics, while relating to IT services, are presented in business terms and are tied to business goals.

    Arrow pointing right.

    		IT Metrics

    Enable Operational Excellence

    IT metrics are internal to the IT organization and used to manage IT service delivery. These metrics are technical, IT-specific, and drive action for IT. They are not presented to the business, and are not written in business language.

    Implementing service metrics is a key step in becoming a service provider and business partner

    As a prerequisite, IT organizations must have already established a solid relationship with the business and have a clear understanding of its critical business-facing services.

    At the very least, IT needs to have a service-oriented view and understand the specific needs and objectives associated with each stakeholder.

    Visualization of 'Business Relationship Management' with an early point on the line representing 'Service Provider: Establish service-oriented culture and business-centric service delivery', and the end of the line being 'Strategic Partner'.

    Once IT can present service metrics that the business cares about, it can continue on the service provider journey by managing the performance of services based on business needs, determine and influence service demand, and assess service value to maximize benefits to the business.

    Which processes drive service metrics?

    Both business relationship management (BRM) and service level management (SLM) provide inputs into and receive outputs from service metrics.

    Venn Diagram of 'Business Relationship Management', 'Service Metrics', and 'Service Level Management'.

    Business Relationship Management

    BRM works to understand the goals and objectives of the business and inputs them into the design of the service metrics.

    Service Metrics

    BRM leverages service metrics to help IT organizations manage the relationship with the business.

    BRM articulates and manages expectations and ensures IT services are meeting business requirements.

    Which processes drive service metrics?

    Both BRM and SLM provide inputs into and receive outputs from service metrics.

    Venn Diagram of 'Business Relationship Management', 'Service Metrics', and 'Service Level Management'.

    Service Level Management

    SLM works with the business to understand service requirements, which are key inputs in designing the service metrics.

    Service Metrics

    SLM leverages service metrics in overseeing the day-to-day delivery of IT services. It ensures they are provided to meet expected service level targets and objectives.

    Effective service metrics will deliver both service gains and relationship gains

    Effective service metrics will provide the following service gains:

    • Confirm service performance and identify gaps
    • Drive service improvement to maximize service value
    • Validate performance improvements while quantifying and demonstrating business value
    • Ensure service reporting aligns with end-user experience
    • Achieve and confirm process and regulatory compliance
        Which will translate into the following relationship gains:
        • Embed IT into business value achievement
        • Improve relationship between the business and IT
        • Achieve higher customer satisfaction (happier end users receiving expected service, the business is able to identify how things are really performing)
        • Reinforce desirable actions and behaviors from both IT and the business

    Don’t let conventional wisdom become your roadblock

    Conventional Wisdom

    Info-Tech Perspective
    Metrics are measured from an application or technology perspective Metrics need to be derived from a service and business outcome perspective.
    The business doesn’t care about metrics Metrics are not usually designed to speak in business terms about business outcomes. Linking metrics to business objectives creates metrics that the business cares about.
    It is difficult to have a metrics discussion with the business It is not a metrics/number discussion, it is a discussion on goals and outcomes.
    Metrics are only presented for the implementation of the service, not the ongoing outcome of the service IT needs to focus on service outcome and not project outcome.
    Quality can’t be measured Quality must be measured in order to properly manage services.

    Our three-phase approach to service metrics development

    Let Info-Tech guide you through your service metrics journey

    1

    2

    3
    Design Your Metrics Develop and Validate Reporting Implement, Track, and Maintain
    Sample of Phase 1 of Info-Tech's service metric development package, 'Design Your Metrics'. Sample of Phase 2 of Info-Tech's service metric development package, 'Develop and Validate Reporting'. Sample of Phase 3 of Info-Tech's service metric development package, 'Implement, Track, and Maintain'.
    Start the development and creation of your service metrics by keeping business perspectives in mind, so they are fully aligned with business objectives. Identify the most appropriate presentation format based on stakeholder preference and need for metrics. Track goals and success metrics for your service metrics programs. It allows you to set long-term goals and track your results over time.

    CIOs must actively lead the design of the service metrics program

    The CIO must actively demonstrate support for the service metrics program and lead the initial discussions to determine what matters to business leaders.

    1. Lead the initiative by defining the need
      Show visible support and demonstrate importance
    2. Articulate the value to both IT and the business
      Establish the urgency and benefits
    3. Select and assemble an implementation group
      Find the best people to get the job done
    4. Drive initial metrics discussions: goals, objectives, actions
      Lead brainstorming with senior business leaders
    5. Work with the team to determine presentation formats and communication methods
      Identify the best presentation approach for senior stakeholders
    6. Establish a feedback loop for senior management
      Solicit feedback on improvements
    7. Validate the success of the metrics
      Confirm service metrics support business outcomes

    Measure the success of your service metrics

    It is critical to determine if the designed service metrics are fulfilling their intended purpose. The process of maintaining the service metrics program and the outcomes of implementing service metrics need to be monitored and tracked.

    Validating Service Metrics Design

    Target Outcome

    Related Metrics
    The business is enabled to identify and improve service performance to their end customer # of improvement initiatives created based on service metrics
    $ cost savings/revenue generated due to actions derived from service metrics

    Procedure to validate the usefulness of IT metrics

    # / % of service metrics added/removed per year

    Alignment between IT and business objectives and processes Business’ satisfaction with IT

    Measure the success of your service metrics

    It is critical to determine if the designed service metrics are fulfilling their intended purpose. The process of maintaining the service metrics program and the outcomes of implementing service metrics need to be monitored and tracked.

    Validating Service Metrics Process

    Target Outcome

    Related Metrics

    Properly defined service metrics aligned with business goals/outcomes
    Easy understood measurement methodologies    		% of services with (or without) defined service metrics

    % of service metrics tied to business goals

    Consistent approach to review and adjust metrics# of service metrics adjusted based on service reviews

    % of service metrics reviewed on schedule

    Demonstrate monetary value and impact through the service metrics program

    In a study done by the Aberdeen Group, organizations engaged in the use of metrics benchmarking and measurement have:
    • 88% customer satisfaction rate
    • 60% service profitability
    • 15% increase in workforce productivity over the last 12 months

    Stock image of a silhouette of three people's head and shoulders.
    (Source: Aberdeen Group. “Service Benchmarking and Measurement.”)

    		A service metric is defined for: “Response time for Business Application A

    The expected response time has not been achieved and this is visible in the service metrics. The reduced performance has been identified as having an impact of $250,000 per month in lost revenue potential.

    The service metric drove an action to perform a root-cause analysis, which identified a network switch issue and drove a resolution action to fix the technology and architect redundancy to ensure continuity.

    The fix eliminated the performance impact, allowing for recovery of the $250K per month in revenue, improved end-user confidence in the organization, and increased use of the application, creating additional revenue.

    Implementing and measuring a video conferencing service

    CASE STUDY
    Industry: Manufacturing | Source: CIO interview and case material
    Situation

    The manufacturing business operates within numerous countries and requires a lot of coordination of functions and governance oversight. The company has monthly meetings, both regional and national, and key management and executives travel to attend and participate in the meetings.

    Complication

    While the meetings provide a lot of organizational value, the business has grown significantly and the cost of business travel has started to become prohibitive.

    Action

    It was decided that only a few core meetings would require onsite face-to-face meetings, and for all other meetings, the company would look at alternative means. The face-to-face aspect of the meetings was still considered critical so they focused on options to retain that aspect.

    The IT organization identified that they could provide a video conferencing service to meet the business need. The initiative was approved and rolled out in the organization.

    Result:

    IT service metrics needed to be designed to confirm that the expected value outcome of the implementation of video conferencing was achieved.

    Under the direction of the CIO, the business goals and needs driving use of the service (i.e. reduction in travel costs, efficiency, no loss of positive outcome) were used to identify success criteria and key questions to confirm success.

    With this information, the service manager was able to implement relevant service metrics in business language and confirmed an 80% adoption rate and a 95% success rate in term meetings running as expected and achieving core outcomes.

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Develop meaningful service metrics to ensure business and user satisfaction

    1. Design the Metrics 2. Design Reports and Dashboards 3. Implement, Track, and Maintain
    Supporting Tool icon

    Best-Practice Toolkit
    1. Defining stakeholder needs for IT based on their success criteria
    2. Derive meaningful service metrics based on identified IT services and validate with business stakeholders
    3. Validate metrics can be collected and measured
    4. Determine calculation methodology
    1. Presentation format selected based on stakeholder needs and preference for information
    2. Presentation format validated with stakeholders
    1. Identify metrics that will be presented first to the stakeholders based on urgency or impact of the IT service
    2. Determine the process to collect data, select initial targets, and integrate with SLM and BRM functions
    3. Roll out the metrics implementation for a broader audience
    4. Establish roles and timelines for metrics maintenance

    Guided Implementations
    • Design metrics based on business needs
    • Validate the metrics
    • Select presentation format
    • Review metrics presentation design
    • Select and implement pilot metrics
    • Determine rollout process and establish maintenance/tracking mechanism
    Associated Activity icon

    Onsite Workshop

    		 Module 1:
    Derive Service Metrics From Business Goals     		Module 2:
    Select and Design Reports and Dashboards     		Module 3:
    Implement, Track, and Maintain Your Metrics to Ensure Success
    Phase 1 Outcome:
    • Meaningful service metrics designed from stakeholder needs
    		 Phase 2 Outcome:
    • Appropriate presentation format selected for each stakeholder
    		 Phase 3 Outcome:
    • Metrics implemented and process established to maintain and track program success

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.
    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Design the Metrics
    Determine Presentation Format and Implement Metrics
    Gather Service Level Requirements
    Monitor and Improve Service Levels

    Activities
    • 1.1 Determine stakeholder needs
    • 1.2 Determine success criteria and key performance indicators
    • 1.3 Derive metrics
    • 1.4 Validate the metric collection
    • 2.1 Discuss stakeholder needs/preference for data and select presentation format
    • 2.2 Select and design the metric report
    • Requirements
    • 3.1 Determine the business requirements
    • 3.2 Negotiate service levels
    • 3.3 Align operational level agreements (OLAs) and supplier contracts
    • 4.1 Conduct service report and perform service review
    • 4.2 Communicate service review
    • 4.3 Remediate issues using action plan
    • 4.4 Proactive prevention

    Deliverables
    1. Metrics Development Workbook
    1. Metrics Presentation Format Selection Guide
    2. Metrics Tracking Tool
    1. Service Level Management SOP
    2. Service Level Agreement
    1. Service Level Report
    2. Service Level Review
    3. Business Satisfaction Report

    Develop Meaningful Service Metrics to Ensure Business and User Satisfaction

    PHASE 1

    Design the Metrics

    Step (1): Design the Metrics

    PHASE 1 PHASE 2 PHASE 3

    1.1

    Derive the Service Metrics

    1.2

    Validate the Metrics

    2.1

    Determine Reporting Format

    3.1

    Select Pilot Metrics

    3.2

    Activate and Maintain Metrics

    This step involves the following participants:

    • CIO
    • Business Relationship Manager (BRM)
    • Service Level Manager (SLM)

    Outcomes of this step

    • Defined stakeholder needs for IT based on their success criteria
    • Identified IT services that are tied to the delivery of business outcomes
    • Derived meaningful service metrics based on identified IT services and validated with business stakeholders
    • Validated that metrics can be collected and measured
    • Determined calculation methodology

    Phase 1 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Design the Metrics

    Proposed Time to Completion (in weeks): 4 weeks
    Step 1.1: Design Metrics Step 1.2: Validate the Metrics
    Start with an analyst kick-off call:
    • Determine the stakeholder and their needs
    • Identify IT services that are tied to the delivery of business outcomes
    • Derive the service metrics
    		 Review findings with analyst:
    • For the selected metrics, identify the data source for collection
    • Validate whether or not the data can be created
    • Create a calculation method for the metrics
    Then complete these activities…
    • Using the methodology provided, identify additional stakeholders and map out their success criteria, including KPIs to determine the appropriate service metrics
    		 Then complete these activities…
    • Determine whether the designed metrics are measurable, and if so, how
    With these tools & templates:
    • Metrics Development Workbook
    		 With these tools & templates:
    • Metrics Development Workbook

    Design your service metrics – overview

    Figure representing 'CIO'. Step 1
    Derive your service metrics

    Metrics Worksheet

    		Figure representing 'SLM' and/or 'BRM'. Step 2
    Validate your metrics

    Metrics Worksheet

    		Figures representing 'CIO', 'SLM', and/or 'BRM'. Step 3
    Confirm with stakeholders

    Metrics Tracking Sheet

    		A star.

    Defined IT Service Metrics

    Deriving the right metrics is critical to ensuring that you will generate valuable and actionable service metrics.

    Derive your service metrics from business objectives and needs

    Service metrics must be designed with the business perspective in mind so they are fully aligned with business objectives.

    Thus, IT must start by identifying specific stakeholder needs. The more IT understands about the business, the more relevant the metrics will be to the business stakeholders.

    1. Who are your stakeholders?
    2. What are their goals and pain points?
    3. What do the stakeholders need to know?
    4. What do I need to measure?
    5. Derive your service metrics

    Derive your service metrics

    Supporting Tool icon 1.1 Metrics Development Workbook

    This workbook guides the development and creation of service metrics that are directly tied to stakeholder needs.

    This process will ensure that your service metrics are designed with the business perspective in mind so they are fully aligned with business objectives.

    1. Who are the relevant stakeholders?
    2. What are the goals and pain points of your stakeholders?
    3. What do the stakeholders need to know?
    4. What does IT need to measure?
    5. What are the appropriate IT metrics?

    Download the Metrics Development Workbook.

    		Sample of Info-Tech's Metrics Development Workbook.

    Determine your stakeholders

    Supporting Tool icon 1.1 0.5 Hour

    Who are your stakeholders?

    1. Identify the primary stakeholders of your service metrics. Stakeholders are the people who have a very specific need to know about how IT services affect their business outcomes. Different stakeholders can have different perspective on the same IT service metric.Most often, the primary target of service metrics are the business stakeholders, e.g. VP of a business unit.
    2. Identify any additional stakeholders. The CIO is also a stakeholder since they are effectively the business relationship manager for the senior leaders.

    Video Conferencing Case Study
    Manufacturing company

    For this phase, we will demonstrate how to derive the service metrics by going through the steps in the methodology.

    At a manufacturing company, the CIO’s main stakeholder is the CEO, whose chief concern is to improve the financial position of the company.

    Identify goals and pain points of your stakeholders

    Supporting Tool icon 1.2 0.5 Hour

    What are their goals and pain points?

    1. Clearly identify each stakeholder’s business goals and outcomes. These would be particular business goals related to a specific business unit.
    2. Identify particular pain points for each business unit to understand what is preventing them from achieving the desirable business outcome.

    VC Case Study

    One of the top initiatives identified by the company to improve financial performance was to reduce expense.

    Because the company has several key locations in different states, company executives used to travel extensively to carry out meetings at each location.

    Therefore, travel expenses represent a significant proportion of operational expenses and reducing travel costs is a key goal for the company’s executives.

    What do the stakeholders need to know?

    Supporting Tool icon 1.3 0.5 Hour

    What do the stakeholders need to know?

    1. Identify the key things that the stakeholders would need to know based on the goals and pain points derived from the previous step.These are your success criteria and must be met to successfully achieve the desired goals.

    VC Case Study

    The CEO needs to have assurance that without executives traveling to each location, remote meetings can be as effective as in-person meetings.

    These meetings must provide the same outcome and allow executives to collaborate and make similar strategic decisions without the onsite, physical presence.

    Therefore, the success criteria are:

    • Reduced travel costs
    • Effective collaboration
    • High-quality meetings

    What do I need to measure?

    Supporting Tool icon 1.4 1 Hour

    What does IT need to measure?

    1. Identify the IT services that are leveraged to achieve the business goals and success criteria.
    2. Identify the users of those services and determine the nature of usage for each group of users.
    3. Identify the key indicators that must be measured for those services from an IT perspective.

    VC Case Study

    The IT department decides to implement the video conferencing service to reduce the number of onsite meetings. This technology would allow executives to meet remotely with both audio and video and is the best option to replicate a physical meeting.

    The service is initially available to senior executives and will be rolled out to all internal users once the initial implementation is deemed successful.

    To determine the success of the service, the following needs to be measured:

    1. Outcomes of VC meetings
    2. Quality of the VC meetings
    3. Reduction in travel expenses

    Derive service metrics

    Supporting Tool icon 1.5 0.5 Hour

    Derive your service metrics

    1. Derive the service metrics that are meaningful to business stakeholders based on the IT services and the key indicators identified in the previous steps.
    2. Distinguish between service metrics and business metrics. You may identify some business metrics in addition to the IT metrics, and although these are important, IT doesn’t own the process of tracking and reporting business metrics.

    VC Case Study

    In the previous step, IT identified that it must measure the outcomes of VC meetings, quality of the VC meetings, and the reduction in travel expenses. From these, the appropriate service metrics can be derived to answer the needs of the CEO.

    IT needs to measure:

    1. Percent of VC meetings successfully delivered
    2. Growth of number of executive meetings conducted via VC
    Outcomes

    IT also identified the following business metrics:

    1. Reduction in percent of travel expense/spend
    2. Reduction in lost time due to travel

    Validate your metrics

    Once appropriate service metrics are derived from business objectives, the next step is to determine whether or not it is viable to actually measure the metrics.

    Can you measure it? The first question IT must answer is whether the metric is measurable. IT must identify the data source, validate its ability to collect the data, and specify the data requirement. Not all metrics can be measured!
    How will you measure it? If the metric is measurable, the next step is to create a way to measure the actual data. In most cases, simple formulas that can be easily understood are the best approach.
    Define your actions Metrics must be used to drive or reinforce desirable outcomes and behaviors. Thus, IT must predetermine the necessary actions associated with the different metric levels, thresholds, or trends.

    Determine if you can measure the identified metric

    Supporting Tool icon 1.6 0.5 Hour

    INSTRUCTIONS

    1. Determine what data sources are available. Make sure that you know where the information you need is captured, or will need to be captured. This would include:
      • A ticket/request system
      • An auto discovery tool
      • A configuration management database ( CMDB)
    2. Confirm that IT has the ability to collect the information.
      • If the necessary data is already contained in an identified data source, then you can proceed.
      • If not, consider whether it’s possible to gather the information using current sources and systems.
      • Understand the constraints and cost/ROI to implement new technology or revise processes and data gathering to produce the data.

    VC Case Study

    Using the metric derived from the video conferencing service example, IT wants to measure the % of VC meetings successfully delivered.

    What are the data sources?

    • Number of VC meetings that took place
    • Number of service incidents
    • User survey

    Determine if you can measure the identified metric

    Supporting Tool icon 1.6 0.5 Hour

    INSTRUCTIONS

    1. Understand your data requirements
      • To produce relevant metrics from your data, you need to ensure the level of quality and currency that provides you with useful information. You need to define:
        • The level of detail that has to be captured to make the data useful.
        • The consistency of the data, and how it needs to be entered or gathered.
        • The accuracy of the data. This includes how current the data needs to be, how quickly changes have to be made, and how data quality will be verified.

    VC Case Study

    Data requirement for percent of successful VC meetings:

    • Level of detail – user category, location, date/time,
    • Consistency – how efficiently are VC-related incidents opened and closed? Is the data collected and stored consistently?
    • Accuracy – is the information entered accurately?

    Create the calculation to measure it

    Supporting Tool icon 1.7 0.5 Hour

    Determine how to calculate the metrics.

    INSTRUCTIONS
    1. Develop the calculations that will be used for each accepted metric. The measurement needs to be clear and straightforward.
    2. Define the scope and assumptions for each calculation, including:
      • The defined measurement period (e.g. monthly, weekly)
      • Exclusions (e.g. nonbusiness hours, during maintenance windows)

    VC Case Study

    Metric: Percent of VC meetings delivered successfully

    IT is able to determine the total number of VC meetings that took place and the number of VC service requests to the help desk.

    That makes it possible to use the following formula to determine the success percentage of the VC service:

    ((total # VC) – (# of VC with identified incidents)) / (total # VC) * 100

    Define the actions to be taken for each metric

    Supporting Tool icon 1.7 1.5 Hour

    INSTRUCTIONS

    Centered on the defined metrics and their calculations, IT can decide on the actions that should be driven out of each metric based on one of the following scenarios:
    • Scenario 1: Ad hoc remedial action and root-cause investigation. If the reason for the result is unknown, determining root cause or identifying trends is required to determine required actions.
    • Scenario 2: Predefined remedial action. A set of predetermined actions associated with different results. This is useful when the meaning of the results is clear and points to specific issues within the environment.
    • Scenario 3: Nonremedial action. The metrics may produce a result that reinforces or supports company direction and strategy, or identifies an opportunity that may drive a new initiative or idea.

    VC Case Study

    If the success rate of the VC meetings is below 90%, IT needs to focus on determining if there is a common cause and identify if this is a consistent downward trend.

    A root-cause analysis is performed that identifies that network issues are causing difficulties, impacting the connection quality and usability of the VC service.

    Validate the confirmed metrics with the business

    Supporting Tool icon 1.8 1 Hour

    INPUT: Selected service metrics, Discussion with the business

    OUTPUT: Validated metrics with the business

    Materials: Metrics with calculation methodology

    Participants: IT and business stakeholders, Service owners

    INSTRUCTIONS

    1. Once you have derived the appropriate metrics and established that the metrics are measurable, you must go back to the targeted stakeholders and validate that the selected metrics will provide the right information to meet their identified goals and success criteria.
    2. Add confirmed metrics to the Metrics Tracking Tool, in the Metrics Tracking Plan tab.
    Service Metric Corresponding
    Business Goal     		Measurement
    Method     		Defined Actions

    Example: Measuring the online banking service at a financial institution

    Who are IT’s stakeholders? The financial institution provides various banking solutions to its customers. Retail banking is a core service offered by the bank and the VP of retail banking is a major stakeholder of IT.
    What are their goals and pain points? The VP of retail banking’s highest priorities are to increase revenue, increase market share, and maintain the bank’s brand and reputation amongst its customers.
    What do they need to know? In order to measure success, the VP of retail banking needs to determine performance in attracting new clients, retaining clients, expanding into new territory, and whether they have increased the number of services provided to existing clients.
    What does IT need to measure? The recent implementation of an online banking service is a key initiative that will keep the bank competitive and help retail banking meet its goals. The key indicators of this service are: the total number of clients, the number of products per client, percent of clients using online banking, number of clients by segment, service, territory.
    Derive the service metrics Based on the key indicators, IT can derive the following service metrics:
    1. Number of product applications originated from online banking
    2. Customer satisfaction/complaints
    As part of the process, IT also identified some business metrics, such as the number of online banking users per month or the number of times a client accesses online banking per month.

    Design service metrics to track service performance and value

    CASE STUDY
    Industry: Manufacturing | Source: CIO
    Challenge Solution Results
    The IT organization needed to generate metrics to show the business whether the video conferencing service was being adopted and if it was providing the expected outcome and value.

    Standard IT metrics were technical and did not provide a business context that allowed for easy understanding of performance and decision making.

    		The IT organization, working through the CIO and service managers, sat down with the key business stakeholders of the video conferencing service.

    They discussed the goals for the meeting and defined the success criteria for those goals in the context of video conference meeting outcomes.

    The success criteria that were discussed were then translated into a set of questions (key performance indicators) that if answered, would show that the success criteria were achieved.

    		The service manager identified what could be measured to answer the defined questions and eliminated any metrics that were either business metrics or non-IT related.

    The remaining metrics were identified as the possible service metrics, and the ability to gather the information and produce the metric was confirmed.

    Service metrics were defined for:

    1. Percent of video conference meetings delivered successfully
    2. Growth in the number of executive meetings conducted via video conference

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of Valence Howden, Senior Manager, CIO Advisory, Info-Tech Research Group.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1

    		 Sample of activity 1.1 'Determine your stakeholders'. Determine stakeholder needs, goals, and pain points

    The onsite analyst will help you select key stakeholders and analyze their business objectives and current pain points.

    1.2

    		 Sample of activity 1.2 'Identify goals and pain points of your stakeholders'. Determine the success criteria and related IT services

    The analyst will facilitate a discussion to uncover the information that these stakeholders care about. The group will also identify the IT services that are supporting these objectives.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    1.5

    		 Sample of activity 1.5 'Derive service metrics'. Derive the service metrics

    Based on the key performance indicators obtained in the previous page, derive meaningful business metrics that are relevant to the stakeholders.

    1.6

    		 Sample of activity 1.6 'Determine if you can measure the identified metric'. Validate the data collection process

    The analyst will help the workshop group determine whether the identified metrics can be collected and measured. If so, a calculation methodology is created.

    1.7

    		 Sample of activity 1.7 'Create the caluclation to measure it'. Validate metrics with stakeholders

    Establish a feedback mechanism to have business stakeholders validate the meaningfulness of the metrics.

    Develop Meaningful Service Metrics to Ensure Business and User Satisfaction

    PHASE 2

    Design Reports and Dashboards

    Step (2): Design Reports and Dashboards

    PHASE 1PHASE 2PHASE 3

    1.1

    Derive the Service Metrics

    1.2

    Validate the Metrics

    2.1

    Determine Reporting Format

    3.1

    Select Pilot Metrics

    3.2

    Activate and Maintain Metrics

    This step involves the following participants:

    • Business Relationship Manager
    • Service Level Manager
    • Business Stakeholders

    Outcomes of this step

    • Presentation format selected based on stakeholder needs and preference for information
    • Presentation format validated with stakeholders

    Phase 2 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Design Reports and Dashboards

    Proposed Time to Completion (in weeks): 3 weeks
    Step 2.1: Select Presentation Format Step 2.2: Review Design
    Start with an analyst kick-off call:
    • Review the different format of metrics presentation and discuss the pros/cons of each format
    • Discuss stakeholder needs/preference for data
    • Select the presentation format
    		 Review findings with analyst:
    • Discuss stakeholder feedback based on selected presentation format
    • Modify and adjust the presentation format as needed
    Then complete these activities…
    • Design the metrics using the selected format
    		 Then complete these activities…
    • Finalize the design for metrics presentation
    With these tools & templates:
    • Metrics Presentation Format Selection Guide
    		 With these tools & templates:
    • Metrics Presentation Format Selection Guide

    Design the reports – overview

    Figure representing 'SLM' and/or 'BRM'. Step 1
    Understand the pros and cons of different reporting styles     		Figure representing 'SLM' and/or 'BRM'. Step 2
    Determine your reporting and presentation style

    Presentation Format Selection

    		Figure representing 'SLM' and/or 'BRM'. Step 3
    Design your metrics reports     		A star.

    Validated Service Reports

    The design of service metrics reporting is critically important. The reporting style must present the right information in the most interesting and stakeholder-centric way possible to ensure that it is read and used.

    The reports must also display information in a way that generates actions. If your stakeholders cannot make decisions, kick off activities, or ask questions based on your reports, then they have no value.

    Determine the right presentation format for your metrics

    Most often, metrics are presented in the following ways:

    Dashboard
    (PwC. “Mega-Trends and Implications.”)
    Sample of the 'Dashboard' metric presentation format.     		Infographic
    (PwC. “Healthcare’s new entrants.”)
    Sample of the 'Infographic' metric presentation format.
    Report
    (PwC Blogs. “Northern Lights.”)
    Sample of the 'Report' metric presentation format.     		Scorecard
    (PwC. “Annual Report 2015.”)
    Sample of the 'Scorecard' metric presentation format.

    Understand the advantages and disadvantages of each reporting style – Dashboard

    A dashboard is a reporting method that provides a dynamic at-a-glance view of key metrics from the perspective of key stakeholders. It provides a quick graphical way to process important performance information in real time.

    Features

    Typically web-based

    Dynamic data that is updated in real time

    		Advantage

    Aggregates a lot of information into a single view

    Presents metrics in a simplistic style that is well understood

    Provides a quick point-in-time view of performance

    Easy to consume visual presentation style

    		Disadvantage

    Complicated to set up well.
    Requires additional technology support: programming, API, etc.

    Promotes a short-term outlook – focus on now, no historical performance and no future trends. Doesn’t provide the whole picture and story.

    Existing dashboard tools are often not customized enough to provide real value to each stakeholder.

    Dashboards present real-time metrics that can be accessed and viewed at any time

    Sample of the 'Dashboard' metric presentation format.
    (Source: PwC. “Mega-Trends and Implications.”)     		Metrics presented through online dashboards are calculated in real time, which allows for a dynamic, current view into the performance of IT services at any time.

    Understand the advantages and disadvantages of each reporting style – Infographic

    An infographic is a graphical representation of metrics or data, which is used to show information quickly and clearly. It’s based on the understanding that people retain and process visual information more readily than written details.

    Features

    Turns dry into attractive –transforms data into eye-catching visual memory that is easier to retain

    Can be used as the intro to a formal report

    There are endless types of infographics

    		Advantage

    Easily consumable

    Easy to retain

    Eye catching

    Easily shared

    Spurs conversation

    Customizable

    		Disadvantage

    Require design expertise and resources

    Can be time consuming to generate

    Could be easily misinterpreted

    Message can be lost with poor design

    Infographics allow for completely unique designs

    Sample of the 'Infographic' metric presentation format.
    (Source: PwC. “Healthcare’s new entrants…”)     		There is no limit when it comes to designing an infographic. The image used here visually articulates the effects of new entrants pulling away the market.

    Understand the advantages and disadvantages of each reporting style – Formal Report

    A formal report is a more structured and official reporting style that contains detailed research, data, and information required to enable specific business decisions, and to help evaluate performance over a defined period of time.

    Definition

    Metrics can be presented as a component of a periodic, formal report

    A physical document that presents detailed information to a particular audience

    		Advantage

    More detailed, more structured and broader reporting period

    Formal, shows IT has put in the effort

    Effectively presents a broader and more complete story

    Targets different stakeholders at the same time

    		Disadvantage

    Requires significant effort and resources

    Higher risk if the report does not meet the expectation of the business stakeholder

    Done at a specific time and only valuable for that specific time period

    Harder to change format

    Formal reports provide a detailed view and analysis of performance

    Sample of the 'Formal Report' metric presentation format.
    (Source: PwC Blogs. “Northern Lights: Where are we now?”)     		An effective report incorporates visuals to demonstrate key improvements.

    Formal reports can still contain visuals, but they are accompanied with detailed explanations.

    Understand the advantages and disadvantages of each reporting style – Scorecard

    A scorecard is a graphic view of the progress and performance over time of key performance metrics. These are in relation to specified goals based on identified critical stakeholder objectives.

    Features

    Incorporates multiple metrics effectively.

    Scores services against the most important organizational goals and objectives. Scorecards may tie back into strategy and different perspectives of success.

    		Advantage

    Quick view of performance against objectives

    Measure against a set of consistent objectives

    Easily consumable

    Easy to retain

    		Disadvantage

    Requires a lot of forethought

    Scorecards provide a time-bound summary of performance against defined goals

    Sample of the 'Scorecard' metric presentation format.
    (PwC. “Annual Report 2015.”)     		Scorecards provide a summary of performance that is directly linked to the organizational KPIs.

    Determine your report style

    Supporting Tool icon 2.1 Metrics Presentation Format Selection Guide

    In this section, you will determine the optimal reporting style for the service metrics.

    This guide contains four questions, which will help IT organizations identify the most appropriate presentation format based on stakeholder preference and needs for metrics.

    1. Who is the relevant stakeholder?
    2. What are the defined actions for the metric?
    3. How frequently does the stakeholder need to see the metric?
    4. How does the stakeholder like to receive information?
    		 Sample of Info-Tech's Metrics Presentation Format Selection Guide.
    Download the Metrics Presentation Format Selection Guide.

    Determine your best presentation option

    Supporting Tool icon 2.1 2 Hours

    INPUT: Identified stakeholder and his/her role

    OUTPUT: Proper presentation format based on need for information

    Materials: Metrics Presentation Format Selection Guide

    Participants: BRM, SLM, Program Manager

    After deciding on the report type to be used to present the metric, the organization needs to consider how stakeholders will consume the metric.

    There are three options based on stakeholder needs and available presentation options within IT.

    1. Paper-based presentation is the most traditional form of reporting and works well with stakeholders who prefer physical copies. The report is produced at a specific time and requires no additional IT capability.
    2. Online documents stored on webpages, SharePoint, or another knowledge management system could be used to present the metrics. This allows the report to be linked to other information and easily shared.
    3. Online dashboards and graphics can be used to have dynamic, real-time reporting and anytime access. These webpages can be incorporated into an intranet and allow the user to view the metrics at any time. This will require IT to continuously update the data in order to maintain the accuracy of the metrics.

    Design your metric reports with these guidelines in mind

    Supporting Tool icon 2.2 30 Minutes
    1. Stakeholder-specificThe report must be driven by the identified stakeholder needs and preferences and articulate the metrics that are important to them.
    2. ClarityTo enable decision making and drive desired actions, the metrics must be clear and straightforward. They must be presented in a way that clearly links the performance measurement to the defined outcome without leading to different interpretations of the results.
    3. SimplicityThe report must be simple to read, understand, and analyze. The language of the report must be business-centric and remove as much complexity as possible in wording, imaging, and context.

    Be sure to consider access rights for more senior reports. Site and user access permissions may need to be defined based on the level of reporting.

    Metrics reporting on the video conferencing service

    CASE STUDY
    Industry: Manufacturing | Source: CIO Interview
    The Situation

    The business had a clear need to understand if the implementation of video conferencing would allow previously onsite meetings to achieve the same level of effectiveness.

    Reporting Context

    Provided reports had always been generated from an IT perspective and the business rarely used the information to make decisions.

    The metrics needed to help the business understand if the meetings were remaining effective and be tied into the financial reporting against travel expenses, but there would be limited visibility during the executive meetings.

    Approach

    The service manager reviewed the information that he had gathered to confirm how often they needed information related to the service. He also met with the CIO to get some insight into the reports that were already being provided to the business, including the ones that were most effective.

    Considerations

    The conversations identified that there was no need for a dynamic real-time view of the performance of the service, since tracking of cost savings and utility would be viewed monthly and quarterly. They also identified that the item would be discussed within a very small window of time during the management meetings.

    The Solution

    It was determined that the best style of reporting for the metric was an existing scorecard that was produced monthly, using some infographics to ensure that the information is clear at a glance to enable quick decision making.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of Valence Howden, Senior Manager, CIO Advisory, Info-Tech Research Group.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1

    		 Sample of presentation format option slide 'Determine the right presentation format for your metrics'. Understand the different presentation options

    The onsite analyst will introduce the group to the communication vehicles of infographic, scorecard, formal report, and dashboard.

    2.1

    		 Sample of activity 2.1 'Determine your best presentation option'. Assess stakeholder needs for information

    For selected stakeholders, the analyst will facilitate a discussion on how stakeholders would like to view information and how the metrics can be presented to aid decision making.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    2.2

    		 Sample of activity 2.2 'Design your metric reports with these guidelines in mind'. Select and design the metric report

    Based on the discussion, the working group will select the most appropriate presentation format and create a rough draft of how the report should look.

    Develop Meaningful Service Metrics to Ensure Business and User Satisfaction

    PHASE 3

    Implement, Track, and Maintain Your Metrics

    Step (3): Implement, Track, and Maintain Your Metrics

    PHASE 1PHASE 2PHASE 3

    1.1

    Derive the Service Metrics

    1.2

    Validate the Metrics

    2.1

    Determine Reporting Format

    3.1

    Select Pilot Metrics

    3.2

    Activate and Maintain Metrics

    This step involves the following participants:

    • Service Level Manager
    • Business Relationship Manager
    • Service Metrics Program Manager

    Activities in this step

    • Determine the first batch of metrics to be implemented as part of the pilot program
    • Create a process to collect and validate data, determine initial targets, and integrate with SLM and BRM functions
    • Present the metric reports to the relevant stakeholders and incorporate the feedback into the metric design
    • Establish a standard process and roll out the implementation of metrics in batches
    • Establish a process to monitor and track the effectiveness of the service metrics program and make adjustments when necessary

    Phase 3 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Implement, Track, and Maintain Your Metrics

    Proposed Time to Completion (in weeks): 4 weeks
    Step 3.1: Select and Launch Pilot Metrics Step 3.2: Track and Maintain the Metrics
    Start with an analyst kick-off call:
    • Identify metrics that will be presented first to the stakeholders based on urgency or impact of the IT service
    • Determine the process to collect data, select initial targets, and integrate with SLM and BRM functions
    		 Review findings with analyst:
    • Review the success of metrics and discuss feedback from stakeholders
    • Roll out the metrics implementation to a broader audience
    • Establish roles and timelines for metrics maintenance
    Then complete these activities…
    • Document the first batch of metrics
    • Document the baseline, initial targets
    • Create a plan to integrate with SLM and BRM functions
    		 Then complete these activities…
    • Create a document that defines how the organization will track and maintain the success of the metrics program
    • Review the metrics program periodically
    With these tools & templates:
    • Metrics Tracking Tool
    		 With these tools & templates:
    • Metrics Tracking Tool

    Implement, Track, and Maintain the Metrics

    Figure representing 'SLM' and/or 'BRM'. Step 1
    Run your pilot

    Metrics Tracking Tool

    		Figure representing 'SLM' and/or 'BRM'. Step 2
    Validate success

    Metrics Tracking Tool

    		Figure representing 'SLM' and/or 'BRM'. Step 3
    Implement your metrics program in batches

    Metrics Tracking Tool

    		A star.

    Active Service Metrics Program

    Once you have defined the way that you will present the metrics, you are ready to run a pilot with a smaller sample of defined service metrics.

    This allows you to validate your approach and make refinements to the implementation and maintenance processes where necessary, prior to activating all service metrics.

    Track the performance of your service metrics

    Supporting Tool icon 3.1

    The Metrics Tracking Tool will enable you to track goals and success metrics for your service metrics programs. It allows you to set long-term goals and track your results over time.

    There are three sections in this tool:
    1. Metrics Tracking Plan. Identify the metrics to be tracked and their purpose.
    2. Metrics Tracking Actuals. Monitor and track the actual performance of the metrics.
    3. Remediation Tracking. Determine and document the steps that need to be taken to correct a sub-performing metric.
    		 Sample of Info-Tech's Metrics Tracking Tool.

    Select pilot metrics

    Supporting Tool icon 3.1 30 Minutes

    INPUT: Identified services, Business feedback

    OUTPUT: Services with most urgent need or impact

    Materials: Service catalog or list of identified services

    Participants: BRM, SLM, Business representatives

    To start the implementation of your service metrics program and drive wider adoption, you need to run a pilot using a smaller subset of metrics.

    INSTRUCTIONS

    To determine the sample for the pilot, consider metrics that:

    • Are related to critical business services and functions
      • or
    • Address known/visible pain points for the business
      • or
    • Were designed for supportive or influential stakeholders

    Metrics that meet two or more criteria are ideal for the pilot

    Collect and validate data

    Supporting Tool icon 3.2 1 Hour

    INPUT: Identified metrics

    OUTPUT: A data collection mythology, Metrics tracking

    Materials: Metrics

    Participants: SLM, BRM, Service owner

    You will need to start collection and validation of your identified data in order to calculate the results for your pilot metrics.

    INSTRUCTIONS

    1. Initiate data collection
      • Use the data sources identified during the design phase and initiate the data collection process.
    2. Determine start date
      • If historical data can be retrieved and gathered, determine how far back you want your measurements to start.
    3. Compile data and validate
      • Ensure that the information is accurate and up to date. This will require some level of data validation and audit.
    4. Run the metric
      • Use the defined calculation and source data to generate the metrics result.
    5. Record metrics results
      • Use the metrics tracking sheet to track the actual results.

    Determine initial targets

    Supporting Tool icon 3.3 1 Hour

    INPUT: Historical data/baseline data

    OUTPUT: Realistic initial target for improvement

    Materials: Metrics Tracking Tool

    Participants: BRM, SLM, Service owner

    INSTRUCTIONS

    Identify an initial service objective based on one or more of the following options:

    1. Establish an initial target using historical data and trends of performance.
    2. Establish an initial target based on stakeholder-identified requirements and expectations.
    3. Run the metrics report over a defined period of time and use the baseline level of achievement to establish an initial target.

    The target may not always be a number - it could be a trend. The initial target will be changed after review with stakeholders

    Integrate with SLM and BRM processes

    Supporting Tool icon 3.4 1 Hour

    INPUT: SLM and BRM SOPs or responsibility documentations

    OUTPUT: Integrate service metrics into the SLM/BRM role

    Materials: SLM / BRM reports

    Participants: SLM, BRM, CIO, Program manager, Service manager

    The service metrics program is usually initiated, used, and maintained by the SLM and BRM functions.

    INSTRUCTIONS

    Ensure that the metrics pilot is integrated with those functions by:

    1. Engaging with SLM and BRM functions/resources
      • Identify SLM and BRM resources associated with or working on the services where the metrics are being piloted
      • Obtain their feedback on the metrics/reporting
    2. Integrating with the existing reporting and meeting cycles
      • Ensure the metrics will be calculated and available for discussion at standing meetings and with existing reports
    3. Establishing the metrics review and validation cycle for these metrics
      • Confirm the review and validation period for the metrics in order to ensure they remain valuable and actionable

    Generate reports and present to stakeholders

    Supporting Tool icon 3.5 1 Hour

    INPUT: Identified metrics, Selected presentation format

    OUTPUT: Metrics reports that are ready for distribution

    Materials: Metrics Presentation Format Selection Guide

    Participants: BRM, SLM, CIO, Business representatives

    INSTRUCTIONS

    Once you have completed the calculation for the pilot metrics:

    1. Confirm the report style for the selected metrics (as defined in Phase 2)
    2. Generate the reporting for the pilot metrics
    3. Present the pilot metric reports to the identified BRM and SLM resources who will present the reporting to the stakeholders
    4. Gather feedback from Stakeholders on metrics - results and process
    5. Create and execute remediation plans for any actions identified from the metrics
    6. Initiate the review cycle for metrics (to ensure they retain value)

    Plan the rollout and implementation of the metrics reporting program

    Supporting Tool icon 3.6 1 Hour

    INPUT: Feedback from pilot, Services in batch

    OUTPUT: Systematic implementation of metrics

    Materials: Metrics Tracking Tool

    Participants: BRM, SLM, Program manager

    Upon completion of the pilot, move to start the broader implementation of metrics across the organization:

    INSTRUCTIONS

    1. Identify the service metrics that you will implement. They can be selected based on multiple criteria, including:
      • Organizational area/business unit
      • Service criticality
      • Pain points
      • Stakeholder engagement (detractors, supporters)
    2. Create a rollout plan for implementation in batches, identifying expected launch timelines, owners, targeted stakeholders, and communications plans
    3. Use the implementation plan from the pilot to roll out each batch of service metrics:
      • Collect and validate data
      • Determine target(s)
      • Integrate with BRM and SLM
      • Generate and communicate reports to stakeholders

    Maintain the service metrics

    Supporting Tool icon 3.7 1.5 Hour

    INPUT: Feedback from business stakeholders

    OUTPUT: Modification to individual metrics or to the process

    Materials: Metrics Tracking Tool, Metrics Development Workbook

    Participants: CIO, BRM, SLM, Program manager, Service owner

    Once service metrics and reporting become active, it is necessary to determine the review time frame for your metrics to ensure they remain useful.

    INSTRUCTIONS

    1. Confirm and establish a review time frame with stakeholders (e.g. annually, bi-annually, after organizational or strategic changes).
    2. Meet with stakeholders by the review date to discuss the value of existing metrics and validate:
      • Whether the goals associated with the metrics are still valid
      • If the metric is still necessary
      • If there is a more effective way to present the metrics
    3. Track actions based on review outcomes and update the remediation tracking sheet.
    4. Update tracking sheet with last complete review date.

    Maintain the metrics

    Supporting Tool icon 3.7

    Based on the outcome of the review meeting, decide what needs to be done for each metric, using the following options:

    Add

    A new metric is required or an existing metric needs large-scale changes (example: calculation method or scope).
    Triggers metrics design as shown in phases 1 and 2.

    		Change

    A minor change is required to the presentation format or data. Note: a major change in a metric would be performed through the Add option.

    Remove

    The metric is no longer required, and it needs to be removed from reporting and data gathering. A final report date for that metric should be determined.

    		Maintain

    The metric is still useful and no changes are required to the metric, its measurement, or how it’s reported.

    Ensuring metrics remain valuable

    VC CASE STUDY
    Industry: Manufacturing | Source: CIO Interview

    Reviewing the value of active metrics

    When the video conferencing service was initially implemented, it was performed as a pilot with a group of executives, and then expanded for use throughout the company. It was understood that prior to seeing the full benefit in cost reduction and increased efficiency and effectiveness, the rate of use and adoption had to be understood.

    The primary service metrics created for the service were based on tracking the number of requests for video conference meetings that were received by the IT organization. This identified the growth in use and could be used in conjunction with financial metrics related to travel to help identify the impact of the service through its growth phase.

    Once the service was adopted, this metric continued to be tracked but no longer showed growth or expanded adoption.

    The service manager was no longer sure this needed to be tracked.

    Key Activity

    The metrics around requests for video conference meetings were reviewed at the annual metrics review meeting with the business. The service manager asked if the need for the metric, the goal of tracking adoption, was still important for the business.

    The discussion identified that the adoption rate was over 80%, higher than anticipated, and that there was no value in continuing to track this metric.

    Based on the discussion, the adoption metrics were discontinued and removed from data gathering and reporting, while a success rate metric was added (how many meetings ran successfully and without issue) to ensure the ongoing value of the video conferencing service.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of Valence Howden, Senior Manager, CIO Advisory, Info-Tech Research Group.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1

    		 Sample of activity 3.1 'Select pilot metrics'. Select the pilot metrics

    The onsite analyst will help the workshop group select the metrics that should be first implemented based on the urgency and impact of these metrics.

    3.2

    		 Sample of activity 3.2 'Collect and validate data'. Gather data and set initial targets

    The analyst will help the group create a process to gather data, measure baselines, and set initial targets.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    3.5

    		 Sample of activity 3.5 'Generate reports and present to stakeholders'. Generate the reports and validate with stakeholders

    The Info-Tech analyst will help the group establish a process to receive feedback from the business stakeholders once the report is generated.

    3.6

    		 Sample of activity 3.6 'Plan the rollout and implementation of the metrics reporting program'. Implement the service metrics program

    The analyst will facilitate a discussion on how to implement the metrics program across the organization.

    3.7

    		 Sample of activity 3.7 'Maintain the service metrics'. Track and maintain the metrics program

    Set up a mechanism to ensure the success of the metrics program by assessing process adherence and process validity.

    Insight breakdown

    Insight 1

    Service metrics are critical to ensuring alignment of IT service performance and business service value achievement.

    Insight 2

    Service metrics reinforce positive business and end-user relationships by providing user-centric information that drives responsiveness and consistent service improvement.

    Insight 3

    Poorly designed metrics drive unintended and unproductive behaviors that have negative impacts on IT and produce negative service outcomes.

    Summary of accomplishment

    Knowledge Gained

    • Follow a methodology to identify metrics that are derived from business objectives.
    • Understand the proper presentation format based on stakeholder needs for information.
    • Establish a process to ensure the metrics provided will continue to provide value and aid decision making.

    Processes Optimized

    • Metrics presentation to business stakeholders
    • Metrics maintenance and tracking

    Deliverables Completed

    • Metrics Development Workbook
    • Metrics Presentation Format Selection Guide
    • Metrics Tracking Tool

    Research contributors and experts

    Name Organization
    Joe Evers Joe Evers Consulting
    Glen Notman Associate Partner, Citihub
    David Parker Client Program Manager, eHealth Ontario
    Marianne Doran Collins CIO, The CIO-Suite, LLC
    Chris Kalbfleisch Manager, Service Management, eHealth Ontario
    Joshua Klingenberg BHP Billiton Canada Inc.

    Related Info-Tech research

    Stock image of a menu. Design & Build a User-Facing Service Catalog
    The user-facing service catalog is the go-to place for IT service-related information.
    Stock image of a laptop keyboard. Unleash the True Value of IT by Transforming Into a Service Provider
    Earn your seat at the table and influence business strategy by becoming an IT service provider.

    Bibliography

    Pollock, Bill. “Service Benchmarking and Measurement: Using Metrics to Drive Customer Satisfaction and Profits.” Aberdeen Group. June 2009. http://722consulting.com/ServiceBenchmarkingandMeasurement.pdf

    PwC. “Mega-Trends and Implications.” RMI Discussion. LinkedIn SlideShare. September 2015. http://www.slideshare.net/AnandRaoPwC/mega-trends-and-implications-to-retirement

    PwC. “Healthcare’s new entrants: Who will be the industry’s Amazon.com?” Health Research Institute. April 2014. https://www.pwc.com/us/en/health-industries/healthcare-new-entrants/assets/pwc-hri-new-entrant-chart-pack-v3.pdf

    PwC. “Northern Lights: Where are we now?” PwC Blogs. 2012. http://pwc.blogs.com/files/12.09.06---northern-lights-2--summary.pdf

    PwC. “PwC’s key performance indicators

    Mergers & Acquisitions: The Sell Blueprint

    • Buy Link or Shortcode: {j2store}324|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    There are four key scenarios or entry points for IT as the selling/divesting organization in M&As:

    • IT can suggest a divestiture to meet the business objectives of the organization.
    • IT is brought in to strategy plan the sale/divestiture from both the business’ and IT’s perspectives.
    • IT participates in due diligence activities and complies with the purchasing organization’s asks.
    • IT needs to reactively prepare its environment to enable the separation.

    Consider the ideal scenario for your IT organization.

    Our Advice

    Critical Insight

    Divestitures are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:

    • The growing trend for organizations to increase, decrease, or evolve through these types of transactions.
    • A maturing business perspective of IT, preventing the difficulty that IT is faced with when invited into the transaction process late.
    • Transactions that are driven by digital motivations, requiring IT’s expertise.
    • There never being such a thing as a true merger, making the majority of M&A activity either acquisitions or divestitures.

    Impact and Result

    Prepare for a sale/divestiture transaction by:

    • Recognizing the trend for organizations to engage in M&A activity and the increased likelihood that, as an IT leader, you will be involved in a transaction in your career.
    • Creating a standard strategy that will enable strong program management.
    • Properly considering all the critical components of the transaction and integration by prioritizing tasks that will reduce risk, deliver value, and meet stakeholder expectations.

    Mergers & Acquisitions: The Sell Blueprint Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how your organization can excel its reduction strategy by engaging in M&A transactions. Review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Proactive Phase

    Be an innovative IT leader by suggesting how and why the business should engage in an acquisition or divestiture.

    • One-Pager: M&A Proactive
    • Case Study: M&A Proactive
    • Information Asset Audit Tool
    • Data Valuation Tool
    • Enterprise Integration Process Mapping Tool
    • Risk Register Tool
    • Security M&A Due Diligence Tool
    • Service Catalog Internal Service Level Agreement Template

    2. Discovery & Strategy

    Create a standardized approach for how your IT organization should address divestitures or sales.

    • One-Pager: M&A Discovery & Strategy – Sell
    • Case Study: M&A Discovery & Strategy – Sell

    3. Due Diligence & Preparation

    Comply with due diligence, prepare the IT environment for carve-out possibilities, and establish the separation project plan.

    • One-Pager: M&A Due Diligence & Preparation – Sell
    • Case Study: M&A Due Diligence & Preparation – Sell
    • IT Due Diligence Charter
    • IT Culture Diagnostic
    • M&A Separation Project Management Tool (SharePoint)
    • SharePoint Template: Step-by-Step Deployment Guide
    • M&A Separation Project Management Tool (Excel)

    4. Execution & Value Realization

    Deliver on the separation project plan successfully and communicate IT’s transaction value to the business.

    • One-Pager: M&A Execution & Value Realization – Sell
    • Case Study: M&A Execution & Value Realization – Sell

    Infographic

    Workshop: Mergers & Acquisitions: The Sell Blueprint

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Pre-Transaction Discovery & Strategy

    The Purpose

    Establish the transaction foundation.

    Discover the motivation for divesting or selling.

    Formalize the program plan.

    Create the valuation framework.

    Strategize the transaction and finalize the M&A strategy and approach.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Set up crucial elements to facilitate the success of the transaction.

    Have a repeatable transaction strategy that can be reused for multiple organizations.

    Activities

    1.1 Conduct the CIO Business Vision and CEO-CIO Alignment diagnostics.

    1.2 Identify key stakeholders and outline their relationship to the M&A process.

    1.3 Understand the rationale for the company's decision to pursue a divestiture or sale.

    1.4 Assess the IT/digital strategy.

    1.5 Identify pain points and opportunities tied to the divestiture/sale.

    1.6 Create the IT vision statement and mission statement and identify IT guiding principles and the transition team.

    1.7 Document the M&A governance.

    1.8 Establish program metrics.

    1.9 Create the valuation framework.

    1.10 Establish the separation strategy.

    1.11 Conduct a RACI.

    1.12 Create the communication plan.

    1.13 Prepare to assess target organizations.

    Outputs

    Business perspectives of IT

    Stakeholder network map for M&A transactions

    Business context implications for IT

    IT’s divestiture/sale strategic direction

    Governance structure

    M&A program metrics

    IT valuation framework

    Separation strategy

    RACI

    Communication plan

    Prepared to assess target organization(s)

    2 Mid-Transaction Due Diligence & Preparation

    The Purpose

    Establish the foundation.

    Discover the motivation for separation.

    Identify expectations and create the carve-out roadmap.

    Prepare and manage employees.

    Plan the separation roadmap.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Methodology identified to enable compliance during due diligence.

    Employees are set up for a smooth and successful transition.

    Separation activities are planned and assigned.

    Activities

    2.1 Gather and evaluate the stakeholders involved, M&A strategy, future-state operating model, and governance.

    2.2 Review the business rationale for the divestiture/sale.

    2.3 Establish the separation strategy.

    2.4 Create the due diligence charter.

    2.5 Create a list of IT artifacts to be reviewed in the data room.

    2.6 Create a carve-out roadmap.

    2.7 Create a service/technical transaction agreement.

    2.8 Measure staff engagement.

    2.9 Assess the current culture and identify the goal culture.

    2.10 Create employee transition and functional workplans.

    2.11 Establish the separation roadmap.

    2.12 Establish and align project metrics with identified tasks.

    2.13 Estimate integration costs.

    Outputs

    Stakeholder map

    IT strategy assessed

    IT operating model and IT governance structure defined

    Business context implications for IT

    Separation strategy

    Due diligence charter

    Data room artifacts

    Carve-out roadmap

    Service/technical transaction agreement

    Engagement assessment

    Culture assessment

    Employee transition and functional workplans

    Integration roadmap and associated resourcing

    3 Post-Transaction Execution & Value Realization

    The Purpose

    Establish the transaction foundation.

    Discover the motivation for separation.

    Plan the separation roadmap.

    Prepare employees for the transition.

    Engage in separation.

    Assess the transaction outcomes.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Separation activities are planned and assigned.

    Employees are set up for a smooth and successful transition.

    Separation strategy and roadmap are executed to benefit the organization.

    Review what went well and identify improvements to be made in future transactions.

    Activities

    3.1 Identify key stakeholders and outline their relationship to the M&A process.

    3.2 Gather and evaluate the M&A strategy, future-state operating model, and governance.

    3.3 Review the business rationale for the divestiture/sale.

    3.4 Establish the separation strategy.

    3.5 Prioritize separation tasks.

    3.6 Establish the separation roadmap.

    3.7 Establish and align project metrics with identified tasks.

    3.8 Estimate separation costs.

    3.9 Measure staff engagement.

    3.10 Assess the current culture and identify the goal culture.

    3.11 Create employee transition and functional workplans.

    3.12 Complete the separation by regularly updating the project plan.

    3.13 Assess the service/technical transaction agreement.

    3.14 Confirm separation costs.

    3.15 Review IT’s transaction value.

    3.16 Conduct a transaction and separation SWOT.

    3.17 Review the playbook and prepare for future transactions.

    Outputs

    M&A transaction team

    Stakeholder map

    IT strategy assessed

    IT operating model and IT governance structure defined

    Business context implications for IT

    Separation strategy

    Separation roadmap and associated resourcing

    Engagement assessment

    Culture assessment

    Employee transition and functional workplans

    Updated separation project plan

    Evaluated service/technical transaction agreement

    SWOT of transaction

    M&A Sell Playbook refined for future transactions

    Further reading

    Mergers & Acquisitions: The Sell Blueprint

    For IT leaders who want to have a role in the transaction process when their business is engaging in an M&A sale or divestiture.

    EXECUTIVE BRIEF

    Analyst Perspective

    Don’t wait to be invited to the M&A table, make it.

    Photo of Brittany Lutes, Research Analyst, CIO Practice, Info-Tech Research Group.
    Brittany Lutes
    Research Analyst,
    CIO Practice
    Info-Tech Research Group
    Photo of Ibrahim Abdel-Kader, Research Analyst, CIO Practice, Info-Tech Research Group.
    Ibrahim Abdel-Kader
    Research Analyst,
    CIO Practice
    Info-Tech Research Group

    IT has always been an afterthought in the M&A process, often brought in last minute once the deal is nearly, if not completely, solidified. This is a mistake. When IT is brought into the process late, the business misses opportunities to generate value related to the transaction and has less awareness of critical risks or inaccuracies.

    To prevent this mistake, IT leadership needs to develop strong business relationships and gain respect for their innovative suggestions. In fact, when it comes to modern M&A activity, IT should be the ones suggesting potential transactions to meet business needs, specifically when it comes to modernizing the business or adopting digital capabilities.

    IT needs to stop waiting to be invited to the acquisition or divestiture table. IT needs to suggest that the table be constructed and actively work toward achieving the strategic objectives of the business.

    Executive Summary

    Your Challenge

    There are four key scenarios or entry points for IT as the selling/divesting organization in M&As:

    • IT can suggest a divestiture to meet the business objectives of the organization.
    • IT is brought in to strategy plan the sale/divestiture from both the business’ and IT’s perspectives.
    • IT participates in due diligence activities and complies with the purchasing organization’s asks.
    • IT needs to reactively prepare its environment to enable the separation.

    Consider the ideal scenario for your IT organization.

    Common Obstacles

    Some of the obstacles IT faces include:

    • IT is often told about the transaction once the deal has already been solidified and is now forced to meet unrealistic business demands.
    • The business does not trust IT and therefore does not approach IT to define value or reduce risks to the transaction process.
    • The people and culture element is forgotten or not given adequate priority.

    These obstacles often arise when IT waits to be invited into the transaction process and misses critical opportunities.

    Info-Tech's Approach

    Prepare for a sale/divestiture transaction by:

    • Recognizing the trend for organizations to engage in M&A activity and the increased likelihood that, as an IT leader, you will be involved in a transaction in your career.
    • Creating a standard strategy that will enable strong program management.
    • Properly considering all the critical components of the transaction and integration by prioritizing tasks that will reduce risk, deliver value, and meet stakeholder expectations.

    Info-Tech Insight

    As the number of merger, acquisition, and divestiture transactions continues to increase, so too does IT’s opportunity to leverage the growing digital nature of these transactions and get involved at the onset.

    The changing M&A landscape

    Businesses will embrace more digital M&A transactions in the post-pandemic world

    • When the pandemic occurred, businesses reacted by either pausing (61%) or completely cancelling (46%) deals that were in the mid-transaction state (Deloitte, 2020). The uncertainty made many organizations consider whether the risks would be worth the potential benefits.
    • However, many organizations quickly realized the pandemic is not a hindrance to M&A transactions but an opportunity. Over 16,000 American companies were involved in M&A transactions in the first six months of 2021 (The Economist). For reference, this had been averaging around 10,000 per six months from 2016 to 2020.
    • In addition to this transaction growth, organizations have increasingly been embracing digital. These trends increase the likelihood that, as an IT leader, you will engage in an M&A transaction. However, it is up to you when you get involved in the transactions.

    The total value of transactions in the year after the pandemic started was $1.3 billion – a 93% increase in value compared to before the pandemic. (Nasdaq)

    71% of technology companies anticipate that divestitures will take place as a result of the COVID-19 pandemic. (EY, 2020)

    Your challenge

    IT is often not involved in the M&A transaction process. When it is, it’s often too late.

    • The most important driver of an acquisition is the ability to access new technology (DLA Piper), and yet 50% of the time, IT isn’t involved in the M&A transaction at all (IMAA Institute, 2017).
    • Additionally, IT’s lack of involvement in the process negatively impacts the business:
      • Most organizations (60%) do not have a standardized approach to integration (Steeves and Associates), let alone separation.
      • Two-thirds of the time, the divesting organization and acquiring organization will either fail together or succeed together (McKinsey, 2015).
      • Less than half (47%) of organizations actually experience the positive results sought by the M&A transaction (Steeves and Associates).
    • Organizations pursuing M&A and not involving IT are setting themselves up for failure.

    Only half of M&A deals involve IT (Source: IMAA Institute, 2017)

    Common Obstacles

    These barriers make this challenge difficult to address for many organizations:

    • IT is rarely afforded the opportunity to participate in the transaction deal. When IT is invited, this often happens later in the process where separation will be critical to business continuity.
    • IT has not had the opportunity to demonstrate that it is a valuable business partner in other business initiatives.
    • One of the most critical elements that IT often doesn’t take the time or doesn’t have the time to focus on is the people and leadership component.
    • IT waits to be invited to the process rather then actively involving themselves and suggesting how value can be added to the process.

    In hindsight, it’s clear to see: Involving IT is just good business.

    47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion. (Source: IMAA Institute, 2017)

    “Solutions exist that can save well above 50 percent on divestiture costs, while ensuring on-time delivery.” (Source: SNP)

    Info-Tech's approach

    Acquisitions & Divestitures Framework

    Acquisitions and divestitures are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:

    1. The growing trend for organizations to increase, decrease, or evolve through these types of transactions.
    2. Transactions that are driven by digital motivations, requiring IT’s expertise.
    3. A maturing business perspective of IT, preventing the difficulty that IT is faced with when invited into the transaction process late.
    4. There never being such a thing as a true merger, making the majority of M&A activity either acquisitions or divestitures.
    A diagram highlighting the 'IT Executives' Role in Acquisitions and Divestitures' when they are integrated at different points in the 'Core Business Timeline'. There are four main entry points 'Proactive', 'Discovery and Strategy', 'Due Diligence and Preparation', and 'Execution and Value Realized'. It is highlighted that IT can and should start at 'Proactive', but most organizations start at 'Execution and Value Realized'. 'Proactive': suggest opportunities to evolve the organization; prove IT's value and engage in growth opportunities early. Innovators start here. Steps of the business timeline in 'Proactive' are 'Organization strategies are defined' and 'M and A is considered to enable strategy'. After a buy or sell transaction is initiated is 'Discovery and Strategy': pre-transaction state. If it is a Buy transaction, 'Establish IT's involvement and approach'. If it is a Sell transaction, 'Prepare to engage in negotiations'. Business Partners start here. Steps of the business timeline in 'Discovery and Strategy' are 'Searching criteria is set', 'Potential candidates are considered', and 'LOI is sent/received'. 'Due Diligence and Preparation': mid-transaction state. If it is a Buy transaction, 'Identify potential transaction benefits and risks'. If it is a Sell transaction, 'Comply, communicate, and collaborate in transaction'. Trusted Operators start here. Steps of the business timeline in 'Due Diligence and Preparation' are 'Due diligence engagement occurs', 'Final agreement is reached', and 'Preparation for transaction execution occurs'. 'Execution and Value Realization': post-transaction state. If it is a Buy transaction, 'Integrate the IT environments and achieve business value'. If it is a Sell transaction, 'Separate the IT environment and deliver on transaction terms'. Firefighters start here. Steps of the business timeline in 'Execution and Value Realization' are 'Staff and operations are addressed appropriately', 'Day 1 of implementation and integration activities occurs', '1st 100 days of new entity state occur' and 'Ongoing risk mitigating and value creating activities occur'.

    The business’ view of IT will impact how soon IT can get involved

    There are four key entry points for IT

    A colorful visualization of the four key entry points for IT and a fifth not-so-key entry point. Starting from the top: 'Innovator', Information and Technology as a Competitive Advantage, 90% Satisfaction; 'Business Partner', Effective Delivery of Strategic Business Projects, 80% Satisfaction; 'Trusted Operator', Enablement of Business Through Application and Work Orders, 70% Satisfaction; 'Firefighter', Reliable Infrastructure and IT Service Desk, 60% Satisfaction; and then 'Unstable', Inability to Consistently Deliver Basic Services, <60% Satisfaction.
    1. Innovator: IT suggests a sale or divestiture to meet the business objectives of the organization.
    2. Business Partner: IT is brought in to strategy plan the sale/divestiture from both the business’ and IT’s perspective.
    3. Trusted Operator: IT participates in due diligence activities and complies with the purchasing organization’s asks.
    4. Firefighter: IT needs to reactively prepare its environment in order to enable the separation.

    Merger, acquisition, and divestiture defined

    Merger

    A merger looks at the equal combination of two entities or organizations. Mergers are rare in the M&A space, as the organizations will combine assets and services in a completely equal 50/50 split. Two organizations may also choose to divest business entities and merge as a new company.

    Acquisition

    The most common transaction in the M&A space, where an organization will acquire or purchase another organization or entities of another organization. This type of transaction has a clear owner who will be able to make legal decisions regarding the acquired organization.

    Divestiture

    An organization may decide to sell partial elements of a business to an acquiring organization. They will separate this business entity from the rest of the organization and continue to operate the other components of the business.

    Info-Tech Insight

    A true merger does not exist, as there is always someone initiating the discussion. As a result, most M&A activity falls into acquisition or divestiture categories.

    Selling vs. buying

    The M&A process approach differs depending on whether you are the selling or buying organization

    This blueprint is only focused on the sell side:

    • Examples of sell-related scenarios include:
      • Your organization is selling to another organization with the intent of keeping its regular staff, operations, and location. This could mean minimal separation is required.
      • Your organization is selling to another organization with the intent of separating to be a part of the purchasing organization.
      • Your organization is engaging in a divestiture with the intent of:
        • Separating components to be part of the purchasing organization permanently.
        • Separating components to be part of a spinoff and establish a unit as a standalone new company.
    • As the selling organization, you could proactively seek out suitors to purchase all or components of your organization, or you could be approached by an organization.

    The buy side is focused on:

    • More than two organizations could be involved in a transaction.
    • Examples of buy-related scenarios include:
      • Your organization is buying another organization with the intent of having the purchased organization keep its regular staff, operations, and location. This could mean minimal integration is required.
      • Your organization is buying another organization in its entirety with the intent of integrating it into your original company.
      • Your organization is buying components of another organization with the intent of integrating them into your original company.
    • As the purchasing organization, you will probably be initiating the purchase and thus will be valuating the selling organization during due diligence and leading the execution plan.

    For more information on acquisitions or purchases, check out Info-Tech’s Mergers & Acquisitions: The Buy Blueprint.

    Core business timeline

    For IT to be valuable in M&As, you need to align your deliverables and your support to the key activities the business and investors are working on.

    Info-Tech’s methodology for Selling Organizations in Mergers, Acquisitions, or Divestitures

    1. Proactive

    2. Discovery & Strategy

    3. Due Diligence & Preparation

    4. Execution & Value Realization

    Phase Steps
    1. Identify Stakeholders and Their Perspective of IT
    2. Assess IT’s Current Value and Future State
    3. Drive Innovation and Suggest Growth Opportunities
    1. Establish the M&A Program Plan
    2. Prepare IT to Engage in the Separation or Sale
    1. Engage in Due Diligence and Prepare Staff
    2. Prepare to Separate
    1. Execute the Transaction
    2. Reflection and Value Realization

    Phase Outcomes

    Be an innovative IT leader by suggesting how and why the business should engage in an acquisition or divestiture.

    Create a standardized approach for how your IT organization should address divestitures or sales.

    Comply with due diligence, prepare the IT environment for carve-out possibilities, and establish the separation project plan.

    Deliver on the separation project plan successfully and communicate IT’s transaction value to the business.

    Metrics for each phase

    1. Proactive

    2. Discovery & Strategy

    3. Valuation & Due Diligence

    4. Execution & Value Realization

    • % Share of business innovation spend from overall IT budget
    • % Critical processes with approved performance goals and metrics
    • % IT initiatives that meet or exceed value expectation defined in business case
    • % IT initiatives aligned with organizational strategic direction
    • % Satisfaction with IT's strategic decision-making abilities
    • $ Estimated business value added through IT-enabled innovation
    • % Overall stakeholder satisfaction with IT
    • % Percent of business leaders that view IT as an Innovator
    • % IT budget as a percent of revenue
    • % Assets that are not allocated
    • % Unallocated software licenses
    • # Obsolete assets
    • % IT spend that can be attributed to the business (chargeback or showback)
    • % Share of CapEx of overall IT budget
    • % Prospective organizations that meet the search criteria
    • $ Total IT cost of ownership (before and after M&A, before and after rationalization)
    • % Business leaders that view IT as a Business Partner
    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target
    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT separation
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    IT's role in the selling transaction

    And IT leaders have a greater likelihood than ever of needing to support a merger, acquisition, or divestiture.

    1. Reduced Risk

      IT can identify risks that may go unnoticed when IT is not involved.

    2. Increased Accuracy

      The business can make accurate predictions around the costs, timelines, and needs of IT.

    3. Faster Integration

      Faster integration means faster value realization for the business.

    4. Informed Decision Making

      IT leaders hold critical information that can support the business in moving the transaction forward.

    5. Innovation

      IT can suggest new opportunities to generate revenue, optimize processes, or reduce inefficiencies.

    The IT executive’s critical role is demonstrated by:

    • Reduced Risk

      47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion (IMAA Institute, 2017).

    • Increased Accuracy

      Sellers often only provide 15 to 30 days for the acquiring organization to decide (Forbes, 2018), increasing the necessity of accurate pricing.

    • Faster Integration

      36% of CIOs have visibility into only business unit data, making the divestment a challenge (EY, 2021).

    • Informed Decision Making

      Only 38% of corporate and 22% of private equity firms include IT as a significant aspect in their transaction approach (IMAA Institute, 2017).

    • Innovation

      Successful CIOs involved in M&As can spend 70% of their time on aspects outside of IT and 30% of their time on technology and delivery (CIO).

    Playbook benefits

    IT Benefits

    • IT will be seen as an innovative partner to the business, and its suggestions and involvement in the organization will lead to benefits, not hindrances.
    • Develop a streamlined method to prepare the IT environment for potential carve-out and separations, ensuring risk management concerns are brought to the business’ attention immediately.
    • Create a comprehensive list of items that IT needs to do during the separation that can be prioritized and actioned.

    Business Benefits

    • The business will get accurate and relevant information about its IT environment in order to sell or divest the company to the highest bidder for a true price.
    • Fewer business interruptions will happen, because IT can accurately plan for and execute the high-priority separation tasks.
    • The business can obtain a high-value offer for the components of IT being sold and can measure the ongoing value the sale will bring.

    Insight summary

    Overarching Insight

    IT controls if and when it gets invited to support the business through a purchasing growth transaction. Take control of the process, demonstrate the value of IT, and ensure that separation of IT environments does not lead to unnecessary and costly decisions.

    Proactive Insight

    CIOs on the forefront of digital transformation need to actively look for and suggest opportunities to acquire or partner on new digital capabilities to respond to rapidly changing business needs.

    Discovery & Strategy Insight

    IT organizations that have an effective M&A program plan are more prepared for the transaction, enabling a successful outcome. A structured strategy is particularly necessary for organizations expected to deliver M&As rapidly and frequently.

    Due Diligence & Preparation Insight

    IT often faces unnecessary separation challenges because of a lack of preparation. Secure the IT environment and establish how IT will retain employees early in the transaction process.

    Execution & Value Realization Insight

    IT needs to demonstrate value and cost savings within 100 days of the transaction. The most successful transactions are when IT continuously realizes synergies a year after the transaction and beyond.

    Blueprint deliverables

    Key Deliverable: M&A Sell Playbook

    The M&A Sell Playbook should be a reusable document that enables your IT organization to successfully deliver on any divestiture transaction.

    Screenshots of the 'M and A Sell Playbook' deliverable.

    M&A Sell One-Pager

    See a one-page overview of each phase of the transaction.

    Screenshots of the 'M and A Sell One-Pagers' deliverable.

    M&A Sell Case Studies

    Read a one-page case study for each phase of the transaction.

    Screenshots of the 'M and A Sell Case Studies' deliverable.

    M&A Separation Project Management Tool (SharePoint)

    Manage the separation process of the divestiture/sale using this SharePoint template.

    Screenshots of the 'M and A Separation Project Management Tool (SharePoint)' deliverable.

    M&A Separation Project Management Tool (Excel)

    Manage the separation process of the divestiture/sale using this Excel tool if you can’t or don’t want to use SharePoint.

    Screenshots of the 'M and A Separation Project Management Tool (Excel)' deliverable.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 6 to 10 calls over the course of 2 to 4 months.

      Proactive Phase

    • Call #1: Scope requirements, objectives, and your specific challenges.

      • Discovery & Strategy Phase

    • Call #2: Determine stakeholders and business perspectives on IT.
    • Call #3: Identify how M&A could support business strategy and how to communicate.

      • Due Diligence & Preparation Phase

    • Call #4: Establish a transaction team and divestiture/sale strategic direction.
    • Call #5: Create program metrics and identify a standard separation strategy.
    • Call #6: Prepare to carve out the IT environment.
    • Call #7: Identify the separation program plan.

      • Execution & Value Realization Phase

    • Call #8: Establish employee transitions to retain key staff.
    • Call #9: Assess IT’s ability to deliver on the divestiture/sale transaction.

    The Sell Blueprint

    Phase 1

    Proactive

    Phase 1

    		 Phase 2 Phase 3 Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Reduction Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Separation or Sale
    • 3.1 Engage in Due Diligence and Prepare Staff
    • 3.2 Prepare to Separate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Conduct the CEO-CIO Alignment diagnostic
    • Conduct the CIO Business Vision diagnostic
    • Visualize relationships among stakeholders to identify key influencers
    • Group stakeholders into categories
    • Prioritize your stakeholders
    • Plan to communicate
    • Valuate IT
    • Assess the IT/digital strategy
    • Determine pain points and opportunities
    • Align goals to opportunities
    • Recommend reduction opportunities

    This phase involves the following participants:

    • IT and business leadership

    What is the Proactive phase?

    Embracing the digital drivers

    As the number of merger, acquisition, or divestiture transactions driven by digital means continues to increase, IT has an opportunity to not just be involved in a transaction but actively seek out potential deals.

    In the Proactive phase, the business is not currently considering a transaction. However, the business could consider one to reach its strategic goals. IT organizations that have developed respected relationships with the business leaders can suggest these potential transactions.

    Understand the business’ perspective of IT, determine who the critical M&A stakeholders are, valuate the IT environment, and examine how it supports the business goals in order to suggest an M&A transaction.

    In doing so, IT isn’t waiting to be invited to the transaction table – it’s creating it.

    Goal: To support the organization in reaching its strategic goals by suggesting M&A activities that will enable the organization to reach its objectives faster and with greater-value outcomes.

    Proactive Prerequisite Checklist

    Before coming into the Proactive phase, you should have addressed the following:

    • Understand what mergers, acquisitions, and divestitures are.
    • Understand what mergers, acquisitions, and divestitures mean for the business.
    • Understand what mergers, acquisitions, and divestitures mean for IT.

    Review the Executive Brief for more information on mergers, acquisitions, and divestitures for selling organizations.

    Proactive

    Step 1.1

    Identify M&A Stakeholders and Their Perspective of IT

    Activities

    • 1.1.1 Conduct the CEO-CIO Alignment diagnostic
    • 1.1.2 Conduct the CIO Business Vision diagnostic
    • 1.1.3 Visualize relationships among stakeholders to identify key influencers
    • 1.1.4 Group stakeholders into categories
    • 1.1.5 Prioritize your stakeholders
    • 1.16 Plan to communicate

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical M&A stakeholders

    Outcomes of Step

    Understand how the business perceives IT and establish strong relationships with critical M&A stakeholders.

    Business executives' perspectives of IT

    Leverage diagnostics and gain alignment on IT’s role in the organization

    • To suggest or get involved with a merger, acquisition, or divestiture, the IT executive leader needs to be well respected by other members of the executive leadership team and the business.
    • Specifically, the Proactive phase relies on the IT organization being viewed as an Innovator within the business.
    • Identify how the CEO/business executive currently views IT and where they would like IT to move within the Maturity Ladder.
    • Additionally, understand how other critical department leaders view IT and how they view the partnership with IT.
    A colorful visualization titled 'Maturity Ladder' detailing levels of IT function that a business may choose from based on the business executives' perspectives of IT. Starting from the bottom: 'Struggle', Does not embarrass, Does not crash; 'Support', Keeps business happy, Keeps costs low; 'Optimize', Increases efficiency, Decreases costs; 'Expand', Extends into new business, Generates revenue; 'Transform', Creates new industry.

    Misalignment in target state requires further communication between the CIO and CEO to ensure IT is striving toward an agreed-upon direction.

    Info-Tech’s CIO Business Vision (CIO BV) diagnostic measures a variety of high-value metrics to provide a well-rounded understanding of stakeholder satisfaction with IT.

    Sample of Info-Tech's CIO Business Vision diagnostic measuring percentages of high-value metrics like 'IT Satisfaction' and 'IT Value' regarding business leader satisfaction. A note for these two reads 'Evaluate business leader satisfaction with IT this year and last year'. A section titled 'Relationship' has metrics such as 'Understands Needs' and 'Trains Effectively'. A note for this section reads 'Examine relationship indicators between IT and the business'. A section titled 'Security Friction' has metrics such as 'Regulatory Compliance-Driven' and 'Office/Desktop Security'.

    Business Satisfaction and Importance for Core Services

    The core services of IT are important when determining what IT should focus on. The most important services with the lowest satisfaction offer the largest area of improvement for IT to drive business value.

    Sample of Info-Tech's CIO Business Vision diagnostic specifically comparing the business satisfaction of 12 core services with their importance. Services listed include 'Service Desk', 'IT Security', 'Requirements Gathering', 'Business Apps', 'Data Quality', and more. There is a short description of the services, a percentage for the business satisfaction with the service, a percentage comparing it to last year, and a numbered ranking of importance for each service. A note reads 'Assess satisfaction and importance across 12 core IT capabilities'.

    1.1.1 Conduct the CEO-CIO Alignment diagnostic

    2 weeks

    Input: IT organization expertise and the CEO-CIO Alignment diagnostic

    Output: An understanding of an executive business stakeholder’s perception of IT

    Materials: M&A Sell Playbook, CEO-CIO Alignment diagnostic

    Participants: IT executive/CIO, Business executive/CEO

    1. The CEO-CIO Alignment diagnostic can be a powerful input. Speak with your Info-Tech account representative to conduct the diagnostic. Use the results to inform current IT capabilities.
    2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret and draw conclusions from the results.
    3. Examine the results of the survey and note where there might be specific capabilities that could be improved.
    4. Determine whether there are any areas of significant disagreement between the you and the CEO. Mark down those areas for further conversations. Additionally, take note of areas that could be leveraged to support transactions or support your rationale in recommending transactions.

    Download the sample report.

    Record the results in the M&A Sell Playbook.

    1.1.2 Conduct the CIO Business Vision diagnostic

    2 weeks

    Input: IT organization expertise, CIO BV diagnostic

    Output: An understanding of business stakeholder perception of certain IT capabilities and services

    Materials: M&A Buy Playbook, CIO Business Vision diagnostic

    Participants: IT executive/CIO, Senior business leaders

    1. The CIO Business Vision (CIO BV) diagnostic can be a powerful tool for identifying IT capability focus areas. Speak with your account representative to conduct the CIO BV diagnostic. Use the results to inform current IT capabilities.
    2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret the results and draw conclusions from the diagnostic.
    3. Examine the results of the survey and take note of any IT services that have low scores.
    4. Read through the diagnostic comments and note any common themes. Especially note which stakeholders identified they have a favorable relationship with IT and which stakeholders identified they have an unfavorable relationship. For those who have an unfavorable relationship, identify if they will have a critical role in a growth transaction.

    Download the sample report.

    Record the results in the M&A Sell Playbook.

    Create a stakeholder network map for M&A transactions

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Example:

    Diagram of stakeholders and their relationships with other stakeholders, such as 'Board Members', 'CFO/Finance', 'Compliance', etc. with 'CIO/IT Leader' highlighted in the middle. There are unidirectional black arrows and bi-directional green arrows indicating each connection.

      Legend
    • Black arrows indicate the direction of professional influence
    • Dashed green arrows indicate bidirectional, informal influence relationships

    Info-Tech Insight

    Your stakeholder map defines the influence landscape that the M&A transaction will occur within. This will identify who holds various levels of accountability and decision-making authority when a transaction does take place.

    Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantial relationships with your stakeholders.

    1.1.3 Visualize relationships among stakeholders to identify key influencers

    1-3 hours

    Input: List of M&A stakeholders

    Output: Relationships among M&A stakeholders and influencers

    Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

    Participants: IT executive leadership

    1. The purpose of this activity is to list all the stakeholders within your organization that will have a direct or indirect impact on the M&A transaction.
    2. Determine the critical stakeholders, and then determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
    3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
    4. Construct a diagram linking stakeholders and their influencers together.
      • Use black arrows to indicate the direction of professional influence.
      • Use dashed green arrows to indicate bidirectional, informal influence relationships.

    Record the results in the M&A Sell Playbook.

    Categorize your stakeholders with a prioritization map

    A stakeholder prioritization map helps IT leaders categorize their stakeholders by their level of influence and ownership in the merger, acquisition, or divestiture process.

    A prioritization map of stakeholder categories split into four quadrants. The vertical axis is 'Influence', from low on the bottom to high on top. The horizontal axis is 'Ownership/Interest', from low on the left to high on the right. 'Spectators' are low influence, low ownership/interest. 'Mediators' are high influence, low ownership/interest. 'Noisemakers' are low influence, high ownership/interest. 'Players' are high influence, high ownership/interest.

    There are four areas in the map, and the stakeholders within each area should be treated differently.

    Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.

    Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.

    Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.

    Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

    1.1.4 Group stakeholders into categories

    30 minutes

    Input: Stakeholder map, Stakeholder list

    Output: Categorization of stakeholders and influencers

    Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

    Participants: IT executive leadership, Stakeholders

    1. Identify your stakeholders’ interest in and influence on the M&A process as high, medium, or low by rating the attributes below.
    2. Map your results to the model to the right to determine each stakeholder’s category.

    Same prioritization map of stakeholder categories as before. This one has specific stakeholders mapped onto it. 'CFO' is mapped as low interest and middling influence, between 'Mediator' and 'Spectator'. 'CIO' is mapped as higher than average interest and high influence, a 'Player'. 'Board Member' is mapped as high interest and high influence, a 'Player'.

    Level of Influence
    • Power: Ability of a stakeholder to effect change.
    • Urgency: Degree of immediacy demanded.
    • Legitimacy: Perceived validity of stakeholder’s claim.
    • Volume: How loud their “voice” is or could become.
    • Contribution: What they have that is of value to you.
    Level of Interest

    How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

    Record the results in the M&A Sell Playbook.

    Prioritize your stakeholders

    There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

    Level of Support

    Supporter

    Evangelist

    Neutral

    Blocker
    Stakeholder Category Player Critical High High Critical
    Mediator Medium Low Low Medium
    Noisemaker High Medium Medium High
    Spectator Low Irrelevant Irrelevant Low

    Consider the three dimensions for stakeholder prioritization: influence, interest, and support. Support can be determined by answering the following question: How significant is that stakeholder to the M&A or divestiture process?

    These parameters are used to prioritize which stakeholders are most important and should receive your focused attention.

    1.1.5 Prioritize your stakeholders

    30 minutes

    Input: Stakeholder matrix

    Output: Stakeholder and influencer prioritization

    Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

    Participants: IT executive leadership, M&A/divestiture stakeholders

    1. Identify the level of support of each stakeholder by answering the following question: How significant is that stakeholder to the M&A transaction process?
    2. Prioritize your stakeholders using the prioritization scheme on the previous slide.

    Stakeholder

    Category

    Level of Support

    Prioritization
    CMO Spectator Neutral Irrelevant
    CIO Player Supporter Critical

    Record the results in the M&A Sell Playbook.

    Define strategies for engaging stakeholders by type

    A revisit to the map of stakeholder categories, but with strategies listed for each one, and arrows on the side instead of an axis. The vertical arrow is 'Authority', which increases upward, and the horizontal axis is Ownership/Interest which increases as it moves to the right. The strategy for 'Players' is 'Engage', for 'Mediators' is 'Satisfy', for 'Noisemakers' is 'Inform', and for 'Spectators' is 'Monitor'.

    Type

    Quadrant

    Actions
    Players High influence, high interest – actively engage Keep them updated on the progress of the project. Continuously involve Players in the process and maintain their engagement and interest by demonstrating their value to its success.
    Mediators High influence, low interest – keep satisfied They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.
    Noisemakers Low influence, high interest – keep informed Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
    Spectators Low influence, low interest – monitor They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    Info-Tech Insight

    Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying stakeholder groups, the IT executive leader can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of Mediators and Players are met.

    1.1.6 Plan to communicate

    30 minutes

    Input: Stakeholder priority, Stakeholder categorization, Stakeholder influence

    Output: Stakeholder communication plan

    Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

    Participants: IT executive leadership, M&A/divestiture stakeholders

    The purpose of this activity is to make a communication plan for each of the stakeholders identified in the previous activities, especially those who will have a critical role in the M&A transaction process.

    1. In the M&A Sell Playbook, input the type of influence each stakeholder has on IT, how they would be categorized in the M&A process, and their level of priority. Use this information to create a communication plan.
    2. Determine the methods and frequency of communication to keep the necessary stakeholder satisfied and maintain or enhance IT’s profile within the organization.

    Record the results in the M&A Sell Playbook.

    Proactive

    Step 1.2

    Assess IT’s Current Value and Method to Achieve a Future State

    Activities

    • 1.2.1 Valuate IT
    • 1.2.2 Assess the IT/digital strategy

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical stakeholders to M&A

    Outcomes of Step

    Identify critical opportunities to optimize IT and meet strategic business goals through a merger, acquisition, or divestiture.

    How to valuate your IT environment

    And why it matters so much

    • Valuating your current organization’s IT environment is a critical step that all IT organizations should take, whether involved in an M&A or not, to fully understand what it might be worth.
    • The business investments in IT can be directly translated into a value amount. For every $1 invested in IT, the business might be gaining $100 in value back or possibly even loosing $100.
    • Determining, documenting, and communicating this information ensures that the business takes IT’s suggestions seriously and recognizes why investing in IT is so critical.
    • There are three ways a business or asset can be valuated:
      • Cost Approach: Look at the costs associated with building, purchasing, replacing, and maintaining a given aspect of the business.
      • Market Approach: Look at the relative value of a particular aspect of the business. Relative value can fluctuate and depends on what the markets and consequently society believe that particular element is worth.
      • Discounted Cash Flow Approach: Focus on what the potential value of the business could be or the intrinsic value anticipated due to future profitability.
      • (Source: “Valuation Methods,” Corporate Finance Institute)

    Four ways to create value through digital

    1. Reduced costs
    2. Improved customer experience
    3. New revenue sources
    4. Better decision making
      5. (Source: McKinsey & Company)

    1.2.1 Valuate IT

    1 day

    Input: Valuation of data, Valuation of applications, Valuation of infrastructure and operations, Valuation of security and risk

    Output: Valuation of IT

    Materials: Relevant templates/tools listed on the following slides, Capital budget, Operating budget, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership

    The purpose of this activity is to demonstrate that IT is not simply an operational functional area that diminishes business resources. Rather, IT contributes significant value to the business.

    1. Review each of the following slides to valuate IT’s data, applications, infrastructure and operations, and security and risk. These valuations consider several tangible and intangible factors and result in a final dollar amount.
    2. Input the financial amounts identified for each critical area into a summary slide. Use this information to determine where IT is delivering value to the organization.

    Info-Tech Insight

    Consistency is key when valuating your IT organization as well as other IT organizations throughout the transaction process.

    Record the results in the M&A Sell Playbook.

    Data valuation

    Data valuation identifies how you monetize the information that your organization owns.

    Create a data value chain for your organization

    When valuating the information and data that exists in an organization, there are many things to consider.

    Info-Tech has two tools that can support this process:

    1. Information Asset Audit Tool: Use this tool first to take inventory of the different information assets that exist in your organization.
    2. Data Valuation Tool: Once information assets have been accounted for, valuate the data that exists within those information assets.

    Data Collection

    Insight Creation

    Value Creation

    Data Valuation
    01 Data Source
    02 Data Collection Method
    03 Data     		04 Data Analysis
    05 Insight
    06 Insight Delivery     		07 Consumer
    08 Value in Data     		09 Value Dimension
    10 Value Metrics Group
    11 Value Metrics
    Screenshots of Tab 2 of Info-Tech's Data Valuation Tool.

    Instructions

    1. Using the Data Valuation Tool, start gathering information based on the eight steps above to understand your organization’s journey from data to value.
    2. Identify the data value spectrum. (For example: customer sales service, citizen licensing service, etc.)
    3. Fill out the columns for data sources, data collection, and data first.
    4. Capture data analysis and related information.
    5. Then capture the value in data.
    6. Add value dimensions such as usage, quality, and economic dimensions.
      • Remember that economic value is not the only dimension, and usage/quality has a significant impact on economic value.
    7. Collect evidence to justify your data valuation calculator (market research, internal metrics, etc.).
    8. Finally, calculate the value that has a direct correlation with underlying value metrics.

    Application valuation

    Calculate the value of your IT applications

    When valuating the applications and their users in an organization, consider using a business process map. This shows how business is transacted in the company by identifying which IT applications support these processes and which business groups have access to them. Info-Tech has a business process mapping tool that can support this process:

    • Enterprise Integration Process Mapping Tool: Complete this tool first to map the different business processes to the supporting applications in your organization.

    Instructions

    1. Start by calculating user costs. This is the multiplication of: (# of users) × (% of time spent using IT) × (fully burdened salary).
    2. Identify the revenue per employee and divide that by the average cost per employee to calculate the derived productivity ratio (DPR).
    3. Once you have calculated the user costs and DPR, multiply those total values together to get the application value.

      4. User Costs

      Total User Costs

      Derived Productivity Ratio (DPR)

      Total DPR

      Application Value
      # of users % time spent using IT Fully burdened salary Multiply values from the 3 user costs columns Revenue per employee Average cost per employee (Revenue P.E) ÷ (Average cost P.E) (User costs) X (DPR)

    4. Once the total application value is established, calculate the combined IT and business costs of delivering that value. IT and business costs include inflexibility (application maintenance), unavailability (downtime costs, including disaster exposure), IT costs (common costs statistically allocated to applications), and fully loaded cost of active (full-time equivalent [FTE]) users.
    5. Calculate the net value of applications by subtracting the total IT and business costs from the total application value calculated in step 3.

      6. IT and Business Costs

      Total IT and Business Costs

      Net Value of Applications
      Application maintenance Downtime costs (include disaster exposure) Common costs allocated to applications Fully loaded costs of active (FTE) users Sum of values from the four IT and business costs columns (Application value) – (IT and business costs)

    (Source: CSO)

    Infrastructure valuation

    Assess the foundational elements of the business’ information technology

    The purpose of this exercise is to provide a high-level infrastructure valuation that will contribute to valuating your IT environment.

    Calculating the value of the infrastructure will require different methods depending on the environment. For example, a fully cloud-hosted organization will have different costs than a fully on-premises IT environment.

    Instructions:

    1. Start by listing all of the infrastructure-related items that are relevant to your organization.
    2. Once you have finalized your items column, identify the total costs/value of each item.
      • For example, total software costs would include servers and storage.
    3. Calculate the total cost/value of your IT infrastructure by adding all of values in the right column.

    Item

    Costs/Value
    Hardware Assets Total Value +$3.2 million
    Hardware Leased/Service Agreement -$
    Software Purchased +$
    Software Leased/Service Agreement -$
    Operational Tools
    Network
    Disaster Recovery
    Antivirus
    Data Centers
    Service Desk
    Other Licenses
    Total:

    For additional support, download the M&A Runbook for Infrastructure and Operations.

    Risk and security

    Assess risk responses and calculate residual risk

    The purpose of this exercise is to provide a high-level risk assessment that will contribute to valuating your IT environment. For a more in-depth risk assessment, please refer to the Info-Tech tools below:

    1. Risk Register Tool
    2. Security M&A Due Diligence Tool
      3.

    Instructions

    1. Review the probability and impact scales below and ensure you have the appropriate criteria that align to your organization before you conduct a risk assessment.
    2. Identify the probability of occurrence and estimated financial impact for each risk category detail and fill out the table on the right. Customize the table as needed so it aligns to your organization.

      3. Probability of Risk Occurrence

      Occurrence Criteria
      (Classification; Probability of Risk Event Within One Year)

      Negligible Very Unlikely; ‹20%
      Very Low Unlikely; 20 to 40%
      Low Possible; 40 to 60%
      Moderately Low Likely; 60 to 80%
      Moderate Almost Certain; ›80%

    Note: If needed, you can customize this scale with the severity designations that you prefer. However, make sure you are always consistent with it when conducting a risk assessment.

    Financial & Reputational Impact

    Budgetary and Reputational Implications
    (Financial Impact; Reputational Impact)
    Negligible (‹$10,000; Internal IT stakeholders aware of risk event occurrence)
    Very Low ($10,000 to $25,000; Business customers aware of risk event occurrence)
    Low ($25,000 to $50,000; Board of directors aware of risk event occurrence)
    Moderately Low ($50,000 to $100,000; External customers aware of risk event occurrence)
    Moderate (›$100,000; Media coverage or regulatory body aware of risk event occurrence)

    Risk Category Details

    Probability of Occurrence

    Estimated Financial Impact

    Estimated Severity (Probability X Impact)
    Capacity Planning
    Enterprise Architecture
    Externally Originated Attack
    Hardware Configuration Errors
    Hardware Performance
    Internally Originated Attack
    IT Staffing
    Project Scoping
    Software Implementation Errors
    Technology Evaluation and Selection
    Physical Threats
    Resource Threats
    Personnel Threats
    Technical Threats
    Total:

    1.2.2 Assess the IT/digital strategy

    4 hours

    Input: IT strategy, Digital strategy, Business strategy

    Output: An understanding of an executive business stakeholder’s perception of IT, Alignment of IT/digital strategy and overall organization strategy

    Materials: Computer, Whiteboard and markers, M&A Sell Playbook

    Participants: IT executive/CIO, Business executive/CEO

    The purpose of this activity is to review the business and IT strategies that exist to determine if there are critical capabilities that are not being supported.

    Ideally, the IT and digital strategies would have been created following development of the business strategy. However, sometimes the business strategy does not directly call out the capabilities it requires IT to support.

    1. On the left half of the corresponding slide in the M&A Sell Playbook, document the business goals, initiatives, and capabilities. Input this information from the business or digital strategies. (If more space for goals, initiatives, or capabilities is needed, duplicate the slide).
    2. On the other half of the slide, document the IT goals, initiatives, and capabilities. Input this information from the IT strategy and digital strategy.

    For additional support, see Build a Business-Aligned IT Strategy.

    Record the results in the M&A Sell Playbook.

    Proactive

    Step 1.3

    Drive Innovation and Suggest Growth Opportunities

    Activities

    • 1.3.1 Determine pain points and opportunities
    • 1.3.2 Align goals with opportunities
    • 1.3.3 Recommend reduction opportunities

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical M&A stakeholders

    Outcomes of Step

    Establish strong relationships with critical M&A stakeholders and position IT as an innovative business partner that can suggest reduction opportunities.

    1.3.1 Determine pain points and opportunities

    1-2 hours

    Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade

    Output: List of pain points or opportunities that IT can address

    Materials: Computer, Whiteboard and markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Business stakeholders

    The purpose of this activity is to determine the pain points and opportunities that exist for the organization. These can be external or internal to the organization.

    1. Identify what opportunities exist for your organization. Opportunities are the potential positives that the organization would want to leverage.
    2. Next, identify pain points, which are the potential negatives that the organization would want to alleviate.
    3. Spend time considering all the options that might exist, and keep in mind what has been identified previously.

    Opportunities and pain points can be trends, other departments’ initiatives, business perspectives of IT, etc.

    Record the results in the M&A Sell Playbook.

    1.3.2 Align goals with opportunities

    1-2 hours

    Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade, List of pain points and opportunities

    Output: An understanding of an executive business stakeholder’s perception of IT, Foundations for reduction strategy

    Materials: Computer, Whiteboard and markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Business stakeholders

    The purpose of this activity is to determine whether a growth or separation strategy might be a good suggestion to the business in order to meet its business objectives.

    1. For the top three to five business goals, consider:
      1. Underlying drivers
      2. Digital opportunities
      3. Whether a growth or reduction strategy is the solution
    2. Just because a growth or reduction strategy is a solution for a business goal does not necessarily indicate M&A is the way to go. However, it is important to consider before you pursue suggesting M&A.

    Record the results in the M&A Sell Playbook.

    1.3.3 Recommend reduction opportunities

    1-2 hours

    Input: Growth or separation strategy opportunities to support business goals, Stakeholder communication plan, Rationale for the suggestion

    Output: M&A transaction opportunities suggested

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO, Business executive/CEO

    The purpose of this activity is to recommend a merger, acquisition, or divestiture to the business.

    1. Identify which of the business goals the transaction would help solve and why IT is the one to suggest such a goal.
    2. Leverage the stakeholder communication plan identified previously to give insight into stakeholders who would have a significant level of interest, influence, or support in the process.

    Info-Tech Insight

    With technology and digital driving many transactions, leverage your organizations’ IT environment as an asset and reason why the divestiture or sale should happen, suggesting the opportunity yourself.

    Record the results in the M&A Sell Playbook.

    By the end of this Proactive phase, you should:

    Be prepared to suggest M&A opportunities to support your company’s goals through sale or divestiture transactions

    Key outcome from the Proactive phase

    Develop progressive relationships and strong communication with key stakeholders to suggest or be aware of transformational opportunities that can be achieved through sale or divestiture strategies.

    Key deliverables from the Proactive phase
    • Business perspective of IT examined
    • Key stakeholders identified and relationship to the M&A process outlined
    • Ability to valuate the IT environment and communicate IT’s value to the business
    • Assessment of the business, digital, and IT strategies and how M&As could support those strategies
    • Pain points and opportunities that could be alleviated or supported through an M&A transaction
    • Sale or divestiture recommendations

    The Sell Blueprint

    Phase 2

    Discovery & Strategy

    Phase 1

    Phase 2

    		Phase 3Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Reduction Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Separation or Sale
    • 3.1 Engage in Due Diligence and Prepare Staff
    • 3.2 Prepare to Separate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Create the mission and vision
    • Identify the guiding principles
    • Create the future-state operating model
    • Determine the transition team
    • Document the M&A governance
    • Create program metrics
    • Establish the separation strategy
    • Conduct a RACI
    • Create the communication plan
    • Assess the potential organization(s)

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Establish the Transaction FoundationDiscover the Motivation for Divesting or SellingFormalize the Program PlanCreate the Valuation FrameworkStrategize the TransactionNext Steps and Wrap-Up (offsite)

    Activities

    • 0.1 Conduct the CIO Business Vision and CEO-CIO Alignment diagnostics
    • 0.2 Identify key stakeholders and outline their relationship to the M&A process
    • 0.3 Identify the rationale for the company's decision to pursue a divestiture or sale
    • 1.1 Review the business rationale for the divestiture/sale
    • 1.2 Assess the IT/digital strategy
    • 1.3 Identify pain points and opportunities tied to the divestiture/sale
    • 1.4 Create the IT vision statement, create the IT mission statement, and identify IT guiding principles
    • 2.1 Create the future-state operating model
    • 2.2 Determine the transition team
    • 2.3 Document the M&A governance
    • 2.4 Establish program metrics
    • 3.1 Valuate your data
    • 3.2 Valuate your applications
    • 3.3 Valuate your infrastructure
    • 3.4 Valuate your risk and security
    • 3.5 Combine individual valuations to make a single framework
    • 4.1 Establish the separation strategy
    • 4.2 Conduct a RACI
    • 4.3 Review best practices for assessing target organizations
    • 4.4 Create the communication plan
    • 5.1 Complete in-progress deliverables from previous four days
    • 5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables

    1. Business perspectives of IT
    2. Stakeholder network map for M&A transactions
    1. Business context implications for IT
    2. IT’s divestiture/sale strategic direction
    1. Operating model for future state
    2. Transition team
    3. Governance structure
    4. M&A program metrics
    1. IT valuation framework
    1. Separation strategy
    2. RACI
    3. Communication plan
    1. Completed M&A program plan and strategy
    2. Prepared to assess target organization(s)

    What is the Discovery & Strategy phase?

    Pre-transaction state

    The Discovery & Strategy phase during a sale or divestiture is a unique opportunity for many IT organizations. IT organizations that can participate in the transaction at this stage are likely considered a strategic partner of the business.

    For one-off sales/divestitures, IT being invited during this stage of the process is rare. However, for organizations that are preparing to engage in many divestitures over the coming years, this type of strategy will greatly benefit from IT involvement. Again, the likelihood of participating in an M&A transaction is increasing, making it a smart IT leadership decision to, at the very least, loosely prepare a program plan that can act as a strategic pillar throughout the transaction.

    During this phase of the pre-transaction state, IT may be asked to participate in ensuring that the IT environment is able to quickly and easily carve out components/business lines and deliver on service-level agreements (SLAs).

    Goal: To identify a repeatable program plan that IT can leverage when selling or divesting all or parts of the current IT environment, ensuring customer satisfaction and business continuity

    Discovery & Strategy Prerequisite Checklist

    Before coming into the Discovery & Strategy phase, you should have addressed the following:

    • Understand the business perspective of IT.
    • Know the key stakeholders and have outlined their relationship to the M&A process.
    • Be able to valuate the IT environment and communicate IT's value to the business.
    • Understand the rationale for the company's decision to pursue a sale or divestiture and the opportunities or pain points the sale should address.

    Discovery & Strategy

    Step 2.1

    Establish the M&A Program Plan

    Activities

    • 2.1.1 Create the mission and vision
    • 2.1.2 Identify the guiding principles
    • 2.1.3 Create the future-state operating model
    • 2.1.4 Determine the transition team
    • 2.1.5 Document the M&A governance
    • 2.1.6 Create program metrics

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Outcomes of Step

    Establish an M&A program plan that can be repeated across sales/divestitures.

    The vision and mission statements clearly articulate IT’s aspirations and purpose

    The IT vision statement communicates a desired future state of the IT organization, whereas the IT mission statement portrays the organization’s reason for being. While each serves its own purpose, they should both be derived from the business context implications for IT.

    Vision Statements

    Mission Statements

    Characteristics
    • Describe a desired future
    • Focus on ends, not means
    • Concise
    • Aspirational
    • Memorable
    • Articulate a reason for existence
    • Focus on how to achieve the vision
    • Concise
    • Easy to grasp
    • Sharply focused
    • Inspirational

    Samples

    		 To be a trusted advisor and partner in enabling business innovation and growth through an engaged IT workforce. (Source: Business News Daily) IT is a cohesive, proactive, and disciplined team that delivers innovative technology solutions while demonstrating a strong customer-oriented mindset. (Source: Forbes, 2013)

    2.1.1 Create the mission and vision statements

    2 hours

    Input: Business objectives, IT capabilities, Rationale for the transaction

    Output: IT’s mission and vision statements for reduction strategies tied to mergers, acquisitions, and divestitures

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create mission and vision statements that reflect IT’s intent and method to support the organization as it pursues a reduction strategy.

    1. Review the definitions and characteristics of mission and vision statements.
    2. Brainstorm different versions of the mission and vision statements.
    3. Edit the statements until you get to a single version of each that accurately reflects IT’s role in the reduction process.

    Record the results in the M&A Sell Playbook.

    Guiding principles provide a sense of direction

    IT guiding principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting IT investment portfolio management, solution development, and procurement decisions.

    A diagram illustrating the place of 'IT guiding principles' in the process of making 'Decisions on the use of IT'. There are four main items, connecting lines naming the type of process in getting from one step to the next, and a line underneath clarifying the questions asked at each step. On the far left, over the question 'What decisions should be made?', is 'Business context and IT implications'. This flows forward to 'IT guiding principles', and they are connected by 'Influence'. Next, over the question 'How should decisions be made?', is the main highlighted section. 'IT guiding principles' flows forward to 'Decisions on the use of IT', and they are connected by 'Guide and inform'. On the far right, over the question 'Who has the accountability and authority to make decisions?', is 'IT policies'. This flows back to 'Decisions on the use of IT', and they are connected by 'Direct and control'.

    IT principles must be carefully constructed to make sure they are adhered to and relevant

    Info-Tech has identified a set of characteristics that IT principles should possess. These characteristics ensure the IT principles are relevant and followed in the organization.

    Approach focused. IT principles should be focused on the approach – how the organization is built, transformed, and operated – as opposed to what needs to be built, which is defined by both functional and non-functional requirements.

    Business relevant. Create IT principles that are specific to the organization. Tie IT principles to the organization’s priorities and strategic aspirations.

    Long lasting. Build IT principles that will withstand the test of time.

    Prescriptive. Inform and direct decision making with actionable IT principles. Avoid truisms, general statements, and observations.

    Verifiable. If compliance can’t be verified, people are less likely to follow the principle.

    Easily Digestible. IT principles must be clearly understood by everyone in IT and by business stakeholders. IT principles aren’t a secret manuscript of the IT team. IT principles should be succinct; wordy principles are hard to understand and remember.

    Followed. Successful IT principles represent a collection of beliefs shared among enterprise stakeholders. IT principles must be continuously communicated to all stakeholders to achieve and maintain buy-in.

    In organizations where formal policy enforcement works well, IT principles should be enforced through appropriate governance processes.

    Consider the example principles below

    IT Principle Name

    IT Principle Statement
    1. Risk Management We will ensure that the organization’s IT Risk Management Register is properly updated to reflect all potential risks and that a plan of action against those risks has been identified.
    2. Transparent Communication We will ensure employees are spoken to with respect and transparency throughout the transaction process.
    3. Separation for Success We will create a carve-out strategy that enables the organization and clearly communicates the resources required to succeed.
    4. Managed Data We will handle data creation, modification, separation, and use across the enterprise in compliance with our data governance policy.
    5.Deliver Better Customer Service We will reduce the number of products offered by IT, enabling a stronger focus on specific products or elements to increase customer service delivery.
    6. Compliance With Laws and Regulations We will operate in compliance with all applicable laws and regulations for both our organization and the potentially purchasing organization.
    7. Defined Value We will create a plan of action that aligns with the organization’s defined value expectations.
    8. Network Readiness We will ensure that employees and customers have immediate access to the network with minimal or no outages.
    9. Value Generator We will leverage the current IT people, processes, and technology to turn the IT organization into a value generator by developing and selling our services to purchasing organizations.

    2.1.2 Identify the guiding principles

    2 hours

    Input: Business objectives, IT capabilities, Rationale for the transaction, Mission and vision statements

    Output: IT’s guiding principles for reduction strategies tied to mergers, acquisitions, and divestitures

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create the guiding principles that will direct the IT organization throughout the reduction strategy process.

    1. Review the role of guiding principles and the examples of guiding principles that organizations have used.
    2. Brainstorm different versions of the guiding principles. Each guiding principle should start with the phrase “We will…”
    3. Edit and consolidate the statements until you have a list of approximately eight to ten statements that accurately reflect IT’s role in the reduction process.
    4. Review the guiding principles every six months to ensure they continue to support the delivery of the business’ reduction strategy goals.

    Record the results in the M&A Sell Playbook.

    Create two IT teams to support the transaction

    IT M&A Transaction Team

    • The IT M&A Transaction Team should consist of the strongest members of the IT team who can be expected to deliver on unusual or additional tasks not asked of them in normal day-to-day operations.
    • The roles selected for this team will have very specific skills sets or deliver on critical separation capabilities, making their involvement in the combination of two or more IT environments paramount.
    • These individuals need to have a history of proving themselves very trustworthy, as they will likely be required to sign an NDA as well.
    • Expect to have to certain duplicate capabilities or roles across the M&A Team and Operational Team.

    IT Operational Team

    • This group is responsible for ensuring the business operations continue.
    • These employees might be those who are newer to the organization but can be counted on to deliver consistent IT services and products.
    • The roles of this team should ensure that end users or external customers remain satisfied.

    Key capabilities to support M&A

    Consider the following capabilities when looking at who should be a part of the IT Transaction Team.

    Employees who have a significant role in ensuring that these capabilities are being delivered will be a top priority.

    Infrastructure & Operations

    • System Separation
    • Data Management
    • Helpdesk/Desktop Support
    • Cloud/Server Management

    Business Focus

    • Service-Level Management
    • Enterprise Architecture
    • Stakeholder Management
    • Project Management

    Risk & Security

    • Privacy Management
    • Security Management
    • Risk & Compliance Management

    Build a lasting and scalable operating model

    An operating model is an abstract visualization, used like an architect’s blueprint, that depicts how structures and resources are aligned and integrated to deliver on the organization’s strategy.

    It ensures consistency of all elements in the organizational structure through a clear and coherent blueprint before embarking on detailed organizational design.

    The visual should highlight which capabilities are critical to attaining strategic goals and clearly show the flow of work so that key stakeholders can understand where inputs flow in and outputs flow out of the IT organization.

    As you assess the current operating model, consider the following:

    • Does the operating model contain all the necessary capabilities your IT organization requires to be successful?
    • What capabilities should be duplicated?
    • Are there individuals with the skill set to support those roles? If not, is there a plan to acquire or develop those skills?
    • A dedicated project team strictly focused on M&A is great. However, is it feasible for your organization? If not, what blockers exist?
    A diagram with 'Initiatives' and 'Solutions' on the left and right of an area chart, 'Customer' at the top, the area between them labelled 'Functional Area n', and six horizontal bars labelled 'IT Capability' stacked on top of each other. The 'IT Capability' bars are slightly skewed to the 'Solutions' side of the chart.

    Info-Tech Insight

    Investing time up-front getting the operating model right is critical. This will give you a framework to rationalize future organizational changes, allowing you to be more iterative and allowing your model to change as the business changes.

    2.1.3 Create the future-state operating model

    4 hours

    Input: Current operating model, IT strategy, IT capabilities, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

    Output: Future-state operating model for divesting organizations

    Materials: Operating model, Capability overlay, Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to establish what the future-state operating model will be if your organization needs to adjust to support a divestiture transaction. If your organization plans to sell in its entirety, you may choose to skip this activity.

    1. Ensuring that all the IT capabilities are identified by the business and IT strategy, document your organization’s current operating model.
    2. Identify what core capabilities would be critical to the divesting transaction process and separation. Highlight and make copies of those capabilities in the M&A Sell Playbook. As a result of divesting, there may also be capabilities that will become irrelevant in your future state.
    3. Ensure the capabilities that will be decentralized are clearly identified. Decentralized capabilities do not exist within the central IT organization but rather in specific lines of businesses, products, or locations to better understand needs and deliver on the capability.

    An example operating model is included in the M&A Sell Playbook. This process benefits from strong reference architecture and capability mapping ahead of time.

    Record the results in the M&A Sell Playbook.

    2.1.4 Determine the transition team

    3 hours

    Input: IT capabilities, Future-state operating model, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

    Output: Transition team

    Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a team that will support your IT organization throughout the transaction. Determining which capabilities and therefore which roles will be required ensures that the business will continue to get the operational support it needs.

    1. Based on the outcome of activity 2.1.3, review the capabilities that your organization will require on the transition team. Group capabilities into functional groups containing capabilities that are aligned well with one another because they have similar responsibilities and functionalities.
    2. Replace the capabilities with roles. For example, stakeholder management, requirements gathering, and project management might be one functional group. Project management and stakeholder management might combine to create a project manager role.
    3. Review the examples in the M&A Sell Playbook and identify which roles will be a part of the transition team.

    For more information, see Redesign Your Organizational Structure

    What is governance?

    And why does it matter so much to IT and the M&A process?

    • Governance is the method in which decisions get made, specifically as they impact various resources (time, money, and people).
    • Because M&A is such a highly governed transaction, it is important to document the governance bodies that exist in your organization.
    • This will give insight into what types of governing bodies there are, what decisions they make, and how that will impact IT.
    • For example, funds to support separation need to be discussed, approved, and supplied to IT from a governing body overseeing the acquisition.
    • A highly mature IT organization will have automated governance, while a seemingly non-existent governance process will be considered ad hoc.
    A pyramid with four levels representing the types of governing bodies that are available with differing levels of IT maturity. An arrow beside the pyramid points upward. The bottom of the arrow is labelled 'Traditional (People and document centric)' and the top is labelled 'Adaptive (Data centric)'. Starting at the bottom of the pyramid is level 1 'Ad Hoc Governance', 'Governance that is not well defined or understood within the organization. It occurs out of necessity but often not by the right people'. Level 2 is 'Controlled Governance', 'Governance focused on compliance and decisions driven by hierarchical authority. Levels of authority are defined and often driven by regulatory'. Level 3 is 'Agile Governance', 'Governance that is flexible to support different needs and quick response in the organization. Driven by principles and delegated throughout the company'. At the top of the pyramid is level 4 'Automated Governance', 'Governance that is entrenched and automated into organizational processes and product/service design. Empowered and fully delegated governance to maintain fit and drive organizational success and survival'.

    2.1.5 Document M&A governance

    1-2 hours

    Input: List of governing bodies, Governing body committee profiles, Governance structure

    Output: Documented method on how decisions are made as it relates to the M&A transaction

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine the method in which decisions are made throughout the M&A transaction as it relates to IT. This will require understanding both governing bodies internal to IT and those external to IT.

    1. First, determine the other governance structures within the organization that will impact the decisions made about M&A. List out these bodies or committees.
    2. Create a profile for each committee that looks at the membership, purpose of the committee, decision areas (authority), and the process of inputs and outputs. Ensure IT committees that will have a role in this process are also documented. Consider the benefits realized, risks, and resources required for each.
    3. Organize the committees into a structure, identifying the committees that have a role in defining the strategy, designing and building, and running.

    Record the results in the M&A Sell Playbook.

    Current-state structure map – definitions of tiers

    Strategy: These groups will focus on decisions that directly connect to the strategic direction of the organization.

    Design & Build: The second tier of groups will oversee prioritization of a certain area of governance as well as design and build decisions that feed into strategic decisions.

    Run: The lowest level of governance will be oversight of more-specific initiatives and capabilities within IT.

    Expect tier overlap. Some committees will operate in areas that cover two or three of these governance tiers.

    Measure the IT program’s success in terms of its ability to support the business’ M&A goals

    Upper management will measure IT’s success based on your ability to support the underlying reasons for the M&A. Using business metrics will help assure business stakeholders that IT understands their needs and is working with the business to achieve them.

    Business-Specific Metrics

    • Revenue Growth: Increase in the top line as seen by market expansion, product expansion, etc. by percentage/time.
    • Synergy Extraction: Reduction in costs as determined by the ability to identify and eliminate redundancies over time.
    • Profit Margin Growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs over time.

    IT-Specific Metrics

    • IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure over time.
    • Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
    • Meeting or improving on IT budget estimates: Delivering successful IT separation on a budget that is the same or lower than the budget estimated during due diligence.
    • Meeting or improving on IT time-to-separation estimates: Delivering successful IT carve-out on a timeline that is the same or shorter than the timeline estimated during due diligence.
    • Business capability support: Delivering the end state of IT that supports the expected business capabilities and growth.

    Establish your own metrics to gauge the success of IT

    Establish SMART M&A Success Metrics

    S pecific Make sure the objective is clear and detailed.
    M easurable Objectives are measurable if there are specific metrics assigned to measure success. Metrics should be objective.
    A ctionable Objectives become actionable when specific initiatives designed to achieve the objective are identified.
    R ealistic Objectives must be achievable given your current resources or known available resources.
    T ime-Bound An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.
    • What should IT consider when looking to identify potential additions, deletions, or modifications that will either add value to the organization or reduce costs/risks?
    • Provide a definition of synergies.
    • IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure.
    • Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
    • Meeting or improving on IT budget estimates: Delivering successful IT separation on a budget that is the same or lower than the budget estimated during due diligence.
    • Meeting or improving on IT time-to-separation estimates: Delivering successful IT carve-out on a timeline that is the same or shorter than the timeline estimated during due diligence.
    • Revenue growth: Increase in the top line as a result, as seen by market expansion, product expansion, etc., as a result of divesting lines of the business and selling service-level agreements to the purchasing organization.
    • Synergy extraction: Reduction in costs, as determined by the ability to identify and eliminate redundancies.
    • Profit margin growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs.

    Metrics for each phase

    1. Proactive

    2. Discovery & Strategy

    3. Valuation & Due Diligence

    4. Execution & Value Realization

    • % Share of business innovation spend from overall IT budget
    • % Critical processes with approved performance goals and metrics
    • % IT initiatives that meet or exceed value expectation defined in business case
    • % IT initiatives aligned with organizational strategic direction
    • % Satisfaction with IT's strategic decision-making abilities
    • $ Estimated business value added through IT-enabled innovation
    • % Overall stakeholder satisfaction with IT
    • % Percent of business leaders that view IT as an Innovator
    • % IT budget as a percent of revenue
    • % Assets that are not allocated
    • % Unallocated software licenses
    • # Obsolete assets
    • % IT spend that can be attributed to the business (chargeback or showback)
    • % Share of CapEx of overall IT budget
    • % Prospective organizations that meet the search criteria
    • $ Total IT cost of ownership (before and after M&A, before and after rationalization)
    • % Business leaders that view IT as a Business Partner
    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target
    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT separation
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    2.1.6 Create program metrics

    1-2 hours

    Input: IT capabilities, Mission, vision, and guiding principles, Rationale for the acquisition

    Output: Program metrics to support IT throughout the M&A process

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine how IT’s success throughout a growth transaction will be measured and determined.

    1. Document a list of appropriate metrics on the whiteboard. Remember to include metrics that demonstrate the business impact. You can use the sample metrics listed on the previous slide as a starting point.
    2. Set a target and deadline for each metric. This will help the group determine when it is time to evaluate progression.
    3. Establish a baseline for each metric based on information collected within your organization.
    4. Assign an owner for tracking each metric as well as someone to be accountable for performance.

    Record the results in the M&A Sell Playbook.

    Discovery & Strategy

    Step 2.2

    Prepare IT to Engage in the Separation or Sale

    Activities

    • 2.2.1 Establish the separation strategy
    • 2.2.2 Conduct a RACI
    • 2.2.3 Create the communication plan
    • 2.2.4 Assess the potential organization(s)

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Outcomes of Step

    Identify IT’s plan of action when it comes to the separation/sale and align IT’s separation/sale strategy with the business’ M&A strategy.

    Separation strategies

    There are several IT separation strategies that will let you achieve your target technology environment.

    IT Separation Strategies
    • Divest. Carve out elements of the IT organization and sell them to a purchasing organization with or without a service-level agreement.
    • Sell. Sell the entire IT environment to a purchasing organization. The purchasing organization takes full responsibility in delivering and running the IT environment.
    • Spin-Off Joint Venture. Carve out elements of the IT organization and combine them with elements of a new or purchasing organization to create a new entity.

    The approach IT takes will depend on the business objectives for the M&A.

    • Generally speaking, the separation strategy is well understood and influenced by the frequency of and rationale for selling.
    • Based on the initiatives generated by each business process owner, you need to determine the IT separation strategy that will best support the desired target technology environment, especially if you are still operating or servicing elements of that IT environment.

    Key considerations when choosing an IT separation strategy include:

    • What are the main business objectives of the M&A?
    • What are the key synergies expected from the transaction?
    • What IT separation strategy best helps obtain these benefits?
    • What opportunities exist to position the business for sustainable and long-term growth?

    Separation strategies in detail

    Review highlights and drawbacks of different separation strategies

    Divest
      Highlights
    • Recommended for businesses striving to reduce costs and potentially even generate revenue for the business through the delivery of SLAs.
    • Opportunity to reduce or scale back on lines of business or products that are not driving profits.
      Drawbacks
    • May be forced to give up critical staff that have been known to deliver high value.
    • The IT department is left to deliver services to the purchasing organization with little support or consideration from the business.
    • There can be increased risk and security concerns that need to be addressed.
    Sell
      Highlights
    • Recommended for businesses looking to gain capital to exit the market profitably or to enter a new market with a large sum of capital.
    • The business will no longer exist, and as a result all operational costs, including IT, will become redundant.
      Drawbacks
    • IT is no longer needed as an operating or capital service for the organization.
    • Lost resources, including highly trained and critical staff.
    • May require packaging employees off and using the profit or capital generated to cover any closing costs.
    Spin-Off or Joint Venture
      Highlights
    • Recommended for businesses looking to expand their market presence or acquire new products. Essentially aligning the two organizations in the same market.
    • Each side has a unique offering but complementing capabilities.
      Drawbacks
    • As much as the organization is going through a separation from the original company, it will be going through an integration with the new company.
    • There could be differences in culture.
    • This could require a large amount of investment without a guarantee of profit or success.

    2.2.1 Establish the separation strategy

    1-2 hours

    Input: Business separation strategy, Guiding principles, M&A governance

    Output: IT’s separation strategy

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine IT’s approach to separating or selling. This approach might differ slightly from transaction to transaction. However, the businesses approach to transactions should give insight into the general separation strategy IT should adopt.

    1. Make sure you have clearly articulated the business objectives for the M&A, the technology end state for IT, and the magnitude of the overall separation.
    2. Review and discuss the highlights and drawbacks of each type of separation.
    3. Use Info-Tech’s Separation Posture Selection Framework on the next slide to select the separation posture that will appropriately enable the business. Consider these questions during your discussion:
      1. What are the main business objectives of the M&A? What key IT capabilities will need to support business objectives?
      2. What key synergies are expected from the transaction? What opportunities exist to position the business for sustainable growth?
      3. What IT separation best helps obtain these benefits?

    Record the results in the M&A Sell Playbook.

    Separation Posture Selection Framework

    Business M&A Strategy

    Resultant Technology Strategy

    M&A Magnitude (% of Seller Assets, Income, or Market Value)

    IT Separation Posture
    A. Horizontal Adopt One Model ‹100% Divest
    ›99% Sell
    B. Vertical Create Links Between Critical Systems Any Divest
    C. Conglomerate Independent Model Any Joint Venture
    Divest
    D. Hybrid: Horizontal & Conglomerate Create Links Between Critical Systems Any Divest
    Joint Venture

    M&A separation strategy

    Business M&A Strategy Resultant Technology Strategy M&A Magnitude (% of Seller Assets, Income, or Market Value) IT Separation Posture

    You may need a hybrid separation posture to achieve the technology end state.

    M&A objectives may not affect all IT domains and business functions in the same way. Therefore, the separation requirements for each business function may differ. Organizations will often choose to select and implement a hybrid separation posture to realize the technology end state.

    Each business division may have specific IT domain and capability needs that require an alternative separation strategy.

    • Example: Even when conducting a joint venture by forming a new organization, some partners might view themselves as the dominant partner and want to influence the IT environment to a greater degree.
    • Example: Some purchasing organizations will expect service-level agreements to be available for a significant period of time following the divestiture, while others will be immediately independent.

    2.2.2 Conduct a RACI

    1-2 hours

    Input: IT capabilities, Transition team, Separation strategy

    Output: Completed RACI for Transition team

    Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to identify the core accountabilities and responsibilities for the roles identified as critical to your transition team. While there might be slight variation from transaction to transaction, ideally each role should be performing certain tasks.

    1. First, identify a list of critical tasks that need to be completed to support the sale or separation. For example:
      • Communicate with the company M&A team.
      • Identify the key IT solutions that can and cannot be carved out.
      • Gather data room artifacts and provide them to acquiring organization.
    2. Next, identify at the activity level which role is accountable or responsible for each activity. Enter an A for accountable, R for responsible, or A/R for both.

    Record the results in the M&A Sell Playbook.

    Communication and change

    Prepare key stakeholders for the potential changes

    • Anytime you are starting a project or program that will depend on users and stakeholders to give up their old way of doing things, change will force people to become novices again, leading to lost productivity and added stress.
    • Change management can improve outcomes for any project where you need people to adopt new tools and procedures, comply with new policies, learn new skills and behaviors, or understand and support new processes.
    • M&As move very quickly, and it can be very difficult to keep track of which stakeholders you need to be communicating with and what you should be communicating.
    • Not all organizations embrace or resist change in the same ways. Base your change communications on your organization’s cultural appetite for change in general.
      • Organizations with a low appetite for change will require more direct, assertive communications.
      • Organizations with a high appetite for change are more suited to more open, participatory approaches.

    Three key dimensions determine the appetite for cultural change:

    • Power Distance. Refers to the acceptance that power is distributed unequally throughout the organization.
      In organizations with a high power distance, the unequal power distribution is accepted by the less powerful employees.
    • Individualism. Organizations that score high in individualism have employees who are more independent. Those who score low in individualism fall into the collectivism side, where employees are strongly tied to one another or their groups.
    • Uncertainty Avoidance. Describes the level of acceptance that an organization has toward uncertainty. Those who score high in this area find that their employees do not favor uncertain situations, while those that score low in this area find that their employees are comfortable with change and uncertainty.

    2.2.3 Create the communication plan

    1-2 hours

    Input: IT’s M&A mission, vision, and guiding principles, M&A transition team, IT separation strategy, RACI

    Output: IT’s M&A communication plan

    Materials: Flip charts/whiteboard, Markers, RACI, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a communication plan that IT can leverage throughout the initiative.

    1. Create a structured communication plan that allows for continuous communication with the integration management office, senior management, and the business functional heads.
    2. Outline key topics of communication, with stakeholders, inputs, and outputs for each topic.
    3. Review Info-Tech’s example communication plan in the M&A Sell Playbook and update it with relevant information.
    4. Does this communication plan make sense for your organization? What doesn’t make sense? Adjust the communication guide to suit your organization.

    Record the results in the M&A Sell Playbook.

    Assessing potential organizations

    As soon as you have identified organizations to consider, it’s imperative to assess critical risks. Most IT leaders can attest that they will receive little to no notice when the business is pursuing a sale and IT has to assess the IT organization. As a result, having a standardized template to quickly assess the potential acquiring organization is important.

    Ways to Assess

    1. News: Assess what sort of news has been announced in relation to the organization. Have they had any risk incidents? Has a critical vendor announced working with them?
    2. LinkedIn: Scan through the LinkedIn profiles of employees. This will give you a sense of what platforms they have based on employees. It will also give insight into positive or negative employee experiences that could impact retention.
    3. Trends: Some industries will have specific solutions that are relevant and popular. Assess what the key players are (if you don’t already know) to determine the solution.
    4. Business Architecture: While this assessment won’t perfect, try to understand the business’ value streams and the critical business and IT capabilities that would be needed to support them. Will your organization or employee skills be required to support these long term?

    Info-Tech Insight

    Assessing potential organizations is not just for the purchaser. The seller should also know what the purchasing organization’s history with M&As is and what potential risks could occur if remaining connected through ongoing SLAs.

    2.2.4 Assess the potential organization(s)

    1-2 hours

    Input: Publicized historical risk events, Solutions and vendor contracts likely in the works, Trends

    Output: IT’s valuation of the potential organization(s) for selling or divesting

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO

    The purpose of this activity is to assess the organization(s) that your organization is considering selling or divesting to.

    1. Complete the Historical Valuation Worksheet in the M&A Sell Playbook to understand the type of IT organization that your company may support.
      • The business likely isn’t looking for in-depth details at this time. However, as the IT leader, it is your responsibility to ensure critical risks are identified and communicated to the business.
    2. Use the information identified to help the business narrow down which organizations could be the right organizations to sell or divest to.

    Record the results in the M&A Sell Playbook.

    By the end of this pre-transaction phase you should:

    Have a program plan for M&As and a repeatable M&A strategy for IT when engaging in reduction transactions

    Key outcomes from the Discovery & Strategy phase
    • Prepare the IT environment to support the potential sale or divestiture by identifying critical program plan elements and establishing a separation or carve-out strategy that will enable the business to reach its goals.
    • Create a M&A strategy that accounts for all the necessary elements of a transaction and ensures sufficient governance, capabilities, and metrics exist.
    Key deliverables from the Discovery & Strategy phase
    • Create vision and mission statements
    • Establish guiding principles
    • Create a future-state operating model
    • Identify the key roles for the transaction team
    • Identify and communicate the M&A governance
    • Determine target metrics
    • Identify the M&A operating model
    • Select the separation strategy framework
    • Conduct a RACI for key transaction tasks for the transaction team
    • Document the communication plan

    M&A Sell Blueprint

    Phase 3

    Due Diligence & Preparation

    Phase 1Phase 2

    Phase 3

    		Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Reduction Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Separation or Sale
    • 3.1 Engage in Due Diligence and Prepare Staff
    • 3.2 Prepare to Separate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Drive value with a due diligence charter
    • Gather data room artifacts
    • Measure staff engagement
    • Assess culture
    • Create a carve-out roadmap
    • Prioritize separation tasks
    • Establish the separation roadmap
    • Identify the buyer’s IT expectations
    • Create a service/transaction agreement
    • Estimate separation costs
    • Create an employee transition plan
    • Create functional workplans for employees
    • Align project metrics with identified tasks

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team
    • Business leaders
    • Purchasing organization
    • Transition team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Establish the Transaction FoundationDiscover the Motivation for SeparationIdentify Expectations and Create the Carve-Out RoadmapPrepare and Manage EmployeesPlan the Separation RoadmapNext Steps and Wrap-Up (offsite)

    Activities

    • 0.1 Identify the rationale for the company's decision to pursue a divestiture/sale.
    • 0.2 Identify key stakeholders and determine the IT transaction team.
    • 0.3 Gather and evaluate the M&A strategy, future-state operating model, and governance.
    • 1.1 Review the business rationale for the divestiture/sale.
    • 1.2 Identify pain points and opportunities tied to the divestiture/sale.
    • 1.3 Establish the separation strategy.
    • 1.4 Create the due diligence charter.
    • 2.1 Identify the buyer’s IT expectations.
    • 2.2 Create a list of IT artifacts to be reviewed in the data room.
    • 2.3 Create a carve-out roadmap.
    • 2.4 Create a service/technical transaction agreement.
    • 3.1 Measure staff engagement.
    • 3.2 Assess the current culture and identify the goal culture.
    • 3.3 Create an employee transition plan.
    • 3.4 Create functional workplans for employees.
    • 4.1 Prioritize separation tasks.
    • 4.2 Establish the separation roadmap.
    • 4.3 Establish and align project metrics with identified tasks.
    • 4.4 Estimate separation costs.
    • 5.1 Complete in-progress deliverables from previous four days.
    • 5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. IT strategy
    2. IT operating model
    3. IT governance structure
    4. M&A transaction team
    1. Business context implications for IT
    2. Separation strategy
    3. Due diligence charter
    1. Data room artifacts identified
    2. Carve-out roadmap
    3. Service/technical transaction agreement
    1. Engagement assessment
    2. Culture assessment
    3. Employee transition plans and workplans
    1. Separation roadmap and associated resourcing
    1. Divestiture separation strategy for IT

    What is the Due Diligence & Preparation phase?

    Mid-transaction state

    The Due Diligence & Preparation phase during a sale or divestiture is a critical time for IT. If IT fails to proactively participate in this phase, IT will have to merely react to separation expectations set by the business.

    If your organization is being sold in its entirety, staff will have major concerns about their future in the new organization. Making this transition as smooth as possible and being transparent could go a long way in ensuring their success in the new organization.

    In a divestiture, this is the time to determine where it’s possible for the organization to divide or separate from itself. A lack of IT involvement in these conversations could lead to an overcommitment by the business and under-delivery by IT.

    Goal: To ensure that, as the selling or divesting organization, you comply with regulations, prepare staff for potential changes, and identify a separation strategy if necessary

    Due Diligence Prerequisite Checklist

    Before coming into the Due Diligence & Preparation phase, you must have addressed the following:

    • Understand the rationale for the company's decision to pursue a sale or divestiture and what opportunities or pain points the sale should alleviate.
    • Identify the key roles for the transaction team.
    • Identify the M&A governance.
    • Determine target metrics.
    • Select a separation strategy framework.
    • Conduct a RACI for key transaction tasks for the transaction team.

    Before coming into the Due Diligence & Preparation phase, we recommend addressing the following:

    • Create vision and mission statements.
    • Establish guiding principles.
    • Create a future-state operating model.
    • Identify the M&A operating model.
    • Document the communication plan.
    • Examine the business perspective of IT.
    • Identify key stakeholders and outline their relationship to the M&A process.
    • Be able to valuate the IT environment and communicate IT’s value to the business.

    The Technology Value Trinity

    Delivery of Business Value & Strategic Needs

    • Digital & Technology Strategy
      The identification of objectives and initiatives necessary to achieve business goals.
    • IT Operating Model
      The model for how IT is organized to deliver on business needs and strategies.
    • Information & Technology Governance
      The governance to ensure the organization and its customers get maximum value from the use of information and technology.

    All three elements of the Technology Value Trinity work in harmony to deliver business value and achieve strategic needs. As one changes, the others need to change as well.

    • Digital and IT Strategy tells you what you need to achieve to be successful.
    • IT Operating Model and Organizational Design is the alignment of resources to deliver on your strategy and priorities.
    • Information & Technology Governance is the confirmation of IT’s goals and strategy, which ensures the alignment of IT and business strategy. It’s the mechanism by which you continuously prioritize work to ensure that what is delivered is in line with the strategy. This oversight evaluates, directs, and monitors the delivery of outcomes to ensure that the use of resources results in the achieving the organization’s goals.

    Too often strategy, operating model and organizational design, and governance are considered separate practices. As a result, “strategic documents” end up being wish lists, and projects continue to be prioritized based on who shouts the loudest – not based on what is in the best interest of the organization.

    Due Diligence & Preparation

    Step 3.1

    Engage in Due Diligence and Prepare Staff

    Activities

    • 3.1.1 Drive value with a due diligence charter
    • 3.1.2 Gather data room artifacts
    • 3.1.3 Measure staff engagement
    • 3.1.4 Assess culture

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team
    • Business leaders
    • Prospective IT organization
    • Transition team

    Outcomes of Step

    This step of the process is when IT should prepare and support the business in due diligence and gather the necessary information about staff changes.

    3.1.1 Drive value with a due diligence charter

    1-2 hours

    Input: Key roles for the transaction team, M&A governance, Target metrics, Selected separation strategy framework, RACI of key transaction tasks for the transaction team

    Output: IT Due Diligence Charter

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a charter leveraging the items completed in the previous phase, as listed on the Due Diligence Prerequisite Checklist slide, to gain executive sign-off.

    1. In the IT Due Diligence Charter in the M&A Sell Playbook, complete the aspects of the charter that are relevant for you and your organization.
    2. We recommend including these items in the charter:
      • Communication plan
      • Transition team roles
      • Goals and metrics for the transaction
      • Separation strategy
      • Sale/divestiture RACI
    3. Once the charter has been completed, ensure that business executives agree to the charter and sign off on the plan of action.

    Record the results in the M&A Sell Playbook.

    3.1.2 Gather data room artifacts

    4 hours

    Input: Future-state operating model, M&A governance, Target metrics, Selected separation strategy framework, RACI of key transaction tasks for the transaction team

    Output: List of items to acquire and verify can be provided to the purchasing organization while in the data room

    Materials: Critical domain lists on following slides, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team, Legal team, Compliance/privacy officers

    The purpose of this activity is to create a list of the key artifacts that you could be asked for during the due diligence process.

    1. Review the lists on the following pages as a starting point. Identify which domains, stakeholders, artifacts, and information should be requested for the data room.
    2. IT leadership may or may not be asked to enter the data room directly. The short notice for having to find these artifacts for the purchasing organization can leave your IT organization scrambling. Identify the critical items worth obtaining ahead of time.
    3. Once you have identified the artifacts, provide the list to the legal team or compliance/privacy officers and ensure they also agree those items can be provided. If changes to the documents need to be made, take the time to do so.
    4. Store all items in a safe and secure file or provide to the M&A team ahead of due diligence.

    **Note that if your organization is not leading/initiating the data room, then you can ignore this activity.

    Record the results in the M&A Sell Playbook.

    Critical domains

    Understand the key stakeholders and outputs for each domain

    Domain

    Stakeholders

    Key Artifacts

    Key Information to request
    Business
    • Enterprise Architecture
    • Business Relationship Manager
    • Business Process Owners
    • Business capability map
    • Capability map (the M&A team should be taking care of this, but make sure it exists)
    • Business satisfaction with various IT systems and services
    Leadership/IT Executive
    • CIO
    • CTO
    • CISO
    • IT budgets
    • IT capital and operating budgets (from current year and previous year)
    Data & Analytics
    • Chief Data Officer
    • Data Architect
    • Enterprise Architect
    • Master data domains, system of record for each
    • Unstructured data retention requirements
    • Data architecture
    • Master data domains, sources, and storage
    • Data retention requirements
    Applications
    • Applications Manager
    • Application Portfolio Manager
    • Application Architect
    • Applications map
    • Applications inventory
    • Applications architecture
    • Copy of all software license agreements
    • Copy of all software maintenance agreements
    Infrastructure
    • Head of Infrastructure
    • Enterprise Architect
    • Infrastructure Architect
    • Infrastructure Manager
    • Infrastructure map
    • Infrastructure inventory
    • Network architecture (including which data centers host which infrastructure and applications)
    • Inventory (including separation capabilities of vendors, versions, switches, and routers)
    • Copy of all hardware lease or purchase agreements
    • Copy of all hardware maintenance agreements
    • Copy of all outsourcing/external service provider agreements
    • Copy of all service-level agreements for centrally provided, shared services and systems
    Products and Services
    • Product Manager
    • Head of Customer Interactions
    • Product lifecycle
    • Product inventory
    • Customer market strategy

    Critical domains (continued)

    Understand the key stakeholders and outputs for each domain

    Domain

    Stakeholders

    Key Artifacts

    Key Information to request

    Operations
    • Head of Operations
    • Service catalog
    • Service overview
    • Service owners
    • Access policies and procedures
    • Availability and service levels
    • Support policies and procedures
    • Costs and approvals (internal and customer costs)
    IT Processes
    • CIO
    • IT Management
    • VP of IT Governance
    • VP of IT Strategy
    • IT process flow diagram
    • Processes in place and productivity levels (capacity)
    • Critical processes/processes the organization feels they do particularly well
    IT People
    • CIO
    • VP of Human Resources
    • IT organizational chart
    • Competency & capacity assessment
    • IT organizational structure (including resources from external service providers such as contractors) with appropriate job descriptions or roles and responsibilities
    • IT headcount and location
    Security
    • CISO
    • Security Architect
    • Security posture
    • Information security staff
    • Information security service providers
    • Information security tools
    • In-flight information security projects
    Projects
    • Head of Projects
    • Project portfolio
    • List of all future, ongoing, and recently completed projects
    Vendors
    • Head of Vendor Management
    • License inventory
    • Inventory (including what will and will not be transitioning, vendors, versions, number of licenses)

    Retain top talent throughout the transition

    Focus on retention and engagement

    • People are such a critical component of this process, especially in the selling organization.
    • Retaining employees, especially the critical employees who hold specific skills or knowledge, will ensure the success and longevity of the divesting organization, purchasing organization, or the new company.
    • Giving employees a role in the organization and ensuring they do not see their capabilities as redundant will be critical to the process.
    • It is okay if employees need to change what they were doing temporarily or even long-term. However, being transparent about these changes and highlighting their value to the process and organization(s) will help.
    • The first step to moving forward with retention is to look at the baseline engagement and culture of employees and the organization. This will help determine where to focus and allow you to identify changes in engagement that resulted from the transaction.
    • Job engagement drivers are levers that influence the engagement of employees in their day-to-day roles.
    • Organizational engagement drivers are levers that influence an employee’s engagement with the broader organization.
    • Retention drivers are employment needs. They don’t necessarily drive engagement, but they must be met for engagement to be possible.

    3.1.3 Measure staff engagement

    3-4 hours

    Input: Engagement survey

    Output: Baseline engagement scores

    Materials: Build an IT Employee Engagement Program

    Participants: IT executive/CIO, IT senior leadership, IT employees of current organization

    The purpose of this activity is to measure current staff engagement to have a baseline to measure against in the future state. This is a good activity to complete if you will be divesting or selling in entirety.

    The results from the survey should act as a baseline to determine what the organization is doing well in terms of employee engagement and what drivers could be improved upon.

    1. Review Info-Tech’s Build an IT Employee Engagement Program research and select a survey that will best meet your needs.
    2. Conduct the survey and note which drivers employees are currently satisfied with. Likewise, note where there are opportunities.
    3. Document actions that should be taken to mitigate the negative engagement drivers throughout the transaction and enhance or maintain the positive engagement drivers.

    Record the results in the M&A Sell Playbook.

    Assess culture as a part of engagement

    Culture should not be overlooked, especially as it relates to the separation of IT environments

    • There are three types of culture that need to be considered.
    • Most importantly, this transition is an opportunity to change the culture that might exist in your organization’s IT environment.
    • Make a decision on which type of culture you’d like IT to have post transition.

    Target Organization's Culture. The culture that the target organization is currently embracing. Their established and undefined governance practices will lend insight into this.

    Your Organization’s Culture. The culture that your organization is currently embracing. Examine people’s attitudes and behaviors within IT toward their jobs and the organization.

    Ideal Culture. What will the future culture of the IT organization be once separation is complete? Are there aspects that your current organization and the target organization embrace that are worth considering?

    Culture categories

    Map the results of the IT Culture Diagnostic to an existing framework

    Competitive
    • Autonomy
    • Confront conflict directly
    • Decisive
    • Competitive
    • Achievement oriented
    • Results oriented
    • High performance expectations
    • Aggressive
    • High pay for good performance
    • Working long hours
    • Having a good reputation
    • Being distinctive/different
    Innovative
    • Adaptable
    • Innovative
    • Quick to take advantage of opportunities
    • Risk taking
    • Opportunities for professional growth
    • Not constrained by rules
    • Tolerant
    • Informal
    • Enthusiastic
    Traditional
    • Stability
    • Reflective
    • Rule oriented
    • Analytical
    • High attention to detail
    • Organized
    • Clear guiding philosophy
    • Security of employment
    • Emphasis on quality
    • Focus on safety
    Cooperative
    • Team oriented
    • Fair
    • Praise for good performance
    • Supportive
    • Calm
    • Developing friends at work
    • Socially responsible

    Culture Considerations

    • What culture category was dominant for each IT organization?
    • Do you share the same dominant category?
    • Is your current dominant culture category the most ideal to have post-separation?

    3.1.4 Assess Culture

    3-4 hours

    Input: Cultural assessments for current IT organization, Cultural assessment for target IT organization

    Output: Goal for IT culture

    Materials: IT Culture Diagnostic

    Participants: IT executive/CIO, IT senior leadership, IT employees of current organization, IT employees of target organization, Company M&A team

    The purpose of this activity is to assess the different cultures that might exist within the IT environments of the organizations involved. By understanding the culture that exists in the purchasing organization, you can identify the fit and prepare impacted staff for potential changes.

    1. Complete this activity by leveraging the blueprint Fix Your IT Culture, specifically the IT Culture Diagnostic.
    2. Fill out the diagnostic for the IT department in your organization:
      1. Answer the 16 questions in tab 2, Diagnostic.
      2. Find out your dominant culture and review recommendations in tab 3, Results.
    3. Document the results from tab 3, Results, in the M&A Sell Playbook if you are trying to record all artifacts related to the transaction in one place.
    4. Repeat the activity for the purchasing organization.
    5. Leverage the information to determine what the goal for the culture of IT will be post-separation if it will differ from the current culture.

    Record the results in the M&A Sell Playbook.

    Due Diligence & Preparation

    Step 3.2

    Prepare to Separate

    Activities

    • 3.2.1 Create a carve-out roadmap
    • 3.2.2 Prioritize separation tasks
    • 3.2.3 Establish the separation roadmap
    • 3.2.4 Identify the buyer’s IT expectations
    • 3.2.5 Create a service/transaction agreement
    • 3.2.6 Estimate separation costs
    • 3.2.7 Create an employee transition plan
    • 3.2.8 Create functional workplans for employees
    • 3.2.9 Align project metrics with identified tasks

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Transition team
    • Company M&A team
    • Purchasing organization

    Outcomes of Step

    Have an established plan of action toward separation across all domains and a strategy toward resources.

    Don’t underestimate the importance of separation preparation

    Separation involves taking the IT organization and dividing it into two or more separate entities.

    Testing the carve capabilities of the IT organization often takes 3 months. (Source: Cognizant, 2014)

    Daimler-Benz lost nearly $19 billion following its purchase of Chrysler by failing to recognize the cultural differences that existed between the two car companies. (Source: Deal Room)

    Info-Tech Insight

    Separating the IT organization requires more time and effort than business leaders will know. Frequently communicate challenges and lost opportunities when carving the IT environment out.

    Separation needs

    Identify the business objectives of the sale to determine the IT strategy

    Set up a meeting with your IT due diligence team to:

    • Ensure there will be no gaps in the delivery of products and services in the future state.
    • Discuss the people and processes necessary to achieve the target technology environment and support M&A business objectives.

    Use this opportunity to:

    • Identify data and application complexities between the involved organizations.
    • Identify the IT people and process gaps, initiatives, and levels of support expected.
    • Determine your infrastructure needs to ensure effectiveness and delivery of services:
      • Does IT have the infrastructure to support the applications and business capabilities?
      • Identify any gaps between the current infrastructure in both organizations and the infrastructure required.
      • Identify any redundancies/gaps.
      • Determine the appropriate IT separation strategies.
    • Document your gaps, redundancies, initiatives, and assumptions to help you track and justify the initiatives that must be undertaken and help estimate the cost of separation.

    Separation strategies

    There are several IT separation strategies that will let you achieve your target technology environment.

    IT Separation Strategies
    • Divest. Carve out elements of the IT organization and sell them to a purchasing organization with or without a service-level agreement.
    • Sell. Sell the entire IT environment to a purchasing organization. The purchasing organization takes full responsibility in delivering and running the IT environment.
    • Spin-Off Joint Venture. Carve out elements of the IT organization and combine them with elements of a new or purchasing organization to create a new entity.

    The approach IT takes will depend on the business objectives for the M&A.

    • Generally speaking, the separation strategy is well understood and influenced by the frequency of and rationale for selling.
    • Based on the initiatives generated by each business process owner, you need to determine the IT separation strategy that will best support the desired target technology environment, especially if you are still operating or servicing elements of that IT environment.

    Key considerations when choosing an IT separation strategy include:

    • What are the main business objectives of the M&A?
    • What are the key synergies expected from the transaction?
    • What IT separation strategy best helps obtain these benefits?
    • What opportunities exist to position the business for sustainable and long-term growth?

    Separation strategies in detail

    Review highlights and drawbacks of different separation strategies

    Divest
      Highlights
    • Recommended for businesses striving to reduce costs and potentially even generate revenue for the business through the delivery of SLAs.
    • Opportunity to reduce or scale back on lines of business or products that are not driving profits.
      Drawbacks
    • May be forced to give up critical staff that have been known to deliver high value.
    • The IT department is left to deliver services to the purchasing organization with little support or consideration from the business.
    • There can be increased risk and security concerns that need to be addressed.
    Sell
      Highlights
    • Recommended for businesses looking to gain capital to exit the market profitably or to enter a new market with a large sum of capital.
    • The business will no longer exist, and as a result all operational costs, including IT, will become redundant.
      Drawbacks
    • IT is no longer needed as an operating or capital service for the organization.
    • Lost resources, including highly trained and critical staff.
    • May require packaging employees off and using the profit or capital generated to cover any closing costs.
    Spin-Off or Joint Venture
      Highlights
    • Recommended for businesses looking to expand their market presence or acquire new products. Essentially aligning the two organizations in the same market.
    • Each side has a unique offering but complementing capabilities.
      Drawbacks
    • As much as the organization is going through a separation from the original company, it will be going through an integration with the new company.
    • There could be differences in culture.
    • This could require a large amount of investment without a guarantee of profit or success.

    Preparing the carve-out roadmap

    And why it matters so much

    • When carving out the IT environment in preparation for a divestiture, it’s important to understand the infrastructure, application, and data connections that might exist.
    • Much to the business’ surprise, carving out the IT environment is not easy, especially when considering the services and products that might depend on access to certain applications or data sets.
    • Once the business has indicated which elements they anticipate divesting, be prepared for testing the functionality and ability of this carve-out, either through automation or manually. There are benefits and drawbacks to both methods:
      • Automated requires a solution and a developer to code the tests.
      • Manual requires time to find the errors, possibly more time than automated testing.
    • Identify if there are dependencies that will make the carve-out difficult.
      • For example, the business is trying to divest Product X, but that product is integrated with Product Y, which is not being sold.
      • Consider all the processes and products that specific data might support as well.
      • Moreover, the data migration tool will need to enter the ERP system and identify not just the data but all supporting and historical elements that underlie the data.

    Critical components to consider:

    • Selecting manual or automated testing
    • Determining data dependencies
    • Data migration capabilities
    • Auditing approval
    • People and skills that support specific elements being carved out

    3.2.1 Create a carve-out roadmap

    6 hours

    Input: Items included in the carve-out, Dependencies, Whether testing is completed, If the carve-out will pass audit, If the carve-out item is prepared to be separated

    Output: Carve-out roadmap

    Materials: Business’ divestiture plan, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Business leaders, Transition team

    The purpose of this activity is to prepare the IT environment by identifying a carve-out roadmap, specifically looking at data, infrastructure, and applications. Feel free to expand the roadmap to include other categories as your organization sees fit.

    1. In the Carve-Out Roadmap in the M&A Sell Playbook, identify the key elements of the carve-out in the first column.
    2. Note any dependencies the items might have. For example:
      • The business is selling Product X, which is linked to Data X and Data Y. The organization does not want to sell Data Y. Data X would be considered dependent on Data Y.
    3. Once the dependencies have been confirmed, begin automated or manual testing to examine the possibility of separating the data sets (or other dependencies) from one another.
    4. After identifying an acceptable method of separation, inform the auditing individual or body and confirm that there would be no repercussions for the planned process.

    Record the results in the M&A Sell Playbook.

    3.2.2 Prioritize separation tasks

    2 hours

    Input: Separation tasks, Transition team, M&A RACI

    Output: Prioritized separation list

    Materials: Separation task checklist, Separation roadmap

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to prioritize the different separation tasks that your organization has identified as necessary to this transaction. Some tasks might not be relevant for this particular transaction, and others might be critical.

    1. Begin by downloading the SharePoint or Excel version of the M&A Separation Project Management Tool.
    2. Identify which separation tasks you want to have as part of your project plan. Alter or remove any tasks that are irrelevant to your organization. Add in tasks you think are missing.
    3. When deciding criticality of the task, consider the effect on stakeholders, those who are impacted or influenced in the process of the task, and dependencies (e.g. data strategy needs to be addressed first before you can tackle its dependencies, like data quality).
    4. Feel free to edit the way you measure criticality. The standard tool leverages a three-point scale. At the end, you should have a list of tasks in priority order based on criticality.

    Record the updates in the M&A Separation Project Management Tool (SharePoint).

    Record the updates in the M&A Separation Project Management Tool (Excel).

    Separation checklists

    Prerequisite Checklist
    • Build the project plan for separation and prioritize activities
      • Plan first day
      • Plan first 30/100 days
      • Plan first year
    • Create an organization-aligned IT strategy
    • Identify critical stakeholders
    • Create a communication strategy
    • Understand the rationale for the sale or divestiture
    • Develop IT's sale/divestiture strategy
      • Determine goal opportunities
      • Create the mission and vision statements
      • Create the guiding principles
      • Create program metrics
    • Consolidate reports from due diligence/data room
    • Conduct culture assessment
    • Create a transaction team
    • Establish a service/technical transaction agreement
    • Plan and communicate culture changes
    • Create an employee transition plan
    • Assess baseline engagement
    Business
    • Design an enterprise architecture
    • Document your business architecture
    • Meet compliance and regulatory standards
    • Identify and assess all of IT's risks
    Applications
    • Prioritize and address critical applications
      • CRM
      • HRIS
      • Financial
      • Sales
      • Risk
      • Security
      • ERP
      • Email
    • Develop method of separating applications
    • Model critical applications that have dependencies on one another
    • Identify the infrastructure capacity required to support critical applications
    • Prioritize and address critical applications
    Leadership/IT Executive
    • Build an IT budget
    • Structure operating budget
    • Structure capital budget
    • Identify the workforce demand vs. capacity
    • Establish and monitor key metrics
    • Communicate value realized/cost savings
    Data
    • Confirm data strategy
    • Confirm data governance
    • Build a data architecture roadmap
    • Analyze data sources and domains
    • Evaluate data storage (on-premises vs. cloud)
    • Develop an enterprise content management strategy and roadmap
    • Ensure cleanliness/usability of data sets
    • Identify data sets that can remain operational if reduced/separated
    • Develop reporting and analytics capabilities
    • Confirm data strategy
    Operations
    • Manage sales access to customer data
    • Determine locations and hours of operation
    • Separate/terminate phone lists and extensions
    • Split email address books
    • Communicate helpdesk/service desk information

    Separation checklists (continued)

    Infrastructure
    • Manage organization domains
    • Consolidate data centers
    • Compile inventory of vendors, versions, switches, and routers
    • Review hardware lease or purchase agreements
    • Review outsourcing/service provider agreements
    • Review service-level agreements
    • Assess connectivity linkages between locations
    • Plan to migrate to a single email system if necessary
    • Determine network access concerns
    Vendors
    • Establish a sustainable vendor management office
    • Review vendor landscape
    • Identify warranty options
    • Identify the licensing grant
    • Rationalize vendor services and solutions
    People
    • Design an IT operating model
    • Design your future IT organizational structure
    • Conduct a RACI for prioritized activities
    • Conduct a culture assessment and identify goal IT culture
    • Build an IT employee engagement program
    • Determine critical roles and systems/process/products they support
    • Define new job descriptions with meaningful roles and responsibilities
    • Create employee transition plans
    • Create functional workplans
    Projects
    • Identify projects to be on hold
    • Communicate project intake process
    • Reprioritize projects
    Products & Services
    • Redefine service catalog
    • Ensure customer interaction requirements are met
    • Select a solution for product lifecycle management
    • Plan service-level agreements
    Security
    • Conduct a security assessment
    • Develop accessibility prioritization and schedule
    • Establish an information security strategy
    • Develop a security awareness and training program
    • Develop and manage security governance, risk, and compliance
    • Identify security budget
    • Build a data privacy and classification program
    IT Processes
    • Evaluate current process models
    • Determine productivity/capacity levels of processes
    • Identify processes to be changed/terminated
    • Establish a communication plan
    • Develop a change management process
    • Establish/review IT policies
    • Evaluate current process models

    3.2.2 Establish the separation roadmap

    2 hours

    Input: Prioritized separation tasks, Carve-out roadmap, Employee transition plan, Separation RACI, Costs for activities, Activity owners

    Output: Separation roadmap

    Materials: M&A Separation Project Plan Tool (SharePoint), M&A Separation Project Plan Tool (Excel), SharePoint Template: Step-by-Step Deployment Guide

    Participants: IT executive/CIO, IT senior leadership, Transition team, Company M&A team

    The purpose of this activity is to create a roadmap to support IT throughout the separation process. Using the information gathered in previous activities, you can create a roadmap that will ensure a smooth separation.

    1. Use our Separation Project Management Tool to help track critical elements in relation to the separation project. There are a few options available:
      1. Follow the instructions on the next slide if you are looking to upload our SharePoint project template. Additional instructions are available in the SharePoint Template Step-by-Step Deployment Guide.
      2. If you cannot or do not want to use SharePoint as your project management solution, download our Excel version of the tool.
        **Remember that this your tool, so customize to your liking.
    2. Identify who will own or be accountable for each of the separation tasks and establish the time frame for when each project should begin and end. This will confirm which tasks should be prioritized.

    Record the updates in the M&A Separation Project Management Tool (SharePoint).

    Record the updates in the M&A Separation Project Management Tool (Excel).

    Separation Project Management Tool (SharePoint Template)

    Follow these instructions to upload our template to your SharePoint environment

    1. Create or use an existing SP site.
    2. Download the M&A Separation Project Management Tool (SharePoint) .wsp file from the Mergers & Acquisitions: The Sell Blueprint landing page.
    3. To import a template into your SharePoint environment, do the following:
      1. Open PowerShell.
      2. Connect-SPO Service (need to install PowerShell module).
      3. Enter in your tenant admin URL.
      4. Enter in your admin credentials.
      5. Set-SPO Site https://YourDomain.sharepoint.com/sites/YourSiteHe... -DenyAddAndCustomizePages 0
      OR
      1. Turn on both custom script features to allow users to run custom
      4. Screenshot of the 'Custom Script' option for importing a template into your SharePoint environment. Feature description reads 'Control whether users can run custom script on personal sites and self-service created sites. Note: changes to this setting might take up to 24 hours to take effect. For more information, see http://go.microsoft.com/fwlink/?LinkIn=397546'. There are options to prevent or allow users from running custom script on personal/self-service created sites.
    4. Enable the SharePoint Server feature.
    5. Upload the .wsp file in Solutions Gallery.
    6. Deploy by creating a subsite and select from custom options.
      • Allow or prevent custom script
      • Security considerations of allowing custom script
      • Save, download, and upload a SharePoint site as a template
      7. Refer to Microsoft documentation to understand security considerations and what is and isn’t supported:

    For more information, check out the SharePoint Template: Step-by-Step Deployment Guide.

    Supporting the transition and establishing service-level agreements

    The purpose of this part of the transition is to ensure both buyer and seller have a full understanding of expectations for after the transaction.

    • Once the organizations have decided to move forward with a deal, all parties need a clear level of agreement.
    • IT, since it is often seen as an operational division of an organization, is often expected to deliver certain services or products once the transaction has officially closed.
    • The purchasing organization or the new company might depend on IT to deliver these services until they are able to provide those services on their own.
    • Having a clear understanding of what the buyer’s expectations are and what your company, as the selling organization, can provide is important.
    • Have a conversation with the buyer and document those expectations in a signed service agreement.

    3.2.4 Identify the buyer's IT expectations

    3-4 hours

    Input: Carve-out roadmap, Separation roadmap, Up-to-date version of the agreement

    Output: Buyer’s IT expectations

    Materials: Questions for meeting

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Purchasing company M&A team, Purchasing company IT leadership

    The purpose of this activity is to determine if the buyer has specific service expectations for your IT organization. By identifying, documenting, and agreeing on what services your IT organization will be responsible for, you can obtain a final agreement to protect you as the selling organization.

    1. Buyers should not assume certain services will be provided. Organize a meeting with IT leaders and the company M&A teams to determine what services will be provided.
    2. The next slide has a series of questions that you can start from. Ensure you get detailed information about each of the services.
    3. Once you fully understand the buyer’s IT expectations, create an SLA in the next activity and obtain sign-off from both organizations.

    Questions to ask the buyer

    1. What services would you like my IT organization to provide?
    2. How long do you anticipate those services will be provided to you?
    3. How do you expect your staff/employees to communicate requests or questions to my staff/employees?
    4. Are there certain days or times that you expect these services to be delivered?
    5. How many staff do you expect should be available to support you?
    6. What should be the acceptable response time on given service requests?
    7. When it comes to the services you require, what level of support should we provide?
    8. If a service requires escalation to Level 2 or Level 3 support, are we still expected to support this service? Or are we only Level 1 support?
    9. What preventative security methods does your organization have to protect our environment during this agreement period?

    3.2.5 Create a service/ transaction agreement

    6 hours

    Input: Buyer's expectations, Separation roadmap

    Output: SLA for the purchasing organization

    Materials: Service Catalog Internal Service Level Agreement Template, M&A Separation Project Plan Tool (SharePoint), M&A Separation Project Plan Tool (Excel)

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Purchasing company M&A team, Purchasing company IT leadership

    The purpose of this activity is to determine if the buyer has specific service expectations for your IT organization post-transaction that your IT organization is agreeing to provide.

    1. Document the expected services and the related details in a service-level agreement.
    2. Provide the SLA to the purchasing organization.
    3. Obtain sign-off from both organizations on the level of service that is expected of IT.
    4. Update the M&A Separation Project Management Tool Excel or SharePoint document to reflect any additional items that the purchasing organization identified.

    *For organizations being purchased in their entirety, this activity may not be relevant.

    Modify the Service Catalog Internal Service Level Agreement with the agreed-upon terms of the SLA.

    Importance of estimating separation costs

    Change is the key driver of separation costs

    Separation costs are dependent on the following:
    • Meeting synergy targets – whether that be cost saving or growth related.
      • Employee-related costs, licensing, and reconfiguration fees play a huge part in meeting synergy targets.
    • Adjustments related to compliance or regulations – especially if there are changes to legal entities, reporting requirements, or risk mitigation standards.
    • Governance or third party–related support required to ensure timelines are met and the separation is a success.
    Separation costs vary by industry type.
    • Certain industries may have separation costs made up of mostly one type, differing from other industries, due to the complexity and demands of the transaction. For example:
      • Healthcare separation costs are mostly driven by regulatory, safety, and quality standards, as well as consolidation of the research and development function.
      • Energy and Utilities tend to have the lowest separation costs due to most transactions occurring within the same sector rather than as cross-sector investments. For example, oil and gas transactions tend to be for oil fields and rigs (strategic fixed assets), which can easily be added to the buyer’s portfolio.

    Separation costs are more related to the degree of change required than the size of the transaction.

    3.2.6 Estimate separation costs

    3-4 hours

    Input: Separation tasks, Transition team, Valuation of current IT environment, Valuation of target IT environment, Outputs from data room, Technical debt, Employees

    Output: List of anticipated costs required to support IT separation

    Materials: Separation task checklist, Separation roadmap, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

    The purpose of this activity is to estimate the costs that will be associated with the separation. Identify and communicate a realistic figure to the larger M&A team within your company as early in the process as possible. This ensures that the funding required for the transaction is secured and budgeted for in the overarching transaction.

    1. On the associated slide in the M&A Sell Playbook, input:
      • Task
      • Domain
      • Cost type
      • Total cost amount
      • Level of certainty around the cost
    2. Provide a copy of the estimated costs to the company’s M&A team. Also provide any additional information identified earlier to help them understand the importance of those costs.

    Record the results in the M&A Sell Playbook.

    Employee transition planning

    Considering employee impact will be a huge component to ensure successful separation

    • Meet With Leadership
    • Plan Individual and Department Redeployment
    • Plan Individual and Department Layoffs
    • Monitor and Manage Departmental Effectiveness
    • For employees, the transition could mean:
      • Changing from their current role to a new role to meet requirements and expectations throughout the transition.
      • Being laid off because the role they are currently occupying has been made redundant.
    • It is important to plan for what the M&A separation needs will be and what the IT operational needs will be.
    • A lack of foresight into this long-term plan could lead to undue costs and headaches trying to retain critical staff, rehiring positions that were already let go, and keeping redundant employees longer then necessary.

    Info-Tech Insight

    Being transparent throughout the process is critical. Do not hesitate to tell employees the likelihood that their job may be made redundant. This will ensure a high level of trust and credibility for those who remain with the organization after the transaction.

    3.2.7 Create an employee transition plan

    3-4 hours

    Input: IT strategy, IT organizational design

    Output: Employee transition plans

    Materials: M&A Sell Playbook, Whiteboard, Sticky notes, Markers

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

    The purpose of this activity is to create a transition plan for employees.

    1. Transition planning can be done at specific individual levels or more broadly to reflect a single role. Consider these four items in the transition plan:
      • Understand the direction of the employee transitions.
      • Identify employees that will be involved in the transition (moved or laid off).
      • Prepare to meet with employees.
      • Meet with employees.
    2. For each employee that will be facing some sort of change in their regular role, permanent or temporary, create a transition plan.
    3. For additional information on transitioning employees, review the blueprint Streamline Your Workforce During a Pandemic.

    **Note that if someone’s future role is a layoff, then there is no need to record anything for skills needed or method for skill development.

    Record the results in the M&A Sell Playbook.

    3.2.8 Create functional workplans for employees

    3-4 hours

    Input: Prioritized separation tasks, Employee transition plan, Separation RACI, Costs for activities, Activity owners

    Output: Employee functional workplans

    Materials: M&A Sell Playbook, Learning and development tools

    Participants: IT executive/CIO, IT senior leadership, IT management team, Company M&A team, Transition team

    The purpose of this activity is to create a functional workplan for the different employees so that they know what their key role and responsibilities are once the transaction occurs.

    1. First complete the transition plan from the previous activity (3.2.7) and the separation roadmap. Have these documents ready to review throughout this process.
    2. Identify the employees who will be transitioning to a new role permanently or temporarily. Creating a functional workplan is especially important for these employees.
    3. Identify the skills these employees need to have to support the separation. Record this in the corresponding slide in the M&A Sell Playbook.
    4. For each employee, identify someone who will be a point of contact for them throughout the transition.

    It is recommended that each employee have a functional workplan. Leverage the IT managers to support this task.

    Record the results in the M&A Sell Playbook.

    Metrics for separation

    Valuation & Due Diligence

    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target

    Execution & Value Realization

    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT separation
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    3.2.9 Align project metrics with identified tasks

    3-4 hours

    Input: Prioritized separation tasks, Employee transition plan, Separation RACI, Costs for activities, Activity owners, M&A goals

    Output: Separation-specific metrics to measure success

    Materials: Separation roadmap, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Transition team

    The purpose of this activity is to understand how to measure the success of the separation project by aligning metrics to each identified task.

    1. Review the M&A goals identified by the business. Your metrics will need to tie back to those business goals.
    2. Identify metrics that align to identified tasks and measure achievement of those goals. For each metric you consider, ask the following questions:
      • What is the main goal or objective that this metric is trying to solve?
      • What does success look like?
      • Does the metric promote the right behavior?
      • Is the metric actionable? What is the story you are trying to tell with this metric?
      • How often will this get measured?
      • Are there any metrics it supports or is supported by?

    Record the results in the M&A Sell Playbook.

    By the end of this mid-transaction phase you should:

    Have successfully evaluated your IT people, processes, and technology to determine a roadmap forward for separating or selling.

    Key outcomes from the Due Diligence & Preparation phase
    • Participate in due diligence activities to comply with regulatory and auditing standards and prepare employees for the transition.
    • Create a separation roadmap that considers the tasks that will need to be completed and the resources required to support separation.
    Key deliverables from the Due Diligence & Preparation phase
    • Drive value with a due diligence charter
    • Gather data room artifacts
    • Measure staff engagement
    • Assess culture
    • Create a carve-out roadmap
    • Prioritize separation tasks
    • Establish the separation roadmap
    • Identify the buyer’s IT expectations
    • Create a service/transaction agreement
    • Estimate separation costs
    • Create an employee transition plan
    • Create functional workplans for employees
    • Align project metrics with identified tasks

    M&A Sell Blueprint

    Phase 4

    Execution & Value Realization

    Phase 1Phase 2Phase 3

    Phase 4

    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Reduction Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Separation or Sale
    • 3.1 Engage in Due Diligence and Prepare Staff
    • 3.2 Prepare to Separate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Monitor service agreements
    • Continually update the project plan
    • Confirm separation costs
    • Review IT’s transaction value
    • Conduct a transaction and separation SWOT
    • Review the playbook and prepare for future transactions

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Vendor management team
    • IT transaction team
    • Company M&A team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Engage in Separation

    Day 4

    Establish the Transaction FoundationDiscover the Motivation for IntegrationPlan the Separation RoadmapPrepare Employees for the TransitionEngage in SeparationAssess the Transaction Outcomes (Must be within 30 days of transaction date)

    Activities

    • 0.1 Identify the rationale for the company's decision to pursue a divestiture/sale.
    • 0.2 Identify key stakeholders and determine the IT transaction team.
    • 0.3 Gather and evaluate the M&A strategy, future-state operating model, and governance.
    • 1.1 Review the business rationale for the divestiture/sale.
    • 1.2 Identify pain points and opportunities tied to the divestiture/sale.
    • 1.3 Establish the separation strategy.
    • 1.4 Create the due diligence charter.
    • 2.1 Prioritize separation tasks.
    • 2.2 Establish the separation roadmap.
    • 2.3 Establish and align project metrics with identified tasks.
    • 2.4 Estimate separation costs.
    • 3.1 Measure staff engagement
    • 3.2 Assess the current culture and identify the goal culture.
    • 3.3 Create an employee transition plan.
    • 3.4 Create functional workplans for employees.
    • S.1 Complete the separation by regularly updating the project plan.
    • S.2 Assess the service/technical transaction agreement.
    • 4.1 Confirm separation costs.
    • 4.2 Review IT’s transaction value.
    • 4.3 Conduct a transaction and separation SWOT.
    • 4.4 Review the playbook and prepare for future transactions.

    Deliverables

    1. IT strategy
    2. IT operating model
    3. IT governance structure
    4. M&A transaction team
    1. Business context implications for IT
    2. Separation strategy
    3. Due diligence charter
    1. Separation roadmap and associated resourcing
    1. Engagement assessment
    2. Culture assessment
    3. Employee transition plans and workplans
    1. Evaluate service/technical transaction agreement
    2. Updated separation project plan
    1. SWOT of transaction
    2. M&A Sell Playbook refined for future transactions

    What is the Execution & Value Realization phase?

    Post-transaction state

    Once the transaction comes to a close, it’s time for IT to deliver on the critical separation tasks. As the selling organization in this transaction, you need to ensure you have a roadmap that properly enables the ongoing delivery of your IT environment while simultaneously delivering the necessary services to the purchasing organization.

    Throughout the separation transaction, some of the most common obstacles IT should prepare for include difficulty separating the IT environment, loss of key personnel, disengaged employees, and security/compliance issues.

    Post-transaction, the business needs to understands the value they received by engaging in the transaction and the ongoing revenue they might obtain as a result of the sale. You also need to ensure that the IT environment is functioning and mitigating any high-risk outcomes.

    Goal: To carry out the planned separation activities and deliver the intended value to the business.

    Execution Prerequisite Checklist

    Before coming into the Execution & Value Realization phase, you must have addressed the following:

    • Understand the rationale for the company's decisions to pursue a sale or divestiture and what opportunities or pain points the sale should alleviate.
    • Identify the key roles for the transaction team.
    • Identify the M&A governance.
    • Determine target metrics.
    • Select a separation strategy framework.
    • Conduct a RACI for key transaction tasks for the transaction team.
    • Create a carve-out roadmap.
    • Prioritize separation tasks.
    • Establish the separation roadmap.
    • Create employee transition plans.

    Before coming into the Execution & Value Realization phase, we recommend addressing the following:

    • Create vision and mission statements.
    • Establish guiding principles.
    • Create a future-state operating model.
    • Identify the M&A operating model.
    • Document the communication plan.
    • Examine the business perspective of IT.
    • Identify key stakeholders and outline their relationship to the M&A process.
    • Establish a due diligence charter.
    • Be able to valuate the IT environment and communicate IT’s value to the business.
    • Gather and present due diligence data room artifacts.
    • Measure staff engagement.
    • Assess and plan for culture.
    • Estimate separation costs.
    • Create functional workplans for employees.
    • Identify the buyer’s IT expectations.
    • Create a service/ transaction agreement.

    Separation checklists

    Prerequisite Checklist
    • Build the project plan for separation and prioritize activities
      • Plan first day
      • Plan first 30/100 days
      • Plan first year
    • Create an organization-aligned IT strategy
    • Identify critical stakeholders
    • Create a communication strategy
    • Understand the rationale for the sale or divestiture
    • Develop IT's sale/divestiture strategy
      • Determine goal opportunities
      • Create the mission and vision statements
      • Create the guiding principles
      • Create program metrics
    • Consolidate reports from due diligence/data room
    • Conduct culture assessment
    • Create a transaction team
    • Establish a service/technical transaction agreement
    • Plan and communicate culture changes
    • Create an employee transition plan
    • Assess baseline engagement
    Business
    • Design an enterprise architecture
    • Document your business architecture
    • Meet compliance and regulatory standards
    • Identify and assess all of IT's risks
    Applications
    • Prioritize and address critical applications
      • CRM
      • HRIS
      • Financial
      • Sales
      • Risk
      • Security
      • ERP
      • Email
    • Develop method of separating applications
    • Model critical applications that have dependencies on one another
    • Identify the infrastructure capacity required to support critical applications
    • Prioritize and address critical applications
    Leadership/IT Executive
    • Build an IT budget
    • Structure operating budget
    • Structure capital budget
    • Identify the workforce demand vs. capacity
    • Establish and monitor key metrics
    • Communicate value realized/cost savings
    Data
    • Confirm data strategy
    • Confirm data governance
    • Build a data architecture roadmap
    • Analyze data sources and domains
    • Evaluate data storage (on-premises vs. cloud)
    • Develop an enterprise content management strategy and roadmap
    • Ensure cleanliness/usability of data sets
    • Identify data sets that can remain operational if reduced/separated
    • Develop reporting and analytics capabilities
    • Confirm data strategy
    Operations
    • Manage sales access to customer data
    • Determine locations and hours of operation
    • Separate/terminate phone lists and extensions
    • Split email address books
    • Communicate helpdesk/service desk information

    Separation checklists (continued)

    Infrastructure
    • Manage organization domains
    • Consolidate data centers
    • Compile inventory of vendors, versions, switches, and routers
    • Review hardware lease or purchase agreements
    • Review outsourcing/service provider agreements
    • Review service-level agreements
    • Assess connectivity linkages between locations
    • Plan to migrate to a single email system if necessary
    • Determine network access concerns
    Vendors
    • Establish a sustainable vendor management office
    • Review vendor landscape
    • Identify warranty options
    • Identify the licensing grant
    • Rationalize vendor services and solutions
    People
    • Design an IT operating model
    • Design your future IT organizational structure
    • Conduct a RACI for prioritized activities
    • Conduct a culture assessment and identify goal IT culture
    • Build an IT employee engagement program
    • Determine critical roles and systems/process/products they support
    • Define new job descriptions with meaningful roles and responsibilities
    • Create employee transition plans
    • Create functional workplans
    Projects
    • Identify projects to be on hold
    • Communicate project intake process
    • Reprioritize projects
    Products & Services
    • Redefine service catalog
    • Ensure customer interaction requirements are met
    • Select a solution for product lifecycle management
    • Plan service-level agreements
    Security
    • Conduct a security assessment
    • Develop accessibility prioritization and schedule
    • Establish an information security strategy
    • Develop a security awareness and training program
    • Develop and manage security governance, risk, and compliance
    • Identify security budget
    • Build a data privacy and classification program
    IT Processes
    • Evaluate current process models
    • Determine productivity/capacity levels of processes
    • Identify processes to be changed/terminated
    • Establish a communication plan
    • Develop a change management process
    • Establish/review IT policies
    • Evaluate current process models

    Execution & Value Realization

    Step 4.1

    Execute the Transaction

    Activities

    • 4.1.1 Monitor service agreements
    • 4.1.2 Continually update the project plan

    This step will walk you through the following activities:

    • Monitor service agreements
    • Continually update the project plan

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Vendor management team
    • IT transaction team
    • Company M&A team

    Outcomes of Step

    Successfully execute the separation of the IT environments and update the project plan, strategizing against any roadblocks as they come.

    Key concerns to monitor during separation

    If you are entering the transaction at this point, consider and monitor the following three items above all else.

    Your IT environment, reputation as an IT leader, and impact on key staff will depend on monitoring these aspects.

    • Risk & Security. Make sure that the channels of communication between the purchasing organization and your IT environment are properly determined and protected. This might include updating or removing employees’ access to certain programs.
    • Retaining Employees. Employees who do not see a path forward in the organization or who feel that their skills are being underused will be quick to move on. Make sure they are engaged before, during, and after the transaction to avoid losing employees.
    • IT Environment Dependencies. Testing the IT environment several times and obtaining sign-off from auditors that this has been completed correctly should be completed well before the transaction occurs. Have a strong architecture outlining technical dependencies.

    For more information, review:

    • Reduce and Manage Your Organization’s Insider Threat Risk
    • Map Technical Skills for a Changing Infrastructure Operations Organization
    • Build a Data Architecture Roadmap

    4.1.1 Monitor service agreements

    3-6 months

    Input: Original service agreement, Risk register

    Output: Service agreement confirmed

    Materials: Original service agreement

    Participants: IT executive/CIO, IT senior leadership, External organization IT senior leadership

    The purpose of this activity is to monitor the established service agreements on an ongoing basis. Your organization is most at risk during the initial months following the transaction.

    1. Ensure the right controls exist to prevent the organization from unnecessarily opening itself up to risks.
    2. Meet with the purchasing organization/subsidiary three months after the transaction to ensure that everyone is satisfied with the level of services provided.
    3. This is not a quick and completed activity, but one that requires ongoing monitoring. Repeatedly identify potential risks worth mitigating.

    For additional information and support for this activity, see the blueprint Build an IT Risk Management Program.

    4.1.2 Continually update the project plan

    Reoccurring basis following transition

    Input: Prioritized separation tasks, Separation RACI, Activity owners

    Output: Updated separation project plan

    Materials: M&A Separation Project Plan Tool (SharePoint), M&A Separation Project Plan Tool (Excel)

    Participants: IT executive/CIO, IT senior leadership, IT transaction team, Company M&A team

    The purpose of this activity is to ensure that the project plan is continuously updated as your transaction team continues to execute on the various components outlined in the project plan.

    1. Set a regular cadence for the transaction team to meet, update the project plan, review the status of the various separation task items, and strategize how to overcome any roadblocks.
    2. Employ governance best practices in these meetings to ensure decisions can be made effectively and resources allocated strategically.

    Record the updates in the M&A Separation Project Management Tool (SharePoint).

    Record the updates in the M&A Separation Project Management Tool (Excel).

    Execution & Value Realization

    Step 4.2

    Reflection and Value Realization

    Activities

    • 4.2.1 Confirm separation costs
    • 4.2.2 Review IT’s transaction value
    • 4.2.3 Conduct a transaction and separation SWOT
    • 4.2.4 Review the playbook and prepare for future transactions

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Transition team
    • Company M&A team

    Outcomes of Step

    Review the value that IT was able to generate around the transaction and strategize about how to improve future selling or separating transactions.

    4.2.1 Confirm separation costs

    3-4 hours

    Input: Separation tasks, Carve-out roadmap, Transition team, Previous RACI, Estimated separation costs

    Output: Actual separation costs

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Transaction team, Company M&A team

    The purpose of this activity is to confirm the associated costs around separation. While the separation costs would have been estimated previously, it’s important to confirm the costs that were associated with the separation in order to provide an accurate and up-to-date report to the company’s M&A team.

    1. Taking all the original items identified previously in activity 3.2.6, identify if there were changes in the estimated costs. This can be an increase or a decrease.
    2. Ensure that each cost has a justification for why the cost changed from the original estimation.

    Record the results in the M&A Sell Playbook.

    Track cost savings and revenue generation

    Throughout the transaction, the business would have communicated its goals, rationales, and expectations for the transaction. Sometimes this is done explicitly, and other times the information is implicit. Either way, IT needs to ensure that metrics have been defined and are measuring the intended value that the business expects. Ensure that the benefits realized to the organization are being communicated regularly and frequently.

    1. Define Metrics: Select metrics to track synergies through the separation.
      1. You can track value by looking at percentages of improvement in process-level metrics depending on the savings or revenue being pursued.
      2. For example, if the value being pursued is decreasing costs, metrics could range from capacity to output, highlighting that the output remains high despite smaller IT environments.
    2. Prioritize Value-Driving Initiatives: Estimate the cost and benefit of each initiative's implementation to compare the amount of business value to the cost. The benefits and costs should be illustrated at a high level. Estimating the exact dollar value of fulfilling a synergy can be difficult and misleading.
        Steps
      • Determine the benefits that each initiative is expected to deliver.
      • Determine the high-level costs of implementation (capacity, time, resources, effort).
    3. Track Cost Savings and Revenue Generation: Develop a detailed workplan to resource the roadmap and track where costs are saved and revenue is generated as the initiatives are undertaken.

    4.2.2 Review IT’s transaction value

    3-4 hours

    Input: Prioritized separation tasks, Separation RACI, Activity owners, M&A company goals

    Output: Transaction value

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company's M&A team

    The purpose of this activity is to track how your IT organization performed against the originally identified metrics.

    1. If your organization did not have the opportunity to identify metrics, determine from the company M&A what those metrics might be. Review activity 3.2.9 for more information on metrics.
    2. Identify whether the metric (which should support a goal) was at, below, or above the original target metric. This is a very critical task for IT to complete because it allows IT to confirm that they were successful in the transaction and that the business can count on them in future transactions.
    3. Be sure to record accurate and relevant information on why the outcomes (good or bad) are supporting the M&A goals set out by the business.

    Record the results in the M&A Sell Playbook.

    4.2.3 Conduct a transaction and separation SWOT

    2 hours

    Input: Separation costs, Retention rates, Value that IT contributed to the transaction

    Output: Strengths, weaknesses, opportunities, and threats

    Materials: Flip charts, Markers, Sticky notes

    Participants: IT executive/CIO, IT senior leadership, Business transaction team

    The purpose of this activity is to assess the positive and negative elements of the transaction.

    1. Consider the internal and external elements that could have impacted the outcome of the transaction.
      • Strengths. Internal characteristics that are favorable as they relate to your development environment.
      • Weaknesses Internal characteristics that are unfavorable or need improvement.
      • Opportunities External characteristics that you may use to your advantage.
      • Threats External characteristics that may be potential sources of failure or risk.

    Record the results in the M&A Sell Playbook.

    M&A Sell Playbook review

    With an acquisition complete, your IT organization is now more prepared then ever to support the business through future M&As

    • Now that the transaction is more than 80% complete, take the opportunity to review the key elements that worked well and the opportunities for improvement.
    • Critically examine the M&A Sell Playbook your IT organization created and identify what worked well to help the transaction and where your organization could adjust to do better in future transactions.
    • If your organization were to engage in another sale or divestiture under your IT leadership, how would you go about the transaction to make sure the company meets its goals?

    4.2.4 Review the playbook and prepare for future transactions

    4 hours

    Input: Transaction and separation SWOT

    Output: Refined M&A playbook

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO

    The purpose of this activity is to revise the playbook and ensure it is ready to go for future transactions.

    1. Using the outputs from the previous activity, 4.2.3, determine what strengths and opportunities there were that should be leveraged in the next transaction.
    2. Likewise, determine which threats and weaknesses could be avoided in the future transactions.
      Remember, this is your M&A Sell Playbook, and it should reflect the most successful outcome for you in your organization.

    Record the results in the M&A Sell Playbook.

    By the end of this post-transaction phase you should:

    Have completed the separation post-transaction and be fluidly delivering the critical value that the business expected of IT.

    Key outcomes from the Execution & Value Realization phase
    • Ensure the separation tasks are being completed and that any blockers related to the transaction are being removed.
    • Determine where IT was able to realize value for the business and demonstrate IT’s involvement in meeting target goals.
    Key deliverables from the Execution & Value Realization phase
    • Monitor service agreements
    • Continually update the project plan
    • Confirm separation costs
    • Review IT’s transaction value
    • Conduct a transaction and separation SWOT
    • Review the playbook and prepare for future transactions

    Summary of Accomplishment

    Problem Solved

    Congratulations, you have completed the M&A Sell Blueprint!

    Rather than reacting to a transaction, you have been proactive in tackling this initiative. You now have a process to fall back on in which you can be an innovative IT leader by suggesting how and why the business should engage in a separation or sale transaction. You have:

    • Created a standardized approach for how your IT organization should address divestitures or sales.
    • Retained critical staff and complied with any regulations throughout the transaction.
    • Delivered on the separation project plan successfully and communicated IT’s transaction value to the business.

    Now that you have done all of this, reflect on what went well and what can be improved if you were to engage in a similar divestiture or sale again.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information
    workshops@infotech.com 1-888-670-8899

    Research Contributors and Experts

    Ibrahim Abdel-Kader
    Research Analyst | CIO
    Info-Tech Research Group     		Brittany Lutes
    Senior Research Analyst | CIO
    Info-Tech Research Group
    John Annand
    Principal Research Director | Infrastructure
    Info-Tech Research Group     		Scott Bickley
    Principal Research Director | Vendor Management
    Info-Tech Research Group
    Cole Cioran
    Practice Lead | Applications
    Info-Tech Research Group     		Dana Daher
    Research Analyst | Strategy & Innovation
    Info-Tech Research Group
    Eric Dolinar
    Manager | M&A Consulting
    Deloitte Canada     		Christoph Egel
    Director, Solution Design & Deliver
    Cooper Tire & Rubber Company
    Nora Fisher
    Vice President | Executive Services Advisory
    Info-Tech Research Group     		Larry Fretz
    Vice President | Industry
    Info-Tech Research Group

    Research Contributors and Experts

    David Glazer
    Vice President of Analytics
    Kroll     		Jack Hakimian
    Senior Vice President | Workshops and Delivery
    Info-Tech Research Group
    Gord Harrison
    Senior Vice President | Research & Advisory
    Info-Tech Research Group     		Valence Howden
    Principal Research Director | CIO
    Info-Tech Research Group
    Jennifer Jones
    Research Director | Industry
    Info-Tech Research Group     		Nancy McCuaig
    Senior Vice President | Chief Technology and Data Office
    IGM Financial Inc.
    Carlene McCubbin
    Practice Lead | CIO
    Info-Tech Research Group     		Kenneth McGee
    Research Fellow | Strategy & Innovation
    Info-Tech Research Group
    Nayma Naser
    Associate
    Deloitte     		Andy Neill
    Practice Lead | Data & Analytics, Enterprise Architecture
    Info-Tech Research Group

    Research Contributors and Experts

    Rick Pittman
    Vice President | Research
    Info-Tech Research Group     		Rocco Rao
    Research Director | Industry
    Info-Tech Research Group
    Mark Rosa
    Senior Vice President & Chief Information Officer
    Mohegan Gaming and Entertainment     		Tracy-Lynn Reid
    Research Lead | People & Leadership
    Info-Tech Research Group
    Jim Robson
    Senior Vice President | Shared Enterprise Services (retired)
    Great-West Life     		Steven Schmidt
    Senior Managing Partner Advisory | Executive Services
    Info-Tech Research Group
    Nikki Seventikidis
    Senior Manager | Finance Initiative & Continuous Improvement
    CST Consultants Inc.     		Allison Straker
    Research Director | CIO
    Info-Tech Research Group
    Justin Waelz
    Senior Network & Systems Administrator
    Info-Tech Research Group     		Sallie Wright
    Executive Counselor
    Info-Tech Research Group

    Bibliography

    “5 Ways for CIOs to Accelerate Value During Mergers and Acquisitions.” Okta, n.d. Web.

    Altintepe, Hakan. “Mergers and acquisitions speed up digital transformation.” CIO.com, 27 July 2018. Web.

    “America’s elite law firms are booming.” The Economist, 15 July 2021. Web.

    Barbaglia, Pamela, and Joshua Franklin. “Global M&A sets Q1 record as dealmakers shape post-COVID world.” Nasdaq, 1 April 2021. Web.

    Boyce, Paul. “Mergers and Acquisitions Definition: Types, Advantages, and Disadvantages.” BoyceWire, 8 Oct. 2020. Web.

    Bradt, George. “83% Of Mergers Fail -- Leverage A 100-Day Action Plan For Success Instead.” Forbes, 27 Jan. 2015. Web.

    Capgemini. “Mergers and Acquisitions: Get CIOs, IT Leaders Involved Early.” Channel e2e, 19 June 2020. Web.

    Chandra, Sumit, et al. “Make Or Break: The Critical Role Of IT In Post-Merger Integration.” IMAA Institute, 2016. Web.

    Deloitte. “How to Calculate Technical Debt.” The Wall Street Journal, 21 Jan. 2015. Web.

    Ernst & Young. “IT As A Driver Of M&A Success.” IMAA Institute, 2017. Web.

    Fernandes, Nuno. “M&As In 2021: How To Improve The Odds Of A Successful Deal.” Forbes, 23 March 2021. Web.

    “Five steps to a better 'technology fit' in mergers and acquisitions.” BCS, 7 Nov. 2019. Web.

    Fricke, Pierre. “The Biggest Opportunity You’re Missing During an M&Aamp; IT Integration.” Rackspace, 4 Nov. 2020. Web.

    Garrison, David W. “Most Mergers Fail Because People Aren't Boxes.” Forbes, 24 June 2019. Web.

    Harroch, Richard. “What You Need To Know About Mergers & Acquisitions: 12 Key Considerations When Selling Your Company.” Forbes, 27 Aug. 2018. Web.

    Hope, Michele. “M&A Integration: New Ways To Contain The IT Cost Of Mergers, Acquisitions And Migrations.” Iron Mountain, n.d. Web.

    “How Agile Project Management Principles Can Modernize M&A.” Business.com, 13 April 2020. Web.

    Hull, Patrick. “Answer 4 Questions to Get a Great Mission Statement.” Forbes, 10 Jan. 2013. Web.

    Kanter, Rosabeth Moss. “What We Can Learn About Unity from Hostile Takeovers.” Harvard Business Review, 12 Nov. 2020. Web.

    Koller, Tim, et al. “Valuation: Measuring and Managing the Value of Companies, 7th edition.” McKinsey & Company, 2020. Web.

    Labate, John. “M&A Alternatives Take Center Stage: Survey.” The Wall Street Journal, 30 Oct. 2020. Web.

    Lerner, Maya Ber. “How to Calculate ROI on Infrastructure Automation.” DevOps.com, 1 July 2020. Web.

    Loten, Angus. “Companies Without a Tech Plan in M&A Deals Face Higher IT Costs.” The Wall Street Journal, 18 June 2019. Web.

    Low, Jia Jen. “Tackling the tech integration challenge of mergers today” Tech HQ, 6 Jan. 2020. Web.

    Lucas, Suzanne. “5 Reasons Turnover Should Scare You.” Inc. 22 March 2013. Web.

    “M&A Trends Survey: The future of M&A. Deal trends in a changing world.” Deloitte, Oct. 2020. Web.

    Maheshwari, Adi, and Manish Dabas. “Six strategies tech companies are using for successful divesting.” EY, 1 Aug. 2020. Web.

    Majaski, Christina. “Mergers and Acquisitions: What's the Difference?” Investopedia, 30 Apr. 2021.

    “Mergers & Acquisitions: Top 5 Technology Considerations.” Teksetra, 21 Jul. 2020. Web.

    “Mergers Acquisitions M&A Process.” Corporate Finance Institute, n.d. Web.

    “Mergers and acquisitions: A means to gain technology and expertise.” DLA Piper, 2020. Web.

    Nash, Kim S. “CIOs Take Larger Role in Pre-IPO Prep Work.” The Wall Street Journal, 5 March 2015. Web.

    O'Connell, Sean, et al. “Divestitures: How to Invest for Success.” McKinsey, 1 Aug. 2015. Web

    Paszti, Laila. “Canada: Emerging Trends In Information Technology (IT) Mergers And Acquisitions.” Mondaq, 24 Oct. 2019. Web.

    Patel, Kiison. “The 8 Biggest M&A Failures of All Time” Deal Room, 9 Sept. 2021. Web.

    Peek, Sean, and Paula Fernandes. “What Is a Vision Statement?” Business News Daily, 7 May 2020. Web.

    Ravid, Barak. “How divestments can re-energize the technology growth story.” EY, 14 July 2021. Web.

    Ravid, Barak. “Tech execs focus on growth amid increasingly competitive M&A market.” EY, 28 April 2021. Web.

    Resch, Scott. “5 Questions with a Mergers & Acquisitions Expert.” CIO, 25 June 2019. Web.

    Salsberg, Brian. “Four tips for estimating one-time M&A integration costs.” EY, 17 Oct. 2019. Web.

    Samuels, Mark. “Mergers and acquisitions: Five ways tech can smooth the way.” ZDNet, 15 Aug. 2018. Web.

    “SAP Divestiture Projects: Options, Approach and Challenges.” Cognizant, May, 2014. Web.

    Steeves, Dave. “7 Rules for Surviving a Merger & Acquisition Technology Integration.” Steeves and Associates, 5 Feb. 2020. Web.

    Tanaszi, Margaret. “Calculating IT Value in Business Terms.” CSO, 27 May 2004. Web.

    “The CIO Playbook. Nine Steps CIOs Must Take For Successful Divestitures.” SNP, 2016. Web.

    “The Role of IT in Supporting Mergers and Acquisitions.” Cognizant, Feb. 2015. Web.

    Torres, Roberto. “M&A playbook: How to prepare for the cost, staff and tech hurdles.” CIO Dive, 14 Nov. 2019. Web.

    “Valuation Methods.” Corporate Finance Institute, n.d. Web.

    Weller, Joe. “The Ultimate Guide to the M&A Process for Buyers and Sellers.” Smartsheet, 16 May 2019. Web.

    More Articles …