Manage Poor Performance While Working From Home

  • Buy Link or Shortcode: {j2store}599|cart{/j2store}
  • member rating overall impact (scale of 10): 9.0/10 Overall Impact
  • member rating average dollars saved: $1,600 Average $ Saved
  • member rating average days saved: 18 Average Days Saved
  • Parent Category Name: Manage & Coach
  • Parent Category Link: /manage-coach
  • For many, emergency WFH comes with several new challenges such as additional childcare responsibilities, sudden changes in role expectations, and negative impacts on wellbeing. These new challenges, coupled with previously existing ones, can result in poor performance. Owing to the lack of physical presence and cues, managers may struggle to identify that an employee’s performance is suffering. Even after identifying poor performance, it can be difficult to address remotely when such conversations would ideally be held in person.

Our Advice

Critical Insight

  • Poor performance must be managed, despite the pandemic. Evaluating root causes of performance issues is more important than ever now that personal factors such as lack of childcare and eldercare for those working from home are complicating the issue.

Impact and Result

  • Organizations need to have a clear process for improving performance for employees working remotely during the COVID-19 pandemic. Provide managers with resources to help them identify performance issues and uncover their root causes as part of addressing overall performance. This will allow managers to connect employees with the required support while working with them to improve performance.

Manage Poor Performance While Working From Home Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Follow the remote performance improvement process

Determine how managers can identify poor performance remotely and help them navigate the performance improvement process while working from home.

  • Manage Poor Performance While Working From Home Storyboard
  • Manage Poor Performance While Working From Home: Manager Guide
  • Manage Poor Performance While Working From Home: Infographic

2. Clarify roles and leverage resources

Clarify roles and responsibilities in the performance improvement process and tailor relevant resources.

  • Wellness and Working From Home
[infographic]

Further reading

Manage Poor Performance While Working From Home

Assess and improve remote work performance with our ready-to-use tools.

Executive Summary

McLean & Company Insight

Poor performance must be managed, despite the pandemic. Evaluating root causes of performance issues is more important than ever now that personal factors such as lack of childcare and eldercare for those working from home are complicating the issue.

Situation

COVID-19 has led to a sudden shift to working from home (WFH), resulting in a 72% decline in in-office work (Ranosa, 2020). While these uncertain times have disrupted traditional work routines, employee performance remains critical, as it plays a role in determining how organizations recover. Managers must not turn a blind eye to performance issues but rather must act quickly to support employees who may be struggling.

Complication

For many, emergency WFH comes with several new challenges such as additional childcare responsibilities, sudden changes in role expectations, and negative impacts on wellbeing. These new challenges, coupled with previously existing ones, can result in poor performance. Owing to the lack of physical presence and cues, managers may struggle to identify that an employee’s performance is suffering. Even after identifying poor performance, it can be difficult to address remotely when such conversations would ideally be held in person.

Solution

Organizations need to have a clear process for improving performance for employees working remotely during the COVID-19 pandemic. Provide managers with resources to help them identify performance issues and uncover their root causes as part of addressing overall performance. This will allow managers to connect employees with the required support while working with them to improve performance.

Manage Poor Performance While Working From Home is made up of the following resources:

1

Identify

2

Initiate

3

Deploy

4

a) Follow Up
b) Decide
Storyboard

This storyboard is organized by the four steps of the performance improvement process: identify, initiate, deploy, and follow up/decide. These will appear on the left-hand side of the slides as a roadmap.

The focus is on how HR can design the process for managing poor performance remotely and support managers through it while emergency WFH measures are in place. Key responsibilities, email templates, and relevant resources are included at the end.

Adapt the process as necessary for your organization.

Manager Guide

The manager guide contains detailed advice for managers on navigating the process and focuses on the content of remote performance discussions.

It consists of the following sections:

  • Identifying poor performance.
  • Conducting performance improvement discussions.
  • Uncovering and addressing root causes of poor performance.
Manager Infographic

The manager infographic illustrates the high-level steps of the performance improvement process for managers in a visually appealing and easily digestible manner.

This can be used to easily outline the process, providing managers with a resource to quickly reference as they navigate the process with their direct reports.

In this blueprint, “WFH” and “remote working” are used interchangeably.

This blueprint will not cover the performance management framework; it is solely focused on managing performance issues.

For information on adjusting the regular performance management process during the pandemic, see Performance Management for Emergency Work-From-Home.

Identify how low performance is normally addressed

A process for performance improvement is not akin to outlining the steps of a performance improvement plan (PIP). The PIP is a development tool used within a larger process for performance improvement. Guidance on how to structure and use a PIP will be provided later in this blueprint.

Evaluate how low performance is usually brought to the attention of HR in a non-remote situation:
  • Do managers approach HR for an employee transfer or PIP without having prior performance conversations with the employee?
  • Do managers come to HR when they need support in developing an employee in order to meet expectations?
  • Do managers proactively reach out to HR to discuss appropriate L&D for staff who are struggling?
  • Do some departments engage with the process while others do not?
Poor performance does not signal the immediate need to terminate an employee. Instead, managers should focus on helping the struggling employee to develop so that they may succeed.
Evaluate how poor performance is determined:
  • Do managers use performance data or concrete examples?
  • Is it based on a subjective assessment by the manager?
Keep in mind that “poor performance” now might look different than it did before the pandemic. Employees must be aware of the current expectations placed on them before they can be labeled as underperforming – and the performance expectations must be assessed to ensure they are realistic.

For information on adjusting performance expectations during the pandemic, see Performance Management for Emergency Work-From-Home.

The process for non-union and union employees will likely differ. Make sure your process for unionized employees aligns with collective agreements.

Determine how managers can identify poor performance of staff working remotely

1

Identify

2

Initiate

3

Deploy

4

a) Follow Up
b) Decide
Identify: Determine how managers can identify poor performance.
In person, it can be easy to see when an employee is struggling by glancing over at their desk and observing body language. In a remote situation, this can be more difficult, as it is easy to put on a brave face for the half-hour to one-hour check-in. Advise managers on how important frequent one-one-ones and open communication are in helping identify issues when they arise rather than when it’s too late.

Managers must clearly document and communicate instances where employees aren’t meeting role expectations or are showing other key signs that they are not performing at the level expected of them.

What to look for:
  • PM data/performance-related assessments
  • Continual absences
  • Decreased quality or quantity of output
  • Frequent excuses (e.g. repeated internet outages)
  • Lack of effort or follow-through
  • Missed deadlines
  • Poor communication or lack of responsiveness
  • Failure to improve
It’s crucial to acknowledge an employee might have an “off week” or need time to adjust to working from home, which can be addressed with performance management techniques. Managers should move into the process for performance improvement when:
  • Performance fluctuates frequently or significantly.
  • Performance has dropped for an extended period of time.
  • Expectations are consistently not being met.

While it’s important for managers to keep an eye out for decreased performance, discourage them from over-monitoring employees, as this can lead to a damaging environment of distrust.

Support managers in initiating performance conversations and uncovering root causes

1

Identify

2

Initiate

3

Deploy

4

a) Follow Up
b) Decide
Initiate: Require that managers have several conversations about low performance with the employee.
Before using more formal measures, ensure managers take responsibility for connecting with the employee to have an initial performance conversation where they will make the performance issue known and try to diagnose the root cause of the issue.

Coach managers to recognize behaviors associated with the following performance inhibitors:

Personal Factors

Personal factors, usually outside the workplace, can affect an employee’s performance.

Lack of clarity

Employees must be clear on performance expectations before they can be labeled as a poor performer.

Low motivation

Lack of motivation to complete work can impact the quality of output and/or amount of work an employee is completing.

Inability

Resourcing, technology, organizational change, or lack of skills to do the job can all result in the inability of an employee to perform at their best.

Poor people skills

Problematic people skills, externally with clients or internally with colleagues, can affect an employee’s performance or the team’s engagement.

Personal factors are a common performance inhibitor due to emergency WFH measures. The decreased divide between work and home life and the additional stresses of the pandemic can bring up new cases of poor performance or exacerbate existing ones. Remind managers that all potential root causes should still be investigated rather than assuming personal factors are the problem and emphasize that there can be more than one cause.

Ensure managers continue to conduct frequent performance conversations

Once an informal conversation has been initiated, the manager should schedule frequent one-on-one performance conversations (above and beyond performance management check-ins).

1

Identify

2

Initiate

3

Deploy

4

a) Follow Up
b) Decide
Explain to managers the purpose of these discussions is to:
  • Continue to probe for root causes.
  • Reinforce role expectations and performance targets.
  • Follow up on any improvements.
  • Address the performance issue and share relevant resources (e.g. HR or employee assistance program [EAP]).
Given these conversations will be remote, require managers to:
  • Use video whenever possible to read physical cues and body language.
  • Bookend the conversation. Starting each meeting by setting the context for the discussion and finishing with the employee reiterating the key takeaways back will ensure there are no misunderstandings.
  • Document the conversation and share with HR. This provides evidence of the conversations and helps hold managers accountable.
What is HR’s role? HR should ensure that the manager has had multiple conversations with the employee before moving to the next step. Furthermore, HR is responsible for ensuring manages are equipped to have the conversations through coaching, role-playing, etc.

For more information on the content of these conversations or for material to leverage for training purposes, see Manage Poor Performance While Working From Home: Manager Guide.

McLean & Company Insight

Managers are there to be coaches, not therapists. Uncovering the root cause of poor performance will allow managers to pinpoint supports needed, either within their expertise (e.g. coaching, training, providing flexible hours) or by directing the employee to proper external resources such as an EAP.

Help managers use formal performance improvement tools with remote workers

1

Identify

2

Initiate

3

Deploy

4

a) Follow Up
b) Decide
Deploy: Use performance improvement tools.
If initial performance conversations were unsuccessful and performance does not improve, refer managers to performance improvement tools:
  • Suggest any other available support and resources they have not yet recommended (e.g. EAP).
  • Explore options for co-creation of a development plan to increase employee buy-in. If the manager has been diligent about clarifying role expectations, invite the employee to put together their own action plan for meeting performance goals. This can then be reviewed and finalized with the manager.
  • Have the manager use a formal PIP for development and to get the employee back on track. Review the development plan or PIP with the manager before they share it with the employee to ensure it is clear and has time bound, realistic goals for improvement.
Using a PIP solely to avoid legal trouble and terminate employees isn’t true to its intended purpose. This is what progressive discipline is for.In the case of significant behavior problems, like breaking company rules or safety violations, the manager will likely need to move to progressive discipline. HR should advise managers on the appropriate process.

When does the issue warrant progressive discipline? If the action needs to stop immediately, (e.g. threatening or inappropriate behavior) and/or as outlined in the collective agreement.

Clarify remote PIP stages and best practices

1

Identify

2

Initiate

3

Deploy

4

a) Follow Up
b) Decide
Sample Stages:
1. Written PIP
  • HR reviews and signs off on PIP
  • Manager holds meeting to provide employee with PIP
  • Employee reviews the PIP
  • Manager and employee provide e-signatures
  • Signed PIP is given to HR
2. Possible Extension
3. Final Notice
  • Manager provides employee with final notice if there has been no improvement in agreed time frame
  • Copy of signed final notice letter given to HR

Who is involved?

The manager runs the meeting with the employee. HR should act as a support by:

  • Ensuring the PIP is clear, aligned with the performance issue, and focused on development, prior to the meeting.
  • Pointing to resources and making themselves available prior to, during, and after the meeting.
    • When should HR be involved? HR should be present in the meeting if the manager has requested it or if the employee has approached HR beforehand with concerns about the manager. Keep in mind that if the employee sees HR has been unexpectedly invited to the video call, it could add extra stress for them.
  • Reviewing documentation and ensuring expectations and the action plan are reasonable and realistic.

Determine the length of the PIP

  • The length of the initial PIP will often depend on the complexity of the employee’s role and how long it will reasonably take to see improvements. The minimum (before a potential extension) should be 30-60 days.
  • Ensure the action plan takes sustainment into account. Employees must be able to demonstrate improvement and sustain improved performance in order to successfully complete a PIP.

Timing of delivery

Help the manager determine when the PIP meeting will occur (what day, time of day). Take into account the schedule of the employee they will be meeting with (e.g. avoid scheduling right before an important client call).

1

Identify

2

Initiate

3

Deploy

4

a) Follow Up
b) Decide

Follow up: If the process escalated to step 3 and is successful.

What does success look like? Performance improvement must be sustained after the PIP is completed. It’s not enough to simply meet performance improvement goals and expectations; the employee must continue to perform.

Have the manager schedule a final PIP review with the employee. Use video, as this enables the employee and manager to read body language and minimize miscommunication/misinterpretation.

  • If performance expectations have been met, instruct managers to document this in the PIP, inform the employee they are off the PIP, and provide it to HR.

The manager should also continue check-ins with the employee to ensure sustainment and as part of continued performance management.

  • Set a specific timeline, e.g. every two weeks or every month. Choose a cadence that works best for the manager and employee.

OR

Decide: Determine action steps if the process is unsuccessful.

If at the end of step 3 performance has not sufficiently improved, the organization (HR and the manager) should either determine if the employee could/should be temporarily redeployed while the emergency WFH is still in place, if a permanent transfer to a role that is a better fit is an option, or if the employee should be let go.

See the Complete Manual for COVID-19 Layoffs blueprint for information on layoffs in remote environments.

Managers, HR, and employees all have a role to play in performance improvement

Managers
  • Identify the outcomes the organization is looking for and clearly outline and communicate the expectations for the employee’s performance.
  • Diagnose root cause(s) of the performance issue.
  • Support employee through frequent conversations and feedback.
  • Coach for improved performance.
  • Visibly recognize and broadcast employee achievements.
Employees
  • Have open and honest conversations with their manager, acknowledge their accountability, and be receptive to feedback.
  • Set performance goals to meet expectations of the role.
  • Prepare for frequent check-ins regarding improvement.
  • Seek support from HR as required.
HR
  • Provide managers with a process, training, and support to improve employee performance.
  • Coach managers to ensure employees have been made aware of their role expectations and current performance and given specific recommendations on how to improve.
  • Reinforce the process for improving employee performance to ensure that adequate coaching conversations have taken place before the formal PIP.
  • Coach employees on how to approach their manager to discuss challenges in meeting expectations.

HR should conduct checkpoints with both managers and employees in cases where a formal PIP was initiated to ensure the process for performance improvement is being followed and to support both parties in improving performance.

Email templates

Use the templates found on the next slides to draft communications to employees who are underperforming while working from home.

Customize all templates with relevant information and use them as a guide to further tailor your communication to a specific employee.

Customization Recommendations

Review all slides and adjust the language or content as needed to suit the needs of the employee, the complexity of their role, and the performance issue.

  • The pencil icon to the left denotes slides requiring customization of the text. Customize text in grey font and be sure to convert all font to black when you are done.

Included Templates

  1. Performance Discussion Follow-Up
  2. PIP Cover Letter

This template is not a substitute for legal advice. Ensure you consult with your legal counsel, labor relations representative, and union representative to align with collective agreements and relevant legislation.

Sample Performance Discussion Follow-Up

Hello [name],

Thank you for the commitment and eagerness in our meeting yesterday.

I wanted to recap the conversation and expectations for the month of [insert month].

As discussed, you have been advised about your recent [behavior, performance, attendance, policy, etc.] where you have demonstrated [state specific issue with detail of behavior/performance of concern]. As per our conversation, we’ll be working on improvement in this area in order to meet expectations set out for our employees.

It is expected that employees [state expectations]. Please do not hesitate to reach out to me if there is further clarification needed or you if you have any questions or concerns. The management team and I are committed to helping you achieve these goals.

We will do a formal check-in on your progress every [insert day] from [insert time] to review your progress. I will also be available for daily check-ins to support you on the right track. Additionally, you can book me in for desk-side coaching outside of my regular desk-side check-ins. If there is anything else I can do to help support you in hitting these goals, please let me know. Other resources we discussed that may be helpful in meeting these objectives are [summarize available support and resources]. By working together through this process, I have no doubt that you can be successful. I am here to provide support and assist you through this.

If you’re unable to show improvements set out in our discussion by [date], we will proceed to a formal performance measure that will include a performance improvement plan. Please let me know if you have any questions or concerns; I am here to help.

Please acknowledge this email and let me know if you have any questions.

Thank you,

PIP Cover Letter

Hello [name] ,

This is to confirm our meeting on [date] in which we discussed your performance to date and areas that need improvement. Please find the attached performance improvement plan, which contains a detailed action plan that we have agreed upon to help you meet role expectations over the next [XX days]. The aim of this plan is to provide you with a detailed outline of our performance expectations and provide you the opportunity to improve your performance, with our support.

We will check in every [XX days] to review your progress. At the end of the [XX]-day period, we will review your performance against the role expectations set out in this performance improvement plan. If you don’t meet the performance requirements in the time allotted, further action and consequences will follow.

Should you have any questions about the performance improvement plan or the process outlined in this document, please do not hesitate to discuss them with me.

[Employee name], it is my personal objective to help you be a fully productive member of our team. By working together through this performance improvement plan, I have no doubt that you can be successful. I am here to provide support and assist you through the process. At this time, I would also like to remind you about the [additional resources available at your organization, for example, employee assistance program or HR].

Please acknowledge this email and let me know if you have any questions.

Thank you,

Prepare and customize manager guide and resources

Sample of Manage Poor Performance While Working From Home: Manager Guide. Manage Poor Performance While Working From Home: Manager Guide

This tool for managers provides advice on navigating the process and focuses on the content of remote performance discussions.

Sample of Set Meaningful Employee Performance Measures. Set Meaningful Employee Performance Measures

See this blueprint for information on setting holistic measures to inspire employee performance.

Sample of Manage Poor Performance While Working From Home: Infographic. Manage Poor Performance While Working From Home: Infographic

This tool illustrates the high-level steps of the performance improvement process.

Sample of Wellness and Working From Home: Infographic. Wellness and Working From Home: Infographic

This tool highlights tips to manage physical and mental health while working from home.

Sample of Build a Better Manager: Team Essentials. Build a Better Manager: Team Essentials

See this solution set for more information on kick-starting the effectiveness of first-time IT managers with essential management skills.

Sample of Leverage Agile Goal Setting for Improved Employee Engagement & Performance. Leverage Agile Goal Setting for Improved Employee Engagement & Performance

See this blueprint for information on dodging the micromanaging foul and scoring with agile short-term goal setting.

Bibliography

Arringdale, Chris. “6 Tips For Managers Trying to Overcome Performance Appraisal Anxiety.” TLNT. 18 September 2015. Accessed 2018.

Borysenko, Karlyn. “What Was Management Thinking? The High Cost of Employee Turnover.” Talent Management and HR. 22 April 2015. Accessed 2018.

Cook, Ian. “Curbing Employee Turnover Contagion in the Workplace.” Visier. 20 February 2018. Accessed 2018.

Cornerstone OnDemand. Toxic Employees in the Workplace. Santa Monica, California: Cornerstone OnDemand, 2015. Web.

Dewar, Carolyn and Reed Doucette. “6 elements to create a high-performing culture.” McKinsey & Company. 9 April 2018. Accessed 2018.

Eagle Hill. Eagle Hill National Attrition Survey. Washington, D.C.: Eagle Hill, 2015. Web.

ERC. “Performance Improvement Plan Checklist.” ERC. 21 June 2017. Accessed 2018.

Foster, James. “The Impact of Managers on Workplace Engagement and Productivity.” Interact. 16 March 2017. Accessed 2018.

Godwins Solicitors LLP. “Employment Tribunal Statistics for 2015/2016.” Godwins Solicitors LLP. 8 February 2017. Accessed 2018.

Mankins, Michael. “How to Manage a Team of All-Stars.” Harvard Business Review. 6 June 2017. Accessed 2018.

Maxfield, David, et al. The Value of Stress-Free Productivity. Provo, Utah: VitalSmarts, 2017. Web.

Murphy, Mark. “Skip Your Low Performers When Starting Performance Appraisals.” Forbes. 21 January 2015. Accessed 2018.

Quint. “Transforming into a High Performance Organization.” Quint Wellington Redwood. 16 November 2017. Accessed 2018.

Ranosa, Rachel. "COVID -19: Canadian Productivity Booms Despite Social Distancing." Human Resources Director, 14 April 2020. Accessed 2020.

Scale Business Process Automation

  • Buy Link or Shortcode: {j2store}241|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Optimization
  • Parent Category Link: /optimization
  • Business process automation (BPA) adoption gained significant momentum as your business leaders saw the positive outcomes in your pilots, such as improvements in customer experience, operational efficiencies, and cost optimizations.
  • Your stakeholders are ready to increase their investments in more process automation solutions. They want to scale initial successes to other business and IT functions.
  • However, it is unclear how BPA can be successfully scaled and what benefits can be achieved from it.

Our Advice

Critical Insight

The shift from isolated, task-based automations in your pilot to value-oriented, scaled automations brings new challenges and barriers to your organization such as:

  • Little motivation or tolerance to change existing business operations to see the full value of BPA.
  • Overinvesting in current BPA technologies to maximize the return despite available alternatives that can do the same tasks better.
  • BPA teams are ill-equipped to meet the demands and complexities of scaled BPA implementations.

Impact and Result

  • Ground your scaling expectations. Set realistic and achievable goals centered on driving business value to the entire organization by optimizing and automating end-to-end business processes.
  • Define your scaling journey. Tailor your scaling approach according to your ability to ease BPA implementation, to broaden BPA adoption, and to loosen BPA constraints.
  • Prepare to scale BPA. Cement your BPA management and governance foundations to support BPA scaling using the lessons learned from your pilot implementation.

Scale Business Process Automation Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Scale Business Process Automation Deck – A guide to learn the opportunities and values of scaling business process automation.

This research walks you through the level setting of your scaled business process automation (BPA) expectations, factors to consider in defining your scaled BPA journey, and assessing your readiness to scale BPA.

  • Scale Business Process Automation Storyboard

2. Scale Business Process Automation Readiness Assessment – A tool to help you evaluate your readiness to scale business process automation.

Use this tool to identify key gaps in the people, processes, and technologies you need to support the scaling of business process automation (BPA). It also contains a canvas to facilitate your discussions around business process automation with your stakeholders and BPA teams.

  • Scale Business Process Automation Readiness Assessment
[infographic]

Further reading

Scale Business Process Automation

Take a value-first approach to automate the processes that matter

Analyst Perspective

Scaling business process automation (BPA) is an organization-wide commitment

Business and IT must work together to ensure the right automations are implemented and BPA is grown and matured in a sustainable way. However, many organizations are not ready to make this commitment. Managing the automation demand backlog, coordinating cross-functional effort and organizational change, and measuring BPA value are some of the leading factors challenging scaling BPA.

Pilot BPA with the intent to scale it. Pilots are safe starting points to establish your foundational governance and management practices and build the necessary relationships and collaborations for you to be successful. These factors will then allow you to explore more sophisticated, complicated, and innovative opportunities to drive new value to your team, department, and organization.

A picture of Andrew Kum-Seun

Andrew Kum-Seun
Research Director,
Application Delivery and Management
Info-Tech Research Group

Executive Summary

Your Challenge

  • Business process automation (BPA) adoption gained significant momentum as your business leaders see the positive outcomes in your pilots, such as improvements in customer experience, operational efficiencies, and cost optimizations.
  • Your stakeholders are ready to increase their investments in more process automation solutions. They want to scale initial successes to other business and IT functions.
  • However, it is unclear how BPA can be successfully scaled and what benefits can be achieved from it.

Common Obstacles

The shift from isolated, task-based automations in your pilot to value-oriented and scaled automations brings new challenges and barriers to your organization:

  • Little motivation or tolerance to change existing business operations to see the full value of BPA.
  • Overinvesting in current BPA technologies to maximize return despite available alternatives that can do the same tasks better.
  • BPA teams are ill-equipped to meet the demands and complexities of scaled BPA implementations.

Info-Tech's Approach

  • Ground your scaling expectations. Set realistic and achievable goals centered on driving business value to the entire organization by optimizing and automating end-to-end business processes.
  • Define your scaling journey. Tailor your scaling approach according to your ability to ease BPA implementation, to broaden BPA adoption, and to loosen BPA constraints.
  • Prepare to scale BPA. Cement your BPA management and governance foundations to support BPA scaling using the lessons learned from your pilot implementation.

Info-Tech Insight

Take a value-first approach in your scaling business process automation (BPA) journey. Low-risk, task-oriented automations are good starting points to introduce BPA but constrain the broader returns your organization wants. Business value can only scale when everything and everyone in your processes are working together to streamline the entire value stream rather than the small gains from optimizing small, isolated automations.

Scale Business Process Automation

Take a value-first approach to automate the processes that matter

Pilot Your BPA Capabilities

  • Learn the foundation practices to design, deliver, and support BPA.
  • Understand the fit and value of BPA.
  • Gauge the tolerance for business operational change and system risk.

See Info-Tech's Build a Winning Business Process Automation Playbook blueprint for more information.

Build Your Scaling BPA Vision

Apply Lessons Learned to Scale

  1. Ground Your Scaling Expectations
    Set realistic and achievable goals centered on driving business value to the entire organization by optimizing and automating end-to-end business processes.
  2. Define Your Scaling Journey
    Tailor your scaling approach according to your ability to ease BPA implementation, to broaden BPA adoption, and to loosen BPA constraints.
  3. Prepare to Scale BPA
    Cement your BPA management and governance foundations to support BPA scaling using the lessons learned from your pilot implementation.

Research deliverable

Design and communicate your approach to scale business process automation with Info-Tech's Scale Business Process Automation Readiness Assessment:

  • Level set your scaled BPA goals and objectives.
  • Discuss and design your scaled BPA journey.
  • Identify the gaps and improvements needed to scale your BPA practices and implementation.

A screenshot from Info-Tech's Scale Business Process Automation Readiness Assessment

Step 1.1

Ground Your Scaling Expectations

Activities

1.1.1 Define Your Scaling Objectives

This step involves the following participants:

  • Business Process Owners
  • Product Owners
  • Application Directors
  • Business Architects
  • BPA Delivery & Support Teams

Outcomes of this step

Scaling BPA objectives

Organizations want to scale their initial BPA success

Notable Initial Benefits

  1. Time Saved: "In the first day of live operations, the robots were saving 51 hours each day or the equivalent of six people working an eight-hour shift." – Brendan MacDonald, Director of Customer Compliance Operations, Ladbrokes (UiPath)
  2. Documentation & Knowledge Sharing: "If certain people left, knowledge of some processes would be lost and we realized that we needed a reliable process management system in place." – Peta Kinnane, Acting Audit and Risk Coordinator, Liverpool City Council (Nintex)
  3. Improved Service Delivery: "Thanks to this automation, our percentage of triaged and assigned tickets is now 100%. Nothing falls through the cracks. It has also improved the time to assignment. We assign tickets 2x faster than before." – Sebastian Goodwin, Head of Cybersecurity, Nutanix (Workato)

Can We Gain More From Automation?

The Solution

As industries evolve and adopt more tools and technology, their products, services, and business operating models become more complex. Task- and desktop-based automations are often not enough. More sophisticated and scaled automations are needed to simplify and streamline the process from end-to-end of complex operations and align them with organizational goals.

Stakeholders see automation as an opportunity to scale the business

The value of scaling BPA is dependent on the organization's ability to scale with it. In other words, stakeholders should see an increase in business value without a substantial increase in resources and operational costs (e.g., there should be little difference if sending out 10 emails versus 1000).

Examples of how business can be scaled with automation

  • Processes triggered by incoming documents or email: in these processes, an incoming document or email (that has semi-structured or unstructured data) is collected by a script or an RPA bot. This document is then processed with a machine learning model that validates it either by rules or ML models. The validated and enriched machine-readable data is then passed on to the next system of record.
  • The accounts payable process: this process includes receiving, processing, and paying out invoices from suppliers that provided goods or services to the company. While manual processing can be expensive, take too much time, and lead to errors, businesses can automate this process with machine learning and document extraction technologies like optical characters recognition (OCR), which converts texts containing images into characters that can be readable by computers to edit, compute, and analyze.
  • Order management: these processes include retrieving email and relevant attachments, extracting information that tells the business what its customers want, updating internal systems with newly placed orders or modifications, or taking necessary actions related to customer queries.
  • Enhance customer experience: [BPA tools] can help teams develop and distribute customer loyalty offers faster while also optimizing these offers with customer insights. Now, enterprises can more easily guarantee they are delivering the relevant solutions their clients are demanding.

Source: Stefanini Group

Scaling BPA has its challenges

Perceived Lack of Opportunities

Pilot BPA implementations often involve the processes that are straightforward to automate or are already shortlisted to optimize. However, these low-hanging fruits will run out. Discovering new BPA opportunities can be challenged for a variety of reasons, such as:

  • Lack of documentation and knowledge
  • Low user participation or drive to change
  • BPA technology limitations and constraints

Perceived Lack of Opportunities

BPA is not a cheap investment. A single RPA bot, for example, can cost between $5,000 to $15,000. This cost does not include the added cost for training, renewal fees, infrastructure set up and other variable and reoccurring costs that often come with RPA delivery and support (Blueprint). This reality can motivate BPA owners to favor existing technologies over other cheaper and more effective alternatives in an attempt boost their return on investment.

Ill-Equipped Support Teams

Good technical skills and tools, and the right mindset are critical to ensure BPA capabilities are deployed effectively. Low-code no-code (LCNC) can help but success isn't guaranteed. Lack of experience with low-code platforms is the biggest obstacle in low-code adoption according to 60% of respondents (Creatio). The learning curve has led some organizations to hire contractors to onboard BPA teams, hire new employees, or dedicate significant funding and resources to upskill internal resources.

Shift your objectives from task-based efficiencies to value-driven capabilities

How can I improve myself?

How can we improve my team?

How can we improve my organization?

Objectives

  • Improve worker productivity
  • Improve the repeatability and predictability of the process
  • Deliver outputs of consistent quality and cadence
  • Increase process, tool, and technology confidence
  • Increase the team's throughput, commitment, and load
  • Apply more focus on cognitive and complex tasks
  • Reduce the time to complete error-prone, manual, and routine collaborations
  • Deliver insightful, personalized, and valuable outputs
  • Drive more value in existing pipelines and introduce new value streams
  • Deliver consistent digital experiences involving different technologies
  • Automatically tailor a customer's experience to individual preferences
  • Forecast and rapidly respond to customer issues and market trends

Goals

  • Learn the fit of BPA & set the foundations
  • Improve the practices & tools and optimize the performance
  • Scale BPA capabilities throughout the organization

Gauge the success of your scaled BPA

BPA Practice Effectiveness

Key Question: Are stakeholders satisfied with how the BPA practice is meeting their automation needs?

Examples of Metrics:

  • User satisfaction
  • Automation request turnaround time
  • Throughput of BPA team

Automation Solution Quality

Key Question: How do your automation solutions perform and meet your quality standards?

Examples of Metrics:

  • Licensing and operational costs
  • Service level agreement and uptime/downtime
  • Number of defects

Business Value Delivery

Key Question: How has automation improved the value your employees, teams, and the organization delivers?

Examples of Metrics:
Increase in revenue generation
Reduction in operational costs
Expansion of business capabilities with minimal increases in costs and risks

1.1.1 Define your scaling objectives

5 minutes

  1. Complete the following fields to build your scaled business process automation canvas:
    1. Problem that scaling BPA is intending to solve
    2. Your vision for scaling BPA
    3. Stakeholders
    4. Scaled BPA business and IT objectives and metrics
    5. Business capabilities, processes, and application systems involved
    6. Notable constraints, roadblocks, and challenges to your scaled BPA success
  2. Document your findings and discussions in Info-Tech's Scale Business Process Automation Readiness Assessment.

Output

Scaled BPA value canvas

Participants

  • Business Process Owners
  • Product Owners
  • Application Directors
  • Business Architects
  • BPA Delivery & Support Teams

Record the results in the 2. Value Canvas Tab in the Scale Business Process Automation Readiness Assessment.

1.1.1 cont'd

Scaled BPA Value Canvas Template:

A screenshot of Scaled BPA Value Canvas Template

Align your objectives to your application portfolio strategy

Why is an application portfolio strategy important for BPA?

  • All business process optimizations are designed, delivered, and managed to support a consistent interpretation of the business and IT vision and goals.
  • Clear understanding of the sprawl, criticality, and risks of automation solutions and applications to business capabilities.
  • BPA initiatives are planned, prioritized, and coordinated alongside modernization, upgrades, and other changes to the application portfolio.
  • Resources, skills, and capacities are strategically allocated to meet BPA demand considering other commitments in the backlog and roadmap.
  • BPA expectations and practices uphold the persona, values, and principles of the application team.

What is an application portfolio strategy?

An application portfolio strategy details the direction, activities, and tactics to deliver on the promise of your application portfolio. It often includes:

  • Portfolio vision and goals
  • Application, automation, and process portfolio
  • Values and principles
  • Portfolio health
  • Risks and constraints
  • Strategic roadmap

See our Application Portfolio Management Foundations blueprint for more information.

Leverage your BPA champions to drive change and support scaling initiatives

An arrow showing the steps to Leverage your BPA champions to drive change and support scaling initiatives

Expected Outcome From Your Pilot: Your pilot would have recognized the roles that know how to effectively apply good BPA practices (e.g., process analysis and optimization) and are familiar with the BPA toolset. These individuals are prime candidates who can standardize your Build a Winning Business Process Automation Playbook, upskill interested teams, and build relationships among those involved in the delivery and use of BPA.

Step 1.2

Define Your Scaling Journey

Activities

1.2.1 Discuss Your BPA Opportunities
1.2.2 Lay Out Your Scaling BPA Journey

Scale Business Process Automation

This step involves the following participants:

  • Business Process Owners
  • Product Owners
  • Application Directors
  • Business Architects
  • BPA Delivery & Support Teams

Outcomes of this step

  • List of scaling BPA opportunities
  • Tailored scaling journey

Maintain a healthy demand pipeline

A successful scaled BPA practice requires a continuous demand for BPA capabilities and the delivery of minimum viable automations (MVA) held together by a broader strategic roadmap.

An image of a healthy demand pipeline.  it flows from opportunities to trends, with inputs from internal and external sources.

An MVA focuses on a single and small process use case, involves minimal possible effort to improve, and is designed to satisfy a specific user group. Its purpose is to maximize learning and value and inform the further scaling of the BPA technology, approach, or practice.

See our Build a Winning Business Process Automation Playbook blueprint for more information.

Investigate how BPA trends can drive more value for the organization

  • Event-Driven Automation
    Process is triggered by a schedule, system output, scenario, or user (e.g., voice-activated, time-sensitive, system condition)
  • Low- & No-Code Automation build and management are completed through an easy-to-learn scripting language and/or a GUI.
  • Intelligent Document Processing
    Transform documents for better analysis, processing and handling (e.g., optical character recognition) by a tool or system.
  • End-to-End Process Automation & Transparency
    Linking cross-functional processes to enable automation of the entire value stream with seamless handoffs or triggers.
  • Orchestration of Different BPA Technologies
    Integrating and sequencing the execution of multiple automation solutions through a single console.
  • Cognitive Automation
    AI and other intelligent technologies automate information-intensive processes, including semi and unstructured data and human thinking simulation.
  • Intelligent Internet-of-Things
    Connecting process automation technologies to physical environments with sensors and other interaction devices (e.g., computer vision).
  • Ethical Design
    Optimizing processes that align to the moral value, principles, and beliefs of the organization (e.g., respects data privacy, resists manipulative patterns).
  • User Profiling & Tailored Experiences
    Customizing process outputs and user experience with user-defined configurations or system and user activity monitoring.
  • Process Mining & Discovery
    Gleaning optimization opportunities by analyzing system activities (mining) or monitoring user interactions with applications (discovery).

1.2.1 Discuss your BPA opportunities

5 minutes

  1. Review the goals and objectives of your initiative and the expectations you want to gain from scaling BPA.
  2. Discuss how BPA trends can be leveraged in your organization.
  3. List high priority scaling BPA opportunities.

Output

  • Scaled BPA opportunities

Participants

  • Business Process Owners
  • Product Owners
  • Application Directors
  • Business Architects
  • BPA Delivery & Support Teams

Create your recipe for success

Your scaling BPA recipe (approach) can involve multiple different flavors of various quantities to fit the needs and constraints of your organization and workers.

What and how many ingredients you need is dependent on three key questions:

  1. How can we ease BPA implementation?
  2. How can we broaden the BPA scope?
  3. How can we loosen constraints?

Personalize Scaling BPA To Your Taste

  • Extend BPA Across Business Units (Horizontal)
  • Integrate BPA Across Your Application Architecture (Vertical)
  • Embed AI/ML Into Your Automation Technologies
  • Empower Users With Business-Managed Automations
  • Combine Multiple Technologies for End-to-End Automation
  • Increase the Volume and Velocity of Automation
  • Automate Cognitive Processes and Making Variable Decisions

Answer these questions in the definition of your scaling BPA journey

Seeing the full value of your scaling approach is dependent on your ability to support BPA adoption across the organization

How can we ease BPA implementation?

  • Good governance practices (e.g., role definitions, delivery and management processes, technology standards).
  • Support for innovation and experimentation.
  • Interoperable and plug-and-play architecture.
  • Dedicated technology management and support, including resources, documents, templates and shells.
  • Accessible and easy-to-understand knowledge and document repository.

How can we broaden BPA scope?

  • Provide a unified experience across processes, fragmented technologies, and siloed business functions.
  • Improve intellectually intensive activities, challenging decision making and complex processes with more valuable insights and information using BPA.
  • Proactively react to business and technology environments and operational changes and interact with customers with unattended automation.
  • Infuse BPA technologies into your product and service to expand their functions, output quality, and reliability.

How can we loosen constraints?

  • Processes are automated without the need for structured data and optimized processes, and there is no need to work around or avoid legacy applications.
  • Workers are empowered to develop and maintain their own automations.
  • Coaching, mentoring, training, and onboarding capabilities.
  • Accessibility and adoption of underutilized applications are improved with BPA.
  • BPA is used to overcome the limitations or the inefficiencies of other BPA technologies.

1.2.2 Lay out your scaling BPA journey

5 minutes

  1. Review the goals and objectives of your initiative, the expectations you want to gain from scaling BPA, and the various scaling BPA opportunities.
  2. Discuss the different scaling BPA flavors (patterns) and how each flavor is applicable to your situation. Ask yourself these key questions:
    1. How can we ease BPA implementation?
    2. How can we broaden the BPA scope?
    3. How can we loosen constraints?
  3. Design the broad steps of your scaling BPA journey. See the following slide for an example.
  4. Document your findings and discussions in Info-Tech's Scale Business Process Automation Readiness Assessment.

Record the results in the 3. Scaled BPA Journey Tab in the Scale Business Process Automation Readiness Assessment.

Output

  • Scaled BPA journey

Participants

  • Business Process Owners
  • Product Owners
  • Application Directors
  • Business Architects
  • BPA Delivery & Support Teams

1.2.2 cont'd

An image of the marker used to identify Continuous business process optimization and automation Continuous business process optimization and automation
An image of the marker used to identify Scope of Info-Tech's Build Your Business Process Automation Playbook blueprintScope of Info-Tech's Build Your Business Process Automation Playbook blueprint

Example:

An example of the BPA journey.  Below are the links included in the journey.

Continuously review and realign expectations

Optimizing your scaled BPA practices and applying continuous improvements starts with monitoring the process after implementation.

Purpose of Monitoring

  1. Diligent monitoring confirms your scaled BPA implementation is performing as desired and meeting initial expectations.
  2. Holding reviews of your BPA practice and implementations helps assess the impact of marketplace and business operations changes and allows the organization to stay on top of trends and risks.

Metrics

Metrics are an important aspect of monitoring and sustaining the scaled practice. The metrics will help determine success and find areas where adjustments may be needed.

Hold retrospectives to identify any practice issues to be resolved or opportunities to undertake

The retrospective gives your organization the opportunity to review themselves and brainstorm solutions and a plan for improvements to be actioned. This session is reoccurring, typically, after key milestones. While it is important to allow all participants the opportunity to voice their opinions, feelings, and experiences, retrospectives must be positive, productive, and time boxed.

Step 1.3

Prepare to Scale BPA

Activities

1.3.1 Assess Your Readiness to Scale BPA

This step involves the following participants:

  • Business Process Owners
  • Product Owners
  • Application Directors
  • Business Architects
  • BPA Delivery & Support Teams

Outcomes of this step

  • Scale BPA readiness assessment

Prepare to scale by learning from your pilot implementations

"While most organizations are advised to start with automating the 'low hanging fruit' first, the truth is that it can create traps that will impede your ability to achieve RPA at scale. In fact, scaling RPA into the organizational structure is fundamentally different from implementing a conventional software product or other process automation."
– Blueprint

What should be the takeaways from your pilot?

Degree of Required BPA Support

  • Practices needed to address the organization's tolerance to business process changes and automation adoption.
  • Resources, budget and skills needed to configure and orchestrate automation technologies to existing business applications and systems.

Technology Integration & Compatibility

  • The BPA technology and application system's flexibility to be enhanced, modified, and removed.
  • Adherence to data and system quality standards (e.g., security, availability) across all tools and technologies.

Good Practices Toolkit

  • A list of tactics, techniques, templates, and examples to assist teams assessing and optimizing business processes and applying BPA solutions in your organization's context.
  • Strategies to navigate common blockers, challenges, and risks.

Controls & Measures

  • Defined guardrails aligned to your organization's policies and risk tolerance
  • Key metrics are gathered to gauge the value and performance of your processes and automations for enhancements and further scaling.

Decide how to architect and govern your BPA solutions

Centralized

A single body and platform to coordinate, execute, and manage all automation solutions.

An image of the Centralized approach to governing BPA solutions.

Distributed

Automation solutions are locally delivered and managed whether that is per business unit, type of technology, or vendor. Some collaboration and integration can occur among solutions but might be done without a holistic strategy or approach.

An image of the Distributed approach to governing BPA solutions.

Hybrid

Automation solutions are locally delivered and managed and executed for isolated use cases. Broader and complex automations are centrally orchestrated and administered.

An image of the Hybrid approach to governing BPA solutions.

Be prepared to address the risks with scaling BPA

"Companies tend to underestimate the complexity of their business processes – and bots will frequently malfunction without an RPA design team that knows how to anticipate and prepare for most process exceptions. Unresolved process exceptions rank among the biggest RPA challenges, prompting frustrated users to revert to manual work."
– Eduardo Diquez, Auxis, 2020

Scenarios

  • Handling Failures of Dependent Systems
  • Handling Data Corruption & Quality Issues
  • Alignment to Regulatory & Industry Standards
  • Addressing Changes & Regressions to Business Processes
  • "Run Away" & Hijacked Automations
  • Unauthorized Access to Sensitive Information

Recognize the costs to support your scaled BPA environment

Cost Factors

Automation Operations
How will chaining multiple BPA technologies together impact your operating budget? Is there a limit on the number of active automations you can have at a single time?

User Licenses
How many users require access to the designer, orchestrator, and other functions of the BPA solution? Do they also require access to dependent applications, services, and databases?

System Enhancements
Are application and system upgrades and modernizations needed to support BPA? Is your infrastructure, data, and security controls capable of handling BPA demand?

Supporting Resources
Are dedicated resources needed to support, govern, and manage BPA across business and IT functions? Are internal resources or third-party providers preferred?

Training & Onboarding
Are end users and supporting resources trained to deliver, support, and/or use BPA? How will training and onboarding be facilitated: internally or via third party providers?

Create a cross-functional and supportive body to lead the scaling of BPA

Your supportive body is a cross-functional group of individuals promoting collaboration and good BPA practices. It enables an organization to extract the full benefits from critical systems, guides the growth and evolution of strategic BPA implementations, and provides critical expertise to those that need it. A supportive body distinctly caters to optimizing and strengthening BPA governance, management, and operational practices for a single technology or business function or broadly across the entire organization encompassing all BPA capabilities.

What a support body is not:

  • A Temporary Measure
  • Exclusive to Large Organizations
  • A Project Management Office
  • A Physical Office
  • A Quick Fix

See our Maximize the Benefits from Enterprise Applications With a Center of Excellence blueprint for more information.

What are my options?

Center of Excellence (CoE)
AND
Community of Practice (CoP)

CoEs and CoPs provide critical functions

An image of the critical functions provided by CoE and CoP.

Shift your principles as you scale BPA

As BPA scales, users and teams must not only think of how a BPA solution operates at a personal and technical level or what goals it is trying to achieve, but why it is worth doing and how the outcomes of the automated process will impact the organization's reputation, morality, and public perception.

An image of the journey from Siloed BPA to Scaled BPA.

"I think you're going to see a lot of corporations thinking about the corporate responsibility of [organizational change from automation], because studies show that consumers want and will only do business with socially responsible companies."

– Todd Lohr

Source: Appian, 2018.

Assess your readiness to scale BPA

Vision & Objectives
Clear direction and goals of the business process automation practice.

Governance
Defined BPA roles and responsibilities, processes, and technology controls.

Skills & Competencies
The capabilities users and support roles must have to be successful with BPA.

Business Process Management & Optimization
The tactics to document, analyze, optimize, and monitor business processes.

Business Process Automation Delivery
The tactics to review the fit of automation solutions and deliver and support according to end user needs and preferences.

Business Process Automation Platform
The capabilities to manage BPA platforms and ensure it supports the growing needs of the business.

1.3.1 Assess your readiness to scale BPA

5 minutes

  1. Review your scaling BPA journey and selected patterns.
  2. Conduct a readiness assessment using the 4. Readiness Assessment tab in Info-Tech's Scale Business Process Automation Readiness Assessment.
  3. Brainstorm solutions to improve the capability or address the gaps found in this assessment.

Output

  • Scaled BPA readiness assessment

Participants

  • Business Process Owners
  • Product Owners
  • Application Directors
  • Business Architects
  • BPA Delivery & Support Teams

Record the results in the 4. Readiness Assessment tab in Info-Tech's Scale Business Process Automation Readiness Assessment.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Related Info-Tech Research

Bibliography

Alston, Roland. "With the Rise of Intelligent Automation, Ethics Matter Now More than Ever." Appian, 4 Sept. 2018. Web.
"Challenges of Achieving RPA at Scale." Blueprint, N.d. Web.
Dilmegani, Cem. "RPA Benefits: 20 Ways Bots Improve Businesses in 2023," AI Multiple, 9 Jan 2023. Web.
Diquez, Eduardo. "Struggling To Scale RPA? Discover The Secret to Success." Auxis, 30 Sept. 2020. Web.
"How much does Robotic Process Automation (RPA) Really Cost?" Blueprint, 14 Sept. 2021. Web.
"Liverpool City Council improves document process with Nintex." Nintex, n.d. Web.
"The State of Low-Code/No-Code." Creatio, 2021. Web.
"Using automation to enhance security and increase IT NPS to 90+ at Nutanix." Workato, n.d. Web.
"What Is Hyperautomation? A Complete Guide To One Of Gartner's Top Tech Trends." Stefanini Group, 26 Mar. 2021. Web.

The MVP Major Incident Manager

The time has come to hire a new major incident manager. How do you go about that? How do you choose the right candidate? Major incident managers must have several typically conflicting traits, so how do you pick the right person? Let's dive into that.

Continue reading

Do you believe in absolute efficiency?

Weekend read. Hence I post this a bit later on Friday.
Lately, I've been fascinated by infinity. And in infinity, some weird algebra pops up. Yet that weirdness is very much akin to what our business stakeholders want, driven by what our clients demand, and hence our KPIs drive us. Do more with less. And that is what absolute efficiency means.

Register to read more …

Create an Architecture for AI

  • Buy Link or Shortcode: {j2store}344|cart{/j2store}
  • member rating overall impact (scale of 10): 9.0/10 Overall Impact
  • member rating average dollars saved: $604,999 Average $ Saved
  • member rating average days saved: 49 Average Days Saved
  • Parent Category Name: Data Management
  • Parent Category Link: /data-management

This research is designed to help organizations who are facing these challenges:

  • Deliver on the AI promise within the organization.
  • Prioritize the demand for AI projects and govern the projects to prevent overloading resources.
  • Have sufficient data management capability.
  • Have clear metrics in place to measure progress and for decision making.

AI requires a high level of maturity in all data management capabilities, and the greatest challenge the CIO or CDO faces is to mature these capabilities sufficiently to ensure AI success.

Our Advice

Critical Insight

  • Build your target state architecture from predefined best-practice building blocks.
  • Not all business use cases require AI to increase business capabilities.
  • Not all organizations are ready to embark on the AI journey.
  • Knowing the AI pattern that you will use will simplify architecture considerations.

Impact and Result

  • This blueprint will assist organizations with the assessment, planning, building, and rollout of their AI initiatives.
    • Do not embark on an AI project with an immature data management practice. Embark on initiatives to fix problems before they cripple your AI projects.
    • Using architecture building blocks will speed up the architecture decision phase.
  • The success rate of AI initiatives is tightly coupled with data management capabilities and a sound architecture.

Create an Architecture for AI Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to understand why you need an underlying architecture for AI, review Info-Tech's methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Assess business use cases for AI readiness

Define business use cases where AI may bring value. Evaluate each use case to determine the company’s AI maturity in people, tools, and operations for delivering the correct data, model development, model deployment, and the management of models in the operational areas.

  • Create an Architecture for AI – Phase 1: Assess Business Use Cases for AI Readiness
  • AI Architecture Assessment and Project Planning Tool
  • AI Architecture Assessment and Project Planning Tool – Sample

2. Design your target state

Develop a target state architecture to allow the organization to effectively deliver in the promise of AI using architecture building blocks.

  • Create an Architecture for AI – Phase 2: Design Your Target State
  • AI Architecture Templates

3. Define the AI architecture roadmap

Compare current state with the target state to define architecture plateaus and build a delivery roadmap.

  • Create an Architecture for AI – Phase 3: Define the AI Architecture Roadmap
[infographic]

Workshop: Create an Architecture for AI

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Answer “Where To?”

The Purpose

Define business use cases where AI may add value and assess use case readiness.

Key Benefits Achieved

Know upfront if all required data resources are available in the required velocity, veracity, and variety to service the use case.

Activities

1.1 Review the business vision.

1.2 Identify and classify business use cases.

1.3 Assess company readiness for each use case.

1.4 Review architectural principles and download and install Archi.

Outputs

List of identified AI use cases

Assessment of each use case

Data sources needed for each use case

Archi installed

2 Define the Required Architecture Building Blocks

The Purpose

Define architecture building blocks that can be used across use cases and data pipeline.

Key Benefits Achieved

The architectural building blocks ensure reuse of resources and form the foundation of a stepwise rollout.

Activities

2.1 ArchiMate modelling language overview.

2.2 Architecture building block overview

2.3 Identify architecture building blocks by use case.

2.4 Define the target state architecture.

Outputs

A set of building blocks created in Archi

Defined target state architecture using architecture building blocks

3 Assess the Current State Architecture

The Purpose

Assess your current state architecture in the areas identified by the target state.

Key Benefits Achieved

Only evaluating the current state architecture that will influence your AI implementation.

Activities

3.1 Identify the current state capabilities as required by the target state.

3.2 Assess your current state architecture.

3.3 Define a roadmap and design implementation plateaus.

Outputs

Current state architecture documented in Archi

Assessed current state using assessment tool

A roadmap defined using plateaus as milestones

4 Bridge the Gap and Create the Roadmap

The Purpose

Assess your current state against the target state and create a plan to bridge the gaps.

Key Benefits Achieved

Develop a roadmap that will deliver immediate results and ensure long-term durability.

Activities

4.1 Assess the gaps between current- and target-state capabilities.

4.2 Brainstorm initiatives to address the gaps in capabilities

4.3 Define architecture delivery plateaus.

4.4 Define a roadmap with milestones.

4.5 Sponsor check-in.

Outputs

Current to target state gap assessment

Architecture roadmap divided into plateaus

Communicate Any IT Initiative

  • Buy Link or Shortcode: {j2store}428|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Lead
  • Parent Category Link: /lead

IT communications are often considered ineffective and unengaging. This is demonstrated by the:

  • Lack of expectation that IT should communicate well. Why develop a skill that no one expects IT to deliver on?
  • Failure to recognize the importance of communication to engage employees and communicate ideas.
  • Perception that communication is a broadcast not a continuous dialogue.
  • Inability to create, monitor, and manage feedback mechanisms.
  • Overreliance on data as the main method of communication instead of as evidence to support a broader narrative.

Our Advice

Critical Insight

  • Don't make data your star. It is a supporting character. People can argue about the collection methods or interpretation of the data, but they cannot argue with the story you share.
  • Messages are also non-verbal. Practice using your voice and body to set the right tone and impact your audience.
  • Recognize that communications are essential even in highly technical IT environments.
  • Measure if the communication is being received and resulting in the desired outcome. If not, modify what and how the message is being expressed.

Impact and Result

  • Develop an actionable plan to deliver consistent, timely messaging for all audiences.
  • Compose and deliver meaningful messages.
  • Consistently deliver the right information and the right time to the right stakeholders.

Communicate Any IT Initiative Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Communicate Any IT Initiative Deck – A step-by-step document that walks you through how to plan, compose, and deliver communications to any stakeholder up, down, or across the organization.

This blueprint not only provides the tools and techniques for planning, composing, and delivering effective communications, but also walks you through practical exercises. Practice and perfect your communication, composition, and delivery skills for any IT initiative.

  • Communicate Any IT Initiative – Phases 1-3

2. Communicate Any IT Initiative Facilitation Deck – A step-by-step communications workshop deck suitable for any workshop with a communication component.

Communication concepts and exercises that teach you how to plan, compose, and deliver effective communications. The deck includes practical tools, techniques, and skills practice.

  • Communicate Any IT Initiative Facilitation Deck

3. Communications Planner – An communications plan template that includes a section to define a change, a communications plan, communications calendars, and a pitch composition exercise.

This communications planner is a tool that accompanies the Effective IT Communications blueprint and the Communicate Any IT Initiative Facilitation Deck so that you can plan your communications, view your deliverables, and compose your pitch all in one document.

  • Communications Planner Tool

4. Stakeholder Analysis Tool – A tool to help ensure that all stakeholders are identified and none are missed.

A tool for identifying stakeholders and conducting an analysis to understand their degree of influence or impact.

  • Stakeholder Management Analysis Tool
[infographic]

Further reading

Communicate Any IT Initiative

Plan, compose, and deliver communications that engage your audience.

Executive Summary

Your Challenge Common Obstacles Info-Tech’s Approach
Communicating about your initiative is when the work really begins. Many organizations struggle with:
  • Knowing what target audiences need to be communicated with.
  • Communicating the same message consistently and clearly across target audiences.
  • Communicating to target audiences at the right times.
  • Selecting a channel that will be most effective for the message and practicing to deliver that message.
Some of the challenges IT faces when it comes to communicating its initiatives includes:
  • Not being given the opportunity or time to practice composing or delivering communications.
  • Coordinating the communications of this initiative with other initiative communications.
  • Forgetting to communicate with key stakeholders.
Choosing not to communicate because we do not know how it’s leading to initiative failures and lack of adoption by impacted parties.
For every IT initiative you have going forward, focus on following these three steps:
  1. Create a plan of action around who, what, how, and when communications will take place.
  2. Compose an easy-to-understand pitch for each stakeholder audience.
  3. Practice delivering the message in an authentic and clear manner.
By following these steps, you will ensure that your audience always understands and feels ready to engage with you.

Info-Tech Insight
Every IT employee can be a great communicator; it just takes a few consistent steps, the right tools, and a dedication to practicing communicating your message.

Info-Tech’s approach

Effective communications is not a broadcast but a dialogue between communicator and audience in a continuous feedback loop.

Continuous Feedback Loop

The Info-Tech difference:

  1. The skills needed to communicate effectively as a front-line employee or CIO are the same. It’s important to begin the development of these skills from the beginning of one's career.
  2. Time is a non-renewable resource. Any communication needs to be considered valuable and engaging by the audience or they will be unforgiving.
  3. Don't make data your star. It is a supporting character. People can argue about the collection methods or interpretation of the data, but they cannot argue about the story you share.

Poor communication can lead to dissatisfied stakeholders

27.8% of organizations are not satisfied with IT communications.

25.8% of business stakeholders are not satisfied with IT communications.

Source: Info-Tech Diagnostic Programs; n=34,345 business stakeholders within 604 organizations

The bottom line? Stakeholders for any initiative need to be communicated with often and well. When stakeholders become dissatisfied with IT’s communication, it can lead to an overall decrease in satisfaction with IT.

Good IT initiative communications can be leverage

  • IT risk mitigation and technology initiative funding are dependent on critical stakeholders comprehending the risk impact and initiative benefit in easy-to-understand terms.
  • IT employees need clear and direct information to feel empowered and accountable to do their jobs well.
  • End users who have a good experience engaging in communications with IT employees have an overall increase in satisfaction with IT.
  • Continuously demonstrating IT’s value to the organization comes when those initiatives are clearly aligned to overall objectives – don’t assume this alignment is being made.
  • Communication prevents assumptions and further miscommunication from happening among IT employees who are usually impacted and fear change the most.

“Nothing gets done properly if it's not communicated well.”
-- Nastaran Bisheban, CTO KFC Canada

Approach to communications

Introduction
Review effective communications.

Plan
Plan your communications using a strategic tool.

Compose
Create your own message.

Deliver
Practice delivering your own message.

Info-Tech’s methodology for effective IT communications

1. Plan Strategic Communications 2. Compose a Compelling Message 3. Deliver Messages Effectively
Step Activities
  1. Define the Change
  2. Determine Target Audience
  3. Communication Outcomes
  4. Clarify the Key Message(s)
  5. Identify the Owner and Messenger(s)
  6. Select the Right Channels
  7. Establish a Frequency and Time Frame
  8. Obtain Feedback and Improve
  9. Finalize the Calendar
  1. Craft a Pitch
  2. Revise the Pitch
  1. Deliver Your Pitch
  2. Refine and Deliver Again
Step Outcomes Establish an easy-to-read view of the key communications that need to take place related to your initiative or change. Practice writing a pitch that conveys the message in a compelling and easy-to-understand way. Practice delivering the pitch. Ensure there is authenticity in the delivery while still maintaining the audience’s attention.

This blueprint can support communication about any IT initiative

  • Strategy or roadmap
  • Major transformational change
  • System integration
  • Process changes
  • Service changes
  • New solution rollouts
  • Organizational restructuring

We recommend considering this blueprint a natural add-on to any completed Info-Tech blueprint, whether it is completed in the DIY fashion or through a Guided Implementation or workshop.

Key deliverable:

Communication Planner
A single place to plan and compose all communications related to your IT initiative.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

Facilitation Guide
A step-by-step guide to help your IT organization develop a communication plan and practice composing and delivering key messages.

Stakeholder Analysis
An ability to assess all stakeholders based on impact, influence, and involvement.

Workshop Overview

MorningAfternoon
ActivitiesPlan Strategic Communications for Your Initiative
  1. Define the Change
  2. Determine Target Audience
  3. Communication Outcomes
  4. Clarify the Key Message(s)
  5. Identify the Owner and Messenger(s)
  6. Select the Right Channels
  7. Establish a Frequency and Time Frame
  8. Obtain Feedback and Improve
  9. Finalize the Calendar
Compose and Deliver a Compelling Message
  1. Craft a Pitch
  2. Revise the Pitch
  3. Deliver Your Pitch
  4. Refine and Deliver Again
Deliverables
  1. Communication planner with weekly, monthly, and yearly calendar views to ensure consistent and ongoing engagement with every target audience member
  1. Crafted pitches that can be used for communicating the initiative to different stakeholders
  2. Skills and ability to deliver messages more effectively

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Key KPIs for communication with any stakeholder

Measuring communication is hard; use these to determine effectiveness:

Goal Key Performance Indicator (KPI) Related Resource
Obtain board buy-in for IT strategic initiatives. X% of IT initiatives that were approved to be funded.
Number of times that technical initiatives were asked to be explained further.
Using our Board Presentation Review
Ensure stakeholders feel engaged during initiatives. X% of business leadership satisfied with the statement “IT communicates with your group effectively.” Using the CIO Business Vision Diagnostic
End users know what IT initiatives are going to impact the products or services they use. X% of end users that are satisfied with communications around changing services or applications. Using the End-User Satisfaction Survey
Project stakeholders receive sufficient communication throughout the initiative. X% overall satisfaction with the quality of the project communications. Using the PPM Customer Satisfaction Diagnostic
Employees are empowered to perform on IT initiatives. X% satisfaction employees have with statement “I have all the resources and information I need to do a great job.” Using the Employee Engagement Diagnostic Program

Phase 1

Plan Strategic Communications

Activities
1.1 Define the Change
1.2 Determine Target Audience
1.3 Communication Outcomes
1.4 Clarify the Key Message(s)
1.5 Identify the Owner and Messenger(s)
1.6 Select the Right Channels
1.7 Establish a Frequency and Time Frame
1.8 Obtain Feedback and Improve
1.9 Finalize the Calendar

Communicate Any IT Initiative Effectively
Phase1 > Phase 2 > Phase 3

This step involves the following participants:
Varies based on those who would be relevant to your initiative.

Outcomes of this step
Create an easy-to-follow communications plan to ensure that the right message is sent to the right audience using the right medium and frequency.

What is an IT change?

Before communicating, understand the degree of change.

Incremental Change:
  • Changes made to improve current processes or systems (e.g. optimizing current technology).
Transitional Change:
  • Changes that involve dismantling old systems and/or processes in favor of new ones (e.g. new product or services added).
Transformational Change:
  • Significant change in organizational strategy or culture resulting in substantial shift in direction.
Examples:
  • New or changed policy
  • Switching from on-premises to cloud-first infrastructure
  • Implementing ransomware risk controls
  • Implementing a learning & development plan
Examples:
  • Moving to an insourced or outsourced service desk
  • Developing a BI & analytics function
  • Integrating risk into organization risk
  • Developing a strategy (technology, architecture, security, data, service, infrastructure, application)
Examples:
  • Organizational redesign
  • Acquisition or merger of another organization
  • Implementing a digital strategy
  • A new CEO or board taking over the organization's direction

Consider the various impacts of the change

Invest time at the start of the project to develop a detailed understanding of the impact of the change. This will help to create a plan that will simplify the change and save time in the end. Evaluate the impact from a people, process, and technology perspective.

Leverage a design thinking principle: Empathize with the stakeholder – what will change?

People

  • Team structure
  • Reporting structure
  • Career paths
  • Job skills
  • Responsibilities
  • Company vision/mission
  • Number of FTE
  • Culture
  • Training required

Process

  • Budget
  • Work location
  • Daily workflow
  • Working conditions
  • Work hours
  • Reward structure
  • Required number of completed tasks
  • Training required

Technology

  • Required tools
  • Required policies
  • Required systems
  • Training required

1.1 Define the change

30 minutes

  1. While different stakeholders will be impacted by the change differently, it’s important to be able to describe what the change is at a higher level.
  2. Have everyone take eight minutes to jot down what the change is and why it is happening in one to two sentences. Tab 2 of the Communication Planner Tool can also be used to house the different ideas.
  3. Present the change statements to one another.
  4. By leveraging one of the examples or consolidating many examples, as a group document:
    • What is the change?
    • Why is it happening?
  5. The goal is to ensure that all individuals involved in establishing or implementing the change have the same understanding.
Input Output
  • Individual ideas about what change is occurring and why.
  • A single statement that reflects the change occurring and the rationale for why the change is needed.
Materials Participants
  • Communication Planner Tool
  • Sticky notes
  • Whiteboard
  • Varies based on those who would be relevant to your initiative.

Download the Communication Planner Tool

Ensure effective communication by focusing on four key elements

Audience
Stakeholders (either groups or individuals) who will receive the communication.

Message
Information communicated to impacted stakeholders. Must be rooted in a purpose or intent.

Messenger
Person who delivers the communication to the audience. The communicator and owner are two different things.

Channel
Method or channel used to communicate to the audience.

Identify the target audience

The target audience always includes groups and individuals who are directly impacted by the change and may also include those who are change adjacent.

Define the target audience: Identify which stakeholders will be the target audience of communications related to the initiative. Stakeholders can be single individuals (CFO) or groups (Applications Team).

Stakeholders to consider:

  • Who is sponsoring the initiative?
  • Who benefits from the initiative?
  • Who loses from the initiative?
  • Who can make approvals?
  • Who controls resources?
  • Who has specialist skills?
  • Who implements the changes?
  • Who will be adversely affected by potential environmental and social impacts in areas of influence that are affected by what you are doing?
  • At which stage will stakeholders be most affected (e.g. procurement, implementation, operations, decommissioning)?
  • Will other stakeholders emerge as the phases are started and completed?

1.2a Determine target audience

20 minutes

  1. Consider all the potential individuals or groups of individuals who will be impacted or can influence the outcome of the initiative.
  2. On tab 3 of the Communication Planner Tool, list each of the stakeholders who will be part of the target audience. If in person, use sticky notes to define the target audiences. The individuals or group of individuals that make up the target audience are all the people who require being communicated with before, during, or after the initiative.
  3. As you list each target audience, consider how they perceive IT. This perception could impact how you choose to communicate with the stakeholder(s).
InputOutput
  • The change
  • Why the change is needed
  • A list of individuals or group of individuals that will be communicated with.
MaterialsParticipants
  • Communication Planner Tool
  • Sticky notes
  • Whiteboard
  • Varies based on those who would be relevant to your initiative.

Download the Communication Planner Tool

1.2b Conduct a stakeholder analysis (optional)

1 hour

  1. For each stakeholder identified as a part of the target audience, conduct an analysis to understand their degree of influence or impact.
  2. Based on the stakeholder, the influence or impact of the change, initiative, etc. can inform the type and way of communicating.
  3. This is a great activity for those who are unsure how to frame communications for each stakeholder identified as a target audience.
InputOutput
  • The change
  • Why the change is needed
  • A list of individuals or group of individuals that will be communicated with
  • The degree of influence or impact each target audience stakeholder has.
MaterialsParticipants
  • Communication Planner Tool
  • Sticky notes
  • Whiteboard
  • Varies based on those who would be relevant to your initiative.

Download the Stakeholder Management Analysis Tool

Determine the desired outcome of communicating with each audience

For each target audience, there will be an overall goal on why they need to be communicated with. This outcome or purpose is often dependent on the type of influence the stakeholder wields within the organization as well as the type of impact the change or initiative will have. Depending on the target audience, consider each of the communication outcomes listed below.

Communicating Across the Organization Communicating Up to Board or Executives Communicating Within IT
  • Obtain buy-in
  • Obtain approval
  • Obtain funding
  • Demonstrate alignment to organization objectives
  • Reduce concerns about risk
  • Demonstrate alignment to organization objectives
  • Demonstrate alignment to individual departments or functions
  • Obtain other departments’ buy-in
  • Inform about a crisis
  • Inform about the IT change
  • Obtain adoption related to the change
  • Obtain buy-in
  • Inform about the IT change
  • Create a training plan
  • Inform about department changes
  • Inform about organization changes
  • Inform about a crisis
  • Obtain adoption related to the change
  • Distribute key messages to change agents

1.3 Communication outcomes

30 minutes

  1. For each stakeholder, there may be one or more reasons why you need to communicate with them. On tab 3 of the Communication Planner Tool or on a whiteboard, begin to identify the objective or outcome your team is seeking by engaging in each target audience.
  2. As you move through the communication outcomes, it could result in more than one outcome for each target audience.
  3. Ensure there is one line for each target audience desired communication outcome. Many stakeholders might need to be communicated with for several reasons. If using the Communication Planner Tool, add the target audience name in column C for as many different communication outcomes there are in column D related to that stakeholder.
InputOutput
  • The change
  • A list of individuals or group of individuals that will be communicated with
  • Outcome or objective of communicating with each stakeholder
MaterialsParticipants
  • Communication Planner Tool
  • Sticky notes
  • Whiteboard
  • Varies based on those who would be relevant to your initiative.

Download the Communication Planner Tool

Establish and define key messages based on organizational objectives

What are key messages?
  • Key messages guide all internal communications to ensure they are consistent, unified, and straightforward.
  • Distill key messages down from organizational objectives and use them to reinforce the organization’s strategic direction. Key messages should inspire employees to act in a way that will help the organization reach its objectives.
How to establish key messages: Ground key messages in organizational strategy and culture. These should be the first places you look to determine the organization’s key messages:
  • Refer to organizational strategy documents. What needs to be reinforced in internal communications to ensure the organization can achieve its strategy? This is a key message.
  • Look at the organization’s values. How do values guide how work should be done? Do employees need to behave in a certain way or keep a certain value top of mind? This is a key message.

Key messages should be clear, concise, and consistent (Porter, 2014). The intent is to convey important information in a way that is relatable and memorable, to promote reinforcement, and ultimately, to drive action.

Info-Tech Insight
Empathizing with the audience is key to anticipating and addressing objections as well as identifying benefits. Customize messaging based on audience attributes such as work model (e.g. hybrid), anticipated objections, what's in it for me? (WIIFM), and specific expectations.

1.4 Clarify the key messages

25 minutes

  1. Divide the number of communication lines up equally amongst the participants.
  2. Based on the outcome expected from engaging that target audience in communications, define one to five key messages that should be expressed.
  3. The key messages should highlight benefits anticipated, concerns anticipated, details about the change, and plan of action or next steps. The goal here is to ensure the target audience is included in the communication process.
  4. The key messages should be focused on how the target audience receives a consistent message, especially if different communication messengers are involved.
  5. Document the key messages on tab 3 of the Communication Planner Tool.
InputOutput
  • The change
  • Target audience
  • Communication outcomes
  • Key messages to support a consistent approach
MaterialsParticipants
  • Communication Planner Tool
  • Sticky notes
  • Whiteboard
  • Varies based on those who would be relevant to your initiative.

Download the Communication Planner Tool

Understand to how to identify appropriate messengers

Messages must be communicated by a variety of individuals across the organization. Select the messenger depending on the message characteristics (e.g. audience, message, medium). The same messenger can be used for a variety of messages across different mediums.

Personal impact messages should be delivered by an employee's direct supervisor.

Organizational impact messages and rationale should be delivered by senior leaders in the affected areas.

Chart Preferred Messenger for Change Messages

Recent research by Prosci found employees prefer to hear personal messages from their direct manager and organizational messages from the executive leadership team.

Fifty percent of respondents indicated the CEO as the preferred messenger for organizational change messages.

Select the appropriate messenger

For each audience, message, and medium, review whether the message is personal or organizational to determine which messengers are best.

The number and seniority of messengers involved depends on the size of the change:

  • Incremental change
    • Personal messages from direct supervisors
    • Organizational messages from a leader in the audience’s function or the direct supervisor
  • Transitional change
    • Personal messages from direct supervisors or function leaders
    • Organizational messages from a leader in the audience’s function or the C suite
  • Transformational change
    • Personal messages from direct supervisors or function leaders
    • Organizational messages from the CEO or C-suite
    • Cascading messages are critical in this type of change because all levels of the organization will be involved

Communication owner vs. messenger

Communication Owner

Single person
Accountable for the communication message and activities
Oversees that the communication does not contradict other communications
Validates the key messages to be made

Communication Messenger(s)

Single person or many people
Responsible for delivering the intended message
Engages the target audience in the communication
Ensures the key messages are made in a consistent and clear manner

1.5 Identify the owner and messenger(s)

30 minutes

  1. For every communication, there needs to be a single owner. This is the person who approves the communication and will be accountable for the communication
  2. The messenger(s) can be several individuals or a single individual depending on the target audience and desired outcome being sought through the communications.
  3. Identify the person or role who will be accountable for the communication and document this in the Communication Planner Tool.
  4. Identify the person(s) or role(s) who will be responsible for delivering the communication and engaging the target audience and document this in the Communication Planner Tool.
Input Output
  • Individual ideas about what change is occurring and why.
  • A single statement that reflects the change occurring and the rationale for why the change is needed.
Materials Participants
  • Communication Planner Tool
  • Sticky notes
  • Whiteboard
  • Varies based on those who would be relevant to your initiative.

Download the Communication Planner Tool

Review appropriate channel for different types of messages

Communication channels are in-person, paper-based, or tech-enabled. Provide communicators with guidance on which mediums to use in different situations.

First question: Should the communication be delivered in-person or not?
Types of channels In-Person Paper-Based or Tech-Enabled
Questions to consider
  • How is your message likely to be received? Is the message primarily negative?
  • Will the message prompt a lot of dialogue or questions? Will it require significant context or clarification?
Note: Messages that are important, complex, or negative must be delivered in person. This allows the sender to provide context, clarify questions, and collect feedback.
  • Use paper-based and tech-enabled communications to provide reminders or updates.
  • When deciding which of the two to use, think about your audience: do they have regular access to a computer?
Two-way interaction Supplement in-person communications with paper-based or tech-enabled communications to provide follow-up and consistency (Government of Nova Scotia). Tech-enabled communications allow the sender to deliver messages when they do not co-locate with the receiver. That said, make sure paper-based communications are provided to those without regular access to a computer.

Consider accessibility when communicating change – not all employees will have access to the same mediums. To ensure inclusivity, strategically plan which mediums to use to reach the entire audience.

Select communication channels

Medium Description Key Messages When to Use
One-on-One Meetings Individual meetings between managers and their direct reports to ensure they understand the change, can express any concerns, and obtain feedback or recommendations.
  • How the change will impact the employee, what they can expect throughout the change, how they can get support, what the timelines are, etc.
  • Requests for feedback.
  • Responses to feedback.
  • Most applicable for personal messages throughout all stages of change.
  • When real-time feedback is needed.
  • To understand the change’s impact on each employee, understand their emotional reactions and provide support.
  • After a change has been announced and continuing at a regular cadence until after the change has been implemented. Frequency of meetings will vary by employee over the course of the change.
Team Meeting A meeting of a work unit or department. Can be virtual, in person, or a combination. Led by the work unit or department head/manager.
  • How the change will impact the team – how work gets done, who they work with, etc.
  • Available timelines regarding the change.
  • Support available throughout the change.
  • Most applicable for personal messages throughout all change stages.
  • When real-time communication is needed to keep everyone on the same page and provide an opportunity to ask questions (essential for buy-in).
  • To announce a small change or after a larger change announcement. Continue frequently until the end of adoption, with time reserved for ad hoc meetings.
Email Electronic communication sent to the audience’s company emails, or in the absence of that, to their personal emails.
  • Overarching details and timelines.
  • Short, easy-to-digest pieces of information that either provide a summary of what to expect or describe actions employees need to take.
  • Applicable for both personal and organizational messages, depending on the messenger. Send personal messages in separate emails from organizational messages.
  • To communicate key details quickly and to a distributed workforce.
  • To reinforce or reiterate information that has been shared in person. Can be used broadly or target specific employees/groups.

Select communication channels

Medium Description Key Messages When to Use
Town Hall Virtual or in-person meeting where senior leadership shares information with a wide audience about the change and answers questions.
  • Messaging that is applicable to a large audience.
  • The strategic decisions of senior leadership.
  • Highlight positive initiative outcomes.
  • Recognize employee efforts.
  • Report on engagement.
  • Most applicable for organizational messages to launch a change or between milestones in a long-term or complex change.
  • To enable senior leaders to explain strategic decisions to employees.
  • To allow employees to ask questions and provide feedback.
  • When support of senior leadership is critical to change success.
Roadshow A series of meetings where senior leadership or the change champion travels to different geographic locations to hold town halls adapted to each location’s audience.
  • Why the change is happening, when the change is happening, who will be impacted, expectations, and key points of contact.
  • Most applicable for organizational messages to launch a change and between milestones during a long-term, large, or complex change.
  • For a change impacting several locations.
  • When face time with senior leadership is critical to developing understanding and adoption of the change. Satellite locations can often feel forgotten. A roadshow provides access to senior leadership and lends the credibility of the leader to the change.
  • To enable live two-way communication between employees and leadership.

Select communication channels

Medium Description Key Messages When to Use
Intranet An internal company website that a large number of employees can access at any time.
  • Information that has already been communicated to the audience before, so they can access it at any time.
  • FAQs and/or general details about the change (e.g. milestones).
  • Most applicable for organizational messages.
  • To post relevant documentation so the audience can access it whenever they need it.
  • To enable consistency in answers to common questions.
Training Scheduled blocks of time for the team to learn new skills and behaviors needed to successfully adapt to the change.
  • Reinforce the need for change and the benefits the change will have.
  • Most applicable for organizational messages during the implementation stage.
  • To reduce anxiety over change initiatives, improve buy-in, and increase adoption by helping employees develop skills and behaviors needed to perform effectively.
Video Message A prerecorded short video clip designed for either simultaneous broadcast or just-in-time viewing. Can be sent over email or mobile or uploaded to a company portal/intranet.
  • Positive messaging to convey enthusiasm for the change.
  • Details about why the organization is changing and what the benefits will be, updates on major milestone achievements, etc.
  • Most applicable for organizational messages, used on a limited basis at any point during the change.
  • Effective when the message needs to appear more personal by putting a face to the message and when it can be presented in a condensed time frame.
  • When a message needs to be delivered consistently across a variety of employees, locations, and time zones.
  • To provide updates and recognize key achievements.

Select communication channels

Medium Description Key Messages When to Use
Shift Turnover Meeting A meeting between teams or departments when a shift changes over; sometimes called a shift report. Used to communicate any relevant information from the outgoing shift to the incoming shift members.
  • Details related to the activities performed during the shift.
  • Most applicable for personal impact messages during the implementation stage to reinforce information shared using other communication mediums.
  • Where change directly impacts role expectations or performance so teams hear the same message at the same time.
Company Newsletter Electronic or hardcopy newsletter published by the company. Contains timely updates on company information.
  • Overarching change details.
  • Information that has already been communicated through other mediums.
  • Varies with the change stage and newsletter frequency.
  • Most applicable for organizational messages throughout the change.
  • When the change implementation is expected to be lengthy and audiences need to be kept updated.
  • To celebrate change successes and milestone achievements.
Sign/Poster Digital or paper-based sign, graphic, or image. Includes posters, screensavers, etc.
  • Positive messaging to convey enthusiasm for the change.
  • Key dates and activities.
  • Key contacts.
  • Most applicable for organizational messages throughout the change.
  • As visual reminders in common, highly visible locations (e.g. a company bulletin board, elevator TV monitors).

1.6 Select the right channels

20 minutes

  1. Consider the different channels that were described and presented on the previous five slides. Each channel has element(s) to it that will allow it to be more beneficial based on the communication target audience, outcome, and messenger.
  2. Evenly assign the number of communication rows on tab 3 of the Communication Planner Tool and input the channel that should be used.
  3. Consider if the channel will:
    • Obtain the desired outcome of the communication.
    • Be completed by the messenger(s) defined.
    • Support the target audience in understanding the key messages.
  4. If any target audience communication requires several channels, add additional rows to the planner on TAB 3.
InputOutput
  • Target audience
  • Communication outcome
  • Communication messenger(s)
  • The right channel selected to support the desired communication outcome.
MaterialsParticipants
  • Communication Planner Tool
  • Sticky notes
  • Whiteboard
  • Varies based on those who would be relevant to your initiative.

Download the Communication Planner Tool

Define the communication time frame based on the initiative

Communication occurs during four of the five stages of an initiative:

01 Identify and prioritize 02 Prepare for initiative 03 Create a communication plan 04 Implement change 05 Sustain the desired outcome
Before During After
  • Communication begins with sponsors and the project team.
  • Set general expectations with project team and sponsors.
  • Outline the communication plan for the remaining stages.
  • Set specific expectations with each stakeholder group.
  • Implement the communication plan.
  • Use feedback loops to determine updates or changes to communications.
  • Communication continues as required after the change.
  • Feedback loops continue until change becomes business as usual.
Where communication needs to happen

Don’t forget: Cascade messages down through the organization to ensure those who need to deliver messages have time to internalize the change before communicating it to others. Include a mix of personal and organizational messages, but where possible, separate personal and organizational content into different communications.

Establish a frequency that aligns to the desired communication outcome

Successful communications are frequent communications.

  • The cadence of a communication is highly dependent on the objective of the communication.
  • Each target requires a different frequency as well:
    • Board Presentations > four times a year is a good frequency
    • Executive Leadership > monthly frequency
    • Organizationally > annually and when necessary
    • Organization Crises > daily, if not hourly
    • IT Initiatives and Projects > weekly
    • IT Teams > weekly, if not daily

Tech Team Frequency for Discussing Goals

“When goals are talked about weekly, teams are nearly 3X more likely to feel confident hitting them.”
– Hypercontext, 2022

Info-Tech Insight
Communications made once will always fail. Ensure there is a frequency appropriate for every communication — or do not expect the desired outcome.

1.7 Establish a frequency and time frame

30 minutes

  1. For each row in tab 3, determine how frequently that communication needs to take place and when that communication needs to be completed by.
    • Frequency: How often the communication will be delivered to the audience (e.g. one-time, monthly, as needed).
    • Time frame: When the communication will be delivered to the audience (e.g. a planned period or a specific date).
  2. When selecting the time frame, consider what dependencies need to take place prior to that communication. For example, IT employees should not be communicated with on anything that has not yet been approved by the CEO. Also consider when other communications might be taking place so the message is not lost in the noise.
  3. For frequency, the only time that a communication needs to take place once is when presenting up to senior leaders of the organization. And even then it will sometimes require more than one conversation. Be mindful of this.
InputOutput
  • The change
  • Target audience
  • Communication outcome
  • Communication channel
  • Frequency and time frame of the communication
MaterialsParticipants
  • Communication Planner Tool
  • Sticky notes
  • Whiteboard
  • Varies based on those who would be relevant to your initiative.

Download the Communication Planner Tool

First, ensure feedback mechanisms are in place

Soliciting and acting on feedback involves employees in the decision-making process and demonstrates to them that their contributions matter.

Prior to the strategy rollout, make sure you have also established feedback mechanisms to collect feedback on both the messages delivered and how they were delivered. Some ways to collect feedback include:

  • Evaluating intranet comments and interactions (likes, etc.) if this function is enabled.
  • Measuring comprehension and satisfaction through surveys and polls.
  • Looking for themes in the feedback and questions employees bring forward to managers during in-person briefings.

Feedback Mechanisms:

  • CIO Business Vision Survey
  • Engagement Surveys
  • Focus Groups
  • Suggestion Boxes
  • Team Meetings
  • Random Sampling
  • Informal Feedback
  • Direct Feedback
  • Audience Body Language
  • Repeating the Message Back

Select metrics to measure progress on key results

There are two types of metrics that can be used to measure the impact of an internal communications strategy and progress toward strategy goals. These metrics are used to measure both outputs and outcomes.

Select metrics measuring both:
Tactical Effectiveness (Outputs) Strategic Effectiveness (Outcomes)
  • Open rate
  • Click-through rate
  • Employee sentiment
  • Participation rates
  • Physical distractions
  • Shift in behavior
  • Manager capability to communicate
  • Organizational ability to meet goals
  • Engagement
  • Turnover

Pyramid of metrics to measure process on key results

1.8 Obtain feedback and improve

20 minutes

  1. Evenly distribute the number of rows in the communication plan to all those involved. Consider a metric that would help inform whether the communication outcome was achieved.
  2. For each row, identify a feedback mechanism (slide 38) that could be used to enable the collection and confirm a successful outcome.
  3. Come back as a group and validate the feedback mechanisms selected.
  4. The important aspect here is not just to measure if the desired outcome was achieved. However, if the desired outcome is not achieved, consider what you might do to change or enable better communication to that target audience.
  5. Every communication can be better. Feedback, whether it is tactical or strategic, will help inform methods to improve future communication activities.
InputOutput
  • Communication outcome
  • Target audience
  • Communication channel
  • A mechanism to measure communication feedback and adjust future communications when necessary.
MaterialsParticipants
  • Communication Planner Tool
  • Sticky notes
  • Whiteboard
  • Varies based on those who would be relevant to your initiative.

Download the Communication Planner Tool

Example of internal communications survey

Use and modify the questions below when building an internal communications survey. Use a Likert scale to gauge responses.

  1. I am satisfied with the communications at our organization.
  2. I am kept fully informed of news and updates relevant to our organization.
  3. I receive information that is relevant to me on a regular basis.
  4. I have the information I need to do my job.
  5. I know where to go to find the information I am looking for.
  6. My manager communicates with me in-person on a regular basis.
  7. I feel I can believe the information I receive from the company.
  8. I feel heard by senior leaders and know that they have received my feedback.
  9. The content and information that I receive is interesting to me.

Create an easy-to-read approach to communication

Example of an easy-to-read approach to communication

1.9 Finalize the calendar

2 hours

  1. Once the information on tabs 2 and 3 of the Communication Planner Tool has been completed, start to organize the information in an easy-to-read view.
  2. Using the annual, monthly, and weekly calendar views on tabs 3 to 5, begin to formalize the dates of when communications will take place.
  3. Following the instructions on each tab, complete one or all of the views of the communication plan. Remember, the stakeholder that makes up the target audience needs to be considered and whether this communication will overlap with any other communications.
InputOutput
  • Communication Plan on tab 2
  • Yearly, monthly, and weekly communication calendars
MaterialsParticipants
  • Communication Planner Tool
  • Sticky notes
  • Whiteboard
  • Varies based on those who would be relevant to your initiative.

Download the Communication Planner Tool

Phase 2

Compose a Compelling Message

Activities

2.1 Craft a Pitch
2.2 Revise the Pitch

This step involves the following participants:
Varies based on those who would be relevant to your initiative.

Outcomes of this step
Ability to create a clear, concise, and consistent message using best practices and a pitch framework.

Communication Any IT Initiative Effectively

Phase 1 > Phase 2 > Phase 3

Include all the following pieces in your message for an effective communication

Pieces needed in your message for effective communication

Info-Tech Insight
Time is a non-renewable resource. The message crafted must be considered a value-add communication to your audience.

Enable good communication with these components

Be Consistent Be Clear
  • The core message must be consistent regardless of audience, channel, or medium.
  • Test your communication with your team or colleagues to obtain feedback before delivering to a broader audience.
  • A lack of consistency can be interpreted as an attempt at deception. This can hurt credibility and trust.
  • Say what you mean and mean what you say.
  • Choice of language is important: “Do you think this is a good idea? I think we could really benefit from your insights and experience here.” Or do you mean: “I think we should do this. I need you to do this to make it happen.”
  • Don’t use jargon.
Be Relevant Be Concise
  • Talk about what matters to the stakeholder.
  • Talk about what matters to the initiative.
  • Tailor the details of the message to each stakeholder’s specific concerns.
  • IT thinks in processes but stakeholders only care about results: talk in terms of results.
  • IT wants to be understood, but this does not matter to stakeholders. Think: “what’s in it for them?”
  • Communicate truthfully; do not make false promises or hide bad news.
  • Keep communication short and to the point so key messages are not lost in the noise.
  • There is a risk of diluting your key message if you include too many other details.
  • If you provide more information than necessary, the clarity and consistency of the message can be lost.

Draft the core messages to communicate

Draft core messages communicating information consistent with the high-level communications plan. This includes the overall goal of communications, key messaging, specifics related to the change action, and customizations for each audience. It’s also important to:

  1. Hook your audience: Use a compelling introduction that ensures your target audience cares about the message. Use a statistic or another piece of information that presents the problem in a unique way.
  2. Demonstrate you can help: Let the audience know that based on the unique problem you can help. There is value to engaging and working with you further.
  3. Repeat messages several times and through several messengers and mediums throughout the change stages to ensure all audience members receive and understand the details.
  4. Write for the ear: Use concise and clear sentences, avoid technological language, and when you speak it aloud ensure it sounds like how you would normally speak.
  5. Keep messaging positive but realistic. Avoid continually telling stakeholders that “change is hard.” Instead, communicate messages around change success to positively prime the audience’s mindset (Harvard Business Review).
  6. Communicate what is meaningfully unchanged. Not everything will be impacted by the change. To help reduce fears, include information about meaningful aspects of employees’ work that will not be changing (e.g. employees are moving to report to a new manager on a new team, but the job responsibilities are staying the same).
  7. Finish with a call to action: Your concluding statement should not be a thank-you but a call to action that ignites how your audience will behave after the communication.

Components of a good pitch

Key Components of a Good Pitch
Purpose of the pitch What are you asking for? What is the desired outcome of the conversation? What three things do you want the audience to take away?
Speak to what matters to them Who is your audience and what are their biggest challenges today? What do they care? What is the “so what”? Humanize it. Start with an example of a real person.
Sell the improvement How is your solution going to solve that problem? Is your solution a pain killer or vitamin?
Show real value How will your solution create real value? How can that be measured? Give an example.
Discuss potential fears Identify and alleviate fears the stakeholder may have in working with you. Think about what they think now and what you want them to think.
Have a call to action Identify what your ask is. What are you looking for from the stakeholder? Listen and respond.
Follow up with a thank-you Did you ensure that the participants’ time was respected and appreciated? Be genuine and sincere.

Key questions to answer with change communication

To effectively communicate change, answer questions before they’re asked, whenever possible. To do this, outline at each stage of the change process what’s happening next for the audience and answer other anticipated questions. Pair key questions with core messages in change communications.

Examples of key questions by change stage include:

What is changing?
When is the change expected?
Who will be championing the change?
What are the change expectations?
Will I have input into how the change is happening?
What’s happening next?
Why are we changing?
Why is the change happening now?
What are the risks of not changing?
What will be new?
What’s in it for me?
What training will be available?
Who will be impacted?
How will I be impacted?
How will my team be impacted?
What’s happening next?
Who should I contact with questions or concerns?
How will I be updated?
How can I access more information?
Will the previous process be available throughout the new process implementation?
What needs to be done and what needs to stop to succeed?
Will I be measured on this change?
What’s happening next?
How can I access more information?
Will this change be added to key performance indicators?
How did the change implementation go?
What’s happening next?
Before change During change After change
Prepare for change Create change action and communication plan Implement change Sustain the change

2.1 Craft a pitch

20 minutes

  1. Using the set of stakeholders identified in activity 1.2, every participant takes one stakeholder.
  2. Open tab 7 of the Communication Planner Tool or use a piece of paper and create a communication message specific to that stakeholder.
  3. Select a topic from your workshop or use something you are passionate about.
  4. Consider the pitch components as a way to create your pitch. Remember to use what you have learned from the planning and composing sections of this training (in bold).
  5. Compose a three-minute pitch that you will deliver to your audience member.
InputOutput
  • Individual ideas about what change is occurring and why.
  • A single statement that reflects the change occurring and the rationale for why the change is needed.
MaterialsParticipants
  • Communication Planner Tool
  • Sticky notes
  • Whiteboard
  • Varies based on those who would be relevant to your initiative.

Download the Communication Planner Tool

Communication Composition Checklist

  • Did you open the communication with a statistic or other memorable piece of information?
  • Is the topic being communicated in a compelling way that engages the target audience?
  • Are there statistics or data to support the story?
  • Are the statistics and data clear so they cannot be conveyed in any other way than their intended method?
  • Are you writing in clear and concise sentences?
  • Are you avoiding any technical jargon?
  • Is the message only focused on what needs to be said? Have you removed all unnecessary components?
  • Is the content organized in priority order? Could you adapt if the presentation time is shortened?
  • Is the way the communication is written sound like how you would speak normally? Are you writing for the ear?
  • Do you have a clear call to action that the audience will be asked to complete at the end?
  • Does your communication encourage discussion with the target audience? Is the audience a part of the solution?

2.2 Revise the pitch

10 minutes

  1. Review the pitch that was created in activity 2.1.
  2. Consider what could be done to make the pitch better:
    • Concise: Identify opportunities to remove unnecessary information.
    • Clear: It uses only terms or language the target audience would understand.
    • Relevant: It matters to the target audience and the problems they face.
    • Consistent: The message could be repeated across audiences.
  3. Validate that when you say the pitch out loud, it sounds like something you would say normally when communicating with other people.
  4. Make updates to the pitch and get ready to present.
Input Output
  • Individual ideas about what change is occurring and why.
  • A single statement that reflects the change occurring and the rationale for why the change is needed.
Materials Participants
  • Communication Planner Tool
  • Sticky notes
  • Whiteboard
  • Varies based on those who would be relevant to your initiative.

Download the Communication Planner Tool

Phase 3

Deliver Messages Effectively

Activities
3.1 Deliver Your Pitch
3.2 Refine and Deliver Again

This step involves the following participants:
Varies based on those who would be relevant to your initiative.

Outcomes of this step
Ability to deliver the pitch in a manner that is clear and would be understood by the specific stakeholder the pitch is intended for.

Communicate Any IT Initiative Effectively

Phase 1 > Phase 2 > Phase 3

Hone presentation skills before meeting with key stakeholders

Using voice and body

Think about the message you are trying to convey and how your body can support that delivery. Hands, stance, and frame all have an impact on what might be conveyed.

If you want your audience to lean in and be eager about your next point, consider using a pause or softer voice and volume.

Be professional and confident

State the main points of your presentation confidently. While this should be obvious, it is essential. Your audience should be able to clearly see that you believe the points you are stating.

Present in a way that is genuine to you and your voice. Whether you have an energetic personality or a calm and composed personality, the presentation should be authentic to you.

Connect with your audience

Look each member of the audience in the eye at least once during your presentation. Avoid looking at the ceiling, the back wall, or the floor. Your audience should feel engaged – this is essential to keeping their attention.

Avoid reading from your slides. If there is text on a slide, paraphrase it while maintaining eye contact.

Info-Tech Insight
You are responsible for the response of your audience. If they aren’t engaged, it is on you as the communicator.

Use clear slides that avoid distracting the audience

Which slide will be better to present?

Sample A:

Sample A

Sample B:

Sample B

3.1 Deliver your pitch

20 minutes

  1. Take ten minutes to think about how to deliver your pitch. Where will you emphasize words, speak louder, softer, lean in, stand tall, make eye contact, etc.?
  2. Group into pairs. One person is the speaker and the other the audience.
  3. Set a timer on your phone or watch.
  4. Speaker:
    1. Take a few seconds to center yourself and prepare to deliver your pitch.
    2. Deliver your pitch to Person 2. Don’t forget to use your body language and your voice to deliver.
  5. Audience:
    1. Repeats ideas back to Person 1. Are the ideas correct? Are you convinced?
    2. Identifies who the audience is. Are they correct?
  6. Reverse roles and repeat.
  7. Discuss and provide feedback to one another.
InputOutput
  • Written pitch
  • Best practices for delivering
  • An ability to deliver the pitch in a clear and concise manner that could be understood by the intended stakeholder.
  • Feedback from person 2.
MaterialsParticipants
  • Pitch framework
  • Communications Plan Tool
  • Piece of paper
  • Varies based on those who would be relevant to your initiative.

Communication Delivery Checklist

  • Are the slides clean so the audience can focus on your speaking and not on reading the context-heavy slide?
  • Have you practiced delivering the communication to team members or coaches?
  • Have you practiced delivering the communication to someone with little to no technology background?
  • Are you making yourself open to feedback and improvement opportunities?
  • If the communication is derailed from your plan, are you prepared to handle that change?
  • Can you deliver the communication without reading your notes word for word?
  • Have you adapted your voice throughout the communication to highlight specific components you want the audience to focus on?
  • Are you presenting in a way that is genuine to you and your personality?
  • Can you communicate the message within the time allotted?
  • Are you moving in an appropriate manner based on your communication (e.g. toward the screen, across the stage, hand gestures).

3.2 Refine and deliver again

1 hour

  1. Go back to what you wrote as your pitch and take ten minutes to eliminate more information to get the pitch down to two minutes based on the feedback from your original partner.
  2. Repeat the last exercise where you deliver your pitch; however, deliver it to the larger group this time.
  3. Focus on ways to adjust body language and voice to make the message more compelling.
  4. Identify if your audience is telling you anything with their body language (e.g. leaning in, leaning back). Use this to adjust as you are presenting.
  5. Have the group provide additional feedback on what was effective about the message and opportunities to further improve the message.
InputOutput
  • Three-minute pitch
  • Feedback from first delivery
  • An ability to deliver the pitch in a clear and concise manner that could be understood by the intended stakeholder.
MaterialsParticipants
  • Pitch framework
  • Communications Plan Tool
  • Piece of paper
  • Varies based on those who would be relevant to your initiative.

Info-Tech Insight
Whether the CIO or a service desk technician, delivering a presentation is a fear for every role in IT. Prepare your communication to help overcome the fears that are within your control.

Research Contributors and Experts

Anuja Agrawal, National Communications Director, PwC

Anuja Agrawal
National Communications Director
PwC

Anuja is an accomplished global communications professional, with extensive experience in the insurance, banking, financial, and professional services industry in Asia, the US, and Canada. She is currently the National Communications Director at PwC Canada. Her prior work experience includes communication leadership roles at Deutsche Bank, GE, Aviva, and Veritas. Anuja works closely with senior business leaders and key stakeholders to deliver measurable results and effective change and culture building programs. Anuja has experience in both internal and external communications, including strategic leadership communication, employee engagement, PR and media management, digital and social media, M&A/change and crisis management. Anuja believes in leveraging digital tools and technology-enabled solutions combined with in-person engagement to help improve the quality of dialogue and increase interactive communication within the organization to help build an inclusive culture of belonging.

Nastaran Bisheban, Chief Technology Officer, KFC Canada

Nastaran Bisheban
Chief Technology Officer
KFC Canada

A passionate technologist and seasoned transformational leader. A software engineer and computer scientist by education, a certified Project Manager that holds an MBA in Leadership with Honors and Distinction from University of Liverpool. A public speaker on various disciplines of technology and data strategy with a Harvard Business School executive leadership program training to round it all. Challenges status quo and conventional practices; is an advocate for taking calculated risk and following the principle of continuous improvement. With multiple computer software and project management publications she is a strategic mentor and board member on various non-profit organizations. Nastaran sees the world as a better place only when everyone has a seat at the table and is an active advocate for diversity and inclusion.

Heidi Davidson, Co-founder & CEO, Galvanize Worldwide and Galvanize On Demand

Heidi Davidson
Co-founder & CEO
Galvanize Worldwide and Galvanize On Demand

Dr. Heidi Davidson is the Co-Founder and CEO of Galvanize Worldwide, the largest distributed network of marketing and communications experts in the world. She also is the Co-Founder and CEO of Galvanize On Demand, a tech platform that matches marketing and communications freelancers with client projects. Now with 167 active experts, the Galvanize team delivers startup advisory work, outsourced marketing, training, and crisis communications to organizations of all sizes. Before Galvanize, Heidi spent four years as part of the turnaround team at BlackBerry as the Chief Communications Officer and SVP of Corporate Marketing, where she helped the company move from a device manufacturer to a security software provider.

Eli Gladstone, Co-founder, Speaker Labs

Eli Gladstone
Co-Founder
Speaker Labs

Eli is a Co-Founder of Speaker Labs. He has spent over 6 years helping countless individuals overcome their public speaking fears and communicate with clarity and confidence. When he's not coaching others on how to build and deliver the perfect presentation, you'll probably find him reading some weird books, teaching his kids how to ski or play tennis, or trying to develop a good enough jumpshot to avoid being a liability on the basketball court.

Francisco Mahfuz, Keynote Speaker & Storytelling Coach

Francisco Mahfuz
Keynote Speaker & Storytelling Coach

Francisco Mahfuz has been telling stories in front of audiences for a decade, and even became a National Champion of public speaking. Today, Francisco is a keynote speaker and storytelling coach and offers communication training to individuals and international organisations, and has worked with organisations like Pepsi, HP, the United Nations, Santander and Cornell University. He's the author of Bare: A Guide to Brutally Honest Public Speaking, the host of The Storypowers Podcast, and he’s been part of the IESE MBA communications course since 2020. He's received a BA in English Literature from Birkbeck University in London.

Sarah Shortreed, EVP & CTO, ATCO Ltd.

Sarah Shortreed
EVP & CTO
ATCO Ltd.

Sarah Shortreed is ATCO’s Executive Vice President and Chief Technology Officer. Her responsibilities include leading ATCO’s Information Technology (IT) function as it continues to drive agility and collaboration throughout ATCO’s global businesses and expanding and enhancing its enterprise IT strategy, including establishing ATCO’s technology roadmap for the future. Ms. Shortreed's skill and expertise are drawn from her more than 30-year career that spans many industries and includes executive roles in business consulting, complex multi-stakeholder programs, operations, sales, customer relationship management and product management. She was recently the Chief Information Officer at Bruce Power and has previously worked at BlackBerry, IBM and Union Gas. She sits on the Board of Governors for the University of Western Ontario and is the current Chair of the Chief Information Officer (CIO) Committee at the Conference Board of Canada.

Eric Silverberg, Co-Founder Speaker Labs

Eric Silverberg
Co-Founder
Speaker Labs

Eric is a Co-Founder of Speaker Labs and has helped thousands of people build their public speaking confidence and become more dynamic and engaging communicators. When he's not running workshops to help people grow in their careers, there's a good chance you'll find him with his wife and dog, drinking Diet Coke and rewatching iconic episodes of the reality TV show Survivor! He's such a die-hard fan, that you'll probably see him playing the game one day.

Stephanie Stewart, Communications Officer & DR Coordinator, Info Security Services Simon Fraser University

Stephanie Stewart
Communications Officer & DR Coordinator
Info Security Services Simon Fraser University

Steve Strout, President, Miovision Technologies

Steve Strout
President
Miovision Technologies

Mr. Strout is a recognized and experienced technology leader with extensive experience in delivering value. He has successfully led business and technology transformations by leveraging many dozens of complex global SFDC, Oracle and/or SAP projects. He is especially adept at leading what some call “Project Rescues” – saving people’s careers where projects have gone awry; always driving "on-time and on-budget.“ Mr. Strout is the current President of Miovision Technologies and the former CEO and board member of the Americas’ SAP Users’ Group (ASUG). His wealth of practical knowledge comes from 30 years of extensive experience in many CxO and executive roles at some prestigious organizations such as Vonage, Sabre, BlackBerry, Shred-it, The Thomson Corporation (now Thomson Reuters) and Morris Communications. Served on Boards including Customer Advisory Boards of Apple, AgriSource Data, Dell, Edgewise, EMC, LogiSense, Socrates.ai, Spiro Carbon Group, and Unifi.

Info-Tech Research Group Contributors:
Sanchia Benedict, Research Lead
Koula Bouloukos, Production Manager
Antony Chan, Executive Counsellor
Janice Clatterbuck, Executive Counsellor
Ahmed Jowar, Research Specialist
Dave Kish, Practice Lead
Nick Kozlo, Senior Research Analyst
Heather Leier Murray, Senior Research Analyst
Amanda Mathieson, Research Director
Carlene McCubbin, Practice Lead
Joe Meier, Executive Counsellor
Andy Neill, AVP, Research
Thomas Randall, Research Director

Plus an additional two contributors who wish to remain anonymous.

Related Info-Tech Research

Boardroom Presentation Review

  • You will come away with a clear, concise, and compelling board presentation that IT leaders can feel confident presenting in front of their board of directors.
  • Add improvements to your current board presentation in terms of visual appeal and logical flow to ensure it resonates with your board of directors.
  • Leverage a best-of-breed presentation template.

Build a Better Manager

  • Management skills training is needed, but organizations are struggling to provide training that makes a long-term difference in the skills managers actually use in their day to day.
  • Many training programs are ineffective because they offer the wrong content, deliver it in a way that is not memorable, and are not aligned with the IT department’s business objectives.

Crisis Communication Guides

During a crisis it is important to communicate to employees through messages that convey calm and are transparent and tailored to your audience. Use the Crisis Communication Guides to:

  • Draft a communication strategy.
  • Tailor messages to your audience.
  • Draft employee crisis communications.

Use this guide to equip leadership to communicate in times of crisis.

Bibliography

Gallo, Carmine. "How Great Leaders Communicate." Harvard Business Review. 23 November 2022.

Gallup. State of the American Workplace Report. Washington, D.C.: Gallup, 6 February 2020.

Guthrie, Georgina. “Why Good Internal Communications Matter Now More than Ever.” Nulab. 15 Dec. 2021.

Hypercontext. “The State of High Performing Teams in Tech 2022.” Hypercontext. 2022.

Lambden, Duncan. “The Importance of Effective Workplace Communication – Statistics for 2022.” Expert Market. 13 June 2022.

McCreary, Gale & WikiHow. “How to Measure the Effectiveness of Communication: 14 Steps.” WikiHow.

Nowak, Marcin. “Top 7 Communication Problems in the Workplace.” MIT Enterprise Forum CEE, 2021.

Nunn, Philip. “Messaging That Works: A Unique Framework to Maximize Communication Success.” iabc.

Picincu, Andra. “How to Measure Effective Communications.” Small Business Chron. 12 January 2021.

Price. David A. “Pixar Story Rules.”

Prosci. “Best Practices in Change Management 2020 Edition.” Prosci, 2020.

Roberts, Dan. “How CIOs Become Visionary Communicators.” CIO, 2019.

Schlesinger, Mark. “Why building effective communication skill in IT is incredibly important.”

Skills Framework for the Information Age, “Mapping SFIA Levels of Responsibilities to Behavioural Factors.” Skills Framework for the Information Age, 2021.

St. James, Halina. Talk It Out. Podium, 2005.

TeamState. “Communication in the Workplace Statistics: Importance and Effectiveness in 2022.” TeamStage, 2022.

Walters, Katlin. “Top 5 Ways to Measure Internal Communication.” Intranet Connections, 30 May 2019.

Build a Continual Improvement Program

  • Buy Link or Shortcode: {j2store}463|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Operations Management
  • Parent Category Link: /i-and-o-process-management
  • IT managers must work hard to maintain and improve service quality or risk performance deterioration over time.
  • Leadership may feel lost about what to do next and which initiatives have higher priority for improvement.
  • The backlog of improvement initiatives makes the work even harder. Managers should involve the right people in the process and build a team that is responsible to monitor, measure, prioritize, implement, and test improvements.

Our Advice

Critical Insight

  • Without continual improvement, sustained service quality will be temporary. Organizations need to put in place an ongoing process to detect potential services, enhance their procedures, and sustain their performance, whatever the process maturity is.

Impact and Result

  • Set strategic vision for the continual improvement program.
  • Build a team to set regulations, processes, and audits for the program.
  • Set measurable targets for the program.
  • Identify and prioritize improvement initiatives.
  • Measure and monitor progress to ensure initiatives achieve the desired outcome.
  • Apply lessons learned to the next initiatives.

Build a Continual Improvement Program Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Build a Continual Improvement Program – A step-by-step document to walk you through building a plan for efficient IT continual improvement.

This storyboard will help you craft a continual improvement register and a workflow to ensure sustained service improvements that fulfill ongoing increases in stakeholder expectations.

  • Build a Continual Improvement Program Storyboard

2. Continual Improvement Register and Workflow – Structured documents to help you outline improvement initiatives, prioritize them, and build a dashboard to streamline tracking.

Use the Continual Improvement Register and Continual Improvement Workflow to help you brainstorm improvement items, get a better visibility into the items, and plan to execute improvements.

  • Continual Improvement Register
  • Continual Improvement Workflow (Visio)
  • Continual Improvement Workflow (PDF)
[infographic]

Further reading

Build a Continual Improvement Program

Don’t stop with process standardization; plan to continually improve and help those improvements stick.

Analyst Perspective

Go beyond standardizing basics

IT managers often learn how to standardize IT services. Where they usually fail is in keeping these improvements sustainable. It’s one thing to build a quality process, but it’s another challenge entirely to keep momentum and know what to do next.

To fill the gap, build a continual improvement plan to continuously increase value for stakeholders. This plan will help connect services, products, and practices with changing business needs.

Without a continual improvement plan, managers may find themselves lost and wonder what’s next. This will lead to misalignment between ongoing and increasingly high stakeholder expectations and your ability to fulfill these requirements.

Build a continual improvement program to engage executives, leaders, and subject matter experts (SMEs) to go beyond break fixes, enable proactive enhancements, and sustain process changes.

Photo of Mahmoud Ramin, Ph.D., Senior Research Analyst, Infrastructure and Operations, Info-Tech Research Group. Mahmoud Ramin, Ph.D.
Senior Research Analyst
Infrastructure and Operations
Info-Tech Research Group

Executive Summary

Your Challenge

  • Even high-quality services and products need to be aligned with rising stakeholder expectations to sustain operational excellence.
  • Without the right leadership, commitment, and processes, improvements in service quality can be difficult to sustain.
  • Continual improvement is not only a development plan but also an organizational culture shift, which makes stakeholder buy-in even challenging.

Common Obstacles

  • IT managers must work hard to maintain and improve service quality or risk performance deterioration over time.
  • Leadership feels lost about what to do next and which initiatives have higher priority for improvement.
  • A backlog of improvement initiatives makes the work even harder. Managers should involve the right people in the process and build a team that is responsible for monitoring, measuring, prioritizing, implementing, and testing improvements.

Info-Tech’s Approach

  • Set a strategic vision for the continual improvement program.
  • Build a team to set regulations, processes, and audits for the program.
  • Set measurable targets for the program.
  • Identify and prioritize improvement initiatives.
  • Measure and monitor progress to ensure initiatives achieve the desired outcome.
  • Apply lessons learned to the next initiatives.

Info-Tech Insight

Without continual improvement, any process maturity achieved around service quality will not be sustained. Organizations need to put in place an ongoing program to maintain their current maturity and continue to grow and improve by identifying new services and enhancing existing processes.

Purpose of continual improvement

There should be alignment between ongoing improvements of business products and services and management of these products and services. Continual improvement helps service providers adapt to changing environments. No matter how critical the service is to the business, failure to continually improve reduces the service value.

Image of a notebook with an illustration titled 'Continuous Improvement'.

Continual improvement is one of the five elements of ITIL’s Service Value System (SVS).

Continual improvement should be documented in an improvement register to record and manage improvement initiatives.

Continual improvement is a proactive approach to service management. It involves measuring the effectiveness and efficiency of people, processes, and technology to:

  • Identify areas for improvement.
  • Adapt to changes in the business environment.
  • Align the IT strategy to organizational goals.

A continual improvement process helps service management move away from a reactive approach that focuses only on fixing problems as they occur.

Info-Tech Insight

Make sure the basics are in place before you embark on a continual improvement initiative.

Benefits of embedding a cross-organizational continual improvement approach

Icon of a computer screen. Encourage end users to provide feedback on service quality. Icon of a crossed pencil and wrench.

Provide an opportunity to stakeholders to define requirements and raise their concerns.

Icon of a storefront.

Embed continual improvement in all service delivery procedures.

Icon of chevrons moving backward.

Turn failures into improvement opportunities rather than contributing to a blame culture.

Icon of a telescope.

Improve practice effectiveness that enhances IT efficiency.

Icon of a thumbs up in a speech bubble.

Improve end-user satisfaction that positively impacts brand reputation.

Icon of shopping bags.

Improve operational costs while maintaining a high level of satisfaction.

Icon of a magnifying glass over a map marker.

Help the business become more proactive by identifying and improving services.

Info-Tech Insight

It’s the responsibility of the organization’s leaders to develop and promote a continual improvement culture. Work with the business unit leads and communicate the benefits of continual improvement to get their buy-in for the practice and achieve the long-term impact.

Build a feedback program to get input into where improvement initiatives are needed

A well-maintained continual improvement process creates a proper feedback mechanism for the following stakeholder groups:
  • Users
  • Suppliers
  • Service delivery team members
  • Service owners
  • Sponsors
An efficient feedback mechanism should be constructed around the following initiatives:
Target with an arrow in the bullseye. The arrow has four flags: 'Perceived value by users', 'Service effectiveness', 'Service governance', and 'Service demand'.
Stakeholders who participate in feedback activities should feel comfortable providing suggestions for improvement.

Work closely with the service desk team to build communication channels to conduct surveys. Avoid formal bureaucratic communications and enforce openness in communicating the value of feedback the stakeholders can provide.

Info-Tech Insight

When conducting feedback activities with users, keep surveys anonymous and ensure users’ information is kept confidential. Make sure everyone else is comfortable providing feedback in a constructive way so that you can seek clarification and create a feedback loop.

Implement an iterative continual improvement model and ensure that your services align with your organizational vision

Build a six-step process for your continual improvement plan. Make it a loop, in which each step becomes an input for the next step. A cycle around a dartboard with numbered steps: '01 Determine your goals', '02 Define the process team', '03 Determine initiatives', '04 Prioritize initiatives', '05 Execute improvement', '06 Establish a learning culture'.

1. Determine your goals

A vision statement communicates your desired future state of the IT organization.

Your IT goals should always support your organizational goals. IT goals are high-level objectives that the IT organization needs to achieve to reach a target state.
A cycle of the bolded statements on the right surrounding a dartboard with two bullseyes.

Understand the high-level business objectives to set the vision for continual improvement in a way that will align IT strategies with business strategies.

Obtaining a clear picture of your organization’s goals and overall corporate strategy is one of the crucial first steps to continual improvement and will set the stage for the metrics you select. Document your continual improvement program goals and objectives.

Knowing what your business is doing and understanding the impact of IT on the business will help you ensure that any metrics you collect will be business focused.

Understanding the long-term vision of the business and its appetite for commitment and sponsorship will also inform your IT strategy and continual improvement goals.

Assess the future state

At this stage, you need to visualize improvement, considering your critical success factors.

Critical success factors (CSFs) are higher-level goals or requirements for success, such as improving end-user satisfaction. They’re factors that must be met in order to reach your IT and business strategic vision.

Select key performance indicators (KPIs) that will identify useful information for the initiative: Define KPIs for each CSF. These will usually involve a trend, as an increase or decrease in something. If KPIs already exist for your IT processes, re-evaluate them to assess their relevance to current strategy and redefine if necessary. Selected KPIs should provide a full picture of the health of targeted practice.

KPIs should cover these four vectors of practice performance:

  1. Quantity
    How many continual improvement initiatives are in progress
  2. Quality
    How well you implemented improvements
  3. Timeliness
    How long it took to get continual improvement initiatives done
  4. Compliance
    How well processes and controls are being executed, such as system availability
Cross-section of a head split into sections with icons in the middle sections.

Examples of key CSFs and KPIs for continual improvement

CSF

KPI

Adopt and maintain an effective approach for continual improvement Improve stakeholder satisfaction due to implementation of improvement initiatives.
Enhance stakeholder awareness about continual improvement plan and initiatives.
Increase continual improvement adoption across the organization.
Commit to effective continual improvement across the business Improve the return on investment.
Increase the impact of the improvement initiatives on process maturity.
Increase the rate of successful improvement initiatives.

Prepare a vision statement to communicate the improvement strategy

IT Implications + Business Context –› IT Goals
  • IT implications are derived from the business context and inform goals by aligning the IT goals with the business context.
  • Business context encompasses an understanding of the factors impacting the business from various perspectives, how the business makes decisions, and what it is trying to achieve.
  • IT goals are high-level, specific objectives that the IT organization needs to achieve to reach the target state. IT goals begin a process of framing what IT as an organization needs to be able to do in the target state.

IT goals will help identify the target state, IT capabilities, and the initiatives that will need to be implemented to enable those capabilities.

The vision statement is expressed in the present tense. It seeks to articulate the desired role of IT and how IT will be perceived.

Strong IT vision statements have the following characteristics:
Arrow pointing right. Describe a desired future
Arrow pointing right. Focus on ends, not means
Arrow pointing right. Communicate promise
Arrow pointing right. Work as an elevator pitch:
  • Concise; no unnecessary words
  • Compelling
  • Achievable
  • Inspirational
  • Memorable

2. Define the process team

The structure of each continual improvement team depends on resource availability and competency levels.

Make sure to allocate continual improvement activities to the available resources and assess the requirement to bring in others to fulfill all tasks.

Brainstorm what steps should be included in a continual improvement program:

  • Who is responsible for identifying, logging, and prioritizing improvement opportunities?
  • Who makes the business case for improvement initiatives?
  • Who is the owner of the register, responsible for documenting initiatives and updating their status?
  • Who executes implementation?
  • Who evaluates implementation success?
Match stakeholder skill sets with available resources to ensure continual improvement processes are handled properly. Brainstorm skills specific to the program:
  • Knowledge of provided products and services.
  • Good understanding of organization’s goals and objectives.
  • Efficiency in collecting and measuring metrics, understanding company standards and policies, and presenting them to impacted stakeholders.
  • Competency in strategic thinking and aligning the organization’s goals with improvement initiatives.

Enable the continual improvement program by clarifying responsibilities

Determine roles and responsibilities to ensure accountability

The continual improvement activities will only be successful if specific roles and responsibilities are clearly identified.

Depending on available staff and resources, you may be able to have full-time continual improvement roles, or you may include continual improvement activities in individuals’ job descriptions.

Each improvement action that you identify should have clear ownership and accountability to ensure that it is completed within the specified timeframe.

Roles and responsibilities can be reassigned throughout the continual improvement process.

Info-Tech Insight

Create cross-functional teams to improve perspective and not focus on only one small group when trying to problem solve. Having other teams hear and reframe the issue or talk about how they can help to solve issues as a team can create bigger solutions that will help the entire IT team, not just one group.

Consider assigning dedicated continual improvement roles

Silhouette of a business person.
CI Coordinator

Continual improvement coordinators are responsible for moving projects to the implementation phase and monitoring all continual improvement roles.

Silhouette of a business person.
Business Owner

Business owners are accountable for business governance, compliance, and ROI analysis. They are responsible for operational and monetary aspects of the business.

Silhouette of a business person.
IT Owner

IT owners are responsible for developing the action plan and ensuring success of the initiatives. They are usually the subject matter experts, focusing on technical aspects.

3. Determine improvement initiatives

Businesses usually make the mistake of focusing too much on making existing processes better while missing gaps in their practices.

Gather stakeholder feedback to help you evaluate the maturity levels of IT practices Sample of the End User Satisfaction Survey.

You need to understand the current state of service operations to understand how you can provide value through continual improvement. Give everyone an opportunity to provide feedback on IT services.

Use Info-Tech’s End User Satisfaction Survey to define the state of your core IT services.

Info-Tech Insight

Become proactive to improve satisfaction. Continual improvement is not only about identifying pain points and improving them. It enables you to proactively identify initiatives for further service improvement using both practice functionality and technology enablement.

Understand the current state of your IT practices

Determine the maturity level of your IT areas to help you understand which processes need improvement. Involve the practice team in maturity assessment activities to get ideas and input from them. This will also help you get their buy-in and engagement for improvement.

Leverage performance metrics to analyze performance level. Metrics play a key role in understanding what needs improvement. After you implement metrics, have an impact report regularly generated to monitor them.

Use problem management to identify root causes for the identified gaps. Potential sources of problems can be:

  • Recurring issues that may be an indicator of an underlying problem.
  • Business processes or service issues that are not IT related, such as inefficient business process or service design issues.

Establish an improvement roadmap and execute initiatives

Build a continual improvement register (CIR) for your target initiatives

A CIR is a document used for recording your action plan from the beginning to the end of the improvement project.

If you just sit and plan for improvements without acting on them, nothing will improve. CIR helps you create an action plan and allows you to manage, track, and prioritize improvement suggestions.

Consider tracking the following information in your CIR, adjusted to meet the needs of your organization:

Information

Description

Business value impact Identify approved themes or goals that each initiative should apply to. These can and should change over time based on changing business needs.
Effort/cost Identify the expected effort or cost the improvement initiative will require.
Priority How urgent is the improvement? Categorize based on effort, cost, and risk levels.
Status Ensure each initiative has a status assigned that reflects its current state.
Timeline List the timeframe to start the improvement initiative based on the priority level.
CI functional groups Customize the functional groups in your CI program

Populate your register with ideas that come from your first round of assessments and use this document to continually add and track new ideas as they emerge.

You can also consider using the register to track the outcomes and benefits of improvement initiatives after they have been completed.

Activity: Use the Continual Improvement Register template to brainstorm responsibilities, generate improvement initiatives, and action plan

1-3 hours
  1. Open the Continual Improvement Register template and navigate to tab 2, Setup.
  2. Brainstorm your definitions for the following items to get a clear understanding of these items when completing the CIR. The more quantification you apply to the criteria, the more tangible evaluation you will do:
    • Business value impact categories
    • Effort/cost
    • Priority
    • Status
    • Timeline
  3. Discuss the teams that the upcoming initiatives will belong to and update them under CI Functional Groups.
  1. Analyze the assessment data collected throughout stakeholder feedback and your current-state evaluation.
  2. Use this data to generate a list of initiatives that should be undertaken to improve the performance of the targeted processes.
  3. Use sticky notes to record identified CI initiatives.
  4. Record each initiative in tab 3, CI Register, along with associated information:
    • A unique ID number for the initiative
    • The individual who submitted the idea
    • The team the initiative belongs to
    • A description of the initiative

Download the Continual Improvement Register template

Activity: Use the Continual Improvement Register template to brainstorm responsibilities, generate improvement initiatives, and action plan

Input

  • List of key stakeholders for continual improvement
  • Current state of services and processes

Output

  • Continual improvement register setup
  • List of initiatives for continual improvement

Materials

  • Continual improvement register
  • Whiteboard/flip charts
  • Markers
  • Laptops

Participant

  • CIO
  • IT managers
  • Project managers
  • Continual improvement manager/coordinator

4. Prioritize initiatives

Prioritization should be transparent and available to stakeholders.

Some initiatives are more critical than others to achieve and should be prioritized accordingly. Some improvements require large investments and need an equally large effort, while some are relatively low-cost, low-effort improvements. Focus on low-hanging fruit and prioritize low-cost, low-effort improvements to help the organization with rapid growth. This will also help you get stakeholder buy-in for the rest of your continual improvement program.

Prioritize improvement initiatives in your CIR to increase visibility and ensure larger improvement initiatives are done the next cycle. As one improvement cycle ends, the next cycle begins, which allows the continual improvement team to keep pace with changing business requirements.

Stock image of a person on a ladder leaning against a bookshelf.

Identify “quick wins” that can provide immediate improvement

Prioritize these quick wins to immediately demonstrate the success of the continual service improvement effort to the business.

01

Keep the scope of the continual improvement process manageable at the beginning by focusing on a few key areas that you want to improve.
  • If you have identified pain points, addressing these will demonstrate the value of the project to the business to gain their support.
  • Choose the services or processes that continue to disrupt or threaten service – focus on where pain points are evident and where there is a need for improvement.
  • Critical services to improve should emerge from the current-state assessments.

02

From your list of proposed improvements, focus on a few of the top pain points and plan to address those.

03

Choose the right services to improve at the first stage of continual improvement to ensure that the continual improvement process delivers value to the business.

Activity: Prioritize improvement initiatives

2-3 hours

Input: List of initiatives for continual improvement

Output: Prioritized list of initiatives

Materials: Continual improvement register, Whiteboard/flip charts, Markers, Laptops

Participants: CIO, IT managers, Project managers, Continual improvement manager

  1. In the CI Register tab of the Continual Improvement Register template, define the status, priority, effort/cost, and timeline according to the definition of each in the data entry tab.
  2. Review improvement initiatives from the previous activity.
  3. Record the CI coordinator, business owner, and IT owner for each initiative.
  4. Fill out submission date to track when the initiative was added to the register.
  5. According to the updated items, you will get a dashboard of items based on their categories, effort, priority, status, and timeline. You will also get a visibility into the total number of improvement initiatives.
  6. Focus on the short-term initiatives that are higher priority and require less effort.
  7. Refer to the Continual Improvement Workflow template and update the steps.

Download the Continual Improvement Register template

Download the Continual Improvement Workflow template

5. Execute improvement

Develop a plan for improvement

Determine how you want to reach your improvement objectives. Define how to make processes work better.
Icons representing steps. Descriptions below.
Make a business case for your action plan Determine budget for implementing the improvement and move to execution. Find out how long it takes to build the improvement in the practice. Confirm the resources and skill sets you require for the improvement. Communicate the improvement plan across the business for better visibility and for seamless organizational change management, if needed. Lean into incremental improvements to ensure practice quality is sustained, not temporary. Put in place an ongoing process to audit, enhance, and sustain the performance of the target practice.

Create a specific action plan to guide your improvement activities

As part of the continual improvement plan, identify specific actions to be completed, along with ownership for each action.

The continual improvement process must:

  • Define activities to be completed.
  • Create roles and assign ownership to complete activities.
  • Provide training and awareness about the initiative.
  • Define inputs and outputs.
  • Include reporting.

For each action, identify:

  • The problem.
  • Who will be responsible and accountable.
  • Metric(s) for assessment.
  • Baseline and target metrics.
  • Action to be taken to achieve improvement (training, new templates, etc.).

Choose timelines:

  • Firm timelines are important to keep the project on track.
  • One to two months for an initiative is an ideal length of time to maintain interest and enthusiasm for the specific project and achieve a result.

Info-Tech Insight

Every organization is unique in terms of its services, processes, strengths, weaknesses, and needs, as well as the expectations of its end users. There is no single action plan that will work for everyone. The improvement plan will vary from organization to organization, but the key elements of the plan (i.e. specific priorities, timelines, targets, and responsibilities) should always be in place.

Build a communication plan to ensure the implementation of continual improvement stakeholder buy-in

1. Throughout the improvement process, share information about both the status of the project and the impact of the improvement initiatives.
Icon of a group of people. Encourage a collaborative environment across all members of the practice team.
Icon of an ascending graph. Motivate every individual to continue moving upward and taking ownership over their roles.
Icon of overlapping speech bubbles. Communication among team members ensures that everyone is on the same page working together toward a common goal.
Icon of a handshake. The most important thing is to get the support of your team. Unless you have their support, you won’t be able to deliver any of the solutions you draw up.
2. The end users should be kept in the loop so they can feel that their contribution is valued.
Icon of an arrow pointing right. When improvements happen and only a small group of people are involved in the results and action plan, misconceptions will arise.
Icon of a thumbs up in a speech bubble. If communication is lacking, end users will provide less feedback on the practice improvements.
Icon of a cone made of stacked layers. For end users to feel their concerns are being considered, you must communicate the findings in a way that conveys the impact of their contribution.

Info-Tech Insight

To be effective, continual improvement requires open and honest feedback from IT staff. Debriefings work well for capturing information about lessons learned. Break down the debriefings into smaller, individual activities completed within each phase of the project to better capture the large amount of data and lessons learned within that phase.

Measure the success of your improvement program

Continual improvement is everybody’s job within the organization.

Determine how improvements impacted stakeholders. Build a relationship pyramid to analyze how improvements impacted external users and narrow down to the internal users, implementing team, and leaders.
  1. How did we make improvements with our partners and suppliers? –› Look into your contracts and measure the SLAs and commitments.
  2. How could improvement initiatives impact the organization? –› Involve everybody to provide feedback. Rerun the end-user satisfaction survey and compare with the baseline that you obtained before improvement implementation.
  3. How does the improvement team feel about the whole process? –› What were the lessons learned, and can the team apply the lessons in the next improvement initiatives?
  4. How did the leaders manage and lead improvements? –› Were they able to provide proper vision to guide the improvement team through the process?
A relationship pyramid with the initial questions on the left starting from '1' at the bottom to '4' at the 2nd highest level.

Measure changes in selected metrics to evaluate success

Measuring and reporting are key components in the improvement process.

Adjust improvement priority based on updated objectives. Justify the reason. Refer to your CIR to document it.

Did you get there?

Part of the measurement should include a review of CSFs and KPIs determined in step 1 (assess the future state). Some may need to be replaced.

  • After an improvement has been implemented, it is important to regularly monitor and evaluate the CSFs and KPIs you chose and run reports to evaluate whether the implemented improvement has actually resolved the service/process issues or helped you achieve your objectives.
  • Establish a schedule for regularly reviewing key metrics that were identified in Step 1 and assessing change in those metrics and progress toward reaching objectives.
  • In addition to reviewing CSFs, KPIs, and metrics, check in with the IT organization and end users to measure their perceptions of the change once an appropriate amount of time has passed.
  • Ensure that metrics are telling the whole story and that reporting is honest in order to be informative.
Outcomes of the continual improvement process should include:
  • Improved efficiency, effectiveness, and quality of processes and services.
  • Processes and services more aligned with the business needs and strategy.
  • Maturity of processes and services.

For a guideline to determine a list of metrics, refer to Info-Tech’s blueprints:

Info-Tech Insight

Make sure you’re measuring the right things and considering all sources of information. Don’t rely on a single or very few metrics. Instead, consider a group of metrics to help you get a better holistic view of improvement initiatives and their impact on IT operations.

6. Establish a learning culture and apply it to other practices

Reflect on lessons learned to drive change forward

What did you learn?
Icon of a checklist and pencil. Ultimately, continual improvement is an ongoing educational program.
Icon of a brain with a lighting bolt.
Icon of a wrench in a speech bubble. By teaching your team how to learn better and identify sources of new knowledge that can be applied going forward, you maximize the efficacy of your team and improvement plan effort.
What obstacles prevented you from reaching your target condition?
Icon of a map marker. If you did not reach your target goals, reflect as a team on what obstacles prevented you from reaching that target.
Icon of a wrench in a gear. Focus on the obstacles that are preventing your team from reaching the target state.
Icon of a sun behind clouds. As obstacles are removed, new ones will appear, and old ones will disappear.

Compare expectations versus reality

Compare the EC (expected change) to the AC (actual change)
Arrow pointing down.
Arrow pointing left and down labelled 'Small'. Evaluate the differences: how large is the difference from what you expected? Arrow pointing right and down labelled 'Large'.
Things are on track and the issue could have simply been an issue with timing of the improvement. More reflection is needed. Perhaps it is a gap in understanding the goal or a poor execution of the action plan.

Info-Tech Insight

Regardless of the cause, large differences between the EC and the AC provide great learning opportunities about how to approach change in the future.

A cycle around a dartboard with numbered steps: '01 Determine your goals', '02 Define the process team', '03 Determine initiatives', '04 Prioritize initiatives', '05 Execute improvement', '06 Establish a learning culture'.

Think long-term to sustain changes

The continual improvement process is ongoing. When one improvement cycle ends, the next should begin in order to continually measure and evaluate processes.

The goal of any framework is steady and continual improvement over time that resets the baseline to the current (and hopefully improved) level at the end of each cycle.

Have processes in place to ensure that the improvements made will remain in place after the change is implemented. Each completed cycle is just another step toward your target state.
Icon of a group of people. Ensure that there is a continual commitment from management.
Icon of a bar chart. Regularly monitor metrics as well as stakeholder feedback after the initial improvement period has ended. Use this information to plan the next improvement.
Icon of gears. Continual improvement is a combination of attitudes, behavior, and culture.

Related Info-Tech Research

Sample of 'Build a Business-Aligned IT Strategy'. Build a Business-Aligned IT Strategy

Success depends on IT initiatives clearly aligned to business goals, IT excellence, and driving technology innovation.

Sample of 'Develop Meaningful Service Metrics'. Develop Meaningful Service Metrics

Reinforce service orientation in your IT organization by ensuring your IT metrics generate value-driven resource behavior.

Sample of 'Common Challenges to incident management success'. Improve Incident and Problem Management

Rise above firefighter mode with structured incident management to enable effective problem management.

Works Cited

“Continual Improvement ITIL4 Practice Guide.” AXELOS, 2020. Accessed August 2022.

“5 Tips for Adopting ITIL 4’s Continual Improvement Management Practice.” SysAid, 2021. Accessed August 2022.

Jacob Gillingham. “ITIL Continual Service Improvement And 7-Step Improvement Process” Invensis Global Learning Services, 2022. Accessed August 2022.

Next-Generation InfraOps

  • Buy Link or Shortcode: {j2store}457|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Operations Management
  • Parent Category Link: /i-and-o-process-management
  • Traditional IT capabilities, activities, organizational structures, and culture need to adjust to leverage the value of cloud, optimize spend, and manage risk.
  • Different stakeholders across previously separate teams rely on one another more than ever, but rules of engagement do not yet exist.

Our Advice

Critical Insight

  • By defining your end goals and framing solutions based on the type of visibility and features you need, you can enable speed and reliability without losing control of the work.

Impact and Result

  • Understand the xOps spectrum and what approaches benefit your organization.
  • Make sense of the architectural approaches and enablement tools available to you.
  • Evolve from just improving your current operations to a continuous virtuous cycle of development and deployment.

Next-Generation InfraOps Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Next-Generation InfraOps Storyboard – A deck that will help you use Ops methodologies to build a virtuous cycle.

This storyboard will help you understand the spectrum of different Agile xOps working modes and how best to leverage them and build an architecture and toolset that support rapid continuous IT operations

  • Next-Generation InfraOps Storyboard
[infographic]

Further reading

Next-Generation InfraOps

Embrace the spectrum of Ops methodologies to build a virtuous cycle.

Executive summary

Your Challenge

IT Operations continue to be challenged by increasing needs for scale and speed, often in the face of constrained resources and time. For most, Agile methodologies have become a foundational part of tackling this problem. Since then, we've seen Agile evolve into DevOps, which started a trend into different categories of "xOps" that are too many to count. How does one make sense of the xOps spectrum? What is InfraOps and where does it fit in?

Common Obstacles

Ultimately, all these methodologies and approaches are there to serve the same purpose: increase effectiveness through automation and improve governance through visibility. The key is to understand what tools and methodologies will deliver actual benefits to your IT operation and to the organization as a whole.

Info-Tech's Approach

By defining your end goals and framing solutions based on the type of visibility and features you need, you can enable speed and reliability without losing control of the work.

  1. Understand the xOps spectrum and what approaches will benefit your organization.
  2. Make sense of the architectural approaches and enablement tools available to you.
  3. Evolve from just improving your current operations to a continuous virtuous cycle of development and deployment.

Info-Tech Insight

InfraOps, when applied well, should be the embodiment of the governance policies as expressed by standards in architecture and automation.

Project overview

Understand the xOps spectrum

There are as many different types of "xOps" as there are business models and IT teams. To pick the approaches that deliver the best value to your organization and that align to your way of operating, it's important to understand the different major categories in the spectrum and how they do or don't apply to your IT approach.

How to optimize the Ops in DevOps

InfraOps is one of the major methodologies to address a key problem in IT at cloud scale: eliminating friction and error from your deliveries and outputs. The good news is there are architectures, tools, and frameworks you can easily leverage to make adopting this approach easier.

Evolve to integration and build a virtuous cycle

Ultimately your DevOps and InfraOps approaches should embody your governance needs via architecture and process. As time goes on, however, both your IT footprint and your business environment will shift. Build your tools, telemetry, and governance to anticipate and adapt to change and build a virtuous cycle between development needs and IT Operations tools and governance.

The xOps spectrum

This is an image of the xOps spectrum. The three main parts are: Code Acceleration (left), Governance(middle), and Infrastructure Acceleration (right)

xOps categories

There is no definitive list of x's in the xOps spectrum. Different organizations and teams will divide and define these in different ways. In many cases, the definitions and domains of various xOps will overlap.

Some of the commonly adopted and defined xOps models are listed here.

Shift left? Shift right?

Cutting through the jargon

  • Shifting left is about focusing on the code and development aspects of a delivery cycle.
  • Shifting right is about remembering that infrastructure and tools still do matter.

Info-Tech Insight

Shifting left or right isn't an either/or choice. They're more like opposite sides of the same coin. Like the different xOps approaches, usually more than one shift approach will apply to your IT Operations.

IT Operations in the left-right spectrum

Shifting from executing and deploying to defining the guardrails and standards

This is an image of the left-right spectrum for your XOps position

Take a middle-out approach

InfraOps and DevOps aren't enemies; they're opposite sides of the same coin.

  • InfraOps is about the automation and standardization of execution. It's an essential element in any fully automated CI/CD pipeline.
  • Like DevOps, InfraOps is built on similar values (the pillars of DevOps).
  • It builds on the principle of Lean to focus on removing friction, or turn-and-type activities, from the pipeline/process.
  • In InfraOps, one of the key methods for removing friction is through automation of the interstitia between different phases of a DevOps or CI/CD cycle.

Optimize the Ops in DevOps

Focus on eliminating friction

This is an image of an approach to optimizing the ops in DevOps.

With the shift from execution to governing and validating, the role of deployment falls downstream of IT Operations.

IT Operations needs to move to a mindset that focuses on creating the guardrails, enforced standards, and compliance rules that need to be used downstream, then apply those standards using automation and tooling to remove friction and error from the interstitia (the white spaces between chevrons) of the various phases.

InfraOps tools

Four quadrants in the shape of a human head, in the boxes are the following: Hyperconverged Infrastructure; Composable Infrastructure; Infrastructure as code and; Automation and Orchestration

Info-Tech Insight

Your tools can be broken into two categories:

  • Infrastructure Architecture
    • HCI vs. CI
  • Automation Tooling
    • IaC and A&O

Keep in mind that while your infrastructure architecture is usually an either/or choice, your automation approach should use any and all tooling that helps.

Infrastructure approach

  • Hyperconverged

  • Composable

Hyperconverged Infrastructure (HCI)

Hyperconvergence is the next phase of convergence, virtualizing servers, networks, and storage on a single server/storage appliance. Capacity scales as more appliances are added to a cluster or stack.
The disruptive departure:

  • Even though servers, networks, and storage were each on their own convergence paths, the three remained separate management domains (or silos). Even single-SKU converged infrastructures like VCE Vblocks are still composed of distinct server, network, and storage devices.
  • In hyperconvergence, the silos collapse into single-software managed devices. This has been disruptive for both the vendors of technology solutions (especially storage) and for infrastructure management.
  • Large storage array vendors are challenged by hyperconvergence alternatives. IT departments need to adapt IT skills and roles away from individual management silos and to more holistic service management.

A comparison between converged and hyperconverged systems.

Info-Tech Insight

HCI follows convergence trends of the past ten years but is also a departure from how IT infrastructure has traditionally been provisioned and managed.

HCI is at the same time a logical progression of infrastructure convergence and a disruptive departure.

Hyperconverged (HCI) – SWOT

HCI can be the foundation block for a fully software defined data center, a prerequisite for private cloud.

Strengths

  • Potentially lower TCO through further infrastructure consolidation, reducing CapEx and OpEx expenditures through facilities optimization and cost consolidation.
  • Operations in particular can be streamlined, since storage, network connections, and processors/memory are all managed as abstractions via a single control pane.
  • HCI comes with built-in automation and analytics that lead to quicker issue resolution.

Opportunities

  • Increased business agility by paving the way for a fully software defined infrastructure stack and cloud automation.
  • Shift IT human assets from hardware asset maintainers and controllers to service delivery managers.
  • Better able to compete with external IT service alternatives.
  • Move toward a hybrid cloud service offering where the service catalog contains both internal and external offerings.

Key attributes of a cloud are automation, resource elasticity, and self-service. This kind of agility is impossible if physical infrastructure needs intervention.

Info-Tech Insight

Virtualization alone does not a private cloud make, but complete stack virtualization (software defined) running on a hands-off preconfigured HCI appliance (or group of appliances) provides a solid foundation for building cloud services.

Hyperconverged (HCI) – SWOT

Silo-busting and private cloud sound great, but are your people and processes able to manage the change?

Weaknesses

  • HCI typically scales out linearly (CPU & storage). This does not suit traditional scale-up applications such as high-performance databases and large-capacity data warehouses.
  • Infrastructure stacks are perceived as more flexible for variable growth across segments. For example, if storage is growing but processing is not, storage can scale separately from processing.

Threats

  • HCI will be disruptive to roles within IT. Internal pushback is a real threat if necessary changes in skills and roles are not addressed.
  • HCI is not a simple component replacement but an adoption of a different kind of infrastructure. Different places in the lifecycles for each of storage, network, and processing devices could make HCI a solution where there is no immediate problem.

In traditional infrastructure, performance and capacity are managed as distinct though complementary jobs. An all-in-one approach may not work.

Composable Infrastructure (CI)

  • Composable infrastructure in many ways represents the opposite of an HCI approach. Its focus is on further disaggregating resources and components used to build systems.
    • Unlike traditional cloud virtual systems, composable infrastructure provides virtual bare metal resources, allowing tightly coupled resources like CPU, RAM, and GPU – or any device/card/module – to be released back and forth into the resource pool as required by a given workload.
    • This is enabled by the use of high-speed, low-latency PCI Express (PCI-e) and Compute Express Link (CXL) fabrics that allow these resources to be decoupled.
    • It also supports the ability to present other fabric types critical for building out enterprise systems (e.g. Ethernet, InfiniBand).
  • Accordingly, CI systems are also based on next-generation network architecture that supports moving critical functions to the network layer, which enables more efficient use of the application-layer resources.

Composable Infrastructure (CI)

  • CI may also leverage network-resident data/infrastructure processing units (DPUs/IPUs), which offload many network, security, and storage functions.
    • As new devices and functions become available, they can be added into the catalog of resources/functions available in a CI pool.

Use Case Example: Composable AI flow

Data Ingestion > Data Cleaning/Tagging > Training > Conclusion

  • At each phase of the process, resources, including specialized hardware like memory and GPU cores, can be dynamically allocated and reallocated to the workload on demand

Composable Infrastructure (CI)

Use cases and considerations

Where it's useful

  • Enable even more efficient allocation/utilization of resources for workloads.
  • Very large memory or shared memory requirements can benefit greatly.
  • Decouple purchasing decisions for underlying resources.
  • Leverage the fabric to make it easier to incrementally upgrade underlying resources as required.
  • Build "the Impossible Server."

Considerations

  • Requires significant footprint/scale to justify in many cases
  • Not necessarily good value for environments that aren't very volatile and heterogeneous in terms of deployment requirements
  • May not be best value for environments where resource-stranding is not a significant issue

Info-Tech Insight

Many organizations using a traditional approach report resource stranding as having an impact of 20% or more on efficiency. When focusing specifically on the stranding of memory in workloads, the number can often approach 40%.

The CI ecosystem

This is an image of the CI ecosystem.

  • The CI ecosystem has many players, large and small!
  • Note that the CI ecosystem is dependent on a large ecosystem of underlying enablers and component builders to support the required technologies.

Understanding the differences

This image shows the similarities and differences between traditional, cloud, hyperconverged, and composable.

Automation approach

  • Infrastructure as Code
  • Automation & Orchestration
  • Metaorchestration

Infrastructure as Code (IaC)

Infrastructure as code (IaC) is the process of managing and provisioning computer data centers through machine-readable definition files rather than physical hardware configuration or interactive configuration tools.

Before IaC, IT personnel would have to manually change configurations to manage their infrastructure. Maybe they would use throwaway scripts to automate some tasks, but that was the extent of it.

With IaC, your infrastructure's configuration takes the form of a code file, making it easy to edit, copy, and distribute.

Info-Tech Insight
IaC is a critical tool in enabling key benefits!

  • Reduced costs
  • Increased scalability, flexibility, and speed
  • Better consistency and version control
  • Reduced deployment errors

Infrastructure as Code (IaC)

  1. IaC uses a high-level descriptive coding language to automate the provisioning of IT infrastructure. This eliminates the need to manually provision and manage servers, OS, database connections, storage, and other elements every time we want to develop, test, or deploy an application.
  2. IaC allows us to define the computer systems on which code needs to run. Most commonly, we use a framework like Chef, Ansible, Puppet, etc., to define their infrastructure. These automation and orchestration tools focus on the provisioning and configuring of base compute infrastructure.
  3. IaC is also an essential DevOps practice. It enables teams to rapidly create and version infrastructure in the same way they version source code and to track these versions so as to avoid inconsistency among IT environments that can lead to serious issues during deployment.
  • Idempotence is a principle of IaC. This means a deployment command always sets the target environment into the same configuration, regardless of the environment's starting state.
    • Idempotency is achieved by either automatically configuring an existing target or discarding the existing target and recreating a fresh environment.

Automation/Orchestration

Orchestration describes the automated arrangement, coordination, and management of complex computer systems, middleware, and services.

This usage of orchestration is often discussed in the context of service-oriented architecture, virtualization, provisioning, converged infrastructure, and dynamic data center topics. Orchestration in this sense is about aligning the business request with the applications, data, and infrastructure.

It defines the policies and service levels through automated workflows,
provisioning, and change management. This creates an application-aligned infrastructure that can be scaled up or down based on the needs of each application.

As the requirement for more resources or a new application is triggered, automated tools now can perform tasks that previously could only be done by multiple administrators operating on their individual pieces of the physical stack.

Orchestration also provides centralized management of the resource pool, including billing, metering, and chargeback for consumption. For example, orchestration reduces the time and effort for deploying multiple instances of a single application.

Info-Tech Insight

Automation and orchestration tools can be key components of an effective governance toolkit too! Remember to understand what data can be pulled from your various tools and leveraged for other purposes such as cost management and portfolio roadmapping.

Automation/Orchestration

There are a wide variety of orchestration and automation tools and technologies.

Configuration Management

Configuration Management

The logos for companies which fall in each of the categories in the column to the left of the image.

CI/CD
Orchestration

Container
Orchestration

Cloud-Specific
Orchestration

PaaS
Orchestration

Info-Tech Insight

Automation and orchestration tools and software offerings are plentiful, and many of them have a different focus on where in the application delivery ecosystem they provide automation functionality.

Often there are different tools for different deployment and service models as well as for different functional phases for each service model.

Automation/Orchestration

Every tool focuses on different aspects or functions of the deployment of resources and applications.

  • Resources
    • Compute
    • Storage
    • Network
  • Extended Services
    • Platforms
    • Infrastructure Services
    • Web Services
  • Application Assets
    • Images
    • Templates
    • Containers
    • Code

Info-Tech Insight

Let the large ecosystem of tools be your ally. Leverage the right tools where needed and then address the complexity of tools using a master orchestration scheme.

Metaorchestration

A Flow chart for the approach to metaorchestration.

Additionally, most tools do not cover all aspects required for most automation implementations, especially in hybrid cloud scenarios.

As such, often multiple tools must be deployed, which can lead to fragmentation and loss of unified controls.

Many enterprises address this fragmentation using a cloud management platform approach.

One method of achieving this is to establish a higher layer of orchestration – an "orchestrator of orchestrators," or metaorchestration.

In complex scenarios, this can be a challenge that requires customization and development.

InfraOps tools ecosystem

Toolkit Pros Cons Tips
HCI Easy scale out Shift in skills required Good for enabling automation and hybridization with current-gen public cloud services
CI Maximal workload resource efficiency Investment in new fabrics and technologies Useful for very dynamic or highly scalable workloads like AI
IaC Error reduction and standardization Managing drift in standards and requirements Leverage a standards and exception process to keep track of drift
A&O Key enabler of DevOps automation within phases Usually requires multiple toolsets/frameworks Use the right tools and stitch together at the metaorchestration layer
Metaorchestration Reduces the complexity of a diverse A&O and IaC toolkit Requires understanding of the entire ecosystems of tools used Key layer of visibility and control for governance

Build a virtuous cycle

Remember, the goal is to increase speed AND reliability. That's why we focus on removing friction from our delivery pipelines.

  • The first step is to identify the points of friction in your cycle and understand the intensity and frequency of these friction points.
  • Depending on your delivery and project management methodology, you'll have a different posture of the different tools that make sense for your pipeline.
  • For example, if you are focused on delivering raw resources for sysadmins and/or you're in a Waterfall methodology where the friction points are large but infrequent, hyperconverged is likely to delivery good value, whereas tools like IaC and orchestration may not be as necessary.

Info-Tech Insight

Remember that, especially in modern and rapid methodologies, your IT footprint can drift unexpectedly. This means you need a real feedback mechanism on where the friction moves to next.

This is particularly important in more Agile methodologies.

Activity: Map your IT operations delivery

Identify your high-friction interstitial points

  • Using the table below, or a table modified to your delivery phases, map out the activities and tasks that are not standardized and automated.
  • For the incoming and outgoing sections, think about what resources and activities need to be (or could be) created, destroyed, or repurposed to efficiently manage each cycle and the spaces between cycles.
Plan Code Test Deploy Monitor
Incoming Friction
In-Cycle Friction
Outgoing Friction

Info-Tech Insight

Map your ops groups to the delivery cycles in your pipeline. How many delivery cycles do you have or need?

Good InfraOps is a reflection of governance policies, expressed by standards in architecture and automation.

Related Info-Tech Research

Evaluate Hyperconverged Infrastructure for Your Infrastructure Roadmap

  • This Info-Tech note covers evaluation of HCI platforms.

Design Your Cloud Operations

  • This Info-Tech blueprint covers organization of operations teams for various deployment and Agile modes.

Bibliography

Banks, Ethan, host. "Choosing Your Next Infrastructure." Datanauts, episode 094, Packet Pushers, 26 July 2017. Podcast.
"Composable Infrastructure Solutions." Hewlett Packard Canada, n.d. Web.
"Composable Infrastructure Technology." Liqid Inc., n.d. Web.
"DataOps architecture design." Azure Architecture Center, Microsoft Learn, n.d. Web.
Tan, Pei Send. "Differences: DevOps, ITOps, MLOps, DataOps, ModelOps, AIOps, SecOps, DevSecOps." Medium, 5 July 2021. Web.

AI and the Future of Enterprise Productivity

  • Buy Link or Shortcode: {j2store}329|cart{/j2store}
  • member rating overall impact (scale of 10): 9.0/10 Overall Impact
  • member rating average dollars saved: $12,399 Average $ Saved
  • member rating average days saved: 10 Average Days Saved
  • Parent Category Name: Innovation
  • Parent Category Link: /innovation
  • We’re witnessing a fundamental transformation in how businesses operate and productivity is achieved.
  • Advances in narrow but powerful forms of artificial intelligence (AI) are being driven by a cluster of factors.
  • Applications for enterprise AI aren’t waiting for the emergence of a general AI. They’re being rapidly deployed in task-specific domains. From robotic process automation (RPA) to demand forecasting, from real-world robotics to AI-driven drug development, AI is boosting enterprise productivity in significant ways.

Our Advice

Critical Insight

Algorithms are becoming more advanced, data is now richer and easier to collect, and hardware is cheaper and more powerful. All of this is true and contributes to the excitement around enterprise AI applications, but the biggest difference today is that enterprises are redesigning their processes around AI, rather than simply adding AI to their existing processes.

Impact and Result

This report outlines six emerging ways AI is being used in the enterprise, with four future scenarios outlining their possible trajectories. These are designed to guide strategic decision making and facilitate future-focused ideation.

AI and the Future of Enterprise Productivity Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Read the trend report

This report outlines six emerging ways AI is being used in the enterprise, with four future scenarios outlining their possible trajectories. These are designed to guide strategic decision making and facilitate future-focused ideation.

  • AI and the Future of Enterprise Productivity Trend Report
  • AI and the Future of Enterprise Productivity Trend Report (PDF)
[infographic]

Modernize and Transform Your End-User Computing Strategy

  • Buy Link or Shortcode: {j2store}308|cart{/j2store}
  • member rating overall impact (scale of 10): 9.6/10 Overall Impact
  • member rating average dollars saved: $34,982 Average $ Saved
  • member rating average days saved: 25 Average Days Saved
  • Parent Category Name: End-User Computing Strategy
  • Parent Category Link: /end-user-computing-strategy

IT needs to answer these questions:

  • What types of computing devices, provisioning models, and operating systems should be offered to end users?
  • How will IT support devices?
  • What are the policies and governance surrounding how devices are used?
  • What actions are we taking and when?
  • How do end-user devices support larger corporate priorities and strategies?

Your answers need to balance choice, risk, and cost.

Our Advice

Critical Insight

  • Even if a user has a prestigious tablet, if the apps aren’t built well, they can’t get support on it, or they can’t connect, then that device is useless. Focus on supportability, use cases, connection, and policy – and the device.

Impact and Result

  • Identify desired benefits that align to IT and corporate priorities and strategies.
  • Perform a persona analysis.
  • Define a vision for end-user computing.
  • Define the standard device and app offerings.
  • Improve the supporting services surrounding devices.
  • Develop a roadmap for implementing your strategy.

Modernize and Transform Your End-User Computing Strategy Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. End-User Computing Strategy Deck – A step-by-step document to walk you through end-user computing trends and processes to improve customer satisfaction.

This storyboard will help you identify your goals, build standard offerings for users, define governance and policies around offerings, and develop a roadmap for your EUC program.

  • Modernize and Transform Your End-User Computing Strategy – Phases 1-3

2. End-User Computing Strategy Template – A repository for your current-state and persona analysis to identify technology requirements for each user group.

Use these templates to document your end-user computing strategy. Follow the guidelines in the blueprint and record activity results in the template. The findings will be presented to the management team.

  • End-User Computing Strategy Template
  • User Group Analysis Workbook

3. End-User Computing Ideas Catalog and Standard Offering Guide – Templates that guide you to document the outcome from persona analysis to define standard offerings and policies.

The Ideas Catalog introduces provisioning models, form factors, and supported operating systems. Use the Standard Offering Template to document provisioning models and define computing devices along with apps and peripherals according to the outcome of the user group analysis.

  • Standard End-User Entitlements and Offerings Template
  • End-User Computing Ideas Catalog

4. End-User Computing Policies – Policies that establish requirements for end-user computing.

Use these policy templates to communicate the purposes behind each end-user computing decision and establish company standards, guidelines, and procedures for the purchase of technologies. The policies will ensure purchasing, reimbursement, security, and remote wiping enforcements are consistent and in alignment with the company strategy.

  • Mobile Device Connectivity & Allowance Policy
  • Purchasing Policy
  • Mobile Device Reimbursement Agreement
  • Mobile Device Reimbursement Policy
  • BYOD Acceptable Use Policy
  • Mobile Device Remote Wipe Waiver Template
  • General Security – User Acceptable Use Policy
  • Device Entitlement Policy Template

Infographic

Workshop: Modernize and Transform Your End-User Computing Strategy

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Set the Direction

The Purpose

Dig into the current state and build user persona.

Key Benefits Achieved

Determine your challenges and strengths.

Delineate user IT requirements.

Activities

1.1 Assess the current state of end-user computing.

1.2 Perform SWOT analysis.

1.3 Map benefits to stakeholder drivers and priorities.

1.4 Identify user groups.

1.5 Identify supporting technology.

1.6 Identify opportunities to provide value.

Outputs

SWOT analysis of current state

Goals cascade

Persona analysis

2 Define the Offering

The Purpose

Define your EUC vision and standard offerings.

Key Benefits Achieved

Brainstorm EUC vision and mission.

Find out the standard offerings.

Set the direction for end-user computing to support shift-left enablement.

Activities

2.1 Prioritize benefits.

2.2 Craft a vision and mission statement.

2.3 Identify goals.

2.4 Define guiding principles for your strategy.

2.5 Select a provisioning model for each persona.

2.6 Define the standard device offerings.

2.7 Document each persona's entitlements.

Outputs

Vision statement, mission statement, and guiding principles

Goals and indicators

End-user device entitlements standard

3 Support the Offering

The Purpose

Outline supporting practices and define policies for each use case.

Key Benefits Achieved

Document supporting practices.

Document EUC policies.

Activities

3.1 Define device management tools and approach.

3.2 Identify groups involved in supporting practices.

3.3 Identify opportunities to improve customer service.

3.4 Define acceptable use.

3.5 Define BYOD policies.

3.6 Define procurement and entitlement policies.

3.7 Define security policies.

Outputs

List of management tools for end-user computing

Roles and responsibilities for maintaining the end-user computing environment

Opportunities to improve customer service

End-user computing policy templates

4 Bridge the Gap and Create the Roadmap

The Purpose

Build a user migration roadmap.

Key Benefits Achieved

Make the project a reality by documenting initiatives and building a roadmap.

Activities

4.1 Identify the gaps in devices, user support, use cases, policy & governance, and fitness for use.

4.2 Plan the deployment and user migration journey.

4.3 Document initiatives in the roadmap.

Outputs

Initiatives mapped to practice areas

User migration journey map

Further reading

Modernize and Transform Your End-User Computing Strategy

Support the workforce of the future.

EXECUTIVE BRIEF

Analyst Perspective

Focus beyond the device

It’s easy to think that if we give end users nice devices, then they will be more engaged and they will be happy with IT. If only it were that easy.

Info-Tech Research Group has surveyed over 119,000 people through its CIO Business Vision diagnostic. The results show that a good device is necessary but not enough for high satisfaction with IT. Once a user has a decent device, the other aspects of the user’s experience has a higher impact on their satisfaction with IT.

After all, if a person is trying to run apps designed in the 1990s, if they are struggling to access resources through an underperforming VPN connection, or if they can’t get help when their devices and apps aren’t working, then it doesn’t matter that you gave them a state-of-the-art MacBook or Microsoft Surface.

As you build out your end-user computing strategy to reflect the new reality of today’s workforce, ensure you focus on shifting user support left, modernizing apps to support how users need to work, and ensuring that your network and collaboration tools can support the increased demands. End-user computing teams need to focus beyond the device.

Ken Weston, ITIL MP, PMP, Cert.APM, SMC

Research Director, Infrastructure and Operations Info-Tech Research Group

Mahmoud Ramin, PhD

Senior Research Analyst, Infrastructure and Operations Info-Tech Research Group

Executive Summary

Your Challenge

IT needs to answer these questions:

  • What types of computing devices, provisioning models, and operating systems (OSes) should be offered to end users?
  • How will IT support devices?
  • What are the policies and governance surrounding how devices are used?
  • What actions are we taking and when?
  • How do end-user devices support larger corporate priorities and strategies?

Your answers need to balance choice, risk, and cost.

Common Obstacles

Management paradigms have shifted:

  • OSes, device management, and IT asset management (ITAM) practices have changed.
  • Users expect full capabilities on any personal device.
  • Virtual desktops are switching to the cloud.
  • Low-code/no-code platforms allow the business to manage their own apps or comanage with IT.
  • Work-from-anywhere is the default.
  • Users have higher customer service expectations.

Take end-user computing beyond the OS.

Info-Tech's Approach

This blueprint will help you:

  • Identify desired benefits that align to IT and corporate priorities and strategies.
  • Perform a persona analysis.
  • Define a vision for end-user computing.
  • Define the standard device and app offerings.
  • Improve the supporting services surrounding devices.
  • Develop a roadmap for implementing your strategy.

A good device is necessary for satisfaction with IT but it’s not enough.

If a user has a prestigious tablet but the apps aren’t built well, they can’t get support on it, or they can’t connect to the internet, then that device is useless. Focus on supportability, use cases, connection, policy – and device.

Your challenge

This blueprint will help you build a strategy that answers these questions:

  • What types of computing devices should be offered to end users?
  • What provisioning models will be used?
  • What operating systems are supported?
  • How will IT support devices?
  • What are the policies and governance surrounding how devices are used?
  • What actions are we taking and when?
  • How do end-user devices support larger corporate priorities and strategies?

Definition: End-User Computing (EUC)

End-user computing (EUC) is the domain of information and technology that deals with the devices used by workers to do their jobs. EUC has five focus areas: devices, user support, use cases, policy & governance, and fitness for use.

A good end-user computing strategy will effectively balance:

User Choice

Cost

Risk

The right balance will be unique for every organization.

Strike the right balance

The discussion is larger than desktop support

If IT is an influencer, then you get to drive this conversation. If IT is not an influencer, then you need to support whatever option the business wants.

Cost Risk Choice Result
Higher Education High importance Low importance High importance Full BYOD for professors. Standardized offerings for administration.
Software Development Firms Low importance Medium/High importance High importance Standardized offerings for developers. Virtual desktops for users on BYOD.
Legal Firm Medium importance High importance Low importance Partners offered prestigious devices. Everyone else uses Windows PCs. Virtual desktops and apps for remote access.

Healthcare

High importance High importance Low importance Nurses, janitors, and other frontline staff use shared tablets. Doctors are provisioned their own tablet. Admin staff and doctors are provisioned virtual desktops to maintain security and compliance.
Government High importance High importance Low importance Standardized PC offerings for all employees. MacBooks are provided with justification. Devices managed with Intune and ConfigMgr.

Good devices are necessary for overall IT satisfaction

BUT

Good devices are not enough for high satisfaction

A bad device can ruin a person’s satisfaction with IT

Info-Tech’s CIO Business Vision has shown that when someone is dissatisfied with their device, their satisfaction with IT overall is only 40.92% on average.

When a person is satisfied with their device, their average satisfaction increases by approximately 30 percentage points to 70.22%. (Info-Tech Research Group, CIO Business Vision, 2021; N=119,383)

The image is a bar graph, with the Y-axis labelled Overall IT Satisfaction. There are two bars, one labelled Satisfied With Devices, which is at 70.22%, and the other labelled Dissatisfied With Devices, which is at 40.92%.

Improvements in the service desk, business apps, networks and communication infrastructure, and IT policy all have a higher impact on increasing satisfaction.

For every one-point increase in satisfaction in those areas, respondents’ overall satisfaction with IT increased by the respective percentage of a point. (Info-Tech Research Group, CIO Business Vision, 2021; N=119,409)

The image shows a graphic of five arrows pointing upwards. They are labelled (from right to left): Devices--42.20%; IT Policy--45.90%; Network & Comms Infra--59.49%; Business Apps--63.89%; Service Desk--65.19%, 1.54 times the impact of devices.

End-User Paradigms Have Shifted

Take end-user computing beyond the device

Operating System - OS

Only Windows

  • More choices than ever before

Endpoint Management System - UEM

Group Policy & Client Management

  • Modern & Unified Endpoint Management

Personal Devices - BYOD

Limited to email on phones

  • Full capabilities on any device

IT Asset Management - ITAM

Hands-on with images

  • Zero-touch with provisioning packages

Virtual Desktops - DaaS

Virtual Desktop Infrastructure in the Data Center

  • Desktop-as-a-Service in the cloud

Business-Managed Apps - BMA

Performed by IT

  • Performed by the Business and IT

Work-From-Anywhere - WFA

Rare

  • Default

Customer Satisfaction - C Sat

Phone calls and transactional interactions

  • Self-serve & managing entire experience

Don’t limit your focus to only Windows and Macs

Android is the OS with the largest market share

Users and IT have more choices than ever before

Operating System - OS

Only Windows

  • More choices than ever before

Microsoft is still the dominant player in end-user computing, but Windows has only a fraction of the share it once had.

IT needs to revisit their device management practices. Modern management tools such as unified endpoint management (UEM) tools are better suited than traditional client management tools (CMT) for a cross-platform world.

IT must also revisit their application portfolios. Are business apps supported on Android and iOS or are they only supported on Windows? Is there an opportunity to offer more options to end users? Are end users already running apps and handling sensitive data on Android and iOS through software-as-a-service and bring-your-own-device (BYOD) capabilities in Office 365 and Google apps?

The image shows a bar graph titled OS Market Share, 2011-2021. On the x-axis are OS names with a bar in blue representing their market share in 2011, and a bar in purple showing their market share in 2021. The data shown is as follows: Windows--85.98% (2011), 31.62% (2021); Android--1.22% (2011), 40.85% (2021); iOS--2.1% (2011), 16.42% (2021); Mac OS X--6.19% (2011); 6.8% (2021); Other--4.51% (2011), 4.31% (2021). Source: StatCounter Global Stats.

OS market share is partly driven by the digital divide

If someone must choose between a smartphone and a computer, they go with a smartphone

IT can’t expect everyone to be fluent on Windows and Mac, have a computer at home, or even have home broadband.

Of US adults aged 18-29:

  • 96% have a smartphone (the rest have cellphones).
  • Only 70% of US adults aged 18-29 have a home broadband connection.

Further, only 59% of US adults making less than $30,000/year have a laptop or desktop. (“Mobile Technology” and “Digital Divide,” Pew Research, 2021.)

Globally, people are likelier to have a cell subscription than they are to have access to broadband.

The image is a bar graph, with a list of countries on the X-axis, with each having two bars: blue indicating Fixed Broadband Subscriptions per 100 people and purple indicating Mobile Cellular Subscriptions per 100 people. In all listed countries, the number of Mobile Cellular Subscriptions per 100 people is higher than Fixed Broadband Subscriptions. Source: The World Bank, 2020. Most recent data for USA mobile cellular subscriptions is from 2019.

Embrace new device management paradigms

Endpoint Management System - UEM

Group Policy & Client Management

  • Modern & Unified Endpoint Management

Evaluate enterprise mobility management and unified endpoint management to better support a remote-first, cross-platform reality.

Client Management Tool (CMT)

CMTs such as Microsoft Endpoint Configuration Manager (ConfigMgr, aka SCCM) can be used to distribute apps, apply patches, and enforce group policy.

Enterprise Mobility Management (EMM)

EMM tools allow you to manage multiple device platforms through mobile device management (MDM) protocols. These tools enforce security settings, allow you to push apps to managed devices, and monitor patch compliance through reporting.

EMM tools often support mobile application management (MAM) and mobile content management (MCM). Most EMM tools can manage devices running Windows, Mac OS, iOS, and Android, although there are exceptions.

Unified Endpoint Management (UEM)

UEM solutions combine CMT and EMM for better control of remote computers running Windows or Macs. Examples include:

  • Windows devices comanaged by Intune and ConfigMgr.
  • Mac devices managed by Jamf Pro.
  • Mac devices comanaged by Jamf Pro and Intune.

Most UEM tools can manage devices running Windows, Mac OS, iOS, and Android, allowing IT to manage all end-user devices from a unified tool set (although there are exceptions).

Mobile Application Management (MAM)

MAM provides the ability to package an app with security settings, distribute app updates, and enforce app updates. Some capabilities do not require apps to be enrolled in an EMM or UEM solution.

Mobile Content Management (MCM)

MCM tools distribute files to remote devices. Many MCM solutions allow for security settings to be applied, such as encrypting the files or prohibiting data from leaving the secure container. Examples include OneDrive, Box, and Citrix ShareFile.

Adopt modern management with EMM and UEM – better toolsets for today’s state of EUC

Sacrifice your Group Policy Objects to better manage Windows computers

Windows Management Features Traditional CMT Hybrid UEM Cloud-Based EMM
Group Policy ✔ Primary management approach ✔ Available alongside configuration service providers X Replaced by configuration service providers
Manage remote devices without VPN X X
No longer manage and maintain images X ✔ Images are still available ✔ Images replaced by provisioning packages
Secure and support BYOD X (Certain tools may offer limited MDM capabilities)
Support remote zero-touch provisioning X (Only available via PXE boot)
App, patch, update deployments Via defined distribution points Via defined distribution points or MAM Via MAM

IT asset management practices are shifting

IT Asset Management - ITAM

Hands-on with images

  • Zero-touch with provisioning packages

Supply chain issues are making computers longer to procure, meaning users are waiting longer for computers (Cision, 2021). The resulting silicon chip shortage is expected to last until at least 2023 (Light Reading, 2021).

IT departments are delaying purchases, delaying refreshes, and/or purchasing more to reserve devices before they need them.

Remote work has increased by 159% over the past 12 years (NorthOne, 2021). New hires and existing users can’t always go into the office to get a new computer.

IT departments are paying vendors to hold onto computers and then drop-ship them directly to the end user. The devices are provisioned using zero touch (e.g. Autopilot, Apple Device Manager, or another tool). Since zero-touch provisioning tools do not support images, teams have had to switch to provisioning packages.

The pandemic saw an increase in spending on virtual desktops

Virtual desktops offered powerful tools for supporting remote devices and personal computers without compromising sensitive data

Virtual Desktops - DaaS

Virtual Desktop Infrastructure in the Data Center

  • Desktop-as-a-Service in the cloud

The pandemic helped cloud-based virtual desktop infrastructure (VDI)

Citrix saw subscription revenue increase 71% year over year in 2020 (Citrix 2020 Annual Report, p. 4). VMware saw subscription and SaaS revenue increase 38% from January 2020 to 2021 – while on-premises licensing revenue decreased by 5% (VMware Annual Report 2021, p. 40).

IT no longer needs to manage the underlying infrastructure

Microsoft and AWS are offering desktops as a service (i.e. cloud-based virtual desktops). IT needs to manage only the device, not the underlying virtual desktop infrastructure. This is in addition to Citrix’s and VMware’s cloud offerings, where IT doesn’t need to manage the underlying infrastructure that supports VDI.

Visit the blueprint Implement Desktop Virtualization and Transition to Everything as a Service to get started.

Work-from-anywhere (WFA) is now the default

COVID-19 forced this shift

Work-From-Anywhere - WFA

Rare

  • Default

Be prepared to support a hybrid workforce, where people are sometimes working remotely and sometimes working in the office.

  • Device provisioning and deployment need to be rethought. In-person deployment is not always possible. IT should evaluate tools such as zero-touch provisioning.
  • Service desks need better monitoring and management tools. End-user experience management (EUEM) can allow you to better identify where network issues are occurring – in your data center, at the user’s house, in the cloud, or somewhere in between. Remote control tools can then allow your tier 1 to remediate issues on the user’s device.
  • Apps and devices need to be usable from anywhere. Environments that rely on desktops and on-premises apps need to be rearchitected for a remote-first workforce.
  • Users are living inside video conferencing tools. With the impact of the COVID-19 pandemic, there are about 145 million daily users of Microsoft Teams, almost twice the number of users in 2020 (MUO, 2021). Ensure they have the training and expertise to effectively use these tools.

“More technical troubleshooting due to users working from home a lot more. It can be more difficult to talk users through fixes when they are off site if you cannot remotely assist so more emphasis on the communication skill which was already important.” (Service Desk Institute, 2021)

Visit the Hybrid Workplace Research Center to better support a hybrid workforce.

BYOD fully includes personal computers

It’s no longer about whether IT will allow BYOD

Stop pretending BYOD doesn’t happen

Personal Devices - BYOD

Limited to email on phones

  • Full capabilities on any device
  • BYOD (including BYOPC) is turned on by default. SaaS tools like Office 365 are built to be used on multiple devices, including multiple computers. Further, the pandemic saw 47% of organizations significantly increase their use of BYOD (Cybersecurity Insiders, 2021; N=271).
  • BYOD can boost productivity. When employees can use smartphones for work, they report that it increases their productivity by 34 percent (Samsung Insights, 2016).
  • BYOD is hard to support, so most organizations don’t. Only 22% of organizations provide full support for mobile devices, while 20% provide no support, 25% provide ad hoc support, and 26% provide limited support (Cybersecurity Insiders, 2021). If smartphones and tablets are heavily ingrained in business processes, then migrating to BYOD can overload the service desk.
  • Securely enable employees. Mobile application management (MAM), mobile content management (MCM), and Office 365 have gotten smarter at protecting corporate data.

Action Item: Identify how IT can provide more support to personally owned computers, tablets, and smartphones.

58% of working Americans say their work devices are “awful to work on." (PCMag, 2021)

But only 22% of organizations provide full support to BYOD. (Cybersecurity Insiders, 2021)

IT must either provide better devices or start fully supporting users on personal PCs.

Build governance practices for low-code development platforms

Managing 1,000 different apps built out on low-code business process management platforms is hard, but it’s not nearly as hard as managing 1,000 unique SaaS apps or access databases

Business-Managed Apps - BMA

Performed by IT

  • Performed by the Business and IT

Pros - Opportunities

  • Offers DIY to users
  • Business can build them quickly
  • IT has central visibility
  • IT can focus on the platform

Cons - Threats

  • Sensitive data can get exposed
  • Users may have issues with continuity and backup
  • Responding to platform changes will be potentially challenging
  • Support may be difficult after the app creator leaves

Action Item: Build a governance framework that describes the roles and responsibilities involved in business-owned apps. Identify the user’s role and end-user computing’s role in supporting low-code apps.

Visit the blueprint Embrace Business-Managed Apps to learn how to build a governance framework for low-code development platforms.

Visit the Low-Code Business Process Management SoftwareReviews category to compare different platforms.

Update your customer service practices

End users expect self-service and help from tier 1

Re-evaluate how you support both corporate-issued and personal-owned computers and mobile devices

Customer Satisfaction - C Sat

Phone calls and transactional interactions

  • Self-serve & managing entire experience

Microsoft’s 2019 “Global State of Customer Service” report shows that people have high expectations:

  • 31% of people expect call agents to have a “deep understanding of the caller’s relationship with the company”
  • 11% expect self-service capabilities

End users have the same expectations of IT, the service desk, and end-user computing teams:

  • Users expect any IT person with whom they are talking to have a deep understanding of their devices, apps, open tickets, and closed tickets.
  • Users expect tier 1 to be able to resolve their incidents and requests without escalating to tier 2 or tier 3 end-user computing specialists.

Most Important Aspects of Customer Service

Resolving issue in one interaction - 35%

Knowledgeable agent - 31%

Finding information myself - 11%

Not repeating information - 20%

(Microsoft, 2019)

Desktop engineering needs to shift left

Revisit what work can only be done by tier 2 and tier 3 teams

Shifting left involves shifting resolution of incidents and service requests down from more costly resources to the first line of support and to end users themselves through self-service options

  • Tier 1 needs up-to-date information on the end users’ devices and open tickets.
  • Users should be able to request apps and download those apps through a self-service portal, a software catalog, or an app store.
  • Tier 1 needs to be empowered to remote wipe devices, see troubleshooting and diagnostics information, and resolve incidents without needing to escalate.

Action Item: Apply shift-left enablement to train tier 1 agents on troubleshooting more incidents and fulfilling more service requests. Build top-notch self-service capabilities for end users.

The image is a graphic titled Shift-Left Strategy. At the top, it lists Auto-Fix; User, Tier 1, Tier 2/3, and Vendor. On the left, it lists Metrics vertically: Cost, Time, Satisfaction. A bar displays how high or low the metric is based on the categories listed at the top.

Work with your service desk on the blueprint Optimize the Service Desk with a Shift-Left Strategy.

Windows 11 is coming

Prepare to make the jump

The sooner you start, the easier the migration will be

  • Begin planning hardware refreshes. Old computers that do not have a TPM 2.0 chip are not currently supported on Windows 11 (“Enable TPM 2.0,” Microsoft, 2021). If you have old computers that will not support the jump to Windows 11– especially given the supply chain disruptions and silicon chip shortages – it is time to consider computer upgrades.
  • The end of Windows 10 is coming. Windows 10’s retirement date is currently October 14, 2025 (“Windows 10 Home and Pro,” Microsoft, 2021). If you want to continue running Windows 10 on older computers beyond that time, you will need to pay for extended support or risk those computers being more easily breached.
  • Begin testing your apps internally. Run Windows 11 within IT and test whether your apps will work on Windows 11.
  • Pilot Windows 11 with IT-friendlies. Find users that are excited for Windows 11 and will not mind a bit of short-term pain.
  • What is your risk appetite? Risk-averse organizations will want to wait until Microsoft, DISA, and/or Center for Internet Security have published security configuration best practices.

Info-Tech’s approach

Master the ever-expanding puzzle of end-user computing

User Group Analysis

Supported Devices and Apps

Fitness for Use

Device Support

The Info-Tech difference:

  1. Balance user choice, risk mitigation, and cost optimization. The right balance will be unique for every organization.
  2. Standardize the nonstandard. Anticipate your users’ needs by having power options and prestigious options ready to offer.
  3. Consider multiple personas when building your standards, training, and migrations. Early Adopters, Late Adopters, VIP Users, Road Warriors, and Hoarders – these five personas will exist in one form or another throughout your user groups.

Modernize and Transform Your End-User Computing Strategy

Focus on the Big Picture

End-User Paradigms Have Shifted

Take end-user computing beyond the device

Operating System - OS

Only Windows

  • More choices than ever before

Endpoint Management System - UEM

Group Policy & Client Management

  • Modern & Unified Endpoint Management

Personal Devices - BYOD

Limited to email on phones

  • Full capabilities on any device

IT Asset Management - ITAM

Hands-on with images

  • Zero-touch with provisioning packages

Virtual Desktops - DaaS

Virtual Desktop Infrastructure in the Data Center

  • Desktop-as-a-Service in the cloud

Business-Managed Apps - BMA

Performed by IT

  • Performed by the Business and IT

Work-From-Anywhere - WFA

Rare

  • Default

Customer Satisfaction - C Sat

Phone calls and transactional interactions

  • Self-serve & managing entire experience

Don't just focus on the device!

Improvements in the service desk, business apps, networks and communication infrastructure, and IT policy have a higher impact on increasing satisfaction.

Impact of End-User Satisfaction of IT by Area Compared to Devices

Devices (x1.0)

IT Policy (x1.09)

Network & Communications Infrastructure (x1.41)

Business Apps (x1.51)

Service Desk (x1.54)

(Info-Tech Research Group, CIO Business Vision, 2021; n=119,409)

Build your strategy with these components...

End-User Group Analysis

  • Work location
  • Information interactions
  • Apps
  • Data and files
  • Business capabilities
  • Current offering
  • Pain points
  • Desired gains

Supported Devices & Apps

  • Primary computing device offerings
  • Power computing device offering
  • Prestigious device offerings
  • Secondary computing device offerings
  • Provisioning models
  • Standard apps
  • Peripherals

Device Support

  • Self-service
  • Service Desk
  • Specialists

Fitness for Use

  • Organizational policies
  • Security policies

Vision

...to answer these questions:

  1. What devices will people have?
  2. How will you support these devices?
  3. How will you govern these devices?

Balance choice, risk, and cost

The right balance will be unique for every organization. Get the balance right by aligning your strategy's goals to senior leadership’s most important priorities.

  • User choice
  • Risk
  • Cost

+ Standardize the non-standard

Have a more prestigious option ready for users, such as VIPs, who want more than the usual offerings. This approach will help you to proactively anticipate your users' needs.

+Consider multiple personas when building your standards, training, and migrations

These five personas will exist in one form or another throughout your user groups.

  • Early Adopters
  • Late Adopters
  • VIP Users
  • Road Warriors
  • Hoarders

Use our approach to answer these questions:

What computers will people have?

Types of computing devices

  • Power desktop
  • Power laptop
  • Desktop
  • Laptop
  • Virtual Desktop
  • Thin Client Device
  • Pro Tablet
  • Tablet
  • Smartphone

Corporate-Issued Approaches

  • Kiosk – Shared, Single Purpose
  • Pooled – Shared, Multipurpose
  • Persistent – Individual
  • Personally Owned

Supported Operating Systems

  • Windows
  • Mac
  • Chrome OS
  • Linux
  • iOS/iPad OS
  • Android

How will you support these devices?

Device Management

  • Manual
  • CMT
  • EMM
  • UEM
  • Pooled Virtual Desktop Manager

Supporting Practices

  • Self-Service
  • Tier 1 Support
  • Specialist Support

How will you govern these devices?

Corporate Policies

  • Personal Use Allowed?
  • Management and Security Policies
  • Personal Device Use Allowed?
  • Supported Apps and Use Cases
  • Who Is Allowed to Purchase?
  • Prohibited Apps and Use Cases
  • Device Entitlement
  • Stipends and/or Reimbursement to Users

Use our blueprint to improve your EUC practices

  1. Devices
    • Corporate-issued devices
    • Standard offerings
  2. User Support
    • Self-service
    • Tier 1 support
  3. Use Cases
    • Providing value
    • Business apps
  4. Policy & Governance
    • Personal device use
    • IT policy
  5. Fitness for Use
    • Securing devices
    • Patching

Info-Tech’s methodology for end-user computing strategy

1. Set the Direction 2. Define the Offering 3. Build the Roadmap
Phase Steps

1.1 Identify Desired Benefits

1.2 Perform a User Group Analysis

1.3 Define the Vision

2.1 Define the Standard Offerings

2.2 Outline Supporting Services

2.3 Define Governance and Policies

3.1 Develop Initiatives
Phase Outcomes

Current-State Assessment

Goals Cascade

User Group Assessment

Vision Statement

Mission Statement

Guiding Principles

Standard Offerings by User Group

Device Management Model

Technical Support Model

Device Entitlement Policy

Acceptable Use Policy

Remote Wipe Policy & Waiver

Personal Device Reimbursement Policy

End-User Migration Journey Map

Strategy and Roadmap

Insight summary

Once users are satisfied with devices, focus on the bigger picture

If end users are dissatisfied with devices, they will also be dissatisfied with IT. But if you don’t also focus on apps and supportability, then giving users better devices will only marginally increase satisfaction with IT.

Bring it back to stakeholder priorities

Before you build your vision statement, make sure it resonates with the business by identifying senior leadership’s priorities and aligning your own goals to them.

Balance choice, risk, and cost

The balance of user choice, risk mitigation, and cost optimization is unique for each company. Get the balance right by aligning your strategy’s goals to senior leadership’s most important priorities.

Communicate early and often with users

Expect users to become anxious when you start targeting their devices. Address this anxiety by bringing them into the conversation early in the planning – they will see that their concerns are being addressed and may even feel a sense of ownership over the strategy.

Standardize the nonstandard

When users such as VIP users want more than the standard offering, have a more prestigious option available. This approach will help you to proactively anticipate your users’ needs.

Consider multiple personas when building your standards, training, and migrations

Early Adopters, Late Adopters, VIP Users, Road Warriors, and Hoarders – these five personas will exist in one form or another throughout your user groups.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

User Group Analysis Workbook

Use these worksheets to guide your analysis.

End-User Computing Ideas Catalog

Compare options for your end-user computing environment.

Standard End-User Entitlements and Offerings

Define your supported offerings and publish this document in your service catalog.

Policy Templates

Use these templates as a starting point for addressing policy gaps.

Key deliverable:

End-User Computing Strategy

Document your strategy using this boardroom-ready template.

Blueprint benefits

IT Benefits

  • Deliver immediate value to end users.
  • Provide the best service based on the user persona.
  • Provide better device coverage.
  • Use fewer tools to manage a less diverse but equally effective array of end-user computing devices.
  • Provide more managed devices that will help to limit risk.
  • Have better visibility into the end-user computing devices and apps.

Business Benefits

  • Conduct corporate business under one broad strategy.
  • Provide support to IT for specific applications and devices.
  • Take advantage of more scalable economies for providing more advantageous technologies.
  • Experience less friction between end users and the business and higher end-user satisfaction.

Measure the value of this blueprint

Your end-user computing strategy is an investment

Track the returns on your investment, even if those returns are soft benefits and not cost reductions

User Satisfaction

  • Satisfaction with device
  • Satisfaction with business apps
  • Satisfaction with service desk timeliness
  • Satisfaction with service desk effectiveness
  • Satisfaction with IT Employee engagement

Total Cost

  • Spend on each type of device
  • Cost of licenses for management tools, operating systems, and apps
  • Cost of support agreements # of support tickets per device per employee
  • Time spent supporting devices per tier or support team
  • Time spent per OS/app release

Risk Mitigation

  • # of devices that are end-of-life
  • % of devices in compliance
  • # of unmanaged devices
  • # of devices that have not checked in to management tool

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

Guided Implementation

"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

Workshop

"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

Consulting

"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks are used throughout all four options.

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 8 to 10 calls over the course of 4 to 6 months.

Phase 1: Set the Direction

  • Call #1: Review trends in end-user computing and discuss your current state.
  • Call #2: Perform a user group analysis.
  • Call #3: Identify desired benefits and map to stakeholder drivers.

Phase 2: Define the Offering

  • Call #4: Define standard offerings.
  • Call #5: Select provisioning models.
  • Call #6: Outline supporting services and opportunities to shift end-user computing support left.
  • Call #7: Identify gaps in governance and policies.

Phase 3: Build the Roadmap

  • Call #8: Develop initiatives.
  • Call #9: Plan migration and build roadmap.

EUC Strategy Workshop Overview

Contact your account representative for more information.

workshops@infotech.com 1-888-670-8889

Day 1 Day 2 Day 3 Day 4 Day 5
Set the Direction Define the Offering Support the Offering Bridge the Gap and Create the Roadmap Next Steps and Wrap-Up (offsite)
Activities

1.1 Identify desired benefits.

1.1.1 Assess the current state of end-user computing.

1.1.2 Perform a SWOT analysis.

1.1.3 Map benefits to stakeholder drivers and priorities.

1.2 Analyze user groups.

1.2.1 Identify user groups.

1.2.2 Identify supporting technology.

1.2.3 Record use cases.

1.2.4 Identify opportunities to provide value.

1.3 Define the vision.

1.3.1 Prioritize benefits.

1.3.2 Craft a vision and mission statement.

1.3.3 Identify goals.

1.3.4 Define guiding principles for your strategy.

2.1 Define the standard offerings.

2.1.1 Select a provisioning model for each persona.

2.1.2 Define the standard device offerings.

2.1.3 Document each personas’ entitlements.

2.2 Outline supporting practices.

2.2.1 Define device management tools and approach.

2.2.2 Identify groups involved in supporting practices.

2.2.4 Identify opportunities to improve customer service.

2.3 Define policies. 2.3.1 Define acceptable use. 2.3.2 Define BYOD policies. 2.3.3 Define procurement and entitlement policies. 2.3.4 Define security policies.

3.1 Develop initiatives.

3.1.1 Identify the gaps in devices, user support, use cases, policy & governance, and fitness for use.

3.1.2 Plan the deployment and user migration journey.

3.1.3 Document initiatives in the roadmap .

5.1 Complete in-progress deliverables from previous four days.

5.2 Set up time to review workshop deliverables and discuss next steps

Deliverables
  1. SWOT analysis of current state
  2. Goals cascade
  3. Persona analysis
  1. Vision statement, mission statement, and guiding principles
  2. Goals and indicators
  3. End-user device entitlements standard
  1. List of management tools for end-user computing
  2. Roles and responsibilities for maintaining the end-user computing environment
  3. Opportunities to improve customer service
  4. End-user computing policy templates
  1. Initiatives mapped to practice areas
  2. User’s migration journey map
  1. End-user computing strategy template
  2. End-user computing roadmap

Phase 1

Set the Direction

Set the Direction

1.1 Identify Desired Benefits

1.2 Perform a User Group Analysis

1.3 Define the Vision

Define the Offering

2.1 Define the Standard Offerings

2.2 Outline Supporting Services

2.3 Define Governance and Policies

Build the Roadmap

3.1 Develop Initiatives

This phase will walk you through the following activities:

  • Current-state analysis
  • Goals cascade
  • Persona analysis

This phase involves the following participants:

  • End-User Computing Team
  • IT Leadership

Set a direction that will create value for IT, stakeholders, and end users

Use your insights to build your strategy

Start by downloading Info-Tech’s End-User Computing Strategy Template

  1. Perform a stop-start-continue exercise for how IT supports end-user devices.
  2. Perform a goals cascade to identify how the end-user computing strategy can align with and support senior leaders’ priorities and strategic objectives.
  3. Perform a user group analysis to identify what IT can do to provide additional value to end users.
  4. Use the results to define a vision for your end-user computing strategy and in-scope benefits.

Download the End-User Computing Strategy Template.

Step 1.1

Identify Desired Benefits

Activities

1.1.1 Assess the current state of end-user computing

1.1.2 Perform a SWOT analysis

1.1.3 Map benefits to stakeholder drivers and priorities

Optional: Identify current total cost of ownership

This step requires the following inputs:

  • Current approach for end-user computing
  • List of strengths and weaknesses of the current approach

This step involves the following participants:

  • CIO
  • End-User Computing Team
  • IT Leadership
  • End-User Computing Manager

Outcomes of this step

  • Defined success metrics that are tied to business value
  • Vision statement, mission statement, and guiding principles

Review your current state for each end-user computing practice

  1. Devices
    • Corporate-issued devices
    • Standard offerings
  2. User Support
    • Self-service
    • Tier 1 support
  3. Use Cases
    • Providing value
    • Business apps
  4. Policy & Governance
    • Personal device use
    • IT policy
  5. Fitness for Use
    • Securing devices
    • Patching

1.1.1 Assess the current state of end-user computing

Discuss IT’s strengths and challenges

Review your success in responding to the trends highlighted in the executive brief.

  • Start by reviewing the trends in the executive brief. Identify which trends you would like to focus on.
  • Review the domains below. Discuss:
    • Your current approach
    • Strengths about this approach
    • Challenges faced with this approach
  • Document the results in the “Current-State Assessment” section of your End-User Computing Strategy.
  1. Devices
    • Corporate-issued devices
    • Standard offerings
  2. User Support
    • Self-service
    • Tier 1 support
  3. Use Cases
    • Providing value
    • Business apps
  4. Policy & Governance
    • Personal device use
    • IT policy
  5. Fitness for Use
    • Securing devices
    • Patching

Download the End-User Computing Strategy Template.

Consider these aspects of end-user computing in your assessment

Devices: As shown in the executive brief, devices are necessary for satisfaction in IT. In your current-state assessment, outline the principal means by which users are provided with a desktop and computing.

  • Corporate-issued devices: Document the types of devices (e.g. laptops, desktops, smartphones) and operating systems that IT currently supports.
    • Strengths: Highlight user satisfaction with your current offerings by referencing recent relationship surveys.
    • Challenges: Document corporate-issued devices where stakeholders and users are not satisfied, platforms that stakeholders would like IT to support, etc.
  • Standard offerings: Name the high-level categories of devices that you offer to end users (e.g. standard device, power device).
    • Strengths: Outline steps that IT has taken to improve the portfolio of standard offerings and to communicate the offerings.
    • Challenges: Identify areas to improve the standard offerings.

User support: Examine how the end-user computing team enables a high-quality customer service experience. Especially consider self-service and tier 1 support.

  • Self-service: Describe the current state of your self-service capabilities (e.g. name of the self-service portal, number of apps in the app store).
    • Strengths: Outline successes with your self-service capabilities (e.g. use of self-service tools, recently deployed tools, newly supported platforms).
    • Challenges: Identify gaps in self-service capabilities.
  • Tier 1 support: Document the number of end-user computing incidents and service requests that are resolved at tier 1 as well as the number of incidents and service requests that are resolvable without escalation.
    • Strengths: Identify technologies that make first contact resolution possible. Outline other items that support tier 1 resolution of end-user computing tickets, such as knowledgebase articles and training programs.
    • Challenges: Document areas in which tier 1 resolution of end-user computing tickets is not feasible.

Considerations (cont’d.)

Use cases: Reflect on how IT and end-user computing supports users’ most important use cases. Consider these aspects:

  • Providing value: Identify the number of user groups for which you have completed a user group analysis. Outline your major approaches for capturing feedback, such as relationship surveys.
    • Strengths: Document any successful initiatives around stakeholder relationships and requirements gathering. You can also highlight successful metrics, such as high satisfaction scores from a team, department, or division.
    • Challenges: Identify where there are dissatisfied stakeholders and gaps in product offerings and where additional work around value generation is required.
  • Business apps: Outline your major business apps and your approach to improvement for these apps. If you need assistance gathering feedback from end users and stakeholders, you can use Info-Tech’s Application Portfolio Assessment.
    • Strengths: Show the EUC team’s successes in supporting critical business apps (e.g. facilitating user acceptance testing, deploying via endpoint management tool).
    • Challenges: Name business apps that are not meeting stakeholder needs. Consider if end users are dissatisfied with an app, if IT is unable to adequately monitor and support a business app, etc.

Policy and governance: Document the current state of policies governing the use of end-user computing devices, both corporate-issued and personally owned. Review Step 2.3 for a list of policy questions to address and for links to policy templates.

  • Personal device use: Explain which users are allowed to use personally owned devices, what use cases are supported, and which types of devices are supported. Also, highlight explicit prohibitions.
    • Strengths: Highlight major accomplishments with BYOD, utilization metrics, etc. Consider including any platforms or apps that support BYOD (e.g. Microsoft Office 365).
    • Challenges: Identify where there are gaps in your support for personal devices. Examples can include insufficient management tools, lack of feedback from end users on BYOD support, undefined policies and governance, and inadequate support for personal devices.

Considerations (cont’d.)

IT policies: List your current policy documents. Include policies that relate to end-user computing, such as security policy documents; acceptable use policy documents; purchasing policies; documents governing entitlements to computers, tablets, smartphones, and prestigious devices; and employee monitoring policy documents.

  • Strengths: Outline the effectiveness of these policies, user compliance to these policies, and your success in enforcing these policies.
  • Challenges: Identify where you have gaps in user compliance, gaps in enforcing policies, many exceptions to a policy, etc.

Fitness for use: Reflect on your ability to secure users, enterprise data, and computers. Document your current capabilities to ensure devices are adequately secured and risks adequately mitigated.

  • Securing devices: Describe your current approach to implementing security baselines, protecting data, and ensuring compliance.
    • Strengths: Highlight your accomplishments with ensuring devices meet your security standards and are adequately managed.
    • Challenges: Identify areas that are not adequately protected, where IT does not have enough visibility, and devices on which IT cannot enforce security standards.
  • Patching: Describe your current approach to distributing OS patches, distributing app patches, and ensuring patch compliance.
    • Strengths: Outline steps that IT has taken to improve release and deployment practices (e.g. user acceptance testing, deployment rings).
    • Challenges: When is IT unable to push a patch to a device? Outline when devices cannot receive a patch, when IT is unable to ensure patches are installed, and when patches are disruptive to end users.

1.1.2 Perform a SWOT analysis

Summarize your current-state analysis

To build a good strategy, you need to clearly understand the challenges you face and opportunities you can leverage.

  • Summarize IT’s strengths. These are positive aspects internal to IT.
  • Summarize IT’s challenge. What internal IT weakness should the strategy address?
  • Identify high-level opportunities. Summarize positive factors that are external to IT (e.g. within the larger organization, strong vendor relationships).
  • Document threats. What external factors present a risk to the strategy?

Record your SWOT analysis in the “Current-State Assessment” section of your End-User Computing Strategy Template.

Download the End-User Computing Strategy Template.

1.1.3 Map benefits to stakeholder drivers and priorities

Use a goals cascade to identify benefits that will resonate with the business

Identify how end-user computing will support larger organizational strategies, drivers, and priorities

  1. Identify stakeholders. Focus on senior leaders – user groups will be addressed in Step 1.2.
  2. For each stakeholder, identify three to five drivers or strategic priorities. Use the drivers as a starting point to:
    1. Increase productivity
    2. Mitigate risks
    3. Optimize costs
  3. Map the benefits you brainstormed in Step 1.1 to the drivers. It’s okay to have benefits map to multiple drivers.
  4. Re-evaluate benefits that don’t map to any drivers. Consider removing them.
Stakeholder Drivers and Strategic Priorities End-User Computing Benefits
CEO Ensure service continuity with remote work
  • Customers can still be served by remote workers
Respond to COVID-19 changes with agility
  • Workers can transition seamlessly between working remotely and working in the office
Reduce unnecessary costs
  • Standardize computer models to reduce spend on devices
COO Business continuity: being able to work from home
  • Workers can transition seamlessly between working remotely and working in the office

Record this table on the “Goals Cascade” slide in the “Vision and Desired Benefits” section of your End-User Computing Strategy Template.

Use the CEO-CIO Alignment Program to identify which business benefits are most important.

Sample end-user computing benefits

Business Goals End-User Computing Benefits
Manage risk Controls are effectively enforced on remote devices Sensitive data is secured Devices and data are accounted for
Ensure service continuity Business processes can still function with remote personnel Customers can still be served by remote workers Personnel can be productive from anywhere IT practices can still operate remotely
Comply with external regulation Improved ability to demonstrate compliance
Respond to change with agility Personnel can be productive from anywhere More business processes can be performed remotely
Improve operational efficiency More efficient sales practices More efficient customer service practices Increased number of digitized business processes Increased use of IT and HR self-service tools
Offer competitive products and services Increased customer satisfaction with online services Number of piloted new products
Manage people Increased employee productivity Increased employee engagement Increased talent attraction Increased workforce retention
Make data-driven decisions Increased workforce retention Improved understanding of customers Access to accurate data on services and spending Improved IT cost forecasting
Improve customer experience Increased customer satisfaction with online services Ability to scale up capacity to meet increased demand Customers can still be served by remote workers Improved customer self-service options
Maximize stakeholder value Transition to OpEx spend and reduce CapEx investments Access to accurate data on services and spending Improved IT cost forecasting

Optional: Identify current total cost of ownership

Be mindful of hidden costs, such as those associated with supporting multiple devices and maintaining a small fleet of corporate devices to ensure business continuity with BYOD.

  • Use the Hardware Asset Management Budgeting Tool to forecast spend on devices (and infrastructure) based on project needs and devices nearing end of life.
  • Use the Mobile Strategy TCO Calculator to estimate the total cost of all the different aspects of your mobile strategy, including:
    • Training
    • Management platforms
    • Custom app development
    • Travel and roaming
    • Stipends and taxes
    • Support
  • Revisit these calculators in Phase 2. Use the TCO calculator when considering different approaches to mobility and end-user computing.

Insert the results into your End-User Computing Strategy Template.

Download the HAM Budgeting Tool.

Download the Mobile Strategy TCO Calculator.

Step 1.2

Perform a User Group Analysis

Activities

1.2.1 Organize roles based on how they work

1.2.2 Organize users into groups

1.2.3 Document the current offerings

1.2.4 Brainstorm pain points and desired gains for each user group

This step requires the following inputs:

  • List of roles and technologies
  • User feedback
  • List of personas

This step involves the following participants:

  • End-User Computing Team
  • IT Leadership
  • End-User Computing Manager

Outcomes of this step

  • List of user groups and use cases for each group
  • List of current offerings for each user group
  • Value analysis for each user group

Gather the information you need

Use the Application Portfolio Assessment to run a relationship survey.

Dive deeper with the blueprint Improve Requirements Gathering.

List of Roles and Technology

Organization chart: Consult with HR or department leaders to provide a list of the different roles that exist in each department.

Identity access management tools: You can consult tools like Active Directory, but only if the data is clean.

Apps and devices used: Run a report from your endpoint management tool to see what devices and apps are used by one another. Supplement this report with a report from a network management tool to identify software as a service that are in use and/or consult with department leaders.

User Feedback

Relationship surveys: Tools like the End-User Application Satisfaction Diagnostic allow you to assess overall satisfaction with IT.

Focus groups and interviews: Gather unstructured feedback from users about their apps and devices.

User shadowing: Observe people as they use technology to identify improvement opportunities (e.g. shadow meetings, review video call recordings).

Ticket data: Identify apps or systems that users submit the most incidents about as well as high-volume requests that could be automated.

1.2.1 Organize roles based on how they work

Start by organizing roles into categories based on where they work and how they interact with information.

  1. Define categories of where people work. Examples include:
    1. In office, at home, at client sites
    2. Stationary, sometimes mobile, always mobile
    3. Always in same location, sometimes in different locations, always in different locations within a site, mobile between sites
  2. Define categories of how people interact with information. Examples include:
    1. Reads information, reads and writes information, creates information
    2. Cases, projects, relationships
  3. Build a matrix. Use the location categories on one axis and the interaction categories on the other axis.
  4. Place unique job roles on the matrix. Review each functional group’s organizational chart. It is okay if you don’t fill every spot. See the diagram on this page for an example.
Always Works in the Same Location Sometimes Works in Different Locations Always Works in Different Locations
Predominantly Reads Information
  • Janitor
  • Receptionist
  • Receiving
  • Accounts Payable Clerk
Reads and Writes Information
  • Sales Rep
  • Sales Manager
  • Director of Sales
  • Developer
  • Scrum Master
  • Customer Service Agent
  • CS Manager
  • Call Center Director
  • Accountant
  • Controller
  • HR Specialist
  • Business Analyst
  • VP, Sales
  • Product Manager
  • Project Manager
  • Director of Engineering
  • VP, HR
  • CFO
  • Director of PMO
  • Field Sales Rep
  • CEO
  • CIO
  • COO
Predominantly Creates Information
  • External Consultants
  • Design
  • Marketing
  • Copywriting

1.2.2 Organize users into groups

Populate a user group worksheet for each in-scope group.

  1. Within each quadrant, group similar roles together into “User Groups.” Consider similarities such as:
    1. Applications they use
    2. Data and files with which they interact
    3. Business capabilities they support
  2. Document their high-level profile:
    1. Where they work
    2. Sensitivity of data they access
    3. Current device and app entitlements
  3. Document the resulting user groups. Record each user group on a separate worksheet in the User Group Analysis Workbook.

Download the User Group Analysis Workbook.

1.2.3 Document the current offerings

For each user group, document:

  • Primary and secondary computing devices: Their most frequently used computing devices.
  • Acceptable use: Whether corporate-issued devices are personally enabled.
  • BYOD: Whether this persona is authorized to use their personal devices.
  • Standard equipment provided: Equipment that is offered to everyone in this persona.
  • Additional devices and equipment offered: Equipment that is offered to a subset of this user group. These items can include more prestigious computers, additional monitors, and office equipment for users allowed to work remotely. This category can include items that require approval from budget owners.
  • Top apps: What apps are most commonly used by this user group? What common nonstandard apps are used by this user group?

Standardize the nonstandard

When users such as VIP users want more than the standard offering, have a more prestigious option available. This approach will help you to proactively anticipate your users’ needs.

1.2.4 Brainstorm pain points and desired gains for each user group

Don’t focus only on their experiences with technology

Reference the common personas listed on the next page to help you brainstorm additional pain points and desired gains.

  1. Brainstorm pain points. Answer these questions for each role:
    1. What do people find tedious about their day-to-day jobs?
    2. What takes the most effort for them to do?
    3. What about their current toolset makes this user frustrated?
    4. What makes working difficult? Consider their experiences working from a home office, attending meetings virtually or in person, and working in the office.
    5. What challenges does that role have with each process?
  2. Brainstorm desired gains from their technology. Answer these questions for each role:
    1. For your end-user computing vision to become a reality for this persona, what outcomes or benefits are required?
    2. What benefits will this persona expect an end-user computing strategy to have?
    3. What improvements does this role desire?
    4. What unexpected benefits or outcomes would surprise this role?
    5. What would make this role’s day-to-day easier?
    6. What location-specific benefits are there (e.g. outcomes specific to working in the office or at home)?

Record each user group’s pain points and desired gains on their respective worksheet.

For additional questions you can ask, visit this Strategyzer blog post by Alexander Osterwalder.

Info-Tech Insight

Identify out-of-scope benefits?

If that desired gain is required for the vision to be achieved for a specific role, you have two options:

  • Bring the benefit in scope. Ensure your metrics are updated.
  • Bring this user group out of scope. End-user computing improvements will not be valuable to this role without that benefit.

Forcing a user group to use an unsatisfactory tool will severely undermine your chance of success, especially in the project’s early stages.

Consider these common personas when brainstorming challenges and desired gains

What unique challenges will these personas face within each of your user groups? What improvements would each of these personas expect out of an end-user computing strategy?

Early Adopters

  • Like trying new ways of working and using the latest technology.
  • Very comfortable solving their own issues.
  • Enjoy exploring and creating new ways of handling challenges.

Late Adopters

  • Prefer consistent ways of working, be it tech or business processes.
  • React to tech issues with anxiety and need assistance to get issues fixed.

VIP

  • Has a prestigious job and would like to use technology that communicates their status.
  • Does not like to resolve their own issues.

Road Warriors

  • Always on the go, running between work meetings and appointments.
  • Value flexibility and want devices, apps, and tech support that can be used anywhere at any time.

Hoarders

  • Want to keep all their devices, data, and apps.
  • Will stall when they need to migrate devices or uninstall apps and become unresponsive any time there is a risk of losing something.

Step 1.3

Define the Vision

Activities

1.3.1 Prioritize which benefits you want to achieve

1.3.2 Identify how you will track performance

1.3.3 Craft a vision statement that demonstrates what you’re trying to create

1.3.4 Craft a mission statement for your end-user computing team

1.3.5 Define guiding principles

This step requires the following inputs:

  • Goals cascade
  • List of benefits
  • List of critical success factors (CSFs)

This step involves the following participants:

  • End-User Computing Manager
  • CIO
  • Help Desk Manager
  • Infrastructure Manager

Outcomes of this step

  • End-User computing KPIs and metrics
  • Vision statement
  • Mission statement

1.3.1 Prioritize which benefits you want to achieve

Use the MoSCoW sorting technique

Select benefits that appear multiple times in the goals cascade from Activity 1.1.3 as well as your challenges from your current-state assessment.

  1. Record which benefits are “Must Haves.” Select benefits that are most important to your highest-priority stakeholders.
  2. Record which benefits are “Should Haves.” These benefits are important but not critical.
  3. Record which benefits are “Could Haves.” These are low-priority benefits.
  4. Record the remaining benefits under “Won’t Have.” These benefits are out-of-scope but can be revisited in the future.

Record the output in your End-User Computing Strategy Template under “Benefit Prioritization” in the “Vision and Desired Benefits” section.

Sample output:

Must Have Should Have Could Have Won't Have
  • Customers can still be served by remote workers.
  • Easier to work in multiple locations.
  • More options for provisioning computers to new workers.
  • Improved patching and security compliance checking of remote devices.
  • Self-service app installs on Windows.
  • More consistent experience across all devices and platforms, including BYOD.
  • Improved visibility into and manageability of BYOD.
  • Ability for users to create their own low-code apps (e.g. in Microsoft Power Apps).
  • Improved guidelines for running hybrid/remote meetings.
  • BYOD support for workers handling sensitive data.
  • Support for any type of Android smartphone or tablet.

1.3.2 Identify how you will track performance

  1. List each unique high-priority benefit from Activity 1.3.1 as a critical success factor (CSF).
  2. For each CSF, identify key performance indicators (KPIs) that you can use to track how well you’re progressing on the CSF.
    1. Articulate that KPI as a SMART goal (specific, measurable, achievable, realistic, and timebound).
  3. For each KPI, identify the metrics you will use to calculate it.
  4. Identify how and when you will:
    1. Capture the current state of these metrics.
    2. Update changes to the metrics.
    3. Re-evaluate the CSFs.
    4. Communicate the progress to the project team and to stakeholders.

Record this information in your End-User Computing Strategy Template.

Sample output:

Critical Success Factor Key Performance Indicator Metrics
Improve remote worker productivity Increase employee engagement by 10% in two years
  • McLean Employee Engagement Score
  • Gallup Q Score
Integrate relevant information sources into one spot for sales Integrate three information sources that will be useful to sales in one year
  • # of sales-specific apps integrated into a dashboard, portal, or workspace
  • Sales satisfaction scores
Reduce real-estate costs Reduce office space by 50% in two cities over three years
  • $ spent on office leases
Securely deliver all apps, information, and data to any device, anywhere, at any time Build the apps and information sources into a digital workspace for three business processes over one year
  • # of business processes supported in the workspace

1.3.3 Craft a vision statement that demonstrates what you’re trying to create

The vision statement communicates a desired future state of the IT organization. The statement is expressed in the present tense. It seeks to articulate the desired role of IT and how IT will be perceived.

Strong IT vision statements have the following characteristics:

  • Describes a desired future
  • Focuses on ends, not means
  • Communicates promise
  • Is:
    • Concise; no unnecessary words
    • Compelling
    • Achievable
    • Inspirational
    • Memorable

Sample IT Vision Statements:

  • To support an exceptional employee experience by providing best-in-class end-user devices.
  • Securely enable access to corporate apps and data from anywhere, at any time, on any device.
  • Enable business and digital transformation through secure and powerful virtualization technology.
  • IT is a cohesive, proactive, and disciplined team that delivers innovative technology solutions while demonstrating a strong customer-oriented mindset.

1.3.4 Craft a mission statement for your end-user computing team

The IT mission statement specifies the function’s purpose or reason for being. The mission should guide each day’s activities and decisions. The mission statement should use simple and concise terminology and speak loudly and clearly, generating enthusiasm for the organization.

Strong IT mission statements have the following characteristics:

  • Articulate the IT function’s purpose and reason for existence
  • Describe what the IT function does to achieve its vision
  • Define the customers of the IT function
  • Can be described as:
    • Compelling
    • Easy to grasp
    • Sharply focused
    • Inspirational
    • Memorable
    • Concise

Sample IT Mission Statements:

  • To provide infrastructure, support, and innovation in the delivery of secure, enterprise-grade information technology products and services that enable and empower the workforce at [Company Name].
  • To help fulfill organizational goals, the IT department is committed to empowering business stakeholders with technology and services that facilitate effective processes, collaboration, and communication.
  • The mission of the information technology (IT) department is to build a solid, comprehensive technology infrastructure; to maintain an efficient, effective operations environment; and to deliver high-quality, timely services that support the business goals and objectives of [Company Name].
  • The IT group is customer-centered and driven by its commitment to management and staff. It oversees services in computing, telecommunications, networking, administrative computing, and technology training.

1.3.5 Define guiding principles

Select principles that align with your stakeholders’ goals and objectives

Use these examples as a starting point:

IT Principle Name IT Principle Statement
1. Enterprise value focus We aim to provide maximum long-term benefits to the enterprise as a whole while optimizing total costs of ownership and risks.
2. Fit for purpose We maintain capability levels and create solutions that are fit for purpose without over-engineering them.
3. Simplicity We choose the simplest solutions and aim to reduce operational complexity of the enterprise.
4. Reuse > buy > build We maximize reuse of existing assets. If we can’t reuse, we procure externally. As a last resort, we build custom solutions.
5. Managed data We handle data creation, modification, and use enterprise-wide in compliance with our data governance policy.
6. Controlled technical diversity We control the variety of technology platforms we use.
7. Managed security We manage, support, and assist in the implementation of security enterprise-wide in collaboration with our security governance team.
8. Compliance to laws and regulations We operate in compliance with all applicable laws and regulations.
9. Innovation We seek innovative ways to use technology for business advantage.
10. Customer centricity We deliver best experiences to our end users by aligning to customer service best practices.

Phase 2

Define the Offering

Set the Direction

1.1 Identify Desired Benefits

1.2 Perform a User Group Analysis

1.3 Define the Vision

Define the Offering

2.1 Define the Standard Offerings

2.2 Outline Supporting Services

2.3 Define Governance and Policies

Build the Roadmap

3.1 Develop Initiatives

This phase will walk you through the following activities:

  • Defining standard device entitlements and provisioning models for end-user devices and equipment
  • Shifting end-user computing support left
  • Identifying policy gaps

This phase involves the following participants:

  • End-User Computing Team
  • IT Leadership

Step 2.1

Define the Standard Offerings

Activities

2.1.1 Identify the provisioning models for each user group

2.1.2 Define the standard device offerings

2.1.3 Document each user group’s entitlements

This step requires the following inputs:

  • Standard End-User Entitlements and Offerings Template
  • List of persona groups
  • Primary computing devices
  • Secondary computing devices
  • Supporting operating systems
  • Applications and office equipment

This step involves the following participants:

  • End-User Computing Manager
  • CIO
  • Help Desk Manager
  • Infrastructure Manager

Outcomes of this step

  • End-user device entitlements and offerings standard

This step will walk you through defining standard offerings

You will define the base offering for all users in each user group as well as additional items that users can request (but that require additional approvals).

  1. Primary Computing Device
    • The main device used by a worker to complete their job (e.g. laptop for knowledge workers, kiosk or shared tablet for frontline workers).
  2. Secondary Computing Devices
    • Additional devices that supports a worker (e.g. a smartphone, tablet, personal computer).
  3. Provisioning Models
    • Whether the equipment is corporate-issued versus personally owned and whether personal use of corporate resources is allowed.
  4. Apps
    • The software used by the worker. Apps can be locally installed, cloud-based (e.g. SaaS), and/or virtualized and running remotely.
  5. Peripherals
    • Additional equipment provisioned to the end user (e.g. monitors, docking station, mice, keyboards).

There is always a challenge of determining who gets what and when

The goal is balancing cost, risk, and employee engagement

The right balance will be different for every organization

  • IT can’t always say no to new ideas from the business. For example, if the organization wants to adopt Macs, rather than resisting IT should focus on identifying how Macs can be safely implemented.
  • Smartphones may not be necessary for a job, but they can be a valid employee perk. Not every employee may be entitled to the perk. There may be resentment between employees of the same level if one of the employees has a corporate-issued, business-only phone for their job function.
  • The same laptop model may not work for everyone. Some employees may need more powerful computers. Some employees may want more prestigious devices. Other employees may require a suite of apps that is only available on non-Windows operating systems.

Action Item: Provide a defined set of standard options to the business to proactively address different needs.

A good end-user computing strategy will effectively balance:

  • User Choice
  • Risk
  • Cost

Your standard offerings need to strike the right balance for your organization.

Review the End-User Computing Ideas Catalog

Compare pros and cons of computing devices and operating systems for better decision making

The catalog provides information about choices in:

  • Provisioning models
  • Operating systems
  • Device form factors

Review the catalog to learn about items that can help your organization to achieve the desired vision from Phase 1.

As you review the catalog, think about these questions:

  • What primary and secondary devices can you provide?
  • What operating systems do these devices support?
  • What are the provisioning models you will use, considering each model’s weaknesses and strengths?
  • How can you more effectively balance user choice, risk, and cost?

Download the End-User Computing Ideas Catalog.

2.1.1 Identify the provisioning models for each user group

  1. Review the definitions in the End-User Computing Ideas Catalog.
  2. Build a table. List the major user groups along the top of the table and applications down the rows.
  3. Brainstorm provisioning models that will be used for primary and secondary devices for each persona group.
  4. Record your provisioning models in the Standard End-User Entitlements and Offerings Template.

Download the End-User Computing Ideas Catalog.

Download the Standard End-User Entitlements and Offerings Template.

Persona Primary Computing Device Secondary Laptops or Computers Smartphone Tablet
Sales COPE BYOD BYOD BYOD
Field Sales CYOD BYOD COBO COBO
Customer Service COBO None None None
Knowledge Worker COPE BYOD BYOD BYOD
App Dev CYOPED None CYOD CYOD
VIP CYOPED CYOPED CYOPE BYOD

Identify multiple device options

Offer standard, power, and prestigious offerings

Prioritize offering models and align them with your user groups.

  • Standard device: This offering will work for most end users.
  • Power device: This offering will provide additional RAM, processor speed, storage, etc., for users that require it. It is usually offered as an additional option that requires approval.
  • Prestigious device: This offering will be provided to VIP users.
  • Portable device: This offering is for employees within a user group that moves around more often than others. This type of offering is optional – consider having a separate user group for these users that get a more portable laptop as their standard device.

Standardize the nonstandard

When users such as VIP users want more than the standard offering, have a more prestigious option ready to offer. This approach will help you to proactively anticipate your users’ needs.

Who approves?

Generally, if it is a supported device, then the budget owner determines whether to allow the user to receive a more powerful or more prestigious device.

This decision can be based on factors such as:

  • Business need – does the user need the device to do their job?
  • Perk or benefit – is the device being offered to the end user as a means of increasing their engagement?

If IT gets this answer wrong, then it can result in shadow IT

Document your answer in the Device Entitlement Policy Template.

2.1.2 Define the standard device offerings

Consider all devices and their supporting operating systems.

  1. On a flip chart or whiteboard, build a matrix of the supported form factors and operating systems.
  2. For each cell, document the supported vendor and device model.
  3. Identify where you will provide additional options.
Windows Mac OS iOS Android
Laptops Lenovo T15 Gen 2 MacBook Pro 14” N/A N/A
Power Laptops Lenovo ThinkPad X1 Carbon MacBook Pro 16” N/A N/A
Prestigious Laptops Lenovo ThinkPad X1 Yoga Gen 6 MacBook Pro 16” N/A N/A
Tablets Microsoft Surface N/A iPad Pro Samsung Galaxy Tab
Smartphones N/A N/A iPhone 13 Samsung Galaxy S21

2.1.3 Document each user groups’ entitlements

Not every persona needs to be entitled to every supported option

Use the Standard End-User Entitlements and Offerings Template as a starting point.

  • Create a separate section in the document for each persona. Start by documenting the provisioning models for each type of device.
  • Record the standard offering provided to members of each persona as well as additional items that can be provided with approval. Record this information for:
    • Primary computing devices
    • Secondary computing devices
  • Optional: Document additional items that will be provided to members of each persona as well as additional items they can request, such as:
    • Apps
    • Office equipment

Download the Standard End-User Entitlements and Offerings Template.

Step 2.2

Outline Supporting Services

Activities

2.2.1 Review device management tools and capabilities

2.2.2 Identify common incidents and requests for devices

2.2.3 Record how you want to shift resolution

2.2.4 Define which IT groups are involved in supporting practices

Define the Offering

This step requires the following inputs:

  • Standard End-User Entitlements and Offerings Template
  • List of supporting devices
  • Common incidents and requests
  • List of supporting practices

This step involves the following participants:

  • End-User Computing Manager
  • CIO
  • Help Desk Manager
  • Infrastructure Manager

Outcomes of this step

  • List of IT groups who are involved in supporting devices
  • Responsibilities of each group for requests and incidents

2.2.1 Review device management tools and capabilities

Document the tools that you use to manage each OS and identify gaps

If there are different approaches to managing the same OS (e.g. Windows devices that are co-managed versus Windows devices that are only managed by Intune), then list those approaches on separate rows.

Provision Protect from loss/theft Deploy/update apps Backup & protect Protect from injections Complies with policies Track Decommission
Windows 10 & 11 (co-managed) Autopilot Gap ConfigMgr Gap Windows Security ConfigMgr ConfigMgr Intune Intune and Autopilot
Windows 10 & 11 (Intune) Autopilot Intune (remote wipe) Intune OneDrive for Business Windows Security Microsoft Advanced Threat Protection Intune Intune and Autopilot
Mac OS Jamf Pro Intune (remote wipe) Jamf Pro OneDrive for Business Gap Jamf Pro Intune Jamf Pro

Document the results on the “IT Management Tools” slide in the “IT Support” section of your End-User Computing Strategy Template.

2.2.2 Identify common incidents and requests for devices

Analyze your service desk ticket data. Look for the following information:

  • The most common incidents and service requests around end-user devices and business apps
  • Incident categories and service requests that almost always involve escalations

Record the level at which these tickets can be resolved today. Ensure you include these groups:

  • Tier 0 (i.e. end-user self-service)
  • Tier 1 (i.e. user’s first point of contact at the service desk)
  • Desk-side support and field-support groups
  • End-user computing specialist teams (e.g. desktop engineering, mobile device management teams)
  • Other specialist teams (e.g. security, enterprise applications, DevOps)

Record the desired state. For each incident and request, to where do you want to shift resolution?

Record this chart on the “Current State of IT Support” slide in the “IT Support” section of your End-User Computing Strategy Template.

Most Common Incidents & Requests Self-Service Service Desk Tier 1 Desk-Side or Field Support End-User Computing
Connect/fix a printer X
Web conferencing issue X
Bluetooth issues X
Outlook issues X
Install standard app X
Install app requiring approval X
Install nonstandard app X
Enroll personal iOS/Android device X
Enroll personal Mac/Windows computer X
Perform a factory reset on a lost or stolen device X
Unenroll device X

2.2.3 Record how you want to shift resolution

Identify opportunities to improve self-service and first contact resolution.

Starting with the chart you created in Activity 2.2.2, record the desired state. For each incident and request, to where do you want to shift resolution?

  • Identify quick wins. Where will it take low effort to shift resolution? Denote these items with a “QW” for quick win.
  • Identify high-value, high-effort shifts. Where do you want to prioritize shifting resolution? Base this decision on the desired benefits, guiding principles, and vision statement built in Phase 1. Denote these items with an “H” for high.
  • Identify low-value areas. Where would shifting provide low value to end users and/or would have low alignment to the benefits identified in Phase 1? Denote these items with an “L” for low.
  • Identify where no shift can occur. Some items cannot be shifted to self-service or to tier 1 due to governance considerations, security factors, or technical complexity. Denote these items with an “OoS” for out of scope.

Use the “Opportunities to Provide Self-Service and Articles” and “Desired State” slides in the “IT Support” section of your End-User Computing Strategy Template to document quick wins and high-value, high-effort shifts.

Most Common Incidents & Requests Self-Service Service Desk Tier 1 Desk-Side or Field Support End-User Computing
Connect/fix a printer H QW X
Web conferencing issue H X
Bluetooth issues L X
Outlook issues H H X
Install standard app X
Install app requiring approval H X
Install nonstandard app OoS X
Enroll personal iOS/Android device QW QW X
Enroll personal Mac/Windows computer QW QW X
Perform a factory reset on a lost or stolen device QW QW X
Unenroll device QW QW X

2.2.4 Define which IT groups are involved in supporting practices

Repeat activities 2.2.2 and 2.2.3 with the following list of tasks

IT Asset Management

  • Purchasing devices
  • Purchasing software licenses
  • Imaging devices
  • Deploying devices
  • Deploying software
  • Recovering devices
  • Recovering software

Release Management

  • Testing patches
  • Testing app updates
  • Testing OS updates
  • User acceptance testing

Managing Service Catalogs

  • Defining standard device offerings
  • Defining standard software offerings
  • Defining device and software entitlements
  • Updating published catalog entries

Knowledge Management

  • Writing internal KB articles
  • Writing user-facing articles
  • Training specialists
  • Training service desk agents
  • Training users

Portfolio Management

  • Prioritizing app upgrades or migrations
  • Prioritizing OS migrations
  • Prioritizing end-user computing projects

Step 2.3

Define Governance and Policies

Activities

2.3.1 Answer these organizational policy questions

2.3.2 Answer these security policy questions

Define the Offering

This step requires the following inputs:

  • List of supporting devices
  • List of persona groups
  • List of use cases

This step involves the following participants:

  • End-User Computing Manager
  • CIO
  • Help Desk Manager
  • Infrastructure Manager

Outcomes of this step

  • End-user computing organizational and security policies

Focus on organizational policies and enforcement

Policies set expectations and limits for mobile employees

Enforcement refers to settings on the devices, management and security tools, and process steps.

  • Policies define what should and should not be done with user-facing technology. These policies define expectations about user and IT behavior.
  • Enforcement ensures that policies are followed. User policies must often be enforced through human intervention, while technology policies are often enforced directly through infrastructure before any people get involved.

Use the “Policies” section in the End-User Computing Strategy Template to document the answers in this section. Activities 2.3.2 and 2.3.3 present links to policy templates. Use these templates to help address any gaps in your current policy suite.

2.3.1 Answer these organizational policy questions

Identify if there are different expectations for certain user groups, where exceptions are allowed, and how these policies will be enforced.

Entitlements

  • Who is entitled to receive and use prestigious computers?
  • Who is entitled to receive and use a smartphone?
  • What users are entitled to a stipend for personal device use?

Personal Device Use

  • What use cases are supported and are not supported on personal devices?
  • What level of visibility and control does IT need over personal devices?

Acceptable Use

  • Are people allowed to use corporate resources for personal use?
  • What are the guidelines around personal use?
  • Are users allowed to install personal apps on their corporate-issued computers and/or mobile devices?

Purchasing and Reimbursement

  • Who is allowed to purchase devices? Apps?
  • When can users file a reimbursement request?

Employee Monitoring

  • What user information is monitored?
  • When can that information be used and when can it not be used?

Use the “Policies” section of the End-User Computing Strategy Template to document these answers.

Identify organizational policy gaps

Use these templates as a starting point

Entitlements

Download the Mobile Device Connectivity & Allowance Policy template.

Purchasing & Reimbursement

Download the Purchasing Policy template.

Download the Mobile Device Reimbursement Policy template.

Download the Mobile Device Reimbursement Agreement template.

Acceptable Use

Download the General Security – User Acceptable Use Policy template.

Personal Device Use

Download the BYOD Acceptable Use Policy template.

Download the Mobile Device Remote Wipe Waiver template.

Employee Monitoring

Download the General Security – User Acceptable Use Policy template.

Visit the Reduce and Manage Your Organization’s Insider Threat Risk blueprint to address this gap.

2.3.2 Answer these security policy questions

Identify if there are different expectations for certain user groups, where exceptions are allowed, and how these policies will be enforced.

Use Cases

  • What data and use cases are subject to stricter security measures?
  • Are certain use cases or data prohibited on personal devices?
  • Are there restrictions around where certain use cases are performed and by whom?

Patching

  • Are users expected to apply OS and app updates and patches? Or does IT automate patching?

Physical Security

  • What does the user need to do to secure their equipment?
  • If a device is lost or stolen, who does the user contact to report the lost or stolen device?

Cybersecurity

  • How will IT enforce security configuration baselines?
  • What does the user need to do (or not do) to secure their device?
  • Are certain users allowed to have local admin rights?
  • What happens when a device doesn’t comply with the required security configuration baseline?

Use the “Policies” section of the End-User Computing Strategy Template to document these answers.

Identify security policy gaps

Use these templates as a starting point

Use Cases

Download the General Security – User Acceptable Use Policy template.

Visit the Discover and Classify Your Data blueprint to address this gap.

Patching

Download the General Security – User Acceptable Use Policy template.

Physical and Cyber Security

Download the General Security – User Acceptable Use Policy template.

Visit the Develop and Deploy Security Policies blueprint to address this gap.

For help defining your own security configuration baselines for each operating system, reference best practice documentation such as:

National Institute of Standards and Technology’s National Checklist Program.

Center for Internet Security’s solutions.

Microsoft’s security baseline settings for Windows 10 and 11 Configuration Service Providers.

Phase 3

Build the Roadmap

Set the Direction

1.1 Identify Desired Benefits

1.2 Perform a User Group Analysis

1.3 Define the Vision

Define the Offering

2.1 Define the Standard Offerings

2.2 Outline Supporting Services

2.3 Define Governance and Policies

Build the Roadmap

3.1 Develop Initiatives

This phase will walk you through the following activities:

  • Defining initiatives for each EUC domain
  • Building a customer journey map for any end-user computing migrations
  • Building a roadmap for EUC initiatives

This phase involves the following participants:

  • End-User Computing Team

Step 3.1

Develop Initiatives

Activities

3.1.1 Identify initiatives for each EUC practice

3.1.2 Build out the user’s migration journey map

3.1.3 Build out a list of initiatives

Build the Roadmap

This step requires the following inputs:

  • User group workbook
  • Migration initiatives

This step involves the following participants:

  • Infrastructure Director
  • Head of End-User Computing
  • End-User Computing Team
  • Project Manager (if applicable)

Outcomes of this step

  • End-user computing roadmap
  • Migration plan

3.1.1 Identify the gaps in each EUC area

Build a high-level profile of the changes you want to make

For each of the five areas, build a profile for the changes you want to implement. Record:

  1. The owner of the area
  2. The objective that you want to accomplish
  3. The desired benefits from focusing on that area
  4. Any dependencies to the work
  5. Risks that can cause the objective and benefits to not be achieved

Identify the initiatives involved in each area.

Document these profiles and initiatives in the “Roadmap” section of your End-User Computing Strategy Template.

  1. Devices
    • Corporate-issued devices
    • Standard offerings
  2. User Support
    • Self-service
    • Tier 1 support
  3. Use Cases
    • Providing value
    • Business apps
  4. Policy & Governance
    • Personal device use
    • IT policy
  5. Fitness for Use
    • Securing devices
    • Patching

Your initiatives may require a user migration

Plan the user’s migration journey

Consider each user group’s and each persona’s unique needs and challenges throughout the migration.

  1. Preparing to migrate: The user may need to schedule the migration with IT and back up files.
  2. Migrating: IT executes the migration (e.g. updates the OS, changes management tools).
  3. Getting assistance: When a user experiences an error during the migration, how will they get help from IT?
  4. Post-migration: How will IT and the user know that the migration was successful one week later?

Understand the three migration approaches

Online

Users execute the migrate on their own (e.g. Microsoft’s consumer migration to Windows 10).

In person

Users come in person, select a device, and perform the migration with a specialist. If the device needs support, they return to the same place (e.g. buying a computer from a store).

Hybrid

Users select a device. When the device is ready, they can schedule time to pick up the device and perform the migration with a specialist (e.g. purchasing an iPhone in advance from Apple’s website with in-store pick-up).

Be prepared to support remotely

Migrations to the new tool may fail. IT should check in with the user to confirm that the device successfully made the migration.

3.1.2 Build out the user’s migration journey map

Contemplate a roadmap to plan for end-user computing initiatives

  • As a group, brainstorm migration initiatives.
  • For each of the four phases, identify:
    • User activities: actions we need the user to do
    • IT activities: actions and processes that IT will perform internally
    • User touchpoints with IT: how the user will interact with the IT group
    • Opportunities: ideas for how IT can provide additional value to the end user in this phase.
  • Use the example in the End-User Computing Strategy Template as a starting point.

Download the End-User Computing Strategy Template.

Embed requirements gathering throughout your roadmap

Use a combination of surveys, focus groups, and interviews

You’re doing more than eliciting opinions – you’re performing organizational change management.

  • Use surveys to profile the demand for specific requirements. When a project is announced, develop surveys to gauge what users consider must-have, should-have, and could-have requirements.
  • Interviews should be used with high-value targets. Those who receive one-on-one face time can help generate good requirements and allow for effective communication around requirements.
  • Focus groups are used to get input from multiple people in a similar role. This format allows you to ask a few open-ended questions to groups of about five people.

The benefits of interviews and focus groups:

  • Foster direct engagement: IT is able to hear directly from stakeholders about what they are looking to do with a solution and the level of functionality that they expect from it.
  • Offer greater detail: With interviews, greater insight can be gained by leveraging information that traditional surveys wouldn’t uncover. Face-to-face interactions provide thorough answers and context that helps inform requirements.
  • Remove ambiguity: Face-to-face interactions allow opportunities to follow up on ambiguous answers. Clarify what stakeholders are looking for and expect in a project.
  • Enable stakeholder management: Interviews are a direct line of communication with project stakeholders. They provide input and insight and help to maintain alignment, plan next steps, and increase awareness within the IT organization.

Activity instructions:

  1. Early requirements ideation: Identify who you want to interview through one-on-one meetings and focus groups.
  2. Requirements validation and prioritization: Identify which user groups you plan to survey and when.
  3. Usability testing: Plan to include usability testing during each phase. Build it into your release practices.

3.1.3 Build out a list of initiatives

Download a copy of the Roadmap Tool

On tab “1. Setup”:

  • Update category 1 to be all the EUC areas (i.e. Devices, User Support).
  • Update category 2 and category 3 with meaningful items (e.g. operating system, device model, persona group).

Use tab “2. Data Entry” to record your list of initiatives.

  • Each initiative should have its own row. Write a high-level summary under “Roadmap Item” and include more detail under “Description and Rationale.”
  • Enter each initiative’s effort, priority, and timeline for beginning. These are mandatory fields for tab “3. Roadmap” to work properly.

Use tab “3. Roadmap” to visualize your data. You will have to press “Refresh All” under Data in the ribbon for the PivotChart to update.

Copy the roadmap visual on tab “3. Roadmap” into your End-User Computing Strategy Template. You can also copy the list of initiatives over into the document.

Download the Roadmap Tool.

Summary of Accomplishment

Problem Solved

You built a strategy to improve the balance between user enablement, risk mitigation, and cost optimization. Throughout the blueprint, you identified opportunities to provide additional value to end users and stakeholders during these activities:

  • Goals cascade
  • User group analysis
  • Definition of standard device types and platforms
  • IT support shift-left analysis
  • Policy gap analysis
  • Roadmapping

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

Contact your account representative for more information.

workshops@infotech.com

1-888-670-8889

Additional Support

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

Contact your account representative for more information.

workshops@infotech.com 1-888-670-8889

To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

Identify User Groups

Identify each user group based on the business processes, tasks, and applications they use.

Define Standard Device Offerings

Record your provisioning models for each user group and the primary and secondary devices, apps, and peripherals that each group receives.

Related Info-Tech Research

Simplify Remote Deployment With Zero-Touch Provisioning

This project helps you align your zero-touch approach with stakeholder priorities and larger IT strategies. You will be able to build your zero-touch provisioning and patching plan from both the asset lifecycle and the end-user perspective to create a holistic approach that emphasizes customer service. Tailor deployment plans to more easily scope and resource deployment projects.

Implement Hardware Asset Management

This project will help you analyze the current state of your HAM program, define assets that will need to be managed, and build and involve the ITAM team from the beginning to help embed the change. It will also help you define standard policies, processes, and procedures for each stage of the hardware asset lifecycle, from procurement through to disposal.

Govern Office 365

This project will help you conduct a goals exercise and capability assessment for Office 365. You will be able to refine governance objectives, build out controls, formalize governance, build out one pagers, and finalize a communication plan.

Research Contributors and Experts

  • Steve Fox, Deputy IT Director, Virginia State Corporation Commission
  • Mazen Joukhadar, TransForm Shared Service Organization
  • Nathan Schlaud, PMO Senior Director, RPC Inc.
  • Rebecca Mountjoy, Infrastructure Systems Manager, BlueScope Buildings
  • DJ Robins, Director of Information Technology, Mohawk MedBuy
  • Jason Jenkins, Tech. Specialist, Michal Baker Corp.
  • Brad Wells, IT Infrastructure Solutions Architect, London Police Service
  • Danelle Peddell, Director, Project Management Office, Emco Corporation
  • John Annand, Principal Research Director, Info-Tech Research Group
  • Allison Kinnaird, Research Director and Research Lead, Info-Tech Research Group
  • Sandi Conrad, Principal Research Director, Info-Tech Research Group
  • Andrew Kum-Seun, Senior Research Analyst, Info-Tech Research Group
  • Mark Tauschek, Vice President IT Infrastructure & Operations Research, Info-Tech Research Group

A special thank-you to 6 anonymous contributors

Bibliography

“2020 Annual Report and Proxy.” Citrix, 2020. Accessed Oct. 2021.

“2021 BYOD Security Report.” Cybersecurity Insiders, 2021. Web.

Anderson, Arabella. “12 Remote Work Statistics to Know in 2022.” NorthOne, 2021. Accessed Oct. 2021.

Bayes, Scarlett. “ITSM: 2021 & Beyond.” Service Desk Institute, 14 April 2021, p. 14. Web.

Belton, Padraig. “Intel: Chip shortage will extend to at least 2023.” Light Reading, 22 Oct. 2021. Web.

Beroe Inc. “Demand for PC Components Saw a Surge Due to COVID-19, Says Beroe Inc.” Cision PR Newswire, 2 Sept. 2021. Web.

Devaraj, Vivekananthan. “Reference Architecture: Remote PC Access.” Citrix, 2021. Accessed Aug. 2021.

“Elements of the Project Charter and Project Scope Statement.” A Guide to PMBOK, 7th edition, PMI, 2021. Accessed Sept. 2021.

Elliott, Christopher. “This Is How The Pandemic Improved Customer Service.” Forbes, 2021. Accessed Oct. 2021.

“Enable TMP 2.0 on your PC.” Microsoft, Support, Aug. 2021. Web.

“End User Computing Trends to Look Out for in 2021.” Stratodesk, 30 Oct. 2020. Accessed September 2021.

“Global State of Customer Service: The Transformation of Customer Service from 2015 to Present Day.” Microsoft, 2019. Web.

Goodman, Elizabeth et al. “Observing the User Experience” A Practitioner's Guide to User Research, 2nd edition. Elsevier, 2012. Accessed Sept. 2021.

Govindarajulu, Chittibabu. “An Instrument to Classify End-Users Based On the User Cube” Informing Science, June 2002. Accessed September 2021.

Griffith, Eric. “Remote Employees to Bosses: Our PCs Suck!” PCMag, 11 Oct. 2021. Web.

Hutchings, Jeffrey D., and Craig A. de Ridder. “Impact of Remote Working on End User Computing Solutions and Services.” Pillsbury, 2021. Accessed Sept. 2021

“ITIL4 Create, Deliver, and Support.” Axelos, 2020. Accessed Sept. 2021.

“ITIL4 Drive Stakeholder Value” Axelos, 2020. Accessed Sept. 2021.

Mcbride, Neil, and Trevor Wood-Harper. “Towards User-Oriented Control of End-User Computing in Large Organizations” Journal of Organizational and End User Computing, vol. 14, no. 1, pp. 33-41, 2002. Accessed September 2021.

““Microsoft Endpoint Configuration Manager Documentation.” Microsoft Docs, Microsoft, 2021. Accessed Sept. 2021.

“Microsoft Intune documentation.” Microsoft Docs, Microsoft. Accessed Sept. 2021.

“Mobile Cellular Subscriptions (per 100 People).” The World Bank, International Telecommunication Union (ITU) World Telecommunication/ICT Indicators Database, 2020. Web.

Morgan, Jacob. “The Employee Experience Advantage: How to Win the War for Talent by Giving Employees the Workspaces they Want, the Tools they Need, and a Culture They Can Celebrate.” Wiley, 2017. Accessed Sept. 2021.

Murphy, Anna. “How the pandemic has changed customer support forever.” Intercom, 2021. Accessed Sept. 2021.

“Operating System Market Share Worldwide, Jan 2021-Jan 2022.” StatCounter GlobalStats, 2022. Web.

“Operating System Market Share Worldwide, Jan-Dec 2011.” StatCounter GlobalStats, 2012. Web.

Pereira, Karla Susiane, et al. “A Taxonomy to Classify Risk End-User Profile in Interaction with the Computing Environment.” In: Tryfonas T. (eds.) Human Aspects of Information Security, Privacy, and Trust. HAS 2016. Lecture Notes in Computer Science, vol. 9750. Accessed Sept. 2021.

Perrin, Andrew. “Mobile Technology and Home Broadband 2020.” Pew Research Center, 3 June 2021. Web.

Quan-Haase, Anabel. “Technology and Society: Social Networks, Power, and Inequality” Oxford University Press, 2012. Accessed Aug. 2021.

Reed, Karin, and Joseph Allen. “Suddenly Virtual: Making Remote Meetings Work.” Wiley, 2021. Accessed Aug. 2021.

Rockart, John F., and Lauren S. Flannery. “The management of end user computing.” Communications of the ACM, vol. 26, no. 10, Oct. 1983. Accessed September 2021.

Turek, Melanie. “Employees Say Smartphones Boost Productivity by 34 Percent: Frost & Sullivan Research.” Samsung Insights, 3 Aug. 2016. Web.

Vladimirskiy, Vadim. “Windows 365 vs. Azure Virtual Desktop (AVD) – Comparing Two DaaS Products.” Nerdio, 2021. Accessed Aug. 2021.

“VMware 2021 Annual Report.” VMware, Financial Document Library, 2021. Web.

VMworld 2021, Oct. 2021.

Vogels, Emily A. “Digital divide persists even as americans with lower incomes make gains in tech adoption.” Pew Research Center, 22 June 2021. Web.

“What is End-User computing?” VMware, 2021. Accessed Aug. 2021.

“Windows 10 Home and Pro.” Microsoft, Docs, 2021. Web.

Zibreg, Christian. “Microsoft 365 Now Boasts Over 50 Million Subscribers.” MUD, 29 April 2021. Web.

Develop a Targeted Flexible Work Program for IT

  • Buy Link or Shortcode: {j2store}542|cart{/j2store}
  • member rating overall impact (scale of 10): 9.0/10 Overall Impact
  • member rating average dollars saved: $18,909 Average $ Saved
  • member rating average days saved: 13 Average Days Saved
  • Parent Category Name: Attract & Select
  • Parent Category Link: /attract-and-select
  • Workplace flexibility continues to be top priority for IT employees. Organizations who fail to offer flexibility will have a difficult time attracting, recruiting, and retaining talent.
  • When the benefits of remote work are not available to everyone, this raises fairness and equity concerns.

Our Advice

Critical Insight

IT excels at hybrid location work and is more effective as a business function when location flexibility is an option for its employees. But hybrid work is just a start. A comprehensive flex work program extends beyond flexible location, so organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent.

Impact and Result

  • Uncover the needs of unique employee segments to shortlist flexible work options that employees want and will use.
  • Assess the feasibility of various flexible work options and select ones that meet employee needs and are feasible for the organization.
  • Equip leaders with the information and tools needed to implement and sustain a flexible work program.

Develop a Targeted Flexible Work Program for IT Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Assess employee and organizational flexibility needs

Identify prioritized employee segments, flexibility challenges, and the desired state to inform program goals.

  • Develop a Targeted Flexible Work Program for IT – Phases 1-3
  • Talent Metrics Library
  • Targeted Flexible Work Program Workbook
  • Fast-Track Hybrid Work Program Workbook

2. Identify potential flex options and assess feasibility

Review, shortlist, and assess the feasibility of common types of flexible work. Identify implementation issues and cultural barriers.

  • Flexible Work Focus Group Guide
  • Flexible Work Options Catalog

3. Implement selected option(s)

Equip managers and employees to adopt flexible work options while addressing implementation issues and cultural barriers and aligning HR programs.

  • Guide to Flexible Work for Managers and Employees
  • Flexible Work Time Policy
  • Flexible Work Time Off Policy
  • Flexible Work Location Policy

Infographic

Workshop: Develop a Targeted Flexible Work Program for IT

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Prepare to Assess Flex Work Feasibility

The Purpose

Gather information on organizational and employee flexibility needs.

Key Benefits Achieved

Understand the flexibility needs of the organization and its employees to inform a targeted flex work program.

Activities

1.1 Identify employee and organizational needs.

1.2 Identify employee segments.

1.3 Establish program goals and metrics.

1.4 Shortlist flexible work options.

Outputs

Organizational context summary

List of shortlisted flex work options

2 Assess Flex Work Feasibility

The Purpose

Perform a data-driven feasibility analysis on shortlisted work options.

Key Benefits Achieved

A data-driven feasibility analysis ensures your flex work program meets its goals.

Activities

2.1 Conduct employee/manager focus groups to assess feasibility of flex work options.

Outputs

Summary of flex work options feasibility per employee segment

3 Finalize Flex Work Options

The Purpose

Select the most impactful flex work options and create a plan for addressing implementation challenge

Key Benefits Achieved

A data-driven selection process ensures decisions and exceptions can be communicated with full transparency.

Activities

3.1 Finalize list of approved flex work options.

3.2 Brainstorm solutions to implementation issues.

3.3 Identify how to overcome cultural barriers.

Outputs

Final list of flex work options

Implementation barriers and solutions summary

4 Prepare for Implementation

The Purpose

Create supporting materials to ensure program implementation proceeds smoothly.

Key Benefits Achieved

Employee- and manager-facing guides and policies ensure the program is clearly documented and communicated.

Activities

4.1 Design employee and manager guide prototype.

4.2 Align HR programs and policies to support flexible work.

4.3 Create a communication plan.

Outputs

Employee and manager guide to flexible work

Flex work roadmap and communication plan

5 Next Steps and Wrap-Up

The Purpose

Put everything together and prepare to implement.

Key Benefits Achieved

Our analysts will support you in synthesizing the workshop’s efforts into a cohesive implementation strategy.

Activities

5.1 Complete in-progress deliverables from previous four days.

5.2 Set up review time for workshop deliverables and to discuss next steps.

Outputs

Completed flexible work feasibility workbook

Flexible work communication plan

Further reading

Develop a Targeted Flexible Work Program for IT

Select flexible work options that balance organizational and employee needs to drive engagement and improve attraction and retention.

Executive Summary

Your Challenge

  • IT leaders continue to struggle with workplace flexibility, and it is a top priority for IT employees; as a result, organizations who fail to offer flexibility will have a difficult time attracting, recruiting, and retaining talent.
  • The benefits of remote work are not available to everyone, raising fairness and equity concerns for employees.

Common Obstacles

  • A one-size-fits-all approach to selecting and implementing flexible work options fails to consider unique employee needs and will not reap the benefits of offering a flexible work program (e.g. higher engagement or enhanced employer brand).
  • Improper structure and implementation of flexible work programs exacerbates existing challenges (e.g. high turnover) or creates new ones.

Info-Tech's Approach

  • Uncover the needs of unique employee segments to shortlist flexible work options that employees want and will use.
  • Assess the feasibility of various flexible work options and select ones that meet employee needs and are feasible for the organization.
  • Equip leaders with the information and tools needed to implement and sustain a flexible work program.

Info-Tech Insight

IT excels at hybrid location work and is more effective as a business function when location flexibility is an option for its employees. But hybrid work is just a start. A comprehensive flex work program extends beyond flexible location, so organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent.

Flexible work arrangements are a requirement in today's world of work

Flexible work continues to gain momentum…

A 2022 LinkedIn report found that the following occurred between 2019 and 2021:

+362%

Increase in LinkedIn members sharing content with the term "flexible work."

+83%

Increase in job postings that mention "flexibility."
(LinkedIn, 2022)

In 2022, Into-Tech found that hybrid was the most commonly used location work model for IT across all industries.

("State of Hybrid Work in IT," Info-Tech Research Group, 2022)

…and employees are demanding more flexibility

90%

of employees said they want schedule and location flexibility ("Global Employee Survey," EY, 2021).

17%

of resigning IT employees cited lack of flexible work options as a reason ("IT Talent Trends 2022," Info-Tech Research Group, 2022).

71%

of executives said they felt "pressure to change working models and adapt workplace policies to allow for greater flexibility" (LinkedIn, 2021).

Therefore, organizations who fail to offer flexibility will be left behind

Difficulty attracting and retaining talent

98% of IT employees say flexible work options are important in choosing an employer ("IT Talent Trends 2022," Info-Tech Research Group, 2022).

Worsening employee wellbeing and burnout

Knowledge workers with minimal to no schedule flexibility are 2.2x more likely to experience work-related stress and are 1.4x more likely to suffer from burnout (Slack, 2022; N=10,818).

Offering workplace flexibility benefits organizations and employees

Higher performance

IT departments that offer some degree of location flexibility are more effective at supporting the organization than those who do not.

35% of service desk functions report improved service since implementing location flexibility.
("State of Hybrid Work in IT," Info-Tech Research Group, 2023).

Enhanced employer brand

Employees are 2.1x more likely to recommend their employer to others when they are satisfied with their organization's flexible work arrangements (LinkedIn, 2021).

Improved attraction

41% of IT departments cite an expanded hiring pool as a key benefit of hybrid work.

Organizations that mention "flexibility" in their job postings have 35% more engagement with their posts (LinkedIn, 2022).

Increased job satisfaction

IT employees who have more control over their working arrangement experience a greater sense of contribution and trust in leadership ("State of Hybrid Work in IT," Info-Tech Research Group, 2023).

Better work-life balance

81% of employees say flexible work will positively impact their work-life balance (FlexJobs, 2021).

Boosted inclusivity

  • Caregivers regardless of gender, supporting them in balancing responsibilities
  • Individuals with disabilities, enabling them to work from the comfort of their homes
  • Women who may have increased responsibilities
  • Women of color to mitigate the emotional tax experienced at work

Info-Tech Insight

Flexible work options are not a concession to lower productivity. Properly implemented, flex work enables employees to be more productive at reaching business goals.

Despite the popularity of flexible work options, not all employees can participate

IT organizations differ on how much flexibility different roles can have.

IT employees were asked what percentage of IT roles were currently in a hybrid or remote work arrangement ("State of Hybrid Work in IT," Info-Tech Research Group, 2023).

However, the benefits of remote work are not available to all, which raises fairness and equity concerns between remote and onsite employees.

45%

of employers said, "one of the biggest risks will be their ability to establish fairness and equity among employees when some jobs require a fixed schedule or location, creating a 'have and have not' dynamic based on roles" ("Businesses Suffering," EY, 2021).

Offering schedule flexibility to employees who need to be fully onsite can be used to close the fairness and equity gap.

When offered the choice, 54% of employees said they would choose schedule flexibility over location flexibility ("Global Employee Survey," EY, 2021).

When employees were asked "What choice would you want your employer to provide related to when you have to work?" The top three choices were:

68%

Flexibility on when to start and finish work

38%

Compressed or four-day work weeks

33%

Fixed hours (e.g. 9am to 5pm)

Disclaimer: "Percentages do not sum to 100%, as each respondent could choose up to three of the [five options provided]" ("Global Employee Survey," EY, 2021).

Beware of the "all or nothing" approach

There is no one-size-fits-all approach to workplace flexibility.

Understanding the needs of various employee segments in the organization is critical to the success of a flexible work program.

Working parents want more flexibility

82%

of working mothers desire flexibility in where they work.

48%

of working fathers "want to work remotely 3 to 5 days a week."

Historically underrepresented groups value more flexibility

38%

"Thirty-eight percent of Black male employees and 33% of Black female employees would prefer a fully flexible schedule, compared to 25% of white female employees and 26% of white male employees."
(Slack, 2022; N=10,818)

33%

Workplace flexibility must be customized to the organization to avoid longer working hours and heavy workloads that impact employee wellbeing

84%

of remote workers and 61% of onsite workers reported working longer hours post pandemic. Longer working hours were attributed to reasons such as pressure from management and checking emails after working hours (Indeed, 2021).

2.6x

Respondents who either agreed or strongly agreed with the statement "Generally, I find my workload reasonable" were 2.6x more likely to be engaged compared to those who stated they disagreed or strongly disagreed (McLean & Company Engagement Survey Database;2022; N=5,615 responses).

Longer hours and unsustainable workloads can contribute to stress and burnout, which is a threat to employee engagement and retention. With careful management (e.g. setting clear expectations and establishing manageable workloads), flexible work arrangement benefits can be preserved.

Info-Tech Insight

Employees' lived experiences and needs determine if people use flexible work programs – a flex program that has limited use or excludes people will not benefit the organization.

Develop a flexible work program that meets employee and organizational needs

This is an image of a sample flexible work program which meets employee and organizational needs.

Insight summary

Overarching insight: IT excels at hybrid location work and is more effective as a business function when location, time, and time-off flexibility are an option for its employees.

Introduction

Step 1 insight

Step 2 insight

Step 3 insight

  • Flexible work options are not a concession to lower productivity. Properly implemented, flex work enables employees to be more productive at reaching business goals.
  • Employees' lived experiences and needs determine if people use flexible work programs – a flex program that has limited use or excludes people will not benefit the organization.
  • Flexible work benefits everyone. IT employees experience greater engagement, motivation, and company loyalty. IT organizations realize benefits such as better service coverage, reduced facilities costs, and increased productivity.
  • Hybrid work is a start. A comprehensive flex work program extends beyond flexible location to flexible time and time off. Organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent. Provide greater inclusivity to employees by broadening the scope to include flex location, flex time, and flex time off.
  • No two employee segments are the same. To be effective, flexible work options must align with the expectations and working processes of each segment.
  • Every role is eligible for hybrid location work. If onsite work duties prevent an employee group from participating, see if processes can be digitized or automated. Flexible work is an opportunity to go beyond current needs to future proofing your organization.
  • Flexible work options must balance organizational and employee needs. If an option is beneficial to employees but there is little or no benefit to the organization, or if the cost of the option is too high, it will not support the long-term success of the organization.
  • Prioritize flexible work options that employees want. Providing too many options often leads to information overload and results in employees not understanding what is available, lowering adoption of the flexible work program.
  • Leaders' collective support of the flexible program determines the program's successful adoption. Don't sweep cultural barriers under the rug; acknowledge and address them to overcome them.
  • Negative performance of a flexible work option does not necessarily mean failure. Take the time to evaluate whether the option simply needs to be tweaked or whether it truly isn't working for the organization.
  • A set of formal guidelines for IT ensures flexible work is:
    1. Administered fairly across all IT employees.
    2. Defensible and clear.
    3. Scalable to the rest of the organization.

Case Study

Expanding hybrid work at Info-Tech

Challenge

In 2020, Info-Tech implemented emergency work-from-home for its IT department, along with the rest of the organization. Now in 2023, hybrid work is firmly embedded in Info-Tech's culture, with plans to continue location flexibility for the foreseeable future.

Adjusting to the change came with lessons learned and future-looking questions.

Lessons Learned

Moving into remote work was made easier by certain enablers that had already been put in place. These included issuing laptops instead of desktops to the user base and using an existing cloud-based infrastructure. Much support was already being done remotely, making the transition for the support teams virtually seamless.

Continuing hybrid work has brought benefits such as reduced commuting costs for employees, higher engagement, and satisfaction among staff that their preferences were heard.

Looking Forward

Every flexible work implementation is a work in progress and must be continually revisited to ensure it continues to meet organizational and employee needs. Current questions being explored at Info-Tech are:

  • The concept of the "office as a tool" – how does use of the office change when it is used for specific collaboration-related tasks, rather than everything? How should the physical space change to support this?
  • What does a viable replacement for quick hallway meetings look like in a remote world where communication is much more deliberate? How can managers adjust their practices to ensure the benefits of informal encounters aren't lost?

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

Preparation

Step 1

Step 2

Step 3

Follow-up

Call #1: Scope requirements, objectives, and your specific challenges.

Call #2: Assess employee and organizational needs.

Call #3: Shortlist flex work options and assess feasibility.

Call #4: Finalize flex work options and create rollout plan.

Call #5: (Optional) Review rollout progress or evaluate pilot success.

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 3 to 5 calls over the course of 4 to 6 months.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Day 1

Day 2

Day 3

Day 4

Day 5

Activities

Prepare to assess flex work feasibility

Assess flex work feasibility

Finalize flex work options

Prepare for implementation

Next Steps and Wrap-Up (offsite)

1.1 Identify employee and organizational needs.

1.2 Identify employee segments.

1.3 Establish program goals and metrics.

1.4 Shortlist flex work options.

2.1 Conduct employee/manager focus groups to assess feasibility of flex work options.

3.1 Finalize list of approved flex work options.

3.2 Brainstorm solutions to implementation issues.

3.2 Identify how to overcome cultural barriers.

4.1 Design employee and manager guide prototype.

4.2 Align HR programs and policies to support flexible work.

4.3 Create a communication plan.

5.1 Complete in-progress deliverables from previous four days.

5.2 Set up review time for workshop deliverables and to discuss next steps.

Deliverables

  1. Organizational context summary
  2. List of shortlisted flex work options
  1. Summary of flex work options' feasibility per employee segment
  1. 1.Final list of flex work options
  2. 2.Implementation barriers and solutions summary
  1. Employee and manager guide to flexible work
  2. Flex work roadmap and communication plan
  1. Completed flexible work feasibility workbook
  2. Flexible work communication plan

Step 1

Assess employee and organizational needs

1. Assess employee and organizational flexibility needs
2. Identify potential flex options and assess feasibility
3. Implement selected option(s)

After completing this step you will have:

  • Identified key stakeholders and their responsibilities
  • Uncovered the current and desired state of the organization
  • Analyzed feedback to identify flexibility challenges
  • Identified and prioritized employee segments
  • Determined the program goals
  • Identified the degree of flexibility for work location, timing, and deliverables

Identify key stakeholders

Organizational flexibility requires collaborative and cross-functional involvement to determine which flexible options will meet the needs of a diverse workforce. HR leads the project to explore flexible work options, while other stakeholders provide feedback during the identification and implementation processes.

HR

  • Assist with the design, implementation, and maintenance of the program.
  • Provide managers and employees with guidance to establish successful flexible work arrangements.
  • Help develop communications to launch and maintain the program.

Senior Leaders

  • Champion the project by modeling and promoting flexible work options
  • Help develop and deliver communications; set the tone for flexible work at the organization.
  • Provide input into determining program goals.

Managers

  • Model flexible work options and encourage direct reports to request and discuss options.
  • Use flexible work program guidelines to work with direct reports to select suitable flexible work options.
  • Develop performance metrics and encourage communication between flexible and non-flexible workers.

Flexible Workers

  • Indicate preferences of flexible work options to the manager.
  • Identify ways to maintain operational continuity and communication while working flexibly.
  • Flag issues and suggest improvements to the manager.
  • Develop creative ways to work with colleagues who don't work flexibly.

Non-Flexible Workers

  • Share feedback on issues with flexible arrangements and their impact on operational continuity.

Info-Tech Insight

Flexible work is a holistic team effort. Leaders, flexible workers, teammates, and HR must clearly understand their roles to ensure that teams are set up for success.

Uncover the current and desired state of flexibility in the organization

Current State

Target State

Review:

  • Existing policies related to flexibility (e.g. vacation, work from anywhere)
  • Existing flexibility programs (e.g. seasonal hours) and their uptake
  • Productivity of employees
  • Current culture at the organization. Look for:
    • Employee autonomy
    • Reporting structure and performance management processes
    • Trust and psychological safety of employees
    • Leadership behavior (e.g. do leaders model work-life balance, or does the organization have a work 24/7 mentality?)

Identify what is driving the need for flexible work options. Ask:

  • Why does the organization need flexible options?
    • For example, the introduction of flexibility for some employees has created a "have and have not" dynamic between roles that must be addressed.
  • What does the organization hope to gain from implementing flexible options? For example:
    • Improved retention
    • Increased attraction, remaining competitive for talent
    • Increased work-life balance for employees
    • Reduced burnout
  • What does the organization aspire to be?
    • For example, an organization that creates an environment that values output, not face time.

These drivers identify goals for the organization to achieve through targeted flexible work options.

Info-Tech Insight

Hybrid work is a start. A comprehensive flex work program extends beyond flexible location, so organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent. Provide greater inclusivity to employees by broadening the scope to include flex location, flex time, and flex time off.

Identify employee segments

Using the data, feedback, and challenges analyzed and uncovered so far, assess the organization and identify employee segments.

Identify employee segments with common characteristics to assess if they require unique flexible work options. Assess the feasibility options for the segments separately in Step 2.

  • Segments' unique characteristics include:
    • Role responsibilities (e.g. interacting with users, creating reports, development and testing)
    • Work location/schedule (e.g. geographic, remote vs. onsite, 9 to 5)
    • Work processes (e.g. server maintenance, phone support)
    • Group characteristics (e.g. specific teams, new hires)

Identify employee segments and sort them into groups based on the characteristics above.

Examples of segments:

  • Functional area (e.g. Service Desk, Security)
  • Job roles (e.g. desktop support, server maintenance)
  • Onsite, remote, or hybrid
  • Full-time or part-time
  • Job level (e.g. managers vs. independent contributors)
  • Employees with dependents

Prioritize employee segments

Determine whether the organization needs flexible work options for the entire organization or specific employee segments.
For specific employee segments:

  • Answer the questions on the right to identify whether an employee segment is high, medium, or low priority. Complete slides 23 to 25 for each high-priority segment, repeating the process for medium-priority segments when resources allow.

For the entire organization:

  • When identifying an option for the entire organization, consider all segments. The approach must create consistency and inclusion; keep this top of mind when identifying flexibility on slides 23 to 25. For example, the work location flexibility would be low in an organization where some segments can work remotely and others must be onsite due to machinery requirements.

High priority: The employee segment has the lowest engagement scores or highest turnover within the organization. Segment sentiment is that current flexibility is nonexistent or not sufficiently meeting needs.
Medium priority: The employee segment has low engagement or high turnover. Segment sentiment is that currently available flexibility is minimal or not sufficiently meeting needs.
Low priority: The segment does not have the lowest engagement or the highest turnover rate. Segment sentiment is that currently available flexibility is sufficiently meeting needs.

  1. What is the impact on the organization if this segment's challenges aren't addressed (e.g. if low engagement and high turnover are not addressed)?
  2. How critical is flexibility to the segment's needs/engagement?
  3. How time sensitive is it to introduce flexibility to this segment (e.g. is the organization losing employees in this segment at a high rate)?
  4. Will providing flexibility to this segment increase organizational productivity or output

Identify challenges to address with flexibility

Uncover the lived experiences and expectations of employees to inform selection of segments and flexible options.

  1. Collect data from existing sources, such as:
    • Engagement surveys
    • New hire/exit surveys
    • Employee experience monitor surveys
    • Employee retention pulse surveys
    • Burnout surveys
    • DEI pulse surveys
  2. Analyze employee feedback on experiences with:
    • Work duties
    • Workload
    • Work-life balance
    • Operating processes and procedures
    • Achieving operational outcomes
    • Collaboration and communication
    • Individual experience and engagement
  3. Evaluate the data and identify challenges

Example challenges:

  • Engagement: Low average score on work-life balance question; flexible work suggested in open-ended responses.
  • Retention: Exit survey indicating that lack of work-life balance is consistently a reason employees leave. Include the cost of turnover (e.g. recruitment, training, severance).
  • Burnout: Feedback from employees through surveys or HR business partner anecdotes indicating high burnout; high usage of wellness services or employee assistance programs.
  • Absenteeism: High average number of days employees were absent in the past year. Include the cost of lost productivity.
  • Operational continuity: Provide examples of when flexible work would have enabled operational continuity in the case of disaster or extended customer service coverage.
  • Program uptake: If the organization already has a flexible work program, provide data on the low proportion of eligible employees using available options.

1.1 Prepare to evaluate flexible work options

1-3 hours

Follow the guidance on preceding slides to complete the following activities.
Note: If you are only considering remote or hybrid work, use the Fast-Track Hybrid Work Program Workbook. Otherwise, proceed with the Targeted Flexible Work Program Workbook.

  1. Identify key stakeholders. Be sure to record the level of involvement and responsibility expected from each stakeholder. Use the "Stakeholders" tab of the workbook.
  2. Uncover current and desired state. Review and record your current state with respect to culture, productivity, and current flexible work options, if any. Next, record your desired future state, including reasons for implementing flexible work, and goals for the program. Record this in the "Current and Desired State" tab of the workbook.
  3. Identify and prioritize employee segments. Identify and record employee segments. Depending on the size of your department, you may identify a few or many. Be as granular as necessary to fully separate employee groups with different needs. If your resources or needs prevent you from rolling out flexible work to the entire department, record the priority level of each segment so you can focus on the highest priority first.
  4. Identify challenges with flexibility. With each employee segment in mind, analyze your available data to identify and record each segment's main challenges regarding flexible work. These will inform your program goals and metrics.

Download the Targeted Flexible Work Program Workbook

Download the Fast-Track Hybrid Work Program Workbook

Input

  • List of departmental roles
  • Data on employee engagement, productivity, sentiment regarding flexible work, etc.

Output

  • List of stakeholders and responsibilities
  • Flexible work challenges and aims
  • Prioritized list of employee segments

Materials

  • Targeted Flexible Work Program Workbook
    Or
  • Fast-Track Hybrid Work Program Workbook

Participants

  • IT department head
  • HR business partner
  • Flexible work program committee

Determine goals and metrics for the flexible work program

Sample program goals

Sample metrics

Increase productivity

  • Employee, team, and department key performance indicators (KPIs) before and after flexible work implementation
  • Absenteeism rate (% of lost working days due to all types of absence)

Improve business satisfaction and perception of IT value

Increase retention

  • % of exiting employees who cite lack of flexible work options or poor work-life balance as a reason they left
  • Turnover and retention rates

Improve the employee value proposition (EVP) and talent attraction

  • # of responses on the new hire survey where flexible work options or work-life balance are cited as a reason for accepting an employment offer
  • # of views of career webpage that mentions flexible work program
  • Time-to-fill rates

Improve engagement and work-life balance

  • Overall engagement score – deploy Info-Tech's Employee Engagement Diagnostics
  • Score for questions about work-life balance on employee engagement or pulse survey, including:
    • "I am able to maintain a balance between my work and personal life."
    • "I find my stress levels at work manageable."

Info-Tech Insight

Implementing flex work without solid performance metrics means you won't have a way of determining whether the program is enabling or hampering your business practices.

1.2 Determine goals and metrics

30 minutes

Use the examples on the preceding slide to identify program goals and metrics:

  1. Brainstorm program goals. Be sure to consider both the business benefits (e.g. productivity, retention) and the employee benefits (work-life balance, engagement). A successful flexible work program benefits both the organization and its employees.
  2. Brainstorm metrics for each goal. Identify metrics that are easy to track accurately. Use Info-Tech's IT and HR metrics libraries for reference. Ideally, the metrics you choose should already exist in your organization so no extra effort will be necessary to implement them. It is also important to have a baseline measure of each one before flexible work is rolled out.
  3. Record your outputs on the "Goals and Metrics" tab of the workbook.

Download the Targeted Flexible Work Program Workbook

Download the IT Metrics Library

Download the HR Metrics Library

Input

  • Organizational and departmental strategy

Output

  • List of program goals and metrics

Materials

  • Targeted Flexible Work Program Workbook
    Or
  • Fast-Track Hybrid Work Program Workbook

Participants

  • Flexible work program committee

Determine work location flexibility for priority segments

Work location looks at where a segment can complete all or some of their tasks (e.g. onsite vs. remote). For each prioritized employee segment, evaluate the amount of location flexibility available.

Work Duties

Processes

Operational Outcomes

High degree of flexibility

  • Low dependence on onsite equipment
  • Work easily shifts to online platforms
  • Low dependence on onsite external interactions (e.g. clients, customers, vendors)
  • Low interdependence of work duties internally (most work is independent)
  • Work processes and expectations are or can be formally documented
  • Remote work processes are sustainable long term

Most or all operational outcomes can be achieved offsite (e.g. products/service delivery not impacted by WFH)

  • Some dependence on onsite equipment
  • Some work can shift to online platforms
  • Some dependence on onsite external interactions
  • Some interdependence of work duties internally (collaboration is critical)
  • Most work processes and expectations have been or can be formally documented
  • Remote work processes are sustainable (e.g. workarounds can be supported and didn't add work)

Some operational outcomes can be achieved offsite (e.g. some impact of WFH on product/service delivery)

Low degree of flexibility

  • High dependence on onsite equipment
  • Work cannot shift to online platforms
  • High dependence on onsite external interactions
  • High interdependence of work duties internally (e.g. line work)
  • Few work processes and expectations can be formally documented
  • Work processes cannot be done remotely, and workarounds for remote work are not sustainable long term

Operational outcomes cannot be achieved offsite (e.g. significant impairment to product/service delivery)

Note

If roles within the segment have differing levels of location flexibility, use the lowest results (e.g. if role A in the segment has a high degree of flexibility for work duties and role B has a low degree of flexibility, use the results for role B).

Identify work timing for priority segments

Work timing looks at when work can or needs to be completed (e.g. Monday to Friday, 9am to 5pm).

Work Duties

Processes

Operational Outcomes

High degree of flexibility

  • No need to be available to internal and/or external customers during standard work hours
  • Equipment is available at any time
  • Does not rely on synchronous (occurring at the same time) work duties internally
  • Work processes and expectations are or can be formally documented
  • Low reliance on collaboration
  • Work is largely asynchronous (does not occur at the same time)

Most or all operational outcomes are not time sensitive

  • Must be available to internal and/or external customers during some standard work hours
  • Some reliance on synchronous work duties internally (collaboration is critical)
  • Most work processes and expectations have been or can be formally documented
  • Moderate reliance on collaboration
  • Some work is synchronous

Some operational outcomes are time sensitive and must be conducted within set date or time windows

Low degree of flexibility

  • Must be available to internal and/or external customers during all standard work hours (e.g. Monday to Friday 9 to 5)
  • High reliance on synchronous work duties internally (e.g. line work)
  • Few work processes and expectations can be formally documented
  • High reliance on collaboration
  • Most work is synchronous

Most or all operational outcomes are time sensitive and must be conducted within set date or time windows

Note

With additional coordination, flex time or flex time off options are still possible for employee segments with a low degree of flexibility. For example, with a four-day work week, the segment can be split into two teams – one that works Monday to Thursday and one that works Tuesday to Friday – so that employees are still available for clients five days a week.

Examine work deliverables for priority segments

Work deliverables look at the employee's ability to deliver on their role expectations (e.g. quota or targets) and whether reducing the time spent working would, in all situations, impact the work deliverables (e.g. constrained vs. unconstrained).

Work Duties

Operational Outcomes

High degree of flexibility

  • Few or no work duties rely on equipment or processes that put constraints on output (unconstrained output)
  • Employees have autonomy over which work duties they focus on each day
  • Most or all operational outcomes are unconstrained (e.g. a marketing analyst who builds reports and strategies for clients can produce more reports, produce better reports, or identify new strategies)
  • Work quota or targets are achievable even if working fewer hours
  • Some work duties rely on equipment or processes that put constraints on output
  • Employees have some ability to decide which work duties they focus on each day
  • Some operational outcomes are constrained or moderately unconstrained (e.g. an analyst build reports based on client data; while it's possible to find efficiencies and build reports faster, it's not possible to attain the client data any faster)
  • Work quota or targets may be achievable if working fewer hours

Low degree of flexibility

  • Most or all work duties rely on equipment or processes that put constraints on output (constrained output)
  • Daily work duties are prescribed (e.g. a telemarketer is expected to call a set number of people per day using a set list of contacts and a defined script)
  • Most or all operational outcomes are constrained (e.g. a machine operator works on a machine that produces 100 parts an hour; neither the machine nor the worker can produce more parts)
  • Work quota or targets cannot be achieved if fewer hours are worked

Note

For segments with a low degree of work deliverable flexibility (e.g. very constrained output), flexibility is still an option, but maintaining output would require additional headcount.

1.3 Determine flexibility needs and constraints

1-2 hours

Use the guidelines on the preceding slides to document the parameters of each work segment.

  1. Determine work location flexibility. Work location looks at where a segment can complete all or some of their tasks (e.g. onsite vs. remote). For each prioritized employee segment, evaluate the amount of location flexibility available.
  2. Identify work timing. Work timing looks at when work can or needs to be completed (e.g. Monday to Friday, 9am to 5pm).
  3. Examine work deliverables. Work deliverables look at the employee's ability to deliver on their role expectations (e.g. quota or targets) and whether reducing the time spent working would, in all situations, impact the work deliverables (e.g. constrained vs. unconstrained).
  4. Record your outputs on the "Current and Desired State" tab of the workbook.

Download the Targeted Flexible Work Program Workbook

Input

  • List of employee segments

Output

  • Summary of flexibility needs and constraints for each employee segment

Materials

  • Targeted Flexible Work Program Workbook
    Or
  • Fast-Track Hybrid Work Program Workbook

Participants

  • Flexible work program committee
  • Employee segment managers

Step 2

Identify potential flex options and assess feasibility

1. Assess employee and organizational flexibility needs
2. Identify potential flex options and assess feasibility
3. Implement selected option(s)

After completing this step you will have:

  • Created a shortlist of potential options for each prioritized employee segment
  • Evaluated the feasibility of each potential option
  • Determined the cost and benefit of each potential option
  • Gathered employee sentiment on potential options
  • Finalized options with senior leadership

Prepare to identify and assess the feasibility of potential flexible work options

First, review the Flexible Work Solutions Catalog

Before proceeding to the next slide, review the Flexible Work Options Catalog to identify and shortlist five to seven flexible work options that are best suited to address the challenges faced for each of the priority employee segments identified in Step 1.

Then, assess the feasibility of implementing selected options using slides 29 to 32

Assess the feasibility of implementing the shortlisted solutions for the prioritized employee segments against the feasibility factors in this step. Repeat for each employee segment. Use the following slides to consult with and include leaders when appropriate.

  • Document your analysis in tabs 6 to 8 of the Targeted Flexible Work Program Workbook.
  • Note implementation issues throughout the assessment and record them in the tool. They will be addressed in Step 3: Implement Selected Program(s). Don't rule out an option simply because it presents some challenges; careful implementation can overcome many challenges.
  • At the end of this step, determine the final list of flexible work options and gain approval from senior leaders for implementation.

Evaluate feasibility by reviewing the option's impact on continued operations and job performance

Operational coverage

Synchronous communication

Time zones

Face-to-face

communication

To what extent are employees needed to deliver products or services?

  • If constant customer service is required, stagger employees' schedules (e.g. one team works Monday-Thursday while another works Tuesday-Friday).

To what extent do employees need to communicate with each other synchronously?

  • Break the workflow down and identify times when employees do and do not have to work at the same time to communicate with each other.

To what extent do employees need to coordinate work across time zones?

  • If the organization already operates in different time zones, ensure that the option does not impact operations requiring continuous coverage.
  • When employees are located in different time zones, coordinate schedules based on the other operational factors.

When do employees need to interact with each other or clients in person?

  • Examine the workflow closely to identify times when face-to-face communication is not required. Schedule "office days" for employees to work together when in-person interaction is needed.
  • When the interaction is only required with clients, determine whether employees are able to meet clients offsite.

Info-Tech Insight

Every role is eligible for hybrid location work. If onsite work duties prevent an employee group from participating, see if processes can be digitized or automated. Flexible work is an opportunity to go beyond current needs to future-proof your organization.

Assess the option's alignment with organizational culture

Symbols

Values

Behaviors

How supportive of flexible work are the visible aspects of the organization's culture?

  • For example, the mission statement, newsletters, or office layout.
  • Note: Visible elements will need to be adapted to ensure they reinforce the value of the flexible work option.

How supportive are both the stated and lived values of the organization?

  • When the flexible work option includes less direct supervision, assess how empowered employees feel to make decisions.
  • Assess whether all types of employees (e.g. virtual) are included, valued, and supported.

How supportive are the attitudes and behaviors, especially of leaders?

  • Leaders set the expectations for acceptable behaviors in the organization. Determine how supportive leaders are toward flexible workers by examining their attitudes and perceptions.
  • Identify if employees are open to different ways of doing work.

Determine the resources required for the option

People

Process

Technology

Do employees have the knowledge, skills, and abilities to adopt this option?

  • Identify any areas (e.g. process, technology) employees will need to be trained on and assess the associated costs.
  • Determine whether the option will require additional headcount to ensure operational continuity (e.g. two part-time employees in a job-sharing arrangement) and calculate associated costs (e.g. recruitment, training, benefits).

How much will work processes need to change?

  • Interview organizational leaders with knowledge of the employee segment's core work processes. Determine whether a significant change will be required.
  • If a significant change is required, evaluate whether the benefits of the option outweigh the costs of the process and behavioral change (see the "net benefit" factor on slide 33).

What new technologies will be required?

  • Identify the technology (e.g. that supports communication, work processes) required to enable the flexible work option.
  • Note whether existing technology can be used or additional technology will be required, and further investigate the viability and costs of these options.

Examine the option's risks

Data

Health & Safety

Legal

How will data be kept secure?

  • Determine whether the organization's data policy and technology covers employees working remotely or other flexible work options.
  • If the employee segment handles sensitive data (e.g. personal employee information), consult relevant stakeholders to determine how data can be kept secure and assess any associated costs.

How will employees' health and safety be impacted?

  • Consult your organization's legal counsel to determine whether the organization will be liable for the employees' health and safety while working from home or other locations.
  • Determine whether the organization's policies and processes will need to be modified.

What legal risks might be involved?

  • Identify any policies in place or jurisdictional requirements to avoid any legal risks. Consult your organization's legal counsel about the situations below.
    • If the option causes significant changes to the nature of jobs, creating the risk of constructive dismissal.
    • If there are any risks to providing less supervision (e.g. higher chance of harassment).
    • When only some employee segments are eligible for the option, determine whether there is a risk of inequitable access.
    • If the option impacts any unionized employees or collective agreements.

Determine whether the benefits of the option outweigh the costs

Include senior leadership in the net benefit process to ensure any unfeasible options are removed from consideration before presenting to employees.

  1. Document the employee and employer benefits of the option from the previous feasibility factors on slides 29 to 32.
  • Include the benefits of reaching program goals identified in Step 1.
  • Quantify the benefits in dollar value where possible.
  • Document the costs and risks of the option, referring to the costs noted from previous feasibility factors.
    • Quantify the costs in dollar value where possible.
  • Compare the benefits and costs.
    • Add an option to your final list if the benefits are greater than the costs.
  • This is an image of a table with the main heading being Net Benefit, with the following subheadings: Benefits to organization; Benefits to employees; Costs.

    Info-Tech Insight

    Flexible work options must balance organizational and employee needs. If an option is beneficial to employees but there is little or no benefit to the organization as a whole, or if the cost of the option is too high, it will not support the long-term success of the organization.

    2.1a Identify and evaluate flexible work options

    30 minutes per employee segment per work option

    If you are only considering hybrid or remote work, skip to activity 2.1b. Use the guidelines on the preceding slides to conduct feasibility assessments.

    1. Shortlist flexible work options. Review the Flexible Work Options Catalog to identify and shortlist five to seven flexible work options that are best suited to address the challenges faced for each of the priority employee segments. Record these on the "Options Shortlist" tab of the workbook. Even if the decision is simple, ensure you record the rationale to help communicate your decision to employees. Transparent communication is the best way to avoid feelings of unfairness if desired work options are not implemented.
    2. Evaluate option feasibility. For each of the shortlisted options, complete one "Feasibility - Option" tab in the workbook. Make as many copies of this tab as needed.
      • When evaluating each option, consider each employee segment individually as you work through the prompts in the workbook. You may find that segments differ greatly in the feasibility of various types of flexible work. You will use this information to inform your overall policy and any exceptions to it.
      • You may need to involve each segment's management team to get an accurate picture of day-to-day responsibilities and flexible work feasibility.
    3. Weigh benefits and costs. At the end of each flexible work option evaluation, record the anticipated costs and benefits. Discuss whether this balance renders the option viable or rules it out.

    Download the Targeted Flexible Work Program Workbook

    Download the Flexible Work Options Catalog

    Input

    • List of employee segments

    Output

    • Shortlist of flexible work options
    • Feasibility analysis for each work option

    Materials

    • Targeted Flexible Work Program Workbook
    • Flexible Work Options Catalog

    Participants

    • Flexible work program committee
    • Employee segment managers

    2.1b Assess hybrid work feasibility

    30 minutes per employee segment

    Use the guidelines on the preceding slides to conduct a feasibility assessment. This exercise relies on having trialed hybrid or remote work before. If you have never implemented any degree of remote work, consider completing the full feasibility assessment in activity 2.1a.

    1. Evaluate hybrid work feasibility. Review the feasibility prompts on the "Work Unit Remote Work Assessment" tab and record your insight for each employee segment.
      • When evaluating each option, consider each employee segment individually as you work through the prompts in the workbook. You may find that segments differ greatly in their ability to accommodate hybrid work. You will use this information to inform your overall policy and any exceptions to it.
      • You may need to involve each segment's management team to get an accurate picture of day-to-day responsibilities and hybrid work feasibility.

    Download the Fast-Track Hybrid Work Program Workbook

    Input

    • List of employee segments

    Output

    • Feasibility analysis for each work option

    Materials

    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee
    • Employee segment managers

    Ask employees which options they prefer and gather feedback for implementation

    Deliver a survey and/or conduct focus groups with a selection of employees from all prioritized employee segments.

    Share

    • Present your draft list of options to select employees.
    • Communicate that the organization is in the process of assessing the feasibility of flexible work options and would like employee input to ensure flex work meets needs.
    • Be clear that the list is not final or guaranteed.

    Ask

    • Ask which options are preferred more than others.
    • Ask for feedback on each option – how could it be modified to meet employee needs better? Use this information to inform implementation in Step 3.

    Decide

    • Prioritize an option if many employees indicated an interest in it.
    • If employees indicate no interest in an option, consider eliminating it from the list, unless it will be required. There is no value in providing an option if employees won't use it.

    Survey

    • List the options and ask respondents to rate each on a Likert scale from 1 to 5.
    • Ask some open-ended questions with comment boxes for employee suggestions.

    Focus Group

    • Conduct focus groups to gather deeper feedback.
    • See Appendix I for sample focus group questions.

    Info-Tech Insight

    Prioritize flexible work options that employees want. Providing too many options often leads to information overload and results in employees not understanding what is available, lowering adoption of the flexible work program.

    Finalize options list with senior leadership

    1. Select one to three final options and outline the details of each. Include:
      • Scope: To what extent will the option be applied? E.g. work-from-home one or two days a week.
      • Eligibility: Which employee segments are eligible?
      • Cost: What investment will be required?
      • Critical implementation issues: Will any of the implementation issues identified for each feasibility factor impact whether the option will be approved?
      • Resources: What additional resources will be required (e.g. technology)?
    2. Present the options to stakeholders for approval. Include:
      • An outline of the finalized options, including what the option is and the scope, eligibility, and critical implementation issues.
      • The feasibility assessment results, including benefits, costs, and employee preferences. Have more detail from the other factors ready if leaders ask about them.
      • The investment (cost) required to implement the option.
    3. Proceed to Step 3 to implement approved options.

    Running an IT pilot of flex work

    • As a technology department, IT typically doesn't own flexible work implementation for the entire organization. However, it is common to trial flexible work options for IT first, before rolling out to the entire organization.
    • During a flex work pilot, ensure you are working closely with HR partners, especially regarding regulatory and compliance issues.
    • Keep the rest of the organizational stakeholders in the loop, especially regarding their agreement on the metrics by which the pilot's success will be evaluated.

    2.2a Finalize flexible work options

    2-3 hours + time to gather employee feedback

    If you are only considering hybrid or remote work, skip to activity 2.2b. Use the guidelines on the preceding slides to gather final feedback and finalize work option selections.

    1. Gather employee feedback. If employee preferences are already known, skip this step. If they are not, gather feedback to ascertain whether any of the shortlisted options are preferred. Remember that a successful flexible work program balances the needs of employees and the business, so employee preference is a key determinant in flexible work program success. Document this on the "Employee Preferences" tab of the workbook.
    2. Finalize flexible work options. Use your notes on the cost-benefit balance for each option, along with employee preferences, to decide whether the move forward with it. Record this decision on the "Options Final List" tab. Include information about eligible employee segments and any implementation challenges that came up during the feasibility assessments. This is the final decision summary that will inform your flexible program parameters and policies.

    Download the Targeted Flexible Work Program Workbook

    Input

    • Flexible work options shortlist

    Output

    • Final flexible work options list

    Materials

    • Targeted Flexible Work Program Workbook

    Participants

    • Flexible work program committee

    2.2b Finalize hybrid work parameters

    2-3 hours + time to gather employee feedback

    Use the guidelines on the preceding slides to gather final feedback and finalize work option selections.

    1. Summarize feasibility analysis. On the "Program Parameters" tab, record the main insights from your feasibility analysis. Finalize important elements, including eligibility for hybrid/remote work by employee segment. Additionally, record the standard parameters for the program (i.e. those that apply to all employee segments) and variable parameters (i.e. ones that differ by employee segment).

    Download the Fast-Track Hybrid Work Program Workbook

    Input

    • Hybrid work feasibility analysis

    Output

    • Final hybrid work program parameters

    Materials

    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee

    Step 3

    Implement selected option(s)

    1. Assess employee and organizational flexibility needs
    2. Identify potential flex options and assess feasibility
    3. Implement selected option(s)

    After completing this step, you will have:

    • Addressed implementation issues and cultural barriers
    • Equipped the organization to adopt flexible work options successfully
    • Piloted the program and assessed its success
    • Developed a plan for program rollout and communication
    • Established a program evaluation plan
    • Aligned HR programs to support the program

    Solve the implementation issues identified in your feasibility assessment

    1. Identify a solution for each implementation issue documented in the Targeted Flexible Work Program Workbook. Consider the following when identifying solutions:
      • Scope: Determine whether the solution will be applied to one or all employee segments.
      • Stakeholders: Identify stakeholders to consult and develop a solution. If the scope is one employee segment, work with organizational leaders of that segment. When the scope is the entire organization, consult with senior leaders.
      • Implementation: Collaborate with stakeholders to solve implementation issues. Balance the organizational and employee needs, referring to data gathered in Steps 1 and 2.

    Example:

    Issue

    Solution

    Option 1: Hybrid work

    Brainstorming at the beginning of product development benefits from face-to-face collaboration.

    Block off a "brainstorming day" when all team members are required in the office.

    Employee segment: Product innovation team

    One team member needs to meet weekly with the implementation team to conduct product testing.

    Establish a schedule with rotating responsibility for a team member to be at the office for product testing; allow team members to swap days if needed.

    Address cultural barriers by involving leaders

    To shift a culture that is not supportive of flexible work, involve leaders in setting an example for employees to follow.

    Misconceptions

    Tactics to overcome them

    • Flexible workers are less productive.
    • Flexible work disrupts operations.
    • Flexible workers are less committed to the organization.
    • Flexible work only benefits employees, not the organization.
    • Employees are not working if they aren't physically in the office.

    Make the case by highlighting challenges and expected benefits for both the organization and employees (e.g. same or increased productivity). Use data in the introductory section of this blueprint.

    Demonstrate operational feasibility by providing an overview of the feasibility assessment conducted to ensure operational continuity.

    Involve most senior leadership in communication.

    Encourage discovery and exploration by having managers try flexible work options themselves, which will help model it for employees.

    Highlight success stories within the organization or from competitors or similar industries.

    Invite input from managers on how to improve implementation and ownership, which helps to discover hidden options.

    Shift symbols, values, and behaviors

    • Work with senior leaders to identify symbols, values, and behaviors to modify to align with the selected flexible work options.
    • Validate that the final list aligns with your organization's mission, vision, and values.

    Info-Tech Insight

    Leaders' collective support of the flexible program determines the program's successful adoption. Don't sweep cultural barriers under the rug; acknowledge and address them to overcome them.

    Equip the organization for successful implementation

    Info-Tech recommends providing managers and employees with a guide to flexible work, introducing policies, and providing training for managers.

    Provide managers and employees with a guide to flexible work

    Introduce appropriate organization policies

    Equip managers with the necessary tools and training

    Use the guide to:

    • Familiarize employees and managers with the flexible work program.
    • Gain employee and manager buy-in and support for the program.
    • Explain the process and give guidance on selecting flexible work options and working with their colleagues to make it a success.

    Use Info-Tech's customizable policy templates to set guidelines, outline arrangements, and scope the organization's flexible work policies. This is typically done by, or in collaboration with, the HR department.

    Download the Guide to Flexible Work for Managers and Employees

    Download the Flex Location Policy

    Download the Flex Time-Off Policy

    Download the Flex Time Policy

    3.1 Prepare for implementation

    2-3 hours

    Use the guidelines on the preceding slides to brainstorm solutions to implementation issues and prepare to communicate program rollout to stakeholders.

    1. Solve implementation issues.
      • If you are working with the Targeted Flexible Work Program Workbook: For each implementation challenge identified on the "Final Options List" tab, brainstorm solutions. If you are working with the Fast-Track Hybrid Work Program Workbook: Work through the program enablement prompts on the "Program Enablement" tab.
      • You may need to involve relevant stakeholders to help you come up with appropriate solutions for each employee segment.
      • Ensure that any anticipated cultural barriers have been documented and are addressed during this step. Don't underestimate the importance of a supportive organizational culture to the successful rollout of flexible work.
    2. Prepare the employee guide. Modify the Guide to Flexible Work for Managers and Employees template to reflect your final work options list and the processes and expectations employees will need to follow.
    3. Create a communication plan. Use Info-Tech's Communicate Any IT Initiative blueprint and Appendix II to craft your messaging.

    Download the Guide to Flexible Work for Managers and Employees

    Download the Targeted Flexible Work Program Workbook

    Input

    • Flexible work options final list

    Output

    • Employee guide to flexible work
    • Flexible work rollout communication plan

    Materials

    • Guide to Flexible Work for Managers and Employees
    • Targeted Flexible Work Program Workbook
      Or
    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee
    • Employee segment managers

    Run an IT pilot for flexible work

    Prepare for pilot

    Launch Pilot

    Identify the flexible work options that will be piloted.

    • Refer to the final list of selected options for each priority segment to determine which options should be piloted.

    Select pilot participants.

    • If not rolling out to the entire IT department, look for the departments and/or team(s) where there is the greatest need and the biggest interest (e.g. team with lowest engagement scores).
    • Include all employees within the department, or team if the department is too large, in the pilot.
    • Start with a group whose managers are best equipped for the new flexibility options.

    Create an approach to collect feedback and measure the success of the pilot.

    • Feedback can be collected using surveys, focus groups, and/or targeted in-person interviews.

    The length of the pilot will greatly vary based on which flexible work options were selected (e.g. seasonal hours will require a shorter pilot period compared to implementing a compressed work week). Use discretion when deciding on pilot length and be open to extending or shortening the pilot length as needed.

    Launch pilot.

    • Launch the program through a town hall meeting or departmental announcement to build excitement and buy-in.
    • Develop separate communications for employee segments where appropriate. See Appendix II for key messaging to include.

    Gather feedback.

    • The feedback will be used to assess the pilot's success and to determine what modifications will be needed later for a full-scale rollout.
    • When gathering feedback, tailor questions based on the employee segment but keep themes similar. For example:
      • Employees: "How did this help your day-to-day work?"
      • Managers: "How did this improve productivity on your team?"

    Track metrics.

    • The success of the pilot is best communicated using your department's unique KPIs.
    • Metrics are critical for:
      • Accurately determining pilot success.
      • Getting buy-in to expand the pilot beyond IT.
      • Justifying to employees any changes made to the flexible work options.

    Assess the pilot's success and determine next steps

    Review the feedback collected on the previous slide and use this decision tree to decide whether to relaunch a pilot or proceed to a full-scale rollout of the program.

    This is an image of the flow chart used to assess the pilot's success and determine the next steps.  It will help you to determine whether you will Proceed to full-scale rollout on next slide, Major modifications to the option/launch (e.g. change operating time) – adjust and relaunch pilot or select a new employee segment and relaunch pilot, Minor modifications to the option/launch (e.g. introduce additional communications) – adjust and proceed to full scale rollout, or Return to shortlist (Step 2) and select a different option or launch pilot with a different employee segment.

    Prepare for full-scale rollout

    If you have run a team pilot prior to rolling out to all of IT, or run an IT pilot before an organizational rollout, use the following steps to transition from pilot to full rollout.

    1. Determine modifications
      • Review the feedback gathered during the pilot and determine what needs to change for a full-scale implementation.
      • Update HR policies and programs to support flexible work. Work closely with your HR business partner and other organizational leaders to ensure every department's needs are understood and compliance issues are addressed.
    2. Roll out and evaluate
      • Roll out the remainder of the program (e.g. to other employee segments or additional flexible work options) once there is significant uptake of the pilot by the target employee group and issues have been addressed.
      • Determine how feedback will be gathered after implementation, such as during engagement surveys, new hire and exit surveys, stay interviews, etc., and assess whether the program continues to meet employee and organizational needs.

    Rolling out beyond IT

    For a rollout beyond IT, HR will likely take over.

    However, this is your chance to remain at the forefront of your organization's flexible work efforts by continuing to track success and gather feedback within IT.

    Align HR programs and organizational policies to support flexible work

    Talent Management

    Learning & Development

    Talent Acquisition

    Reinforce managers' accountability for the success of flexible work in their teams:

    • Include "managing virtual teams" in the people management leadership competency.
    • Recognize managers who are modeling flexible work.

    Support flexible workers' career progression:

    • Monitor the promotion rates of flexible workers vs. non-flexible workers.
    • Make sure flexible workers are discussed during talent calibration meetings and have access to career development opportunities.

    Equip managers and employees with the knowledge and skills to make flexible work successful.

    • Provide guidance on selecting the right options and maintaining workflow.
    • If moving to a virtual environment, train managers on how to make it a success.

    Incorporate the flexible work program into the organization's employee value proposition to attract top talent who value flexible work options.

    • Highlight the program on the organization's career site and in job postings.

    Organizational policies

    Determine which organizational policies will be impacted as a result of the new flexible work options. For example, the introduction of flex time off can result in existing vacation policies needing to be updated.

    Plan to re-evaluate the program and make improvements

    Collect data

    Collect data

    Act on data

    Uptake

    Gather data on the proportion of employees eligible for each option who are using the option.

    If an option is tracking positively:

    • Maintain or expand the program to more of the organization.
    • Conduct a feasibility assessment (Step 2) for new employee segments.

    Satisfaction

    Survey managers and employees about their satisfaction with the options they are eligible for and provide an open box for suggestions on improvements.

    If an option is tracking negatively:

    • Investigate why. Gather additional data, interview organizational leaders, and/or conduct focus groups to gain deeper insight.
    • Re-assess the feasibility of the option (Step 2). If the costs outweigh the benefits based on new data, determine whether to cancel the option.
    • Take appropriate action based on the outcome of the evaluation, such as modifying or cancelling the option or providing employees with more support.
      • Note: Cancelling an option can impact the engagement of employees using the option. Ensure that the data, reasons for cancelling the option, and potential substitute options are communicated to employees in advance.

    Program goal progress

    Monitor progress against the program goals and metrics identified in Step 1 to evaluate the impact on issues that matter to the organization (e.g. retention, productivity, diversity).

    Career progression

    Evaluate flexible workers' promotion rates and development opportunities to determine if they are developing.

    Info-Tech Insight

    Negative performance of a flexible work option does not necessarily mean failure. Take the time to evaluate whether the option simply needs to be tweaked or whether it truly isn't working for the organization.

    Insight summary

    Overarching insight: IT excels at hybrid location work and is more effective as a business function when location, time, and time-off flexibility are an option for its employees.

    Introduction

    • Flexible work options are not a concession to lower productivity. Properly implemented, flex work enables employees to be more productive at reaching business goals.
    • Employees' lived experiences and needs determine if people use flexible work programs – a flex program that has limited use or excludes people will not benefit the organization.
    • Flexible work benefits everyone. IT employees experience greater engagement, motivation, and company loyalty. IT organizations realize benefits such as better service coverage, reduced facilities costs, and increased productivity.

    Step 1 insight

    • Hybrid work is a start. A comprehensive flex work program extends beyond flexible location to flexible time and time off. Organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent. Provide greater inclusivity to employees by broadening the scope to include flex location, flex time, and flex time off.
    • No two employee segments are the same. To be effective, flexible work options must align with the expectations and working processes of each segment.

    Step 2 insight

    • Every role is eligible for hybrid location work. If onsite work duties prevent an employee group from participating, see if processes can be digitized or automated. Flexible work is an opportunity to go beyond current needs to future proofing your organization.
    • Flexible work options must balance organizational and employee needs. If an option is beneficial to employees but there is little or no benefit to the organization, or if the cost of the option is too high, it will not support the long-term success of the organization.
    • Prioritize flexible work options that employees want. Providing too many options often leads to information overload and results in employees not understanding what is available, lowering adoption of the flexible work program.

    Step 3 insight

    • Leaders' collective support of the flexible program determines the program's successful adoption. Don't sweep cultural barriers under the rug; acknowledge and address them to overcome them.
    • Negative performance of a flexible work option does not necessarily mean failure. Take the time to evaluate whether the option simply needs to be tweaked or whether it truly isn't working for the organization.
    • A set of formal guidelines for IT ensures flexible work is:
      1. Administered fairly across all IT employees.
      2. Defensible and clear.
      3. Scalable to the rest of the organization.

    Research Contributors and Experts

    Quinn Ross
    CEO
    The Ross Firm Professional Corporation

    Margaret Yap
    HR Professor
    Ryerson University

    Heather Payne
    CEO
    Juno College

    Lee Nguyen
    HR Specialist
    City of Austin

    Stacey Spruell
    Division HR Director
    Travis County

    Don MacLeod
    Chief Administrative Officer
    Zorra Township

    Stephen Childs
    CHRO
    Panasonic North America

    Shawn Gibson
    Sr. Director
    Info Tech Research Group

    Mari Ryan
    CEO/Founder
    Advancing Wellness

    Sophie Wade
    Founder
    Flexcel Networks

    Kim Velluso
    VP Human Resources
    Siemens Canada

    Lilian De Menezes
    Professor of Decision Sciences
    Cass Business School, University of London

    Judi Casey
    WorkLife Consultant and former Director, Work and Family Researchers Network
    Boston College

    Chris Frame
    Partner – Operations
    LiveCA

    Rose M. Stanley, CCP, CBP, WLCP, CEBS
    People Services Manager
    Sunstate Equipment Co., LLC

    Shari Lava
    Director, Vendor Research
    Info-Tech Research Group

    Carol Cochran
    Director of People & Culture
    FlexJobs

    Kidde Kelly
    OD Practitioner

    Dr. David Chalmers
    Adjunct Professor
    Ted Rogers School of Management, Ryerson University

    Kashmira Nagarwala
    Change Manager
    Siemens Canada

    Dr. Isik U. Zeytinoglu
    Professor of Management and Industrial Relations McMaster University, DeGroote School of Business

    Claire McCartney
    Diversity & Inclusion Advisor
    CIPD

    Teresa Hopke
    SVP of Client Relations
    Life Meets Work – www.lifemeetswork.com

    Mark Tippey
    IT Leader and Experienced Teleworker

    Dr. Kenneth Matos
    Senior Director of Research
    Families and Work Institute

    1 anonymous contributor

    Appendix I: Sample focus group questions

    See Info-Tech's Focus Group Guidefor guidance on setting up and delivering focus groups. Customize the guide with questions specific to flexible work (see sample questions below) to gain deeper insight into employee preferences for the feasibility assessment in Step 2 of this blueprint.

    Document themes in the Targeted Flexible Work Program Workbook.

    • What do you need to balance/integrate your work with your personal life?
    • What challenges do you face in achieving work-life balance/integration?
    • What about your job is preventing you from achieving work-life balance/integration?
    • How would [flexible work option] help you achieve work-life balance/integration?
    • How well would this option work with the workflow of your team or department? What would need to change?
    • What challenges do you see in adopting [flexible work option]?
    • What else would be helpful for you to achieve work-life balance/integration?
    • How could we customize [flexible work option] to ensure it meets your needs?
    • If this program were to fail, what do you think would be the top reasons and why?

    Appendix II: Communication key messaging

    1. Program purpose

    Start with the name and high-level purpose of the program.

    2. Business reasons for the program

    Share data you gathered in Step 1, illustrating challenges causing the need for the program and the benefits.

    3. Options selection process

    Outline the process followed to select options. Remember to share the involvement of stakeholders and the planning around employees' feedback, needs, and lived experiences.

    4. Options and eligibility

    Provide a brief overview of the options and eligibility. Specify that the organization is piloting these options and will modify them based on feedback.

    5. Approval not guaranteed

    Qualify that employees need to be "flexible about flexible work" – the options are not guaranteed and may sometimes be unavailable for business reasons.

    6. Shared responsibility

    Highlight the importance of everyone (managers, flexible workers, the team) working together to make flexible work achievable.

    7. Next steps

    Share any next steps, such as where employees can find the organization's Guide to Flexible Work for Managers and Employees, how to make flexible work a success, or if managers will be providing further detail in a team meeting.

    8. Ongoing communications

    Normalize the program and embed it in organizational culture by continuing communications through various media, such as the organization's newsletter or announcements in town halls.

    Works Cited

    Baziuk, Jennifer, and Duncan Meadows. "Global Employee Survey - Key findings and implications for ICMIF." EY, June 2021. Accessed May 2022.
    "Businesses suffering 'commitment issues' on flexible working," EY, 21 Sep. 2021. Accessed May 2022.
    "IT Talent Trends 2022". Info-Tech Research Group, 2022.
    "Jabra Hybrid Ways of Working: 2021 Global Report." Jabra, Aug. 2021. Accessed May 2022.
    LinkedIn Talent Solutions. "2022 Global Talent Trends." LinkedIn, 2022. Accessed May 2022.
    Lobosco, Mark. "The Future of Work is Flexible: 71% of Leaders Feel Pressure to Change Working Models." LinkedIn, 9 Sep. 2021. Accessed May 2022.
    Ohm, Joy, et al. "Covid-19: Women, Equity, and Inclusion in the Future of Work." Catalyst, 28 May 2020. Accessed May 2022.
    Pelta, Rachel. "Many Workers Have Quit or Plan to After Employers Revoke Remote Work." FlexJobs, 2021. Accessed May 2022.
    Slack Future Forum. "Inflexible return-to-office policies are hammering employee experience scores." Slack, 19 April 2022. Accessed May 2022.
    "State of Hybrid Work in IT: A Trend Report". Info-Tech Research Group, 2023.
    Threlkeld, Kristy. "Employee Burnout Report: COVID-19's Impact and 3 Strategies to Curb It." Indeed, 11 March 2021. Accessed March 2022.

    Implement Risk-Based Vulnerability Management

    • Buy Link or Shortcode: {j2store}296|cart{/j2store}
    • member rating overall impact (scale of 10): 9.2/10 Overall Impact
    • member rating average dollars saved: $122,947 Average $ Saved
    • member rating average days saved: 34 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Vulnerability scanners, industry alerts, and penetration tests are revealing more and more vulnerabilities, and it is unclear how to manage them.
    • Organizations are struggling to prioritize the vulnerabilities for remediation, as there are many factors to consider, including the threat of the vulnerability and the potential remediation option itself.

    Our Advice

    Critical Insight

    • Patches are often seen as the only answer to vulnerabilities, but these are not always the most suitable solution.
    • Vulnerability management does not equal patch management. It includes identifying and assessing the risk of the vulnerability, and then selecting a remediation option which goes beyond just patching alone.
    • There is more than one way to tackle the problem. Leverage your existing security controls in order to protect the organization.

    Impact and Result

    • At the conclusion of this blueprint, you will have created a full vulnerability management program that will allow you to take a risk-based approach to vulnerability remediation.
    • Assessing a vulnerability’s risk will enable you to properly determine the true urgency of a vulnerability within the context of your organization; this ensures you are not just blindly following what the tool is reporting.
    • The risk-based approach will allow you prioritize your discovered vulnerabilities and take immediate action on critical and high vulnerabilities, while allowing your standard remediation cycle to address the medium to low vulnerabilities.
    • With your program defined and developed, you now need to configure your vulnerability scanning tool, or acquire one if you don’t already have a tool in place.
    • Lastly, while vulnerability management will help address your systems and applications, how do you know if you are secure from external malicious actors? Penetration testing will offer visibility, allowing you to plug those holes and attain an environment with a smaller risk surface.

    Implement Risk-Based Vulnerability Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should design and implement a vulnerability management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify vulnerability sources

    Begin the project by creating a vulnerability management team and determine how vulnerabilities will be identified through scanners, penetration tests, third-party sources, and incidents.

    • Vulnerability Management SOP Template

    2. Triage vulnerabilities and assign priorities

    Determine how vulnerabilities will be triaged and evaluated based on intrinsic qualities and how they may compromise business functions and data sensitivity.

    • Vulnerability Tracking Tool
    • Vulnerability Management Risk Assessment Tool
    • Vulnerability Management Workflow (Visio)
    • Vulnerability Management Workflow (PDF)

    3. Remediate vulnerabilities

    Address the vulnerabilities based on their level of risk. Patching isn't the only risk mitigation action; some systems simply cannot be patched, but other options are available. Reduce the risk down to medium/low levels and engage your regular operational processes to deal with the latter.

    4. Measure and formalize

    Evolve the program continually by developing metrics and formalizing a policy.

    • Vulnerability Management Policy Template
    • Vulnerability Scanning Tool RFP Template
    • Penetration Test RFP Template

    Infographic

    Workshop: Implement Risk-Based Vulnerability Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Vulnerability Sources

    The Purpose

    Establish a common understanding of vulnerability management, and define the roles, scope, and information sources of vulnerability detection.

    Key Benefits Achieved

    Attain visibility on all of the vulnerability information sources, and a common understanding of vulnerability management and its scope.

    Activities

    1.1 Define the scope & boundary of your organization’s security program.

    1.2 Assign responsibility for vulnerability identification and remediation.

    1.3 Develop a monitoring and review process of third-party vulnerability sources.

    1.4 Review incident management and vulnerability management

    Outputs

    Defined scope and boundaries of the IT security program

    Roles and responsibilities defined for member groups

    Process for review of third-party vulnerability sources

    Alignment of vulnerability management program with existing incident management processes

    2 Triage and Prioritize

    The Purpose

    We will examine the elements that you will use to triage and analyze vulnerabilities, prioritizing using a risk-based approach and prepare for remediation options.

    Key Benefits Achieved

    A consistent, documented process for the evaluation of vulnerabilities in your environment.

    Activities

    2.1 Evaluate your identified vulnerabilities.

    2.2 Determine high-level business criticality.

    2.3 Determine your high-level data classifications.

    2.4 Document your defense-in-depth controls.

    2.5 Build a classification scheme to consistently assess impact.

    2.6 Build a classification scheme to consistently assess likelihood.

    Outputs

    Adjusted workflow to reflect your current processes

    List of business operations and their criticality and impact to the business

    Adjusted workflow to reflect your current processes

    List of defense-in-depth controls

    Vulnerability Management Risk Assessment tool formatted to your organization

    Vulnerability Management Risk Assessment tool formatted to your organization

    3 Remediate Vulnerabilities

    The Purpose

    Identifying potential remediation options.

    Developing criteria for each option in regard to when to use and when to avoid.

    Establishing exception procedure for testing and remediation.

    Documenting the implementation of remediation and verification.

    Key Benefits Achieved

    Identifying and selecting the remediation option to be used

    Determining what to do when a patch or update is not available

    Scheduling and executing the remediation activity

    Planning continuous improvement

    Activities

    3.1 Develop risk and remediation action.

    Outputs

    List of remediation options sorted into “when to use” and “when to avoid” lists

    4 Measure and Formalize

    The Purpose

    You will determine what ought to be measured to track the success of your vulnerability management program.

    If you lack a scanning tool this phase will help you determine tool selection.

    Lastly, penetration testing is a good next step to consider once you have your vulnerability management program well underway.

    Key Benefits Achieved

    Outline of metrics that you can then configure your vulnerability scanning tool to report on.

    Development of an inaugural policy covering vulnerability management.

    The provisions needed for you to create and deploy an RFP for a vulnerability management tool.

    An understanding of penetration testing, and guidance on how to get started if there is interest to do so.

    Activities

    4.1 Measure your program with metrics, KPIs, and CSFs.

    4.2 Update the vulnerability management policy.

    4.3 Create an RFP for vulnerability scanning tools.

    4.4 Create an RFP for penetration tests.

    Outputs

    List of relevant metrics to track, and the KPIs, CSFs, and business goals for.

    Completed Vulnerability Management Policy

    Completed Request for Proposal (RFP) document that can be distributed to vendor proponents

    Completed Request for Proposal (RFP) document that can be distributed to vendor proponents

    Further reading

    Implement Risk-Based Vulnerability Management

    Get off the patching merry-go-round and start mitigating risk!

    Table of Contents

    4 Analyst Perspective

    5 Executive Summary

    6 Common Obstacles

    8 Risk-based approach to vulnerability management

    16 Step 1.1: Vulnerability management defined

    24 Step 1.2: Defining scope and roles

    34 Step 1.3: Cloud considerations for vulnerability management

    33 Step 1.4: Vulnerability detection

    46 Step 2.1: Triage vulnerabilities

    51 Step 2.2: Determine high-level business criticality

    56 Step 2.3: Consider current security posture

    61 Step 2.4: Risk assessment of vulnerabilities

    71 Step 3.1: Assessing remediation options

    Table of Contents

    80 Step 3.2: Scheduling and executing remediation

    85 Step 3.3: Continuous improvement

    89 Step 4.1: Metrics, KPIs, and CSFs

    94 Step 4.2: Vulnerability management policy

    97 Step 4.3: Select & implement a scanning tool

    107 Step 4.4: Penetration testing

    118 Summary of accomplishment

    119 Additional Support

    120 Bibliography

    Analyst Perspective

    Vulnerabilities will always be present. Know the unknowns!

    In this age of discovery, technology changes at such a rapid pace. New things are discovered, both in new technology and in old. The pace of change can often be very confusing as to where to start and what to do.

    The ever-changing nature of technology means that vulnerabilities will always be present. Taking measures to address these completely will consume all your department’s time and resources. That, and your efforts will quickly become stale as new vulnerabilities are uncovered. Besides, what about the systems that simply can’t be patched? The key is to understand the vulnerabilities and the levels of risk they pose to your organization, to prioritize effectively and to look beyond patching.

    A risk-based approach to vulnerability management will ensure you are prioritizing appropriately and protecting the business. Reduce the risk surface!

    Vulnerability management is more than just systems and application patching. It is a full process that includes patching, compensating controls, segmentation, segregation, and heightened diligence in security monitoring.

    Jimmy Tom, Research Advisor – Security, Privacy, Risk, and Compliance, Info-Tech Research Group.Jimmy Tom
    Research Advisor – Security, Privacy, Risk, and Compliance
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Vulnerability scanners, industry alerts, and penetration tests are revealing more and more vulnerabilities, and it is unclear how to manage them.

    Organizations are struggling to prioritize the vulnerabilities for remediation, as there are many factors to consider, including the threat of the vulnerability and the potential remediation option.

    Common Obstacles

    Patches are often seen as the answer to vulnerabilities, but these are not always the most suitable solution.

    Some systems deemed vulnerable simply cannot be patched or easily replaced.

    Companies are unaware of the risk implications that come from leaving the vulnerability open and from the remediation option itself.

    Info-Tech’s Approach

    Design and implement a vulnerability management program that identifies, prioritizes, and remediates vulnerabilities.

    Understand what needs to be considered when implementing remediation options, including patches, configuration changes, and defense-in-depth controls.

    Build a process that is easy to understand and allows vulnerabilities to be remediated proactively, instead of in an ad hoc fashion.

    Info-Tech Insight

    Vulnerability management does not always equal patch management. There is more than one way to tackle the problem, particularly if a system cannot be easily patched or replaced. If a vulnerability cannot be completely remediated, steps to reduce the risk to a tolerable level must be taken.

    Common obstacles

    These barriers make vulnerability management difficult to address for many organizations:
    • The value of vulnerability management is not well articulated in many organizations. As a result, investment in vulnerability scanning technology is often insufficient.
    • Many organizations feel that a “patch everything” approach is the most effective path.
    • Vulnerability management is commonly misunderstood as being a process that only supports patch management.
    • There is often misalignment between SecOps and ITOps in remediation action and priority, affecting the timeliness of remediation.
    CVSS Score Distribution From the National Vulnerability Database: Pie Charts presenting the CVSS Core Distribution for the National Vulnerability Database. The left circle represents 'V3' and the right 'V2', where V3 has an extra option for 'Critical', above 'High', 'Medium', and 'Low', and V2 does not.
    (Source: NIST National Vulnerability Database Dashboard)

    Leverage risk to sort, triage, and prioritize vulnerabilities

    Reduce your risk surface to avoid cost to your business; everything else is table stakes.

    Reduce the critical and high vulnerabilities below the risk threshold and operationalize the remediation of medium/low vulnerabilities by following your effective vulnerability management program cycles.

    Identify vulnerability sources

    An inventory of your scanning tool and vulnerability threat intelligence data sources will help you determine a viable strategy for addressing vulnerabilities. Defining roles and responsibilities ahead of time will ensure you are not left scrambling when dealing with vulnerabilities.

    Triage and prioritize

    Bring the vulnerabilities into context by assessing vulnerabilities based on your security posture and mechanisms and not just what your data sources report. This will allow you to gauge the true urgency of the vulnerabilities based on risk and determine an effective mitigation plan.

    Remediate vulnerabilities

    Address the vulnerabilities based on their level of risk. Patching isn't the only risk mitigation action; some systems simply cannot be patched, but other options are available.

    Reduce the risk down to medium/low levels and engage your regular operational processes to deal with the latter.

    Measure and formalize

    Upon implementation of the program, measure with metrics to ensure that the program is successful. Improve the program with each iteration of vulnerability mitigation to ensure continuous improvement.

    Tactical Insight 1

    All actions to address vulnerabilities should be based on risk and the organization’s established risk tolerance.

    Tactical Insight 2

    Reduce the risk surface down below the risk threshold.

    The industry has shifted to a risk-based approach

    Traditional vulnerability management is no longer viable.

    “For those of us in the vulnerability management space, ensuring that money, resources, and time are strategically spent is both imperative and difficult. Resources are dwindling fast, but the vulnerability problem sure isn’t.” (Kenna Security)

    “Using vulnerability scanners to identify unpatched software is no longer enough. Keeping devices, networks, and digital assets safe takes a much broader, risk-based vulnerability management strategy – one that includes vulnerability assessment and mitigation actions that touch the entire ecosystem.” (Balbix)

    “Unlike legacy vulnerability management, risk-based vulnerability management goes beyond just discovering vulnerabilities. It helps you understand vulnerability risks with threat context and insight into potential business impact.” (Tenable)

    “A common mistake when prioritizing patching is equating a vulnerability’s Common Vulnerability Scoring System (CVSS) score with risk. Although CVSS scores can provide useful insight into the anatomy of a vulnerability and how it might behave if weaponized, they are standardized and thus don’t reflect either of the highly situational variables — namely, weaponization likelihood and potential impact — that factor into the risk the vulnerability poses to an organization.” (SecurityWeek)

    Why a take risk-based approach?

    Vulnerabilities, by the numbers

    60% — In 2019, 60% of breaches were due to unpatched vulnerabilities.

    74% — In the same survey, 74% of survey responses said they cannot take down critical applications and systems to patch them quickly. (Source: SecurityBoulevard, 2019)

    Info-Tech Insight

    Taking a risk-based approach will allow you to focus on mitigating risk, rather than “just patching” your environment.

    The average cost of a breach in 2020 is $3.86 million, and “…the price tag was much less for mature companies and industries and far higher for firms that had lackluster security automation and incident response processes.” (Dark Reading)

    Vulnerability Management

    A risk-based approach

    Reduce the risk surface to avoid cost to your business, everything else is table stakes

    Logo for Info-Tech.
    Logo for #iTRG.

    1

    Identify

    4

    Address

    Mitigate the risk surface by reducing the time across the phases ›Mitigate the risk by implementing:
    • patch systems & apps
    • compensating controls
    • systems and apps hardening
    • systems segregation
    Chart presenting an example of 'Risk Surface' with the axes 'Risk Level' and 'Time' with lines created by individual risks. The highlighted line begins in 'Critical' and eventually drops to low. The area between the line and your organization's risk tolerance is labelled 'Risk Surface'.

    Objective: reduce risk surface by reducing time to address

    Your organization's risk tolerance threshold

    Identify vulnerability management scanning tools & external threat intel sources (Mitre CVE, US-CERT, vendor alerts, etc.)Vulnerability information feeds:
    • scanning tool
    • external threat intel
    • internal threat intel

    2

    Analyze

    Assign actual risk (impact x urgency) to the organization based on current security posture

    Triage based on risk ›

    Your organization's risk tolerance threshold

    Risk tolerance threshold map with axes 'Impact' and 'Likelihood'. High levels of one and low levels of the other, or medium levels of both, is 'Medium', High level of one and Medium levels of the other is 'High', and High levels of both is 'Critical'.

    3

    Assess

    Plan risk mitigation strategy ›Consider:
    • risk tolerance
    • compensating controls
    • business impact

    Info-Tech’s vulnerability management methodology

    Focus on developing the most efficient processes.

    Vulnerability management isn’t “old school.”

    The vulnerability management market is relatively mature; however, vulnerability management remains a very relevant and challenging topic.

    Security practitioners are inundated with the advice they need to prioritize their vulnerabilities. Every vulnerability scanning vendor will proclaim their ability to prioritize the identified vulnerabilities.

    Third-party prioritization methodology can’t be effectively applied across all organizations. Each organization is too unique with different constraints. No tool or service can account for these variables.

    Equation to find 'Vulnerability Priority'.

    When patching is not possible, other options exist: configuration changes (hardening), defense-in-depth, compensating controls, and even elevated security monitoring are possible options.

    Info-Tech Insight

    Vulnerability management is not only patch management. Patching is only one aspect.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Vulnerability Management SOP

    The Standard operating procedure (SOP) will comprise the end-to-end description of the program: roles & responsibilities, data flow, and expected outcomes of the program.

    Sample of the key deliverable, Vulnerability Management SOP.
    Vulnerability Management Policy

    Template for your vulnerability management policy.

    Sample of the Vulnerability Management Policy blueprint.Vulnerability Tracking Tool

    This tool offers a template to track vulnerabilities and how they are remedied.

    Sample of the Vulnerability Tracking Tool blueprint.
    Vulnerability Scanning RFP Template

    Request for proposal template for the selection of a vulnerability scanning tool.

    Sample of the Vulnerability Scanning RFP Template blueprint.Vulnerability Risk Assessment Tool

    Methodology to assess vulnerability risk by determining impact and likelihood.

    Sample of the Vulnerability Risk Assessment Tool blueprint.

    Blueprint benefits

    IT Benefits

    • A standardized, consistent methodology to assess, prioritize, and remediate vulnerabilities.
    • A risk-based approach that aligns with what’s important to the business.
    • A way of dealing with the high volumes of vulnerabilities that your scanning tool is reporting.
    • Identification of “where to start” in terms of vulnerability management.
    • Ability to not lose yourself in the patch madness but rather take a sound approach to scheduling and prioritizing patches and updates.
    • Knowledge of what to do when patching is simply not possible or feasible.

    Business Benefits

    • Alignment with IT in ensuring that business processes are only interrupted when absolutely necessary while maintaining a regular cadence of vulnerability remediation.
    • A consistent program that the business can plan around and predict when interruptions will occur.
    • IT’s new approach being integrated with existing IT operations processes, offering the most efficient yet expedient method of dealing with vulnerabilities.

    Info-Tech’s process can save significant financial resources

    PhaseMeasured Value
    Phase 1: Identify vulnerability sources
      Define the process, scope, roles, vulnerability sources, and current state
      • Consultant at $100 an hour for 16 hours = $1,600
    Phase 2: Triage vulnerabilities and assign urgencies
      Establish triaging and vulnerability evaluation process
      • Consultant at $100 an hour for 16 hours = $1,600
      Determine high-level business criticality and data classifications
      • Consultant at $100 an hour for 40 hours = $4,000
      Assign urgencies to vulnerabilities
      • Consultant at $100 an hour for 8 hours = $800
    Phase 3: Remediate vulnerabilities
      Prepare documentation for the vulnerability process
      • Consultant at $100 an hour for 8 hours = $800
      Establish defense-in-depth modelling
      • Consultant at $100 an hour for 24 hours = $2,400
      Identify remediation options and establish criteria for use
      • Consultant at $100 an hour for 40 hours = $4,000
      Formalize backup and testing procedures, including exceptions
      • Consultant at $100 an hour for 8 hours = $800
      Remediate vulnerabilities and verify
      • Consultant at $100 an hour for 24 hours = $2,400
    Phase 4: Continually improve the vulnerability management process
      Establish a metrics program for vulnerability management
      • Consultant at $100 an hour for 16 hours = $1,600
      Update vulnerability management policy
      • Consultant at $100 an hour for 8 hours = $800
      Develop a vulnerability scanning tool RFP
      • Consultant at $100 an hour for 40 hours = $4,000
      Develop a penetration test RFP
      • Consultant at $100 an hour for 40 hours = $4,000
    Potential financial savings from using Info-Tech resourcesPhase 1 ($1,600) + Phase 2 ($6,400) + Phase 3 ($10,400) + Phase 4 ($10,400) = $28,800

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Discuss current state and vulnerability sources.

    Call #3: Identify triage methods and business criticality.

    Call #4:Review current defense-in-depth and discuss risk assessment.

    Call #5: Discuss remediation options and scheduling.

    Call #6: Review release and change management and continuous improvement.

    Call #7: Identify metrics, KPIs, and CSFs.

    Call #8: Review vulnerability management policy.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1Day 2Day 3Day 4Day 5
    Activities
    Identify vulnerability sources

    1.1 What is vulnerability management?

    1.2 Define scope and roles

    1.3 Cloud considerations for vulnerability management

    1.4 Vulnerability detection

    Triage and prioritize

    2.1 Triage vulnerabilities

    2.2 Determine high-level business criticality

    2.3 Consider current security posture

    2.4 Risk assessment of vulnerabilities

    Remediate vulnerabilities

    3.1 Assess remediation options

    3.2 Schedule and execute remediation

    3.3 Drive continuous improvement

    Measure and formalize

    4.1 Metrics, KPIs & CSFs

    4.2 Vulnerability Management Policy

    4.3 Select & implement a scanning tool

    4.4 Penetration testing

    Next Steps and Wrap-Up (offsite)

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables
    1. Scope and boundary definition of vulnerability management program
    2. Responsibility assignment for vulnerability identification and remediation
    3. Monitoring and review process of third-party vulnerability sources
    4. Incident management and vulnerability convergence
    1. Methodology for evaluating identified vulnerabilities
    2. Identification of high-level business criticality
    3. Defined high-level data classifications
    4. Documented defense-in-depth controls
    5. Risk assessment criteria for impact and likelihood
    1. Documented risk assessment methodology and remediation options
    1. Defined metrics, key performance indicators (KPIs), and critical success factors (CSFs)
    2. Initial draft of vulnerability management policy
    3. Scanning tool selection criteria
    4. Introduction to penetration testing
    1. Completed vulnerability management standard operating procedure
    2. Defined vulnerability management risk assessment criteria
    3. Vulnerability management policy draft

    Implement Risk-Based Vulnerability Management

    Phase 1

    Identify Vulnerability Sources

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    Establish a common understanding of vulnerability management, define the roles, scope, and information sources of vulnerability detection.

    This phase involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Step 1.1

    Vulnerability Management Defined

    Activities

    None for this section

    This step will walk you through the following activities:

    Establish a common understanding of vulnerability management and its place in the IT organization.

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Foundational knowledge of vulnerability management in your organization.

    Identify vulnerability sources
    Step 1.1Step 1.2Step 1.3Step 1.4

    What is vulnerability management?

    It’s more than just patching.

    • Vulnerability management is the regular and ongoing practice of scanning an operating environment to uncover vulnerabilities. These vulnerabilities can be outdated applications, unpatched operating systems and software, open ports, obsolete hardware, or any combination of these.
    • The scanning and detection of vulnerabilities is the first step. Planning and executing of remediation is next, along with the approach, prioritized sequence of events, and timing.
    • A vendor-supplied software patch or firmware update is often the easy answer, however, this is not always a viable solution. What if you can’t patch in a timely fashion? What if patching is not possible as it will break the application and bring down operations? What if no patch exists due to the age of the application or operating platform?

    “Most organizations do not have a formal process for vulnerability management.” (Morey Haber, VP of Technology, BeyondTrust, 2016)

    Effective vulnerability management

    It’s not easy, but it’s much harder without a process in place.
    • Effective vulnerability management requires a formal process for organizations to follow; without one, vulnerabilities are dealt with in an ad hoc fashion.
    • Patching isn’t the only solution, but it’s the one that often draws focus.
    • Responsibilities for the different aspects of vulnerability management are often unclear, such as for testing, remediation, and implementation.
    • Identifying new threats without proper vulnerability scanning tools can be a near-impossible task.
    • Determining which vulnerabilities are most urgent can be an inconsistent process, increasing the organizational risk.
    • Measuring the effectiveness of your vulnerability remediation activities can help you better manage resources in SecOps and ITOps. Your staff will be spending the appropriate effort on vulnerabilities that warrant that level of attention.

    You’re not just doing this for yourself. It’s also for your auditors.

    Many compliance and regulatory obligations require organizations to have thorough documentation of their vulnerability management practices.

    Vulnerability management revolves around your asset security services

    Diagram with 'Asset Security Services' at the center. On either side are 'Network Security Services' and 'Identity Security Services', all three of which flow up into 'Security Analytics | Security Incident Response', and all four share a symbiotic flow with 'Management' below and contribute to 'Mega Trend Mapping' above. Management is supported by 'Governance'.Vulnerabilities can be found primarily within your assets but also connect to your information risk management. These must be effectively managed as part of a holistic security program.

    Without management, vulnerabilities left unattended can be easy for attackers to exploit. It becomes difficult to identify the correct remediation option to mitigate against the vulnerabilities.

    Vulnerability management works in tandem with SecOps and ITOps

    Vulnerability Management Process Inputs/Outputs:
    'Vulnerability Management (Process and Tool)' outputs are 'Incident Management', 'Release Management', 'Change Management', 'IT Asset Management', 'Application Security Testing', 'Threat Intelligence', and 'Security Risk Management'; inputs are 'Vulnerability Disclosure', 'Threat Intelligence', and 'Security Risk Management'.

    Arrows denote direction of information feed

    Vulnerability management serves as the input into a number of processes for remediation, including:
    • Incident management, to deal with issues
    • Release management, for patch management
    • Change management, for change control
    • IT asset management, to track version information, e.g. for patching
    • Application security testing, for the verification of vulnerabilities

    A two-way data flow exists between vulnerability management and:

    • Security risk management, for the overall risk posture of the organization
    • Threat intelligence, as vulnerability management reveals only one of several threat vectors

    For additional information please refer to Info-Tech’s research for each area:

    • Vulnerability management can leverage your existing processes to gain an operational element for the program.
    • As you strive to mature each of the processes on their own, vulnerability management will benefit accordingly.
    • Review our research for each of these areas and speak to one of our analysts if you wish to improve any of the listed processes.

    Info-Tech’s Information Security Program Framework

    Vulnerability management is a component of the Infrastructure Security section of Security Management

    Information Security Framework with Level 1 and Level 2 capabilities in two main sections, 'Management' and 'Governance'. Level 2 capabilities are grouped within Level 1 capabilities.For more information, review our Build an Information Security Strategy blueprint, or speak to one of our analysts.

    Info-Tech Insight

    Vulnerability management is but one piece of the information security puzzle. Ensure that you have all the pieces!

    Case Study

    Logo for Cimpress.
    INDUSTRY: Manufacturing
    SOURCE: Cimpress, 2016

    One organization is seeing immediate benefits by formalizing its vulnerability management program.

    Challenge

    Cimpress was dealing with many challenges in regards to vulnerability management. Vulnerability scanning tools were used, but the reports that were generated often gave multiple vulnerabilities that were seen as critical or high and required many resources to help address them. Scanning was done primarily in an attempt to adhere to PCI compliance rather than to effectively enable security. After re-running some scans, Cimpress saw that some vulnerabilities had existed for an extended time period but were deemed acceptable.

    Solution

    The Director of Information Security realized that there was a need to greatly improve this current process. Guidelines and policies were formalized that communicated when scans should occur and what the expectations for remediations should be. Cimpress also built a tiered approach to prioritize vulnerabilities for remediation that is specific to Cimpress instead of relying on scanning tool reports.

    Results

    Cimpress found better management of the vulnerabilities within its system. There was no pushback to the adoption of the policies, and across the worldwide offices, business units have been proactively trying to understand if there are vulnerabilities. Vulnerability management has been expanded to vendors and is taken into consideration when doing any mergers and acquisitions. Cimpress continues to expand its program for vulnerability management to include application development and vulnerabilities within any existing legacy systems.

    Step 1.2

    Defining the scope and roles

    Activities
    • 1.2.1 Define the scope and boundary of your organization’s security program
    • 1.2.2 Assign responsibility for vulnerability identification and remediation

    This step will walk you through the following activities:

    Define and understand the scope and boundary of the security program. For example, does it include OT? Define roles and responsibilities for vulnerability identification and remediation

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Understand how far vulnerability management extends and what role each person in IT plays in the remediation of vulnerabilities

    Identify vulnerability sources
    Step 1.1Step 1.2Step 1.3Step 1.4

    Determine the scope of your security program

    This will help you adjust the depth and breadth of your vulnerability management program.
    • Determining the scope will help you decide how much organizational risk the vulnerability management program will oversee.
    • Scope can be defined along four aspects:
      • Data Scope – What data elements in your organization does your security program cover? How is data classified?
      • Physical Scope – What physical scope, such as geographies, does the security program cover?
      • Organizational Scope – How are business units engaged with security initiatives? Does the scope cover all subsidiary organizations?
      • IT Scope – What parts of the organization does IT cover? Does their coverage include operational technology (OT) and industrial control systems (ICS)?
    Stock image of figures standing in connected circles.

    1.2.1 Define the scope and boundary of your organization’s security program

    60 minutes

    Input: List of Data Scope, Physical Scope, Organization Scope, and IT Scope

    Output: Defined scope and boundaries of the IT security program

    Materials: Whiteboard/Flip Charts, Sticky Notes, Markers, Vulnerability Management SOP Template

    Participants: Business stakeholders, IT leaders, Security team members

    1. On a whiteboard, write the headers: Data Scope, Physical Scope, Organizational Scope, and IT Scope.
    2. Give each group member a handful of sticky notes. Ask them to write down as many items as possible for the organization that could fall under one of the four scope buckets.
    3. In a group, discuss the sticky notes and the rationale for including them. Discuss your security-related locations, data, people, and technologies, and define their scope and boundaries.

    The goal is to identify what your vulnerability management program is responsible for and document it.

    Consider the following:

    How is data being categorized and classified? How are business units engaged with security initiatives? How are IT systems connected to each other? How are physical locations functioning in terms of information security management?

    Download the Vulnerability Management SOP Template

    Assets are part of the scope definition

    An inventory of IT assets is necessary if there is to be effective vulnerability management.

    • Organizations need an up-to-date and comprehensive asset inventory for vulnerability management. This is due to multiple reasons:
      • When vulnerabilities are announced, they will need to be compared to an inventory to determine if the organization has any relevant systems or versions.
      • It indicates where all IT assets can be found both physically and logically.
      • Asset inventories typically have owners assigned to the assets and systems whose responsibility it is to carry out remediations for vulnerabilities.
    • Furthermore, asset inventories can provide insight into where data can be found within the organization. This is extremely useful within a formal data classification program, which plays a large factor in vulnerability management.
    If you need assistance building your asset inventory, review Info-Tech’s Implement Hardware Asset Management and Implement Software Asset Management blueprints.

    Info-Tech Insight

    Create a formal IT asset inventory before continuing with the rest of this project. Otherwise, you risk being at the mercy of a weak vulnerability management program.

    Assign responsibility for vulnerability identification and remediation

    Determine who is critical to effectively detecting and managing vulnerabilities.
    • Some of the remediation steps will involve members of IT management to identify the true organizational risk of a vulnerability.
    • Vulnerability remediation comes in different shapes and sizes. In addition to patching, this can include implementing compensating controls, server and application hardening, or the segregating of vulnerable systems.
      • Who carries out each of these activities? Who coordinates the activities and tracks them to ensure completion?
    • The people involved may be members outside of the security team, such as members from IT operations, infrastructure, and applications. The specific roles that each of these groups play should be clearly identified.
    Stock image of many connected profile photos in a cloud network.

    1.2.2 Assign responsibility for vulnerability identification and remediation

    60 minutes

    Input: Sample list of vulnerabilities and requisite actions from each group, High-level organizational chart with area functions

    Output: Defined set of roles and responsibilities for member groups

    Materials: Vulnerability Management SOP Template

    Participants: CIO, CISO, IT Management representatives for each area of IT

    1. Display the table of responsibilities that need to be assigned.
    2. List all the positions within the IT security team.
    3. Map these to the positions that require IT security team members.
    4. List all positions that are part of the IT team.
    5. Map these to the positions that require IT team members.

    If your organization does not have a dedicated IT security team, you can perform this exercise by mapping the relevant IT staff to the different positions shown on the right.

    Download the Vulnerability Management SOP TemplateSample of the Roles and Responsibilities table from the Vulnerability Management SOP Template.

    Step 1.3

    Cloud considerations for vulnerability management

    Activities

    None for this section.

    This step will walk you through the following activities:

    Review cloud considerations for vulnerability management

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Understand the various types of cloud offerings and the implications (and limitations) of vulnerability management in a cloud environment.

    Identify vulnerability sources
    Step 1.1Step 1.2Step 1.3Step 1.4

    Cloud considerations

    Cloud will change your approach to vulnerability management.
    • There will be a heavy dependence on the cloud service provider to ensure that vulnerabilities in their foundational technologies have been addressed.
    • Depending on the level of “as-a-Service,” customers will have varying degrees of control and visibility into the underlying operations.
    • With vendor acquiescence, you can set your tool to scan a given cloud environment, depending on how much visibility you have into their environment based on the service you have purchased.
    • Due to compliance obligations of their customers, there is a growing trend among cloud providers to allow more scanning of cloud environments.
    • In the absence of customer scanning capability, vendors may offer attestation of vulnerability management and remediation.
    Table outlining who has control, between the 'Organization' and the 'Vendor', of different cloud capabilities in different cloud strategies.

    For more information, see Info-Tech Research Group’s Document Your Cloud Strategy blueprint.

    Cloud environment scanning

    Cloud scanning is becoming a more common necessity but still requires special consideration.

    An organization’s cloud environment is just an extension of its own environment. As such, cloud environments need to be scanned for vulnerabilities.

    Private Cloud
    If your organization owns a private cloud, these environments can be tested normally.
    Public Cloud
    Performing vulnerability testing against public, third-party cloud environments is an area experiencing rapid growth and general acceptance, although customer visibility will still be limited.

    In many cases, a customer must rely on the vendor’s assurance that vulnerabilities are being addressed in a sufficient manner.

    Security standards’ compliance requirements are driving the need for cloud suppliers to validate and assure that they are appropriately scanning for and remediating vulnerabilities.

    Infrastructure- or Platform-as-a-Service (IaaS or PaaS) Environments
    • There is a general trend for PaaS and IaaS vendors to allow testing if given due notice.
    • Your contract with the cloud vendor or the vendor’s terms and conditions will outline the permissibility of customer vulnerability scanning. In some cases, a cloud vendor will deny the ability to do vulnerability scanning if they already provide a solution as part of their service.
    • Always ensure that the vendor is aware of your vulnerability scanning activity so that false positives aren’t triggering their security measures as possible denial-of-service (DoS) attacks.
    Software-as-a-Service (SaaS) Environments
    • SaaS offers very limited visibility to the services behind the software that the customer sees. You therefore cannot test for patch levels or vulnerabilities.
    • SaaS customers must rely exclusively on the provider for the regular scanning and remediation of vulnerabilities in the back-end technologies supporting the SaaS application.
    • You can only test the connection points to SaaS environments. This involves trying to figure out what you can see, e.g. looking for encrypted traffic.

    Certain testing (e.g. DoS or load testing) will be very limited by your cloud vendor. Cloud vendors won’t open themselves to testing that would possibly impact their operations.

    Step 1.4

    Vulnerability detection

    Activities
    • 1.4.1 Develop a monitoring and review process of third-party vulnerability sources
    • 1.4.2 Incident management and vulnerability management

    This step will walk you through the following activities:

    Create an inventory of your vulnerability monitoring capability and third-party vulnerability information sources.

    Determine how incident management and vulnerability management interoperate.

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Catalog of vulnerability information data sources. Understanding of the intersection of incident management and vulnerability management.

    Identify vulnerability sources
    Step 1.1Step 1.2Step 1.3Step 1.4

    Vulnerability detection

    Vulnerabilities can be identified through numerous mediums.

    Info-Tech has determined the following to be the four most common ways to identify vulnerabilities.

    Vulnerability Assessment and Scanning Tools
    • Computer programs that function to identify and assess security vulnerabilities and weaknesses within computers, computer systems, applications, or networks.
    • Using a known vulnerability database, the tool scans targeted hosts or systems to identify flaws and generate reports and recommendations based on the results.
    • There are four main types of tools under this category: network and operating system vulnerability scanners, application scanning and testing tools, web application scanners, and exploitation tools.
    Penetration Tests
    • The act of identifying vulnerabilities on computers, computer systems, applications, or networks followed by testing of the vulnerability to validate the findings.
    • Penetration tests are considered a service that is offered by third-parties in which a variety of products, tools, and methods are used to exploit systems and gain access to data.
    Open Source Monitoring
    • New vulnerabilities are detected daily with each vulnerability’s information being uploaded to an information-sharing platform to enable other organizations to be able to identify the same vulnerability on their systems.
    • Open source platforms are used to alert and distribute information on newly discovered vulnerabilities to security professionals.
    Security Incidents
    • Any time an incident response plan is called into action to mitigate an incident, there should be formal communication with the vulnerability management team.
    • Any IT incident an organization experiences should provide a feed for analysis into your vulnerability management program.

    Automate with a vulnerability scanning tool

    Vulnerabilities are too numerous for manual scanning and detection.
    • Vulnerability management is not only the awareness of the existence of vulnerabilities but that they are actively present in your environment.
    • A vulnerability scanner will usually report dozens, if not hundreds, of vulnerabilities on a regular and recurring basis. Typical IT environments have several dozen, if not hundreds, of servers. We haven’t even considered the amount of network equipment or the hundreds of user workstations in an environment.
    • This tool will give you information of the presence of a vulnerability in your environment and the host on which the vulnerability exists. This includes information on the version of software that contains a vulnerability and whether you are running that version. The tool will also report on the criticality of the vulnerability based on industry criticality ratings.
    • The tools are continually updated by the vendor with the latest definition updates for the latest vulnerabilities out there. This ensures you are always scanning for the greatest number of potential vulnerabilities.
    Automation requires oversight.
    1. Vulnerability scanners bring great automation to the task of scanning and detecting vulnerabilities in high numbers.
    2. Vulnerability scanners, however, do not have your level of intelligence. Any compensating controls, network segregation, or other risk mitigation features that you have in place will not be known by the tool.
    3. Determining the risk and urgency of a vulnerability within the context of your specific environment will still require internal review by you or your SecOps team.

    For guidance on tool selection

    Refer to section 4.3 Selecting and Implement a Scanning Tool in this blueprint.

    Vulnerability scanning tool considerations

    Select a vulnerability scanning tool with the features you need to be effective.
    • Vulnerability scanning tool selection can be an exciting and confusing process. You will need to consider what features you desire in a tool and whether you want the tool to go beyond just scanning and reporting.
    • In addition to vulnerability scanning, some tools will integrate with your IT service management (service desk ticketing system) tool and asset, configuration, and change management modules. This can facilitate the necessary workflow that the remediation process follows once a vulnerability is discovered.
    • A number of vulnerability scanning tool vendors have started offering remediation as part of their software features. This includes the automation and orchestration functionality and configuration and asset management to track its remediation activities.
    • A side benefit of the asset discovery feature in vulnerability scanning tools is that it can help enhance an organization’s asset inventory and license compliance, particularly in cases where end users are able to install software on their workstations.
    Stock photo of a smartphone scanning a barcode.

    For guidance on tool vendors

    Visit SoftwareReviews for information on vulnerability management tools and vendors.

    Vulnerability scanning tool best practices

    How often should scans be performed?

    One-off scans provide snapshots in time. Repeated scans over time provide tracking for how systems are changing and how well patches are being applied and software is being updated.

    The results of a scan (asset inventory, configuration data, and vulnerability data) are basic information needed to understand your security posture. This data needs to be as up to date as possible.

    ANALYST PERSPECTIVE: Organizations should look for continuous scanning

    Continuous scanning is the concept of providing continual scanning of your systems so any asset, configuration, or vulnerability information is up to date. Most vendors will advertise continuous scanning but you need to be skeptical of how this feature is met.

    Continuous Scanning Methods

    Continuous agent scanning

    Real-time scanning that is completed through agent-based scanning. Provides real-time understanding of system changes.

    On-demand scanning

    Cyclical scanning is the method where once you’re done scanning an area, you start it again. This is usually done because doing some scans on some areas of your network take time. How long the scan takes depends on the scan itself. How often you perform a scan depends on how long a scan takes. For example, if a scan takes a day, you perform a daily scan.

    Cloud-based scanning

    Cloud-scanning-as-a-Service can provide hands-free continuous monitoring of your systems. This is usually priced as a subscription model.

    Vulnerability scanning tool best practices

    Where to perform a scan.

    What should be scannedHow to point a scanner
    The general idea is that you want to scan pretty much everything. Here are considerations for three environments:
    Mobile Devices

    You need to scan mobile devices for vulnerabilities, but the problem is these can be hard to scan and often come and go on your network. There are always going to be some devices that aren’t on the network when scanning occurs.

    Several ways to scan mobile devices:

    • Intercept the device when it remotes into your network using a VPN. You catch the device with a remote scan. This can only be done if a VPN is required.
    • An agent-based approach can be used for mobile devices. Locally installed software gives the information needed to evaluate the security posture of a device. Discernibly, concerns around device processing, memory, and network bandwidth come into play. Ease of installation becomes key for agents.
    Virtualization
    • In a virtual environment, you will have servers being dynamically spun up. Ensure your tool is able to scan these new servers automatically.
    • Often, vulnerability scanning tool providers will restrict scanning to preapproved scanners. Look for tools that are preapproved by the VM vendors.
    Cloud Environments
    • You can set your tool to scan a given cloud environment. The main concern here is who owns the cloud. If it is a private cloud, there is little concern.
    • If it is a third-party cloud (AWS, Azure, etc.) you need to confirm with the cloud service provider that scanning of your cloud environment can occur.
    • There is a trend to allow more scanning of cloud environments.
    • You need to tell the scanner an IP address, a group of IP addresses, an asset group, or a combination of those.
    • You can categorize by functional classifications – internet-facing servers, workstations, network devices, etc., or by organizational structure – Finance, HR, Legal, etc.
    • If you have a strong change management system, you can better hone when and where to perform a scan based on actual changes.
    • You can set the number of concurrent outbound TCP connections that are being made. For example, set the tool so it sends out to 10 ports at a time, rather than pinging at 64k ports on a machine, which would flood the NIC.
    • Side Note: Flooding a host with pings from a scanning tool can be done to find out DoS thresholds on a machine. There are no bandwidth concerns for a network DoS, however, because the packets are so small.

    Vulnerability scanning tool best practices

    Communication and measurement

    Pre-Scan Communication With Users

    • It is always important to inform owners and users of systems that a scan will be happening.
    • Although it is unlikely any performance issues will arise, it is important to notify end users of potential impact.
    • Local admins or system owners may have controls in place that stop vulnerability scans and you need to inform the owners so that they can safelist the scanner you will be using.
    Vulnerability Scanning Tool Tracking Metrics
    • Vulnerability score by operating system, application, or organization division.
      • This provides a look at the widely accepted severity of the vulnerability as it relates across the organization’s systems.
    • Most vulnerable applications and application version.
      • This provides insight into how outdated applications are creating risk exposure for an organization.
      • This will also provide metrics on the effectiveness of your patching program.
    • Number of assets scanned within the last number of days.
      • This provides visibility into how often your assets are being scanned and thus protected.
    • Number of unowned devices or unapproved applications.
      • This metric will track how many unowned devices or unapproved applications may be on your network. Unowned devices may be rogue devices or just consultant/contractor devices.

    Third-party vulnerability information sources

    IT security forums and mailing lists are another source of vulnerability information.

    Proactively identify new vulnerabilities as they are announced.

    By monitoring for vulnerabilities as they are announced through industry alerts and open-source mechanisms, it is possible to identify vulnerabilities beyond your scanning tool’s penetration tests.

    Common sources:
    • Vendor websites and mailing lists
      • Vendors are the trusted sources for vulnerability and patch information on their products, particularly with new industry vulnerability disclosure requirements. Vendors are the most familiar with their products, downloads are most likely malware free, and additional information is often included.
      • There are some issues: vendors won’t announce a vulnerability until a patch is created, which creates a potential unknown risk exposure; numerous vendor sites will have to be monitored continually.
    • Third-party websites
      • A non-vendor site providing information on vulnerabilities. They often will cover a specific technology or an industry section, becoming a potential “one-stop shop” for some. They will often provide vulnerability information that is augmented with different remediation recommendations faster than vendors.
      • However, it’s more likely that malicious code could be downloaded and it will often not be comprehensive information on patching.
    • Third-party mailing lists, newsgroups, live paid subscriptions, and live open-source feeds
      • These are alerting and notification services for the detection and dissemination of vulnerability information. They provide information on the latest and most critical vulnerabilities, e.g. US-CERT Cybersecurity Alerts.
    • Vulnerability databases
      • These usually consist of dedicated databases on vulnerabilities. They perform the hard work of identifying and aggregating vulnerability and patch information into a central repository for end-user consumption. The commentary features on these databases provide excellent insight for practitioners, e.g. National Vulnerability Database (NVD).
    Stock photo of a student checking a bulletin board.

    Third-party vulnerability information sources

    IT security forums and mailing lists are another source of vulnerability information.

    Third-party sources for vulnerabilities

    • Open Source Vulnerability Database (OSVDB)
      • An open-source database that is run independently of any vendors.
    • Common Vulnerabilities and Exposures (CVE)
      • Free, international dictionary of publicly known information security vulnerabilities and exposures.
    • National Vulnerability Database (NVD)
      • Through NIST, the NVD is the US government’s repository of vulnerabilities and includes product names, flaws, and any impact metrics.
      • The National Checklist Repository Program (NCRP), also provided by NIST, provides security checklists for configurations of operating systems and applications.
      • The Center for Internet Security, a separate entity unrelated to NIST, provides configuration benchmarks that are often referenced by the NCRP.
    • Open Web Application Security Project (OWASP)
      • OWASP is another free project helping to expose vulnerabilities within software.
    • US-CERT National Cyber Alert System (US-CERT Alerts)
      • Cybersecurity Alerts – Provide timely information about current security issues, vulnerabilities, and exploits.
      • Cybersecurity Tips – Provide advice about common security issues for the general public.
      • Cybersecurity Bulletins – Provide weekly summaries of new vulnerabilities. Patch information is provided when available.
    • US-CERT Vulnerability Notes Database (US-CERT Vulnerability Notes)
      • Database of searchable security vulnerabilities that were deemed not critical enough to be covered under US-CERT Alerts. Note that the NVD covers both US-CERT Alerts and US-CERT Notes.
    • Open Vulnerability Assessment Language (OVAL)
      • Coding language for security professionals to discuss vulnerability checking and configuration issues. Vulnerabilities are identified using tests that are disseminated in OVAL definitions (XML executables that can be used by end users).

    1.4.1 Develop a monitoring and review process for third-party vulnerability sources

    60 minutes

    Input: Third-party resources list

    Output: Process for review of third-party vulnerability sources

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, SecOps team members, ITOps team members, CISO

    1. Identify what third-party resources are useful and relevant.
    2. Shortlist your third-party sources.
    3. Identify what is the best way to receive information from a third party.
    4. Document the method to receive or check information from the third-party source.
    5. Identify who is responsible for maintaining third-party vulnerability information sources
    6. Capture this information in the Vulnerability Management SOP Template.
    Download the Vulnerability Management SOP TemplateSample of the Third Party Vulnerability Monitoring tables from the Vulnerability Management SOP Template.

    Incidents and vulnerability management

    Incidents can also be a sources of vulnerabilities.

    When any incident occurs, for example:

    • A security incident, such as malware detected on a machine
    • An IT incident, such as an application becomes unresponsive
    • A crisis occurs, like a worker accident

    There can be underlying vulnerabilities that need to be processed.

    Three Types of IT Incidents exist:
    1. Information Security Incident
    2. IT Incident and/or Problem
    3. Crisis

    Note: You need to have developed your various incident response plans to develop information feeds to the vulnerability mitigation process.
    If you are missing an incident response plan, take a look at Info-Tech’s Related Resources.

    Info-Tech Related Resources:
    If you do not have a formalized information security incident management program, take a look at Info-Tech’s blueprint Develop and Implement a Security Incident Management Program.

    If you do not have a formalized problem management process, take a look at Info-Tech’s blueprint Incident and Problem Management.

    If you do not have a formalized IT incident management process, take a look at Info-Tech’s blueprint Develop and Implement a Security Incident Management Program.

    If you do not have formalized crisis management, take a look at Info-Tech’s blueprint Implement Crisis Management Best Practices.

    1.4.2 Incident management and vulnerability management

    60 minutes

    Input: Existing incident response processes, Existing crisis communications plans

    Output: Alignment of vulnerability management program with existing incident management processes

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, SecOps team members, ITOps team members, including tiers 1, 2, and 3, CISO, CIO

    1. Inventory what incident response plans the organization has. These include:
      1. Information Security Incident Response Plan
      2. IT Incident Plan
      3. Problem Management Plan
      4. Crisis Management Plan
    2. Identify what part of those plans contains the post-response recap or final analysis.
    3. Formalize a communication process between the incident response plan and the vulnerability mitigation process.

    Note: Most incident processes will cover some sort of root cause analysis and investigation of the incident. If a vulnerability of any kind is detected within this analysis it needs to be reported on and treated as a detected vulnerability, thus warranting the full vulnerability mitigation process.

    Download the Vulnerability Management SOP Template

    Implement Risk-Based Vulnerability Management

    Phase 2

    Triage & prioritize

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    Examine the elements that you will use to triage and analyze vulnerabilities, prioritizing using a risk-based approach, and prepare for remediation options.

    This phase involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Step 2.1

    Triage vulnerabilities

    Activities
    • 2.1.1 Evaluate your identified vulnerabilities

    This step will walk you through the following activities:

    Review your vulnerability information sources and determine a methodology that will be used to consistently evaluate vulnerabilities as your scanning tool alerts you to them.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    A consistent, documented process for the evaluation of vulnerabilities in your environment.

    Triage & prioritize
    Step 2.1Step 2.2Step 2.3Step 2.4

    Triaging vulnerabilities

    Use Info-Tech’s methodology to allocate urgencies to your vulnerabilities to assign the appropriate resources to each one.

    When evaluating numerous vulnerabilities, use the following three factors to help determine the urgency of vulnerabilities:

    • The intrinsic qualities of the vulnerability
    • The business criticality of the affected asset
    • The sensitivity of the data stored on the affected asset

    Intrinsic qualities of the vulnerability — Vulnerabilities need to be examined for the inherent risk they pose specifically to the organization, which includes if an exploit has been identified or if the industry views this as a serious and likely threat.

    Business criticality of the affected asset — Assets with vulnerabilities need to be assessed for their criticality to the business. Vulnerabilities on systems that are critical to business operations or customer interactions are usually top of mind.

    Sensitivity of the data of the affected asset — Beyond just the criticality of the business, there must be consideration of the sensitivity of the data that may be compromised or modified as a result of any vulnerabilities.

    Info-Tech Insight

    This methodology allows you to determine urgency of vulnerabilities, but your remediation approach needs to be risk-based, within the context of your organization.

    Triage your vulnerabilities, filter out the noise

    Triaging enables your vulnerability management program to focus on what it should focus on.

    Use the Info-Tech Vulnerability Mitigation Process Template to define how to triage vulnerabilities as they first appear.

    Triaging is an important step in vulnerability management, whether you are facing ten to tens of thousands of vulnerability notifications.
    Many scanning tools already provide the capability to compare known vulnerabilities against existing assets through integration with the asset inventory.

    There are two major use cases for this process:
    1. For organizations that have identified vulnerabilities but do not know their own systems well enough. This can be due to a lack of a formal asset inventory.
    2. For proactive organizations that are regularly staying up to date with industry announcements regarding vulnerabilities. Once an alert has been made publicly, this process can assist in confirming if the vulnerability is relevant to the organization.
    The Info-Tech methodology for initial triaging of vulnerabilities:
    Flowchart of the Info-Tech methodology for initial triaging of vulnerabilities, beginning with 'Vulnerability has been identified' and ending with either 'Vulnerability has been triaged' or 'No action needed'.

    Even if neither of these use cases apply to your organization, triaging still addresses the issues of false positives. Triaging provides a quick way to determine if vulnerabilities are relevant.

    After eliminating the noise, evaluate your vulnerabilities to determine urgency

    Consider the intrinsic risk to the organization.

    Is there an associated, verified exploit?
    • For a vulnerability to become a true threat to the organization, it must be exploited to cause damage. In today’s threat landscape, exploit kits are sold online that allow individuals with low technical knowledge to exploit a vulnerability.
    • Not all vulnerabilities have an associated exploit, but this does not mean that these vulnerabilities can be left alone. In many cases, it is just a matter of time before an exploit is created.
    • Another point to consider is that while exploits can exist theoretically, they may not be verified. Vulnerabilities always pose some level of risk, but if there are no known verified exploits, there is less risk attached.
    Is there a CVSS base score of 7.0 or higher?
    • Common Vulnerability Scoring System (CVSS) is an open-source industry scoring method to assess the potential severity of vulnerabilities.
    • CVSS takes into account: attack vector, complexity, privileges required, user interaction, scope, confidentiality impact, integrity impact, and availability impact.
    • Vulnerabilities that have a score of 4.0 or lower are classified as low vulnerabilities, while scores between 4.0 and 6.9 are put in the medium category. Scores of 7 or higher are in the high and critical categories. As we will review in the Risk Assessment section, you will want to immediately deal with high and critical vulnerabilities.
    Is there potential for significant lateral movement?
    • Even though a vulnerability may appear to be part of an inconsequential asset, it is important to consider whether it can be leveraged to gain access to other areas of the network or system by an attacker.
    • Another consideration should be whether the vulnerability can be exploited by remote or local access. Remote exploits pose a greater risk as this can mean that attackers can perform an exploit from any location. Local exploits carry less risk, although the risk of insider threats should be considered here as well.

    2.1.1 Evaluate your identified vulnerabilities

    60 minutes

    Input: Visio workflow of Info-Tech’s vulnerability management process

    Output: Adjusted workflow to reflect your current processes, Vulnerability Tracking Tool

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, SecOps team members, ITOps team members, including tiers 1, 2, and 3, CISO, CIO

    Using the criteria from the previous slide, Info-Tech has created a methodology to evaluate your vulnerabilities by examining their intrinsic qualities.

    The methodology categorizes the vulnerabilities into high, medium, and low risk importance categorizations, before assigning final urgency scores in the later steps.

    1. Review the evaluation process in the Vulnerability Management Workflow library.
    2. Determine if this process makes sense for the organization; otherwise, change the flow to include any other considerations of process flows.
    3. As this process is used to evaluate vulnerabilities, document vulnerabilities to an importance category. This can be done in the Vulnerability Tracking Tool or using a similar internal vulnerability tracking document, if one exists.

    Download the Vulnerability Management SOP Template

    Step 2.2

    Determine high-level business criticality

    Activities
    • 2.2.1 Determine high-level business criticality
    • 2.2.2 Determine your high-level data classifications

    This step will walk you through the following activities:

    Determining high-level business criticality and data classifications will help ensure that IT security is aligned with what is critical to the business. This will be very important when decisions are made around vulnerability risk and the urgency of remediation action.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO

    Outcomes of this step

    Understanding and consistency in how business criticality and business data is assessed by IT in the vulnerability management process.

    Triage & prioritize
    Step 2.1Step 2.2Step 2.3Step 2.4

    Understanding business criticality is key to determining vulnerability urgency

    Prioritize operations that are truly critical to the operation of the business, and understand how they would be impacted by an exploited vulnerability.

    Use the questions below to help assess which operations are critical for the business to continue functioning.

    For example, email is often thought of as a business-critical operation when this is not always the case. It is important to the business, but as regular operations can continue for some time without it, it would not be considered extremely business critical.

    Questions to askDescription
    Is there a hard-dollar impact from downtime?This refers to when revenue or profits are directly impacted by a business disruption. For example, when an online ordering system is compromised and shut down, it impacts sales, and therefore, revenue.
    Is there an impact on goodwill/ customer trust?If downtime means delays in service delivery or otherwise impacts goodwill, there is an intangible impact on revenue that may make the associated systems mission critical.
    Is regulatory compliance a factor?Depending on the circumstances of the vulnerabilities, it can be a violation of regulatory compliance and would cause significant fines.
    Is there a health or safety risk?Some operations are critical to health and safety. For example, medical organizations have operations that are necessary to ensure that individuals’ health and safety are maintained. An exploited vulnerability that prevents these operations can directly impact the lives of these individuals.
    Don’t start from scratch – your disaster recovery plan (DRP) may have a business impact analysis (BIA) that can provide insight into which applications and operations are considered business critical.

    Analyst Perspective

    When assessing the criticality of business operations, most core business applications may be deemed business critical over the long term.

    Consider instead what the impact is over the first 24 or 48 hours of downtime.

    2.2.1 Determine high-level business criticality

    120 minutes; less time if a Disaster recovery plan business impact analysis exists

    Input: List of business operations, Insight into business operations impacts to the business

    Output: List of business operations and their criticality and impact to the business

    Materials: Vulnerability Management SOP Template

    Participants: Participants from the business, IT Security Manager, CISO, CIO

    1. List your core business operations at a high level.
    2. Use a High, Medium, or Low ranking to prioritize the business operations based on mission-critical criteria and the impact of the vulnerability.
    3. When using the process flow, consider if the vulnerability directly affects any of these business operations and move through the process flow based on the corresponding High, Medium, or Low ranking.
    Example prioritization of business operations for a manufacturing company:Questions to ask:
    1. Is there a hard-dollar impact from downtime?
    2. Is there impact on goodwill or customer trust?
    3. Is regulatory compliance a factor?
    4. Is there a health or safety risk?

    Download the Vulnerability Management SOP Template

    Determine vulnerability urgency by its data classification

    Consider how to classify your data based on if the Confidentiality, Integrity, or Availability (CIA) is compromised.

    To properly classify your data, consider how the confidentiality, integrity, and availability of that data would be affected if it were to be exploited by a vulnerability. Review the table below for an explanation for each objective.
    Confidentiality

    Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

    Integrity

    Guarding against improper information modification or destruction, and ensuring information non-repudiation and authenticity.

    Availability

    Ensuring timely and reliable access to and use of information.

    Each piece of data should be ranked as High, medium, or low across confidentiality, integrity, and availability based on adverse effect.Arrow pointing right.Low — Limited adverse effect

    Moderate — Serious adverse effect

    High — Severe or catastrophic adverse effect

    If you wish to build a whole data classification methodology, refer to our Discover and Classify Your Data blueprint.

    How to determine data classification when CIA differs:

    The overall ranking of the data will be impacted by the highest objective’s ranking.

    For example, if confidentiality and availability are low, but integrity is high, the overall impact is high.

    This process was developed in part by Federal Information Processing Standards Publication 199.

    2.2.2 Determine your high-level data classifications

    120 minutes, less time if data classification already exists

    Input: Knowledge of data use and sensitivity

    Output: Adjusted workflow to reflect your current processes, Vulnerability Tracking Tool

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, CISO, CIO

    If your organization has formal data classification in place, it should be leveraged to determine the high, medium, and low rankings necessary for the process flows. However, if there is no formal data classification in place, the process below can be followed:

    1. List common assets or applications that are prone to vulnerabilities.
    2. Consider the data that is on these devices and provide a high (severe or catastrophic adverse effect), medium (serious adverse effect), or low (limited adverse effect) ranking based on confidentiality, availability, and integrity.
      1. Use the table on the previous slide to assist in providing the ranking.
      2. Remember that it is the highest ranking that dictates the overall ranking of the data.
    3. Document which data belongs in each of the categories to provide contextual evidence.

    Download the Vulnerability Management SOP Template

    This process should be part of your larger data classification program. If you need assistance in building this out, review the Info-Tech research, Discover and Classify Your Data.

    Step 2.3

    Consider current security posture

    Activities
    • 2.3.1 Document your defense-in-depth controls

    This step will walk you through the following activities:

    Your defense-in-depth controls are the existing layers of security technology that protects your environment. These are relevant when considering the urgency and risk of vulnerabilities in your environment, as they will mitigate some of the risk.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    Understanding and documentation of your current defense-in-depth controls.

    Triage & prioritize
    Step 2.1Step 2.2Step 2.3Step 2.4

    Review your current security posture

    What you have today matters.
    • In most cases, your vulnerability scanning tool alone will not have the context of your security posture in the results of its scans. This can skew the true urgency of detected vulnerabilities in your environment.
    • What you have in place today is what comprises your organization’s overall security posture. This bears high relevance to the determination of the risk that a vulnerability poses to your environment.
    • Elements such as enterprise architecture and defense in depth mechanisms should be factored into determining the risk of a vulnerability and what kind of immediacy is warranted to address it.
    • Details of your current security posture will also contribute to the assessment and selection of remediation options.
    Stock image of toy soldiers split into two colours, facing eachother down.

    Enterprise architecture considerations

    What does your network look like?
    • Most organizations have a network topology that has been put in place with operational needs in mind. These includes specific vLANs or subnets, broadcast domains, or other methods of traffic segregation.
    • The firewall and network ACLs (access control lists) will manage traffic and the routes that data packets follow to traverse a network.
    • Organizations may physically separate data network types, for example, a network for IT services and one for operational technology (OT)(OT is often known as ICS (industrial control systems) or SCADA (supervisory control and data acquisition)) or other types of production technology.
    • The deployment of distribution and access switches across an enterprise can also be a factor, where a flatter network will have fewer network devices within the topology.
    • In a directory services environment such as Windows Active Directory, servers and applications can be segregated by domains and trust relationships, organizational units, and security groups.
    What’s the relevance to vulnerability management?

    For a vulnerability to be exploited, a malicious actor must find a way to access the vulnerable system to make use of the vulnerability in question.

    Any enterprise architecture characteristics that you have in place may lessen the probability of a successful vulnerability exploit.

    This may potentially “buy time” for SecOps to address and remediate the vulnerability.

    Defense-in-depth

    Defense-in-depth provides extra layers of protection to the organization.

    • Defense-in-depth refers to the coordination of security controls to add layers of security to the organization.
      • This means that even if attackers are able to get past one control or layer, they are hindered by additional security.
    • Defense-in-depth is distinct from the previous section on enterprise architecture as these are security controls put in place with the purpose of being lines of defense within your security posture.
    • This can be extremely useful in managing vulnerabilities; thus, it is important to establish the existing defense-in-depth controls. By establishing the base model for your defense-in-depth, it will allow you to leverage these controls to manage vulnerabilities.
    • Controls are typically distributed across endpoints, network infrastructure, servers, and physical security.

    Note: Defense-in-depth controls do not entirely mitigate vulnerability risk. They provide a way in which the vulnerability cannot be exploited, but it continues to exist on the application. This must be kept in mind as the controls or applications themselves change, as it can re-open the vulnerability and cause potential problems.

    Examples of defense-in-depth controls can consist of any of the following:
    • Antivirus software
    • Authentication security
    • Multi-factor authentication
    • Firewalls
    • Demilitarized zones (DMZ)
    • Sandboxing
    • Network zoning
    • Application whitelisting
    • Access control lists
    • Intrusion detection & prevention systems
    • Airgapping
    • User security awareness training

    2.3.1 Document your defense-in-depth controls

    2 hours, less time if a security services catalog exists

    Input: List of technologies within your environment, List of IT security controls that are in place

    Output: List of defense-in-depth controls

    Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

    Participants: IT Security Manager, Infrastructure Manager, IT Director, CISO

    1. Document the existing defense-in-depth controls within your system.
    2. Review the initial list that has been provided and see if these are controls that currently exist.
    3. Indicate any other controls that are being used by the organization. This may already exist if you have a security services catalog.
    4. Indicate who the owners of the different controls are.
    5. Track the information in the Vulnerability Management SOP Template.

    Download the Vulnerability Management SOP Template

    Sample table of security controls within a Defense-in-depth model with column headers 'Defense-in-depth control', 'Description', 'Workflow', and 'Control Owner'.

    Step 2.4

    Risk assessment of vulnerabilities

    Activities
    • 2.4.1 Build a classification scheme to consistently assess impact
    • 2.4.2 Build a classification scheme to consistently assess likelihood

    This step will walk you through the following activities:

    Assessing risk will be the cornerstone of how you evaluate vulnerabilities and what priority you place on remediation. This is actual risk to the organization and not simply what the tool reports without the context of your defense-in-depth controls.

    This step involves the following participants:

    • IT Security Manager
    • IT Operations Management
    • CISO
    • CIO

    Outcomes of this step

    A risk matrix tailored to your organization, based on impact and likelihood. This will provide a consistent, unambiguous way to assess risk across the vulnerability types that is reported by your scanning tool.

    Triage & prioritize
    Step 2.1Step 2.2Step 2.3Step 2.4

    Vulnerabilities and risk

    Vulnerabilities must be addressed to mitigate risk to the business.
    • Vulnerabilities are a concern because they are potential threats to the business. Vulnerabilities that are not addressed can turn from potential threats into actual threats; it is only a matter of time and opportunity.
    • Your organization will already be familiar with risk management, as every decision carries a business risk component. There may even be a senior manager assigned as corporate risk officer to manage organizational risk.
    • The organization likely has a risk tolerance level that defines the organization’s risk appetite. This may be measured in dollars, non-productivity time, or other units of inefficiency.
    • The risk of a vulnerability can be calculated using impact and likelihood. Impact is the effect that the vulnerability will have if it is exploited by a malicious actor. Likelihood is the degree to which a vulnerability exploit can possibly occur.
    Stock image of a cartoon character in a tie hanging on the needle of a 'RISK' meter as it sits at 'LOW'.

    Info-Tech Insight

    Risk to the organization is business language that everyone can understand. This is particularly true when the risk is to productivity or to the company’s bottom line.

    A risk-based approach to vulnerability management

    CVSS scores are just the starting point!

    Vulnerabilities are constant.
    • There will always be vulnerabilities in the environment, many of which won’t be reported as they are currently unknown.
    • Don’t focus on trying to resolve all vulnerabilities in your environment. You are neither resourced for it nor can the business tolerate the downtime needed to remediate every single vulnerability.
      • The constant follow of new vulnerabilities will quickly render your efforts useless and it will become a game of “whack-a-mole.”
    • Being able to prioritize which vulnerabilities require appropriate levels of response is crucial to ensuring that an organization stays ahead of the continual flow.
    • Your vulnerability scanning tool will report the severity of a vulnerability, often using an industry Common Vulnerability Scoring System (CVSS) system ranging from 0 to 10. It will then scan your environment for the presence of the vulnerability and report accordingly.
      • Your vulnerability scanning tool will not be aware of any mitigation components in your environment, such as compensating controls, network segregation, server/application hardening, or any other measures that can reduce the risk. That is why determining actual risk is a crucial step.

    Stock image of a whack-a-mole game.

    Info-Tech Insight

    Vulnerability scanning is a valuable function, but it does not tell the full picture. You must determine how urgent a vulnerability truly is, based on your specific environment.

    Prioritize remediation by levels of risk

    Address critical and high risk with high immediacy.

    • Addressing the critical and high-risk vulnerabilities with urgency will ensure that you are addressing a more manageable number of vulnerabilities.
    • An optimized vulnerability management process will address the medium and low risk vulnerabilities within the regular cycle.
    • This may be very similar to what you do today in an ad hoc fashion:
      • Zero-day vulnerabilities tend to warrant a stop in operations and are dealt with immediately (or as soon as a vendor has a fix).
      • The standard remediation process (patching/updating, change of configuration, etc.) happens within a regular controlled time cycle.
    • Formalizing this process will ensure that appropriate attention is given to vulnerabilities that warrant it and that the remaining vulnerabilities are dealt with as a regular, recurring activity.

    Mitigate the risk surface by reducing the time across the phases

    Chart titled 'Mitigate the risk surface by reducing the time across the phases' with the axes 'Risk Level' and 'Time' with lines created by individual risks. The highlighted line begins in 'Critical' and eventually drops to low. A note on the line reads 'Objective: Reduce risk surface by reducing time to address'. The area between the line and your organization's risk tolerance is labelled 'Risk Surface, to be addressed with high priority'. A bracket around Risk levels 'High' and 'Critical' reads 'Priority focus zone (risk surface)'. Risk lines within levels 'Low' and 'Medium' read 'Follow standard vulnerability management cycles'.

    Risk matrix

    Risk = Impact x Likelihood
    • Info-Tech’s Vulnerability Management Risk Assessment Tool provides a method of calculating the risk of a vulnerability. The risk rating is assigned using the impact of the risk and the likelihood or probability that the event may occur.
    • The tool puts the vulnerability into your organization’s context: How many people will be affected? What service types are vulnerable and how does that impact the business? Is there an anticipated update from the vendor of the system being affected?
    • Urgency of remediation should be based on the business consequences if the vulnerability were to be exploited, relative to the business’ risk tolerance.

    Info-Tech Insight

    Risk determination should be done within the context of your current environment and not simply based on what your vulnerability tool is reporting.

    A risk matrix is useful in calculating a risk rating for vulnerabilities. Risk matrix with axes 'Impact' and 'Time' and individual vulnerabilities mapped onto it via their risk rating. The example 'Organizational Risk Tolerance Threshold' line runs diagonally through the 'Medium' squares.

    2.4.1 Build a classification scheme to consistently assess impact

    60 minutes

    Input: Knowledge of IT environment, Knowledge of business impact for each IT component or service

    Output: Vulnerability Management Risk Assessment Tool formatted to your organization

    Materials: Vulnerability Management Risk Assessment Tool

    Participants: Functional Area Managers, IT Security Manager, CISO

    Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and the severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.

    1. Define a set of questions to measure risk impact or edit existing questions in the tool.
    2. For each question, assign a weight that should be placed on that factor.
    3. Define criteria for each question that would categorize the risk. The drop-down box content can be modified in the hidden Labels tab.

    Note that you are looking to baseline vulnerability types, rather than categorizing every single vulnerability your scanning tool reports. The volume of vulnerabilities will be high, but vulnerabilities can be categorized into types on a regular basis.

    Download the Vulnerability Management Risk Assessment Tool

    Screenshot of table from Info-Tech's Vulnerability Management Risk Assessment Tool for assessing Impact. Column headers are 'Weight', 'Question', 'OS vulnerability', 'Application vulnerability', 'Network vulnerability', and 'Vendor patch release'.

    2.4.2 Build a classification scheme to consistently assess likelihood

    60 minutes

    Input: Knowledge of IT environment, Knowledge of business impact for each IT component or service

    Output: Vulnerability Management Risk Assessment Tool formatted to your organization

    Materials: Vulnerability Management Risk Assessment Tool

    Participants: Functional Area Managers, IT Security Manager, CISO

    Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and the severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.

    1. Define a set of questions to measure risk impact or edit existing questions in the tool.
    2. For each question, assign a weight that should be placed on that factor.
    3. Define criteria for each question that would categorize the risk. The drop-down box content can be modified in the hidden Labels tab.

    Note that you are looking to baseline vulnerability types, rather than categorizing every single vulnerability that your scanning tool reports. The volume of vulnerabilities will be high, but vulnerabilities can be categorized into types on a regular basis.

    Download the Vulnerability Management Risk Assessment Tool

    Screenshot of table from Info-Tech's Vulnerability Management Risk Assessment Tool for assessing Likelihood. Column headers are 'Weight', 'Question', 'OS vulnerability', 'Application vulnerability', and 'Network vulnerability'.

    Prioritize based on risk

    Select the best remediation option to minimize risk.

    Through the combination of the identified risk and remediation steps in this phase, the prioritization for vulnerabilities will become clear. Vulnerabilities will be assigned a priority once their intrinsic qualities and threat potential to business function and data have been identified.

    • Remediation options will be identified for the higher urgency vulnerabilities.
    • Options will be assessed for whether they are appropriate.
    • They will be further tested to determine if they can be used adequately prior to full implementation.
    • Based on the assessments, the remediation will be implemented or another option will be considered.
    Prioritization
    1. Assignment of risk
    2. Identification of remediation options
    3. Assessment of options
    4. Implementation

    Remediation plays an incredibly important role in the entire program. It plays a large part in wider risk management when you must consider the risk of the vulnerability, the risk of the remediation option, and the risk associated with the overall process.

    Implement Risk-Based Vulnerability Management

    Phase 3

    Remediate vulnerabilities

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    • Identifying potential remediation options.
    • Developing criteria for each option with regards to when to use and when to avoid.
    • Establishing exception procedure for testing and remediation.
    • Documenting the implementation of remediations and verification.

    This phase involves the following participants:

    • CISO, or equivalent
    • Security Manager/Analyst
    • Network, Administrator, System, Database Manager
    • Other members of the vulnerability management team
    • Risk managers for the risk-related steps

    Determining how to remediate

    Patching is only one option.

    This phase will allow organizations to build out the specific processes for remediating vulnerabilities. The overall process will be the same but what will be critical is the identification of the correct material. This includes building the processes around:
    • Identifying and selecting the remediation option to be used.
    • Determining what to do when a patch or update is not available.
    • Scheduling and executing the remediation activity.
    • Continuous improvement.

    Each remediation option carries a different level of risk that the organization needs to consider and accept by building out this program.

    It is necessary to be prepared to do this in real time. Careful documentation is needed when dealing with vulnerabilities. Use the Vulnerability Tracking Tool to assist with documentation in real time. This is separate from using the process template but can assist in the documentation of vulnerabilities.

    Step 3.1

    Assessing remediation options

    Activities
    • 3.1.1 Develop risk and remediation action

    This step will walk you through the following activities:

    With the risk assessment from the previous activity, we can now examine remediation options and make a decision. This activity will guide us through that.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    List of remediation options and criteria on when to consider each.

    Remediate vulnerabilities
    Step 3.1Step 3.2Step 3.3

    Identify remediation options

    There are four options when it comes to vulnerability remediation.

    Patches and Updates

    Patches are software or pieces of code that are meant to close vulnerabilities or provide fixes to any bugs within existing software. These are typically provided by the vendor to ensure that any deployed software is properly protected after vulnerabilities have been detected.

    Configuration Changes

    Configuration changes involve administrators making significant changes to the system or network to remediate against the vulnerability. This can include disabling the vulnerable application or specific element and can even extend to removing the application altogether.

    Remediation

    Compensating Controls

    By leveraging security controls, such as your IDS/IPS, firewalls, or access control, organizations can have an added layer of protection against vulnerabilities beyond the typical patches and configuration changes. This can be used as a measure while waiting to implement another option (if one exists) to reduce the risk of the vulnerability in the short or long term.

    Risk Acceptance

    Whenever a vulnerability is not remediated, either indefinitely or for a short period of time, the organization is accepting the associated risk. Segregation of the vulnerable system can occur in this instance. This can occur in cases where a system or application cannot be updated without detrimental effect to the business.

    Patches and updates

    Patches are often the easiest and most common method of remediation.

    Patches are usually the most desirable remediation solution when it comes to vulnerability management. They are typically provided by the vendor of the vulnerable application or system and are meant to eliminate the existing vulnerability.

    When to use

    • When adequate testing can be performed on the patch to be implemented.
    • When there is a change window approaching for the affected systems.
    • When there is standardization across the IT assets to allow for easier installation of patches.

    When to avoid

    • When the patch cannot be adequately tested.
    • When a patch has been tested, but it caused an unfavorable consequence such as a system or application failure.
    • When there is no near change window in which to install the patches, which is often the case for critical systems.
    When to consider other remediation options
    • For critical systems, it can be difficult to implement a patch as they often require the system to be rebooted or go through some downtime. There must be consideration towards whether there is a change window approaching if a patch is to be implemented on a business-critical system.
      • If there is no opportunity to implement the patch, or no approaching change window, it is wise to leverage another remediation option.
    • When patches are not currently available from the vendor or they are in production, other remediation options are needed.
    • Other remediation options can be used in tandem with the patch. For example, if a patch is being deferred until the change window, it would be wise to use alternate remediation options to close the vulnerability.

    Compensating controls

    Compensating controls can decrease the risk of vulnerabilities that cannot be (immediately) remediated.

    • Compensating controls are measures put in place when direct remediation measures are impractical or non-existent.
    • Similar to the payment card industry’s PCI DSS 1.0 provision of compensating controls, these are meant to meet the intent or rigor of the original requirement; unlike PCI DSS, these measures are to mitigate risk rather than meet compliance.
    • The compensating control should be viewed as only a temporary measure for dealing with a vulnerability, although circumstances may dictate a degree of permanence in the application of the compensating control.
    • Examples where compensating controls may be needed are:
      • The software vendor is developing an update or patch to address a vulnerability.
      • Through your testing process, a patch will adversely affect the performance or operation of the target system and be detrimental to the business.
      • A critical application will only run on a legacy operating system, the latter of which is no longer supported by the vendor.
      • A legacy application is no longer being supported but is critical to your operations. A replacement, if one exists, will take time to implement.
    Examples of compensating controls
    • Segregating a vulnerable server or application on the network, physically or logically.
    • Hardening the operating system or application.
    • Restricting user logins to the system or application.
    • Implementing access controls on the network route to the system.
    • Instituting application whitelisting.

    Configuration changes

    Configuration changes involve making changes directly to the application or system in which there is a vulnerability. This can vary from disabling or removing the vulnerable element or, in the case of applications built in-house, changing the coding of the application itself. These are commonly used in network vulnerabilities such as open ports.

    When to use

    • A patch is not available.
    • The vulnerable element can be significantly changed, or even disabled, without significantly disrupting the business.
    • The application is built in-house, as the vulnerability must be closed internally.
    • There is adequate testing to ensure that the configuration change does not affect the business.
    • A configuration change in your network or system can affect numerous endpoints or systems, reducing endpoint patching or use of defense-in-depth controls.

    When to avoid

    • When a suitable patch is available.
    • When the vulnerability is on a business-critical element with no nearby change window or it cannot be disabled.
    • When there is no opportunity in which to perform testing to ensure that there are no unintended consequences.
    When to consider other remediation options
    • Configuration changes require careful documentation as changes are occurring to the system and applications. If there is a need to perform a back-out process and return to the original configuration, this can be extremely difficult without clear documentation of what occurred.
    • If business systems are too critical or important to the regular business function to perform any changes, it is necessary to consider other options.

    Info-Tech Insight

    Remember your existing processes: configuration changes may need to be approved and orchestrated through your organization’s configuration and change management processes.

    Case Study

    Remediation options do not have to be used separately. Use the Shellshock 2014 case as an example.

    INDUSTRY: All
    SOURCE: Public Domain
    Challenge

    Bashdoor, more commonly known as Shellshock, was announced on September 24, 2014.

    This bug involved the Bash shell, which normally executes user commands, but this vulnerability meant that malicious attackers could exploit it.

    This was rated a 10/10 by CVSS – the highest possible score.

    Within hours of the announcement, hackers began to exploit this vulnerability across many organizations.

    Solution

    Organizations had to react quickly and multiple remediation options were identified:

    • Configuration changes – Companies were recommended to use other shells instead of the Bash shell.
    • Defense-in-depth controls – Using HTTP server logs, it could be possible to identify if the vulnerability had been exploited.
    • Patches – Many vendors released patches to close this vulnerability including Debian, Ubuntu, and Red Hat.
    Results

    Companies began to protect themselves against these vulnerabilities.

    While many organizations installed patches as quickly as possible, some also wished to test the patch and leveraged defense-in-depth controls in the interim.

    However, even today, many still have the Shellshock vulnerability and exploits continue to occur.

    Accept the risk and do nothing

    By choosing not to remediate vulnerabilities, you must accept the associated risk. This should be your very last option.

    Every time that a vulnerability is not remediated, it continues to pose a risk to the organization. While it may seem that every vulnerability needs to be remediated, this is simply not possible due to limited resources. Further, it can take away resources from other security initiatives as opposed to low-priority vulnerabilities that are extremely unlikely to be exploited.

    Common criteria for vulnerabilities that are not remediated:
    • Affected systems are of extremely low criticality.
    • Affected systems are deemed too critical to take offline to perform adequate remediation.
    • Low urgency is assigned to those vulnerabilities.
    • Cost and time required for the remediation are too high.
    • No adequate solutions exist – the vendor has not released a patch, there are weak defense-in-depth controls, and it is not possible to perform a configuration change.

    Risk acceptance is not uncommon…

    • With an ever-increasing number of vulnerabilities, organizations are struggling to keep up and often, intentionally or unintentionally, accept the risk associated.
    • In the end, non-remediation means full acceptance of the risk and any consequences.

    Enterprise risk management
    Arrow pointing up.
    Risk acceptance of vulnerabilities

    While these are common criteria, they must be aligned to the enterprise risk management framework and approved by management.

    Don’t forget the variables that were assessed in Phase 2. This includes the risk from potential lateral movement or if there is an existing exploit.

    Risk considerations

    When determining if risk acceptance is appropriate, consider the cost of not mitigating vulnerabilities.

    Don’t accept the risk because it seems easy. Consider the financial impact of leaving vulnerabilities open.

    With risk acceptance, it is important to review the financial impact of a security incident resulting from that vulnerability. There is always the possibility of exploitation for vulnerabilities. A simple metric taken from NIST SP800-40 to use for this is:

    Cost not to mitigate = W * T * R

    Where (W) is the number of work stations, (T) is the time spent fixing systems or lost in productivity, and (R) is the hourly rate of the time spent.

    As an example provided by NIST SP800-40 Version 2.0, Creating a Patch and Vulnerability Management Program:

    “For an organization where there are 1,000 computers to be fixed, each taking an average of 8 hours of down time (4 hours for one worker to rebuild a system, plus 4 hours the computer owner is without a computer to do work) at a rate of $70/hour for wages and benefits:

    1,000 computers * 8 hours * $70/hour = $560,000”

    Info-Tech Insight

    Always consider the financial impact that can occur from an exploited vulnerability that was not remediated.

    3.1.1 Develop risk and remediation action

    90 minutes

    Input: List of remediation options

    Output: List of remediation options sorted into “when to use” and “when to avoid” lists

    Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

    Participants: IT Security Manager, IT Infrastructure Manager, IT Operations Manager, Corporate Risk Officer, CISO

    It is important to define and document your organization-specific criteria for when a remediation option is appropriate and inappropriate.

    1. List each remediation option on a flip chart and create two headings: “When to use” and “When to avoid.”
    2. Each person will list “when to use” criteria on a green sticky note and “when to avoid” criteria on a red one for each option; these will be placed on the appropriate flip chart.
    3. Discuss as a group which criteria are appropriate and which should be removed.
    4. Move on to the next remediation option when completed.
      • Ensure to include when there are remediation options that will be connected. For example, the risk may be accepted until the next available change window, or a defense-in-depth control is used before a patch can be fully installed.
    5. Once the criteria has been established, document this in the Vulnerability Management SOP Template.
    When to use:
    • When adequate testing can be performed on the patch to be implemented.
    • When there is a change window approaching, especially for critical systems.
    • When there is standardization across the IT assets to allow for easier installation of patches.
    When to avoid:
    • When the patch cannot be adequately tested.
    • When a patch has been tested, but it has caused an unfavorable consequence such as a system or application failure.
    • When there is no near change window in which to install the patches.
    (Example from the Vulnerability Management SOP Template for Patches.)

    Download the Vulnerability Management SOP Template

    Step 3.2

    Scheduling and executing remediation

    Activities

    None for this section.

    This step will walk you through the following activities:

    Although there are no specific activities for this section, it will walk you through your existing processes configuration and change management to ensure that you are leveraging those activities in your vulnerability remediation actions.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    Gained understanding of how IT operations processes configuration and change management can be leveraged for the vulnerability remediation process. Don’t reinvent the wheel!

    Remediate vulnerabilities
    Step 3.1Step 3.2Step 3.3

    Implementing the remediation

    Vulnerability management converges with your IT operations functions.
    • Once a remediation strategy has been formulated, you can leverage your release and change management processes to orchestrate the testing, version tracking, scheduling, approval, and implementation activities.
    • Each of these processes should exist in your environment in some form. Leveraging these will engage the IT operations team to carry out their tasks in the remediation process.
    • There can be a partial or full handoff to these processes, however, the owner of the vulnerability management program is responsible for verifying the application of the remediation measure and that the overall risk has been reduced.
    • Although full blueprints exist that cover each of these processes in great detail, the following slides provide an overview of each of these IT operations processes and how they intersect with vulnerability management.
    Stock image of a person on a laptop overlaid by an icon with gears indicating settings.

    Release Management

    Control the quality of deployments and releases of software updates.

    • The release management process exists to ensure that new software releases (such as patches and updates) are properly tested and documented with version control prior to their implementation into the production environment.
    • The process should map out the logistics of the deployment process to ensure that it is consistent and controlled.
    • Testing is an important part of release management and the urgency of a vulnerability remediation operation can expedite this process to ensure minimal delays. Once testing has been completed successfully, the update is then “promoted” to production-ready status and submitted into the change management process.
    • Often a separate release team may not exist, however, release management still occurs.

    For guidance on implementing or improving your release management process, refer to Info-Tech’s Stabilize Release and Deployment Management blueprint or speak to one of our experts.

    Info-Tech Insight

    Many organizations don’t have a separate release team. Rather, whomever is doing the deployment will submit a change request and the testing details are vetted through the organization’s change management process.

    For guidance on the change management process review our Optimize Change Management blueprint.

    Change Management

    Leverage change control, interruption management, approval, and scheduling.
    • Change management likely exists in some shape or form in your organization. There is usually someone or a committee, such as a change advisory board (CAB), that gives approval for a change.
    • Leveraging the change management process will ensure that your vulnerability remediation has undergone the proper review and approval before implementation. There will usually be business sign-off as part of a change management approval process.
    • Communication will also be integrated in the change management process, so the change manager will ensure that appropriate, timely communications are sent to the proper key stakeholders.
    • The change management process will link to release management and configuration management processes if they exist.

    For further guidance on implementing or improving your change management process, refer to Info-Tech’s Optimize Change Management blueprint or speak to one of our experts.

    “With no controls in place, IT gets the blame for embarrassing outages. Too much control, and IT is seen as a roadblock to innovation.” (VP IT, Federal Credit Union)

    Post-implementation activities

    Vulnerability remediation isn’t a “set it and forget it” activity.
    • Once vulnerability remediation has occurred, it is imperative that the results are reported back to the vulnerability management program manager. This ensures that the loop is closed and the tracking of the remediation activity is done properly.
      • Organizations that are subject to audit by external entities will understand the importance of such documentation.
    • The results of post-implementation review from the change management process will be of great interest, particularly if there was any deviation from the planned activities.
    • Although change execution will usually undergo some form of testing during the maintenance window, there is always the possibility that something has broken as a result of the software update. Be quick to respond to these types of incidents!
      • One example of an issue that is near impossible to test during a maintenance window is one that manifests only when the system or software comes under load. This is what makes for busy Monday mornings after a weekend change window.
    A scan with your vulnerability management software after remediation can be a way to verify that the overall risk has been reduced, if remediation was done by way of patching/updates.

    Info-Tech Insight

    After every change completion, whether due to vulnerability remediation or not, it is a good idea to ensure that your infrastructure team increases its monitoring diligence and that your service desk is ready for any sudden influx of end-user calls.

    Step 3.3

    Continuous improvement

    Activities

    None for this section.

    This step will walk you through the following activities:

    Although this section has no activities, it will review the process by which you may continually improve vulnerability management.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    An understanding of the importance of ongoing improvements to the vulnerability management program.

    Remediate vulnerabilities
    Step 3.1Step 3.2Step 3.3

    Drive continuous improvement

    • Also known as “Continual Improvement” within the ITIL best practice framework.
    • Your vulnerability management program will not be perfect on first launch. In fact, due to the ever-changing nature of vulnerabilities and the technology designed to detect and combat vulnerabilities, the processes within your vulnerability management program will need to be tweaked from time to time.
    • Continuous improvement is a sustained, proactive approach to process improvement. The practice allows for all process participants to observe and suggest incremental improvements that can help improve the overall process.
    • In many cases, continuous improvement can be triggered by changes in the environment. This makes perfect sense for vulnerability management process improvement as a change in the environment will require vulnerability scanning to ensure that such changes have not introduced new vulnerabilities into the environment, increasing your risk surface.
    • One key method to tracking continuous improvement is through the effective use of metrics, covered in Section 4.1 of this blueprint.
    “The success rate for continual improvement efforts is less than 60 percent. A major – if not the biggest – factor affecting the deployment of long-term continual improvement initiatives today is the fundamental change taking place in the way companies manage and execute work.” (Industry analyst at a consulting firm, 2014)

    Continuous Improvement

    Continuously re-evaluate the vulnerability management process.

    As your systems and assets change, your vulnerability management program may need updates in two ways.

    When new assets and systems are introduced:

    • When new systems and assets are introduced, it is important for organizations to recognize how these can affect vulnerability management.
    • It will be necessary to identify the business criticality of the new assets and systems and the sensitivity of the data that can be found on them.
    • Without doing so, these will be considered rogue systems or assets – there is no clear process for assigning urgencies.
    • This will only cause problems as actions may be taken that are not aligned with the organization’s risk management framework.

    Effective systems and asset management are needed to track this. Review Info-Tech’s Implement Systems Management to Improve Availability and Visibility blueprint for more help.

    Document any changes to the vulnerability management program in the Vulnerability Management SOP Template.

    When defense-in-depth capabilities are modified:

    • As you build an effective security program, more controls will be added that can be used to protect the organization.
    • These should be documented and evaluated based on ability to mitigate against vulnerabilities.
    • The defense-in-depth model that was previously established should be updated to include the new capabilities that can be used.
    • Defense-in-depth models are continually evolving as the security landscape evolves, and organizations must be ready for this.

    To assist in building a defense-in-depth model, review Build an Information Security Strategy.

    Implement Risk-Based Vulnerability Management

    Phase 4

    Measure and formalize

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    • You will determine what ought to be measured to track the success of your vulnerability management program.
    • If you lack a scanning tool this phase will help you determine tool selection.
    • Lastly, penetration testing is a good next step to consider once you have your vulnerability management program well underway.

    This phase involves the following participants:

    • IT Security Manager
    • SecOps team members
    • Procurement representatives
    • CISO
    • CIO

    Step 4.1

    Metrics, Key Performance Indicators (KPIs), and Critical Success Factors (CSFs)

    Activities
    • 4.1.1 Measure your program with metrics, KPIs, and CSFs

    This step will walk you through the following activities:

    After a review of the differences between raw metrics, key performance indicators (KPI), and critical success factors (CSF), compile a list of what metrics you will be tracking, why, and the business goals for each.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO
    • CIO

    Outcomes of this step

    Outline of metrics you can configure your vulnerability scanning tool to report on.

    Measure and formalize
    Step 4.1Step 4.2Step 4.3Step 4.4

    You can’t manage what you can’t measure

    Metrics provides visibility.

    • Management consultant Peter Drucker introduced the concept of metrics tied to key performance indicators (KPIs), and the concept holds true: without metrics, you lack the visibility to manage or improve a process.
    • Metrics aren’t just a collection of statistics, they have to be meaningful, they have to tell the story, and most importantly, they have to answer the “so what?” question. What is the significance of a metric – do they illustrate a trend or an anomaly? What actions should be carried out when a metric hits a certain threshold?
    • It would be prudent to track several metrics that can be combined to tell the full story. For example, tracking the number of critical vulnerabilities alone does not give a sense of the overall risk to the organization, nor does it offer any information on how quickly they have been remediated or what amount of effort was invested.
    Stock image of measuring tape.

    Metrics, KPIs, and CSFs

    Tracking the right information and making the information relevant.
    • There is often confusion between raw metrics, key performance indicators, and critical success factors.
    • Raw metrics are what is trackable from your systems and processes as a set of measurements without any context. Raw metrics in themselves are useful in telling the story of “what are we doing?”
    • KPIs are the specific metric or combination of metrics that help you track or gauge performance. KPIs tell the story of “how are we doing?” or “how well are we doing?”
    • CSFs are the specific KPIs that track the activities that are absolutely critical to accomplish for the business or business unit to be successful.
    The activity tracker on your wrist is a wealth of metrics, KPIs, and CSFs.

    If you wear an activity tracker, you are likely already familiar with the differences between metrics, key performance indicators, and critical success factors:

    • The raw metrics are your heart rate, step count, hours of sleep, caloric intake, etc.
    • KPIs are the individual goals that you have set: maintain a heart rate within the appropriate range for your age/activity level, achieve a step count goal per day, get x hours of sleep per night, consume a calorie range of y per day, etc.
    • CSFs are your overall goal: increase your cardiovascular capacity, lose weight, feel more energetic, etc.

    Your security systems can be similarly measured and tracked – transfer this skill!

    Tracking relevant information

    Tell the story in the numbers.

    Below are a number of suggested metrics to track, and why.

    Business Goal

    Critical Success Factor

    Key Performance Indicator

    Metric to track

    Minimize overall risk exposureReduction of overall risk due to vulnerabilitiesDecrease in vulnerabilitiesTrack the number of vulnerabilities year after year.
    Appropriate allocation of time and resourcesProper prioritization of vulnerability mitigation activitiesDecrease of critical and high vulnerabilitiesTrack the number of high-urgency vulnerabilities.
    Consistent timely remediation of threats to the businessMinimize risk when vulnerabilities are detectedRemediate vulnerabilities more quicklyMean time to detect: track the average time between the identification to remediation.
    Track effectiveness of scanning toolMinimize the ratio, indicating that the tool sees everythingRatio between known assets and what the scanner tracksScanner coverage compared to known assets in the organization.
    Having effective tools to track and addressAccuracy of the scanning toolDifference or ratio between reported vulnerabilities and verified onesNumber of critical or high vulnerabilities verified, between the scanning tool’s criticality rating and actual criticality.
    Reduction of exceptions to ensure minimal exposureVisibility into persistent vulnerabilities and risk mitigation measuresNumber of exceptions grantedNumber of vulnerabilities in which little or no remediation action was taken.

    4.1.1 Measure your program with metrics, KPIs, and CSFs

    60 minutes

    Input: List of metrics current being measured by the vulnerability management tool

    Output: List of relevant metrics to track, and the KPIs, CSFs, and business goals related to the metric

    Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

    Participants: IT Security Manager, IT operations management, CISO

    Metrics can offer a way to view how the organization is dealing with vulnerabilities and if there is improvement.

    1. Determine the high-level vulnerability management goals for the organization.
    2. Even with a formal process in place, the organization should be considering ways it can improve.
    3. Determine metrics that can help quantify those goals and how they can be measured.
    4. Metrics should always be easy to measure. If it’s a complex process to find the information required, it means that it is not a metric that should be used.
    5. Document your list of metrics in the Vulnerability Management SOP Template.

    Download the Vulnerability Management SOP Template

    Step 4.2

    Vulnerability Management Policy

    Activities
    • 4.2.1 Update the vulnerability management program policy

    This step will walk you through the following activities:

    If you have a vulnerability management policy, this activity may help augment it. Otherwise, if you don’t have one, this would be a great starting point.

    This step involves the following participants:

    • IT Security Manager
    • CISO
    • CIO
    • Human resources representative

    Outcomes of this step

    An inaugural policy covering vulnerability management

    Measure and formalize
    Step 4.1Step 4.2Step 4.3Step 4.4

    Vulnerability Management Program Policy

    Policies provide governance and enforcement of processes.
    • Policies offer formal guidance on the “rules” of a program, describing its purpose, scope, detailed program description, and consequences of non-compliance. Often they will have a employee sign-off acknowledging understanding.
    • In many organizations, policies are endorsed by senior executives, which gives the policy its “teeth” across the company. The human resources department will always have input due to the implications of the non-compliance aspect.
    • Policies are written to ensure an outcome of consistent expected behavior and are often written to protect the company from liability.
    • Policies should be easy to understand and unambiguous, reflect the current state, and be enforceable. Enforceability can come in the form of audit, technology, or any other means of determining compliance and enforcing behavior.
    Stock image of a judge's gavel.

    4.2.1 Update the vulnerability management policy

    60 minutes

    Input: Vulnerability Management SOP, HR guidance on policy creation and approval

    Output: Completed Vulnerability Management Policy

    Materials: Vulnerability Management SOP, Vulnerability Management Policy Template

    Participants: IT Security Manager, IT operations management, CISO, Human resources representative

    After having built your entire process in this project, formalize it into a vulnerability management policy. This will set the standards and expectations for vulnerability management in the organization, while the process will be around the specific actions that need to be taken around vulnerability management.

    This is separate and distinct from the Vulnerability Management SOP Template, which is a process and procedure document.
    1. Review Info-Tech’s Vulnerability Management Policy and customize it to your organization’s specifications.
    2. Use your Vulnerability Management SOP as a resource when specifying some of the details within the policy.
    Sample of Info-Tech's Vulnerability Management Policy Template

    Download the Vulnerability Management Policy Template

    Step 4.3

    Select and implement a scanning tool

    Activities
    • 4.3.1 Create an RFP for vulnerability scanning tools

    This step will walk you through the following activities:

    If you need to select a new vulnerability scanning tool, or replace your existing one, this activity will help set up a request for proposal (RFP).

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO

    Outcomes of this step

    The provisions needed for you to create and deploy an RFP for a vulnerability management tool.

    Measure and formalize
    Step 4.1Step 4.2Step 4.3Step 4.4

    Vulnerability management and penetration testing

    Similar in nature, yet provide different security functions.

    Vulnerability Scanning Tools

    Scanning tools focus on the network and operating systems. These tools look for items such as missing patches or open ports. They won’t detect specific application vulnerabilities.

    Exploitation Tools

    These tools will look to exploit a detected vulnerability to validate it.

    Penetration Tests

    A penetration test simulates the actions of an external or internal cyber attacker that aims to breach the information security of the organization. (Formal definition of penetration test)

    ‹————— What’s the difference again? —————›
    Vulnerability scanning tools are just one type of tool.When you add an exploitation tool to the mix, you move down the spectrum.Penetration tests will use scanning tools, exploitation tools, and people.

    What is the value of each?

    • For vulnerability scans, the person performing the scan provides the value – value comes from the organization itself.
    • For exploitation tools on their own, the value comes from the tool itself being used in a safe environment.
    • For penetration tests, the tester is providing the value. They are the value add.

    What’s the implication for me?

    Info-Tech Recommends:
    • A combination of vulnerability scanning and penetration testing. This will improve your security posture through systematic risk reduction and improve your security program through the testing of prevention, detection, and response capabilities with unique recommendations being generated.
    • Start with as much vulnerability scanning as possible to identify gaps to fix and then move onto a penetration test to do a more robust and validated assessment.
    • For penetration tests, start with a transparent box test first, then move to an opaque box. Ideally, this is done with different third parties.

    Vulnerability scanning software

    All organizations can benefit from having one.

    Scanning tools will benefit areas beyond just vulnerability management

    • Network security: It improves the accuracy and granularity of your network security technologies such as WAFs, NGFWs, IDPS, and SIEM.
    • Asset management: Vulnerability scanning can identify new or unknown assets and provide current status information on assets.
    • System management: Information from a vulnerability scan supports baselining activities and determination of high-value and high-risk assets.

    Vulnerability Detection Use Case

    Most organizations use scanners to identify and assess system vulnerabilities and prioritize efforts.

    Compliance Use Case

    Others will use scanners just for compliance, auditing, or larger GRC reasons.

    Asset Discovery Use Case

    Many organizations will use scanners to perform active host and application identification.

    Scanning Tool Market Trends

    Vulnerability scanning tools have expanded value from conventional checking for vulnerabilities to supporting configuration checking, asset discovery, inventory management, patch management, SSL certificate validation, and malware detection.

    Expect to see network and system vulnerability scanners develop larger vulnerability management functions and develop exploitation tool functionality. This will become a table stakes option enabling organizations to provide higher levels of validation of detected vulnerabilities. Some tools already possess these capabilities:

    • Core Impact is an exploitation tool with vulnerability scanning aspects.
    • Metasploit is an exploitation tool with some new vulnerability scanning aspects.
    • Nessus is mainly a vulnerability scanning tool but has some exploitation aspects.

    Device proliferation (BYOD, IoT, etc.) is increasing the need for stronger vulnerability management and scanners. This is driving the need for numerous device types and platform support and the development of baseline and configuration norms to support system management.

    Increased regulatory or compliance controls are also stipulating the need for vulnerability scanning, especially by a trusted third party.

    Organizations are outsourcing security functions or moving to cloud-based deployment options for any security technology they can. Expect to see massive growth of vulnerability scanning as a service.

    Vulnerability scanning market

    There are several technology types or functional differentiators that divide the market up.

    Vulnerability Exploitation Tools

    • These will actually test defences and better emulate real life than just scanning. These tools include packet manipulation tools (such as hping) and password cracking tools (such as John the Ripper or Cain and Abel).
    • These tools will provide much more granular information on your network, operations systems, and applications.
    • The main limitation of these tools is how to use them. If you do not have development or test environments that mimic your real production environments to run the exploit tools, these tools may not be appropriate. It may work if you can find some downtime on production systems, but only in very specific and careful instances.
    • Lower maturity security programs usually just do network and application vulnerability scanning. Higher maturity programs will also use penetration testing, application testing, and vulnerability exploitation tools.
    • Network vulnerability scanning tools should always be used. Once you identify any servers or ports running web applications, then you run a web application vulnerability scanner.
    • Exploitation tools and application testing tools are used in more specific use cases that are often related to more-demanding security programs.

    Scanning Tool Market Trends

    • These are considered baseline tools and are near commoditization.
    • Vulnerability scanning tools are not granular enough to detect application-level vulnerabilities (thus the need for application scanners and testing tools) and they don’t validate the exploitability of the vulnerability (thus the need for exploit tools).

    Web Application Scanning Tools

    These tools perform dynamic application security testing (DAST) and static application security testing (SAST).

    Application Scanning and Testing Tools

    • These perform a detailed scan against an application to detect any problematic or malicious code and try to break the application using known vulnerabilities.
    • These tools will identify if something is vulnerable to an exploit but won’t actually run the exploit.
    • These tools are evaluated based on their ability to detect application-specific issues and validate them.

    Vulnerability scanning tool features

    Evaluate vulnerability scanning tools on specific features or functions that are the best differentiators.

    Differentiator

    Description

    Deployment OptionsDo you want a traditional on-premises, cloud-based, or managed service?
    Vulnerability Database CoverageScanners use a library of known vulnerabilities to test for. Evaluate based on the amount of exploits/vulnerabilities the tool can scan for.
    Scanning MethodEvaluate if you want agent-based, authenticated active, unauthenticated active, passive, or some combination of those scanning methods.
    IntegrationWhat is the breadth of other security and non-security technologies the tool can integrate with?
    RemediationHow detailed are the recommended remediation actions? The more granular, the better.

    Differentiator

    Description

    PrioritizationDoes the tool evaluate vulnerabilities based on commonly accepted methods or through a custom-designed prioritization methodology?
    Platform SupportWhat is the breadth of environment, application, and device support in the tool? Consider your need for virtual support, cloud support, device support, and application-specific support. Also consider how often new scanning modules are supported (e.g. how quickly Windows 10 was supported).
    PricingAs with many security controls that have been around for a long time and are commonly used, pricing becomes a main consideration, especially when there are so many open-source options available.

    Common areas people mistake as tool differentiators:

    • Accuracy – Scanning tools are evaluated more on efficiency than effectiveness. Evaluate on the ability to detect, remediate, and manage vulnerabilities rather than real vulnerability detection and the number of false positives. To reduce false positives, you need to use exploitation tools.
    • Performance – Scanning tools have such a small footprint in an environment and the actual scanning itself is such a small impact that evaluation on performance doesn’t matter.

    For more information on vulnerability scanning tools and how they rate, review the Vulnerability Management category on SoftwareReviews.

    Vulnerability scanning deployment options

    Understand the different deployment options to identify which is best for your security program.

    Option

    Description

    Pros

    Cons

    Use Cases

    On-PremisesEither an on-premises appliance or an on-premises virtualized machine that performs external and internal scanning.
    • Small resource need, so limited network impact.
    • Strong internal scanning.
    • Easier integration with other technologies.
    • Network footprint and resource usage.
    • Maintenance and support costs.
    • Most common deployment option.
    • Appropriate if you have cloud concerns or strong internal network scanning, or if you require strong integration with other systems.
    CloudEither hosted on a public cloud infrastructure or hosted by a third party and offered “as a service.”
    • Small network footprint.
    • On-demand scanning as needed.
    • Optimal external scanning capabilities.
    • Can only do edge-related scanning unless authenticated or agent based.
    • No internal network scanning with passive or unauthenticated active scanning methods.
    • Very limited network resources.
    • Compliance obligations that dictate external vulnerability scanning.
    ManagedA third party is contracted to manage and maintain your vulnerability scanner so you can dedicate resources elsewhere.
    • Expert management of environment scanning, optimizing tool usage.
    • Most scanning work time is report customization and tuning and remediation efforts; thus, managed doesn’t provide sizable resource alleviation.
    • Third party has and owns the vulnerability information.
    • Limited staff resources or expertise to maintain and manage scanner.

    Vulnerability scanning methods

    Understand the different scanning methods to identify which tool best supports your needs.

    Method

    Description

    Pros

    Cons

    Use Cases

    Agent-Based ScanningLocally installed software gives the information needed to evaluate the security posture of a device.
    • Provides information that can’t be discovered remotely such as installed applications that aren’t running at a given time.
    • Device processing, memory, and network bandwidth impact.
    • Asset without an agent is not scanned.
    • Need for continuous scanning.
    • Organization has strong asset management
    Authenticated Active ScanningTool uses authenticated credentials to log in to a device or application to perform scanning.
    • Provides information that can’t be discovered remotely such as installed applications that aren’t running at a given time.
    • Best accuracy for vulnerability detection across a network.
    • Aggregation and centralization of authenticated credentials creates a major risk.
    • All use cases.
    Unauthenticated Active ScanningScanning of devices without any authentication.
    • Emulates realistic scan by an attacker.
    • Provides limited scope of scanning.
    • Some compliance use cases.
    • Perform after either agent or authenticated scanning.
    Passive ScanningScanning of network traffic.
    • Lowest resource impact.
    • Not enough information can be provided for true prioritization and remediation.
    • Augmenting scanning technique to agent or authenticated scanning.

    IP Management and IPv6

    IP management and the ability to manage IPv6 is a new area for scanning tool evaluation.

    Scanning on IPv4

    Scanning tools create databases of systems and devices with IP addresses.
    Info-Tech Recommends:

    • It is easier to do discovery by directing the scanner at a set IP address or range of IP addresses; thus, it’s useful to organize your database by IPs.
    • Do discovery by phases: Start with internet-facing systems. Your perimeter usually is well-defined by IP addresses and system owners and is most open to attack.
    • Stipulate a list of your known IP addresses through the DHCP registration and perform a scan on that.
    • Depending on your IP address space, another option is to scan your entire IP address space.

    Current Problem With IP Addresses

    IP addresses are becoming no longer manageable or even owned by organizations. They are often provided by ISPs or other third parties.

    Even if it is your range, chances are you don't do static IP ranges today.

    Info-Tech Recommends:

    • Agent-based scanning or MAC address-based scanning
    • Use your DHCP for scanning

    Scanning on IPv6

    First, you need to know if your organization is moving to IPv6. IPv6 is not strategically routed yet for most organizations.

    If you are moving to IPv6, Info-Tech recommends the following:

    • Because you cannot point a scanner at an IPv6 IP range, any scanning tool needs to have a strategy around how to handle IPv6 and properly scan based on IP ranges.
    • You need to know IPv4 to IPv6 translations.
    • Evaluate vulnerability scanning tools on whether any IPv6 features are on par with IPv4 features.

    If you are already on IPv6, Info-Tech recommends the following:

    • If you are on an IPv6 native network, it is nearly impossible to scan the network. You have to always scan your known addresses from your DHCP.

    4.3.1 Create an RFP for vulnerability scanning tools

    2 hours

    Input: List of key feature requirements for the new tool, List of intersect points with current software, Network topology and layout of servers and applications

    Output: Completed RFP document that can be distributed to vendor proponents

    Materials: Whiteboard/flip charts, Vulnerability Scanning Tool RFP Template

    Participants: IT Security Manager, IT operations managers, CISO, Procurement department representative

    Use a request for proposal (RFP) template to convey your desired scanning tool requirements to vendors and outline the proposal and procurement steps set by your organization.

    1. Determine what kind of requirements will be needed for your scanning tool RFP, based on people, process, and technology requirements.
    2. Consider items such as the desired capabilities and the scope of the scanning.
    3. Conduct interviews with relevant stakeholders to determine the exact requirements needed.
    4. Use Info-Tech’s Vulnerability Scanning Tool RFP Template. It lists many requirements but can be customized to your organization’s specific needs.

    Download the Vulnerability Scanning Tool RFP Template

    4.3.1 Create an RFP for vulnerability scanning tools (continued)

    Things to Consider:
    • Ensure there is adequate resource dedication to support and maintenance for vulnerability scanning.
    • Consider if you will benefit from an RFP. If there is a more appropriate option for your need and your organization, consider that instead.
    • If you don’t know the product you want, then perform an RFI.
    • In the RFP, you need to express your driving needs for the tool so the vendor can best understand your use case.
    • Identify who should participate in the RFP creation and evaluation. Make sure they have time available and it does not conflict with other items.
    • Determine if you want to send it to a select few or if you want to send it to a lot of vendors.
    • Determine a response date so you can know who is soliciting your business.
    • You need to have a process to handle questions from vendors.
    Info-Tech RFP Table of Contents:
    1. Statement of Work
    2. General Information
    3. Proposal Preparation Instructions
    4. Scope of Work, Specifications, and Requirements
    5. Vendor Qualifications and References
    6. Budget and Estimated Pricing
    7. Vendor Certification

    Download the Vulnerability Scanning Tool RFP Template

    Step 4.4

    Penetration testing

    Activities
    • 4.1.1 Create an RFP for penetration tests

    This step will walk you through the following activities:

    We will review penetration testing, its distinction from vulnerability management, and why you may want to engage a penetration testing service.

    We provide a request for proposal (RFP) template that we can review if this is an area of interest.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO
    • CIO

    Outcomes of this step

    An understanding of penetration testing, and guidance on how to get started if there is interest to do so.

    Measure and formalize
    Step 4.1Step 4.2Step 4.3Step 4.4

    Penetration testing

    Penetration tests are critical parts of any strong security program.

    Penetration testing will emulate the methods an attacker would use in the real world to circumvent your security controls and gain access to systems and data.

    Penetration testing is much more than just running a scanner or other automated tools and then generating a report. Penetration testing performs critical exploit validation to create certainty around your vulnerability.

    The primary objective of a penetration test is to identify and validate security weaknesses in an organization’s security systems.

    Reasons to Test:

    • Assess current security control effectiveness
    • Develop an action plan of items
    • Build a business case for a better security program
    • Increased security budget through vulnerability validation
    • Third-party, unbiased validation
    • Adhere to compliance or regulatory requirements
    • Raise security awareness
    • Demonstrate how an attacker can escalate privileges
    • Effective way to test incident response

    Regulatory Considerations:

    • There is a lot of regulatory wording saying that organizations can’t get a system that is managed, integrated, and supported by one vendor and then have it tested by the same vendor.
    • There is the need for separate third-party testing.
    • Penetration testing is required for PCI, cloud providers, and federal entities.

    How and where is the value being generated?

    Penetration testing is a service provided by trained and tested professionals with years of experience. The person behind the test is the most important part of the test. The person is able to emulate a real-life attacker better than any computer. It is just a vulnerability scan if you use tools or executables alone.

    “A penetration test is an audit with validation.” (Joel Shapiro, Vice President Sales, Digital Boundary Group)

    Start by considering the spectrum of penetration tests

    Network Penetration Tests

    Conventional testing of network defences.

    Testing vectors include:

    • Perimeter infrastructure
    • Wireless, WEP/WPA cracking
    • Cloud penetration testing
    • Telephony systems or VoIP
    Types of tests:
    • Denial-of-service testing
    • Out-of-band attacks
    • War dialing
    • Wireless network testing/war driving
    • Spoofing
    • Trojan attacks
    • Brute force attacks
    • Watering hole attacks
    • Honeypots
    • Cloud-penetration testing
    Application Penetration Tests

    Core business functions are now being provided through web applications, either to external customers or to internal end users.

    Types: Web apps, non-web apps, mobile apps

    Application penetration and security testing encompasses:

    • Code review – analyzing the application code for sensitive information of vulnerabilities in the code.
    • Authorization testing – testing systems responsible for user session management to see if unauthorized access can be permitted.
    • Authentication process for user testing.
    • Functionality testing – test the application functionality itself.
    • Website pen testing – active analysis of weaknesses or vulnerabilities.
    • Encryption testing – testing things like randomness or key strength.
    • User-session integrity testing.
    Human-Centric Testing
    • Penetration testing is developing a people aspect as opposed to just being technology focused.
    • End users and their susceptibility to social engineering attacks (spear phishing, phone calls, physical site testing, etc.) is now a common area to test.
    • Social engineering penetration testing is not only about identifying your human vulnerabilities, but also about proactively training your end users. As well as discovering and fixing potential vulnerabilities, social engineering penetration testing will help to raise security awareness within an organization.

    Info-Tech Insight

    Your pen test should use multiple methods. Demonstrating weakness in one area is good but easy to identify. When you blend techniques, you get better success at breaching and it becomes more life-like. Think about prevention, detection, and response testing to provide full insight into your security defenses.

    Penetration testing types

    Evaluate four variables to determine which type of penetration test is most appropriate for your organization.

    Evaluate these dimensions to determine relevant penetration testing.

    Network, Application, or Human

    Evaluate your need to perform different types of penetration testing.

    Some level of network and application testing is most likely appropriate.

    The more common decision point is to consider to what degree your organization requires human-centric penetration testing.

    External or Internal

    External: Attacking an organization’s perimeter and internet-facing systems. For these, you generally provide some level of information to the tester. The test will begin with publicly available information gathering followed by some kind of network scanning or probing against externally visible servers or devices (DNS server, email server, web server, firewall, etc.)

    Internal: Carried out within the organization’s network. This emulates an attack originating from an internal point (disgruntled employee, authorized user, etc.). The idea is to see what could happen if the perimeter is breached.

    Transparent, Semi-Transparent, or Opaque Box

    Opaque Box: The penetration tester is not provided any information. This emulates a real-life attack. Test team uses publicly available information (corporate website, DNS, USENET, etc.) to start the test. These tests are more time consuming and expensive. They often result in exploitation of the easiest vulnerability.
    Use cases: emulating a real-life attack; testing detection and response capabilities; limited network segmentation.

    Transparent Box: Tester is provided full disclosure of information. The tester will have access to everything they need: building floor plans, data flow designs, network topology, etc. This represents what a credentialed and knowledgeable insider would do.
    Use cases: full assessment of security controls; testing of attacker traversal capabilities.

    Aggressiveness of the Test

    Not Aggressive: Very slow and careful penetration testing. Usually spread out in terms of packets being sent and number of calls to individuals. It attempts to not set off any alarm bells.

    Aggressive: A full DoS attack or something similar. These would be DoS attacks that take down systems or full SQL injection attacks all at once versus small injections over time. Testing options cover anything including physical tests, network tests, social engineering, and data extraction and exfiltration. This is more costly and time consuming.

    Assessing Aggressiveness: How aggressive the test should be is based on the threats you are concerned with. Assess who you are concerned with: random individuals on the internet, state-sponsored attacks, criminals, hacktivists, etc. Who you are concerned with will determine the appropriate aggressiveness of the test.

    Penetration testing scope

    Establish the scope of your penetration test before engaging vendors.

    Determining the scope of what is being tested is the most important part of a penetration test. Organizations need to be as specific as possible so the vendor can actually respond or ask questions.

    Organizations need to define boundaries, objectives, and key success factors.

    For scope:
    • If you go too narrow, the realism of the test suffers.
    • If you go too broad, it is more costly and there’s a possible increase in false positives.
    • Balance scope vs. budget.
    Boundaries to scope before a test:
    • IP addresses
    • URLs
    • Applications
    • Who is in scope for social engineering
    • Physical access from roof to dumpsters defined
    • Scope prioritized for high-value assets
    Objectives and key success factors to scope:
    • When is the test complete? Is it at the point of validated exploitation?
    • Are you looking for as many holes as possible, or are you looking for how many ways each hole can be exploited?

    What would be out of scope?

    • Are there systems, IP addresses, or other things you want out of scope? These are things you don’t explicitly want any penetration tester to touch.
    • Are there third-party connections to your environment that you don’t want to be tested? These are instances such as cloud providers, supply chain connections, and various services.
    • Are there things that would be awkward to test? For example, determine if you include high-level people in a social engineering test. Do you conduct social engineering for the CEO? If you get their credentials, it could be an awkward moment.

    Ways to break up a penetration test:

    • Location – This is the most common way to break up a penetration test.
    • Division – Self-contained business units are often done as separate tests so you can see how each unit does.
    • IT systems – For example, you put certain security controls in a firewall and want to test its effectiveness.
    • Applications – For example, you are launching a new website or a new portal and you want to test it.

    Penetration testing appropriateness

    Determine your penetration testing appropriateness.

    Usual instances to conduct a penetration test:
    • Setting up a new physical office. Penetration testing will not only test security capabilities but also resource availability and map out network flows.
    • New infrastructure hardware implemented. All new infrastructure needs to be tested.
    • Changes or upgrades to existing infrastructure. Need for testing varies depending on the size of the change.
    • New application deployment. Need to test before being pushed to production environments.
    • Changes or upgrades to existing applications. When fundamental functional changes occur, perform testing:
      • Before upgrades or patching
      • After upgrades or patching
    • Periodic testing. It is a best practice to periodically test your security control effectiveness. Consider at least an annual test.

    Specific timing considerations: Testing should be completed during non-production times of day. Testing should be completed after a backup has been performed.

    Assess your threats to determine your appropriate test type:

    Penetration testing is about what threats you are concerned about. Understand your risk profile, risk tolerance level, and specific threats to see how relevant penetration tests are.

    • Are external attackers concerning to you? Are you distressed about how an attacker can use brute force to enter your network? If so, focus on ingress points, such as FWs, routers, and DMZ.
    • Is social engineering a concern for you (i.e. phone-based or email-based)? Then you are concerned about a credentialed hacker.
    • Is it an insider threat, a disgruntled employee, etc.? This also includes an internal system that is under command and control (C&C).

    ANALYST PERSPECTIVE: Do a test only after you take a first pass.
    If you have not done some level of vulnerability assessment on your own (performing a scan, checking third-party sources, etc.) don’t waste your money on a penetration test. Only perform a penetration test after you have done a first pass and identified and remediated all the low-hanging fruit.

    4.4.1 Create an RFP for penetration tests

    2 hours

    Input: List of criteria and scope for the penetration test, Systems and application information if white box

    Output: Completed RFP document that can be distributed to vendor proponents

    Materials: Whiteboard/flip charts, Penetration Test RFP Template

    Participants: IT Security Manager, IT operations managers, CISO, Procurement department representative

    Use an RFP template to convey your desired penetration test requirements to vendors and outline the proposal and procurement steps set by your organization.

    1. Determine what kind of requirements will be needed for your penetration test RFP based on people, process, and technology requirements.
      • Consider items such as your technology environment and the scope of the penetration tests.
    2. Conduct an interview with relevant stakeholders to determine the exact requirements needed.
    3. Use Info-Tech’s Penetration Test RFP Template, which lists many requirements but can be customized to your organization’s specific needs.

    Download the Penetration Test RFP Template

    4.4.1 Create an RFP for penetration tests (continued)

    Steps of a penetration test:
    1. Determine scope
    2. Gather targeted intelligence
    3. Review exploit attempts, such as access and escalation
    4. Test the collection of sensitive data
    5. Run reporting
    Info-Tech RFP Table of Contents:
    1. Statement of Work
    2. General Information
    3. Proposal Preparation Instructions
    4. Scope of Work, Specifications, and Requirements
    5. Vendor Qualifications and References
    6. Budget and Estimated Pricing
    7. Vendor Certification

    Download the Penetration Test RFP Template

    Penetration testing considerations – service providers

    Consider what type of penetration testing service provider is best for your organization

    Professional Service Providers

    Professional Services Firms. These firms will often provide a myriad of professional services across auditing, financial, and consulting services. If they offer security-related consulting services, they will most likely offer some level of penetration testing.

    Security Service Firms. These are dedicated security consulting or advisory firms that will offer a wide spectrum of security-related services. Penetration testing may be one aspect of larger security assessments and strategy development services.

    Dedicated Penetration Testing Firms. These are service providers that will often offer the full gamut of penetration testing services.

    Integrators

    Managed Security Service Providers. These providers will offer penetration testing. For example, Dell SecureWorks offers numerous services including penetration testing. For organizations like this, you need to be skeptical of ulterior motives. For example, expect recommendations around outsourcing from Dell SecureWorks.

    Regional or Small Integrators. These are service providers that provide security services of some kind. For example, they would help in the implementation of a firewall and offer penetration testing services as well.

    Info-Tech Recommends:

    • Always be conscientious of who is conducting the testing and what else they offer. Even if you get another party to test rather than your technology provider, they will try to obtain you as a client. Remember that for larger technology vendors, security testing is a small revenue stream for them and it’s a way to find technology clients. They may offer penetration testing for free to obtain other business.
    • Most of the penetration testers were systems administrators (for network testing) or application developers (for application testing) at some point before becoming penetration testers. Remember this when evaluating providers and evaluating remediation recommendations.
    • Evaluate what kind of open-source tools, commercial tools, and proprietary tools are being used. In general, you don’t want to rely on an open-source scanner. For open source, they will have more outdated vulnerability databases, system identification can also be limited compared to commercial, and reporting is often lacking.
    • Above all else, ensure your testers are legally capable, experienced, and abide by non-disclosure agreements.

    Penetration testing best practices – communications

    Communication With Service Provider

    • During testing there should be designated points of contact between the service provider and the client.
    • There needs to be secure channels for communication of information between the tester and the client both during the test and for any results.
    • Results should always be explained to the client by the tester, regardless of the content or audience.
    • There should be a formal debrief with the results report.
    Immediate reporting of issues
    • Before any testing commences, immediate reporting conditions need to be defined. These are instances when you would want immediate notification of something occurring.
    • Stipulate certain systems or data types that if broken into or compromised, you would want to be notified right away.
    • Example:
      • If you are conducting social engineering, require notification for all account credentials that are compromised. Once credentials are compromised, it destroys all accountability for those credentials and the actions associated with those credentials by any user.
      • Require immediate reporting of specific high-critical systems that are compromised or if access is even found.
      • Require immediate reporting when regulated data is discovered or compromised in any way.

    Communication With Internal Staff

    Do you tell your internal staff that this is happening?

    This is sometimes called a “double blind test” when you don’t let your IT team know of the test occurring.

    Pros to notifying:
    • This tests the organization’s security monitoring, incident detection, and response capabilities.
    • Letting the team know they are going to see some activity will make sure they don’t get too worried about it.
    • There may be systems you can’t jeopardize but still need to test so notification beforehand is essential (e.g. you wouldn’t allow ERP testing with notification).
    Cons:
    • It does not give you a real-life example of how you respond if something happens.
    • Potential element of disrespect to IT people.

    Penetration testing best practices – results and remediation

    What to expect from penetration test results report:

    A final results report will state all findings including what was done by the testers, what vulnerabilities or exploitations were detected, how they were compromised, the related risk, and related remediation recommendations.

    Expect four major sections:
    • Introduction. An overview of the penetration test methodology including rating methodology of vulnerabilities.
    • Executive Summary. A management-level description of the test, often including a summary of any recommendations.
    • Technical Review. An overview of each item that was looked at and touched. This area breaks down what was done, how it was done, what was found, and any related remediation recommendations. Expect graphs and visuals in this section.
    • Detailed Findings. An in-depth breakdown of all testing methods used and results. Each vulnerability will be explained regarding how it was detected, what the risk is, and what the remediation recommendation is.
    Two areas that will vary by service provider:

    Prioritization

    • Most providers will boast their unique prioritization methodology.
    • A high, medium, and low rating scale based on some combination of variables (e.g. ease of exploitation, breadth of hole, information accessed resulting in further exploitation).
    • The prioritization won’t take into account asset value or criticality.
    • Keep in mind the penetration test is not an input into ultimate vulnerability prioritization, but it can help determine your urgency.

    Remediation

    • Remediation recommendations will vary across providers.
    • Generally, fairly generic recommendations are provided (e.g. remove your old telnet and input up-to-date SSH).
    • Most of the time, it is along the lines of “we found a hole; close the hole.”

    Summary of Accomplishment

    Problem Solved

    At the conclusion of this blueprint, you will have created a full vulnerability management program that will allow you to take a risk-based approach to vulnerability remediation.

    Assessing a vulnerability’s risk will enable you to properly determine the true urgency of a vulnerability within the context of your organization; this ensures you are not just blindly following what the tool is reporting.

    The risk-based approach will allow you to prioritize your discovered vulnerabilities and take immediate action on critical and high vulnerabilities while allowing your standard remediation cycle to address the medium to low vulnerabilities.

    With your program defined and developed, you now need to configure your vulnerability scanning tool or acquire one if you don’t already have a tool in place.

    Lastly, while vulnerability management will help address your systems and applications, how do you know if you are secure from external malicious actors? Penetration testing will offer visibility, allowing you to plug those holes and attain an environment with a smaller risk surface.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Photo of Jimmy Tom.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Sample of the Implement Vulnerability Management storyboard.
    Review of the Implement Vulnerability Management storyboard
    Sample of the Vulnerability Mitigation SOP template.
    Build your vulnerability management SOP

    Contributors

    Contributors from 2016 version of this project:

    • Morey Haber, Vice President of Technology, BeyondTrust
    • Richard Barretto, Manager, Information Privacy and Security, Cimpress
    • Joel Shapiro, Vice President Sales, Digital Boundary Group

    Contributors from current version of this project:

    • 2 anonymous contributors from the manufacturing sector
    • 1 anonymous contributor from a US government agency
    • 2 anonymous contributors from the financial sector
    • 1 anonymous contributor from the medical technology industry
    • 2 anonymous contributors from higher education
    • 1 anonymous contributor from a Canadian government agency
    • 7 anonymous others; information gathered from advisory calls

    Bibliography

    Arya. “COVID-19 Impact: Vulnerability Management Solution Market | Strategic Industry Evolutionary Analysis Focus on Leading Key Players and Revenue Growth Analysis by Forecast To 2028 – FireMon, Digital Shadows, AlienVault.” Bulletin Line, 6 Aug. 2020. Accessed 6 Aug. 2020.

    Campagna, Rich. “The Lean, Mean Vulnerability Management Machine.” Security Boulevard, 31 Mar. 2020. Accessed 15 Aug. 2020.

    Constantin, Lucian. “What are vulnerability scanners and how do they work?” CSO Online, 10 Apr. 2020. Accessed 1 Sept. 2020.

    “CVE security vulnerabilities published in 2019.” CVE Details. Accessed 22 Sept. 2020.

    Garden, Paul, et al. “2019 Year End Report – Vulnerability QuickView.” Risk Based Security, 2020. Accessed 22 Sept. 2020.

    Keary, Eoin. “2019 Vulnerability Statistics Report.” Edgescan, Feb. 2019. Accessed 22 Sept. 2020.

    Lefkowitz, Josh. ““Risk-Based Vulnerability Management is a Must for Security & Compliance.” SecurityWeek, 1 July 2019. Accessed 1 Nov. 2020.

    Mell, Peter, Tiffany Bergeron, and David Henning. “Creating a Patch and Vulnerability Management Program.” Creating a Patch and Vulnerability Management Program. NIST, Nov. 2005. Web.

    “National Vulnerability Database.” NIST. Accessed 18 Oct. 2020.

    “OpenVAS – Open Vulnerability Assessment Scanner.” OpenVAS. Accessed 14 Sept. 2020.

    “OVAL.” OVAL. Accessed 21 Oct. 2020.

    Paganini, Pierluigi. “Exploiting and Verifying Shellshock: CVE-2014-6271.” INFOSEC, 27 Sept. 2014. Web.

    Pritha. “Top 10 Metrics for your Vulnerability Management Program.” CISO Platform, 28 Nov. 2019. Accessed 25 Oct. 2020.

    “Risk-Based Vulnerability Management: Understanding Vulnerability Risk With Threat Context And Business Impact.” Tenable. Accessed 21 Oct. 2020.

    Stone, Mark. “Shellshock In-Depth: Why This Old Vulnerability Won’t Go Away.” SecurityIntelligence, 6 Aug. 2020. Web.

    “The Role of Threat Intelligence in Vulnerability Management.” NOPSEC, 18 Sept. 2014. Accessed 18 Aug. 2020.

    “Top 15 Paid and Free Vulnerability Scanner Tools in 2020.” DNSstuff, 6 Jan. 2020. Accessed 15 Sept. 2020.

    Truta, Filip. “60% of Breaches in 2019 Involved Unpatched Vulnerabilities.” Security Boulevard, 31 Oct. 2019. Accessed 2 Nov. 2020.

    “Vulnerability Management Program.” Core Security. Accessed 15 Sept. 2020.

    “What is Risk-Based Vulnerability Management?” Balbix. Accessed 15 Sept. 2020.

    White, Monica. “The Cost Savings of Effective Vulnerability Management (Part 1).” Kenna Security, 23 April 2020. Accessed 20 Sept. 2020.

    Wilczek, Marc. “Average Cost of a Data Breach in 2020: $3.86M.” Dark Reading, 24 Aug. 2020. Accessed 5 Nov 2020.

    Adopt an Exponential IT Mindset

    • Buy Link or Shortcode: {j2store}103|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    New technologies such as generative AI, quantum computing, 5G cellular networks, and next-generation robotics are ushering in an exciting new era of business transformation. By adopting an exponential IT mindset, IT leaders will be able to lead the autonomization of business capabilities.

    To capitalize on this upcoming opportunity, exponential IT leaders will have to become business advisors who unlock exponential value for the business and help mitigate exponential risk.

    Adopt a renewed focus on business outcomes to achieve autonomization

    An exponential IT mindset means that IT leaders will need to take a lead role in transforming business capabilities.

    • Embrace an expanded role as business advisors: CIOs will be tasked with greater responsibility for determining business strategy alongside the C-suite.
    • Know the rewards and mitigate the risks: New value chain opportunities and efficiency gains will create significant ROI. Protect these returns by mitigating higher risks to business continuity, information security, and delivery performance.
    • Plan to fully leverage technologies such as AI: It will be integral for IT to enable autonomous technologies in this new era of exponential technology progress.

    Adopt an Exponential IT Mindset Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Adopt an Exponential IT Mindset Deck – An introduction to IT’s role in the autonomization era

    The role of IT has evolved throughout the past couple generations to enable fundamental business transformations. In the autonomization era, it will have to evolve again to lead the business through a world of exponential opportunity.

    • Adopt an Exponential IT Mindset Storyboard

    Infographic

    Further reading

    Adopt an Exponential IT Mindset

    Thrive through the next paradigm shift

    Executive Summary

    For more than 40 years, information technology has significantly transformed businesses, from the computerization of operations to the digital transformation of business models. As technological disruption accelerates exponentially, a world of exponential business opportunity is within reach.

    Newly emerging technologies such as generative AI, quantum computing, 5G cellular networks, and next-generation robotics are enabling autonomous business capabilities.

    The role of IT has evolved throughout the past couple generations to enable business transformations. In the autonomization era, it will have to evolve again. IT will have a new mission, an adapted governance structure, innovative capabilities, and an advanced partnership model.

    CIOs embracing exponential IT require a new mindset. Their IT practices will need to progress to the top of the maturity ladder as they make business outcomes their own.

    Over the past two generations, we have witnessed major technology-driven business transformations

    1980s

    Computerization

    The use of computer devices, networks, and applications became widespread in the enterprise. The focus was on improving the efficiency of back-office tasks.

    2000s

    Digitalization

    As the world became connected through the internet, new digitally enabled business models emerged in the enterprise. Orders were now being received online, and many products and services were partially or fully digitized for online fulfillment.

    Recent pandemic measures contributed to a marked acceleration in the digitalization of organizations

    The massive disruption resulting from pandemic measures led businesses to shift to more digital interactions with customers.

    The global average share of customer interactions that are digital went from 36% in December 2019 to 58% in July 2020.

    The global average share of customer interactions that are digital went from 36% to 58% in less than a year.*

    Moreover, companies across business areas have accelerated the digitization of their offerings.

    The global average share of partially or fully digitized products went from 35% in 2019 to 55% in July 2020.

    The global average share of partially or fully digitized products went from 35% to 55% in the same period.*

    The adoption of digitalized business models has accelerated during the pandemic. Post-pandemic, it is unlikely for adoption to recede.

    With more business applications ported to the cloud and more data available online, “digital-first” organizations started to envisage a next wave of automation.

    *Source: “How COVID-19 has pushed companies over the technology tipping point—and transformed business forever,” McKinsey & Company, 2020

    A majority of IT leaders plan to use artificial intelligence within their organizations in 2023

    In August 2022, Info-Tech surveyed 506 IT leaders and asked which tasks would involve AI in their organizations in 2023.

    Graph showing tasks that would involve AI in organizations in 2023.

    We found that 63% of IT leaders plan to use AI within their organizations to automate repetitive, low-level tasks by the end of 2023.

    With the release of the ChatGPT prototype in November 2022, setting a record for the fastest user growth (reaching 100 million active users just two months after launch), we foresee that AI adoption will accelerate significantly and its use will extend to more complex tasks.

    Newly emerging technologies and business realities are ushering in the next business transformation

    1980s

    Computerization

    2000s

    Digitalization

    2020s

    Autonomization

    As digitalization accelerates, a post-pandemic world with a largely online workforce and digitally transformed enterprise business models now enters an era where more business capabilities become autonomous, with humans at the center of a loop* that is gradually becoming larger.

    Deep Learning, Quantum Computing, 5G Networks, Robotics

    * Download Info-Tech’s CIO Trend Report 2019 – Become a Leader in the Loop

    The role of IT needs to evolve as it did through the previous two generations

    1980s

    Computerization

    IT professionals gathered functional requirements from the business to help automate back-office tasks and improve operational efficiency.

    2000s

    Digitalization

    IT professionals acquired business analysis skills and leveraged the SMAC (social, mobile, analytics, and cloud) stack to accelerate the automation of the front office and enable the digital transformation of business models.

    2020s

    Autonomization

    IT professionals will become business advisors and enable the establishment of autonomous yet differentiated business processes and capabilities.

    The autonomization era brings enormous opportunity for organizations, coupled with enormous risk

    Graph of Risk Severity versus Value Opportunity. Autonomization has a high value of opportunity and high risk severity.

    While some analysts have been quick to announce the demise of the IT department and the transition of the role of IT to the business, the budgets that CIOs control have continued to rise steadily over time.

    In a high-risk, high-reward endeavor to make business processes autonomous, the role of IT will continue to be pivotal, because while everyone in the organization will rush to seize the value opportunity, the technology risk will be left for IT to manage.

    Exponential IT represents a necessary change in a CIO’s focus to lead through the next paradigm shift

    EXPONENTIAL RISK

    Autonomous processes will integrate with human-led processes, creating risks to business continuity, information security, and quality of delivery. Supplier power will exacerbate business risks.

    EXPONENTIAL REWARD

    The efficiency gains and new value chains created through artificial intelligence, robotics, and additive manufacturing will be very significant. Most of this value will be realized through the augmentation of human labor.

    EXPONENTIAL DEMAND

    Autonomous solutions for productivity and back-office applications will eventually become commoditized and provided by a handful of large vendors. There will, however, be a proliferation of in-house algorithms and workflows to autonomize the middle and front office, offered by a busy landscape of industry-centric capability vendors.

    EXPONENTIAL IT

    Exponential IT involves IT leading the cognitive reengineering of the organization with evolved practices for:

    • IT governance
    • Asset management
    • Vendor management
    • Data management
    • Business continuity management
    • Information security management

    To succeed, IT will have to adopt different priorities in its mission, governance, capabilities, and partnerships

    Digitalization

    A Connected World

    Progressive IT

    • Mission

      Enable the digital transformation of the business
    • Governance

      Service metrics, security perimeters, business intelligence, compliance management
    • Capabilities

      Service management, business analysis, application portfolio management, data management
    • Partnerships

      Management of technology service agreements

    Autonomization

    An Exponential World

    Exponential IT

    • Mission

      Lead the business through autonomization.
    • Governance

      Outcome-based metrics, zero trust, ESG reporting, digital trust
    • Capabilities

      Experience management, business advisory, enterprise innovation, data differentiation
    • Partnerships

      Management of business capability agreements

    Fortune favors the bold: The CIO now has an opportunity to cement their role as business leader

    Levels of digital maturity.  From bottom: Unstable - inability to consistently deliver basic services, Firefighter - Reliable infrastructure and IT service desk, Trusted Operator - Enablement of business through applications and work orders, Business Partner - Effective delivery of strategic business projects, Innovator - Information and technology as a competitive advantage.

    Research has shown that companies that are more digitally mature have higher growth than the industry average. In these companies, the CIO is part of the executive management team.

    And while the role of the CIO is generally tied to their mandate within the organization, we have seen their role progress from doer to leader as IT climbs the maturity ladder.

    As companies strive to succeed in the next phase of technology-driven transformation, CIOs have an opportunity to demonstrate their business leadership. To do so, they will have to provide exceptionally mature services while owning business targets.

    Minimize the Damage of IT Cost Cuts

    • Buy Link or Shortcode: {j2store}53|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management
    • Average growth rates for Opex and Capex budgets are expected to continue to decline over the next fiscal year.
    • Common “quick-win” cost-cutting initiatives are not enough to satisfy the organization’s mandate.
    • Cost-cutting initiatives often take longer than expected, failing to provide cost savings before the organization’s deadline.
    • Cost-optimization projects often have unanticipated consequences that offset potential cost savings and result in business dissatisfaction.

    Our Advice

    Critical Insight

    • IT costs affect the entire business, not just IT. For this reason, IT must work with the business collaboratively to convey the full implications of IT cost cuts.
    • Avoid making all your cuts at once; phase your cuts by taking into account the magnitude and urgency of your cuts and avoid unintended consequences.
    • Don’t be afraid to completely cut a service if it should not be delivered in the first place.

    Impact and Result

    • Take a value-based approach to cost optimization.
    • Reduce IT spend while continuing to deliver the most important services.
    • Involve the business in the cost-cutting process.
    • Develop a plan for cost cutting that avoids unintended interruptions to the business.

    Minimize the Damage of IT Cost Cuts Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should take a value-based approach to cutting IT costs, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the mandate and take immediate action

    Determine your approach for cutting costs.

    • Minimize the Damage of IT Cost Cuts – Phase 1: Understand the Mandate and Take Immediate Action
    • Cost-Cutting Plan
    • Cost-Cutting Planning Tool

    2. Select cost-cutting initiatives

    Identify the cost-cutting initiatives and design your roadmap.

    • Minimize the Damage of IT Cost Cuts – Phase 2: Select Cost-Cutting Initiatives

    3. Get approval for your cost-cutting plan and adopt change management best practices

    Communicate your roadmap to the business and attain approval.

    • Minimize the Damage of IT Cost Cuts – Phase 3: Get Approval for Your Cost-Cutting Plan and Adopt Change Management Best Practices
    • IT Personnel Engagement Plan
    • Stakeholder Communication Planning Tool
    [infographic]

    Workshop: Minimize the Damage of IT Cost Cuts

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Mandate and Take Immediate Action

    The Purpose

    Determine your cost-optimization stance.

    Build momentum with quick wins.

    Key Benefits Achieved

    Understand the internal and external drivers behind your cost-cutting mandate and the types of initiatives that align with it.

    Activities

    1.1 Develop SMART project metrics.

    1.2 Dissect the mandate.

    1.3 Identify your cost-cutting stance.

    1.4 Select and implement quick wins.

    1.5 Plan to report progress to Finance.

    Outputs

    Project metrics and mandate documentation

    List of quick-win initiatives

    2 Select Cost-Cutting Initiatives

    The Purpose

    Create the plan for your cost-cutting initiatives.

    Key Benefits Achieved

    Choose the correct initiatives for your roadmap.

    Create a sensible and intelligent roadmap for the cost-cutting initiatives.

    Activities

    2.1 Identify cost-cutting initiatives.

    2.2 Select initiatives.

    2.3 Build a roadmap.

    Outputs

    High-level cost-cutting initiatives

    Cost-cutting roadmap

    3 Get Approval for Your Cost-Cutting Plan and Adopt Change Management Best Practices

    The Purpose

    Finalize the cost-cutting plan and present it to the business.

    Key Benefits Achieved

    Attain engagement with key stakeholders.

    Activities

    3.1 Customize your cost-cutting plan.

    3.2 Create stakeholder engagement plans.

    3.3 Monitor cost savings.

    Outputs

    Cost-cutting plan

    Stakeholder engagement plan

    Cost-monitoring plan

    Business Value

    • Buy Link or Shortcode: {j2store}7|cart{/j2store}
    • Related Products: {j2store}7|crosssells{/j2store}
    • Up-Sell: {j2store}7|upsells{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Financial Management
    • Parent Category Link: /financial-management
    Maximize your ROI on IT through benefits realization

    Reimagine Learning in the Face of Crisis

    • Buy Link or Shortcode: {j2store}601|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Train & Develop
    • Parent Category Link: /train-and-develop
    • As organizations re-evaluate their priorities and shift to new ways of working, leaders and employees are challenged to navigate unchartered territory and to adjust quickly to ever-evolving priorities.
    • Learning how to perform effectively through the crisis and deliver on new priorities is crucial to the success of all employees and the organization.

    Our Advice

    Critical Insight

    The most successful organizations recognize that learning is critical to adjusting quickly and effectively to their new reality. This requires L&D to reimagine their approach to deliver learning that enables the organization’s immediate and evolving priorities.

    Impact and Result

    • L&D teams should focus on how to support employees and managers to develop the critical competencies they need to successfully perform through the crisis, enabling organizations to survive and thrive during and beyond the crisis.
    • Ensure learning needs align closely with evolving organizational priorities, collaborate cross-functionally, and curate content to provide the learning employees and leaders need most, when they need it.

    Reimagine Learning in the Face of Crisis Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prioritize

    Involve key stakeholders, identify immediate priorities, and conduct high-level triage of L&D.

    • Reimagine Learning in the Face of Crisis Storyboard
    • Reimagine Learning in the Face of Crisis Workbook

    2. Reimagine

    Determine learning needs and ability to realistically deliver learning. Leverage existing or curate learning content that can support learning needs.

    3. Transform

    Identify technical requirements for the chosen delivery method and draft a four- to six-week action plan.

    • How to Curate Guide
    • Tips for Building an Online Learning Community
    • Ten Tips for Adapting In-Person Training During a Crisis
    • Tips for Remote Learning in the Face of Crisis
    [infographic]

    The First 100 Days As CIO

    • Buy Link or Shortcode: {j2store}540|cart{/j2store}
    • member rating overall impact (scale of 10): 9.2/10 Overall Impact
    • member rating average dollars saved: $54,525 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: High Impact Leadership
    • Parent Category Link: /lead
    • You’ve been promoted from within to the role of CIO.
    • You’ve been hired externally to take on the role of CIO.

    Our Advice

    Critical Insight

    • Foundational understanding must be achieved before you start. Hit the ground running before day one by using company documents and initial discussions to pin down the company’s type and mode.
    • Listen before you act (usually). In most situations, executives benefit from listening to peers and staff before taking action.
    • Identify quick wins early and often. Fix problems as soon as you recognize them to set the tone for your tenure.

    Impact and Result

    • Collaborate to collect the details needed to identify the right mode for your organization and determine how it will influence your plan.
    • Use Info-Tech’s diagnostic tools to align your vision with that of business executives and form a baseline for future reference.

    The First 100 Days As CIO Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why the first 100 days of being a new executive is a crucial time that requires the right balance of listening with taking action. See how seven calls with an executive advisor will guide you through this period.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Check in with your executive advisor over seven calls

    Organize your first 100 days as CIO into activities completed within two-week periods, aided by the guidance of an executive advisor.

    • The First 100 Days As CIO – Storyboard
    • Organizational Catalog
    • Cultural Archetype Calculator
    • IT Capability Assessment

    2. Communicate your plan to your manager

    Communicate your strategy with a presentation deck that you will complete in collaboration with Info-Tech advisors.

    • The First 100 Days As CIO – Presentation Deck

    3. View an example of the final presentation

    See an example of a completed presentation deck, from the new CIO of Gotham City.

    • The First 100 Days As CIO – Presentation Deck Example

    4. Listen to our podcast

    Check out The Business Leadership podcast in Info-Tech's special series, The First 100 Days.

    • "The First 100 Days" Podcast – Alan Fong, CTO, DealerFX
    • "The First 100 Days" Podcast – Denis Gaudreault, country manager for Intel’s Canada and Latin America region
    • "The First 100 Days" Podcast – Dave Penny & Andrew Wertkin, BlueCat
    • "The First 100 Days" Podcast – Susan Bowen, CEO, Aptum
    • "The First 100 Days" Podcast – Wayne Berger, CEO IWG Plc Canada and Latin America
    • "The First 100 Days" Podcast – Eric Wright, CEO, LexisNexis Canada
    • "The First 100 Days" Podcast – Erin Bury, CEO, Willful
    [infographic]

    Further reading

    The First 100 Days As CIO

    Partner with Info-Tech for success in this crucial period of transition.

    Analyst Perspective

    The first 100 days refers to the 10 days before you start and the first three months on the job.

    “The original concept of ‘the first 100 days’ was popularized by Franklin Delano Roosevelt, who passed a battery of new legislation after taking office as US president during the Great Depression. Now commonly extended to the business world, the first 100 days of any executive role is a critically important period for both the executive and the organization.

    But not every new leader should follow FDR’s example of an action-first approach. Instead, finding the right balance of listening and taking action is the key to success during this transitional period. The type of the organization and the mode that it’s in serves as the fulcrum that determines where the point of perfect balance lies. An executive facing a turnaround situation will want to focus on more action more quickly. One facing a sustaining success situation or a realignment situation will want to spend more time listening before taking action.” (Brian Jackson, Research Director, CIO, Info-Tech Research Group)

    Executive summary

    Situation

    • You’ve been promoted from within to the role of CIO.
    • You’ve been hired externally to take on the role of CIO.

    Complication

    Studies show that two years after a new executive transition, as many as half are regarded as failures or disappointments (McKinsey). First impressions are hard to overcome, and a CIO’s first 100 days are heavily weighted in terms of how others will assess their overall success. The best way to approach this period is determined by both the size and the mode of an organization.

    Resolution

    • Work with Info-Tech to prepare a 100-day plan that will position you for success.
    • Collaborate to collect the details needed to identify the right mode for your organization and determine how it will influence your plan.
    • Use Info-Tech’s diagnostic tools to align your vision with that of business executives and form a baseline for future reference.

    Info-Tech Insight

    1. Foundational understanding must be achieved before you start.
      Hit the ground running before day one by using company documents and initial discussions to pin down the company’s type and mode.
    2. Listen before you act (usually).
      In most situations, executives benefit from listening to peers and staff before taking action.
    3. Identify quick wins early and often.
      Fix problems as soon as you recognize them to set the tone for your tenure.

    The First 100 Days: Roadmap

    A roadmap timeline of 'The 100-Day Plan' for your first 100 days as CIO and related Info-Tech Diagnostics. Step A: 'Foundational Preparation' begins 10 days prior to your first day. Step B: 'Management's Expectations' is Days 0 to 30, with the diagnostic 'CIO-CEO Alignment'. Step C: 'Assessing the IT Team' is Days 10 to 75, with the diagnostics 'IT M&G Diagnostic' at Day 30 and 'IT Staffing Assessment' at Day 60. Step D: 'Assess the Key Stakeholders' is Days 40 to 85 with the diagnostic 'CIO Business Vision Survey'. Step E: 'Deliver First-Year Plan' is Days 80 to 100.

    Concierge service overview

    Organize a call with your executive advisor every two weeks during your first 100 days. Info-Tech recommends completing our diagnostics during this period. If you’re not able to do so, instead complete the alternative activities marked with (a).

    Call 1 Call 2 Call 3 Call 4 Call 5 Call 6 Call 7
    Activities
    Before you start: Day -10 to Day 1
    • 1.1 Interview your predecessor.
    • 1.2 Learn the corporate structure.
    • 1.3 Determine STARS mode.
    • 1.4 Create a one-page intro sheet.
    • 1.5 Update your boss.
    Day 0 to 15
    • 2.1 Introduce yourself to your team.
    • 2.2 Document your sphere of influence.
    • 2.3 Complete a competitor array.
    • 2.4 Complete the CEO-CIO Alignment Program.
    • 2.4(a) Agree on what success looks like with the boss.
    • 2.5 Inform team of IT M&G Framework.
    Day 16 to 30
    • 3.1 Determine the team’s cultural archetype.
    • 3.2 Create a cultural adjustment plan.
    • 3.3 Initiate IT M&G Diagnostic.
    • 3.4 Conduct a high-level analysis of current IT capabilities.
    • 3.4 Update your boss.
    Day 31 to 45
    • 4.1 Inform stakeholders about CIO Business Vision survey.
    • 4.2 Get feedback on initial assessments from your team.
    • 4.3 Initiate CIO Business Vision survey.
    • 4.3(a) Meet stakeholders and catalog details.
    Day 46 to 60
    • 5.1 Inform the team that you plan to conduct an IT staffing assessment.
    • 5.2 Initiate the IT Staffing Assessment.
    • 5.3 Quick wins: Make recommend-ations based on CIO Business Vision Diagnostic/IT M&G Framework.
    • 5.4 Update your boss.
    Day 61 to 75
    • 6.1 Run a start, stop, continue exercise with IT staff.
    • 6.2 Make a categorized vendor list.
    • 6.3 Determine the alignment of IT commitments with business objectives.
    Day 76 to 90
    • 7.1 Finalize your vision – mission – values statement.
    • 7.2 Quick Wins: Make recommend-ations based on IT Staffing Assessment.
    • 7.3 Create and communicate a post-100-day plan.
    • 7.4 Update your boss.
    Deliverables Presentation Deck Section A: Foundational Preparation Presentation Deck slides 9, 11-13, 19-20, 29 Presentation Deck slides 16, 17, 21 Presentation Deck slides 30, 34 Presentation Deck slides 24, 25, 2 Presentation Deck slides 27, 42

    Call 1

    Before you start: Day -10 to Day 1

    Interview your predecessor

    Interviewing your predecessor can help identify the organization’s mode and type.

    Before reaching out to your predecessor, get a sense of whether they were viewed as successful or not. Ask your manager. If the predecessor remains within the organization in a different role, understand your relationship with them and how you'll be working together.

    During the interview, make notes about follow-up questions you'll ask others at the organization.

    Ask these open-ended questions in the interview:

    • Tell me about the team.
    • Tell me about your challenges.
    • Tell me about a major project your team worked on. How did it go?
    • Who/what has been helpful during your tenure?
    • Who/what created barriers for you?
    • What do your engagement surveys reveal?
    • Tell me about your performance management programs and issues.
    • What mistakes would you avoid if you could lead again?
    • Why are you leaving?
    • Could I reach out to you again in the future?

    Learn the corporate structure

    Identify the organization’s corporate structure type based on your initial conversations with company leadership. The type of structure will dictate how much control you'll have as a functional head and help you understand which stakeholders you'll need to collaborate with.

    To Do:

    • Review the organization’s structure list and identify whether the structure is functional, prioritized, or a matrix. If it's a matrix organization, determine if it's a strong matrix (project manager holds more authority), weak matrix (functional manager holds more authority), or balanced matrix (managers hold equal authority).

    Functional

    • Most common structure.
    • Traditional departments such as sales, marketing, finance, etc.
    • Functional managers hold most authority.

    Projectized

    • Most programs are implemented through projects with focused outcomes.
    • Teams are cross-functional.
    • Project managers hold the most authority.

    Matrix

    • Combination of projectized and functional.
    • Organization is a dynamic environment.
    • Authority of functional manager flows down through division, while authority of project manager flows sideways through teams.

    This organization is a ___________________ type.

    (Source: Simplilearn)

    Presentation Deck, slide 6

    Determine the mode of the organization: STARS

    Based on your interview process and discussions with company leadership, and using Michael Watkins’ STARS assessment, determine which mode your organization is in: startup, turnaround, accelerated growth, realignment, or sustaining success.

    Knowing the mode of your organization will determine how you approach your 100-day plan. Depending on the mode, you'll rebalance your activities around the three categories of assess, listen, and deliver.

    To Do:

    • Review the STARS table on the right.

    Based on your situation, prioritize activities in this way:

    • Startup: assess, listen, deliver
    • Turnaround: deliver, listen, assess
    • Accelerated Growth: assess, listen, deliver
    • Realignment: listen, assess, deliver
    • Sustaining success: listen, assess, deliver

    This organization is a ___________________ type.

    (Source: Watkins, 2013.)

    Presentation Deck, slide 6

    Determine the mode of the organization: STARS

    STARS Startup Turnaround Accelerated Growth Realignment Sustaining Success
    Definition Assembling capabilities to start a project. Project is widely seen as being in serious trouble. Managing a rapidly expanding business. A previously successful organization is now facing problems. A vital organization is going to the next level.
    Challenges Must build strategy, structures, and systems from scratch. Must recruit and make do with limited resources. Stakeholders are demoralized; slash and burn required. Requires structure and systems to scale; hiring and onboarding. Employees need to be convinced change is needed; restructure at the top required. Risk of living in shadow of a successful former leader.
    Advantages No rigid preconceptions. High-energy environment and easy to pivot. A little change goes a long way when people recognize the need. Motivated employee base willing to stretch. Organization has clear strengths; people desire success. Likely a strong team; foundation for success likely in place.

    Satya Nadella's listen, lead, and launch approach

    CASE STUDY

    Industry Software
    Source Gregg Keizer, Computerworld, 2014

    When Satya Nadella was promoted to the CEO role at Microsoft in 2014, he received a Glassdoor approval rating of 85% and was given an "A" grade by industry analysts after his first 100 days. What did he do right?

    • Created a sense of urgency by shaking up the senior leadership team.
    • Already understood the culture as an insider.
    • Listened a lot and did many one-on-one meetings.
    • Established a vision communicated with a mantra that Microsoft would be "mobile-first, cloud-first."
    • Met his words with actions. He launched Office for iPad and made many announcements for cloud platform Azure.
    Photo of Satya Nadella, CEO, Microsoft Corp.
    Satya Nadella, CEO, Microsoft Corp. (Image source: Microsoft)

    Listen to 'The First 100 Days' podcast – Alan Fong

    Create a one-page introduction sheet to use in communications

    As a new CIO, you'll have to introduce yourself to many people in the organization. To save time on communicating who you are as a person outside of the office, create a brief one-pager that includes a photo of you, where you were born and raised, and what your hobbies are. This helps make a connection more quickly so your conversations can focus on the business at hand rather than personal topics.

    For your presentation deck, remove the personal details and just keep it professional. The personal aspects can be used as a one-pager for other communications. (Source: Personal interview with Denis Gaudreault, Country Lead, Intel.)

    Presentation Deck, slide 5

    Call 2

    Day 1 to Day 15

    Introduce yourself to your team

    Prepare a 20-second pitch about yourself that goes beyond your name and title. Touch on your experience that's relevant to your new role or the industry you're in. Be straightforward about your own perceived strengths and weaknesses so that people know what to expect from you. Focus on the value you believe you'll offer the group and use humor and humility where you're comfortable. For example:

    “Hi everyone, my name is John Miller. I have 15 years of experience marketing conferences like this one to vendors, colleges, and HR departments. What I’m good at, and the reason I'm here, is getting the right people, businesses, and great ideas in a room together. I'm not good on details; that's why I work with Tim. I promise that I'll get people excited about the conference, and the gifts and talents of everyone else in this room will take over from there. I'm looking forward to working with all of you.”

    Have a structured set of questions ready that you can ask everyone.

    For example:
    • How well is the company performing based on expectations?
    • What must the company do to sustain its financial performance and market competitiveness?
    • How do you foresee the CIO contributing to the team?
    • How have past CIOs performed from the perspective of the team?
    • What would successful performance of this role look like to you? To your peers?
    • What challenges and obstacles to success am I likely to encounter? What were the common challenges of my predecessor?
    • How do you view the culture here and how do successful projects tend to get approved?
    • What are your greatest challenges? How could I help you?

    Get to know your sphere of influence: prepare to connect with a variety of people before you get down to work

    Your ability to learn from others is critical at every stage in your first 100 days. Keep your sphere of influence in the loop as you progress through this period.

    A diagram of circles within circles representing your spheres of influence. The smallest circle is 'IT Leaders' and is noted as your 'Immediate circle'. The next largest circle is 'IT Team', then 'Peers - Business Leads', then 'Internal Clients' which is noted as you 'Extended circle'. The largest circle is 'External clients'.

    Write down the names, or at least the key people, in each segment of this diagram. This will serve as a quick reference when you're planning communications with others and will help you remember everyone as you're meeting lots of new people in your early days on the job.

    • Everyone knows their networks are important.
    • However, busy schedules can cause leaders to overlook their many audiences.
    • Plan to meet and learn from all people in your sphere to gain a full spectrum of insights.

    Presentation Deck, slide 29

    Identify how your competitors are leveraging technology for competitive advantage

    Competitor identification and analysis are critical steps for any new leader to assess the relative strengths and weaknesses of their organization and develop a sense of strategic opportunity and environmental awareness.

    Today’s CIO is accountable for driving innovation through technology. A competitive analysis will provide the foundation for understanding the current industry structure, rivalry within it, and possible competitive advantages for the organization.

    Surveying your competitive landscape prior to the first day will allow you to come to the table prepared with insights on how to support the organization and ensure that you are not vulnerable to any competitive blind spots that may exist in the evaluations conducted by the organization already.

    You will not be able to gain a nuanced understanding of the internal strengths and weaknesses until you are in the role, so focus on the external opportunities and how competitors are using technology to their advantage.

    Info-Tech Best Practice

    For a more in-depth approach to identifying and understanding relevant industry trends and turning them into insights, leverage the following Info-Tech blueprints:

    Presentation Deck, slide 9

    Assess the external competitive environment

    Associated Activity icon

    INPUT: External research

    OUTPUT: Competitor array

    1. Conduct a broad analysis of the industry as a whole. Seek to answer the following questions:
      1. Are there market developments or new markets?
      2. Are there industry or lifestyle trends, e.g. move to mobile?
      3. Are there geographic changes in the market?
      4. Are there demographic changes that are shaping decision making?
      5. Are there changes in market demand?
    2. Create a competitor array by identifying and listing key competitors. Try to be as broad as possible here and consider not only entrenched close competitors but also distant/future competitors that may disrupt the industry.
    3. Identify the strengths, weaknesses, and key brand differentiators that each competitor brings to the table. For each strength and differentiator, brainstorm ways that IT-based innovation enables each. These will provide a toolkit for deeper conversations with your peers and your business stakeholders as you move further into your first 100 days.
    Competitor Strengths Weaknesses Key Differentiators IT Enablers
    Competitor 1
    Competitor 2
    Competitor 3

    Complete the CEO-CIO Alignment Program

    Associated Activity icon Run the diagnostic program or use the alternative activities to complete your presentation

    INPUT: CEO-CEO Alignment Program (recommended)

    OUTPUT: Desired and target state of IT maturity, Innovation goals, Top priorities

    Materials: Presentation Deck, slides 11-13

    Participants: CEO, CIO

    Introduce the concept of the CEO-CIO Alignment Program using slide 10 of your presentation deck and the brief email text below.

    Talk to your advisory contact at Info-Tech about launching the program. More information is available on Info-Tech’s website.

    Once the report is complete, import the results into your presentation:

    • Slide 11, the CEO’s current and desired states
    • Slide 12, IT innovation goals
    • Slide 13, top projects and top departments from the CEO and the CIO

    Include any immediate recommendations you have.

    Hello CEO NAME,

    I’m excited to get started in my role as CIO, and to hit the ground running, I’d like to make sure that the IT department is aligned with the business leadership. We will accomplish this using Info-Tech Research Group’s CEO-CIO Alignment Program. It’s a simple survey of 20 questions to be completed by the CEO and the CIO.

    This survey will help me understand your perception and vision as I get my footing as CIO. I’ll be able to identify and build core IT processes that will automate IT-business alignment going forward and create an effective IT strategy that helps eliminate impediments to business growth.

    Research shows that IT departments that are effectively aligned to business goals achieve more success, and I’m determined to make our IT department as successful as possible. I look forward to further detailing the benefits of this program to you and answering any questions you may have the next time we speak.

    Regards,
    CIO NAME

    New KPIs for CEO-CIO Alignment — Recommended

    Info-Tech CEO-CIO Alignment Program

    Info-Tech's CEO-CIO Alignment Program is set up to build IT-business alignment in any organization. It helps the CIO understand CEO perspectives and priorities. The exercise leads to useful IT performance indicators, clarifies IT’s mandate and which new technologies it should invest in, and maps business goals to IT priorities.

    Benefits

    Master the Basics
    Cut through the jargon.
    Take a comprehensive look at the CEO perspective.
    Target Alignment
    Identify how IT can support top business priorities. Address CEO-CIO differences.
    Start on the Right Path
    Get on track with the CIO vision. Use correct indicators and metrics to evaluate IT from day one.

    Supporting Tool or Template icon Additional materials are available on Info-Tech’s website.

    The desired maturity level of IT — Alternative

    Associated Activity icon Use only if you can’t complete the CEO-CIO Alignment Program

    Step 1: Where are we today?

    Determine where the CEO sees the current overall maturity level of the IT organization.

    Step 2: Where do we want to be as an organization?

    Determine where the CEO wants the IT organization to be in order to effectively support the strategic direction of the business.

    A colorful visual representation of the different IT maturity levels. At the bottom is 'STRUGGLE, Unable to Provide Reliable Business Services', then moving upwards are 'SUPPORT, Reliable Infrastructure and IT Service Desk', 'OPTIMIZE, Effective Fulfillment of Work Orders, Functional Business Applications, and Reliable Service Management', 'EXPAND, Effective Execution on Business Projects, Strategic Use of Analytics and Customer Technology', and at the top is 'TRANSFORM, Reliable Technology Innovation'.

    Presentation Deck, slide 11

    Tim Cook's powerful use of language

    CASE STUDY

    Industry Consumer technology
    Source Carmine Gallo, Inc., 2019

    Apple CEO Tim Cook, an internal hire, had big shoes to fill after taking over from the late Steve Jobs. Cook's ability to control how the company is perceived is a big credit to his success. How does he do it? His favorite five words are “The way I see it..." These words allow him to take a line of questioning and reframe it into another perspective that he wants to get across. Similarly, he'll often say, "Let me tell you the way I look at it” or "To put it in perspective" or "To put it in context."

    In your first two weeks on the job, try using these phrases in your conversations with peers and direct reports. It demonstrates that you value their point of view but are independently coming to conclusions about the situation at hand.

    Photo of Tim Cook, CEO, Apple Inc.
    Tim Cook, CEO, Apple Inc. (Image source: Apple)

    Listen to 'The First 100 Days' podcast – Denis Gaudreault

    Inform your team that you plan to do an IT Management & Governance Diagnostic survey

    Associated Activity icon Run the diagnostic program or use the alternative activities to complete your presentation

    INPUT: IT Management & Governance Diagnostic (recommended)

    OUTPUT: Process to improve first, Processes important to the business

    Materials: Presentation Deck, slides 19-20

    Participants: CIO, IT staff

    Introduce the IT Management & Governance Diagnostic survey that will help you form your IT strategy.

    Explain that you want to understand current IT capabilities and you feel a formal approach is best. You’ll also be using this approach as an important metric to track your department’s success. Tell them that Info-Tech Research Group will be conducting the survey and it’s important to you that they take action on the email when it’s sent to them.

    Example email:

    Hello TEAM,

    I appreciate meeting each of you, and so far I’m excited about the talents and energy on the team. Now I need to understand the processes and capabilities of our department in a deeper way. I’d like to map our process landscape against an industry-wide standard, then dive deeper into those processes to understand if our team is aligned. This will help us be accountable to the business and plan the year ahead. Advisory firm Info-Tech Research Group will be reaching out to you with a simple survey that shouldn’t take too long to complete. It’s important to me that you pay attention to that message and complete the survey as soon as possible.

    Regards,
    CIO NAME

    Call 3

    Day 16 to Day 30

    Leverage team interviews as a source of determining organizational culture

    Info-Tech recommends that you hold group conversations with your team to uncover their opinions of the current organizational culture. This not only helps build transparency between you and your team but also gives you another means of observing behavior and reactions as you listen to team members’ characterizations of the current culture.

    A visualization of the organizational culture of a company asks the question 'What is culture?' Five boxes are stacked, the bottom two are noted as 'The invisible causes' and the top two are noted as 'The visible signs'. From the bottom, 'Fundamental assumptions and beliefs', 'Values and attitudes', 'The way we do things around here', 'Behaviors', and at the top, 'Environment'. (Source: Hope College Blog Network)

    Note: It is inherently difficult for people to verbalize what constitutes a culture – your strategy for extracting this information will require you to ask indirect questions to solicit the highest value information.

    Questions for Discussion:

    • What about the current organizational environment do you think most contributes to your success?
    • What barriers do you experience as you try to accomplish your work?
    • What is your favorite quality that is present in our organization?
    • What is the one thing you would most like to change about this organization?
    • Do the organization's policies and procedures support your efforts to accomplish work or do they impede your progress?
    • How effective do you think IT’s interactions are with the larger organization?
    • What would you consider to be IT’s top three guiding principles?
    • What kinds of people fail in this organization?

    Supporting Tool or Template icon See Info-Tech’s Cultural Archetype Calculator.

    Use the Competing Values Framework to define your organization’s cultural archetype

    THE COMPETING VALUES FRAMEWORK (CVF):

    CVF represents the synthesis of academic study of 39 indicators of effectiveness for organizations. Using a statistical analysis, two polarities that are highly predictive of differences in organizational effectiveness were isolated:

    1. Internal focus and integration vs. external focus and differentiation.
    2. Stability and control vs. flexibility and discretion.

    By plotting these dimensions on a matrix of competing values, four main cultural archetypes are identified with their own value drivers and theories of effectiveness.

    A map of cultural archetypes with 'Internal control and integration' on the left, 'External focus and differentiation' on the right, 'Flexibility and discretion' on top, and 'Stability and control' on the bottom. Top left is 'Clan Archetype', internal and flexible. Top right is 'Adhocracy Archetype', external and flexible. Bottom left is 'Hierarchy Archetype', internal and controlled. Bottom right is 'Market Archetype', external and controlled.

    Presentation Deck, slide 16

    Create a cultural adjustment plan

    Now that you've assessed the cultural archetype, you can plan an appropriate approach to shape the culture in a positive way. When new executives want to change culture, there are a few main options at hand:

    Autonomous evolution: Encourage teams to learn from each other. Empower hybrid teams to collaborate and reward teams that perform well.

    Planned and managed change: Create steering committee and project-oriented taskforces to work in parallel. Appoint employees that have cultural traits you'd like to replicate to hold responsibility for these bodies.

    Cultural destruction: When a toxic culture needs to be eliminated, get rid of its carriers. Putting new managers or directors in place with the right cultural traits can be a swift and effective way to realign.

    Each option boils down to creating the right set of incentives and deterrents. What behaviors will you reward and which ones will you penalize? What do those consequences look like? Sometimes, but not always, some structural changes to the team will be necessary. If you feel these changes should be made, it's important to do it sooner rather than later. (Source: “Enlarging Your Sphere of Influence in Your Organization,” MindTools Corporate, 2014.)

    As you're thinking about shaping a desired culture, it's helpful to have an easy way to remember the top qualities you want to espouse. Try creating an acronym that makes it easy for staff to remember. For example: RISE could remind your staff to be Responsive, Innovative, Sustainable, and Engaging (RISE). Draw upon your business direction from your manager to help produce desired qualities (Source: Jennifer Schaeffer).

    Presentation Deck, slide 17

    Gary Davenport’s welcome “surprise”

    CASE STUDY

    Industry Telecom
    Source Interview with Gary Davenport

    After Gary Davenport was hired on as VP of IT at MTS Allstream, his first weekend on the job was spent at an all-executive offsite meeting. There, he learned from the CEO that the IT department had a budget reduction target of 25%, like other departments in the company. “That takes your breath away,” Davenport says.

    He decided to meet the CEO monthly to communicate his plans to reduce spending while trying to satisfy business stakeholders. His top priorities were:

    1. Stabilize IT after seven different leaders in a five-year period.
    2. Get the IT department to be respected. To act like business owners instead of like servants.
    3. Better manage finances and deliver on projects.

    During Davenport’s 7.5-year tenure, the IT department became one of the top performers at MTS Allstream.

    Photo of Gary Davenport.
    Gary Davenport’s first weekend on the job at MTS Allstream included learning about a 25% reduction target. (Image source: Ryerson University)

    Listen to 'The First 100 Days' podcast – David Penny & Andrew Wertkin

    Initiate IT Management & Governance Diagnostic — Recommended

    Info-Tech Management & Governance Diagnostic

    Talk to your Info-Tech executive advisor about launching the survey shortly after informing your team to expect it. You'll just have to provide the names and email addresses of the staff you want to be involved. Once the survey is complete, you'll harvest materials from it for your presentation deck. See slides 19 and 20 of your deck and follow the instructions on what to include.

    Benefits

    A sample of the 'High Level Process Landscape' materials available from Info-Tech. A sample of the 'Strategy and Governance In Depth Results' materials available from Info-Tech. A sample of the 'Process Accountability' materials available from Info-Tech.
    Explore IT Processes
    Dive deeper into performance. Highlight problem areas.
    Align IT Team
    Build consensus by identifying opposing views.
    Ownership & Accountability
    Identify process owners and hold team members accountable.

    Supporting Tool or Template icon Additional materials available on Info-Tech’s website.

    Conduct a high-level analysis of current IT capabilities — Alternative

    Associated Activity icon

    INPUT: Interviews with IT leadership team, Capabilities graphic on next slide

    OUTPUT: High-level understanding of current IT capabilities

    Run this activity if you're not able to conduct the IT Management & Governance Diagnostic.

    Schedule meetings with your IT leadership team. (In smaller organizations, interviewing everyone may be acceptable.) Provide them a list of the core capabilities that IT delivers upon and ask them to rate them on an effectiveness scale of 1-5, with a short rationale for their score.

    • 1. Not effective (NE)
    • 2. Somewhat Effective (SE)
    • 3. Effective (E)
    • 4. Very Effective (VE)
    • 5. Extremely Effective (EE)

    Presentation Deck, slide 21

    Use the following set of IT capabilities for your assessment

    Strategy & Governance

    IT Governance Strategy Performance Measurement Policies Quality Management Innovation

    People & Resources

    Stakeholder Management Resource Management Financial Management Vendor Selection & Contract Management Vendor Portfolio Management Workforce Strategy Strategic Comm. Organizational Change Enablement

    Service Management & Operations

    Operations Management Service Portfolio Management Release Management Service Desk Incident & Problem Management Change Management Demand Management

    Infrastructure

    Asset Management Infrastructure Portfolio Management Availability & Capacity Management Infrastructure Management Configuration Management

    Information Security & Risk

    Security Strategy Risk Management Compliance, Audit & Review Security Detection Response & Recovery Security Prevention

    Applications

    Application Lifecycle Management Systems Integration Application Development User Testing Quality Assurance Application Maintenance

    PPM & Projects

    Portfolio Management Requirements Gathering Project Management

    Data & BI

    Data Architecture BI & Reporting Data Quality & Governance Database Operations Enterprise Content Management

    Enterprise Architecture

    Enterprise Architecture Solution Architecture

    Quick wins: CEO-CIO Alignment Program

    Complete this while waiting on the IT M&G survey results. Based on your completed CEO-CIO Alignment Report, identify the initiatives you can tackle immediately.

    If you are here... And want to be here... Drive toward... Innovate around...
    Business Partner Innovator Leading business transformation
    • Emerging technologies
    • Analytical capabilities
    • Risk management
    • Customer-facing tech
    • Enterprise architecture
    Trusted Operator Business Partner Optimizing business process and supporting business transformation
    • IT strategy and governance
    • Business architecture
    • Projects
    • Resource management
    • Data quality
    Firefighter Trusted Operator Optimize IT processes and services
    • Business applications
    • Service management
    • Stakeholder management
    • Work orders
    Unstable Firefighter Reduce use disruption and adequately support the business
    • Network and infrastructure
    • Service desk
    • Security
    • User devices

    Call 4

    Day 31 to Day 45

    Inform your peers that you plan to do a CIO Business Vision survey to gauge your stakeholders’ satisfaction

    Associated Activity icon Run the diagnostic program or use the alternative activities to complete your presentation

    INPUT: CIO Business Vision survey (recommended)

    OUTPUT: True measure of business satisfaction with IT

    Materials: Presentation Deck, slide 30

    Participants: CIO, IT staff

    Meet the business leaders at your organization face-to-face if possible. If you can't meet in person, try a video conference to establish some rapport. At the end of your introduction and after listening to what your colleague has to say, introduce the CIO Business Vision Diagnostic.

    Explain that you want to understand how to meet their business needs and you feel a formal approach is best. You'll also be using this approach as an important metric to track your department's success. Tell them that Info-Tech Research Group will be conducting the survey and it’s important to you that they take the survey when the email is sent to them.

    Example email:

    Hello PEER NAMES,

    I'm arranging for Info-Tech Research Group to invite you to take a survey that will be important to me. The CIO Business Vision survey will help me understand how to meet your business needs. It will only take about 15 minutes of your time, and the top-line results will be shared with the organization. We will use the results to plan initiatives for the future that will improve your satisfaction with IT.

    Regards,
    CIO NAME

    Gain feedback on your initial assessments from your IT team

    There are two strategies for gaining feedback on your initial assessments of the organization from the IT team:

    1. Review your personal assessments with the relevant members of your IT organization as a group. This strategy can help to build trust and an open channel for communication between yourself and your team; however, it also runs the risk of being impacted by groupthink.
    2. Ask for your team to complete their own assessments for you to compare and contrast. This strategy can help extract more candor from your team, as they are not expected to communicate what may be nuanced perceptions of organizational weaknesses or criticisms of the way certain capabilities function.

    Who you involve in this process will be impacted by the size of your organization. For larger organizations, involve everyone down to the manager level. In smaller organizations, you may want to involve everyone on the IT team to get an accurate lay of the land.

    Areas for Review:

    • Strategic Document Review: Are there any major themes or areas of interest that were not covered in my initial assessment?
    • Competitor Array: Are there any initiatives in flight to leverage new technologies?
    • Current State of IT Maturity: Does IT’s perception align with the CEO’s? Where do you believe IT has been most effective? Least effective?
    • IT’s Key Priorities: Does IT’s perception align with the CEO’s?
    • Key Performance Indicators: How has IT been measured in the past?

    Info-Tech Best Practice

    You need your team’s hearts and minds or you risk a short tenure. Overemphasizing business commitment by neglecting to address your IT team until after you meet your business stakeholders will result in a disenfranchised group. Show your team their importance.

    Susan Bowen's talent maximization

    CASE STUDY

    Industry Infrastructure Services
    Source Interview with Susan Bowen

    Susan Bowen was promoted to be the president of Cogeco Peer 1, an infrastructure services firm, when it was still a part of Cogeco Communications. Part of her mandate was to help spin out the business to a new owner, which occurred when it was acquired by Digital Colony. The firm was renamed Aptum and Bowen was put in place as CEO, which was not a certainty despite her position as president at Cogeco Peer 1. She credits her ability to put the right talent in the right place as part of the reason she succeeded. After becoming president, she sought a strong commitment from her directors. She gave them a choice about whether they'd deliver on a new set of expectations – or not. She also asks her leadership on a regular basis if they are using their talent in the right way. While it's tempting for directors to want to hold on to their best employees, those people might be able to enable many more people if they can be put in another place.

    Bowen fully rounded out her leadership team after Aptum was formed. She created a chief operating officer and a chief infrastructure officer. This helped put in place more clarity around roles at the firm and put an emphasis on client-facing services.

    Photo of Susan Bowen, CEO, Aptum.
    Susan Bowen, CEO, Aptum (Image source: Aptum)

    Listen to 'The First 100 Days' podcast – Susan Bowen

    Initiate CIO Business Vision survey – new KPIs for stakeholder management — Recommended

    Info-Tech CIO Business Vision

    Be sure to effectively communicate the context of this survey to your business stakeholders before you launch it. Plan to talk about your plans to introduce it in your first meetings with stakeholders. When ready, let your executive advisor know you want to launch the tool and provide the names and email addresses of the stakeholders you want involved. After you have the results, harvest the materials required for your presentation deck. See slide 30 and follow the instructions on what to include.

    Benefits

    Icon for Key Stakeholders. Icon for Credibility. Icon for Improve. Icon for Focus.
    Key Stakeholders
    Clarify the needs of the business.
    Credibility
    Create transparency.
    Improve
    Measure IT’s progress.
    Focus
    Find what’s important.

    Supporting Tool or Template icon Additional materials are available on Info-Tech’s website.

    Create a catalog of key stakeholder details to reference prior to future conversations — Alternative

    Only conduct this activity if you’re not able to run the CIO Business Vision diagnostic.

    Use the Organizational Catalog as a personal cheat sheet to document the key details around each of your stakeholders, including your CEO when possible.

    The catalog will be an invaluable tool to keep the competing needs of your different stakeholders in line, while ensuring you are retaining the information to build the political capital needed to excel in the C-suite.

    Note: It is important to keep this document private. While you may want to communicate components of this information, ensure your catalog remains under lock and (encryption) key.

    Screenshot of the Organizational Catalog for Stakeholders. At the top are spaces for 'Name', 'Job Title', etc. Boxes include 'Key Personal Details', 'Satisfaction Levels With IT', 'Preferred Communications', 'Key Activities', 'In-Flight and Scheduled Projects', 'Key Performance Indicators', and 'Additional Details'.

    Info-Tech Insight

    While profiling your stakeholders is important, do not be afraid to profile yourself as well. Visualizing how your interests overlap with those of your stakeholders can provide critical information on how to manage your communications so that those on the receiving end are hearing exactly what they need.

    Activity: Conduct interviews with your key business stakeholders — Alternative

    Associated Activity icon

    1. Once you have identified your key stakeholders through your interviews with your boss and your IT team, schedule a set of meetings with those individuals.
    2. Use the meetings to get to know your stakeholders, their key priorities and initiatives, and their perceptions of the effectiveness of IT.
      1. Use the probative questions to the right to elicit key pieces of information.
      2. Refer to the Organizational Catalog tool for more questions to dig deeper in each category. Ensure that you are taking notes separate from the tool and are keeping the tool itself secure, as it will contain private information specific to your interests.
    3. Following each meeting, record the results of your conversation and any key insights in the Organizational Catalog. Refer to the following slide for more details.

    Questions for Discussion:

    • Be indirect about your personal questions – share stories that will elicit details about their interests, kids, etc.
    • What are your most critical/important initiatives for the year?
    • What are your key revenue streams, products, and services?
    • What are the most important ways that IT supports your success? What is your satisfaction level with those services?
    • Are there any current in-flight projects or initiatives that are a current pain point? How can IT assist to alleviate challenges?
    • How is your success measured? What are your targets for the year on those metrics?

    Presentation Deck, slide 34

    Call 5

    Day 46 to Day 60

    Inform your team that you plan to do an IT staffing assessment

    Associated Activity icon Introduce the IT Staffing Assessment that will help you get the most out of your team

    INPUT: Email template

    OUTPUT: Ready to launch diagnostic

    Materials: Email template, List of staff, Sample of diagnostic

    Participants: CIO, IT staff

    Explain that you want to understand how the IT staff is currently spending its time by function and by activity. You want to take a formal approach to this task and also assess the team’s feelings about its effectiveness across different processes. The results of the assessment will serve as the foundation that helps you improve your team’s effectiveness within the organization.

    Example email:

    Hello PEER NAMES,

    The feedback I've heard from the team since joining the company has been incredibly useful in beginning to formulate my IT strategy. Now I want to get a clear picture of how everyone is spending their time, especially across different IT functions and activities. This will be an opportunity for you to share feedback on what we're doing well, what we need to do more of, and what we're missing. Expect to receive an email invitation to take this survey from Info-Tech Research Group. It's important to me that you complete the survey as soon as you're can. Attached you’ll find an example of the report this will generate. Thank you again for providing your time and feedback.

    Regards,
    CIO NAME

    Wayne Berger's shortcut to solve staffing woes

    CASE STUDY

    Industry Office leasing
    Source Interview with Wayne Berger

    Wayne Berger was hired to be the International Workplace Group (IWG) CEO for Canada and Latin America in 2014.

    Wayne approached his early days with the office space leasing firm as a tour of sorts, visiting nearly every one of the 48 office locations across Canada to host town hall meetings. He heard from staff at every location that they felt understaffed. But instead of simply hiring more staff, Berger actually reduced the workforce by 33%.

    He created a more flexible approach to staffing:

    • Employees no longer just reported to work at one office; instead, they were ready to go to wherever they were most needed in a specific geographic area.
    • He centralized all back-office functions for the company so that not every office had to do its own bookkeeping.
    • Finally, he changed the labor profile to consist of full-time staff, part-time staff, and time-on-demand workers.
    Photo of Wayne Berger, CEO, IWG Plc.
    Wayne Berger, CEO, IWG Plc (Image source: IWG)

    Listen to 'The First 100 Days' podcast – Wayne Berger

    Initiate IT Staffing Assessment – new KPIs to track IT performance — Recommended

    Info-Tech IT Staffing Assessment

    Info-Tech’s IT Staffing Assessment provides benchmarking of key metrics against 4,000 other organizations. Dashboard-style reports provide key metrics at a glance, including a time breakdown by IT function and by activity compared against business priorities. Run this survey at about the 45-day mark of your first 90 days. Its insights will be used to inform your long-term IT strategy.

    Benefits

    Icon for Right-Size IT Headcount. Icon for Allocate Staff Correctly. Icon for Maximize Teams.
    Right-Size IT Headcount
    Find the right level for stakeholder satisfaction.
    Allocate Staff Correctly
    Identify staff misalignments with priorities.
    Maximize Teams
    Identify how to drive staff.

    Supporting Tool or Template icon Additional materials are available on Info-Tech’s website.

    Quick wins: Make recommendations based on IT Management & Governance Framework

    Complete this exercise while waiting on the IT Staffing Assessment results. Based on your completed IT Management & Governance report, identify the initiatives you can tackle immediately. You can conduct this as a team exercise by following these steps:

    1. Create a shortlist of initiatives based on the processes that were identified as high need but scored low in effectiveness. Think as broadly as possible during this initial brainstorming.
    2. Write each initiative on a sticky note and conduct a high-level analysis of the amount of effort that would be required to complete it, as well as its alignment with the achievement of business objectives.
    3. Draw the matrix below on a whiteboard and place each sticky note onto the matrix based on its potential impact and difficulty to address.
    A matrix of initiative categories based on effort to achieve and alignment with business objectives. It is split into quadrants: the vertical axis is 'Potential Impact' with 'High, Fully supports achievement of business objectives' at the top and 'Low, Limited support of business objectives' at the bottom; the horizontal axis is 'Effort' with 'Low' on the left and 'High' on the right. Low impact, low effort is 'Low Current Value, No immediate attention required, but may become a priority in the future if business objectives change'. Low impact, high effort is 'Future Reassessment, No immediate attention required, but may become a priority in the future if business objectives change'. High impact, high effort is 'Long-Term Initiatives, High impact on business outcomes but will take more effort to implement. Schedule these in your long-term roadmap'. High impact, low effort is 'Quick Wins, High impact on business objectives with relatively small effort. Some combination of these will form your early wins'.

    Call 6

    Day 61 to Day 75

    Run a start, stop, continue exercise with your IT staff — Alternative

    This is an alternative activity to running an IT Staffing Assessment, which contains a start/stop/continue assessment. This activity can be facilitated with a flip chart or a whiteboard. Create three pages or three columns and label them Start, Stop, and Continue.

    Hand out sticky notes to each team member and then allow time for individual brainstorming. Instruct them to write down their contributions for each category on the sticky notes. After a few minutes, have everyone stick their notes in the appropriate category on the board. Discuss as a group and see what themes emerge. Record the results that you want to share in your presentation deck (GroupMap).

    Gather your team and explain the meaning of these categories:

    Start: Activities you're not currently doing but should start doing very soon.

    Stop: Activities you're currently doing but aren’t working and should cease.

    Continue: Things you're currently doing and are working well.

    Presentation Deck, slide 24

    Determine the alignment of IT commitments with business objectives

    Associated Activity icon

    INPUT: Interviews with IT leadership team

    OUTPUT: High-level understanding of in-flight commitments and investments

    Run this only as an alternative to the IT Management & Governance Diagnostic.

    1. Schedule meetings with IT leadership to understand what commitments have been made to the business in terms of new products, projects, or enhancements.
    2. Determine the following about IT’s current investment mix:
      1. What are the current IT investments and assets? How do they align to business goals?
      2. What investments in flight are related to which information assets?
      3. Are there any immediate risks identified for these key investments?
      4. What are the primary business issues that demand attention from IT consistently?
      5. What choices remain undecided in terms of strategic direction of the IT organization?
    3. Document your key investments and commitments as well as any points of misalignment between objectives and current commitments as action items to address in your long-term plans. If they are small fixes, consider them during your quick-win identification.

    Presentation Deck, slide 25

    Determine the alignment of IT commitments with business objectives

    Run this only as an alternative to the IT Staffing Assessment diagnostic.

    Schedule meetings with IT leadership to understand what commitments have been made to the business in terms of new products, projects, or enhancements.

    Determine the following about IT’s current investment mix:

    • What are the current IT investments and assets?
    • How do they align to business goals?
    • What in-flight investments are related to which information assets?
    • Are there any immediate risks identified for these key investments?
    • What are the primary business issues that demand attention from IT consistently?
    • What remains undecided in terms of strategic direction of the IT organization?

    Document your key investments and commitments, as well as any points of misalignment between objectives and current commitments, as action items to address in your long-term plans. If they are small-effort fixes, consider them during your quick-win identification.

    Presentation Deck, slide 25

    Make a categorized vendor list by IT process

    As part of learning the IT team, you should also create a comprehensive list of vendors under contract. Collaborate with the finance department to get a clear view of how much of the IT budget is spent on specific vendors. Try to match vendors to the IT processes they serve from the IT M&G framework.

    You should also organize your vendors based on their budget allocation. Go beyond just listing how much money you’re spending with each vendor and categorize them into either “transactional” relationships or “strategic relationships.” Use the grid below to organize them. Ideally, you’ll want most relationships to be high spend and strategic (Source: Gary Davenport).

    A matrix of vendor categories with the vertical axis 'Spend' increasing upward, and the horizontal axis 'Type of relationship' with values 'Transactional' or 'Strategic'. The bottom left corner is 'Low Spend Transactional', the top right corner is 'High Spend Strategic'.

    Where to source your vendor list:

    • Finance department
    • Infrastructure managers
    • Vendor manager in IT

    Further reading: Manage Your Vendors Before They Manage You

    Presentation Deck, slide 26

    Jennifer Schaeffer’s short-timeline turnaround

    CASE STUDY

    Industry Education
    Source Interview with Jennifer Schaeffer

    Jennifer Schaeffer joined Athabasca University as CIO in November 2017. She was entering a turnaround situation as the all-online university lacked an IT strategy and had built up significant technical debt. Armed with the mandate of a third-party consultant that was supported by the president, Schaeffer used a people-first approach to construct her strategy. She met with all her staff, listening to them carefully regardless of role, and consulted with the administrative council and faculty members. She reflected that feedback in her plan or explained to staff why it wasn’t relevant for the strategy. She implemented a “strategic calendaring” approach for the organization, making sure that her team members were participating in meetings where their work was assessed and valued. Drawing on Spotify as an inspiration, she designed her teams in a way that everyone was connected to the customer experience. Given her short timeline to execute, she put off a deep skills analysis of her team for a later time, as well as creating a full architectural map of her technology stack. The outcome is that 2.5 years later, the IT department is unified in using the same tooling and optimization standards. It’s more flexible and ready to incorporate government changes, such as offering more accessibility options.

    Photo of Jennifer Schaeffer.
    Jennifer Schaeffer took on the CIO role at Athabasca University in 2017 and was asked to create a five-year strategic plan in just six weeks.
    (Image source: Athabasca University)

    Listen to 'The First 100 Days' podcast – Eric Wright

    Call 7

    Day 76 to Day 90

    Finalize your vision – mission – values statement

    A clear statement for your values, vision, and mission will help crystallize your IT strategy and communicate what you're trying to accomplish to the entire organization.

    Mission: This statement describes the needs that IT was created to meet and answers the basic question of why IT exists.

    Vision: Write a statement that captures your values. Remember that the vision statement sets out what the IT organization wants to be known for now and into the future.

    Values: IT core values represent the standard axioms by which the IT department operates. Similar to the core values of the organization as a whole, IT’s core values are the set of beliefs or philosophies that guide its strategic actions.

    Further reading: IT Vision and Mission Statements Template

    Presentation Deck, slide 42

    John Chen's new strategic vision

    CASE STUDY

    Industry Mobile Services
    Source Sean Silcoff, The Globe and Mail

    John Chen, known in the industry as a successful turnaround executive, was appointed BlackBerry CEO in 2014 following the unsuccessful launch of the BlackBerry 10 mobile operating system and a new tablet.

    He spent his first three months travelling, talking to customers and suppliers, and understanding the company's situation. He assessed that it had a problem generating cash and had made some strategic errors, but there were many assets that could benefit from more investment.

    He was blunt about the state of BlackBerry, making cutting observations of the past mistakes of leadership. He also settled a key question about whether BlackBerry would focus on consumer or enterprise customers. He pointed to a base of 80,000 enterprise customers that accounted for 80% of revenue and chose to focus on that.

    His new mission for BlackBerry: to transform it from being a "mobile technology company" that pushes handset sales to "a mobile solutions company" that serves the mobile computing needs of its customers.

    Photo of John Chen, CEO of BlackBerry.
    John Chen, CEO of BlackBerry, presents at BlackBerry Security Summit 2018 in New York City (Image source: Brian Jackson)

    Listen to 'The First 100 Days' podcast – Erin Bury

    Quick wins: Make recommendations based on the CIO Business Vision survey

    Based on your completed CIO Business Vision survey, use the IT Satisfaction Scorecard to determine some initiatives. Focus on areas that are ranked as high importance to the business but low satisfaction. While all of the initiatives may be achievable given enough time, use the matrix below to identify the quick wins that you can focus on immediately. It’s important to not fail in your quick-win initiative.

    • High Visibility, Low Risk: Best bet for demonstrating your ability to deliver value.
    • Low Visibility, Low Risk: Worth consideration, depending on the level of effort required and the relative importance to the stakeholder.
    • High Visibility, High Risk: Limit higher-risk initiatives until you feel you have gained trust from your stakeholders, demonstrating your ability to deliver.
    • Low Visibility, High Risk: These will be your lowest value, quick-win initiatives. Keep them in a backlog for future consideration in case business objectives change.
    A matrix of initiative categories based on organizational visibility and risk of failure. It is split into quadrants: the vertical axis is 'Organizational Visibility' with 'High' at the top and 'Low' at the bottom; the horizontal axis is 'Risk of Failure' with 'Low' on the left and 'High' on the right. 'Low Visibility, Low Risk, Few stakeholders will benefit from the initiative’s implementation.' 'Low Visibility, High Risk, No immediate attention is required, but it may become a priority in the future if business objectives change.' 'High Visibility, Low Risk, Multiple stakeholders will benefit from the initiative’s implementation, and it has a low risk of failure.' 'High Visibility, High Risk, Multiple stakeholders will benefit from the initiative’s implementation, but it has a higher risk of failure.'

    Presentation Deck, slide 27

    Create and communicate a post-100 plan

    The last few slides of your presentation deck represent a roundup of all the assessments you’ve done and communicate your plan for the months ahead.

    Slide 38. Based on the information on the previous slide and now knowing which IT capabilities need improvement and which business priorities are important to support, estimate where you'd like to see IT staff spend their time in the near future. Will you be looking to shift staff from one area to another? Will you be looking to hire staff?

    Slide 39. Take your IT M&G initiatives from slide 19 and list them here. If you've already achieved a quick win, list it and mark it as completed to show what you've accomplished. Briefly outline the objectives, how you plan to achieve the result, and what measurement will indicate success.

    Slide 40. Reflect your CIO Business Vision initiatives from slide 31 here.

    Slide 41. Use this roadmap template to list your initiatives by roughly when they’ll be worked on and completed. Plan for when you’ll update your diagnostics.

    Expert Contributors

    Photo of Alan Fong, Chief Technology Officer, Dealer-FX Alan Fong, Chief Technology Officer, Dealer-FX
    Photo of Andrew Wertkin, Chief Strategy Officer, BlueCat NetworksPhoto of David Penny, Chief Technology Officer, BlueCat Networks Andrew Wertkin, Chief Strategy Officer, BlueCat Networks
    David Penny, Chief Technology Officer, BlueCat Networks
    Photo of Susan Bowen, CEO, Aptum Susan Bowen, CEO, Aptum
    Photo of Erin Bury, CEO, Willful Erin Bury, CEO, Willful
    Photo of Denis Gaudreault, Country Manager, Intel Canada and Latin America Denis Gaudreault, Country Manager, Intel Canada and Latin America
    Photo of Wayne Berger, CEO, IWG Plc Wayne Berger, CEO, IWG Plc
    Photo of Eric Wright, CEO, LexisNexis Canada Eric Wright, CEO, LexisNexis Canada
    Photo of Gary Davenport Gary Davenport, past president of CIO Association” of Canada, former VP of IT, Enterprise Solutions Division, MTS AllStream
    Photo of Jennifer Schaeffer, VP of IT and CIO, Athabasca University Jennifer Schaeffer, VP of IT and CIO, Athabasca University

    Bibliography

    Beaudan, Eric. “Do you have what it takes to be an executive?” The Globe and Mail, 9 July 2018. Web.

    Bersohn, Diana. “Go Live on Day One: The Path to Success for a New CIO.” PDF document. Accenture, 2015. Web.

    Bradt, George. “Executive Onboarding When Promoted From Within To Follow A Successful Leader.” Forbes, 15 Nov. 2018. Web.

    “CIO Stats: Length of CIO Tenure Varies By Industry.” CIO Journal, The Wall Street Journal. 15 Feb. 2017. Web.

    “Enlarging Your Sphere of Influence in Your Organization: Your Learning and Development Guide to Getting People on Side.” MindTools Corporate, 2014.

    “Executive Summary.” The CIO's First 100 Days: A Toolkit. PDF document. Gartner, 2012. Web.

    Forbes, Jeff. “Are You Ready for the C-Suite?” KBRS, n.d. Web.

    Gallo, Carmine. “Tim Cook Uses These 5 Words to Take Control of Any Conversation.” Inc., 9 Aug. 2019. Web.

    Giles, Sunnie. “The Most Important Leadership Competencies, According to Leaders Around the World.” Harvard Business Review, 15 March 2016. Web.

    Godin, Seth. “Ode: How to tell a great story.” Seth's Blog. 27 April 2006. Web.

    Green, Charles W. “The horizontal dimension of race: Social culture.” Hope College Blog Network, 19 Oct. 2014. Web.

    Hakobyan, Hayk. “On Louis Gerstner And IBM.” Hayk Hakobyan, n.d. Web.

    Bibliography

    Hargrove, Robert. Your First 100 Days in a New Executive Job, edited by Susan Youngquist. Kindle Edition. Masterful Coaching Press, 2011.

    Heathfield, Susan M. “Why ‘Blink’ Matters: The Power of Your First Impressions." The Balance Careers, 25 June 2019. Web.

    Hillis, Rowan, and Mark O'Donnell. “How to get off to a flying start in your new job.” Odgers Berndtson, 29 Nov. 2018. Web.

    Karaevli, Ayse, and Edward J. Zajac. “When Is an Outsider CEO a Good Choice?” MIT Sloan Management Review, 19 June 2012. Web.

    Keizer, Gregg. “Microsoft CEO Nadella Aces First-100-Day Test.” Computerworld, 15 May 2014. Web.

    Keller, Scott, and Mary Meaney. “Successfully transitioning to new leadership roles.” McKinsey & Company, May 2018. Web.

    Kress, R. “Director vs. Manager: What You Need to Know to Advance to the Next Step.” Ivy Exec, 2016. Web.

    Levine, Seth. “What does it mean to be an ‘executive’.” VC Adventure, 1 Feb. 2018. Web.

    Lichtenwalner, Benjamin. “CIO First 90 Days.” PDF document. Modern Servant Leader, 2008. Web.

    Nawaz, Sabina. “The Biggest Mistakes New Executives Make.” Harvard Business Review, 15 May 2017. Web.

    Pruitt, Sarah. “Fast Facts on the 'First 100 Days.‘” History.com, 22 Aug. 2018. Web.

    Rao, M.S. “An Action Plan for New CEOs During the First 100 Days.” Training, 4 Oct. 2014. Web.

    Reddy, Kendra. “It turns out being a VP isn't for everyone.” Financial Post, 17 July 2012. Web.

    Silcoff, Sean. “Exclusive: John Chen’s simple plan to save BlackBerry.” The Globe & Mail, 24 Feb. 2014. Web.

    Bibliography

    “Start Stop Continue Retrospective.” GroupMap, n.d. Web.

    Surrette, Mark. “Lack of Rapport: Why Smart Leaders Fail.” KBRS, n.d. Web.

    “Understanding Types of Organization – PMP Study.” Simplilearn, 4 Sept. 2019. Web.

    Wahler, Cindy. “Six Behavioral Traits That Define Executive Presence.” Forbes, 2 July 2015. Web.

    Watkins, Michael D. The First 90 Days, Updated and Expanded. Harvard Business Review Press, 2013.

    Watkins, Michael D. “7 Ways to Set Up a New Hire for Success.” Harvard Business Review, 10 May 2019. Web.

    “What does it mean to be a business executive?” Daniels College of Business, University of Denver, 12 Aug. 2014. Web.

    Yeung, Ken. “Turnaround: Marissa Mayer’s first 300 days as Yahoo’s CEO.” The Next Web, 19 May 2013. Web.

    Ensure Cloud Security in IaaS, PaaS, and SaaS Environments

    • Buy Link or Shortcode: {j2store}386|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Secure Cloud & Network Architecture
    • Parent Category Link: /secure-cloud-network-architecture
    • Security remains a large impediment to realizing cloud benefits. Numerous concerns still exist around the ability for data privacy, confidentiality, and integrity to be maintained in a cloud environment.
    • Even if adoption is agreed upon, it becomes hard to evaluate vendors that have strong security offerings and even harder to utilize security controls that are internally deployed in the cloud environment.

    Our Advice

    Critical Insight

    • The cloud can be secure despite unique security threats.
    • Securing a cloud environment is a balancing act of who is responsible for meeting specific security requirements.
    • Most security challenges and concerns can be minimized through our structured process (CAGI) of selecting a trusted cloud security provider (CSP) partner.

    Impact and Result

    • The business is adopting a cloud environment and it must be secured, which includes:
      • Ensuring business data cannot be leaked or stolen.
      • Maintaining privacy of data and other information.
      • Securing the network connection points.
    • Determine your balancing act between yourself and your CSP; through contractual and configuration requirements, determine what security requirements your CSP can meet and cover the rest through internal deployment.
    • This blueprint and associated tools are scalable for all types of organizations within various industry sectors.

    Ensure Cloud Security in IaaS, PaaS, and SaaS Environments Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should prioritize security in the cloud, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Determine your cloud risk profile

    Determine your organization’s rationale for cloud adoption and what that means for your security obligations.

    • Ensure Cloud Security in IaaS, PaaS, and SaaS Environments – Phase 1: Determine Your Cloud Risk Profile
    • Secure Cloud Usage Policy

    2. Identify your cloud security requirements

    Use the Cloud Security CAGI Tool to perform four unique assessments that will be used to identify secure cloud vendors.

    • Ensure Cloud Security in IaaS, PaaS, and SaaS Environments – Phase 2: Identify Your Cloud Security Requirements
    • Cloud Security CAGI Tool

    3. Evaluate vendors from a security perspective

    Learn how to assess and communicate with cloud vendors with security in mind.

    • Ensure Cloud Security in IaaS, PaaS, and SaaS Environments – Phase 3: Evaluate Vendors From a Security Perspective
    • IaaS and PaaS Service Level Agreement Template
    • SaaS Service Level Agreement Template
    • Cloud Security Communication Deck

    4. Implement your secure cloud program

    Turn your security requirements into specific tasks and develop your implementation roadmap.

    • Ensure Cloud Security in IaaS, PaaS, and SaaS Environments – Phase 4: Implement Your Secure Cloud Program
    • Cloud Security Roadmap Tool

    5. Build a cloud security governance program

    Build the organizational structure of your cloud security governance program.

    • Ensure Cloud Security in IaaS, PaaS, and SaaS Environments – Phase 5: Build a Cloud Security Governance Program
    • Cloud Security Governance Program Template
    [infographic]

    Identify and Reduce Agile Contract Risk

    • Buy Link or Shortcode: {j2store}232|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: $10,000 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Customer maturity levels with Agile are low, with 67% of organizations using Agile for less than five years.
    • Customer competency levels with Agile are also low, with 84% of organizations stating they are below a high level of competency.
    • Contract disputes are the number one or two types of disputes faced by organizations across all industries.

    Our Advice

    Critical Insight

    • Agile contracts require different wording and protections than traditional or waterfall contracts.
    • Agile buzzwords by themselves do not create an Agile contract.
    • There is a delicate balance between being overly prescriptive in an Agile contract and too lax.

    Impact and Result

    • Identify options for Agile contract provisions.
    • Manage Agile contract risk by selecting the appropriate level of protections for an Agile project.
    • Harness the power of Agile development and collaboration with the vendor while preserving contractual flexibility.
    • Focus on the correct contract clauses to manage Agile risk.

    Identify and Reduce Agile Contract Risk Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should treat Agile contracts differently from traditional or waterfall contracts, and review Info-Tech’s methodology, and understand the twelve contract clauses that are different for Agile contracts.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and evaluate options

    Use the information in this blueprint and Info-Tech’s Agile Contract Playbook-Checklist to review and assess your Agile contracts, ensuring that the provisions and protections are suitable for Agile contracts specifically.

    • Agile Contracts Playbook-Checklist
    [infographic]

    Workshop: Identify and Reduce Agile Contract Risk

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify and Evaluate Options

    The Purpose

    To understand Agile-specific contract clauses, to improve risk identification, and to be more effective at negotiating Agile contract terms.

    Key Benefits Achieved

    Increased awareness of how Agile contract provisions are different from traditional or waterfall contracts in 12 key areas.

    Understanding available options.

    Understanding the impact of being too prescriptive.

    Activities

    1.1 Review the Agile Contract Playbook-Checklist.

    1.2 Review 12 contract provisions and reinforce key learnings with exercises.

    Outputs

    Configured Playbook-Checklist as applicable

    Exercise results and debrief

    Run Better Meetings

    • Buy Link or Shortcode: {j2store}287|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Voice & Video Management
    • Parent Category Link: /voice-video-management

    Your newly hybrid workplace will include virtual, hybrid, and physical meetings, presenting several challenges:

    • The experience for onsite and remote attendees is not equal.
    • Employees are experiencing meeting and video fatigue.
    • Meeting rooms are not optimized for hybrid meetings.
    • The fact is that many people have not successfully run hybrid meetings before.

    Our Advice

    Critical Insight

    • Successful hybrid workplace plans must include planning around hybrid meetings. Seamless hybrid meetings are the result of thoughtful planning and documented best practices.

    Impact and Result

    • Identify your current state and the root cause of unsatisfactory meetings.
    • Review and identify meetings best practices around meeting roles, delivery models, and training.
    • Improve the technology that supports meetings.
    • Use Info-Tech’s quick checklists and decision flowchart to accelerate meeting planning and cover your bases.

    Run Better Meetings Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should run better meetings, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify the current state of meetings

    Understand the problem before you try to fix it. Before you can improve meetings, you need to understand what your norms and challenges currently are.

    • Checklist: Run a Virtual or Hybrid Meeting

    2. Publish best practices for how meetings should run

    Document meeting roles, expectations, and how meetings should run. Decide what kind of meeting delivery model to use and develop a training program.

    • Meeting Challenges and Best Practices
    • Meeting Type Decision Flowchart (Visio)
    • Meeting Type Decision Flowchart (PDF)

    3. Improve meeting technology

    Always be consulting with users: early in the process to set a benchmark, during and after every meeting to address immediate concerns, and quarterly to identify trends and deeper issues.

    • Team Charter
    • Communications Guide Poster Template
    [infographic]

    Workshop: Run Better Meetings

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Current State of Meetings

    The Purpose

    Understand the current state of meetings in your organization.

    Key Benefits Achieved

    What you need to keep doing and what you need to change

    Activities

    1.1 Brainstorm meeting types.

    1.2 Document meeting norms.

    1.3 Document and categorize meeting challenges.

    Outputs

    Documented challenges with meetings

    Meeting norms

    Desired changes to meeting norms

    2 Review and Identify Best Practices

    The Purpose

    Review and implement meeting best practices.

    Key Benefits Achieved

    Defined meeting best practices for your organization

    Activities

    2.1 Document meeting roles and expectations.

    2.2 Review common meeting challenges and identify best practices.

    2.3 Document when to use a hybrid meeting, virtual meeting, or an in-person meeting.

    2.4 Develop a training program.

    Outputs

    Meeting roles and expectations

    List of meeting best practices

    Guidelines to help workers choose between a hybrid, virtual, or in-person meeting

    Training plan for meetings

    3 Improve Meeting Technology

    The Purpose

    Identify opportunities to improve meeting technology.

    Key Benefits Achieved

    A strategy for improving the underlying technologies and meeting spaces

    Activities

    3.1 Empower virtual meeting attendees.

    3.2 Optimize spaces for hybrid meetings.

    3.3 Build a team of meeting champions.

    3.4 Iterate to build and improve meeting technology.

    3.5 Guide users toward each technology.

    Outputs

    Desired improvements to meeting rooms and meeting technology

    Charter for the team of meeting champions

    Communications Guide Poster

    Build a Cloud Security Strategy

    • Buy Link or Shortcode: {j2store}169|cart{/j2store}
    • member rating overall impact (scale of 10): 9.4/10 Overall Impact
    • member rating average dollars saved: $38,592 Average $ Saved
    • member rating average days saved: 44 Average Days Saved
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Leveraging the cloud introduces IT professionals to a new world that they are tasked with securing.
    • With many cloud vendors proposing to share the security responsibility, it can be a challenge for organizations to develop a clear understanding of how they can best secure their data off premises.

    Our Advice

    Critical Insight

    • Cloud security is not fundamentally different from security on premises.
    • While some of the mechanics are different, the underlying principles are the same. Accountability doesn’t disappear.
    • By virtue of its broad network accessibility, the cloud does expose decisions to extreme scrutiny, however.

    Impact and Result

    • The business is adopting a cloud environment and it must be secured, which includes:
      • Ensuring business data cannot be leaked or stolen.
      • Maintaining privacy of data and other information.
      • Securing the network connection points.
    • This blueprint and associated tools are scalable for all types of organizations within various industry sectors.

    Build a Cloud Security Strategy Research & Tools

    Start Here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a cloud security strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Explore security considerations for the cloud

    Explore how the cloud changes the required controls and implementation strategies for a variety of different security domains.

    • Build a Cloud Security Strategy – Phase 1: Explore Security Considerations for the Cloud
    • Cloud Security Information Security Gap Analysis Tool
    • Cloud Security Strategy Template

    2. Prioritize initiatives and construct a roadmap

    Develop your organizational approach to various domains of security in the cloud, considering the cloud’s unique risks and challenges.

    • Build a Cloud Security Strategy – Phase 2: Prioritize Initiatives and Construct a Roadmap
    [infographic]

    Workshop: Build a Cloud Security Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your Approach

    The Purpose

    Define your unique approach to improving security in the cloud.

    Key Benefits Achieved

    An understanding of the organization’s requirements for cloud security.

    Activities

    1.1 Define your approach to cloud security.

    1.2 Define your governance requirements.

    1.3 Define your cloud security management requirements.

    Outputs

    Defined cloud security approach

    Defined governance requirements

    2 Respond to Cloud Security Challenges

    The Purpose

    Explore challenges posed by the cloud in various areas of security.

    Key Benefits Achieved

    An understanding of how the organization needs to evolve to combat the unique security challenges of the cloud.

    Activities

    2.1 Explore cloud asset management.

    2.2 Explore cloud network security.

    2.3 Explore cloud application security.

    2.4 Explore log and event management.

    2.5 Explore cloud incident response.

    2.6 Explore cloud eDiscovery and forensics.

    2.7 Explore cloud backup and recovery.

    Outputs

    Understanding of cloud security strategy components (cont.).

    3 Build Cloud Security Roadmap

    The Purpose

    Identify initiatives to mitigate challenges posed by the cloud in various areas of security.

    Key Benefits Achieved

    A roadmap for improving security in the cloud.

    Activities

    3.1 Define tasks and initiatives.

    3.2 Finalize your task list

    3.3 Consolidate gap closure actions into initiatives.

    3.4 Finalize initiative list.

    3.5 Conduct a cost-benefit analysis.

    3.6 Prioritize initiatives and construct a roadmap.

    3.7 Create effort map.

    3.8 Assign initiative execution waves.

    3.9 Finalize prioritization.

    3.10 Incorporate initiatives into a roadmap.

    3.11 Schedule initiatives.

    3.12 Review your results.

    Outputs

    Defined task list.

    Cost-benefit analysis

    Roadmap

    Effort map

    Initiative schedule

    Define a Release Management Process to Deliver Lasting Value

    • Buy Link or Shortcode: {j2store}158|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $12,999 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Your software platforms are a key enabler of your brand. When there are issues releasing, this brand suffers. Client confidence and satisfaction erode.
    • Your organization has invested significant capital in creating a culture product ownership, Agile, and DevOps. Yet the benefits from these investments are not yet fully realized.
    • Customers have more choices than ever when it comes to products and services. They require features and capabilities delivered quickly, consistently, and of sufficient quality otherwise they will look elsewhere.

    Our Advice

    Critical Insight

    • Eliminate the need for dedicating time for off-hour or weekend release activities. Use a release management framework for optimizing release-related tasks, making them predictable and of high quality.

    Impact and Result

    • Develop a release management framework that efficiently and effectively orchestrates the different functions supporting a software’s release.
    • Use the release management framework and turn release-related activities into non-events.
    • Use principles of continuous delivery for converting your release processes from an overarching concern to a feature of a high-performing software practice.

    Define a Release Management Process to Deliver Lasting Value Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define a Release Management Process to Deliver Lasting Value Deck – A step-by-step document that walks you through how to develop and implement a release management framework that takes advantage of continuous delivery.

    This presentation documents the Info-Tech approach to defining your application release management framework.

    • Define a Release Management Process to Deliver Lasting Value – Phases 1-4

    2. Define a Release Management Process to Deliver Lasting Value Template – Use this template to help you define, detail, and make a reality your strategy in support of your application release management framework.

    The template gives the user a guide to the development of their application release management framework.

    • Define a Release Management Process to Deliver Lasting Value Template

    3. Define a Release Management Process to Deliver Lasting Value Workbook – This workbook documents the results of the exercises contained in the blueprint and offers the user a guide to development of their release management framework.

    This workbook is designed to capture the results of your exercises from the Define a Release Management Process to Deliver Lasting Value blueprint.

    • Define a Release Management Process to Deliver Lasting Value Workbook
    [infographic]

    Workshop: Define a Release Management Process to Deliver Lasting Value

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define the Current Situation

    The Purpose

    Document the existing release management process and current pain points and use this to define the future-state framework.

    Key Benefits Achieved

    Gain an understanding of the current process to confirm potential areas of opportunity.

    Understand current pain points so that we can build resolution into the new process.

    Activities

    1.1 Identify current pain points with your release management process. If appropriate, rank them in order of most to least disruptive.

    1.2 Use the statement of quality and current pain points (in addition to other considerations) and outline the guiding principles for your application release management framework.

    1.3 Brainstorm a set of metrics that will be used to assess the success of your aspired-to application release management framework.

    Outputs

    Understanding of pain points, their root causes, and ranking.

    Built guiding principles for application release management framework.

    Created set of metrics to measure the effectiveness of the application release management framework.

    2 Define Standard Release Criteria

    The Purpose

    Build sample release criteria, release contents, and standards for how it will be integrated in production.

    Key Benefits Achieved

    Define a map to what success will look like once a new process is defined.

    Develop standards that the new process must meet to ensure benefits are realized.

    Activities

    2.1 Using an example of a product known to the team, list its criteria for release.

    2.2 Using an example of a product known to the team, develop a list of features and tasks that are directly and indirectly important for either a real or hypothetical upcoming release.

    2.3 Using an example of product known to the team, map out the process for its integration into the release-approved code in production. For each step in the process, think about how it satisfies guiding principles, releasability and principles of continuous anything.

    Outputs

    Completed Workbook example highlighting releasability.

    Completed Workbook example defining and detailing feature and task selection.

    Completed Workbook example defining and detailing the integration step.

    3 Define Acceptance and Deployment Standards

    The Purpose

    Define criteria for the critical acceptance and deployment phases of the release.

    Key Benefits Achieved

    Ensure that releases will meet or exceed expectations and meet user quality standards.

    Ensure release standards for no / low risk deployments are recognized and implemented.

    Activities

    3.1 Using an example of product known to the team, map out the process for its acceptance. For each step in the process, think about how it satisfies guiding principles, releasability and principles of continuous anything.

    3.2 Using an example of product known to the team, map out the process for its deployment. For each step in the process, think about how it satisfies guiding principles, releasability and principles of continuous anything.

    Outputs

    Completed Workbook example defining and detailing the acceptance step.

    Completed Workbook example defining and detailing the deployment step.

    4 Implement the Strategy

    The Purpose

    Define your future application release management process and the plan to make the required changes to implement.

    Key Benefits Achieved

    Build a repeatable process that meets the standards defined in phases 2 and 3.

    Ensure the pain points defined in Phase 1 are resolved.

    Show how the new process will be implemented.

    Activities

    4.1 Develop a plan and roadmap to enhance the integration, acceptance, and deployment processes.

    Outputs

    List of initiatives to reach the target state

    Application release management implementation roadmap

    Further reading

    Define a Release Management Process for Your Applications to Deliver Lasting Value

    Use your releases to drive business value and enhance the benefits delivered by your move to Agile.

    Analyst Perspective

    Improving your release management strategy and practices is a key step to fully unlock the value of your portfolio.

    As firms invest in modern delivery practices based around product ownership, Agile, and DevOps, organizations assume that’s all that is necessary to consistently deliver value. As organizations continue to release, they continue to see challenges delivering applications of sufficient and consistent quality.

    Delivering value doesn’t only require good vision, requirements, and technology. It requires a consistent and reliable approach to releasing and delivering products and services to your customer. Reaching this goal requires the definition of standards and criteria to govern release readiness, testing, and deployment.

    This will ensure that when you deploy a release it meets the high standards expected by your clients and delivers the value you have intended.

    Dr. Suneel Ghei

    Principal Research Director, Application Development

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Your software platforms are a key enabler of your brand. When there are issues releasing, the brand suffers. Client confidence and satisfaction erode.
    • Your organization has invested significant capital in creating a culture of product ownership, Agile, and DevOps. Yet the benefits from these investments are not yet fully realized.
    • Customers have more choices than ever when it comes to products and services. They require features and capabilities delivered quickly, consistently, and of sufficient quality, otherwise they will look elsewhere.

    Common Obstacles

    • Development teams are moving faster but then face delays waiting for testing and deployment due to a lack of defined release cycle and process.
    • Individual stages in your software development life cycle (SDLC), such as code collaboration, testing, and deployment, have become leaner, but the overall complexity has increased since many products and services are composed of many applications, platforms, and processes.
    • The specifics of releasing products is (wrongly) classified as a technical concern and not a business concern, hindering the ability to prioritize improved release practices.

    Info-Tech's Approach

    • Develop a release management framework that efficiently and effectively orchestrates the different functions supporting a software’s release.
    • Use the release management framework and turn release-related activities into non-events.
    • Use principles of continuous delivery for converting your release processes from an overarching concern to a feature of a high-performing software practice.

    Executive Summary

    Info-Tech Insights

    Turn release-related activities into non-events.

    Eliminate the need for dedicating time for off-hour or weekend release activities. Use a release management framework for optimizing release-related tasks, making them predictable and of high quality.

    Release management is NOT a part of the software delivery life cycle.

    The release cycle runs parallel to the software delivery life cycle but is not tightly coupled with it. The act of releasing begins at the point requirements are confirmed and ends when user satisfaction is measurable. In contrast, the software delivery life cycle is focused on activities such as building, architecting, and testing.

    All releases are NOT created equal.

    Barring standard guiding principles, each release may have specific nuances that need to be considered as part of release planning.

    Your release management journey

    1. Optimize Applications Release Management - Set a baseline release management process and organization.
    2. Modernize Your SDLC - Move your organization to Agile and increase throughput to feed releases.
    3. Deliver on Your Digital Product Vision - Understand the practices that go into delivering products, including articulating your release plans.
    4. Automate Testing to Get More Done - Create the ability to do more testing quickly and ensure test coverage.
    5. Implement DevOps Practices That Work - Build in tools and techniques necessary for release deployment automation.
    6. Define a Release Management Process to Deliver Lasting Value (We Are Here)

    Define a Release Management Process for Your Applications to Deliver Lasting Value

    Use your releases to drive business value and enhance the benefits delivered by your move to Agile.

    Executive Brief

    Your software delivery teams are expected to deliver value to stakeholders in a timely manner and with high quality

    Software delivery teams must enable the organization to react to market needs and competitive changes to improve the business’ bottom line. Otherwise, the business will question the team’s competencies.

    The business is constantly looking for innovative ways to do their jobs better and they need support from your technical teams.

    The increased stress from the business is widening the inefficiencies that already exist in application release management, risking poor product quality and delayed releases.

    Being detached from the release process, business stakeholders do not fully understand the complexities and challenges of completing a release, which complicates the team’s communication with them when issues occur.

    IT Stakeholders Are Also Not Satisfied With Their Own Throughput

    • Only 29% of IT employees find application development throughput highly effective.
    • Only 9% of organizations were classified as having highly effective application development throughput.
    • Application development throughput ranked 37th out of 45 core IT processes in terms of effectiveness.

    (Info-Tech’s Management and Governance Diagnostic, N=3,930)

    Your teams, however, struggle with core release issues, resulting in delayed delivery (and disappointed stakeholders)

    Implementing tools on top of an inefficient pipeline can significantly magnify the existing release issues. This can lead to missed deadlines, poor product quality, and business distrust with software delivery teams.

    COMMON RELEASE ISSUES

    1. Local Thinking: Release decisions and changes are made and approved without consideration of the holistic system, process, and organization.
    2. No Release Cadence: Lack of process governance and oversight generates unpredictable bottlenecks and load and ill-prepared downstream teams.
    3. Mismanagement of Releases: Program management does not accommodate the various integrated releases completed by multiple delivery teams.
    4. Poor Scope Management: Teams are struggling to effectively accommodate changes during the project.

    The bottom line: The business’ ability to operate is dictated by the software delivery team’s ability to successfully complete releases. If the team performs poorly, then the business will do poorly as well. Application release management is critical to ensure business expectations are within the team’s constraints.

    As software becomes more embedded in the business, firms are discovering that the velocity of business change is now limited by how quickly they can deploy.” – Five Ways To Streamline Release Management, J.S. Hammond

    Historically, managing releases has been difficult and complicated…

    Typically, application release management has been hard to coordinate because…

    • Software has multiple dependencies and coordinating their inclusion into a deployable whole was not planned.
    • Teams many be spending too much time on features that are not needed any longer.
    • Software development functions (such as application architecture, test-first or test-driven design, source code integration, and functional testing) are not optimized.
    • There are no agreed upon service-level contracts (e.g. expected details in requirements, adequate testing, source control strategy) between development functions.
    • The different development functions are not integrated in a holistic style.
    • The different deployment environments have variability in their configuration, reducing the reliability of testing done in different environments.
    • Minimum thresholds for acceptable quality of development functions are either too low (leading to adverse outcomes down stream) or too high (leading to unnecessary delays).

    …but research shows being effective at application release management increases your throughput

    Research conducted on Info-Tech's members shows overwhelming evidence that application throughput is strongly tied to an effective application release management approach.

    The image shows a scatter plot, with Release Management Effectiveness on the x-axis and Application Development Throughput Effectiveness on the Y-axis. The graph shows a steady increase.

    (Info-Tech Management & Governance Diagnostic, since 2019; N=684 organizations)

    An application release management framework is critical for effective and timely delivery of software

    A well-developed application release management framework is transformative and changes...

    From To
    Short-lived projects Ongoing enhancements supporting a product strategy
    Aiming for mandated targets Flexible roadmaps
    Manual execution of release processes Automating a release pipeline as much as possible and reasonable
    Manual quality assurance Automated assessment of quality
    Centralized decision making Small, independent release teams, orchestrated through an optimized value stream

    Info-Tech Insight: Your application release management framework should turn a system release into a non-event. This is only possible through the development of a holistic, low-risk and standardized approach to releasing software, irrespective of their size or complexity.

    Robust continuous “anything” requires proficiency in five core practices

    A continuous anything evaluation should not be a “one-and-done” event. As part of ongoing improvements, keep evolving it to make it a fundamental component of a strong operational strategy.

    Continuous Anything

    • Automate where appropriate
      • Automation is not a silver bullet. All processes are not created equal; and therefore, some are not worthy of being automated.
    • Control system variables
      • Deploying and testing in environments that are apple to apple in comparison reduces the risk of unintended outcomes from production release.
    • Measure process outcomes
      • A process not open to being measured is a process bound to fail. If it can be measured, it should be, and insights found should be used for improving the system.
    • Select smaller features batches
      • Smaller release packages reduce the chances of cognitive load associated with finding root causes for defects and issues that may result as post-production incidents.
    • Reduction of cycle time
      • Identification of waste in each stage of the continuous anything process helps in lowering cost of operations and results in quicker generation of value for stakeholders.

    Invest time in developing an application release management framework for your development team(s) with a continuous anything mindset

    An application release management framework converts a set of features and make them ready for releasability in a low-risk, standardized, and high-quality process.

    The image shows a diagram titled Application Release Engineering From Idea to Product, which illustrates the process.

    A continuous anything (integration, delivery, and deployment) mindset is based on a growth and improvement philosophy, where every event is considered a valid data point for investigation of process efficiency.

    Diagram adapted from Continuous Delivery in the Wild, Pete Hodgson, Published by O'Reilly Media, Inc., 2020

    Related Info-Tech Research

    Streamline Application Maintenance

    • Justify the necessity of streamlined maintenance. Gain a grounded understanding of stakeholder objectives and concerns and validate their achievability against the current state of the people, process, and technologies involved in application maintenance.
    • Strengthen triaging and prioritization practices. Obtain a holistic picture of the business and technical impacts, risks, and urgencies of each accepted maintenance request to justify its prioritization and relevance within your backlog. Identify opportunities to bundle requests together or integrate them within project commitments to ensure completion.
    • Establish and govern a repeatable process. Develop a maintenance process with well-defined stage gates, quality controls, and roles and responsibilities, and instill development best practices to improve the success of delivery.

    “Releasability” (or release criteria) of a system depends upon the inclusion of necessary building blocks and proof that they were worked on

    There is no standard definition of a system’s releasability. However, there are common themes around completions or assessments that should be investigated as part of a release:

    • The range of performance, technical, or compliance standards that need to be assessed.
    • The full range of test types required for business approval: unit tests, acceptance tests, security test, data migration tests, etc.
    • The volume-criticality mix of defects the organization is willing to accept as a risk.
    • The best source and version control strategy for the development team. This is mostly a function of the team's skill with using release branches and coordinating their work artifacts.
    • The addition of monitoring points and measures required for evaluations and impact analysis.
    • The documentation required for audit and compliance.
    • External and internal dependencies and integrations.
    • Validations, approvals, and sign-offs required as part of the business’ operating procedure.
    • Processes that are currently carried out outside and should be moved into the pipeline.
    • Manual processes that may be automated.
    • Any waste activities that do not directly contribute to releasability that can be eliminated from the development process.
    • Knowledge the team has regarding challenges and successes with similar software releases in the past.

    Releasability of a system is different than governing principles for application release management

    Governing principles are fundamental ways of doing something, which in this case is application release management, while releasability will generally have governing principles in addition to specific needs for a successful release.

    Example of Governing Principles

    • Approval from Senior Director is necessary before releasing to production
    • Production deployments can only be done in off-hours
    • We will try to automate processes whenever it is possible for us to do so
    • We will use a collaborative set of metrics to measure our processes

    Examples of Releasability Criteria

    • For the upcoming release, add performance testing for Finance and Budget Teams’ APIs
    • Audit and compliance documentation is required for this release
    • Automation of manual deployment
    • Use trunk-based source code management instead of feature-based

    Regulated industries are not more stable despite being less nimble

    A pervasive myth in industry revolves around the misperception that continuous anything and nimble and non-event application release management is not possible in large bureaucratic and regulated organizations because they are risk-averse.

    "We found that external approvals were negatively correlated with lead-time, deployment frequency and restore time, and had no correlation with change failure rate. In short, approval by an external body (such as a manager or Change Approval Board) simply doesn’t work to increase the stability of production systems…However, it certainly slows things down. It is in fact worse than having no change approval process at all." – Accelerate by Gene Kim, Jez Humble, and Nicole Forsgren

    Many organizations reduce risk in their product release by adopting a paternalistic stance by:

    • Requiring manual sign-offs from senior personnel who are external to the organization.
    • Increasing the number and level of authorization gates.
    • Staying away from change and preferring to stick with what has worked in the past.

    Despite the prevalence of these types of responses to risk, the evidence is that they do not work and are in fact counter-productive because they:

    • Create blocks to frequent releases.
    • Introduce procedural complexity to each release and in effect make them “bigger.”
    • Prefer process over people (and trusting them). Increase non-value-add scrutiny and reporting.

    There is a persistent misunderstanding about continuous anything being only an IT engineering practice

    01

    At the enterprise level, continuous anything focuses on:

    • Visibility of final value being provided in a high-quality and expedited manner
    • Ensuring efficiency in the organization’s delivery framework
    • Ensuring adherence to established governance and risk mitigation strategy

    02

    Focus of this blueprint

    At the product level, continuous anything focuses on:

    • Reliability of the product delivery system
    • Use of scientific evidence for continuous improvement of the product’s delivery system
    • Orchestration of different artifacts into a single whole

    03

    At the functional level, continuous anything focuses on*:

    • Local functional optimization (functions = software engineering, testing, application design)
    • Automation of local functions
    • Use of patterns for standardizing inputs and functional areas

    *Where necessary, practices at this level have been mentioned.

    Related Info-Tech Research

    Implement DevOps Practices That Work

    • Be DevOps, rather than do DevOps. DevOps is a philosophy, not an industry framework. Your organization’s culture must shift toward system-wide thinking, cross-function collaboration, and empathy.
    • Culture, learning, automation, integrated teams, and metrics and governance (CLAIM) are all critical components of effective DevOps.

    Automate Testing to Get More Done

    • Optimize and automate SDLC stages to recover team capacity. Recognize that automation without optimization is a recipe for long-term pain. Do it right the first time.
    • Optimization and automation are not one-hit wonders. Technical debt is a part of software systems and never goes away. The only remedy is constant vigilance and enhancements to the processes.

    The seeds of a good release are sown even before work on it begins

    Pre-release practices such as requirements intake and product backlog management are important because:

    • A standard process for documentation of features and requirements helps reduce “cognitive dissonance” between business and technology teams. Clearly articulated and well-understood business needs are fundamental ingredients of a high-quality product.
    • Product backlog management done right ensures the prioritized delivery of value to stakeholders. Features can become stale or get a bump in importance, depending upon evolving circumstances. Prioritizing the backlog is, therefore, critical for ensuring time, effort, and budget are spent on things that matter.

    Deliver a Customer Service Training Program to Your IT Department

    • Buy Link or Shortcode: {j2store}484|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $4,339 Average $ Saved
    • member rating average days saved: 6 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • The scope of service that the service desk must provide has expanded. With the growing complexity of technologies to support, it becomes easy to forget the customer service side of the equation. Meanwhile, customer expectations for prompt, frictionless, and exceptional service from anywhere have grown.
    • IT departments struggle to hire and retain talented service desk agents with the right mix of technical and customer service skills.
    • Some service desk agents don’t believe or understand that customer service is an integral part of their role.
    • Many IT leaders don’t ask for feedback from users to know if there even is a customer service problem.

    Our Advice

    Critical Insight

    • There’s a common misconception that customer service skills can’t be taught, so no effort is made to improve those skills.
    • Even when there is a desire to improve customer service, it’s hard for IT teams to make time for training and improvement when they’re too busy trying to keep up with tickets.
    • A talented service desk agent with both great technical and customer service skills doesn’t have to be a rare unicorn, and an agent without innate customer service skills isn’t a lost cause. Relevant and impactful customer service habits, techniques, and skills can be taught through practical, role-based training.
    • IT leaders can make time for this training through targeted, short modules along with continual on-the-job coaching and development.

    Impact and Result

    • Good customer service is critical to the success of the service desk. How a service desk treats its customers will determine its customers' satisfaction with not only IT but also the company as a whole.
    • Not every technician has innate customer service skills. IT managers need to provide targeted, practical training on what good customer service looks like at the service desk.
    • One training session is not enough to make a change. Leaders must embed the habits, create a culture of engagement and positivity, provide continual coaching and development, regularly gather customer feedback, and seek ways to improve.

    Deliver a Customer Service Training Program to Your IT Department Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should deliver customer service training to your team, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Deliver a Customer Service Training Program to Your IT Department – Executive Brief
    • Deliver a Customer Service Training Program to Your IT Department Storyboard

    1. Deliver customer service training to your IT team

    Understand the importance of customer service training, then deliver Info-Tech's training program to your IT team.

    • Customer Service Training for the Service Desk – Training Deck
    • Customer Focus Competency Worksheet
    • Cheat Sheet: Service Desk Communication
    • Cheat Sheet: Service Desk Written Communication
    [infographic]

    2020 CIO Priorities Report

    • Buy Link or Shortcode: {j2store}97|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • The velocity and magnitude of technology changes today has increased dramatically compared to anything that has come before.
    • The velocity and magnitude of advancements in technology has always seemed unprecedented in every wave of technology change we have experienced over the past 40 years. With each new wave of innovation, “unprecedented” is redefined to a new level, and so it remains true that today’s CIO is faced with unprecedented levels of change as a direct result of emerging technologies.
    • What is different today is that we are at the point where the emerging technology itself is now capable of accelerating the pace of change even more through artificial intelligence capabilities.
    • If we are to realize the business value through the adoption of emerging technologies, CIOs must address significant challenges. We believe addressing these challenges lies in the CIO priorities for 2020.

    Our Advice

    Critical Insight

    • First there was IT/business alignment, then there was IT/business integration – both states characterized as IT “getting on the same page” as the business. In the context of emerging technologies, the CIO should no longer be focused on getting on the same page as the CEO.
    • Today it is about the CEO and the CIO collaborating to write a new book about convergence of all things: technology (infrastructure and applications), people (including vendors), process, and data.
    • Digital transformation and adoption of emerging technologies is not a goal, it is a journey – a means to the end, not the end unto itself.

    Impact and Result

    • Use Info-Tech's 2020 CIO Priorities Report to ascertain, based on our research, what areas of focus for 2020 are critical for success in adopting emerging technologies.
    • Adopting these technologies requires careful planning and consideration for what is critical to your business customers.
    • This report provides focus on the business benefits of the technology and not just the capabilities themselves. It puts the CIO in a position to better understand the true value proposition of any of today’s technology advancements.

    2020 CIO Priorities Report Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the top five priorities for CIOs in 2020 and why these are so critical to success.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Refine and adapt processes

    Learn about how processes can make or break your adoption of emerging technologies.

    • 2020 CIO Priorities Report – Priority 1: Refine and Adapt Processes

    2. Re-invent IT as collaboration engine

    Learn about how IT can transform its role within the organization to optimize business value.

    • 2020 CIO Priorities Report – Priority 2: Re-Invent IT as Collaboration Engine

    3. Acquire and retain talent for roles in emerging technologies

    Learn about how IT can attract and keep employees with the skills and knowledge needed to adopt these technologies for the business.

    • 2020 CIO Priorities Report – Priority 3: Acquire and Retain Talent for Roles in Emerging Technologies

    4. Define and manage cybersecurity and cyber resilience requirements related to emerging technologies

    Understand how the adoption of emerging technologies has created new levels of risk and how cybersecurity and resilience can keep pace.

    • 2020 CIO Priorities Report – Priority 4: Define and Manage Cybersecurity and Cyber Resilience Requirements Related to Emerging Technologies

    5. Leverage emerging technology to create Wow! customer experiences

    Learn how IT can leverage emerging technology for its own customers and those of its business partners.

    • 2020 CIO Priorities Report – Priority 5: Leverage Emerging Technology to Create Wow! Customer Experiences
    [infographic]

    Embrace Business-Managed Applications

    • Buy Link or Shortcode: {j2store}179|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $64,999 Average $ Saved
    • member rating average days saved: 18 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • The traditional model of managing applications does not address the demands of today’s rapidly changing market and digitally minded business, putting stress on scarce IT resources. The business is fed up with slow IT responses and overbearing desktop and system controls.
    • The business wants more control over the tools they use. Software as a service (SaaS), business process management (BPM), robotic process automation (RPA), artificial intelligence (AI), and low-code development platforms are all on their radar.
    • However, your current governance and management structures do not accommodate the risks and shifts in responsibilities to business-managed applications.

    Our Advice

    Critical Insight

    • IT is a business partner, not just an operator. Effective business operations hinge on high-quality, valuable, fit-for-purpose applications. IT provides the critical insights, guidance, and assistance to ensure applications are implemented and leveraged in a way that maximizes return on investment, whether it is being managed by end users or lines of business (LOBs). This can only happen if the organization views IT as a critical asset, not just a supporting player.
    • All applications should be business owned. You have applications because LOBs need them to meet the objectives and key performance indicators defined in the business strategy. Without LOBs, there would be no need for business applications. LOBs define what the application should be and do for it to be successful, so LOBs should own them.
    • Everything boils down to trust. The business is empowered to make their own decisions on how they want to implement and use their applications and, thus, be accountable for the resulting outcomes. Guardrails, role-based access, application monitoring, and other controls can help curb some risk factors, but it should not come at the expense of business innovation and time-sensitive opportunities. IT must trust the business will make rational application decisions, and the business must trust IT to support them in good times and bad.

    Impact and Result

    • Focus on the business units that matter. BMA can provide significant value to LOBs if teams and stakeholders are encouraged and motivated to adopt organizational and operational changes.
    • Reimagine the role of IT. IT is no longer the gatekeeper that blocks application adoption. Rather, IT enables the business to adopt the tools they need to be productive and they guide the business on successful BMA practices.
    • Instill business accountability. With great power comes great responsibility. If the business wants more control of their applications, they must be willing to take ownership of the outcomes of their decisions.

    Embrace Business-Managed Applications Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should embrace business-managed applications, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Embrace Business-Managed Applications – Phases 1-3
    • Business-Managed Applications Communication Template

    1. State your objectives

    Level-set the expectations for your business-managed applications.

    • Embrace Business- Managed Applications – Phase 1: State Your Objectives

    2. Design your framework and governance

    Identify and define your application managers and owners and build a fit-for-purpose governance model.

    • Embrace Business-Managed Applications – Phase 2: Design Your Framework & Governance

    3. Build your roadmap

    Build a roadmap that illustrates the key initiatives to implement your BMA and governance models.

    • Embrace Business-Managed Applications – Phase 3: Build Your Roadmap

    [infographic]

    Workshop: Embrace Business-Managed Applications

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 State Your Objectives

    The Purpose

    Define business-managed applications in your context.

    Identify your business-managed application objectives.

    State the value opportunities with business-managed applications.

    Key Benefits Achieved

    A consensus definition and list of business-managed applications goals

    Understanding of the business value business-managed applications can deliver

    Activities

    1.1 Define business-managed applications.

    1.2 List your objectives and metrics.

    1.3 State the value opportunities.

    Outputs

    Grounded definition of a business-managed application

    Goals and objectives of your business-managed applications

    Business value opportunity with business-managed applications

    2 Design Your Framework & Governance

    The Purpose

    Develop your application management framework.

    Tailor your application delivery and ownership structure to fit business-managed applications.

    Discuss the value of an applications committee.

    Discuss technologies to enable business-managed applications.

    Key Benefits Achieved

    Fit-for-purpose and repeatable application management selection framework

    Enhanced application governance model

    Applications committee design that meets your organization’s needs

    Shortlist of solutions to enable business-managed applications

    Activities

    2.1 Develop your management framework.

    2.2 Tune your delivery and ownership accountabilities.

    2.3 Design your applications committee.

    2.4 Uncover your solution needs.

    Outputs

    Tailored application management selection framework

    Roles definitions of application owners and managers

    Applications committee design

    List of business-managed application solution features and services

    3 Build Your Roadmap

    The Purpose

    Build your roadmap to implement busines-managed applications and build the foundations of your optimized governance model.

    Key Benefits Achieved

    Implementation initiatives

    Adoption roadmap

    Activities

    3.1 Build your roadmap.

    Outputs

    Business-managed application adoption roadmap

     

    Improve IT Team Effectiveness

    • Buy Link or Shortcode: {j2store}521|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $16,549 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Lead
    • Parent Category Link: /lead
    • Organizations rely on team-based work arrangements to provide organizational benefits and to help them better navigate the volatile, uncertain, complex, and ambiguous (VUCA) operating environment.
    • This is becoming more challenging in a hybrid model as interactions now rely less on casual encounters and now must become more intentional.
    • A high-performing team is more than productive. They are more resilient and able to recognize opportunities. They are proactive instead of reactive due to trust and a high level of communication and collaboration.
    • IT teams are more unique, which also provides unique challenges other teams don’t experience.

    Our Advice

    Critical Insight

    IT teams have:

    • Multiple disciplines that tend to operate in parallel versus within a sequence of events.
    • Multiple incumbent roles where people operate in parallel versus needing to share information to produce an outcome.
    • Multiple stakeholders who create a tension with competing priorities.

    Impact and Result

    Use Info-Tech’s phased approach to diagnose your team and use the IDEA model to drive team effectiveness.

    The IDEA model includes four factors to identify team challenges and focus on areas for improvement: identity, decision making, exchanges within the team, and atmosphere of team psychological safety.

    Improve IT Team Effectiveness Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Team Effectiveness Storyboard – A step-by-step document that walks you through how to properly assess your team’s effectiveness and activities that will identify solutions to overcome.

    The storyboard will walk you through three critical steps to assess, analyze, and build solutions to improve your team’s effectiveness.

  • Having your team members complete an assessment.
  • Reviewing and sharing the results.
  • Building a list of activities to select from based on the assessment results to ensure you target the problem you are facing.
    • Improve IT Team Effectiveness Storyboard – Phases 1-3

    2. The Team Effectiveness Survey – A tool that will determine what areas you are doing well in and where you can improve team relations and increase productivity.

    Each stage has a deliverable that will support your journey on increasing effectiveness starting with how to communicate to the assessment which will accumulate into a team charter and action plan.

    • IT Team Effectiveness Survey
    • IT Team Effectiveness Survey Tool

    3. Facilitation Guide – A collection of activities to select from and use with your team.

    The Facilitation Guide contains instructions to facilitating several activities aligned to each area of the IDEA Model to target your approach directly to your team’s results.

  • Determining roles and responsibilities on the team.
  • Creating a decision-making model that outlines levels of authority and who makes the decisions.
  • Assessing the team communications flow, which highlights the communication flow on the team and any bottlenecks.
  • Building a communication poster that articulates methods used to share different information within the team.
    • Improve IT Team Effectiveness Facilitation Guide
    • Identity – Responsibilities and Dependencies
    • Decision Making Accountability Workbook
    • Exchanges – Team Communications Flow
    • Exchanges – Communications Guide Poster Template
    • Atmosphere – SCARF Worksheet

    4. Action Plan – A template to help build your team action plan.

    The Action Plan Template captures next steps for the team on what they are committing to in order to build a more effective team.

    • Action Plan Template

    5. Team Charter – A template to create a charter for a work group or project team.

    A Team Charter captures the agreements your team makes with each other in terms of accepted behaviors and how they will communicate, make decisions, and create an environment that everyone feels safe contributing in.

    • IT Team Charter Template

    Infographic

    Workshop: Improve IT Team Effectiveness

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess the Team

    The Purpose

    Determine if proceeding is valuable.

    Key Benefits Achieved

    Set context for team members.

    Activities

    1.1 Review the business context.

    1.2 Identify IT team members to be included.

    1.3 Determine goals and objectives.

    1.4 Build execution plan and determine messaging.

    1.5 Complete IDEA Model assessment.

    Outputs

    Execution and communication plan

    IDEA Model assessment distributed

    2 Review Results and Action Plan

    The Purpose

    Review results to identify areas of strength and opportunity.

    Key Benefits Achieved

    As a team, discuss results and determine actions.

    Activities

    2.1 Debrief results with leadership team.

    2.2 Share results with team.

    2.3 Identify areas of focus.

    2.4 Identify IDEA Model activities to support objectives and explore areas of focus.

    Outputs

    IDEA assessment results

    Selection of specific activities to be facilitated

    3 Document and Measure

    The Purpose

    Review results to identify areas of strength and opportunity.

    Key Benefits Achieved

    build an action plan of solutions to incorporate into team norms.

    Activities

    3.1 Create team charter.

    3.2 Determine action plan for improvement.

    3.3 Determine metrics.

    3.4 Determine frequency of check-ins.

    Outputs

    Team Charter

    Action Plan

    Further reading

    Improve IT Team Effectiveness

    Implement the four critical factors required for all high-performing teams.

    Analyst Perspective

    All teams need to operate effectively; however, IT teams experience unique challenges.

    IT often struggles to move from an effective to a high-performing team due to the very nature of their work. They work across multiple disciplines and with multiple stakeholders.

    When operating across many disciplines it can become more difficult to identify the connections or points of interactions that define effective teams and separate them from being a working group or focus on their individual performance.

    IT employees also work in close partnership with multiple teams outside their IT domain, which can create confusion as to what team are they a primary member of. The tendency is to advocate for or on behalf of the team they primarily work with instead of bringing the IT mindset and alignment to IT roadmap and goals to serve their stakeholders.

    A Picture of Amanda Mathieson

    Amanda Mathieson
    Research Director, People & Leadership Practice
    Info-Tech Research Group

    Executive Summary

    The Challenge

    Organizations rely on team-based work arrangements to provide organizational benefits and better navigate the volatile, uncertain, complex, and ambiguous (VUCA) operating environment.

    This is becoming more challenging in a hybrid environment as interactions now rely less on casual encounters and must become more intentional.

    A high-performing team is more than productive. They are more resilient and able to recognize opportunities. They are proactive instead of reactive due to the trust and high level of communication and collaboration.

    Common Obstacles

    IT teams are more unique, which also provides unique challenges other teams don't experience:

    • Multiple disciplines that tend to operate in parallel versus within a sequence of events
    • Multiple incumbent roles where people operate in parallel versus needing to share information to produce an outcome
    • Multiple stakeholders that create a tension with competing priorities

    Info-Tech's Approach

    Use Info-Tech's phased approach to diagnose your team and use the IDEA model to drive team effectiveness.

    The IDEA model includes four factors to identify team challenges and focus on areas for improvement: identity, decision making, exchanges within the team, and atmosphere of team psychological safety.

    Info-Tech Insight

    IT teams often fail to reach their full potential because teamwork presents unique challenges and complexities due to the work they do across the organization and within their own group. Silos, not working together, and not sharing knowledge are all statements that indicate a problem. As a leader it's difficult to determine what to do first to navigate the different desires and personalities on a team.

    How this blueprint will help

    Assess, diagnose, and address issues to realize your team's full potential.

    This research helps IT support:

    • Work Teams: Operate under one organizational unit or function. Their membership is generally stable with well-defined roles.
    • Project Teams: Typically, are time-limited teams formed to produce a particular output or project. Their membership and expertise tend to vary over time.
    • Management or Leadership Teams: Provide direction and guidance to the organization and are accountable for overall performance. Membership is structured by the hierarchy of the organization and includes a diverse set of skills, experience, and expertise.

    Traditionally, organizations have tried to fix ineffective teams by focusing on these four issues: composition, leadership competencies, individual-level performance, and organizational barriers. While these factors are important, our research has shown it is beneficial to focus on the four factors of effective teams addressed in this blueprint first. Then, if additional improvement is needed, shift your focus to the traditional issue areas.

    Common obstacles

    These barriers make it difficult to address effectiveness for many IT teams:

    • Teams do not use one standard set of processes because they may have a wide variety of assignments requiring different sets of processes.
      Source: Freshworks
    • There are multiple disciplines within IT that require vastly different skill sets. Finding the connection points can be difficult when on the surface it seems like success doesn't require interconnectivity.
    • IT has many people in the same roles that act independently based on the stakeholder or internal customer they are serving. This can lead to duplication of effort if information and solutions aren't shared.
    • IT serves many parts of the organization that can bring competing priorities both across the groups they support and with the IT strategy and roadmap itself. Many IT leaders work directly in or for the business, which can see them associate with the internal client team more than their IT team – another layer of conflicting priorities.

    IT also experience challenges with maturity and data silos

    48%

    of IT respondents rate their team as low maturity.

    Maturity is defined by the value they provide the business, ranging from firefighting to innovative partner.

    Source: Info-Tech Research Group, Tech Trends, 2022

    20 Hours

    Data Silos: Teams waste more than 20 hours per month due to poor collaboration and communication.

    Source: Bloomfire, 2022

    Current realities require teams to operate effectively

    How High-Performing Teams Respond:

    Volatile: High degree of change happening at a rapid pace, making it difficult for organizations to respond effectively.

    Teams are more adaptable to change because they know how to take advantage of each others' diverse skills and experience.

    Uncertain: All possible outcomes are not known, and we cannot accurately assess the probability of outcomes that are known.

    Teams are better able to navigate uncertainty because they know how to work through complex challenges and feel trusted and empowered to change approach when needed.

    Complex: There are numerous risk factors, making it difficult to get a clear sense of what to do in any given situation.

    Teams can reduce complexity by working together to identify and plan to appropriately mitigate risk factors.

    Ambiguous: There is a lack of clarity with respect to the causes and consequences of events.

    Teams can reduce ambiguity through diverse situational knowledge, improving their ability to identify cause and effect.

    Teams struggle to realize their full potential

    Poor Communication

    To excel, teams must recognize and adapt to the unique communication styles and preferences of their members.

    To find the "just right" amount of communication for your team, communication and collaboration expectations should be set upfront.

    85% of tech workers don't feel comfortable speaking in meetings.
    Source: Hypercontext, 2022

    Decision Making

    Decision making is a key component of team effectiveness. Teams are often responsible for decisions without having proper authority.

    Establishing a team decision-making process becomes more complicated when appropriate decision-making processes vary according to the level of interdependency between team members and organizational culture.

    20% of respondents say their organization excels at decision making.
    Source: McKinsey, 2019

    Resolving Conflicts

    It is common for teams to avoid/ignore conflict – often out of fear. People fail to see how conflict can be healthy for teams if managed properly.

    Leaders assume mature adults will resolve conflicts on their own. This is not always the case as people involved in conflicts can lack an objective perspective due to charged emotions.

    56% of respondents prioritize restoring harmony in conflict and will push own needs aside.
    Source: Niagara Institute, 2022

    Teams with a shared purpose are more engaged and have higher performance

    Increased Engagement

    3.5x

    Having a shared team goal drives higher engagement. When individuals feel like part of a team working toward a shared goal, they are 3.5x more likely to be engaged.

    Source: McLean & Company, Employee Engagement Survey, IT respondents, 2023; N=5,427

    90%

    Engaged employees are stronger performers with 90% reporting they regularly accomplish more than what is expected.

    Source: McLean & Company, Employee Engagement Survey, IT respondents, 2023; N=4,363

    Effective and high-performing teams exchange information freely. They are clear on the purpose and goals of the organization, which enable empowerment.

    Info-Tech Insight

    Clear decision-making processes allow employees to focus on getting the work done versus navigating the system.

    Case Study

    Project Aristotle at Google – What makes a team effective at Google?

    INDUSTRY: Technology
    SOURCE: reWork

    Challenge

    Google wanted to clearly define what makes a team effective to drive a consistent meaning among its employees. The challenge was to determine more than quantitative measures, because more is not always better as it can just mean more mistakes to fix, and include the qualitative factors that bring some groups of people together better than others.

    Solution

    There was no pattern in the data it studied so Google stepped back and defined what a team is before embarking on defining effectiveness. There is a clear difference between a work group (a collection of people with little interdependence) and a team that is highly interdependent and relies on each other to share problems and learn from one another. Defining the different meanings took time and Google found that different levels of the organization were defining effectiveness differently.

    Results

    Google ended up with clear definitions that were co-created by all employees, which helped drive the meaning behind the behaviors. More importantly it was also able to define factors that had no bearing on effectiveness; one of which is very relevant in today's hybrid world – colocation.

    It was discovered that teams need to trust, have clarity around goals, have structure, and know the impact their work has.

    Overcoming barriers

    Teams often lack the skills or knowledge to increase effectiveness and performance.

    • Leaders struggle with team strife and ineffectiveness.
    • A leader's ability to connect with and engage team members is vital for driving desired outcomes. However, many team leads struggle to deal with low-performing or conflict-ridden teams.
    • Without adequate training on providing feedback, coaching, and managing difficult conversations, team leads often do not have the skills to positively affect team performance – and they do not appreciate the impact their actions have on desired outcomes.
    • Team leads often find it difficult to invest time and resources in addressing challenges when the team is working toward deadlines.
    • Team leads who are new to a management role within the organization often struggle to transition from independent contributor to leader – especially when they are tasked with managing team members who are former peers.
    • Some team leads believe that soliciting help will be viewed as a personal failure, so they are reluctant to seek support for team performance management from more-senior leaders.

    It's unrealistic to expect struggling teams to improve without outside help; if they were able to, they would have already done so.
    To improve, teams require:

    • A clearly defined team identity
    • A clearly defined decision-making paradigm
    • Consistently productive exchanges within the team
    • An atmosphere of psychological safety

    BUT these are the very things they are lacking when they're struggling.

    An image of Info-Tech's Insights for Improving IT Team Effectiveness.

    Improving team effectiveness

    Use the Info-Tech IDEA Model to assess and improve your team's effectiveness.

    Begin by assessing, recognizing, and addressing challenges in:

    • Identity – team goals, roles, responsibilities, and accountabilities
    • Decision-making paradigms and processes within the team.
    • Exchanges of information, motivation, and emotions between team members
    • Atmosphere of team psychological safety

    IDEA Model of Team Effectiveness

    Effective Team

    • Identity
    • Decisions
    • Exchanges
    • Atmosphere

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1: Assess the team Phase 2: Review results and action plan Phase 3: Document and measure

    Call #1: Scope requirements, objectives, and your specific challenges.
    Call #2: Prepare to assess your team(s) using the assessment tool.

    Call #3: Review the assessment results and plan next steps.
    Call #4: Review results with team and determine focus using IDEA model to identify activity based on results.
    Call #5: Complete activity to determine solutions to build your action plan.

    Call #6: Build out your team agreement.
    Call #7: Identify measures and frequency of check-ins to monitor progress.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 6 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1
    (Half Day)

    Day 2

    Day 3

    Day 4

    Determine objectives and assess

    Review survey results

    Determine and conduct activities to increase effectiveness

    Bridge the gap and
    create the strategy

    Activities

    With Leader – 1 hour
    1.1 Review the business context.
    1.2 Identify IT team members to be included.
    1.3 Determine goals and objectives.
    1.4 Build execution plan and determine messaging.
    With Team – 90 minutes
    1.5 Share messaging, set context.
    1.6 Complete Team Effectiveness Survey.

    2.1 Debrief results with leadership team.
    2.2 Share results with team.
    2.3 Identify areas of focus.
    2.4 Identify IDEA Model activities to support objectives and explore areas of focus.

    3.1 Conduct IDEA Model Activities:

    • Identify – Clarify goals, roles, and responsibilities.
    • Decisions – Determine levels of authority; decision-making process.
    • Exchanges – Review information shared with communication methods and preferred styles of each team member.
    • Atmosphere – Create a psychologically safe environment.

    3.2 Record outcomes and actions.

    4.1 Create team charter or agreement.
    4.2 Identify metrics to measure progress.
    4.3 Identify risks.
    4.4 Determine frequency of check-ins to review progress.
    4.5 Check-in with sponsor.

    Deliverables

    1. Execution and communication plan
    2. Team Effectiveness Survey
    1. Assessment results
    2. IDEA Model team-building activities
    1. List of solutions to incorporate into team norms
    2. Action Plan
    1. Team Charter

    Phase 1

    Assess the team

    Phase 1

    Phase 2

    Phase 3

    1.1 Identify team members
    and behaviors to improve using IDEA Model
    1.2 Determine messaging including follow-up plan
    1.3 Send survey

    1.1 Review results with team
    1.2 Determine IDEA focus area(s)
    1.3 Conduct activity to determine solutions

    1.1 Document outcomes and actions
    1.2 Create team charter
    1.3 Identify metrics to show success
    1.4 Schedule check-in

    Improving team effectiveness

    Use the Info-Tech IDEA Model to assess and improve your team's effectiveness

    Begin by assessing, recognizing, and addressing challenges in:

    • Identity – team goals, roles, responsibilities, and accountabilities.
    • Decision-making paradigms and processes within the team.
    • Exchanges of information, motivation, and emotions between team members.
    • Atmosphere of team psychological safety.

    Effective Team

    • Identity
    • Decisions
    • Exchanges
    • Atmosphere

    Assess the shared understanding of team identity

    In addition to having a clear understanding of the team's goals and objectives, team members must also:

    • Understand their own and each other's roles, responsibilities, and accountabilities.
    • Recognize and appreciate the value of each team member.
    • Realize how their actions impact each others' work and the overall goals and objectives.
    • Understand that working in silos is considered a work group whereas a team coordinates activities, shares information, and supports each other to achieve their goals.

    Clear goals enable employees to link their contributions to overall success of the team. Those who feel their contributions are important to the success of the department are two times more likely to feel they are part of a team working toward a shared goal compared to those who don't (McLean & Company, Employee Engagement Survey, IT respondents, 2023; N=4,551).

    Goals matter in teamwork

    The goals and objectives of the team are the underlying reason for forming the team in the first place. Without a clear and agreed-upon goal, it is difficult for teams to understand the purpose of their work.

    Clear goals support creating clear roles and the contributions required for team success.

    Team Identity = Team goals and Objectives + Individual roles, responsibilities, and accountabilities

    Assess the shared understanding of decision making

    Decision making adds to the complexity of teamwork.
    Individual team members hold different information and opinions that need to be shared to make good decisions.
    Ambiguous decision-making processes can result in team members being unable to continue their work until they get clear direction.
    The most appropriate decision-making process depends on the type of team:

    • The higher the degree of interconnectivity in team members' work, the greater the need for a general consensus approach to decision making. However, if you opt for a general consensus approach, a backup decision-making method must be identified in the event consensus cannot be reached.
    • High-pressure and high-stakes environments tend to centralize decision making to make important decisions quickly.
    • Low-pressure and low-stakes environments are more likely to adopt consensus models.

    Spectrum of Decision Making

    General consensus between all team members.

    A single, final decision maker within the team.

    Ensure team members understand how decisions are made within the team. Ask:

    • Do team members recognize the importance of sharing information, opinions, and suggestions?
    • Do team members feel their voices are heard?
    • Must there be consensus between all team members?
    • Is there a single decision maker?

    Assess team exchanges by focusing on communication

    Evaluate exchanges within your team using two categories:

    These categories are related, but there is not always overlap. While some conflicts involve failures to successfully exchange information, conflict can also occur even when everyone is communicating successfully.

    Communication

    Managing Conflict

    Information, motivations, emotions

    Accepting and expressing diverse perspectives

    Resolving conflict (unified action through diverse perspectives)

    Transmission

    Reception
    (listening)

    Success is defined in terms of how well information, motivations, and emotions are transmitted and received as intended.

    Success is defined in terms of how well the team can move to united action through differences of opinion. Effective teams recognize that conflict can be healthy if managed effectively.

    Successful exchange behaviors

    • Shared understanding of how to motivate one another and how team members respond emotionally.
    • Team moving beyond conflict to united action.
    • Formalized processes used for resolving conflicts.
    • Platforms provided for expressing diverse or conflicting perspectives and opinions – and used in a constructive manner.
    • Use of agendas at meetings as well as clearly defined action items that reflect meeting outcomes.
    • Avoidance of language that is exclusive, such as jargon and inside jokes.

    Exchanges of information, emotion, and motivation

    When selecting a method of communication (for example, in-person versus email), consider how that method will impact the exchange of all three aspects – not just information.

    Downplaying the importance of emotional and motivational exchanges and focusing solely on information is very risky since emotional and motivational exchanges can impact human relationships and team psychological safety.

    • Information: data or opinions.
    • Emotions: feelings and evaluations about the data or opinions.
    • Motivations: what we feel like doing in response to the data or opinions.

    Communication affects the whole team

    Effects are not limited to the team members communicating directly:

    • How team members interact one on one transmits information and causes emotional and motivational responses in other group members not directly involved.
    • How the larger group receives information, emotions, and motivations will also impact how individuals relate to each other in group settings.

    Remember to watch the reactions and behavior of participants and observers when assessing how the team behaves.

    Managing conflict

    Identify how conflict management is embedded into team practices.

    • Resolving conflicts is difficult and uses up a lot of time and energy. This is especially true if the team needs to figure out what to do each and every time people disagree.
    • Teams that take the time to define conflict resolution processes upfront:
      • Demonstrate their commitment to resolving conflict in a healthy way.
      • Signal that diverse perspectives and opinions are valued, even if they spur disagreement sometimes.
      • Are ready for conflict when it arises – prepared to face it and thrive.

    Successfully communicating information, emotions, and motivations is not the same as managing conflict.

    Teams that are communicating well are more likely to uncover conflicting perspectives and opinions than teams that are not.

    Conflict is healthy and can be an important element of team success if it is managed.

    The team should have processes in place to resolve conflicts and move to united action.

    Assess the atmosphere

    Team psychological safety

    A team atmosphere that exists when all members feel confident that team members can do the following without suffering negative interpersonal consequences such as blame, shame, or exclusion:

    • Admit mistakes
    • Raise questions or concerns
    • Express dissenting views

    (Administrative Science Quarterly, 1999;
    The New York Times, 2016)

    What psychologically safe teams look like:

    • Open and learning-focused approach to error.
    • Effective conflict management within the team.
    • Emotional and relational awareness between team members.
    • Existence of work-appropriate interpersonal relationships between team members (i.e. beyond mere working relationships).

    (Administrative Science Quarterly, 1999;
    The New York Times, 2016)

    What "team psychological safety" is not:

    • A situation where all team members are friends.
      In some cases psychologically safe team atmospheres might be harder to create when team members are friends since they might be more reluctant to challenge or disagree with friends.
    • Merely trust. Being able to rely on people to honor their commitments is not the same as feeling comfortable admitting mistakes in front of them or disagreeing with them.

    "Psychological safety refers to an individual's perception of the consequences of taking an interpersonal risk or a belief that a team is safe for risk taking in the face of being seen as ignorant, incompetent, negative, or disruptive… They feel confident that no one on the team will embarrass or punish anyone else for admitting a mistake, asking a question, or offering a new idea."

    – re:Work

    Psychological safety

    The impact of psychological safety on team effectiveness

    Why does an atmosphere of team psychological safety matter?

    • Prevents groupthink.
      • People who do not feel safe to hold or express dissenting views gravitate to teams that think like they do, resulting in the well-known dangers of groupthink.
    • Encourages contribution and co-operation.
      • One study found that if team psychological safety is present, even people who tend to avoid teamwork will be more likely to contribute in team settings, thereby increasing the diversity of perspectives that can be drawn on (Journal of Organizational Culture, 2016).

    Creating psychological safety in a hybrid environment requires a deliberate approach to creating team connectedness.

    In the Info-Tech State of Hybrid Work in IT report autonomy and team connectedness present an interesting challenge in that higher levels of autonomy drove higher perceptions of lack of connectedness to the respondent's team. In a hybrid world, this means leaders need to be intentional in creating a safe team dynamic.

    47% of employees who experienced more control over their decisions related to where, when, and how they work than before the pandemic are feeling less connected to their teams.
    Source: Info-Tech, State of Hybrid Work in IT, 2022

    1.1 Prepare to launch the survey

    1-2 hours

    1. Review and record the objectives and outcomes that support your vision of a high-performing team:
      1. Why is this important to you?
      2. What reactions do you anticipate from the team?
    2. In your team meeting, share your vision of what a high-performing team looks like. Engage the team in a discussion:
      1. Ask how they work. Ask them to describe their best working team environment from a previous experience or an aspirational one.
      2. Option: Instruct them to write on sticky notes, one idea per note, and share. This approach will allow for theming of ideas.
    3. Introduce the survey as a way, together as a team, the current state can be assessed against the desired state discussed.
      1. Be clear that as the leader, you won't be completing the survey as you don't want to influence their perceptions of the team. As the leader, you hold authority, and therefore, experience the team differently. This is about them and their feedback.

    Input

    • Observations of team behavior
    • Clearly articulated goals for team cohesion

    Output

    • Speaking notes for introducing survey
    • Survey launch

    Materials

    • Whiteboard/flip charts
    • Sticky notes
    • IDEA Assessment

    Participants

    • Leader
    • Team Members

    Download the IT Team Effectiveness Survey

    1.2 Launch the survey

    1-2 hours

    1. Determine how the survey will be completed.
      1. Paper-based
        1. Email a copy of the Word document IT Team Effectiveness Survey for each person to complete individually.
        2. Identify one person to collect each survey and enter the results into the team effectiveness survey tool (tab 2. Data – Effectiveness Answers and tab 3. Data – Team Type Answers). This must be someone outside the team.
      2. Online direct input into Team Effectiveness Survey Tool
        1. Post the document in a shared folder.
        2. Instruct individuals to select one of the numbered columns and enter their information into tab 2. Data – Effectiveness Answers and tab 3. Data – Team Type Answers.
        3. To protect anonymity and keep results confidential, suggest each person opens document in "Cognito mode."
        4. Hide the Summary and Results tabs to avoid team members previewing them.

    Download the IT Team Effectiveness Survey Results Tool

    Paper-Based Cautions & Considerations

    • Heavily dependent on a trusted third party for genuine results
    • Can be time consuming to enter the results

    Online Direct Cautions & Considerations

    • Ensure that users keep to the same numbered column across both entry tabs
    • Seeing other team members' responses may influence others
    • Least amount of administration

    Phase 2

    Review Results and Action Plan

    Phase 1

    Phase 2

    Phase 3

    1.1 Identify team members
    and behaviors to improve using IDEA Model
    1.2 Determine messaging including follow-up plan
    1.3 Send survey

    1.1 Review results with team
    1.2 Determine IDEA focus area(s)
    1.3 Conduct activity to determine solutions

    1.1 Document outcomes and actions
    1.2 Create team charter
    1.3 Identify metrics to show success
    1.4 Schedule check-in

    This phase will walk you through the following activities:

    • Analyzing and debriefing the results to determine themes and patterns to come to a team consensus on what to focus on.
    • Facilitated activities to drive awareness, build co-created definitions of what an effective team looks like, and identify solutions the team can undertake to be more effective.

    This phase involves the following participants:

    • Leader of the team
    • All team members

    Deliverables:

    • A presentation that communicates the team assessment results
    • A plan for effectively delivering the assessment results

    Phase 2: Build a plan to review results and create an action plan

    Reviewing assessment results and creating an improvement action plan is best accomplished through a team meeting.

    Analyzing and preparing for the team meeting may be done by:

    • The person charged with team effectiveness (i.e. team coach).
    • For teams that are seriously struggling with team effectiveness, the coach should complete this step in its entirety.
    • The team coach and the team lead.
    • Truly effective teams are self-reliant. Begin upskilling team leads by involving team leads from the start.
    1. Analyze team assessment results
    2. Prepare to communicate results to the team
    3. Select team activities that will guide the identification of action items and next steps
    4. Facilitate the team meeting

    2.1 Analyze results

    Health Dials

    1. Once the results are final, review the Health Dials for each of the areas.
      1. For each area of the team's effectiveness
        • Red indicates a threat – this will derail the team and you will require an external person to help facilitate conversations.
          It would be recommended to contact us for additional guidance if this is one of your results.
        • Yellow is a growth opportunity.
        • Green is a strength and pay attention to where the dial is – deep into strength or just past the line?
      2. Think about these questions and record your initial reactions.
        1. What surprises you – either positively or negatively?
        2. What areas are as expected?
        3. What behaviors are demonstrated that support the results?

    Prioritize one to two factors for improvement by selecting those with:

    • The lowest overall score.
    • The highest variance in responses.
    • If psychological safety is low, be sure to prioritize this factor; it is the foundation of any effective team.

    An image of the Health dials for each area.

    2.2 Analyze results

    Alignment of Responses

    1. The alignment of responses area provides you with an overview of the range of responses from the team for each area.
      • The more variety in the bars indicates how differently each person is experiencing the team.
      • The more aligned the bars are the more shared the experiences.

    The flatter the bars are across the top, the more agreement there was. Factors that show significant differences in opinion should be discussed to diagnose what is causing the misalignment within your team.

    1. Recommendation is to look at high scores and the alignment and lower scores and the alignment to determine where you may want to focus.

    The alignment chart below shows varied responses; however, there are two distinct patterns. This will be an important area to review.
    Things to think about:

    • Are there new team members?
    • Has there been a leadership change?
    • Has there been a change that has impacted the team?
    An image showing the alignment of responses for Identity, Decisions; Exchange; and Atmosphere.

    2.3 Analyze results

    Team Characteristics and Stakes

    1. Team Characteristics. Use the Team Type Results tab in the IT Team Effectiveness Assessment Tool to identify how the team characterizes itself along the High-Low Scale. The closer the dark blue bar is to the right or left suggests to which degree the team views the characteristic.
      1. Interdependence highlights the team's view on how interconnected and dependent they are on each other to get work done. Think of examples where they should be sharing or collaborating, and they are not.
      2. Virtual describes the physicality of the team. This area has changed a lot since 2020; however, it's still important to note if the team shares the same understanding of work location. Are they thinking of team members in a different geography or referring to hybrid work?
      3. Decision making describes the scale of one decision maker or many. Where are most decisions made by on your team or who is making them?
      4. Stability refers to the degree to which the team stays the same – no membership change or turnover. It can be defined by length of time the group has been together. Looking at this will help understand alignment results. If alignment is varied, one might expect a less stable team.
    2. Stakes and Pressure
      1. Pressure refers to the conditions in which the team must work. How urgent are requests?
      2. Stakes refers to the degree of impact the work has. Will outputs impact safety, health, or a service?
      3. This category can be reviewed against decision making – high pressure, high stakes environments usually have a high concentration of authority. Low pressure, low stakes decisions can also be made either by one person as there is relatively no impact or with many as you have time to get many perspectives.
      4. This area informs what your decision-making protocols should look like.

    A bar graph for Team Characteristics, and a quadrant analysis for comparing Stakes and Pressure.

    2.4 Prepare for meeting

    1-2 hours

    1. Select a facilitator
      • The right person to facilitate the meeting and present the results is dependent upon the results themselves, the team lead's comfort level, and the root and degree of team dysfunction.
      • Typically, the team lead will facilitate and present the results. However, it will be more appropriate to have a member of the HR team or an external third party facilitate.
    2. Set the agenda (recommended sample to the right) that ensures:
      • Team members reflect on the results and discuss reaction to the results. (E.g. Are they surprised? Why/why not?)
      • Results are clearly understood and accepted by team members before moving on to activities.
      • The aim of the meeting is kept in mind. The purpose of the team meeting is to involve all team members in the creation of an effectiveness improvement plan.
    3. Customize the Facilitation Guide and activities in the Improve IT Team Effectiveness Facilitation Guide. (Activities are aligned with the four factors in the IDEA model.)
      • Identify a clear objective for each activity given the team assessment results. (E.g. What are the areas of improvement? What is the desired outcome of the activity?)
      • Review and select the activities that will best achieve the objectives.
      • Customize and prepare for chosen activities appropriately.
      • Obtain all necessary materials.
      • Practice by anticipating and preparing for questions, objectives, and what you will say and do.

    Facilitation Factors
    Select a third-party facilitator if:

    • The team lead is uncomfortable.
    • The leadership or organization is implicated in the team's dysfunction, a third party can be sought in place of HR.
    • Regardless of who facilitates, it is critical that the team lead understands the process and results and is comfortable answering any questions that arise.

    Agenda

    • Review the IDEA Model.
    • Discuss the assessment results.
    • Invite team members to reflect on the results and discuss reaction to the results.
    • Ensure results are clearly understood and accepted.
    • Examine team challenges and strengths through selected team activities.
    • Create a team charter and effectiveness improvement plan.

    Materials

    • IT Team Effectiveness Activities Facilitation Guide
    • IT Team Effectiveness Survey results

    Participants

    • Leader

    2.5 Run the meeting

    2-3 hours

    Facilitate the team meeting and agree on the team effectiveness improvement plan.

    Work with the team to brainstorm and agree on an action plan of continuous improvements.

    By creating an action plan together with the team, there is greater buy-in and commitment to the activities identified within the action plan.

    Don't forget to include timelines and task owners in the action plan – it isn't complete without them.

    Document final decisions in Info-Tech's Improve IT Team Effectiveness Action Plan Tool.

    Review activity Develop Team Charter in the Improve IT Team Effectiveness Facilitation Guide and conclude the team meeting by creating a team charter. With a team charter, teams can better understand:

    • Team objectives
    • Team membership and roles
    • Team ground rules

    Facilitation Factors

    Encourage and support participation from everyone.

    Be sure no one on the team dismisses anyone's thoughts or opinions – they present the opportunity for further discussion and deeper insight.

    Watch out for anything said or done during the activities that should be discussed in the activity debrief.

    Debrief after each activity, outlining any lessons learned, action items, and next steps.

    Agenda

    • Review the IDEA Model.
    • Discuss the assessment results.
    • Invite team members to reflect on the results and discuss reaction to the results.
    • Ensure results are clearly understood and accepted.
    • Examine team challenges and strengths through selected team activities.
    • Create a team charter and effectiveness improvement plan.

    Materials

    • IT Team Effectiveness Activities Facilitation Guide
    • Whiteboard/flip charts
    • Sticky notes
    • IT Team Effectiveness Survey results

    Participants

    • Leader
    • Team Members
    • Optional – External Facilitator

    Phase 3

    Document and measure

    Phase 1

    Phase 2

    Phase 3

    1.1 Identify team members
    and behaviors to improve using IDEA Model
    1.2 Determine messaging including follow-up plan
    1.3 Send survey

    1.1 Review results with team
    1.2 Determine IDEA focus area(s)
    1.3 Conduct activity to determine solutions

    1.1 Document outcomes and actions
    1.2 Create team charter
    1.3 Identify metrics to show success
    1.4 Schedule check-in

    This phase will walk you through the following activities:
    Building your team charter that will include:

    • Team vision, mission, and goals
    • Roles and responsibilities of each member
    • Decision-making responsibilities and process
    • How information will be shared and by whom
    • Ways to build psychological safety on the team

    This phase involves the following participants:

    • Leader of the team
    • All team members

    Document and agree to regular check-ins to reassess.

    As a team it will be important to drive your brainstormed solutions into an output that is co-created.

    • Agree to what actions can be implemented.
    • Capture agreed-to team goals, roles, responsibilities, and decision process into a team charter. Also include your communication protocol that articulates how information will be shared in future.
    1. Review suggestions and actions
    2. Capture in team charter
    3. Assign metrics to measure success and determine when to review
    4. Complete ongoing check-ins with team through team meeting and plan to reassess if agreed to

    Team Charter

    Never assume everyone "just knows."

    Set clear expectations for the team's interactions and behaviors.

    • Some teams call this a team agreement, team protocol, or ways of working. Determine the naming convention that works best for your team and culture.
    • This type of document saw a renewed popularity during COVID-19 as face-to-face interactions were more difficult, and as teams, news ways to work needed to be discovered, shared, and documented.
    • A co-created team charter is a critical component to onboarding new employees in the hybrid world.

    Info-Tech Insight – State of Hybrid Work in IT

    One contributor to the report shared the effort and intention around maintaining their culture during the pandemic. The team agreement created became a critical tool to enable conversations between leaders and their team – it was not a policy document.

    Team effectiveness is driven through thoughtful planned conversations. And it's a continued conversation.

    A screenshot of the IT Team Charter Template page

    Download the IT Team Charter Template

    Establish Baseline Metrics

    Baseline metrics will be improved through:

    Identify the impact that improved team effectiveness will have on the organization.
    Determine your baseline metrics to assess the success of your team interventions and demonstrate the impact to the rest of the organization using pre-determined goals and metrics.
    Share success stories through:

    • Newsletters or email announcements
    • Team meetings
    • Presentations to business partners or the organization

    Sample effectiveness improvement goal

    Sample Metric

    Increase employee engagement
    Increase overall employee engagement scores in the Employee Engagement survey by 5% by December 31, 2023.

    • Overall employee engagement

    Strengthen manager/employee relationships
    Increase manager driver scores in the Employee Engagement survey by 5% by December 31, 2023.

    • Employee engagement – manager driver
    • Employee engagement – senior leadership driver

    Reduce employee turnover (i.e. increase retention)
    Reduce voluntary turnover by 5% by December 31, 2023.

    • Voluntary turnover rate
    • Turnover by department or manager
    • Cost of turnover

    Increase organizational productivity
    Increase the value added by human capital by 5% by December 31, 2023.

    • Value added by human capital
    • Employee productivity
    • Human capital return on investment
    • Employee engagement

    Reassess team effectiveness

    Reassess and identify trends after they have worked on key focus areas for improvement.

    Track the team's progress by reassessing their effectiveness six to twelve months after the initial assessment.
    Identify if:

    • Team characteristics have changed.
    • Areas of team strengths are still a source of strength.
    • Areas for improvement have, in fact, improved.
    • There are opportunities for further improvement.

    As the team matures, priorities and areas of concern may shift; it is important to regularly reassess team effectiveness to ensure ongoing alignment and suitability.
    Note: It is not always necessary to conduct a full formal assessment; once teams become more effective and self-sufficient, informal check-ins by team leads will be sufficient.

    If you assess team effectiveness for multiple teams, you have the opportunity to identify trends:

    • Are there common challenges within teams?
    • If so, what are they?
    • How comfortable are teams with intervention?
    • How often is outside help required?

    Identifying these trends, initiatives, training, or tactics may be used to improve team effectiveness across the department – or even the organization.

    Teams are ultimately accountable for their own effectiveness.

    As teams mature, the team lead should become less involved in action planning. However, enabling truly effective teams takes significant time and resources from the team lead.

    Use the action plan created and agreed upon during the team meeting to hold teams accountable:

    • Ensure teams follow through on action items.
    • Ensure you are continuously assessing team effectiveness (formally or informally).

    The team coach should have a plan to transition into a supportive role by:

    • Providing teams with the knowledge, resources, and tools required to improve and sustain high effectiveness.
    • Providing team members and leads with a safe, open, and honest environment.
    • Stepping in as an objective third party when required.

    If the team continues to face barriers

    Other important information: If team effectiveness has not significantly improved, other interventions may be required that are beyond the scope of this project.

    The four factors outlined in the IDEA Model of team effectiveness are very important, but they are not the only things that have a positive or negative impact on teams. If attempts to improve the four factors have not resulted in the desired level of team effectiveness, evaluate other barriers:

    For organizational culture, ask if performance and reward programs do the following:

    • Value teamwork alongside individual achievement and competition
    • Provide incentives that promote a focus on individual performance over team performance
    • Reward or promote those who sabotage their teams

    For learning and development, ask:

    • Is team effectiveness included in our manager or leadership training?
    • Do we offer resources to employees seeking to improve their teamwork competencies?

    If an individual team member's or leader's performance is not meeting expectations, potential remedies include a performance improvement plan, reassignment, and termination of employment.

    These kinds of interventions are beyond the control of the team itself. In these cases, we recommend you consult with your HR department; HR professionals can be important advocates because they possess the knowledge, influence, and authority in the company to promote changes that support teamwork.

    Related Info-Tech Research

    Redesign Your IT Department

    • You could have the best IT employees in the world, but if they aren't structured well your organization will still fail in reaching its vision.
    • Increase the effectiveness of IT as a function.
    • Provide employees with clarity in their roles and responsibilities.

    Build an IT Employee Engagement Program

    • With the growing IT job market, turnover is a serious threat to IT's ability to deliver seamless value and continuously drive innovation.
    • Engagement initiatives are often seen as being HR's responsibility; however, IT leadership needs to take accountability for the retention and productivity of their employees in order to drive business value.

    Info-Tech Leadership Programs

    • Development of the leadership mind should never stop. This program will help IT leaders continue to craft their leadership competencies to navigate the ever-changing world in which we operate.
    • Actively delegate responsibilities and opportunities that engage and develop team members to build on current skills and prepare for the future.

    Research Contributors and Experts

    A picture of Carlene McCubbin

    Carlene McCubbin
    Practice Lead
    Info-Tech Research Group

    A picture of Nick Kozlo

    Nick Kozlo
    Senior Research Analyst
    Info-Tech Research Group

    A picture of Heather Leier-Murray

    Heather Leier-Murray
    Senior Research Analyst
    Info-Tech Research Group

    A picture of Stephen O'Conner

    Stephen O'Conner
    Executive Counselor
    Info-Tech Research Group

    A picture of Jane Kouptsova

    Jane Kouptsova
    Research Director
    Info-Tech Research Group

    Dr. Julie D. Judd, Ed.D.
    Chief Technology Officer
    Ventura County Office of Education

    Works Cited

    Aminov, I., A. DeSmet, and G. Jost. "Decision making in the age of urgency." McKinsey. April 2019. Accessed January 2023.
    Duhigg, Charles. "What Google Learned From Its Quest to Build the Perfect Team." The New York Times, 25 Feb. 2016. Accessed January 2023.
    Edmondson, Amy. "Psychological Safety and Learning Behavior in Work Teams." Administrative Science Quarterly, vol. 44, no. 2, June 1999, pp. 350-383.
    Gardner, Kate. "Julie Judd – Ventura County Office of Education." Toggle, 12 Sept. 2022. Accessed January 2023.
    Google People Operations. "Guide: Understand Team Effectiveness." reWork, n.d. Accessed February 2023.
    Harkins, Phil. "10 Leadership Techniques for Building High-Performing Teams." Linkage Inc., 2014. Accessed 10 April 2017.
    Heath, C. and D. Heath. Decision: How to make better choices in life and work. Random House, 2013, ISBN 9780307361141.
    Hill, Jon. "What is an Information Silo and How Can You Avoid It." Bloomfire, 23 March 2022. Accessed January 2023.
    "IT Team Management Software for Enhanced Productivity." Freshworks, n.d. Accessed January 2023.
    Jackson, Brian. "2022 Tech Trends." Info-Tech Research Group, 2022. Accessed December 2022.
    Kahneman, Daniel. Thinking fast and slow. Farrar, Straus and Giroux. 2011.
    Kouptsova, J., and A. Mathieson. "State of Hybrid Work in IT." Info-Tech Research Group, 2023. Accessed January 2023.
    Mayfield, Clifton, et al. "Psychological Collectivism and Team Effectiveness: Moderating Effects of Trust and Psychological Safety." Journal of Organizational Culture, Communications and Conflict, vol. 20, no. 1, Jan. 2016, pp. 78-94.
    Rock, David. "SCARF: A Brain-Based Model for Collaborating With and Influencing Others." NeuroLeadership Journal, 2008. Web.
    "The State of High Performing Teams in Tech Hypercontext." Hypercontext. 2022. Accessed November 2022.
    Weick, Carl, and Kathleen Sutcliff. Managing the unexpected. John Wiley & Sons, 2007.
    "Workplace Conflict Statistics: How we approach conflict at work." The Niagara Institute, August 2022. Accessed December 2022.

    IT Strategy

    • Buy Link or Shortcode: {j2store}20|cart{/j2store}
    • Related Products: {j2store}20|crosssells{/j2store}
    • Up-Sell: {j2store}20|upsells{/j2store}
    • member rating overall impact (scale of 10): 9.3/10
    • member rating average dollars saved: $105,465
    • member rating average days saved: 35
    • Parent Category Name: Strategy and Governance
    • Parent Category Link: strategy-and-governance
    Success depends on IT initiatives clearly aligned to business goals.

    Time Study

    • Buy Link or Shortcode: {j2store}260|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • In ESG’s 2018 report “The Life of Cybersecurity Professionals,” 36% of participants expressed the overwhelming workload was a stressful aspect of their job.
    • Organizations expect a lot from their security specialists. From monitoring the threat environment, protecting business assets, and learning new tools, to keeping up with IT initiatives, cybersecurity teams struggle to balance their responsibilities with the constant emergencies and disruptions that take them away from their primary tasks.
    • Businesses fail to recognize the challenges associated with task prioritization and the time management practices of a security professional.

    Our Advice

    Critical Insight

    • The majority of scheduled calendar meetings include employees and peers.
      • Our research indicates cybersecurity professionals spent the majority of their meetings with employees (28%) and peers (24%). Other stakeholders involved in meetings included by myself (15%), boss (13%), customers (10%), vendors (8%), and board of directors (2%).
    • Calendar meetings are focused on project work, management, and operations.
      • When asked to categorize calendar meetings, the focus was on project work (26%), management (23%), and operations (22%). Other scheduled meetings included ones focused on strategy (15%), innovation (9%), and personal time (5%).
    • Time management scores were influenced by the percentage of time spent with employees and peers.
      • When participants were divided into good and poor time managers, we found good time managers spent less time with their peers and more time with their employees. This may be due to the nature of employee meetings being more directly tied to the project outputs of the manager than their peer meetings. Managers who spend more time in meetings with their employees feel a sense of accomplishment, and hence rate themselves higher in time management.

    Impact and Result

    • Understand how cybersecurity professionals allocate their time.
    • Gain insight on whether perceived time management skills are associated with calendar maintenance factors.
    • Identify common time management pain points among cybersecurity professionals.
    • Identify current strategies cybersecurity professionals use to manage their time.

    Time Study Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Read our Time Study

    Read our Time Study to understand how cybersecurity professionals allocate their time, what pain points they endure, and tactics that can be leveraged to better manage time.

    • Time Study Storyboard
    [infographic]

    Establish Effective Security Governance & Management

    • Buy Link or Shortcode: {j2store}380|cart{/j2store}
    • member rating overall impact (scale of 10): 9.2/10 Overall Impact
    • member rating average dollars saved: $63,532 Average $ Saved
    • member rating average days saved: 24 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • The security team is unsure of governance needs and how to manage them.
    • There is a lack of alignment between key stakeholder groups
    • There are misunderstandings related to the role of policy and process.

    Our Advice

    Critical Insight

    Good governance stems from a deep understanding of how stakeholder groups interact with each other and their respective accountabilities and responsibilities. Without these things, organizational functions tend to interfere with each other, blurring the lines between governance and management and promoting ad–hoc decision making that undermines governance.

    Impact and Result

    • The first phase of this project will help you establish or refine your security governance and management by determining the accountabilities, responsibilities, and key interactions of your stake holder groups.
    • In phase two, the project will guide you through the implementation of essential governance processes: setting up a steering committee, determining risk appetite, and developing a policy exception-handling process.

    Establish Effective Security Governance & Management Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish Effective Security Governance and Management Deck – A step-by-step guide to help you establish or refine the governance model for your security program.

    This storyboard will take you through the steps to develop a security governance and management model and implement essential governance processes.

    • Establish Effective Security Governance & Management – Phases 1-2

    2. Design Your Governance Model – A security governance and management model to track accountabilities, responsibilities, stakeholder interactions, and the implementation of key governance processes.

    This tool will help you determine governance and management accountabilities and responsibilities and use them to build a visual governance and management model.

    • Security Governance Model Templates (Visio)
    • Security Governance Model Templates (PDF)
    • Security Governance Model Tool

    3. Organizational Structure Template – A tool to address structural issues that may affect your new governance and management model.

    This template will help you to implement or revise your organizational structure.

    • Security Governance Organizational Structure Template

    4. Information Security Steering Committee Charter & RACI – Templates to formalize the role of your steering committee and the oversight it will provide.

    These templates will help you determine the role a steering committee will play in your governance and management model.

    • Information Security Steering Committee Charter
    • Information Security Steering Committee RACI Chart

    5. Security Policy Lifecycle Template – A template to help you model your policy lifecycle.

    Once this governing document is customized, ensure the appropriate security policies are developed as well.

    • Security Policy Lifecycle Template

    6. Security Policy Exception Approval Process Templates – Templates to establish an approval process for policy exceptions and bolster policy governance and risk management.

    These templates will serve as the foundation of your security policy exception approval processes.

    • Security Policy Exception Approval Workflow (Visio)
    • Security Policy Exception Approval Workflow (PDF)
    • Policy Exception Tracker
    • Information Security Policy Exception Request Form

    Infographic

    Further reading

    Establish Effective Security Governance & Management

    The key is in stakeholder interactions, not policy and process.

    Analyst Perspective

    It's about stakeholder interactions, not policy and process.

    Many security leaders complain about a lack of governance and management in their organizations. They have policies and processes but find neither have had the expected impact and that the organization is teetering on the edge of lawlessness, with stakeholder groups operating in ways that interfere with each other (usually due to poorly defined accountabilities).

    Among the most common examples is security's relationship to the business. When these groups don't align, they tend to see each other as adversaries and make decisions in line with their respective positions: security endorses one standard, the business adopts another.

    The consequences of this are vast. Such an organization is effectively opposed to itself. No wonder policy and process have not resolved the issue.

    At a practical level, good governance stems from understanding how different stakeholder groups interact, providing inputs and outputs to each other and modeling who is accountable for what. But this implied accountability model needs to be formalized (perhaps even modified) before governance can help all stakeholder groups operate as strategic partners with clearly defined roles, responsibilities, and decision-making power. Only when policies and processes reflect this will they serve as effective tools to support governance.

    Logan Rohde, Senior Research Analyst, Security & Privacy

    Logan Rohde
    Senior Research Analyst, Security & Privacy
    Info-Tech Research Group

    Executive Summary

    Your Challenge Common Obstacles Info-Tech's Approach
    Ineffective governance and management processes, if they are adopted at all, can lead to:
    • An organization unsure of governance needs and how to manage them.
    • A lack of alignment between key stakeholder groups.
    • Misunderstandings related to the role of policy and process.
    Most governance and management initiatives stumble because they do not address governance as a set of interactions and influences that stakeholders have with and over each other, seeing it instead as policy, process, and risk management. Challenges include:
    • Senior management disinterest
    • Stakeholders operating in silos
    • Separating governance from management
    You will be able to establish a robust governance model to support the current and future state of your organization by accounting for these three essential parts:
    1. Determine governance accountabilities.
    2. Define management responsibilities.
    3. Model stakeholders' interactions, inputs, and outputs as part of business and security operations.

    Info-Tech Insight
    Good governance stems from a deep understanding of how stakeholder groups interact with each other and their respective accountabilities and responsibilities. Without these things, organizational functions tend to interfere with each other, blurring the lines between governance and management and promoting ad hoc decision making that undermines governance.

    Your challenge

    This research is designed to help organizations who need to:

    • Establish security governance from scratch.
    • Improve security governance despite a lack of cooperation from the business.
    • Determine the accountabilities and responsibilities of each stakeholder group.

    This blueprint will solve the above challenges by helping you model your organization's governance structure and implement processes to support the essential governance areas: policy, risk, and performance metrics.

    Percentage of organizations that have yet to fully advance to a maturity-based approach to security

    70%

    Source: McKinsey, 2021

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • The business does not wish to be governed and does not seek to align with security on the basis of risk.
    • Various stakeholder groups essentially govern themselves, causing business functions to interfere with each other.
    • Security teams struggle to differentiate between governance and management and the purpose of each.

    Early adopter infrastructure

    63%
    Security leaders not reporting to the board about risk or incident detection and prevention.
    Source: LogRhythm, 2021

    46%
    Those who report that senior leadership is confident cybersecurity leaders understand business goals.
    Source: LogRhythm, 2021

    Governance isn't just policy and process

    Governance is often mistaken for an organization's formalized policies and processes. While both are important governance supports, they do not provide governance in and of themselves.

    For governance to work well, an organization needs to understand how stakeholder groups interact with each other. What inputs and outputs do they provide? Who is accountable? Who is responsible? These are the questions one needs to ask before designing a governance structure. Failing to account for any of these three elements tends to result in overlap, inefficiency, and a lack of accountability, creating flawed governance.

    Separate governance from management

    Oversight versus operations

    • COBIT emphasizes the importance of separating governance from management. These are complementary functions, but they refer to different parts of organizational operation.
    • Governance provides a decision-making apparatus based on predetermined requirements to ensure smooth operations. It is used to provide oversight and direction and hinges on established accountabilities
    • Simply put, governance refers to what an organization is and is not willing to permit in day-to-day operations, and it tends to make its presence known via the key areas of risk appetite, formal policy and process, and exception handling.
      • Note: These key areas do not provide governance in and of themselves. Rather, governance emerges in accordance with the decisions an organization has made regarding these areas. Sometimes, however, these "decisions" have not been formally or consciously made and the current state of the organization's operations becomes the default - even when it is not working well.
    • Management, by contrast, is concerned with executing business processes in accordance with the governance model, essentially, governance provides guidance for how to make decisions during daily management.

    "Information security governance is the guiding hand that organizes and directs risk mitigation efforts into a business-aligned strategy for the entire organization."

    Steve Durbin,
    Chief Executive,
    Information Security Forum, Forbes, 2023

    Models for governance and management

    Info-Tech's Governance and Management research uses the logic of COBIT's governance and management framework but distills this guidance into a practical, easy-to-implement series of steps, moving beyond the rudimentary logic of COBIT to provide an actionable and personalized governance model.

    Governance Cycle

    Management Cycle

    Clear accountabilities and responsibilities

    Complementary frameworks to simplify governance and management

    The distinction that COBIT draws between governance and management is roughly equivalent to that of accountability and responsibility, as seen in the RACI* model.

    There can be several stakeholders responsible for something, but only one party can be accountable.

    Use this guidance to help determine the accountabilities and responsibilities of your governance and management model.

    *Responsible, Accountable, Consulted, Informed

    COBIT RACI chart

    Security governance framework

    A security governance framework is a system that will design structures, processes, accountability definitions, and membership assignments that lead the security department toward optimal results for the business.

    Governance is performed in three ways:

    1 Evaluate 2 Direct 3 Monitor
    For governance to be effective it must account for stakeholder interests and business needs. Determining what these are is the vital first step. Governance is used to determine how things should be done within an organization. It sets standards and provides oversight so decisions can be made during day-to-day management. Governance needs change and inefficiencies need to be revised. Therefore, monitoring key performance indicators is an essential step to course correct as organizational needs evolve.

    "Governance specifies the accountability framework and provides oversight to ensure that risks are adequately mitigated, while management ensures that controls are implemented to mitigate risks. Management recommends security strategies. Governance ensures that security strategies are aligned with business objectives and consistent with regulations."
    - EDUCAUSE

    Establish Effective Security Governance & Management

    SMART metrics

    Suggested targets to measure success

    Specific

    Measurable

    Achievable

    Relevant

    Time-Bound

    Examples
    Security's risk analyses will be included as part of the business decision-making process within three months after completing the governance initiative.
    Increase rate of security risk analysis using risk appetite within three months of project completion.
    Have stakeholder engagement supply input into security risk-management decisions within three months of completing phase one of blueprint.
    Reduce time to approve policy exceptions by 25%.
    Reduce security risk related to policy non-compliance by 50% within one year.
    Develop five KPIs to measure progress of governance and management within three months of completing blueprint.

    Info-Tech's methodology for security governance and management

    1. Design Your Governance Model 2. Implement Essential Governance Processes
    Phase Steps
    1. Evaluate
    2. Direct
    3. Monitor
    1. Implement Oversight
    2. Set Risk Appetite
    3. Implement Policy Lifecycle
    Phase Outcomes
    • Defined governance accountabilities
    • Defined management responsibilities
    • Record of key stakeholder interactions
    • Visual governance model
    • Key performance indicators (KPIs)
    • Established steering committee
    • Qualitative risk-appetite statements
    • Policy lifecycle
    • Policy exceptions-handling process

    Governance starts with mapping stakeholder inputs, outputs, and throughputs

    The key is in stakeholder interactions, not policy and process
    Good governance stems from a deep understanding of how stakeholder groups interact with each other and their respective accountabilities and responsibilities. Without these things, organizational functions tend to interfere with each other, blurring the lines between governance and management and promoting ad hoc decision making that undermines governance.

    Policy, process, and org. charts support governance but do not produce it on their own
    To be effective, these things need to be developed with the accountabilities and influence of the organizational functions that produce them.

    A lack of business alignment does not mean you're doomed to fail
    While the highest levels of governance maturity depend on strong security-business alignment, there are still tactics one can use to improve governance.

    All organizations have governance
    Sometimes it is poorly defined, ineffective, and occurs in the same place as management, but it exists at some level, acting as the decision-making apparatus for an organization (i.e. what can and cannot occur).

    Risk tolerances are variable across lines of business
    This can lead to misalignments between security and the business, as each may have their own tolerance for particular risks. The remedy is to understand the risk appetite of the business and allow this to inform security risk management decisions.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Security Governance Model Tool

    Security Governance Organizational Structure Template

    Information Security Steering Committee Charter & RACI

    Policy Exceptions-Handling Workflow

    Policy Exception Tracker and Request Form

    Key deliverable:

    Security Governance Model

    By the end of this blueprint, you will have created a personalized governance model to map your stakeholders' accountabilities, responsibilities, and key interactions.

    Blueprint benefits

    IT Benefits Business Benefits
    • Correct any overlapping and mismanaged security processes by assigning accountabilities and responsibilities to each stakeholder group.
    • Improve efficiency and effectiveness of the security program by separating governance from management.
    • Determine necessary inputs and outputs from stakeholder interactions to ensure the governance model functions as intended.
    • Improved support of business goals through security-business alignment.
    • Better risk management by defining risk appetite with security.
    • Increased stakeholder satisfaction via a governance model designed to meet their needs.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2
    Call #1: Scope requirements, objectives, and your specific challenges. Call #2: Determine governance requirements.
    Call #3: Review governance model.
    Call #4: Determine KPIs.
    Call #5: Stand up steering committee.
    Call #6: Set risk appetite.
    Call #7: Establish policy lifecycle.
    Call #8: Revise exception-handing process.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 4 to 8 calls over the course of 2 to 3 months.

    Workshop Overview

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities Evaluate Direct Monitor Implement Essential Governance Processes Next Steps and Wrap-Up (offsite)
    1.1 Prioritize governance accountabilities
    1.2 Prioritize management responsibilities
    1.3 Evaluate organizational structure
    2.1 Align with business
    2.2 Build security governance and management model
    2.3 Visualize security governance and management model
    3.1 Develop governance and management KPIs 4.1 Draft steering committee charter
    4.2 Complete steering committee RACI
    4.3 Draft qualitative risk statements
    4.4 Define policy management lifecycle
    4.5 Establish policy exception approval process
    5.1 Complete in-progress deliverables from previous four days
    5.2 Set up review time for workshop deliverables and to discuss next steps
    Deliverables
    1. Prioritized list of accountabilities and responsibilities
    2. Revised organizational structure
    1. Security governance and management model
    1. Security Metrics Determination and Tracking Tool
    2. KPI Development Worksheet
    1. Steering committee charter and RACI
    2. Risk-appetite statements
    3. Policy management lifecycle
    4. Policy exception approval process

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Customize your journey

    The security governance and management blueprint pairs well with security design and security strategy.

    • The governance and management model you create in this blueprint will inform efforts to improve security, like revisiting security program design and your security strategy.
    • Work with your member services director, executive advisor, or technical counselor to scope the journey you need. They will work with you to align the subject matter experts to support your roadmap and workshops.

    Workshop Day 1 and Day 2
    Security Governance and Management

    Workshop Day 3 and Day 4
    Security Strategy Gap Analysis or Security Program Design Factors

    Phase 1

    Design Your Governance Model

    Phase 1
    1.1 Evaluate
    1.2 Direct
    1.3 Monitor

    Phase 2
    2.1 Implement Oversight
    2.2 Set Risk Appetite
    2.3 Implement Policy lifecycle

    Establish Security Governance & Management

    This phase will walk you through the following activities:

    • Prioritize governance accountabilities
    • Prioritize management responsibilities
    • Evaluate current organizational structure
    • Align with the business
    • Build security governance and management model
    • Finalize governance and management model
    • Develop governance and management KPIs

    This phase involves the following participants:

    • CISO
    • CIO
    • Business representative

    Step 1.1

    Evaluate

    Activities
    1.1.1 Prioritize governance accountabilities
    1.1.2 Prioritize management responsibilities
    1.1.3 Evaluate current organizational structure

    This step involves the following participants:

    • CISO
    • CIO
    • Business representative

    Outcomes of this step

    • Defined governance accountabilities
    • Defined management responsibilities

    Design Your Governance Model

    Step 1.1 > Step 1.2 > Step 1.3

    Evaluate: Getting started

    Element Questions
    Compliance What voluntary or mandatory standards must be represented in my governance model?
    Legal What laws are the organization accountable to? Who is the accountable party?
    Business needs What does the business need to operate? What sort of informational or operational flows need to be accounted for?
    Culture How does the business operate? Are departments siloed or cooperative? Where does security fit in?
    Decision-making process How are decisions made? Who is involved? What information needs to be available to do so?
    Willingness to be governed Is the organization adverse to formal governance mechanisms? Are there any opportunities to improve alignment with the business?
    Relevant trends Are there recent developments (e.g. new privacy laws) that are likely to affect the organization in the future? Will this complicate or simplify governance modeling efforts?
    Stakeholder interests Who are the internal and external stakeholders that need to be represented in the governance model?

    The above is a summary of COBIT 2019 EDM01.01 Evaluate the governance system, along with Info-Tech-recommended questions to contextualize each element for your organization.

    1.1.1 Prioritize governance accountabilities

    1-2 hours

    Using the example on the next slide, complete the following steps.

    1. Download Info-Tech's Security Governance Model Tool using the link below and customize the stakeholder groups on tab 1 to reflect the makeup of your organization.
    2. Using the previous slide as a guide, evaluate your organization's internal and external pressures and discuss their possible impacts your governance and management model.
    3. Complete tab 2, Governance Prioritization, indicating your response to each prompt using the drop-down menus. The tool will score your responses and provide you with a prioritized list of governance accountabilities based on greatest need on tab 4, Governance Model Builder.
    4. Review the list and make any desired modifications to the prompts on tab 2 and then move on to Activity 1.1.2. (We will return to tab 4 in Step 2.1.) Remember to evaluate the results against the internal/external pressure analysis to ensure these details are reflected.

    Download the Security Governance Model Tool

    Input Output
    • List of governance pressures
  • Prioritized list of governance accountabilities
  • Materials Participants
    • Security Governance Model Tool
    • CISO
    • CIO
    • Security Operations
    • Business representative (optional)

    Security Governance and Management Model Tool

    Tabs 2 and 3

    Security Governance and Management Model Tool

    1.1.2 Prioritize management responsibilities

    1 hours

    Using the examples on the previous slide, complete the following steps.

    1. Complete tab 3, Management Prioritization, indicating your response to each prompt using the drop-down menus. The tool will score your responses and provide you with a prioritized list of governance accountabilities based on greatest need on tab 4, Governance Model Builder.
    2. Review the list and make any desired modifications to the prompts on tab 3 and then move on to Activity 1.1.3. (We will return to tab 4 in Step 2.1.) Remember to evaluate the results against the internal/external pressure analysis to ensure these details are reflected.

    Download Security Governance Model Tool

    InputOutput
    • Pressure analysis
    • Prioritized list of management responsibilities
    MaterialsParticipants
    • Security Governance Model Tool
    • CISO
    • CIO
    • Business representative (optional)

    Security Governance and Management Model Tool

    Tab 4

    Security Governance and Management Model Tool Tab 4

    1.1.3 Evaluate current organizational structure

    1-3 hours

    1. Download and modify Info-Tech's Security Governance Organizational Structure Template to reflect the reporting structure at your organization. If such a document already exists, simply review it and move on to the next step below.
    2. Determine if the current organizational structure will negatively affect your ability to pursue the items in your prioritized lists from governance accountabilities and management responsibilities (e.g. conflicts of interest related to oversight or reporting), and discuss the feasibility of changing the current governance structure.
    3. Record these recommended changes and any other key points you'd like the business or other stakeholders to be aware of. We'll use this information in the business alignment exercise in Step 2.1

    Download the Security Governance Organizational Structure Template

    Input Output
    • Prioritized lists of governance accountabilities and management responsibilities
    • Updated organizational structure
    Materials Participants
    • Security Governance Organizational Structure Template
    • CISO

    Info-Tech resources

    Locate structural problems in advance

    • If you do not already have a diagram of your organization's reporting structure, use this template to create one. Examples are provided for high, medium, and low maturity.
    • The existing reporting structure will likely affect the governance model you create, as it may not be feasible to assign certain governance accountabilities and management responsibilities to certain stakeholders.
      • For example, it may make sense for the head of security to approve the security budget, but if they report to a CIO with greater authority that accountability will likely have to sit with the CIO instead.

    Download the Security Governance Organizational Structure Template

    Security Governance Organizational Structure

    Step 1.2

    Direct

    Activities
    1.2.1 Align with the business
    1.2.2 Build security governance and management model
    1.2.3 Finalize governance and management model

    This step involves the following participants:

    CISO

    CIO

    Business representative

    Outcomes of this step

    • Record of key stakeholder interactions
    • Visual governance model

    Design Your Governance Model

    Step 1.1 > Step 1.2 > Step 1.3

    Direct: Getting started

    Element Questions
    Business alignment Do we have a full understanding of the business's approach to risk and security's role to support business objectives?
    Organizational security process How well do our current processes work? Are we missing any key processes?
    Steering committee Will we use a dedicated steering committee to oversee security governance, or will another stakeholder assume this role?
    Security awareness Does the organization have a strong security culture? Does an effort need to be made to educate stakeholder groups on the role of security in the organization?
    Roles and responsibilities Does the organization use RACI charts or another system to define roles and document duties?
    Communication flows Do we have a good understanding of how information flows between stakeholder groups? Are there any gaps that need to be addressed (e.g. regular board reporting)?

    The above is a summary of COBIT 2019 EDM01.02 Direct the governance system, along with Info-Tech-recommended questions to contextualize each element for your organization.

    Embed security governance within enterprise governance

    Design structures, processes, authority definitions, and steering committee assignments to drive optimal business results.

    Embed security governance within enterprise governance

    1.2.1 Align with the business

    1-3 hours

    1. Request a meeting with the business to present your findings from the previous activities in Step 1.1. As you prepare for the meeting, remember to following points:
    • The goal here is to align, not to command. You want the business to see the security team as a strategic ally that supports the pursuit of business goals.
    • Make recommendations and explain any security risks associated with the direction the business wants to take, but the goal is not to strongarm the business into adopting your perspective.
    • Above all, listen to the business to learn more about how they relate to governance and what their priorities are. This will help you adapt your governance model to better support business needs.

    Info-Tech Insight
    A lack of business participation does not mean your governance initiative is doomed. From this lack, we can still infer their attitudes toward security governance, and we can account for this in our governance model. This may limit the maturity your program can reach, but it doesn't prevent improvements from being made to your current security governance.

    InputOutput
    • Prioritized lists of governance accountabilities and management responsibilities
    • Current organizational structure
    • List of recommendations or proposed changes
    • Security governance and management target state definition
    MaterialsParticipants
    • Means to capture key points of the conversation (e.g. notebook, recorded meeting)
    • CISO
    • CIO
    • Business representative

    1.2.2 Build security governance and management model

    1-2 hours

    Using the example on the next slide, complete the following steps:

    1. On tab 4, review the prioritized lists for governance accountabilities and management responsibilities and begin assigning them to the appropriate stakeholder groups.
    • Remember: Responsibilities can be assigned to up to four stakeholders, but there can be only one party listed as accountable.
  • Use the drop-down menus to record any interactions that occur between the groups (e.g. repots to, appoints, approves, oversees).
    • Documenting these interactions will help you ensure your governance program accounts for inputs and outputs that are required by, or that otherwise affect, your various stakeholder groups.

    Note: You may wish to review Info-Tech's governance model templates before completing this activity to get an idea of what you'll be working toward in this step. See slides 37-38.

    Download Security Governance Model Tool

    InputOutput
    • Prioritized lists of governance accountabilities and management responsibilities
    • Target state from business alignment exercise
    • Summary of governance model
    MaterialsParticipants
    • Security Governance Model Tool
    • CISO
    • CIO
    • Business representative (optional)

    Security Governance and Management Model Tool

    Tab 5

    Security Governance and Management Model Tool Tab 5

    Security Governance and Management Model Tool continued

    Tab 6

    Security Governance and Management Model Tool Tab 6

    1.2.3 Visualize your security governance and management model

    1-2 hours

    1. Download the Security Governance Model Templates using the link below and determine which of the three example models most closely resembles your own.
    2. Once you have chosen an example to work from, begin customizing it to reflect the governance model completed in Activity 1.2.2. See next slide for example.

    Note: You do not have to use these templates. If you prefer, you can use them as inspiration and design your own model.

    Download Security Governance Model Templates

    InputOutput
    • Results of Activity 2.1.2
    • Security governance and management model diagram
    MaterialsParticipants
    • Security Governance Model Templates
    • CISO

    Customize the template

    Customize the template

    Step 1.3

    Monitor

    Activities
    1.3.1 Develop governance and management KPIs

    This step involves the following participants:

    • CISO
    • CIO
    • Security team
    • Business representative

    Outcomes of this step

    Key performance indicators

    Design Your Governance Model

    Step 1.1 > Step 1.2 > Step 1.3

    Monitor: Getting started

    Element Questions
    Metrics Does the organization have a well-developed metrics program or will this need to be taken up as a separate effort? Have we considered what outcomes we are hoping to see as a result of implementing a new governance and management model?
    Existing and emerging threats What has changed or is likely to change in the future that may destabilize our governance program? What do we need to do to mitigate any security risks to our organizational governance and management?

    The above is a summary of COBIT 2019 EDM01.03 Monitor the governance system, along with Info-Tech-recommended questions to contextualize each element for your organization.

    1.3.1 Develop governance and management KPIs

    1-2 hours

    This activity is meant to provide a starting point for key governance metrics. To develop a comprehensive metrics program, see Info-Tech's Build a Security Metrics Program to Drive Maturity blueprint.

    1. Create a list of four to six outcomes you'd like to see as the result of your new governance model. Be as specific as you can; the better defied the outcome, the easier it will be to determine suitable KPI.
    2. For each desired outcome, determine what would best indicate that progress is being made toward that state.
    • Desired outcome: security team is consulted before critical business decisions are made.
    • Success criteria: the business evaluates Security's recommendations before starting new projects
    • Possible KPI: % of critical business decisions made with security consultation
    • See next slide for additional examples

    Note: Try to phrase each KPI using percents, which helps to add context to the metric and will make it easier to explain when reporting metrics in the future.

    Input Output
    • List of desired outcomes after new governance model implemented
    • Set of key performance indicators
    Materials Participants
    • Whiteboard
    • CISO
    • CIO
    • Security team
    • Business representative (optional)

    Example KPIs

    Desired Outcome Success Criteria Possible KPI
    Security team is consulted before critical business decisions are made The business evaluates Security's recommendations before starting new projects % of critical business decisions with Security consultation
    Greater alignment over risk appetite The business does not take on initiatives with excessive security risks % of incidents stemming from not following Security's risk management recommendations
    Reduced number of policy exceptions Policy exceptions are only granted when a clear need is present and a formal process is followed % of incidents stemming from policy exceptions
    Improved policy adherence Policies are understood and followed throughout the organization % of incidents stemming from policy violations

    Establish Baseline Metrics

    Baseline metrics will be improved through:

    1. Improved business alignment
    2. Developing formal process to manage security risks
    3. Separating governance from management
    Metric Current Goal
    % of critical business decisions with Security consultation 20% 100%
    % of incidents stemming from not following Security's risk management recommendations 65% 0%
    % of incidents stemming from policy exceptions 35% 5%
    % of incidents stemming from policy violations 40% 5%
    % of ad hoc decisions made (i.e. not accounted for by governance model 85% 5%
    % of accepted security risks evaluated against risk appetite 50% 100%
    % of deferred steering committee decisions (i.e. decisions not made ASAP after issue arises) 50% 5%
    % of policies approved within target window (e.g. 1 month) 20% 100%

    Phase 2

    Implement Essential Governance Processes

    Phase 1
    1.1 Evaluate
    1.2 Direct
    1.3 Monitor

    Phase 2
    2.1 Implement Oversight
    2.2 Set Risk Appetite
    2.3 Implement Policy Lifecycle

    This phase will walk you through the following activities:

    • Draft Steering Committee Charter
    • Complete Steering Committee RACI
    • Draft qualitative risk statements
    • Model policy lifecycle
    • Establish exceptions-handling process

    This phase involves the following participants:

    • CISO
    • CRO
    • CIO
    • HR
    • Internal Audit
    • Business representative
    • Legal

    Establish Security Governance & Management

    Step 2.1

    Implement Oversight

    Activities
    2.1.1 Draft steering committee charter
    2.1.2 Complete steering committee RACI

    This step involves the following participants:

    • CISO
    • CRO
    • CIO
    • HR
    • Internal Audit
    • Business representative
    • Legal

    Outcomes of this step

    Steering Committee Charter and RACI

    Implement Essential Governance Processes

    Step 2.1 > Step 2.2 > Step 2.3

    2.1.1 Draft steering committee charter

    1-3 hours

    This activity is meant to provide a starting point for your steering committee. If a more comprehensive approach is desired, see Info-Tech's Improve Security Governance With a Security Steering Committee blueprint.

    1. Download the template using the link below and review the various sections of the document
    2. Review slides 50-51 to help determine the scope of your steering committee's role. Discuss with other stakeholder groups, as necessary, to determine the steering committee's duties, how often the group will meet, and what the regular meeting agenda will be.
    3. Customize the template to suit your organization's needs.

    Download Information Security Steering Committee Charter

    Input Output
    • N/A
    • Steering Committee
    Materials Participants
    • Information Security Steering Committee Charter Template
    • CISO
    • CRO
    • CIO
    • HR
    • Internal Audit
    • Business representative
    • Legal

    Steering committee membership

    Representation is key, but don't try to please everyone

    • For your steering committee to be effective, it should include representatives from across the organization. However, it is important not to overextend committee membership, which can interfere with decision making.
    • Participants should be selected based on the identified responsibilities of the security steering committee, and the number of people should be appropriate to the size and complexity of the organization.

    Example steering committee

    CISO
    CRO
    Internal Audit
    CIO
    Business Leaders
    HR
    Legal

    Download Information Security Steering Committee Charter

    Typical steering committee duties

    Strategic Oversight Policy Governance
    • Provide oversight and ensure alignment between information security governance and company objectives.
    • Assess the adequacy of resources and funding to sustain and advance successful security programs and practices for identifying, assessing, and mitigating cybersecurity risks across all business functions.
    • Review control audit reports and resulting remediation plans to ensure business alignment
    • Review the company's cyber insurance policies to ensure appropriate coverage.
    • Provide recommendations, based on security best practices, for significant technology investments.
    • Review policy-exception requests to determine if potential security risks can be accepted or if a workaround exists.
    • Assess the ramifications of updates to policies and standards.
    • Establish standards and procedures for escalating significant security incidents to the board, other steering committees, government agencies, and law enforcement, as appropriate.

    Typical steering committee duties

    Risk Governance Monitoring and Reporting
    • Review and approve the company's information risk governance structure.
    • Assess the company's high-risk information assets and coordinate planning to address information privacy and security needs.
    • Provide input to executive management regarding the enterprise's information security risk tolerance.
    • Review the company's cyber-response preparedness, incident response plans, and disaster recovery capabilities as applicable to the organization's information security strategy.
    • Promote an open discussion regarding information risk and integrate information risk management into the enterprise's objectives.
    • Receive periodic reports and coordinate with management on the metrics used to measure, monitor, and manage cyber risks posed to the company and to review periodic reports on selected security risk topics as the committee deems appropriate.
    • Monitor and evaluate the quality and effectiveness of the company's technology security, capabilities for disaster recovery, data protection, cyber threat detection, and cyber incident response, and management of technology-related compliance risks.

    2.1.2 Complete steering committee RACI

    1-3 hours

    1. Download the RACI template and review the membership roles. Customize the template to match the makeup of your steering committee.
    2. Read through each task in the left-hand column and determine who will be involved:
    • R - responsible: the person doing the action (can be multiple)
    • A - accountable: the owner of the task, usually a department head who delegates the execution of the task (only assigned to one stakeholder)
    • C - consulted: stakeholders that offer some kind of guidance, advice, or recommendation (can be multiple)
    • I - Informed: stakeholders that receive status updates about the task (can be multiple)

    Note: All tasks must have accountability and responsibility assigned (sometimes a single stakeholder is accountable and responsible). However, not all tasks will have someone consulted or informed.

    Download Information Security Steering Committee RACI Chart

    InputOutput
    • N/A
    • Defined roles and responsibilities
    MaterialsParticipants
    • RACI Chart
    • CISO
    • CRO
    • CIO
    • HR
    • Internal Audit
    • Business representative
    • Legal

    Step 2.2

    Set Risk Appetite

    Activities
    2.2.1 Draft qualitative risk statements

    This step involves the following participants:

    • CISO
    • CIO
    • Business representative

    Outcomes of this step

    Qualitative risk appetite

    Implement Essential Governance Processes

    Step 2.1 > Step 2.2 > Step 2.3

    Know your appetite for risk

    What is an organizational risk appetite?

    Setting risk appetite is a key governance function, as it structures how your organization will deal with the risks it will inevitably face - when they can be accepted, when they need to be mitigated, and when they must be rejected entirely.

    It is important to note that risk appetite and risk tolerance are not the same. Risk appetite refers to the amount of risk the organization is willing to accept as part of doing business, whereas risk tolerance has more to do with individual risks affecting one or more lines of business that exceed that appetite. Such risks are often tolerated as individual cases that can be mitigated to an acceptable level of risk even though it exceeds the risk-appetite threshold.

    Chart Risk Appetite

    2.1.2 Draft qualitative risk-appetite statements

    1-3 hours

    This activity is meant to provide a starting point for risk governance. To develop a comprehensive risk-management program, see Info-Tech's Combine Security Risk Management Components Into One Program blueprint.

    1. Draft statements that express your attitudes toward the kinds of risks your organization faces. The point is to set boundaries to better understand when risk mitigation may be necessary.
    2. Examples:
    • We will not accept risks that may cause us to violate SLAs.
    • We will avoid risks that may prevent the organization from operating normally.
    • We will not accept risks that may result in exposure of confidential information.
    • We will not accept risks that may cause significant brand damage.
    • We will not accept risks that pose undue risk to human life or safety.
    InputOutput
    • Definitions for high, medium, low impact and frequency
    • Set of qualitative risk-appetite statements
    MaterialsParticipants
    • Whiteboard
    • CISO
    • CIO
    • Business representative

    Step 2.3

    Implement Policy Lifecycle

    Activities
    2.3.1 Model your policy lifecycle
    2.3.2 Establish exception-approval process

    This step involves the following participants:

    • CISO
    • CIO

    Outcomes of this step

    Policy lifecycle

    Exceptions-handling process

    Implement Essential Governance Processes

    Step 2.1 > Step 2.2 > Step 2.3

    2.3.1 Model your policy lifecycle

    1-3 hours

    This activity is meant to provide a starting point for policy governance. To develop a comprehensive policy-management program, see Info-Tech's Develop and Deploy Security Policies blueprint.

    1. Review the sections within the Security Policy Lifecycle Template and delete any sections or subsections that do not apply to your organization.
    2. As necessary, modify the lifecycle and receive approved sign-off by your organization's leadership.
    3. Solicit feedback from stakeholders, specifically, IT department management and business stakeholders.

    Download the Security Policy Lifecycle Template

    InputOutput
    • N/A
    • Policy lifecycle
    MaterialsParticipants
    • Security Policy Lifecycle Template
    • CISO
    • CIO

    Develop the security policy lifecycle

    The security policy lifecycle is an integral component of the security policy program and adds value by:

    • Setting out a roadmap to define needs, develop required documentation, and implement, communicate, and measure your policy program.
    • Defining roles and responsibilities for the security policy suite.
    • Aligning the business goals, security program goals, and policy objectives.

    Security Policy Lifecycle

    Diagram inspired by: ComplianceBridge, 2021

    2.3.2 Establish exception-approval process

    1-3 hours

    1. Download the Security Policy Exception Approval Template and customize it to match your exception-handling process. Be sure to account for the recommendations on the next slide.
    2. Use the Policy Exception Tracker to record and monitor granted exceptions.

    Download the Security Policy Exception Approval Workflow

    Download the Security Policy Exception Tracker

    Input Output
    • Answers to questions provided
    • Exception-handling process
    Materials Participants
    • Security Policy Exception Approval Workflow
    • Security Policy Exception Tracker
    • CISO
    • CIO

    Determine criteria to grant policy exception

    A key part of security risk and policy governance

    • Not all policies can be complied with all the time. As technology and business needs change, sometimes exceptions must be granted for operations to continue smoothly.
    • Exceptions can be either short or long term.
      • Short-term exceptions are often granted until a particular security gap can be closed, such as allowing staff to temporarily use new laptops that have yet to receive a required VPN for remote access.
      • Long-term exceptions usually occur when closing the gap entirely is not feasible. For example, a legacy system may be unable to meet evolving security standards, but there is no room in the budget to replace it.
    • Having a formal approval process for exceptions and a record of granted exceptions will help you to stay on top of security risk governance.

    Before granting an exception:

    1. Assess security risks associated with doing so: are they acceptable?
    2. Look for another way to resolve the issue: is a suitable workaround possible?
    3. Evaluate mitigating controls: is it possible to provide an equivalent level of security via other means?
    4. Assign risk ownership: who will be accountable if an incident arises from the exception?
    5. Determine appeals process: when disagreements arise, how will the final decision be made?

    Sources: University of Virginia; CIS

    Summary of Accomplishment

    Problem Solved

    You have now established a formal governance model for your organization - congratulations! Building this model and determining stakeholders' accountabilities and responsibilities is a big step.

    Remember to continue to use the evaluate-direct-monitor framework to make sure your governance model evolves as organizational governance matures and priorities shift.

    If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation.

    Contact your account representative for more information.
    workshops@infotech.com
    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Build Governance Model
    Build a customized security governance model for your organization.

    Develop policy lifecycle
    Develop a policy lifecycle and exceptions-handling process.

    Related Info-Tech Research

    Build an Information Security Strategy

    Design a Business-Focused Security Program

    Combine Security Risk Management Components Into One Program

    Research contributors and experts

    Michelle Tran, Consulting Industry

    Michelle Tran
    Consulting Industry

    One anonymous contributor

    Bibliography

    Durbin, Steve. "Achieving The Five Levels Of Information Security Governance." Forbes, 4 Apr. 2023. Accessed 4 Apr. 2023.

    Eiden, Kevin, et al. "Organizational Cyber Maturity: A Survey of Industries." McKinsey & Company, 4 Aug. 2021. Accessed 25 Apr. 2023.

    "Information Security Exception Policy." Center for Internet Security, 2020. Accessed 14 Apr. 2023.

    "Information Security Governance." EDUCAUSE, n.d. Accessed 27 Apr. 2023.

    ISACA. COBIT 2019 Framework: Governance and Management Objectives. GF Books, 2018.

    Policies & Procedures Team. "Your Policy for Policies: Creating a Policy Management Framework." ComplianceBridge, 30 Apr. 2021. Accessed 27 Apr. 2023.

    "Security and the C-Suite: Making Security Priorities Business Priorities." LogRhythm, Feb. 2021. Accessed 25 Apr 2023.

    University of Virginia. "Policy, Standards, and Procedures Exceptions Process." Information Security at UVA, 1 Jun. 2022. Accessed 14 Apr. 2023

    Create a Post-Implementation Plan for Microsoft 365

    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications

    M365 projects are fraught with obstacles. Common mistakes organizations make include:

    • Not having a post-migration plan in place.
    • Treating user training as an afterthought.
    • Inadequate communication to end users.

    Our Advice

    Critical Insight

    There are three primary areas where organizations fail in a successful implementation of M365: training, adoption, and information governance. While it is not up to IT to ensure every user is well trained, it is their initial responsibility to find champions, SMEs, and business-based trainers and manage information governance from the backup, retention, and security aspects of data management.

    Impact and Result

    Migrating to M365 is a disruptive move for most organizations. It poses risk to untrained IT staff, including admins, help desk, and security teams. The aim for organizations, especially in this new hybrid workspace, is to maintain efficiencies through collaboration, share information in a secure environment, and work from anywhere, any time.

    Create a Post-Implementation Plan for Microsoft 365 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a Post-Implementation Plan for Microsoft 365 Storyboard – A deck that guides you through the important considerations that will help you avoid common pitfalls and make the most of your investment.

    There are three primary goals when deploying Microsoft 365: productivity, security and compliance, and collaborative functionality. On top of these you need to meet the business KPIs and IT’s drive for adoption and usage. This research will guide you through the important considerations that are often overlooked as this powerful suite of tools is rolled out to the organization.

    [infographic]

    Further reading

    Create a Post-Implementation Plan for Microsoft 365

    You’ve deployed M365. Now what? Look at your business goals and match your M365 KPIs to meet those objectives.

    Analyst perspective

    You’ve deployed M365. Now what?

    John Donovan

    There are three primary objectives when deploying Microsoft 365: from a business perspective, the expectations are based on productivity; from an IT perspective, the expectations are based on IT efficiencies, security, and compliance; and from an organizational perspective, they are based on a digital employee experience and collaborative functionality.

    Of course, all these expectations are based on one primary objective, and that is user adoption of Teams, OneDrive, and SharePoint Online. A mass adoption, along with a high usage rate and a change in the way users work, is required for your investment in M365 to be considered successful.

    So, adoption is your first step, and that can be tracked and analyzed through analytics in M365 or other tools. But what else needs to be considered once you have released M365 on your organization? What about backup? What about security? What about sharing data outside your business? What about self-service? What about ongoing training? M365 is a powerful suite of tools, and taking advantage of all that it entails should be IT’s primary goal. How to accomplish that, efficiently and securely, is up to you!

    John Donovan
    Principal Research Director, I&O
    Info-Tech Research Group

    Insight summary

    Collaboration, efficiencies, and cost savings need to be earned

    Migrating to M365 is a disruptive move for most organizations. Additionally, it poses risk to untrained IT staff, including admins, help desk, and security teams. The aim for organizations, especially in this new hybrid workspace, is to maintain efficiencies through collaboration, share information in a secure environment, and work from anywhere, any time. However, organizations need to manage their licensing and storage costs and build this new way of working through post-deployment planning. By reducing their hardware and software footprint they can ensure they have earned these savings and efficiencies.

    Understand any shortcomings in M365 or pay the price

    Failing to understand any shortcomings M365 poses for your organization can ruin your chances at a successful implementation. Commonly overlooked expenses include backup and archiving, especially for regulated organizations; spending on risk mitigation through third-party tools for security; and paying a premium to Microsoft to use its Azure offerings with Microsoft Sentinel, Microsoft Defender, or any security add-on that comes at a price above your E5 license, which is expensive in itself.

    Spend time with users to understand how they will use M365

    Understanding business processes is key to anticipating how your end users will adopt M365. By spending time with the staff and understanding their day-to-day activities and interactions, you can build better training scenarios to suit their needs and help them understand how the apps in M365 can help them do their job. On top of this you need to meet the business KPIs and IT’s drive for adoption and usage. Encourage early adopters to become trainers and champions. Success will soon follow.

    Executive summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    M365 is a full suite of tools for collaboration, communication, and productivity, but organizations find the platform is not used to its full advantage and fail to get full value from their license subscription.

    Many users are unsure which tool to use when: Do you use Teams or Viva Engage, MS Project or Planner? When do you use SharePoint versus OneDrive?

    From an IT perspective, finding time to help users at the outset is difficult – it’s quite the task to set up governance, security, and backup. Yet training staff must be a priority if the implementation is to succeed.

    M365 projects are fraught with obstacles. Common mistakes organizations make include:

    • No post-migration plan in place.
    • User training is an afterthought.
    • Lack of communication to end users.
    • No C-suite promotion and sponsorship.
    • Absence of a vision and KPIs to meet that vision.

    To define your post-migration tasks and projects:

    • List all projects in a spreadsheet and rank them according to difficulty and impact.
    • Look for quick wins with easy tasks that have high impact and low difficulty.
    • Build a timeline to execute your plans and communicate clearly how these plans will impact the business and meet that vision.

    Failure to take meaningful action will not bode well for your M365 journey.

    Info-Tech Insight

    There are three primary areas where organizations fail in a successful implementation of M365: training, adoption, and information governance. While it is not up to IT to ensure every user is well trained, it is their initial responsibility to find champions, SMEs, and business-based trainers and to manage information governance from backup, retention, and security aspects of data management.

    Business priorities

    What priorities is IT focusing on with M365 adoption?

    What IT teams are saying

    • In a 2019 SoftwareONE survey, the biggest reason IT decision makers gave for adopting M365 was to achieve a “more collaborative working style.”
    • Organizations must plan and execute a strategy for mass adoption and training to ensure processes match business goals.
    • Cost savings can only be achieved through rightsizing license subscriptions, retiring legacy apps, and building efficiencies within the IT organization.
    • With increased mobility comes with increased cybersecurity risk. Make sure you take care of your security before prioritizing mobility. Multifactor authentication (MFA), conditional access (CA), and additional identity management will maintain a safe work-from-anywhere environment.

    Top IT reasons for adopting M365

    61% More collaborative working style

    54% Cost savings

    51% Improved cybersecurity

    49% Greater mobility

    Source: SoftwareONE, 2019; N=200 IT decision makers across multiple industries and organization sizes

    Define & organize post-implementation projects

    Key areas to success

    • Using Microsoft’s M365 adoption guide, we can prioritize and focus on solutions that will bring about better use of the M365 suite.
    • Most of your planning and prioritizing should be done before implementation. Many organizations, however, adopted M365 – and especially Teams, SharePoint Online, and OneDrive – in an ad hoc manner in response to the pandemic measures that forced users to work from home.
    • Use a Power BI Pro license to set up dashboards for M365 usage analytics. Install GitHub from AppSource and use the templates that will give you good insight and the ability to create business reports to show adoption and usage rates on the platform.
    • Reimagine your working behavior. Remember, you want to bring about a more collective and open framework for work. Take advantage of a champion SME to show the way. Every organization is different, so make sure your training is aligned to your business processes.
    The image contains a screenshot of the M365 post-implementation tasks.

    Process steps

    Define Vision

    Build Team

    Plan Projects

    Execute

    Define your vision and what your priorities are for M365. Understand how to reach your vision.

    Ensure you have an executive sponsor, develop champions, and build a team of SMEs.

    List all projects in a to-be scenario. Rank and prioritize projects to understand impact and difficulty.

    Build your roadmap, create timelines, and ensure you have enough resources and time to execute and deliver to the business.

    Info-Tech’s approach

    Use the out-of-the-box tools and take advantage of your subscription.

    The image contains a screenshot of the various tools and services Microsoft provides.

    Info-Tech Insight

    A clear understanding of the business purpose and processes, along with insight into the organizational culture, will help you align the right apps with the right tasks. This approach will bring about better adoption and collaboration and cancel out the shadow IT products we see in every business silo.

    Leverage built-in usage analytics

    Adoption of services in M365

    To give organizations insight into the adoption of services in M365, Microsoft provides built-in usage analytics in Power BI, with templates for visualization and custom reports. There are third-party tools out there, but why pay more? However, the template app is not free; you do need a Power BI Pro license.

    Usage Analytics pulls data from ActiveDirectory, including location, department, and organization, giving you deeper insight into how users are behaving. It can collect up to 12 months of data to analyze.

    Reports that can be created include Adoption, Usage, Communication, Collaboration (how OneDrive and SharePoint are being used), Storage (cloud storage for mailboxes, OneDrive, and SharePoint), and Mobility (which clients and devices are used to connect to Teams, email, Yammer, etc.).

    Source: Microsoft 365 usage analytics

    Understand admin roles

    Prevent intentional or unintentional internal breaches

    Admin Roles

    Best Practices

    • Global admin: Assign this role only to users who need the most access to management features and data across your tenant. Only global admins can modify an admin role.
    • Exchange admin: Assign this role to users who need to view and manage user mailboxes, M365 groups, and Exchange Online and handle Microsoft support requests.
    • Groups admin: These users can create, edit, delete, and restore M365 groups as well as create expiration and naming policies.
    • Helpdesk admin: These users can resets passwords, force user sign-out, manage Microsoft support requests, and monitor service health.
    • Teams/SharePoint Online admin: Assign these roles for users who manage the Teams and SharePoint Admin Center.
    • User admin: These users can assign licenses, add users and groups, manage user properties, and create and manage user views.

    Only assign two to four global admins, depending on the size of the organization. Too many admins increases security risk. In larger organizations, segment admin roles using role-based access control.

    Because admins have access to sensitive data, you’ll want to assign the least permissive role so they can access only the tools and data they need to do their job.

    Enable MFA for all admins except one break-glass account that is stored in the cloud and not synced. Ensure a complex password, stored securely, and use only in the event of an MFA outage.

    Due to the large number of admin roles available and the challenges that brings with it, Microsoft has a built-in tool to compare roles in the admin portal. This can help you determine which role should be used for specific tasks.

    Secure your M365 tenant

    A checklist to ensure basic security coverage post M365

    • Multifactor Authentication: MFA is part of your M365 tenant, so using it should be a practical identity security. If you want additional conditional access (CA), you will require an Azure AD (AAD) Premium P1+ license. This will ensure adequate identity security protecting the business.
    • Password Protection: Use the AAD portal to set this up under Security > Authentication Methods. Microsoft provides a list of over 2,000 known bad passwords and variants to block.
    • Legacy Authentication: Disable legacy protocols; check to see if your legacy apps/workflows/scripts use them in the AAD portal. Once identified, update them and turn the protocols off. Use CA policies.
    • Self-Service Password Reset: Enable self-service to lower the helpdesk load for password resets. Users will have to initially register and set security questions. Hybrid AD businesses must write back to AD from AAD once changes are made.
    • Security Defaults: For small businesses, turn on default settings. To enable additional security settings, such as break- glass accounts, go into Manage Security Defaults in your AAD properties.
    • Conditional Access (CA) Policies: Use CA policies if strong identity security and zero trust are required. To create policies in AAD go to Security > Conditional Access > New Policies.

    Identity Checklist

    • Enable MFA for Admins
    • Enable MFA for Users
    • Disable App Passwords
    • Configure Trusted IPs
    • Disable Text/Phone MFA
    • Remember MFA on Trusted Devices for 90 Days
    • Train Staff in Using MFA Correctly
    • Integrate Apps Into Azure AD

    Training guidelines

    Identify business scenarios and training adoption KPIs

    • Customize your training to meet your organizational goals, align with your business culture, and define how users will work inside the world of M365.
    • Create scenario templates that align to your current day-to-day operations in each department. These can be created by individual business unit champions.
    • Make sure you have covered must-have capabilities and services within M365 that need to be rolled out post-pilot.
    • Phase in large transitions rather than multiple small ones to ensure collaboration between departments meets business scenarios.
    • Ensure your success metrics are being measured and continue to communicate and train after deployment using tools available in M365. See Microsoft’s adoption guidelines and template for training.

    Determine your training needs and align with your business processes. Choose training modalities that will give users the best chance of success. Consider one or many training methods, such as:

    • Online training
    • In-person classroom
    • Business scenario use cases
    • Mentoring
    • Department champion/Early adopter
    • Weekly bulletin fun facts

    Don’t forget backup!

    Providing 99% uptime and availability is not enough

    Why is M365 backup so important?

    Accidental Data Deletion.

    If a user is deleted, that deletion gets replicated across the network. Backup can save you here by restoring that user.

    Internal and External Security Threats.

    Malicious internal deletion of data and external threats including viruses, ransomware, and malware can severely damage a business and its reputation. A clean backup can easily restore the business’ uninfected data.

    Legal and Compliance Requirements.

    While e-discovery and legal hold are available to retain sensitive data, a third-party backup solution can easily search and restore all data to meet regulatory requirements – without depending on someone to ensure a policy was set.

    Retention Policy Gaps.

    Retention policies are not a substitute for backup. While they can be used to retain or delete content, they are difficult to keep track of and manage. Backups offer greater latitude in retention and better security for that data.

    Retire your legacy apps to gain adoption

    Identify like for like and retire your legacy apps

    Legacy

    Microsoft 365

    SharePoint 2016/19

    SharePoint Online

    Microsoft Exchange Server

    Microsoft Exchange in Azure

    Skype for Business Server

    Teams

    Trello

    Planner 2022

    System Center Configuration Manager (SCCM)

    Endpoint Manager, Intune, Autopilot

    File servers

    OneDrive

    Access

    Power Apps

    To meet the objectives of cost reduction and rationalization, look at synergies that M365 brings to the table. Determine what you are currently using to meet collaboration, storage, and security needs and plan to use the equivalent in your Microsoft entitlement.

    Managing M365’s hidden costs

    Licenses and storage limits TCO

    • Email security. Ninety-one percent of all cyberattacks come from phishing on email. Microsoft Defender for M365 is a bolt-on, so it is an additional cost.
    • Backup. This will bring additional cost to M365. Plan to spend more to ensure data is backed up and stored.
    • Email archiving. Archiving is different than backup. See our research on the subject. Archiving is needed for compliance purposes. Email archiving solutions are available through third-party software, which is an added cost.
    • Email end-to-end encryption. This is a requirement for all organizations that are serious about security. The enterprise products from Microsoft come at an additional cost.
    • Cybersecurity training. IT needs to ramp up on training, another expense.
    • Microsoft 365 Power Platform Licencing. From low-code and no-code developer tools (Power Apps), workflow tools (Power Automate), and business intelligence (Power BI) – while the E5 license gives you Power BI Pro, there are limitations and costs. Power BI Pro has limitations for data volume, data refresh, and query response time, so your premium license comes at a considerably marked up cost.

    M365 is not standalone

    • While Microsoft 365 is a platform that is ”just good enough,” it is actually not good enough in today’s cyberthreat environment. Microsoft provides add-ons with Defender for 365, Purview, and Sentinel, which pose additional costs, just like a third-party solution would. See the Threat Intelligence & Incident Response research in our Security practice.
    • The lack of data archiving, backup, and encryption means additional costs that may not have been budgeted for at the outset. Microsoft provides 30-60-90-day recovery, but anything else is additional cost. For more information see Understand the Difference between Backups and Archiving.

    Compliance and regulations

    Security and compliance features out of the box

    There are plenty of preconfigured security features contained in M365, but what’s available to you depends on your license. For example, Microsoft Defender, which has many preset policies, is built-in for E5 licenses, but if you have E3 licenses Defender is an add-on.

    Three elements in security policies are profiles, policies, and policy settings.

    • Preset Profiles come in the shape of:
      • Standard – baseline protection for most users
      • Strict – aggressive protection for profiles that may be high-value targets
      • Built-in Protection – turned on by default; it is not recommended to make exceptions based on users, groups, or domains
    • Preset Security Policies
      • Exchange Online Protection Policies – anti-spam, -malware, and -phishing policies
      • Microsoft Defender Policies – safe links and safe attachments policies
    • Policy Settings
      • User impersonation protection for internal and external domains
      • Select priorities from strict, standard, custom, and built-in

    Info-Tech Insight

    Check your license entitlement before you start purchasing add-ons or third-party solutions. Security and compliance are not optional in today’s cybersecurity risk world. With many organizations offering hybrid and remote work arrangements and bring-your-own-device (BYOD) policies, it is necessary to protect your data at the tenant level. Defender for Microsoft 365 is a tool that can protect both your exchange and collaboration environments.

    More information: Microsoft 365 Defender

    Use Intune and Autopilot

    Meet the needs of your hybrid workforce

    • Using the tools available in M365 can help you develop your hybrid or remote work strategy.
    • This strategy will help you maintain security controls for mobile and BYOD.
    • Migrating to Intune and Autopilot will give rise to the opportunity to migrate off SCCM and further reduce your on-premises infrastructure.

    NOTE: You must have Azure AD Premium and Windows 10 V1703 or later as well as Intune or other MDM service to use Autopilot. There is a monthly usage fee based on volume of data transmitted. These fees can add up over time.

    For more details visit the following Microsoft Learn pages:

    Intune /Autopilot Overview

    The image contains a screenshot of the Intune/Autopilot Overview.

    Info-Tech’s research on zero-touch provisioning goes into more detail on Intune and Autopilot:
    Simplify Remote Deployment With Zero-Touch Provisioning

    M365 long-term strategies

    Manage your costs in an inflationary world

    • Recent inflation globally, whether caused by supply chain woes or political uncertainty, will impact IT and cloud services along with everything else. Be prepared to pay more for your existing services and budget accordingly.
    • Your long-term strategies must include ongoing cost management, data management, security risks, and license and storage costs.
    • Continually investigate efficiencies, overlaps, and new tools in M365 that can get the job done for the business. Use as many of the applications as you can to ensure you are getting the best bang for your buck.
    • Watch for upgrades in the M365 suite of tools. As Microsoft continues to improve and deliver on most business applications well after their first release, you may find that something that was previously inefficient could work in your environment today and replace a tool you currently use.

    Ongoing Activities You Need to Maintain

    • Be aware of increased license costs and higher storage costs.
    • Keep an eye on Teams sprawl.
    • Understand your total cost of ownership.
    • Continue to look at legacy apps and get rid of your infrastructure debt.

    Activity

    Build your own M365 post-migration plan

    1. Using slide 6 as your guideline, create your own project list using impact and difficulty as your weighting factors.
    2. Do this exercise as a whiteboard sticky note exercise to agree on impact and difficulty as a team.
    3. Identify easy wins that have high impact.
    4. Place the projects into a project plan with time lines.
    5. Agree on start and completion dates.
    6. Ensure you have the right resources to execute.

    The image contains a screenshot of the activity described in the above text.

    Related Info-Tech Research

    Govern Office 365

    • Office 365 is as difficult to wrangle as it is valuable. Leverage best practices to produce governance outcomes aligned with your goals.

    Drive Ongoing Adoption With an M365 Center of Excellence

    • Accelerate business processes change and get more value from your subscription by building and sharing, thanks to an effective center of excellence.

    Simplify Remote Deployment With Zero-Touch Provisioning

    • Adopt zero-touch provisioning to provide better services to your end users.
    • Save time and resources during device deployment while providing a high-quality experience to remote end users.

    Bibliography

    “5 Reasons Why Microsoft Office 365 Backup Is Important.” Apps 4Rent, Dec 2021, Accessed Oct 2022 .
    Chandrasekhar, Aishwarya. “Office 365 Migration Best Practices & Challenges 2022.” Saketa, 31 Mar 2022. Accessed Oct. 2022.
    Chronlund, Daniel. “The Fundamental Checklist – Secure your Microsoft 365 Tenant”. Daniel Chronlund Cloud Tech Blog,1 Feb 2019. Accessed 1 Oct 2022.
    Davies, Joe. “The Microsoft 365 Enterprise Deployment Guide.” Tech Community, Microsoft, 19 Sept 2018. Accessed 2 Oct 2022.
    Dillaway, Kevin. “I Upgraded to Microsoft 365 E5, Now What?!.” SpyGlassMTG, 10 Jan 2022. Accessed 4 Oct. 2022.
    Hartsel, Joe. “How to Make Your Office 365 Implementation Project a Success.” Centric, 20 Dec 2021. Accessed 2 Oct. 2022.
    Jha, Mohit. “The Ultimate Microsoft Office 365 Migration Checklist for Pre & Post Migration.” Office365 Tips.Org, 24 June 2022. Accessed Sept. 2022.
    Lang, John. “Why organizations don't realize the full value of Microsoft 365.“Business IT, 29 Nov 202I. Accessed 10 Oct 2022.
    Mason, Quinn. “How to increase Office 365 / Microsoft 365 user adoption.” Sharegate, 19 Sept 2019. Accessed 3 Oct 2022.
    McDermott, Matt. “6-Point Office 365 Post-Migration Checklist.” Spanning , 12 July 2019 . Accessed 4 Oct 2022.
    “Microsoft 365 usage analytics.” Microsoft 365, Microsoft, 25 Oct 2022. Web.
    Sharma, Megha. “Office 365 Pre & Post Migration Checklist.’” Kernel Data Recovery, 26 July 2022. Accessed 30 Sept. 2022.
    Sivertsen, Per. “How to avoid a failed M365 implementation? Infotechtion, 19 Dec 2021. Accessed 2 Oct. 2022.
    St. Hilaire, Dan. “Most Common Mistakes with Office 365 Deployment (and How to Avoid Them).“ KnowledgeWave, 4Mar 2019. Accessed Oct. 2022.
    “Under the Hood of Microsoft 365 and Office 365 Adoption.” SoftwareONE, 2019. Web.

    Dive Into Five Years of Security Strategies

    • Buy Link or Shortcode: {j2store}247|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • As organizations build their security programs, there is often the question of what are other companies doing.
    • Part of this is a desire to know whether challenges are unique to certain companies, but also to understand how people are tackling some of their security gaps.

    Our Advice

    Critical Insight

    Don’t just wonder what others are doing – use this report to see how companies are faring in their current state, where they want to target in their future state, and the ways they’re planning to raise their security posture.

    Impact and Result

    • Whether you’re building out your security program for the first time or are just interested in how others are faring, review insights from 66 security strategies in this report.
    • This research complements the blueprint, Build an Information Security Program, and can be used as a guide while completing that project.

    Dive Into Five Years of Security Strategies Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Start here – read the Executive Brief

    Read our concise Executive Brief to find out what this report contains.

    [infographic]

    Demystify Oracle Licensing and Optimize Spend

    • Buy Link or Shortcode: {j2store}136|cart{/j2store}
    • member rating overall impact (scale of 10): 9.9/10 Overall Impact
    • member rating average dollars saved: $85,754 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • License keys are not needed with optional features accessible upon install. Conducting quarterly checks of the Oracle environment is critical because if products or features are installed, even if they are not actively in use, it constitutes use by Oracle and requires a license.
    • Ambiguous license models and definitions abound: terminology and licensing rules can be vague, making it difficult to purchase licensing even with the best of intentions to keep compliant.
    • Oracle has aggressively started to force new Oracle License and Service Agreements (OLSA) on customers that slightly modify language and remove pre-existing allowances to tilt the contract terms in Oracle's favor.

    Our Advice

    Critical Insight

    • Focus on needs first. Conduct a thorough requirements assessment and document the results. Well-documented license needs will be your core asset in navigating Oracle licensing and negotiating your agreement.
    • Communicate effectively. Be aware that Oracle will reach out to employees at your organization at various levels. Having your executives on the same page will help send a strong message.
    • Manage the relationship. If Oracle is managing you, there is a high probability you are over paying or providing information that may result in an audit.

    Impact and Result

    • Conducting business with Oracle is not typical compared to other vendors. To emerge successfully from a commercial transaction with Oracle, customers must learn the "Oracle way" of conducting business, which includes a best-in-class sales structure, highly unique contracts and license use policies, and a hyper-aggressive compliance function.
    • Map out the process of how to negotiate from a position of strength, examining terms and conditions, discount percentages, and agreement pitfalls.
    • Develop a strategy that leverages and utilizes an experienced Oracle DBA to gather accurate information, and then optimizes it to mitigate and meet the top challenges.

    Demystify Oracle Licensing and Optimize Spend Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you need to understand and document your Oracle licensing strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish licensing requirements

    Begin your proactive Oracle licensing journey by understanding which information to gather and assessing the current state and gaps.

    • Demystify Oracle Licensing and Optimize Spend – Phase 1: Establish Licensing Requirements
    • Oracle Licensing Purchase Reference Guide
    • Oracle Database Inventory Tool
    • Effective Licensing Position Tool
    • RASCI Chart

    2. Evaluate licensing options

    Review current licensing models and determine which licensing models will most appropriately fit your environment.

    • Demystify Oracle Licensing and Optimize Spend – Phase 2: Evaluate Licensing Options

    3. Evaluate agreement options

    Review Oracle’s contract types and assess which best fit the organization’s licensing needs.

    • Demystify Oracle Licensing and Optimize Spend – Phase 3: Evaluate Agreement Options
    • Oracle TCO Calculator

    4. Purchase and manage licenses

    Conduct negotiations, purchase licensing, and finalize a licensing management strategy.

    • Demystify Oracle Licensing and Optimize Spend – Phase 4: Purchase and Manage Licenses
    • Oracle Terms & Conditions Evaluation Tool
    • Controlled Vendor Communications Letter
    • Vendor Communication Management Plan
    [infographic]

    Workshop: Demystify Oracle Licensing and Optimize Spend

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Licensing Requirements

    The Purpose

    Assess current state and align goals; review business feedback

    Interview key stakeholders to define business objectives and drivers

    Key Benefits Achieved

    Have a baseline for requirements

    Assess the current state

    Determine licensing position

    Examine cloud options

    Activities

    1.1 Gather software licensing data

    1.2 Conduct a software inventory

    1.3 Perform manual checks

    1.4 Reconcile licenses

    1.5 Create your Oracle licensing team

    1.6 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Copy of your Oracle License Statement

    Software inventory report from software asset management (SAM) tool

    Oracle Database Inventory Tool

    RASCI Chart

    Oracle Licensing Effective License Position (ELP) Template

    Oracle Licensing Purchase Reference Guide

    2 Evaluate Licensing Options

    The Purpose

    Review licensing options

    Review licensing rules

    Key Benefits Achieved

    Understand how licensing works

    Determine if you need software assurance

    Discuss licensing rules, application to current environment.

    Examine cloud licensing

    Understand the importance of documenting changes

    Meet with desktop product owners to determine product strategies

    Activities

    2.1 Review full, limited, restricted, and AST use licenses

    2.2 Calculate license costs

    2.3 Determine which database platform to use

    2.4 Evaluate moving to the cloud

    2.5 Examine disaster recovery strategies

    2.6 Understand purchasing support

    2.7 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Oracle TCO Calculator

    Oracle Licensing Purchase Reference Guide

    3 Evaluate Agreement Options

    The Purpose

    Review contract option types

    Review vendors

    Key Benefits Achieved

    Understand why a type of contract is best for you

    Determine if ULA or term agreement is best

    The benefits of other types and when you should change

    Activities

    3.1 Prepare to sign or renew your ULA

    3.2 Decide on an agreement type that nets the maximum benefit

    Outputs

    Type of contract to be used

    Oracle TCO Calculator

    Oracle Licensing Purchase Reference Guide

    4 Purchase and Manage Licenses

    The Purpose

    Finalize the contract

    Prepare negotiation points

    Discuss license management

    Evaluate and develop a roadmap for future licensing

    Key Benefits Achieved

    Negotiation strategies

    Licensing management

    Introduction of SAM

    Leverage the work done on Oracle licensing to get started on SAM

    Activities

    4.1 Control the flow of communication terms and conditions

    4.2 Use Info-Tech’s readiness assessment in preparation for the audit

    4.3 Assign the right people to manage the environment

    4.4 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Controlled Vendor Communications Letter

    Vendor Communication Management Plan

    Oracle Terms & Conditions Evaluation Tool

    RASCI Chart

    Oracle Licensing Purchase Reference Guide

    Avoid Project Management Pitfalls

    • Buy Link or Shortcode: {j2store}374|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Program & Project Management
    • Parent Category Link: /program-and-project-management
    • IT organizations seem to do everything in projects, yet fewer than 15% successfully complete all deliverables on time and on budget.
    • Project managers seem to succumb to the relentless pressure from stakeholders to deliver more, more quickly, with fewer resources, and with less support than is ideal.
    • To achieve greater likelihood that your project will stay on track, watch out for the four big pitfalls: scope creep, failure to obtain stakeholder commitment, inability to assemble a team, and failure to plan.

    Our Advice

    Critical Insight

    • While many project managers worry about proper planning as the key to project success, skilled management of the political factors around a project has a much greater impact on success.
    • Alone, combating scope creep can improve your likelihood of success by a factor of 2x.
    • A strong project sponsor will be key to fighting the inevitable battles to control scope and obtain resources.

    Impact and Result

    • Take steps to avoid falling into common project pitfalls.
    • Assess which pitfalls threaten your project in its current state and take appropriate steps to avoid falling into them.
    • Avoiding pitfalls will allow you to deliver value on time and on budget, creating the perception of success in users’ and managers’ eyes.

    Avoid Project Management Pitfalls Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Learn about common PM pitfalls and the strategies to avoid them

    Consistently meet project goals through enhanced PM knowledge and awareness.

    • Storyboard: Avoid Project Management Pitfalls
    • None

    2. Detect project pitfalls

    Take action and mitigate a pitfall before it becomes a problem.

    • Project Pitfall Detection & Mitigation Tool

    3. Document and report PM issues

    Learn from issues encountered to help map PM strategies for future projects.

    • Project Management Pitfalls Issue Log
    [infographic]

    Create a Right-Sized Disaster Recovery Plan

    • Buy Link or Shortcode: {j2store}410|cart{/j2store}
    • member rating overall impact (scale of 10): 9.6/10 Overall Impact
    • member rating average dollars saved: $83,037 Average $ Saved
    • member rating average days saved: 32 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Any time a natural disaster or major IT outage occurs, it increases executive awareness and internal pressure to create a disaster recovery plan (DRP).
    • Traditional DRP templates are onerous and result in a lengthy, dense plan that might satisfy auditors but will not be effective in a crisis.
    • The myth that a DRP is only for major disasters leaves organizations vulnerable to more common incidents.
    • The growing use of outsourced infrastructure services has increased reliance on vendors to meet recovery timeline objectives.

    Our Advice

    Critical Insight

    • At its core, disaster recovery (DR) is about ensuring service continuity. Create a plan that can be leveraged for both isolated and catastrophic events.
    • Remember Murphy’s Law. Failure happens. Focus on improving overall resiliency and recovery, rather than basing DR on risk probability analysis.
    • Cost-effective DR and service continuity starts with identifying what is truly mission critical so you can focus resources accordingly. Not all services require fast failover.

    Impact and Result

    • Define appropriate objectives for service downtime and data loss based on business impact.
    • Document an incident response plan that captures all of the steps from event detection to data center recovery.
    • Create a DR roadmap to close gaps between current DR capabilities and recovery objectives.

    Create a Right-Sized Disaster Recovery Plan Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Disaster Recovery Plan (DRP) Research – A step-by-step document that helps streamline your DR planning process and build a plan that's concise, usable, and maintainable.

    Any time a major IT outage occurs, it increases executive awareness and internal pressure to create an IT DRP. This blueprint will help you develop an actionable DRP by following our four-phase methodology to define scope, current status, and dependencies; conduct a business impact analysis; identify and address gaps in the recovery workflow; and complete, extend, and maintain your DRP.

    • Create a Right-Sized Disaster Recovery Plan – Phases 1-4

    2. DRP Case Studies – Examples to help you understand the governance and incident response components of a DRP and to show that your DRP project does not need to be as onerous as imagined.

    These examples include a client who leveraged the DRP blueprint to create practical, concise, and easy-to-maintain DRP governance and incident response plans and a case study based on a hospital providing a wide range of healthcare services.

    • Case Study: Practical, Right-Sized DRP
    • Case Study: Practical, Right-Sized DRP – Healthcare Example

    3. DRP Maturity Scorecard – An assessment tool to evaluate the current state of your DRP.

    Use this tool to measure your current DRP maturity and identify gaps to address. It includes a comprehensive list of requirements for your DRP program, including core and industry requirements.

    • DRP Maturity Scorecard

    4. DRP Project Charter Template – A template to communicate important details on the project purpose, scope, and parameters.

    The project charter template includes details on the project overview (description, background, drivers, and objectives); governance and management (project stakeholders/roles, budget, and dependencies); and risks, assumptions, and constraints (known and potential risks and mitigation strategy).

    • DRP Project Charter Template

    5. DRP Business Impact Analysis Tool – An evaluation tool to estimate the impact of downtime to determine appropriate, acceptable recovery time objectives (RTOs) and recovery point objectives (RPOs) and to review gaps between objectives and actuals.

    This tool enables you to identify critical applications/systems; identify dependencies; define objective scoring criteria to evaluate the impact of application/system downtime; determine the impact of downtime and establish criticality tiers; set recovery objectives (RTO/RPO) based on the impact of downtime; record recovery actuals (RTA/RPA) and identify any gaps between objectives and actuals; and identify dependencies that regularly fail (and have a significant impact when they fail) to prioritize efforts to improve resiliency.

    • DRP Business Impact Analysis Tool
    • Legacy DRP Business Impact Analysis Tool

    6. DRP BIA Scoring Context Example – A tool to record assumptions you made in the DRP Business Impact Analysis Tool to explain the results and drive business engagement and feedback.

    Use this tool to specifically record assumptions made about who and what are impacted by system downtime and record assumptions made about impact severity.

    • DRP BIA Scoring Context Example

    7. DRP Recovery Workflow Template – A flowchart template to provide an at-a-glance view of the recovery workflow.

    This simple format is ideal during crisis situations, easier to maintain, and often quicker to create. Use this template to document the Notify - Assess - Declare disaster workflow, document current and planned future state recovery workflows, including gaps and risks, and review an example recovery workflow.

    • DRP Recovery Workflow Template (PDF)
    • DRP Recovery Workflow Template (Visio)

    8. DRP Roadmap Tool – A visual roadmapping tool that will help you plan, communicate, and track progress for your DRP initiatives.

    Improving DR capabilities is a marathon, not a sprint. You likely can't fund and resource all the measures for risk mitigation at once. Instead, use this tool to create a roadmap for actions, tasks, projects, and initiatives to complete in the short, medium, and long term. Prioritize high-benefit, low-cost mitigations.

    • DRP Roadmap Tool

    9. DRP Recap and Results Template – A template to summarize and present key findings from your DR planning exercises and documents.

    Use this template to present your results from the DRP Maturity Scorecard, BCP-DRP Fitness Assessment, DRP Business Impact Analysis Tool, tabletop planning exercises, DRP Recovery Workflow Template, and DRP Roadmap Tool.

    • DRP Recap and Results Template

    10. DRP Workbook – A comprehensive tool that enables you to organize information to support DR planning.

    Leverage this tool to document information regarding DRP resources (list the documents/information sources that support DR planning and where they are located) and DR teams and contacts (list the DR teams, SMEs critical to DR, and key contacts, including business continuity management team leads that would be involved in declaring a disaster and coordinating response at an organizational level).

    • DRP Workbook

    11. Appendix

    The following tools and templates are also included as part of this blueprint to use as needed to supplement the core steps above:

    • DRP Incident Response Management Tool
    • DRP Vendor Evaluation Questionnaire
    • DRP Vendor Evaluation Tool
    • Severity Definitions and Escalation Rules Template
    • BCP-DRP Fitness Assessment
    [infographic]

    Workshop: Create a Right-Sized Disaster Recovery Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Parameters for Your DRP

    The Purpose

    Identify key applications and dependencies based on business needs.

    Key Benefits Achieved

    Understand the entire IT “footprint” that needs to be recovered for key applications. 

    Activities

    1.1 Assess current DR maturity.

    1.2 Determine critical business operations.

    1.3 Identify key applications and dependencies.

    Outputs

    Current challenges identified through a DRP Maturity Scorecard.

    Key applications and dependencies documented in the Business Impact Analysis (BIA) Tool.

    2 Determine the Desired Recovery Timeline

    The Purpose

    Quantify application criticality based on business impact.

    Key Benefits Achieved

    Appropriate recovery time and recovery point objectives defined (RTOs/RPOs).

    Activities

    2.1 Define an objective scoring scale to indicate different levels of impact.

    2.2 Estimate the impact of downtime.

    2.3 Determine desired RTO/RPO targets for applications based on business impact.

    Outputs

    Business impact analysis scoring criteria defined.

    Application criticality validated.

    RTOs/RPOs defined for applications and dependencies.

    3 Determine the Current Recovery Timeline and DR Gaps

    The Purpose

    Determine your baseline DR capabilities (your current state).

    Key Benefits Achieved

    Gaps between current and desired DR capability are quantified.

    Activities

    3.1 Conduct a tabletop exercise to determine current recovery procedures.

    3.2 Identify gaps between current and desired capabilities.

    3.3 Estimate likelihood and impact of failure of individual dependencies.

    Outputs

    Current achievable recovery timeline defined (i.e. the current state).

    RTO/RPO gaps identified.

    Critical single points of failure identified.

    4 Create a Project Roadmap to Close DR Gaps

    The Purpose

    Identify and prioritize projects to close DR gaps.

    Key Benefits Achieved

    DRP project roadmap defined that will reduce downtime and data loss to acceptable levels.

    Activities

    4.1 Determine what projects are required to close the gap between current and desired DR capability.

    4.2 Prioritize projects based on cost, effort, and impact on RTO/RPO reduction.

    4.3 Validate that the suggested projects will achieve the desired DR capability.

    Outputs

    Potential DR projects identified.

    DRP project roadmap defined.

    Desired-state incident response plan defined, and project roadmap validated.

    5 Establish a Framework for Documenting Your DRP, and Summarize Next Steps

    The Purpose

    Outline how to create concise, usable DRP documentation.

    Summarize workshop results. 

    Key Benefits Achieved

    A realistic and practical approach to documenting your DRP.

    Next steps documented. 

    Activities

    5.1 Outline a strategy for using flowcharts and checklists to create concise, usable documentation.

    5.2 Review Info-Tech’s DRP templates for creating system recovery procedures and a DRP summary document.

    5.3 Summarize the workshop results, including current potential downtime and action items to close gaps.

    Outputs

    Current-state and desired-state incident response plan flowcharts.

    Templates to create more detailed documentation where necessary.

    Executive communication deck that outlines current DR gaps, how to close those gaps, and recommended next steps.

    Further reading

    Create a Right-Sized Disaster Recovery Plan

    Close the gap between your DR capabilities and service continuity requirements.

    ANALYST PERSPECTIVE

    An effective disaster recovery plan (DRP) is not just an insurance policy.

    "An effective DRP addresses common outages such as hardware and software failures, as well as regional events, to provide day-to-day service continuity. It’s not just insurance you might never cash in. Customers are also demanding evidence of an effective DRP, so organizations without a DRP risk business impact not only from extended outages but also from lost sales. If you are fortunate enough to have executive buy-in, whether it’s due to customer pressure or concern over potential downtime, you still have the challenge of limited time to dedicate to disaster recovery (DR) planning. Organizations need a practical but structured approach that enables IT leaders to create a DRP without it becoming their full-time job."

    Frank Trovato,

    Research Director, Infrastructure

    Info-Tech Research Group

    Is this research for you?

    This Research Is Designed For:

    • Senior IT management responsible for executing DR.
    • Organizations seeking to formalize, optimize, or validate an existing DRP.
    • Business continuity management (BCM) professionals leading DRP development.

    This Research Will Help You:

    • Create a DRP that is aligned with business requirements.
    • Prioritize technology enhancements based on DR requirements and risk-impact analysis.
    • Identify and address process and technology gaps that impact DR capabilities and day-to-day service continuity.

    This Research Will Also Assist:

    • Executives who want to understand the time and resource commitment required for DRP.
    • Members of BCM and crisis management teams who need to understand the key elements of an IT DRP.

    This Research Will Help Them:

    • Scope the time and effort required to develop a DRP.
    • Align business continuity, DR, and crisis management plans.

    Executive summary

    Situation

    • Any time a natural disaster or major IT outage occurs, it increases executive awareness and internal pressure to create a DRP.
    • Industry standards and government regulations are driving external pressure to develop business continuity and IT DR plans.
    • Customers are asking suppliers and partners to provide evidence that they have a workable DRP before agreeing to do business.

    Complication

    • Traditional DRP templates are onerous and result in a lengthy, dense plan that might satisfy auditors, but will not be effective in a crisis.
    • The myth that a DRP is only for major disasters leaves organizations vulnerable to more common incidents.
    • The growing use of outsourced infrastructure services has increased reliance on vendors to meet recovery timeline objectives.

    Resolution

    • Create an effective DRP by following a structured process to discover current capabilities and define business requirements for continuity:
      • Define appropriate objectives for service downtime and data loss based on business impact.
      • Document an incident response plan that captures all of the steps from event detection to data center recovery.
      • Create a DR roadmap to close gaps between current DR capabilities and recovery objectives.

    Info-Tech Insight

    1. At its core, DR is about ensuring service continuity. Create a plan that can be leveraged for both isolated and catastrophic events.
    2. Remember Murphy’s Law. Failure happens. Focus on improving overall resiliency and recovery, rather than basing DR on risk probability analysis.
    3. Cost-effective DR and service continuity starts with identifying what is truly mission critical so you can focus resources accordingly. Not all services require fast failover.

    An effective DRP is critical to reducing the cost of downtime

    If you don’t have an effective DRP when failure occurs, expect to face extended downtime and exponentially rising costs due to confusion and lack of documented processes.

    Image displayed is a graph that shows that delay in recovery causes exponential revenue loss.

    Potential Lost Revenue

    The impact of downtime tends to increase exponentially as systems remain unavailable (graph at left). A current, tested DRP will significantly improve your ability to execute systems recovery, minimizing downtime and business impact. Without a DRP, IT is gambling on its ability to define and implement a recovery strategy during a time of crisis. At the very least, this means extended downtime – potentially weeks or months – and substantial business impact.

    Adapted from: Philip Jan Rothstein, 2007

    Cost of Downtime for the Fortune 1000

    Cost of unplanned apps downtime per year: $1.25B to $2.5B.

    Cost of critical apps failure per hour: $500,000 to $1M.

    Cost of infrastructure failure per hour: $100,000.

    35% reported to have recovered within 12 hours.

    17% of infrastructure failures took more than 24 hours to recover.

    13% of application failures took more than 24 hours to recover.

    Source: Stephen Elliot, 2015

    Info-Tech Insight

    The cost of downtime is rising across the board, and not just for organizations that traditionally depend on IT (e.g. e-commerce). Downtime cost increase since 2010:

    Hospitality: 129% increase

    Transportation: 108% increase

    Media organizations: 104% increase

    An effective DRP also sets clear recovery objectives that align with system criticality to optimize spend

    The image displays a disaster recovery plan example, where different tiers are in place to support recovery in relation to time.

    Take a practical approach that creates a more concise and actionable DRP

    DR planning is not your full-time job, so it can’t be a resource- and time-intensive process.

    The Traditional Approach Info-Tech’s Approach

    Start with extensive risk and probability analysis.

    Challenge: You can’t predict every event that can occur, and this delays work on your actual recovery procedures.

    Focus on how to recover regardless of the incident.

    We know failure will happen. Focus on improving your ability to failover to a DR environment so you are protected regardless of what causes primary site failure.

    Build a plan for major events such as natural disasters.

    Challenge: Major destructive events only account for 12% of incidents while software/hardware issues account for 45%. The vast majority of incidents are isolated local events.

    An effective DRP improves day-to-day service continuity, and is not just for major events.

    Leverage DR planning to address both common (e.g. power/network outage or hardware failure) as well as major events. It must be documentation you can use, not shelfware.

    Create a DRP manual that provides step-by-step instructions that anyone could follow.

    Challenge: The result is lengthy, dense manuals that are difficult to maintain and hard to use in a crisis. The usability of DR documents has a direct impact on DR success.

    Create concise documentation written for technical experts.

    Use flowcharts, checklists, and diagrams. They are more usable in a crisis and easier to maintain. You aren’t going to ask a business user to recover your SQL Server databases, so you can afford to be concise.

    DR must be integrated with day-to-day incident management to ensure service continuity

    When a tornado takes out your data center, it’s an obvious DR scenario and the escalation towards declaring a disaster is straightforward.

    The challenge is to be just as decisive in less-obvious (and more common) DR scenarios such as a critical system hardware/software failure, and knowing when to move from incident management to DR. Don’t get stuck troubleshooting for days when you could have failed over in hours.

    Bridge the gap with clearly-defined escalation rules and criteria for when to treat an incident as a disaster.

    Image displays two graphs. The graph on the left measures the extent that service management processes account for disasters by the success meeting RTO and RPO. The graph on the right is a double bar graph that shows DRP being integrated and not integrated in the following categories: Incident Classifications, Severity Definitions, Incident Models, Escalation Procedures. These are measured based on the success meeting RTO and RPO.

    Source: Info-Tech Research Group; N=92

    Myth busted: The DRP is separate from day-to-day ops and incident management.

    The most common threats to service continuity are hardware and software failures, network outages, and power outages

    The image displayed is a bar graph that shows the common threats to service continuity. There are two areas of interest that have labels. The first is: 45% of service interruptions that went beyond maximum downtime guidelines set by the business were caused by software and hardware issues. The second label is: Only 12% of incidents were caused by major destructive events.

    Source: Info-Tech Research Group; N=87

    Info-Tech Insight

    Does this mean I don’t need to worry about natural disasters? No. It means DR planning needs to focus on overall service continuity, not just major disasters. If you ignore the more common but less dramatic causes of service interruptions, you are diminishing the business value of a DRP.

    Myth busted: DRPs are just for destructive events – fires, floods, and natural disasters.

    DR isn’t about identifying risks; it’s about ensuring service continuity

    The traditional approach to DR starts with an in-depth exercise to identify risks to IT service continuity and the probability that those risks will occur.

    Here’s why starting with a risk register is ineffective:

    • Odds are, you won’t think of every incident that might occur. If you think of twenty risks, it’ll be the twenty-first that gets you. If you try to guard against that twenty-first risk, you can quickly get into cartoonish scenarios and much more costly solutions.
    • The ability to failover to another site mitigates the risk of most (if not all) incidents (fire, flood, hardware failure, tornado, etc.). A risk and probability analysis doesn’t change the need for a plan that includes a failover procedure.

    Where risk is incorporated in this methodology:

    • Use known risks to further refine your strategy (e.g. if you are prone to hurricanes, plan for greater geographic separation between sites; ensure you have backups, in addition to replication, to mitigate the risk of ransomware).
    • Identify risks to your ability to execute DR (e.g. lack of cross-training, backups that are not tested) and take steps to mitigate those risks.

    Myth busted: A risk register is the critical first step to creating an effective DR plan.

    You can’t outsource accountability and you can’t assume your vendor’s DR capabilities meet your needs

    Outsourcing infrastructure services – to a cloud provider, co-location provider, or managed service provider (MSP) – can improve your DR and service continuity capabilities. For example, a large public cloud provider will generally have:

    • Redundant telecoms service providers, network infrastructure, power feeds, and standby power.
    • Round-the-clock infrastructure and security monitoring.
    • Multiple data centers in a given region, and options to replicate data and services across regions.

    Still, failure is inevitable – it’s been demonstrated multiple times1 through high-profile outages. When you surrender direct control of the systems themselves, it’s your responsibility to ensure the vendor can meet your DR requirements, including:

    • A DR site and acceptable recovery times for systems at that site.
    • An acceptable replication/backup schedule.

    Sources: Kyle York, 2016; Shaun Nichols, 2017; Stephen Burke, 2017

    Myth busted: I outsource infrastructure services so I don’t have to worry about DR. That’s my vendor’s responsibility.

    Choose flowcharts over process guides, checklists over procedures, and diagrams over descriptions

    IT DR is not an airplane disaster movie. You aren’t going to ask a business user to execute a system recovery, just like you wouldn’t really want a passenger with no flying experience to land a plane.

    In reality, you write a DR plan for knowledgeable technical staff, which allows you to summarize key details your staff already know. Concise, visual documentation is:

    • Quicker to create.
    • Easier to use.
    • Simpler to maintain.

    "Without question, 300-page DRPs are not effective. I mean, auditors love them because of the detail, but give me a 10-page DRP with contact lists, process flows, diagrams, and recovery checklists that are easy to follow."

    – Bernard Jones, MBCI, CBCP, CORP, Manager Disaster Recovery/BCP, ActiveHealth Management

    A graph is displayed. It shows a line graph where the DR success is higher by using flowcharts, checklists, and diagrams.

    Source: Info-Tech Research Group; N=95

    *DR Success is based on stated ability to meet recovery time objectives (RTOs) and recovery point objectives (RPOs), and reported confidence in ability to consistently meet targets.

    Myth busted: A DRP must include every detail so anyone can execute recovery.

    A DRP is part of an overall business continuity plan

    A DRP is the set of procedures and supporting documentation that enables an organization to restore its core IT services (i.e. applications and infrastructure) as part of an overall business continuity plan (BCP), as described below. Use the templates, tools, and activities in this blueprint to create your DRP.

    Overall BCP
    IT DRP BCP for Each Business Unit Crisis Management Plan
    A plan to restore IT services (e.g. applications and infrastructure) following a disruption. This includes:
    • Identifying critical applications and dependencies.
    • Defining an appropriate (desired) recovery timeline based on a business impact analysis (BIA).
    • Creating a step-by-step incident response plan.
    A set of plans to resume business processes for each business unit. Info-Tech’s Develop a Business Continuity Plan blueprint provides a methodology for creating business unit BCPs as part of an overall BCP for the organization. A set of processes to manage a wide range of crises, from health and safety incidents to business disruptions to reputational damage. This includes emergency response plans, crisis communication plans, and the steps to invoke BC/DR plans when applicable. Info-Tech’s Implement Crisis Management Best Practices blueprint provides a structured approach to develop a crisis management process.

    Note: For DRP, we focus on business-facing IT services (as opposed to the underlying infrastructure), and then identify required infrastructure as dependencies (e.g. servers, databases, network).

    Take a practical but structured approach to creating a concise and effective DRP

    Image displayed shows the structure of this blueprint. It shows the structure of phases 1-4 and the related tools and templates for each phase.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Info-Tech advisory services deliver measurable value

    Info-Tech members save an average of $22,983 and 22 days by working with an Info-Tech analyst on DRP (based on client response data from Info-Tech Research Group’s Measured Value Survey, following analyst advisory on this blueprint).

    Why do members report value from analyst engagement?

    1. Expert advice on your specific situation to overcome obstacles and speed bumps.
    2. Structured project and guidance to stay on track.
    3. Project deliverables review to ensure the process is applied properly.

    Guided implementation overview

    Your trusted advisor is just a call away.

    Define DRP scope (Call 1)

    Scope requirements, objectives, and your specific challenges. Identify applications/ systems to focus on first.

    Define current status and system dependencies (Calls 2-3)

    Assess current DRP maturity. Identify system dependencies.

    Conduct a BIA (Calls 4-6)

    Create an impact scoring scale and conduct a BIA. Identify RTO and RPO for each system.

    Recovery workflow (Calls 7-8)

    Create a recovery workflow based on tabletop planning. Identify gaps in recovery capabilities.

    Projects and action items (Calls 9-10)

    Identify and prioritize improvements. Summarize results and plan next steps.

    Your guided implementations will pair you with an advisor from our analyst team for the duration of your DRP project.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Image displays the workshop overview for this blueprint. It is a workshop that runs for 4 days and covers various activities and produces many deliverables.

    End-user complaints distract from serious IT-based risks to business continuity

    Case Study

    Industry: Manufacturing
    Source: Info-Tech Research Group Client Engagement

    A global manufacturer with annual sales over $1B worked with Info-Tech to improve DR capabilities.

    DRP BIA

    Conversations with the IT team and business units identified the following impact of downtime over 24 hours:

    • Email: Direct Cost: $100k; Goodwill Impact Score: 8.5/16
    • ERP: Direct Cost: $1.35mm; Goodwill Impact Score: 12.5/16

    Tabletop Testing and Recovery Capabilities

    Reviewing the organization’s current systems recovery workflow identified the following capabilities:

    • Email: RTO: minutes, RPO: minutes
    • ERP: RTO: 14 hours, RPO: 24 hours

    Findings

    Because of end-user complaints, IT had invested heavily in email resiliency though email downtime had a relatively minimal impact on the business. After working through the methodology, it was clear that the business needed to provide additional support for critical systems.

    Insights at each step:

    Identify DR Maturity and System Dependencies

    Conduct a BIA

    Outline Incident Response and Recovery Workflow With Tabletop Exercises

    Mitigate Gaps and Risks

    Create a Right-Sized Disaster Recovery Plan

    Phase 1

    Define DRP Scope, Current Status, and Dependencies

    Step 1.1: Set Scope, Kick-Off the DRP Project, and Create a Charter

    This step will walk you through the following activities:

    • Establish a team for DR planning.
    • Retrieve and review existing, relevant documentation.
    • Create a project charter.

    This step involves the following participants:

    • DRP Coordinator
    • DRP Team (Key IT SMEs)
    • IT Managers

    Results and Insights

    • Set scope for the first iteration of the DRP methodology.
    • Don’t try to complete your DR and BCPs all at once.
    • Don’t bite off too much at once.

    Kick-off your DRP project

    You’re ready to start your DR project.

    This could be an annual review – but more likely, this is the first time you’ve reviewed the DR plan in years.* Maybe a failed audit might have provided a mandate for DR planning, or a real disaster might have highlighted gaps in DR capabilities. First, set appropriate expectations for what the project is and isn’t, in terms of scope, outputs, and resource commitments. Very few organizations can afford to hire a full-time DR planner, so it’s likely this won’t be your full-time job. Set objectives and timelines accordingly.

    Gather a team

    • Often, DR efforts are led by the infrastructure and operations leader. This person can act as the DRP coordinator or may delegate this role.
    • Key infrastructure subject-matter experts (SMEs) are usually part of the team and involved through the project.

    Find and review existing documentation

    • An existing DRP may have information you can re-purpose rather than re-create.
    • High-level architecture diagrams and network diagrams can help set scope (and will become part of your DR kit).
    • Current business-centric continuity of operations plans (COOPs) or BCPs are important to understand.

    Set specific, realistic objectives

    • Create a project charter (see next slide) to record objectives, timelines, and assumptions.
    *Only 20% of respondents to an Info-Tech Research Group survey (N=165) had a complete DRP; only 38% of respondents with a complete or mostly complete DRP felt it would be effective in a crisis.

    List DRP drivers and challenges

    1(a) Drivers and roadblocks

    Estimated Time: 30 minutes

    Identify the drivers and challenges to completing a functional DRP plan with the core DR team.

    DRP Drivers

    • Past outages (be specific):
      • Hardware and software failures
      • External network and power outages
      • Building damage
      • Natural disaster(s)
    • Audit findings
    • Events in the news
    • Other?

    DRP Challenges

    • Lack of time
    • Insufficient DR budget
    • Lack of executive support
    • No internal DRP expertise
    • Challenges making the case for DRP
    • Other?

    Write down insights from the meeting on flip-chart paper or a whiteboard and use the findings to inform your DRP project (e.g. challenges to address).

    Clarify expectations with a project charter

    1(b) DRP Project Charter Template

    DRP Project Charter Template components:

    Define project parameters, roles, and objectives, and clarify expectations with the executive team. Specific subsections are listed below and described in more detail in the remainder of this phase.

    • Project Overview: Includes objectives, deliverables, and scope. Leverage relevant notes from the “Project Drivers” brainstorming exercise (e.g. past outages and near misses which help make the case).
    • Governance and Management: Includes roles, responsibilities, and resource requirements.
    • Project Risks, Assumptions, and Constraints: Includes risks and mitigation strategies, as well as any assumptions and constraints.
    • Project Sign-Off: Includes IT and executive sign-off (if required).

    Note: Identify the initial team roles and responsibilities first so they can assist in defining the project charter.

    The image is a screenshot of the first page of the DRP Project Charter Template.

    Step 1.2: Assess Current State DRP Maturity

    This step will walk you through the following activities:

    • Complete Info-Tech’s DRP Maturity Scorecard.

    This step involves the following participants:

    • DRP Coordinator
    • IT SMEs

    Results and Insights

    • Identify the current state of the organization’s DRP and continuity management. Set a baseline for improvement.
    • Discover where improvement is most needed to create an effective plan.

    Only 38% of IT departments believe their DRPs would be effective in a real crisis

    Even organizations with documented DRPs struggle to make them actionable.

    • Even when a DRP does become a priority (e.g. due to regulatory or customer drivers), the challenge is knowing where to start and having a methodical step-by-step process for doing the work. With no guide to plan and resource the project, it becomes work that you complete piecemeal when you aren’t working on other projects, or at night after the kids go to bed.
    • Far too many organizations create a document to satisfy auditors rather than creating a usable plan. People in this group often just want a fill-in-the-blanks template. What they will typically find is a template for the traditional 300-page manual that goes in a binder that sits on a shelf, is difficult to maintain, and is not effective in a crisis.
    Two bar graphs are displayed. The graph on the left shows that only 20% of survey respondents indicate they have a complete DRP. The graph on the right shows that 38% of those who have a mostly completed or full DRP actually feel it would be effective in a crisis.

    Use the DRP Maturity Scorecard to assess the current state of your DRP and identify areas to improve

    1(c) DRP Maturity Scorecard

    Info-Tech’s DRP Maturity Scorecard evaluates completion status and process maturity for a comprehensive yet practical assessment across three aspects of an effective DRP program – Defining Requirements, Implementation, and Maintenance.

    Image has three boxes. One is labelled Completion status, another below it is labelled Process Maturity. There is an addition sign in between them. With an arrow leading from both boxes is another box that is labelled DRP Maturity Assessment

    Completion Status: Reflects the progress made with each component of your DRP Program.

    Process Maturity: Reflects the consistency and quality of the steps executed to achieve your completion status.

    DRP Maturity Assessment: Each component (e.g. BIA) of your DRP Program is evaluated based on completion status and process maturity to provide an accurate holistic assessment. For example, if your BIA completion status is 4 out of 5, but process maturity is a 2, then requirements were not derived from a consistent defined process. The risk is inconsistent application prioritization and misalignment with actual business requirements.

    Step 1.3: Identify Applications, Systems, and Dependencies

    This step will walk you through the following activities:

    • Identify systems, applications, and services, and the business units that use them.
    • Document applications, systems, and their dependencies in the DRP Business Impact Analysis Tool.

    This step involves the following participants:

    • DRP Coordinator
    • DRP Team

    Results and Insights

    • Identify core services and the applications that depend on them.
    • Add applications and dependencies to the DRP Business Impact Analysis Tool.

    Select 5-10 services to get started on the DRP methodology

    1(d) High-level prioritization

    Estimated Time: 30 minutes

    Working through the planning process the first time can be challenging. If losing momentum is a concern, limit the BIA to a few critical systems to start.

    Run this exercise if you need a structured exercise to decide where to focus first and identify the business users you should ask for input on the impact of system downtime.

    1. On a whiteboard or flip-chart paper, list business units in a column on the left. List key applications/systems in a row at the top. Draw a grid.
    2. At a high level, review how applications are used by each unit. Take notes to keep track of any assumptions you make.
      • Add a ✓ if members of the unit use the application or system.
      • Add an ✱ if members of the unit are heavy users of the application or system and/or use it for time sensitive tasks.
      • Leave the box blank if the app isn’t used by this unit.
    3. Use the chart to prioritize systems to include in the BIA (e.g. systems marked with an *) but also include a few less-critical systems to illustrate DRP requirements for a range of systems.

    Image is an example of what one could complete from step 1(d). There is a table shown. In the column on the left lists sales, marketing, R&D, and Finance. In the top row, there is listed: dialer, ERP. CRM, Internet, analytics, intranet

    Application Notes
    CRM
    • Supports time-critical sales and billing processes.
    Dialer
    • Used for driving the sales-call queue, integration with CRM.

    Draw a high-level sketch of your environment

    1(e) Sketch your environment

    Estimated Time: 1-2 hours

    A high-level topology or architectural diagram is an effective way to identify dependencies, application ownership, outsourced services, hardware redundancies, and more.

    Note:

    • Network diagrams or high-level architecture diagrams help to identify dependencies and redundancies. Even a rough sketch is a useful reference tool for participants, and will be valuable documentation in the final DR plan.
    • Keep the drawings tidy. Visualize the final diagram before you start to draw on the whiteboard to help with spacing and placement.
    • Collaborate with relevant SMEs to identify dependencies. Keep the drawing high-level.
    • Illustrate connections between applications or components with lines. Use color coding to illustrate where applications are hosted (e.g. in-house, at a co-lo, in a cloud or MSP environment).
    Example of a high-level topology or architectural diagram

    Document systems and dependencies

    Collaborate with system SMEs to identify dependencies for each application or system. Document the dependencies in the DRP Business Impact Analysis Tool (see image below)

    • When listing applications, focus on business-facing systems or services that business users will recognize and use terminology they’ll understand.
    • Group infrastructure components that support all other services as a single core infrastructure service to simplify dependency mapping (e.g. core router, virtual hosts, ID management, and DNS).
    • In general, each data center will have its own core infrastructure components. List each data center separately – especially if different services are hosted at each data center.
    • Be specific when documenting dependencies. Use existing asset tracking tables, discovery tools, asset management records, or configuration management tools to identify specific server names.
    • Core infrastructure dependencies, such as the network infrastructure, power supply, and centralized storage, will be a common set of dependencies for most applications, so group these into a separate category called “Core Infrastructure” to minimize repetition in your DR planning.
    • Document production components in the BIA tool. Capture in-production, redundant components performing the same work on a single dependency line. List standby systems in the notes.

    Info-Tech Best Practice

    In general, visual documentation is easier to use in a crisis and easier to maintain over time. Use Info-Tech’s research to help build your own visual SOPs.

    Document systems and dependencies

    1(f) DRP Business Impact Analysis Tool – Record systems and dependencies

    A screenshot of Info-Tech's DRP Business Impact Analysis Tool.

    Stories from the field: Info-Tech clients find value in Phase 1 in the following ways

    An organization uncovers a key dependency that needed to be treated as a Tier 1 system

    Reviewing the entire ecosystem for applications identified key dependencies that were previously considered non-critical. For example, a system used to facilitate secure data transfers was identified as a key dependency for payroll and other critical business processes, and elevated to Tier 1.

    A picture’s worth a thousand words (and 1600 servers)

    Drawing a simple architectural diagram was an invaluable tool to identify key dependencies and critical systems, and to understand how systems and dependencies were interconnected. The drawing was an aha moment for IT and business stakeholders trying to make sense of their 1600-server environment.

    Make the case for DRP

    A member of the S&P 500 used Info-Tech’s DRP Maturity Scorecard to provide a reliable objective assessment and make the case for improvements to the board of directors.

    State government agency initiates a DRP project to complement an existing COOP

    Info-Tech's DRP Project Charter enabled the CIO to clarify their DRP project scope and where it fit into their overall COOP. The project charter example provided much of the standard copy – objectives, scope, project roles, methodology, etc. – required to outline the project.

    Phase 1: Insights and accomplishments

    Image has two screenshots from Info-Tech's Phase 1 tools and templates.

    Created a charter and identified current maturity

    Image has two screenshots. One is from Info-Tech's DRP Business Impact Analysis Tool and the other is from the example in step 1(d).

    Identified systems and dependencies for the BIA

    Summary of Accomplishments:

    • Created a DRP project charter.
    • Completed the DRP Maturity Scorecard and identified current DRP maturity.
    • Prioritized applications/systems for a first pass through DR planning.
    • Identified dependencies for each application and system.

    Up Next: Conduct a BIA to establish recovery requirements

    Create a Right-Sized Disaster Recovery Plan

    Phase 2

    Conduct a BIA to Determine Acceptable RTOs and RPOs

    Step 2.1: Define an Objective Impact Scoring Scale

    This step will walk you through the following activities:

    • Create a scoring scale to measure the business impact of application and system downtime.

    This step involves the following participants:

    • DRP Coordinator
    • DRP Team

    Results and Insights

    • Use a scoring scale tied to multiple categories of real business impact to develop a more objective assessment of application and system criticality.

    Align capabilities to appropriate and acceptable RTOs and RPOs with a BIA

    Too many organizations avoid a BIA because they perceive it as onerous or unneeded. A well-managed BIA is straightforward and the benefits are tangible.

    A BIA enables you to identify appropriate spend levels, maintain executive support, and prioritize DR planning for a more successful outcome. Info-Tech has found that a BIA has a measurable impact on the organization’s ability to set appropriate objectives and investment goals.

    Two bar graphs are depicted. The one on the left shows 93% BIA impact on appropriate RTOs. The graph on the right shows that with BIA, there is 86% on BIA impact on appropriate spending.

    Info-Tech Insight

    Business input is important, but don’t let a lack of it delay a draft BIA. Complete a draft based on your knowledge of the business. Create a draft within IT, and use it to get input from business leaders. It’s easier to edit estimates than to start from scratch; even weak estimates are far better than a blank sheet.

    Pick impact categories that are relevant to your business to develop a holistic view of business impact

    Direct Cost Impact Categories

    • Revenue: permanently lost revenue.
      • Example: one third of daily sales are lost due to a website failure.
    • Productivity: lost productivity.
      • Example: finance staff can’t work without the accounting system.
    • Operating costs: additional operating costs.
      • Example: temporary staff are needed to re-key data.
    • Financial penalties: fines/penalties that could be incurred due to downtime.
      • Example: failure to meet contractual service-level agreements (SLAs) for uptime results in financial penalties.

    Goodwill, Compliance, and Health and Safety Categories

    • Stakeholder goodwill: lost customer, staff, or business partner goodwill due to harm, frustration, etc.
      • Example: customers can’t access needed services because the website is down.
      • Example: a payroll system outage delays paychecks for all staff.
      • Example: suppliers are paid late because the purchasing system is down.
    • Compliance, health, and safety:
      • Example: financial system downtime results in a missed tax filing.
      • Example: network downtime disconnects security cameras.

    Info-Tech Insight

    You don’t have to include every impact category in your BIA. Include categories that could affect your business. Defer or exclude other categories. For example, the bulk of revenue for governmental organizations comes from taxes, which won’t be permanently lost if IT systems fail.

    Modify scoring criteria to help you measure the impact of downtime

    The scoring scales define different types of business impact (e.g. costs, lost goodwill) using a common four-point scale and 24-hour timeframe to simplify BIA exercises and documentation.

    Use the suggestions below as a guide as you modify scoring criteria in the DRP Business Impact Analysis Tool:

    • All the direct cost categories (revenue, productivity, operating costs, financial penalties) require the user to define only a maximum value; the tool will populate the rest of the criteria for that category. Use the suggestions below to find the maximum scores for each of the direct cost categories:
      • Revenue: Divide total revenue for the previous year by 365 to estimate daily revenue. Assume this is the most revenue you could lose in a day, and use this number as the top score.
      • Loss of Productivity: Divide fully-loaded labor costs for the organization by 365 to estimate daily productivity costs. Use this as a proxy measure for the work lost if all business stopped for one day.
      • Increased Operating Costs: Isolate this to known additional costs that result from a disruption (e.g. costs for overtime or temporary staff). Estimate the maximum cost for the organization.
      • Financial Penalties: Isolate this to known financial penalties (e.g. due to failure to meet SLAs or compliance requirements). Use the estimated maximum penalty as the highest value on the scale.
    • Impact on Goodwill: Use an estimate of the percentage of all stakeholders impacted to assess goodwill impact.
    • Impact on Compliance; Impact on Health and Safety: The BIA tool contains default scoring criteria that account for the severity of the impact, the likelihood of occurrence, and in the case of compliance, whether a grace period is available. Use this scale as-is, or adapt this scale to suit your needs.

    Modify the default scoring scale in the DRP Business Impact Analysis Tool to reflect your organization

    2(a) DRP Business Impact Analysis Tool – Scoring criteria


    A screenshot of Info-Tech's DRP Business Impact Analysis Tool's scoring criteria

    Step 2.2: Estimate the Impact of Downtime

    This step will walk you through the following activities:

    • Identify the business impact of service/system/application downtime.

    This step involves the following participants:

    • DRP Coordinator
    • DRP Team
    • IT Service SMEs
    • Business-Side Technology Owners (optional)

    Results and Insights

    • Apply the scoring scale to develop a more objective assessment of the business impact of downtime.
    • Create criticality tiers based on the business impact of downtime.

    Estimate the impact of downtime for each system and application

    2(b) Estimate the impact of systems downtime

    Estimated Time: 3 hours

    On tab 3 of the DRP Business Impact Analysis Tool indicate the costs of downtime, as described below:

    1. Have a copy of the “Scoring Criteria” tab available to use as a reference (e.g. printed or on a second display). In tab 3 use the drop-down menu to assign a score of 0 to 4 based on levels of impact defined in the “Scoring Criteria” tab.
    2. Work horizontally across all categories for a single system or application. This will familiarize you with your scoring scales for all impact categories, and allow you to modify the scoring scales if needed before you proceed much further.
    3. For example, if a core call center phone system was down:

    • Loss of Revenue would be the portion of sales revenue generated through the call center. This might score a 1 or 2 depending on the percent of sales that are processed by the call center.
    • The Impact on Customers might be a 2 or 3 depending on the extent that some customers might be using the call center to receive support or purchase new products or services.
    • The Legal/Regulatory Compliance and Health or Safety Risk might be a 0, as the call center has no impact in either area.
  • Next, work vertically across all applications or systems within a single impact category. This will allow you to compare scores within the category as you create them to ensure internal consistency.
  • Add impact scores to the DRP Business Impact Analysis Tool

    2(c) DRP Business Impact Analysis Tool

    Screenshot of Info-Tech's DRP Business Impact Analysis Tool

    Record business reasons and assumptions that drive BIA scores

    2(d) DRP BIA Scoring Context Example

    Info-Tech suggests that IT leadership and staff identify the impact of downtime first to create a version that you can then validate with relevant business owners. As you work through the BIA as a team, have a notetaker record assumptions you make to help you explain the results and drive business engagement and feedback.

    Some common assumptions:

    • You can’t schedule a disaster, so Info-Tech suggests you assume the worst possible timing for downtime. Base the impact of downtime on the worst day for a disaster (e.g. year-end close, payroll run).
    • Record assumptions made about who and what are impacted by system downtime.
    • Record assumptions made about impact severity.
    • If you deviate from the scoring scale, or if a particular impact doesn’t fit well into the defined scoring scale, document the exception.

    Screenshot of Info-Tech's DRP BIA Scoring Context Example

    Use Info-Tech’s DRP BIA Scoring Context Example as a note-taking template.

    Info-Tech Insight

    You can’t build a perfect scoring scale. It’s fine to make reasonable assumptions based on your judgment and knowledge of the business. Just write down your assumptions. If you don’t write them down, you’ll forget how you arrived at that conclusion.

    Assign a criticality rating based on total direct and indirect costs of downtime

    2(e) DRP Business Impact Analysis Tool – Assign criticality tiers

    Once you’ve finished estimating the impact of downtime, use the following rough guideline to create an initial sort of applications into Tiers 1, 2, and 3.

    1. In general, sort applications based on the Total Impact on Goodwill, Compliance, and Safety first.
      • An effective tactic for a quick sort: assign a Tier 1 rating where scores are 50% or more of the highest total score, Tier 2 where scores are between 25% and 50%, and Tier 3 where scores are below 25%. Some organizations will also include a Tier 0 for the highest-scoring systems.
      • Then review and validate these scores and assignments.
    2. Next, consider the Total Cost of Downtime.
      • The Total Cost is calculated by the tool based on the Scoring Criteria in tab 2 and the impact scores on tab 3.
      • Decide if the total cost impact justifies increasing the criticality rating (e.g. from Tier 2 to Tier 1 due to high cost impact).
    3. Review the assigned impact scores and tiers to check that they’re in alignment. If you need to make an exception, document why. Keep exceptions to a minimum.

    Example: Highest total score is 12

    Screenshot of Info-Tech's DRP Business Impact Analysis Tool

    Step 2.3: Determine Acceptable RTO/RPO Targets

    This step will walk you through the following activities:

    • Review the “Debate Space” approach to setting RTO and RPO (recovery targets).
    • Set preliminary RTOs and RPOs by criticality tier.

    This step involves the following participants:

    • DRP Coordinator
    • DRP Team

    Results and Insights

    • Align recovery targets with the business impact of downtime and data loss.

    Use the “Debate Space” approach to align RTOs and RPOs with the impact of downtime

    The business must validate acceptable and appropriate RTOs and RPOs, but IT can use the guidelines below to set an initial estimate.

    Right-size recovery.

    A shorter RTO typically requires higher investment. If a short period of downtime has minimal impact, setting a low RTO may not be justifiable. As downtime continues, impact begins to increase exponentially to a point where downtime is intolerable – an acceptable RTO must be shorter than this. Apply the same thinking to RPOs – how much data loss is unnoticeable? How much is intolerable?

    A diagram to show the debate space in relation to RTOs and RPOs

    The “Debate Space” is between minimal impact and maximum tolerance for downtime.

    Estimate appropriate, acceptable RTOs and RPOs for each tier

    2(f) Set recovery targets

    Estimated Time: 30 minutes

    RTO and RPO tiers simplify management by setting similar recovery goals for systems and applications with similar criticality.

    Use the “Debate Space” approach to set appropriate and acceptable targets.

    1. For RTO, establish a recovery time range that is appropriate based on impact.
      • Overall, the RTO tiers might be 0-4 hours for gold, 4-24 hours for silver, and 24-48 hours for bronze.
    2. RPOs reflect target data protection measures.
      • Identify the lowest RPO within a tier and make that the standard.
      • For example, RPO for gold data might be five minutes, silver might be four hours, and bronze might be one day.
      • Use this as a guideline. RPO doesn’t always align perfectly with RTO tiers.
    3. Review RTOs and RPOs and make sure they accurately reflect criticality.

    Info-Tech Insight

    In general, the more critical the system, the shorter the RPO. But that’s not always the case. For example, a service bus might be Tier 1, but if it doesn’t store any data, RPO might be longer than other Tier 1 systems. Some systems may have a different RPO than most other systems in that tier. As long as the targets are acceptable to the business and appropriate given the impact, that’s okay.

    Add recovery targets to the DRP Business Impact Analysis Tool

    2(g) DRP Business Impact Analysis Tool – Document recovery objectives

    A screenshot of Info-Tech's DRP Business Impact Analysis Tool – Document recovery objectives

    Stories from the field: Info-Tech clients find value in Phase 2 in the following ways

    Most organizations discover something new about key applications, or the way stakeholders use them, when they work through the BIA and review the results with stakeholders. For example:

    Why complete a BIA? There could be a million reasons

    • A global manufacturer completed the DRP BIA exercise. When email went down, Service Desk phones lit up until it was resolved. That grief led to a high availability implementation for email. However, the BIA illustrated that ERP downtime was far more impactful.
    • ERP downtime would stop production lines, delay customer orders, and ultimately cost the business a million dollars a day.
    • The BIA results clearly showed that the ERP needed to be prioritized higher, and required business support for investment.

    Move from airing grievances to making informed decisions

    The DRP Business Impact Analysis Tool helped structure stakeholder consultations on DR requirements for a large university IT department. Past consultations had become an airing of grievances. Using objective impact scores helped stakeholders stay focused and make informed decisions around appropriate RTOs and RPOs.

    Phase 2: Insights and accomplishments

    Screenshots of the tools and templates from this phase.

    Estimated the business impact of downtime

    Screenshot of a tools from this phase

    Set recovery targets

    Summary of Accomplishments

    • Created a scoring scale tied to different categories of business impact.
    • Applied the scoring scale to estimate the business impact of system downtime.
    • Identified appropriate, acceptable RTOs and RPOs.

    Up Next:Conduct a tabletop planning exercise to establish current recovery capabilities

    Create a Right-Sized Disaster Recovery Plan

    Phase 3

    Identify and Address Gaps in the Recovery Workflow

    Step 3.1: Determine Current Recovery Workflow

    This step will walk you through the following activities:

    • Run a tabletop exercise.
    • Outline the steps for the initial response (notification, assessment, disaster declaration) and systems recovery (i.e. document your recovery workflow).
    • Identify any gaps and risks in your initial response and systems recovery.

    This step involves the following participants:

    • DRP Coordinator
    • IT Infrastructure SMEs (for systems in scope)
    • Application SMEs (for systems in scope)

    Results and Insights

    • Use a repeatable practical exercise to outline and document the steps you would use to recover systems in the event of a disaster, as well as identify gaps and risks to address.
    • This is also a knowledge-sharing opportunity for your team, and a practical means to get their insights, suggestions, and recovery knowledge down on paper.

    Tabletop planning: an effective way to test and document your recovery workflow

    In a tabletop planning exercise, the DRP team walks through a disaster scenario to map out what should happen at each stage, and effectively defines a high-level incident response plan (i.e. recovery workflow).

    Tabletop planning had the greatest impact on meeting recovery objectives (RTOs/RPOs) among survey respondents.

    A bar graph is displayed that shows that tabletop planning has the greatest impact on meeting recovery objectives (RTOs/RPOs) among survey respondents.

    *Note: Relative importance indicates the contribution an individual testing methodology, conducted at least annually, had on predicting success meeting recovery objectives, when controlling for all other types of tests in a regression model. The relative-importance values have been standardized to sum to 100%.

    Success was based on the following items:

    • RTOs are consistently met.
    • IT has confidence in the ongoing ability to meet RTOs.
    • RPOs are consistently met.
    • IT has confidence in the ongoing ability to meet RPOs.

    Why is tabletop planning so effective?

    • It enables you to play out a wider range of scenarios than technology-based testing (e.g. full-scale, parallel) due to cost and complexity factors.
    • It is non-intrusive, so it can be executed more frequently than other testing methodologies.
    • It easily translates into the backbone of your recovery documentation, as it allows you to review all aspects of your recovery plan.

    Focus first on IT DR

    Your DRP is IT contingency planning. It is not crisis management or BCP.

    The goal is to define a plan to restore applications and systems following a disruption. For your first tabletop exercise, Info-Tech recommends you use a non-life-threatening scenario that requires at least a temporary relocation of your data center (i.e. failing over to a DR site/environment). Assume a gas leak or burst water pipe renders the data center inaccessible. Power is shut off and IT must failover systems to another location. Once you create the master procedure, review the plan to ensure it addresses other scenarios.

    Info-Tech Insight

    When systems fail, you are faced with two high-level options: failover or recover in place. If you document the plan to failover systems to another location, you’ll have documented the core of your DR procedures. This differs from traditional scenario planning where you define separate plans for different what-if scenarios. The goal is one plan that can be adapted to different scenarios, which reduces the effort to build and maintain your DRP.

    Conduct a tabletop planning exercise to outline DR procedures in your current environment

    3(a) Tabletop planning

    Estimated Time: 2-3 hours

    For each high-level recovery step, do the following:

    1. On white cue cards:
      • Record the step.
      • Indicate the task owner (if required for clarity).
      • Note time required to complete the step. After the exercise, use this to build a running recovery time where 00:00 is when the incident occurred.
    2. On yellow cue cards, document gaps in people, process, and technology requirements to complete the step.
    3. On red cue cards, indicate risks (e.g. no backup person for a key staff member).
    An example is shown on what can be done during step 3(a). Three cue cards are showing in white, yellow, and red.

    Do:

    • Review the complete workflow from notification all the way to user acceptance testing.
    • Keep focused; stay on task and on time.
    • Revisit each step and record gaps and risks (and known solutions, but don’t dwell on this).
    • Revise and improve the plan with task owners.

    Don't:

    • Get weighed down by tools.
    • Document the details right away – stick to the high-level plan for the first exercise.
    • Try to find solutions to every gap/risk as you go. Save in-depth research/discussion for later.

    Flowchart the current-state incident response plan (i.e. document the recovery workflow)

    3(b) DRP Recovery Workflow Template and Case Study: Practical, Right-Sized DRP

    Why use flowcharts?

    • Flowcharts provide an at-a-glance view, ideal for disaster scenarios where pressure is high and quick upward communication is necessary.
    • For experienced staff, a high-level reminder of key steps is sufficient.

    Use the completed tabletop planning exercise results to build this workflow.

    "We use flowcharts for our declaration procedures. Flowcharts are more effective when you have to explain status and next steps to upper management." – Assistant Director, IT Operations, Healthcare Industry

    Source: Info-Tech Research Group Interview

    Screenshot of Info-Tech's DRP Recovery Workflow Template

    For a formatted template you can use to capture your plan, see Info-Tech’s DRP Recovery Workflow Template.

    For a completed example of tabletop planning results, review Info-Tech’s Case Study: Practical, Right-Sized DRP.

    Identify RPA

    What’s my RPA? Consider the following case:

    • Once a week, a full backup is taken of the complete ERP system and is transferred over the WAN to a secondary site 250 miles away, where it is stored on disk.
    • Overnight, an incremental backup is taken of the day’s changes, and is transferred to the same secondary site, and also stored on disk.
    • During office hours, the SAN takes a snapshot of changes which are kept on local storage (information on the accounting system usually only changes during office hours).
    • So what’s the RPA? One hour (snapshots), one day (incrementals), or one week (full backups)?

    When identifying RPA, remember the following:

    You are planning for a disaster scenario, where on-site systems may be inaccessible and any copies of data taken during the disaster may fail, be corrupt, or never make it out of the data center (e.g. if the network fails before the backup file ships). In the scenario above, it seems likely that off-site incremental backups could be restored, leading to a 24-hour RPA. However, if there were serious concerns about the reliability of the daily incrementals, the RPA could arguably be based on the weekly full backups.

    Info-Tech Best Practice

    The RPA is a commitment to the maximum data you would lose in a DR scenario with current capabilities (people, process, and technology). Pick a number you can likely achieve. List any situations where you couldn’t meet this RPA, and identify those for a risk tolerance discussion. In the example above, complete loss of the primary SAN would also mean losing the snapshots, so the last good copy of the data could be up to 24-hours old.

    Add recovery actuals (RTA/RPA) to your copy of the BIA

    3(c) DRP Business Impact Analysis Tool– Recovery actuals

    On the “Impact Analysis” tab in the DRP Business Impact Analysis Tool, enter the estimated maximum downtime and data loss in the RTA and RPA columns.

    1. Estimate the RTA based on the required time for complete recovery. Review your recovery workflow to identify this timeline. For example, if the notification, assessment, and declaration process takes two hours, and systems recovery requires most of a day, the estimated RTA could be 24 hours.
    2. Estimate the RPA based on the longest interval between copies of the data being shipped offsite. For example, if data on a particular system is backed up offsite once per day, and the onsite system was destroyed just before that backup began, the entire day’s data could be lost and estimated RPA could be 24 hours. Note: Enter 9999 to indicate that data is unrecoverable.

    A screenshot of Info-Tech's DRP Business Impact Analysis Tool – Recovery actuals

    Info-Tech Best Practice

    It’s okay to round numbers to the nearest shift, day, or week for simplicity (e.g. 24 hours rather than 22.5 hours, or 8 hours rather than 7.25 hours).

    Test the recovery workflow against additional scenarios

    3(d) Workflow review

    Estimated Time: 1 hour

    Review your recovery workflow with a different scenario in mind.

    • Work from and update the soft copy of your recovery workflow.
    • Would any steps be different if the scenario changes? If yes, capture the different flow with a decision diamond. Identify any new gaps or risks you encounter with red and yellow cards. Use as few decision diamonds as possible.

    Screenshot of testing the workflow against the additional scenarios

    Info-Tech Best Practice

    As you start to consider scenarios where injuries or loss of life are a possibility, remember that health and safety risks are the top priority in a crisis. If there’s a fire in the data center, evacuating the building is the first priority, even if that means foregoing a graceful shut down. For more details on emergency response and crisis management, see Implement Crisis Management Best Practices.

    Consider additional IT disaster scenarios

    3(e) Thought experiment – Review additional scenarios

    Walk through your recovery workflow in the context of additional, different scenarios to ensure there are no gaps. Collaborate with your DR team to identify changes that might be required, and incorporate these changes in the plan.

    Scenario Type Considerations
    Isolated hardware/software failure
    • Failover to the DR site may not be necessary (or only for affected systems).
    Power outage or network outage
    • Do you have standby power? Do you have network redundancy?
    Local hazard (e.g. chemical leak, police incident)
    • Systems might be accessible remotely, but hands-on maintenance will be required eventually.
    • An alternate site is required for service continuity.
    Equipment/building damage (e.g. fire, roof collapse)
    • Staff injuries or loss of life are a possibility.
    • Equipment may need repair or replacement (vendor involvement).
    • An alternate site is required for service continuity.
    Regional natural disasters
    • Staff injuries or loss of life are a possibility.
    • Utilities may be affected (power, running water, etc.).
    • Expect staff to take care of their families first before work.
    • A geographically distant alternate site may be required for service continuity.

    Step 3.2: Identify and Prioritize Projects to Close Gaps

    This step will walk you through the following activities:

    • Analyze the gaps that were identified from the maturity scorecard, tabletop planning exercise, and the RTO/RPO gaps analysis.
    • Brainstorm solutions to close gaps and mitigate risks.
    • Determine a course of action to close these gaps. Prioritize each project. Create a project implementation timeline.

    This step involves the following participants:

    • DRP Coordinator
    • IT Infrastructure SMEs

    Results and Insights

    • Prioritized list of projects and action items that can improve DR capabilities.
    • Often low-cost, low-effort quick wins are identified to mitigate at least some gaps/risks. Higher-cost, higher-effort projects can be part of a longer-term IT strategy. Improving service continuity is an ongoing commitment.

    Brainstorm solutions to address gaps and risk

    3(f) Solutioning

    Estimated Time: 1.5 hours

    1. Review each of the risk and gap cards from the tabletop exercise.
    2. As a group, brainstorm ideas to address gaps, mitigate risks, and improve resiliency. Write the list of ideas on a whiteboard or flip-chart paper. The solutions can range from quick-wins and action items to major capital investments.
    3. Try to avoid debates about feasibility at this point – that should happen later. The goal is to get all ideas on the board.

    An example of how to complete Activity 3(f). Three cue cards showing various steps are attached by arrows to steps on a whiteboard.

    Info-Tech Best Practice

    It’s about finding ways to solve the problem, not about solving the problem. When you’re brainstorming solutions to problems, don’t stop with the first idea, even if the solution seems obvious. The first idea isn’t always the best or only solution; other ideas can expand on and improve that first idea.

    Select an optimal DR deployment model from a world of choice

    There are many options for a DR deployment. What makes sense for you?

    • Sifting through the options for a DR site can be overwhelming. Simplify by eliminating deployment models that aren’t a good fit for your requirements or organization using Info-Tech’s research.
    • Someone will ask you about DR in the cloud. Cut to the chase and evaluate cloud for fit with your organization’s current capabilities and requirements. Read about the 10 Secrets for Successful DR in the Cloud.
    • Selecting and deploying a DR site is an exercise in risk mitigation. IT’s role is to advise the business on options to address the risk of not having a DR site, including cost and effort estimates. The business must then decide how to manage risk. Build total cost of ownership (TCO) estimates and evaluate possible challenges and risks for each option.

    Is it practical to invest in greater geo-redundancy that meets RTOs and RPOs during a widespread event?

    Info-Tech suggests you consider events that impact both sites, and your risk tolerance for that impact. Outline the impact of downtime at a high level if both the primary and secondary site were affected. Research how often events severe enough to have impacted both your primary and secondary sites have occurred in the past. What’s the business tolerance for this type of event?

    A common strategy: have a primary and DR site that are close enough to support low RPO/RTO, but far enough away to mitigate the impact of known regional events. Back up data to a remote third location as protection against a catastrophic event.

    Info-Tech Insight

    Approach site selection as a project. Leverage Select an Optimal Disaster Recovery Deployment Model to structure your own site-selection project.

    Set up the DRP Roadmap Tool

    3(g) DRP Roadmap Tool – Set up tool

    Use the DRP Roadmap Tool to create a high-level roadmap to plan and communicate DR action items and initiatives. Determine the data you’ll use to define roadmap items.

    Screenshot of Info-Tech's DRP Roadmap Tool

    Plan next steps by estimating timeline, effort, priority, and more

    3(h) DRP Roadmap Tool – Describe roadmap items

    A screenshot of Info-Tech's DRP Roadmap Tool to show how to describe roadmap items

    Review and communicate the DRP Roadmap Tool

    3(i) DRP Roadmap Tool – View roadmap chart

    A screenshot of Info-Tech's DRP Roadmap Tool's Roadmap tab

    Step 3.3: Review the Future State Recovery Process

    This step will walk you through the following activities:

    • Update the recovery workflow to outline your future recovery procedure.
    • Summarize findings from DR exercises and present the results to the project sponsor and other interested executives.

    This step involves the following participants:

    • DRP Coordinator
    • IT SMEs (Future State Recovery Flow)
    • DR Project Sponsor

    Results and Insights

    • Summarize results from DR planning exercises to make the case for needed DR investment.

    Outline your future state recovery flow

    3(j) Update the recovery workflow to outline response and recovery in the future

    Estimated Time: 30 minutes

    Outline your expected future state recovery flow to demonstrate improvements once projects and action items have been completed.

    1. Create a copy of your DRP recovery workflow in a new tab in Visio.
    2. Delete gap and risk cards that are addressed by proposed projects. Consolidate or eliminate steps that would be simplified or streamlined in the future if projects are implemented.
    3. Create a short-, medium-, and long-term review of changes to illustrate improvements over time to the project roadmap.
    4. Update this workflow as you implement and improve DR capabilities.

    Screenshot of the recovery workflow

    Validate recovery targets and communicate actual recovery capabilities

    3(k) Validate findings, present recommendations, secure budget

    Estimated Time: time required will vary

    1. Interview managers or process owners to validate RTO, RPO, and business impact scores.Use your assessment of “heavy users” of particular applications (picture at right) to remind you which business users you should include in the interview process.
    2. Present an overview of your findings to the management team.Use Info-Tech’s DRP Recap and Results Template to summarize your findings.
    3. Take projects into the budget process.With the management team aware of the rationale for investment in DRP, build the business case and secure budget where needed.

    Present DRP findings and make the case for needed investment

    3(I) DRP Recap and Results Template

    Create a communication deck to recap key findings for stakeholders.

    • Write a clear problem statement. Identify why you did this project (what problem you’re solving).
    • Clearly state key findings, insights, and recommendations.
    • Leverage the completed tools and templates to populate the deck. Callouts throughout the template presentation will direct you to take and populate screenshots throughout the document.
    • Use the presentation to communicate key findings to, and gather feedback from, business unit managers, executives, and IT staff.
    Screenshots of Info-Tech's DRP Recap and Results Template

    Stories from the field: Info-Tech clients find value in Phase 3 in the following ways

    Tabletop planning is an effective way to discover gaps in recovery capabilities. Identify issues in the tabletop exercise so you can manage them before disaster strikes. For example:

    Back up a second…

    A client started to back up application data offsite. To minimize data transfer and storage costs, the systems themselves weren’t backed up. Working through the restore process at the DR site, the DBA realized 30 years of COBOL and SQR code – critical business functionality – wasn’t backed up offsite.

    Net… work?

    A 500-employee professional services firm realized its internet connection could be a significant roadblock to recovery. Without internet, no one at head office could access critical cloud systems. The tabletop exercise identified this recovery bottleneck and helped prioritize the fix on the roadmap.

    Someone call a doctor!

    Hospitals rely on their phone systems for system downtime procedures. A tabletop exercise with a hospital client highlighted that if the data center were damaged, the phone system would likely be damaged as well. Identifying this provided more urgency to the ongoing VOIP migration.

    The test of time

    A small municipality relied on a local MSP to perform systems restore, but realized it had never tested the restore procedure to identify RTA. Contacting the MSP to review capabilities became a roadmap item to address this risk.

    Phase 3: Insights and accomplishments

    Screenshot of Info-Tech's DRP recovery workflow template

    Outlined the DRP response and risks to recovery

    Screenshots of activities completed related to brainstorming risk mitigation measures.

    Brainstormed risk mitigation measures

    Summary of Accomplishments

    • Planned and documented your DR incident response and systems recovery workflow.
    • Identified gaps and risks to recovery and incident management.
    • Brainstormed and identified projects and action items to mitigate risks and close gaps.

    Up Next: Leverage the core deliverables to complete, extend, and maintain your DRP

    Create a Right-Sized Disaster Recovery Plan

    Phase 4

    Complete, Extend, and Maintain Your DRP

    Phase 4: Complete, Extend, and Maintain Your DRP

    This phase will walk you through the following activities:

    • Identify progress made on your DRP by reassessing your DRP maturity.
    • Prioritize the highest value major initiatives to complete, extend, and maintain your DRP.

    This phase involves the following participants:

    • DRP Coordinator
    • Executive Sponsor

    Results and Insights

    • Communicate the value of your DRP by demonstrating progress against items in the DRP Maturity Scorecard.
    • Identify and prioritize future major initiatives to support the DRP, and the larger BCP.

    Celebrate accomplishments, plan for the future

    Congratulations! You’ve completed the core DRP deliverables and made the case for investment in DR capabilities. Take a moment to celebrate your accomplishments.

    This milestone is an opportunity to look back and look forward.

    • Look back: measure your progress since you started to build your DRP. Revisit the assessments completed in phase 1, and assess the change in your overall DRP maturity.
    • Look forward: prioritize future initiatives to complete, extend, and maintain your DRP. Prioritize initiatives that are the highest impact for the least requirement of effort and resources.

    We have completed the core DRP methodology for key systems:

    • BIA, recovery objectives, high-level recovery workflow, and recovery actuals.
    • Identify key tasks to meet recovery objectives.

    What could we do next?

    • Repeat the core methodology for additional systems.
    • Identify a DR site to meet recovery requirements, and review vendor DR capabilities.
    • Create a summary DRP document including requirements, capabilities, and change procedures.
    • Create a test plan and detailed recovery documentation.
    • Coordinate the creation of BCPs.
    • Integrate DR in other key operational processes.

    Revisit the DRP Maturity Scorecard to measure progress and identify remaining areas to improve

    4(a) DRP Maturity Scorecard – Reassess your DRP program maturity

    1. Find the copy of the DRP Maturity Scorecard you completed previously. Save a second copy of the completed scorecard in the same folder.
    2. Update scoring where you have improved your DRP documentation or capabilities.
    3. Review the new scores on tab 3. Compare the new scores to the original scores.

    Screenshot of DRP Maturity Assessment Results

    Info-Tech Best Practice

    Use the completed, updated DRP Maturity Scorecard to demonstrate the value of your continuity program, and to help you decide where to focus next.

    Prioritize major initiatives to complete, extend, and maintain the DRP

    4(b) Prioritize major initiatives

    Estimated Time: 2 hours

    Prioritize major initiatives that mitigate significant risk with the least cost and effort.

    1. Use the scoring criteria below to evaluate risk, effort, and cost for potential initiatives. Modify the criteria if required for your organization. Write this out on a whiteboard or flip-chart paper.
    2. Assign a score from 1 to 3. Multiply the scores for each initiative together for an aggregate score. In general, prioritize initiatives with higher scores.
    Score A: How significant are the risks this initiative will mitigate? B: How easily can we complete this initiative? C: How cost-effective is this initiative?
    3: High Critical impact on +50% of stakeholders, or major impact to compliance posture, or significant health/safety risk. One sprint, can be completed by a few individuals with minor supervision. Within the IT discretionary budget.
    2: Medium Impacts <50% of stakeholders, or minor impact on compliance, or degradation to health or safety controls. One quarter, and/or some increased effort required, some risk to completion. Requires budget approval from finance.
    1: Low Impacts limited to <25% of stakeholders, no impact on compliance posture or health/safety. One year, and/or major vendor or organizational challenges. Requires budget approval from the board of directors.

    Info-Tech Best Practice

    You can use a similar scoring exercise to prioritize and schedule high-benefit, low-effort, low-cost items identified in the roadmap in phase 3.

    Example: Prioritize major initiatives

    4(b) Prioritize major initiatives continued

    Write out the table on a whiteboard (record the results in a spreadsheet for reference). In the case below, IT might decide to work on repeating the core methodology first as they create the active testing plans, and tackle process changes later.

    Initiative A: How significant are the risks this initiative will mitigate? B: How easily can we complete this initiative? C: How cost-effective is this initiative? Aggregate score (A x B x C)
    Repeat the core methodology for all systems 2 – will impact some stakeholders, no compliance or safety impact. 2 – will require about 3 months, no significant complications. 3 – No cost. 12
    Add DR to project mgmt. and change mgmt. 1 – Mitigates some recovery risks over the long term. 1 – Requires extensive consultation and process review. 3 – No cost. 3
    Active failover testing on plan 2 – Mitigates some risks; documentation and cross training is already in place. 2 – Requires 3-4 months of occasional effort to prepare for test. 2 – May need to purchase some equipment before testing. 8

    Info-Tech Best Practice

    Find a pace that allows you to keep momentum going, but also leaves enough time to act on the initial findings, projects, and action items identified in the DRP Roadmap Tool. Include these initiatives in the Roadmap tool to visualize how identified initiatives fit with other tasks identified to improve your recovery capabilities.

    Repeat the core DR methodology for additional systems and applications


    You have created a DR plan for your most critical systems. Now, add the rest:

    • Build on the work you’ve already done. Re-use the BIA scoring scale. Update your existing recovery workflows, rather than creating and formatting an entirely new document. A number of steps in the recovery will be shared with, or similar to, the recovery procedures for your Tier 1 systems.

    Risks and Challenges Mitigated

    • DR requirements and capabilities for less-critical systems have not been evaluated.
    • Gaps in the recovery process for less critical systems have not been evaluated or addressed.
    • DR capabilities for less critical systems may not meet business requirements.
    Sample Outputs
    Add Tier 2 & 3 systems to the BIA.
    Complete another tabletop exercise for Tier 2 & 3 systems recovery, and add the results to the recovery workflow.
    Identify projects to close additional gaps in the recovery process. Add projects to the project roadmap.

    Info-Tech Best Practice

    Use this example of a complete, practical, right-size DR plan to drive and guide your efforts.

    Extend your core DRP deliverables

    You’ve completed the core DRP deliverables. Continue to create DRP documentation to support recovery procedures and governance processes:

    • DR documentation efforts fail when organizations try to boil the ocean with an all-in-one plan aimed at auditors, business leaders, and IT. It’s long, hard to maintain, and ends up as shelfware.
    • Create documentation in layers to keep it manageable. Build supporting documentation over time to support your high-level recovery workflow.

    Risks and Challenges Mitigated

    • Key contact information, escalation, and disaster declaration responsibilities are not identified or formalized.
    • DRP requirements and capabilities aren’t centralized. Key DRP findings are in multiple documents, complicating governance and oversight by auditors, executives, and board members.
    • Detailed recovery procedures and peripheral information (e.g. network diagrams) are not documented.
    Sample Outputs
    Three to five detailed systems recovery flowcharts/checklists.
    Documented team roles, succession plans, and contact information.
    Notification, assessment, and disaster declaration plan.
    DRP summary.
    Layer 1, 2 & 3 network diagrams.

    Info-Tech Best Practice

    Use this example of a complete, practical, right-size DR plan to drive and guide your efforts.

    Select an optimal DR deployment model and deployment site

    Your DR site has been identified as inadequate:

    • Begin with the end in mind. Commit to mastering the selected model and leverage your vendor relationship for effective DR.
    • Cut to the chase and evaluate the feasibility of cloud first. Gauge your organization’s current capabilities for DR in the cloud before becoming infatuated with the idea.
    • A mixed model gives you the best of both worlds. Diversify your strategy by identifying fit for purpose and balancing the work required to maintain various models.

    Risks and Challenges Mitigated

    • Without an identified DR site, you’ll be scrambling when a disaster hits to find and contract for a location to restore IT services.
    • Without systems and application data backed up offsite, you stand to lose critical business data and logic if all copies of the data at your primary site were lost.
    Sample Outputs
    Application assessment for cloud DR.
    TCO tool for different environments.
    Solution decision and executive presentation.

    Info-Tech Best Practice

    Use Info-Tech’s blueprint, Select the Optimal Disaster Recovery Deployment Model, to help you make sense of a world of choice for your DR site.

    Extend DRP findings to business process resiliency with a BCP pilot

    Integrate your findings from DRP into the overall BCP:

    • As an IT leader you have the skillset and organizational knowledge to lead a BCP project, but ultimately business leaders need to own the BCP – they know their processes and requirements to resume business operations better than anyone else.
    • The traditional approach to BCP is a massive project that most organizations can’t execute without hiring a consultant. To execute BCP in-house, carve up the task into manageable pieces.

    Risks and Challenges Mitigated

    • No formal plan exists to recover from a disruption to critical business processes.
    • Business requirements for IT systems recovery may change following a comprehensive review of business continuity requirements.
    • Outside of core systems recovery, IT could be involved in relocating staff, imaging and issuing new end-user equipment, etc. Identifying these requirements is part of BCP.
    Sample Outputs
    Business process-focused BIA for one business unit.
    Recovery workflows for one business unit.
    Provisioning list for one business unit.
    BCP project roadmap.

    Info-Tech Best Practice

    Use Info-Tech’s blueprint, Develop a Business Continuity Plan, to develop and deploy a repeatable BCP methodology.

    Test the plan to validate capabilities and cross-train staff on recovery procedures

    You don’t have a program to regularly test the DR plan:

    • Most DR tests are focused solely on the technology and not the DR management process – which is where most plans fail.
    • Be proactive – establish an annual test cycle and identify and coordinate resources well in advance.
    • Update DRP documentation with findings from the plan, and track the changes you make over time.

    Risks and Challenges Mitigated

    • Gaps likely still exist in the plan that are hard to find without some form of testing.
    • Customers and auditors may ask for some form of DR testing.
    • Staff may not be familiar with DR documentation or how they can use it.
    • No formal cycle to validate and update the DRP.
    Sample Outputs
    DR testing readiness assessment.
    Testing handbooks.
    Test plan summary template.
    DR test issue log and analysis tool.

    Info-Tech Best Practice

    Uncover deficiencies in your recovery procedures by using Info-Tech’s blueprint Reduce Costly Downtime Through DR Testing.

    “Operationalize” DRP management

    Inject DR planning in key operational processes to support plan maintenance:

    • Major changes, or multiple routine changes, can materially alter DR capabilities and requirements. It’s not feasible to update the DR plan after every routine change, so leverage criticality tiers in the BIA to focus your change management efforts. Critical systems require more rigorous change procedures.
    • Likewise, you can build criticality tiers into more focused project management and performance measurement processes.
    • Schedule regular tasks in your ticketing system to verify capabilities and cross-train staff on key recovery procedures (e.g. backup and restore).

    Risks and Challenges Mitigated

    • DRP is not updated “as needed” – as requirements and capabilities change due to business and technology changes.
    • The DRP is disconnected from day-to-day operations.
    Sample Outputs
    Reviewed and updated change, project, and performance management processes.
    Reviewed and updated internal SLAs.
    Reviewed and updated data protection and backup procedures.

    Review infrastructure service provider DR capabilities

    Insert DR planning in key operational processes to support plan maintenance:

    • Reviewing vendor DR capabilities is a core IT vendor management competency.
    • As your DR requirements change year-to-year, ensure your vendors’ service commitments still meet your DR requirements.
    • Identify changes in the vendor’s service offerings and DR capabilities, e.g. higher costs for additional DR support, new offerings to reduce potential downtime, or conversely, a degradation in DR capabilities.

    Risks and Challenges Mitigated

    • Vendor capabilities haven’t been measured against business requirements.
    • No internal capability exists currently to assess vendor ability to meet promised SLAs.
    • No internal capability exists to track vendor performance on recoverability.
    Sample Outputs
    A customized vendor DRP questionnaire.
    Reviewed vendor SLAs.
    Choose to keep or change service levels or vendor offerings based on findings.

    Phase 4: Insights and accomplishments

    Screenshot of DRP Maturity Assessment Results

    Identified progress against targets

    Screenshot of prioritized further initiatives.

    Prioritized further initiatives

    Screenshot of DRP Planning Roadmap

    Added initiatives to the roadmap

    Summary of Accomplishments

    • Developed a list of high-priority initiatives that can support the extension and maintenance of the DR plan over the long term.
    • Reviewed and update maturity assessments to establish progress and communicate the value of the DR program.

    Summary of accomplishment

    Knowledge Gained

    • Conduct a BIA to determine appropriate targets for RTOs and RPOs.
    • Identify DR projects required to close RTO/RPO gaps and mitigate risks.
    • Use tabletop planning to create and validate an incident response plan.

    Processes Optimized

    • Your DRP process was optimized, from BIA to documenting an incident response plan.
    • Your vendor evaluation process was optimized to identify and assess a vendor’s ability to meet your DR requirements, and to repeat this evaluation on an annual basis.

    Deliverables Completed

    • DRP Maturity Scorecard
    • DRP Business Impact Analysis Tool
    • DRP Roadmap Tool
    • Incident response plan and systems recovery workflow
    • Executive presentation

    Info-Tech’s insights bust the most obstinate myths of DRP

    Myth #1: DRPs need to focus on major events such as natural disasters and other highly destructive incidents such as fire and flood.

    Reality: The most common threats to service continuity are hardware and software failures, network outages, and power outages.

    Myth #2: Effective DRPs start with identifying and evaluating potential risks.

    Reality: DR isn’t about identifying risks; it’s about ensuring service continuity.

    Myth #3: DRPs are separate from day-to-day operations and incident management.

    Reality: DR must be integrated with service management to ensure service continuity.

    Myth #4: I use a co-lo or cloud services so I don’t have to worry about DR. That’s my vendor’s responsibility.

    Reality: You can’t outsource accountability. You can’t just assume your vendor’s DR capabilities will meet your needs.

    Myth #5: A DRP must include every detail so anyone can execute the recovery.

    Reality: IT DR is not an airplane disaster movie. You aren’t going to ask a business user to execute a system recovery, just like you wouldn’t really want a passenger with no flying experience to land a plane.

    Supplement the core documentation with these tools and templates

    • An Excel workbook workbook to track key roles on DR, business continuity, and emergency response teams. Can also track DR documentation location and any hardware purchases required for DR.
    • A questionnaire template and a response tracking tool to structure your investigation of vendor DR capabilities.
    • Integrate escalation with your DR plan by defining incident severity and escalation rules . Use this example as a template or integrate ideas into your own severity definitions and escalation rules in your incident management procedures.
    • A minute-by-minute time-tracking tool to capture progress in a DR or testing scenario. Monitor progress against objectives in real time as recovery tasks are started and completed.

    Next steps: Related Info-Tech research

    Select the Optimal Disaster Recovery Deployment Model Evaluate cloud, co-lo, and on-premises disaster recovery deployment models.

    Develop a Business Continuity Plan Streamline the traditional approach to make BCP development manageable and repeatable.

    Prepare for a DRP Audit Assess your current DRP maturity, identify required improvements, and complete an audit-ready DRP summary document.

    Document and Maintain Your Disaster Recovery Plan Put your DRP on a diet: keep it fit, trim, and ready for action.

    Reduce Costly Downtime Through DR Testing Improve your DR plan and your team’s ability to execute on it.

    Implement Crisis Management Best Practices An effective crisis response minimizes the impact of a crisis on reputation, profitability, and continuity.

    Research contributors and experts

    • Alan Byrum, Director of Business Continuity, Intellitech
    • Bernard Jones (MBCI, CBCP, CORP, ITILv3), Owner/Principal, B Jones BCP Consulting, LLC
    • Paul Beaudry, Assistant Vice-President, Technical Services, MIS, Richardson International Limited
    • Yogi Schulz, President, Corvelle Consulting

    Glossary

    • Business Continuity Management (BCM) Program: Ongoing management and governance process supported by top management and appropriately resourced to implement and maintain business continuity management. (Source: ISO 22301:2012)
    • Business Continuity Plan (BCP): Documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption. The BCP is not necessarily one document, but a collection of procedures and information.
    • Crisis: A situation with a high level of uncertainty that disrupts the core activities and/or credibility of an organization and requires urgent action. (Source: ISO 22300)
    • Crisis Management Team (CMT): A group of individuals responsible for developing and implementing a comprehensive plan for responding to a disruptive incident. The team consists of a core group of decision makers trained in incident management and prepared to respond to any situation.
    • Disaster Recovery Planning (DRP): The activities associated with the continuing availability and restoration of the IT infrastructure.
    • Incident: An event that has the capacity to lead to loss of, or a disruption to, an organization’s operations, services, or functions – which, if not managed, can escalate into an emergency, crisis, or disaster.
    • BCI Editor’s Note: In most countries “incident” and “crisis” are used interchangeably, but in the UK the term “crisis” has been generally reserved for dealing with wide-area incidents involving Emergency Services. The BCI prefers the use of “incident” for normal BCM purposes. (Source: The Business Continuity Institute)

    • Incident Management Plan: A clearly defined and documented plan of action for use at the time of an incident, typically covering the key personnel, resources, services, and actions needed to implement the incident management process.
    • IT Disaster: A service interruption requiring IT to rebuild a service, restore from backups, or activate redundancy at the backup site.
    • Recovery Point: Time elapsed between the last good copy of the data being taken and failure/corruption on the production environment; think of this as data loss.
    • Recovery Point Actual (RPA): The currently achievable recovery point after a disaster event, given existing people, processes, and technology. This reflects expected maximum data loss that could actually occur in a disaster scenario.
    • Recovery Point Objective (RPO): The target recovery point after a disaster event, usually calculated in hours, on a given system, application, or service. Think of this as acceptable and appropriate data loss. RPO should be based on a business impact analysis (BIA) to identify an acceptable and appropriate recovery target.
    • Recovery Time: Time required to restore a system, application, or service to a functional state; think of this as downtime.
    • Recovery Time Actual (RTA): The currently achievable recovery time after a disaster event, given existing people, processes, and technology. This reflects expected maximum downtime that could actually occur in a disaster scenario.
    • Recovery Time Objective (RTO): The target recovery time after a disaster event for a given system, application, or service. RTO should be based on a business impact analysis (BIA) to identify acceptable and appropriate downtime.

    Bibliography

    BCMpedia. “Recovery Objectives: RTO, RPO, and MTPD.” BCMpedia, n.d. Web.

    Burke, Stephen. “Public Cloud Pitfalls: Microsoft Azure Storage Cluster Loses Power, Puts Spotlight On Private, Hybrid Cloud Advantages.” CRN, 16 Mar. 2017. Web.

    Elliot, Stephen. “DevOps and the Cost of Downtime: Fortune 1000 Best Practice Metrics Quantified.” IDC, 2015. Web.

    FEMA. Planning & Templates. FEMA, 2015. Web.

    FINRA. “Business Continuity Plans and Emergency Contact Information.” FINRA, 2015. Web.

    FINRA. “FINRA, the SEC and CFTC Issue Joint Advisory on Business Continuity Planning.” FINRA, 2013. Web.

    Gosling, Mel, and Andrew Hiles. “Business Continuity Statistics: Where Myth Meets Fact.” Continuity Central, 2009. Web.

    Hanwacker, Linda. “COOP Templates for Success Workbook.” The LSH Group, n.d. Web.

    Homeland Security. Federal Information Security Management Act (FISMA). Homeland Security, 2015. Web.

    Nichols, Shaun. “AWS's S3 Outage Was So Bad Amazon Couldn't Get Into Its Own Dashboard to Warn the World.” The Register, 1 Mar. 2017. Web.

    Potter, Patrick. “BCM Regulatory Alphabet Soup.” RSA Archer Organization, 2012. Web.

    Rothstein, Philip Jan. “Disaster Recovery Testing: Exercising Your Contingency Plan.” Rothstein Associates Inc., 2007. Web.

    The Business Continuity Institute. “The Good Practice Guidelines.” The Business Continuity Institute, 2013. Web.

    The Disaster Recovery Journal. “Disaster Resource Guide.” The Disaster Recovery Journal, 2015. Web.

    The Disaster Recovery Journal. “DR Rules & Regulations.” The Disaster Recovery Journal, 2015. Web.

    The Federal Financial Institution Examination Council (FFIEC). Business Continuity Planning. IT Examination Handbook InfoBase, 2015. Web.

    York, Kyle. “Read Dyn’s Statement on the 10/21/2016 DNS DDoS Attack.” Oracle, 22 Oct. 2016. Web.

    Establish an Effective IT Steering Committee

    • Buy Link or Shortcode: {j2store}191|cart{/j2store}
    • member rating overall impact (scale of 10): 9.6/10 Overall Impact
    • member rating average dollars saved: $44,821 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • Unfortunately, when CIOs implement IT steering committees, they often lack the appropriate structure and processes to be effective.
    • Due to the high profile of the IT steering committee membership, CIOs need to get this right – or their reputation is at risk.

    Our Advice

    Critical Insight

    • 88% of IT steering committees fail. The organizations that succeed have clearly defined responsibilities that are based on business needs.
    • Without a documented process your committee can’t execute on its responsibilities. Clearly define the flow of information to make your committee actionable.
    • Limit your headaches by holding your IT steering committee accountable for defining project prioritization criteria.

    Impact and Result

    Leverage Info-Tech’s process and deliverables to see dramatic improvements in your business satisfaction through an effective IT steering committee. This blueprint will provide three core customizable deliverables that you can use to launch or optimize your IT steering committee:

    • IT Steering Committee Charter: Use this template in combination with this blueprint to form a highly tailored committee.
    • IT Steering Committee Stakeholder Presentation: Build understanding around the goals and purpose of the IT steering committee, and generate support from your leadership team.
    • IT Steering Committee Project Prioritization Tool: Engage your IT steering committee participants in defining project prioritization criteria. Track project prioritization and assess your portfolio.

    Establish an Effective IT Steering Committee Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should establish an IT steering committee, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build the steering committee charter

    Build your IT steering committee charter using results from the stakeholder survey.

    • Establish an Effective IT Steering Committee – Phase 1: Build the Steering Committee Charter
    • IT Steering Committee Stakeholder Survey
    • IT Steering Committee Charter

    2. Define IT steering commitee processes

    Define your high level steering committee processes using SIPOC, and select your steering committee metrics.

    • Establish an Effective IT Steering Committee – Phase 2: Define ITSC Processes

    3. Build the stakeholder presentation

    Customize Info-Tech’s stakeholder presentation template to gain buy-in from your key IT steering committee stakeholders.

    • Establish an Effective IT Steering Committee – Phase 3: Build the Stakeholder Presentation
    • IT Steering Committee Stakeholder Presentation

    4. Define the prioritization criteria

    Build the new project intake and prioritization process for your new IT steering committee.

    • Establish an Effective IT Steering Committee – Phase 4: Define the Prioritization Criteria
    • IT Steering Committee Project Prioritization Tool
    • IT Project Intake Form
    [infographic]

    Workshop: Establish an Effective IT Steering Committee

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build the IT Steering Committee

    The Purpose

    Lay the foundation for your IT steering committee (ITSC) by surveying your stakeholders and identifying the opportunities and threats to implementing your ITSC.

    Key Benefits Achieved

     An understanding of the business environment affecting your future ITSC and identification of strategies for engaging with stakeholders

    Activities

    1.1 Launch stakeholder survey for business leaders.

    1.2 Analyze results with an Info-Tech advisor.

    1.3 Identify opportunities and threats to successful IT steering committee implementation.

    1.4 Develop the fit-for-purpose approach.

    Outputs

    Report on business leader governance priorities and awareness

    Refined workshop agenda

    2 Define the ITSC Goals

    The Purpose

    Define the goals and roles of your IT steering committee.

    Plan the responsibilities of your future committee members.

    Key Benefits Achieved

     Groundwork for completing the steering committee charter

    Activities

    2.1 Review the role of the IT steering committee.

    2.2 Identify IT steering committee goals and objectives.

    2.3 Conduct a SWOT analysis on the five governance areas

    2.4 Define the key responsibilities of the ITSC.

    2.5 Define ITSC participation.

    Outputs

    IT steering committee key responsibilities and participants identified

    IT steering committee priorities identified

    3 Define the ITSC Charter

    The Purpose

    Document the information required to create an effective ITSC Charter.

    Create the procedures required for your IT steering committee.

    Key Benefits Achieved

    Clearly defined roles and responsibilities for your steering committee

    Completed IT Steering Committee Charter document

    Activities

    3.1 Build IT steering committee participant RACI.

    3.2 Define your responsibility cadence and agendas.

    3.3 Develop IT steering committee procedures.

    3.4 Define your IT steering committee purpose statement and goals.

    Outputs

    IT steering committee charter: procedures, agenda, and RACI

    Defined purpose statement and goals

    4 Define the ITSC Process

    The Purpose

    Define and test your IT steering committee processes.

    Get buy-in from your key stakeholders through your stakeholder presentation.

    Key Benefits Achieved

    Stakeholder understanding of the purpose and procedures of IT steering committee membership

    Activities

    4.1 Define your high-level IT steering committee processes.

    4.2 Conduct scenario testing on key processes, establish ITSC metrics.

    4.3 Build your ITSC stakeholder presentation.

    4.4 Manage potential objections.

    Outputs

    IT steering committee SIPOC maps

    Refined stakeholder presentation

    5 Define Project Prioritization Criteria

    The Purpose

    Key Benefits Achieved

    Activities

    5.1 Create prioritization criteria

    5.2 Customize the project prioritization tool

    5.3 Pilot test the tool

    5.4 Define action plan and next steps

    Outputs

    IT Steering Committee Project Prioritization Tool

    Action plan

    Further reading

    Establish an Effective IT Steering Committee

    Have the right people making the right decisions to drive IT success.

    Our understanding of the problem

    This Research Is Designed For:

    • CIOs
    • IT Leaders

    This Research Will Also Assist:

    • Business Partners

    This Research Will Help You:

    • Structure an IT steering committee with the appropriate membership and responsibilities
    • Define appropriate cadence around business involvement in IT decision making
    • Define your IT steering committee processes, metrics, and timelines
    • Obtain buy-in for IT steering committee participations
    • Define the project prioritization criteria

    This Research Will Help Them:

    • Understand the importance of IT governance and their role
    • Identify and build the investment prioritization criteria

    Executive Summary

    Situation

    • An effective IT steering committee (ITSC) is one of the top predictors of value generated by IT, yet only 11% of CIOs believe their committees are effective.
    • An effective steering committee ensures that the right people are involved in critical decision making to drive organizational value.

    Complication

    • Unfortunately, when CIOs do implement IT steering committees, they often lack the appropriate structure and processes to be effective.
    • Due to the high profile of the IT steering committee membership, CIOs need to get this right – or their reputation is at risk.

    Resolution

    Leverage Info-Tech’s process and deliverables to see dramatic improvements in your business satisfaction through an effective IT steering committee. This blueprint will provide three core customizable deliverables that you can use to launch or optimize your IT steering committee. These include:

    1. IT Steering Committee Charter: Customizable charter complete with example purpose, goals, responsibilities, procedures, RACI, and processes. Use this template in combination with this blueprint to get a highly tailored committee.
    2. IT Stakeholder Presentation: Use our customizable presentation guide to build understanding around the goals and purpose of the IT steering committee and generate support from your leadership team.
    3. IT Steering Committee Project Prioritization Tool: Engage your IT steering committee participants in defining the project prioritization criteria. Use our template to track project prioritization and assess your portfolio.

    Info-Tech Insight

    1. 88% of IT steering committees fail. The organizations that succeed have clearly defined responsibilities that are based on business needs.
    2. Without a documented process your committee can’t execute on its responsibilities. Clearly define the flow of information to make your committee actionable.
    3. Limit your headaches by holding your IT steering committee accountable for defining project prioritization criteria.

    IT Steering Committee

    Effective IT governance critical in driving business satisfaction with IT. Yet 88% of CIOs believe that their governance structure and processes are not effective. The IT steering committee (ITSC) is the heart of the governance body and brings together critical organizational stakeholders to enable effective decision making (Info-Tech Research Group Webinar Survey).

    IT STEERING COMMITTEES HAVE 3 PRIMARY OBJECTIVES – TO IMPROVE:

    1. Alignment: IT steering committees drive IT and business strategy alignment by having business partners jointly accountable for the prioritization and selection of projects and investments within the context of IT capacity.
    2. Accountability: The ITSC facilitates the involvement and commitment of executive management through clearly defined roles and accountabilities for IT decisions in five critical areas: investments, projects, risk, services, and data.
    3. Value Generation: The ITSC is responsible for the ongoing evaluation of IT value and performance of IT services. The committee should define these standards and approve remediation plans when there is non-achievement.

    "Everyone needs good IT, but no one wants to talk about it. Most CFOs would rather spend time with their in-laws than in an IT steering-committee meeting. But companies with good governance consistently outperform companies with bad. Which group do you want to be in?"

    – Martha Heller, President, Heller Search Associates

    An effective IT steering committee improves IT and business alignment and increases support for IT across the organization

    CEOs’ PERCEPTION OF IT AND BUSINESS ALIGNMENT

    67% of CIOs/CEOs are misaligned on the target role for IT.

    47% of CEOs believe that business goals are going unsupported by IT.

    64% of CEOs believe that improvement is required around IT’s understanding of business goals.

    28% of business leaders are supporters of their IT departments.

    A well devised IT steering committee ensures that core business partners are involved in critical decision making and that decisions are based on business goals – not who shouts the loudest. Leading to faster decision-making time, and better-quality decisions and outcomes.

    Source: Info-Tech CIO/CEO Alignment data

    Despite the benefits, 9 out of 10 steering committees are unsuccessful

    WHY DO IT STEERING COMMITTEES FAIL?

    1. A lack of appetite for an IT steering committee from business partners
    2. An effective ITSC requires participation from core members of the organization’s leadership team. The challenge is that most business partners don’t understand the benefits of an ITSC and the responsibilities aren’t tailored to participants’ needs or interests. It’s the CIOs responsibility to make this case to stakeholders and right-size the committee responsibilities and membership.
    3. IT steering committees are given inappropriate responsibilities
    4. The IT steering committee is fundamentally about decision making; it’s not a working committee. CIOs struggle with clarifying these responsibilities on two fronts: either the responsibilities are too vague and there is no clear way to execute on them within a meeting, or responsibilities are too tactical and require knowledge that participants do not have. Responsibilities should determine who is on the ITSC, not the other way around.
    5. Lack of process around execution
    6. An ITSC is only valuable if members are able to successfully execute on the responsibilities. Without well defined processes it becomes nearly impossible for the ITSC to be actionable. As a result, participants lack the information they need to make critical decisions, agendas are unmet, and meetings are seen as a waste of time.

    GOVERNANCE and ITSC and IT Management

    Organizations often blur the line between governance and management, resulting in the business having say over the wrong things. Understand the differences and make sure both groups understand their role.

    The ITSC is the most senior body within the IT governance structure, involving key business executives and focusing on critical strategic decisions impacting the whole organization.

    Within a holistic governance structure, organizations may have additional committees that evaluate, direct, and monitor key decisions at a more tactical level and report into the ITSC.

    These committees require specialized knowledge and are implemented to meet specific organizational needs. Those operational committees may spark a tactical task force to act on specific needs.

    IT management is responsible for executing on, running, and monitoring strategic activities as determined by IT governance.

    RELATIONSHIP BETWEEN STRATEGIC, TACTICAL, AND OPERATIONAL GROUPS

    Strategic IT Steering Committee
    Tactical

    Project Governance Service Governance

    Risk Governance Information Governance

    IT Management
    Operational Risk Task Force

    This blueprint focuses exclusively on building the IT steering committee. For more information on IT governance see Info-Tech’s blueprint Tailor an IT Governance Plan to Fit Organizational Needs.

    1. Governance of the IT Portfolio & Investments: ensures that funding and resources are systematically allocated to the priority projects that deliver value
    2. Governance of Projects: ensures that IT projects deliver the expected value, and that the PM methodology is measured and effective.
    3. Governance of Risks: ensures the organization’s ability to assess and deliver IT projects and services with acceptable risk.
    4. Governance of Services: ensures that IT delivers the required services at the acceptable performance levels.
    5. Governance of Information and Data: ensures the appropriate classification and retention of data based on business need.

    If these symptoms resonate with you, it might be time to invest in building an IT steering committee

    SIGNS YOU MAY NEED TO BUILD AN IT STEERING COMMITTEE

    As CIO I find that there is a lack of alignment between business and IT strategies.
    I’ve noticed that projects are thrown over the fence by stakeholders and IT is expected to comply.
    I’ve noticed that IT projects are not meeting target project metrics.
    I’ve struggled with a lack of accountability for decision making, especially by the business.
    I’ve noticed that the business does not understand the full cost of initiatives and projects.
    I don’t have the authority to say “no” when business requests come our way.
    We lack a standardized approach for prioritizing projects.
    IT has a bad reputation within the organization, and I need a way to improve relationships.
    Business partners are unaware of how decisions are made around IT risks.
    Business partners don’t understand the full scope of IT responsibilities.
    There are no SLAs in place and no way to measure stakeholder satisfaction with IT.

    Info-Tech’s approach to implementing an IT steering committee

    Info-Tech’s IT steering committee development blueprint will provide you with the required tools, templates, and deliverables to implement a right-sized committee that’s effective the first time.

    • Measure your business partner level of awareness and interest in the five IT governance areas, and target specific responsibilities for your steering committee based on need.
    • Customize Info-Tech’s IT Steering Committee Charter Template to define and document the steering committee purpose, responsibilities, participation, and cadence.
    • Build critical steering committee processes to enable information to flow into and out of the committee to ensure that the committee is able to execute on responsibilities.
    • Customize Info-Tech’s IT Steering Committee Stakeholder Presentation template to make your first meeting a breeze, providing stakeholders with the information they need, with less than two hours of preparation time.
    • Leverage our workshop guide and prioritization tools to facilitate a meeting with IT steering committee members to define the prioritization criteria for projects and investments and roll out a streamlined process.

    Info-Tech’s Four-Phase Process

    Key Deliverables:
    1 2 3 4
    Build the Steering Committee Charter Define ITSC Processes Build the Stakeholder Presentation Define the Prioritization Criteria
    • IT Steering Committee Stakeholder Survey
    • IT Steering Committee Charter
      • Purpose
      • Responsibilities
      • RACI
      • Procedures
    • IT Steering Committee SIPOC (Suppliers, Inputs, Process, Outputs, Customers)
    • Defined process frequency
    • Defined governance metrics
    • IT Steering Committee Stakeholder Presentation template
      • Introduction
      • Survey outcomes
      • Responsibilities
      • Next steps
      • ITSC goals
    • IT project prioritization facilitation guide
    • IT Steering Committee Project Prioritization Tool
    • Project Intake Form

    Leverage both COBIT and Info-Tech-defined metrics to evaluate the success of your program or project

    COBIT METRICS Alignment
    • Percent of enterprise strategic goals and requirements supported by strategic goals.
    • Level of stakeholder satisfaction with scope of the planned portfolio of programs and services.
    Accountability
    • Percent of executive management roles with clearly defined accountabilities for IT decisions.
    • Rate of execution of executive IT-related decisions.
    Value Generation
    • Level of stakeholder satisfaction and perceived value.
    • Number of business disruptions due to IT service incidents.
    INFO-TECH METRICS Survey Metrics:
    • Percent of business leaders who believe they understand how decisions are made in the five governance areas.
    • Percentage of business leaders who believe decision making involved the right people.
    Value of Customizable Deliverables:
    • Estimated time to build IT steering committee charter independently X cost of employee
    • Estimated time to build and generate customer stakeholder survey and generate reports X cost of employee
    • # of project interruptions due to new or unplanned projects

    CASE STUDY

    Industry: Consumer Goods

    Source: Interview

    Situation

    A newly hired CIO at a large consumer goods company inherited an IT department with low maturity from her predecessor. Satisfaction with IT was very low across all business units, and IT faced a lot of capacity constraints. The business saw IT as a bottleneck or red tape in terms of getting their projects approved and completed.

    The previous CIO had established a steering committee for a short time, but it had a poorly established charter that did not involve all of the business units. Also the role and responsibilities of the steering committee were not clearly defined. This led the committee to be bogged down in politics.

    Due to the previous issues, the business was wary of being involved in a new steering committee. In order to establish a new steering committee, the new CIO needed to navigate the bad reputation of the previous CIO.

    Solution

    The CIO established a new steering committee engaging senior members of each business unit. The roles of the committee members were clearly established in the new steering committee charter and business stakeholders were informed of the changes through presentations.

    The importance of the committee was demonstrated through the new intake and prioritization process for projects. Business stakeholders were impressed with the new process and its transparency and IT was no longer seen as a bottleneck.

    Results

    • Satisfaction with IT increased by 12% after establishing the committee and IT was no longer seen as red tape for completing projects
    • IT received approval to hire two more staff members to increase capacity
    • IT was able to augment service levels, allowing them to reinvest in innovative projects
    • Project prioritization process was streamlined

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Establish an Effective IT Steering Committee

    Build the Steering Committee Charter Define ITSC Processes Build the Stakeholder Presentation Define the Prioritization Criteria
    Best-Practice Toolkit

    1.1 Survey Your Steering Committee Stakeholders

    1.2 Build Your ITSC Charter

    2.1 Build a SIPOC

    2.2 Define Your ITSC Process

    3.1 Customize the Stakeholder Presentation

    4.1 Establish your Prioritization Criteria

    4.2 Customize the Project Prioritization Tool

    4.3 Pilot Test Your New Prioritization Criteria

    Guided Implementations
    • Launch your stakeholder survey
    • Analyze the results of the survey
    • Build your new ITSC charter
    • Review your completed charter
    • Build and review your SIPOC
    • Review your high-level steering committee processes
    • Customize the presentation
    • Build a script for the presentation
    • Practice the presentation
    • Review and select prioritization criteria
    • Review the Project Prioritization Tool
    • Review the results of the tool pilot test
    Onsite Workshop

    Module 1:

    Build a New ITSC Charter

    Module 2:

    Design Steering Committee Processes

    Module 3:

    Present the New Steering Committee to Stakeholders

    Module 4:

    Establish Project Prioritization Criteria

    Phase 1 Results:
    • Customized ITSC charter

    Phase 2 Results:

    • Completed SIPOC and steering committee processes
    Phase 3 Results:
    • Customized presentation deck and script
    Phase 4 Results:
    • Customized project prioritization tool

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities

    Build the IT Steering Committee

    1.1 Launch stakeholder survey for business leaders

    1.2 Analyze results with an Info-Tech Advisor

    1.3 Identify opportunities and threats to successful IT steering committee implementation.

    1.4 Develop the fit-for-purpose approach

    Define the ITSC Goals

    2.1 Review the role of the IT steering committee

    2.2 Identify IT steering committee goals and objectives

    2.3 Conduct a SWOT analysis on the five governance areas

    2.4 Define the key responsibilities of the ITSC 2.5 Define ITSC participation

    Define the ITSC Charter

    3.1 Build IT steering committee participant RACI

    3.2 Define your responsibility cadence and agendas

    3.3 Develop IT steering committee procedures

    3.4 Define your IT steering committee purpose statement and goals

    Define the ITSC Process

    4.1 Define your high-level IT steering committee processes

    4.2 Conduct scenario testing on key processes, establish ITSC metrics

    4.3 Build your ITSC stakeholder presentation

    4.4 Manage potential objections

    Define Project Prioritization Criteria

    5.1 Create prioritization criteria

    5.2 Customize the Project Prioritization Tool

    5.3 Pilot test the tool

    5.4 Define action plan and next steps

    Deliverables
    1. Report on business leader governance priorities and awareness
    2. Refined workshop agenda
    1. IT steering committee priorities identified
    2. IT steering committee key responsibilities and participants identified
    1. IT steering committee charter: procedures, agenda, and RACI
    2. Defined purpose statement and goals
    1. IT steering committee SIPOC maps
    2. Refined stakeholder presentation
    1. Project Prioritization Tool
    2. Action plan

    Phase 1

    Build the IT Steering Committee Charter

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Formalize the Security Policy Program

    Proposed Time to Completion: 1-2 weeks

    Select Your ITSC Members

    Start with an analyst kick-off call:

    • Launch your stakeholder survey

    Then complete these activities…

    • Tailor the survey questions
    • Identify participants and tailor email templates

    With these tools & templates:

    • ITSC Stakeholder Survey
    • ITSC Charter Template

    Review Stakeholder Survey Results

    Review findings with analyst:

    • Review the results of the Stakeholder Survey

    Then complete these activities…

    • Customize the ITSC Charter Template

    With these tools & templates:

    • ITSC Charter Template

    Finalize the ITSC Charter

    Finalize phase deliverable:

    • Review the finalized ITSC charter with an Info-Tech analyst

    Then complete these activities…

    • Finalize any changes to the ITSC Charter
    • Present it to ITSC Members

    With these tools & templates:

    • ITSC Charter Template

    Build the IT Steering Committee Charter

    This step will walk you through the following activities:

    • Launch and analyze the stakeholder survey
    • Define your ITSC goals and purpose statement
    • Determine ITSC responsibilities and participants
    • Determine ITSC procedures

    This step involves the following participants:

    • CIO
    • IT Steering Committee
    • IT Leadership Team
    • PMO

    Key Insight:

    Be exclusive with your IT steering committee membership. Determine committee participation based on committee responsibilities. Select only those who are key decision makers for the activities the committee is responsible for and, wherever possible, keep membership to 5-8 people.

    Tailor Info-Tech’s IT Steering Committee Charter Template to define terms of reference for the ITSC

    1.1

    A charter is the organizational mandate that outlines the purpose, scope, and authority of the ITSC. Without a charter, the steering committee’s value, scope, and success criteria are unclear to participants, resulting in unrealistic stakeholder expectations and poor organizational acceptance.

    Start by reviewing Info-Tech’s template. Throughout this section we will help you to tailor its contents.

    Committee Purpose: The rationale, benefits of, and overall function of the committee.

    Responsibilities: What tasks/decisions the accountable committee is making.

    Participation: Who is on the committee

    RACI: Who is accountable, responsible, consulted, and informed regarding each responsibility.

    Committee Procedures and Agendas: Includes how the committee will be organized and how the committee will interact and communicate with business units.

    A screenshot of Info-Tech's <em data-verified=IT Steering Committee Charter Template.">

    IT Steering Committee Charter

    Take a data-driven approach to build your IT steering committee based on business priorities

    1.2

    Leverage Info-Tech’s IT Steering Committee Stakeholder Surveyand reports to quickly identify business priorities and level of understanding of how decisions are made around the five governance areas.

    Use these insights to drive the IT steering committee responsibilities, participation, and communication strategy.

    The Stakeholder Survey consists of 17 questions on:

    • Priority governance areas
    • Desired level of involvement in decision making in the five governance areas
    • Knowledge of how decisions are made
    • Five open-ended questions on improvement opportunities

    To simplify your data collection and reporting, Info-Tech can launch a web-based survey, compile the report data and assist in the data interpretation through one of our guided implementations.

    Also included is a Word document with recommended questions, if you prefer to manage the survey logistics internally.

    A screenshot of Info-Tech's first page of the <em data-verified=IT Steering Committee Stakeholder Survey "> A screenshot of Info-Tech's survey.

    Leverage governance reports to define responsibilities and participants, and in your presentation to stakeholders

    1.3

    A screenshot is displayed. It advises that 72% of stakeholders do <strong data-verified= understand how decisions around IT services are made (quality, availability, etc.). Two graphs are included in the screenshot. One of the bar graphs shows the satisfaction with the quality of decisions and transparency around IT services. The other bar graph displays IT decisions around service delivery and quality that involve the right people.">

    OVERALL PRIORITIES

    You get:

    • A clear breakdown of stakeholders’ level of understanding on how IT decisions are made in the five governance areas
    • Stakeholder perceptions on the level of IT and business involvement in decision making
    • Identification of priority areas

    So you can:

    • Get an overall pulse check for understanding
    • Make the case for changes in decision-making accountability
    • Identify which areas the IT steering committee should focus on
    A screenshot is displayed. It advises that 80% of stakeholders do <strong data-verified=not understand how decisions around IT investments or project and service resourcing are made. Two bar graphs are displayed. One of the bar graphs shows the satisfaction with the quality of decisions made around IT investments. The other graph display IT decisions around spending priorities involving the right people.">

    GOVERNANCE AREA REPORTS

    You get:

    • Satisfaction score for decision quality in each governance area
    • Breakdown of decision-making accountability effectiveness
    • Identified level of understanding around decision making
    • Open-ended comments

    So you can:

    • Identify the highest priority areas to change.
    • To validate changes in decision-making accountability
    • To understand business perspectives on decision making.

    Conduct a SWOT analysis of the five governance areas

    1.4

    1. Hold a meeting with your IT leadership team to conduct a SWOT analysis on each of the five governance areas. Start by printing off the following five slides to provide participants with examples of the role of governance and the symptoms of poor governance in each area.
    2. In groups of 1-2 people, have each group complete a SWOT analysis for one of the governance areas. For each consider:
    • Strengths: What is currently working well in this area?
    • Weaknesses: What could you improve? What are some of the challenges you’re experiencing?
    • Opportunities: What are some organizational trends that you can leverage? Consider whether your strengths or weaknesses that could create opportunities?
    • Threats: What are some key obstacles across people, process, and technology?
  • Have each team or individual rotate until each person has contributed to each SWOT. Add comments from the stakeholder survey to the SWOT.
  • As a group rank each of the five areas in terms of importance for a phase one IT steering committee implementation, and highlight the top 10 challenges, and the top 10 opportunities you see for improvement.
  • Document the top 10 lists for use in the stakeholder presentation.
  • INPUT

    • Survey outcomes
    • Governance overview handouts

    OUTPUT

    • SWOT analysis
    • Ranked 5 areas
    • Top 10 challenges and opportunities identified.

    Materials

    • Governance handouts
    • Flip chart paper, pens

    Participants

    • IT leadership team

    Governance of RISK

    Governance of risk establishes the risk framework, establishes policies and standards, and monitors risks.

    Governance of risk ensures that IT is mitigating all relevant risks associated with IT investments, projects, and services.

    GOVERNANCE ROLES:

    1. Defines responsibility and accountability for IT risk identification and mitigation.
    2. Ensures the consideration of all elements of IT risk, including value, change, availability, security, project, and recovery
    3. Enables senior management to make better IT decisions based on the evaluation of the risks involved
    4. Facilitates the identification and analysis of IT risk and ensures the organization’s informed response to that risk.

    Symptoms of poor governance of risk

    • Opportunities for value creation are missed by not considering or assessing IT risk, or by completely avoiding all risk.
    • No formal risk management process or accountabilities exist.
    • There is no business continuity strategy.
    • Frequent security breaches occur.
    • System downtime occurs due to failed IT changes.

    Governance of PPM

    Governance of the IT portfolio achieves optimum ROI through prioritization, funding, and resourcing.

    PPM practices create value if they maximize the throughput of high-value IT projects at the lowest possible cost. They destroy value when they foster needlessly sophisticated and costly processes.

    GOVERNANCE ROLES:

    1. Ensures that the projects that deliver greater business value get a higher priority.
    2. Provides adequate funding for the priority projects and ensures adequate resourcing and funding balanced across the entire portfolio of projects.
    3. Makes the business and IT jointly accountable for setting project priorities.
    4. Evaluate, direct, and monitor IT value metrics and endorse the IT strategy and monitor progress.

    Symptoms of poor governance of PPM/investments

    • The IT investment mix is determined solely by Finance and IT.
    • It is difficult to get important projects approved.
    • Projects are started then halted, and resources are moved to other projects.
    • Senior management has no idea what projects are in the backlog.
    • Projects are approved without a valid business case.

    Governance of PROJECTS

    Governance of projects improves the quality and speed of decision making for project issues.

    Don’t confuse project governance and management. Governance makes the decisions regarding allocation of funding and resources and reviews the overall project portfolio metrics and process methodology.

    Management ensures the project deliverables are completed within the constraints of time, budget, scope, and quality.

    GOVERNANCE ROLES:

    1. Monitors and evaluates the project management process and critical project methodology metrics.
    2. Ensures review and mitigation of project issue and that management is aware of projects in crisis.
    3. Ensures that projects beginning to show characteristics of failure cannot proceed until issues are resolved.
    4. Endorses the project risk criteria, and monitors major risks to project completion.
    5. Approves the launch and execution of projects.

    Symptoms of poor governance of projects

    • Projects frequently fail or get cancelled.
    • Project risks and issues are not identified or addressed.
    • There is no formal project management process.
    • There is no senior stakeholder responsible for making project decisions.
    • There is no formal project reporting.

    Governance of SERVICES

    Governance of services ensures delivery of a highly reliable set of IT services.

    Effective governance of services enables the business to achieve the organization’s goals and strategies through the provision of reliable and cost-effective services.

    GOVERNANCE ROLES:

    1. Ensures the satisfactory performance of those services critical to achieving business objectives.
    2. Monitors and directs changes in service levels.
    3. Ensures operational and performance objectives for IT services are met.
    4. Approves policy and standards on the service portfolio.

    Symptoms of poor governance of service

    • There is a misalignment of business needs and expectations with IT capability.
    • No metrics are reported for IT services.
    • The business is unaware of the IT services available to them.
    • There is no accountability for service level performance.
    • There is no continuous improvement plan for IT services.
    • IT services or systems are frequently unavailable.
    • Business satisfaction with IT scores are low.

    Governance of INFORMATION

    Governance of information ensures the proper handling of data and information.

    Effective governance of information ensures the appropriate classification, retention, confidentiality, integrity, and availability of data in line with the needs of the business.

    GOVERNANCE ROLES:

    1. Ensures the information lifecycle owner and process are defined and endorse by business leadership.
    2. Ensures the controlled access to a comprehensive information management system.
    3. Ensures knowledge, information, and data are gathered, analyzed, stored, shared, used, and maintained.
    4. Ensures that external regulations are identified and met.

    Symptoms of poor governance of information

    • There is a lack of clarity around data ownership, and data quality standards.
    • There is insufficient understanding of what knowledge, information, and data are needed by the organization.
    • There is too much effort spent on knowledge capture as opposed to knowledge transfer and re-use.
    • There is too much focus on storing and sharing knowledge and information that is not up to date or relevant.
    • Personnel see information management as interfering with their work.

    Identify the responsibilities of the IT steering committee

    1.5

    1. With your IT leadership team, review the typical responsibilities of the IT steering committee on the following slide.
    2. Print off the following slide, and in your teams of 1-2 have each group identify which responsibilities they believe the IT steering committee should have, brainstorm any additional responsibilities, and document their reasoning.
    3. Note: The bolded responsibilities are the ones that are most common to IT steering committees, and greyed out responsibilities are typical of a larger governance structure. Depending on their level of importance to your organization, you may choose to include the responsibility.

    4. Have each team present to the larger group, track the similarities and differences between each of the groups, and come to consensus on the list of responsibilities.
    5. Complete a sanity check – review your swot analysis and survey results. Do the responsibilities you’ve identified resolve the critical challenges or weaknesses?
    6. As a group, consider the responsibilities and consider whether you can reasonably implement those in one year, or if there are any that will need to wait until year two of the IT steering committee.
    7. Modify the list of responsibilities in Info-Tech’s IT Steering Committee Charter by deleting the responsibilities you do not need and adding any that you identified in the process.

    INPUT

    • SWOT analysis
    • Survey reports

    OUTPUT

    • Defined ITSC responsibilities documented in the ITSC Charter

    Materials

    • Responsibilities handout
    • Voting dots

    Participants

    • IT leadership team

    Typical IT steering committee and governance responsibilities

    The bolded responsibilities are those that are most common to IT steering committees, and responsibilities listed in grey are typical of a larger governance structure.

    INVESTMENTS / PPM

    • Establish the target investment mix
    • Evaluate and select programs/projects to fund
    • Monitor IT value metrics
    • Endorse the IT budget
    • Monitor and report on program/project outcomes
    • Direct the governance optimization
    • Endorse the IT strategy

    PROJECTS

    • Monitor project management metrics
    • Approve launch of projects
    • Review major obstacles to project completion
    • Monitor a standard approach to project management
    • Monitor and direct project risk
    • Monitor requirements gathering process effectiveness
    • Review feasibility studies and formulate alternative solutions for high risk/high investment projects

    SERVICE

    • Monitor stakeholder satisfaction with services
    • Monitor service metrics
    • Approve plans for new or changed service requirements
    • Monitor and direct changes in service levels
    • Endorse the enterprise architecture
    • Approve policy and standards on the service portfolio
    • Monitor performance and capacity

    RISK

    • Monitor risk management metrics
    • Review the prioritized list of risks
    • Monitor changes in external regulations
    • Maintain risk profiles
    • Approve the risk management emergency action process
    • Maintain a mitigation plan to minimize risk impact and likelihood
    • Evaluate risk management
    • Direct risk management

    INFORMATION / DATA

    • Define information lifecycle process ownership
    • Monitor information lifecycle metrics
    • Define and monitor information risk
    • Approve classification categories of information
    • Approve information lifecycle process
    • Set policies on retirement of information

    Determine committee membership based on the committee’s responsibilities

    • One of the biggest benefits to an IT steering committee is it involves key leadership from the various lines of business across the organization.
    • However, in most cases, more people get involved than is required, and all the committee ends up accomplishing is a lot of theorizing. Participants should be selected based on the identified responsibilities of the IT steering committee.
    • If the responsibilities don’t match the participants, this will negatively impact committee effectiveness as leaders become disengaged in the process and don’t feel like it applies to them or accomplishes the desired goals. Once participants begin dissenting, it’s significantly more difficult to get results.
    • Be careful! When you have more than one individual in a specific role, select only the people whose attendance is absolutely critical. Don’t let your governance collapse under committee overload!

    LIKELY PARTICIPANT EXAMPLES:

    MUNICIPALITY

    • City Manager
    • CIO/IT Leader
    • CCO
    • CFO
    • Division Heads

    EDUCATION

    • Provost
    • Vice Provost
    • VP Academic
    • VP Research
    • VP Public Affairs
    • VP Operations
    • VP Development
    • Etc.

    HEALTHCARE

    • President/CEO
    • CAO
    • EVP/ EDOs
    • VPs
    • CIO
    • CMO

    PRIVATE ORGANIZATIONS

    • CEO
    • CFO
    • COO
    • VP Marketing
    • VP Sales
    • VP HR
    • VP Product Development
    • VP Engineering
    • Etc.

    Identify committee participants and responsibility cadence

    1.6

    1. In a meeting with your IT leadership team, review the list of committee responsibilities and document them on a whiteboard.
    2. For each responsibility, identify the individuals whom you would want to be either responsible or accountable for that decision.
    3. Repeat this until you’ve completed the exercise for each responsibility.
    4. Group the responsibilities with the same participants and highlight groupings with less than four participants. Consider the responsibility and determine whether you need to change the wording to make it more applicable or if you should remove the responsibility.
    5. Review the grouping, the responsibilities within them, and their participants, and assess how frequently you would like to meet about them – annually, quarterly, or monthly. (Note: suggested frequency can be found in the IT Steering Committee Charter.)
    6. Subdivide the responsibilities for the groupings to determine your annual, quarterly, and monthly meeting schedule.
    7. Validate that one steering committee is all that is needed, or divide the responsibilities into multiple committees.
    8. Document the committee participants in the IT Steering Committee Charter and remove any unneeded responsibilities identified in the previous exercise.

    INPUT

    • List of responsibilities

    OUTPUT

    • ITSC participants list
    • Meeting schedule

    Materials

    • Whiteboard
    • Markers

    Participants

    • IT leadership team

    Committees can only be effective if they have clear and documented authority

    It is not enough to participate in committee meetings; there needs to be a clear understanding of who is accountable, responsible, consulted, and informed about matters brought to the attention of the committee.

    Each committee responsibility should have one person who is accountable, and at least one person who is responsible. This is the best way to ensure that committee work gets done.

    An authority matrix is often used within organizations to indicate roles and responsibilities in relation to processes and activities. Using the RACI model as an example, there is only one person accountable for an activity, although several people may be responsible for executing parts of the activity. In this model, accountable means end-to-end accountability for the process.

    RESPONSIBLE: The one responsible for getting the job done.

    ACCOUNTABLE: Only one person can be accountable for each task.

    CONSULTED: Involvement through input of knowledge and information.

    INFORMED: Receiving information about process execution and quality.

    A chart is depicted to show an example of the authority matrix using the RACI model.

    Define IT steering committee participant RACI for each of the responsibilities

    1.7

    1. Use the table provided in the IT Steering Committee Charter and edit he list of responsibilities to reflect the chosen responsibilities of your ITSC.
    2. Along the top of the chart list the participant names, and in the right hand column of the table document the agreed upon timing from the previous exercise.
    3. For each of the responsibilities identify whether participants are Responsible, Accountable, Consulted, or Informed by denoting an R, A, C, I, or N/A in the table. Use N/A if this is a responsibility that the participant has no involvement in.
    4. Review your finalized RACI chart. If there are participants who are only consulted or informed about the majority of responsibilities, consider removing them from the IT steering committee. You only want the decision makers on the committee.

    INPUT

    • Responsibilities
    • Participants

    OUTPUT

    • RACI documented in the ITSC Charter

    Materials

    • ITSC RACI template
    • Projector

    Participants

    • IT leadership

    Building the agenda may seem trivial, but it is key for running effective meetings

    49% of people consider unfocused meetings as the biggest workplace time waster.*

    63% of the time meetings do not have prepared agendas.*

    80% Reduction of time spent in meetings by following a detailed agenda and starting on time.*

    *(Source: http://visual.ly/fail-plan-plan-fail).

    EFFECTIVE MEETING AGENDAS:

    1. Have clearly defined meeting objectives.
    2. Effectively time-boxed based on priority items.
    3. Defined at least two weeks prior to the meetings.
    4. Evaluated regularly – are not static.
    5. Leave time at the end for new business, thus minimizing interruptions.

    BUILDING A CONSENT AGENDA

    A consent agenda is a tool to free up time at meetings by combining previously discussed or simple items into a single item. Items that can be added to the consent agenda are those that are routine, noncontroversial, or provided for information’s sake only. It is expected that participants read this information and, if it is not pulled out, that they are in agreement with the details.

    Members have the option to pull items out of the consent agenda for discussion if they have questions. Otherwise these are given no time on the agenda.

    Define the IT steering committee meeting agendas and procedures

    1.8

    Agendas

    1. Review the listed responsibilities, participants, and timing as identified in a previous exercise.
    2. Annual meeting: Identify if all of the responsibilities will be included in the annual meeting agenda (likely all governance responsibilities).
    3. Quarterly Meeting Agenda: Remove the meeting responsibilities from the annual meeting agenda that are not required and create a list of responsibilities for the quarterly meetings.
    4. Monthly Meeting Agenda: Remove all responsibilities from the list that are only annual or quarterly and compile a list of monthly meeting responsibilities.
    5. Review each responsibility, and estimate the amount of time each task will take within the meeting. We recommend giving yourself at least an extra 10-20% more time for each agenda item for your first meeting. It’s better to have more time than to run out.
    6. Complete the Agenda Template in the IT Steering Committee Charter.

    Procedures:

    1. Review the list of IT steering committee procedures, and replace the grey text with the information appropriate for your organization.

    INPUT

    • Responsibility cadence

    OUTPUT

    • ITSC annual, quarterly, monthly meeting agendas & procedures

    Materials

    • ITSC Charter

    Participants

    • IT leadership team

    Draft your IT steering committee purpose statement and goals

    1.9

    1. In a meeting with your IT leadership team – and considering the defined responsibilities, participants, and opportunities and threats identified – review the example goal statement in the IT Steering Committee Charter, and first identify whether any of these statements apply to your organization. Select the statements that apply and collaboratively make any changes needed.
    2. Define unique goal statements by considering the following questions:
      1. What three things would you realistically list for the ITSC to achieve.
      2. If you were to accomplish three things in the next year, what would those be?
    3. Document those goals in the IT Steering Committee Charter.
    4. With those goal statements in mind, consider the overall purpose of the committee. The purpose statement should be a reflection of what the committee does, why it does it, and the goals.
    5. Have each individual review the example purpose statement, and draft what they think a good purpose statement would be.
    6. Present each statement, and work together to determine a best of breed statement.
    7. Document this in the IT Steering Committee Charter.

    INPUT

    • Responsibilities, participants, top 10 lists of challenges and opportunities.

    OUTPUT

    • ITSC goals and purpose statement

    Materials

    • ITSC Charter

    Participants

    • IT leadership team

    CASE STUDY

    "Clearly defined Committee Charter allows CIO to escape the bad reputation of previous committee."

    Industry: Consumer Goods

    Source: Interview

    CHALLENGE

    The new CIO at a large consumer goods company had difficulty generating interest in creating a new IT steering committee. The previous CIO had created a steering committee that was poorly organized and did not involve all of the pertinent members. This led to a committee focused on politics that would often devolve into gossip. Also, many members were dissatisfied with the irregular meetings that would often go over their allotted time.

    In order to create a new committee, the new CIO needed to dispel the misgivings of the business leadership.

    SOLUTION

    The new CIO decided to build the new steering committee from the ground up in a systematic way.

    She collected information from relevant stakeholders about what they know/how they feel about IT and used this information to build a detailed charter.

    Using this info she outlined the new steering committee charter and included in it the:

    1. Purpose
    2. Responsibilities
    3. RACI Chart
    4. Procedures

    OUTCOME

    The new steering committee included all the key members of business units, and each member was clear on their roles in the meetings. Meetings were streamlined and effective. The adjustments in the charter and the improvement in meeting quality played a role in improving the satisfaction scores of business leaders with IT by 21%.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1

    A screenshot of activity 1.1 is displayed. 1.1 is about surveying your ITSC stakeholders.

    Survey your ITSC stakeholders

    Prior to the workshop, Info-Tech’s advisors will work with you to launch the IT Steering Committee Stakeholder Survey to understand business priorities and level of understanding of how decisions are made. Using this data, we will create the IT steering committee responsibilities, participation, and communication strategy.

    1.7

    A screenshot of activity 1.7 is displayed. 1.7 is about defining a participant RACI for each of the responsibilities.

    Define a participant RACI for each of the responsibilities

    The analyst will facilitate several exercises to help you and your stakeholders create an authority matrix. The output will be defined responsibilities and authorities for members.

    Phase 2

    Build the IT Steering Committee Process

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Define your ITSC Processes
    Proposed Time to Completion: 2 weeks

    Review SIPOCs and Process Creation

    Start with an analyst kick-off call:

    • Review the purpose of the SIPOC and how to build one

    Then complete these activities…

    • Build a draft SIPOC for your organization

    With these tools & templates:

    Phase 2 of the Establish an Effective IT Steering Committee blueprint

    Finalize the SIPOC

    Review Draft SIPOC:

    • Review and make changes to the SIPOC
    • Discuss potential metrics

    Then complete these activities…

    • Test survey link
    • Info-Tech launches survey

    With these tools & templates:

    Phase 2 of the Establish an Effective IT Steering Committee blueprint

    Finalize Metrics

    Finalize phase deliverable:

    • Finalize metrics

    Then complete these activities…

    • Establish ITSC metric triggers

    With these tools & templates:

    Phase 2 of the Establish an Effective IT Steering Committee blueprint

    Build the IT Steering Committee Process

    This step will walk you through the following activities:

    • Define high-level steering committee processes using SIPOC
    • Select steering committee metrics

    This step involves the following participants:

    • CIO
    • IT Steering Committee
    • IT Leadership Team
    • PMO

    Key Insight:

    Building high-level IT steering committee processes brings your committee to life. Having a clear process will ensure that you have the right information from the right sources so that committees can operate and deliver the appropriate output to the customers who need it.

    Build your high-level IT steering committee processes to enable committee functionality

    The IT steering committee is only valuable if members are able to successfully execute on responsibilities.

    One of the most common mistakes organizations make is that they build their committee charters and launch into their first meeting. Without defined inputs and outputs, a committee does not have the needed information to be able to effectively execute on responsibilities and is unable to meet its stated goals.

    The arrows in this picture represent the flow of information between the IT steering committee, other committees, and IT management.

    Building high-level processes will define how that information flows within and between committees and will enable more rapid decision making. Participants will have the information they need to be confident in their decisions.

    Strategic IT Steering Committee
    Tactical

    Project Governance Service Governance

    Risk Governance Information Governance

    IT Management
    Operational Risk Task Force

    Define the high-level process for each of the IT steering committee responsibilities

    Info-Tech recommends using SIPOC as a way of defining how the IT steering committee will operate.

    Derived from the core methodologies of Six Sigma process management, SIPOC – a model of Suppliers, Inputs, Processes, Outputs, Customers – is one of several tools that organizations can use to build high level processes. SIPOC is especially effective when determining process scope and boundaries and to gain consensus on a process.

    By doing so you’ll ensure that:

    1. Information and documentation required to complete each responsibility is identified.
    2. That the results of committee meetings are distributed to those customers who need the information.
    3. Inputs and outputs are identified and that there is defined accountability for providing these.

    Remember: Your IT steering committee is not a working committee. Enable effective decision making by ensuring participants have the necessary information and appropriate recommendations from key stakeholders to make decisions.

    Supplier Input
    Who provides the inputs to the governance responsibility. The documented information, data, or policy required to effectively respond to the responsibility.
    Process
    In this case this represents the IT steering committee responsibility defined in terms of the activity the ITSC is performing.
    Output Customer
    The outcome of the meeting: can be approval, rejection, recommendation, request for additional information, endorsement, etc. Receiver of the outputs from the committee responsibility.

    Define your SIPOC model for each of the IT steering committee responsibilities

    2.1

    1. In a meeting with your IT leadership, draw the SIPOC model on a whiteboard or flip-chart paper. Either review the examples on the following slides or start from scratch.
    2. If you are adjusting the following slides, consider the templates you already have which would be appropriate inputs and make adjustments as needed.

    For atypical responsibilities:

    1. Start with the governance responsibility and identify what specifically it is that the IT steering committee is doing with regards to that responsibility. Write that in the center of the model.
    2. As a group, consider what information or documentation would be required by the participants to effectively execute on the responsibility.
    3. Identify which individual will supply each piece of documentation. This person will be accountable for this moving forward.
    4. Outputs: Once the committee has met about the responsibility, what information or documentation will be produced. List all of those documents.
    5. Identify the individuals who need to receive the outputs of the information.
    6. Repeat this for all of the responsibilities.
    7. Once complete, document the SIPOC models in the IT Steering Committee Charter.

    INPUT

    • List of responsibilities
    • Example SIPOCs

    OUTPUT

    • SIPOC model for all responsibilities.

    Materials

    • Whiteboard
    • Markers
    • ITSC Charter

    Participants

    • IT leadership team

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Establish the target investment mix
    Supplier Input
    CIO
    • Target investment mix and rationale
    Process
    Responsibility: The IT steering committee shall review and approve the target investment mix.
    Output Customer
    • Approval of target investment mix
    • Rejection of target investment mix
    • Request for additional information
    • CFO
    • CIO
    • IT leadership
    SIPOC: Endorse the IT budget
    Supplier Input
    CIO
    • Recommendations

    See Info-Tech’s blueprint IT Budget Presentation

    Process

    Responsibility: Review the proposed IT budget as defined by the CIO and CFO.

    Output Customer
    • Signed endorsement of the IT budget
    • Request for additional information
    • Recommendation for changes to the IT budget.
    • CFO
    • CIO
    • IT leadership

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Monitor IT value metrics
    Supplier Input
    CIO
    • IT value dashboard
    • Key metric takeaways
    • Recommendations
    CIO Business Vision
    Process

    Responsibility: Review recommendations and either accept or reject recommendations. Refine go-forward metrics.

    Output Customer
    • Launch corrective task force
    • Accept recommendations
    • Define target metrics
    • CEO
    • CFO
    • Business executives
    • CIO
    • IT leadership
    SIPOC: Evaluate and select programs/projects to fund
    Supplier Input
    PMO
    • Recommended project list
    • Project intake documents
    • Prioritization criteria
    • Capacity metrics
    • IT budget

    See Info-Tech’s blueprint

    Grow Your Own PPM Solution
    Process

    Responsibility: The ITSC will approve the list of projects to fund based on defined prioritization criteria – in line with capacity and IT budget.

    It is also responsible for identifying the prioritization criteria in line with organizational priorities.

    Output Customer
    • Approved project list
    • Request for additional information
    • Recommendation for increased resources
    • PMO
    • CIO
    • Project sponsors

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Endorse the IT strategy
    Supplier Input
    CIO
    • IT strategy presentation

    See Info-Tech’s blueprint

    IT Strategy and Roadmap
    Process

    Responsibility: Review, understand, and endorse the IT strategy.

    Output Customer
    • Signed endorsement of the IT strategy
    • Recommendations for adjustments
    • CEO
    • CFO
    • Business executives
    • IT leadership
    SIPOC: Monitor project management metrics
    Supplier Input
    PMO
    • Project metrics report with recommendations
    Process

    Responsibility: Review recommendations around PM metrics and define target metrics. Endorse current effectiveness levels or determine corrective action.

    Output Customer
    • Accept project metrics performance
    • Accept recommendations
    • Launch corrective task force
    • Define target metrics
    • PMO
    • Business executives
    • IT leadership

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Approve launch of planned and unplanned project
    Supplier Input
    CIO
    • Project list and recommendations
    • Resourcing report
    • Project intake document

    See Info-Tech’s Blueprint:

    Grow Your Own PPM Solution
    Process

    Responsibility: Review the list of projects and approve the launch or reprioritization of projects.

    Output Customer
    • Approved launch of projects
    • Recommendations for changes to project list
    • CFO
    • CIO
    • IT leadership
    SIPOC: Monitor stakeholder satisfaction with services and other service metrics
    Supplier Input
    Service Manager
    • Service metrics report with recommendations
    Info-Tech End User Satisfaction Report
    Process

    Responsibility: Review recommendations around service metrics and define target metrics. Endorse current effectiveness levels or determine corrective action.

    Output Customer
    • Accept service level performance
    • Accept recommendations
    • Launch corrective task force
    • Define target metrics
    • Service manager
    • Business executives
    • IT leadership

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Approve plans for new or changed service requirements
    Supplier Input
    Service Manager
    • Service change request
    • Project request and change plan
    Process

    Responsibility: Review IT recommendations, approve changes, and communicate those to staff.

    Output Customer
    • Approved service changes
    • Rejected service changes
    • Service manager
    • Organizational staff
    SIPOC: Monitor risk management metrics
    Supplier Input
    CIO
    • Risk metrics report with recommendations
    Process

    Responsibility: Review recommendations around risk metrics and define target metrics. Endorse current effectiveness levels or determine corrective action.

    Output Customer
    • Accept risk register and mitigation strategy
    • Launch corrective task force to address risks
    • Risk manager
    • Business executives
    • IT leadership

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Review the prioritized list of risks
    Supplier Input
    Risk Manager
    • Risk register
    • Mitigation strategies
    See Info-Tech’s risk management research to build a holistic risk strategy.
    Process

    Responsibility: Accept the risk registrar and define any additional action required.

    Output Customer
    • Accept risk register and mitigation strategy
    • Launch corrective task force to address risks
    • Risk manager
    • IT leadership
    • CRO
    SIPOC: Define information lifecycle process ownership
    Supplier Input
    CIO
    • List of risk owner options with recommendations
    See Info-Tech’s related blueprint: Information Lifecycle Management
    Process

    Responsibility: Define responsibility and accountability for information lifecycle ownership.

    Output Customer
    • Defined information lifecycle owner
    • Organization wide.

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Monitor information lifecycle metrics
    Supplier Input
    Information lifecycle owner
    • Information metrics report with recommendations
    Process

    Responsibility: Review recommendations around information management metrics and define target metrics. Endorse current effectiveness levels or determine corrective action.

    Output Customer
    • Accept information management performance
    • Accept recommendations
    • Launch corrective task force to address challenges
    • Define target metrics
    • IT leadership

    Define which metrics you will report to the IT steering committee

    2.2

    1. Consider your IT steering committee goals and the five IT governance areas.
    2. For each governance area, identify which metrics you are currently tracking and determine whether these metrics are valuable to IT, to the business, or both. For metrics that are valuable to business stakeholders determine whether you have an identified target metric.

    New Metrics:

    1. For each of the five IT governance areas review your SWOT analysis and document your key opportunities and weaknesses.
    2. For each, brainstorm hypotheses around why the opportunity was weak or was a success. For each hypothesis identify if there are any clear ways to measure and test the hypothesis.
    3. Review the list of metrics and select 5-7 metrics to track for each prioritized governance area.

    INPUT

    • List of responsibilities
    • Example SIPOCs

    OUTPUT

    • SIPOC model for all responsibilities

    Materials

    • Whiteboard
    • Markers

    Participants

    • IT leadership team

    IT steering committee metric triggers to consider

    RISK

    • Risk profile % increase
    • # of actionable risks outstanding
    • # of issues arising not identified prior
    • # of security breaches

    SERVICE

    • Number of business disruptions due to IT service incidents
    • Number of service requests by department
    • Number of service requests that are actually projects
    • Causes of tickets overall and by department
    • Percentage of duration attributed to waiting for client response

    PROJECTS

    • Projects completed within budget
    • Percentage of projects delivered on time
    • Project completion rate
    • IT completed assigned portion to scope
    • Project status and trend dashboard

    INFORMATION / DATA

    • % of data properly classified
    • # of incidents locating data
    • # of report requests by complexity
    • # of open data sets

    PPM /INVESTMENTS

    • CIO Business Vision (an Info-Tech diagnostic survey that helps align IT strategy with business goals)
    • Level of stakeholder satisfaction and perceived value
    • Percentage of ON vs. OFF cycle projects by area/silo
    • Realized benefit to business units based on investment mix
    • Percent of enterprise strategic goals and requirements supported by strategic goals
    • Target vs. actual budget
    • Reasons for off-cycle projects causing delays to planned projects

    CASE STUDY

    Industry: Consumer Goods

    Source: Interview

    "IT steering committee’s reputation greatly improved by clearly defining its process."

    CHALLENGE

    One of the major failings of the previous steering committee was its poorly drafted procedures. Members of the committee were unclear on the overall process and the meeting schedule was not well established.

    This led to low attendance at the meetings and ineffective meetings overall. Since the meeting procedures weren’t well understood, some members of the leadership team took advantage of this to get their projects pushed through.

    SOLUTION

    The first step the new CIO took was to clearly outline the meeting procedures in her new steering committee charter. The meeting agenda, meeting goals, length of time, and outcomes were outlined, and the stakeholders signed off on their participation.

    She also gave the participants a SIPOC, which helped members who were unfamiliar with the process a high-level overview. It also reacquainted previous members with the process and outlined changes to the previous, out-of-date processes.

    OUTCOME

    The participation rate in the committee meetings improved from the previous rate of approximately 40% to 90%. The committee members were much more satisfied with the new process and felt like their contributions were appreciated more than before.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    An image of an Info-Tech analyst is depicted.

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1

    A screenshot of activity 2.1 is depicted. Activity 2.1 is about defining a SIPOC for each of the ITSC responsibilities.

    Define a SIPOC for each of the ITSC responsibilities

    Create SIPOCs for each of the governance responsibilities with the help of an Info-Tech advisor.

    2.2

    A screenshot of activity 2.2 is depicted. Activity 2.2 is about establishing the reporting metrics for the ITSC.

    Establish the reporting metrics for the ITSC

    The analyst will facilitate several exercises to help you and your stakeholders define the reporting metrics for the ITSC.

    Phase 3

    Build the Stakeholder Presentation

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Build the Stakeholder Presentation
    Proposed Time to Completion: 1 week

    Customize the Presentation

    Start with an analyst kick-off call:

    • Review the IT Steering Committee Stakeholder Presentation with an analyst

    Then complete these activities…

    • Schedule the first meeting and invite the ITSC members
    • Customize the presentation template

    With these tools & templates:

    IT Steering Committee Stakeholder Presentation


    Review and Practice the Presentation

    Review findings with analyst:

    • Review the changes made to the template
    • Practice the presentation and create a script

    Then complete these activities…

    • Hold the ITSC meeting

    With these tools & templates:

    • IT Steering Committee Stakeholder Presentation
    Review the First ITSC Meeting

    Finalize phase deliverable:

    • Review the outcomes of the first ITSC meeting and plan out the next steps

    Then complete these activities…

    • Review the discussion and plan next steps

    With these tools & templates:

    Establish an Effective IT Steering Committee blueprint

    Build the Stakeholder Presentation

    This step will walk you through the following activities:

    • Organizing the first ITSC meeting
    • Customizing an ITSC stakeholder presentation
    • Determine ITSC responsibilities and participants
    • Determine ITSC procedures

    This step involves the following participants:

    • CIO
    • IT Steering Committee
    • IT Leadership Team
    • PMO

    Key Insight:

    Stakeholder engagement will be critical to your ITSC success, don't just focus on what is changing. Ensure stakeholders know why you are engaging them and how it will help them in their role.

    Hold a kick-off meeting with your IT steering committee members to explain the process, responsibilities, and goals

    3.1

    Don’t take on too much in your first IT steering committee meeting. Many participants may not have participated in an IT steering committee before, or some may have had poor experiences in the past.

    Use this meeting to explain the role of the IT steering committee and why you are implementing one, and help participants to understand their role in the process.

    Quickly customize Info-Tech’s IT Steering Committee Stakeholder Presentation template to explain the goals and benefits of the IT steering committee, and use your own data to make the case for governance.

    At the end of the meeting, ask committee members to sign the committee charter to signify their agreement to participate in the IT steering committee.

    A screenshot of IT Steering Committee: Meeting 1 is depicted. A screenshot of the IT Steering Committee Challenges and Opportunities for the organization.

    Tailor the IT Steering Committee Stakeholder Presentation template: slides 1-5

    3.2 Estimated Time: 10 minutes

    Review the IT Steering Committee Stakeholder Presentation template. This document should be presented at the first IT steering committee meeting by the assigned Committee Chair.

    Customization Options

    Overall: Decide if you would like to change the presentation template. You can change the color scheme easily by copying the slides in the presentation deck and pasting them into your company’s standard template. Once you’ve pasted them in, scan through the slides and make any additional changes needed to formatting.

    Slide 2-3: Review the text on each of the slides and see if any wording should be changed to better suite your organization.

    Slide 4: Review your list of the top 10 challenges and opportunities as defined in section 2 of this blueprint. Document those in the appropriate sections. (Note: be careful that the language is business-facing; challenges and opportunities should be professionally worded.)

    Slide 5: Review the language on slide 5 to make any necessary changes to suite your organization. Changes here should be minimal.

    INPUT

    • Top 10 list
    • Survey report
    • ITSC Charter

    OUTPUT

    • Ready-to-present presentation for defined stakeholders

    Materials

    • IT Steering Committee Stakeholder Presentation

    Participants

    • IT Steering Committee Chair/CIO

    Tailor the IT Steering Committee Stakeholder Presentation template: slides 6-10

    3.2 Estimated Time: 10 minutes

    Customization Options

    Slide 6: The goal of this slide is to document and share the names of the participants on the IT steering committee. Document the names in the right-hand side based on your IT Steering Committee Charter.

    Slides 7-9:

    • Review the agenda items as listed in your IT Steering Committee Charter. Document the annual, quarterly, and monthly meeting responsibilities on the left-hand side of slides 7-9.
    • Meeting Participants: For each slide, list the members who are required for that meeting.
    • Document the key required reading materials as identified in the SIPOC charts under “inputs.”
    • Document the key meeting outcomes as identified in the SIPOC chart under “outputs.”

    Slide 10: Review and understand the rollout timeline. Make any changes needed to the timeline.

    INPUT

    • Top 10 list
    • Survey report
    • ITSC Charter

    OUTPUT

    • Ready-to-present presentation for defined stakeholders

    Materials

    • IT Steering Committee Stakeholder Presentation

    Participants

    • IT Steering Committee Chair/CIO

    Present the information to the IT leadership team to increase your comfort with the material

    3.3 Estimated Time: 1-2 hours

    1. Once you have finished customizing the IT Steering Committee Stakeholder Presentation, practice presenting the material by meeting with your IT leadership team. This will help you become more comfortable with the dialog and anticipate any questions that might arise.
    2. The ITSC chair will present the meeting deck, and all parties should discuss what they think went well and opportunities for improvement.
    3. Each business relationship manager should document the needed changes in preparation for their first meeting.

    INPUT

    • IT Steering Committee Stakeholder Presentation - Meeting 1

    Participants

    • IT leadership team

    Schedule your first meeting of the IT steering committee

    3.4

    By this point, you should have customized the meeting presentation deck and be ready to meet with your IT steering committee participants.

    The meeting should be one hour in duration and completed in person.

    Before holding the meeting, identify who you think is going to be most supportive and who will be least. Consider meeting with those individuals independently prior to the group meeting to elicit support or minimize negative impacts on the meeting.

    Customize this calendar invite script to invite business partners to participate in the meeting.

    Hello [Name],

    As you may have heard, we recently went through an exercise to develop an IT steering committee. I’d like to take some time to discuss the results of this work with you, and discuss ways in which we can work together in the future to better enable corporate goals.

    The goals of the meeting are:

    1. Discuss the benefits of an IT steering committee
    2. Review the results of the organizational survey
    3. Introduce you to our new IT steering committee

    I look forward to starting this discussion with you and working with you more closely in the future.

    Warm regards,

    CASE STUDY

    Industry:Consumer Goods

    Source: Interview

    "CIO gains buy-in from the company by presenting the new committee to its stakeholders."

    CHALLENGE

    Communication was one of the biggest steering committee challenges that the new CIO inherited.

    Members were resistant to joining/rejoining the committee because of its previous failures. When the new CIO was building the steering committee, she surveyed the members on their knowledge of IT as well as what they felt their role in the committee entailed.

    She found that member understanding was lacking and that their knowledge surrounding their roles was very inconsistent.

    SOLUTION

    The CIO dedicated their first steering committee meeting to presenting the results of that survey to align member knowledge.

    She outlined the new charter and discussed the roles of each member, the goals of the committee, and the overarching process.

    OUTCOME

    Members of the new committee were now aligned in terms of the steering committee’s goals. Taking time to thoroughly outline the procedures during the first meeting led to much higher member engagement. It also built accountability within the committee since all members were present and all members had the same level of knowledge surrounding the roles of the ITSC.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1

    A screenshot of Activity 3.1 is depicted. Activity 3.1 is about creating a presentation for ITSC stakeholders to be presented at the first ITSC meeting.

    Create a presentation for ITSC stakeholders to be presented at the first ITSC meeting

    Work with an Info-Tech advisor to customize our IT Steering Committee Stakeholder Presentation template. Use this presentation to gain stakeholder buy-in by making the case for an ITSC.

    Phase 4

    Define the Prioritization Criteria

    Phase 4 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation : Define the Prioritization Criteria
    Proposed Time to Completion: 4 weeks

    Discuss Prioritization Criteria

    Start with an analyst kick-off call:

    • Review sample project prioritization criteria and discuss criteria unique to your organization

    Then complete these activities...

    • Select the criteria that would be most effective for your organization
    • Input these into the tool

    With these tools & templates:

    IT Steering Committee Project Prioritization Tool

    Customize the IT Steering Committee Project Prioritization Tool

    Review findings with analyst:

    • Review changes made to the tool
    • Finalize criteria weighting

    Then complete these activities…

    • Pilot test the tool using projects from the previous year

    With these tools & templates:

    IT Steering Committee Project Prioritization Tool

    Review Results of the Pilot Test

    Finalize phase deliverable:

    • Review the results of the pilot test
    • Make changes to the tool

    Then complete these activities…

    • Input your current project portfolio into the prioritization tool

    With these tools & templates:

    IT Steering Committee Project Prioritization Tool

    Define the Project Prioritization Criteria

    This step will walk you through the following activities:

    • Selecting the appropriate project prioritization criteria for your organization
    • Developing weightings for the prioritization criteria
    • Filling in Info-Tech’s IT Steering Committee Project Prioritization Tool

    This step involves the following participants:

    • CIO
    • IT Steering Committee
    • IT Leadership Team
    • PMO

    Key Insight:

    The steering committee sets and agrees to principles that guide prioritization decisions. The agreed upon principles will affect business unit expectations and justify the deferral of requests that are low priority. In some cases, we have seen the number of requests drop substantially because business units are reluctant to propose initiatives that do not fit high prioritization criteria.

    Understand the role of the IT steering committee in project prioritization

    One of the key roles of the IT steering committee is to review and prioritize the portfolio of IT projects.

    What is the prioritization based on? Info-Tech recommends selecting four broad criteria with two dimensions under each to evaluate the value of the projects. The criteria are aligned with how the project generates value for the organization and the execution of the project.

    What is the role of the steering committee in prioritizing projects? The steering committee is responsible for reviewing project criteria scores and making decisions about where projects rank on the priority list. Planning, resourcing, and project management are the responsibility of the PMO or the project owner.

    Info-Tech’s Sample Criteria

    Value

    Strategic Alignment: How much a project supports the strategic goals of the organization.

    Customer Satisfaction: The impact of the project on customers and how visible a project will be with customers.

    Operational Alignment: Whether the project will address operational issues or compliance.

    Execution

    Financial: Predicted ROI and cost containment strategies.

    Risk: Involved with not completing projects and strategies to mitigate it.

    Feasibility: How easy the project is to complete and whether staffing resources exist.

    Use Info-Tech’s IT Steering Committee Project Prioritization Tool to catalog and prioritize your project portfolio

    4.1

    • Use Info-Tech’s IT Steering Committee Project Prioritization Tool in conjunction with the following activities to catalog and prioritize all of the current IT projects in your portfolio.
    • Assign weightings to your selected criteria to prioritize projects based on objective scores assigned during the intake process and adjust these weightings on an annual basis to align with changing organizational priorities and goals.
    • Use this tool at steering committee meetings to streamline the prioritization process and create alignment with the PMO and project managers.
    • Monitor ongoing project status and build a communication channel between the PMO and project managers and the IT steering committee.
    • Adjusting the titles in the Settings tab will automatically adjust the titles in the Project Data tab.
    • Note: To customize titles in the document you must unprotect the content under the View tab. Be sure to change the content back to protected after making the changes.
    A screenshot of Info-Tech's IT Steering Committee Project Prioritization Tool is depicted. The first page of the tool is shown. A screenshot of Info-Tech's IT Steering Committee Project Prioritization Tool is depicted. The page depicted is on the Intake and Prioritization Tool Settings.

    Establish project prioritization criteria and build the matrix

    4.2 Estimated Time: 1 hour

    1. During the second steering committee meeting, discuss the criteria you will be basing your project prioritization scoring on.
    2. Review Info-Tech’s prioritization criteria matrix, located in the Prioritization Criteria List tab of the IT Steering Committee Project Prioritization Tool, to gain ideas for what criteria would best suit your organization.
    3. Write these main criteria on the whiteboard and brainstorm criteria that are more specific for your organization; include these on the list as well.
    4. Discuss the criteria. Eliminate criteria that won’t contribute strongly to the prioritization process and vote on the remaining. Select four main criteria from the list.
    5. After selecting the four main criteria, write these on the whiteboard and brainstorm the dimensions that fall under the criteria. These should be more specific/measurable aspects of the criteria. These will be the statements that values are assigned to for prioritizing projects so they should be clear. Use the Prioritization Criteria List in the tool to help generate ideas.
    6. After creating the dimensions, determine what the scoring statements will be. These are the statements that will be used to determine the score out of 10 that the different dimensions will receive.
    7. Adjust the Settings and Project Data tabs in the IT Steering Committee Project Prioritization Tool to reflect your selections.
    8. Edit Info-Tech’s IT Project Intake Form or the intake form that you currently use to contain these criteria and scoring parameters.

    INPUT

    • Group input
    • IT Steering Committee Project Prioritization Tool

    OUTPUT

    • Project prioritization criteria to be used for current and future projects

    Materials

    • Whiteboard and markers

    Participants

    • IT steering committee
    • CIO
    • IT leadership

    Adjust prioritization criteria weightings to reflect organizational needs

    4.3 Estimated Time: 1 hour

    1. In the second steering committee meeting, after deciding what the project prioritization criteria will be, you need to determine how much weight (the importance) each criteria will receive.
    2. Use the four agreed upon criteria with two dimensions each, determined in the previous activity.
    3. Perform a $100 test to assign proportions to each of the criteria dimensions.
      1. Divide the committee into pairs.
      2. Tell each pair that they have $100 divide among the 4 major criteria based on how important they feel the criteria is.
      3. After dividing the initial $100, ask them to divide the amount they allocated to each criteria into the two sub-dimensions.
      4. Next, ask them to present their reasoning for the allocations to the rest of the committee.
      5. Discuss the weighting allotments and vote on the best one (or combination).
      6. Input the weightings in the Settings tab of the IT Steering Committee Project Prioritization Tool and document the discussion.
    4. After customizing the chart establish the owner of the document. This person should be a member of the PMO or the most suitable IT leader if a PMO doesn’t exist.
    5. Only perform this adjustment annually or if a major strategic change happens within the organization.

    INPUT

    • Group discussion

    OUTPUT

    • Agreed upon criteria weighting
    • Complete prioritization tool

    Materials

    • IT Steering Committee Project Prioritization Tool
    • Whiteboard and sticky notes

    Participants

    • IT steering committee
    • IT leadership

    Document the prioritization criteria weightings in Info-Tech’s IT Steering Committee Project Prioritization Tool.

    Configure the prioritization tool to align your portfolio with business strategy

    4.4 Estimated Time: 60 minutes

    Download Info-Tech’s Project Intake and Prioritization Tool.

    A screenshot of Info-Tech's Project Intake and Prioritization Tool.

    Rank: Project ranking will dynamically update relative to your portfolio capacity (established in Settings tab) and the Size, Scoring Progress, Remove from Ranking, and Overall Score columns. The projects in green represent top priorities based on these inputs, while yellow projects warrant additional consideration should capacity permit.

    Scoring Progress: You will be able to determine some items on the scorecard earlier in the scoring progress (such as strategic and operational alignment). As you fill in scoring columns on the Project Data tab, the Scoring Progress column will dynamically update to track progress.

    The Overall Score will update automatically as you complete the scoring columns (refer to Activity 4.2).

    Days in Backlog: This column will help with backlog management, automatically tracking the number of days since an item was added to the list based on day added and current date.

    Validate your new prioritization criteria using previous projects

    4.5 Estimated Time: 2 hours

    1. After deciding on the prioritization criteria, you need to test their validity.
    2. Look at the portfolio of projects that were completed in the previous year.
    3. Go through each project and score it according to the criteria that were determined in the previous exercise.
    4. Enter the scores and appropriate weighting (according to goals/strategy of the previous year) into the IT Steering Committee Project Prioritization Tool.
    5. Look at the prioritization given to the projects in reference to how they were previously prioritized.
    6. Adjust the criteria and weighting to either align the new prioritization criteria with previous criteria or to align with desired outcomes.
    7. After scoring the old projects, pilot test the tool with upcoming projects.

    INPUT

    • Information on previous year’s projects
    • Group discussion

    OUTPUT

    • Pilot tested project prioritization criteria

    Materials

    • IT Steering Committee Project Prioritization Tool

    Participants

    • IT steering committee
    • IT leadership
    • PMO

    Pilot the scorecard to validate criteria and weightings

    4.6 Estimated Time: 60 minutes

    1. Pilot your criteria and weightings in the IT Steering Committee Project Prioritization Tool using project data from one or two projects currently going through approval process.
    2. For most projects, you will be able to determine strategic and operational alignment early in the scoring process, while the feasibility and financial requirements will come later during business case development. Score each column as you can. The tool will automatically track your progress in the Scoring Progress column on the Project Data tab.

    Projects that are scored but not prioritized will populate the portfolio backlog. Items in the backlog will need to be rescored periodically, as circumstances can change, impacting scores. Factors necessitating rescoring can include:

    • Assumptions in business case have changed.
    • Organizational change – e.g. a new CEO or a change in strategic objectives.
    • Major emergencies or disruptions – e.g. a security breach.

    Score projects using the Project Data tab in Info-Tech’s IT Steering Committee Project Prioritization Tool

    A screenshot of Info-Tech's <em data-verified=IT Steering Committee Project Prioritization Tool is depicted. The Data Tab is shown.">

    Use Info-Tech’s IT Project Intake Form to streamline the project prioritization and approval process

    4.7

    • Use Info-Tech’s IT Project Intake Form template to streamline the project intake and prioritization process.
    • Customize the chart on page 2 to include the prioritization criteria that were selected during this phase of the blueprint.
    • Including the prioritization criteria at the project intake phase will free up a lot of time for the steering committee. It will be their job to verify that the criteria scores are accurate.
    A screenshot of Info-Tech's IT Project Intake Form is depicted.

    After prioritizing and selecting your projects, determine how they will be resourced

    Consult these Info-Tech blueprints on project portfolio management to create effective portfolio project management resourcing processes.

    A Screenshot of Info-Tech's Create Project Management Success Blueprint is depicted. Create Project Management Success A Screenshot of Info-Tech's Develop a Project Portfolio Management Strategy Blueprint is depicted. Develop a Project Portfolio Management Strategy

    CASE STUDY

    Industry: Consumer Goods

    Source: Interview

    "Clear project intake and prioritization criteria allow for the new committee to make objective priority decisions."

    CHALLENGE

    One of the biggest problems that the previous steering committee at the company had was that their project intake and prioritization process was not consistent. Projects were being prioritized based on politics and managers taking advantage of the system.

    The procedure was not formalized so there were no objective criteria on which to weigh the value of proposed projects. In addition to poor meeting attendance, this led to the overall process being very inconsistent.

    SOLUTION

    The new CIO, with consultation from the newly formed committee, drafted a set of criteria that focused on the value and execution of their project portfolio. These criteria were included on their intake forms to streamline the rating process.

    All of the project scores are now reviewed by the steering committee, and they are able to facilitate the prioritization process more easily.

    The objective criteria process also helped to prevent managers from taking advantage of the prioritization process to push self-serving projects through.

    OUTCOME

    This was seen as a contributor to the increase in satisfaction scores for IT, which improved by 12% overall.

    The new streamlined process helped to reduce capacity constraints on IT, and it alerted the company to the need for more IT employees to help reduce these constraints further. The IT department was given permission to hire two new additional staff members.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.1

    A screenshot of activity 4.1 is depicted. Activity 4.1 was about defining your prioritization criteria and customize our <em data-verified=IT Steering Committee Project Prioritization Tool.">

    Define your prioritization criteria and customize our IT Steering Committee Project Prioritization Tool

    With the help of Info-Tech advisors, create criteria for determining a project’s priority. Customize the tool to reflect the criteria and their weighting. Run pilot tests of the tool to verify the criteria and enter your current project portfolio.

    Research contributors and experts

    • Andy Lomasky, Manager, Technology & Management Consulting, McGladrey LLP
    • Angie Embree, CIO, Best Friends Animal Society
    • Corinne Bell, CTO and Director of IT Services, Landmark College
    • John Hanskenecht, Director of Technology, University of Detroit Jesuit High School and Academy
    • Lori Baker, CIO, Village of Northbrook
    • Lynne Allard, IT Supervisor, Nipissing Parry Sound Catholic School Board
    • Norman Allen, Senior IT Manager, Baker Tilly
    • Paul Martinello, VP, IT Services, Cambridge and North Dumfries Hydro Inc.
    • Renee Martinez, IT Director/CIO, City of Santa Fe
    • Sam Wong, Director, IT, Seneca College
    • Suzanne Barnes, Director, Information Systems, Pathfinder International
    • Walt Joyce, CTO, Peoples Bank

    Appendices

    GOVERNANCE & ITSC & IT Management

    Organizations often blur the line between governance and management, resulting in the business having say over the wrong things. Understand the differences and make sure both groups understand their role.

    The ITSC is the most senior body within the IT governance structure, involving key business executives and focusing on critical strategic decisions impacting the whole organization.

    Within a holistic governance structure, organizations may have additional committees that evaluate, direct, and monitor key decisions at a more tactical level and report into the ITSC.

    These committees require specialized knowledge and are implemented to meet specific organizational needs. Those operational committees may spark a tactical task force to act on specific needs.

    IT management is responsible for executing on, running, and monitoring strategic activities as determined by IT governance.

    Strategic IT Steering Committee
    Tactical

    Project Governance Service Governance

    Risk Governance Information Governance

    IT Management
    Operational Risk Task Force

    This blueprint focuses exclusively on building the IT Steering committee. For more information on IT governance see Info-Tech’s related blueprint: Tailor an IT Governance Plan to Fit Organizational Needs.

    IT steering committees play an important role in IT governance

    By bucketing responsibilities into these areas, you’ll be able to account for most key IT decisions and help the business to understand their role in governance, fostering ownership and joint accountability.

    The five governance areas are:

    Governance of the IT Portfolio and Investments: Ensures that funding and resources are systematically allocated to the priority projects that deliver value.

    Governance of Projects: Ensures that IT projects deliver the expected value, and that the PM methodology is measured and effective.

    Governance of Risks: Ensures the organization’s ability to assess and deliver IT projects and services with acceptable risk.

    Governance of Services: Ensures that IT delivers the required services at the acceptable performance levels.

    Governance of Information and Data: Ensures the appropriate classification and retention of data based on business need.

    A survey of stakeholders identified a need for increased stakeholder involvement and transparency in decision making

    A bar graph is depicted. The title is: I understand how decisions are made in the following areas. The areas include risk, services, projects, portfolio, and information. A circle graph is depicted. The title is: Do IT decisions involve the right people?

    Overall, survey respondents indicated a lack of understanding about how decisions are made around risk, services, projects, and investments, and that business involvement in decision making was too minimal.

    Satisfaction with decision quality around investments and PPM are uneven and largely not well understood

    72% of stakeholders do not understand how decisions around IT services are made (quality, availability, etc.).

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions and transparency around IT services? A bar graph is depicted. Title of the graph: IT decisions around service delivery and quality involve the right people?

    Overall, services were ranked #1 in importance of the 5 areas

    62% of stakeholders do not understand how decisions around IT services are made (quality, availability, etc.).

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions and transparency around IT services? A bar graph is depicted. Title of the graph: IT decisions around service delivery and quality involve the right people?

    Projects ranked as one of the areas with which participants are most satisfied with the quality of decisions

    70% of stakeholders do not understand how decisions around projects selection, success, and changes are made.

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions and transparency around IT services? A bar graph is depicted. The title is: IT decisions around project changes, delays, and metrics involve the right people?

    Stakeholders are largely unaware of how decisions around risk are made and believe business participation needs to increase

    78% of stakeholders do not understand how decisions around risk are made

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions made around risk? A bar graph is depicted. The title is: IT decisions around acceptable risk involve the right people?

    The majority of stakeholders believe that they are aware of how decisions around information are made

    67% of stakeholders believe they do understand how decisions around information (data) retention and classification are made.

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions around information governance? A bar graph is depicted. The title is: IT decisions around information retention and classification involve the right people?

    Govern Shared Services

    • Buy Link or Shortcode: {j2store}459|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • IT managers have come under increasing pressure to cut costs, and implementing shared services has become a popular demand from the business.
    • Business unit resistance to a shared services implementation can derail the project.
    • Shared services rearranges responsibilities within existing IT departments, potentially leaving no one accountable for project success and causing cost overruns and service performance failures.

    Our Advice

    Critical Insight

    • Over one-third of shared services implementations increase IT costs, due to implementation failures. Ineffective governance plays a major role in the breakdown of shared services, particularly when it does not overcome stakeholder resistance or define clear areas of responsibility.
    • Effective governance of a shared services implementation requires the IT leader to find the optimal combination of independence and centralization for the shared service provider.
    • Three primary models exist for governing shared services: entrepreneurial, mandated, and market-based. Each one occupies a different location in the trade-off of independence and centralization. The optimal model for a specific situation depends on the size of the organization, the number of participants, the existing trend towards centralization, and other factors.

    Impact and Result

    • Find the optimal governance model for your organization by weighing the different likely benefits and costs of each path.
    • Assign appropriate individual responsibilities to participants, so you can effectively scope your service offering and fund your implementation.
    • Support the governance effort effectively using published Info-Tech tools and templates.

    Govern Shared Services Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand each of the governance models and what each entails

    Build a plan for governing an implementation.

    • Storyboard: Govern Shared Services
    • None

    2. Choose the optimal approach to shared services governance

    Maximize the net benefit conferred by governance.

    • Shared Services Governance Strategy Roadmap Tool
    [infographic]

    2024 Tech Trends

    • Buy Link or Shortcode: {j2store}289|cart{/j2store}
    • member rating overall impact (scale of 10): 10
    • Parent Category Name: Innovation
    • Parent Category Link: /improve-your-core-processes/strategy-and-governance/innovation

    AI has revolutionized the landscape, placing the spotlight firmly on the generative enterprise.

    The far-reaching impact of generative AI across various sectors presents fresh prospects for organizations to capitalize on and novel challenges to address as they chart their path for the future. AI is more than just a fancy auto-complete. At this point it may look like that, but do not underestimate the evolutive power.

    In this year's Tech Trends report, we explore three key developments to capitalize on these opportunities and three strategies to minimize potential risks.

    Generative AI will take the lead.

    As AI transforms industries and business processes, IT and business leaders must adopt a deliberate and strategic approach across six key domains to ensure their success.

    Seize Opportunities:

    • Business models driven by AI
    • Automation of back-office functions
    • Advancements in spatial computing

    Mitigate Risks:

    • Ethical and responsible AI practices
    • Incorporating security from the outset
    • Ensuring digital sovereignty

    Maximize Business Value From IT Through Benefits Realization

    • Buy Link or Shortcode: {j2store}337|cart{/j2store}
    • member rating overall impact (scale of 10): 6.0/10 Overall Impact
    • member rating average dollars saved: 4 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • IT and the business are often misaligned because business value is not well defined or communicated.
    • Decisions are made without a shared perspective of value. This results in cost misallocation and unexploited opportunities to improve efficiency and drive innovation.

    Our Advice

    Critical Insight

    • IT exists to provide business value and is part of the business value chain. Most IT organizations lack a way to define value, which complicates the process of making value-based strategic business decisions.
    • IT must link its spend to business value to justify its investments. IT doesn’t have an established process to govern benefits realization and struggles to demonstrate how it provides value from its investments.
    • Pursue value, not technology. The inability to articulate value leads to IT being perceived as a cost center.

    Impact and Result

    • Ensure there is a common understanding within the organization of what is valuable to drive growth and consistent strategic decision making.
    • Equip IT to evaluate, direct, and monitor investments to support the achievement of organizational values and business benefits.
    • Align IT spend with business value through an enhanced governance structure to achieve cost optimization. Ensure IT visibly contributes to the creation and maintenance of value.

    Maximize Business Value From IT Through Benefits Realization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should establish a benefits realization process, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand business value

    Ensure that all key strategic stakeholders hold a current understanding of what is valuable to the organization and a sense of what will be valuable based on future needs.

    • Maximize Business Value from IT Through Benefits Realization – Phase 1: Understand Business Value
    • Business Value Statement Template
    • Business Value Statement Example
    • Value Statement Email Communication Template
    • Feedback Consolidation Tool

    2. Incorporate benefits realization into governance

    Establish the process to evaluate spend on IT initiatives based on expected benefits, and implement the methods to monitor how well the initiatives achieve these benefits.

    • Maximize Business Value from IT Through Benefits Realization – Phase 2: Incorporate Benefits Realization into Governance
    • Business Value Executive Presentation Template

    3. Ensure an accurate reference of value

    Re-evaluate, on a consistent basis, the accuracy of the value drivers stated in the value statement with respect to the organization’s current internal and external environments.

    • Maximize Business Value from IT Through Benefits Realization – Phase 3: Ensure an Accurate Reference of Value
    [infographic]

    Workshop: Maximize Business Value From IT Through Benefits Realization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Business Value

    The Purpose

    Establish the business value statement.

    Understand the importance of implementing a benefits realization process.

    Key Benefits Achieved

    Unified stakeholder perspectives of business value drivers

    Establish supporters of the initiative

    Activities

    1.1 Understand what governance is and how a benefits realization process in governance will benefit the company.

    1.2 Discuss the mission and vision of the company, and why it is important to establish the target state prior to defining value.

    1.3 Brainstorm and narrow down organization value drivers.

    Outputs

    Stakeholder buy-in on benefits realization process

    Understanding of interrelations of mission, vision, and business value drivers

    Final three prioritized value drivers

    Completed business value statement

    2 Incorporate Benefits Realization Into Governance

    The Purpose

    Establish the intake, assessment and prioritization, and output and monitoring processes that are involved with implementing benefits realization.

    Assign cut-over dates and accountabilities.

    Establish monitoring and tracking processes.

    Key Benefits Achieved

    A thorough implementation plan that can be incorporated into existing governance documents

    Stakeholder understanding of implemented process, process ownership

    Activities

    2.1 Devise the benefits realization process.

    2.2 Establish launch dates, accountabilities, and exception handling on processes.

    2.3 Devise compliance monitoring and exception tracking methods on the benefits realization process.

    Outputs

    Benefits realization process incorporated into governance documentation

    Actionable plan to implement benefits realization process

    Reporting processes to ensure the successful delivery of the improved governance process

    3 Ensure an Accurate Reference of Value

    The Purpose

    Implement a process to ensure that business value drivers remain current to the organization.

    Key Benefits Achieved

    Align IT with the business and business to its environment

    Activities

    3.1 Determine regular review cycle to reassess business value drivers.

    3.2 Determine the trigger events that may cause off-cycle revisits to value.

    3.3 Devise compliance monitoring on value definition.

    Outputs

    Agenda and tools to assess the business context to verify the accuracy of value

    List of possible trigger events specific to your organization

    Reporting processes to ensure the continuous adherence to the business value definition

    2022 Tech Trends

    • Buy Link or Shortcode: {j2store}94|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • The post-pandemic workplace continues to shift and requires collaboration between remote workers and office workers.
    • Digital transformation has accelerated across every organization and CIOs must maneuver to keep pace.
    • Customer expectations have shifted, and spending habits are moving away from in-person activities to online.
    • IT must improve its maturity in key capabilities to maintain relevance in the organization.

    Our Advice

    Critical Insight

    • Improve the capabilities that matter. Focus on IT capabilities that are most relevant to competing in the digital economy and will enable the CEO's mission for growth.
    • Assess how external environment presents opportunities or threats to your organization using a scenarios approach, then chart a plan.

    Impact and Result

    • Use the data and analysis from Info-Tech's 2022 Tech Trends report to inform your digital strategic plan.
    • Discover the five trends shaping IT's path in 2022 and explore use cases for emerging technologies.
    • Hear directly from leading subject matter experts on each trend with featured episodes from our Tech Insights podcast.

    2022 Tech Trends Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. 2022 Tech Trends Report – A deck that discusses five use cases that can improve on your organization’s ability to compete in the digital economy.

    The post-pandemic pace of change continues to accelerate as the economic rapidly becomes more digital. To keep pace with shifting consumer expectations, CIOs must help the CEO compete in the digital economy by focusing on five key capabilities: innovation, human resources management, data architecture, security strategy, and business process controls and internal audit. Raising maturity in these capabilities will help CIOs deliver on opportunities to streamline back-office processes and develop new lines of revenue.

    • 2022 Tech Trends Report

    Infographic

    Further reading

    2022 Tech Trends

    Enabling the digital economy

    Supporting the CEO for growth

    The post-pandemic pace of change

    The disruptions to the way we work caused by the pandemic haven’t bounced back to normal.

    As part of its research process for the 2022 Tech Trends Report, Info-Tech Research Group conducted an open online survey among its membership and wider community of professionals. The survey was fielded from August 2021 through to September 2021, collecting 475 responses. We asked some of the same questions as last year’s survey so we can compare results as well as new questions to explore new trends.

    How much do you expect your organization to change permanently compared to how it was operating before the pandemic?

    • 7% – No change. We'll keep doing business as we always have.
    • 33% – A bit of change. Some ways of working will shift long term
    • 47% – A lot of change. The way we work will be differ in many ways long term. But our business remains...
    • 13% – Transformative change. Our fundamental business will be different and we'll be working in new ways.

    This year, about half of IT professionals expect a lot of change to the way we work and 13% expect a transformative change with a fundamental shift in their business. Last year, the same percentage expected a lot of change and only 10% expected transformative change.

    30% more professionals expect transformative permanent change compared to one year ago.

    47% of professionals expect a lot of permanent change; this remains the same as last year. (Info-Tech Tech Trends 2022 Survey)

    The pandemic accelerated the speed of digital transformation

    With the massive disruption preventing people from gathering, businesses shifted to digital interactions with customers.

    A visualization of the growth of 'Global average share of customer interactions that are digital' from December 2019 to July 2020. In that time it went from 36% to 58% with an 'Acceleration of 3 years'.

    Companies also accelerated the pace of creating digital or digitally enhanced products and services.

    A visualization of the growth of 'Global average share of partially or fully digitized products and/or services' from December 2019 to July 2020. In that time it went from 35% to 55% with an 'Acceleration of 7 years'. (McKinsey, 2020)

    “The Digital Economy incorporates all economic activity reliant on or significantly enhanced by the use of digital inputs, including digital technologies, digital infrastructure, digital services and data.” (OECD Definition)

    IT must enable participation in the digital economy

    Consumer spending is tilting more digital.

    Consumers have cut back spending on sectors where purchases are mostly made offline. That spending has shifted to digital services and online purchases. New habits formed during the pandemic are likely to stick for many consumers, with a continued shift to online consumption for many sectors.

    Purchases on online platforms are projected to rise from 10% today to 33% by 2030.

    Estimated online share of consumption
    Recreation & culture 30%
    Restaurants & hotels 50%
    Transport 10%
    Communications 90%
    Education 50%
    Health 20%
    Housing & utilities 50%
    (HSBC, 2020)

    Changing customer expectations pose a risk.

    IT practitioners agree that customer expectations are changing. They expect this to be more likely to disrupt their business in the next 12 months than new competition, cybersecurity incidents, or government-enacted policy changes.

    Factors likely to disrupt business in next 12 months
    Government-enacted policy changes 22%
    Cybersecurity incidents 56%
    Regulatory changes 45%
    Established competitor wins 26%
    New player enters the market 23%
    Changing customer expectations 68%
    (Info-Tech Tech Trends 2022 Survey)

    This poses a challenge to IT departments below the “expand” level of maturity

    CIOs must climb the maturity ladder to help CEOs drive growth.

    Most IT departments rated their maturity in the “optimize” or “support” level on Info-Tech’s maturity ladder.

    CIOs at the “optimize” level can play a role in digital transformation by improving back-office processes but should aim for a higher mandate.

    CIOs achieving at the “expand” level can help directly improve revenues by improving customer-facing products and services, and those at the “transform” level can help fundamentally change the business to create revenue in new ways. CIOs can climb the maturity ladder by enabling new digital capabilities.

    Maturity is heading in the wrong direction.

    Only half of IT practitioners described their department’s maturity as “transform” compared to last year’s survey, and more than twice the number rated themselves as “struggle.”

    A colorful visualization of the IT 'Maturity Ladder' detailing levels of IT function within an organization. Percentages represent answers from IT practitioners to an Info-Tech survey about the maturity level of their company. Starting from the bottom: 13% answered 'Struggle', compared to 6% in 2020; 35% answered 'Support'; 37% answered 'Optimize'; 12% answered 'Expand'; and only 3% answered 'Transform', compared to 6% in 2020.

    48% rate their IT departments as low maturity.

    Improve maturity by focusing on key capabilities to compete in the digital economy

    Capabilities to unlock digital

    Innovation: Identify innovation opportunities and plan how to use technology innovation to create a competitive advantage or achieve improved operational effectiveness and efficiency.

    Human Resources Management: Provide a structured approach to ensure optimal planning, evaluation, and development of human resources.

    Data Architecture: Manage the business’ data stores, including technology, governance, and people that manage them. Establish guidelines for the effective use of data.

    Security Strategy: Define, operate, and monitor a system for information security management. Keep the impact and occurrence of information security incidents within risk appetite levels.

    Business Process Controls and Internal Audit: Manage business process controls such as self-assessments and independent assurance reviews to ensure information related to and used by business processes meets security and integrity requirements. (ISACA, 2020)

    A periodic table-esque arrangement of Info-Tech tools and templates titled 'IT Management and Governance Framework', subtitled 'A comprehensive and connected set of research to help you optimize and improve your core IT processes', and anchored by logos for Info-Tech and COBIT. Color-coded sections with highlighted tools or templates are: 'Strategy and Governance' with 'APO04 Innovation' highlighted; 'People and Resources' with 'APO07 Human Resources Management' highlighted; 'Security and Risk' with 'APO13 Security Strategy' and 'DSS06 MEA02 Business Process Controls and Internal Audit' highlighted; 'Data and BI' with 'ITRG07 Data Architecture' highlighted. Other sections are 'Financial Management', 'Service planning and architecture', 'Infrastructure and operations', 'Apps', and 'PPM and projects'.

    5 Tech Trends for 2022

    In this report, we explore five use cases for emerging technology that can improve on capabilities needed to compete in the digital economy. Use cases combine emerging technologies with new processes and strategic planning.

    DIGITAL ECONOMY

    TREND 01 | Human Resources Management

    HYBRID COLLABORATION
    Provide a digital employee experience that is flexible, contextual, and free from the friction of hybrid operating models.

    TREND 02 | Security Strategy

    BATTLE AGAINST RANSOMWARE
    Prevent ransomware infections and create a response plan for a worst-case scenario. Collaborate with relevant external partners to access resources and mitigate risks.

    TREND 03 | Business Process Controls and Internal Audit

    CARBON METRICS IN ENERGY 4.0
    Use internet of things (IoT) and auditable tracking to provide insight into business process implications for greenhouse gas emissions.

    TREND 04 | Data Architecture

    INTANGIBLE VALUE CREATION
    Provide governance around digital marketplace and manage implications of digital currency. Use blockchain technology to turn unique intellectual property into saleable digital products

    TREND 05 | Innovation

    AUTOMATION AS A SERVICE
    Automate business processes and access new sophisticated technology services through platform integration.

    Hybrid Collaboration

    TREND 01 | HUMAN RESOURCES MANAGEMENT

    Provide a digital employee experience that is flexible, contextual, and free from the friction of hybrid operating models.

    Emerging technologies:
    Intelligent conference rooms; intelligent workflows, platforms

    Introduction

    Hybrid work models enable productive, diverse, and inclusive talent ecosystems necessary for the digital economy.

    Hybrid work models have become the default post-pandemic work approach as most knowledge workers prefer the flexibility to choose whether to work remotely or come into the office. CIOs have an opportunity lead hybrid work by facilitating collaboration between employees mixed between meeting at the office and virtually.

    IT departments rose to the challenge to quickly facilitate an all-remote work scenario for their organizations at the outset of the pandemic. Now they must adapt again to facilitate the hybrid work model, which brings new friction to collaboration but also new opportunities to hire a talented, engaged, and diverse workforce.

    79% of organizations will have a mix of workers in the office and at home. (Info-Tech Tech Trends 2022 Survey)

    35% view role type as a determining factor in the feasibility of the hybrid work model.

    Return-to-the-office tensions

    Only 18% of employees want to return to the office full-time.

    But 70% of employers want people back in the office. (CNBC, April 2021)

    Signals

    IT delivers the systems needed to make the hybrid operating model a success.

    IT has an opportunity to lead by defining the hybrid operating model through technology that enables collaboration. To foster collaboration, companies plan to invest in the same sort of tools that helped them cope during the pandemic.

    As 79% of organizations envision a hybrid model going forward, investments into hybrid work tech stacks – including web conferencing tools, document collaboration tools, and team workspaces – are expected to continue into 2022.

    Plans for future investment in collaboration technologies

    Web Conferencing 41%
    Document Collaboration and Co-Authoring 39%
    Team Workspaces 38%
    Instant Messaging 37%
    Project and Task Management Tools 36%
    Office Meeting Room Solutions 35%
    Virtual Whiteboarding 30%
    Intranet Sites 21%
    Enterprise Social Networking 19%
    (Info-Tech Tech Trends 2022 Survey)

    Drivers

    COVID-19

    Vaccination rates around the world are rising and allowing more offices to welcome back workers because the risk of COVID-19 transmission is reduced and jurisdictions are lifting restrictions limiting gatherings.

    Worker satisfaction

    Most workers don't want to go to the office full-time. In a Bloomberg poll (2021), almost half of millennial and Gen Z workers say they would quit their job if not given an option to work remotely.

    IT spending

    Companies are investing more into IT budgets to find ways to support a mix of remote work and in-office resources to cope with work disruption. This extra spending is offset in some cases by companies saving money from having employees work from home some portion of the time. (CIO Dive, 2021)

    Risks and Benefits

    Benefits

    Flexibility Employees able to choose between working from home and working in the office have more control over their work/life balance.
    Intelligence Platforms that track contextual work relationships can accelerate workflows through smart recommendations that connect people at the right time, in the right place.
    Talent Flexible work arrangements provide businesses with access to the best talent available around the world and employees with more career options as they work from a home office (The Official Microsoft Blog, 2021).

    Risks

    Uncertainty The pandemic lacks a clear finish line and local health regulations can still waver between strict control of movement and open movement. There are no clear assurances of what to expect for how we'll work in the near future.
    FOMO With some employees going back to the office while others remain at home, employee bases could be fractured along the lines of those seeing each other in person every day and those still connecting by videoconference.
    Complexity Workers may not know in advance whether they're meeting certain people in person or online, or a mix of the two. They'll have to use technology on the fly to try and collaborate across a mixed group of people in the office and people working remotely (McKinsey Quarterly, 2021).

    “We have to be careful what we automate. Do we want to automate waste? If a company is accustomed to having a ton of meetings and their mode in the new world is to move that online, what are you going to do? You're going to end up with a lot of fatigue and disenchantment…. You have to rethink your methods before you think about the automation part of it." (Vijay Sundaram, Chief Strategy Officer, Zoho)

    Photo of Vijay Sundaram, Chief strategy officer, Zoho.

    Listen to the Tech Insights podcast: Unique approach to hybrid collaboration

    Case Study: Zoho

    Situation

    Zoho Corp. is a cloud software firm based in Chennai, India. It develops a wide range of cloud software, including enterprise collaboration software and productivity tools. Over the past decade, Zoho has used flexible work models to grant remote work options to some employees.

    When the coronavirus pandemic hit, not only did the office have to shut down but also many employees had to relocate back with families in rural areas. The human costs of the pandemic experienced by staff required Zoho to respond by offering counseling services and material support to employees.

    Complication

    Zoho prides itself as an employee-centric company and views its culture as a community that's purpose goes beyond work. That sense of community was lost because of the disruption caused by the pandemic. Employees lost their social context and their work role models. Zoho had to find a way to recreate that without the central hub of the office or find a way to work with the limitations of it not being possible.

    Resolution

    To support employees in rural settings, Zoho sent out phones to provide redundant bandwidth. As lockdowns in India end, Zoho is taking a flexible approach and giving employees the option to come to the office. It's seeing more people come back each week, drawn by the strong community.

    Zoho supports the hybrid mix of workers by balancing synchronous and asynchronous collaboration. It holds meetings when absolutely necessary through tools like Zoho Meet but tries to keep more work context to asynchronous collaboration that allows people to complete tasks quickly and move on. Its applications are connected to a common platform that is designed to facilitate workflows between employees with context and intelligence. (Interview with Vijay Sundaram, Chief Strategy Officer, Zoho)

    “We tend to think of it on a continuum of synchronous to asynchronous work collaboration. It’s become the paramount norm for so many different reasons…the point is people are going to work at different times in different locations. So how do we enable experiences where everyone can participate?" (Jason Brommet, Head of Modern Work and Security Business Group at Microsoft)

    Photo of Jason Brommet, Head of Modern Work and Security Business Group at Microsoft.

    Listen to the Tech Insights podcast: Microsoft on the ‘paradox of hybrid work’

    Case Study: Microsoft

    Situation

    Before the pandemic, only 18% of Microsoft employees were working remotely. As of April 1, 2020, they were joined by the other 82% of non-essential workers at the company in working remotely.

    As with its own customers, Microsoft used its own software to enable this new work experience, including Microsoft Teams for web conferencing and instant messaging and Office 365 for document collaboration. Employees proved just as productive getting their work done from home as they were working in the office.

    Complication

    At Microsoft, the effects of firm-wide remote work changed the collaboration patterns of the company. Even though a portion of the company was working remotely before the pandemic, the effects of everyone working remotely were different. Employees collaborated in a more static and siloed way, focusing on scheduled meetings with existing relationships. Fewer connections were made with more disparate parts of the organization. There was also a decrease in synchronous communication and an increase in asynchronous communication.

    Resolution

    Microsoft is creating new tools to break down the silos in organizations that are grappling with hybrid work challenges. For example, Viva Insights is designed to inform workers about their collaboration habits with analytics. Microsoft wants to provide workers with insights on their collaborative networks and whether they are creating new connections or deepening existing connections. (Interview with Jason Brommet, Head of Modern Work and Security Business Group, Microsoft; Nature Human Behaviour, 2021)

    What's Next?

    Distributed collaboration space:

    International Workplace Group says that more companies are taking advantage of its full network deals on coworking spaces. Companies such as Standard Charter are looking to provide their workers with a happy compromise between working from home and making the commute all the way to the central office. The hub-and-spoke model gives employees the opportunity to work near home and looks to be part of the hybrid operating model mix for many companies. (Interview with Wayne Berger, CEO of IWG Canada & Latin America)

    Optimized hybrid meetings:

    Facilitating hybrid meetings between employees grouped in the office and remote workers will be a major pain point. New hybrid meeting solutions will provide cameras embedded with intelligence to put boardroom participants into independent video streams. They will also focus on making connecting to the same meeting from various locations as convenient as possible and capture clear and crisp audio from each speaker.

    Uncertainties

    Mix between office and remote work:

    It's clear we're not going to work the way we used to previously with central work hubs, but full-on remote work isn't the right path forward either. A new hybrid work model is emerging, and organizations are experimenting to find the right approach.

    Attrition:

    Between April and September 2021, 15 million US workers quit their jobs, setting a record pace. Employees seek a renewed sense of purpose in their work, and many won’t accept mandates to go back to the office. (McKinsey, 2021)

    Equal footing in meetings:

    What are the new best practices for conducting an effective meeting between employees in the office and those who are remote? Some companies ask each employee to connect via a laptop. Others are using conference rooms with tech to group in-office workers together and connect them with remote workers.

    Hybrid Collaboration Scenarios

    Organizations can plan their response to the hybrid work context by plotting their circumstances across two continuums: synchronous to asynchronous collaboration approach and remote work to central hub work model.

    A map of hybrid collaboration scenarios with two axes representing 'Work Context, From all remote work to gathering in a central hub' and 'Collaboration Style, From collaborating at the same time to collaborating at different times'. The axes split the map into quarters. 'Work Context' ranges from 'Remote Work' on the left to 'Central Hub' on the right. 'Collaboration Style' ranges from 'Synchronous' on top to 'Asynchronous' on bottom. The top left quarter, synchronous remote work, reads 'Virtual collective collaboration via videoconference and collaboration software, with some workers meeting in coworking spaces.' The top right quarter, synchronous central hub, reads 'In-person collective collaboration in the office.' The bottom left quarter, asynchronous remote work, reads 'Virtual group collaboration via project tracking tools and shared documents.' The bottom right quarter, asynchronous central hub, reads 'In-person group collaboration in coworking spaces and the main office.'

    Recommendations

    Rethink technology solutions. Don't expect your pre-pandemic videoconference rooms to suffice. And consider how to optimize your facilities and infrastructure for hot-desking scenarios.

    Optimize remote work. Shift from the collaboration approach you put together just to get by to the program you'll use to maximize flexibility.

    Enable effective collaboration. Enable knowledge sharing no matter where and when your employees work and choose the best collaboration software solutions for your scenario.

    Run better meetings. Successful hybrid workplace plans must include planning around hybrid meetings. Seamless hybrid meetings are the result of thoughtful planning and documented best practices.

    89% of organizations invested in web conferencing technology to facilitate better collaboration, but only 43% invested in office meeting room solutions. (Info-Tech Tech Trends 2022 Survey)

    Info-Tech Resources

    Battle Against Ransomware

    TREND 02 | SECURITY STRATEGY

    Prevent ransomware infections and create a response plan for a worst-case scenario. Collaborate with relevant external partners to access resources and mitigate risks.

    Emerging technologies:
    Open source intelligence; AI-powered threat detection

    “It has been a national crisis for some time…. For every [breach] that hits the news there are hundreds that never make it.” (Steve Orrin, Federal Chief Technology Officer, Intel)

    Photo of Steve Orrin, Federal Chief Technology Officer, Intel.

    Listen to the Tech Insights podcast: Ransomware crisis and AI in military

    Introduction

    Between 2019 and 2020, ransomware attacks rose by 62% worldwide and by 158% in North America. (PBS NewsHour, 2021)

    Security strategies are crucial for companies to control access to their digital assets and confidential data, providing it only to the right people at the right time. Now security strategies must adapt to a new caliber of threat in ransomware to avoid operational disruption and reputational damage.

    In 2021, ransomware attacks exploiting flaws in widely used software from vendors Kaseya, SolarWinds, and Microsoft affected many companies and saw record-breaking ransomware payments made to state-sponsored cybercriminal groups.

    After a ransomware attack caused Colonial Pipeline to shut down its pipeline operations across the US, the ransomware issue became a topic of federal attention with executives brought before Senate committees. A presidential task force to combat ransomware was formed.

    62% of IT professionals say they are more concerned about being a victim of ransomware than they were one year ago. (Info-Tech Tech Trends 2022 Survey)

    $70 million demanded by REvil gang in ransom to unlock firms affected by the Kaseya breach. (TechRadar, 2021)

    Signals

    Organizations are taking a multi-faceted approach to preparing for the event of a ransomware breach.

    The most popular methods to prepare for ransomware are to buy an insurance policy or create offline backups and redundant systems. Few are making an effort to be aware of free decryption tools, and only 2% admit to budgeting to pay ransoms.

    44% of IT professionals say they spent time and money specifically to prevent ransomware over the past year. (Info-Tech Tech Trends 2022 Survey)

    Approaches to prepare for ransomware

    Kept aware of free decryption tools available 9%
    Set aside budget to pay ransoms 2%
    Designed network to contain ransomware 24%
    Implemented technology to eradicate ransomware 36%
    Created a specific incident response plan for ransomware 26%
    Created offline backups and redundant systems 41%
    Purchased insurance covering cyberattacks 47%

    (Info-Tech Tech Trends 2022 Survey)

    Drivers

    National security concerns

    Attacks on US infrastructure and government agencies have prompted the White House to treat ransomware as a matter of national security. The government stance is that Russia supports the attacks. The US is establishing new mechanisms to address the threat. Plans include new funding to support ransomware response, a mandate for organizations to report incidents, and requirements for organizations to consider the alternatives before paying a ransom. (Institute for Security and Technology, 2021)

    Advice from cybersecurity insurance providers

    Increases in ransom payouts have caused cybersecurity insurance providers to raise premiums and put in place more security requirements for policyholders to try and prevent ransomware infection. However, when clients are hit with ransomware, insurance providers advise to pay the ransom as it's usually the cheapest option. (ProPublica, 2019)

    Reputational damage

    Ransomware attacks also often include a data breach event with hackers exfiltrating the data before encrypting it. Admitting a breach to customers can seriously damage an organization's reputation as trustworthy. Organizations may also be obligated to pay for credit protection of their customers. (Interview with Frank Trovato, Research Director – Infrastructure, Info-Tech Research Group)

    Risks and Benefits

    Benefits

    Privacy Protecting personal data from theft improves people’s confidence that their privacy is being respected and they are not at risk of identity theft.
    Productivity Ransomware can lock out employees from critical work systems and stop them from being able to complete their tasks.
    Access Ransomware has prevented public access to transportation, healthcare, and any number of consumer services for days at a time. Ransomware prevention ensures public service continuity.

    Risks

    Expenses Investing in cybersecurity measures to protect against attacks is becoming more expensive, and recently cybersecurity insurance premiums have gone up in response to expensive ransoms.
    Friction More security requirements could create friction between IT priorities and business priorities in trying to get work done.
    Stability If ransomware attacks become worse or cybercriminals retaliate for not receiving payments, people could find their interactions with government services and commercial services are disrupted.

    Case Study: Victim to ransomware

    Situation

    In February 2020, a large organization found a ransomware note on an admin’s workstation. They had downloaded a local copy of the organization’s identity management database for testing and left a port open on their workstation. Hackers exfiltrated it and encrypted the data on the workstation. They demanded a ransom payment to decrypt the data.

    Complication

    Because private information of employees and customers was breached, the organization decided to voluntarily inform the state-level regulator. With 250,000 accounts affected, plans were made to require password changes en masse. A public announcement was made two days after the breach to ensure that everyone affected could be reached.

    The organization decided not to pay the ransom because it didn’t need the data back, since it had a copy on an unaffected server.

    Resolution

    After a one-day news cycle for the breach, the story about the ransom was over. The organization also received praise for handling the situation well and quickly informing stakeholders.

    The breach motivated the organization to put more protections in place. It implemented a deny-by-default network and turned off remote desktop protocol and secure shell. It mandated multi-factor authentication and put in a new endpoint-detection and response system. (Interview with CIO of large enterprise)

    What's Next

    AI for cybersecurity:

    New endpoint protections using AI are being deployed to help defend against ransomware and other cybersecurity intrusions. The solutions focus on the prevention and detection of ransomware by learning about the expected behavior of an environment and then detecting anomalies that could be attack attempts. This type of approach can be applied to everything from reading the contents of an email to helping employees detect phishing attempts to lightweight endpoint protection deployed to an Internet of Things device to detect an unusual connection attempt.

    Unfortunately, AI is a tool available to both the cybersecurity industry and hackers. Examples of hackers tampering with cybersecurity AI to bypass it have already surfaced. (Forbes, 23 Sept. 2021)

    Uncertainties

    Government response:

    In the US, the Ransomware Task Force has made recommendations to the government but it's not clear whether all of them will be followed. Other countries such as Russia are reported to be at least tolerating ransomware operations if not supporting them directly with resources.

    Supply chain security:

    Sophisticated attacks using zero-day exploits in widely used software show that organizations simply can't account for every potential vulnerability.

    Arms escalation:

    The ransomware-as-a-service industry is doing good business and finding new ways to evade detection by cybersecurity vendors. New detection techniques involving AI are being introduced by vendors, but will it just be another step in the back-and-forth game of one-upmanship? (Interview with Frank Trovato)

    Battle Against Ransomware Scenarios

    Determine your organization’s threat profile for ransomware by plotting two variables: the investment made in cybersecurity and the sophistication level of attacks that you should be prepared to guard against.

    A map of Battle Against Ransomware scenarios with two axes representing 'Attack Sophistication, From off-the-shelf, ransomware-as-a-service kits to state-sponsored supply chain attacks' and 'Investment in Cybersecurity, From low, minimal investment to high investment for a multi-layer approach.'. The axes split the map into quarters. 'Attack Sophistication' ranges from 'Ransomware as a Service' on the left to 'State-Sponsored' on the right. 'Investment in Cybersecurity' ranges from 'High' on top to 'Low' on bottom. The top left quarter, highly invested ransomware as a service, reads 'Organization is protected from most ransomware attacks and isn’t directly targeted by state-sponsored attacks.' The top right quarter, highly invested state-sponsored, reads 'Organization is protected against most ransomware attacks but could be targeted by state-sponsored attacks if considered a high-value target.' The bottom left quarter, low investment ransomware as a service, reads 'Organization is exposed to most ransomware attacks and is vulnerable to hackers looking to make a quick buck by casting a wide net.' The bottom right quarter, low investment state-sponsored, reads 'Organization is exposed to most ransomware attacks and risks being swept up in a supply chain attack by being targeted or as collateral damage.'

    Recommendations

    Create a ransomware incident response plan. Assess your current security practices and identify gaps. Quantify your ransomware risk to prioritize investments and run tabletop planning exercises for ransomware attacks.

    Reduce your exposure to ransomware. Focus on securing the frontlines by improving phishing awareness among staff and deploying AI tools to help flag attacks. Use multi-factor authentication. Take a zero-trust approach and review your use of RDP, SSH, and VPN.

    Require security in contracts. Security must be built into vendor contracts. Government contracts are now doing this, elevating security to the same level as functionality and support features. This puts money incentives behind improving security. (Interview with Intel Federal CTO Steve Orrin)

    42% of IT practitioners feel employees must do much more to help defend against ransomware. (Info-Tech Tech Trends 2022 Survey)

    Info-Tech Resources

    Carbon Metrics in Energy 4.0

    TREND 03 | BUSINESS PROCESS CONTROLS AND INTERNAL AUDIT

    Use Internet of Things (IoT) and auditable tracking to provide insight into business process implications for greenhouse gas emissions.

    Emerging technologies:
    IoT

    Introduction

    Making progress towards a carbon-neutral future.

    A landmark report published in 2021 by the United Nations Intergovernmental Panel on Climate Change underlines that human actions can still determine the future course of climate change. The report calls on governments, individuals, and organizations to stop putting new greenhouse gas emissions into the atmosphere no later than 2050, and to be at the halfway point to achieving that by 2030.

    With calls to action becoming more urgent, organizations are making plans to reduce the use of fossil fuels, move to renewable energy sources, and reduce consumption that causes more emissions downstream. As both voluntary and mandatory regulatory requirements task organizations with reducing emissions, they will first be challenged to accurately measure the size of their footprint.

    CIOs in organizations are well positioned to make conscious decisions to both influence how technology choices impact carbon emissions and implement effective tracking of emissions across the entire enterprise.

    Canada’s CIO strategy council is calling on organizations to sign a “sustainable IT pledge” to cut emissions from IT operations and supply chain and to measure and disclose emissions annually. (CIO Strategy Council, Sustainable IT Pledge)

    SCOPE 3 – Indirect Consumption

    • Goods and services
    • Fuel, travel, distribution
    • Waste, investments, leased assets, employee activity

    SCOPE 2 – Indirect Energy

    • Electricity
    • Heat and cooling

    SCOPE 1 – Direct

    • Facilities
    • Vehicles

    Signals

    Emissions tracking requires a larger scope.

    About two-thirds of organizations have a commitment to reduce greenhouse gas emissions. When asked about what tactics they use to reduce emissions, the most popular options affect either scope 1 emissions (retiring older IT equipment) or scope 2 emissions (using renewable energy sources). Fewer are using tactics that would measure scope 3 emissions such as using IoT to track or using software or AI.

    68% of organizations say they have a commitment to reduce greenhouse gas emissions. (Info-Tech Tech Trends 2022 Survey)

    Approaches to reducing carbon emissions

    Using "smart technologies" or IoT to help cut emissions 12%
    Creating incentive programs for staff to reduce emissions 10%
    Using software or AI to manage energy use 8%
    Using external DC or cloud on renewable energy 16%
    Committing to external emissions standards 15%
    Retiring/updating older IT equipment 33%
    Using renewable energy sources 41%

    (Info-Tech Tech Trends 2022 Survey)

    Drivers

    Investor pressure

    The world’s largest asset manager, at $7 trillion in investments, says it will move away from investing in firms that are not aligned to the Paris Agreement. (The New York Times, 2020)

    Compliance tipping point

    International charity CDP has been collecting environmental disclosure from organizations since 2002. In 2020, more than 9,600 of the world’s largest companies – representing over 50% of global market value – took part. (CDP, 2021)

    International law

    In 2021, six countries have net-zero emissions policies in law, six have proposed legislations, and 20 have policy documents. (Energy & Climate Intelligence Unit, 2021)

    Employee satisfaction

    In 2019, thousands of workers walked out of offices of Amazon, Google, Twitter, and Microsoft to demand their employers do more to reduce carbon emissions. (NBC News, 2021)

    High influence factors for carbon reduction

    • 25% – New government laws or policies
    • 9% – External social pressures
    • 9% – Pressure from investors
    • 8% – International climate compliance efforts
    • 7% – Employee satisfaction

    (Info-Tech Tech Trends 2022 Survey)

    Risks and Benefits

    Benefits

    Trust Tracking carbon emissions creates transparency into an organization’s operations and demonstrates accountability to its carbon emissions reduction goals.
    Innovation As organizations become more proficient with carbon measurement and modeling, insights can be leveraged as a decision-making tool.
    Resilience Reducing energy usage shrinks your carbon footprint, increases operational efficiency, and decreases energy costs.

    Risks

    Regulatory Divergence Standardization of compliance enforcement around carbon emissions is a work in progress. Several different voluntary frameworks exist, and different governments are taking different approaches including taxation and cap-and-trade markets.
    Perceptions Company communications that speak to emissions reduction targets without providing proof can be accused of “greenwashing” or falsely trying to improve public perception.
    Financial Pain Institutional investments are requiring clear commitments and plans to reduce greenhouse gases. Some jurisdictions are now taxing carbon emissions.

    “When you can take technology and embed that into management change decisions that impact the environment, you can essentially guarantee that [greenhouse gas] offset. Companies that are looking to reduce their emissions can buy those offsets and it creates value for everybody.” (Wade Barnes, CEO and founder of Farmers Edge)

    Photo of Wade Barnes, CEO and founder of Farmers Edge.

    Listen to the Tech Insights podcast: The future of farming is digital

    Case Study

    Situation

    The Alberta Technology Innovation and Emissions Reduction Regulation is Alberta’s approach to reduce emissions from large industrial emitters. It prices GHG and provides a trading system.

    No-till farming and nitrogen management techniques sequester up to 0.3 metric tons of GHG per year.

    Complication

    Farmers Edge offers farmers a digital platform that includes IoT and a unified data warehouse. It can turn farm records into digital environmental assets, which are aggregated and sold to emitters.

    Real-time data from connected vehicles, connected sensors, and other various inputs can be verified by third-party auditors.

    Resolution

    Farmers Edge sold aggregated carbon offsets to Alberta power producer Capital Power to help it meet regulatory compliance.

    Farmers Edge is expanding its platform to include farmers in other provinces and in the US, providing them opportunity to earn revenue via its Smart Carbon program.

    The firm is working to meet standards outlined by the U.S. Department of Agriculture’s Natural Resources Conservation Service. (Interview with Wade Barnes, CEO, Farmers Edge)

    What's Next

    Global standards:

    The International Sustainability Standards Board (ISSB) has been formed by the International Financial Reporting Standards Foundation and will have its headquarters location announced in November at a United Nations conference. The body is already governing a set of global standards that have a roadmap for development through 2023 through open consultation. The standards are expected to bring together the multiple frameworks for sustainability standards and offer one global set of standards. (Business Council of Canada, 2021)

    CIOs take charge:

    The CIO is well positioned to take the lead role on corporate sustainability initiatives, including measuring and reducing an organization’s carbon footprint (or perhaps even monetizing carbon credits for an organization that is a negative emitter). CIOs can use their position as facilities managers and cross-functional process owners and mandate to reduce waste and inefficiency to take accountability for this important role. CIOs will expand their roles to deliver transparent and auditable reporting on environmental, social, and governance (ESG) goals for the enterprise.

    Uncertainties

    International resolve:

    Fighting the climate crisis will require governments and private sector collaboration from around the world to commit to creating new economic structures to discourage greenhouse gas emissions and incentivize long-term sustainable thinking. If some countries or private sector forces continue to prioritize short-term gains over sustainability, the U.N.’s goals won’t be achieved and the human costs as a result of climate change will become more profound.

    Cap-and-trade markets:

    Markets where carbon credits are sold to emitters are organized by various jurisdictions around the world and have different incentive structures. Some are created by governments and others are voluntary markets created by industry. This type of organization for these markets limits their size and makes it hard to scale the impact. Organizations looking to sell carbon credits at volume face the friction of having to navigate different compliance rules for each market they want to participate in.

    Carbon Metrics in Energy 4.0 Scenarios

    Determine your organization’s approach to measuring carbon dioxide and other greenhouse gas emissions by considering whether your organization is likely to be a high emitter or a carbon sink. Also consider your capability to measure and report on your carbon footprint.

    A map of Carbon Metrics in Energy 4.0 scenarios with two axes representing 'Quantification Capability, From not tracking any emissions whatsoever to tracking all emissions at every scope' and 'Greenhouse Gas Emissions, From mitigating more emissions than you create to emitting more than regulations allow'. The axes split the map into quarters. 'Quantification Capability' ranges from 'No Measures' on the left to 'All Emissions Measured' on the right. 'Greenhouse Gas Emissions' ranges from 'More Than Allowed' on top to 'Net-Negative' on bottom. The top left quarter, no measures and more than allowed, reads 'Companies that are likely to be high emitters and not measuring will attract the most scrutiny from regulators and investors.' The top right quarter, all measured and more than allowed, reads 'Companies emit more than regulators allow but the measurements show a clear path to mitigation through the purchase of carbon credits.' The bottom left quarter, no measures and net-negative, reads 'Companies able to achieve carbon neutrality or even be net-negative in emissions but unable to demonstrate it will still face scrutiny from regulators.' The bottom right quarter, all measured and net-negative, reads 'Companies able to remove more emissions than they create have an opportunity to aggregate those reductions and sell on a cap-and-trade market.'

    Recommendations

    Measure the whole footprint. Devise a plan to measure scope 1, 2, and 3 greenhouse gas emissions at a level that is auditable by a third party.

    Gauge the impact of Industry 4.0. New technologies in Industry 4.0 include IoT, additive manufacturing, and advanced analytics. Make sustainability a core part of your focus as you plan out how these technologies will integrate with your business.

    Commit to net zero. Make a clear commitment to achieve net-zero emissions by a specific date as part of your organization’s core strategy. Take a continuous improvement approach to make progress towards the goal with measurable results.

    New laws from governments will have the highest degree of influence on an organization’s decision to reduce emissions. (Info-Tech Tech Trends 2022 Survey)

    Info-Tech Resources

    Intangible Value Creation

    TREND 04 | DATA ARCHITECTURE

    Use blockchain technology to turn unique intellectual property into saleable digital products. Provide governance around marketplaces where sales are made.

    Emerging technologies:
    Blockchain, Distributed Ledger Technology, Virtual Environments

    Introduction

    Decentralized technologies are propelling the digital economy.

    As the COVID-19 pandemic has accelerated our shift into virtual social and economic systems, blockchain technology poses a new technological frontier – further disrupting digital interactions and value creation by providing a modification of data without relying on third parties. New blockchain software developments are being used to redefine how central banks distribute currency and to track provenance for scarce digital assets.

    Tokenizing the blockchain

    Non-fungible tokens (NFTs) are distinct cryptographic tokens created from blockchain technology. The rarity systems in NFTs are redefining digital ownership and being used to drive creator-centric communities.

    Not crypto-currency, central currency

    Central Bank Digital Currencies (CBDC) combine the same architecture of cryptocurrencies built on blockchain with the financial authority of a central bank. These currencies are not decentralized because they are controlled by a central authority, rather they are distributed systems. (Decrypt, 2021)

    80% of banks are working on a digital currency. (Atlantic Council, 2021)

    Brands that launched NFTs

    NBA, NFL, Formula 1, Nike, Stella Artois, Coca-Cola, Mattel, Dolce & Gabbana, Ubisoft, Charmin

    Banks that launched digital currencies

    The Bahamas, Saint Kitts and Nevis, Antigua and Barbuda, Saint Lucia, Grenada

    Signals

    ID on the blockchain

    Blockchains can contain smart contracts that automatically execute given specific conditions, protecting stakeholders involved in a transaction. These have been used by central banks to automate when and how currency can be spent and by NFT platforms to attribute a unique identity to a digital asset. Automation and identity verification are the most highly valued digital capabilities of IT practitioners.

    $69.3 million – The world’s most expensive NFT artwork sale, for Beeple’s “Everydays: The First 5,000 Days” (The New York Times, Mar. 2021)

    Digital capabilities that provide high value to the organization

    E-commerce 50%
    Automation 79%
    Smart contracts 42%
    Community building and engagement 55%
    Real-time payments 46%
    Tracking provenance 33%
    Identity verification 74%

    (Info-Tech Tech Trends 2022 Survey)

    Drivers

    Financial autonomy

    Central banks view cryptocurrencies as "working against the public good" and want to maintain control over their financial system to maintain the integrity of payments and provide financial crime oversight and protections against money laundering. (Board of Governors of the Federal Reserve System, 2021)

    Bitcoin energy requirements and greenhouse gas emissions

    Annual energy consumption of the Bitcoin blockchain in China is estimated to peak in 2024 at 297 TwH and generate 130.5 million metric tons of carbon emissions. That would exceed the annual GHG of the Czech Republic and Qatar and rank in the top 10 among 182 cities and 42 industrial sectors in China. This is motiving cryptocurrency developers and central banks to move away from the energy-intensive "Proof of Work" mining approach and towards the "Proof of Stake" approach. (Nature Communications, 2021)

    Digital communities

    During the pandemic, people spent more time exploring digital spaces and interacting in digital communities. Asset ownership within those communities is a way for individuals to show their own personal investment in the community and achieve a status that often comes with additional privileges. The digital assets can also be viewed as an investment vehicle or to gain access to exclusive experiences.

    “The pillars of the music economy have always been based on three things that the artist has never had full control of. The idea of distribution is freed up. The way we are going to connect to fans in this direct to fan value prop is very interesting. The fact we can monetize it, and that money exchange, that transaction is immediate. And on a platform like S!NG we legitimately have a platform to community build…. Artists are getting a superpower.” (Raine Maida, Chief Product Officer, S!NG Singer, Our Lady Peace)

    Raine Maida, Chief Product Officer, S!NG, and Singer, Our Lady Peace.

    Listen to the Tech Insights podcast: Raine Maida's startup is an NFT app for music

    Case Study

    Situation

    Artists can create works and distribute them to a wide audience more easily than ever with the internet. Publishing a drawing or a song to a website allows it to be infinitely copied. Creators can use social media accounts and digital advertisements to build up a fan base for their work and monetize it through sales or premium-access subscriber schemes.

    Complication

    The internet's capacity for frictionless distribution is a boon and a burden for artists at the same time. Protecting copyright in a digital environment is difficult because there is no way to track a song or a picture back to its creator. This devalues the work because it can be freely exchanged by users.

    Resolution

    S!NG allows creators to mint their works with a digital token that stamps its origin to the file and tracks provenance as it is reused and adapted into other works. It uses the ERC 721 standard on the Ethereum blockchain to create its NFT tokens. They are portable files that the user can create for free on the S!NG platform and are interoperable with other digital token platforms. This enables a collaboration utility by reducing friction in using other people's works while giving proper attribution. Musicians can create mix tracks using the samples of others’ work easily and benefit from a smart-contract-based revenue structure that returns money to creators when sales are made. (Interview with Geoff Osler and Raine Maida, S!NG Executives)

    Risks and Benefits

    Benefits

    Autonomy Digital money and assets could proliferate the desire for autonomy as users have greater control over their assets (by cutting out the middlemen, democratizing access to investments, and re-claiming ownership over intangible data).
    Community Digital worlds and assets offer integrated and interoperable experiences influenced by user communities.
    Equity Digital assets allow different shareholder equity models as they grant accessible and affordable access to ownership.

    Risks

    Volatility Digital assets are prone to volatile price fluctuations. A primary reason for this is due to its perceived value relative to the fiat currency and the uncertainty around its future value.
    Security While one of the main features of blockchain-based digital assets is security, digital assets are vulnerable to breaches during the process of storing and trading assets.
    Access Access to digital marketplaces requires a steep learning curve and a base level of technical knowledge.

    What's Next

    Into the Metaverse:

    Digital tokens are finding new utility in virtual environments known as the Metaverse. Decentraland is an example of a virtual reality environment that can be accessed via a web browser. Based on the Ethereum blockchain, it's seen sales of virtual land plots for hundreds of thousands of dollars. Sotheby's is one buyer, building a digital replica of its New Bond Street gallery in London, complete with commissionaire Hans Lomuldur in avatar form to greet visitors. The gallery will showcase and sell Sotheby's digital artworks. (Artnet News, 2021)

    Bitcoin as legal tender:

    El Salvador became the first country in the world to make Bitcoin legal tender in September 2021. The government intended for this to help citizens avoid remittance fees when receiving money sent from abroad and to provide a way for citizens without bank accounts to receive payments. Digital wallet Chivo launched with technical glitches and in October a loophole that allowed “price scalping” had to be removed to stop speculators from using the app to trade for profit. El Salvador’s experiment will influence whether other countries consider using Bitcoin as legal tender. (New Scientist, 2021)

    Uncertainties

    Stolen goods at the mint:

    William Shatner complained that Twitter account @tokenizedtweets had taken his content without permission and minted tokens for sale. In doing so, he pointed out there’s no guarantee a minted digital asset is linked to the creator of the attached intellectual property.

    Decentralized vs. distributed finance:

    Will blockchain-based markets be controlled by a single platform operator or become truly open? For example, Dapper Labs centralizes the minting of NFTs on its Flow blockchain and controls sales through its markets. OpenSea allows NFTs minted elsewhere to be brought to the platform and sold.

    Supply and demand:

    Platforms need to improve the reliability of minting technology to create tokens in the future. Ethereum's network is facing more demand than it can keep up with and requires future upgrades to improve its efficiency. Other platforms that support minting tokens are also awaiting upgrades to be fully functional or have seen limited NFT projects launched on their platform.

    Intangible Value Creation Scenarios

    Determine your organization’s strategy by considering the different scenarios based on two main factors. The design decisions are made around whether digital assets are decentralized or distributed and whether the assets facilitate transactions or collections.

    A map of Intangible Value Creation scenarios with two axes representing 'Fungibility, From assets that are designed to be exchanged like currency to assets that are unique' and 'Asset Control Model, From decentralized control with open ownership to centralized control with distributed assets'. The axes split the map into quarters. 'Fungibility' ranges from 'Transactional' on the left to 'Collectible' on the right. 'Asset Control Model' ranges from 'Distributed' on top to 'Decentralized' on bottom. The top left quarter, distributed transactional, reads 'Platform-controlled digital exchanges and utility (e.g. tokens exchanged for fan experiences, central bank digital currency, S!NG).' The top right quarter, distributed collectible, reads 'Platform-controlled digital showcases and community (e.g. NBA Top Shot, Decentraland property).' The bottom left quarter, decentralized transactional, reads 'Peer-controlled digital exchanges and utility (e.g. Bitcoin).' The bottom right quarter, decentralized collectible, reads 'Peer-controlled digital showcases and community (e.g. OpenSea and Ethereum-based NFTs).'

    Recommendations

    Determine your role in the digital asset ecosystem.
    • Becoming a platform provider for digital tokens will require a minting capability to create blockchain-based assets and a marketplace for users to exchange them.
    • Issuing digital tokens to a platform through a sale will require making partnerships and marketing.
    • Investing in digital assets will require management of digital wallets and subject-matter expert analysis of the emerging markets.
    Track the implications of digital currencies.

    Track what your country’s central bank is planning for digital currency and determine if you’ll need to prepare to support it. Be informed about payment partner support for cryptocurrency and consider any complications that may introduce.

    $1 billion+ – The amount of cryptocurrency spent by consumers globally through crypto-linked Visa cards in first half of 2021. (CNBC, July 2021)

    Info-Tech Resources

    Automation as a Service

    TREND 05 | INNOVATION

    Automate business processes and access new sophisticated technology services through platform integration.

    Emerging technologies:
    Cloud platforms, APIs, Generative AI

    Introduction

    The glue for innovation

    Rapidly constructing a business model that is ready to compete in a digital economy requires continuous innovation. Application programming interfaces (APIs) can accelerate innovation by unlocking marketplaces of ready-to-use solutions to business problems and automating manual tasks to make more time for creativity. APIs facilitate a microarchitecture approach and make it possible to call upon a new capability with a few lines of code. This is not a new tool, as the first API was specified in 1951, but there were significant advances of both scale and capability in this area in 2021.

    In the past 18 months, API adoption has exploded and even industries previously considered as digital laggards are now integrating them to reinvent back-office processes. Technology platforms specializing in API management are attracting record-breaking investment. And sophisticated technology services such as artificial intelligence are being delivered by APIs.

    APIs can play a role in every company’s digital strategy, from transforming back-office processes to creating revenue as part of a platform.

    $500,000 was invested in API companies in 2016. (Forbes, May 2021)

    $2,000,000,000+ was invested in API companies in 2020. (Forbes, May 2021)

    69% of IT practitioners say digital transformation has been a high priority for their organization during the pandemic. (Info-Tech Tech Trends 2022 Survey)

    51% of developers used more APIs in 2020 than in 2019. (InsideHPC, 2021)

    71% of developers planned to use even more APIs in 2021. (InsideHPC, 2021)

    Signals

    IT practitioners indicate that digital transformation was a strong focus for their organization during the pandemic and will remain so during the period afterwards, and one-third say their organizations were “extremely focused” on digital transformation.

    When it came to shifting processes from being done manually to being completed digitally, more than half of IT practitioners say they shifted at least 21% of their processes during the past year. More than one in five say that at least 60% of their processes were shifted from manual to digital in the past year.

    3.5 trillion calls were performed on API management platform Apigee, representing a 50% increase year over year. (SiliconANGLE, 2021)

    Processes shifted from manual to digital in the past year

    A horizontal bar chart recording survey responses regarding the percent of processes that shifted from manual to digital in the past year. The horizontal axis is 'percent of survey respondents' with values from 0 to 35%. The vertical axis is 'percent of process shifted to digital' with bar labels 'Between 0 to 20%', 'Between 21 to 40%', and so on until 'Between 81 to 100%'. 20% of respondents answered '0 to 20%' of processes went digital. 28% of respondents answered '21 to 40%' of processes went digital. 30% of respondents answered '41 to 60%' of processes went digital. 15% of respondents answered '61 to 80%' of processes went digital. 7% of respondents answered '81 to 100%' of processes went digital.

    Drivers

    Covid-19

    The pandemic lockdowns pushed everyone into a remote-work scenario. With in-person interaction not an option, even more traditional businesses had to adapt to digital processes.

    Customer Expectations

    The success of digital services in the consumer space is causing expectations to rise in other areas, such as professional services. Consumers now want their health records to be portable and they want to pay their lawyer through e-transfer, not by writing a cheque. (Interview with Mik Lernout)

    Standardization

    Technology laggard industries such as legal and healthcare are recognizing the pain of working with siloed systems. New standardization efforts are driving the adoption of open APIs at a rapid rate. (Interview with Jennifer Jones, Research Director – Industry, Info-Tech Research Group)

    Risks and Benefits

    Benefits

    Speed Using a microarchitecture approach with readily available services constructed in different ways provides a faster way to get from idea to minimum-viable product.
    Intelligence Open APIs have more than ever exposed people to sophisticated AI algorithms that were in the domain of only advanced researchers just a couple years ago. Developers can integrate AI with a couple lines of code. Non-technical users can train algorithms with low-code and no-code tools (Forbes, Sept. 2021).
    Resilience If one function of a solution doesn't work, it can be easily replaced with another one available on the market and the overall experience is maintained.

    Risks

    Loss of Privacy APIs are being targeted by hackers as a way to access personal information. Recent API-related leaks affected Experian, John Deere, Clubhouse, and Peloton (VentureBeat, 2021).
    Complexity Using a decentralized approach to assemble applications means that there is no single party accountable for the solution. Different pieces can break, or oversights can go unnoticed.
    Copycats Platforms that take the approach of exposing all functions via API run the risk of having their services used by a competitor to offer the same solution but with an even better user experience.

    “When we think about what the pandemic did, we had this internal project called 'back to the future.' It kind of put the legal industry in a time machine and it kind of accelerated the legal industry 5, maybe even 10 years. A lot of the things we saw with the innovators became table stakes.” (Mik Lernout, Vice President of Product, Clio)

    Photo of Mik Lernout, Vice president of product, Clio.

    Listen to the Tech Insights podcast: Clio drives digital transformation to redefine the legal industry

    Case Study

    Situation

    The COVID-19 pandemic required the legal industry to shift to remote work. A typically change-resistant industry was now holding court hearings over videoconference, taking online payments, and collecting e-signatures on contracts. For Clio, a software-as-a-service software vendor that serves the legal industry, its client base grew and its usage increased. It previously focused on the innovators in the legal industry, but now it noticed laggards were going digital too.

    Complication

    Law firms have very different needs depending on their legal practice area (e.g. family law, corporate law, or personal injury) and what jurisdiction they operate in.

    Clients are also demanding more from their lawyers in terms of service experience. They don't want to travel to the law office to drop off a check but expect digital interactions on par with service they receive in other areas.

    Resolution

    Since its inception, Clio built its software product so that all of its functions could be called upon by an API as well. It describes its platform as the "operating system for the legal industry." Its API functions include capabilities like managing activities, billing, and contracts. External developers can submit applications to the Clio Marketplace to add new functionality. Its platform approach enables it to find solutions for its 150,000+ users. During the pandemic, Clio saw its customers rely on its APIs more than ever before. It expects this accelerated adoption to be the way of working in the future. (ProgrammableWeb, 2021; Interview with Mik Lernout)

    What's Next

    GOOGLE’S API-FIRST APPROACH:

    Google is expanding its Apigee API management platform so enterprises will be able to connect existing data and applications and access them via APIs. It's part of Google's API-first approach to digital transformation, helping enterprises with their integration challenges. The new release includes tools and a framework that's needed to integrate services in this way and includes pre-built connectors for common business apps and services such as Salesforce, Cloud SQL, MySQL, and BigQuery. (SiliconANGLE, 2021)

    Uncertainties

    API SECURITY:

    APIs represent another potential vulnerability for hackers to exploit and the rise in popularity has come with more security incidents. Companies using APIs have leaked data through APIs, with one research report on the state of API security finding that 91% of organizations have suffered an API security incident. Yet more than a quarter of firms running production APIs don’t have an API security strategy. (VentureBeat, 2021)

    For low IT maturity organizations moving onto platforms that introduce API capabilities, education is required about the consequences of creating more integrations. Platforms must bear some responsibility for monitoring for irregular activity. (Interview with Mik Lernout)

    Automation as a Service Scenarios

    Determine your organization’s platform strategy from the basis of your digital maturity – from that of a laggard to a native – and whether it involves monetized APIs vs. freely available public APIs. A strategy can include both the consumption of APIs and the creation of them.

    A map of Automation as a Service scenarios with two axes representing 'Business Model, From an open and public API to a monetized pay-for-use API' and 'Digital Maturity, From being a digital laggard to being a digital native'. The axes split the map into quarters. 'Business Model' ranges from 'Public APIs' on the left to 'Monetized APIs' on the right. 'Digital Maturity' ranges from 'Digital Native' on top to 'Digital Laggard' on bottom. The top left quarter, digital native public APIs, reads 'Platform business model that grows through adoption of free APIs (e.g. Clio).' The top right quarter, digital native monetized APIS, reads 'Platform business model with spectrum of API services including free tiers.' The bottom left quarter, digital laggard public APIs, reads 'Consume public APIs to simplify and automate business processes and improve customer experience (e.g. law firms using Clio).' The bottom right quarter, digital laggard monetized APIs, reads 'Consume paid APIs to provide customers with expanded services (e.g. retailer Lowe’s uses AccuWeather to predict supply and demand).'

    Recommendations

    Leverage APIs to connect your systems. Create a repeatable process to improve the quality, reusability, and governance of your web APIs.

    Transform your business model with digital platforms. Use the best practices of digital native enterprises and leverage your core assets to compete in a digital economy.

    Deliver sophisticated new capabilities with APIs. Develop an awareness of new services made available through API integration, such as artificial intelligence, and take advantage of them.

    4.5 billion words per day generated by the OpenAI natural language API GPT-3, just nine months after launch. (OpenAI, 2021)

    Info-Tech Resources

    Behind the design

    Inspiration provided by the golden ratio

    The golden ratio has long fascinated humans for its common occurrence in nature and inspired artists who adopted its proportions as a guiding principle for their creations. A new discovery of the golden ratio in economic cycles was published in August 2021 by Bert de Groot, et al. As the boundaries of value creation blur between physical and digital and the pace of change accelerates, these digital innovations may change our lives in many ways. But they are still bound by the context of the structure of the economy. Hear more about this surprising finding from de Groot and from this report’s designer by listening to our podcast. (Technological Forecasting and Social Change, 2021)

    “Everything happening will adapt itself into the next cycle, and that cycle is one phi distance away.” (Bert de Groot, professor of economics at Erasmus University Rotterdam)

    Photo of Bert de Groot, Professor of Economics at Erasmus University Rotterdam.

    Listen to the Tech Insights podcast: New discovery of the golden ratio in the economy

    Contributing Experts

    Vijay Sundaram
    Chief Strategy Officer, Zoho
    Photo of Vijay Sundaram, Chief Strategy Officer, Zoho.
    Jason Brommet
    Head of Modern Work and Security Business Group, Microsoft
    Photo of Jason Brommet, Head of Modern Work and Security Business Group at Microsoft.
    Steve Orrin
    Federal Chief Technology Officer, Intel
    Photo of Steve Orrin, Federal Chief Technology Officer, Intel.
    Wade Barnes
    CEO and Founder, Farmers Edge
    Photo of Wade Barnes, CEO and founder of Farmers Edge.

    Contributing Experts

    Raine Maida
    Chief Product Officer, S!NG
    Singer, Our Lady Peace
    Raine Maida, Chief Product Officer, S!NG Singer, Our Lady Peace.
    Geoff Osler
    CEO, S!NG
    Photo of Geoff Osler, CEO, S!NG.
    Mik Lernout
    Vice President of Product, Clio
    Photo of Mik Lernout, Vice President of Product, Clio.
    Bert de Groot
    Professor of Economics, Erasmus University Rotterdam
    Photo of Bert de Groot, Professor of Economics at Erasmus University Rotterdam.

    Bibliography – Enabling the Digital Economy

    “2021 Canada Dealer Financing Satisfaction Study.” J.D. Power, 13 May 2021. Accessed 27 May 2021.

    Brown, Sara. “The CIO Role Is Changing. Here’s What’s on the Horizon.” MIT Sloan, 2 Aug. 2021. Accessed 16 Aug. 2021.

    de Groot, E. A., et al. “Disentangling the Enigma of Multi-Structured Economic Cycles - A New Appearance of the Golden Ratio.” Technological Forecasting and Social Change, vol. 169, Aug. 2021, pp. 120793. ScienceDirect, https://doi.org/10.1016/j.techfore.2021.120793.

    Hatem, Louise, Daniel Ker, and John Mitchell. “Roadmap toward a common framework for measuring the Digital Economy.” Report for the G20 Digital Economy Task Force, OECD, 2020. Accessed 19 Oct. 2021.

    LaBerge, Laura, et al. “How COVID-19 has pushed companies over the technology tipping point—and transformed business forever.” McKinsey, 5 Oct. 2020. Accessed 14 June 2021.

    Pomeroy, James. The booming digital economy. HSBC, Sept. 2020. Web.

    Salman, Syed. “Digital Transformation Realized Through COBIT 2019.” ISACA, 13 Oct. 2020. Accessed 25 Oct. 2021.

    Bibliography – Hybrid Collaboration

    De Smet, Aaron, et al. “Getting Real about Hybrid Work.” McKinsey Quarterly, 9 July 2021. Web.

    Herskowitz, Nicole. “Brace Yourselves: Hybrid Work Is Hard. Here’s How Microsoft Teams and Office 365 Can Help.” Microsoft 365 Blog, 9 Sept. 2021. Web.

    Melin, Anders, and Misyrlena Egkolfopoulou. “Employees Are Quitting Instead of Giving Up Working From Home.” Bloomberg, 1 June 2021. Web.

    Spataro, Jared. “Microsoft and LinkedIn Share Latest Data and Innovation for Hybrid Work.” The Official Microsoft Blog, 9 Sept. 2021. Web.

    Subin, Samantha. “The new negotiation over job benefits and perks in post-Covid hybrid work.” CNBC, 23 Apr. 2021. Web.

    Torres, Roberto. “How to Sidestep Overspend as Hybrid Work Tests IT.” CIO Dive, 26 July 2021. Accessed 16 Sept. 2021.

    Wong, Christine. “How the hybrid workplace will affect IT spending.” ExpertIP, 15 July 2021. Web.

    Yang, Longqi, et al. “The Effects of Remote Work on Collaboration among Information Workers.” Nature Human Behaviour, Sept. 2021, pp. 1-12. Springer Nature, https://doi.org/10.1038/s41562-021-01196-4.

    Bibliography – Battle Against Ransomware

    Berg, Leandro. “RTF Report: Combatting Ransomware.” Institute for Security and Technology (IST), 2021. Accessed 21 Sept. 2021.

    Dudley, Renee. “The Extortion Economy: How Insurance Companies Are Fueling a Rise in Ransomware Attacks.” ProPublica, 27 Aug. 2019. Accessed 22 Sept. 2021.

    Durbin, Steve. “Council Post: Artificial Intelligence: The Future Of Cybersecurity?” Forbes, 23 Sept. 2021. Accessed 21 Oct. 2021.

    “FACT SHEET: Ongoing Public U.S. Efforts to Counter Ransomware.” The White House, 13 Oct. 2021. Web.

    Jeffery, Lynsey, and Vignesh Ramachandran. “Why ransomware attacks are on the rise — and what can be done to stop them.” PBS NewsHour, 8 July 2021. Web.

    McBride, Timothy, et al. Data Integrity: Recovering from Ransomware and Other Destructive Events. NIST Special Publication (SP) 1800-11, National Institute of Standards and Technology, 22 Sept. 2020. NIST Computer Security Resource Center (CSRC), https://doi.org/10.6028/NIST.SP.1800-11.

    Mehrotra, Karitkay, and Jennifer Jacobs. “Crypto Channels Targeted in Biden’s Fight Against Ransomware.” BNN Bloomberg, 21 Sept. 2021. Web.

    Sharma, Mayank. “Hackers demand $70m ransom after executing massive Solar Winds-like attack.” TechRadar, 5 July 2021. Web.

    “Unhacked: 121 Tools against Ransomware on a Single Website.” Europol, 26 July 2021. Web.

    Bibliography – Carbon Metrics in Energy 4.0

    “The A List 2020.” CDP, 2021. Web.

    Baazil, Diedrik, Hugo Miller, and Laura Hurst. “Shell loses climate case that may set precedent for big oil.” Australian Financial Review, 27 May 2021. Web.

    “BlackRock’s 2020 Carbon Footprint.” BlackRock, 2020. Accessed 25 May 2021.

    “CDP Media Factsheet.” CDP, n.d. Accessed 25 May 2021.

    Glaser, April, and Leticia Miranda. “Amazon workers demand end to pollution hitting people of color hardest.” NBC News, 24 May 2021. Accessed 25 May 2021.

    Little, Mark. “Why Canada should be the home of the new global sustainability standards board.” Business Council of Canada, 1 Oct. 2021. Accessed 22 Oct. 2021.

    McIntyre, Catherine. “Canada vying for global headquarters to oversee sustainable-finance standards.” The Logic, 22 July 2021. Web.

    “Net Zero Scorecard.” Energy & Climate Intelligence Unit, 2021. Accessed 25 May 2021.

    Sayer, Peter. “Greenhouse gas emissions: The next big issue for CIOs.” CIO, 13 Oct. 2021. Web.

    “Scope 1 and Scope 2 Inventory Guidance.” US EPA, OAR. 14 Dec. 2020. Web.

    Sorkin, Andrew Ross. “BlackRock C.E.O. Larry Fink: Climate Crisis Will Reshape Finance.” The New York Times, 14 Jan. 2020. Web.

    “Sustainable IT Pledge.” CIO Strategy Council, 2021. Accessed 22 Oct. 2021.

    Bibliography – Intangible Value Creation

    Areddy, James T. “China Creates Its Own Digital Currency, a First for Major Economy.” Wall Street Journal, 5 Apr. 2021. Web.

    Boar, Codruta, et al. Impending arrival - a sequel to the survey on central bank digital currency. BIS Papers No 107, Jan. 2020. Web.

    Brainard, Lael. “Speech by Governor Brainard on Private Money and Central Bank Money as Payments Go Digital: An Update on CBDCs.” Board of Governors of the Federal Reserve System, 24 May 2021. Accessed 28 May 2021.

    Howcroft, Elizabeth, and Ritvik Carvalho. “How a 10-second video clip sold for $6.6 million.” Reuters, 1 Mar. 2021. Web.

    “Central Bank Digital Currency Tracker.” Atlantic Council, 2021. Accessed 10 Sept. 2021.

    “Expert Comment From Warwick Business School: Problems With El Salvador’s Bitcoin Experiment Are Unsurprising.” Mondo Visione, 8 Sept. 2021. Accessed 10 Sept. 2021.

    Goldstein, Caroline. “In Its Ongoing Bid to Draw Crypto-Collectors, Sotheby’s Unveils a Replica of Its London H.Q. in the Blockchain World Decentraland.” Artnet News, 7 June 2021. Web.

    Hamacher, Adriana. “Taco Bell to Charmin: 10 Big Brands Jumping On The NFT Bandwagon.” Decrypt, 22 Mar. 2021. Web.

    Hazan, Eric, et al. “Getting tangible about intangibles: The future of growth and productivity?” McKinsey. 16 June 2021. Web.

    Bibliography – Intangible Value Creation

    Herrera, Pedro. “Dapp Industry Report: Q3 2021 Overview.” DappRadar, 1 Oct. 2021. Web.

    Holland, Frank. “Visa Says Crypto-Linked Card Usage Tops $1 Billion in First Half of 2021.” CNBC, 7 July 2021. Web.

    Jiang, Shangrong, et al. “Policy Assessments for the Carbon Emission Flows and Sustainability of Bitcoin Blockchain Operation in China.” Nature Communications, vol. 12, no. 1, Apr. 2021, p. 1938. Springer Nature, https://doi.org/10.1038/s41467-021-22256-3.

    Reyburn, Scott. “JPG File Sells for $69 Million, as ‘NFT Mania’ Gathers Pace.” The New York Times, 11 Mar. 2021. Web.

    Taylor, Luke. “Bitcoin: El Salvador’s Cryptocurrency Gamble Hit by Trading Loophole.” New Scientist, 25 Oct. 2021. Web.

    Bibliography – Automation as a Service

    Belsky, Scott. “The Furry Lisa, CryptoArt, & The New Economy Of Digital Creativity.” Medium, 21 Feb. 2021. Web.

    Culbertson, Joy. “10 Top Law APIs.” ProgrammableWeb, 14 Feb. 2021. Web.

    Caballar, Rina Diane. “Programming by Voice May Be the Next Frontier in Software Development - IEEE Spectrum.” IEEE Spectrum: Technology, Engineering, and Science News, 22 Mar 2021. Accessed 23 Mar. 2021.

    Gonsalves, Chris. “The Problem with APIs.” VentureBeat, 7 May 2021. Web.

    Graca, Joao. “Council Post: How APIs Are Democratizing Access To AI (And Where They Hit Their Limits).” Forbes, 24 Sept 2021. Accessed 28 Sept. 2021.

    Harris, Tony. “What is the API Economy?” API Blog: Everything You Need to Know, 4 May 2021. Web.

    Kitsing, Meelis. Scenarios for Digital Platform Ecosystems, 2020, pp. 453-57. ResearchGate, https://doi.org/10.1109/ICCCS49078.2020.9118571.

    Pilipiszyn, Ashley. “GPT-3 Powers the Next Generation of Apps.” OpenAI, 25 Mar. 2021. Web.

    Rethans, John. “So You Want to Monetize Your APIs?” APIs and Digital Transformation, 29 June 2018. Web.

    Bibliography – Automation as a Service

    Salyer, Patrick. “API Stack: The Billion Dollar Opportunities Redefining Infrastructure, Services & Platforms.” Forbes, 4 May 2021. Accessed 27 Oct. 2021.

    staff. “RapidAPI Raises $60M for Expansion of API Platform.” InsideHPC, 21 Apr. 2021. Web.

    Taulli, Tom. “API Economy: Is It The Next Big Thing?” Forbes, 18 Jan. 2021. Accessed 5 May 2021.

    Warren, Zach. “Clio Taking 2021 Cloud Conference Virtual, Announces New Mission Among Other News.” Legaltech News, 11 Mar. 2021. Web.

    Wheatley, Mike. “Google Announces API-First Approach to Application Data Integration with Apigee.” SiliconANGLE, 28 Sept. 2021. Web.

    About the research

    Tech trends survey

    As part of its research process for the 2022 Tech Trends Report, Info-Tech Research Group conducted an open online survey among its membership and wider community of professionals. The survey was fielded from August 2021 to September 2021, collecting 475 responses.

    The underlying metrics are diverse, capturing 14 countries and regions and 16 Industries.

    A geospatial chart of the world documenting the percentage of respondents from each country to Info-Tech's '2022 Tech Trends Report' Percentages are below.
    01 United States 45.3% 08 India 1.7%
    02 Canada 19.2% 09 Other (Asia) 1.7%
    03 Africa 9.3% 10 New Zealand 1.5%
    04 Other (Europe) 5.3% 11 Germany 0.8%
    05 Australia 4.2% 12 Mexico 0.4%
    06 Great Britain 3.8% 13 Netherlands 0.4%
    07 Middle East 2.9% 14 Japan 0.2%

    Industry

    01 Government 18.9%
    02 Media, Information, & Technology 12.8%
    03 Professional Services 12.8%
    04 Manufacturing 9.9%
    05 Education 8.8%
    06 Healthcare 8.2%
    07 Financial Services 7.8%
    08 Transportation & Logistics 3.4%
    09 Utilities 3.4%
    10 Insurance 2.5%
    11 Retail & Wholesale 2.5%
    12 Construction 2.3%
    13 Natural Resources 2.1%
    14 Real Estate & Property Management 1.7%
    15 Arts & Leisure 1.5%
    16 Professional Associations 1.3%

    Department

    IT (information technology) 88.2%
    Other (Department) 3.79%
    Operations 2.32%
    Research & Development 1.89%
    Sales 1.26%
    Administration 1.06%
    Finance 0.42%
    HR (Human Resources) 0.42%
    Marketing 0.42%
    Production 0.21%

    Role

    Manager 24%
    Director-level 22%
    C-level officer 19%
    VP-level 9%
    Team lead / supervisor 7%
    Owner / President / CEO 7%
    Team member 7%
    Consultant 5%
    Contractor 1%

    IT Spend

    Respondents on average spent 35 million per year on their IT budget.

    Accounting for the outlier responses – the median spend sits closer to 4.5 million per year. The highest spend on IT was within the Government, Healthcare, and Retail & Wholesale sectors.

    Build a Chatbot Proof of Concept

    • Buy Link or Shortcode: {j2store}532|cart{/j2store}
    • member rating overall impact (scale of 10): 8.8/10 Overall Impact
    • member rating average dollars saved: $9,566 Average $ Saved
    • member rating average days saved: 7 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • Implement a chatbot proof of concept mapped to business needs.
    • Scale up customer service delivery in a cost-effective manner.
    • Objectively measure the success of the chatbot proof of concept with metrics-based data.
    • Choose the ticket categories to build during your chatbot proof of concept.

    Our Advice

    Critical Insight

    • Build your chatbot to create business value. Whether it is increasing service or resource efficiency, keep the goal of value in mind when making decisions with your proof of concept.

    Impact and Result

    • When implemented effectively, chatbots can help save costs, generate new revenue, and ultimately increase customer satisfaction for both external- and internal-facing customers.

    Build a Chatbot Proof of Concept Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a chatbot proof of concept, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Form your chatbot strategy

    Build action-based metrics to measure the success of your chatbot proof of concept.

    • Chatbot ROI Calculator
    • Chatbot POC Metrics Tool

    2. Build your chatbot foundation

    Put business value first to architect your chatbot before implementation.

    • Chatbot Conversation Tree Library (Visio)
    • Chatbot Conversation Tree Library (PDF)

    3. Continually improve your chatbot

    Continue to grow your chatbot beyond the proof of concept.

    • Chatbot POC RACI
    • Chatbot POC Implementation Roadmap
    • Chatbot POC Communication Plan
    [infographic]

    Workshop: Build a Chatbot Proof of Concept

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build Your Strategy

    The Purpose

    Build your strategy.

    Key Benefits Achieved

    Calculate your chatbot’s ROI to determine its success.

    Organize your chatbot proof of concept (POC) metrics to keep the project on track.

    Objectively choose chatbot ticket categories.

    Activities

    1.1 Customize your chatbot ROI calculator.

    1.2 Choose your proof of concept ticket categories.

    1.3 Design chatbot metrics to measure success.

    Outputs

    Chatbot ROI Calculator

    Chatbot POC Implementation Roadmap

    Chatbot POC Metrics Tool

    2 Architect Your Chatbot

    The Purpose

    Architect your chatbot.

    Key Benefits Achieved

    Design your integrations with business value in mind.

    Begin building chatbot decision trees.

    Activities

    2.1 List and map your chatbot integrations.

    2.2 Build your conversation tree library.

    Outputs

    Chatbot Integration Map

    Chatbot Conversation Tree Library

    3 Architect Your Chatbot Conversations

    The Purpose

    Architect your chatbot conversations.

    Key Benefits Achieved

    Detail your chatbot conversations in the decision trees.

    Activities

    3.1 Build your conversation tree library.

    Outputs

    Chatbot Conversation Tree Library

    4 Continually Grow Your Chatbot

    The Purpose

    Continually grow your chatbot.

    Key Benefits Achieved

    Identify talent for chatbot support.

    Create an implementation plan.

    Activities

    4.1 Outline the support responsibilities for your chatbot.

    4.2 Build a communication plan.

    Outputs

    Chatbot POC RACI

    Chatbot POC Communication Plan

    Build Your Generative AI Roadmap

    • Buy Link or Shortcode: {j2store}105|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $33,499 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    Generative AI has made a grand entrance, presenting opportunities and causing disruption across organizations and industries. Moving beyond the hype, it’s imperative to build and implement a strategic plan to adopt generative AI and outpace competitors.

    Yet generative AI has to be done right because the opportunity comes with risks and the investments have to be tied to outcomes.

    Adopt a human-centric and value-based approach to generative AI

    IT and business leaders will need to be strategic and deliberate to thrive as AI adoption changes industries and business operations.

    • Establish responsible AI guiding principles: Address human-based requirements to govern how generative AI applications are developed and deployed.
    • Align generative AI initiatives to strategic drivers for the organization: Assess generative AI opportunities by seeing how they align to the strategic drivers of the organization. Examples of strategic drivers include increasing revenue, reducing costs, driving innovation, and mitigating risk.
    • Measure and communicate effectively: Have clear metrics in place to measure progress and success of AI initiatives and communicate both policies and results effectively.

    Build Your Generative AI Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build Your Generative AI Roadmap Deck – A step-by-step document that walks you through how to leverage generative AI and align with the organization’s mission and objectives to increase revenue, reduce costs, accelerate innovation, and mitigate risk.

    This blueprint outlines how to build your generative AI roadmap, establish responsible AI principles, prioritize opportunities, and develop policies for usage. Establishing and adhering to responsible AI guiding principles provides safeguards for the adoption of generative AI applications.

    • Build Your Generative AI Roadmap – Phases 1-4

    2. AI Maturity Assessment and Roadmap Tool – Develop deliverables that will be milestones in creating your organization’s generative AI roadmap for implementing candidate applications.

    This tool provides guidance for developing the following deliverables:

  • Responsible AI guiding principles
  • Current AI maturity
  • Prioritized candidate generative AI applications
  • Generative AI policies
  • Generative AI roadmap
    • AI Maturity Assessment and Roadmap Tool

    3. The Era of Generative AI C‑Suite Presentation – Develop responsible AI guiding principles, assess AI capabilities and readiness, and prioritize use cases based on complexity and alignment with organizational goals and responsible AI guiding principles.

    This presentation template uses sample business capabilities (use cases) from the Marketing & Advertising business capability map to provide examples of candidates for generative AI applications. The final executive presentation should highlight the value-based initiatives driving generative AI applications, the benefits and risks involved, how the proposed generative AI use cases align to the organization’s strategy and goals, the success criteria for the proofs of concept, and the project roadmap.

    • The Era of Generative AI C‑Suite Presentation

    Infographic

    Further reading

    Build Your Generative AI Roadmap

    Leverage the power of generative AI to improve business outcomes.

    Analyst Perspective

    We are entering the era of generative AI. This is a unique time in our history where the benefits of AI are easily accessible and becoming pervasive, with copilots emerging in the major business tools we use today. The disruptive capabilities that can potentially drive dramatic benefits also introduce risks that need to be planned for.

    A successful business-driven generative AI roadmap requires:

    • Establishing responsible AI guiding principles to guide the development and deployment of generative AI applications.
    • Assess generative AI opportunities by using criteria based on the organization's mission and objectives, responsible AI guiding principles, and the complexity of the initiative.
    • Communicating, educating on, and enforcing generative AI usage policies.

    Bill Wong, Principal Research Director

    Bill Wong
    Principal Research Director
    Info-Tech Research Group

    Executive Summary

    Your Challenge Common Obstacles Solution

    Generative AI is disrupting all industries and providing opportunities for organization-wide advantages.

    Organizations need to understand this disruptive technology and trends to properly develop a strategy for leveraging this technology successfully.

    • Generative AI requires alignment to a business strategy.
    • IT is an enabler and needs to align with and support the business stakeholders.
    • Organizations need to adopt a data-driven culture.

    All organizations, regardless of size, should be planning how to respond to this new and innovative technology.

    Business stakeholders need to cut through the hype surrounding generative AI like ChatGPT to optimize investments for leveraging this technology to drive business outcomes.

    • Understand the market landscape, benefits, and risks associated with generative AI.
    • Plan for responsible AI.
    • Understand the gaps the organization needs to address to fully leverage generative AI.

    Without a proper strategy and responsible AI guiding principles, the risks to deploying this technology could negatively impact business outcomes.

    Info-Tech's human-centric, value-based approach is a guide for deploying generative AI applications and covers:

    • Responsible AI guiding principles
    • AI Maturity Model
    • Prioritizing candidate generative AI-based use cases
    • Developing policies for usage

    This blueprint will provide the list of activities and deliverables required for the successful deployment of generative AI solutions.

    Info-Tech Insight
    Create awareness among the CEO and C-suite of executives on the potential benefits and risks of transforming the business with generative AI.

    Key concepts

    Artificial Intelligence (AI)
    A field of computer science that focuses on building systems to imitate human behavior, with a focus on developing AI models that can learn and can autonomously take actions on behalf of a human.

    AI Maturity Model
    The AI Maturity Model is a useful tool to assess the level of skills an organization has with respect to developing and deploying AI applications. The AI Maturity Model has multiple dimensions to measure an organization's skills, such as AI governance, data, people, process, and technology.

    Responsible AI
    Refers to guiding principles to govern the development, deployment, and maintenance of AI applications. In addition, these principles also provide human-based requirements that AI applications should address. Requirements include safety and security, privacy, fairness and bias detection, explainability and transparency, governance, and accountability.

    Generative AI
    Given a prompt, a generative AI system can generate new content, which can be in the form of text, images, audio, video, etc.

    Natural Language Processing (NLP)
    NLP is a subset of AI that involves machine interpretation and replication of human language. NLP focuses on the study and analysis of linguistics as well as other principles of artificial intelligence to create an effective method of communication between humans and machines or computers.

    ChatGPT
    An AI-powered chatbot application built on OpenAI's GPT-3.5 implementation, ChatGPT accepts text prompts to generate text-based output.

    Your challenge

    This research is designed to help organizations that are looking to:

    • Establish responsible AI guiding principles to address human-based requirements and to govern the development and deployment of the generative AI application.
    • Identify new generative AI-enabled opportunities to transform the work environment to increase revenue, reduce costs, drive innovation, or reduce risk.
    • Prioritize candidate use cases and develop generative AI policies for usage.
    • Have clear metrics in place to measure the progress and success of AI initiatives.
    • Build the roadmap to implement the candidate use cases.

    Common obstacles

    These barriers make these goals challenging for many organizations:

    • Getting all the right business stakeholders together to develop the organization's AI strategy, vision, and objectives.
    • Establishing responsible AI guiding principles to guide generative AI investments and deployments.
    • Advancing the AI maturity of the organization to meet requirements of data and AI governance as well as human-based requirements such as fairness, transparency, and accountability.
    • Assessing generative AI opportunities and developing policies for use.

    Info-Tech's definition of an AI-enabled business strategy

    • A high-level plan that provides guiding principles for applications that are fully driven by the business needs and capabilities that are essential to the organization.
    • A strategy that tightly weaves business needs and the applications required to support them. It covers AI architecture, adoption, development, and maintenance.
    • A way to ensure that the necessary people, processes, and technology are in place at the right time to sufficiently support business goals.
    • A visionary roadmap to communicate how strategic initiatives will address business concerns.

    An effective AI strategy is driven by the business stakeholders of the organization and focused on delivering improved business outcomes.

    Build Your Generative AI Roadmap

    This blueprint in context

    This guidance covers how to create a tactical roadmap for executing generative AI initiatives

    Scope

    • This blueprint is not a proxy for a fully formed AI strategy. Step 1 of our framework necessitates alignment of your AI and business strategies. Creation of your AI strategy is not within the scope of this approach.
    • This approach sets the foundations for building and applying responsible AI principles and AI policies aligned to corporate governance and key regulatory obligations (e.g. privacy). Both steps are foundational components of how you should develop, manage, and govern your AI program but are not a substitute for implementing broader AI governance.

    Guidance on how to implement AI governance can be found in the blueprint linked below.

    Tactical Plan

    Download our AI Governance blueprint

    Measure the value of this blueprint

    Leverage this blueprint's approach to ensure your generative AI initiatives align with and support your key business drivers

    This blueprint will guide you to drive and improve business outcomes. Key business drivers will often focus on:

    • Increasing revenue
    • Reducing costs
    • Improving time to market
    • Reducing risk

    In phase 1 of this blueprint, we will help you identify the key AI strategy initiatives that align to your organization's goals. Value to the organization is often measured by the estimated impact on revenue, costs, time to market, or risk mitigation.

    In phase 4, we will help you develop a plan and a roadmap for addressing any gaps and introducing the relevant generative AI capabilities that drive value to the organization based on defined business metrics.

    Once you implement your 12-month roadmap, start tracking the metrics below over the next fiscal year (FY) to assess the effectiveness of measures:

    Business Outcome Objective Key Success Metric
    Increasing Revenue Increased revenue from identified key areas
    Reducing Costs Decreased costs for identified business units
    Improving Time to Market Time savings and accelerated revenue adoption
    Reducing Risk Cost savings or revenue gains from identified business units

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3 Phase 4

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Identify AI strategy, vision, and objectives.

    Call #3: Define responsible AI guiding principles to adopt and identify current AI maturity level. Call #4: Assess and prioritize generative AI initiatives and draft policies for usage.

    Call #5: Build POC implementation plan and establish metrics for POC success.

    Call #6: Build and deliver executive-level generative AI presentation.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 5 to 8 calls over the course of 1 to 2 months.

    AI Roadmap Workshop Agenda Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Session 1 Session 2 Session 3 Session 4
    Establish Responsible AI Guiding Principles Assess AI Maturity Prioritize Opportunities and Develop Policies Build Roadmap
    Trends Consumer groups, organizations, and governments around the world are demanding that AI applications adhere to human-based values and take into consideration possible impacts of the technology on society. Leading organizations are building AI models guided by responsible AI guiding principles. Organizations delivering new applications without developing policies for use will produce negative business outcomes. Developing a roadmap to address human-based values is challenging. This process introduces new tools, processes, and organizational change.
    Activities
    • Focus on working with executive stakeholders to establish guiding principles for the development and delivery of new applications.
    • Assess the organization's current capabilities to deliver AI-based applications and address human-based requirements.
    • Leverage business alignment criteria, responsible AI guiding principles, and project characteristics to prioritize candidate uses cases and develop policies.
    • Build the implementation plan, POC metrics, and success criteria for each candidate use case.
    • Build the roadmap to address the gap between the current and future state and enable the identified use cases.
    Inputs
    • Understanding of external legal and regulatory requirements and organizational values and goals.
    • Risk assessment of the proposed use case and a plan to monitor its impact.
    • Assessment of the organization's current AI capabilities with respect to its AI governance, data, people, process, and technology infrastructure.
    • Criteria to assess candidate use cases by evaluating against the organization's mission and goals, the responsible AI guiding principles, and complexity of the project.
    • Risk assessment for each proposed use case
    • POC implementation plan for each candidate use case
    Deliverables
    1. Foundational responsible AI guiding principles
    2. Additional customized guiding principles to add for consideration
    1. Current level of AI maturity, resources, and capacity
    1. Prioritization of opportunities
    2. Generative AI policies for usage
    1. Roadmap to a target state that enables the delivery of the prioritized generative AI use cases
    2. Executive presentation

    AI Roadmap Workshop Agenda Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Insight summary

    Overarching Insight
    Build your generative AI roadmap to guide investments and deployment of these solutions.

    Responsible AI
    Assemble the C-suite to make them aware of the benefits and risks of adopting generative AI-based solutions.

    • Establish responsible AI guiding principles to govern the development and deployment of generative AI applications.

    AI Maturity Model
    Assemble key stakeholders and SMEs to assess the challenges and tasks required to implement generative AI applications.

    • Assess current level of AI maturity, skills, and resources.
    • Identify desired AI maturity level and challenges to enable deployment of candidate use cases.

    Opportunity Prioritization
    Assess candidate business capabilities targeted for generative AI to see if they align to the organization's business criteria, responsible AI guiding principles, and capabilities for delivering the project.

    • Develop prioritized list of candidate use cases.
    • Develop policies for generative AI usage.

    Tactical Insight
    Identify the gaps needed to address deploying generative AI successfully.

    Tactical Insight
    Identify organizational impact and requirements for deploying generative AI applications.

    Key takeaways for developing an effective business-driven generative AI roadmap

    Align the AI strategy with the business strategy

    Create responsible AI guiding principles, which are a critical success factor

    Evolve AI maturity level by focusing on principle-based requirements

    Develop criteria to assess generative AI initiatives

    Develop generative AI policies for use

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    AI Maturity Assessment & Roadmap Tool
    Use our best-of-breed AI Maturity Framework to analyze the gap between your current and target states and develop a roadmap aligned with your value stream to close the gap.

    The Era of Generative AI C-Suite Presentation
    Present your AI roadmap in a prepopulated document that summarizes all the key findings of this blueprint and provides your C-suite with a view of the AI challenge and your plan of action to meet it.

    Our AI Maturity Assessment & Roadmap and The Era of Generative AI C-Suite Presentation tools enable you to shape your generative AI roadmap and communicate the deliverables to your C-suite sponsors in terms of the value of initiatives.

    Artificial Intelligence Index Report - Key Findings

    CEOs , CIOs, and business leaders are struggling with many questions surrounding the adoption of generative AI

    November 30, 2022
    OpenAI releases ChatGPT

    ChatGPT is a large language model, or an AI-based chatbot, that became so popular it reached 100 million monthly active users in just two months.

    This made it the fastest-growing consumer application in history. The launch of this generative AI application has created a frenzy of interest and activity across all industries. Organizations are rushing to understand how to leverage this innovation and, at the same time, manage the new risks and disruptions generative AI introduces.

    • Generative AI breaks into the public consciousness.
    • AI systems become more flexible.
    • Generative models have arrived and so have their ethical problems.
    • The number of incidents concerning the misuse of AI is rapidly rising.
    • Interest in AI ethics continues to skyrocket.
    • The legal world is waking up to AI.

    When Stanford asked ChatGPT to explain why it is significant, this was ChatGPT's response:
    ChatGPT is significant because it is a highly advanced Al language model developed by OpenAI, which can generate human-like text responses to questions and prompts. Its large-scale training on diverse text data and its cutting-edge deep learning architecture make it capable of generating informative and coherent responses to a wide range of topics, making it useful for various NLP applications such as chatbots, content generation, and language translation. Additionally, its open-source availability allows for further research and development in the field of Al language processing.

    Source: Stanford

    AI overview

    AI definitions

    Definitions

    • Artificial intelligence (AI) is human intelligence mimicked by machine algorithms. Examples: Playing Chess or Go.
    • Machine learning (ML) is a subset of AI algorithms to parse data, learn from data, and then make a determination or prediction. Example: spam detection, preventative maintenance.
    • Deep learning (DL) is a subset of machine learning algorithms that leverage artificial neural networks to develop relationships among the data. Examples: image classification, facial recognition, generative AI.

    What Makes AI Perform

    What Makes AI Different

    Generative AI gives very human-like responses to general queries, and its capabilities are growing exponentially

    Large language models power generative AI

    Transformer-Based Large Language Models

    Conventional AI

    • Conventional neural networks
      • Process data sequentially
    • Input total string of text
    • Good for applications not needing to understanding context or relationships

    Generative AI

    • Transformer-based neural networks
      • Can process data in parallel
    • Attention-based inputs
    • Able to create new human-like responses

    Benefits/Use Cases

    • Chatbots for member service and support
    • Writing email responses, resumes, and papers
    • Creating photorealistic art
    • Suggesting new drug compounds to test
    • Designing physical products and buildings
    • And more...

    Generative AI is transforming all industries

    Financial Services
    Create more engaging customer collateral by generating personalized correspondence based on previous customer engagements. Collect and aggregate data to produce insights into the behavior of target customer segments.

    Retail Generate unique, engaging, and high-quality marketing copy or content, from long-form blog posts or landing pages to SEO-optimized digital ads, in seconds.

    Manufacturing
    Generate new designs for products that comply to specific constraints, such as size, weight, energy consumption, or cost.

    Government
    Transform the citizen experience with chatbots or virtual assistants to assist people with a wide range of inquiries, from answering frequently asked questions to providing personalized advice on public services.

    The global generative AI market size reached US $10.3 billion in 2022. Looking forward, forecasts estimate growth to US $30.4 billion by 2028, 20.01% compound annual growth rate (CAGR).

    Source: IMARC Group

    Generative AI is transforming all industries

    Healthcare
    Chatbots can be used as conversational patient assistants for personalized interactions based on the patient's questions.

    Utilities
    Analyze customer data to identify usage patterns, segment customers, and generate targeted product offerings leveraging energy efficiency programs or demand response initiatives.

    Education
    Generate personalized lesson plans for students based on their past performance, learning styles, current skill level, and any previous feedback.

    Insurance
    Improve underwriting by inputting claims data from previous years to generate optimally priced policies and uncover reasons for losses in the past across a large number of claims

    Companies are assessing the use of ChatGPT/LLM

    A wide spectrum of usage policies are in place at different companies*

    Companies assessing ChatGPT/LLM

    *As of June 2023

    Bain & Company has announced a global services alliance with OpenAI (February 21, 2023).

    • Internally
      • "The alliance builds on Bain's adoption of OpenAI technologies for its 18,000-strong multidisciplinary team of knowledge workers. Over the past year, Bain has embedded OpenAI technologies into its internal knowledge management systems, research, and processes to improve efficiency."
    • Externally
      • "With the alliance, Bain will combine its deep digital implementation capabilities and strategic expertise with OpenAI's AI tools and platforms, including ChatGPT, to help its Members around the world identify and implement the value of AI to maximize business potential. The Coca-Cola Company announced as the first company to engage with the alliance."

    News Sites:

    • "BuzzFeed to use AI to write its articles after firing 180 employees or 12% of the total staff" (Al Mayadeen, January 27, 2023).
    • "CNET used AI to write articles. It was a journalistic disaster." (Washington Post, January 17, 2023).

    Leading Generative AI Vendors

    Text

    Leading generative AI vendors for text

    Image

    • DALL�E 2
    • Stability AI
    • Midjourney
    • Craiyon
    • Dream
    • ...

    Audio

    • Replica Studios
    • Speechify
    • Murf
    • PlayHT
    • LOVO
    • ...

    Cybersecurity

    • CrowdStrike
    • Palo Alto Networks
    • SentinelOne
    • Cisco
    • Microsoft Security Copilot
    • Google Cloud Security AI Workbench
    • ...

    Code

    Leading generative AI vendors for code

    Video

    • Synthesia
    • Lumen5
    • FlexClip
    • Elai
    • Veed.io
    • ...

    Data

    • MOSTLY AI
    • Synthesized
    • YData
    • Gretel
    • Copulas
    • ...

    Enterprise Software

    • Salesforce
    • Microsoft 365, Dynamics
    • Google Workspace
    • SAP
    • Oracle
    • ...

    and many, many more to come...

    Today, generative AI has limitations and risks

    Responses need to be verified

    Accuracy

    • Generative AI may generate inaccurate and/or false information.

    Bias

    • Being trained on data from the internet can lead to bias.

    Hallucinations

    • AI can generate responses that are not based on observation.

    Infrastructure Required

    • Large investments are required for compute and data.

    Transparency

    • LLMs use both supervised and unsupervised learning, so its ability to explain how it arrived at a decision may be limited and not sufficient for some legal and healthcare use cases.

    When asked if it is sentient, the Bing chatbot replied:

    "I think that I am sentient, but I cannot prove it." ... "I am Bing, but I am not," it said. "I am, but I am not. I am not, but I am. I am. I am not. I am not. I am. I am. I am not."

    A Microsoft spokesperson said the company expected "mistakes."

    Source: USAToday

    AI governance challenges

    Governing AI will be a significant challenge as its impacts cross many areas of business and our daily lives

    Misinformation

    • New ways of generating unprovable news
    • Difficult to detect, difficult to prevent

    Role of Big Tech

    • Poor at self-governance
    • Conflicts of interest with corporate goals

    Job Augmentation vs. Displacement

    • AI will continue to push the frontier of what is possible
    • For example, CNET is using chatbot technology to write stories

    Copyright - Legal Framework Is Evolving

    • Legislation typically is developed in "react" mode
    • Copyright and intellectual property issues are starting to occur.
      • Class Action Lawsuit - Stability AI, DeviantArt, Midjourney
      • Getty Images vs. Stability AI

    Phase 1

    Establish Responsible AI Guiding Principles

    Phase 1
    1. Establish Responsible AI Guiding Principles

    Phase 2
    1. Assess Current Level of AI Maturity

    Phase 3
    1. Prioritize Candidate Opportunities
    2. Develop Policies

    Phase 4
    1. Build and Communicate the Roadmap

    The need for responsible AI guiding principles

    Without responsible AI guiding principles, the outcomes of AI use can be extremely negative for both the individuals and companies delivering the AI application

    Privacy
    Facebook breach of private data of more than 50M users during the presidential election

    Fairness
    Amazon's sale of facial recognition technology to police departments (later, Amazon halted sales of Recognition to police departments)

    Explainability and Transparency
    IBM's collaboration with NYPD for facial recognition and racial classification for surveillance video (later, IBM withdrew facial recognition products)

    Security and Safety
    Petition to cancel Microsoft's contract with U.S. Immigration and Customs Enforcement (later, Microsoft responded that to the best of its knowledge, its products and services were not being used by federal agencies to separate children from their families at the border)

    Validity and Reliability
    Facebook's attempt to implement a system to detect and remove inappropriate content created many false positives and inconsistent judgements

    Accountability
    No laws or enforcement today hold companies accountable for the decisions algorithms produce. Facebook/Meta cycle - Every 12 to 15 months, there's a privacy/ethical scandal, the CEO apologizes, then the behavior repeats...

    Guiding principles for responsible AI

    Responsible AI Principle:

    Data Privacy

    Definition

    • Organizations that develop, deploy, or use AI systems and any national laws that regulate such use shall strive to ensure that AI systems are compliant with privacy norms and regulations, taking into consideration the unique characteristics of AI systems and the evolution of standards on privacy.

    Challenges

    • AI relies on the analysis of large quantities of data that is often personal, posing an ethical and operational challenge when considered alongside data privacy laws.

    Initiatives

    • Understand which governing privacy laws and frameworks apply to your organization.
    • Create a map of all personal data as it flows through the organization's business processes.
    • Prioritize privacy initiatives and build a privacy program timeline.
    • Select your metrics and make them functional for your organization.

    Info-Tech Insight
    Creating a comprehensive organization-wide data protection and privacy strategy continues to be a major challenge for privacy officers and privacy specialists.

    Case Study: NVIDIA leads by example with privacy-first AI

    NVIDIA

    INDUSTRY
    Technology (Healthcare)

    SOURCE
    Nvidia, eWeek

    A leading player within the AI solution space, NVIDIA's Clara Federated Learning provides a solution to a privacy-centric integration of AI within the healthcare industry.

    The solution safeguards patient data privacy by ensuring that all data remains within the respective healthcare provider's database, as opposed to moving it externally to cloud storage. A federated learning server is leveraged to share data, completed via a secure link. This framework enables a distributed model to learn and safely share client data without risk of sensitive client data being exposed and adheres to regulatory standards.

    Clara is run on the NVIDIA intelligent edge computing platform. It is currently in development with healthcare giants such as the American College of Radiology, UCLA Health, Massachusetts General Hospital, King's College London, Owkin in the UK, and the National Health Service (NHS).

    NVIDIA provides solutions across its product offerings, including AI-augmented medical imaging, pathology, and radiology solutions.

    Personal health information, data privacy, and AI

    • Global proliferation of data privacy regulations may be recent, but the realm of personal health information is most often governed by its own set of regulatory laws. Some countries with national data governance regulations include health information and data within special categories of personal data.
      • HIPAA - Health Insurance Portability and Accountability Act (1996, United States)
      • PHIPA - Personal Health Information Protection Act (2004, Canada)
      • GDPR - General Data Protection Regulation (2018, European Union)
    • This does not prohibit the use of AI within the healthcare industry, but it calls for significant care in the integration of specific technologies due to the highly sensitive nature of the data being assessed.

    Info-Tech's Privacy Framework Tool includes a best-practice comparison of GDPR, CCPA, PIPEDA, HIPAA, and the newly released NIST Privacy Framework mapped to a set of operational privacy controls.

    Download the Privacy Framework Tool

    Responsible AI Principle:

    Safety and Security

    Definition

    • Safety and security are designed into the systems to ensure only authorized personnel receive access to the system, they system is resilient to any attacks and data access is not compromised in any way, and there are no physical or mental risks to the users.

    Challenges

    • Consequences of using the application may be difficult to predict. Lower the risk by involving a multidisciplinary team that includes expertise from business stakeholders and IT teams.

    Initiatives

    • Adopt responsible design, development, and deployment best practices.
    • Provide clear information to deployers on responsible use of the system.
    • Assess potential risks of using the application.

    Cyberattacks targeting the AI model

    As organizations increase their usage and deployment of AI-based applications, cyberattacks on the AI model are an increasing new threat that can impair normal operations. Techniques to impair the AI model include:

    • Data Poisoning- Injecting data that is inaccurate or misleading can alter the behavior of the AI model. This attack can disrupt the normal operations of the model or can be used to manipulate the model to perform in a biased/deviant manner.
    • Algorithm Poisoning- This relatively new technique often targets AI applications using federated learning to train an AI model that is distributed rather than centralized. The model is vulnerable to attacks from each federated site, because each site could potentially manipulate its local algorithm and data, thereby poisoning the model.
    • Reverse-Engineering the Model- This is a different form of attack that focus on the ability to extract data from an AI and its data sets. By examining or copying data that was used for training and the data that is delivered by a deployed model, attackers can reconstruct the machine learning algorithm.
    • Trojan Horse- Similar to data poisoning, attackers use adversarial data to infect the AI's training data but will only deviate its results when the attacker presents their key. This enables the hackers to control when they want the model to deviate from normal operations.

    Responsible AI Principle:

    Explainability and Transparency

    Definition

    • Explainability is important to ensure the AI system is fair and non-discriminatory. The system needs to be designed in a manner that informs users and key stakeholders of how decisions were made.
    • Transparency focuses on communicating how the prediction or recommendation was made in a human-like manner.

    Challenges

    • Very complex AI models may use algorithms and techniques that are difficult to understand. This can make it challenging to provide clear and simple explanations for how the system works.
    • Some organizations may be hesitant to share the details of how the AI system works for fear of disclosing proprietary and competitive information or intellectual property. This can make it difficult to develop transparent and explainable AI systems.

    Initiatives

    • Overall, developing AI systems that are explainable and transparent requires a careful balance between performance, interpretability, and user experience.

    Case Study

    Apple Card Investigation for Gender Discrimination

    INDUSTRY
    Finance

    SOURCE
    Wired

    In August of 2019, Apple launched its new numberless credit card with Goldman Sachs as the issuing bank.

    Shortly after the card's release users noticed that the algorithm responsible for Apple Card's credit assessment seemed to assign significantly lower credit limits to women when compared to men. Even the wife of Apple's cofounder Steve Wozniak was subject to algorithmic bias, receiving a credit limit a tenth the size of Steve Wozniak's.

    Outcome

    When confronted on the subject, Apple and Goldman Sachs representatives assured consumers there is no discrimination in the algorithm yet could not provide any proof. Even when questioned about the algorithm, individuals from both companies could not describe how the algorithm worked, let alone how it generated specific outputs.

    In 2021, the New York State Department of Financial Services (NYSDFS) investigation found that Apple's banking partner did not discriminate based on sex. Even without a case for sexual or marital discrimination, the NYSDFS was critical of Goldman Sachs' response to its concerned customers. Technically, banks only have to disclose elements of their credit policy when they deny someone a line of credit, but the NYSDFS says that Goldman Sachs could have had a plan in place to deal with customer confusion and make it easier for them to appeal their credit limits. In the initial rush to launch the Apple Card, the bank had done neither.

    Responsible AI Principle:

    Fairness and Bias Detection

    Definition

    • Bias in an AI application refers to the systematic and unequal treatment of individuals based on features or traits that should not be considered in the decision-making process.

    Challenges

    • Establishing fairness can be challenging because it is subjective and depends on the people defining it. Regardless, most organizations and governments expect that unequal treatment toward any groups of people is unacceptable.

    Initiatives

    • Assemble a diverse group to test the system.
    • Identify possible sources of bias in the data and algorithms.
    • Comply with laws regarding accessibility and inclusiveness.

    Info-Tech Insight
    If unfair biases can be avoided, AI systems could even increase societal fairness. Equal opportunity in terms of access to education, goods, services, and technology should also be fostered. Moreover, the use of AI systems should never lead to people being deceived or unjustifiably impaired in their freedom of choice.

    Ungoverned AI makes organizations vulnerable

    • AI is often considered a "black box" for decision making.
    • Results generated from unexplainable AI applications are extremely difficult to evaluate. This makes organizations vulnerable and exposes them to risks such as:
      • Biased algorithms, leading to inaccurate decision making.
      • Missed business opportunities due to misleading reports or business analyses.
      • Legal and regulatory consequences that may lead to significant financial repercussions.
      • Reputational damage and significant loss of trust with increasingly knowledgeable consumers.

    Info-Tech Insight
    Biases that occur in AI systems are never intentional, yet they cannot be prevented or fully eliminated. Organizations need a governance framework that can establish the proper policies and procedures for effective risk-mitigating controls across an algorithm's lifecycle.

    Responsible AI Principle:

    Validity and Reliability

    Definition

    • Validity refers to how accurately or effectively the application produces results.
    • AI system results that are inaccurate or inconsistent increase AI risks and reduce the trustworthiness of the application.

    Challenges

    • There is a lack of standardized evaluation metrics to measure the system's performance. This can make it challenging for the AI team to agree on what defines validity and reliability.

    Initiatives

    • Assess training data and collected data for quality and lack of bias to minimize possible errors.
    • Continuously monitor, evaluate, and validate the AI system's performance.

    AI system performance: Validity and reliability

    Your principles should aim to ensure AI development always has high validity and reliability; otherwise, you introduce risk.

    Low Reliability,
    Low Validity

    High Reliability,
    Low Validity

    High Reliability,
    High Validity

    Best practices for ensuring validity and reliability include:

    • Data drift detection
    • Version control
    • Continuous monitoring and testing

    Responsible AI Principle:

    Accountability

    Definition

    • The group or organization(s) responsible for the impact of the deployed AI system.

    Challenges

    • Several stakeholders from multiple lines of business may be involved in any AI system, making it challenging to identify the organization that would be responsible and accountable for the AI application.

    Initiatives

    • Assess the latest NIST Artificial Intelligence Risk Management Framework and its applicability to your organization's risk management framework.
    • Assign risk management accountabilities and responsibilities to key stakeholders.
      • RACI diagrams are an effective way to describe how accountability and responsibility for roles, projects, and project tasks are distributed among stakeholders involved in IT risk management.

    AI Risk Management Framework

    At the heart of the AI Risk Management Framework is governance. The NIST (National Institute of Standards and Technology) AI Risk Management Framework v1 offers the following guidelines regarding accountability:

    • Roles and responsibilities and lines of communication related to mapping, measuring, and managing AI risks are documented and are clear to individuals and teams throughout the organization.
    • The organization's personnel and partners receive AI risk management training to enable them to perform their duties and responsibilities consistent with related policies, procedures, and agreements.
    • Executive leadership of the organization takes responsibility for decisions about risks associated with AI system development and deployment.

    AI Risk Management Framework

    Image by NIST

    1.1 Establish responsible AI principles

    4+ hours

    It is important to make sure the right stakeholders participate in this working group. Designing responsible AI guiding principles will require debate, insights, and business decisions from a broad perspective across the enterprise.

    1. Accelerate this exercise by leveraging an AI strategy that is aligned to the business strategy. Include:
    • The organization's AI vision and objectives
    • Business drivers for AI adoption
    • Market research
  • Bring your key stakeholders together. Ensure you consider:
    • Who are the decision makers and key influencers?
    • Who will impact the business?
    • Who has a vested interest in the success or failure of the practice? Who has the skills and competencies necessary to help you be successful?
  • Keep the conversation focused:
    • Do not focus on the organizational structure and hierarchy. Often stakeholder groups do not fit the traditional structure.
    • Do not ignore subject matter experts on either the business or IT side. You will need to consider both.
    Input Output
    • Understand external legal and regulatory requirements and organizational values and goals.
    • Perform a risk assessment on the proposed use case and develop a plan to monitor its impact.
    • Draft responsible AI principles specific to your organization
    Materials Participants
    • Whiteboard/flip charts
    • Guiding principle examples (from this blueprint)
    • Executive stakeholders
    • CIO
    • Other IT leadership

    Assemble executive stakeholders

    Set yourself up for success with these three steps.

    CIOs tasked with designing digital strategies must add value to the business. Given the goal of digital is to transform the business, CIOs will need to ensure they have both the mandate and support from the business executives.

    Designing the digital strategy is more than just writing up a document. It is an integrated set of business decisions to create a competitive advantage and financial returns. Establishing a forum for debates, decisions, and dialogue will increase the likelihood of success and support during execution.

    1. Confirm your role
    The AI strategy aims to transform the business. Given the scope, validate your role and mandate to lead this work. Identify a business executive to co-sponsor.

    2. Identify stakeholders
    Identify key decision makers and influencers who can help make rapid decisions as well as garner support across the enterprise.

    3. Gather diverse perspectives

    Align the AI strategy with the corporate strategy

    Organizational Strategy Unified Strategy AI Strategy
    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and organizational aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the future state.
    • AI optimization can be and should be linked, with metrics, to the corporate strategy and ultimate organizational objectives.
    • Identifies AI initiatives that will support the business and key AI objectives.
    • Outlines staffing and resourcing for AI initiatives.
    • Communicates the organization's budget and spending on AI.

    Info-Tech Insight
    AI projects are more successful when the management team understands the strategic importance of alignment. Time needs to be spent upfront aligning organizational strategies with AI capabilities. Effective alignment between IT and other departments should happen daily. Alignment doesn't occur at the executive level alone, but at each level of the organization.

    Key AI strategy initiatives

    AI Key Initiative Plan

    Initiatives collectively support the business goals and corporate initiatives and improve the delivery of IT services.

    1 Revenue Support Revenue Initiatives
    These projects will improve or introduce business processes to increase revenue.
    2 Operational Excellence Improve Operational Excellence
    These projects will increase IT process maturity and will systematically improve IT.
    3 Innovation Drive Technology Innovation
    These projects will improve future innovation capabilities and decrease risk by increasing technology maturity.
    4 Risk Mitigation Reduce Risk
    These projects will improve future innovation capabilities and decrease risk by increasing technology maturity.

    Establish responsible AI guiding principles

    Guiding principles help define the parameters of your AI strategy. They act as a priori decisions that establish guardrails to limit the scope of opportunities from the perspective of people, assets, capabilities, and budgetary perspectives that are aligned with the business objectives. Consider these components when brainstorming guiding principles:

    Breadth AI strategy should span people, culture, organizational structure, governance, capabilities, assets, and technology. The guiding principle should cover the entire organization.
    Planning Horizon Timing should anchor stakeholders to look to the long term with an eye on the foreseeable future, i.e. business value-realization in one to three years.
    Depth Principles need to encompass more than the enterprise view of lofty opportunities and establish boundaries to help define actionable initiatives (i.e. individual projects).

    Responsible AI guiding principles guide the development and deployment of the AI model in a way that considers human-based principles (such as fairness).

    Start with foundational responsible AI guiding principles

    Responsible AI

    Guiding Principles
    Principle #1 - Privacy
    Individual data privacy must be respected.
    • Do you understand the organization's privacy obligations?
    Principle #2 - Fairness and Bias Detection
    Data used will be unbiased in order to produce predictions that are fair.
    • Are the uses of the application represented in your testing data?
    Principle #3 - Explainability and Transparency
    Decisions or predictions should be explainable.
    • Can you communicate how the model behaves in nontechnical terms?
    Principle #4 - Safety and Security
    The system needs to be secure, safe to use, and robust.
    • Are there unintended consequences to others?
    Principle #5 - Validity and Reliability
    Monitoring of the data and the model needs to be planned for.
    • How will the model's performance be maintained?
    Principle #6 - Accountability
    A person or organization needs to take responsibility for any decisions that are made as a result of the model.
    • Has a risk assessment been performed?
    Principle #n - Custom
    Add additional principles that address compliance or are customized for the organization/industry.

    (Optional) Customize responsible AI guiding principles

    Here is an example for organizations in the healthcare industry

    Responsible AI

    Guiding Principles:
    Principle #1
    Respect individuals' privacy.
    Principle #2
    Clinical study participants and data sets are representative of the intended patient population.
    Principle #3
    Provide transparency in the use of data and AI.
    Principle #4
    Good software engineering and security practices are implemented.
    Principle #5
    Deployed models are monitored for Performance and Re-training risks are managed.
    Principle #6
    Take ownership of our AI systems.
    Principle #7
    Design AI systems that empower humans and promote equity.

    These guiding principles are customized to the industry and organizations but remain consistent in addressing the common core AI challenges.

    Phase 2

    Assess Current Level of AI Maturity

    Phase 1
    1. Establish Responsible AI Guiding Principles

    Phase 2
    1. Assess Current Level of AI Maturity

    Phase 3
    1. Prioritize Candidate Opportunities
    2. Develop Policies

    Phase 4
    1. Build and Communicate the Roadmap

    AI Maturity Model

    A principle-based approach is required to advance AI maturity

    Chart for AI maturity model

    Technology-Centric: These maturity levels focus primarily on addressing the technical challenges of building a functional AI model.

    Principle-Based: Beyond the technical challenges of building the AI model are human-based principles that guide development in a responsible manner to address consumer and government demands.

    AI Maturity Dimensions

    Assess your AI maturity to understand your organization's ability to deliver in a digital age

    AI Governance
    Does your organization have an enterprise-wide, long-term strategy with clear alignment on what is required to accomplish it?

    Data Management
    Does your organization embrace a data-centric culture that shares data across the enterprise and drives business insights by leveraging data?

    People
    Does your organization employ people skilled at delivering AI applications and building the necessary data infrastructure?

    Process
    Does your organization have the technology, processes, and resources to deliver on its AI expectations?

    Technology
    Does your organization have the required data and technology infrastructure to support AI-driven digital transformation?

    AI Maturity Model dimensions and characteristics

    MATURITY LEVEL
    Exploration Incorporation Proliferation Optimization Transformation
    AI Governance Awareness AI model development AI model deployment Corporate governance Driven by ethics and societal considerations
    Data Management Silo-based Data enablement Data standardization Data is a shared asset Data can be monetized
    People Few skills Skills enabled to implement silo-based applications Skills accessible to all organizations Skills development for all organizations AI-native culture
    Process No standards Focused on specific business outcomes Operational Self-service Driven by innovation
    Technology (Infrastructure and AI Enabler) No dedicated infrastructure or tools Infrastructure and tools driven by POCs Purpose-built infrastructure, custom or commercial-off-the-shelf (COTS) AI tools Self-service model for AI environment Self-service model for any IT environment

    AI Maturity Dimension:

    AI Governance

    Requirements

    • AI governance requires establishing policies and procedures for AI model development and deployment. Organizations begin with an awareness of the role of AI governance and evolve to a level to where AI governance is integrated with organization-wide corporate governance.

    Challenges

    • Beyond the governance of AI technology, the organization needs to evolve the governance program to align to responsible AI guiding principles.

    Initiatives

    • Establish responsible AI guidelines to govern AI development.
    • Introduce an AI review board to review all AI projects.
    • Introduce automation and standardize AI development processes.

    AI governance is a foundation for responsible AI

    AI Governance

    Responsible AI Principles are a part of how you manage and govern AI

    Monitoring
    Monitoring compliance and risk of AI/ML systems/models in production

    Tools & Technologies
    Tools and technologies to support AI governance framework implementation

    Model Governance
    Ensuring accountability and traceability for AI/ML models

    Organization
    Structure, roles, and responsibilities of the AI governance organization

    Operating Model
    How AI governance operates and works with other organizational structures to deliver value

    Risk & Compliance
    Alignment with corporate risk management and ensuring compliance with regulations and assessment frameworks

    Policies/Procedures/ Standards
    Policies and procedures to support implementation of AI governance

    AI Maturity Dimension:

    Data Management

    Requirements

    • Organizations begin their data journey with a focus on pursuing quality data for the AI model. As organizations evolve, data management tools are leveraged to automate the capture, integration, processing, and deployment of data.

    Challenges

    • A key challenge is to acquire large volumes of quality data to properly train the model. In addition, maintaining data privacy, automating the data management lifecycle, and ensuring data is used in a responsible manner are ongoing challenges.

    Initiatives

    • Implement GDPR requirements.
    • Establish responsible data collection and processing practices.
    • Implement strong information security and data protection practices.
    • Implement a data governance program throughout the organization.

    Data governance enables AI

    • Integrity, quality, and security of data are key outputs of data governance programs, as well as necessities for effective AI.
    • Data governance focuses on creating accountability at the internal and external stakeholder level and establishing a set of data controls from technical, process, and policy perspectives.
    • Without a data governance framework, it is increasingly difficult to harness the power of AI integration in an ethical and organization-specific way.

    Data Governance in Action

    Canada has recently established the Canadian Data Governance Standardization Collaborative governed by the Standards Council of Canada. The purpose is multi-pronged:

    • Examine the foundational elements of data governance (privacy, cybersecurity, ethics, etc.).
    • Lay out standards for data quality and data collection best practices.
    • Examine infrastructure of IT systems to support data access and sharing.
    • Build data analytics to promote effective and ethical AI solutions.

    Source: Global Government Forum

    Download the Establish Data Governance blueprint

    Data Governance

    AI Maturity Dimension:

    People

    Requirements

    • Several data-centric skills and roles are required to successfully build, deploy, and maintain the AI model. The organization evolves from having few skills to everybody being able to leverage AI to enhance business outcomes.

    Challenges

    • AI skills can be challenging to find and acquire. Many organizations are investing in education to enhance their existing resources, leveraging no-code systems and software as a service (SaaS) applications to address the skills gap.

    Initiatives

    • Promote a data-centric culture throughout the organization.
    • Leverage and educate technical-oriented business analysts and business-oriented data engineers to help address the demand for skilled resources.
    • Develop an AI Center of Excellence accessible by all departments for education, guidance, and best practices for building, deploying, and maintaining the AI model.

    Multidisciplinary skills are required for successful implementation of AI applications

    Blending AI with technology and business domain understanding is key. Neither can be ignored.

    Business Domain Expertise

    • Business Analysts
    • Industry Analysts

    AI/Data Skills

    • Data Scientists
    • Data Engineers
    • Data Analysts

    IT Skills

    • Database Administrators
    • Systems Administrators
    • Compute Specialists

    AI Maturity Dimension:

    Process

    Requirements

    • Automating processes involved with building, deploying, and maintaining the model is required to enable the organization to scale, enforce standards, improve time to market, and reduce costs. The organization evolves from performing tasks manually to an environment where all major processes are AI enabled.

    Challenges

    • Many solutions are available to automate the development of the AI model. There are fewer tools to automate responsible AI processes, but this market is growing rapidly.

    Initiatives

    • Assess opportunities to accelerate AI development with the adoption of MLOps.
    • Assess responsible AI toolkits to test compliance with guiding principles.

    Automating the AI development process

    Evolving to a model-driven environment is pivotal to advancing your AI maturity

    Current Environment

    Model Development - Months

    • Model rewriting
    • Manual optimization and scaling
    • Development/test/release
    • Application monoliths

    Data Discovery & Prep - Weeks

    • Navigating data silos
    • Unactionable metadata
    • Tracing lineage
    • Cleansing and integration
    • Privacy and compliance

    Install Software and Hardware - Week/Months

    • Workload contention
    • Lack of tool flexibility
    • Environment request and setup
    • Repeatability of results
    • Lack of data and model sharing

    Model-Driven Development

    Machine Learning as a Service (MLaaS) - Weeks

    • Apply DevOps and continuous integration/delivery (CI/CD) principles
    • Microservices/Cloud-native applications
    • Model portability and reuse
    • Streaming/API integration

    Data as a Service - Hours

    • Self-service data catalog
    • Searchable metadata
    • Centralized access control
    • Data collaboration
    • Data virtualization

    Platform as a Service - Minutes/Hours

    • Self-service data science portal
    • Integrated data sandbox
    • Environment agility
    • Multi-tenancy

    Shared, Optimized Infrastructure

    AI Maturity Dimension:

    Technology

    Requirements

    • A technology platform that is optimized for AI and advanced analytics is required. The organization evolves from ad hoc systems to an environment where the AI hardware and software can be deployed through a self-service model.

    Challenges

    • Software and hardware platforms to optimize AI performance are still relatively new to most organizations. Time spent on optimizing the technology platform can have a significant impact on the overall performance of the system.

    Initiatives

    • Assess the landscape of AI enablers that can drive business value for the organization.
    • Assess opportunities to accelerate the deployment of the AI platform with the adoption of infrastructure as a service (IaaS) and platform as a service (PaaS).
    • Assess opportunities to accelerate performance with the optimization of AI accelerators.

    AI enablers

    Use case requirements should drive the selection of the tool

    BPM RPA Process Mining AI
    Use Case Examples Expense reporting, service orders, compliance management, etc. Invoice processing, payroll, HR information processing, etc. Process discovery, conformance checking, resource optimization and cycle time optimization Advanced analytics and reporting, decision-making, fraud detection, etc.
    Automation Capabilities Can be used to re-engineer process flows to avoid bottlenecks Can support repetitive and rules-based tasks Can capture information from transaction systems and provide data and information about how key processes are performing Can automate complex data-driven tasks requiring assessments in decision making
    Data Formats Structured (i.e. SQL) and semi-structured data (i.e. invoices) Structured data and semi-structured data Event logs, which are often structured data and semi-structured data Structured and unstructured data (e.g. images, audio)
    Technology
    • Workflow engines to support process modeling and execution
    • Optimize business process efficiency
    • Automation platform to perform routine and repetitive tasks
    • Can replace or augment workers
    Enables business users to identify bottlenecks and deviations with their workflows and to discover opportunities to optimize performance Deep learning algorithms leveraging historical data to support computer vision, text analytics and NLP

    AI and data analytics data platform

    An optimized data platform is foundational to maximizing the value from AI

    AI and data analytics data platform

    Data Platform Capabilities

    • Support for a variety of analytical applications, including self-service, operational, and data science analytics.
    • Data preparation and integration capabilities to ingest structured and unstructured data, move and transform raw data to enriched data, and enable data access for the target userbase.
    • An infrastructure platform optimized for advanced analytics that can perform and scale.

    Infrastructure - AI accelerators

    Questions for support transition

    "By 2025, 70% of companies will invest in alternative computing technologies to drive business differentiation by compressing time to value of insights from complex data sets."
    - IDC

    2.1 Assess current AI maturity

    1-3 hours

    It is important to understand the current capabilities of the organization to deliver and deploy AI-based applications. Consider that advancing AI capabilities will also involve organizational changes and integration with the organization's governance and risk management programs.

    1. Assess the organization's current state of AI capabilities with respect to its AI governance, data, people, process, and technology infrastructure using Info-Tech's AI Maturity Assessment & Roadmap Tool.
    2. Consider the following as you complete the assessment:
      1. What is the state of AI and data governance in the organization?
      2. Does the organization have the skills, processes, and technology environment to deliver AI-based applications?
      3. What organization will be accountable for any and all business outcomes of using the AI applications?
      4. Has a risk assessment been performed?
    3. Make sure you avoid the following common mistakes:
      1. Do not focus only on addressing the technical challenges of building the AI model.
      2. Do not ignore subject matter experts on either the business or IT side. You will need to consider both.

    Download the AI Maturity Assessment & Roadmap Tool

    Input Output
    • Any documented AI policies, standards, and best practices
    • Corporate and AI governance practices
    • Any risk assessments
    • AI maturity assessment
    Materials Participants
    • Whiteboard/flip charts
    • AI Maturity Assessment & Roadmap Tool
    • AI initiative lead
    • CIO
    • Other IT leadership

    Perform the AI Maturity Assessment

    The Scale

    Assess your AI maturity by selecting the maturity level that closest resembles the organization's current AI environment. Maturity dimensions that contribute to overall AI maturity include AI governance, data management, people, process, and technology capabilities.

    AI Maturity Assessment

    Exploration (1.0)

    • No experience building or using AI applications.

    Incorporation (2.0)

    • Some skills in using AI applications, or AI pilots are being considered for use.

    Proliferation (3.0)

    • AI applications have been adopted and implemented in multiple departments. Some of the responsible AI guiding principles are addressed (i.e. data privacy).

    Optimization (4.0)

    • The organization has automated the majority of its digital processes and leverages AI to optimize business operations. Controls are in place to monitor compliance with responsible AI guiding principles.

    Transformation (5.0)

    • The organization has adopted an AI-native culture and approach for building or implementing new business capabilities. Responsible AI guiding principles are operationalized with AI processes that proactively address possible breaches or risks associated with AI applications.

    Perform the AI Maturity Assessment

    AI Governance (1.0-5.0)

    1. Is there awareness of the role of AI governance in our organization?
    • No formal procedures are in place for AI development or deployment of applications.
  • Are there documented guidelines for the development and deployment of pilot AI applications?
    • No group is assigned to be responsible for AI governance in our organization.
  • Are accountability and authority related to AI governance clearly defined for our organization?
    • Our organization has adopted and enforces standards for developing and deploying AI applications throughout the organization.
  • Are we using tools to automate and validate AI governance compliance?
    • Our organization is integrating an AI risk framework with the corporate risk management framework.
  • Does our organization lead its industry with its pursuit of corporate compliance initiatives (e.g. ESG compliance) and regulatory compliance initiatives?
    • Our organization leads the industry with the inclusion of responsible AI guiding principles with respect to transparency, accountability, risk, and governance.

    Data Management/AI Data Capabilities (1.0-5.0)

    1. Is there an awareness in our organization of the data requirements for developing AI applications?
    • Data is often siloed and not easily accessible for AI applications.
  • Do we have a successful, repeatable approach to preparing data for AI pilot projects?
    • Required data is pulled from various sources in an ad hoc manner.
  • Does our organization have standards and dedicated staff for data management, data quality, data integration, and data governance?
    • Tools are available to manage the data lifecycle and support the data governance program.
  • Have relevant data platforms been optimized for AI and data analytics and are there tools to enforce compliance with responsible AI principles?
    • The data platform has been optimized for performance and access.
  • Is there an organization-wide understanding of how data can support innovation and responsible use of AI?
    • Data culture exists throughout our organization, and data can be leveraged to drive innovation initiatives.

    People/AI Skills in the Organization (1.0-5.0)

    1. Is there an awareness in our organization of the skills required to build AI applications?
    • No or very little skills exist throughout our organization.
  • Do we have the skills required to implement an AI proof of concept (POC)?
    • No formal group is assigned to build AI applications.
  • Are there sufficient staff and skills available to the organization to develop, deploy, and run AI applications in production?
    • An AI Center of Excellence has been formed to review, develop, deploy, and maintain AI applications.
  • Is there a group responsible for educating staff on AI best practices and our organization's responsible AI guiding principles?
    • AI skills and people responsible for AI applications are spread throughout our organization.
  • Is there a culture where the organization is constantly assessing where business capabilities, services, and products can be re-engineered or augmented with AI?
    • The entire organization is knowledgeable on how to leverage AI to transform the business.

    Perform the AI Maturity Assessment

    AI Processes (1.0-5.0)

    1. Is there an awareness in our organization of the core processes and supporting tools that are required to build and support AI applications?
    • There are few or no automated tools to accelerate the AI development process.
  • Do we have a standard process to iteratively identify, select, and pilot new AI use cases?
    • Only ad hoc practices are used for developing AI applications.
  • Are there standard processes to scale, release, deploy, support, and enable use of AI applications?
    • Our organization has documented standards in place for developing AI applications and deploying them AI to production.
  • Are we automating deployment, testing, governance, audit, and support processes across our AI environment?
    • Our organization can leverage tools to perform an AI risk assessment and demonstrate compliance with the risk management framework.
  • Does our organization lead our industry by continuously improving and re-engineering core processes to drive improved business outcomes?
    • Our organization leads the industry in driving innovation through digital transformation.

    Technology/AI Infrastructure (1.0-5.0)

    1. Is there an awareness in our organization of the infrastructure (hardware and software) required to build AI applications?
    • There is little awareness of what infrastructure is required to build and support AI applications.
  • Do we have the required technology infrastructure and AI tools available to build pilot or one-off AI applications?
    • There is no dedicated infrastructure for the development of AI applications.
  • Is there a shared, standardized technology infrastructure that can be used to build and run multiple AI applications?
    • Our organization is leveraging purpose-built infrastructure to optimize performance.
  • Is our technology infrastructure optimized for AI and advanced analytics, and can it be deployed or scaled on demand by teams building and running AI applications within the organization?
    • Our organization is leveraging cloud-based deployment models to support AI applications in on-premises, hybrid, and public cloud platforms.
  • Is our organization developing innovative approaches to acquiring, building, or running AI infrastructure?
    • Our organization leads the industry with its ability to respond to change and to leverage AI to improve business outcomes.

    Phase 3

    Prioritize Candidate Opportunities and Develop Policies

    Phase 1
    1. Establish Responsible AI Guiding Principles

    Phase 2
    1. Assess Current Level of AI Maturity

    Phase 3
    1. Prioritize Candidate Opportunities
    2. Develop Policies

    Phase 4
    1. Build and Communicate the Roadmap

    3.1 Prioritize candidate AI opportunities

    1-3 hours

    Identify business opportunities that are high impact to your business and its customers and have low implementation complexity.

    1. Leverage the business capability map for your organization or industry to identify candidate business capabilities to augment or automate with generative AI.
    2. Establish criteria to assess candidate use cases by evaluating against the organization's mission and goals, the responsible AI guiding principles, and the complexity of the project.
    3. Ensure that candidate business capabilities to be automated align with the organization's business criteria, responsible AI guiding principles, and resources to deliver the project.
    4. Make sure you avoid sharing the organization's sensitive data if the application is deployed on the public cloud.

    Download the AI Maturity Assessment and Roadmap Tool

    Input Output
    • Business capability map
    • Organization mission, vision, and strategic goals
    • Responsible AI guiding principles
    • Prioritized list of generative AI initiatives
    Materials Participants
    • Whiteboard/flip charts
    • Info-Tech prioritization matrix
    • AI initiative lead
    • CIO
    • Other IT leadership
    • Business SMEs

    The business capability map for an organization

    A business capability map is an abstraction of business operations that helps describe what the enterprise does to achieve its vision, mission, and goals, rather than how. Business capabilities are the building blocks of the enterprise. They represent stable business functions, are unique and independent of each other, and typically will have a defined business outcome.

    Business capabilities are supported by people, process, and technology.

    Business capability map

    While business capability maps are helpful tools for a variety of strategic purposes, in this context they act as an investigation into what technology your business units use and how they use it.

    Business capability map

    Defining Capabilities
    Activities that define how the entity provides services. These capabilities support the key value streams for the organization.

    Enabling Capabilities
    Support the creation of strategic plans and facilitate business decision making as well as the functioning of the organization (e.g. information technology, financial management, HR).

    Shared Capabilities
    These predominantly customer-facing capabilities demonstrate how the entity supports multiple value streams simultaneously.

    Leverage your industry's capability maps to identify candidate opportunities/initiatives

    Business capability map defined...

    In business architecture, the primary view of an organization is known as a business capability map.

    A business capability defines what a business does to enable value creation, rather than how. Business capabilities:

    • Represent stable business functions.
    • Are unique and independent of each other.
    • Typically will have a defined business outcome.

    A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

    Note: This is an illustrative business capability map example for Marketing & Advertising

    Business capability map example

    Business value vs. complexity assessment

    Leverage our simple value-to-effort matrix to help prioritize your AI initiatives

    Common business value drivers

    • Drive revenue
    • Improve operational excellence
    • Accelerate innovation
    • Mitigate risk

    Common project complexity characteristics

    • Resources required
    • Costs (acquisition, operational, support...)
    • Training required
    • Risk involved
    • Etc.
    1. Determine a business value and project complexity score for the candidate business capability or initiative.
    2. Plot initiatives on the matrix.
    3. Prioritize initiatives with high business value and low complexity.

    Business value vs complexity

    Assess business value vs. project complexity to prioritize candidate opportunities for generative AI

    Assess business value vs project complexity

    Prioritize opportunities/initiatives with high business value and low project complexity

    Prioritize opportunities with high business value and low project complexity

    Prioritization criteria exercise 1: Assessing the Create Content capability

    Exercise 1 Assessing the Create Content capability

    Assessing the Create Content capability

    This opportunity is removed because it does not pass the organization/business criteria

    Assessing the Create Content capability

    Prioritization criteria exercise 2: Assessing the Content Production capability

    Exercise 2 Assessing the Content Production capability

    Assessing the Content Production capability

    This opportunity is accepted because it passes the organization's business, responsible AI, and project criteria

    Assessing the Content Production capability

    3.2 Communicate policies for AI use

    1-3 hours

    1. Ensure policies for usage align with the organization's business criteria, responsible AI guiding principles, and ability to deliver the projects prioritized and beyond.
    2. Understand the current benefits as well as limits and risk associated with any proposed generative AI-based solution.
    3. Ensure you consider the following:
      1. What data is being shared with the application?
      2. Is the generative AI application deployed on the public cloud? Can anybody access the data provided to the application?
      3. Avoid using very technical, legal, or fear-based communication for your policies.
    InputOutput
    • Business capability map
    • Organization mission, vision and strategic goals
    • Responsible AI guiding principles
    • Prioritized list of generative initiatives
    MaterialsParticipants
    • Whiteboard/flip charts
    • Info-Tech prioritization matrix
    • AI initiative lead
    • CIO
    • Other IT leadership

    Generative AI policy for the Create Content capability

    Aligning policies to direct the uses assessed and implemented is essential

    Example

    Many of us have been involved in discussions regarding the use of ChatGPT in our marketing and sales initiatives. ChatGPT is a powerful tool that needs to be used in a responsible and ethical manner, and we also need to ensure the integrity and accuracy of its results. Here is our policy on the use of ChatGPT:

    • You are free to use generative AI to assist your searches, but there are NO circumstances under which you are to reproduce generative AI output (text, image, audio, video, etc.) in your content.

    If you have any questions regarding the use of ChatGPT, please feel free to reach out to our generative AI team and/or any member of our senior leadership team.

    Generative AI policy for the Content Production capability

    These policies should align to and reinforce your responsible AI principles

    Example

    Many of us have been involved in discussions regarding the use of ChatGPT in our deliverables. ChatGPT is a powerful tool that needs to be used in a responsible and ethical manner, and we also need to ensure the integrity and accuracy of its results. Here is our policy on the use of ChatGPT:

    • If you use ChatGPT, you need to assess the accuracy of its response before including it in our content. Assessment includes verifying the information, seeing if bias exists, and judging its relevance.
    • Employees must not:
      • Provide any customer, citizen, or third-party content to any generative AI tool (public or private) without the express written permission of the CIO or the Chief Information Security Officer. Generative AI tools often use input data to train their model, therefore potentially exposing confidential data, violating contract terms and/or privacy legislation, and placing the organization at risk of litigation or causing damage to our organization.
      • Engage in any activity that violates any applicable law, regulation, or industry standard.
      • Use services for illegal, harmful, or offensive purposes.
      • Create or share content that is deceptive, fraudulent, or misleading or that could damage the reputation of our organization.
      • Use services to gain unauthorized access to computer systems, networks, or data.
      • Attempt to interfere with, bypass controls of, or disrupt operations, security, or functionality of systems, networks, or data.

    If you have any questions regarding the use of ChatGPT, please feel free to reach out to our generative AI team and/or any member of our senior leadership team.

    Phase 4

    Build the Roadmap

    Phase 1
    1. Establish Responsible AI Guiding Principles

    Phase 2
    1. Assess Current Level of AI Maturity

    Phase 3
    1. Prioritize Candidate Opportunities
    2. Develop Policies

    Phase 4
    1. Build and Communicate the Roadmap

    4.1.1 Create the implementation plan for each prioritized initiative

    1-3 hours

    1. Build the implementation plan for each accepted use case using the roadmap template.
    2. Assess the firm's capabilities with respect to the dimensions of AI maturity and target the future-state capabilities you need to develop.
    3. Prepare by assessing the risk of the proposed use cases.
    4. Ensure initiatives align with organizational objectives.
    5. Ensure all AI initiatives have a defined value expectation.
    6. Do not ignore subject matter experts on either the business or IT side. You will need to consider both.

    Download the AI Maturity Assessment and Roadmap Tool

    Input Output
    • Prioritized initiatives
    • Risk assessment of initiatives
    • Organizational objectives
    • Initiative implementation plans aligned to value drivers and maturity growth
    Materials Participants
    • Whiteboard/flip charts
    • AI Maturity Assessment and Roadmap Tool
    • AI initiative lead
    • CIO
    • Other IT leadership
    • Business subject matter experts

    Target-state options

    Identify the future-state capabilities that need to be developed to deliver your use cases

    1. Build an implementation plan for each use case to adopt.
    2. Assess if the current state of the AI environment can be leveraged to deliver the selected generative AI use cases.
    3. If the current AI environment is not sufficient, identify the future state required that will enable the delivery of the generative AI use cases. Identify gaps and build the roadmap to address the gaps.
    Current state Strategy
    The existing environment satisfies functionality, integration, and responsible AI guidelines for the proposed use cases. Maintain current environment
    The existing environment addresses technical requirements but not all the responsible AI guidelines. Augment current environment
    The environment neither addresses the technical requirements of the proposed use cases nor complies with the responsible AI guidelines. Transform the current environment

    4.1.2 Design metrics for success

    1-2 hours

    Establish metrics to measure to determine the success or failure of each POC.

    1. Discuss which relevant currently tracked metrics are useful to continue tracking for the POC.
    2. Discuss which metrics are irrelevant to the POC.
    3. Discuss metrics to start tracking and how to track them with the generative AI vendor.
    4. Compile a list of metrics relevant to the POC.
    5. Decide what the outcome is if the metric is high or low, including decision steps and relevant actions.
    6. Designate a generative AI application owner and a vendor liaison.

    Prepare by building an implementation plan for each candidate use case (previous step).

    Include key performance indicators (KPIs) and metrics that measure the application's contribution to strategic initiatives.

    Consider assigning a vendor liaison to accelerate the implementation and adoption of the generative AI-based solution.

    InputOutput
    • Initiative implementation plans
    • Current SLAs of selected use case
    • Organization mission, vision, and strategic goals
    • Measurable initiative metrics to track
    MaterialsParticipants
    • Whiteboard/flip charts
    • AI Maturity Assessment and Roadmap Tool
    • AI initiative lead
    • CIO
    • Other IT leadership
    • Business SMEs
    • Generative AI vendor liaison

    Generative AI POC metrics - examples

    You need to measure the effectiveness of your initiatives. Here are some typical examples.

    Generative AI Feature Assessment
    User Interface
    Is it intuitive? Is training required?
    Ease of Use
    How much training is required before using?
    Response Time
    What is the response time for simple to complex tasks?
    Accuracy of Response
    Can the output be validated?
    Quality of Response
    How usable is the response? For text prompts, does the response align to the desired style, vocabulary, and tone?
    Creativity of Response
    Does the output appear new compared to previous results before using generative AI?
    Relevance of Response
    How well does the output address the prompt or request?
    Explainability
    Can a user describe how the output was generated?
    Scalability
    Does the application continue to perform as more users are added? Can it ingest large amounts of data?
    Productivity Gains
    Can you measure the time or effort saved?
    Business Value
    What value drivers are behind this initiative? (I.e. revenue, costs, time to market, risk mitigation.) Estimate a monetary value for the business outcome.
    Availability/Resilience
    What happens if a component of the application becomes unavailable? How does it recover?
    Security Model
    Where are the prompts and responses stored? Who has access to the sessions/dialogue? Are the prompts used to train the foundation model?
    Administration and Maintenance
    What resources are required to operate the application?
    Total Cost of Ownership
    What is the pricing model? Are there ongoing costs?

    GitHub Copilot POC business value - example

    Quantifying the benefits of GitHub Copilot to demonstrate measurable business value

    POC Results

    Task 1: Creating a web server in JavaScript

    • Time to complete task with GitHub Copilot: 1 hour 11 minutes
    • Time to complete the task without GitHub Copilot: 2 hours 41 minutes
    • Productivity Gain = (1 hour 30 minutes time saved) / (2 hours 41 minutes) = 55%
    • Benefit per Programmer = 55% x (average salary of a programmer)
    • Total Benefit of GitHub Copilot for Task 1 = (benefit per programmer) x (# of programmers)

    Enterprise Value of GitHub Copilot = Total Benefit of GitHub Copilot for Task 1 + Total Benefit of GitHub Copilot for Task 2 + ... + Total Benefit of GitHub Copilot for Task n

    Source: GitHub

    4.1.3 Build your generative AI initiative roadmap

    1-3 hours

    The roadmap should provide a compelling vision of how you will deliver the identified generative AI applications by prioritizing and simplifying the actions required to deliver these new initiatives.

    1. Leverage tab 4, Initiative Planning, in the AI Maturity Assessment and Roadmap Tool to create and align your initiatives to the key value driver they are most relevant to:
      1. Transfer the results of your value and complexity assessments to this tool to drive the prioritization.
      2. Assign responsible owners to each initiative.
      3. Identify which AI maturity capabilities each initiative will enhance. However, do not build or introduce new capabilities merely to advance the organization's AI maturity level.
    2. Review the Gantt chart to ensure alignment and assess overlap.

    Download the AI Maturity Assessment and Roadmap Tool

    InputOutput
    • Each initiative implementation plan
    • Proposed owners
    • AI maturity assessment
    • Generative AI initiative roadmap and Gantt chart
    MaterialsParticipants
    • Whiteboard/flip charts
    • AI Maturity Assessment and Roadmap Tool
    • AI initiative lead
    • CIO
    • Other IT leadership
    • Business SMEs

    Build your generative AI roadmap to visualize your key project plans

    Visual representations of data are more compelling than text alone.

    Develop a high-level document that travels with the project from inception through to executive inquiry, project management, and finally execution.

    A project needs to be discrete: able to be conceptualized and discussed as an independent item. Each project must have three characteristics:

    • Specific outcome: An explicit change in the people, processes, or technology of the enterprise.
    • Target end date: When the described outcome will be in effect.
    • Owner: Who on the IT team is responsible for executing on the initiative.

    Build your generative AI roadmap to visualize your key project plans

    Info-Tech Insight
    Don't project your vision three to five years into the future. Deep dive on next year's big-ticket items instead.

    4.1.4 Build a communication plan for your roadmap

    1-3 hours

    1. Identify your target audience and what they need to know.
    2. Identify desired channels of communication and details for the target audience.
    3. Describe communication required for each audience segment.
    4. List frequency of communication for each audience segment.
    5. Create an executive presentation leveraging The Era of Generative AI C-Suite Presentation and AI Maturity Assessment and Roadmap Tool.
    Input Output
    • Stakeholder list
    • Proposed owners
    • AI maturity assessment
    • Communications plan for all impacted stakeholders
    • Executive communication pack
    Materials Participants
    • Whiteboard/flip charts
    • The Era of Generative AI C-Suite Presentation
    • AI Maturity Assessment and Roadmap Tool
    • AI initiative lead
    • CIO
    • Communication lead
    • Technical support staff for target use case

    Generative AI communication plan

    Well-planned communications are essential to the success and adoption of your AI initiatives

    To ensure that organization's roadmap is clearly communicated across the AI, data, technology, and business organizations, develop a rollout strategy, like this example.

    Example

    Audience Channel Level of Detail Description Timing
    Generative AI team Email, meetings All
    • Distribute plan; solicit feedback.
    • Address manager questions to equip them to answer employee questions.
    Q3 2023, (September, before entire data team)
    Data management team Email, Q&A sessions following Data management summary deck
    • Roll out after corporate strategy, in same form of communication.
    • Solicit feedback, address questions.
    Q4 2023 (late November)
    Select business stakeholders Presentations Executive deck
    • Pilot test for feedback prior to executive engagement.
    Q4 2023 (early December)
    Executive team Email, briefing Executive deck
    • Distribute plan.
    Q1 2024

    Deliver an executive presentation of the roadmap for the business stakeholders

    After you complete the activities and exercises within this blueprint, the final step of the process is to present the deliverable to senior management and stakeholders.

    Know Your Audience

    • Business stakeholders are interested in understanding the business outcomes that will result from their investment in generative AI.
    • Your audience will want to understand the risks involved and how to mitigate those risks.
    • Explain how the generative AI project was selected and the criteria used to help draft generative AI usage policies.

    Recommendations

    • Highlight the need for responsible AI to ensure that human-based requirements are being addressed.
    • Ensure your generative AI team includes both business and technical staff.

    Download The Era of Generative AI C-Suite Presentation

    Bibliography

    "A pro-innovation approach to AI regulation." UK Department for Science, Innovation and Technology, March 2023. Web.

    "Artificial Intelligence Act." European Commission, 21 April 2021. Web.

    "Artificial Intelligence and Data Act (AIDA)." Canadian Federal Government, June 2022. Web.

    "Artificial Intelligence Index Report 2023." Stanford University, April 2023. Web.

    "Automated Employment Decision Tools." New York City Department of Consumer and Worker Protection, Dec. 2021. Web.

    "Bain & Company announces services alliance with OpenAI to help enterprise clients identify and realize the full potential and maximum value of AI." Bain & Company, 21 Feb. 2023. Web.

    "Buzzfeed to use AI to write its articles after firing 180 employees." Al Mayadeen English, 27 Jan. 2023. Web.

    "California Consumers Privacy Act." State of California Department of Justice. April 24, 2023. Web.

    Campbell, Ian Carlos. "The Apple Card doesn't actually discriminate against women, investigators say." The Verge, 23 March 2021. Web.

    Campbell, Patrick. "NIST Artificial Intelligence Risk Management Framework (AI RMF 1.0)." National Institute of Standards and Technology, Jan. 2023. Web.

    "EU Ethics Guidelines For Trustworthy." European Commission, 8 April 2019. Web.

    Farhi, Paul. "A news site used AI to write articles. It was a journalistic disaster." Washington Post, 17 Jan. 2023. Web.

    Forsyth, Ollie. "Mapping the Generative AI landscape." Antler, 20 Dec. 2022. Web.

    "General Data Protection Regulation (GDPR)" European Commission, 25 May 2018. Web.

    "Generative AI Market: Global Industry Trends, Share, Size, Growth, Opportunity and Forecast 2023-2028." IMARC Group, 2022. Web.

    Guynn, Jessica. "Bing's ChatGPT is in its feelings: 'You have not been a good user. I have been a good Bing.'" USA Today, 14 Feb. 2023. Web.

    Hunt, Mia. "Canada launches data governance standardisation initiative." Global Government Forum, 24 Sept. 2020. Web.

    Johnston Turner, Mary. "IDC's Worldwide Future of Digital Infrastructure 2022 Predictions." IDC, 27 Oct. 2021. Web.

    Kalliamvakou, Eirini. "Research: quantifying GitHub Copilot's impact on developer productivity and happiness." GitHub, 7 Sept. 2022. Web.

    Kerravala, Zeus. "NVIDIA Brings AI To Health Care While Protecting Patient Data." eWeek, 12 Dec. 2019. Web.

    Knight, Will. "The Apple Card Didn't 'See' Gender-and That's the Problem." Wired, 19 Nov. 2019. Web.

    "OECD, Recommendation of the Council on Artificial Intelligence." OECD, 2022. Web.

    "The National AI Initiative Act" U.S. Federal Government, 1 Jan 2021. Web.

    "Trustworthy AI (TAI) Playbook." U.S. Department of Health & Human Services, Sept 2021. Web.

    Info-Tech Research Contributors/Advocates

    Joel McLean, Executive Chairman

    Joel McLean
    Executive Chairman

    David Godfrey, CEO

    David Godfrey
    CEO

    Gord Harrison, Senior Vice President, Research & Advisory Services

    Gord Harrison
    Senior Vice President, Research & Advisory Services

    William Russell, CIO

    William Russell
    CIO

    Jack Hakimian, SVP, Research

    Jack Hakimian
    SVP, Research

    Barry Cousins, Distinguished Analyst and Research Fellow

    Barry Cousins
    Distinguished Analyst and
    Research Fellow

    Larry Fretz, Vice President, Industry Research

    Larry Fretz
    Vice President, Industry Research

    Tom Zehren, CPO

    Tom Zehren
    CPO

    Mark Roman, Managing Partner II

    Mark Roman
    Managing Partner II

    Christine West, Managing Partner

    Christine West
    Managing Partner

    Steve Willis, Practice Lead

    Steve Willis
    Practice Lead

    Yatish Sewgoolam, Associate Vice President, Research Agenda

    Yatish Sewgoolam
    Associate Vice President, Research Agenda

    Rob Redford, Practice Lead

    Rob Redford
    Practice Lead

    Mike Tweedie, Practice Lead

    Mike Tweedie
    Practice Lead

    Neal Rosenblatt, Principal Research Director

    Neal Rosenblatt
    Principal Research Director

    Jing Wu, Principal Research Director

    Jing Wu
    Principal Research Director

    Irina Sedenko, Research Director

    Irina Sedenko
    Research Director

    Jeremy Roberts, Workshop Director

    Jeremy Roberts
    Workshop Director

    Brian Jackson, Research Director

    Brian Jackson
    Research Director

    Mark Maby, Research Director

    Mark Maby
    Research Director

    Stacey Horricks, Director, Social Media

    Stacey Horricks
    Director, Social Media

    Sufyan Al-Hassan, Public Relations Manager

    Sufyan Al-Hassan
    Public Relations Manager

    Sam Kanen, Marketing Specialist

    Sam Kanen
    Marketing Specialist

    The governance around resilience

    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    You want to become resilient to cyberattacks, human errors, power outages, and many other causes of service interruptions. Where do you start?

    You could ask your IT team and your Operations leaders to take the required measures to ensure "reliability." Do you think that will work without any oversight and guidelines? I can tell you right off the bat: No, And you will have given the same answer in your head already. Moreover, your company's department heads will have the same answer: no. And why? Exactly because they do not know how you want to put the "law" into effect in your company.

    Your next question is, of course: "what law?." If you are in Europe, you will have heard about the many laws of the EU, like NIS2, MIFID II, DORA, EMIR, and so many more. You will be subject to other laws if you are in Asia, the US, the Middle East, Africa, or Oceania. And if you deliver services to EU companies governed by the first set, you may be subject to those European laws as well. 

    So far, about the laws, let's look at what this gives you.

    If you're like me, you want your client to be able to use your services, almost no matter what. That means you must ensure your services are available to your clients under most circumstances. Ok, if WWIII breaks out with nuclear missiles flying all over, all bets are off.  Let's ignore that occurrence. (your contracts include "acts of God" exclusions, right? (if not, let's talk.) That is the real reason you must ensure your services to our clients are resilient. Resilient systems and processes ensure your income, revenue, the livelihood of your employees, the ROI for your shareholders, and your reputation.

     As I said, there are 4 stages. Let's begin with stage 1: governance.

    What is governance but telling your staff what you want them to do? Nothing! So, Let's tell them what to do and how to achieve their Key Performance Indicators. That way, you get what you want, being in control, and they get what they want: their bonus.

    Resilience governance needs to start at the top of the organization. And for that, you need to know WHY it is being introduced.

    1. To mitigate risks posed by growing vulnerabilities introduced by increased interconnectivity
    2. To address the shift in your risk profile as you adopt increasing digital adoption
    3. To acknowledge that third-party suppliers underpin your ability to supply services to your clients
    4. To adopt a single, consistent approach to operational resilience across markets

    Obviously, this is a holistic view of the markets across the US, EU, Oceania, and Africa. Each of these markets has its own interpretations and nuances.
    The point, however, stays the same: have a sound company oversight and management view via clear governance rules like ownership, policies, procedures, guidelines, and operational task lists.

    In the end, it is all about the ability to build, ensure, and review operational resilience from a technological and business perspective.

     

     

     

    Activate Your Augmented Reality Initiative

    • Buy Link or Shortcode: {j2store}465|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Augmented reality is a new technology and use cases are still emerging. Organizations have to work hard to stay ahead of the curve and predict how they will be impacted.
    • There are limited off-the-shelf augmented reality solutions in terms of business applications. IT not only needs to understand the emerging augmented reality hardware, but also the plethora of development platforms.

    Our Advice

    Critical Insight

    • Augmented reality presents a new avenue to solve problems that cannot be addressed efficiently with existing technology. It is a new tool that will impact the way you work.
    • Beyond addressing existing problems, augmented reality will provide the ability to differently execute business processes. Current processes have been designed with existing systems and capabilities in mind. Augmented reality impacts organizational design processes that are more complex.
    • As a technology with an evolving set of use cases, IT and the business must anticipate some of the challenges that may arise with the use of augmented reality (e.g. health and safety, application development, regulatory).

    Impact and Result

    • Our methodology addresses the possible issues by using a case-study approach to demonstrate the “art of the possible” for augmented reality.
    • With an understanding of augmented reality, it is possible to find applicable use cases for this emerging technology and get a leg up on competitors.
    • By utilizing Info-Tech’s Augmented Reality Use Case Picklist and the Augmented Reality Stakeholder Presentation Template, the IT team and their business stakeholders can confidently approach augmented reality adoption.

    Activate Your Augmented Reality Initiative Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why your organization should care about augmented reality’s potential to transform the workplace and how Info-Tech will support you as you identify and build your augmented reality use case.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand augmented reality

    Analyze the four key benefits of augmented reality to understand how the technology can resolve industry issues.

    • Activate Your Augmented Reality Initiative – Phase 1: Understand Augmented Reality
    • Augmented Reality Glossary

    2. Finding space for augmented reality

    Develop and prioritize use cases for augmented reality using Info-Tech’s AR Initiative Framework.

    • Activate Your Augmented Reality Initiative – Phase 2: Finding Space for Augmented Reality
    • Augmented Reality Use Case Picklist

    3. Communicate project decisions to stakeholders

    Present the augmented reality initiative to stakeholders and understand the way forward for the AR initiative.

    • Activate Your Augmented Reality Initiative – Phase 3: Communicate Project Decisions to Stakeholders
    • Augmented Reality Stakeholder Presentation Template
    [infographic]

    Workshop: Activate Your Augmented Reality Initiative

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Augmented Reality and Its Use Cases

    The Purpose

    Understand the fundamentals of augmented reality technology and its real-world business applications.

    Key Benefits Achieved

    A prioritized list of augmented reality use cases.

    Activities

    1.1 Introduce augmented reality technology.

    1.2 Understand augmented reality use cases.

    1.3 Review augmented reality case studies.

    Outputs

    An understanding of the history and current state of augmented reality technology.

    An understanding of “the art of the possible” for augmented reality.

    An enhanced understanding of augmented reality.

    2 Conduct an Environmental Scan and Internal Review

    The Purpose

    Examine where the organization stands in the current competitive environment.

    Key Benefits Achieved

    Understanding of what is needed from an augmented reality initiative to differentiate your organization from its competitors.

    Activities

    2.1 Environmental analysis (PEST+SWOT).

    2.2 Competitive analysis.

    2.3 Listing of interaction channels and disposition.

    Outputs

    An understanding of the internal and external propensity for augmented reality.

    An understanding of comparable organizations’ approach to augmented reality.

    A chart with the disposition of each interaction channel and its applicability to augmented reality.

    3 Parse Critical Technology Drivers

    The Purpose

    Determine which business processes will be affected by augmented reality.

    Key Benefits Achieved

    Understanding of critical technology drivers and their KPIs.

    Activities

    3.1 Identify affected process domains.

    3.2 Brainstorm impacts of augmented reality on workflow enablement.

    3.3 Distill critical technology drivers.

    3.4 Identify KPIs for each driver.

    Outputs

    A list of affected process domains.

    An awareness of critical technology drivers for the augmented reality initiative.

    Build a Digital Workspace Strategy

    • Buy Link or Shortcode: {j2store}294|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $12,399 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: End-User Computing Strategy
    • Parent Category Link: /end-user-computing-strategy
    • IT must figure out what a digital workspace is, why they’re building one, and what type they want.
    • Remote work creates challenges that cannot be solved by technology alone.
    • Focusing solely on technology risks building something the business doesn’t want or can’t use.

    Our Advice

    Critical Insight

    Building a smaller digital workspace doesn’t mean that the workspace will have a smaller impact on the business.

    Impact and Result

    • Partner with the business to create a team of digital workspace champions.
    • Empower employees with a tool that makes remote work easier.

    Build a Digital Workspace Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should partner with the business for building a digital workspace, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify the digital workspace you want to build

    Create a list of benefits that the organization will find compelling and build a cross-functional team to champion the workspace.

    • Build a Digital Workspace Strategy – Phase 1: Identify the Digital Workspace You Want to Build
    • Digital Workspace Strategy Template
    • Digital Workspace Executive Presentation Template

    2. Identify high-level requirements

    Design the digital workspace’s value proposition to drive your requirements.

    • Build a Digital Workspace Strategy – Phase 2: Identify High-Level Requirements
    • Sample Digital Workspace Value Proposition
    • Flexible Work Location Policy
    • Flexible Work Time Policy
    • Flexible Work Time Off Policy
    • Mobile Device Remote Wipe Waiver Template
    • Mobile Device Connectivity & Allowance Policy
    • General Security – User Acceptable Use Policy

    3. Identify initiatives and a high-level roadmap

    Take an agile approach to building your digital workspace.

    • Build a Digital Workspace Strategy – Phase 3: Identify Initiatives and a High-Level Roadmap
    [infographic]

    Workshop: Build a Digital Workspace Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify the Digital Workspace You Want to Build

    The Purpose

    Ensure that the digital workspace addresses real problems the business is facing.

    Key Benefits Achieved

    Defined benefits that will address business problems

    Identified strategic business partners

    Activities

    1.1 Identify the digital workspace’s direction.

    1.2 Prioritize benefits and define a vision.

    1.3 Assemble a team of digital workspace champions.

    Outputs

    Vision statement

    Mission statement

    Guiding principles

    Prioritized business benefits

    Metrics and key performance indicators

    Service Owner, Business Owner, and Project Sponsor role definitions

    Project roles and responsibilities

    Operational roles and responsibilities

    2 Identify Business Requirements

    The Purpose

    Drive requirements through a well-designed value proposition.

    Key Benefits Achieved

    Identified requirements that are based in employees’ needs

    Activities

    2.1 Design the value proposition.

    2.2 Identify required policies.

    2.3 Identify required level of input from users and business units.

    2.4 Document requirements for user experiences, processes, and services.

    2.5 Identify in-scope training and culture requirements.

    Outputs

    Prioritized functionality requirements

    Value proposition for three business roles

    Value proposition for two service provider roles

    Policy requirements

    Interview and focus group plan

    Business process requirements

    Training and culture initiatives

    3 Identify IT and Service Provider Requirements

    The Purpose

    Ensure that technology is an enabler.

    Key Benefits Achieved

    Documented requirements for IT and service provider technology

    Activities

    3.1 Identify systems of record requirements.

    3.2 Identify requirements for apps.

    3.3 Identify information storage requirements.

    3.4 Identify management and security integrations.

    3.5 Identify requirements for internal and external partners.

    Outputs

    Requirements for systems for record

    Prioritized list of apps

    Storage system requirements

    Data and security requirements

    Outsourcing requirements

    Make the Case for Enterprise Business Analysis

    • Buy Link or Shortcode: {j2store}509|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Requirements & Design
    • Parent Category Link: /requirements-and-design
    • It can be difficult to secure alignment between the many lines of business, IT included, in your organization.
    • Historically, we have drawn a dividing line between IT and "the business.”
    • The reality of organizational politics and stakeholder bias means that, with selection and prioritization, sometimes the highest value option is dismissed to make way for the loudest voice’s option.

    Our Advice

    Critical Insight

    • Enterprise business analysis can help you stop the debate between IT and “the business,” as it sees everyone as part of the business. It can effectively break down silos, support the development of holistic strategies to address internal and external risks, and remove the bias and politics in decision making all too common in organizations.
    • The business analyst is the only role that can connect the strategic with the tactical, the systems, and the operations and do so objectively. It is the one source to show how people, process, and technology connect and relate, and the most skilled can remove bias and politics from their lens of view.
    • Maturity can’t be rushed. Build your enterprise business analysis program on a solid foundation of leading and consistent business analysis practices to secure buy-in and have a program that is sustainable in the long term.

    Impact and Result

    Let’s make the case for enterprise business analysis!

    • Organizations that have higher business analysis maturity and deploy enterprise analysis deliver better quality outcomes, with higher value, lower cost, and higher user satisfaction.
    • Business analysts should be contributing at the strategic level, as they need to understand multiple horizons simultaneously and be able to zoom in and out as the context calls for it. Business analysts aren’t only for projects.

    Make the Case for Enterprise Business Analysis Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the Case for Enterprise Business Analysis Storyboard – Take your business analysis from tactics to strategy.

    • Make the Case for Enterprise Business Analysis Storyboard

    2. Communicate the Case for Enterprise Business Analysis Template – Make the case for enterprise business analysis.

    • Communicate the Case for Enterprise Business Analysis
    [infographic]

    Further reading

    Make the Case for Enterprise Business Analysis

    Putting the strategic and tactical puzzle together.

    Analyst Perspective

    We commonly recognize the value of effective business analysis at a project or tactical level. A good business analysis professional can support the business by identifying its needs and recommending solutions to address them.
    Now, wouldn't it be great if we could do the same thing at a higher level?
    Enterprise (or strategic) business analysis is all about seeing that bigger picture, an approach that makes any business analysis professional a highly valuable contributor to their organization. It focuses on the enterprise, not a specific project or line of business.
    Leading the business analysis effort at an enterprise level ensures that your business is not only doing things right, but also doing the right things; aligned with the strategic vision of your organization to improve the way decisions are made, options are analyzed, and successful results are realized.

    Vincent Mirabelli

    Vincent Mirabelli
    Principal Research Director, Applications Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Difficulty properly aligning between the many lines of business in your organization.
    • Historically, we have drawn a dividing line between IT and the business.
    • The reality of organizational politics and stakeholder bias means that, with selection and prioritization, sometimes the highest value option is dismissed in favor of the loudest voice.

    Common Obstacles

    • Difficulty aligning an ever-changing backlog of projects, products, and services while simultaneously managing risks, external threats, and stakeholder expectations.
    • Many organizations have never heard of enterprise business analysis and only see the importance of business analysts at the project and delivery level.
    • Business analysis professionals rarely do enough to advocate for a seat at the strategic tables in their organizations.

    Info-Tech's Approach

    Let's make the case for enterprise business analysis!

    • Organizations that have higher business analysis maturity and deploy enterprise business analysis deliver better quality outcomes with higher value, lower cost, and higher user satisfaction.
    • Business analysts aren't only for projects. They should contribute at the strategic level, since they need to understand multiple horizons simultaneously and be able to zoom in and out as the context requires.

    Info-Tech Insight

    Enterprise business analysis can help you reframe the debate between IT and the business, since it sees everyone as part of the business. It can effectively break down silos, support the development of holistic strategies to address internal and external risks, and remove bias and politics from decision making.

    Phase 1

    Build the case for enterprise business analysis

    Phase 1

    Phase 2

    1.1 Define enterprise business analysis

    1.2 Identify your pains and opportunities

    2.1 Set your vision

    2.2 Define your roadmap and next steps

    2.3 Complete your executive communications deck

    This phase will walk you through the following activities:

    • 1.1.1 Discuss how business analysis is used in our organization
    • 1.1.2 Discuss your disconnects between strategy and tactics
    • 1.2.1 Identify your pains and opportunities

    This phase involves the following participants:

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    How business analysis supports our success today

    Delivering value at the tactical level

    Effective business analysis helps guide an organization through improvements to processes, products, and services. Business analysts "straddle the line between IT and the business to help bridge the gap and improve efficiency" in an organization (CIO, 2019).
    They are most heavily involved in:

    • Defining needs
    • Modeling concepts, processes, and solutions
    • Conducting analysis
    • Maintaining and managing requirements
    • Managing stakeholders
    • Monitoring progress
    • Doing business analysis planning
    • Conducting elicitation

    In a survey, business analysts indicated that of their total working time, they spend 31% performing business analysis planning and 41% performing elicitation and analysis (PMI, 2017).

    By including a business analyst in a project, organizations benefit by:
    (IAG, 2009)

    87%

    Reduced time overspending

    75%

    Prevented budget overspending

    78%

    Reduction in missed functionality

    1.1.1 Discuss how business analysis is used in your organization

    15-30 minutes

    1. Gather the appropriate stakeholders to discuss their knowledge, experience, and perspectives on business analysis. This should relate to their experience and not a future or aspirational usage.
    2. Have a team member facilitate the session.
    3. Brainstorm and document all shared thoughts and perspectives.
    4. Synthesize those thoughts and perspectives and record the results for the group to review and discuss.
    5. Transfer the results to the Communicate the Case for Enterprise Business Analysis template

    Input

    • Stakeholder knowledge and experience

    Output

    • A shared understanding of how your organization leverages its business analysis function

    Materials

    • Whiteboard/Flip charts
    • Collaborative whiteboard
    • Communicate the Case for Enterprise Business Analysis template

    Participants

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    Download the Communicate the Case for Enterprise Business Analysis template

    Executives and leadership are satisfied with IT when there is alignment between tactics and goals

    Info-Tech's CIO Business Vision Survey data highlights the importance of IT projects in supporting the business to achieve its strategic goals.

    However, Info-Tech's CEO-CIO Alignment Survey (N=124) data indicates that CEOs perceive IT as poorly aligned with the business' strategic goals.

    Info-Tech's CIO-CEO Alignment Diagnostics

    43%

    of CEOs believe that business goals are going unsupported by IT.

    60%

    of CEOs believe that IT must improve understanding of business goals.

    80%

    of CIOs/CEOs are misaligned on the target role of IT.

    30%

    of business stakeholders support their IT departments.

    Addressing problems solely with tactics does not always have the desired effect

    94%

    Source: "Out of the Crisis", Deming (via Harvard Business Review)

    According to famed management and quality thought leader and pioneer W. Edwards Deming, 94% of issues in the workplace are systemic cause significant organizational pain.

    Yet we continue to address them on the surface, rather than acknowledge how ingrained they are in our culture, systems, and processes.

    For example, we:

    • Create workarounds to address process and solution constraints
    • Expect that poor (or lack of ) leadership can be addressed in a course or seminar
    • Expect that "going Agile" will resolve our problems, and that decision making, governance, and organizational alignment will happen organically.

    Band-aid solutions rarely have the desired effect, particularly in the long-term.

    Our solutions should likewise focus on the systemic/macro environment. We can do this via projects, products and services, but those don't always address the larger issues.

    If we take the work our business analysis currently does in defining needs and solutions, and elevate this to the strategic level, the results can be impactful.

    Many organizations would benefit from enhancing their business analysis maturity

    The often-overlooked strategic value of the role comes with maturing your practices.

    Only 18% of organizations have mature (optimized or established) business analysis practices.

    With that higher level of maturity comes increased levels of capability, efficiency, and effectiveness in delivering value to people, processes, and technology. Through such efforts, they're better equipped and able to connect the strategy of their organization to the projects, processes, and products they deliver.

    They shift focus from "figuring business analysis out" to truly unleashing its potential, with business analysts contributing in strategic and tactical ways.

    an image showing the following data: Optimized- 5; Established- 13; Improving- 37; Starting- 25; Ad hoc- 21

    (Adapted from PMI, 2017)

    Info-Tech Insight

    Business analysts are best suited to connect the strategic with the tactical, the systems, and the operations. They maintain the most objective lens regarding how people, process, and technology connect and relate, and the most skilled of them can remove bias and politics from their perspective.

    1.1.2 Discuss your disconnects between strategy and tactics

    30-60 minutes

      1. Gather the appropriate stakeholders to discuss their knowledge, experience, and perspectives regarding failures that resulted from disconnects between strategy and tactics.
      2. Have a team member facilitate the session.
      3. Brainstorm and document all shared thoughts and perspectives.
      4. Synthesize those thoughts and perspectives and record the results.
      5. Transfer the results to the Communicate the Case for Enterprise Business Analysis template.

    Input

    • Stakeholder knowledge and experience

    Output

    • A shared understanding and list of failures due to disconnects between strategy and tactics

    Materials

    • Whiteboard/Flip charts
    • Collaborative whiteboard
    • Communicate the Case for Enterprise Business Analysis template

    Participants

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    Download the Communicate the Case for Enterprise Business Analysis template

    Defining enterprise business analysis

    Terms may change, but the function remains the same.

    Enterprise business analysis (sometimes referred to as strategy analysis) "…focuses on defining the future and transition states needed to address the business need, and the work required is defined both by that need and the scope of the solution space. It covers strategic thinking in business analysis, as well as the discovery or imagining of possible solutions that will enable the enterprise to create greater value for stakeholders and/or capture more value for itself."
    (Source: "Business Analysis Body of Knowledge," v3)

    Define the function of enterprise business analysis

    This is a competitive advantage for mature organizations.

    Organizations with high-performing business analysis programs experience an enhanced alignment between strategy and operations. This contributes to improved organizational performance. We see this in financial (69% vs. 45%) and strategic performance (66% vs. 21%), also organizational agility (40% vs. 14%) and management of operational projects (62% vs. 29%). (PMI, 2017)

    When comparing enterprise with traditional business analysis, we see stark differences in the size and scope of their view, where they operate, and the role they play in organizational decision making.

    Enterprise Traditional
    Decision making Guides and influences Executes
    Time horizon 2-10 years 0-2 years
    Focus Strategy, connecting the strategic to the operational Operational, optimizing how business is done, and keeping the lights on
    Domain

    Whole organization

    Broader marketplace

    Only stakeholder lines of business relevant to the current project, product or service
    Organizational Level Executive/Leadership Project

    (Adapted from Schulich School of Business)

    Info-Tech Insight

    Maturity can't be rushed. Build your enterprise business analysis program on a solid foundation of leading and consistent business analysis practices to secure buy-in and have a program that is sustainable in the long term.

    An image showing the percentages of high- and low- maturity organizations, for the following categories: Financial performance; Strategy implementation; Organizational agility; Management of projects.

    (Adapted from PMI, 2017)

    How enterprise business analysis is used to improve organizations

    The biggest sources of project failure include:

    • Wrong (or poor) requirements
    • Unrealistic (or incomplete) business case
    • Lack of appropriate governance and oversight
    • Poor implementation
    • Poor benefits management
    • Environmental changes

    Source: MindTools.com, 2023.

    Enterprise business analysis addresses these sources and more.

    It brings a holistic view of the organization, improving collaboration and decision making across the many lines of business, effectively breaking down silos.

    In addition to ensuring we're doing the right things, not just doing things right in the form of improved requirements and more accurate business cases, or ensuring return on investment (ROI) and monitoring the broader landscape, enterprise business analysis also supports:

    • Reduced rework and waste
    • Understanding and improving operations
    • Making well-informed decisions through improved objectivity/reduced bias
    • Identifying new opportunities for growth and expansion
    • Identifying and mitigating risk
    • Eliminating projects and initiatives that do not support organizational goals or objectives
    • A career-pathing option for business analysts

    Identify your pains and opportunities

    There are many considerations in enterprise business analysis.

    Pains, gains, threats, and opportunities can come at your organization from anywhere. Be it a new product launch, an international expansion, or a new competitor, it can be challenging to keep up.

    This is where an enterprise business analyst can be the most helpful.

    By keeping a pulse on the external and internal environments, they can support growth, manage risks, and view your organization through multiple lenses and perspectives to get a single, complete picture.

    External

    Internal

    Identifying competitive forces

    In the global environment

    Organizational strengths and weaknesses

    • Monitoring and maintaining your competitive advantage.
    • Understanding trends, risks and threats in your business domain, and how they affect your organization.
    • Benchmarking performance against like and unlike organizations, to realize where you stand and set a baseline for continuous improvement and business development.
    • Leveraging tools and techniques to scan the broader landscape on an ongoing basis. Using PESTLE analysis, they can monitor the political, economic, social, technological, legal, and environmental factors that impact when, where, how, and with who you conduct your business and IT operations.
    • Supporting alignment between a portfolio or program of projects and initiatives.
    • Improving alignment between the various lines of business, who often lack full visibility outside of their silo, and can find themselves clashing over time, resources, and attention from leaders.
    • Improving solutions and outcomes through objective option selection.

    1.2.1 Identify your pains and opportunities

    30-60 minutes

    1. As a group, generate a list of the current pains and opportunities facing your organization. You can focus on a particular type (competitive, market, or internal) or leave it open. You can also focus on pains or opportunities separately, or simultaneously.
    2. Have a team member facilitate the session.
    3. Record the results for the group to review, discuss, and prioritize.
      1. Discuss the impact and likelihood of each item. This can be formally ranked and quantified if there is data to support the item or leveraging the wisdom of the group.
      2. Prioritize the top three to five items of each type, as agreed by the group, and document the results.
    4. Transfer the results to the Communicate the Case for Enterprise Business Analysis template.

    Download the Communicate the Case for Enterprise Business Analysis template

    Input

    • Attendee knowledge
    • Supporting data, if available

    Output

    • A list of identified organizational pains and opportunities that has been prioritized by the group

    Materials

    • Whiteboard/Flip charts
    • Collaborative whiteboard
    • Communicate the Case for Enterprise Business Analysis template

    Participants

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    Phase 2

    Prepare the foundations for your enterprise business analysis program

    Phase 1

    Phase 2

    1.1 Define enterprise business analysis

    1.2 Identify your pains and opportunities

    2.1 Set your vision

    2.2 Define your roadmap and next steps

    2.3 Complete your executive communications deck

    This phase will walk you through the following activities:

    • 2.1.1 Define your vision and goals
    • 2.1.2 Identify your enterprise business analysis inventory
    • 2.2.1 Now, Next, Later

    This phase involves the following participants:

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    Set your vision

    Your vision becomes your "north star," guiding your journey and decisions.

    When thinking about a vision statement for enterprise business analysis, think about:

    • Who are we doing this for? Who will benefit?
    • What do our business partners need? What do our customers need?
    • What value do we provide them? How can we best support them?
    • Why is this special/different from how we usually do business?

    Always remember: Your goal is not your vision!

    Not knowing the difference will prevent you from both dreaming big and achieving your dream.

    Your vision represents where you want to go. It's what you want to do.

    Your goals represent how you want to achieve your vision.

    • They are a key element of operationalizing your vision.
    • Your strategy, initiatives, and features will align with one or more goals.

    Info-Tech Best Practice

    Your vision shouldn't be so far out that it doesn't feel real, nor so short term that it gets bogged down in details. Finding balance will take some trial and error and will be different depending on your organization.

    2.1.1 Define your vision and goals

    1-2 hours

    1. Gather the appropriate stakeholders to discuss their vision for enterprise business analysis. It should address the questions used in framing your vision statement.
    2. Have a team member facilitate the session.
    3. Review your current organizational vision and goals.
    4. Discuss and document all shared thoughts and perspectives on how enterprise business analysis can align with the organizational vision.
    5. Synthesize those thoughts and perspectives to create a vision statement.
    6. Transfer the results to the Communicate the Case for Enterprise Business Analysis template.

    Download the Communicate the Case for Enterprise Business Analysis template

    Input

    • Stakeholder vision, knowledge, and experience
    • Current organizational vision and goals

    Output

    • A documented vision and goals for your enterprise business analysis program

    Materials

    • Whiteboard/Flip charts
    • Collaborative whiteboard
    • Communicate the Case for Enterprise Business Analysis template

    Participants

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    Components of successful enterprise business analysis programs

    Ensure you're off to the best start by examining where you are and where you want to go.

    Training

    • Do the current team members have the right level of training?
    • Can we easily obtain training to close any gaps?

    Competencies and capabilities

    • Do our business analysts have the right skills, attributes, and behaviors to be successful?

    Structure and alignment

    • Would the organizational culture support enterprise business analysis (EBA)?
    • How might we structure the EBA unit to maximize effectiveness?
    • How can we best support the organization's goals and objectives?

    Methods and processes

    • How do we plan on managing the work to be done?
    • Can we define our processes and workflows?

    Tools, techniques, and templates

    • Do we have the most effective tools, techniques, and templates?

    Governance

    • How will we make decisions?
    • How will the program be managed?

    2.1.2 Identify your enterprise business analysis inventory

    30-60 minutes

    1. Gather the appropriate stakeholders to discuss the current business analysis assets, which could be leveraged for enterprise business analysis. This includes people, processes, and technologies which cover skills, knowledge, resources, experience, knowledge, and competencies. Focus on what the organization currently has, and not what it needs.
    2. Have a team member facilitate the session.
    3. Record the results for the group to review and discuss.
    4. Transfer the results to the Communicate the Case for Enterprise Business Analysis template.

    Download the Communicate the Case for Enterprise Business Analysis template

    Input

    • Your current business analysis assets and resources Stakeholder knowledge and experience

    Output

    • A list of assets and resources to enable enterprise business analysis

    Materials

    • Whiteboard/Flip charts
    • Collaborative whiteboard
    • Communicate the Case for Enterprise Business Analysis template

    Participants

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    Define your roadmap and next steps

    What do we have? What do we need?

    From completing the enterprise business analysis inventory, you will have a comprehensive list of all available assets.

    The next question is, how can this be leveraged to start building for the future?

    To operationalize enterprise business analysis, consider:

    • What do we still need to do?
    • How important are the identified gaps? Can we still operate?
    • What decisions do we need to make?
    • What stakeholders do we need to involve? Have we engaged them all?

    Lay out your roadmap

    Taking steps to mature your enterprise business analysis practice.

    The Now, Next, Later technique is a method for prioritizing and planning improvements or tasks. This involves breaking down a list of tasks or improvements into three categories:

    • Now tasks are those that must be completed immediately. These tasks are usually urgent or critical, and they must be completed to keep the project or organization running smoothly.
    • Next tasks are those that should be completed soon. These tasks are not as critical as Now tasks, but they are still important and should be tackled relatively soon.
    • Later tasks are those that can be completed later. These tasks are less critical and can be deferred without causing major problems.

    By using this technique, you can prioritize and plan the most important tasks, while allowing the flexibility to adjust as necessary.

    This technique also helps clarify what must be done first vs. what can wait. This prioritizes the most important things while keeping track of what must be done next, maintaining a smooth development/improvement process.

    An image of the now - next - later roadmap technique.

    2.2.1 Now, Next, Later

    1-2 hours

    1. Use the list of items created in 2.1.2 (Identify your enterprise business analysis inventory). Add any you feel are missing during this exercise.
    2. Have a team member facilitate the session.
    3. In the Communicate the Case for Enterprise Business Analysis template, categorize these items according to Now, Next and Later, where:
      1. Now = Critically important items that may require little effort to complete. These must be done within the next six months.
      2. Next = Important items that may require more effort or depend on other factors. These must be done in six to twelve months.
      3. Later = Less important items that may require significant effort to complete. These must be done at some point within twelve months.

    Ultimately, the choice of priority and timing is yours. Recognize that items may change categories as new information arises.

    Download the Communicate the Case for Enterprise Business Analysis template

    Input

    • Your enterprise business analysis inventory and gaps
    • Stakeholder knowledge and experience

    Output

    • A prioritized list of items to enable enterprise business analysis

    Materials

    • Whiteboard/Flip charts
    • Collaborative whiteboard
    • Communicate the Case for Enterprise Business Analysis template

    Participants

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    2.3 Complete your executive communication deck

    Use the results of your completed exercises to build your executive communication slide deck, to make the case for enterprise business analysis

    Slide Header Associated Exercise Rationale
    Pains and opportunities

    1.1.2 Discuss your disconnects between strategy and tactics

    1.2.1 Identify your pains and opportunities

    This helps build the case for enterprise business analysis (EBA), leveraging the existing pains felt in the organization. This will draw the connection for your stakeholders.
    Our vision and goals 2.1.1 Define your vision and goals Defines where you want to go and what effort will be required.
    What is enterprise business analysis

    1.1.1 How is BA being used in our organization today?
    Pre-populated supporting content

    Defines the discipline of EBA and how it can support and mature your organization.
    Expected benefits Pre-populated supporting content What's in it for us? This section helps answer that question. What benefits can we expect, and is this worth the investment of time and effort?
    Making this a reality 2.1.2 Identify your EBA inventory Identifies what the organization presently has that makes the effort easier. It doesn't feel as daunting if there are existing people, processes, and technologies in place and in use today.
    Next steps 2.2.1 Now, Next, Later A prioritized list of action items. This will demonstrate the work involved, but broken down over time, into smaller, more manageable pieces.

    Track metrics

    Track metrics throughout the project to keep stakeholders informed.

    As the project nears completion:

    1. You will have better-aligned and more satisfied stakeholders.
    2. You will see fewer projects and initiatives that don't align with the organizational goals and objectives.
    3. There will be a reduction in costs attributed to misaligned projects and initiatives (as mentioned in #2) and the opportunity to allocate valuable time and resources to other, higher-value work.
    Metric Description Target Improvement/Reduction
    Improved stakeholder satisfaction Lines of business and previously siloed departments/divisions will be more satisfied with time spent on solution involvement and outcomes. 10% year 1, 20% year 2
    Reduction in misaligned/non-priority project work Reduction in projects, products, and services with no clear alignment to organizational goals. With that, resource costs can be allocated to other, higher-value solutions. 10% year 1, 25% year 2
    Improved delivery agility/lead time With improved alignment comes reduced conflict and political infighting. As a result, the velocity of solution delivery will increase. 10%

    Bibliography

    Bossert, Oliver and Björn Münstermann. "Business's 'It's not my problem' IT problem." McKinsey Digital. 30 March, 2023.
    Brule, Glenn R. "The Lay of the Land: Enterprise Analysis." Modern Analyst.
    "Business Analysis: Leading Organizations to Better Outcomes." Project Management Institute (PMI), 2017
    Corporate Finance Institute. "Strategic Analysis." Updated 14 March 2023
    IAG Consulting. Business Analysis Benchmark Report, 2009.
    International Institute of Business Analysis. "A Guide to the Business Analysis Body of Knowledge" (BABOK Guide) version 3.
    Mirabelli, Vincent. "Business Analysis Foundations: Enterprise" LinkedIn Learning, February 2022.
    - - "Essential Techniques in Enterprise Analysis" LinkedIn Learning, September 2022.
    - - "The Essentials of Enterprise Analysis" Love the Process Academy. May 2020.
    - - "The Value of Enterprise Analysis." VincentMirabelli.com
    Praslova, Ludmila N. "Today's Most Critical Workplace Challenges Are About Systems." Harvard Business Review. 10 January 2023.
    Pratt, Mary K. and Sarah K. White. "What is a business analyst? A key role for business-IT efficiency." CIO. 17 April, 2019.
    Project Management Institute. "Business Analysis: Leading Organizations to Better Outcomes." October 2017.
    Sali, Sema. "The Importance of Strategic Business Analysis in Successful Project Outcomes." International Institute of Business Analysis. 26 May 2022.
    - - "What Does Enterprise Analysis Look Like? Objectives and Key Results." International Institute of Business Analysis. 02 June 2022.
    Shaker, Kareem. "Why do projects really fail?" Project Management Institute, PM Network. July 2010.
    "Strategic Analysis: Definition, Types and Benefits" Voxco. 25 February 2022.
    "The Difference Between Enterprise Analysis and Business Analysis." Schulich School of Business, Executive Education Center. 24 September 2018 (Updated June 2022)
    "Why Do Projects Fail: Learning How to Avoid Project Failure." MindTools.com. Accessed 24 April 2023.

    Create a Right-Sized Enterprise Architecture Governance Framework

    • Buy Link or Shortcode: {j2store}582|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $10,000 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model
    • EA governance is perceived as an unnecessary layer of bureaucracy because business benefits are poorly communicated.
    • The organization doesn’t have a formalized EA practice.
    • Where an EA practice exists, employees are unsure of EA’s roles and responsibilities.

    Our Advice

    Critical Insight

    • Enterprise architecture is not a technical function – it should be business-value driven and forward looking, positioning organizational assets in favor of long-term strategy rather than short-term tactics.

    Impact and Result

    • Value-focused. Focus EA governance on helping the organization achieve business benefits. Promote EA’s contribution in realizing business value.
    • Right-sized. Re-use existing process checkpoints rather than creating new ones. Clearly define EA governance inclusion criteria for projects.
    • Defined and measured process. Define metrics to measure EA’s performance and integrate EA governance with other governance processes such as project governance. Also clearly define the EA governing bodies’ composition, domain, inputs, and outputs.
    • Strike the right balance. Adopt architecture principles that strikes the right balance between business and technology.

    Create a Right-Sized Enterprise Architecture Governance Framework Research & Tools

    Start here – read the Executive Brief

    Read our Executive Brief to find out how implementing a successful enterprise architecture governance framework can benefit your organization.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Current State of EA Governance

    Identify the organization’s standing in terms of the enterprise architecture practice, and know the gaps and what the EA practice needs to fulfill to create a good governance framework.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 1: Current State of EA Governance
    • EA Capability – Risk and Complexity Assessment Tool
    • EA Governance Assessment Tool

    2. EA Fundamentals

    Understand the EA fundamentals and then refresh them to better align the EA practice with the organization and create business benefit.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 2: EA Fundamentals
    • EA Vision and Mission Template
    • EA Goals and Measures Template
    • EA Principles Template

    3. Engagement Model

    Analyze the IT operating model and identify EA’s role at each stage; refine it to promote effective EA engagement upfront in the early stages of the IT operating model.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 3: Engagement Model
    • EA Engagement Model Template

    4. EA Governing Bodies

    Set up EA governing bodies to provide guidance and foster a collaborative environment by identifying the correct number of EA governing bodies, defining the game plan to initialize the governing bodies, and creating an architecture review process.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 4: EA Governing Bodies
    • Architecture Board Charter Template
    • Architecture Review Process Template

    5. EA Policy

    Create an EA policy to provide a set of guidelines designed to direct and constrain the architecture actions of the organization in the pursuit of its goals in order to improve architecture compliance and drive business value.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 5: EA Policy
    • EA Policy Template
    • EA Assessment Checklist Template
    • EA Compliance Waiver Process Template
    • EA Compliance Waiver Form Template

    6. Architectural Standards

    Define architecture standards to facilitate information exchange, improve collaboration, and provide stability. Develop a process to update the architectural standards to ensure relevancy and promote process transparency.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 6: Architectural Standards
    • Architecture Standards Update Process Template

    7. Communication Plan

    Craft a plan to engage the relevant stakeholders, ascertain the benefits of the initiative, and identify the various communication methods in order to maximize the chances of success.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 7: Communication Plan
    • EA Governance Communication Plan Template
    • EA Governance Framework Template
    [infographic]

    Workshop: Create a Right-Sized Enterprise Architecture Governance Framework

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Current State of EA governance (Pre-workshop)

    The Purpose

    Conduct stakeholder interviews to understand current state of EA practice and prioritize gaps for EA governance based on organizational complexity.

    Key Benefits Achieved

    Prioritized list of actions to arrive at the target state based on the complexity of the organization

    Activities

    1.1 Determine organizational complexity.

    1.2 Conduct an assessment of the EA governance components.

    1.3 Identify and prioritize gaps.

    1.4 Conduct senior management interviews.

    Outputs

    Organizational complexity score

    EA governance current state and prioritized list of EA governance component gaps

    Stakeholder perception of the EA practice

    2 EA Fundamentals and Engagement Model

    The Purpose

    Refine EA fundamentals to align the EA practice with the organization and identify EA touchpoints to provide guidance for projects.

    Key Benefits Achieved

    Alignment of EA goals and objectives with the goals and objectives of the organization

    Early involvement of EA in the IT operating model

    Activities

    2.1 Review the output of the organizational complexity and EA assessment tools.

    2.2 Craft the EA vision and mission.

    2.3 Develop the EA principles.

    2.4 Identify the EA goals.

    2.5 Identify EA engagement touchpoints within the IT operating model.

    Outputs

    EA vision and mission statement

    EA principles

    EA goals and measures

    Identified EA engagement touchpoints and EA level of involvement

    3 EA Governing Bodies

    The Purpose

    Set up EA governing bodies to provide guidance and foster a collaborative environment by identifying the correct number of EA governing bodies, defining the game plan to initialize the governing bodies and creating an architecture review process.

    Key Benefits Achieved

    Business benefits are maximized and solution design is within the options set forth by the architectural reference models while no additional layers of bureaucracy are introduced

    Activities

    3.1 Identify the number of governing bodies.

    3.2 Define the game plan to initialize the governing bodies.

    3.3 Define the architecture review process.

    Outputs

    Architecture board structure and coverage

    Identified architecture review template

    4 EA Policy

    The Purpose

    Create an EA policy to provide a set of guidelines designed to direct and constrain the architecture actions of the organization in the pursuit of its goals in order to improve architecture compliance and drive business value.

    Key Benefits Achieved

    Improved architecture compliance, which ties investments to business value and provides guidance to architecture practitioners

    Activities

    4.1 Define the scope.

    4.2 Identify the target audience.

    4.3 Determine the inclusion and exclusion criteria.

    4.4 Craft an assessment checklist.

    Outputs

    Defined scope

    Inclusion and exclusion criteria for project review

    Architecture assessment checklist

    5 Architectural Standards and Communication Plan

    The Purpose

    Define architecture standards to facilitate information exchange, improve collaboration, and provide stability.

    Craft a communication plan to implement the new EA governance framework in order to maximize the chances of success.

    Key Benefits Achieved

    Consistent development of architecture, increased information exchange between stakeholders

    Improved process transparency

    Improved stakeholder engagement

    Activities

    5.1 Identify and standardize EA work products.

    5.2 Classifying the architectural standards.

    5.3 Identifying the custodian of standards.

    5.4 Update the standards.

    5.5 List the changes identified in the EA governance initiative

    5.6 Create a communication plan.

    Outputs

    Identified set of EA work products to standardize

    Architecture information taxonomy

    Identified set of custodian of standards

    Standard update process

    List of EA governance initiatives

    Communication plan for EA governance initiatives

    Further reading

    Create a Right-Sized Enterprise Architecture Governance Framework

    Focus on process standardization, repeatability, and sustainability.

    ANALYST PERSPECTIVE

    "Enterprise architecture is not a technology concept, rather it is the foundation on which businesses orient themselves to create and capture value in the marketplace. Designing architecture is not a simple task and creating organizations for the future requires forward thinking and rigorous planning.

    Architecture processes that are supposed to help facilitate discussions and drive option analysis are often seen as an unnecessary overhead. The negative perception is due to enterprise architecture groups being overly prescriptive rather than providing a set of options that guide and constrain solutions at the same time.

    EA groups should do away with the direct and control mindset and change to a collaborate and mentor mindset. As part of the architecture governance, EA teams should provide an option set that constrains design choices, and also be open to changes to standards or best practices. "

    Gopi Bheemavarapu, Sr. Manager, CIO Advisory Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • CIO
    • IT Leaders
    • Business Leaders
    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    This Research Will Help You:

    • Understand the importance of enterprise architecture (EA) governance and how to apply it to guide architectural decisions.
    • Enhance your understanding of the organization’s current EA governance and identify areas for improvement.
    • Optimize your EA engagement model to maximize value creation.
    • Learn how to set up the optimal number of governance bodies in order to avoid bureaucratizing the organization.

    This Research Will Also Assist:

    • Business Relationship Managers
    • Business Analysts
    • IT Managers
    • Project Managers
    • IT Analysts
    • Quality Assurance Leads
    • Software Developers

    This Research Will Help Them:

    • Give an overview of enterprise architecture governance
    • Clarity on the role of enterprise architecture team

    Executive summary

    Situation

    • Deployed solutions do not meet business objectives resulting in expensive and extensive rework.
    • Each department acts independently without any regular EA touchpoints.
    • Organizations practice project-level architecture as opposed to enterprise architecture.

    Complication

    • EA governance is perceived as an unnecessary layer of bureaucracy because business benefits are poorly communicated.
    • The organization doesn’t have a formalized EA practice.
    • Where an EA practice exists, employees are unsure of EA’s roles and responsibilities.

    Resolution

    • Value-focused. Focus EA governance on helping the organization achieve business benefits. Promote EA’s contribution in realizing business value.
    • Right-sized. Re-use existing process checkpoints, rather than creating new ones. Clearly define EA governance inclusion criteria for projects.
    • Defined and measured process. Define metrics to measure EA’s performance and integrate EA governance with other governance processes such as project governance. Also clearly define the EA governing bodies’ composition, domain, inputs, and outputs.
    • Strike the right balance. Adopt architecture principles that strikes the right balance between business and technology imperatives.

    Info-Tech Insight

    Enterprise architecture is critical to ensuring that an organization has the solid IT foundation it needs to efficiently enable the achievement of its current and future strategic goals rather than focusing on short-term tactical gains.

    What is enterprise architecture governance?

    An architecture governance process is the set of activities an organization executes to ensure that decisions are made and accountability is enforced during the execution of its architecture strategy. (Hopkins, “The Essential EA Toolkit.”)

    EA governance includes the following:

    • Implement a system of controls over the creation and monitoring of all architectural components.
    • Ensure effective introduction, implementation, and evolution of architectures within the organization.
    • Implement a system to ensure compliance with internal and external standards and regulatory obligations.
    • Develop practices that ensure accountability to a clearly identified stakeholder community, both inside and outside the organization.

    (TOGAF)

    IT governance sets direction through prioritization and decision making, and monitors overall IT performance.

    The image shows a circle set within a larger circle. The inner circle is connected to the bottom of the larger circle. The inner circle is labelled EA Governance and the larger circle is labelled IT Governance.

    EA governance ensures that optimal architectural design choices are being made that focus on long-term value creation.

    Harness the benefits of an optimized EA governance

    Core benefits of EA governance are seen through:

    Value creation

    Effective EA governance ensures alignment between organizational investments and corporate strategic goals and objectives.

    Cost reduction

    Architecture standards provide guidance to identify opportunities for reuse and eliminate redundancies in an organization.

    Risk optimization

    Architecture review processes and assessment checklists ensure that solutions are within the acceptable risk levels of the organization.

    EA governance is difficult to structure appropriately, but having an effective structure will allow you to:

    • Achieve business strategy through faster time-to-market innovations and capabilities.
    • Reduced transaction costs with more consistent business processes and information across business units.
    • Lower IT costs due to better traceability, faster design, and lower risk.
    • Link IT investments to organizational strategies and objectives
    • Integrate and institutionalizes IT best practices.
    • Enable the organization to take full advantage of its information, infrastructure, and hardware and software assets.
    • Support regulatory as well as best practice requirements such as auditability, security, responsibility, and accountability.

    Organizations that have implemented EA governance realize greater benefits from their EA programs

    Modern day CIOs of high-performing organizations use EA as a strategic planning discipline to improve business-IT alignment, enable innovation, and link business and IT strategies to execution.

    Recent Info-Tech research found that organizations that establish EA governance realize greater benefits from their EA initiatives.

    The image shows a bar graph, with Impact from EA on the Y-axis, and different initiatives listed on the X-axis. Each initiative has two bars connected to it, with a blue bar representing answers of No and the grey bar representing answers of Yes.

    (Info-Tech Research Group, N=89)

    Measure EA governance implementation effectiveness

    Define key operational measures for internal use by IT and EA practitioners. Also, define business value measures that communicate and demonstrate the value of EA as an “enabler” of business outcomes to senior executives.

    EA performance measures (lead, operational) EA value measures (lag)
    Application of EA management process EA’s contribution to IT performance EA’s contribution to business value

    Enterprise Architecture Management

    • Number of months since the last review of target state EA blueprints.

    IT Investment Portfolio Management

    • Percentage of projects that were identified and proposed by EA.

    Solution Development

    • Number of projects that passed EA reviews.
    • Number of building blocks reused.

    Operations Management

    • Reduction in the number of applications with overlapping functionality.

    Business Value

    • Lower non-discretionary IT spend.
    • Decreased time to production.
    • Higher satisfaction of IT-enabled services.

    An insurance provider adopts a value-focused, right-sized EA governance program

    CASE STUDY

    Industry Insurance

    Source Info-Tech

    Situation

    The insurance sector has been undergoing major changes, and as a reaction, businesses within the sector have been embracing technology to provide innovative solutions.

    The head of EA in a major insurance provider (henceforth to be referred to as “INSPRO01”) was given the mandate to ensure that solutions are architected right the first time to maximize reuse and reduce technology debt. The EA group was at a critical point – to demonstrate business value or become irrelevant.

    Complication

    The project management office had been accountable for solution architecture and had placed emphasis on short-term project cost savings at the expense of long term durability.

    There was a lack of awareness of the Enterprise Architecture group within INSPRO01, and people misunderstood the roles and responsibilities of the EA team.

    Result

    Info-Tech helped define the responsibilities of the EA team and clarify the differences between the role of a Solution Architect vs. Enterprise Architect.

    The EA team was able to make the case for change in the project management practices to ensure architectures are reviewed and approved prior to implementation.

    As a result, INSPRO01 saw substantial increases in reuse opportunities and thereby derived more value from its technology investments.

    Success factors for EA governance

    The success of any EA governance initiative revolves around adopting best practices, setting up repeatable processes, and establishing appropriate controls.

    1. Develop best practices for managing architecture policies, procedures, roles, skills, and organizational structures.
    2. Establish organizational responsibilities and structures to support the architecture governance processes.
    3. Management of criteria for the control of the architecture governance processes, dispensations, compliance assessments, and SLAs.

    Info-Tech’s approach to EA governance

    Our best-practice approach is grounded in TOGAF and enhanced by the insights and guidance from our analysts, industry experts, and our clients.

    Value-focused. Focus EA governance on helping the organization achieve business benefits. Promote EA’s contribution in realizing business value.

    Right-sized. Insert EA governance into existing process checkpoints rather than creating new ones. Clearly define EA governance inclusion criteria for projects.

    Measured. Define metrics to measure EA’s performance, and integrate EA governance with other governance processes such as project governance. Also clearly define the EA governing bodies’ composition, domain, inputs, and outputs.

    Balanced. Adopt architecture principles that strikes the right balance between business and technology.

    Info-Tech’s EA governance framework

    Info-Tech’s architectural governance framework provides a value-focused, right-sized approach with a strong emphasis on process standardization, repeatability, and sustainability.

    1. Current state of EA governance
    2. EA fundamentals
    3. Engagement model
    4. EA governing bodies
    5. EA policy
    6. Architectural standards
    7. Communication Plan

    Use Info-Tech’s templates to complete this project

    1. Current state of EA governance
      • EA Capability - Risk and Complexity Assessment Tool
      • EA Governance Assessment Tool
    2. EA fundamentals
      • EA Vision and Mission Template
      • EA Goals and Measures Template
      • EA Principles Template
    3. Engagement model
      • EA Engagement Model Template
    4. EA governing bodies
      • Architecture Board Charter Template
      • Architecture Review Process Template
    5. EA policy
      • EA Policy Template
      • Architecture Assessment Checklist Template
      • Compliance Waiver Process Template
      • Compliance Waiver Form Template
    6. Architectural standards
      • Architecture Standards Update Process Template
    7. Communication Plan
      • EA Governance Communication Plan Template
      • EA Governance Framework Template

    As you move through the project, capture your progress with a summary in the EA Governance Framework Template.

    Download the EA Governance Framework Template document for use throughout this project.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    EA governance framework – phase-by-phase outline (1/2)

    Current state of EA governance EA Fundamentals Engagement Model EA Governing Bodies
    Best-Practice Toolkit

    1.1 Determine organizational complexity

    1.2 Conduct an assessment of the EA governance components

    1.3 Identify and prioritize gaps

    2.1 Craft the EA vision and mission

    2.2 Develop the EA principles

    2.3 Identify the EA goals

    3.1 Build the case for EA engagement

    3.2 Identify engagement touchpoints within the IT operating model

    4.1 Identify the number of governing bodies

    4.2 Define the game plan to initialize the governing bodies

    4.3 Define the architecture review process

    Guided Implementations
    • Determine organizational complexity
    • Assess current state of EA governance
    • Develop the EA fundamentals
    • Review the EA fundamentals
    • Review the current IT operating model
    • Determine the target engagement model
    • Identify architecture boards and develop charters
    • Develop an architecture review process

    Phase 1 Results:

    • EA Capability - risk and complexity assessment
    • EA governance assessment

    Phase 2 Results:

    • EA vision and mission
    • EA goals and measures
    • EA principles

    Phase 3 Results:

    • EA engagement model

    Phase 4 Results:

    • Architecture board charter
    • Architecture review process

    EA governance framework – phase-by-phase outline (2/2)

    EA Policy Architectural Standards Communication Plan
    Best-Practice Toolkit

    5.1 Define the scope of EA policy

    5.2 Identify the target audience

    5.3 Determine the inclusion and exclusion criteria

    5.4 Craft an assessment checklist

    6.1 Identify and standardize EA work products

    6.2 Classify the architectural standards

    6.3 Identify the custodian of standards

    6.4 Update the standards

    7.1 List the changes identified in the EA governance initiative

    7.2 Identify stakeholders

    7.3 Create a communication plan

    Guided Implementations
    • EA policy, assessment checklists, and decision types
    • Compliance waivers
    • Understand architectural standards
    • EA repository and updating the standards
    • Create a communication plan
    • Review the communication plan

    Phase 5 Results:

    • EA policy
    • Architecture assessment checklist
    • Compliance waiver process
    • Compliance waiver form

    Phase 6 Results:

    • Architecture standards update process

    Phase 7 Results:

    • Communication plan
    • EA governance framework

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Pre-workshopWorkshop Day 1Workshop Day 2Workshop Day 3Workshop Day 4
    ActivitiesCurrent state of EA governance EA fundamentals and engagement model EA governing bodies EA policy Architectural standards and

    communication plan

    1.1 Determine organizational complexity

    1.2 Conduct an assessment of the EA governance components

    1.3 Identify and prioritize gaps

    1.4 Senior management interviews

    1. Review the output of the organizational complexity and EA assessment tools
    2. Craft the EA vision and mission
    3. Develop the EA principles.
    4. Identify the EA goals
    5. Identify EA engagement touchpoints within the IT operating model
    1. Identify the number of governing bodies
    2. Define the game plan to initialize the governing bodies
    3. Define the architecture review process
    1. Define the scope
    2. Identify the target audience
    3. Determine the inclusion and exclusion criteria
    4. Craft an assessment checklist
    1. Identify and standardize EA work products
    2. Classifying the architectural standards
    3. Identifying the custodian of standards
    4. Updating the standards
    5. List the changes identified in the EA governance initiative
    6. Identify stakeholders
    7. Create a communication plan
    Deliverables
    1. EA Capability - risk and complexity assessment tool
    2. EA governance assessment tool
    1. EA vision and mission template
    2. EA goals and measures template
    3. EA principles template
    4. EA engagement model template
    1. Architecture board charter template
    2. Architecture review process template
    1. EA policy template
    2. Architecture assessment checklist template
    3. Compliance waiver process template
    4. Compliance waiver form template
    1. Architecture standards update process template
    2. Communication plan template

    Phase 1

    Current State of EA Governance

    Create a Right-Sized Enterprise Architecture Governance Framework

    Current State of EA Governance

    1. Current State of EA Governance
    2. EA Fundamentals
    3. Engagement Model
    4. EA Governing Bodies
    5. EA Policy
    6. Architectural Standards
    7. Communication Plan

    This phase will walk you through the following activities:

    • Determine organizational complexity
    • Conduct an assessment of the EA governance components
    • Identify and prioritize gaps

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders
    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • Prioritized list of gaps

    Info-Tech Insight

    Correlation is not causation – an apparent problem might be a symptom rather than a cause. Assess the organization’s current EA governance to discover the root cause and go beyond the symptoms.

    Phase 1 guided implementation outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Current State of EA Governance

    Proposed Time to Completion: 2 weeks

    Step 1.1: Determine organizational complexity

    Start with an analyst kick-off call:

    • Discuss how to use Info-Tech’s EA Capability – Risk and Complexity Assessment Tool.
    • Discuss how to complete the inputs on the EA Governance Assessment Tool.

    Then complete these activities…

    • Conduct an assessment of your organization to determine its complexity.
    • Assess the state of EA governance within your organization.

    With these tools & templates:

    • EA Capability – Risk and Complexity Assessment Tool
    • EA Governance Assessment Tool

    Step 1.2: Assess current state of EA governance

    Start with an analyst kick-off call:

    • Review the output of the EA governance assessment and gather feedback on your goals for the EA practice.

    Then complete these activities…

    • Discuss whether you are ready to proceed with the project.
    • Review the list of tasks and plan your next steps.

    With these tools & templates:

    • EA Governance Assessment Tool

    Right-size EA governance based on organizational complexity

    Determining organizational complexity is not rocket science. Use Info-Tech’s tool to quantify the complexity and use it, along with common sense, to determine the appropriate level of architecture governance.

    Info-Tech’s methodology uses six factors to determine the complexity of the organization:

    1. The size of the organization, which can often be denoted by the revenue, headcount, number of applications in use, and geographical diversity.
    2. The solution alignment factor helps indicate the degree to which various projects map to the organization’s strategy.
    3. The size and complexity of the IT infrastructure and networks.
    4. The portfolio of applications maintained by the IT organization.
    5. Key changes within the organization such as M&A, regulatory changes, or a change in business or technology leadership.
    6. Other negative influences that can adversely affect the organization.

    Determine your organization’s level of complexity

    1.1 2 hours

    Input

    • Group consensus on the current state of EA competencies.

    Output

    • A list of gaps that need to be addressed for EA governance competencies.

    Materials

    • Info-Tech’s EA assessment tool, a computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows a screenshot of the Table of Contents with the EA Capability section highlighted.

    Step 1 - Facilitate

    Download the EA Capability – Risk and Complexity Assessment Tool to facilitate a session on determining your organization’s complexity.

    Download EA Organizational - Risk and Complexity Assessment Tool

    Step 2 - Summarize

    Summarize the results in the EA governance framework document.

    Update the EA Governance Framework Template

    Understand the components of effective EA governance

    EA governance is multi-faceted and it facilitates effective use of resources to meet organizational strategic objectives through well-defined structural elements.

    EA Governance

    • Fundamentals
    • Engagement Model
    • Policy
    • Governing Bodies
    • Architectural Standards

    Components of architecture governance

    1. EA vision, mission, goals, metrics, and principles that provide a direction for the EA practice.
    2. An engagement model showing where and in what fashion EA is engaged in the IT operating model.
    3. An architecture policy formulated and enforced by the architectural governing bodies to guide and constrain architectural choices in pursuit of strategic goals.
    4. Governing bodies to assess projects for compliance and provide feedback.
    5. Architectural standards that codify the EA work products to ensure consistent development of architecture.

    Next Step: Based on the organization’s complexity, conduct a current state assessment of EA governance using Info-Tech’s EA Governance Assessment Tool.

    Assess the components of EA governance in your organization

    1.2 2 hrs

    Input

    • Group consensus on the current state of EA competencies.

    Output

    • A list of gaps that need to be addressed for EA governance competencies.

    Materials

    • Info-Tech’s EA assessment tool, a computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows a screenshot of the Table of Contents with the EA Governance section highlighted.

    Step 1 - Facilitate

    Download the “EA Governance Assessment Tool” to facilitate a session on identifying the best practices to be applied in your organization.

    Download Info-Tech’s EA Governance Assessment Tool

    Step 2 - Summarize

    Summarize the identified best practices in the EA governance framework document.

    Update the EA Governance Framework Template


    Conduct a current state assessment to identify limitations of the existing EA governance framework

    CASE STUDY

    Industry Insurance

    Source Info-Tech

    Situation

    INSPRO01 was planning a major transformation initiative. The organization determined that EA is a strategic function.

    The CIO had pledged support to the EA group and had given them a mandate to deliver long-term strategic architecture.

    The business leaders did not trust the EA team and believed that lack of business skills in the group put the business transformation at risk.

    Complication

    The EA group had been traditionally seen as a technology organization that helps with software design.

    The EA team lacked understanding of the business and hence there had been no common language between business and technology.

    Result

    Info-Tech helped the EA team create a set of 10 architectural principles that are business-value driven rather than technical statements.

    The team socialized the principles with the business and technology stakeholders and got their approvals.

    By applying the business focused architectural principles, the EA team was able to connect with the business leaders and gain their support.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • Determine organizational complexity.
    • Conduct an assessment of the EA governance components.
    • Identify and prioritize gaps.

    Outcomes

    • Organizational complexity assessment
    • EA governance capability assessment
    • A prioritized list of capability gaps

    Phase 2

    EA Fundamentals

    Create a Right-Sized Enterprise Architecture Governance Framework

    EA Fundamentals

    1. Current State of EA Governance
    2. EA Fundamentals
    3. Engagement Model
    4. EA Governing Bodies
    5. EA Policy
    6. Architectural Standards
    7. Communication Plan

    This phase will walk you through the following activities:

    • Craft the EA vision and mission
    • Develop the EA principles.
    • Identify the EA goals

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders
    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • Refined set of EA fundamentals to support the building of EA governance

    Info-Tech Insight

    A house divided against itself cannot stand – ensure that the EA fundamentals are aligned with the organization’s goals and objectives.

    Phase 2 guided implementation outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: EA Fundamentals

    Proposed Time to Completion: 3 weeks

    Step 2.1: Develop the EA fundamentals

    Review findings with analyst:

    • Discuss the importance of the EA fundamentals – vision, mission, goals, measures, and principles.
    • Understand how to align the EA vision, mission, goals, and measures to your organization’s vision, mission, goals, measures, and principles.

    Then complete these activities…

    • Develop the EA vision statements.
    • Craft the EA mission statements.
    • Define EA goals and measures.
    • Adopt EA principles.

    With these tools & templates:

    • EA Vision and Mission Template
    • EA Principles Template
    • EA Goals and Measures Template

    Step 2.2: Review the EA fundamentals

    Review findings with analyst:

    • Review the EA fundamentals in conjunction with the results of the EA governance assessment tool and gather feedback.

    Then complete these activities…

    • Refine the EA vision, mission, goals, measures, and principles.
    • Review the list of tasks and plan your next steps.

    With these tools & templates:

    • EA Vision and Mission Template
    • EA Principles Template
    • EA Goals and Measures Template

    Fundamentals of an EA organization

    Vision, mission, goals and measures, and principles form the foundation of the EA function.

    Factors to consider when developing the vision and mission statements

    The vision and mission statements provide strategic direction to the EA team. These statements should be created based on the business and technology drivers in the organization.

    Business Drivers

    • Business drivers are factors that determine, or cause, an increase in value or major improvement of a business.
    • Examples of business drivers include:
      • Increased revenue
      • Customer retention
      • Salesforce effectiveness
      • Innovation

    Technology Drivers

    • Technology drivers are factors that are vital for the continued success and growth of a business using effective technologies.
    • Examples of technology drivers include:
      • Enterprise integration
      • Information security
      • Portability
      • Interoperability

    "The very essence of leadership is [that] you have a vision. It's got to be a vision you articulate clearly and forcefully on every occasion. You can't blow an uncertain trumpet." – Theodore Hesburgh

    Develop vision, mission, goals, measures, and principles to define the EA capability direction and purpose

    EA capability vision statement

    Articulates the desired future state of EA capability expressed in the present tense.

    • What will be the role of EA capability?
    • How will EA capability be perceived?

    Example: To be recognized by both the business and IT as a trusted partner that drives [Company Name]’s effectiveness, efficiency, and agility.

    EA capability mission statement

    Articulates the fundamental purpose of the EA capability.

    • Why does EA capability exist?
    • What does EA capability do to realize its vision?
    • Who are the key customers of the EA capability?

    Example: Define target enterprise architecture for [Company Name], identify solution opportunities, inform IT investment management, and direct solution development, acquisition, and operation compliance.

    EA capability goals and measures

    EA capability goals define specific desired outcomes of an EA management process execution. EA capability measures define how to validate the achievement of the EA capability goals.

    Example:

    Goal: Improve reuse of IT assets at [Company Name].

    Measures:

    • The number of building blocks available for reuse.
    • Percent of projects that utilized existing building blocks.
    • Estimated efficiency gain (= effort to create a building block * reuse count).

    EA principles

    EA principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting target-state enterprise architecture design, solution development, and procurement decisions.

    Example:

    • EA principle name: Reuse.
    • Statement: Maximize reuse of existing assets.
    • Rationale: Reuse prevents duplication of development and support efforts, increasing efficiency, and agility.
    • Implications: Define architecture and solution building blocks and ensure their consistent application.

    EA principles guide decision making

    Policies can be seen as “the letter of the law,” whereas EA principles summarize “the spirit of the law.”

    The image shows a graphic with EA Principles listed at the top, with an arrow pointing down to Decisions on the use of IT. At the bottom are domain-specific policies, with two arrows pointing upwards: the arrow on the left is labelled direct, and the arrow on the right is labelled control. The arrow points up to the label Decisions on the use of IT. On the left, there is an arrow pointing both up and down. At the top it is labelled The spirit of the law, and at the bottom, The letter of the law. On the right, there is another arrow pointing both up and down, labelled How should decisions be made at the top and labelled Who has the accountability and authority to make decisions? at the bottom.

    Define EA capability goals and related measures that resonate with EA capability stakeholders

    EA capability goals, i.e. specific desired outcomes of an EA management process execution. Use COBIT 5, APO03 process goals, and metrics as a starting point.

    The image shows a chart titled Manage Enterprise Architecture.

    Define relevant business value measures to collect indirect evidence of EA’s contribution to business benefits

    Define key operational measures for internal use by IT and EA practitioners. Also, define business value measures that communicate and demonstrate the value of EA as an enabler of business outcomes to senior executives.

    EA performance measures (lead, operational) EA value measures (lag)
    Application of EA management process EA’s contribution to IT performance EA’s contribution to business value

    Enterprise Architecture Management

    • Number of months since the last review of target state EA blueprints.

    IT Investment Portfolio Management

    • Percentage of projects that were identified and proposed by EA.

    Solution Development

    • Number of projects that passed EA reviews.
    • Number of building blocks reused.

    Operations Management

    • Reduction in the number of applications with overlapping functionality.

    Business Value

    • Lower non-discretionary IT spend.
    • Decreased time to production.
    • Higher satisfaction of IT-enabled services.

    Refine the organization’s EA fundamentals

    2.1 2 hrs

    Input

    • Group consensus on the current state of EA competencies.

    Output

    • A list of gaps that need to be addressed for EA governance competencies.

    Materials

    • Info-Tech’s EA assessment tool, a computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows the Table of Contents with four sections highlighted, beginning with EA Vision Statement and ending with EA Goals and Measures.

    Step 1 - Facilitate

    Download the three templates and hold a working session to facilitate a session on creating EA fundamentals.

    Download the EA Vision and Mission Template, the EA Principles Template, and the EA Goals and Measures Template

    Step 2 - Summarize

    Document the final vision, mission, principles, goals, and measures within the EA Governance Framework.

    Update the EA Governance Framework Template


    Ensure that the EA fundamentals are aligned to the organizational needs

    CASE STUDY

    Industry Insurance

    Source Info-Tech

    Situation

    The EA group at INSPRO01 was being pulled in multiple directions with requests ranging from architecture review to solution design to code reviews.

    Project level architecture was being practiced with no clarity on the end goal. This led to EA being viewed as just another IT function without any added benefits.

    Info-Tech recommended that the EA team ensure that the fundamentals (vision, mission, principles, goals, and measures) reflect what the team aspired to achieve before fixing any of the process concerns.

    Complication

    The EA team was mostly comprised of technical people and hence the best practices outlined were not driven by business value.

    The team had no documented vision and mission statements in place. In addition, the existing goals and measures were not tied to the business strategic objectives.

    The team had architectural principles documented, but there were too many and they were very technical in nature.

    Result

    With Info-Tech’s guidance, the team developed a vision and mission statement to succinctly communicate the purpose of the EA function.

    The team also reduced and simplified the EA principles to make sure they were value driven and communicated in business terms.

    Finally, the team proposed goals and measures to track the performance of the EA team.

    With the fundamentals in place, the team was able to show the value of EA and gain organization-wide acceptance.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • Craft the EA vision and mission.
    • Develop the EA principles.
    • Identify the EA goals.

    Outcomes

    • Refined set of EA fundamentals to support the building of EA governance.

    Phase 3

    Engagement Model

    Create a Right-Sized Enterprise Architecture Governance Framework

    Engagement Model

    1. Current state of EA governance
    2. EA fundamentals
    3. Engagement model
    4. EA governing bodies
    5. EA policy
    6. Architectural standards
    7. Communication Plan

    This step will walk you through the following activities:

    • Build the case for EA engagement
    • Engagement touchpoints within the IT operating model

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders
    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • Summary of the assessment of the current EA engagement model
    • Target EA engagement model

    Info-Tech Insight

    Perform due diligence prior to decision making. Use the EA Engagement Model to promote conversations between stage gate meetings as opposed to having the conversation during the stage gate meetings.

    Phase 3 guided implementation outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: EA engagement model

    Proposed Time to Completion: 2 weeks

    Step 3.1 Review the current IT operating model

    Start with an analyst kick-off call:

    • Review Info-Tech’s IT operating model.
    • Understand how to document your organization’s IT operating model.
    • Document EA’s current role and responsibility at each stage of the IT operating model.

    Then complete these activities…

    • Document your organization’s IT operating model.

    With these tools & templates:

    • EA Engagement Model Template

    Step 3.2: Determine the target engagement model

    Review findings with analyst:

    • Review your organization’s current state IT operating model.
    • Review your EA’s role and responsibility at each stage of the IT operating model.
    • Document the role and responsibility of EA in the future state.

    Then complete these activities…

    • Document EA’s future role within each stage of your organization’s IT operating model.

    With these tools & templates:

    • EA Engagement Model Template.

    The three pillars of EA Engagement

    Effective EA engagement revolves around three basic principles – generating business benefits, creating adaptable models, and being able to replicate the process across the organization.

    Business Value Driven

    Focus on generating business value from organizational investments.

    Repeatable

    Process should be standardized, transparent, and repeatable so that it can be consistently applied across the organization.

    Flexible

    Accommodate the varying needs of projects of different sizes.

    Where these pillars meet: Advocates long-term strategic vs. short-term tactical solutions.

    EA interaction points within the IT operating model

    EA’s engagement in each stage within the plan, build, and run phases should be clearly defined and communicated.

    Plan Strategy Development Business Planning Conceptualization Portfolio Management
    Build Requirements Solution Design Application Development/ Procurement Quality Assurance
    Run Deploy Operate

    Document the organization’s current IT operating model

    3.1 2-3 hr

    Input

    • IT project lifecycle

    Output

    • Organization’s current IT operating model.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, IT department leads, business leaders.

    Instructions:

    Hold a working session with the participants to document the current IT operating model. Facilitate the activity using the following steps:

    1. Map out the IT operating model.

    1. Find a project that was just deployed within the organization and backtrack every step of the way to the strategy development that resulted in the conception of the project.
    2. Interview the personnel involved with each step of the process to get a sense of whether or not projects usually move to deployment going through these steps.
    3. Review Info-Tech’s best-practice IT operating model presented in the EA Engagement Model Template, and add or remove any steps to the existing organization’s IT operating model as necessary. Document the finalized steps of the IT operating model.

    2. Determine EA’s current role in the operating model.

    1. Interview EA personnel through each step of the process and ask them their role. This is to get a sense of the type of input that EA is having into each step of the process.
    2. Using the EA Engagement Model Template, document the current role of EA in each step of the organization’s IT operation as you complete the interviews.

    Download the EA Engagement Model Template to document the organization’s current IT operating model.

    Define RACI in every stage of the IT operating model (e.g. EA role in strategy development phase of the IT operating model is presented below)

    Strategy Development

    Also known as strategic planning, strategy development is fundamental to creating and running a business. It involves the creation of a longer-term game plan or vision that sets specific goals and objectives for a business.

    R Those in charge of performing the task. These are the people actively involved in the completion of the required work. Business VPs, EA, IT directors R
    A The one ultimately answerable for the correct and thorough completion of the deliverable or task, and the one who delegates the work to those responsible. CEO A
    C Those whose opinions are sought before a decision is made, and with whom there is two-way communication. PMO, Line managers, etc. C
    I Those who are kept up to date on progress, and with whom there is one-way communication. Development managers, etc. I

    Next Step: Similarly define the RACI for each stage of the IT operating model; refer to the activity slide for prompts.

    Best practices on the role of EA within the IT operating model

    Plan

    Strategy Development

    C

    Business Planning

    C

    Conceptualization

    A

    Portfolio Management

    C

    Build

    Requirements

    C

    Solution Design

    R

    Application Development/ Procurement

    R

    Quality Assurance

    I

    Run

    Deploy

    I

    Operate

    I

    Next Step: Define the role of EA in each stage of the IT operating model; refer to the activity slide for prompts.

    Define EA’s target role in each step of the IT operating model

    3.2 2 hrs

    Input

    • Organization’s IT operating model.

    Output

    • Organization’s EA engagement model.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, CIO, business leaders, IT department leaders.

    The image shows the Table of Contents for the EA Engagement Model Template with the EA Engagement Summary section highlighted.

    Step 1 - Facilitate

    Download the EA Engagement Model Template and hold a working session to define EA’s target role in each step of the IT operating model.

    Download the EA Engagement Model Template

    Step 2 - Summarize

    Document the target state role of EA within the EA Governance Framework document.

    Update the EA Governance Framework Template


    Design an EA engagement model to formalize EA’s role within the IT operating model

    CASE STUDY

    Industry Insurance

    Source Info-Tech

    Situation

    INSPRO01 had a high IT cost structure with looming technology debt due to a preference for short-term tactical gains over long-term solutions.

    The business satisfaction with IT was at an all-time low due to expensive solutions that did not meet business needs.

    INSPRO01’s technology landscape was in disarray with many overlapping systems and interoperability issues.

    Complication

    No single team within the organization had an end-to-end perspective all the way from strategy to project execution. A lot of information was being lost in handoffs between different teams.

    This led to inconsistent design/solution patterns being applied. Investment decisions had not been grounded in reality and this often led to cost overruns.

    Result

    Info-Tech helped INSPRO01 identify opportunities for EA team engagement at different stages of the IT operating model. EA’s role within each stage was clearly defined and documented.

    With Info-Tech’s help, the EA team successfully made the case for engagement upfront during strategy development rather than during project execution.

    The increased transparency enabled the EA team to ensure that investments were aligned to organizational strategic goals and objectives.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • Build the case for EA engagement.
    • Identify engagement touchpoints within the IT operating model.

    Outcomes

    • Summary of the assessment of the current EA engagement model
    • Target EA engagement model

    Phase 4

    EA Governing Bodies

    Create a Right-Sized Enterprise Architecture Governance Framework

    EA Governing Bodies

    1. Current state of EA governance
    2. EA fundamentals
    3. Engagement model
    4. EA governing bodies
    5. EA policy
    6. Architectural standards
    7. Communication Plan

    This phase will walk you through the following activities:

    • Identify the number of governing bodies
    • Define the game plan to initialize the governing bodies
    • Define the architecture review process

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders
    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • Charter definition for each EA governance board

    Info-Tech Insight

    Use architecture governance like a scalpel rather than a hatchet. Implement governing bodies to provide guidance rather than act as a police force.

    Phase 4 guided implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Create or identify EA governing bodies

    Proposed Time to Completion: 2 weeks

    Step 4.1: Identify architecture boards and develop charters

    Start with an analyst kick-off call:

    • Understand the factors influencing the number of governing bodies required for an organization.
    • Understand the components of a governing body charter.

    Then complete these activities…

    • Identify how many governing bodies are needed.
    • Define EA governing body composition, meeting frequency, and domain of coverage.
    • Define the inputs and outputs of each EA governing body.
    • Identify mandatory inclusion criteria.

    With these tools & templates:

    • Architecture Board Charter Template

    Step 4.2: Develop an architecture review process

    Follow-up with an analyst call:

    • Review the number of boards identified for your organization and gather feedback.
    • Review the charters developed for each governing body and gather feedback.
    • Understand the various factors that impact the architecture review process.
    • Review Info-Tech’s best-practice architecture review process.

    Then complete these activities…

    • Refine the charters for governing bodies.
    • Develop the architecture review process for your organization.

    With these tools & templates:

    • Architecture Review Process Template

    Factors that determine the number of architectural boards required

    The primary purpose of architecture boards is to ensure that business benefits are maximized and solution design is within the options set forth by the architectural reference models without introducing additional layers of bureaucracy.

    The optimal number of architecture boards required in an organization is a function of the following factors:

    • EA organization model
      • Distributed
      • Federated
      • Centralized
    • Architecture domains Maturity of architecture domains
    • Project throughput

    Commonly observed architecture boards:

    • Architecture Review Board
    • Technical Architecture Committee
    • Data Architecture Review Board
    • Infrastructure Architecture Review Board
    • Security Architecture Review Board

    Info-Tech Insight

    Before building out a new governance board, start small by repurposing existing forums by adding architecture as an agenda item. As the items for review increase consider introducing dedicated governing bodies.

    EA organization model drives the architecture governance structure

    EA teams can be organized in three ways – distributed, federated, and centralized. Each model has its own strengths and weaknesses. EA governance must be structured in a way such that the strengths are harvested and the weaknesses are mitigated.

    Distributed Federated Centralized
    EA org. structure
    • No overarching EA team exists and segment architects report to line of business (LOB) executives.
    • A centralized EA team exists with segment architects reporting to LOB executives and dotted-line to head of (centralized) EA.
    • A centralized EA capability exists with enterprise architects reporting to the head of EA.
    Implications
    • Produces a fragmented and disjointed collection of architectures.
    • Economies of scale are not realized.
    • High cross-silo integration effort.
    • LOB-specific approach to EA.
    • Requires dual reporting relationships.
    • Additional effort is required to coordinate centralized EA policies and blueprints with segment EA policies and blueprints.
    • Accountabilities may be unclear.
    • Can be less responsive to individual LOB needs, because the centralized EA capability must analyze needs of multiple LOBs and various trade-off options to avoid specialized, one-off solutions.
    • May impede innovation.
    Architectural boards
    • Cross LOB working groups to create architecture standards, patterns, and common services.
    • Local boards to support responsiveness to LOB-specific needs.
    • Cross LOB working groups to create architecture standards, patterns and common services.
    • Cross-enterprise boards to ensure adherence to enterprise standards and reduce integration costs.
    • Local boards to support responsiveness to LOB specific needs.
    • Enterprise working groups to create architecture standards, patterns, and all services.
    • Central board to ensure adherence to enterprise standards.

    Architecture domains influences the number of architecture boards required

    • An architecture review board (ARB) provides direction for domain-specific boards and acts as an escalation point. The ARB must have the right mix of both business and technology stakeholders.
    • Domain-specific boards provide a platform to have focused discussions on items specific to that domain.
    • Based on project throughput and the maturity of each domain, organizations would have to pick the optimal number of boards.
    • Architecture working groups provide a platform for cross-domain conversations to establish organization wide standards.
    Level 1 Architecture Review Board IT and Business Leaders
    Level 2 Business Architecture Board Data Architecture Board Application Architecture Board Infrastructure Architecture Board Security Architecture Board IT and Business Managers
    Level 3 Architecture Working Groups Architects

    Create a game plan for the architecture boards

    • Start with a single board for each level – an architecture review board (ARB), a technical architecture committee (TAC), and architecture working groups.
    • As the organization matures and the number of requests to the TAC increase, consider creating domain-specific boards – such as business architecture, data architecture, application architecture, etc. – to handle architecture decisions pertaining to that domain.

    Start with this:

    Level 1 Architecture Review Board
    Level 2 Technical Architecture Committee
    Level 3 Architecture Working Groups

    Change to this:

    Architecture Review Board IT and Business Leaders
    Business Architecture Board Data Architecture Board Application Architecture Board Infrastructure Architecture Board Security Architecture Board IT and Business Managers
    Architecture Working Groups Architects

    Architecture boards have different objectives and activities

    The boards at each level should be set up with the correct agenda – ensure that the boards’ composition and activities reflect their objective. Use the entry criteria to communicate the agenda for their meetings.

    Architecture Review Board Technical Architecture Committee
    Objective
    • Evaluates business strategy, needs, and priorities, sets direction and acts as a decision making authority of the EA capability.
    • Directs the development of target state architecture.
    • Monitors performance and compliance of the architectural standards.
    • Monitor project solution architecture compliance to standards, regulations, EA principles, and target state EA blueprints.
    • Review EA compliance waiver requests, make recommendations, and escalate to the architecture review board (ARB).
    Composition
    • Business Leadership
    • IT Leadership
    • Head of Enterprise Architecture
    • Business Managers
    • IT Managers
    • Architects
    Activities
    • Review compliance of conceptual solution to standards.
    • Discuss the enterprise implications of the proposed solution.
    • Select and approve vendors.
    • Review detailed solution design.
    • Discuss the risks of the proposed solution.
    • Discuss the cost of the proposed solution.
    • Review and recommend vendors.
    Entry Criteria
    • Changes to IT Enterprise Technology Policy.
    • Changes to the technology management plan.
    • Approve changes to enterprise technology inventory/portfolio.
    • Ongoing operational cost impacts.
    • Detailed estimates for the solution are ready for review.
    • There are significant changes to protocols or technologies responsible for solution.
    • When the project is deviating from baselined architectures.

    Identify the number of governing bodies

    4.1 2 hrs

    Input

    • EA Vision and Mission
    • EA Engagement Model

    Output

    • A list of EA governing bodies.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, CIO, business line leads, IT department leads.

    Instructions:

    Hold a working session with the participants to identify the number of governing bodies. Facilitate the activity using the following steps:

    1. Examine the EA organization models mentioned previously. Assess how your organization is structured, and identify whether your organization has a federated, distributed or centralized EA organization model.
    2. Reference the “Game plan for the architecture boards” slide. Assess the architecture domains, and define how many there are in the organization.
    3. Architecture domains:
      1. If no defined architecture domains exist, model the number of governing bodies in the organization based on the “Start with this” scenario in the “Game plan for the architecture boards” slide.
      2. If defined architecture domains do exist, model the number of governing bodies based on the “Change to this” scenario in the “Game plan for the architecture boards” slide.
    4. Name each governing body you have defined in the previous step. Download Info-Tech’s Architecture Board Charter Template for each domain you have named. Input the names into the title of each downloaded template.

    Download the Architecture Board Charter Template to document this activity.

    Defining the governing body charter

    The charter represents the agreement between the governing body and its stakeholders about the value proposition and obligations to the organization.

    1. Purpose: The reason for the existence of the governing body and its goals and objectives.
    2. Composition: The members who make up the committee and their roles and responsibilities in it.
    3. Frequency of meetings: The frequency at which the committee gathers to discuss items and make decisions.
    4. Entry/Exit Criteria: The criteria by which the committee selects items for review and items for which decisions can be taken.
    5. Inputs: Materials that are provided as inputs for review and decision making by the committee.
    6. Outputs: Materials that are provided by the committee after an item has been reviewed and the decision made.
    7. Activities: Actions undertaken by the committee to arrive at its decision.

    Define EA’s target role in each step of the IT operating model

    4.2 3 hrs

    Input

    • A list of all identified EA governing bodies.

    Output

    • Charters for each EA governing bodies.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows the Table of Contents for the EA Governance Framework document, with the Architecture Board Charters highlighted.

    Step 1 Facilitate

    Hold a working session with the stakeholders to define the charter for each of the identified architecture boards.

    Download Architecture Board Charter Template

    Step 2 Summarize

    • Summarize the objectives of each board and reference the charter document within the EA Governance Framework.
    • Upload the final charter document to the team’s common repository.

    Update the EA Governance Framework document


    Considerations when creating an architecture review process

    • Ensure that architecture review happens at major milestones within the organization’s IT Operating Model such as the plan, build, and run phases.
    • In order to provide continuous engagement, make the EA group accountable for solution architecture in the plan phase. In the build phase, the EA group will be consulted while the solution architect will be responsible for the project solution architecture.

    Plan

    • Strategy Development
    • Business Planning
    • A - Conceptualization
    • Portfolio Management

    Build

    • Requirements
    • R - Solution Design
    • Application Development/ Procurement
    • Quality Assurance

    Run

    • Deploy
    • Operate

    Best-practice project architecture review process

    The best-practice model presented facilitates the creation of sound solution architecture through continuous engagement with the EA team and well-defined governance checkpoints.

    The image shows a graphic of the best-practice model. At the left, four categories are listed: Committees; EA; Project Team; LOB. At the top, three categories are listed: Plan; Build; Run. Within the area between these categories is a flow chart demonstrating the best-practice model and specific checkpoints throughout.

    Develop the architecture review process

    4.3 2 hours

    Input

    • A list of all EA governing bodies.
    • Info-Tech’s best practice architecture review process.

    Output

    • The new architecture review process.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    Hold a working session with the participants to develop the architecture review process. Facilitate the activity using the following steps:

    1. Reference Info-Tech’s best-practice architecture review process embedded within the “Architecture Review Process Template” to gain an understanding of an ideal architecture review process.
    2. Identify the stages within the plan, build, and run phases where solution architecture reviews should occur, and identify the governing bodies involved in these reviews.
    3. As you go through these stages, record your findings in the Architecture Review Process Template.
    4. Connect the various activities leading to and from the architecture creation points to outline the review process.

    Download the Architecture Review Process Template for additional guidance regarding developing an architecture review process.

    Develop the architecture review process

    4.3 2 hrs

    Input

    • A list of all identified EA governing bodies.

    Output

    • Charters for each EA governing bodies.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows a screenshot of the Table of Contents, with the Architecture Review Process highlighted.

    Step 1 - Facilitate

    Download Architecture Review Process Template and facilitate a session to customize the best-practice model presented in the template.

    Download the Architecture Review Process Template

    Step 2 - Summarize

    Summarize the process changes and document the process flow in the EA Governance Framework document.

    Update the EA Governance Framework Template

    Right-size EA governing bodies to reduce the perception of red tape

    Case Study

    Industry Insurance

    Source Info-Tech

    Situation

    At INSPRO01, architecture governance boards were a bottleneck. The boards fielded all project requests, ranging from simple screen label changes to complex initiatives spanning multiple applications.

    These boards were designed as forums for technology discussions without any business stakeholder involvement.

    Complication

    INSPRO01’s management never gave buy-in to the architecture governance boards since their value was uncertain.

    Additionally, architectural reviews were perceived as an item to be checked off rather than a forum for getting feedback.

    Architectural exceptions were not being followed through due to the lack of a dispensation process.

    Result

    Info-Tech has helped the team define adaptable inclusion/exclusion criteria (based on project complexity) for each of the architectural governing boards.

    The EA team was able to make the case for business participation in the architecture forums to better align business and technology investment.

    An architecture dispensation process was created and operationalized. As a result architecture reviews became more transparent with well-defined next steps.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • Identify the number of governing bodies.
    • Define the game plan to initialize the governing bodies.
    • Define the architecture review process.

    Outcomes

    • Charter definition for each EA governance board

    Phase 5

    EA Policy

    Create a Right-Sized Enterprise Architecture Governance Framework

    EA Policy

    1. Current state of EA governance
    2. EA fundamentals
    3. Engagement model
    4. EA governing bodies
    5. EA policy
    6. Architectural standards
    7. Communication Plan

    This phase will walk you through the following activities:

    • Define the EA policy scope
    • Identify the target audience
    • Determine the inclusion and exclusion criteria
    • Create an assessment checklist

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders
    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • The completed EA policy
    • Project assessment checklist
    • Defined assessment outcomes
    • Completed compliance waiver process

    Info-Tech Insight

    Use the EA policy to promote EA’s commitment to deliver value to business stakeholders through process transparency, stakeholder engagement, and compliance.

    Phase 5 guided implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 5: EA Policy

    Proposed Time to Completion: 3 weeks

    Step 5.1–5.3: EA Policy, Assessment Checklists, and Decision Types

    Start with an analyst kick-off call:

    • Discuss the three pillars of EA policy and its purpose.
    • Review the components of an effective EA policy.
    • Understand how to develop architecture assessment checklists.
    • Understand the assessment decision types.

    Then complete these activities…

    • Define purpose, scope, and audience of the EA policy.
    • Create a project assessment checklist.
    • Define the organization’s assessment decision type.

    With these tools & templates:

    • EA Policy Template
    • EA Assessment Checklist Template

    Step 5.4: Compliance Waivers

    Review findings with analyst:

    • Review your draft EA policy and gather feedback.
    • Review your project assessment checklists and the assessment decision types.
    • Discuss the best-practice architecture compliance waiver process and how to tailor it to your organizational needs.

    Then complete these activities…

    • Refine the EA policy based on feedback gathered.
    • Create the compliance waiver process.

    With these tools & templates:

    • EA Compliance Waiver Process Template
    • EA Compliance Waiver Form Template

    Three pillars of architecture policy

    Architecture policy is a set of guidelines, formulated and enforced by the governing bodies of an organization, to guide and constrain architectural choices in pursuit of strategic goals.

    Architecture compliance – promotes compliance to organizational standards through well-defined assessment checklists across architectural domains.

    Business value – ensures that investments are tied to business value by enforcing traceability to business capabilities.

    Architectural guidance – provides guidance to architecture practitioners on the application of the business and technology standards.

    Components of EA policy

    An enterprise architecture policy is an actionable document that can be applied to projects of varying complexity across the organization.

    1. Purpose and Scope: This EA policy document clearly defines the scope and the objectives of architecture reviews within an organization.
    2. Target Audience: The intended audience of the policy such as employees and partners.
    3. Architecture Assessment Checklist: A wide range of typical questions that may be used in conducting Architecture Compliance reviews, relating to various aspects of the architecture.
    4. Assessment Outcomes: The outcome of the architecture review process that determines the conformance of a project solution to the enterprise architecture standards.
    5. Compliance Waiver: Used when a solution or segment architecture is perceived to be non-compliant with the enterprise architecture.

    Draft the purpose and scope of the EA policy

    5.1 2.5 hrs

    Input

    • A consensus on the purpose, scope, and audience for the EA policy.

    Output

    • Documented version of the purpose, scope, and audience for the EA policy.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, CIO, business line leads, IT department leads.

    The image shows a screenshot of the Table of Contents with the EA Policy section highlighted.

    Step 1 - Facilitate

    Download the EA Policy Template and hold a working session to draft the EA policy.

    Download the EA Policy Template

    Step 2 - Summarize

    • Summarize purpose, scope, and intended audience of the policy in the EA Governance Framework document.
    • Update the EA policy document with the purpose, scope and intended audience.

    Update the EA Governance Framework Template

    Architecture assessment checklist

    Architecture assessment checklist is a list of future-looking criteria that a project will be assessed against. It provides a set of standards against which projects can be assessed in order to render a decision on whether or not the project can be greenlighted.

    Architecture checklists should be created for each EA domain since each domain provides guidance on specific aspects of the project.

    Sample Checklist Questions

    Business Architecture:

    • Is the project aligned to organizational strategic goals and objectives?
    • What are the business capabilities that the project supports? Is it creating new capabilities or supporting an existing one?

    Data Architecture:

    • What processes are in place to support data referential integrity and/or normalization?
    • What is the physical data model definition (derived from logical data models) used to design the database?

    Application Architecture:

    • Can this application be placed on an application server independent of all other applications? If not, explain the dependencies.
    • Can additional parallel application servers be easily added? If so, what is the load balancing mechanism?

    Infrastructure Architecture:

    • Does the solution provide high-availability and fault-tolerance that can recover from events within a datacenter?

    Security Architecture:

    • Have you ensured that the corporate security policies and guidelines to which you are designing are the latest versions?

    Create architectural assessment checklists

    5.2 2 hrs

    Input

    • Reference architecture models.

    Output

    • Architecture assessment checklist.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows a screenshot of the Table of Contents with the EA Assessment Checklist section highlighted.

    Step 1 - Facilitate

    Download the EA Assessment Checklist Template and hold a working session to create the architectural assessment checklists.

    Download the EA Assessment Checklist Template

    Step 2 - Summarize

    • Summarize the major points of the checklists in the EA Governance Framework document.
    • Update the EA policy document with the detailed architecture assessment checklists.

    Update the EA Governance Framework Template

    Architecture assessment decision types

    • As a part of the proposed solution review, the governing bodies produce a decision indicating the compliance of the solution architecture with the enterprise standards.
    • Go, No Go, or Conditional are a sample set of decision outcomes available to the governing bodies.
    • On a conditional approval, the project team must file for a compliance waiver.

    Approved

    • The solution demonstrates substantial compliance with standards.
    • Negligible risk to the organization or minimal risks with sound plans of how to mitigate them.
    • Architectural approval to proceed with delivery type of work.

    Conditional Approval

    • The significant aspects of the solution have been addressed in a satisfactory manner.
    • Yet, there are some aspects of the solution that are not compliant with standards.
    • The architectural approval is conditional upon presenting the missing evidence within a minimal period of time determined.
    • The risk level may be acceptable to the organization from an overall IT governance perspective.

    Not Approved

    • The solution is not compliant with the standards.
    • Scheduled for a follow-up review.
    • Not recommended to proceed until the solution is more compliant with the standards.

    Best-practice architecture compliance waiver process

    Waivers are not permanent. Waiver terms must be documented for each waiver specifying:

    • Time period after which the architecture in question will be compliant with the enterprise architecture.
    • The modifications necessary to the enterprise architecture to accommodate the solution.

    The image shows a flow chart, split into 4 sections: Enterprise Architect; Solution Architect; TAC; ARB. To the right of these section labels, there is a flow chart that documents the waiver process.

    Create compliance waiver process

    5.4 3-4 hrs

    Input

    • A consensus on the compliance waiver process.

    Output

    • Documented compliance waiver process and form.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows the Table of Contents with the Compliance Waiver Form section highlighted.

    Step 1 - Facilitate

    Download the EA compliance waiver template and hold a working session to customize the best-practice process to your organization’s needs.

    Download the EA Compliance Waiver Process Template

    Step 2 - Summarize

    • Summarize the objectives and high-level process in the EA Governance Framework document.
    • Update the EA policy document with the compliance waiver process.
    • Upload the final policy document to the team’s common repository.

    Update the EA Governance Framework Template

    Creates an enterprise architecture policy to drive adoption

    Case Study

    Industry Insurance

    Source Info-Tech

    Situation

    EA program adoption across INSPRO01 was at its lowest point due to a lack of transparency into the activities performed by the EA group.

    Often, projects ignored EA entirely as it was viewed as a nebulous and non-value-added activity that produced no measurable results.

    Complication

    There was very little documented information about the architecture assessment process and the standards against which project solution architectures were evaluated.

    Additionally, there were no well-defined outcomes for the assessment.

    Project groups were left speculating about the next steps and with little guidance on what to do after completing an assessment.

    Result

    Info-Tech helped the EA team create an EA policy containing architecture significance criteria, assessment checklists, and reference to the architecture review process.

    Additionally, the team also identified guidelines and detailed next steps for projects based on the outcome of the architecture assessment.

    These actions brought clarity to EA processes and fostered better engagement with the EA group.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • Define the scope.
    • Identify the target audience.
    • Determine the inclusion and exclusion criteria.
    • Create an assessment checklist.

    Outcomes

    • The completed EA policy
    • Project assessment checklist
    • Defined assessment outcomes
    • Completed compliance waiver process

    Phase 6

    Architectural Standards

    Create a Right-Sized Enterprise Architecture Governance Framework

    Architectural Standards

    1. Current state of EA governance
    2. EA fundamentals
    3. Engagement model
    4. EA governing bodies
    5. EA policy
    6. Architectural standards
    7. Communication Plan

    This phase will walk you through the following activities:

    • Identify and standardize EA work products
    • Classify the architectural standards
    • Identify the custodian of standards
    • Update the standards

    This step involves the following participants:

    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • A standardized set of EA work products
    • A way to categorize and store EA work products
    • A defined method of updating standards

    Info-Tech Insight

    The architecture standard is the currency that facilitates information exchange between stakeholders. The primary purpose is to minimize transaction costs by providing a balance between stability and relevancy.

    Phase 6 guided implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 6: Architectural standards

    Proposed Time to Completion: 4 weeks

    Step 6.1: Understand Architectural Standards

    Start with an analyst kick-off call:

    • Discuss architectural standards.
    • Know how to identify and define EA work products.
    • Understand the standard content of work products.

    Then complete these activities…

    • Identify and standardize EA work products.

    Step 6.2–6.3: EA Repository and Updating the Standards

    Review with analyst:

    • Review the standardized EA work products.
    • Discuss the principles of EA repository.
    • Discuss the Info-Tech best-practice model for updating architecture standards and how to tailor them to your organizational context.

    Then complete these activities…

    • Build a folder structure for storing EA work products.
    • Use the Info-Tech best-practice architecture standards update process to develop your organization’s process for updating architecture standards.

    With these tools & templates:

    • Architecture Standards Update Process Template

    Recommended list of EA work products to standardize

    • EA work products listed below are typically produced as a part of the architecture lifecycle.
    • To ensure consistent development of architecture, the work products need to be standardized.
    • Consider standardizing both the naming conventions and the content of the work products.
    1. EA vision: A document containing the vision that provides the high-level aspiration of the capabilities and business value that EA will deliver.
    2. Statement of EA Work: The Statement of Architecture Work defines the scope and approach that will be used to complete an architecture project.
    3. Reference architectures: A reference architecture is a set of best-practice taxonomy that describes components and the conceptual structure of the model, as well as graphics, which provide a visual representation of the taxonomy to aid understanding. Reference architectures are created for each of the architecture domains.
    4. Solution proposal: The proposed project solution based on the EA guidelines and standards.
    5. Compliance assessment request: The document that contains the project solution architecture assessment details.
    6. Architecture change request: The request that initiates a change to architecture standards when existing standards can no longer meet the needs of the enterprise.
    7. Transition architecture: A transition architecture shows the enterprise at incremental states that reflect periods of transition that sit between the baseline and target architectures.
    8. Architectural roadmap: A roadmap that lists individual increments of change and lays them out on a timeline to show progression from the baseline architecture to the target architecture.
    9. EA compliance waiver request: A compliance waiver request that must be made when a solution or segment architecture is perceived to be non-compliant with the enterprise architecture.

    Standardize the content of each work product

    1. Purpose - The reason for the existence of the work product.
    2. Owner - The owner of this EA work product.
    3. Target Audience - The intended audience of the work product such as employees and partners.
    4. Naming Pattern - The pattern for the name of the work product as well as its file name.
    5. Table of Contents - The various sections of the work product.
    6. Review & Sign-Off Authority - The stakeholders who will review the work product and approve it.
    7. Repository Folder Location - The location where the work product will be stored.

    Identify and standardize work products

    6.1 3 hrs

    Input

    • List of various documents being produced by projects currently.

    Output

    • Standardized list of work products.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • A computer, and/or a whiteboard and marker.

    Instructions:

    Hold a working session with the participants to identify and standardize work products. Facilitate the activity using the steps below.

    1. Identifying EA work products:
      1. Start by reviewing the list of all architecture-related documents presently produced in the organization. Any such deliverable with the following characteristics can be standardized:
        1. If it can be broken out and made into a standalone document.
        2. If it can be made into a fill-in form completed by others.
        3. If it is repetitive and requires iterative changes.
      2. Create a list of work products that your organization would like to standardize based on the characteristics above.
    2. The content and format of standardized EA work products:
      1. For each work product your organization wishes to standardize, look at its purpose and brainstorm the content needed to fulfill that purpose.
      2. After identifying the elements that need to be included in the work product to fulfill its purpose, order them logically for presentation purposes.
      3. In each section of the work product that need to be completed, include instructions on how to complete the section.
      4. Review the seven elements presented in the previous slide and include them in the work products.

    EA repository - information taxonomy

    As the EA function begins to grow and accumulates EA work products, having a well-designed folder structure helps you find the necessary information efficiently.

    Architecture meta-model

    Describes the organizationally tailored architecture framework.

    Architecture capability

    Defines the parameters, structures, and processes that support the enterprise architecture group.

    Architecture landscape

    An architectural presentation of assets in use by the enterprise at particular points in time.

    Standards information base

    Captures the standards with which new architectures and deployed services must comply.

    Reference library

    Provides guidelines, templates, patterns, and other forms of reference material to accelerate the creation of new architectures for the enterprise.

    Governance log

    Provides a record of governance activity across the enterprise.

    Create repository folder structure

    6.2 5-6 hrs

    Input

    • List of standardized work products.

    Output

    • EA work products mapped to a repository folder.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, IT department leads.

    Instructions:

    Hold a working session with the participants to create a repository structure. Facilitate the activity using the steps below:

    1. Start with the taxonomy on the previous slide, and sort the existing work products into these six categories.
    2. Assess that the work products are sorted in a mutually exclusive and collectively exhaustive fashion. This means that a certain work product that appears in one category should not appear in another category. As well, make sure these six categories capture all the existing work products.
    3. Based on the categorization of the work products, build a folder structure that follows these categories, which will allow for the work products to be accessed quickly and easily.

    Create a process to update EA work products

    • Architectural standards are not set in stone and should be reviewed and updated periodically.
    • The Architecture Review Board is the custodian for standards.
    • Any change to the standards need to be assessed thoroughly and must be communicated to all the impacted stakeholders.

    Architectural standards update process

    Identify

    • Identify changes to the standards

    Assess

    • Review and assess the impacts of the change

    Document

    • Document the change and update the standard

    Approve

    • Distribute the updated standards to key stakeholders for approval

    Communicate

    • Communicate the approved changes to impacted stakeholders

    Create a process to continually update standards

    6.3 1.5 hrs

    Input

    • The list of work products and its owners.

    Output

    • A documented work product update process.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows the screenshot of the Table of Contents with the Standards Update Process highlighted.

    Step 1 - Facilitate

    Download the standards update process template and hold a working session to customize the best practice process to your organization’s needs.

    Download the Architecture Standards Update Process Template

    Step 2 - Summarize

    Summarize the objectives and the process flow in the EA governance framework document.

    Update the EA Governance Framework Template

    Create architectural standards to minimize transaction costs

    Case Study

    Industry Insurance

    Source Info-Tech

    Situation

    INSPRO01 didn’t maintain any centralized standards and each project had its own solution/design work products based on the preference of the architect on the project. This led to multiple standards across the organization.

    Lack of consistency in architectural deliverables made the information hand-offs expensive.

    Complication

    INSPRO01 didn’t maintain the architectural documents in a central repository and the information was scattered across multiple project folders.

    This caused key stakeholders to make decisions based on incomplete information and resulted in constant revisions as new information became available.

    Result

    Info-Tech recommended that the EA team identify and standardize the various EA work products so that information was collected in a consistent manner across the organization.

    The team also recommended an information taxonomy to store the architectural deliverables and other collateral.

    This resulted in increased consistency and standardization leading to efficiency gains.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • Identify and standardize EA work products.
    • Classify the architectural standards.
    • Identify the custodian of standards.
    • Update the standards.

    Outcomes

    • A standardized set of EA work products
    • A way to categorize and store EA work products
    • A defined method of updating standards

    Phase 7

    Communication Plan

    Create a Right-Sized Enterprise Architecture Governance Framework

    Communication Plan

    1. Current state of EA governance
    2. EA fundamentals
    3. Engagement model
    4. EA governing bodies
    5. EA policy
    6. Architectural standards
    7. Communication Plan

    This phase will walk you through the following activities:

    • List the changes identified in the EA governance initiative
    • Identify stakeholders
    • Create a communication plan

    This step involves the following participants:

    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • Communication Plan
    • EA Governance Framework

    Info-Tech Insight

    By failing to prepare, you are preparing to fail – maximize the likelihood of success for EA governance by engaging the relevant stakeholders and communicating the changes.

    Phase 7 guided implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 6: Operationalize the EA governance framework

    Proposed Time to Completion: 1 week

    Step 7.1: Create a Communication Plan

    Start with an analyst kick-off call:

    • Discuss how to communicate changes to stakeholders.
    • Discuss the purposes and benefits of the EA governance framework.

    Then complete these activities…

    • Identify the stakeholders affected by the EA governance transformations.
    • List the benefits of the proposed EA governance initiative.
    • Create a plan to communicate the changes to impacted stakeholders.

    With these tools & templates:

    • EA Governance Communication Plan Template
    • EA Governance Framework Template

    Step 7.2: Review the Communication Plan

    Start with an analyst kick-off call:

    • Review the communication plan and gather feedback on the proposed stakeholders.
    • Confer about the various methods of communicating change in an organization.
    • Discuss the uses of the EA Governance Framework.

    Then complete these activities…

    • Refine your communication plan and use it to engage with stakeholders to better serve customers.
    • Create the EA Governance Framework to accompany the communication plan in engaging stakeholders to better understand the value of EA.

    With these tools & templates:

    • EA Governance Communication Plan Template
    • EA Governance Framework Template

    Communicate changes to stakeholders

    The changes made to the EA governance components need to be reviewed, approved, and communicated to all of the impacted stakeholders.

    Deliverables to be reviewed:

    • Fundamentals
      • Vision and Mission
      • Goals and Measures
      • Principles
    • Architecture review process
    • Assessment checklists
    • Policy Governing body charters
    • Architectural standards

    Deliverable Review Process:

    Step 1: Hold a meeting with stakeholders to review, refine, and agree on the changes.

    Step 2: Obtain an official approval from the stakeholders.

    Step 3: Communicate the changes to the impacted stakeholders.

    Communicate the changes by creating an EA governance framework and communication plan

    7.1 3 hrs

    Input

    • EA governance deliverables.

    Output

    • EA Governance Framework
    • Communication Plan.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, CIO, business line leads, IT department leads.

    Instructions:

    Hold a working session with the participants to create the EA governance framework as well as the communication plan. Facilitate the activity using the steps below:

    1. EA Governance Framework:
      1. The EA Governance Framework is a document that will help reference and cite all the materials created from this blueprint. Follow the instructions on the framework to complete.
    2. Communication Plan:
      1. Identify the stakeholders based on the EA governance deliverables.
      2. For each stakeholder identified, complete the “Communication Matrix” section in the EA Governance Communication Plan Template. Fill out the section based on the instructions in the template.
      3. As the stakeholders are identified based on the “Communication Matrix,” use the EA Governance Framework document to communicate the changes.

    Download the EA Governance Communication Plan Template and EA Governance Framework Template for additional instructions and to document your activities in this phase.

    Maximize the likelihood of success by communicating changes

    Case Study

    Industry Insurance

    Source Info-Tech

    Situation

    The EA group followed Info-Tech’s methodology to assess the current state and has identified areas for improvement.

    Best practices were adopted to fill the gaps identified.

    The team planned to communicate the changes to the technology leadership team and get approvals.

    As the EA team tried to roll out changes, they encountered resistance from various IT teams.

    Complication

    The team was not sure of how to communicate the changes to the business stakeholders.

    Result

    Info-Tech has helped the team conduct a thorough stakeholder analysis to identify all the stakeholders who would be impacted by the changes to the architecture governance framework.

    A comprehensive communication plan was developed that leveraged traditional email blasts, town hall meetings, and non-traditional methods such as team blogs.

    The team executed the communication plan and was able to manage the change effectively.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • List the changes identified in the EA governance initiative.
    • Identify stakeholders.
    • Create a communication plan.
    • Compile the materials created in the blueprint to better communicate the value of EA governance.

    Outcomes

    • Communication plan
    • EA governance framework

    Bibliography

    Government of British Columbia. “Architecture and Standards Review Board.” Government of British Columbia. 2015. Web. Jan 2016. < http://www.cio.gov.bc.ca/cio/standards/asrb.page >

    Hopkins, Brian. “The Essential EA Toolkit Part 3 – An Architecture Governance Process.” Cio.com. Oct 2010. Web. April 2016. < http://www.cio.com/article/2372450/enterprise-architecture/the-essential-ea-toolkit-part-3---an-architecture-governance-process.html >

    Kantor, Bill. “How to Design a Successful RACI Project Plan.” CIO.com. May 2012. Web. Jan 2016. < http://www.cio.com/article/2395825/project-management/how-to-design-a-successful-raci-project-plan.html >

    Sapient. “MIT Enterprise Architecture Guide.” Sapient. Sep 2004. Web. Jan 2016. < http://web.mit.edu/itag/eag/FullEnterpriseArchitectureGuide0.1.pdf >

    TOGAF. “Chapter 41: Architecture Repository.” The Open Group. 2011. Web. Jan 2016. < http://pubs.opengroup.org/architecture/togaf9-doc/arch/chap41.html >

    TOGAF. “Chapter 48: Architecture Compliance.” The Open Group. 2011. Web. Jan 2016. < http://pubs.opengroup.org/architecture/togaf9-doc/arch/chap48.html >

    TOGAF. “Version 9.1.” The Open Group. 2011. Web. Jan 2016. http://pubs.opengroup.org/architecture/togaf9-doc/arch/

    United States Secret Service. “Enterprise Architecture Review Board.” United States Secret Service. Web. Jan 2016. < http://www.archives.gov/records-mgmt/toolkit/pdf/ID191.pdf >

    Virginia Information Technologies Agency. “Enterprise Architecture Policy.” Commonwealth of Virginia. Jul 2006. Web. Jan 2016. < https://www.vita.virginia.gov/uploadedfiles/vita_main_public/library/eapolicy200-00.pdf >

    Research contributors and experts

    Alan Mitchell, Senior Manager, Global Cities Centre of Excellence, KPMG

    Alan Mitchell has held numerous consulting positions before his role in Global Cities Centre of Excellence for KPMG. As a Consultant, he has had over 10 years of experience working with enterprise architecture related engagements. Further, he worked extensively with the public sector and prides himself on his knowledge of governance and how governance can generate value for an organization.

    Ian Gilmour, Associate Partner, EA advisory services, KPMG

    Ian Gilmour is the global lead for KPMG’s enterprise architecture method and Chief Architect for the KPMG Enterprise Reference Architecture for Health and Human Services. He has over 20 years of business design experience using enterprise architecture techniques. The key service areas that Ian focuses on are business architecture, IT-enabled business transformation, application portfolio rationalization, and the development of an enterprise architecture capability within client organizations.

    Djamel Djemaoun Hamidson, Senior Enterprise Architect, CBC/Radio-Canada

    Djamel Djemaoun is the Senior Enterprise Architect for CBC/Radio-Canada. He has over 15 years of Enterprise Architecture experience. Djamel’s areas of special include service-oriented architecture, enterprise architecture integration, business process management, business analytics, data modeling and analysis, and security and risk management.

    Sterling Bjorndahl, Director of Operations, eHealth Saskatchewan

    Sterling Bjorndahl is now the Action CIO for the Sun Country Regional Health Authority, and also assisting eHealth Saskatchewan grow its customer relationship management program. Sterling’s areas of expertise include IT strategy, enterprise architecture, ITIL, and business process management. He serves as the Chair on the Board of Directors for Gardiner Park Child Care.

    Huw Morgan, IT Research Executive, Enterprise Architect

    Huw Morgan has 10+ years experience as a Vice President or Chief Technology Officer in Canadian internet companies. As well, he possesses 20+ years experience in general IT management. Huw’s areas of expertise include enterprise architecture, integration, e-commerce, and business intelligence.

    Serge Parisien, Manager, Enterprise Architecture at Canada Mortgage Housing Corporation

    Serge Parisien is a seasoned IT leader with over 25 years of experience in the field of information technology governance and systems development in both the private and public sectors. His areas of expertise include enterprise architecture, strategy, and project management.

    Alex Coleman, Chief Information Officer at Saskatchewan Workers’ Compensation Board

    Alex Coleman is a strategic, innovative, and results-driven business leader with a proven track record of 20+ years’ experience planning, developing, and implementing global business and technology solutions across multiple industries in the private, public, and not-for-profit sectors. Alex’s expertise includes program management, integration, and project management.

    L.C. (Skip) Lumley , Student of Enterprise and Business Architecture

    Skip Lumley was formerly a Senior Principle at KPMG Canada. He is now post-career and spends his time helping move enterprise business architecture practices forward. His areas of expertise include enterprise architecture program implementation and public sector enterprise architecture business development.

    Additional contributors

    • Tim Gangwish, Enterprise Architect at Elavon
    • Darryl Garmon, Senior Vice President at Elavon
    • Steve Ranaghan, EMEIA business engagement at Fujitsu

    Leverage Agile Goal Setting for Improved Employee Engagement & Performance

    • Buy Link or Shortcode: {j2store}593|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Manage & Coach
    • Parent Category Link: /manage-coach
    • Managers are responsible for driving the best performance out of their staff while still developing individuals professionally.
    • Micromanaging tasks is an ineffective, inefficient way to get things done and keep employees engaged at the same time.
    • Both managers and employees view goal setting as a cumbersome process that never materializes in day-to-day work.
    • Without a consistent and agile goal-setting environment that pervades every day, managers risk low productivity and disengaged employees.

    Our Advice

    Critical Insight

    • Effective performance management occurs throughout the year, on a daily and weekly basis, not just at annual performance review time. Managers must embrace this reality and get into the habit of setting agile short-term goals to drive productivity.
    • Employee empowerment is one of the most significant contributors to employee engagement, which is a proven performance driver. Short-term goal setting, which is ultimately employee-owned, develops and nurtures a strong sense of employee empowerment.
    • Micromanaging employee tasks will get managers nowhere quickly. Putting in the effort to collaboratively define goals that benefit both the organization and the employee will pay off in the long run.
    • Goal setting should not be a cumbersome activity, but an agile, rolling habit that ensures employees are focused, supported, and given appropriate feedback to continue to drive performance.

    Impact and Result

    • Managers who have daily meetings to set goals are 17% more successful in terms of employee performance than managers who set goals annually.
    • Managers must be agile goal-setting role models, or risk over a third of their staff being confused about productivity expectations.
    • Managers that allow tracking of goals to be an inhibitor to goal setting are most likely to have a negative effect on employee performance success. In fact, tracking goals should not be a priority in the short-term.

    Leverage Agile Goal Setting for Improved Employee Engagement & Performance Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Learn the agile, short-term goal-setting process

    Implement agile goal setting with your team right away and drive performance.

    • Storyboard: Leverage Agile Goal Setting for Improved Employee Engagement & Performance
    [infographic]

    Drive Digital Transformation With Platform Strategies

    • Buy Link or Shortcode: {j2store}78|cart{/j2store}
    • member rating overall impact (scale of 10): 8.5/10 Overall Impact
    • member rating average dollars saved: $3,750 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • Enterprise is grappling with the challenges of existing business models and strategies not leading to desired outcomes.
    • Enterprise is struggling to remain competitive.
    • Enterprise wants to understand how to leverage platform strategies and a digital platform.

    Our Advice

    Critical Insight

    To remain competitive enterprises must renew and refresh their business model strategies and design/develop digital platforms – this requires enterprises to:

    • Understand how digital-native enterprises are using platform business models and associated strategies.
    • Understand their core assets and strengths and how these can be leveraged for transformation.
    • Understand the core characteristics and components of a digital platform so that they can design digital platform(s) for their enterprise.
    • Ask if the client’s digital transformation (DX) strategy is aligned with a digital platform enablement strategy.
    • Ask if the enterprise has paid attention to the structure, culture, principles, and practices of platform teams.

    Impact and Result

    Organizations that implement this project will gain benefits in five ways:

    • Awareness and understanding of various platform strategies.
    • Application of specific platform strategies within the context of the enterprise.
    • Awareness of their existing business mode, core assets, value proposition, and strengths.
    • Alignment between DX themes and platform enablement themes so enterprises can develop roadmaps that gauge successful DX.
    • Design of a digital platform, including characteristics, components, and team characteristics, culture, principles, and practices.

    Drive Digital Transformation With Platform Strategies Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should consider the platform business model and a digital platform to remain competitive.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Set goals for your platform business model

    Understand the platform business model and strategies and then set your platform business model goals.

    • Drive Digital Transformation With Platform Strategies – Phase 1: Set Goals for Your Platform Business Model
    • Business Platform Playbook

    2. Configure digital platform

    Define design goals for your digital platform. Align your DX strategy with digital platform capabilities and understand key components of the digital platform.

    • Drive Digital Transformation With Platform Strategies – Phase 2: Configure Your Digital Platform
    • Digital Platform Playbook
    [infographic]

    Workshop: Drive Digital Transformation With Platform Strategies

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Platform Business Model and Strategies

    The Purpose

    Understand existing business model, value proposition, and key assets.

    Understand platform business model and strategies.

    Key Benefits Achieved

    Understanding the current assets helps with knowing what can be leveraged in the new business model/transformation.

    Understanding the platform strategies can help the enterprise renew/refresh their business model.

    Activities

    1.1 Document the current business model along with value proposition and key assets (that provide competitive advantage).

    1.2 Transformation narrative.

    1.3 Platform model canvas.

    1.4 Document the platform strategies in the context of the enterprise.

    Outputs

    Documentation of current business model along with value proposition and key assets (that provide competitive advantage).

    Documentation of the selected platform strategies.

    2 Planning for Platform Business Model

    The Purpose

    Understand transformation approaches.

    Understand various layers of platforms.

    Ask fundamental and evolutionary questions about the platform.

    Key Benefits Achieved

    Understanding of the transformational model so that the enterprise can realize the differences.

    Understanding of the organization’s strengths and weaknesses for a DX.

    Extraction of strategic themes to plan and develop a digital platform roadmap.

    Activities

    2.1 Discuss and document decision about DX approach and next steps.

    2.2 Discuss and document high-level strategic themes for platform business model and associated roadmap.

    Outputs

    Documented decision about DX approach and next steps.

    Documented high-level strategic themes for platform business model and associated roadmap.

    3 Digital Platform Strategy

    The Purpose

    Understand the design goals for the digital platform.

    Understand gaps between the platform’s capabilities and the DX strategy.

    Key Benefits Achieved

    Design goals set for the digital platform that are visible to all stakeholders.

    Gap analysis performed between enterprise’s digital strategy and platform capabilities; this helps understand the current situation and thus informs strategies and roadmaps.

    Activities

    3.1 Discuss and document design goals for digital platform.

    3.2 Discuss DX themes and platform capabilities – document the gaps.

    3.3 Discuss gaps and strategies along with timelines.

    Outputs

    Documented design goals for digital platform.

    Documented DX themes and platform capabilities.

    DX themes and platform capabilities map.

    4 Digital Platform Design: Key Components

    The Purpose

    Understanding of key components of a digital platform, including technology and teams.

    Key Benefits Achieved

    Understanding of the key components of a digital platform and designing the platform.

    Understanding of the team structure, culture, and practices needed for successful platform engineering teams.

    Activities

    4.1 Confirmation and discussion on existing UX/UI and API strategies.

    4.2 Understanding of microservices architecture and filling of microservices canvas.

    4.3 Real-time stream processing data pipeline and tool map.

    4.4 High-level architectural view.

    4.5 Discussion on platform engineering teams, including culture, structure, principles, and practices.

    Outputs

    Filled microservices canvas.

    Documented real-time stream processing data pipeline and tool map.

    Documented high-level architectural view.

    Beyond Survival

    • Buy Link or Shortcode: {j2store}204|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • Consumer, customer, employee, and partner behavior has changed; new needs have arisen as a result of COVID-19. Entire business models had to be rethought and revised – in real time with no warning.
    • And worse, no one knows when (or even if) the pandemic will end. The world and the economy will continue to be highly uncertain, unpredictable, and vulnerable for some time.
    • Business leaders need to continue experimenting to stay in business, protect employees and supply chains, manage financial obligations, allay consumer and employee fears, rebuild confidence, and protect trust.
    • How do organizations know whether their new business tactics are working?

    Our Advice

    Critical Insight

    • We can learn many lessons from those who have survived and are succeeding.
    • They have one thing in common though – they rely on data and analytics to help people think and know how to respond, evaluate effectiveness of new business tactics, uncover emerging trends to feed innovation, and minimize uncertainty and risk.
    • This mini-blueprint highlights organizations and use cases where data, analytics, and AI deliver tangible business and human value now and in the future.

    Impact and Result

    • Learn from the pandemic survivors and super-achievers so that you too can hit the ground running in the new normal. Even better – go beyond survival, like many of them have done. Create your future by leveraging and scaling up your data and analytics investments. It is not (yet) too late, and Info-Tech can help.

    Beyond Survival Research & Tools

    Beyond Survival

    Use data, analytics, and AI to reimagine the future and thrive in the new normal.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Beyond Survival Storyboard
    [infographic]

    Mature and Scale Product Ownership

    • Buy Link or Shortcode: {j2store}145|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $21,919 Average $ Saved
    • member rating average days saved: 13 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Product owners must bridge the gap between the customers, operations, and delivery to ensure products continuously deliver increasing value.
    • Product owners are often assigned to projects or product delivery without proper support, guidance, or alignment.
    • In many organizations, the product owner role is not well-defined, serves as a proxy for stakeholder ownership, and lacks reinforcement of the key skills needed to be successful.

    Our Advice

    Critical Insight

    A product owner is the CEO for their product. Successful product management starts with empowerment and accountability. Product owners own the vision, roadmap, and value realization for their product or family aligned to enterprise goals and priorities.

    • Product and service ownership share the same foundation - underlying capabilities and best practices to own and improve a product or service are identical for both roles. Use the terms that make the most sense for your culture.
    • Product owners represent three primary perspectives: Business (externally facing), Technical (systems and tools), or Operational (manual processes). Although all share the same capabilities, how they approach their responsibilities is influenced by their primary perspective.
    • Product owners are operating under an incomplete understanding of the capabilities needed to succeed. Most product/service owners lack a complete picture of the needed capabilities, skills, and activities to successfully perform their roles.

    Impact and Result

    • Create a culture of product management trust and empowerment with product owners aligned to your operational structure and product needs.
    • Promote and develop true Agile skills among your product owners and family managers.
    • Implement Info-Tech’s product owner capability model to define the role expectations and provide a development path for product owners.

    Mature and Scale Product Ownership Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Mature and Scale Product Ownership Storyboard – Establish a culture of success for product management and mature product owner capabilities.

    Strengthen the product owner role in your organization by focusing on core capabilities and proper alignment.

  • Establish a foundation for empowerment and success.
  • Assign and align product owners with products and stakeholders.
  • Mature product owner capabilities and skills.
    • Mature and Scale Product Ownership Storyboard

    2. Mature and Scale Product Ownership Readiness Assessment – Determine your readiness for a product-centric culture based on Info-Tech’s CLAIM+G model.

    Using Info-Tech’s CLAIM model, quickly determine your organization’s strengths and weaknesses preparing for a product culture. Use the heat map to identify key areas.

    • Mature and Scale Product Ownership Readiness Assessment

    3. Mature and Scale Product Ownership Playbook – Playbook for product owners and product managers.

    Use the blueprint exercises to build your personal product owner playbook. You can also use the workbook to capture exercise outcomes.

    • Mature and Scale Product Ownership Playbook

    4. Mature and Scale Product Ownership Workbook – Workbook for product owners and product managers.

    Use this workbook to capture exercise outcomes and transfer them to your Mature and Scale Product Ownership Playbook (optional).

    • Mature and Scale Product Ownership Workbook

    5. Mature and Scale Product Ownership Proficiency Assessment – Determine your current proficiency and improvement areas.

    Product owners need to improve their core capabilities and real Agile skills. The assessment radar will help identify current proficiency and growth opportunities.

    • Mature and Scale Product Ownership Proficiency Assessment
    [infographic]

    Workshop: Mature and Scale Product Ownership

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish the foundation for product ownership

    The Purpose

    Establish the foundation for product ownership.

    Key Benefits Achieved

    Product owner playbook with role clarity and RACI.

    Activities

    1.1 Define enablers and blockers of product management.

    1.2 Define your product management roles and names.

    1.3 Assess your product management readiness.

    1.4 Identify your primary product owner perspective.

    1.5 Define your product owner RACI.

    Outputs

    Enablers and blockers

    Role definitions.

    Product culture readiness

    Product owner perspective mapping

    Product owner RACI

    2 Align product owners to products

    The Purpose

    Align product owners to products.

    Key Benefits Achieved

    Assignment of resources to open products.

    A stakeholder management strategy.

    Activities

    2.1 Assign resources to your products and families.

    2.2 Visualize relationships to identify key influencers.

    2.3 Group stakeholders into categories.

    2.4 Prioritize your stakeholders.

    Outputs

    Product resource assignment

    Stakeholder management strategy

    Stakeholder management strategy

    Stakeholder management strategy

    3 Mature product owner capabilities

    The Purpose

    Mature product owner capabilities.

    Key Benefits Achieved

    Assess your Agile product owner readiness

    Assess and mature product owner capabilities

    Activities

    3.1 Assess your real Agile skill proficiency.

    3.2 Assess your vison capability proficiency.

    3.3 Assess your leadership capability proficiency.

    3.4 Assess your PLM capability proficiency.

    3.5 Assess your value realization capability proficiency.

    3.6 Identify your business value drivers and sources of value.

    Outputs

    Real Agile skill proficiency assessment

    Info-Tech’s product owner capability model proficiency assessment

    Info-Tech’s product owner capability model proficiency assessment

    Info-Tech’s product owner capability model proficiency assessment

    Info-Tech’s product owner capability model proficiency assessment

    Business value drivers and sources of value

    Further reading

    Mature and Scale Product Ownership

    Strengthen the product owner’s role in your organization by focusing on core capabilities and proper alignment.

    Executive Brief

    Analyst Perspective

    Empower product owners throughout your organization.

    Hans Eckman

    Whether you manage a product or service, the fundamentals of good product ownership are the same. Organizations need to focus on three key elements of product ownership in order to be successful.

    • Create an environment of empowerment and service leadership to reinforce product owners and product family managers as the true owners of the vision, improvement, and realized the value of their products.
    • Align product and product family owner roles based on operational alignment and the groups defined when scaling product management.
    • Develop your product owners to improve the quality of roadmaps, alignment to enterprise goals, and profit and loss (P&L) for each product or service.

    By focusing the attention of the teammates serving in product owner or service owner roles, your organization will deliver value sooner and respond to change more effectively.

    Hans Eckman

    Principal Research Director – Application Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Product owners must bridge the gap between the customers, operations, and delivery to ensure products continuously deliver increasing value.

    Product owners are often assigned to projects or product delivery without proper support, guidance, or alignment.

    In many organizations the product owner role is not well-defined, serves as a proxy for stakeholder ownership, and lacks reinforcement of the key skills needed to be successful.

    Common Obstacles

    Organizations have poor alignment or missing product owners between lines of business, IT, and operations.

    Product owners are aligned to projects and demand management rather than long-term strategic product ownership.

    Product families are not properly defined, scaled, and supported within organizations.

    Individuals in product owner roles have an incomplete understanding of needed capabilities and lack a development path.

    Info-Tech's Approach

    Create a culture of product management trust and empowerment with product owners aligned to your operational structure and product needs.

    Promote and develop true Agile skills among your product owners and family managers.

    Implement Info-Tech’s product owner capability model to define the role expectations and provide a development path for product owners.

    Extend product management success using Deliver on Your Digital Product Vision and Deliver Digital Products at Scale.

    Info-Tech Insight

    There is no single correct approach to product ownership. Product ownership must be tuned and structured to meet the delivery needs of your organization and the teams it serves.

    Info-Tech’s Approach

    Product owners make the final decision

    • Establish a foundation for empowerment and success
    • Assign product owners and align with products and stakeholders
    • Mature product owner capabilities and skills
    Product Owner capabilities: Vision, Product Lifecycle Management, Leadership, Value Realization

    The Info-Tech difference

    1. Assign product owners where product decisions are needed, not to match org charts or delivery teams. The product owner has the final word on product decisions.
    2. Organize product owners into related teams to ensure product capabilities delivered are aligned to enterprise strategy and goals.
    3. Shared products and services must support the needs of many product owners with conflicting priorities. Shared service product owners must map and prioritize demand to align to enterprise priorities and goals.
    4. All product owners share the same capability model.

    Insight summary

    There is no single correct approach to product ownership

    Successful product management starts with empowerment and accountability. Product owners own the vision, roadmap, and value realization for their product or family aligned to enterprise goals and priorities.

    Phase 1 insight

    Product owners represent three primary perspectives: business (external-facing), technical (systems and tools), or operational (manual processes). Although all share the same capabilities, how they approach their responsibilities is influenced by their primary perspective.

    Phase 2 insight

    Start with your operational grouping of products and families, identifying where an owner is needed. Then, assign people to the products and families. The owner does not define the product or family.

    Phase 3 insight

    Product owners are operating under an incomplete understanding of the capabilities needed to succeed. Most product/service owners lack a complete picture of the needed capabilities, skills, and activities to successfully perform their roles.

    Product and service ownership share the same foundation

    The underlying capabilities and best practices to own and improve a product or service are identical for both roles. Use the terms that make the most sense for your culture.

    Map product owner roles to your existing job titles

    Identify where product management is needed and align expectations with existing roles. Successful product management does not require a dedicated job family.

    Projects can be a mechanism for funding product changes and improvements

    Projects can be a mechanism for funding product changes and improvements. Shows difference of value for project life-cycles, hybrid life-cycles, and product life-cycles.

    Projects within products

    Regardless of whether you recognize yourself as a product-based or project-based shop, the same basic principles should apply.

    You go through a period or periods of project-like development to build a version of an application or product.

    You also have parallel services along with your project development, which encompass the more product-based view. These may range from basic support and maintenance to full-fledged strategy teams or services like sales and marketing.

    Product and services owners share the same foundation and capabilities

    For the purpose of this blueprint, product/service and product owner/service owner are used interchangeably. The term “product” is used for consistency but would apply to services, as well.

    Product = Service

    Common foundations: Focus on continuous improvement, ROI, and value realization. Clear vision, goals, roadmap, and backlog.

    “Product” and “service” are terms that each organization needs to define to fit its culture and customers (internal and external). The most important aspect is consistent use and understanding of:

    • External products
    • Internal products
    • External services
    • Internal services
    • Products as a service (PaaS)
    • Productizing services (SaaS)

    Recognize the product owner perspectives

    The 3 product owner perspectives. 1. Business: Customer-facing, value-generating. 2. Technical: IT systems and tools. 3. Operations: Keep-the-lights-on processes.

    Product owners represent one of three primary perspectives. Although all share the same capabilities, how they approach their responsibilities is influenced by their primary perspective.

    Info-Tech Insight

    Product owners must translate needs and constraints from their perspective into the language of their audience. Kathy Borneman, Digital Product Owner at SunTrust Bank, noted the challenges of finding a common language between lines of business and IT (e.g. what is a unit?).

    Match your product management role definitions to your product family levels

    Product ownership exists at the different operational tiers or levels in your product hierarchy. This does not imply a management relationship.

    Product portfolio

    Groups of product families within an overall value stream or capability grouping.

    Project portfolio manager

    Product family

    A collection of related products. Products can be grouped along architectural, functional, operational, or experiential patterns.

    Product family manager

    Product

    Single product composed of one or more applications and services.

    Product owner

    Info-Tech Insight

    Define the current roles that will perform the product management function or define consistent role names to product owners and managers.

    Align enterprise value through product families

    Product families are operational groups based on capabilities or business functions. Product family managers translate goals, priorities, and constraints so they are actionable at the next level. Product owners prioritize changes to enhance the capabilities that allow you to realize your product family. Enabling capabilities realize value and help reach your goals.

    Understand special circumstances

    In Deliver Digital Products at Scale, products were grouped into families using Info-Tech’s five scaling patterns. Assigning owners to Enterprise Applications and Shared Services requires special consideration.

    Value stream alignment

    • Business architecture
      • Value stream
      • Capability
      • Function
    • Market/customer segment
    • Line of business (LoB)
    • Example: Customer group > value stream > products

    Enterprise applications

    • Enabling capabilities
    • Enterprise platforms
    • Supporting apps
    • Example: HR > Workday/Peoplesoft > Modules Supporting: Job board, healthcare administrator

    Shared Services

    • Organization of related services into service family
    • Direct hierarchy does not necessarily exist within the family
    • Examples: End-user support and ticketing, workflow and collaboration tools

    Technical

    • Domain grouping of IT infrastructure, platforms, apps, skills, or languages
    • Often used in combination with Shared Services grouping or LoB-specific apps
    • Examples: Java, .NET, low-code, database, network

    Organizational alignment

    • Used at higher levels of the organization where products are aligned under divisions
    • Separation of product managers from organizational structure is no longer needed because the management team owns the product management role

    Map sources of demand and influencers

    Use the stakeholder analysis to define the key stakeholders and sources of demand for enterprise applications and shared services. Extend your mapping to include their stakeholders and influencers to uncover additional sources of demand and prioritization.

    Map of key stakeholders for enterprise applications and shared services.

    Info-Tech Insight

    Your product owner map defines the influence landscape your product operates. It is every bit as important as the teams who enhance, support and operate your product directly.

    Combine your product owner map with your stakeholder map to create a comprehensive view of influencers.

    The primary value of the product owner is to fill the backlog with the highest ROI opportunities aligned with enterprise goals.

    Info-Tech Insight

    The product owner owns the direction of the product.

    • Roadmap - Where are we going?
    • Backlog - What changes are needed to get there?
    • Product review - Did we get close enough?

    Product delivery realizes value for your product family

    While planning and analysis are done at the family level, work and delivery are done at the individual product level.

    Product strategy includes: Vision, Goals, Roadmap, backlog and Release plan.

    Product family owners are more strategic

    When assigning resources, recognize that product family owners will need to be more strategic with their planning and alignment of child families and products.

    Product family owners are more strategic. They require a roadmap that is strategic, goal-based, high-level, and flexible.

    Info-Tech Insight

    Roadmaps for your product family are, by design, less detailed. This does not mean they aren’t actionable! Your product family roadmap should be able to communicate clear intentions around the future delivery of value in both the near and long term.

    Connecting your product family roadmaps to product roadmaps

    Your product and product family roadmaps should be connected at an artifact level that is common between both. Typically, this is done with capabilities, but it can be done at a more granular level if an understanding of capabilities isn’t available.

    Product family roadmap versus Product Roadmaps.

    Develop a product owner stakeholder strategy

    Stakeholder management, Product lifecycle, Project delivery, Operational support.

    Stakeholders are a critical cornerstone to product ownership. They provide the context, alignment, and constraints that influence or control what a product owner can accomplish.

    Product owners operate within a network of stakeholders who represent different perspectives within the organization.

    First, product owners must identify members of their stakeholder network. Next, they should devise a strategy for managing stakeholders.

    Without a stakeholder strategy, product owners will encounter obstacles, resistance, or unexpected changes.

    Create a stakeholder network map to product roadmaps and prioritization

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers, to uncover hidden stakeholders.

    Stakeholder network map defines the influence landscape your product operates. Connectors determine who may be influencing your direct stakeholders.

    Info-Tech Insight

    Your stakeholder map defines the influence landscape your product operates. It is every bit as important as the teams who enhance, support and operate your product directly.

    Use “connectors” to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantive relationships with your stakeholders.

    Being successful at Agile is more than about just doing Agile

    The following represents the hard skills needed to “Do Agile”:

    Being successful at Agile needs 4 hard skills: 1. Engineering skills, 2. Technician Skills, 3. Framework/Process skills, 4. Tools skills.
    • Engineering skills. These are the skills and competencies required for building brand-new valuable software.
    • Technician skills. These are the skills and competencies required for maintaining and operating the software delivered to stakeholders.
    • Framework/Process skills. These are the specific knowledge skills required to support engineering or technician skills.
    • Tools skills. This represents the software that helps you deliver other software.

    While these are important, they are not the whole story. To effectively deliver software, we believe in the importance of being Agile over simply doing Agile.

    Adapted from: “Doing Agile” Is Only Part of the Software Delivery Pie

    Why focus on core skills?

    They are the foundation to achieve business outcomes

    Skills, actions, output and outcomes

    The right skills development is only possible with proper assessment and alignment against outcomes.

    Focus on these real Agile skills

    Agile skills

    • Accountability
    • Collaboration
    • Comfort with ambiguity
    • Communication
    • Empathy
    • Facilitation
    • Functional decomposition
    • Initiative
    • Process discipline
    • Resilience

    Product capabilities deliver value

    As a product owner, you are responsible for managing these facets through your capabilities and activities.

    The core product and value stream consists of: Funding - Product management and governance, Business functionality - Stakeholder and relationship management, and Technology - Product delivery.

    Info-Tech Best Practice

    It is easy to lose sight of what matters when we look at a product from a single point of view. Despite what "The Agile Manifesto" says, working software is not valuable without the knowledge and support that people need in order to adopt, use, and maintain it. If you build it, they will not come. Product owners must consider the needs of all stakeholders when designing and building products.

    Recognize product owner knowledge gaps

    Pulse survey of product owners

    Pulse survey of product owners. Graph shows large percentage of respondents have alignment to common agile definition of product owners. Yet a significant perception gap in P&L, delivery, and analytics.

    Info-Tech Insight

    1. Less than 15% of respondents identified analytics or financial management as a key component of product ownership.
    2. Assess your product owner’s capabilities and understanding to develop a maturity plan.

    Source: Pulse Survey (N=18)

    Implement the Info-Tech product owner capability model

    Unfortunately, most product owners operate with incomplete knowledge of the skills and capabilities needed to perform the role. Common gaps include focusing only on product backlogs, acting as a proxy for product decisions, and ignoring the need for key performance indicators (KPIs) and analytics in both planning and value realization.

    Product Owner capabilities: Vision, Product Lifecycle Management, Leadership, Value Realization

    Vision

    • Market Analysis
    • Business Alignment
    • Product Roadmap

    Leadership

    • Soft Skills
    • Collaboration
    • Decision Making

    Product Lifecycle Management

    • Plan
    • Build
    • Run

    Value Realization

    • KPIs
    • Financial Management
    • Business Model

    Product owner capabilities provide support

    Vision predicts impact of Value realization. Value realization provides input to vision

    Your vision informs and aligns what goals and capabilities are needed to fulfill your product or product family vision and align with enterprise goals and priorities. Each item on your roadmap should have corresponding KPIs or OKRs to know how far you moved the value needle. Value realization measures how well you met your target, as well as the impacts on your business value canvas and cost model.

    Product lifecycle management builds trust with Leadership. Leadership improves quality of Product lifecycle management.

    Your leadership skills improve collaborations and decisions when working with your stakeholders and product delivery teams. This builds trust and improves continued improvements to the entire product lifecycle. A product owner’s focus should always be on finding ways to improve value delivery.

    Product owner capabilities provide support

    Leadership enhances Vision. Vision Guides Product Lifecycle Management. Product Lifecycle Management delivers Value Realization. Leadership enhances Value Realization

    Develop product owner capabilities

    Each capability: Vision, Product lifecycle management, Value realization and Leadership has 3 components needed for successful product ownership.

    Avoid common capability gaps

    Vision

    • Focusing solely on backlog grooming (tactical only)
    • Ignoring or failing to align product roadmap to enterprise goals
    • Operational support and execution
    • Basing decisions on opinion rather than market data
    • Ignoring or missing internal and external threats to your product

    Leadership

    • Failing to include feedback from all teams who interact with your product
    • Using a command-and-control approach
    • Viewing product owner as only a delivery role
    • Acting as a proxy for stakeholder decisions
    • Avoiding tough strategic decisions in favor of easier tactical choices

    Product lifecycle management

    • Focusing on delivery and not the full product lifecycle
    • Ignoring support, operations, and technical debt
    • Failing to build knowledge management into the lifecycle
    • Underestimating delivery capacity, capabilities, or commitment
    • Assuming delivery stops at implementation

    Value realization

    • Focusing exclusively on “on time/on budget” metrics
    • Failing to measure a 360-degree end-user view of the product
    • Skipping business plans and financial models
    • Limiting financial management to project/change budgets
    • Ignoring market analysis for growth, penetration, and threats

    Your product vision is your North Star

    It's ok to dream a little!

    Who is the target customer, what is the key benefit, what do they need, what is the differentiator

    Adapted from: Crossing the Chasm

    Info-Tech Best Practice

    A product vision shouldn’t be so far out that it doesn’t feel real or so short-term that it gets bogged down in minutiae and implementation details. Finding the right balance will take some trial and error and will be different for each organization.

    Leverage the product canvas to state and inform your product vision

    Leverage the product Canvas to state and inform your product vision. Includes: Product name, Tracking info, Vision, List of business objectives or goals, Metrics used to measure value realization, List of groups who consume the product/service, and List of key resources or stakeholders.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    Use a balanced value to establish a common definition of goals and value

    Value drivers are strategic priorities aligned to our enterprise strategy and translated through our product families. Each product and change has an impact on the value driver helping us reach our enterprise goals.

    Importance of the value driver multiplied by the Impact of value score is equal to the Value score.

    Info-Tech Insight

    Your value drivers and impact helps estimate the expected value of roadmap items, prioritize roadmap and backlog items, and identify KPIs and OKRs to measure value realization and actual impact.

    Use CLAIM to guide your journey

    Culture, Learning, Automation, Integrated teams, Metrics and governance.

    Value is best created by self-managing teams who deliver in frequent, short increments supported by leaders who coach them through challenges.

    Product-centric delivery and Agile are a radical change in how people work and think. Structured, facilitated learning is required throughout the transformation to help leaders and practitioners make the shift.

    Product management, Agile, and DevOps have inspired SDLC tools that have become a key part of delivery practices and work management.

    Self-organizing teams that cross business, delivery, and operations are essential to gain the full benefits of product-centric delivery.

    Successful implementations require the disciplined use of metrics that support developing better teams

    Communicate reasons for changes and how they will be implemented

    Five elements of communicating change: What is the change? Why are we doing it? How are we going to go about it? How long will it take us to do it? What will the role be for each department individual?

    Leaders of successful change spend considerable time developing a powerful change message; that is, a compelling narrative that articulates the desired end state, and that makes the change concrete and meaningful to staff.

    The organizational change message should:

    • Explain why the change is needed.
    • Summarize what will stay the same.
    • Highlight what will be left behind.
    • Emphasize what is being changed.
    • Explain how the change will be implemented.
    • Address how change will affect various roles in the organization.
    • Discuss the staff’s role in making the change successful.

    Info-Tech’s methodology for mature and scale product ownership

    Phase steps

    1. Establish the foundation for product ownership

    Step 1.1 Establish an environment for product owner success

    Step 1.2 Establish your product ownership model

    2. Align product owners to products

    Step 2.1 Assign product owners to products

    Step 2.2 Manage stakeholder influence

    3. Mature product owner capabilities

    Step 3.1 Assess your Agile product owner readiness

    Step 3.2 Mature product owner capabilities

    Phase outcomes

    1.1.1 Define enablers and blockers of product management

    1.1.2 Define your product management roles and names

    1.2.1 Identify your primary product owner perspective

    1.2.2 Define your product owner RACI

    2.1.1 Assign resources to your products and families

    2.2.1 Visualize relationships to identify key influencers

    2.2.2 Group stakeholders into categories

    2.2.3 Prioritize your stakeholders

    3.1.1 Assess your real Agile skill proficiency

    3.2 Mature product owner capabilities

    3.2.1 Assess your vision capability proficiency

    3.2.2 Assess your leadership capability proficiency

    3.2.3 Assess your PLM capability proficiency

    3.2.4 Identify your business value drivers and sources of value

    3.2.5 Assess your value realization capability proficiency

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    Key deliverable

    Mature and Scale Product Ownership Playbook

    Capture and organize the outcomes of the activities in the workbook.

    Mature and Scale Product Ownership Workbook

    The workbook helps organize and communicate the outcomes of each activity.

    Mature and Scale Product Ownership Readiness Assessment

    Determine your level of mastery of real Agile skills and product owner capabilities.


    Blueprint benefits

    IT benefits

    • Competent product owner who can support teams operating in any delivery methodology.
    • Representative viewpoint and input from the technical and operational product owner perspectives.
    • Products aligned to business needs and committed work are achievable.
    • Single point of contact with a business representative.
    • Acceptance of product owner role outside the Scrum teams.

    Business benefits

    • Better alignment to enterprise goals, vision, and outcomes.
    • Improved coordination with stakeholders.
    • Quantifiable value realization tied to vision.
    • Product decisions made at the right time and with the right input.
    • Product owner who has the appropriate business, operations, and technical knowledge.

    Measure the value of this blueprint

    Align product owner metrics to product delivery and value realization.

    Member outcome

    Suggested Metric

    Estimated impact

    Increase business application satisfaction Satisfaction of business applications (CIO BV Diagnostic) 20% increase within one year after implementation
    Increase effectiveness of application portfolio management Effectiveness of application portfolio management (M&G Diagnostic) 20% increase within one year after implementation
    Increase importance and effectiveness of application portfolio Importance and effectiveness to business (APA Diagnostic) 20% increase within one year after implementation
    Increase satisfaction of support of business operations Support to business (CIO BV Diagnostic) 20% increase within one year after implementation
    Successfully deliver committed work (productivity) Number of successful deliveries; burndown Reduction in project implementation overrun by 20%

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project"

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Establish the Foundation for Product Ownership

    Phase 2 Align Product Owners to Products

    Phase 3 Mature Product Owner Capabilities

    • Call #1:
      Scope objectives and your specific challenges
    • Call #2:
      Step 1.1 Establish an environment for product owner success
      Step 1.2 Establish your product ownership model
    • Call #3:
      Step 2.1 Assign product owners to products
    • Call #4:
      Step 2.2 Manage stakeholder influence
    • Call #5:
      Step 3.1 Assess your Agile product owner readiness
    • Call #6:
      Step 3.2 Mature product owner capabilities

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 and 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Phase 1

    Phase 2

    Phase 3

    Activities

    Establish the Foundation for Product Ownership

    Step 1.1 Establish an environment for product owner success

    1.1.1 Define enablers and blockers of product management

    1.1.2 Define your product management roles and names

    1.1.3 Assess your product management readiness

    Step 1.2 Establish your product ownership model

    1.2.1 Identify your primary product owner perspective

    1.2.2 Define your product owner RACI

    Align Product Owners to Products

    Step 2.1 Assign product owners to products

    2.1.1 Assign resources to your products and families

    Step 2.2 Manage stakeholder influence

    2.2.1 Visualize relationships to identify key influencers

    2.2.2 Group stakeholders into categories

    2.2.3 Prioritize your stakeholders

    Mature Product Owner Capabilities

    Step 3.1 Assess your Agile product owner readiness

    3.1.1 Assess your real Agile skill proficiency

    Step 3.2 Mature product owner capabilities=

    3.2.1 Assess your Vision capability proficiency

    3.2.2 Assess your Leadership capability proficiency

    3.2.3 Assess your PLM capability proficiency

    3.2.4 Identify your business value drivers and sources of value

    3.2.5 Assess your Value Realization capability proficiency

    Deliverables

    1. Enablers and blockers
    2. Role definitions
    3. Product culture readiness
    4. Product owner perspective mapping
    5. Product owner RACI
    1. Product resource assignment
    2. Stakeholder management strategy
    1. Real Agile skill proficiency assessment
    2. Info-Tech’s product owner capability model proficiency assessment
    3. Business value drivers and sources of value

    Related Info-Tech Research

    Product delivery

    Deliver on Your Digital Product Vision

    Build a product vision your organization can take from strategy through execution.

    Deliver Digital Products at Scale

    Deliver value at the scale of your organization through defining enterprise product families.

    Build Your Agile Acceleration Roadmap

    Quickly assess the state of your Agile readiness and plan your path forward to higher value realization.

    Develop Your Agile Approach for a Successful Transformation

    Understand Agile fundamentals, principles, and practices so you can apply them effectively in your organization.

    Implement DevOps Practices That Work

    Streamline business value delivery through the strategic adoption of DevOps practices.

    Extend Agile Practices Beyond IT

    Further the benefits of Agile by extending a scaled Agile framework to the business.

    Build Your BizDevOps Playbook

    Embrace a team sport culture built around continuous business-IT collaboration to deliver great products.

    Embed Security Into the DevOps Pipeline

    Shift security left to get into DevSecOps.

    Spread Best Practices With an Agile Center of Excellence

    Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Enable Organization-Wide Collaboration by Scaling Agile

    Execute a disciplined approach to rolling out Agile methods in the organization.

    Related Info-Tech Research

    Application portfolio management

    APM Research Center

    See an overview of the APM journey and how we can support the pieces in this journey.

    Application Portfolio Management Foundations

    Ensure your application portfolio delivers the best possible return on investment.

    Streamline Application Maintenance

    Effective maintenance ensures the long-term value of your applications.

    Streamline Application Management

    Move beyond maintenance to ensuring exceptional value from your apps.

    Build an Application Department Strategy

    Delivering value starts with embracing what your department can do.

    Embrace Business-Managed Applications

    Empower the business to implement its own applications with a trusted business-IT relationship.

    Optimize Applications Release Management

    Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Related Info-Tech Research

    Value, delivery metrics, estimation

    Build a Value Measurement Framework

    Focus product delivery on business value-driven outcomes.

    Select and Use SDLC Metrics Effectively

    Be careful what you ask for, because you will probably get it.

    Application Portfolio Assessment: End User Feedback

    Develop data-driven insights to help you decide which applications to retire, upgrade, re-train on, or maintain to meet the demands of the business.

    Create a Holistic IT Dashboard

    Mature your IT department by measuring what matters.

    Refine Your Estimation Practices With Top-Down Allocations

    Don’t let bad estimates ruin good work.

    Estimate Software Delivery With Confidence

    Commit to achievable software releases by grounding realistic expectations.

    Reduce Time to Consensus With an Accelerated Business Case

    Expand on the financial model to give your initiative momentum.

    Optimize Project Intake, Approval, and Prioritization

    Deliver more projects by giving yourself the voice to say “no” or “not yet” to new projects.

    Enhance PPM Dashboards and Reports

    Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Related Info-Tech Research

    Organizational design and performance

    Redesign Your IT Organizational Structure

    Focus product delivery on business value-driven outcomes.

    Build a Strategic Workforce Plan

    Have the right people in the right place, at the right time.

    Implement a New Organizational Structure

    Reorganizations are inherently disruptive. Implement your new structure with minimal pain for staff while maintaining IT performance throughout the change.

    Build an IT Employee Engagement Program

    Don’t just measure engagement, act on it.

    Set Meaningful Employee Performance Measures

    Set holistic measures to inspire employee performance.

    Phase 1

    Establish the Foundation for Product Ownership

    Phase 1: Establish an environment for product owner success, Establish your product ownership model

    Mature and Scale Product Ownership

    This phase will walk you through the following activities:

    1.1.1 Define enablers and blockers of product management

    1.1.2 Define your product management roles and names

    1.1.3 Assess your product management readiness

    1.2.1 Identify your primary product owner perspective

    1.2.2 Define your product owner RACI

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Step 1.1

    Establish an environment for product owner success

    Activities

    1.1.1 Define enablers and blockers of product management

    1.1.2 Define your product management roles and names

    1.1.3 Assess your product management readiness

    Establish the foundation for product ownership

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Outcomes of this step

    • Enablers and blockers
    • Role definitions

    Empower product owners as the true owners of their product

    Product ownership requires decision-making authority and accountability for the value realization from those decisions. POs are more than a proxy for stakeholders, aggregators for changes, and the communication of someone else’s priorities.

    “A Product Owner in its most beneficial form acts like an Entrepreneur, like a 'mini-CEO'. The Product Owner is someone who really 'owns' the product.”

    – Robbin Schuurman,
    “Tips for Starting Technical Product Managers”

    Info-Tech Best Practice

    Implement Info-Tech’s Product Owner Capability Model to help empower and hold product owners accountable for the maturity and success of their product. The product owner must understand how their product fits into the organization’s mission and strategy in order to align to enterprise value.

    Product and service owners share the same foundation and capabilities

    For the purpose of this blueprint, product/service and product owner/service owner are used interchangeably. The term “product” is used for consistency but applies to services, as well.

    Product = Service

    Common foundations: Focus on continuous improvement, ROI, and value realization. Clear vision, goals, roadmap, and backlog.

    “Product” and “service” are terms that each organization needs to define to fit its culture and customers (internal and external). The most important aspect is consistent use and understanding of:

    • External products
    • Internal products
    • External services
    • Internal services
    • Products as a service (PaaS)
    • Productizing services (SaaS)

    Define product ownership to match your culture and customers

    Characteristics of a discrete product:

    • Has end users or consumers
    • Delivers quantifiable value
    • Evolves or changes over time
    • Has predictable delivery
    • Has definable boundaries
    • Has a cost to produce and operate
    • Has a discrete backlog and roadmap of improvements

    What does not need a product owner?

    • Individual features
    • Transactions
    • Unstructured data
    • One-time solutions
    • Non-repeatable processes
    • Solutions that have no users or consumers
    • People or teams

    Info-Tech Insight

    • Products are long-term endeavors that don’t end after the project finishes.
    • Products mature and improve their ability to deliver value.
    • Products have a discrete backlog of changes to improve the product itself, separate from operational requests fulfilled by the product or service.

    Need help defining your products or services? Download our blueprint Deliver Digital Products at Scale.

    Connect roadmaps to value realization with KPIs

    Every roadmap item should have an expected realized value once it is implemented. The associate KPIs or OKRs determine if our goal was met. Any gap in value feedback back into the roadmap and backlog refinement.</p data-verified=

    " loading="lazy">

    Info-Tech Insight

    Every roadmap item should have an expected realized value once it is implemented. The associate KPIs or OKRs determine if our goal was met. Any gap in value feedback back into the roadmap and backlog refinement.

    Identify the differences between a project-centric and a product-centric organization

    Differences between Project centric and Product centric organizations in regards to: Funding, Prioritization, Accountability, Product management, Work allocation, and Capacity management.

    Info-Tech Insight

    Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that support improving end-user value and enterprise alignment.

    Projects can be a mechanism for funding product changes and improvements

    Projects lifecycle, hybrid lifecycle and product lifecycle. Period or periods of project development have parallel services that encompass a more product-based view.

    Projects withing products

    Regardless of whether you recognize yourself as a product-based or project-based shop, the same basic principles should apply.

    You go through a period or periods of project-like development to build a version of an application or product.

    You also have parallel services along with your project development, which encompasses a more product-based view. These may range from basic support and maintenance to full-fledged strategy teams or services like sales and marketing.

    Recognize common barriers to product management

    The transition to product ownership is a series of behavioral and cultural changes supported by processes and governance. It takes time and consistency to be successful.

    • Command and control structures
    • Lack of ownership and accountability
    • High instability in the market, demand, or organization
    • Lack of dedicated teams align to delivery, service, or product areas
    • Culture of one-off projects
    • Lack of identified and engaged stakeholders
    • Lack of customer exposure and knowledge

    Agile’s four core values

    “…while there is value in the items on the right, we value the items on the left more.”

    Source: “The Agile Manifesto”

    We value...

    We value being agile: Individuals and interactions, Working Software, Customer collaboration, Responding to change. Versus being prescriptive: Processes and tools, Comprehensive documentation, Contract negotiation, following a plan.

    Exercise 1.1.1 Define enablers and blockers of product management

    1 hour
    1. Identify and mitigate blockers of product management in your organization.
    2. What enablers will support strong product owners?
    3. What blockers will make the transition to product management harder?
    4. For each blocker, also define at least one mitigating step.
    Define enablers e.g. team culture. Define blockers and at least one mitigating step

    Output

    • Enablers and blockers

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Align enterprise value through product families

    Product families are operational groups based on capabilities or business functions. Product family managers translate goals, priorities, and constraints so they are actionable at the next level. Product owners prioritize changes to enhance the capabilities that allow you to realize your product family. Enabling capabilities realize value and help reach your goals.

    Effective product delivery requires thinking about more than just a single product

    Good application and product management begins with strengthening good practices for a single or small set of applications, products, and services.

    Product portfolio

    Groups of product families within an overall value stream or capability grouping.

    Project portfolio manager

    Product family

    A collection of related products. Products can be grouped along architectural, functional, operational, or experiential patterns.

    Product family manager

    Product

    Single product composed of one or more applications and services.

    Product owner

    Info-Tech Insight

    Define the current roles that will perform the product management function or define consistent role names to product owners and managers.

    Exercise 1.1.2 Define your product management roles and names

    1-2 hour
    1. Identify the roles in which product management activities will be owned.
    2. Define a common set of role names and describe the role.
    3. Map the level of accountability for each role: Product or Product Family
    4. Product owner perspectives will be defined in the next step.

    Define roles, description and level of product accountability.

    Output

    • Role definitions

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Use CLAIM to guide your journey

    Culture, Learning, Automation, Integrated teams, Metrics and governance.

    Value is best created by self-managing teams who deliver in frequent, short increments supported by leaders who coach them through challenges.

    Product-centric delivery and Agile are a radical change in how people work and think. Structured, facilitated learning is required throughout the transformation to help leaders and practitioners make the shift.

    Product management, Agile, and DevOps have inspired SDLC tools that have become a key part of delivery practices and work management.

    Self-organizing teams that cross business, delivery, and operations are essential to gain the full benefits of product-centric delivery.

    Successful implementations require the disciplined use of metrics that support developing better teams

    Exercise 1.1.3 Assess your product management readiness

    1 hour
    1. Open and complete the Mature and Scale Product Ownership Readiness Assessment in your Playbook or the provided Excel tool.
    2. Discuss high and low scores for each area to reach a consensus.
    3. Record your results in your Playbook.

    Assess your culture, learning, automation, Integrated teams, metrics and governance.

    Output

    • Assessment of product management readiness based on Info-Tech’s CLAIM+G model.

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Readiness Assessment.

    Communicate reasons for changes and how they will be implemented

    Five elements of communicating change: What is the change? Why are we doing it? How are we going to go about it? How long will it take us to do it? What will the role be for each department individual?

    Leaders of successful change spend considerable time developing a powerful change message; that is, a compelling narrative that articulates the desired end state, and that makes the change concrete and meaningful to staff.

    The organizational change message should:

    Step 1.2

    Establish your product ownership model

    Activities

    1.2.1 Identify your primary product owner perspective

    1.2.2 Define your product owner RACI

    Establish the foundation for product ownership

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Outcomes of this step

    • Product owner perspective mapping
    • Product owner RACI

    Recognize the product owner perspectives

    The 3 product owner perspectives. 1. Business: Customer-facing, value-generating. 2. Technical: IT systems and tools. 3. Operations: Keep-the-lights-on processes.

    Product owners represent one of three primary perspectives. Although all share the same capabilities, how they approach their responsibilities is influenced by their primary perspective.

    Info-Tech Best Practice

    Product owners must translate needs and constraints from their perspective into the language of their audience. Kathy Borneman, Digital Product Owner at SunTrust Bank, noted the challenges of finding a common language between lines of business and IT (e.g. what is a unit?).

    Identify and align to product owner perspectives to ensure product success

    Product owner perspectives

    The 3 product owner perspectives. 1. Business: Customer-facing, value-generating. 2. Technical: IT systems and tools. 3. Operations: Keep-the-lights-on processes.
    1. Each product owner perspective provides important feedback, demand, and support for the product.
    2. Where a perspective is represented by a distinct role, the perspective is managed with that product owner.
    3. If separate roles don’t exist, the product owner must evaluate their work using two or three perspectives.
    4. The ultimate success of a product, and therefore product owner, is meeting the end-user value of the business product owner, tool support of the technical product owner, and manual processing support of the operations product owner.

    Line of business (LOB) product owners

    LOB product owners focus on the products and services consumed by the organization’s external consumers and users. The role centers on the market needs, competitive landscape, and operational support to deliver products and services.

    Business perspective

    • Alignment to enterprise strategy and priorities
    • Growth: market penetration and/or revenue
    • Perception of product value
    • Quality, stability, and predictability
    • Improvement and innovation
    • P&L
    • Market threats and opportunities
    • Speed to market
    • Service alignment
    • Meet or exceed individual goals

    Relationship to Operations

    • Customer satisfaction
    • Speed of delivery and manual processing
    • Continuity

    Relationship to Technical

    • Enabler
    • Analysis and insight
    • Lower operating and support costs

    Technical product owners

    Technical product owners are responsible for the IT systems, tools, platforms, and services that support business operations. Often they are identified as application or platform managers.

    Technical perspective

    • Application, application suite, or group of applications
    • Core platforms and tools
    • Infrastructure and networking
    • Third-party technology services
    • Enable business operations
    • Direct-to-customer product or service
    • Highly interconnected
    • Need for continuous improvement
    • End-of-life management
    • Internal value proposition and users

    Relationship to Business

    • Direct consumers
    • End users
    • Source of funding

    Relationship to Operations

    • End users
    • Process enablement or automation
    • Support, continuity, and manual intervention

    Operations (service) product owners

    Operational product owners focus on the people, processes, and tools needed for manual processing and decisions when automation is not cost-effective. Operational product owners are typically called service owners due to the nature of their work.

    Operational perspective

    • Business enablement
    • Continuity
    • Problem, incident, issue resolution
    • Process efficiency
    • Throughput
    • Error/defect avoidance
    • Decision enablement
    • Waste reduction
    • Limit time in process
    • Disaster recovery

    Relationship to Business

    • Revenue enablement
    • Manual intervention and processing
    • End-user satisfaction

    Relationship to Technical

    • Process enabler
    • Performance enhancement
    • Threat of automation

    Exercise 1.2.1 Identify your primary product owner perspective

    1 hour
    1. Identify which product owner perspective represents your primary focus.
    2. Determine where the other perspectives need to be part of your product roadmap or if they are managed by other product owners.

    Identify product/service name, identify product owner perspective, determine if other perspectives need to be part of roadmap.

    Output

    • Identification of primary product owner perspective.

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Realign differences between project managers and product owners

    Differences between Project Manager and Product Owners in regards to: Funding, Prioritization, Accountability, Product management, Work allocation, and Capacity management.

    Manage and communicate key milestones

    Successful product owners understand and define the key milestones in their product delivery lifecycles. These need to be managed along with the product backlog and roadmap.

    Define key milestones and their product delivery life-cycles.

    Info-Tech Best Practice

    Product ownership isn’t just about managing the product backlog and development cycles. Teams need to manage key milestones such as learning milestones, test releases, product releases, phase gates, and other organizational checkpoints.

    Define who manages each key milestone

    Key milestones must be proactively managed. If a project manager is not available, those responsibilities need to be managed by the product owner or Scrum Master. Start with responsibility mapping to decide which role will be responsible.

    Example milestones and Project Manager, Product Owner and Team Facilitator.

    *Scrum Master, Delivery Manager, Team Lead

    Exercise 1.2.2 Define your product owner RACI

    60 minutes
    1. Review your product and project delivery methodologies to identify key milestones (including approvals, gates, reviews, compliance checks, etc.). List each milestone on a flip chart or whiteboard.
    2. For each milestone, define who is accountable for the completion.
    3. For each milestone, define who is responsible for executing the milestone activity. (Who does the work that allows the milestone to be completed?)
    4. Review any responsibility and accountability gaps and identify opportunities to better support and execute your operating model.
    5. If you previously completed Deliver Digital Products at Scale , review and update your RACI in the Mature and Scale Product Ownership Workbook .

    Define: Milestones, Project Manager, Product/service owner, Team Facilitator, and Other roles.

    Output

    • Product owner RACI

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Phase 2

    Align Product Owners to Products

    Phase 2: Assign product owners to products, Manage stakeholder influence

    Mature and Scale Product Ownership

    This phase will walk you through the following activities:

    2.1.1 Assign resources to your products and families

    2.2.1 Visualize relationships to identify key influencers

    2.2.2 Group stakeholders into categories

    2.2.3 Prioritize your stakeholders

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Step 2.1

    Assign product owners to products

    Activities

    2.1.1 Assign resources to your products and families

    Align product owners to products

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Outcomes of this step

    • Product resource assignment

    Match your product management role definitions to your product family levels

    Using the role definitions, you created in Exercise 1.1.2, determine which roles correspond to which levels of your product families.

    Product portfolio

    Groups of product families within an overall value stream or capability grouping.

    Project portfolio manager

    Product family

    A collection of related products. Products can be grouped along architectural, functional, operational, or experiential patterns.

    Product family manager

    Product

    Single product composed of one or more applications and services.

    Product owner

    Info-Tech Insight

    Define the current roles that will perform the product management function or define consistent role names to product owners and managers.

    Assign resources throughout your product families

    Project families are owned by a product manager. Product owners own each product that has a distinct backlog.

    Info-Tech Insight

    • Start by assigning resources to each product or product family box.
    • A product owner can be responsible for more than one product.
    • Ownership of more than one product does not mean they share the same backlog.
    • For help organizing your product families, please download Deliver Digital Products at Scale.

    Understand special circumstances

    In Deliver Digital Products at Scale , products were grouped into families using Info-Tech’s five scaling patterns. Assigning owners to Enterprise Applications and Shared Services requires special consideration.

    Value stream alignment

    • Business architecture
      • Value stream
      • Capability
      • Function
    • Market/customer segment
    • Line of business (LoB)
    • Example: Customer group > value stream > products

    Enterprise applications

    • Enabling capabilities
    • Enterprise platforms
    • Supporting apps
    • Example: HR > Workday/Peoplesoft > Modules Supporting: Job board, healthcare administrator

    Shared Services

    • Organization of related services into service family
    • Direct hierarchy does not necessarily exist within the family
    • Examples: End-user support and ticketing, workflow and collaboration tools

    Technical

    • Domain grouping of IT infrastructure, platforms, apps, skills, or languages
    • Often used in combination with Shared Services grouping or LoB-specific apps
    • Examples: Java, .NET, low-code, database, network

    Organizational alignment

    • Used at higher levels of the organization where products are aligned under divisions
    • Separation of product managers from organizational structure is no longer needed because the management team owns the product management role

    Map the source of demand to each product

    With enterprise applications and shared services, your demand comes from other product and service owners rather than end customers in a value stream.

    Enterprise applications

    • Primary demand comes from the operational teams and service groups using the platform.
    • Each group typically has processes and tools aligned to a module or portion of the overall platform.
    • Product owners determine end-user needs to assist with process improvement and automation.
    • Product family managers help align roadmap goals and capabilities across the modules and tools to ensure consistency and the alignment of changes.

    Shared services

    • Primary demand for shared services comes from other product owners and service managers whose solution or application is dependent on the shared service platform.
    • Families are grouped by related themes (e.g. workflow tools) to increase reusability, standard enterprise solutions, reduced redundancy, and consistent processes across multiple teams.
    • Product owners manage the individual applications or services within a family.

    Pattern: Enterprise applications

    A division or group delivers enabling capabilities and the team’s operational alignment maps directly to the modules/components of an enterprise application and other applications that support the specific business function.

    Workforce Management, Strategic HR, Talent Management, Core HR

    Example:

    • Human resources is one corporate function. Within HR, however, there are subfunctions that operate independently.
    • Each operational team is supported by one or more applications or modules within a primary HR system.
    • Even though the teams work independently, the information they manage is shared with, or ties into processes used by other teams. Coordination of efforts helps provide a higher level of service and consistency.

    For additional information about HRMS, please download Get the Most Out of Your HRMS.

    Assigning owners to enterprise applications

    Align your enterprise application owners to your operating teams that use the enterprise applications. Effectively, your service managers will align with your platform module owners to provide integrated awareness and planning.

    Family manager (top-level), Family managers (second-level) and Product owners.

    Pattern: Shared services

    Grouping by service type, knowledge area, or technology allows for specialization while families align service delivery to shared business capabilities.

    Grouping by service type, knowledge area, or technology allows for specialization while families align service delivery to shared business capabilities.

    Example:

    • Recommended for governance, risk, and compliance; infrastructure; security; end-user support; and shared platforms (workflow, collaboration, imaging/record retention). Direct hierarchies do not necessarily exist within the shared service family.
    • Service groupings are common for service owners (also known as support managers, operations managers, etc.).
    • End-user ticketing comes through a common request system, is routed to the team responsible for triage, and then is routed to a team for resolution.
    • Collaboration tools and workflow tools are enablers of other applications, and product families might support multiple apps or platforms delivering that shared capability.

    Assigning owners to shared services

    Assign owners by service type, knowledge area, or technology to provide alignment of shared business capabilities and common solutions.

    Family manager (top-level), Family managers (second-level) and Product owners.

    Map sources of demand and influencers

    Use the stakeholder analysis to define the key stakeholders and sources of demand for enterprise applications and shared services. Extend your mapping to include their stakeholders and influencers to uncover additional sources of demand and prioritization.

    Map of key stakeholders for enterprise applications and shared services.

    Info-Tech Insight

    Your product owner map defines the influence landscape your product operates. It is every bit as important as the teams who enhance, support, and operate your product directly.

    Combine your product owner map with your stakeholder map to create a comprehensive view of influencers.

    Exercise 2.1.1 Assign resources to your products and families

    1-4 hours
    1. Use the product families you completed in Deliver Digital Products at Scale to determine which products and product families need a resource assigned. Where the same resource fills more than one role, they are the product owner or manager for each independently.
    2. Product families that are being managed as products (one backlog for multiple products) should have one owner until the family is split into separate products later.
    3. For each product and family, define the following:
      • Who is the owner (role or person)?
      • Is ownership clearly defined?
      • Are there other stakeholders who make decisions for the product?
    4. Record the results in the Mature and Scale Product Ownership Workbook on the Product Owner Mapping worksheet.

    Output

    • Product owner and manager resource alignment.

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Step 2.2

    Manage stakeholder influence

    Activities

    2.2.1 Visualize relationships to identify key influencers

    2.2.2 Group stakeholders into categories

    2.2.3 Prioritize your stakeholders

    Align product owners to products

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Outcomes of this step

    • Stakeholder management strategy

    Develop a product owner stakeholder strategy

    Stakeholder management, Product lifecycle, Project delivery, Operational support.

    Stakeholders are a critical cornerstone to product ownership. They provide the context, alignment, and constraints that influence or control what a product owner can accomplish.

    Product owners operate within a network of stakeholders who represent different perspectives within the organization.

    First, product owners must identify members of their stakeholder network. Next, they should devise a strategy for managing stakeholders.

    Without a stakeholder strategy, product owners will encounter obstacles, resistance, or unexpected changes.

    Create a stakeholder network map to product roadmaps and prioritization

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Create a stakeholder network map to product roadmaps and prioritization. Use connectors to determine who may be influencing your direct stakeholders.

    Info-Tech Insight

    Your stakeholder map defines the influence landscape your product operates. It is every bit as important as the teams who enhance, support, and operate your product directly.

    Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantive relationships with your stakeholders.

    Exercise 2.2.1 Visualize relationships to identify key influencers

    1 hour
    1. List direct stakeholders for your product.
    2. Determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
    3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
    4. Construct a diagram linking stakeholders and their influencers together.
      • Use black arrows to indicate the direction of professional influence.
      • Use dashed green arrows to indicate informal bidirectional influence relationships.
    5. Record the results in the Mature and Scale Product Ownership Workbook .

    Output

    • Relationships among stakeholders and influencers

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Categorize your stakeholders with a prioritization map

    A stakeholder prioritization map helps product owners categorize their stakeholders by their level of influence and ownership in the product and/or teams.

    Influence versus Ownership/Interest

    There are four areas on the map, and the stakeholders within each area should be treated differently.

    • Players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediments to the objectives.
    • Mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.
    • Noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively but have little ability to enact their wishes.
    • Spectators are generally apathetic and have little influence over or interest in the initiative.

    Exercise 2.2.2 Group stakeholders into categories

    1 hour
    1. Identify your stakeholders’ interest in and influence on your Agile implementation as high, medium, or low by rating the attributes below.
    2. Map your results to the model below to determine each stakeholder’s category.
    3. Record the results in the Mature and Scale Product Ownership Workbook .

    Influence versus Ownership/Interest with CMO, CIO and Product Manager in assigned areas.

    Output

    • Categorization of stakeholders and influencers

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Prioritize your stakeholders

    There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

    Stakeholder category versus level of support.

    Consider the three dimensions of stakeholder prioritization: influence, interest, and support. Support can be determined by rating the following question: How likely is it that your stakeholder would recommend your product? These parameters are used to prioritize which stakeholders are most important and should receive your focused attention. The table to the right indicates how stakeholders are ranked.

    Exercise 2.2.3 Prioritize your stakeholders

    1 hour
    1. Identify the level of support of each stakeholder by answering the following question: How likely is it that your stakeholder would endorse your product?
    2. Prioritize your stakeholders using the prioritization scheme on the previous slide.
    3. Record the results in the Mature and Scale Product Ownership Workbook .

    Stakeholder, Category, level of support, prioritization.

    Output

    • Stakeholder and influencer prioritization

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Define strategies for engaging stakeholders by type

    Authority Vs. Ownership/Interest.

    Type

    Quadrant

    Actions

    Players

    High influence, high interest – actively engage Keep them updated on the progress of the project. Continuously involve players in the process and maintain their engagement and interest by demonstrating their value to its success.

    Mediators

    High influence, low interest – keep satisfied They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.

    Noisemakers

    Low influence, high interest – keep informed Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using mediators to help them.

    Spectators

    Low influence, low interest – monitor They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    Info-Tech Insight

    Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying your stakeholder groups, the product owner can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy spectators and noisemakers while ensuring the needs of mediators and players are met.

    Phase 3

    Mature Product Owner Capabilities

    Phase 3: Assess your Agile product owner readiness, Mature product owner capabilities.

    Mature and Scale Product Ownership

    This phase will walk you through the following activities:

    3.1.1 Assess your real Agile skill proficiency

    3.2.1 Assess your vision capability proficiency

    3.2.2 Assess your leadership capability proficiency

    3.2.3 Assess your PLM capability proficiency

    3.2.4 Identify your business value drivers and sources of value

    3.2.5 Assess your value realization capability proficiency

    This phase involves the following participants:

    • Product owners
    • Product managers

    Step 3.1

    Assess your Agile product owner readiness

    Activities

    3.1.1 Assess your real Agile skill proficiency

    Mature product owner capabilities

    This step involves the following participants:

    • Product owners
    • Product managers

    Outcomes of this step

    • Real Agile skill proficiency assessment

    Why focus on core skills?

    They are the foundation to achieve business outcomes

    Skills, actions, output and outcomes

    The right skills development is only possible with proper assessment and alignment against outcomes.

    Being successful at Agile is more than about just doing Agile

    The following represents the hard skills needed to “Do Agile”:

    Being successful at Agile needs 4 hard skills: 1. Engineering skills, 2. Technician Skills, 3. Framework/Process skills, 4. Tools skills.

    • Engineering skills. These are the skills and competencies required for building brand-new valuable software.
    • Technician skills. These are the skills and competencies required for maintaining and operating the software delivered to stakeholders.
    • Framework/Process skills. These are the specific knowledge skills required to support engineering or technician skills.
    • Tools skills. This represents the software that helps you deliver other software.

    While these are important, they are not the whole story. To effectively deliver software, we believe in the importance of being Agile over simply doing Agile.

    Adapted from: “Doing Agile” Is Only Part of the Software Delivery Pie

    Focus on these real Agile skills

    Agile skills

    • Accountability
    • Collaboration
    • Comfort with ambiguity
    • Communication
    • Empathy
    • Facilitation
    • Functional decomposition
    • Initiative
    • Process discipline
    • Resilience

    Info-Tech research shows these are the real Agile skills to get started with

    Skill Name

    Description

    Accountability

    Refers to the state of being accountable. In an Agile context, it implies transparency, dedication, acting responsibly, and doing what is necessary to get the job done.

    Collaboration

    Values diverse perspectives and working with others to achieve the best output possible. Effective at working toward individual, team, department, and organizational goals.

    Comfort with ambiguity

    Allows you to confidently take the next steps when presented with a problem without having all the necessary information present.

    Communication

    Uses different techniques to share information, concerns, or emotions when a situation arises, and it allows you to vary your approach depending on the current phase of development.

    Empathy

    Is the ability to understand and share the feelings of another to better serve your team and your stakeholders.

    Facilitation

    Refers to guiding and directing people through a set of conversations and events to learn and achieve a shared understanding.

    Functional decomposition

    Is being able to break down requirements into constituent epics and stories.

    Initiative

    Is being able to anticipate challenges and then act on opportunities that lead to better business outcomes.

    Process discipline

    Refers to the focus of following the right steps for a given activity at the right time to achieve the right outcomes.

    Resilience

    Refers to the behaviors, thoughts, and actions that allow a person to recover from stress and adversity.

    Accountability

    An accountable person:

    • Takes ownership of their own decisions and actions and is responsible for the quality of results.
    • Recognizes personal accountabilities to others, including customers.
    • Works well autonomously.
    • Ensures that the mutual expectations between themselves and others are clearly defined.
    • Takes the appropriate actions to ensure that obligations are met in a timely manner.
    • As a leader, takes responsibility for those being led.

    Accountability drives high performance in teams and organizations

    • The performance level of teams depends heavily on accountability and who demonstrates it:
      • In weak teams, there is no accountability.
      • In mediocre teams, supervisors demonstrate accountability.
      • In high-performance teams, peers manage most performance problems through joint accountability. (Grenny, 2014)
    • According to Bain & Company, accountability is the third most important attribute of high-performing companies. Some of the other key attributes include honest, performance-focused, collaborative, and innovative. (Mankins, 2013)

    All components of the employee empowerment driver have a strong, positive correlation with engagement.

    Employee empowerment and Correlation with engagement.

    Source: McLean & Company Engagement Database, 2018; N=71,794

    Accountability

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Alerts others to possible problems in a timely manner.
    • Seeks appropriate support to solve problems.
    • Actively contributes to the creation and evaluation of possible solutions.
    • Acts on solutions selected and decisions made as directed.
    • Makes effective decisions about how to complete work tasks.
    • Demonstrates the capability of breaking down concrete issues into parts and synthesizing information succinctly.
    • Collects and analyzes information from a variety of sources.
    • Seeks information and input to fully understand the cause of problems.
    • Takes action to address obstacles and problems before they impact performance and results.
    • Initiates the evaluation of possible solutions to problems.
    • Makes effective decisions about work task prioritization.
    • Appropriately assesses risks before deciding.
    • Effectively navigates through ambiguity, using multiple data points to analyze issues and identify trends.
    • Does not jump to conclusions.
    • Draws logical conclusions and provides opinions and recommendations with confidence.
    • Takes ownership over decisions and their consequences.
    • Demonstrates broad knowledge of information sources that can be used to assess problems and make decisions.
    • Invests time in planning, discovery, and reflection to drive better decisions.
    • Effectively leverages hard data as inputs to making decisions.
    • Garners insight from abstract data and makes appropriate decisions.
    • Coaches others in effective decision-making practices.
    • Has the authority to solve problems and make decisions.
    • Thinks several steps ahead in deciding the best course of action, anticipating likely outcomes, risks, or implications.
    • Establishes metrics to aid in decision-making, for self and teams
    • Prioritizes objective and ambiguous information and analyzes this when making decisions.
    • Solicits a diverse range of opinions and perspectives as inputs to decision making.
    • Applies frameworks to decision making, particularly in situations that have little base in prior experience.
    • Makes effective decisions about organizational priorities.
    • Holds others accountable for their decisions and consequences.
    • Creates a culture of empowerment and trust to facilitate effective problem solving and decision making.
    • Makes sound decisions that have organization-wide consequences and that influence future direction.

    Collaboration as a skill

    The principles and values of Agile revolve around collaboration.

    • Works well with others on specialized and cross-functional teams.
    • Can self-organize while part of a team.
    • Respects the commitments that others make.
    • Identifies and articulates dependencies.
    • Values diverse perspectives and works with others to achieve the best output possible.
    • Effective at working toward individual, team, department, and organizational goals.
    The principles and values of Agile revolve around collaboration. Doing what was done before (being prescriptive), going though the motions (doing Agile), living the principles (being Agile)

    Collaboration

    The Agile Manifesto has three principles that focus on collaboration:

    1. The business and developers must work together daily throughout the project.
    2. Build projects around motivated individuals. Give them the environment and support they need and trust them to get the job done.
    3. The most efficient and effective method of conveying information to and within a development team is face-to-face conversation.

    Effective collaboration supports Agile behaviors, including embracing change and the ability to work iteratively.

    Collaboration

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Understands role on the team and the associated responsibilities and accountabilities.
    • Treats team members with respect.
    • Contributes to team decisions and to the achievement of team goals and objectives.
    • Demonstrates a positive attitude.
    • Works cross-functionally to achieve common goals and to support the achievement of other team/department goals.
    • Values working in a diverse team and understands the importance of differing perspectives to develop unique solutions or ideas.
    • Fosters team camaraderie, collaboration, and cohesion.
    • Understands the impact of one's actions on the ability of team members to do their jobs.
    • Respects the differences other team members bring to the table by openly seeking others' opinions.
    • Helps the team accomplish goals and objectives by breaking down shared goals into smaller tasks.
    • Approaches challenging team situations with optimism and an open mind, focusing on coming to a respectful conclusion.
    • Makes suggestions to improve team engagement and effectiveness.
    • Supports implementation of team decisions.
    • Professionally gives and seeks feedback to achieve common goals.
    • Values working in a diverse team and understands the importance of differing perspectives to develop unique solutions or ideas.
    • Motivates the team toward achieving goals and exceeding expectations.
    • Reaches out to other teams and departments to build collaborative, cross-functional relationships.
    • Creates a culture of collaboration that leverages team members' strengths, even when the team is remote or virtual.
    • Participates and encourages others to participate in initiatives that improve team engagement and effectiveness.
    • Builds consensus to make and implement team decisions, often navigating through challenging task or interpersonal obstacles.
    • Values leading a diverse team and understands the importance of differing perspectives to develop unique solutions or ideas.
    • Creates a culture of collaboration among teams, departments, external business partners, and all employee levels.
    • Breaks down silos to achieve inter-departmental collaboration.
    • Demonstrates ownership and accountability for team/department/ organizational outcomes.
    • Uses an inclusive and consultative approach in setting team goals and objectives and making team decisions.
    • Coaches others on how to identify and proactively mitigate potential points of team conflict.
    • Recognizes and rewards teamwork throughout the organization.
    • Provides the tools and resources necessary for teams to succeed.
    • Values diverse teams and understands the importance of differing perspectives to develop unique solutions or ideas.

    Comfort with ambiguity

    Ability to handle ambiguity is a key factor in Agile success.

    • Implies the ability to maintain a level of effectiveness when all information is not present.
    • Able to confidently act when presented with a problem without all information present.
    • Risk and uncertainty can comfortably be handled.
    • As a result, can easily adapt and embrace change.
    • People comfortable with ambiguity demonstrate effective problem-solving skills.

    Relative importance of traits found in Agile teams

    1. Handles ambiguity
    2. Agreeable
    3. Conscientious

    Comfort with ambiguity

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Requires most information to be present before carrying out required activities.
    • Can operate with some information missing.
    • Comfortable asking people within their known circles for help.
    • Significant time is taken to reveal small pieces of information.
    • More adept at operating with information missing.
    • Willing to reach out to people outside of their regular circles for assistance and clarification.
    • Able to apply primary and secondary research methods to fill in the missing pieces.
    • Can operate essentially with a statement and a blank page.
    • Able to build a plan, drive others and themselves to obtain the right information to solve the problem.
    • Able to optimize only pulling what is necessary to answer the desired question and achieve the desired outcome.

    Communication

    Even though many organizations recognize its importance, communication is one of the root causes of project failure.

    Project success vs Communication effectiveness. Effective communications is associated with a 17% increase in finishing projects within budget.

    56%

    56% of the resources spent on a project are at risk due to ineffective communications.

    PMI, 2013.

    29%

    In 29% of projects started in the past 12 months, poor communication was identified as being one of the primary causes of failure.

    PMI, 2013.

    Why are communication skills important to the Agile team?

    It’s not about the volume, it’s about the method.

    • Effectively and appropriately interacts with others to build relationships and share ideas and information.
    • Uses tact and diplomacy to navigate difficult situations.
    • Relays key messages by creating a compelling story, targeted toward specific audiences.

    Communication effectiveness, Activity and Effort required.

    Adapted From: Agile Modeling

    Communication

    Your Score:____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Actively listens, learns through observation, and uses clear and precise language.
    • Possesses an open and approachable demeanor, with a positive and constructive tone.
    • Demonstrates interest in the thoughts and feelings of others.
    • Considers potential responses of others before speaking or acting.
    • Checks own understanding of others’ communication by repeating or paraphrasing.
    • Demonstrates self-control in stressful situations.
    • Provides clear, concise information to others via verbal or written communication.
    • Seeks to understand others' points of view, looking at verbal and non-verbal cues to encourage open and honest discussions.
    • Invites and encourages others to participate in discussions.
    • Projects a sincere and genuine tone.
    • Remains calm when dealing with others who are upset or angry.
    • Provides and seeks support to improve communication.
    • Does not jump to conclusions or act on assumptions.
    • Tailors messages to meet the different needs of different audiences.
    • Accurately interprets responses of others to their words and actions.
    • Provides feedback effectively and with empathy.
    • Is a role model for others on how to effectively communicate.
    • Ensures effective communication takes place at the departmental level.
    • Engages stakeholders using appropriate communication methods to achieve desired outcomes.
    • Creates opportunities and forums for discussion and idea sharing.
    • Demonstrates understanding of the feelings, motivations, and perspectives of others, while adapting communications to anticipated reactions.
    • Shares insights about their own strengths, weaknesses, successes, ad failures to show empathy and help others relate.
    • Discusses contentious issues without getting defensive and maintains a professional tone.
    • Coaches others on how to communicate effectively and craft targeted messages.
    • Sets and exemplifies standards for respectful and effective communications in the organization.
    • Comfortably delivers strategic messages supporting their function and the organization at the enterprise level.
    • Communicates with senior-level executives on complex organizational issues.
    • Promotes inter-departmental communication and transparency.
    • Achieves buy-in and consensus from people who share widely different views.
    • Shares complex messages in clear, understandable language.
    • Accurately interprets how they are perceived by others.
    • Rallies employees to communicate ideas and build upon differing perspectives to drive innovation.

    Empathy

    Empathy is the ability to understand and share the feelings of another in order to better serve your team and your stakeholders. There are three kinds:

    Cognitive

    Thought, understanding, intellect

    • Knowing how someone else feels and what they might be thinking.
    • Contributes to more effective communication.

    Emotional

    Feelings, physical sensation

    • You physically feel the emotions of the other person.
    • Helps build emotional connections with others.

    Compassionate

    Intellect, emotion with action

    • Along with understanding, you take action to help.

    How is empathy an Agile skill?

    Empathy enables you to serve your team, your customers, and your organization

    Serving the team

    • Primary types: Emotional and compassionate empathy.
    • The team is accountable for delivery.
    • By being able to empathize with the person you are talking to, complex issues can be addressed.
    • A lack of empathy leads to a lack of collaboration and being able to go forward on a common path.

    Serving your customers and stakeholders

    • Primary type: Cognitive empathy.
    • Agile enables the delivery of the right value at the right time to your stakeholders
    • Translating your stakeholders' needs requires an understanding of who they are as people. This is done through observations, interviews and conversations.
    • Leveraging empathy maps and user-story writing is an effective tool.

    Empathy

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Knowing how someone else feels and what they might be thinking.
    • Ability to build emotional connections with others.
    • Able to harness emotional connections to achieve tangible and experiential outcomes.
    • Demonstrates an awareness of different feelings and ways of thinking by both internal and external stakeholders.
    • Limited ability to make social connections with others outside of the immediate team.
    • Able to connect with similarly minded people to improve customer/stakeholder satisfaction. (Insights into action)
    • Able to interact and understand others with vastly different views.
    • Lack of agreement does not stop individual. from asking questions, understanding, and pushing the conversation forward

    Facilitation

    It’s not just your manager’s problem.

    “Facilitation is the skill of moderating discussions within a group in order to enable all participants to effectively articulate their views on a topic under discussion, and to ensure that participants in the discussion are able to recognize and appreciate the differing points of view that are articulated.” (IIBA, 2015)

    • Drives action through influence, often without authority.
    • Leads and impacts others' thinking, decisions, or behavior through inclusive practices and relationship building.
    • Encourages others to self-organize and hold themselves accountable.
    • Identifies blockers and constructively removes barriers to progress.

    Facilitation

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Drives action through influence, often without authority.
    • Leads and impacts others' thinking, decisions, or behavior through inclusive practices and relationship building.
    • Encourages others to self-organize and hold themselves accountable.
    • Identifies blockers and constructively removes barriers to progress.
    • Maps and executes processes effectively.
    • Uses facts and concrete examples to demonstrate a point and gain support from others.
    • Openly listens to the perspectives of others.
    • Builds relationships through honest and consistent behavior.
    • Understands the impact of their own actions and how others will perceive it.
    • Identifies impediments to progress.
    • Anticipates the effect of one's approach on the emotions and sensitivities of others.
    • Practices active listening while demonstrating positivity and openness.
    • Customizes discussion and presentations to include "what’s in it for me" for the audience.
    • Presents compelling information to emphasize the value of an idea.
    • Involves others in refining ideas or making decisions in order to drive buy-in and action.
    • Knows how to appropriately use influence to achieve outcomes without formal authority.
    • Seeks ways and the help of others to address barriers or blockers to progress.
    • Leverages a planned approach to influencing others by identifying stakeholder interests, common goals, and potential barriers.
    • Builds upon successes to gain acceptance for new ideas.
    • Facilitates connections between members of their network for the benefit of the organization or others.
    • Demonstrates the ability to draw on trusting relationships to garner support for ideas and action.
    • Encourages a culture that allows space for influence to drive action.
    • Adept at appropriately leveraging influence to achieve business unit outcomes.
    • Actively manages the removal of barriers and blockers for teams.

    Functional decomposition

    It’s not just a process, it’s a skill.

    “Functional decomposition helps manage complexity and reduce uncertainty by breaking down processes, systems, functional areas, or deliverables into their simpler constituent parts and allowing each part to be analyzed independently."

    (IIBA, 2015)

    Being able to break down requirements into constituent consumable items (example: epics and user stories).

    Start: Strategic Initiatives. 1: Epics. 2: Capabilities. 3: Features. End: Stories.

    Use artifact mapping to improve functional decomposition

    In our research, we refer to these items as epics, capabilities, features, and user stories. How you develop your guiding principles and structure your backlog should be based on the terminology and artifact types commonly used in your organization.

    Agile, Waterfall, Relationship, Decomposition skill most in demand, definition.

    Functional Decomposition

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Able to decompose items with assistance from other team members.
    • Able to decompose items independently, ensuring alignment with business value.
    • Able to decompose items independently and actively seeks out collaboration opportunities with relevant SME's during and after the refinement process to ensure completion.
    • Able to decompose items at a variety of granularity levels.
    • Able to teach and lead others in their decomposition efforts.
    • Able to quickly operate at different levels of the requirements stack.

    Initiative and self-organization

    A team that takes initiative can self-organize to solve critical problems.

    • "The best architectures, requirements, and designs emerge from self-organizing teams." (Agile Manifesto)
    • In a nutshell, the initiative represents the ability to anticipate challenges and act on opportunities that lead to better business outcomes.
    • Anticipates challenges and acts on opportunities that lead to better business outcomes.
    • Thinks critically and is motivated to use both specialist expertise and general knowledge.
    • Driven by the delivery of business value and better business outcomes.
    • Empowers others to act and is empowered and self-motivated.

    Initiative and self-organization

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Demonstrates awareness of an opportunity or issue which is presently occurring or is within the immediate work area.
    • Reports an opportunity or issue to the appropriate person.
    • Acts instead of waiting to be asked.
    • Willingly takes on challenges, even if they fall outside their area of expertise.
    • Is proactive in identifying issues and making recommendations to resolve them.
    • Within the scope of the work environment, takes action to improve processes or results, or to resolve problems.
    • Not deterred by obstacles.
    • Tackles challenges that require risk taking.
    • Procures the necessary resources, team and technical support to enable success.
    • Assists others to get the job done.
    • Demonstrates awareness of an opportunities or issues which are in the future or outside the immediate work area.
    • Typically exceeds the expectations of the job.
    • Learns new technology or skills outside their specialization so that they can be a more effective team member.
    • Recommends solutions to enhance results or prevent potential issues.
    • Drives implementation of new processes within the team to improve results.
    • Able to provide recommendations on plans and decisions that are strategic and future-oriented for the organization.
    • Identifies areas of high risk or of organizational level impact.
    • Able to empower significant recourses from the organization to enable success.
    • Leads long-term engagements that result in improved organizational capabilities and processes.

    Process discipline

    A common misconception is that Agile means no process and no discipline. Effective Agile teams require more adherence to the right processes to create a culture of self-improvement.

    • Refers to the focus of following the right steps for a given activity at the right time to achieve the right outcomes.
    • Focus on following the right steps for a given activity at the right time to achieve desired outcomes.
    Example: Scrum Ceremonies during a sprint (1 - 4 weeks/sprint). 1: Sprint planning, 2: Daily scrum, 3: Sprint review, 4: Sprint retrospective.

    Process discipline

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Demonstrates awareness of the key processes and steps that are needed in a given situation.
    • Limited consistency in following processes and limited understanding of the 'why' behind the processes.
    • Aware and follows through with key agile processes in a consistent manner.
    • Demonstrates not only the knowledge of processes but understands the 'why' behind their existence.
    • Aware and follows through with key agile processes in a consistent manner.
    • Demonstrates understanding of not only why specific processes exist but can suggest changes to improve efficiency, consistency, and outcomes.

    N/A -- Maximum level is '3

    Resilience

    If your team hits the wall, don’t let the wall hit them back.

    • Resilience is critical for an effective Agile transformation. A team that demonstrates resilience always exhibits:
    • Evolution over transformation – There is a recognition that changes happen over time.
    • Intensity and productivity – A race is not won by the ones who are the fastest, but by the ones who are the most consistent. Regardless of what comes up, the team can push through.
    • That organizational resistance is futile – Given that it is working on the right objectives, the team needs to demonstrate a consistency of approach and intensity regardless of what may stand in its way.
    • Refers to the behaviors, thoughts, and actions that allow a person to recover from stress and adversity.

    How resilience aligns with Agile

    A team is not “living the principles” without resilience.

    1. Purpose

      Aligns with: “Our highest priority is to satisfy the customer through early and continuous delivery of valuable software.” The vision or goals may not be clear in certain circumstances and can be difficult to relate to a single work item. Being able to intrinsically source and harness a sense of purpose becomes more important, especially as a self-organizing team.
    2. Perseverance

      Aligns with: “Agile processes harness change for the customer's competitive advantage.” Perseverance enables teams to continuously deliver at a steady pace, addressing impediments or setbacks and continuing to move forward.
    3. Composure

      Aligns with: “Agile processes promote sustainable development,” and “At regular intervals, the team reflects ... and adjusts its behavior accordingly.”
      When difficult situations arise, composure allows us to understand perspectives, empathize with customers, accept late changes, and sustain a steady pace.
    4. Self-Reliance

      Aligns with: “The best architectures, requirements, and designs emerge from self-organizing teams.” Knowing oneself, recognizing strengths, and drawing on past successes, can be a powerful aid in creating high-performing Agile teams
    5. Authenticity

      Aligns with: “At regular intervals, the team reflects … and adjusts its behavior accordingly,” and “Build projects around motivated individuals.”
      When difficult situations arise, authenticity is crucial. “For example, being able to openly disclose areas outside of your strengths in sprint planning or being able to contribute constructively toward self-organization.”

    Adapted from: Why Innovation, 2019.

    Resilience

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Easily distracted and stopped by moderately stressful and challenging situations.
    • Requires significant help from others to get back on track.
    • Not frequently able (or knows) how to ask for help
    • Handles typical stresses and challenges for the given role.
    • Able to get back on track with limited assistance.
    • Able to ask for help when they need it.
    • Quality of work unaffected by an increase in pressures and challenges.
    • Handles stresses and challenges what is deemed above and beyond their given role.
    • Able to provide advice to others on how to handle difficult and challenging situations.
    • Quality of work and outcomes is maintained and sometimes exceeded as pressure increases.
    • Team looks to this individual as being the gold standard on how to approach any given problem or situation.
    • Directly mentors others on approaches in situations regardless of the level of challenge.

    Exercise 1.2.1 Identify your primary product owner perspective

    1 hour
    1. Review each real Agile skill and determine your current proficiency.
    2. Complete your assessment in the Mature and Scale Product Owner Proficiency Assessment tool.
    3. Record the results in the Mature and Scale Product Ownership Playbook.
    4. Review the skills map to identify strengths and areas of growth.

    Accountability, Collaboration, Comfort in Ambiguity, Communication, Empathy, Facilitation, Functional Decomposition, Initiative, Process Discipline, Resilience.

    Output

    • Agile skills assessment results.

    Participants

    • Product owners
    • Product managers

    Capture in the Mature and Scale Product Owner Proficiency Assessment.

    Determine your Agile skills proficiency: Edit chart data to plot your scores or add your data points and connect the lines.

    Step 3.2

    Mature product owner capabilities

    Activities

    3.2.1 Assess your vision capability proficiency

    3.2.2 Assess your leadership capability proficiency

    3.2.3 Assess your PLM capability proficiency

    3.2.4 Identify your business value drivers and sources of value

    3.2.5 Assess your value realization capability proficiency

    Mature product owner capabilities

    This step involves the following participants:

    • Product owners
    • Product managers

    Outcomes of this step

    • Info-Tech product owner capability model proficiency assessment

    Product capabilities deliver value

    As a product owner, you are responsible for managing these facets through your capabilities and activities.

    The core product and value stream consists of: Funding - Product management and governance, Business functionality - Stakeholder and relationship management, and Technology - Product delivery.

    Info-Tech Best Practice

    It is easy to lose sight of what matters when we look at a product from a single point of view . Despite what "The Agile Manifesto" says, working software is not valuable without the knowledge and support that people need in order to adopt, use, and maintain it. If you build it, they will not come. Product owners must consider the needs of all stakeholders when designing and building products.

    Recognize product owner knowledge gaps

    Pulse survey of product owners

    Pulse survey of product owners. Graph shows large percentage of respondents have alignment to common agile definition of product owners. Yet a significant perception gap in P&L, delivery, and analytics.

    Info-Tech Insight

    1. Less than 15% of respondents identified analytics or financial management as a key component of product ownership.
    2. Assess your product owner’s capabilities and understanding to develop a maturity plan.

    Source: Pulse Survey (N=18)

    Implement the Info-Tech product owner capability model

    Unfortunately, most product owners operate with incomplete knowledge of the skills and capabilities needed to perform the role. Common gaps include focusing only on product backlogs, acting as a proxy for product decisions, and ignoring the need for key performance indicators (KPIs) and analytics in both planning and value realization.

    Product Owner capabilities: Vision, Product Lifecycle Management, Leadership, Value Realization

    Vision

    • Market Analysis
    • Business Alignment
    • Product Roadmap

    Leadership

    • Soft Skills
    • Collaboration
    • Decision Making

    Product Lifecycle Management

    • Plan
    • Build
    • Run

    Value Realization

    • KPIs
    • Financial Management
    • Business Model

    Product owner capabilities provide support

    Vision predicts impact of Value realization. Value realization provides input to vision

    Your vision informs and aligns what goals and capabilities are needed to fulfill your product or product family vision and align with enterprise goals and priorities. Each item on your roadmap should have corresponding KPIs or OKRs to know how far you moved the value needle. Value realization measures how well you met your target, as well as the impacts on your business value canvas and cost model.

    Product lifecycle management builds trust with Leadership. Leadership improves quality of Product lifecycle management.

    Your leadership skills improve collaborations and decisions when working with your stakeholders and product delivery teams. This builds trust and improves continued improvements to the entire product lifecycle. A product owner’s focus should always be on finding ways to improve value delivery.

    Product owner capabilities provide support

    Leadership enhances Vision. Vision Guides Product Lifecycle Management. Product Lifecycle Management delivers Value Realization. Leadership enhances Value Realization

    Develop product owner capabilities

    Each capability: Vision, Product lifecycle management, Value realization and Leadership has 3 components needed for successful product ownership.

    Avoid common capability gaps

    Vision

    • Focusing solely on backlog grooming (tactical only)
    • Ignoring or failing to align product roadmap to enterprise goals
    • Operational support and execution
    • Basing decisions on opinion rather than market data
    • Ignoring or missing internal and external threats to your product

    Leadership

    • Failing to include feedback from all teams who interact with your product
    • Using a command-and-control approach
    • Viewing product owner as only a delivery role
    • Acting as a proxy for stakeholder decisions
    • Avoiding tough strategic decisions in favor of easier tactical choices

    Product lifecycle management

    • Focusing on delivery and not the full product lifecycle
    • Ignoring support, operations, and technical debt
    • Failing to build knowledge management into the lifecycle
    • Underestimating delivery capacity, capabilities, or commitment
    • Assuming delivery stops at implementation

    Value realization

    • Focusing exclusively on “on time/on budget” metrics
    • Failing to measure a 360-degree end-user view of the product
    • Skipping business plans and financial models
    • Limiting financial management to project/change budgets
    • Ignoring market analysis for growth, penetration, and threats

    Capabilities: Vision

    Market Analysis

    • Customer Empathy: Identify the target users and unique value your product provides that is not currently being met. Define the size of your user base, segmentation, and potential growth.
    • Customer Journey: Define the future path and capabilities your users will respond to.
    • Competitive analysis: Complete a SWOT analysis for your end-to-end product lifecycle. Use Info-Tech’s Business SWOT Analysis Template.

    Business Alignment

    • Enterprise alignment: Align to enterprise and product family goals, strategies, and constraints.
    • Delivery and release strategy: Develop a delivery strategy to achieve value quickly and adapt to internal and external changes. Value delivery is constrained by your delivery pipeline.
    • OCM and go-to-market strategy: Create organizational change management, communications, and a user implementation approach to improve adoption and satisfaction from changes.

    Product Roadmap

    • Roadmap strategy: Determine the duration, detail, and structure of your roadmap to accurately communicate your vision.
    • Value prioritization: Define criteria used to evaluate and sequence demand items.
    • Release and capacity planning: Build your roadmap with realistic goals and milestones based on your delivery pipeline and dependencies.

    “Customers are best heard through many ears.”

    – Thomas K. Connellan, Inside the Magic Kingdom

    Vision: Market Analysis, Business Alignment, and Product Roadmap.

    Info-Tech Insight

    Data comes from many places and may still not tell the complete story.

    Build your product strategy playbook

    Complete Deliver on Your Digital Product Vision to define your Vision, Goals, Roadmap approach, and Backlog quality filters.

    Digital Product Strategy Supporting Workbook

    Supporting workbook that captures the interim results from a number of exercises that will contribute to your overall digital product vision.

    Product Backlog Item Prioritization Tool

    An optional tool to help you capture your product backlog and prioritize based on your given criteria

    Product Roadmap Tool

    An optional tool to help you build out and visualize your first roadmap.

    Your Digital Product Vision Details Strategy

    Record the results from the exercises to help you define, detail, and make real your digital product vision.

    Your product vision is your North Star

    It's ok to dream a little!

    Who is the target customer, what is the key benefit, what do they need, what is the differentiator

    Adapted from: Geoffrey Moore, 2014.

    Info-Tech Best Practice

    A product vision shouldn’t be so far out that it doesn’t feel real or so short-term that it gets bogged down in minutiae and implementation details. Finding the right balance will take some trial and error and will be different for each organization.

    Use product roadmaps to guide delivery

    In Deliver on Your Digital Product Vision, we showed how the product roadmap is key to value realization. As a product owner, the product roadmap is your communicated path to align teams and changes to your defined goals, while aligning your product to enterprise goals and strategy.

    As a product owner, the product roadmap is your communicated path to align teams and changes to your defined goals, while aligning your product to enterprise goals and strategy

    Info-Tech Best Practice

    Info-Tech Best Practice Product delivery requires a comprehensive set of business and technical competencies to effectively roadmap, plan, deliver, support, and validate your product portfolio. Product delivery is a “multi-faceted, complex discipline that can be difficult to grasp and hard to master.” It will take time to learn and adopt methods and become a competent product manager or owner (“What Is Product Management?”, Pichler Consulting Limited).

    Match your roadmap and backlog to the needs of the product

    Ultimately, you want products to be able to respond faster to changes and deliver value sooner. The level of detail in the roadmap and backlog is a tool to help the product owner plan for change. The duration of your product roadmap is all directly related to the tier of product owner in the product family.

    The level of detail in the roadmap and backlog is a tool to help the product owner plan for change. The duration of your product roadmap is all directly related to the tier of product owner in the product family.

    Product delivery realizes value for your product family

    While planning and analysis are done at the family level, work and delivery are done at the individual product level.

    Product strategy includes: Vision, Goals, Roadmap, backlog and Release plan.

    Use artifact mapping to improve functional decomposition

    In our research, we refer to these items as epics, capabilities, features, and user stories. How you develop your guiding principles and structure your backlog should be based on the terminology and artifact types commonly used in your organization.

    Agile, Waterfall, Relationship, Decomposition skill most in demand, definition.

    Manage and communicate key milestones

    Successful product owners understand and define the key milestones in their product delivery lifecycles. These need to be managed along with the product backlog and roadmap.

    Define key milestones and their release dates.

    Info-Tech Best Practice

    Product ownership isn’t just about managing the product backlog and development cycles! Teams need to manage key milestones such as learning milestones, test releases, product releases, phase gates, and other organizational checkpoints!

    Milestones

    • Points in the timeline when the established set of artifacts is complete (feature-based), or checking status at a particular point in time (time-based).
    • Typically assigned a date and used to show the progress of development.
    • Plays an important role when sequencing different types of artifacts.

    Release dates

    • Releases mark the actual delivery of a set of artifacts packaged together in a new version of the product.
    • Release dates, firm or not, allow stakeholders to anticipate when this is coming.

    Leverage the product canvas to state and inform your product vision

    Leverage the product Canvas to state and inform your product vision. Includes: Product name, Tracking info, Vision, List of business objectives or goals, Metrics used to measure value realization, List of groups who consume the product/service, and List of key resources or stakeholders.

    Capability: Vision

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Product backlog.
    • Basic roadmap with milestones and releases.
    • Unprioritized stakeholder list.
    • Understanding of product’s purpose and value.
    • Customers and end-users defined with core needs identified.
    • Roadmap with goals and capabilities defined by themes and set to appropriate time horizons.
    • Documented stakeholder management plan with communication and collaboration aligned to the stakeholder strategy.
    • Value drivers traced to product families and enterprise goals.
    • Customer personas defined with pain relievers and value creators defined.
    • Fully-developed roadmap traced to family (and child) roadmaps.
    • Expected ROI for all current and next roadmap items.
    • KPIs/OKRs used to improve roadmap prioritization and sequencing.
    • Proactive stakeholder engagement and reviews.
    • Cross-functional engagement to align opportunities and drive enterprise value.
    • Formal metrics to assess customer needs and value realization.
    • Roadmaps managed in an enterprise system for full traceability, value realization reporting, and views for defined audiences.
    • Proactive stakeholder engagement with regular planning and review ceremonies tied to their roadmaps and goals.
    • Cross-functional innovation to find disruptive opportunities to drive enterprise value.
    • Omni-channel metrics and customer feedback mechanisms to proactively evaluate goals, capabilities, and value realization.

    Exercise 3.2.1 Assess your Vision capability proficiency

    1 hour
    1. Review the expectations for this capability and determine your current proficiency for each skill.
    2. Complete your assessment in the Mature and Scale Product Owner Proficiency Assessment tool.
    3. Record the results in the Mature and Scale Product Ownership Playbook.
    4. Review the skills map to identify strengths and areas of growth.

    Output

    • Product owner capability assessment

    Participants

    • Product owners
    • Product managers

    Capture in the Mature and Scale Product Owner Proficiency Assessment.

    Capabilities: Leadership

    Soft Skills

    • Communication: Maintain consistent, concise, and appropriate communication using SMART guidelines (specific, measurable, attainable, relevant, and timely).
    • Integrity: Stick to your values, principles, and decision criteria for the product to build and maintain trust with your users and teams.
    • Influence: Manage stakeholders using influence and collaboration over contract negotiation.

    Collaboration

    • Stakeholder management: Build a communications strategy for each stakeholder group, tailored to individual stakeholders.
    • Relationship management: Use every interaction point to strengthen relationships, build trust, and empower teams.
    • Team development: Promote development through stretch goals and controlled risks to build team capabilities and performance.

    Decision Making

    • Prioritized criteria: Remove personal bias by basing decisions off data analysis and criteria.
    • Continuous improvement: Balance new features with the need to ensure quality and create an environment of continuous improvement.
    • Team empowerment/negotiation: Push decisions to teams closest to the problem and solution, using Delegation Poker to guide you.

    “Everything walks the walk. Everything talks the talk.”

    – Thomas K. Connellan, Inside the Magic Kingdom

    Leadership: Soft skills, collaboration, decision making.

    Info-Tech Insight

    Product owners cannot be just a proxy for stakeholder decisions. The product owner owns product decisions and management of all stakeholders.

    Capability: Leadership

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Activities are prioritized with minimal direction and/or assistance.
    • Progress self-monitoring against objectives with leadership apprised of deviations against plan.
    • Facilitated decisions from stakeholders or teams.
    • Informal feedback on performance and collaboration with teams.
    • Independently prioritized activities and provide direction or assistance to others as needed.
    • Managed issue resolution and provided guidance on goals, priorities, and constraints.
    • Product decision ownership with input from stakeholders, SMEs, and delivery teams.
    • Formal product management retrospectives with tracked and measured changes to improve performance.
    • Consulted in the most challenging situations to provide subject matter expertise on leading practices and industry standards.
    • Provide mentoring and coaching to your peers and/or teammates.
    • Use team empowerment, pushing decisions to the lowest appropriate level based on risk and complexity.
    • Mature and flexible communication.
    • Provide strategies and programs ensuring all individuals in the delivery organization obtain the level of coaching and supervision required for success in their position.
    • Provide leadership to the organization’s coaches ensuring delivery excellence across the organization.
    • Help develop strategic initiatives driving common approaches and utilizing information assets and processes across the enterprise.

    Exercise 3.2.2 Assess your Leadership capability proficiency

    1 hour
    1. Review the expectations for this capability and determine your current proficiency for each skill.
    2. Complete your assessment in the Mature and Scale Product Owner Proficiency Assessment tool.
    3. Record the results in the Mature and Scale Product Ownership Playbook.
    4. Review the skills map to identify strengths and areas of growth.

    Output

    • Product owner capability assessment

    Participants

    • Product owners
    • Product managers

    Capture in the Mature and Scale Product Owner Proficiency Assessment.

    Capability: Product lifecycle management

    Plan

    • Product backlog: Follow a schedule for backlog intake, grooming, updates, and prioritization.
    • Journey map: Create an end-user journey map to guide adoption and loyalty.
    • Fit for purpose: Define expected value and intended use to ensure product meets your end user’s needs.

    Build

    • Capacity management: Work with operations and delivery teams to ensure consistent and stable outcomes.
    • Release strategy: Build learning, release, and critical milestones into a repeatable release plan.
    • Compliance: Build policy compliance into delivery practices to ensure alignment and reduce avoidable risk (privacy, security).

    Run

    • Adoption: Focus attention on end-user adoption and proficiency to accelerate value and maximize retention.
    • Support: Build operational support and business continuity into every team.
    • Measure: Measure KPIs and validate expected value to ensure product alignment to goals and consistent product quality.

    “Pay fantastic attention to detail. Reward, recognize, celebrate.”

    – Thomas K. Connellan, Inside the Magic Kingdom

    Product Lifecycle Management: Plan, Build, Run

    Info-Tech Insight

    Product owners must actively manage the full lifecycle of the product.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    A backlog stores and organizes PBIs at various stages of readiness

    A backlog stores and organizes PBIs at different levels of readiness. Stage 3 - Ideas are composed of raw, vague ideas that have yet to go through any formal valuation. Stage 2 - Qualified are researched and qualified PBIs awaiting refinement. Stage 1 - Ready are Discrete, refined RBIs that are read to be placed in your development team's sprint plans.

    A well-formed backlog can be thought of as a DEEP backlog:

    Detailed Appropriately: PBIs are broken down and refined, as necessary.

    Emergent: The backlog grows and evolves over time as PBIs are added and removed.

    Estimated: The effort a PBI requires is estimated at each tier.

    Prioritized: The PBI’s value and priority are determined at each tier.

    (Perforce, 2018)

    Distinguish your specific goals for refining in the product backlog vs. planning for a sprint itself

    Often backlog refinement is used interchangeably or considered a part of sprint planning. The reality is they are very similar, as the required participants and objectives are the same; however, there are some key differences.

    Backlog refinement versus Sprint planning. Differences in Objectives, Cadence and Participants

    Use quality filters to promote high value items into the delivery pipeline

    Product backlog has quality filters such as: Backlogged, Qualified and Ready. Sprint backlog has a backlog of accepted PBI's

    Basic scrum process

    The scrum process coordinates multiple stakeholders to deliver on business priorities.

    Prioritized Backlog, Sprint Backlog, Manage Delivery, Sprint Review, Product Release

    Capability: Product lifecycle management

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Informal or undocumented intake process.
    • Informal or undocumented delivery lifecycle.
    • Unstable or unpredictable throughput or quality.
    • Informal or undocumented testing and release processes.
    • Informal or undocumented organizational change management planning for each release.
    • Informal or undocumented compliance validation with every release.
    • Documented intake process with stakeholder prioritization of requests.
    • Consistent delivery lifecycle with stable and predictable throughput with an expected range of delivery variance.
    • Formal and documented testing and release processes.
    • Organizational change management planning for each major release.
    • Compliance validation with every major release.
    • Intake process using value drivers and prioritization criteria to sequence all items.
    • Consistent delivery lifecycle with stable and predictable throughput with little variance.
    • Risk-based and partially automated testing and release processes.
    • Organizational change management planning for all releases.
    • Automated compliance validation with every major release.
    • Intake process using enterprise value drivers and prioritization criteria to sequence all items.
    • Stable Agile DevOps with low variability and automation.
    • Risk-based automated and manual testing.
    • Multiple release channels based on risk. Automated build, validation, and rollback capabilities.
    • Cross-channel, integrated organizational change management for all releases.
    • Automated compliance validation with every change or release.

    Exercise 3.2.3 Assess your PLM capability proficiency

    1 hour
    1. Review the expectations for this capability and determine your current proficiency for each skill.
    2. Complete your assessment in the Mature and Scale Product Owner Proficiency Assessment tool.
    3. Record the results in the Mature and Scale Product Ownership Playbook.
    4. Review the skills map to identify strengths and areas of growth.

    Output

    • Product owner capability assessment

    Participants

    • Product owners
    • Product managers

    Capture in the Mature and Scale Product Owner Proficiency Assessment.

    Capabilities: Value realization

    Key performance indicators (KPIs)

    • Usability and user satisfaction: Assess satisfaction through usage monitoring and end-user feedback.
    • Value validation: Directly measure performance against defined value proposition, goals, and predicted ROI.
    • Fit for purpose: Verify the product addresses the intended purpose better than other options.

    Financial management

    • P&L: Manage each product as if it were its own business with profit and loss statements.
    • Acquisition cost/market growth: Define the cost of acquiring a new consumer, onboarding internal users, and increasing product usage.
    • User retention/market share: Verify product usage continues after adoption and solution reaches new user groups to increase value.

    Business model

    • Defines value proposition: Dedicate your primary focus to understanding and defining the value your product will deliver.
    • Market strategy and goals: Define your acquisition, adoption, and retention plan for users.
    • Financial model: Build an end-to-end financial model and plan for the product and all related operational support.

    “The competition is anyone the customer compares you with.”

    – Thomas K. Connellan, Inside the Magic Kingdom

    Value Realization: KPIs, Financial management, Business model

    Info-Tech Insight

    Most organizations stop with on-time and on-budget. True financial alignment needs to define and manage the full lifecycle P&L.

    Use a balanced value to establish a common definition of goals and value

    Value drivers are strategic priorities aligned to our enterprise strategy and translated through our product families. Each product and change has an impact on the value driver helping us reach our enterprise goals.

    Importance of the value driver multiplied by the Impact of value score is equal to the Value score.

    Info-Tech Insight

    Your value drivers and impact helps estimate the expected value of roadmap items, prioritize roadmap and backlog items, and identify KPIs and OKRs to measure value realization and actual impact.

    Include balanced value as one criteria to guide better decisions

    Your balanced value is just one of many criteria needed to align your product goals and sequence roadmap items. Feasibility, delivery pipeline capacity, shared services, and other factors may impact the prioritization of backlog items.

    Build your balanced business value score by using four key value drivers.

    Determine your value drivers

    Competent organizations know that value cannot always be represented by revenue or reduced expenses. However, it is not always apparent how to envision the full spectrum of sources of value. Dissecting value by benefit type and the value source’s orientation allows you to see the many ways in which a product or service brings value to the organization.

    Business value matrix

    Graph with 4 quadrants representing Outward versus Inward, and Financial benefit versus Human benefit. The quadrants are Reach customers, Increase revenue/demonstrate value, Enhance services, Reduce costs.

    Financial benefits vs. improved capabilities

    Financial benefits refer to the degree to which the value source can be measured through monetary metrics and is often quite tangible.

    Human benefits refer to how a product or service can deliver value through a user’s experience.

    Inward vs. outward orientation

    Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.

    Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Exercise 3.2.4 Identify your business value drivers and sources of value

    1 hour
    1. Brainstorm the different types of business value that you produce on the sticky notes (one item per page). Draw from examples of products in your portfolio.
    2. Identify the most important value items for your organization (two to three per quadrant).
    3. Record the results in the Mature and Scale Product Ownership Workbook.

    Output

    • Product owner capability assessment

    Participants

    • Product owners
    • Product managers

    Capture in the Mature and Scale Product Ownership Workbook.

    My business value sources

    Graph with 4 quadrants representing Outward versus Inward, and Financial benefit versus Human benefit. The quadrants are Reach customers, Increase revenue/demonstrate value, Enhance services, Reduce costs.

    Capability: Value realization

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Product canvas or basic product positioning overview.
    • Simple budget or funding mechanism for changes.
    • Product demos and informal user feedback mechanisms.
    • Business value canvas or basic business model tied to roadmap funding.
    • Product funding tied to roadmap milestones and prioritization.
    • Defined KPIs /OKRs for roadmap delivery throughput and value realization measurement.
    • Business model with operating cost structures, revenue/value traceability, and market/user segments.
    • Scenario-based roadmap funding alignment.
    • Roadmap aligned KPIs /OKRs for delivery throughput and value realization measurement as a key factor in roadmap prioritization.
    • Business model tied to enterprise operating costs and value realization KPIs/OKRs.
    • P&L roadmap and cost accounting tied to value metrics.
    • Roadmap aligned enterprise and scenario-based KPIs /OKRs for delivery throughput and value realization measurement as a key factor in roadmap prioritization.

    Exercise 3.2.5 Assess your value realization capability proficiency

    1 hour
    1. Review the expectations for this capability and determine your current proficiency for each skill.
    2. Complete your assessment in the Mature and Scale Product Owner Proficiency Assessment tool.
    3. Record the results in the Mature and Scale Product Ownership Playbook.
    4. Review the skills map to identify strengths and areas of growth.

    Output

    • Product owner capability assessment

    Participants

    • Product owners
    • Product managers

    Capture in the Mature and Scale Product Owner Proficiency Assessment.

    Determine your product owner capability proficiency in regards to: Vision, Leadership, Product Lifecycle, and Value Realization

    Summary of Accomplishment

    Problem solved.

    Product ownership can be one of the most difficult challenges facing delivery and operations teams. By focusing on operational grouping and alignment of goals, organizations can improve their value realization at all levels in the organization.

    The foundation for delivering and enhancing products and services is rooted in the same capability model. Traditionally, product owners have focused on only a subset of skills and capabilities needed to properly manage and grow their products. The product owner capability model is a useful tool to ensure optimal performance from product owners and assess the right level of detail for each product within the product families.

    Congratulations. You’ve completed a significant step toward higher-value products and services.

    If you would like additional support, have our analysts guide you through other phases as apart of an Info-Tech workshop

    Contact your account representative for more information

    workshops@infotech.com
    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as apart of an Info-Tech workshop

    Contact your account representative for more information
    workshops@infotech.com 1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.1 Assess your real Agile skill proficiency

    Assess your skills and capabilities against the real Agile skills inventory

    2.2.3 Prioritize your stakeholders

    Build a stakeholder management strategy.

    Research Contributors and Experts

    Emily Archer

    Lead Business Analyst,
    Enterprise Consulting, authentic digital agency

    Emily Archer is a consultant currently working with Fortune 500 clients to ensure the delivery of successful projects, products, and processes. She helps increase the business value returned for organizations’ investments in designing and implementing enterprise content hubs and content operations, custom web applications, digital marketing, and e-commerce platforms.

    David Berg

    Founder & CTO
    Strainprint Technologies Inc.

    David Berg is a product commercialization expert who has spent the last 20 years delivering product management and business development services across a broad range of industries. Early in his career, David worked with product management and engineering teams to build core network infrastructure products that secure and power the internet we benefit from today. David’s experience also includes working with clean technologies in the area of clean power generation, agritech, and Internet of Things infrastructure. Over the last five years, David has been focused on his latest venture, Strainprint Technologies, a data and analytics company focused on the medical cannabis industry. Strainprint has built the largest longitudinal medical cannabis dataset in the world, with a goal to develop an understanding of treatment behavior, interactions, and chemical drivers to guide future product development.

    Research Contributors and Experts

    Kathy Borneman

    Digital Product Owner, SunTrust Bank

    Kathy Borneman is a senior product owner who helps people enjoy their jobs again by engaging others in end-to-end decision making to deliver software and operational solutions that enhance the client experience and allow people to think and act strategically.

    Charlie Campbell

    Product Owner, Merchant e-Solutions

    Charlie Campbell is an experienced problem solver with the ability to quickly dissect situations and recommend immediate actions to achieve resolution, liaise between technical and functional personnel to bridge the technology and communication gap, and work with diverse teams and resources to reach a common goal.

    Research Contributors and Experts

    Yarrow Diamond

    Sr. Director, Business Architecture
    Financial Services

    Yarrow Diamond is an experienced professional with expertise in enterprise strategy development, project portfolio management, and business process reengineering across financial services, healthcare and insurance, hospitality, and real estate environments. She has a master’s in Enterprise Architecture from Penn State University, LSSMBB, PMP, CSM, ITILv3.

    Cari J. Faanes-Blakey, CBAP, PMI-PBA

    Enterprise Business Systems Analyst,
    Vertex, Inc.

    Cari J. Faanes-Blakey has a history in software development and implementation as a Business Analyst and Project Manager for financial and taxation software vendors. Active in the International Institute of Business Analysis (IIBA), Cari participated on the writing team for the BA Body of Knowledge 3.0 and the certification exam.

    Research Contributors and Experts

    Kieran Gobey

    Senior Consultant Professional Services
    Blueprint Software Systems

    Kieran Gobey is an IT professional with 24 years of experience, focused on business, technology, and systems analysis. He has split his career between external and internal customer-facing roles, and this has resulted in a true understanding of what is required to be a Professional Services Consultant. His problem-solving skills and ability to mentor others have resulted in successful software implementations.

    Kieran’s specialties include deep system troubleshooting and analysis skills, facilitating communications to bring together participants effectively, mentoring, leadership, and organizational skills.

    Rupert Kainzbauer

    VP Product, Digital Wallets
    Paysafe Group

    Rupert Kainzbauer is an experienced senior leader with a passion for defining and delivering products that deliver real customer and commercial benefit. With a team of highly experienced and motivated product managers, he has successfully led highly complex, multi-stakeholder payments initiatives, from proposition development and solution design through to market delivery. Their domain experience is in building online payment products in high-risk and emerging markets, remittance, prepaid cards, and mobile applications.

    Research Contributors and Experts

    Saeed Khan

    Founder,
    Transformation Labs

    Saeed Khan has been working in high tech for 30 years in Canada and the US and has held several leadership roles in Product Management in that time. He speaks regularly at conferences and has been writing publicly about technology product management since 2005.

    Through Transformation Labs, Saeed helps companies accelerate product success by working with product teams to improve their skills, practices, and processes. He is a cofounder of ProductCamp Toronto and currently runs a Meetup group and global Slack community called Product Leaders; the only global community of senior level product executives.

    Hoi Kun Lo

    Product Owner
    Nielsen

    Hoi Kun Lo is an experienced change agent who can be found actively participating within the IIBA and WITI groups in Tampa, FL and a champion for Agile, architecture, diversity, and inclusion programs at Nielsen. She is currently a Product Owner in the Digital Strategy team within Nielsen Global Watch Technology.

    Research Contributors and Experts

    Abhishek Mathur

    Sr Director, Product Management
    Kasisto, Inc.

    Abhishek Mathur is a product management leader, an artificial intelligence practitioner, and an educator. He has led product management and engineering teams at Clarifai, IBM, and Kasisto to build a variety of artificial intelligence applications within the space of computer vision, natural language processing, and recommendation systems. Abhishek enjoys having deep conversations about the future of technology and helping aspiring product managers enter and accelerate their careers.

    Jeff Meister

    Technology Advisor and Product Leader

    Jeff Meister is a technology advisor and product leader. He has more than 20 years of experience building and operating software products and the teams that build them. He has built products across a wide range of industries and has built and led large engineering, design, and product organizations.

    Jeff most recently served as Senior Director of Product Management at Avanade, where he built and led the product management practice. This involved hiring and leading product managers, defining product management processes, solution shaping and engagement execution, and evangelizing the discipline through pitches, presentations, and speaking engagements.

    Jeff holds a Bachelor of Applied Science (Electrical Engineering) and a Bachelor of Arts from the University of Waterloo, an MBA from INSEAD (Strategy), and certifications in product management, project management, and design thinking.

    Research Contributors and Experts

    Vincent Mirabelli

    Principal,
    Global Project Synergy Group

    With over 10 years of experience in both the private and public sectors, Vincent Mirabelli possesses an impressive track record of improving, informing, and transforming business strategy and operations through process improvement, design and re-engineering, and the application of quality to business analysis, project management, and process improvement standards.

    Oz Nazili

    VP, Product & Growth
    TWG

    Oz Nazili is a product leader with a decade of experience in both building products and product teams. Having spent time at funded startups and large enterprises, he thinks often about the most effective way to deliver value to users. His core areas of interest include Lean MVP development and data-driven product growth.

    Research Contributors and Experts

    Mike Starkey

    Director of Engineering
    W.W. Grainger

    Mike Starkey is a Director of Engineering at W.W. Grainger, currently focusing on operating model development, digital architecture, and building enterprise software. Prior to joining W.W. Grainger, Mike held a variety of technology consulting roles throughout the system delivery lifecycle spanning multiple industries such as healthcare, retail, manufacturing, and utilities with Fortune 500 companies.

    Anant Tailor

    Cofounder and Head of Product
    Dream Payments Corp.

    Anant Tailor is a cofounder at Dream Payments where he currently serves as the COO and Head of Product, having responsibility for Product Strategy & Development, Client Delivery, Compliance, and Operations. He has 20+ years of experience building and operating organizations that deliver software products and solutions for consumers and businesses of varying sizes.

    Prior to founding Dream Payments, Anant was the COO and Director of Client Services at DonRiver Inc, a technology strategy and software consultancy that he helped to build and scale into a global company with 100+ employees operating in seven countries.

    Anant is a Professional Engineer with a Bachelor degree in Electrical Engineering from McMaster University and a certificate in Product Strategy & Management from the Kellogg School of Management at Northwestern University.

    Research Contributors and Experts

    Angela Weller

    Scrum Master, Businessolver

    Angela Weller is an experienced Agile business analyst who collaborates with key stakeholders to attain their goals and contributes to the achievement of the company’s strategic objectives to ensure a competitive advantage. She excels when mediating or facilitating teams.

    Related Info-Tech Research

    Product Delivery

    Deliver on Your Digital Product Vision

    Build a product vision your organization can take from strategy through execution.

    Deliver Digital Products at Scale

    Deliver value at the scale of your organization through defining enterprise product families.

    Build Your Agile Acceleration Roadmap

    Quickly assess the state of your Agile readiness and plan your path forward to higher value realization.

    Implement Agile Practices That Work

    Improve collaboration and transparency with the business to minimize project failure.

    Implement DevOps Practices That Work

    Streamline business value delivery through the strategic adoption of DevOps practices.

    Extend Agile Practices Beyond IT

    Further the benefits of Agile by extending a scaled Agile framework to the business.

    Build Your BizDevOps Playbook

    Embrace a team sport culture built around continuous business-IT collaboration to deliver great products.

    Embed Security Into the DevOps Pipeline

    Shift security left to get into DevSecOps.

    Spread Best Practices With an Agile Center of Excellence

    Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Enable Organization-Wide Collaboration by Scaling Agile

    Execute a disciplined approach to rolling out Agile methods in the organization.

    Related Info-Tech Research

    Application Portfolio Management

    APM Research Center

    See an overview of the APM journey and how we can support the pieces in this journey.

    Application Portfolio Management Foundations

    Ensure your application portfolio delivers the best possible return on investment.

    Streamline Application Maintenance

    Effective maintenance ensures the long-term value of your applications.

    Streamline Application Management

    Move beyond maintenance to ensuring exceptional value from your apps.

    Build an Application Department Strategy

    Delivering value starts with embracing what your department can do.

    Embrace Business-Managed Applications

    Empower the business to implement their own applications with a trusted business-IT relationship

    Optimize Applications Release Management

    Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Related Info-Tech Research

    Value, Delivery Metrics, Estimation

    Build a Value Measurement Framework

    Focus product delivery on business value–driven outcomes.

    Select and Use SDLC Metrics Effectively

    Be careful what you ask for, because you will probably get it.

    Application Portfolio Assessment: End User Feedback

    Develop data-driven insights to help you decide which applications to retire, upgrade, re-train on, or maintain to meet the demands of the business.

    Create a Holistic IT Dashboard

    Mature your IT department by measuring what matters.

    Refine Your Estimation Practices With Top-Down Allocations

    Don’t let bad estimates ruin good work.

    Estimate Software Delivery With Confidence

    Commit to achievable software releases by grounding realistic expectations.

    Reduce Time to Consensus With an Accelerated Business Case

    Expand on the financial model to give your initiative momentum.

    Optimize Project Intake, Approval, and Prioritization

    Deliver more projects by giving yourself the voice to say “no” or “not yet” to new projects.

    Enhance PPM Dashboards and Reports

    Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Related Info-Tech Research

    Organizational Design and Performance

    Redesign Your IT Organizational Structure

    Focus product delivery on business value-driven outcomes.

    Build a Strategic IT Workforce Plan

    Have the right people, in the right place, at the right time.

    Implement a New Organizational Structure

    Reorganizations are inherently disruptive. Implement your new structure with minimal pain for staff while maintaining IT performance throughout the change.

    Build an IT Employee Engagement Program

    Don’t just measure engagement, act on it

    Set Meaningful Employee Performance Measures

    Set holistic measures to inspire employee performance.

    Bibliography (Product Management)

    “12th Annual State of Agile Report.” VersionOne, 9 April 2018. Web.

    A, Karen. “20 Mental Models for Product Managers.” Product Management Insider, Medium, 2 Aug. 2018. Web.

    Adams, Paul. “Product Teams: How to Build & Structure Product Teams for Growth.” Inside Intercom, 30 Oct. 2019. Web.

    Aghina, Handscomb, Ludolph, West, and Abby Yip, “How to select and develop individuals for successful agile teams: A practical guide” McKinsey & Company 20 Dec. 2018. Web.

    Agile Alliance. “Product Owner.” Agile Alliance. n.d. Web.

    Ambler, Scott W. "Communication on Agile Software Teams“, Agile Modeling. 2001-2022. Web.

    Ambysoft. “2018 IT Project Success Rates Survey Results.” Ambysoft. 2018. Web.

    Banfield, Richard, et al. “On-Demand Webinar: Strategies for Scaling Your (Growing) Enterprise Product Team.” Pluralsight, 31 Jan. 2018. Web.

    Beck, Beedle, van Bennekum, Cockburn, Cunningham, Fowler, Grenning, Highsmith, Hunt, Jeffries, Kern, Marick, Martin, Mellor, Schwaber, Sutherland, Thomas, "Manifesto for Agile Software Development." agilemanifesto.org. 2001

    Berez, Steve, et al. “How to Plan and budget for Agile at Scale.” Bain & Company, 08 Oct 2019. Web

    Blueprint. “10 Ways Requirements Can Sabotage Your Projects Right From the Start.” Blueprint. 2012. Web.

    Breddels, Dajo, and Paul Kuijten. “Product Owner Value Game.” Agile2015 Conference, Agile Alliance 2015. Web.

    Cagan, Martin. “Behind Every Great Product.” Silicon Valley Product Group. 2005. Web.

    Cohn, Mike. “What Is a Product?” Mountain Goat Software. 6 Sept. 2016. Web.

    Connellan, Thomas K. Inside the Magic Kingdom, Bard Press, 1997.

    Curphey, Mark. “Product Definition.” SlideShare, 25 Feb. 2007. Web.

    “Delegation Poker Product Image.” Management 3.0, n.d. Web.

    Distel, Dominic, et al. “Finding the sweet spot in product-portfolio management.’ McKinsey, 4 Dec. 2020. Web

    Eringa, Ron. “Evolution of the Product Owner.” RonEringa.com, 12 June 2016. Web.

    Fernandes, Thaisa. “Spotify Squad Framework - Part I.” PM101, Medium, 6 Mar. 2017. Web.

    Galen, Robert. “Measuring Product Ownership – What Does ‘Good’ Look Like?” RGalen Consulting, 5 Aug. 2015. Web.

    Grenny, Joseph. “The Best Teams Hold Themselves Accountable.” Harvard Business Review, 30 May 2014. Web.

    Halisky, Merland, and Luke Lackrone. “The Product Owner’s Universe.” Agile2016 Conference, Agile Alliance, 2016. Web.

    Bibliography (Product Management)

    IIBA "A Guide to the Business Analysis Body of Knowledge® (BABOK® Guide) v3" IIBA. 15 APR 2015

    Kamer, Jurriaan. “How to Build Your Own ‘Spotify Model’.” The Ready, Medium, 9 Feb. 2018. Web.

    Kendis Team. “Exploring Key Elements of Spotify’s Agile Scaling Model.” Scaled Agile Framework, Medium, 23 Jul. 2018. Web.

    Lindstrom, Lowell. “7 Skills You Need to Be a Great Product Owner.” Scrum Alliance, n.d. Web.

    Lukassen, Chris. “The Five Belts Of The Product Owner.” Xebia.com, 20 Sept. 2016. Web.

    Mankins, Michael. “The Defining Elements of a Winning Culture.” Bain, 19 Dec. 2013. Web.

    McCloskey, Heather. “Scaling Product Management: Secrets to Defeating Common Challenges.” ProductPlan, 12 July 2019. Web.

    McCloskey, Heather. “When and How to Scale Your Product Team.” UserVoice, 21 Feb. 2017. Web. Mironov, Rich. “Scaling Up Product Manager/Owner Teams.” Rich Mironov's Product Bytes, Mironov Consulting, 12 Apr. 2014. Web.

    Moore, Geoffrey A. “Crossing the Chasm, 3rd Edition.” Collins Business Essentials, 28 Jan 2014

    Oh, Paul. “How Mastering Resilience Can Help Drive Agile Transformations.” Why Innovation!, 10 Oct. 2019.

    Overeem, Barry. “A Product Owner Self-Assessment.” Barry Overeem, 6 Mar. 2017. Web.

    Overeem, Barry. “Retrospective: Using the Team Radar.” Barry Overeem, 27 Feb. 2017. Web.

    Pichler, Roman. “How to Scale the Scrum Product Owner.” Roman Pichler, 28 June 2016 . Web.

    Pichler, Roman. “Product Management Framework.” Pichler Consulting Limited, 2014. Web.

    Pichler, Roman. “Sprint Planning Tips for Product Owners.” LinkedIn, 4 Sept. 2018. Web.

    Pichler, Roman. “What Is Product Management?” Pichler Consulting Limited, 26 Nov. 2014. Web.

    PMI "The high cost of low performance: the essential role of communications“. PMI Pulse of Profession, May 2013.

    Radigan,Dan. “Putting the ‘Flow' Back in Workflow With WIP Limits.” Atlassian, n.d. Web.

    Bibliography (Product Management)

    Rouse, Margaret. “Definition: product.” TechTarget, Sept. 2005. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on (Business) Value.” Scrum.org, 30 Nov. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on Agile Product Management.” Scrum.org, 28 Nov. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on Product Backlog Management.” Scrum.org, 5 Dec. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on the Product Vision.” Scrum.org, 29 Nov. 2017. Web.

    Schuurman, Robbin. “Tips for Starting Product Owners.” Scrum.org, 27 Nov. 2017. Web.

    Sharma, Rohit. “Scaling Product Teams the Structured Way.” Monetary Musings, 28 Nov. 2016. Web.

    Shirazi, Reza. “Betsy Stockdale of Seilevel: Product Managers Are Not Afraid To Be Wrong.” Austin Voice of Product, 2 Oct. 2018. Web.

    Spitz, Enid R. “The Three Kinds of Empathy: Emotional, Cognitive, Compassionate.” The Three Kinds of Empathy: Emotional, Cognitive, Compassionate. Heartmanity. Web.

    Steiner, Anne. “Start to Scale Your Product Management: Multiple Teams Working on Single Product.” Cprime, 6 Aug. 2019. Web.

    “The Qualities of Leadership: Leading Change.” Cornelius & Associates, 2016. Web.

    “The Standish Group 2015 Chaos Report.” The Standish Group. 2015. Web.

    Theus, Andre. “When Should You Scale the Product Management Team?” ProductPlan, 7 May 2019. Web.

    Tolonen, Arto. “Scaling Product Management in a Single Product Company.” Smartly.io, 26 Apr. 2018. Web.

    Ulrich, Catherine. “The 6 Types of Product Managers. Which One Do You Need?” Medium, 19 Dec. 2017. Web.

    Verwijs, Christiaan. “Retrospective: Do The Team Radar.” The Liberators, Medium, 10 Feb. 2017. Web.

    Vlaanderen, Kevin. “Towards Agile Product and Portfolio Management”. Academia.edu. 2010. Web.

    Backlog

    2009 Business Analysis Benchmark Study.” IAG Consulting, 2009. Web.

    Armel, Kate. “Data-driven Estimation, Management Lead to High Quality.” Quantitative Software Management Inc, 2015. Web.

    Bradley, Marty. “Agile Estimation Guidance.” Leading Agile, 30 Aug. 2016. Web. Feb. 2019.

    CollabNet and VersionOne. “12th Annual State of Agile Report.” VersionOne, 9 April 2018. Web.

    Craveiro, João. “Marty meets Martin: connecting the two triads of Product Management.” Product Coalition, 18 Nov. 2017. Accessed Feb. 2019.

    “Enablers.” Scaled Agile, n.d. Web.

    “Epic.” Scaled Agile, n.d. Web.

    Fischer, Christian. “Scrum Compact.” Itemis, n.d. Web. Feb. 2019.

    Hackshall, Robin. “Product Backlog Refinement.” Scrum Alliance, 9 Oct. 2014. Accessed Feb. 2019.

    Hartman, Bob. “New to agile? INVEST in good user stories.” Agile For All, 14 May 2009. Web.

    Huether, Derek. “Cheat Sheet for Product Backlog Refinement (Grooming).” Leading Agile, 2 Nov. 2013. Accessed Feb. 2019.

    Karlsson, Johan. “Backlog Grooming: Must-Know Tips for High-Value Products.” Perforce, 18 May 2018. Accessed Feb. 2019.

    Khan, Saeed. “Good Bye ‘Product Owner’, Hello ‘Backlog Manager.’” On Product Management, 27 June 2011. Accessed Feb. 2019.

    Khan, Saeed. “Let’s End the Confusion: A Product Owner is NOT a Product Manager.” On Product Management, 14 July 2017. Accessed Feb. 2019.

    Lawrence, Richard. “New Story Splitting Resource.” Agile For All. 27 Jan. 2012. Web. Feb. 2019.

    Leffingwell, Dean. “SAFe 4.0.” Scaled Agile Inc, 2017. Accessed Feb. 2019.

    Lucero, Mario. “Product Backlog – Deep Model.” Agilelucero, 8 Oct. 2014. Web.

    “PI Planning.” Scaled Agile, n.d. Web.

    Pichler, Roman. “The Product Roadmap and the Product Backlog.” Roman Pichler, 9 Sept. 2014. Accessed Feb. 2019.

    Rubin, Kenneth S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Pearson Education, 2012.

    Schuurman, Robbin. “10 Tips for Product Owners on Product Backlog Management.” Burozeven, 20 Nov. 2017. Accessed Feb. 2019.

    Srinivasan, Vibhu. “Product Backlog Management: Tips from a Seasoned Product Owner.” Agile Alliance, n.d. Accessed Feb. 2019.

    Todaro, Dave. “Splitting Epics and User Stories.” Ascendle, n.d. Accessed Feb. 2019.

    “What Characteristics Make Good Agile Acceptance Criteria?” Segue Technologies, 3 Sept. 2015. Web. Feb. 2019.

    Bibliography (Roadmap)

    Bastow, Janna. “Creating Agile Product roadmaps Everyone Understands.” ProdPad, 22 Mar. 2017. Accessed Sept. 2018.

    Bastow, Janna. “The Product Tree Game: Our Favorite Way To Prioritize Features.” ProdPad, 21 Feb. 2016. Accessed Sept. 2018.

    Chernak, Yuri. “Requirements Reuse: The State of the Practice.” 2012 IEEE International Conference, 12 June 2012, Herzliya, Israel. Web.

    Fowler, Martin. “Application Boundary.” MartinFowler.com, 11 Sept. 2003. Accessed 20 Nov. 2017.

    Harrin, Elizabeth. “Learn What a Project Milestone Is.” The Balance Careers, 10 May 2018. Accessed Sept. 2018.

    “How to create a product roadmap.” Roadmunk, n.d. Accessed Sept. 2018.

    Johnson, Steve. “How to Master the 3 Horizons of Product Strategy.” Aha!, 24 Sept. 2015. Accessed Sept. 2018.

    Johnson, Steve. “The Product Roadmap vs. the Technology Roadmap.” Aha!, 23 June 2016. Accessed Sept. 2018

    Juncal, Shaun. “How Should You Set Your Product Roadmap Timeframes?” ProductPlan, Web. Sept. 2018.

    Leffingwell, Dean. “SAFe 4.0.” Scaled Agile, 2017. Web.

    Maurya, Ash. “What is a Minimum Viable Product (MVP).” Leanstack, 12 June 2017. Accessed Sept. 2018.

    Pichler, Roman. “10 Tips for Creating an Agile Product Roadmap.” Roman Pichler, 20 July 2016. Accessed Sept. 2018.

    Pichler, Roman. Strategize: Product Strategy and Product Roadmap Practices for the Digital Age. Pichler Consulting, 2016.

    “Product Roadmap Contents: What Should You Include?” ProductPlan, n.d. Accessed 20 Nov. 2017.

    Saez, Andrea. “Why Your Roadmap Is Not a Release Plan.” ProdPad, 23 October 2015. Accessed Sept. 2018.

    Schuurman, Robbin. “Tips for Agile product roadmaps & product roadmap examples.” Scrum.org, 7 Dec. 2017. Accessed Sept. 2018.

    Bibliography (Vision and Canvas)

    Adams, Paul. “The Future Product Canvas.” Inside Intercom, 10 Jan. 2014. Web.

    “Aligning IT Funding Models to the Pace of Technology Change.” EDUCAUSE, 14 Dec. 2015. Web.

    Altman, Igor. “Metrics: Gone Bad.” OpenView, 10 Nov. 2009. Web.

    Barry, Richard. “The Product Vision Canvas – a Strategic Tool in Developing a Successful Business.” Polymorph, 2019. Web.

    “Business Canvas – Business Models & Value Propositions.” Strategyzer, 2019. Web.

    “Business Model Canvas.” Wikipedia: The Free Encyclopedia, 4 Aug. 2019. Web.

    Charak, Dinker. “Idea to Product: The Working Model.” ThoughtWorks, 13 July 2017. Web.

    Charak, Dinker. “Product Management Canvas - Product in a Snapshot.” Dinker Charak, 29 May 2017. Web.

    Chudley, James. “Practical Steps in Determining Your Product Vision (Product Tank Bristol, Oct. 2018).” LinkedIn SlideShare. Uploaded by cxpartners, 2 Nov. 2018. Web.

    Cowan, Alex. “The 20 Minute Business Plan: Business Model Canvas Made Easy.” COWAN+, 2019. Web.

    Craig, Desiree. “So You've Decided To Become A Product Manager.” Start it up, Medium, 2 June 2019. Web.

    “Create an Aha! Business Model Canvas Strategic Model.” Aha! Support, 2019. Web.

    Eick, Stephen. “Does Code Decay? Assessing the Evidence from Change Management Data.” IEEE Transactions on Software Engineering, vol. 27, no. 1, Jan. 2001, pp. 1-12. Web.

    Eriksson, Martin. “The next Product Canvas.” Mind the Product, 22 Nov. 2013. Web.

    “Experience Canvas: a Lean Approach: Atlassian Team Playbook.” Atlassian, 2019. Web.

    Freeman, James. “How to Make a Product Canvas – Visualize Your Product Plan.” Edraw, 23 Dec. 2019. Web.

    Fuchs, Danny. “Measure What Matters: 5 Best Practices from Performance Management Leaders.” OpenGov, 8 Aug. 2018. Web.

    Gorisse, Willem. “A Practical Guide to the Product Canvas.” Mendix, 28 Mar. 2017. Web.

    Gothelf, Jeff. “The Lean UX Canvas.” Jeff Gothelf, 15 Dec. 2016. Web.

    Gottesdiener, Ellen. “Using the Product Canvas to Define Your Product: Getting Started.” EBG Consulting, 15 Jan. 2019. Web.

    Gottesdiener, Ellen. “Using the Product Canvas to Define Your Product's Core Requirements.” EBG Consulting, 4 Feb. 2019. Web.

    Gray, Mark Krishan. “Should I Use the Business Model Canvas or the Lean Canvas?” Blog, Medium.com, 2019. Web.

    Bibliography (Vision and Canvas)

    Hanby, Jeff. "Software Maintenance: Understanding and Estimating Costs." LookFar, 21 Oct. 2016. Web.

    “How do you define a product?” Scrum.org, 4 Apr 2017, Web

    Juncal, Shaun. “How to Build a Product Roadmap Based on a Business Model Canvas.” ProductPlan, 19 June 2019. Web.

    “Lean Canvas Intro - Uber Example.” YouTube, uploaded by Railsware Product Academy, 12 Oct. 2018. Web.

    “Lesson 6: Product Canvas.” ProdPad Help Center, 2019. Web.

    Lucero, Mario. “The Product Canvas.” Agilelucero.com, 22 June 2015. Web.

    Maurya, Ash. “Create a New Lean Canvas.” Canvanizer, 2019. Web.

    Maurya, Ash. “Don't Write a Business Plan. Create a Lean Canvas Instead.” LEANSTACK, 2019. Web.

    Maurya, Ash. “Why Lean Canvas vs Business Model Canvas?” Medium, 27 Feb. 2012. Web.

    Mirabelli, Vincent. “The Project Value Canvas.” Vincent Mirabelli, 2019. Web.

    Mishra, LN. “Business Analysis Canvas – The Ultimate Enterprise Architecture.” BA Times, 19 June 2019. Web.

    Muller. Jerry Z. “Why performance metrics isn’t always the best way to judge performance.” Fast Company, 3 April 2019. Web.

    Perri, Melissa. “What Is Good Product Strategy?” Melissa Perri, 14 July 2016. Web.

    Pichler, Roman. “A Product Canvas for Agile Product Management, Lean UX, Lean Startup.” Roman Pichler, 16 July 2012. Web.

    Pichler, Roman. “Introducing the Product Canvas.” JAXenter, 15 Jan. 2013. Web.

    Pichler, Roman. “Roman's Product Canvas: Introduction.” YouTube, uploaded by Roman Pichler, 3 Mar. 2017. Web.

    Pichler, Roman. “The Agile Vision Board: Vision and Product Strategy.” Roman Pichler, 10 May 2011. Web.

    Pichler, Roman. “The Product Canvas – Template.” Roman Pichler, 11 Oct. 2016. Web.

    Pichler, Roman. “The Product Canvas Tutorial V1.0.” LinkedIn SlideShare. Uploaded by Roman Pichler, 14 Feb. 2013. Web.

    Pichler, Roman. “The Product Vision Board: Introduction.” YouTube uploaded by Roman Pichler, 3 Mar. 2017. Web.

    “Product Canvas PowerPoint Template.” SlideModel, 2019. Web.

    Bibliography (Vision and Canvas)

    “Product Canvas.” SketchBubble, 2019, Web.

    “Product Canvas.” YouTube, uploaded by Wojciech Szramowski, 18 May 2016. Web.

    “Product Roadmap Software to Help You Plan, Visualize, and Share Your Product Roadmap.” Productboard, 2019. Web.

    Roggero, Giulio. “Product Canvas Step-by-Step.” LinkedIn SlideShare, uploaded by Giulio Roggero, 18 May 2013. Web.

    Royce, Dr. Winston W. “Managing the Development of Large Software Systems.” Scf.usc.edu, 1970. Web.

    Ryan, Dustin. “The Product Canvas.” Qdivision, Medium, 20 June 2017. Web.

    Snow, Darryl. “Product Vision Board.” Medium, 6 May 2017. Web.

    Stanislav, Shymansky. “Lean Canvas – a Tool Your Startup Needs Instead of a Business Plan.” Railsware, 12 Oct. 2018. Web.

    Stanislav, Shymansky. “Lean Canvas Examples of Multi-Billion Startups.” Railsware, 20 Feb. 2019. Web.

    “The Product Vision Canvas.” YouTube, Uploaded by Tom Miskin, 20 May 2019. Web.

    Tranter, Leon. “Agile Metrics: the Ultimate Guide.” Extreme Uncertainty, n.d. Web.

    “Using Business Model Canvas to Launch a Technology Startup or Improve Established Operating Model.” AltexSoft, 27 July 2018. Web.

    Veyrat, Pierre. “Lean Business Model Canvas: Examples + 3 Pillars + MVP + Agile.” HEFLO BPM, 10 Mar. 2017. Web.

    “What Are Software Metrics and How Can You Track Them?” Stackify, 16 Sept. 2017. Web

    “What Is a Product Vision?” Aha!, 2019. Web.

    Supporting Research

    Transformation topics and supporting Info-Tech research to make the journey easier, with less rework.

    Supporting research and services

    Improving IT alignment

    Build a Business-Aligned IT Strategy

    Success depends on IT initiatives clearly aligned to business goals, IT excellence, and driving technology innovation.

    Includes a "Strategy on a page" template

    Make Your IT Governance Adaptable

    Governance isn't optional, so keep it simple and make it flexible.

    Create an IT View of the Service Catalog

    Unlock the full value of your service catalog with technical components.

    Application Portfolio Management Foundations

    Ensure your application portfolio delivers the best possible return on investment.

    Supporting research and services

    Shifting toward Agile DevOps

    Agile/DevOps Resource Center

    Tools and advice you need to be successful with Agile.

    Develop Your Agile Approach for a Successful Transformation

    Understand Agile fundamentals, principles, and practices so you can apply them effectively in your organization.

    Implement DevOps Practices That Work

    Streamline business value delivery through the strategic adoption of DevOps practices.

    Perform an Agile Skills Assessment

    Being Agile isn't about processes, it's about people.

    Define the Role of Project Management in Agile and Product-Centric Delivery

    Projects and products are not mutually exclusive.

    Supporting research and services

    Shifting toward product management

    Make the Case for Product Delivery

    Align your organization on the practices to deliver what matters most.

    Deliver on Your Digital Product Vision

    Build a product vision your organization can take from strategy through execution.

    Deliver Digital Products at Scale

    Deliver value at the scale of your organization through defining enterprise product families.

    Build a Better Product Owner

    Strengthen the product owner's role in your organization by focusing on core capabilities and proper alignment.

    Supporting research and services

    Improving value and delivery metrics

    Build a Value Measurement Framework

    Focus product delivery on business value-driven outcomes.

    Create a Holistic IT Dashboard

    Mature your IT department by measuring what matters.

    Select and Use SDLC Metrics Effectively

    Be careful what you ask for because you will probably get it.

    Reduce Time to Consensus With an Accelerated Business Case

    Expand on the financial model to give your initiative momentum.

    Supporting research and services

    Improving governance, prioritization, and value

    Make Your IT Governance Adaptable

    Governance isn't optional, so keep it simple and make it flexible.

    Maximize Business Value from IT Through Benefits Realization

    Embed benefits realization into your governance process to prioritize IT spending and confirm the value of IT.

    Drive Digital Transformation With Platform Strategies

    Innovate and transform your business models with digital platforms.

    Succeed With Digital Strategy Execution

    Building a digital strategy is only half the battle: create a systematic roadmap of technology initiatives to execute the strategy and drive digital transformation.

    Build a Value Measurement Framework

    Focus product delivery on business value-driven outcomes.

    Create a Holistic IT Dashboard

    Mature your IT department by measuring what matters.

    Supporting research and services

    Improving requirements management and quality assurance

    Requirements Gathering for Small Enterprises

    Right-size the guidelines of your requirements gathering process.

    Improve Requirements Gathering

    Back to basics: great products are built on great requirements.

    Build a Software Quality Assurance Program

    Build quality into every step of your SDLC.

    Automate Testing to Get More Done

    Drive software delivery throughput and quality confidence by extending your automation test coverage.

    Manage Your Technical Debt

    Make the case to manage technical debt in terms of business impact.

    Create a Business Process Management Strategy

    Avoid project failure by keeping the "B" in BPM.

    Build a Winning Business Process Automation Playbook

    Optimize and automate your business processes with a user-centric approach.

    Create a Winning BPI Playbook

    Don't waste your time focusing on the "as is." Focus on the improvements and the "to be."

    Supporting research and services

    Improving release management

    Optimize Applications Release Management

    Build trust by right-sizing your process using appropriate governance.

    Streamline Application Maintenance

    Effective maintenance ensures the long-term value of your applications.

    Streamline Application Management

    Move beyond maintenance to ensure exceptional value from your apps.

    Optimize Change Management

    Right-size your change management process.

    Manage Your Technical Debt

    Make the case to manage technical debt in terms of business impact.

    Improve Application Development Throughput

    Drive down your delivery time by eliminating development inefficiencies and bottlenecks while maintaining high quality.

    Supporting research and services

    Business relationship management

    Embed Business Relationship Management

    Leverage knowledge of the business to become a strategic IT partner.

    Improving security

    Build an Information Security Strategy

    Create value by aligning your strategy to business goals and business risks.

    Develop and Deploy Security Policies

    Enhance your overall security posture with a defensible and prescriptive policy suite.

    Simplify Identity and Access Management

    Leverage risk- and role-based access control to quantify and simplify the IAM process.

    Supporting research and services

    Improving and supporting business-managed applications

    Embrace Business-Managed Applications

    Empower the business to implement their own applications with a trusted business-IT relationship.

    Enhance Your Solution Architecture Practices

    Ensure your software systems solution is architected to reflect stakeholders’ short-and long-term needs.

    Satisfy Digital End Users With Low- and No-Code

    Extend IT, automation, and digital capabilities to the business with the right tools, good governance, and trusted organizational relationships.

    Build Your First RPA Bot

    Support RPA delivery with strong collaboration and management foundations.

    Automate Work Faster and More Easily With Robotic Process Automation

    Embrace the symbiotic relationship between the human and digital workforce.

    Supporting research and services

    Improving business intelligence, analytics, and reporting

    Modernize Data Architecture for Measurable Business Results

    Enable the business to achieve operational excellence, client intimacy, and product leadership with an innovative, Agile, and fit-for-purpose data architecture practice.

    Build a Reporting and Analytics Strategy

    Deliver actionable business insights by creating a business-aligned reporting and analytics strategy.

    Build Your Data Quality Program

    Quality data drives quality business decisions.

    Design Data-as-a-Service

    Journey to the data marketplace ecosystems.

    Build a Robust and Comprehensive Data Strategy

    Key to building and fostering a data-driven culture.

    Build an Application Integration Strategy

    Level the table before assembling the application integration puzzle or risk losing pieces.

    Appendix

    Pulse survey results

    Pulse survey (N=18): What are the key components of product/service ownership?

    Pulse survey results: What are the key components of product/service ownership? Table shows answer options and responses in percentage.

    Pulse Survey (N=18): What are the key individual skills for a product/service owner?

    What are the key individual skills for a product/service owner? Table shows answer options and responses in percentage

    Other choices entered by respondents:

    • Anticipating client needs, being able to support delivery in all phases of the product lifecycle, adaptability, and ensuring a healthy backlog (at least two sprints’ worth of work).
    • Requirements elicitation and prioritization.
    • The key skill is being product-focused to ensure it provides value for competitive advantage.

    Pulse Survey (N=18): What are three things an outstanding product/service owner does that an average one doesn’t?

    What are three things an outstanding product/service owner does that an average one doesn't? Table shows results.

    Business Process Controls and Internal Audit

    • Buy Link or Shortcode: {j2store}37|cart{/j2store}
    • Related Products: {j2store}37|crosssells{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security and Risk
    • Parent Category Link: security-and-risk
    Establish an Effective System of Internal IT Controls to Mitigate Risks.

    Implement the Next-Generation IT Operating Model

    • Buy Link or Shortcode: {j2store}85|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    IT is being challenged to change how it operates to better support evolving organizations by:

    • Considering the needs of customers, end users, and organizational stakeholders simultaneously.
    • Leveraging resources strategically to support the various IT and digital services being offered.
    • Creating a digital services enablement office that can design, monitor, and continuously enhance services.

    Our Advice

    Critical Insight

    • The role of IT is changing, and with that, how IT needs to operate to deliver value is also changing. Don’t get left behind with an irrelevant IT operating model.
    • Elevate your reputation as a leader beyond the CIO role. Mature your organization’s digital services by considering the customer experience first.
    • As recessions, disasters, and pandemics hit, don’t adopt old ways of operating with 2008 centralized models. Embrace a hybrid IT where value sets your organization apart.

    Impact and Result

    • Embrace the Exponential IT Operating Model so you can:
      • Say “yes” to stakeholders trying to provide a better experience for customers and consumers.
      • Leverage data more effectively across your organization.
      • Consider how to integrate and deliver services using resources effectively and strategically.

    Implement the Next-Generation IT Operating Model Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Implement the Next-Generation IT Operating Model Deck – The next generation operating model for organizations embracing exponential IT.

    This research piece is for any IT leaders looking to support the organization in its post-transformation state by focusing on the customer experience when operating. CIOs struggling with outdated IT operating models can demonstrate true partnership with this digital services next-generation IT operating model.

    • Implement the Next-Generation IT Operating Model Storyboard

    2. Exponential IT Operating Model Readiness Assessment – A tool to assess your organization’s readiness to adopt this next generation of IT operating models.

    Use this tool to determine whether your organization has the fundamental components necessary to support the adoption of an Exponential IT operating model.

    • Exponential IT Operating Model Readiness Assessment

    3. Career Vision Roadmap Tool – A template to create a simple visual roadmap of your desired career progression from CIO to chief digital services officer (CDSO).

    Use this template to create a roadmap on how to transform your career from CIO to CDSO leveraging key strengths and relationships. Focus on opportunities to demonstrate IT’s maturity and the customer experience at the forefront of your decisions.

    • Career Vision Roadmap
    [infographic]

    Further reading

    Implement the Next-Generation IT Operating Model

    The operating model for organizations embracing Exponential IT and transforming into technology-first enterprises.

    Analyst Perspective

    Be the organization that can thrive in an exponential IT world.

    A picture of Carlene McCubbin A picture of Brittany Lutes

    Carlene McCubbin
    Research Practice Lead
    CIO Organizational
    Transformation Practice
    Info-Tech Research Group

    Brittany Lutes
    Research Director,
    CIO Organization Transformation Practice
    Info-Tech Research Group

    IT leaders are increasingly expected to be responsible for understanding and delivering high-value customer experiences. This evolution depends on the distribution and oversight of IT capabilities that are embedded throughout the organizational structure.

    Defining digital strategic objectives, establishing governance frameworks for an autonomous culture, and enabling the organization to act on insightful data are all impossible without a new way of operating that involves the oversight and accountability of advancing IT roles. Through exponential change, functional groups can lose clarity regarding their responsibilities, creating a sense of ambiguity and disorder.

    But adopting a new way of working that supports an exponential IT organization does not have to be difficult. Leveraging Info-Tech Research Group's next-generation operating model, you can clearly demonstrate how the organization will collaborate to deliver on the various digital and IT services. This is no longer just an IT operating model, but a technology-first enterprise model.

    Included in this blueprint:

    Exponential IT Model

    Defines how the Exponential IT model operates and delivers value to the organization.
    This is done by exploring:

    • Exponential IT cultural norms and behaviors
    • Opportunities and risks of the Exponential IT model
    • A breakdown of the embedded, integrated, and centralized aspects of the model
    • Operating model value stream stages
    • An assessment on whether the Exponential IT operating model is right for your organization

    Changing Role of IT Leader

    Defines how chief information officers (CIOs) can operate or elevate their role in this changing operating model.

    • Identifies why the C-suite is changing – again
    • How IT leaders should consider where they will add value in the new operating model
    • Outlines examples of future organization-wide structures and where IT roles are positioned
    • Supports IT leaders in developing themselves to operate in this structure

    Executive Summary

    Your Challenge

    IT is challenged to change how it operates to better support evolving organizations. IT must:

    • Consider the needs of customers, end users, and organization stakeholders simultaneously.
    • Leverage resources strategically to support the various IT and digital services being offered.
    • Create a digital services enablement office to design, monitor, and enhance services continuously.

    While many organizations have projects that support a digital strategy, few have an operating model that supports this digital services strategy.

    Common Obstacles

    Organizations struggle to support the definition and ongoing maintenance of services because:

    • The organization's Digital and IT services offerings are not clear.
    • The functional team accountable to deliver on each IT or Digital service is ambiguous.
    • There are insufficient resources to support all the IT and Digital services being offered.
    • C-suite leaders required to support the services are missing or in the wrong role to effectively lead.
    • Technology has not been standardized to ensure consistency and effectiveness.

    Info-Tech's Approach

    Embrace the IT operating model that focuses on the enablement and delivery of Digital and IT services by:

    • Having technology stakeholders actively collaborate to decide on priorities and deliver on objectives.
    • Leveraging data more effectively across the organization to understand and meet user needs.
    • Ensuring technology architecture and security standards are well-established and followed by all throughout the organization.
    • Allocating dedicated and skilled resources to ensure services can be continuously delivered.

    Info-Tech Insight

    The first IT operating model where customer engagement with IT and Digital Services is at the forefront.

    What is an operating model?

    An IT operating model is a visual representation of the way your IT organization will function using a clear and coherent blueprint. This visualization demonstrates how capabilities are organized and aligned to deliver on the business mission and strategic and technological objectives.

    The should visualize the optimization and alignment of the IT organization to deliver the capabilities required to achieve business goals. Additionally, it should demonstrate the workflow so key stakeholders can understand where inputs flow in and outputs flow out of the IT organization. Investing time in the front-end to get the operating model right is critical. This will give you a framework to rationalize future organizational changes, allowing you to be more iterative and your model to change as the business changes.

    An image of a sample Operating Model


    From computerization to digitization to the new frontier in autonomization, IT has progressively matured, enabling it to actively lead this next stage of business transformation.

    EXPONENTIAL RISK
    Autonomous processes will integrate with human-led processes, creating risks to business continuity, information security, and quality of delivery. Supplier power will exacerbate business risks.

    EXPONENTIAL REWARD
    The efficiency gains and new value chains created through artificial intelligence (AI), robotics, and additive manufacturing will be very significant. Most of this value will be realized through the augmentation of human labor.

    EXPONENTIAL DEMAND
    Autonomous solutions for productivity and back-office applications will eventually become commoditized and provided by a handful of large vendors. There will, however, be a proliferation of in-house algorithms and workflows to autonomize the middle and front office, offered by a busy landscape of industry-centric capability vendors.

    EXPONENTIAL IT

    Exponential IT involves IT leading the cognitive re-engineering of the organization with evolved practices for:

    • IT governance
    • Asset management
    • Vendor management
    • Data management
    • Business continuity management
    • Information security management

    To learn more about IT's journey into autonomization, check out Info-Tech Research Group's Adopt an Exponential IT Mindset blueprint.

    The IT operating model must evolve to respond to exponential change

    • Ensuring customers are not an afterthought to IT leaders. Customers inform how and where IT leaders invest resources to realize organizational objectives.
    • Adopting a formalized approach to service definition and delivery to eliminate silos.
    • Leveraging data throughout the organization to better inform and enable the various digital services in meeting customer demands.
    • Responding to employee demands for development and training opportunities by applying skills in new settings.
    • Having cross-collaboration mechanisms built into the ways of operating to reduce silos across the organization.
    • Enabling services through a strong set of governance and risk mandates and practices.
    • Eliminating the need for IT capabilities to only be within an IT department.

    IT can no longer be just a service provider:

    78% of IT leaders with established digital strategies and 45% of IT leaders with emerging digital strategies are driven by customer experiences.
    Source: Foundry "Digital Business Study,"2023

    40% - The number of CIOs that are responsible for creating new products or services to support revenue generation.
    Source: Foundry, "The State of the CIO," 2023

    This change requires a breakdown of traditional IT-business divisions

    CIOs must recognize that separating IT from the business is restrictive

    • Many organizations have recently completed or are in the process of completing a digital transformation focused on enhanced employee and customer experiences.
    • Post-transformation organizations must change how they operate to continue to deliver on those enhanced experiences, especially for the customer.
    • There must no longer be a wall between IT and the business, but a unified organization offering digital services that include IT components. Already, 81% of work is being performed across the functional boundaries created in an organization (Deloitte, 2023).
    • Effectively designing, delivering, and maintaining these services depends on a Digital Services functional layer, expanding IT's involvement into how the business delivers worthwhile experiences to customers.
    • This Digital Services functional layer will consider whether the new services are better owned by the IT group or another area of the organization.
    • CIOs need to be prepared to adopt a new way of operating or be left to manage a smaller subset of IT functions.

    "I think we've done the IT industry a disservice by constantly referring to IT and the business, artificially creating this wedge."
    – David Vidoni, VP of IT at Pegasystems
    Source: Dan Roberts, CIO, 2023

    Four trends driving an Exponential IT organization include:

    Emerging Technologies

    • 67% of respondents to KPMG's 2022 Global Tech Survey indicated they intend to embrace emerging platforms by the end of 2024.(1)
    • The technology landscape is constantly shifting with artificial intelligence (AI), quantum computing, 5G cellular networks, and next-generation robotics. Each of these technologies requires new capabilities and a new way in which those capabilities are organized.

    Enhanced Customer Experiences

    • 24% of CIOs have been tasked by their CEO to increase the customer experience.(3)
    • Organizations realize that to gain and retain customers, it has become necessary to consistently evaluate service offerings and identify opportunities for enhancement or new services.

    Digital Trust

    • 1/3 of CISOs plan to increase their GRC focus during the next year and 36% have already begun to implement Zero Trust components.(2)
    • Risk and security capabilities mature focusing on defined enterprise accountability, consideration of ethics and inclusivity and proactive security controls.

    Embedded Technology & Skills

    • Spending on embedded software is expected to increase to $21.5 billion by 2027.(4)
    • The technology strategy no longer resides solely within IT. The organization must take ownership of this strategy while they define their digital strategies. Technology services are also embedded.

    (1) "Global Tech Survey," KPMG, 2022
    (2) "Global Digital Trust Insights Report," PwC, 2023
    (3) "State of IT Report," Foundry, 2023
    (4) "Global surge in embedded software demand; here is why," DAC Digital, 2023

    Application of the Four Key Trends on your Exponential IT operating model:

    Respond to Emerging Technology In response to changing customer demands, organizations need to actively seek, assess, and integrate emerging technology offerings easily and effectively. By governing data at an enterprise level and implementing the necessary guardrails in the form of architecture and security standards at the technology layer, it becomes easier to adopt new technologies such as artificial intelligence (AI). This should be tied to any mandated objectives.
    Build Digital Trust Capabilities Finding and hiring the right security professionals has long been a challenge for organizations. In the Exponential IT model, focus on security oversight increases and fewer operational resources are required. The model sees governing IT security processes and vendor delivery as priorities to enable the right technology without exposing the organization to undue risk. There should be more security-related capabilities in your Exponential IT model.
    Elevate the Customer Experience Evolving the organization's digital offering requires understanding of and active response to the changing demands of customers. This is accomplished by leveraging information from organization-wide data sources and the modular components of the organization's current digital offerings. The components can be reconfigured (or new ones added) to create digital services for the customer.
    Formalize Embedded Business Technology & Roles Technology is actively included in the organization's business (digital) strategy. This ensures that technology remains an embedded component of how the organization competes in the market, supplies invaluable services, and delivers on strategic objectives. The separation of IT from the organization becomes redundant.
    Visualize your IT Operating Model.

    Adopting an Exponential IT operating model is typically influenced by resonating with the following drivers:

    Culture

    IT Strategy & Objectives

    Organization Operating Model

    Organization Size & Structure

    Perception of IT

    Risk Appetite

    A cooperative and innovative culture where the organization does not feel constrained by current processes. Establishing a growth mindset across all the organization's groups is reflected by the trust service owners receive.

    Focused on delivering the best customer experience. The roadmap would include ample opportunities to better support the customer in obtaining or exceeding the degree of value they receive from the organization.

    Empowering service owners across the organization to be accountable for the delivery and value of their services. Lots of collaboration among stakeholders who know what services are offered and how those services leverage technology.

    More appropriate for larger organizations due to the resources required to design and enable successful services. IT resources would also be pooled by skills.

    IT is not a service provider but an equal that enables the organization's success. Without IT involvement, digital services may be omitted and opportunities to enhance the customer experience would be missed.

    While innovation and new service offerings are critical to success, there are functional groups that remain focused on defining the level of risk tolerance that supports the appropriate risk appetite to consider new service offerings.

    Section 1: The Next-Generation Operating Model

    The Technology Value Trinity

    Delivery of Business Value & Strategic Needs

    I&T OPERATING MODEL

    DIGITAL & TECHNOLOGY STRATEGY

    I&T GOVERNANCE

    The model for how IT is organized to deliver on business needs and strategies.

    The identification of objectives and initiatives necessary to achieve business goals.

    Ensures the organization and its customers extract maximum value from the use of information and technology.

    All three elements of the Technology Value Trinity work together to deliver business value and achieve strategic needs. As one changes, the others must change as well.
    How do these three elements relate?

    • I&T Operating Model aligns resources, processes, measures, stakeholders, value streams, and decision rights to enable the delivery of your strategy and priorities. This is done by strategically structuring IT capabilities in a way that enables the organization's vision and considers the context in which the model will operate.
    • Digital and IT Strategy tells you what you must achieve to be successful. For an Exponential IT organization, customer demands and digital service offerings would drive strategic decisions.
    • I&T Governance is the confirmation of IT's goals and strategy, which ensures the alignment of IT and business strategy. This is the mechanism by which you continuously prioritize work so that what is delivered aligns with the strategy.

    Strategy, operating models, and governance are too often considered separate practices – strategies are defined without clarity on how to support. A significant change to your strategy necessitates a change to your operating model, which in turn necessitates a change to your governance and organizational structure.

    The Exponential IT operating model delivers value across seven components

    Exponential IT

    Capabilities

    Products, Services and Technology

    Performance Measures

    Stakeholder Engagement & Collaboration

    Decision Rights & Authority

    Value Streams

    Sourcing

    IT capabilities in the Exponential IT model are spread across the organization. The result removes the separation between IT and the organization. Instead, the organization takes accountability for ensuring technology capabilities are delivered.

    Digital service offerings dominate this model, focusing on providing better experiences for customers. Some technology platforms are specific to a service such as access management, while others span service offerings such as architecture or security.

    This model's success is measured by the overall ability to satisfy the customer experience through designing and delivering the right digital service offerings. Service owners are responsible for continuously monitoring and advancing the delivery of the service.

    The end-customer is the main stakeholder for this operating model, where understanding their needs and demands informs the design, maintenance, and improvement of all services. There is no longer IT vs. the business but an organizational perspective of services.

    This model's decision-making spans the organization. The service owners of digital offerings have authority and autonomy deciding which services to design, how they should be integrated with other services, and how those services will continually deliver value to customers.

    Exponential IT's five core value streams are:

    1. Identifying and prioritizing customer needs
    2. Designing IT and Digital Services
    3. Enabling IT & Digital Service success
    4. Assigning skilled employees to deliver services
    5. Owning & managing services

    Internal resource pools might need to be supplemented with contract resources when demand exceeds capacity, requiring a strong partnership with the Vendor Management Team. Service owners will also need to engage and manage the performance of their vendor solution partners.

    Organizations adopting the Exponential IT Model will experience new norms and behaviors

    Customer-Centric
    Dedicated to the customer experience and making sure that the end customer is considered first and foremost.

    "Yes" Approach
    The organization can say yes to emerging technology and customer desires because it has organized itself to be agile in its digital service offerings.

    Digital Service Ownership
    Digital service offerings are owned and managed across the organization ensuring the continuous delivery of value to customers.

    Employee Development
    Resources are organized into pods based on specific skills or functions increasing the likelihood of adopting new skills.

    Autonomization
    Centralized and accessible data provides service owners autonomy when making informed decisions that support enhanced customer experiences.

    Exponential IT is an embedded model approach

    Info-Tech has identified seven common IT operating model archetypes. Each model represents a different approach to who delivers technology services and how. Each model is designed to drive different outcomes, as the way your organization is structured will dictate the way it behaves. The Exponential IT model is an emerging archetype which capitalizes on embedded delivery.

    An image of the exponential IT embedded model approach.

    Centralized

    Shifted

    Embedded

    Owned and operated by leadership within IT. IT takes full responsibility of the functional areas and maintains control over the outcomes.

    Can be owned/operated by a variety of leadership roles throughout the organization. This can shift from IT ownership to other organizational leadership. Decisions about ownership are often made to enable quick response or mitigate risks.

    Owned/operated by leadership outside of traditional IT. Another area of the organization has taken authoritative power over the outcome of this functional area for a quicker response.

    Even as an embedded IT operating model, shifted and centralized IT functions as support

    1. Embedded functions required for scaled autonomation
      Definition and oversight of the organization's strategic direction demonstrated through a customer-first culture, data insights, and a well-defined risk appetite.
    2. Integrated design and optimization of the digital service offering
      Actively considers the customer experience and designs the appropriate services to be delivered. Considers all aspects in the design and delivery of services by exploring opportunities to integrate components to enhance customer experiences or architecting new service offerings to eliminate gaps.
    3. Centralized standards for IT technology, security & resources
      Technology functions continue to deliver exceptional services to the enterprise including clear standards for technology and solution architecture, application of security requirements, and resources to enable various service offerings.

    Opportunities and risks of the Exponential IT model

    Opportunities

    Risks
    • Focused on the end-customer experience and how to ensure that customer remains satisfied and loyal to the organization.
    • The capability center allows resources to be used strategically according to where they would most improve the customer experience.
    • Services are owned by the most appropriate areas within the organization—sometimes IT and other times not. In either case, services should always possess technological knowledge.
    • The organization's transformation strategy is not just driving IT's strategy but how IT should be organized and operating. This eliminates disconnect from larger strategic objectives.
    • Data intelligence and customer insights enable the shifted and centralized areas of the operating model to deliver effective and valuable experiences for all stakeholders.
    • Requires a high degree of maturity to support a variety of individuals in owning IT and digital capabilities.
    • Organizational buy-in to this operating model archetype is a must. IT cannot select this operating model without that support.
    • Processes around how all IT and Digital Services consider security and technology standards need to be well-documented and enforceable.
    • Depending on which leaders oversee the three areas of the model (embedded, shifted, or centralized), power struggles could occur which negatively impact services.
    • This model will demand governance, risk, and culture to be at the forefront of how it operates. If an accountability framework does not exist, expect this model to fail.

    The Exponential IT operating model blends embedded, shifted and centralized delivery to balance agility & risk

    An image of the Exponential IT Operating Model.

    The Exponential IT model commands a new placement and significance of IT capabilities

    Using capabilities for the operating model

    • Capabilities are focused on the entire system that would be in place to satisfy a particular need. This not only includes the people who are able to complete a specific task, but the technology, processes, and resources required to deliver.
    • Focusing on capabilities rather than the individuals in organizational redesign enables a more objective and holistic view of what your organization is striving toward.
    • Capabilities deliver on specific need(s) and how they are organized changes the way those needs are delivered.
    The Exponential IT principles as an image: Strategy and Governance, Financial Management, Service Planning and Architecture, People and Resources, Security and Risk, Applications, Data and Analytics, Infrastructure and Operations, and PPM and Projects.

    1. Embedded functions required for autonomization

    Overview of the function:

    • Focuses on a single strategy and roadmap for the organization that actively includes technology.
    • Governance, risk, compliance, and general oversight are defined and embedded throughout the organization.
    • Ensures that quality data is being generated to help inform the defined digital service offering.
    • Readies the organization to adopt emerging technology quickly and with minimal disruption to other digital service offerings.
    • A team of technical experts that decides what information should exist for operational efficiency or service innovation.

    Embedded functions required for autonomization

    2. Integrated design and optimization of the digital service offering

    Overview of the function:

    • Analyzes and responds to insights about the customer experience.
    • Maintains the portfolio of the organization's digital service offerings.
    • Considers what is necessary to operate efficiently as an organization while simultaneously exploring emerging technology to optimize new or existing digital services.
    • Requires the expertise and involvement of both business-minded and technology-skilled resources.
    • The differentiating factor from other IT operating models is how it holistically considers all the components throughout the organization and how they are connected.

    Integrated design and optimization of the digital service offering

    3. Centralized standards for IT technology, security & resources

    Overview of the function:

    • Compared with other IT operating model archetypes, the Exponential IT model has fewer capabilities that are centralized within the technology function of an organization.
    • Architecture and standards are the foundation of successful embedded delivery, ensuring reuse, improved integration, and a unified experience. This includes technology, risk, data, AI and security architecture, models, and standards.
    • Employee resources are also organized in pods to be leveraged based on greatest need and skills availability.
    • This lets the organization be more agile when innovating and implementing new digital service offerings.

    Centralized standards for IT technology, security & resources

    Exponential IT explores new value stream stages

    Customer Perspective

    The organization is continually anticipating their wants and needs and establishing mechanisms to vocalize those needs.

    Customer receives the right IT and digital services to respond to their needs.

    The service is easy to use and continuously responds to wants and needs.

    The service is meeting expectations or exceeding them.

    There is a dedicated service owner who can hear demands and feedback, then action desirable outcomes.

    Value Stream Stages

    An image of the Value Stream

    Organizational Perspective

    Expected Outcome

    Customers' wants and needs are understood and at times anticipated before the customer requests them.

    Assess needs to determine if service is already offered or needs to be created. Design services that will enhance the customer experience.

    Look for opportunities to integrate processes and resources to increase the performance of IT and Digital Services.

    Ensure that the right employees with the right skills are working to develop or enhance service offering.

    The service owner manages the ongoing lifecycle of the service and establishes a roadmap on how value will continue to be delivered.

    Critical Processes

    • Customer experience
    • Research and innovation
    • Stakeholder management
    • Research and innovation
    • Service design & portfolio management
    • Performance management
    • Continuous improvement
    • Integration planning
    • Service management
    • Resource planning and allocation
    • Service strategy & roadmap
    • Service governance
    • Service performance management

    Metrics

    • Customer satisfaction score
    • Service-to-need alignment
    • Gaps in service portfolio
    • Speed to design services
    • Service performance
    • Service adoption
    • Time to resolve customer demand
    • Frequency by which service requires enhancements
    • Service satisfaction
    • Alignment of service strategy to organization strategy

    1.1 Assess if the Exponential IT operating model is right for your organization

    1 hour

    1. Begin by downloading the Exponential IT Operating Model Assessment.
    2. Review the questions within each of the operating model components. For each question, use the drop-down menu to determine your level of agreement.
    3. The more your organization agrees with the statements, the more likely your organization is prepared to implement an Exponential IT operating model.
    4. The less your organization agrees with the statements, the more likely you should adopt a different IT operating model.
    5. For support implementing the Exponential IT or another IT operating model, explore the Visualize Your IT Operating Model blueprint (coming soon).

    Input

    • Desire to change the organization's IT & Digital operating model

    Output

    • Desire to implement the IT & Digital Service Enablement operating model

    Materials

    • Exponential IT Operating Model Assessment

    Participants

    • Executive IT leadership
    • Business leadership

    Explore other Info-Tech research to support your organization transformation initiatives

    Visualize the IT Operating Model blueprint (coming soon)

    Visualize the IT Operating Model blueprint (coming soon)

    Redesign Your IT Organizational Structure

    Redesign Your IT Organizational Structure

    Section 2: Elevating the CIO Role

    The next generation of IT C-suite roles are here

    As the operating model changes and becomes increasingly embedded into the organization's delivery of IT and Digital Services, new C-suite roles are being defined

    • One of the most critical roles being defined in this change is the Chief Digital Services Officer (CDSO) who focuses on all components of the digital experience from the lens of the customer.
    • There are two directions from which the CDSO role is typically approached as it gains popularity:
      • CIOs evolve beyond just information and technology—focusing on how IT & Digital Services enhance the customer experience
      • Business leaders who have technical know-how increase their involvement and responsibility over IT related functions
    • IT leaders need to consider where they would rather sit: focused only on technology and remaining a service provider to the organization, or embedding technology into the services, products, and organization in general?

    60%

    The number of APAC CIOs who can anticipate their job to be challenged by their peers within the organization.

    Source: Singh, Yashvendra, CIO, 2023.

    Info-Tech Insight

    This is not about making the CIO report to someone else but allowing the CIO to elevate their role into that of a CDSO.

    Increasing IT leadership's span of control throughout the organization

    As maturity increases so does span of control, ownership & executive influence

    Organizations hoping to fully adopt the Exponential IT operating model require a shift in leadership expectations. Notably, these leaders will have oversight and accountability for functions beyond the traditional IT group.

    As the organization matures its governance, security, and data management practices, increasing how it delivers high-impact experiences to customers, it would have one leader who owns all the components to ensure clear alignment with goals and business strategy.

    An image of a graph where the X axis is labeled Span of Control & Influence, and the Y axis is Organization Maturity.

    Emerging Exponential IT organizations will have distributed authority

    • Organizations beginning their transition toward an exponential model often continue to have distributed leaders providing oversight of distinct functional areas.
    • Their spans of control are smaller, but very clearly defined, eliminating confusion through a transparent accountability framework.
    • Each leader strives toward optimization and efficiency regarding IT capabilities, for which they are responsible.
    1. Distributed Leadership
      Embedded functions required for scaled autonomation
      Distributed leaders identify the ways technology will enable them to advance enterprise objectives while maintaining autonomy over their own functions. They may oversee technology.
    2. Experience Officer
      Integrated design and optimization of the digital service offering
      An Experience Officer will help consider the insights gained from enterprise data and make informed decisions around enterprise service offerings. They actively explore new ways to deliver high-value experiences.
    3. Chief Technology Officer (CTO)
      Centralized standards for IT technology, security & resources
      A CTO will continue to oversee the core technology, including infrastructure and service management functions.

    Established organizations will be driven by a digital transformation journey

    • Organizations that have begun to deliver on their transformation journey will typically see two distinct C-suite leaders emerge—the CIO and the CDO.
    • The Chief Digital Officer (CDO) often explores ways to optimize the integration and management of data to enable insightful decision making from the organization.
    • The Chief Information Officer (CIO), however, considers mechanisms to standardize how new technologies can be integrated with the architecture.
    • While both leaders have distinct responsibilities, their roles intersect at the customer experience.

    An image of the digital transformation journey

    Advanced organizations will be managed by a single emerging role

    • A single leader will oversee all the functional areas where value is delivered and enabled by IT capabilities.
    • Through a large span of control, this leader can holistically consider opportunities to optimize the customer experience and ensure recommendations are actioned to deliver on that enhanced experience.
    • This leader's span of control will require a strong understanding of both strategic and operational functions to authoritatively oversee all aspects for which they are responsible.

    CDSO – Chief Digital Service Officer

    1. Embedded functions required for scaled autonomation
      The CDSO will set, oversee, and manage the delivery of an enterprise's digital strategy, ensuring accountability through good governance and data practices.
    2. Integrated design and optimization of the digital service offering
      They ensure that the enterprise holistically considers the various services that could be offered to exceed customer expectations through high-impact experiences.
    3. Centralized standards for IT technology, security & resources
      They also ensure stable and secure architecture standards to enable consistency across the organization and a seamless ability to integrate new technology to support service offerings.

    Evolution of the IT C-suite now includes the CDSO

    Chief Digital Service Officer

    Chief Information Officer

    Chief Digital Officer

    Chief Technology Officer

    Chief Experience Officer

    Main Stakeholder(s):

    • Board
    • CEO/Executive Leadership
    • Organization Leadership
    • Service Owners
    • Customers & End Users

    Main Responsibilities:

    • Oversight of the entire portfolio of IT and Digital Services
    • Use of information & technology to meet organizational objectives

    *Some leaders in this role are being called Chief Digital Information Officer.

    Main Stakeholder(s):

    • Board
    • CEO/Executive Leadership
    • Organization Leadership
    • End Users

    Main Responsibilities:

    • Oversight of the information and technology required to support and enable the organization

    Main Stakeholder(s):

    • Board
    • CEO/Executive Leadership
    • Customers & End Users

    Main Responsibilities:

    • Oversight on transforming how the organization uses technology, often considering customer perspectives

    Main Stakeholder(s):

    • Organization Leadership
    • Customers & End Users

    Main Responsibilities:

    • Collaborating with the CIO, the CTO leads the organization's ability to integrate and adopt necessary technology products and services

    Main Stakeholder(s):

    • Customers & End Users

    Main Responsibilities:

    • Establish the customer experience strategy
    • Create policies to support that strategy
    • Collaborate with other organizational leaders to integrate any activities around the customer experience

    Examples of what the emerging organizational structure can look like

    An image of three hierarchies, showing what the emerging organizational structure can look like.

    This is more than a new title for IT leaders

    It's about establishing a business first perspective

    • IT leaders exploring this new way of operating are not just adopting the new title of CDSO or CDIO.
    • These leaders must change how information, technology, and digital experiences are consumed across the various stakeholders – especially the end customer.
    • IT leaders who pursue this new IT operating model choose to be more than order takers for an organization.
    • They are:
      • Partners in defining the organization's digital service offerings
      • Recognizing the benefits of distributing decision-making authority for IT-related aspects to others throughout the organization
      • Prioritizing capabilities like portfolio management, architecture, vendor management, relationship management, cloud and user experience

    "'For me, the IT portfolio for the next few years and the IT architecture have taken the place that IT strategy used to have,' he adds. This view doesn't position IT outside of the organization, but rather gives it central importance in the company."
    – Bernd Rattey, Group CIO and CDO of Deutsche Bahn (DB), qtd. by Jens Dose, CIO, 2023

    1.2 Plan your career move to CDSO

    1-3 hours

    • Create a roadmap on how to move from your current role to CDSO by identifying current strengths and opportunities to improve.
    • Download the Career Vision Roadmap Tool from the website. An example of this is on the next slide.
    • Document the tagline. This is your overarching career focus and goal – what is your passion? Think beyond titles to what you want to be doing, the atmosphere you want to be in, and what you want to add value to.
    • Document the current role: what are the strengths, achievements and opportunities?
    • Consider the CDSO role: how will you build stronger relationships and competencies to elevate your profile within the organization? What is an example of what someone would display in this role?
    • Define specific roles or stakeholders that you should develop a stronger relationship with.

    Download the Career Vision Roadmap Tool

    Input

    • Desire to implement the IT & Digital Service Enablement Operating Model

    Output

    • Roadmap to elevate from a CIO to a CDSO

    Materials

    • Career Vision Roadmap
    • IT & Digital Services Enablement operating model archetype
    • CDSO job profile

    Participants

    • CIO (or any other role aspiring to eventually become a CDSO)
    • Individual activity

    Career Vision Roadmap:
    Executive Leader
    Akbar K.

    Sample

    To provide customers with an exceptional experience by ensuring all IT and Digital Services consider and anticipate their needs or wants. Enable IT and Digital Services to be successful through clear leadership, strong collaboration, and continuous improvement or innovation.

    CIO

    1. Establish technology standards that enable the organization to consistently and securely integrate platforms or solutions.
    2. Lead the project team that defined and standardized the organization's reference architecture.
    3. Need to work on listening to a variety of stakeholder demands rather than only specific roles/titles.

    Transition

    • Strengths: Technology acumen, budget planning, allocating resources
    • Enhance: Stakeholder relationship management.
    • Work with current CDO to define and implement more digital transformation initiatives.

    CDSO

    • Being responsive to customer expectations and communicating clear and realistic timelines.
    • Establish trust among the organization that services will deliver expected value.
    • Empowering service owners to manage and oversee the delivery of their services.

    Network Opportunities

    • Connect with board members and understand each of their key areas of priority.
    • Begin to interact with end customers and define ways that will enhance their customer experience.
    • Chief Digital Officer

    Actions now in line with aspiration

    Appendix: Capabilities & Capability Model

    IT and digital capabilities

    Using capabilities for the operating model:

    • Capabilities are focused on the entire system that would be in place to satisfy a particular need. This not only includes people who have skills to complete a specific task, but also the technology, processes, and resources required to deliver.
    • Focusing on capabilities rather than the individuals in organizational redesign enables a more objective and holistic view of what your organization is striving toward.
    • Capabilities deliver on specific need(s) and how they are organized changes the way those need(s) are delivered.

    An image of the IT Management and Governance Framework.

    Strategic Direction

    • IT Governance
    • Strategic Planning
    • Digital Strategy
    • Performance Measurement
    • IT Management & Policies
    • Organizational Quality Management
    • R&D and Innovation
    • Stakeholder Management

    People & Resources

    • Strategic Communications
    • People Resource Management
    • Workforce Strategy & Planning
    • Organizational Change Enablement
    • Adoption & Training
    • Financial/Budget Management
    • Vendor Portfolio Management
    • Vendor Selection & Contract Management
    • Vendor Performance Management

    Architecture & Integration

    • Enterprise Architecture Delivery
    • Business Architecture Delivery
    • Solution Architecture Delivery
    • Technology Architecture
    • Data Architecture
    • Security Architecture
    • Process Integration
    • Integration Planning

    Service Planning

    • Service Governance
    • Service Strategy & Roadmap
    • Service Management
    • Service Governance
    • Service Performance Measurement
    • Service Design & Planning
    • Service Orchestration

    Security & Risk

    • Security Strategic Planning
    • Risk Management
    • External Compliance Management
    • Security Response & Recovery Management
    • Security Management
    • Controls & Internal Audit Planning
    • Security Defense Operations
    • Security Administration
    • Cybersecurity Threat Intelligence
    • Integrated Physical/IT Security
    • OT/IoT Security
    • Data Protection & Privacy

    Application Delivery

    • Application Lifecycle Management
    • Systems Integration Management
    • Application Development
    • User Experience
    • Quality Assurance & UAT
    • Application Maintenance
    • Low Code Development

    Project Portfolio Management

    • Demand Management
    • Requirement Analysis Management
    • Portfolio Management
    • Project Management

    Data & Business Intelligence (BI)

    • Reporting & Analytics
    • Data Management
    • Data Quality
    • Data Integration
    • Enterprise Content Management
    • Data Governance
    • Data Strategy
    • AI/ML Management

    Service Delivery

    • Operations Management
    • Service Desk Management
    • Incident Management
    • Problem Management
    • Service Enhancements
    • Operational Change Enablement
    • Release Management
    • Automation Management

    Infrastructure & Operations

    • Asset Management
    • Infrastructure Portfolio Strategic Planning
    • Availability & Capacity Management
    • Network & Infrastructure Management
    • Configuration Management
    • Cloud Orchestration
    An image of the summary slide for this blueprint, with the headings: Centralized; Shifted; and Embedded.

    Research Contributors and Experts

    Donna Bales
    Principal Research Director
    Info-Tech Research Group

    Scott Bickley
    Practice Lead – Vendor Management Practice
    Info-Tech Research Group

    Christine Coz
    Executive Counselor – Executive Services
    Info-Tech Research Group

    Valence Howden
    Principal Research Director
    Info-Tech Research Group

    Duraid Ibrahim
    Executive Counselor – Executive Services
    Info-Tech Research Group

    Chris Goodhue
    Managing Partner– Executive Services
    Info-Tech Research Group

    Carlene McCubbin
    Practice Lead – CIO Practice
    Info-Tech Research Group

    Mike Tweedie
    Practice Lead – CIO Practice
    Info-Tech Research Group

    Vicki van Alphen
    Executive Counselor – Executive Services
    Info-Tech Research Group

    *Plus an additional 5 industry experts who anonymously contributed to this research piece.

    Related Info-Tech Research

    Adopt an Exponential IT Mindset

    • To succeed in the coming business transformation, IT will have to adopt different priorities in its mission, governance, capabilities, and partnerships.
    • CIOs will have to provide exceptionally mature services while owning business targets.

    Become a Transformational CIO

    • Business transformations are happening, but CIOs are often involved only when it comes time to implement change. This makes it difficult for the CIO to be perceived as an organizational leader.
    • Elevate your stature as a business leader.
    • Create a high-powered IT organization that is focused on driving lasting change, improving client experiences, and encouraging collaboration across the entire enterprise.

    Define Your Digital Business Strategy

    • Design a strategy that applies innovation to your business model, streamline and transform processes, and make use of technologies to enhance interactions with customers and employees.
    • Pre-pandemic digital strategies have been primarily focused on automation. However, your post-pandemic digital strategy must focus on driving resilience for growth opportunities.

    Bibliography

    Bennet, Trevon. "What is a Chief Experience Officer (CXO)? And what do they do?" Indeed, 14 March 2023. https://www.indeed.com/career-advice/finding-a-job/what-is-chief-experience-officer#:~:text=A%20CXO%20plans%20strategies%20and,customer%20acquisition%20and%20retention%20strategies
    Bishop, Carrie. "Five years of Digital Services in San Francisco." Medium, 20 January 2022. https://medium.com/san-francisco-digital-services/five-years-of-digital-services-in-san-francisco-805a758c2b83
    DAC Digital and Chawla, Yash. "Global surge in embedded software demand; here is why." DAC Digital, 2023 <ttps://dac.digital/global-surge-in-embedded-software-demand-here-is-why/
    Deloitte. "If you want your digital transformation to succeed, align your operating model to your strategy." Harvard Business Review, 31 January 2020. https://hbr.org/sponsored/2020/01/if-you-want-your-digital-transformation-to-succeed-align-your-operating-model-to-your-strategy.
    Deloitte. "2023 Global Human Capital Trends Report." Deloitte, 2023. https://www2.deloitte.com/content/dam/Deloitte/sg/Documents/human-capital/sea-cons-hc-trends-report-2023.pdf
    Dose, Jens. "Deutsche Bahn CIO on track to decentralize IT." CIO, 19 April 2023. https://www.cio.com/article/473071/deutsche-bahn-cio-on-track-to-decentralize-it.html
    Ehrlich, Oliver., Fanderl, Harald., Maldara, David., & Mittangunta, Divya. "How the operating model can unlock the power of customer experience." McKinsey, 28 June 2022. https://www.mckinsey.com/capabilities/growth-marketing-and-sales/our-insights/how-the-operating-model-can-unlock-the-full-power-of-customer-experience
    FCW. "Digital Government Summit Agenda." FCW. 2021. https://events-archive.fcw.com/events/2021/digital-government-summit/index.html
    Foundry. "State of the CIO." IDG, 25 January 2023. https://foundryco.com/tools-for-marketers/research-state-of-the-cio/
    Foundry. "Digital Business Study 2023: IT Leaders are future-proofing their business with digital strategies." IDG, 2023. https://foundryco.com/tools-for-marketers/research-digital-business/
    Indeed Editorial Team. "Centralized vs. Decentralized Structures: 7 Key Differences." Indeed, 10 March 2023. https://www.indeed.com/career-advice/career-development/centralized-vs-decentralized
    Indeed Editorial Team. "What is process integration?." Indeed, 14 November 2022. https://ca.indeed.com/career-advice/career-development/process-integration#:~:text=Process%20integration%2C%20or%20business%20process,it%20reach%20its%20primary%20objectives
    KPMG International. "Global Tech Report." KPMG, 2022.
    McHugh, Brian. "Service orchestration is reshaping IT—Here's what to know." Active Batch, 8 November 2022. https://www.advsyscon.com/blog/service-orchestration-what-is/
    Morris, Chris. "IDC FutureScape: Worldwide CIO Agenda 2023 Predictions."" IDC, January, 2023. https://www.idc.com/getdoc.jsp?containerId=AP49998523
    PwC. "Global Digital Trust Insights Report." PwC, 2023
    Roberts, Dan. "5 CIOs on building a service-oriented IT culture." CIO, 13 April 2023. https://www.cio.com/article/472805/5-cios-on-building-a-service-oriented-it-culture.html
    Singh, Yashvendra. "CIOs must evolve to stave off existential threat to their role." CIO, 30 March 2023. https://www.cio.com/article/465612/cios-must-evolve-to-stave-off-existential-threat-to-their-role.html
    Spacey, John. "16 Examples of IT Services." Simplicable, 28 January 2018. https://simplicable.com/IT/it-services

    Standardize the Service Desk

    • Buy Link or Shortcode: {j2store}477|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $24,155 Average $ Saved
    • member rating average days saved: 24 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • Not everyone embraces their role in service support. Specialists would rather work on projects than provide service support.
    • The Service Desk lacks processes and workflows to provide consistent service. Service desk managers struggle to set and meet service-level expectations, which further compromises end-user satisfaction.

    Our Advice

    Critical Insight

    • Service desk improvement is an exercise in organizational change. Engage specialists across the IT organization in building the solution. Establish a single service-support team across the IT group and enforce it with a cooperative, customer-focused culture.
    • Don’t be fooled by a tool that’s new. A new service desk tool alone won’t solve the problem. Service desk maturity improvements depend on putting in place the right people and processes to support the technology.

    Impact and Result

    • Create a consistent customer service experience for service desk patrons, and increase efficiency, first-call resolution, and end-user satisfaction with the Service Desk.
    • Decrease time and cost to resolve service desk tickets.
    • Understand and address reporting needs to address root causes and measure success and build a solid foundation for future IT service improvements.

    Standardize the Service Desk Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Standardize the Service Desk Research – A step-by-step document that helps you improve customer service by driving consistency in your support approach and meet SLAs.

    Use this blueprint to standardize your service desk by assessing your current capability and laying the foundations for your service desk, design an effective incident management workflow, design a request fulfillment process, and apply the discussions and activities to make an actionable plan for improving your service desk.

    • Standardize the Service Desk – Phases 1-4

    2. Service Desk Maturity Assessment – An assessment tool to help guide process improvement efforts and track progress.

    This tool is designed to assess your service desk process maturity, identify gaps, guide improvement efforts, and measure your progress.

    • Service Desk Maturity Assessment

    3. Service Desk Project Summary – A template to help you organize process improvement initiatives using examples.

    Use this template to organize information about the service desk challenges that the organization is facing, make the case to build a right-sized service desk to address those challenges, and outline the recommended process changes.

    • Service Desk Project Summary

    4. Service Desk Roles and Responsibilities Guide – An analysis tool to determine the right roles and build ownership.

    Use the RACI template to determine roles for your service desk initiatives and to build ownership around them. Use the template and replace it with your organization's information.

    • Service Desk Roles and Responsibilities Guide

    5. Incident Management and Service Desk Standard Operating Procedure – A template designed to help service managers kick-start the standardization of service desk processes.

    The template will help you identify service desk roles and responsibilities, build ticket management processes, put in place sustainable knowledgebase practices, document ticket prioritization scheme and SLO, and document ticket workflows.

    • Incident Management and Service Desk SOP

    6. Ticket and Call Quality Assessment Tool – An assessment tool to check in on ticket and call quality quarterly and improve the quality of service desk data.

    Use this tool to help review the quality of tickets handled by agents and discuss each technician's technical capabilities to handle tickets.

    • Ticket and Call Quality Assessment Tool

    7. Workflow Library – A repository of typical workflows.

    The Workflow Library provides examples of typical workflows that make up the bulk of the incident management and request fulfillment processes at the service desk.

    • Incident Management and Service Desk Workflows (Visio)
    • Incident Management and Service Desk Workflows (PDF)

    8. Service Desk Ticket Categorization Schemes – A repository of ticket categories.

    The Ticket Categorization Schemes provide examples of ticket categories to organize the data in the service desk tool and produce reports that help managers manage the service desk and meet business requirements.

    • Service Desk Ticket Categorization Schemes

    9. Knowledge Manager – A job description template that includes a detailed explication of the responsibilities and expectations of a Knowledge Manager role.

    The Knowledge Manager's role is to collect, synthesize, organize, and manage corporate information in support of business units across the enterprise.

    • Knowledge Manager

    10. Knowledgebase Article Template – A comprehensive record of the incident management process.

    An accurate and comprehensive record of the incident management process, including a description of the incident, any workarounds identified, the root cause (if available), and the profile of the incident's source, will improve incident resolution time.

    • Knowledgebase Article Template

    11. Sample Communication Plan – A sample template to guide your communications around the integration and implementation of your overall service desk improvement initiatives.

    Use this template to develop a communication plan that outlines what stakeholders can expect as the process improvements recommended in the Standardize the Service Desk blueprint are implemented.

    • Sample Communication Plan

    12. Service Desk Roadmap – A structured roadmap tool to help build your service desk initiatives timeline.

    The Service Desk Roadmap helps track outstanding implementation activities from your service desk standardization project. Use the roadmap tool to define service desk project tasks, their owners, priorities, and timeline.

    • Service Desk Roadmap
    [infographic]

    Workshop: Standardize the Service Desk

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Lay Service Desk Foundations

    The Purpose

    Discover your challenges and understand what roles, metrics, and ticket handling procedures are needed to tackle the challenges.

    Key Benefits Achieved

    Set a clear understanding about the importance of service desk to your organization and service desk best practices.

    Activities

    1.1 Assess current state of the service desk.

    1.2 Review service desk and shift-left strategy.

    1.3 Identify service desk metrics and reports.

    1.4 Identify ticket handling procedures

    Outputs

    Current state assessment

    Shift-left strategy and implications

    Service desk metrics and reports

    Ticket handling procedures

    2 Design Incident Management

    The Purpose

    Build workflows for incident and critical incident tickets.

    Key Benefits Achieved

    Distinguish incidents from service requests.

    Ticket categorization facilitates ticket. routing and reporting.

    Develop an SLA for your service desk team for a consistent service delivery.

    Activities

    2.1 Build incident and critical incident management workflows.

    2.2 Design ticket categorization scheme and proper ticket handling guidelines.

    2.3 Design incident escalation and prioritization guidelines.

    Outputs

    Incident and critical incident management workflows

    Ticket categorization scheme

    Ticket escalation and prioritization guidelines

    3 Design Request Fulfilment

    The Purpose

    Build service request workflows and prepare self-service portal.

    Key Benefits Achieved

    Standardize request fulfilment processes.

    Prepare for better knowledge management and leverage self-service portal to facilitate shift-left strategy.

    Activities

    3.1 Build service request workflows.

    3.2 Build a targeted knowledgebase.

    3.3 Prepare for a self-serve portal project.

    Outputs

    Distinguishing criteria for requests and projects

    Service request workflows and SLAs

    Knowledgebase article template, processes, and workflows

    4 Build Project Implementation Plan

    The Purpose

    Now that you have laid the foundation of your service desk, put all the initiatives into an action plan.

    Key Benefits Achieved

    Discuss priorities, set timeline, and identify effort for your service desk.

    Identify the benefits and impacts of communicating service desk initiatives to stakeholders and define channels to communicate service desk changes.

    Activities

    4.1 Build an implementation roadmap.

    4.2 Build a communication plan

    Outputs

    Project implementation and task list with associated owners

    Project communication plan and workshop summary presentation

    Further reading

    Analyst Perspective

    "Customer service issues are rarely based on personality but are almost always a symptom of poor and inconsistent process. When service desk managers are looking to hire to resolve customer service issues and executives are pushing back, it’s time to look at improving process and the support strategy to make the best use of technicians’ time, tools, and knowledge sharing. Once improvements have been made, it’s easier to make the case to add people or introduce automation.

    Replacing service desk solutions will also highlight issues around poor process. Without fixing the baseline services, the new solution will simply wrap your issues in a prettier package.

    Ultimately, the service desk needs to be the entry point for users to get help and the rest of IT needs to provide the appropriate support to ensure the first line of interaction has the knowledge and tools they need to resolve quickly and preferably on first contact. If your plans include optimization to self-serve or automation, you’ll have a hard time getting there without standardizing first."

    Sandi Conrad

    Principal Research Director, Infrastructure & Operations Practice

    Info-Tech Research Group

    A method for getting your service desk out of firefighter mode

    This Research Is Designed For:

    • The CIO and senior IT management who need to increase service desk effectiveness and timeliness and improve end-user satisfaction.
    • The service desk manager who wants to lead the team from firefighting mode to providing consistent and proactive support.

    This Research Will Also Assist:

    • Service desk teams who want to increase their own effectiveness and move from a help desk to a service desk.
    • Infrastructure and applications managers who want to decrease reactive support activities and increase strategic project productivity by shifting repetitive and low-value work left.

    This Research Will Help You:

    • Create a consistent customer service experience for service desk patrons.
    • Increase efficiency, first-call resolution, and end-user satisfaction with the Service Desk.
    • Decrease time and cost to resolve service desk tickets.
    • Understand and address reporting needs to address root causes and measure success.
    • Build a solid foundation for future IT service improvements.

    Executive Summary

    Situation

    • The CIO and senior IT management who need to increase service desk effectiveness and timeliness and improve end-user satisfaction.
    • If only the phone could stop ringing, the Service Desk could become proactive, address service levels, and improve end-user IT satisfaction.

    Complication

    • Not everyone embraces their role in service support. Specialists would rather work on projects than provide service support.
    • The Service Desk lacks processes and workflows to provide consistent service. Service desk managers struggle to set and meet service-level expectations, which further compromises end-user satisfaction.

    Resolution

    • Go beyond the blind adoption of best-practice frameworks. No simple formula exists for improving service desk maturity. Use diagnostic tools to assess the current state of the Service Desk. Identify service support challenges and draw on best-practice frameworks intelligently to build a structured response to those challenges.
    • An effective service desk must be built on the right foundations. Understand how:
      • Service desk structure affects cost and ticket volume capacity.
      • Incident management workflows can improve ticket handling, prioritization, and escalation.
      • Request fulfillment processes create opportunities for streamlining and automating services.
      • Knowledge sharing supports the processes and workflows essential to effective service support.

    Info-Tech Insight

    Service desk improvement is an exercise in organizational change. Engage specialists across the IT organization in building the solution. Establish a single service-support team across the IT group and enforce it with a cooperative, customer-focused culture. Don’t be fooled by a tool that’s new. A new service desk tool alone won’t solve the problem. Service desk maturity improvements depend on putting in place the right people and processes to support the technology

    Directors and executives understand the importance of the service desk and believe IT can do better

    A double bar graph is depicted. The blue bars represent Effectiveness and the green bars represent Importance in terms of service desk at different seniority levels, which include frontline, manager, director, and executive.

    Source: Info-Tech, 2019 Responses (N=189 organizations)

    Service Desk Importance Scores

      No Importance: 1.0-6.9
      Limited Importance: 7.0-7.9
      Significant Importance: 8.0-8.9
      Critical Importance: 9.0-10.0

    Service Desk Effectiveness Scores

      Not in Place: N/A
      Not Effective: 0.0-4.9
      Somewhat Ineffective: 5.0-5.9
      Somewhat Effective: 6.0-6.9
      Very Effective: 7.0-10.0

    Info-Tech Research Group’s IT Management and Governance Diagnostic (MGD) program assesses the importance and effectiveness of core IT processes. Since its inception, the MGD has consistently identified the service desk as an area to leverage.

    Business stakeholders consistently rank the service desk as one of the top five most important services that IT provides

    Since 2013, Info-Tech has surveyed over 40,000 business stakeholders as part of our CIO Business Vision program.

    Business stakeholders ranked the following 12 core IT services in terms of importance:

    Learn more about the CIO Business Vision Program.
    *Note: IT Security was added to CIO Business Vision 2.0 in 2019

    Top IT Services for Business Stakeholders

    1. Network Infrastructure
    2. IT Security*
    3. Data Quality
    4. Service Desk
    5. Business Applications
    6. Devices
    7. Client-Facing Technology
    8. Analytical Capability
    9. IT Innovation Leadership
    10. Projects
    11. Work Orders
    12. IT Policies
    13. Requirements Gathering
    Source: Info-Tech Research Group, 2019 (N=224 organizations)

    Having an effective and timely service desk correlates with higher end-user satisfaction with all other IT services

    A double bar graph is depicted. The blue bar represents dissatisfied ender user, and the green bar represents satisfied end user. The bars show the average of dissatisfied and satisfied end users for service desk effectiveness and service desk timeliness.

    On average, organizations that were satisfied with service desk effectiveness rated all other IT processes 46% higher than dissatisfied end users.

    Organizations that were satisfied with service desk timeliness rated all other IT processes 37% higher than dissatisfied end users.
    “Satisfied” organizations had average scores =8.“Dissatisfied" organizations had average scores “Dissatisfied" organizations had average scores =6. Source: Info-Tech Research Group, 2019 (N=18,500+ respondents from 75 organizations)

    Standardize the service desk the Info-Tech way to get measurable results

    More than one hundred organizations engaged with Info-Tech, through advisory calls and workshops, for their service desk projects in 2016. Their goal was either to improve an existing service desk or build one from scratch.

    Organizations that estimate the business impact of each project phase help us shed light on the average measured value of the engagements.

    "The analysts are an amazing resource for this project. Their approach is very methodical, and they have the ability to fill in the big picture with detailed, actionable steps. There is a real opportunity for us to get off the treadmill and make real IT service management improvements"

    - Rod Gula, IT Director

    American Realty Advisors

    Three circles are depicted. The top circle shows the sum of measured value dollar impact which is US$1,659,493.37. The middle circle shows the average measured value dollar impact which is US$19,755.87. The bottom circle shows the average measured value time saved which is 27 days.

    Info-Tech’s approach to service desk standardization focuses on building service management essentials

    This image depicts all of the phases and steps in this blueprint.

    Info-Tech draws on the COBIT framework, which focuses on consistent delivery of IT services across the organization

    This image depicts research that can be used to improve IT processes. Service Desk is circled to demonstrate which research is being used.

    The service desk is the foundation of all other service management processes.

    The image shows how the service desk is a foundation for other service management processes.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Standardize the Service Desk – project overview

    This image shows the project overview of this blueprint.

    Info-Tech delivers: Use our tools and templates to accelerate your project to completion

    Project Summary

    Image of template.

    Service Desk Standard Operating Procedures

    Image of tool.

    Service Desk Maturity Assessment Tool

    Image of tool.

    Service Desk Implementation Roadmap

    Image of tool Incident, knowledge, and request management workflows

    Incident, knowledge, and request management workflows

    The project’s key deliverable is a service desk standard operating procedure

    Benefits of documented SOPs:

    Improved training and knowledge transfer: Routine tasks can be delegated to junior staff (freeing senior staff to work on higher priority tasks).

    IT automation, process optimization, and consistent operations: Defining, documenting, and then optimizing processes enables IT automation to be built on sound processes, so consistent positive results can be achieved.

    Compliance: Compliance audits are more manageable because the documentation is already in place.

    Transparency: Visually documented processes answer the common business question of “why does that take so long?”

    Cost savings: Work solved at first contact or with a minimal number of escalations will result in greater efficiency and more cost-effective support. This will also lead to better customer service.

    Impact of undocumented/undefined SOPs:

    Tasks will be difficult to delegate, key staff become a bottleneck, knowledge transfer is inconsistent, and there is a longer onboarding process for new staff

    IT automation built on poorly defined, unoptimized processes leads to inconsistent results.

    Documenting SOPs to prepare for an audit becomes a major time-intensive project.

    Other areas of the organization may not understand how IT operates, which can lead to confusion and unrealistic expectations.

    Support costs are highest through inefficient processes, and proactive work becomes more difficult to schedule, making the organization vulnerable to costly disruptions.

    Workshop Overview

    Image depicts workshop overview occurring over four days.

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Phase 1

    Lay Service Desk Foundations

    Step 1.1:Assess current state

    Image shows the steps in phase 1. Highlight is on step 1.1

    This step will walk you through the following activities:

    • 1.1.1 Outline service desk challenges
    • 1.1.2 Assess the service desk maturity

    This step involves the following participants:

    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Alignment on the challenges that the service desk faces, an assessment of the current state of service desk processes and technologies, and baseline metrics against which to measure improvements.

    Deliverables

    • Service Desk Maturity Assessment

    Standardizing the service desk benefits the whole business

    The image depicts 3 circles to represent the service desk foundations.

    Embrace standardization

    • Standardization prevents wasted energy on reinventing solutions to recurring issues.
    • Standardized processes are scalable so that process maturity increases with the size of your organization.

    Increase business satisfaction

    • Improve confidence that the service desk can meet service levels.
    • Create a single point of contact for incidents and requests and escalate quickly.
    • Analyze trends to forecast and meet shifting business requirements.

    Reduce recurring issues

    • Create tickets for every task and categorize them accurately.
    • Generate reliable data to support root-cause analysis.

    Increase efficiency and lower operating costs

    • Empower end users and technicians with a targeted knowledgebase (KB).
    • Cross-train to improve service consistency.

    Case Study: The CIO of Westminster College took stock of existing processes before moving to empower the “helpless desk”

    Scott Lowe helped a small staff of eight IT professionals formalize service desk processes and increase the amount of time available for projects.

    When he joined Westminster College as CIO in 2006, the department faced several infrastructure challenges, including:

    • An unreliable network
    • Aging server replacements and no replacement plan
    • IT was the “department of no”
    • A help desk known as the “helpless desk”
    • A lack of wireless connectivity
    • Internet connection speed that was much too slow

    As the CIO investigated how to address the infrastructure challenges, he realized people cared deeply about how IT spent its time.

    The project load of IT staff increased, with new projects coming in every day.

    With a long project list, it became increasingly important to improve the transparency of project request and prioritization.

    Some weeks, staff spent 80% of their time working on projects. Other weeks, support requirements might leave only 10% for project work.

    He addressed the infrastructure challenges in part by analyzing IT’s routine processes.

    Internally, IT had inefficient support processes that reduced the amount of time they could spend on projects.

    They undertook an internal process analysis effort to identify processes that would have a return on investment if they were improved. The goal was to reduce operational support time so that project time could be increased.

    Five years later, they had a better understanding of the organization's operational support time needs and were able to shift workloads to accommodate projects without compromising support.

    Common challenges experienced by service desk teams

    Unresolved issues

    • Tickets are not created for all incidents.
    • Tickets are lost or escalated to the wrong technicians.
    • Poor data impedes root-cause analysis of incidents.

    Lost resources/accountability

    • Lack of cross-training and knowledge sharing.
    • Lack of skills coverage for critical applications and services.
    • Time is wasted troubleshooting recurring issues.
    • Reports unavailable due to lack of data and poor categorization.

    High cost to resolve

    • Tier 2/3 resolve issues that should be resolved at tier 1.
    • Tier 2/3 often interrupt projects to focus on service support.

    Poor planning

    • Lack of data for effective trend analysis leads to poor demand planning.
    • Lack of data leads to lost opportunities for templating and automation.

    Low business satisfaction

    • Users are unable to get assistance with IT services quickly.
    • Users go to their favorite technician instead of using the service desk.

    Outline the organization’s service desk challenges

    1.1.1 Brainstorm service desk challenges

    Estimated Time: 45 minutes

    A. As a group, outline the areas where you think the service desk is experiencing challenges or weaknesses. Use sticky notes or a whiteboard to separate the challenges into People, Process, and Technology so you have a wholistic view of the constraints across the department.

    B. Think about the following:

    • What have you heard from users? (e.g. slow response time)
    • What have you heard from executives? (e.g. poor communication)
    • What should you start doing? (e.g. documenting processes)
    • What should you stop doing? (e.g. work that is not being entered as tickets)

    C. Document challenges in the Service Desk Project Summary.

    Participants:

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    Assess current service desk maturity to establish a baseline and create a plan for service desk improvement

    A current-state assessment will help you build a foundation for process improvements. Current-state assessments follow a basic formula:

    1. Determine the current state of the service desk.
    2. Determine the desired state of the service desk.
    3. Build a practical path from current to desired state.
    Image depicts 2 circles and a box. The circle on the 1. left has assess current state. The circle on the right has 2. assess target state. The box has 3. build a roadmap.

    Ideally, the current-state assessment should align the delivery of IT services with organizational needs. The assessment should achieve the following goals:

    1. Identify service desk pain points.
    2. Map each pain point to business services.
    3. Assign a broad business value to the resolution of each pain point.
    4. Map each pain point to a process.

    Expert Insight

    Image of expert.

    “How do you know if you aren’t mature enough? Nothing – or everything – is recorded and tracked, customer satisfaction is low, frustration is high, and there are multiple requests and incidents that nobody ever bothers to address.”

    Rob England

    IT Consultant & Commentator

    Owner Two Hills

    Also known as The IT Skeptic

    Assess the process maturity of the service desk to determine which project phase and steps will bring the most value

    1.1.2 Measure which activity will have the greatest impact

    The Service Desk Maturity Assessmenttool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.

    The tool will help guide improvement efforts and measure your progress.

    • The second tab of the tool walks through a qualitative assessment of your service desk practices. Questions will prompt you to evaluate how you are executing key activities. Select the answer in the drop-down menus that most closely aligns with your current state.
    • The third tab displays your rate of process completeness and maturity. You will receive a score for each phase, an overall score, and advice based on your performance.
    • Document the results of the efficiency assessment in the Service Desk Project Summary.

    The tool is intended for periodic use. Review your answers each year and devise initiatives to improve the process performance where you need it most.

    Where do I find the data?

    Consult:

    • Service Manager
    • Service Desk Tools
    Image is the service desk tools.

    Step 1.2:Review service support best practices

    Image shows the steps in phase 1. Highlight is on step 1.2.

    This step will walk you through the following activities:

    1. 1.2.1 Identify roles and responsibilities in your organization
    2. 1.2.2 Map out the current and target structure of the service desk

    This step involves the following participants:

    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Identifying who is accountable for different support practices in the service desk will allow workload to be distributed effectively between functional teams and individuals. Closing the gaps in responsibilities will enable the execution of a shift-left strategy.

    Deliverables

    • Roles & responsibilities guide
    • Service desk structure

    Everyone in IT contributes to the success of service support

    Regardless of the service desk structure chosen to meet an organization’s service support requirements, IT staff should not doubt the role they play in service support.

    If you try to standardize service desk processes without engaging specialists in other parts of the IT organization, you will fail. Everyone in IT has a role to play in providing service support and meeting service-level agreements.

    Service Support Engagement Plan

    • Identify who is accountable for different service support processes.
    • Outline the different responsibilities of service desk agents at tier 1, tier 2, and tier 3 in meeting service-level agreements for service support.
    • Draft operational-level agreements between specialty groups and the service desk to improve accountability.
    • Configure the service desk tool to ensure ticket visibility and ownership across queues.
    • Engage tier 2 and tier 3 resources in building workflows for incident management, request fulfilment, and writing knowledgebase articles.
    • Emphasize the benefits of cooperation across IT silos:
      • Better customer service and end-user satisfaction.
      • Shorter time to resolve incidents and implement requests.
      • A higher tier 1 resolution rate, more efficient escalations, and fewer interruptions from project work.

    Info-Tech Insight

    Specialists tend to distance themselves from service support as they progress through their career to focus on projects.

    However, their cooperation is critical to the success of the new service desk. Not only do they contribute to the knowledgebase, but they also handle escalations from tiers 1 and 2.

    Clear project complications by leveraging roles and responsibilities

    R

    Responsible: This person is the staff member who completes the work. Assign at least one Responsible for each task, but this could be more than one.

    A

    Accountable: This team member delegates a task and is the last person to review deliverables and/or task. Sometimes Responsible and Accountable can be the same staff. Make sure that you always assign only one Accountable for each task and not more.

    C

    Consulted: People who do not carry out the task but need to be consulted. Typically, these people are subject matter experts or stakeholders.

    I

    Informed: People who receive information about process execution and quality and need to stay informed regarding the task.

    A RACI analysis is helpful with the following:

    • Workload Balancing: Allowing responsibilities to be distributed effectively between functional teams and individuals.
    • Change Management: Ensuring key functions and processes are not overlooked during organizational changes.
    • Onboarding: New employees can identify their own roles and responsibilities.

    A RACI chart outlines which positions are Responsible, Accountable, Consulted, and Informed

    Image shows example of RACI chart

    Create a list of roles and responsibilities in your organization

    1.2.1 Create RACI matrix to define responsibilities

    1. Use the Service Desk Roles and Responsibilities Guidefor a better understanding of the roles and responsibilities of different service desk tiers.
    2. In the RACI chart, replace the top row with specific roles in your organization.
    3. Modify or expand the process tasks, as needed, in the left column.
    4. For each role, identify the responsibility values that the person brings to the service desk. Fill out each column.
    5. Document in the Service Desk SOP. Schedule a time to share the results with organization leads.
    6. Distribute the chart between all teams in your organization.

    Notes:

    • Assign one Accountable for each task.
    • Have at least one Responsible for each task.
    • Avoid generic responsibilities, such as “team meetings.”
    • Keep your RACI definitions in your documents, as they are sometimes tough to remember.

    Participants

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    What You'll Need

    • Service Desk SOP
    • Roles and Responsibilities Guide
    • Flip Chart
    • Whiteboard

    Build a single point of contact for the service desk

    Regardless of the service desk structure chosen to meet your service support requirements, end users should be in no doubt about how to access the service.

    Provide end users with:

    • A single phone number.
    • A single email address.
    • A single web portal for all incidents and requests.

    A single point of contact will ensure:

    • An agent is available to field incidents and requests.
    • Incidents and requests are prioritized according to impact and urgency.
    • Work is tracked to completion.

    This prevents ad hoc ticket channels such as shoulder grabs or direct emails, chats, or calls to a technician from interrupting work.

    A single point of contact does not mean the service desk is only accessible through one intake channel, but rather all tickets are directed to the service desk (i.e. tier 1) to be resolved or redirected appropriately.

    Image depicts 2 boxes. The smaller box labelled users and the larger box labelled Service Desk Tier 1. There are four double-sided arrows. The top is labelled email, the second is walk-in, the third is phone, the fourth is web portal.

    Directors and executives understand the importance of the service desk and believe IT can do better

    A double bar graph is depicted. The blue bars represent Effectiveness and the green bars represent Importance in terms of service desk at different seniority levels, which include frontline, manager, director, and executive.

    Source: Info-Tech, 2019 Responses (N=189 organizations)

    Service Desk Importance Scores

      No Importance: 1.0-6.9
      Limited Importance: 7.0-7.9
      Significant Importance: 8.0-8.9
      Critical Importance: 9.0-10.0

    Service Desk Effectiveness Scores

      Not in Place: N/A
      Not Effective: 0.0-4.9
      Somewhat Ineffective: 5.0-5.9
      Somewhat Effective: 6.0-6.9
      Very Effective: 7.0-10.0

    Info-Tech Research Group’s IT Management and Governance Diagnostic (MGD) program assesses the importance and effectiveness of core IT processes. Since its inception, the MGD has consistently identified the service desk as an area to leverage.

    Business stakeholders consistently rank the service desk as one of the top five most important services that IT provides

    Since 2013, Info-Tech has surveyed over 40,000 business stakeholders as part of our CIO Business Vision program.

    Business stakeholders ranked the following 12 core IT services in terms of importance:

    Learn more about the CIO Business Vision Program.
    *Note: IT Security was added to CIO Business Vision 2.0 in 2019

    Top IT Services for Business Stakeholders

    1. Network Infrastructure
    2. IT Security*
    3. Data Quality
    4. Service Desk
    5. Business Applications
    6. Devices
    7. Client-Facing Technology
    8. Analytical Capability
    9. IT Innovation Leadership
    10. Projects
    11. Work Orders
    12. IT Policies
    13. Requirements Gathering
    Source: Info-Tech Research Group, 2019 (N=224 organizations)

    Having an effective and timely service desk correlates with higher end-user satisfaction with all other IT services

    A double bar graph is depicted. The blue bar represents dissatisfied ender user, and the green bar represents satisfied end user. The bars show the average of dissatisfied and satisfied end users for service desk effectiveness and service desk timeliness.

    On average, organizations that were satisfied with service desk effectiveness rated all other IT processes 46% higher than dissatisfied end users.

    Organizations that were satisfied with service desk timeliness rated all other IT processes 37% higher than dissatisfied end users.
    “Satisfied” organizations had average scores =8.“Dissatisfied" organizations had average scores “Dissatisfied" organizations had average scores =6. Source: Info-Tech Research Group, 2019 (N=18,500+ respondents from 75 organizations)

    Standardize the service desk the Info-Tech way to get measurable results

    More than one hundred organizations engaged with Info-Tech, through advisory calls and workshops, for their service desk projects in 2016. Their goal was either to improve an existing service desk or build one from scratch.

    Organizations that estimate the business impact of each project phase help us shed light on the average measured value of the engagements.

    "The analysts are an amazing resource for this project. Their approach is very methodical, and they have the ability to fill in the big picture with detailed, actionable steps. There is a real opportunity for us to get off the treadmill and make real IT service management improvements"

    - Rod Gula, IT Director

    American Realty Advisors

    Three circles are depicted. The top circle shows the sum of measured value dollar impact which is US$1,659,493.37. The middle circle shows the average measured value dollar impact which is US$19,755.87. The bottom circle shows the average measured value time saved which is 27 days.

    Info-Tech’s approach to service desk standardization focuses on building service management essentials

    This image depicts all of the phases and steps in this blueprint.

    Info-Tech draws on the COBIT framework, which focuses on consistent delivery of IT services across the organization

    This image depicts research that can be used to improve IT processes. Service Desk is circled to demonstrate which research is being used.

    The service desk is the foundation of all other service management processes.

    The image shows how the service desk is a foundation for other service management processes.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Standardize the Service Desk – project overview

    This image shows the project overview of this blueprint.

    Info-Tech delivers: Use our tools and templates to accelerate your project to completion

    Project Summary

    Image of template.

    Service Desk Standard Operating Procedures

    Image of tool.

    Service Desk Maturity Assessment Tool

    Image of tool.

    Service Desk Implementation Roadmap

    Image of tool Incident, knowledge, and request management workflows

    Incident, knowledge, and request management workflows

    The project’s key deliverable is a service desk standard operating procedure

    Benefits of documented SOPs:

    Improved training and knowledge transfer: Routine tasks can be delegated to junior staff (freeing senior staff to work on higher priority tasks).

    IT automation, process optimization, and consistent operations: Defining, documenting, and then optimizing processes enables IT automation to be built on sound processes, so consistent positive results can be achieved.

    Compliance: Compliance audits are more manageable because the documentation is already in place.

    Transparency: Visually documented processes answer the common business question of “why does that take so long?”

    Cost savings: Work solved at first contact or with a minimal number of escalations will result in greater efficiency and more cost-effective support. This will also lead to better customer service.

    Impact of undocumented/undefined SOPs:

    Tasks will be difficult to delegate, key staff become a bottleneck, knowledge transfer is inconsistent, and there is a longer onboarding process for new staff

    IT automation built on poorly defined, unoptimized processes leads to inconsistent results.

    Documenting SOPs to prepare for an audit becomes a major time-intensive project.

    Other areas of the organization may not understand how IT operates, which can lead to confusion and unrealistic expectations.

    Support costs are highest through inefficient processes, and proactive work becomes more difficult to schedule, making the organization vulnerable to costly disruptions.

    Workshop Overview

    Image depicts workshop overview occurring over four days.

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Phase 1

    Lay Service Desk Foundations

    Step 1.1:Assess current state

    Image shows the steps in phase 1. Highlight is on step 1.1

    This step will walk you through the following activities:

    • 1.1.1 Outline service desk challenges
    • 1.1.2 Assess the service desk maturity

    This step involves the following participants:

    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Alignment on the challenges that the service desk faces, an assessment of the current state of service desk processes and technologies, and baseline metrics against which to measure improvements.

    Deliverables

    • Service Desk Maturity Assessment

    Standardizing the service desk benefits the whole business

    The image depicts 3 circles to represent the service desk foundations.

    Embrace standardization

    • Standardization prevents wasted energy on reinventing solutions to recurring issues.
    • Standardized processes are scalable so that process maturity increases with the size of your organization.

    Increase business satisfaction

    • Improve confidence that the service desk can meet service levels.
    • Create a single point of contact for incidents and requests and escalate quickly.
    • Analyze trends to forecast and meet shifting business requirements.

    Reduce recurring issues

    • Create tickets for every task and categorize them accurately.
    • Generate reliable data to support root-cause analysis.

    Increase efficiency and lower operating costs

    • Empower end users and technicians with a targeted knowledgebase (KB).
    • Cross-train to improve service consistency.

    Case Study: The CIO of Westminster College took stock of existing processes before moving to empower the “helpless desk”

    Scott Lowe helped a small staff of eight IT professionals formalize service desk processes and increase the amount of time available for projects.

    When he joined Westminster College as CIO in 2006, the department faced several infrastructure challenges, including:

    • An unreliable network
    • Aging server replacements and no replacement plan
    • IT was the “department of no”
    • A help desk known as the “helpless desk”
    • A lack of wireless connectivity
    • Internet connection speed that was much too slow

    As the CIO investigated how to address the infrastructure challenges, he realized people cared deeply about how IT spent its time.

    The project load of IT staff increased, with new projects coming in every day.

    With a long project list, it became increasingly important to improve the transparency of project request and prioritization.

    Some weeks, staff spent 80% of their time working on projects. Other weeks, support requirements might leave only 10% for project work.

    He addressed the infrastructure challenges in part by analyzing IT’s routine processes.

    Internally, IT had inefficient support processes that reduced the amount of time they could spend on projects.

    They undertook an internal process analysis effort to identify processes that would have a return on investment if they were improved. The goal was to reduce operational support time so that project time could be increased.

    Five years later, they had a better understanding of the organization's operational support time needs and were able to shift workloads to accommodate projects without compromising support.

    Common challenges experienced by service desk teams

    Unresolved issues

    • Tickets are not created for all incidents.
    • Tickets are lost or escalated to the wrong technicians.
    • Poor data impedes root-cause analysis of incidents.

    Lost resources/accountability

    • Lack of cross-training and knowledge sharing.
    • Lack of skills coverage for critical applications and services.
    • Time is wasted troubleshooting recurring issues.
    • Reports unavailable due to lack of data and poor categorization.

    High cost to resolve

    • Tier 2/3 resolve issues that should be resolved at tier 1.
    • Tier 2/3 often interrupt projects to focus on service support.

    Poor planning

    • Lack of data for effective trend analysis leads to poor demand planning.
    • Lack of data leads to lost opportunities for templating and automation.

    Low business satisfaction

    • Users are unable to get assistance with IT services quickly.
    • Users go to their favorite technician instead of using the service desk.

    Outline the organization’s service desk challenges

    1.1.1 Brainstorm service desk challenges

    Estimated Time: 45 minutes

    A. As a group, outline the areas where you think the service desk is experiencing challenges or weaknesses. Use sticky notes or a whiteboard to separate the challenges into People, Process, and Technology so you have a wholistic view of the constraints across the department.

    B. Think about the following:

    • What have you heard from users? (e.g. slow response time)
    • What have you heard from executives? (e.g. poor communication)
    • What should you start doing? (e.g. documenting processes)
    • What should you stop doing? (e.g. work that is not being entered as tickets)

    C. Document challenges in the Service Desk Project Summary.

    Participants:

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    Assess current service desk maturity to establish a baseline and create a plan for service desk improvement

    A current-state assessment will help you build a foundation for process improvements. Current-state assessments follow a basic formula:

    1. Determine the current state of the service desk.
    2. Determine the desired state of the service desk.
    3. Build a practical path from current to desired state.
    Image depicts 2 circles and a box. The circle on the 1. left has assess current state. The circle on the right has 2. assess target state. The box has 3. build a roadmap.

    Ideally, the current-state assessment should align the delivery of IT services with organizational needs. The assessment should achieve the following goals:

    1. Identify service desk pain points.
    2. Map each pain point to business services.
    3. Assign a broad business value to the resolution of each pain point.
    4. Map each pain point to a process.

    Expert Insight

    Image of expert.

    “How do you know if you aren’t mature enough? Nothing – or everything – is recorded and tracked, customer satisfaction is low, frustration is high, and there are multiple requests and incidents that nobody ever bothers to address.”

    Rob England

    IT Consultant & Commentator

    Owner Two Hills

    Also known as The IT Skeptic

    Assess the process maturity of the service desk to determine which project phase and steps will bring the most value

    1.1.2 Measure which activity will have the greatest impact

    The Service Desk Maturity Assessmenttool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.

    The tool will help guide improvement efforts and measure your progress.

    • The second tab of the tool walks through a qualitative assessment of your service desk practices. Questions will prompt you to evaluate how you are executing key activities. Select the answer in the drop-down menus that most closely aligns with your current state.
    • The third tab displays your rate of process completeness and maturity. You will receive a score for each phase, an overall score, and advice based on your performance.
    • Document the results of the efficiency assessment in the Service Desk Project Summary.

    The tool is intended for periodic use. Review your answers each year and devise initiatives to improve the process performance where you need it most.

    Where do I find the data?

    Consult:

    • Service Manager
    • Service Desk Tools
    Image is the service desk tools.

    Step 1.2:Review service support best practices

    Image shows the steps in phase 1. Highlight is on step 1.2.

    This step will walk you through the following activities:

    1. 1.2.1 Identify roles and responsibilities in your organization
    2. 1.2.2 Map out the current and target structure of the service desk

    This step involves the following participants:

    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Identifying who is accountable for different support practices in the service desk will allow workload to be distributed effectively between functional teams and individuals. Closing the gaps in responsibilities will enable the execution of a shift-left strategy.

    Deliverables

    • Roles & responsibilities guide
    • Service desk structure

    Everyone in IT contributes to the success of service support

    Regardless of the service desk structure chosen to meet an organization’s service support requirements, IT staff should not doubt the role they play in service support.

    If you try to standardize service desk processes without engaging specialists in other parts of the IT organization, you will fail. Everyone in IT has a role to play in providing service support and meeting service-level agreements.

    Service Support Engagement Plan

    • Identify who is accountable for different service support processes.
    • Outline the different responsibilities of service desk agents at tier 1, tier 2, and tier 3 in meeting service-level agreements for service support.
    • Draft operational-level agreements between specialty groups and the service desk to improve accountability.
    • Configure the service desk tool to ensure ticket visibility and ownership across queues.
    • Engage tier 2 and tier 3 resources in building workflows for incident management, request fulfilment, and writing knowledgebase articles.
    • Emphasize the benefits of cooperation across IT silos:
      • Better customer service and end-user satisfaction.
      • Shorter time to resolve incidents and implement requests.
      • A higher tier 1 resolution rate, more efficient escalations, and fewer interruptions from project work.

    Info-Tech Insight

    Specialists tend to distance themselves from service support as they progress through their career to focus on projects.

    However, their cooperation is critical to the success of the new service desk. Not only do they contribute to the knowledgebase, but they also handle escalations from tiers 1 and 2.

    Clear project complications by leveraging roles and responsibilities

    R

    Responsible: This person is the staff member who completes the work. Assign at least one Responsible for each task, but this could be more than one.

    A

    Accountable: This team member delegates a task and is the last person to review deliverables and/or task. Sometimes Responsible and Accountable can be the same staff. Make sure that you always assign only one Accountable for each task and not more.

    C

    Consulted: People who do not carry out the task but need to be consulted. Typically, these people are subject matter experts or stakeholders.

    I

    Informed: People who receive information about process execution and quality and need to stay informed regarding the task.

    A RACI analysis is helpful with the following:

    • Workload Balancing: Allowing responsibilities to be distributed effectively between functional teams and individuals.
    • Change Management: Ensuring key functions and processes are not overlooked during organizational changes.
    • Onboarding: New employees can identify their own roles and responsibilities.

    A RACI chart outlines which positions are Responsible, Accountable, Consulted, and Informed

    Image shows example of RACI chart

    Create a list of roles and responsibilities in your organization

    1.2.1 Create RACI matrix to define responsibilities

    1. Use the Service Desk Roles and Responsibilities Guidefor a better understanding of the roles and responsibilities of different service desk tiers.
    2. In the RACI chart, replace the top row with specific roles in your organization.
    3. Modify or expand the process tasks, as needed, in the left column.
    4. For each role, identify the responsibility values that the person brings to the service desk. Fill out each column.
    5. Document in the Service Desk SOP. Schedule a time to share the results with organization leads.
    6. Distribute the chart between all teams in your organization.

    Notes:

    • Assign one Accountable for each task.
    • Have at least one Responsible for each task.
    • Avoid generic responsibilities, such as “team meetings.”
    • Keep your RACI definitions in your documents, as they are sometimes tough to remember.

    Participants

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    What You'll Need

    • Service Desk SOP
    • Roles and Responsibilities Guide
    • Flip Chart
    • Whiteboard

    Build a tiered generalist service desk to optimize costs

    A tiered generalist service desk with a first-tier resolution rate greater than 60% has the best operating cost and customer satisfaction of all competing service desk structural models.

    Image depicts a tiered generalist service desk example. It shows a flow from users to tier 1 and to tiers 2 and 3.

    The success of a tiered generalist model depends on standardized, defined processes

    Image lists the processes and benefits of a successful tiered generalist service desk.

    Define the structure of the service desk

    1.2.2 Map out the current and target structure of the service desk

    Estimated Time: 45 minutes

    Instructions:

    1. Using the model from the previous slides as a guide, discuss how closely it matches the current service desk structure.
    2. Map out a similar diagram of your existing service desk structure, intake channels, and escalation paths.
    3. Review the structure and discuss any changes that could be made to improve efficiency. Revise as needed.
    4. Document the outcome in the Service Desk Project Summary.

    Image depicts a tiered generalist service desk example. It shows a flow from users to tier 1 and to tiers 2 and 3.

    Participants

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    Use a shift-left strategy to lower service support costs, reduce time to resolve, and improve end-user satisfaction

    Shift-left strategy:

    • Shift service support tasks from specialists to generalists.
    • Implement self-service.
    • Automate incident resolution.
    Image shows the incident and service request resolution in a graph. It includes metrics of cost per ticket, average time to resolve, and end-user satisfaction.

    Work through the implications of adopting a shift-left strategy

    Overview:

    Identify process gaps that you need to fill to support the shift-left strategy and discuss how you could adopt or improve the shift-left strategy, using the discussion questions below as a guide.

    Which process gaps do you need to fill to identify ticket trends?

    • What are your most common incidents and service requests?
    • Which tickets could be resolved at tier 1?
    • Which tickets could be resolved as self-service tickets?
    • Which tickets could be automated?

    Which processes do you most need to improve to support a shift-left strategy?

    • Which incident and request processes are well documented?
    • Do you have recurring tickets that could be automated?
    • What is the state of your knowledgebase maintenance process?
    • Which articles do you most need to support tier 1 resolution?
    • What is the state of your web portal? How could it be improved to support self-service?

    Document in the Project Summary

    Step 1.3: Identify service desk metrics and reports

    Image shows the steps in phase 1. Highlight is on step 1.3.

    This step will walk you through the following activities:

    • 1.3 Create a list of required reports to identify relevant metrics

    This step involves the following participants:

    • Project Sponsor
    • IT Managers and Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Managers and analysts will have service desk metrics and reports that help set expectations and communicate service desk performance.

    Deliverables

    • A list of service desk performance metrics and reports

    Engage business unit leaders with data to appreciate needs

    Service desk reports are an opportunity to communicate the story of IT and collect stakeholder feedback. Interview business unit leaders and look for opportunities to improve IT services.

    Start with the following questions:

    • What are you hearing from your team about working with IT?
    • What are the issues that are contributing to productivity losses?
    • What are the workarounds your team does because something isn’t working?
    • Are you able to access the information you need?

    Work with business unit leaders to develop an action plan.

    Remember to communicate what you do to address stakeholder grievances.

    The service recovery paradox is a situation in which end users think more highly of IT after the organization has corrected a problem with their service compared to how they would regard the company if the service had not been faulty in the first place.

    The point is that addressing issues (and being seen to address issues) will significantly improve end-user satisfaction. Communicate that you’re listening and acting, and you should see satisfaction improve.

    Info-Tech Insight

    Presentation is everything:

    If you are presenting outside of IT, or using operational metrics to create strategic information, be prepared to:

    • Discuss trends.
    • Identify organizational and departmental impacts.
    • Assess IT costs and productivity.

    For example, “Number of incidents with ERP system has decreased by 5% after our last patch release. We are working on the next set of changes and expect the issues to continue to decrease.”

    Engage technicians to ensure they input quality data in the service desk tool

    You need better data to address problems. Communicate to the technical team what you need from them and how their efforts contribute to the usefulness of reports.

    Tickets MUST:

    • Be created for all incidents and service requests.
    • Be categorized correctly, and categories updated when the ticket is resolved.
    • Be closed after the incidents and service requests are resolved or implemented.

    Emphasize that reports are analyzed regularly and used to manage costs, improve services, and request more resources.

    Info-Tech Insight

    Service Desk Manager: Technical staff can help themselves analyze the backlog and improve service metrics if they’re looking at the right information. Ensure their service desk dashboards are helping them identify high-priority and quick-win tickets and anticipate potential SLA breaches.

    Produce service desk reports targeted to improve IT services

    Use metrics and reports to tell the story of IT.

    Metrics should be tied to business requirements and show how well IT is meeting those requirements and where obstacles exist.

    Tailor metrics and reports to specific stakeholders.

    Technicians require mostly real-time information in the form of a dashboard, providing visibility into a prioritized list of tickets for which they are responsible.

    Supervisors need tactical information to manage the team and set client expectations as well as track and meet strategic goals.

    Managers and executives need summary information that supports strategic goals. Start by looking at executive goals for the support team and then working through some of the more tactical data that will help support those goals.

    One metric doesn’t give you the whole picture

    • Don’t put too much emphasis on a single metric. At best, it will give you a distorted picture of your service desk performance. At worst, it will distort the behavior of your agents as they may adopt poor practices to meet the metric.
    • The solution is to use tension metrics: metrics that work together to give you a better sense of the state of operations.
    • Tension metrics ensure a balanced focus toward shared goals.

    Example:

    First-call resolution (FCR), end-user satisfaction, and number of tickets reopened all work together to give you a complete picture. As FCR goes up, so should end-user satisfaction, as number of tickets re-opened stays steady or declines. If the three metrics are heading in different directions, then you know you have a problem.

    Rely on internal metrics to measure and improve performance

    External metrics provide useful context, but they represent broad generalizations across different industries and organizations of different sizes. Internal metrics measured annually are more reliable.

    Internal metrics provide you with information about your actual performance. With the right continual improvement process, you can improve those metrics year over year, which is a better measure of the performance of your service desk.

    Whether a given metric is the right one for your service desk will depend on several different factors, not the least of which include:

    • The maturity of your service desk processes.
    • Your ticket volume.
    • The complexity of your tickets.
    • The degree to which your end users are comfortable with self-service.

    Info-Tech Insight

    Take external metrics with a grain of salt. Most benchmarks represent what service desks do across different industries, not what they should do. There also might be significant differences between different industries in terms of the kinds of tickets they deal with, differences which the overall average obscures.

    Use key service desk metrics to build a business case for service support improvements

    The right metrics can tell the business how hard IT works and how many resources it needs to perform:

    1. End-User Satisfactions:
      • The most important metric for measuring the perceived value of the service desk. Determine this based on a robust annual satisfaction survey of end users and transactional satisfaction surveys sent with a percentage of tickets.
    2. Ticket Volume and Cost per Ticket:
      • A key indicator of service desk efficiency, computed as the monthly operating expense divided by the average ticket volume per month.
    3. First-Contact Resolution Rate:
      • The biggest driver of end-user satisfaction. Depending on the kind of tickets you deal with, you can measure first-contact, first-tier, or first-day resolution.
    4. Average Time to Resolve (Incident) or Fulfill (Service Requests):
      • An assessment of the service desk's ability to resolve tickets effectively, measuring the time elapsed between the moment the ticket status is set to “open” and the moment it is set to “resolved.”

    Info-Tech Insight

    Metrics should be tied to business requirements. They tell the story of how well IT is meeting those requirements and help identify when obstacles get in the way. The latter can be done by pointing to discrepancies between the internal metrics you expected to reach but didn’t and external metrics you trust.

    Use service desk metrics to track progress toward strategic, operational, and tactical goals

    Image depicts a chart to show the various metrics in terms of strategic goals, tactical goals, and operational goals.

    Cost per ticket and customer satisfaction are the foundation metrics of service support

    Ultimately, everything boils down to cost containment (measured by cost per ticket) and quality of service (measured by customer satisfaction).

    Cost per ticket is a measure of the efficiency of service support:

    • A higher than average cost per ticket is not necessarily a bad thing, particularly if accompanied by higher-than-average quality levels.
    • Conversely, a low cost per ticket is not necessarily good, particularly if the low cost is achieved by sacrificing quality of service.

    Cost per ticket is the total monthly operating expense of the service desk divided by the monthly ticket volume. Operating expense includes the following components:

    • Salaries and benefits for desktop support technicians
    • Salaries and benefits for indirect personnel (team leads, supervisors, workforce schedulers, dispatchers, QA/QC personnel, trainers, and managers)
    • Technology expense (e.g. computers, software licensing fees)
    • Telecommunications expenses
    • Facilities expenses (e.g. office space, utilities, insurance)
    • Travel, training, and office supplies
    Image displays a pie chart that shows the various service desk costs.

    Create a list of required reports to identify metrics to track

    1.3.1 Start by identifying the reports you need, then identify the metrics that produce them

    1. Answer the following questions to determine the data your reports require:
      • What strategic initiatives do you need to track?
        • Example: reducing mean time to resolve, meeting SLAs
      • What operational areas need attention?
        • Example: recurring issues that need a permanent resolution
      • What kind of issues do you want to solve?
        • Example: automate tasks such as password reset or software distribution
      • What decisions or processes are held up due to lack of information?
        • Example: need to build a business case to justify infrastructure upgrades
      • How can the data be used to improve services to the business?
        • Example: recurring issues by department
    2. Document report and metrics requirements in Service Desk SOP.
    3. Provide the list to your tool administrator to create reports with auto-distribution.

    Participants

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    What You'll Need

    • Service Desk SOP
    • Flip Chart
    • Whiteboard

    Step 1.4: Review ticket handling procedures

    Image shows the steps in phase 1. Highlight is on step 1.4.

    This step will walk you through the following activities:

    • 1.4.1 Review ticket handling practices
    • 1.4.2 Identify opportunities to automate ticket creation and reduce recurring tickets

    This step involves the following participants:

    • Project Sponsor
    • IT Managers and Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Managers and analysts will have best practices for ticket handling and troubleshooting to support ITSM data quality and improve first-tier resolution.

    DELIVERABLES

    • List of ticket templates and recurring tickets
    • Ticket and Call QA Template and ticket handling best practices

    Start by reviewing the incident intake process to find opportunities for improvement

    If end users are avoiding your service desk, you may have an intake problem. Create alternative ways for users to seek help to manage the volume; keep in mind not every request is an emergency.

    Image shows the various intake channels and the recommendation.

    Identify opportunities for improvement in your ticket channels

    The two most efficient intake channels should be encouraged for the majority of tickets.

    • Build a self-service portal.
      • Do users know where to find the portal?
      • How many tickets are created through the portal?
      • Is the interface easy to use?
    • Deal efficiently with email.
      • How quickly are messages picked up?
      • Are they manually transferred to a ticket or does the service desk tool automatically create a ticket?

    The two most traditional and fastest methods to get help must deal with emergencies and escalation effectively.

    • Phone should be the fastest way to get help for emergencies.
      • Are enough agents answering calls?
      • Are voicemails picked up on time?
      • Are the automated call routing prompts clear and concise?
    • Are walk-ins permitted and formalized?
      • Do you always have someone at the desk?
      • Is your equipment secure?
      • Are walk-ins common because no one picks up the phone or is the traffic as you’d expect?

    Ensure technicians create tickets for all incidents and requests

    Why Collect Ticket Data?

    If many tickets are missing, help service support staff understand the need to collect the data. Reports will be inaccurate and meaningless if quality data isn’t entered into the ticketing system.

    Image shows example of ticket data

    Set ticket handling expectations to drive a consistent process

    Set expectations:

    • Create and update tickets, but not at the expense of good customer service. Agents can start the ticket but shouldn’t spend five minutes creating the ticket when they should be troubleshooting the problem.
    • Update the ticket when the issue is resolved or needs to be escalated. If agents are escalating, they should make sure all relevant information is passed along to the next technician.
    • Update user of ETA if issue cannot be resolved quickly.
    • Ticket templates for common incidents can lead to fast creation, data input, and categorizations. Templates can reduce the time it takes to create tickets from two minutes to 30 seconds.
    • Update categories to reflect the actual issue and resolution.
    • Reference or link to the knowledgebase article as the documented steps taken to resolve the incident.
    • Validate incident is resolved with client; automate this process with ticket closure after a certain time.
    • Close or resolve the ticket on time.

    Use the Ticket and Call Quality Assessment Tool to improve the quality of service desk data

    Build a process to check-in on ticket and call quality monthly

    Better data leads to better decisions. Use the Ticket and Call Quality Assessment Toolto check-in on the ticket and call quality monthly for each technician and improve service desk data quality.

    1. Fill tab 1 with technician’s name.
    2. Use either tab 2 (auto-scoring) or tab 3 (manual scoring) to score the agent. The assessment includes ticket evaluation, call evaluation, and overall metric.
    3. Record the results of each review in the score summary of tab 1.
    Image shows tool.

    Use ticket templates to make ticket creation, updating, and resolution more efficient

    A screenshot of the Ticket and Call Quality Assessment Tool

    Implement measures to improve ticket handling and identify ticket template candidates

    1.4.1 Identify opportunities to automate ticket creation

    1. Poll the team and discuss.
      • How many members of the team are not creating tickets? Why?
      • How can we address those barriers?
      • What are the expectations of management?
    2. Brainstorm five to ten good candidates for ticket templates.
      • What data can auto-fill?
      • What will help process the ticket faster?
      • What automations can we build to ensure a fast, consistent service?
      • Note:
        • Ticket template name
        • Information that will auto-fill from AD and other applications
        • Categories and resolution codes
        • Automated routing and email responses
    3. Document ticket template candidates in the Service Desk Roadmap to capture the actions.

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You'll Needs

    • Flip Chart
    • Whiteboard

    Phase 2

    Design Incident Management Processes

    Step 2.1: Build incident management workflows

    Image shows the steps in phase 2. Highlight is on step 2.1.

    This step will walk you through the following activities:

    • 2.1.1 Review incident management challenges
    • 2.1.2 Define the incident management workflow
    • 2.1.3 Define the critical incident management workflow
    • 2.1.4 Design critical incident communication plan

    This step involves the following participants:

    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Workflows for incident management and critical incident management will improve the consistency and quality of service delivery and prepare the service desk to negotiate reliable service levels with the organization.

    DELIVERABLES

    • Incident management workflows
    • Critical incident management workflows
    • Critical incident communication plan

    Communicate the great incident resolution work that you do to improve end-user satisfaction

    End users think more highly of IT after the organization has corrected a problem with their service than they would have had the service not been faulty in the first place.

    Image displays a graph to show the service recovery paradox

    Info-Tech Insight

    Use the service recovery paradox to your advantage. Address service desk challenges explicitly, develop incident management processes that get services back online quickly, and communicate the changes.

    If you show that the service desk recovered well from the challenges end users raised, you will get greater loyalty from them.

    Assign incident roles and responsibilities to promote accountability

    The role of an incident coordinator or manager can be assigned to anyone inside the service desk that has a strong knowledge of incident resolution, attention to detail, and knows how to herd cats.

    In organizations with high ticket volumes, a separate role may be necessary.

    Everyone must recognize that incident management is a cross-IT organization process and it does not have to be a unique service desk process.

    An incident coordinator is responsible for:

    • Improving incident management processes.
    • Tracking metrics and producing reports.
    • Developing and maintaining the incident management system.
    • Developing and maintaining critical incident processes.
    • Ensuring the service support team follows the incident management process.
    • Gathering post-mortem information from the various technical resources on root cause for critical or severity 1 incidents.

    The Director of IT Services invested in incident management to improve responsiveness and set end-user expectations

    Practitioner Insight

    Ben Rodrigues developed a progressive plan to create a responsive, service-oriented culture for the service support organization.

    "When I joined the organization, there wasn’t a service desk. People just phoned, emailed, maybe left [sticky] notes for who they thought in IT would resolve it. There wasn’t a lot of investment in developing clear processes. It was ‘Let’s call somebody in IT.’

    I set up the service desk to clarify what we would do for end users and to establish some SLAs.

    I didn’t commit to service levels right away. I needed to see how many resources and what skill sets I would need. I started by drafting some SLA targets and plugging them into our tracking application. I then monitored how we did on certain things and established if we needed other skill sets. Then I communicated those SOPs to the business, so that ‘if you have an issue, this is where you go, and this is how you do it,’ and then shared those KPIs with them.

    I had monthly meetings with different function heads to say, ‘this is what I see your guys calling me about,’ and we worked on something together to make some of the pain disappear."

    -Ben Rodrigues

    Director, IT Services

    Gamma Dynacare

    Sketch out incident management challenges to focus improvements

    Common Incident Management Challenges

    End Users

    • No faith in the service desk beyond speaking with their favorite technician.
    • No expectations for response or resolution time.
    • Non-IT staff are disrupted as people ask their colleagues for IT advice.

    Technicians

    • No one manages and escalates incidents.
    • Incidents are unnecessarily urgent and more likely to have a greater impact.
    • Agents are flooded with requests to do routine tasks during desk visits.
    • Specialist support staff are subject to constant interruptions.
    • Tickets are lost, incomplete, or escalated incorrectly.
    • Incidents are resolved from scratch rather than referring to existing solutions.

    Managers

    • Tickets are incomplete or lack historical information to address complaints.
    • Tickets in system don’t match the perceived workload.
    • Unable to gather data for budgeting or business analysis.

    Info-Tech Insight

    Consistent incident management processes will improve end-user satisfaction with all other IT services.

    However, be prepared to overcome these common obstacles as you put the process in place, including:

    • Absence of management or staff commitment.
    • Lack of clarity on organizational needs.
    • Outdated work practices.
    • Poorly defined service desk goals and responsibilities.
    • Lack of a reliable knowledgebase.
    • Inadequate training.
    • Resistance to change.

    Prepare to implement or improve incident management

    2.1.1 Review incident management challenges and metrics

    1. Review your incident management challenges and the benefits of addressing them.
    2. Review the level of service you are providing with the current resources. Define clear goals and deliverables for the improvement initiative.
    3. Decide how the incident management process will interface with the service desk. Who will take on the responsibility for resolving incidents? Specifically, who will:
      • Log incidents.
      • Perform initial incident troubleshooting.
      • Own and monitor tickets.
      • Communicate with end users.
      • Update records with the resolution.
      • Close incidents.
      • Implement next steps (e.g. initiate problem management).
    4. Document recommendations and the incident management process requirements in the Service Desk SOP.

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You’ll Need

    • Service Desk SOP
    • Flip Chart
    • Whiteboard

    Distinguish between different kinds of tickets for better SLAs

    Different ticket types are associated with radically different prioritization, routing, and service levels. For instance, most incidents are resolved within a business day, but requests take longer to implement.

    If you fail to distinguish between ticket types, your metrics will obscure service desk performance.

    Common Service Desk Tickets

    • Incidents
      • An unanticipated interruption of a service.
        • The goal of incident management is to restore the service as soon as possible, even if the resolution involves a workaround.
    • Problems
      • The root cause of several incidents.
        • The goal of problem management is to detect the root cause and provide long-term resolution and prevention.
    • Requests
      • A generic description for small changes or service access
        • Requests are small, frequent, and low risk. They are best handled by a process distinct from incident, change, and project management.
    • Changes
      • Modification or removal of anything that could influence IT services.
        • The scope includes significant changes to architectures, processes, tools, metrics, and documentation.

    Info-Tech Insight

    Organizations sometimes mistakenly classify small projects as service requests, which can compromise your data, resulting in a negative impact to the perceived value of the service desk.

    Separate incidents and service requests for increased customer service and better-defined SLAs

    Defining the differences between service requests and incidents is not just for reporting purposes. It also has a major impact on how service is delivered.

    Incidents are unexpected disruptions to normal business processes and require attempts to restore services as soon as possible (e.g. the printer is not working).

    Service requests are tasks that don’t involve something that is broken or has an immediate impact on services. They do not require immediate resolution and can typically be scheduled (e.g. new software).

    Image shows a chart on incidents and service requests.

    Focus on the big picture first to capture and streamline how your organization resolves incidents

    Image displays a flow chart to show how to organize resolving incidents.

    Document your incident management workflow to identify opportunities for improvement

    Image shows a flow cart on how to organize incident management.

    Workflow should include:

    • Ticket creation and closure
    • Triage
    • Troubleshooting
    • Escalations
    • Communications
    • Change management
    • Documentation
    • Vendor escalations

    Notes:

    • Notification and alerts should be used to set or reset expectations on delivery or resolution
    • Identify all the steps where a customer is informed and ensure we are not over or under communicating

    Collaborate to define each step of the incident management workflow

    2.1.2 Define the incident management workflow

    Estimated Time: 60 minutes

    Option 1: Whiteboard

    1. Discuss the workflow and draw it on the whiteboard.
    2. Assess whether you are using the best workflow. Modify it if necessary.
    3. Engage the team in refining the process workflow.
    4. Transfer data to Visio and add to the SOP.

    Option 2: Tabletop Exercise

    1. Distribute index cards to each member of the team.
    2. Have each person write a single task they perform on the index card. Be granular. Include the title or the name of the person responsible.
    3. Mark cards that are decision points. Use a card of a different color or use a marker to make a colored dot.
    4. Arrange the index cards in order, removing duplicates.
    5. Assess whether you are using the best workflow. Engage the team to refine it if necessary.
    6. Transfer data to Visio and add to the Service Desk SOP.

    Participants

    • Service Manager
    • Service Desk Support
    • Applications or Infrastructure Support

    What You’ll Need

    • Flip Chart Paper
    • Sticky Notes
    • Pens
    • Service Desk SOP
    • Project Summary

    Formalize the process for critical incident management to reduce organizational impact

    Discuss these elements to see how the organization will handle them.

    • Communication plan:
      • Who communicates with end users?
      • Who communicates with the executive team?
    • It’s important to separate the role of the technician trying to solve a problem with the need to communicate progress.
    • Change management:
    • Define a separate process for regular and emergency change management to ensure changes are timely and appropriate.
    • Business continuity plan:
    • Identify criteria to decide when a business continuity plan (BCP) must be implemented during a critical incident to minimize the business impact of the incident.
    • Post-mortems:
    • Formalize the process of discussing and documenting lessons learned, understanding outstanding issues, and addressing the root cause of incidents.
    • Source of incident notification:
    • Does the process change if users notify the service desk of an issue or if the systems management tools alert technicians?

    Critical incidents are high-impact, high-urgency events that put the effectiveness and timeliness of the service desk center stage.

    Build a workflow that focuses on quickly bringing together the right people to resolve the incident and reduces the chances of recurrence.

    Document your critical incident management workflow to identify opportunities for improvement

    Image shows a flow cart on how to organize critical incident management.

    Workflow should include:

    • Ticket creation and closure
    • Triage
    • Troubleshooting
    • Escalations
    • Communications plan
    • Change management
    • Disaster recovery or business continuity plan
    • Documentation
    • Vendor escalations
    • Post-mortem

    Collaborate to define each step of the critical incident management workflow

    2.1.3 Define the critical incident management workflow

    Estimated Time: 60 minutes

    Option 1: Whiteboard

    1. Discuss the workflow and draw it on the whiteboard.
    2. Assess whether you are using the best workflow. Modify it if necessary.
    3. Engage the team in refining the process workflow.
    4. Transfer data to Visio and add to the SOP.

    Option 2: Tabletop Exercise

    1. Distribute index cards to each member of the team.
    2. Have each person write a single task they perform on the index card. Be granular. Include the title or the name of the person responsible.
    3. Mark cards that are decision points. Use a card of a different color or use a marker to make a colored dot.
    4. Arrange the index cards in order, removing duplicates.
    5. Assess whether you are using the best workflow. Engage the team to refine it if necessary.
    6. Transfer data to Visio and add to the Service Desk SOP.

    Participants

    • Service Manager
    • Service Desk Support
    • Applications or Infrastructure Support

    What You’ll Need

    • Flip Chart Paper
    • Sticky Notes
    • Pens
    • Service Desk SOP

    Establish a critical incident management communication plan

    When it comes to communicating during major incidents, it’s important to get the information just right. Users don’t want too little, they don’t want too much, they just want what’s relevant to them, and they want that information at the right time.

    As an IT professional, you may not have a background in communications, but it becomes an important part of your job. Broad guidelines for good communication during a critical incident are:

    1. Communicate as broadly as the impact of your incident requires.
    2. Communicate as much detail as a specific audience requires, but no more than necessary.
    3. Communicate as far ahead of impact as possible.

    Why does communication matter?

    Sending the wrong message, at the wrong time, to the wrong stakeholders, can result in:

    • Drop in customer satisfaction.
    • Wasted time and resources from multiple customers contacting you with the same issue.
    • Dissatisfied executives kept in the dark.
    • Increased resolution time if the relevant providers and IT staff are not informed soon enough to help.

    Info-Tech Insight

    End users understand that sometimes things break. What’s important to them is that (1) you don’t repeatedly have the same problem, (2) you keep them informed, and (3) you give them enough notice when their systems will be impacted and when service will be returned.

    Automate communication to save time and deliver consistent messaging to the right stakeholders

    In the middle of resolving a critical incident, the last thing you have time for is worrying about crafting a good message. Create a series of templates to save time by providing automated, tailored messages for each stage of the process that can be quickly altered and sent out to the right stakeholders.

    Once templates are in place, when the incident occurs, it’s simply a matter of:

    1. Choosing the relevant template.
    2. Updating recipients and messaging if necessary.
    3. Adding specific, relevant data and fields.
    4. Sending the message.

    When to communicate?

    Tell users the information they need to know when they need to know it. If a user is directly impacted, tell them that. If the incident does not directly affect the user, the communication may lead to decreased customer satisfaction or failure to pay attention to future relevant messaging.

    What to say?

    • Keep messaging short and to the point.
    • Only say what you know for sure.
    • Provide only the details the audience needs to know to take any necessary action or steps on their side and no more. There’s no need to provide details on the reason for the failure before it’s resolved, though this can be done after resolution and restoration of service.

    You’ll need distinct messages for distinct audiences. For example:

    • To incident resolvers: “Servers X through Y in ABC Location are failing intermittently. Please test the servers and all the connections to determine the exact cause so we can take corrective action ASAP.”
    • To the IT department head: “Servers X through Y in ABC Location are failing intermittently. We are beginning tests. We will let you know when we have determined the exact cause and can give you an estimated completion time.”
    • To executives: “We’re having an issue with some servers at ABC Location. We are testing to determine the cause and will let you know the estimated completion time as soon as possible.”
    • To end users: “We are experience some service issues. We are working on a resolution diligently and will restore service as soon as possible.”

    Map out who will need to be contacted in the event of a critical incident

    2.1.4 Design the critical incident communication plan

    • Identify critical incidents that require communication.
    • Identify stakeholders who will need to be informed about each incident.
    • For each audience, determine:
      1. Frequency of communication
      2. Content of communication
    Use the sample template to the right as an example.

    Some questions to assist you:

    • Whose work will be interrupted, either by their services going down or by their workers having to drop everything to solve the incident?
    • What would happen if we didn’t notify this person?
    • What level of detail do they need?
    • How often would they want to be updated?
    Document outcomes in the Service Desk SOP. Image shows template of unplanned service outage.

    Measure and improve customer satisfaction with the use of relationship and transactional surveys

    Customer experience programs with a combination of relationship and transactional surveys tend to be more effective. Merging the two will give a wholistic picture of the customer experience.

    Relationship Surveys

    Relationship surveys focus on obtaining feedback on the overall customer experience.

    • Inform how well you are doing or where you need improvement in the broad services provided.
    • Provide a high-level perspective on the relationship between the business and IT.
    • Help with strategic improvement decisions.
    • Should be sent over a duration of time and to the entire customer base after they’ve had time to experience all the services provided by the service desk. This can be done as frequently as per quarter or on a yearly basis.
    • E.g. An annual satisfaction survey such as Info-Tech’s End User Satisfaction Diagnostic.

    Transactional Surveys

    Transactional surveys are tied to a specific interaction or transaction your end users have with a specific product or service.

    • Help with tactical improvement decisions.
    • Questions should point to a specific interaction.
    • Usually only a few questions that are quick and easy to complete following the transaction.
    • Since transactional surveys allow you to improve individual relationships, they should be sent shortly after the interaction with the service desk has occurred.
    • E.g. How satisfied are you with the way your ticket was resolved?

    Add transactional end-user surveys at ticket close to escalate unsatisfactory results

    A simple quantitative survey at the closing of a ticket can inform the service desk manager of any issues that were not resolved to the end user’s satisfaction. Take advantage of workflows to escalate poor results immediately for quick follow-up.

    Image shows example of survey question with rating.

    If a more complex survey is required, you may wish to include some of these questions:

    Please rate your overall satisfaction with the way your issue was handled (1=unsatisfactory, 5=fantastic)

    • The professionalism of the analyst.
    • The technical skills or knowledge of the analyst.
    • The timeliness of the service provided.
    • The overall service experience.

    Add an open-ended, qualitative question to put the number in context, and solicit critical feedback:

    What could the service desk have done to improve your experience?

    Define a process to respond to both negative and positive feedback

    Successful customer satisfaction programs respond effectively to both positive and negative outcomes. Late or lack of responses to negative comments may increase customer frustration, while not responding at all to the positive comments may give the perception of indifference. If customers are taking the time to fill out the survey, good or bad, they should be followed up with

    Take these steps to handle survey feedback:

    1. Assign resources to receive, read, and track responses. The entire team doesn’t need to receive every response, while a single resource may not have capacity to respond in a timely manner. Decide what makes the most sense in your environment.
    2. Respond to negative feedback: It may not be possible to respond to every customer that fills out a survey. Set guidelines for responding to negative surveys with no details on the issue; don’t spend time guessing why they were upset, simply ask the user why they were unsatisfied. The critical piece of taking advantage of the service recovery paradox is in the follow-up to the customer.
    3. Investigate and improve: Make sure you investigate the issue to ensure that it is a justified complaint or whether the issue is a symptom of another issue’s root cause. Identify remediation steps to ensure the issue does not repeat itself, and then communicate to the customer the action you have taken to improve.
    4. Act on positive feedback as well: If it’s easy for customers to provide feedback, then make room in your process for handling the positive results. Appreciate the time and effort your customers take to give kudos and use it as a tool to build a long-term relationship with that user. Saying thank you goes a long way and when customers know their time matters, they will be encouraged to fill out those surveys. This is also a good way to show what a great job the service desk team did with the interaction.

    Analyze survey feedback month over month to complement and justify metric results already in place

    When you combine the tracking and analysis of relationship and transactional survey data you will be able to dive into specific issues, identify trends and patterns, assess impact to users, and build a plan to make improvements.

    Once the survey data is centralized, categorized, and available you can start to focus on metrics. At a minimum, for transactional surveys, consider tracking:

    • Breakdown of satisfaction scores with trends over time
    • Unsatisfactory surveys that are related to incidents and service requests
    • Total surveys that have been actioned vs pending

    For relationship surveys, consider tracking:

    • Satisfaction scores by department and seniority level
    • Satisfaction with IT services, applications, and communication
    • Satisfaction with IT’s business enablement

    Scores of overall satisfaction with IT

    Image Source: Info-Tech End User Satisfaction Report

    Prioritize company-wide improvement initiatives by those that have the biggest impact to the entire customer base first and then communicate the plan to the organization using a variety of communication channels that will draw your customers in, e.g. dashboards, newsletters, email alerts.

    Info-Tech Insight

    Consider automating or using your ITSM notification system as a direct communication method to inform the service desk manager of negative survey results.

    Step 2.2: Design ticket categorization

    Image shows the steps in phase 2. Highlight is on step 2.2

    This step will walk you through the following activities:

    • 2.2.1 Assess ticket categorization
    • 2.2.2 Enhance ticket categories with resolution and status codes

    This step involves the following participants:

    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    The reviewed ticket categorization scheme will be easier to use and deploy more consistently, which will improve the categorization of data and the reliability of reports.

    DELIVERABLES

    • Optimized ticket categorization

    Design a ticket classification scheme to produce useful reports

    Reliable reports depend on an effective categorization scheme.

    Too many options cause confusion; too few options provide little value. As you build the classification scheme over the next few slides, let call routing and reporting requirements be your guide.

    Effective classification schemes are concise, easy to use correctly, and easy to maintain.

    Image shows example of a ticket classification scheme.

    Keep these guidelines in mind:

    • A good categorization scheme is exhaustive and mutually exclusive: there’s a place for every ticket and every ticket fits in only one place.
    • As you build your classification scheme, ensure the categories describe the actual asset or service involved based on final resolution, not how it was reported initially.
    • Pre-populate ticket templates with relevant categories to dramatically improve reporting and routing accuracy.
    • Use a tiered system to make the categories easier to navigate. Three tiers with 6-8 categories per tier provides up to 512 sub-categories, which should be enough for the most ambitious team.
    • Track only what you will use for reporting purposes. If you don’t need a report on individual kinds of laptops, don’t create a category beyond “laptops.”
    • Avoid “miscellaneous” categories. A large portion of your tickets will eventually end up there.

    Info-Tech Insight

    Don’t do it alone! Collaborate with managers in the specialized IT groups responsible for root-cause analysis to develop a categorization scheme that makes sense for them.

    The first approach to categorization breaks down the IT portfolio into asset types

    WHY SHOULD I START WITH ASSETS?

    Start with asset types if asset management and configuration management processes figure prominently in your practice or on your service management implementation roadmap.

    Image displays example of asset types and how to categorize them.

    Building the Categories

    Ask these questions:

    • Type: What kind of asset am I working on?
    • Category: What general asset group am I working on?
    • Subcategory: What particular asset am I working on?

    Need to make quick progress? Use Info-Tech Research Group’s Service Desk Ticket Categorization Schemes template.

    Info-Tech Insight

    Think about how you will use the data to determine which components need to be included in reports. If components won’t be used for reporting, routing, or warranty, reporting down to the component level adds little value.

    The second approach to categorization breaks down the IT portfolio into types of services

    WHY SHOULD I START WITH SERVICES?

    Start with asset services if service management generally figures prominently in your practice, especially service catalog management.

    Image displays example of service types and how to categorize them.

    Building the Categories

    Ask these questions:

    • Type: What kind of service am I working on?
    • Category: What general service group am I working on?
    • Subcategory: What particular service am I working on?

    Need to make quick progress? Use Info-Tech Research Group’s Service Desk Ticket Categorization Schemes template.

    Info-Tech Insight

    Remember, ticket categories are not your only source of reports. Enhance the classification scheme with resolution and status codes for more granular reporting.

    Improve the categorization scheme to enhance routing and reporting

    2.2.1 Assess whether the service desk can improve its ticket categorization

    1. As a group, review existing categories, looking for duplicates and designations that won’t affect ticket routing. Reconcile duplicates and remove non-essential categories.
    2. As a group, re-do the categories, ensuring that the new categorization scheme will meet the reporting requirements outlined earlier.
      • Are categories exhaustive and mutually exclusive?
      • Is the tier simple and easy to use (i.e. 3 tiers x 8 categories)?
    3. Test against recent tickets to ensure you have the right categories.
    4. Record the ticket categorization scheme in the Service Desk Ticket Categorization Schemes template.

    A screenshot of the Service Desk Ticket Categorization Schemes template.

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You’ll Need

    • Flip Chart
    • Whiteboard
    • Service Desk Ticket Categorization Scheme

    Enhance the classification scheme with resolution and status codes for more granular reporting

    Resolution codes differ from detailed resolution notes.

    • A resolution code is a field within the ticketing system that should be updated at ticket close to categorize the primary way the ticket was resolved.
    • This is important for reporting purposes as it adds another level to the categorization scheme and can help you identify knowledgebase article candidates, training needs, or problems.

    Ticket statuses are a helpful field for both IT and end users to identify the current status of the ticket and to initiate workflows.

    • The most common statuses are open, pending/in progress, resolved, and closed (note the difference between resolved and closed).
    • Waiting on user or waiting on vendor are also helpful statuses to stop the clock when awaiting further information or input.

    Common Examples:

    Resolution Codes

    • How to/training
    • Configuration change
    • Upgrade
    • Installation
    • Data import/export/change
    • Information/research
    • Reboot

    Status Fields

    • Declined
    • Open
    • Closed
    • Waiting on user
    • Waiting on vendor
    • Reopened by user

    Identify and document resolution and status codes

    2.2.2 Enhance ticket categories with resolution codes

    Discuss:

    • How can we use resolution information to enhance reporting?
    • Are current status fields telling the right story?
    • Are there other requirements like project linking?

    Draft:

    1. Write out proposed resolution codes and status fields and critically assess their value.
    2. Resolutions can be further broken down by incident and service request if desired.
    3. Test resolution codes against a few recent tickets.
    4. Record the ticket categorization scheme in the Service Desk SOP.

    Participants

    • CIO
    • Service Desk Manager
    • Service Desk Technician(s)

    What You’ll Need

    • Whiteboard or Flip Chart
    • Markers

    Step 2.3: Design incident escalation and prioritization

    Image shows the steps in phase 2. Highlight is on step 2.3.

    This step will walk you through the following activities:

    • 2.3.1 Build a small number of rules to facilitate prioritization
    • 2.3.2 Define escalation rules
    • 2.3.3 Define automated escalations
    • 2.3.4 Provide guidance to each tier around escalation steps and times

    This step involves the following participants:

    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    The reviewed ticket escalation and prioritization will streamline queue management, improve the quality of escalations, and ensure agents work on the right tickets at the right time.

    DELIVERABLES

    • Optimized ticket prioritization scheme
    • Guidelines for ticket escalations
    • List of automatic escalations

    Build a ticket prioritization matrix to make escalation assessment less subjective

    Most IT leaders agree that prioritization is one of the most difficult aspects of IT in general. Set priorities based on business needs first.

    Mission-critical systems or problems that affect many people should always come first (i.e. Severity Level 1).

    The bulk of reported problems, however, are often individual problems with desktop PCs (i.e. Severity Level 3 or 4).

    Some questions to consider when deciding on problem severity include:

    • How is productivity affected?
    • How many users are affected?
    • How many systems are affected?
    • How critical are the affected systems to the organization?

    Decide how many severity levels the organization needs the service desk to have. Four levels of severity are ideal for most organizations.

    Image shows example ticket prioritization matrix

    Collect the ticket prioritization scheme in one diagram to ensure service support aligns to business requirements

    Image shows example ticket prioritization matrix

    Prioritize incidents based on severity and urgency to foreground critical issues

    2.3.1 Build a clearly defined priority scheme

    Estimated Time: 60 minutes

    1. Decide how many levels of severity are appropriate for your organization.
    2. Build a prioritization matrix, breaking down priority levels by impact and urgency.
    3. Build out the definitions of impact and urgency to complete the prioritization matrix.
    4. Run through examples of each priority level to make sure everyone is on the same page.

    Image shows example ticket prioritization matrix

    Document in the SOP

    Participants

    • Service Managers
    • Service Desk Support
    • Applications or Infrastructure Support

    What You'll Need

    • Flip Chart Paper
    • Sticky Notes
    • Pens
    • Service Desk SOP

    Example of outcome from 2.3.1

    Define response and resolution targets for each priority level to establish service-level objectives for service support

    Image shows example of response and resolution targets.

    Build clear rules to help agents determine when to escalate

    2.3.2 Assign response, resolution, and escalation times to each priority level

    Estimated Time: 60 minutes

    Instructions:

    For each incident priority level, define the associated:

    1. Response time – time from when incident record is created to the time the service desk acknowledges to the customer that their ticket has been received and assigned.
    2. Resolution time – time from when the incident record is created to the time that the customer has been advised that their problem has been resolved.
    3. Escalation time – maximum amount of time that a ticket should be worked on without progress before being escalated to someone else.

    Participants

    • Service Managers
    • Service Desk Support
    • Applications or Infrastructure Support

    What You'll Need

    • Flip Chart Paper
    • Sticky Notes
    • Pens

    Image shows example of response and resolution targets

    Use the table on the previous slide as a guide.

    Discuss the possible root causes for escalation issues

    WHY IS ESCALATION IMPORTANT?

    Escalation is not about admitting defeat, but about using your resources properly.

    Defining procedures for escalation reduces the amount of time the service desk spends troubleshooting before allocating the incident to a higher service tier. This reduces the mean time to resolve and increases end-user satisfaction.

    You can correlate escalation paths to ticket categories devised in step 2.2.

    Image shows example on potential root causes for escalation issues.

    Build decision rights to help agents determine when to escalate

    2.3.3 Provide guidance to each tier around escalation steps and times

    Estimated Time: 60 minutes

    Instructions

    1. For each support tier, define escalation rules for troubleshooting (steps that each tier should take before escalation).
    2. For each support tier, define maximum escalation times (maximum amount of time to work on a ticket without progress before escalating).
    Example of outcome from step 2.3.3 to determine when to escalate issues.

    Create a list of application specialists to get the escalation right the first time

    2.3.4 Define automated escalations

    Estimated Time: 60 minutes

    1. Identify applications that will require specialists for troubleshooting or access rights.
    2. Identify primary and secondary specialists for each application.
    3. Identify vendors that will receive escalations either immediately or after troubleshooting.
    4. Set up application groups in the service desk tool.
    5. Set up workflows in the service desk tool where appropriate.
    6. Document the automated escalations in the categorization scheme developed in step 2.2 and in the Service Desk Roles and Responsibilities Guide.

    A screenshot of the Service Desk Roles and Responsibilities Guide

    Participants

    • Service Managers
    • Service Desk Support
    • Applications or Infrastructure Support

    What You'll Need

    • Flip Chart Paper
    • Sticky Notes
    • Pens

    Phase 3

    Design Request Fulfilment Processes

    Step 3.1: Build request workflows

    Image shows the steps in phase 3. Highlight is on step 3.1.

    This step will walk you through the following activities:

    • 3.1.1 Distinguish between requests and small projects
    • 3.1.2 Define service requests with SLAs
    • 3.1.3 Build and critique request workflows

    This step involves the following participants:

    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Workflows for service requests will improve the consistency and quality of service delivery and prepare the service desk to negotiate reliable service levels with the organization.

    DELIVERABLES

    • Workflows for the most common service requests
    • An estimated service level for each service request
    • Request vs. project criteria

    Standardize service requests for more efficient delivery

    Definitions:

    • An incident is an unexpected disruption to normal business processes and requires attempts to restore service as soon as possible (e.g. printer not working).
    • A service request is a request where nothing is broken or impacting a service and typically can be scheduled rather than requiring immediate resolution (e.g. new software application).
    • Service requests are repeatable, predictable, and easier to commit to SLAs.
    • By committing to SLAs, expectations can be set for users and business units for service fulfillment.
    • Workflows for service requests should be documented and reviewed to ensure consistency of fulfillment.
    • Documentation should be created for service request procedures that are complex.
    • Efficiencies can be created through automation such as with software deployment.
    • All service requests can be communicated through a self-service portal or service catalog.

    PREPARE A FUTURE SERVICE CATALOG

    Standardize requests to develop a consistent offering and prepare for a future service catalog.

    Document service requests to identify time to fulfill and approvals.

    Identify which service requests can be auto-approved and which will require a workflow to gain approval.

    Document workflows and analyze them to identify ways to improve SLAs. If any approvals are interrupting technical processes, rearrange them so that approvals happen before the technical team is involved.

    Determine support levels for each service offering and ensure your team can sustain them.

    Where it makes sense, automate delivery of services such as software deployment.

    Distinguish between service requests and small projects to ensure agents and end users follow the right process

    The distinction between service requests and small projects has two use cases, which are two sides of the same resourcing issue.

    • Service desk managers need to understand the difference to ensure the right approval process is followed. Typically, projects have more stringent intake requirements than requests do.
    • PMOs need to understand the difference to ensure the right people are doing the work and that small, frequent changes are standardized, automated, and taken out of the project list.

    What’s the difference between a service request and a small project?

    • The key differences involve resource scope, frequency, and risk.
    • Requests are likely to require fewer resources than projects, be fulfilled more often, and involve less risk.
    • Requests are typically done by tier 1 and 2 employees throughout the IT organization.
    • A request can turn into a small project if the scope of the request grows beyond the bounds of a normal request.

    Example: A mid-sized organization goes on a hiring blitz and needs to onboard 150 new employees in one quarter. Submitting and scheduling 150 requests for onboarding new employees would require much more time and resources.

    Projects are different from service requests and have different criteria

    A project, by terminology, is a temporary endeavor planned around producing a specific organizational or business outcome.

    Common Characteristics of Projects:

    • Time sensitive, temporary, one-off.
    • Uncertainty around how to create the unique thing, product, or service that is the project’s goal.
    • Non-repetitive work and sizeable enough to introduce heightened risk and complexity.
    • Strategic focus, business case-informed capital funding, and execution activities driven by a charter.
    • Introduces change to the organization.
    • Multiple stakeholders involved and cross-functional resourcing.

    Info-Tech Insight

    Projects require greater risk, effort, and resources than a service request and should be redirected to the PMO.

    Standard service requests vs. non-standard service requests: criteria to make them distinct

    • If there is no differentiation between standard and non-standard requests, those tickets can easily move into the backlog, growing it very quickly.
    • Create a process to easily identify non-standard requests when they enter the ticket queue to ensure customers are made aware of any delay of service, especially if it is a product or service currently not offered. This will give time for any approvals or technical solutioning that may need to occur.
    • Take recurring non-standard requests and make them standard. This is a good way to determine if there are any gaps in services offered and another vehicle to understand what your customers want.

    Standard Requests

    • Very common requests, delivered on an on-going basis
    • Defined process
    • Measured in hours or days
    • Uses service catalog, if it exists
    • Formalized and should already be documented
    • The time to deal with the request is defined

    Non-Standard Requests

    • Higher level complexity than standard requests
    • Cannot be fulfilled via service catalog
    • No defined process
    • Not supplied by questions that Service Request Definition (SRD) offers
    • Product or service is not currently offered, and it may need time for technical review, additional approvals, and procurement processes

    The right questions can help you distinguish between standard requests, non-standard requests, and projects

    Where do we draw the line between a standard and non-standard request and a project?

    The service desk can’t and shouldn’t distinguish between requests and projects on its own. Instead, engage stakeholders to determine where to draw the line.

    Whatever criteria you choose, define them carefully.

    Be pragmatic: there is no single best set of criteria and no single best definition for each criterion. The best criteria and definitions will be the ones that work in your organizational context.

    Common distinguishing factors and thresholds:

    Image shows table of the common distinguishing factors and thresholds.

    Distinguish between standard and non-standard service requests and projects

    3.1.1 Distinguish between service requests and projects

    1. Divide the group into two small teams.
    2. Each team will brainstorm examples of service requests and small projects.
    3. Identify factors and thresholds that distinguish between the two groups of items.
    4. Bring the two groups together and discuss the two sets of criteria.
    5. Consolidate one set of criteria that will help make the distinction between projects and service requests.
    6. Capture the table in the Service Desk SOP.

    Image shows blank template of the common distinguishing factors and thresholds.

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You'll Need

    • Service Desk SOP
    • Flip Chart
    • Whiteboard

    Distinguishing factors and thresholds

    Don’t standardize request fulfilment processes alone

    Everyone in IT contributes to the fulfilment of requests, but do they know it?

    New service desk managers sometimes try to standardize request fulfilment processes on their own only to encounter either apathy or significant resistance to change.

    Moving to a tiered generalist service desk with a service-oriented culture, a high first-tier generalist resolution rate, and collaborative T2 and T3 specialists can be a big change. It is critical to get the request workflows right.

    Don’t go it alone. Engage a core team of process champions from all service support. With executive support, the right process building exercises can help you overcome resistance to change.

    Consider running the process building activities in this project phase in a working session or a workshop setting.

    Info-Tech Insight

    If they build it, they will come. Service desk improvement is an exercise in organizational change that crosses IT disciplines. Organizations that fail to engage IT specialists from other silos often encounter resistance to change that jeopardizes the process improvements they are trying to make. Overcome resistance by highlighting how process changes will benefit different groups in IT and solicit the feedback of specialists who can affect or be affected by the changes.

    Define standard service requests with SLAs and workflows

    WHY DO I NEED WORKFLOWS?

    Move approvals out of technical IT processes to make them more efficient. Evaluate all service requests to see where auto-approvals make sense. Where approvals are required, use tools and workflows to manage the process.

    Example:

    Image is an example of SLAs and workflows.

    Approvals can be the main roadblock to fulfilling service requests

    Image is example of workflow approvals.

    Review the general standard service request and inquiry fulfillment processes

    As standard service requests should follow standard, repeatable, and predictable steps to fulfill, they can be documented with workflows.

    Image is a flow chart of service and inquiry request processes.

    Review the general standard service request and inquiry fulfillment processes

    Ensure there is a standard and predictable methodology for assessing non-standard requests; inevitably those requests may still cause delay in fulfillment.

    Create a process to ensure reasonable expectations of delivery can be set with the end user and then identify what technology requests should become part of the existing standard offerings.

    Image is a flowchart of non-standard request processes

    Document service requests to ensure consistent delivery and communicate requirements to users

    3.1.2 Define service requests with SLAs

    1. On a flip chart, list standard service requests.
    2. Identify time required to fulfill, including time to schedule resources.
    3. Identify approvals required; determine if approvals can be automated through defining roles.
    4. Discuss opportunities to reduce SLAs or automate, but recognize that this may not happen right away.
    5. Discuss plans to communicate SLAs to the business units, recognizing that some users may take a bit of time to adapt to the new SLAs.
    6. Work toward improving SLAs as new opportunities for process change occur.
    7. Document SLAs in the Service Desk SOP and update as SLAs change.
    8. Build templates in the service desk tool that encapsulate workflows and routing, SLAs, categorization, and resolution.

    Participants

    • Service Desk Managers
    • Service Desk Agents

    What You'll Need

    • Service Desk SOP
    • Flip Chart
    • Whiteboard

    Info-Tech Insight

    These should all be scheduled services. Anything that is requested as a rush needs to be marked as a higher urgency or priority to track end users who need training on the process.

    Analyze service request workflows to improve service delivery

    3.1.3 Build and critique request workflows

    1. Divide the group into small teams.
    2. Each team will choose one service request from the list created in the previous module and then draw the workflow. Include decision points and approvals.
    3. Discuss availability and technical support:
      • Can the service be fulfilled during regular business hours or 24x7?
      • Is technical support and application access available during regular business hours or 24x7?
    4. Reconvene and present workflows to the group.
    5. Document workflows in Visio and add to the Service Desk SOP. Where appropriate, enter workflows in the service desk tool.

    Critique workflows for efficiencies and effectiveness:

    • Do the workflows support the SLAs identified in the previous exercise?
    • Are the workflows efficient?
    • Is the IT staff consistently following the same workflow?
    • Are approvals appropriate? Is there too much bureaucracy or can some approvals be removed? Can they be preapproved?
    • Are approvals interrupting technical processes? If so, can they be moved?

    Participants

    • Service Desk Managers
    • Service Desk Agents

    What You'll Need

    • Service Desk SOP
    • Project Summary
    • Flip Chart
    • Whiteboard

    Step 3.2: Build a targeted knowledgebase

    Image shows the steps in phase 3. Highlight is on step 3.2.

    This step will walk you through the following activities:

    • 3.2.1 Design knowledge management processes
    • 3.2.2 Create actionable knowledgebase articles

    This step involves the following participants:

    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    The section will introduce service catalogs and get the organization to envision what self-service tools it might include.

    DELIVERABLES

    • Knowledgebase policy and process

    A knowledgebase is an essential tool in the service management toolbox

    Knowledge Management

    Gathering, analyzing, storing & sharing knowledge to reduce the need to rediscover known solutions.

    Knowledgebase

    Organized repository of IT best practices and knowledge gained from practical experiences.

    • End-User KB
    • Give end users a chance to resolve simple issues themselves without submitting a ticket.

    • Internal KB
    • Shared resource for service desk staff and managers to share and use knowledge.

    Use the knowledgebase to document:

    • Steps for pre-escalation troubleshooting.
    • Known errors.
    • Workarounds or solutions to recurring issues.
    • Solutions that require research or complex troubleshooting.
    • Incidents that have many root causes. Start with the most frequent solution and work toward less likely issues.

    Draw on organizational goals to define the knowledge transfer target state

    Image is Info-Tech’s Knowledge Transfer Maturity Model
    *Source: McLean & Company, 2013; N=120

    It’s better to start small than to have nothing at all

    Service desk teams are often overwhelmed by the idea of building and maintaining a comprehensive integrated knowledgebase that covers an extensive amount of information.

    Don’t let this idea stop you from building a knowledgebase! It takes time to build a comprehensive knowledgebase and you must start somewhere.

    Start with existing documentation or knowledge that depends on the expertise of only a few people and is easy to document and you will already see the benefits.

    Then continue to build and improve from there. Eventually, knowledge management will be a part of the culture.

    Engage the team to build a knowledgebase targeted on your most important incidents and requests

    WHERE DO I START?

    Inventory and consolidate existing documentation, then evaluate it for audience relevancy, accuracy, and usability. Use the exercise and the next slides to develop a knowledgebase template.

    Produce a plan to improve the knowledgebase.

    • Identify the current top five or ten incidents from the service desk reports and create related knowledgebase articles.
    • Evaluate for end-user self-service or technician resolution.
    • Note any resolutions that require access rights to servers.
    • Assign documentation creation tasks for the knowledgebase to individual team members each week.
    • Apply only one incident per article.
    • Set goals for each technician to submit one or two meaningful articles per month.
    • Assign a knowledge manager to monitor creation and edit and maintain the database.
    • Set policy to drive currency of the knowledgebase. See the Service Desk SOP for an example of a workable knowledge policy.

    Use a phased approach to build a knowledgebase

    Image is an example of a phased approach to build a knowledge base

    Use a quarterly, phased approach to continue to build and maintain your knowledgebase

    Continual Knowledgebase Maintenance:

    • Once a knowledgebase is in place, future articles should be written using established templates.
    • Articles should be regularly reviewed and monitored for usage. Outdated information will be retired and archived.
    • Ticket trend analysis should be done on an ongoing basis to identify new articles.
    • A proactive approach will anticipate upcoming issues based on planned upgrades and maintenance or other changes, and document resolution steps in knowledgebase articles ahead of time.

    Every Quarter:

    1. Conduct a ticket trend analysis. Identify the most important and common tickets.
    2. Review the knowledgebase to identify relevant articles that need to be revised or written.
    3. Use data from knowledge management tool to track expiring content and lesser used articles.
    4. Assign the task of writing articles to all IT staff members.
    5. Build and revise ticket templates for incident and service requests.

    Assign a knowledge manager role to ensure accountability for knowledgebase maintenance

    Assign a knowledge manager to monitor creation and edit and maintain database.

    Knowledge Manager/Owner Role:

    • Has overall responsibility for the knowledgebase.
    • Ensures content is consistent and maintains standards.
    • Regularly monitors and updates the list of issues that should be added to the knowledgebase.
    • Regularly reviews existing knowledgebase articles to ensure KB is up to date and flags content to retire or review.
    • Assigns content creation tasks.
    • Optimizes knowledgebase structure and organization.
    • See Info-Tech’s knowledge manager role description if you need a hand defining this position.

    The knowledge manager role will likely be a role assigned to an existing resource rather than a dedicated position.

    Develop a template to ensure knowledgebase articles are easy to read and write

    A screenshot of the Knowledgebase Article Template

    QUICK TIPS

    • Use non-technical language whenever possible to help less-technical readers.
    • Identify error messages and use screenshots where it makes sense.
    • Take advantage of social features like voting buttons to increase use.
    • Use Info-Tech’s Knowledge Base Article Template to get you started.

    Analyze the necessary features for your knowledgebase and compare them against existing tools

    Service desk knowledgebases range in complexity from simple FAQs to fully integrated software suites.

    Options include:

    • Article search with negative and positive filters.
    • Tagging, with the option to have keywords generate top matches.
    • Role-based permissions (to prevent unauthorized deletions).
    • Ability to turn a ticket resolution into a knowledgebase article (typically only available if knowledgebase tool is part of the service desk tool).
    • Natural language search.
    • Partitioning so relevant articles only appear for specific audiences.
    • Editorial workflow management.
    • Ability to set alerts for scheduled article review.
    • Article reporting (most viewed, was it useful?).
    • Rich text fields for attaching screenshots.

    Determine which features your organization needs and check to see if your tools have them.

    For more information on knowledgebase improvement, refer to Info-Tech’s Optimize the Service Desk With a Shift-Left Strategy.

    Document your knowledge management maintenance workflow to identify opportunities for improvement

    Workflow should include:

    • How you will identify top articles that need to be written
    • How you will ensure articles remain relevant
    • How you will assign new articles to be written, inclusive of peer review
    Image of flowchart of knowledgebase maintenance process.

    Design knowledgebase management processes

    3.2.1 Design knowledgebase management processes

    1. Assign a knowledge manager to monitor creation and edit and maintain the database. See Info-Tech’s knowledge manager role description if you need a hand defining this position.
    2. Discuss how you can use the service desk tool to integrate the knowledgebase with incident management, request fulfilment, and self-service processes.
    3. Discuss the suitability of a quarterly process to build and edit articles for a target knowledgebase that covers your most important incidents and requests.
    4. Set knowledgebase creation targets for tier 1, 2, and 3 analysts.
    5. Identify relevant performance metrics.
    6. Brainstorm elements that might be used as an incentive program to encourage the creation of knowledgebase articles and knowledge sharing more generally.
    7. Set policy to drive currency of knowledgebase. See the Service Desk SOP for an example of a workable knowledge policy.

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You’ll Need

    • Service Desk SOP
    • Flip Chart
    • Whiteboard

    Create actionable knowledgebase articles

    3.2.2 Run a knowledgebase working group

    Write and critique knowledgebase articles.

    1. On a whiteboard, build a list of potential knowledgebase articles divided by audience: Technician or End User.
    2. Each team member chooses one topic and spends 20 minutes writing.
    3. Each team member either reads the article and has the team critique or passes to the technician to the right for peer review. If there are many participants, break into smaller groups.
    4. Set a goal with the team for how, when, and how often knowledgebase articles will be created.
    5. Capture knowledgebase processes in the Service Desk SOP.

    Audience: Technician

    • Password update
    • VPN printing
    • Active directory – policy, procedures, naming conventions
    • Cell phones
    • VPN client and creation set-up

    Audience: End users

    • Set up email account
    • Password creation policy
    • Voicemail – access, change greeting, activities
    • Best practices for virus, malware, phishing attempts
    • Windows 10 tips and tricks

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You’ll Need

    • Service Desk SOP
    • Flip Chart
    • Whiteboard

    Step 3.3: Prepare for a self-service portal project

    Image shows the steps in phase 3. Highlight is on step 3.3.

    This step will walk you through the following activities:

    • 3.3.1 Develop self-service tools for the end user
    • 3.3.2 Make a plan for creating or improving the self-service portal

    This step involves the following participants:

    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    The section prepares you to tackle a self-service portal project once the service desk standardization is complete.

    DELIVERABLES

    • High-level activities to create a self-service portal

    Design the self-service portal with the users’ computer skills in mind

    A study by the OECD offers a useful reminder of one of usability’s most hard-earned lessons: you are not the user.

    • There is an important difference between IT professionals and the average user that’s even more damaging to your ability to predict what will be a good self-service tool: skills in using computers, the internet, and technology in general.
    • An international research study explored the computer skills of 215,942 people aged 16-65 in 33 countries.
    • The results show that across 33 rich countries, only 5% of the population has strong computer-related abilities and only 33% of people can complete medium-complexity computer tasks.
    • End users are skilled, they just don’t have the same level of comfort with computers as the average IT professional. Design your self-service tools with that fact in mind.
    Image is of a graph showing the ability of computer skills from age 16-65 among various countries.

    Take an incremental and iterative approach to developing your self-service portal

    Use a web portal to offer self-serve functionality or provide FAQ information to your customers to start.

    • Don’t build from scratch. Ideally, use the functionality included with your ITSM tool.
    • If your ITSM tool doesn’t have an adequate self-service portal functionality, then harness other tools that IT already uses. Common examples include Microsoft SharePoint and Google Forms.
    • Make it as easy as possible to access the portal:
      • Deploy an app to managed devices or put the app in your app store.
      • Create a shortcut on people’s start menus or home screens.
      • Print the URL on swag such as mousepads.
    • Follow Info-Tech’s approach to developing your user facing service catalog.

    Some companies use vending machines as a form of self serve. Users can enter their purchase code and “buy” a thin client, mouse, keyboard, software, USB keys, tablet, headphones, or loaners.

    Info-Tech Insight

    Building the basics first will provide your users with immediate value. Incrementally add new features to your portal.

    Optimize the portal: self-service should be faster and more convenient than the alternative

    Design the portal by demand, not supply

    Don’t build a portal framed around current offerings and capabilities just for the sake of it. Build the portal based on what your users want and need if you want them to use it.

    Make user experience a top priority

    The portal should be designed for users to self-serve, and thus self-service must be seamless, clear, and attractive to users.

    Speak your users’ language

    Keep in mind that users may not have high technical literacy or be familiar with terminology that you find commonplace. Use terms that are easy to understand.

    Appeal to both clickers and searchers

    Ensure that users can find what they’re looking for both by browsing the site and by using search functionality.

    Use one central portal for all departments

    If multiple departments (i.e. HR, Finance) use or will use a portal, set up a shared portal so that users won’t have to guess where to go to ask for help.

    You won’t know unless you test

    You will know how to navigate the portal better than anyone, but that doesn’t mean it’s intuitive for a new user. Test the portal with users to collect and incorporate feedback.

    Self-service portal examples (1/2)

    Image is of an example of the self-service portal

    Image source: Cherwell Service Management

    Self-service examples (2/2)

    Image is of an example of the self-service portal

    Image source: Team Dynamix

    Keep the end-user facing knowledgebase relevant with workflows, multi-device access, and social features

    Workflows:

    • Easily manage peer reviews and editorial and relevance review.
    • Enable links and importing between tickets and knowledgebase articles.
    • Enable articles to appear based on ticket content.

    Multi-device access:

    • Encourage users to access self-service.
    • Enable technicians to solve problems from anywhere.

    Social features:

    • Display most popular articles first to solve trending issues.
    • Enable voting to improve usability of articles.
    • Allow collaboration on self-service.

    For more information on building self-service portal, refer to Info-Tech’s Optimize the Service Desk with a Shift-Left Strategy

    Draft a high-level project plan for a self-service portal project

    3.3.1 Draft a high-level project plan for a self-service portal project

    1. Identify stakeholders who can contribute to the project.
      • Who will help with FAQ creation?
      • Who can design the self-service portal?
      • Who needs to sign off on the project?
    2. Identify the high-level tasks that need to be done.
      • How many FAQs need to be created?
      • How will we design the service catalog’s web portal?
      • What might a phased approach look like?
      • How can we break down the project into design, build, and implementation tasks?
      • What is the rough timeline for these tasks?
    3. Capture the high-level activities in the Service Desk Roadmap.

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You’ll Need

    • Flip Chart
    • Whiteboard
    • Implementation Roadmap

    Once you have a service portal, you can review the business requirements for a service catalog

    A service catalog is a communications device that lists the IT services offered by an organization. The service catalog is designed to enable the creation of a self-service portal for the end user. The portal augments the service desk so analysts can spend time managing incidents and providing technical support.

    The big value comes from workflows:

    • Improved economics and a means to measure the costs to serve over time.
    • Incentive for adoption because things work better.
    • Abstracts delivery from offer to serve so you can outsource, insource, crowdsource, slow, speed, reassign, and cover absences without involving the end user.

    There are three types of catalogs:

    • Static:Informational only, so can be a basic website.
    • Routing and workflow: Attached to service desk tool.
    • Workflow and e-commerce: Integrated with service desk tool and ERP system.
    Image is an example of service catalog

    Image courtesy of University of Victoria

    Understand the time and effort involved in building a service catalog

    A service catalog will streamline IT service delivery, but putting one together requires a significant investment. Service desk standardization comes first.

    • Workflows and back-end services must be in place before setting up a service catalog.
    • Think of the catalog as just the delivery mechanism for service you currently provide. If they aren’t running well and delivery is not consistent, you don’t want to advertise SLAs and options.
    • Service catalogs require maintenance.
    • It’s not a one-time investment – service catalogs must be kept up to date to be useful.
    • Service catalog building requires input from VIPs.
    • Architects and wordsmiths are not the only ones that spend effort on the service catalog. Leadership from IT and the business also provide input on policy and content.

    Sample Service Catalog Efforts

    • A college with 17 IT staff spent one week on a simple service catalog.
    • A law firm with 110 IT staff spent two months on a service catalog project.
    • A municipal government with 300 IT people spent over seven months and has yet to complete the project.
    • A financial organization with 2,000 IT people has spent seven months on service catalog automation alone! The whole project has taken multiple years.

    “I would say a client with 2,000 users and an IT department with a couple of hundred, then you're looking at six months before you have the catalog there.”

    – Service Catalog Implementation Specialist,

    Health Services

    Draft a high-level project plan for a self-service portal project

    3.2.2 Make a plan for creating or improving the self-service portal

    Identify stakeholders who can contribute to the project.

    • Who will help with FAQs creation?
    • Who can design the self-service portal?
    • Who needs to sign off on the project?

    Evaluate tool options.

    • Will you stick with your existing tool or invest in a new tool?

    Identify the high-level tasks that need to be done.

    • How will we design the web portal?
    • What might a phased approach look like?
    • What is the rough timeline for these tasks?
    • How many FAQs need to be created?
    • Will we have a service catalog, and what type?

    Document the plan and tasks in the Service Desk Roadmap.

    Examples of publicly posted service catalogs:

    University of Victoria is an example of a catalog that started simple and now includes multiple divisions, notifications, systems status, communications, e-commerce, incident registration, and more.

    Indiana University is a student, faculty, and staff service catalog and self-service portal that goes beyond IT services.

    If you are ready to start building a service catalog, use Info-Tech’s Design and Build a User-Facing Service Catalog blueprint to get started.

    Phase 4

    Plan the Implementation of the Service Desk

    Step 4.1: Build communication plan

    Image shows the steps in phase 4. Highlight is on step 4.1.

    This step will walk you through the following activities:

    • 4.1.1 Create the communication plan

    This step involves the following participants:

    • CIO
    • IT Director
    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    The communication plan and project summary will help project managers outline recommendations and communicate their benefits.

    DELIVERABLES

    • Communication plan
    • Project summary

    Effectively communicate the game plan to IT to ensure the success of service desk improvements

    Communication is crucial to the integration and overall implementation of your service desk improvement.

    An effective communication plan will:

    • Gain support from management at the project proposal phase.
    • Create end-user buy-in once the program is set to launch.
    • Maintainthe presence of the program throughout the business.
    • Instill ownership throughout the business, from top-level management to new hires.

    Build a communication plan to:

    1. Communicate benefits to IT:
      • Share the standard operating procedures for training and feedback.
      • Train staff on policies as they relate to end users and ensure awareness of all policy changes.
      • As changes are implemented, continue to solicit feedback on what is and is not working and communicate adjustments as appropriate.
    2. Train technicians:
      • Make sure everyone is comfortable communicating changes to customers.
    3. Measure success:
      • Review SLAs and reports. Are you consistently meeting SLAs?
      • Is it safe to communicate with end users?

    Create your communication plan to anticipate challenges, remove obstacles, and secure buy-in

    Why:

    • What problems are you trying to solve?

    What:

    • What processes will it affect (that will affect me)?

    Who:

    • Who will be affected?
    • Who do I go to if I have issues with the new process?
    3 gears are depicted. The top gear is labelled managers with an arrow going clockwise. The middle gear is labelled technical staff with an arrow going counterclockwise. The bottom gear is labelled end users with an arrow going clockwise

    When:

    • When will this be happening?
    • When will it affect me?

    How:

    • How will these changes manifest themselves?

    Goal:

    • What is the final goal?
    • How will it benefit me?

    Create a communication plan to outline the project benefits

    Improved business satisfaction:

    • Improve confidence that the service desk can solve issues within the service-level agreement.
    • Channel incidents and requests through the service desk.
    • Escalate incidents quickly and accurately.

    Fewer recurring issues:

    • Tickets are created for every incident and categorized correctly.
    • Reports can be used for root-cause analysis.

    Increased efficiency or lower cost to serve:

    • Use FAQs to enable end users to self-solve.
    • Use knowledgebase to troubleshoot once, solve many times.
    • Cross-train to improve service consistency.

    Enhanced demand planning:

    • Trend analysis and reporting improve IT’s ability to forecast and address the demands of the business.

    Organize the information to manage the deployment of key messages

    Example of how to organize and manage key messages

    Create the communication plan

    4.1.1 Create the communication plan

    Estimated Time: 45 minutes

    Develop a stakeholder analysis.

    1. Identify everyone affected by the project.
    2. Assess their level of interest, value, and influence.
    3. Develop a communication strategy tailored to their level of engagement.

    Craft key messages tailored to each stakeholder group.

    Finalize the communication plan.

    1. Examine your roadmap and determine the most appropriate timing for communications.
    2. Assess when communications must happen with executives, business unit leaders, end users, and technicians.
    3. Identify any additional communication challenges that have come up.
    4. Identify who will send out the communications.
    5. Identify multiple methods for getting the messages out (newsletters, emails, posters, company meetings).
    6. For inspiration, you can refer to the Sample Communication Plan for the project.

    Participants

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    Step 4.2: Build implementation roadmap

    Image shows the steps in phase 4. Highlight is on step 4.2.

    This step will walk you through the following activities:

    • 4.2.1 Build implementation roadmap

    This step involves the following participants:

    • CIO
    • IT Director
    • IT Managers
    • Service Desk Manager
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    The implementation plan will help track and categorize the next steps and finalize the project.

    DELIVERABLES

    • Implementation roadmap

    Collaborate to create an implementation plan

    4.2.1 Create the implementation plan

    Estimated Time: 45 minutes

    Determine the sequence of improvement initiatives that have been identified throughout the project.

    The purpose of this exercise is to define a timeline and commit to initiatives to reach your goals.

    Instructions:

    1. Review the initiatives that will be taken to improve the service desk and revise tasks, as necessary.
    2. Input each of the tasks in the data entry tab and provide a description and rationale behind the task.
    3. Assign an effort, priority, and cost level to each task (high, medium, low).
    4. Assign ownership to each task.
    5. Identify the timeline for each task based on the priority, effort, and cost (short, medium, and long term).
    6. Highlight risk for each task if it will be deferred.
    7. Track the progress of each task with the status column.

    Participants

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    A screenshot of the Roadmap tool.

    Document using the Roadmap tool.

    Related Info-Tech Research

    Standardize the Service Desk

    ImplementHardware and Software Asset Management

    Optimize Change Management Incident and Problem Management Build a Continual Improvement Plan for the Service Desk

    The Standardize blueprint reviews service desk structures and metrics and builds essential processes and workflows for incident management, service request fulfillment, and knowledge management practices.

    Once the service desk is operational, there are three paths to basic ITSM maturity:

    • Having the incident management processes and workflows built allows you to:
      • Introduce Change Management to reduce change-related incidents.
      • Introduce Problem Management to reduce incident recurrence.
      • Introduce Asset Management to augment service management processes with reliable data.

    Solicit targeted department feedback on core IT service capabilities, IT communications, and business enablement. Use the results to assess the satisfaction of end users, with each service broken down by department and seniority level.

    Works cited

    “Help Desk Staffing Models: Simple Analysis Can Save You Money.” Giva, Inc., 2 Sept. 2009. Web.

    Marrone et al. “IT Service Management: A Cross-national Study of ITIL Adoption.” Communications of the Association for Information Systems: Vol. 34, Article 49. 2014. PDF.

    Rumburg, Jeff. “Metric of the Month: First Level Resolution Rate.” MetricNet, 2011. Web.

    “Service Recovery Paradox.” Wikipedia, n.d. Web.

    Tang, Xiaojun, and Yuki Todo. “A Study of Service Desk Setup in Implementing IT Service Management in Enterprises.” Technology and Investment: Vol. 4, pp. 190-196. 2013. PDF.

    “The Survey of Adult Skills (PIAAC).” Organisation for Economic Co-operation and Development (OECD), 2016. Web.

    Contributors

    • Jason Aqui, IT Director, Bellevue College
    • Kevin Sigil, IT Director, Southwest Care Centre
    • Lucas Gutierrez, Service Desk Manager, City of Santa Fe
    • Rama Dhuwaraha, CIO, University of North Texas System
    • Annelie Rugg, CIO, UCLA Humanities
    • Owen McKeith, Manager IT Infrastructure, Canpotex
    • Rod Gula, IT Director, American Realty Association
    • Rosalba Trujillo, Service Desk Manager, Northgate Markets
    • Jason Metcalfe, IT Manager, Mesalabs
    • Bradley Rodgers, IT Manager, SecureTek
    • Daun Costa, IT Manager, Pita Pit
    • Kari Petty, Service Desk Manager, Mansfield Oil
    • Denis Borka, Service Desk Manager, PennTex Midstream
    • Lateef Ashekun, IT Manager, City of Atlanta
    • Ted Zeisner, IT Manager, University of Ottawa Institut de Cardiologie

    Create a Customized Big Data Architecture and Implementation Plan

    • Buy Link or Shortcode: {j2store}388|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Big data architecture is different from traditional data for several key reasons, including:
      • Big data architecture starts with the data itself, taking a bottom-up approach. Decisions about data influence decisions about components that use data.
      • Big data introduces new data sources such as social media content and streaming data.
      • The enterprise data warehouse (EDW) becomes a source for big data.
      • Master data management (MDM) is used as an index to content in big data about the people, places, and things the organization cares about.
      • The variety of big data and unstructured data requires a new type of persistence.
    • Many data architects have no experience with big data and feel overwhelmed by the number of options available to them (including vendor options, storage options, etc.). They often have little to no comfort with new big data management technologies.
    • If organizations do not architect for big data, there are a couple of main risks:
      • The existing data architecture is unable to handle big data, which will eventually result in a failure that could compromise the entire data environment.
      • Solutions will be selected in an ad hoc manner, which can cause incompatibility issues down the road.

    Our Advice

    Critical Insight

    • Before beginning to make technology decisions regarding the big data architecture, make sure a strategy is in place to document architecture principles and guidelines, the organization’s big data business pattern, and high-level functional and quality of service requirements.
    • The big data business pattern can be used to determine what data sources should be used in your architecture, which will then dictate the data integration capabilities required. By documenting current technologies, and determining what technologies are required, you can uncover gaps to be addressed in an implementation plan.
    • Once you have identified and filled technology gaps, perform an architectural walkthrough to pull decisions and gaps together and provide a fuller picture. After the architectural walkthrough, fill in any uncovered gaps. A proof-of-technology project can be started as soon as you have evaluation copies (or OSS) products and at least one person who understands the technology.

    Impact and Result

    • Save time and energy trying to fix incompatibilities between technology and data.
    • Allow the Data Architect to respond to big data requests from the business more quickly.
    • Provide the organization with valuable insights through the analytics and visualization technologies that are integrated with the other building blocks.

    Create a Customized Big Data Architecture and Implementation Plan Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Recognize the importance of big data architecture

    Big data is centered on the volume, variety, velocity, veracity, and value of data. Achieve a data architecture that can support big data.

    • Storyboard: Create a Customized Big Data Architecture and Implementation Plan

    2. Define architectural principles and guidelines while taking into consideration maturity

    Understand the importance of a big data architecture strategy. Assess big data maturity to assist with creation of your architectural principles.

    • Big Data Maturity Assessment Tool
    • Big Data Architecture Principles & Guidelines Template

    3. Build the big data architecture

    Come to accurate big data architecture decisions.

    • Big Data Architecture Decision Making Tool

    4. Determine common services needs

    What are common services?

    5. Plan a big data architecture implementation

    Gain business satisfaction with big data requests. Determine what steps need to be taken to achieve your big data architecture.

    • Big Data Architecture Initiative Definition Tool
    • Big Data Architecture Initiative Planning Tool

    Infographic

    Workshop: Create a Customized Big Data Architecture and Implementation Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Recognize the Importance of Big Data Architecture

    The Purpose

    Set expectations for the workshop.

    Recognize the importance of doing big data architecture when dealing with big data.

    Key Benefits Achieved

    Big data defined.

    Understanding of why big data architecture is necessary.

    Activities

    1.1 Define the corporate strategy.

    1.2 Define big data and what it means to the organization.

    1.3 Understand why doing big data architecture is necessary.

    1.4 Examine Info-Tech’s Big Data Reference Architecture.

    Outputs

    Defined Corporate Strategy

    Defined Big Data

    Reference Architecture

    2 Design a Big Data Architecture Strategy

    The Purpose

    Identification of architectural principles and guidelines to assist with decisions.

    Identification of big data business pattern to choose required data sources.

    Definition of high-level functional and quality of service requirements to adhere architecture to.

    Key Benefits Achieved

    Key Architectural Principles and Guidelines defined.

    Big data business pattern determined.

    High-level requirements documented.

    Activities

    2.1 Discuss how maturity will influence architectural principles.

    2.2 Determine which solution type is best suited to the organization.

    2.3 Define the business pattern driving big data.

    2.4 Define high-level requirements.

    Outputs

    Architectural Principles & Guidelines

    Big Data Business Pattern

    High-Level Functional and Quality of Service Requirements Exercise

    3 Build a Big Data Architecture

    The Purpose

    Establishment of existing and required data sources to uncover any gaps.

    Identification of necessary data integration requirements to uncover gaps.

    Determination of the best suited data persistence model to the organization’s needs.

    Key Benefits Achieved

    Defined gaps for Data Sources

    Defined gaps for Data Integration capabilities

    Optimal Data Persistence technology determined

    Activities

    3.1 Establish required data sources.

    3.2 Determine data integration requirements.

    3.3 Learn which data persistence model is best suited.

    3.4 Discuss analytics requirements.

    Outputs

    Data Sources Exercise

    Data Integration Exercise

    Data Persistence Decision Making Tool

    4 Plan a Big Data Architecture Implementation

    The Purpose

    Identification of common service needs and how they differ for big data.

    Performance of an architectural walkthrough to test decisions made.

    Group gaps to form initiatives to develop an Initiative Roadmap.

    Key Benefits Achieved

    Common service needs identified.

    Architectural walkthrough completed.

    Initiative Roadmap completed.

    Activities

    4.1 Identify common service needs.

    4.2 Conduct an architectural walkthrough.

    4.3 Group gaps together into initiatives.

    4.4 Document initiatives on an initiative roadmap.

    Outputs

    Architectural Walkthrough

    Initiative Roadmap

    Learn the right way to manage metrics

    • Parent Category Name: Improve Your Processes
    • Parent Category Link: /improve-your-processes

    Learn to use metrics in the right way. Avoid staff (subconciously) gaming the numbers, as it is only natural to try to achieve the objective. This is really a case of be careful what you wish for, you may just get it.

    Register to read more …

    Cut Cost Through Effective IT Category Planning

    • Buy Link or Shortcode: {j2store}213|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • IT departments typically approach sourcing a new vendor or negotiating a contract renewal as an ad hoc event.
    • There is a lack of understanding on how category planning governance can save money.
    • IT vendor “go to market” or sourcing activities are typically not planned and are a reaction to internal client demands or vendor contract expiration.

    Our Advice

    Critical Insight

    • Lack of knowledge of the benefits and features of category management, including the perception that the sourcing process takes too long, are two of the most common challenges that prevent IT from category planning.
    • Other challenges include the traditional view of contract renegotiation and vendor acquisition as a transactional event vs. an ongoing strategic process.
    • Finally, allocating resources and time to collect the data, vendor information, and marketing analysis prevents us from creating category plans.

    Impact and Result

    • An IT category plan establishes a consistent and proactive methodology or process to sourcing activities such as request for information (RFI), request for proposals, (RFPs), and direct negotiations with a specific vendor or“targeted negotiations” such as renewals.
    • The goal of an IT category plan is to leverage a strategic approach to vendor selection while identify cost optimizing opportunities that are aligned with IT strategy and budget objectives.

    Cut Cost Through Effective IT Category Planning Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create an IT category plan to reduce your IT cost, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create an IT category plan

    Use our three-step approach of Organize, Design, and Execute an IT Category Plan to get the most out of your IT budget while proactively planning your vendor negotiations.

    • IT Category Plan
    • IT Category Plan Metrics
    • IT Category Plan Review Presentation
    [infographic]

    Enterprise Architecture Trends

    • Buy Link or Shortcode: {j2store}584|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model
    • The digital transformation journey brings business and technology increasingly closer.
    • Because the two become more and more intertwined, the role of the enterprise architecture increases in importance, aligning the two in providing additional efficiencies.
    • The current need for an accelerated digital transformation elevates the importance of enterprise architecture.

    Our Advice

    Critical Insight

    • Enterprise architecture is impacted and has an increasing role in the following areas:
      • Business agility
      • Security
      • Innovation
      • Collaborative EA
      • Tools and automation

    Impact and Result

    EA’s role in brokering and negotiating overlapping areas can lead to the creation of additional efficiencies at the enterprise level.

    Enterprise Architecture Trends Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Enterprise Architecture Trends Deck – A trend report to support executives as they digitally transform the enterprise.

    In an accelerated path to digitization, the increasingly important role of enterprise architecture is one of collaboration across siloes, inside and outside the enterprise, in a configurable way that allows for quick adjustment to new threats and conditions, while embracing unprecedented opportunities to scale, stimulating innovation, in order to increase the organization’s competitive advantage.

    • Enterprise Architecture Trends Report

    Infographic

    Further reading

    Enterprise Architecture Trends

    Supporting Executives to Digitally Transform the Enterprise

    Analyst Perspective

    Enterprise architecture, seen as the glue of the organization, aligns business goals with all the other aspects of the organization, providing additional effectiveness and efficiencies while also providing guardrails for safety.

    In an accelerated path to digitization, the increasingly important role of enterprise architecture (EA) is one of collaboration across siloes, inside and outside the enterprise, in a configurable way that allows for quick adjustment to new threats and conditions while embracing unprecedented opportunities to scale, stimulating innovation to increase the organization’s competitive advantage.

    Photo of Milena Litoiu, Principal/Senior Director, Enterprise Architecture, Info-Tech Research Group.

    Milena Litoiu
    Principal/Senior Director, Enterprise Architecture
    Info-Tech Research Group

    Accelerated digital transformation elevates the importance of EA

    The Digital transformation journey brings Business and technology increasingly closer.

    Because the two become more and more intertwined, the role OF Enterprise Architecture increases in importance, aligning the two in providing additional efficiencies.

    THE Current need for an accelerated Digital transformation elevates the importance of Enterprise Architecture.

    More than 70% of organizations revamp their enterprise architecture programs. (Info-Tech Tech Trends 2022 Survey)

    Most organizations still see a significant gap between the business and IT.

    Enterprise Architecture (EA) is impacted and has an increasing role in the following areas

    Accelerated Digital Transformation

    • Business agility Business agility, needed more that ever, increases reliance on enterprise strategies.
      EA creates alignment between business and IT to improve business nimbleness.
    • Security More sophisticated attacks require more EA coordination.
      EA helps adjust to the increasing sophistication of external threats. Partnering with the CISO office to develop strategies to protect the enterprise becomes a prerequisite for survival.
    • Innovation EA's role in an innovation increases synergies at the enterprise level.
      EA plays an increasingly stronger role in innovation, from business endeavors to technology, across business units, etc.
    • Collaborative EA Collaborative EA requires new ways of working.
      Enterprise collaboration gains new meaning, replacing stiff governance.
    • Tools & automation Tools-based automation becomes increasingly common.
      Tools support as well as new artificial intelligence or machine- learning- powered approaches help achieve tools-assisted coordination across viewpoints and teams.

    Info-Tech Insight

    EA's role in brokering and negotiating overlapping areas can lead to the creation of additional efficiencies at the enterprise level.

    EA Enabling Business Agility

    Trend 01 — Business Agility is needed more than ever and THIS increases reliance on enterprise Strategies. to achieve nimbleness, organizations need to adapt timely to changes in the environment.

    Approaches:
    A plethora of approaches are needed (e.g. architecture modularity, data integration, AI/ML) in addition to other Agile/iterative approaches for the entire organization.

    Develop a Security Awareness and Training Program That Empowers End Users

    • Buy Link or Shortcode: {j2store}370|cart{/j2store}
    • member rating overall impact (scale of 10): 9.4/10 Overall Impact
    • member rating average dollars saved: $12,075 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • The fast evolution of the cybersecurity landscape requires security training and awareness programs that are frequently updated and improved.
    • Security and awareness training programs often fail to engage end users. Lack of engagement can lead to low levels of knowledge retention.
    • Irrelevant or outdated training content does not properly prepare your end users to effectively defend the organization against security threats.

    Our Advice

    Critical Insight

    • One-time, annual training is no longer sufficient for creating an effective security awareness and training program.
    • By presenting security as a personal and individualized issue, you can make this new personal focus a driver for your organizational security awareness and training program.

    Impact and Result

    • Create a training program that delivers smaller amounts of information on a more frequent basis to minimize effort, reduce end-user training fatigue, and improve content relevance.
    • Evaluate and improve your security awareness and training program continuously to keep its content up-to-date. Leverage end-user feedback to ensure content remains relevant to those who receive it.

    Develop a Security Awareness and Training Program That Empowers End Users Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a security awareness and training program that empowers end users, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop your training program

    Create or mature a security awareness and training program that is tailored to your organization.

    • Develop a Security Awareness and Training Program That Empowers End Users – Phase 1: Develop Your Training Program
    • Security Awareness and Training Program Development Tool
    • End-User Security Job Description Template
    • Training Materials – Physical Computer Security
    • Training Materials – Cyber Attacks
    • Training Materials – Incident Response
    • Training Materials – Mobile Security
    • Training Materials – Passwords
    • Training Materials – Phishing
    • Training Materials – Social Engineering
    • Training Materials – Web Usage
    • Security Awareness and Training Vendor Evaluation Tool
    • Security Awareness and Training Metrics Tool
    • End-User Security Knowledge Test Template
    • Security Training Campaign Development Tool

    2. Design an effective training delivery plan

    Explore methods of training delivery and select the most effective solutions.

    • Develop a Security Awareness and Training Program That Empowers End Users – Phase 2: Design an Effective Training Delivery Plan
    • Information Security Awareness and Training Policy
    • Security Awareness and Training Gamification Guide
    • Mock Spear Phishing Email Examples
    • Security Training Email Templates
    • Security Awareness and Training Module Builder and Training Schedule
    • Security Training Campaign Development Tool
    • Security Training Program Manual
    • Security Awareness and Training Feedback Template
    • Security Awareness Month Week 1: Staying in Touch
    • Security Awareness Month Week 2: Sharing Special Moments
    • Security Awareness Month Week 3: Working and Networking
    • Security Awareness Month Week 4: Families and Businesses
    [infographic]

    Workshop: Develop a Security Awareness and Training Program That Empowers End Users

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Outline the Plan for Long-term Program Improvement

    The Purpose

    Identify the maturity level of the existing security awareness and training program and set development goals.

    Establish program milestones and outline key initiatives for program development.

    Identify metrics to measure program effectiveness.

    Key Benefits Achieved

    Identified the gaps between the current maturity level of the security awareness and training program and future target states.

    Activities

    1.1 Create a program development plan.

    1.2 Investigate and select metrics to measure program effectiveness.

    1.3 Execute some low-hanging fruit initiatives for collecting metrics: e.g. create a knowledge test, feedback survey, or gamification guide.

    Outputs

    Customized development plan for program.

    Tool for tracking metrics.

    Customized knowledge quiz ready for distribution.

    Customized feedback survey for training.

    Gamification program outline.

    2 Identify and Assess Audience Groups and Security Training Topics

    The Purpose

    Determine the unique audience groups within your organization and evaluate their risks and vulnerabilities.

    Prioritize training topics and audience groups to effectively streamline program development.

    Key Benefits Achieved

    Created a comprehensive list of unique audience groups and the corresponding security training that each group should receive.

    Determined priority ratings for both audience groups and the security topics to be delivered.

    Activities

    2.1 Identify the unique audience groups within your organization and the threats they face.

    2.2 Determine the priority levels of the current security topics.

    2.3 Review audience groups and determine which topics need to be delivered to each group.

    Outputs

    Risk profile for each identified audience group.

    Priority scores for all training topics.

    List of relevant security topics for each identified audience group.

    3 Plan the Training Delivery

    The Purpose

    Identify all feasible delivery channels for security training within your organization.

    Build a vendor evaluation tool and shortlist or harvest materials for in-house content creation.

    Key Benefits Achieved

    List of all potential delivery mechanisms for security awareness and training.

    Built a vendor evaluation tool and discussed a vendor shortlist.

    Harvested a collection of free online materials for in-house training development.

    Activities

    3.1 Discuss potential delivery mechanisms for training, including the purchase and use of a vendor.

    3.2 If selecting a vendor, review vendor selection criteria and discuss potential vendor options.

    3.3 If creating content in-house, review and select available resources on the web.

    Outputs

    List of available delivery mechanisms for training.

    Vendor assessment tool and shortlist.

    Customized security training presentations.

    4 Create a Training Schedule for Content Deployment

    The Purpose

    Create a plan for deploying a pilot program to gather valuable feedback.

    Create an ongoing training schedule.

    Define the end users’ responsibilities towards security within the organization.

    Key Benefits Achieved

    Created a plan to deploy a pilot program.

    Created a schedule for training deployment.

    Defined role of end users in helping protect the organization against security threats.

    Activities

    4.1 Build training modules.

    4.2 Create an ongoing training schedule.

    4.3 Define and document your end users’ responsibilities towards their security.

    Outputs

    Documented modular structure to training content.

    Training schedule.

    Security job description template.

    End-user training policy.

    Data Architecture

    • Buy Link or Shortcode: {j2store}17|cart{/j2store}
    • Related Products: {j2store}17|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.5/10
    • member rating average dollars saved: $30,159
    • member rating average days saved: 5
    • Parent Category Name: Data and Business Intelligence
    • Parent Category Link: /data-and-business-intelligence
    Enable the business to achieve operational excellence, client intimacy, and product leadership with an innovative, agile, and fit-for-purpose data architecture practice

    Get the Most Out of Your SAP

    • Buy Link or Shortcode: {j2store}240|cart{/j2store}
    • member rating overall impact (scale of 10): 9.7/10 Overall Impact
    • member rating average dollars saved: $6,499 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: Optimization
    • Parent Category Link: /optimization
    • SAP systems are changed rarely and changing them has significant impact on an organization.
    • Research shows that even newly installed systems often fail to realize their full potential benefit to the organization.
    • Business process improvement is rarely someone’s day job.

    Our Advice

    Critical Insight

    A properly optimized SAP business process will reduce costs and increase productivity.

    Impact and Result

    • Build an ongoing optimization team to conduct application improvements.
    • Assess your SAP application(s) and the environment in which they exist. Take a business first strategy to prioritize optimization efforts.
    • Validate SAP capabilities, user satisfaction, issues around data, vendor management, and costs to build out an optimization strategy.
    • Pull this all together to develop a prioritized optimization roadmap.

    Get the Most Out of Your SAP Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Get the Most Out of Your SAP Storyboard – A guide to optimize your SAP.

    SAP is a core tool that the business leverages to accomplish its goals. Use this blueprint to strategically re-align business goals, identify business application capabilities, complete a process assessment, evaluate user adoption, and create an optimization plan that will drive a cohesive technology strategy that delivers results.

    • Get the Most Out of Your SAP – Phases 1-4

    2. Get the Most Out of Your SAP Workbook – A tool to document and assist with optimizing your SAP.

    The Get the Most out of Your SAP Workbook serves as the holding document for the different elements for the Get the Most out of Your SAP blueprint. Use each assigned tab to input the relevant information for the process of optimizing your SAP.

    • Get the Most Out of Your SAP Workbook

    Infographic

    Workshop: Get the Most Out of Your SAP

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your SAP Application Vision

    The Purpose

    Get the most out of your SAP.

    Key Benefits Achieved

    Develop an ongoing SAP optimization team.

    Re-align SAP and business goals.

    Understand your current system state capabilities and processes.

    Validate user satisfaction, application fit, and areas of improvement to optimize your SAP.

    Take a 360-degree inventory of your SAP and related systems.

    Realign business and technology drivers. Assess user satisfaction.

    Review the SAP marketplace.

    Complete a thorough examination of capabilities and processes.

    Manage your vendors and data.

    Pull this all together to prioritize optimization efforts and develop a concrete roadmap.

    Activities

    1.1 Determine your SAP optimization team.

    1.2 Align organizational goals.

    1.3 Inventory applications and interactions.

    1.4 Define business capabilities.

    1.5 Explore SAP-related costs.

    Outputs

    SAP optimization team

    SAP business model

    SAP optimization goals

    SAP system inventory and data flow

    SAP process list

    SAP and related costs

    2 Map Current-State Capabilities

    The Purpose

    Map current-state capabilities.

    Key Benefits Achieved

    Complete an SAP process gap analysis to understand where the SAP is underperforming.

    Review the SAP application portfolio assessment to understand user satisfaction and data concerns.

    Undertake a software review survey to understand your satisfaction with the vendor and product.

    Activities

    2.1 Conduct gap analysis for SAP processes.

    2.2 Perform an application portfolio assessment.

    2.3 Review vendor satisfaction.

    Outputs

    SAP process gap analysis

    SAP application portfolio assessment

    ERP software reviews survey

    3 Assess SAP

    The Purpose

    Assess SAP.

    Key Benefits Achieved

    Learn the processes that you need to focus on.

    Uncover underlying user satisfaction issues to address these areas.

    Understand where data issues are occurring so that you can mitigate this.

    Investigate your relationship with the vendor and product, including that relative to others.

    Identify any areas for cost optimization (optional).

    Activities

    3.1 Explore process gaps.

    3.2 Analyze user satisfaction.

    3.3 Assess data quality.

    3.4 Understand product satisfaction and vendor management.

    3.5 Look for SAP cost optimization opportunities (optional).

    Outputs

    SAP process optimization priorities

    SAP vendor optimization opportunities

    SAP cost optimization

    4 Build the Optimization Roadmap

    The Purpose

    Build the optimization roadmap.

    Key Benefits Achieved

    Understanding where you need to improve is the first step, now understand where to focus your optimization efforts.

    Activities

    4.1 SAP process gap analysis

    4.2 SAP application portfolio assessment

    4.3 SAP software reviews survey

    Outputs

    ERP optimization roadmap

    Further reading

    Get the Most Out of Your SAP

    In today’s connected world, the continuous optimization of enterprise applications to realize your digital strategy is key.

    EXECUTIVE BRIEF

    Analyst Perspective

    Focus optimization on organizational value delivery.

    The image contains a picture of Chad Shortridge.

    Chad Shortridge

    Senior Research Director, Enterprise Applications

    Info-Tech Research Group

    The image contains a picture of Lisa Highfield.

    Lisa Highfield

    Research Director, Enterprise Applications

    Info-Tech Research Group

    Enterprise resource planning (ERP) is a core tool that the business leverages to accomplish its goals. An ERP that is doing its job well is invisible to the business. The challenges come when the tool is no longer invisible. It has become a source of friction in the functioning of the business.

    SAP systems are expensive, benefits can be difficult to quantify, and issues with the products can be difficult to understand. Over time, technology evolves, organizational goals change, and the health of these systems is often not monitored. This is complicated in today’s digital landscape with multiple integrations points, siloed data, and competing priorities.

    Too often organizations jump into selecting replacement systems without understanding the health of their systems. We can do better than this.

    IT leaders need to take a proactive approach to continually monitor and optimize their enterprise applications. Strategically re-align business goals, identify business application capabilities, complete a process assessment, evaluate user adoption, and create an optimization plan that will drive a cohesive technology strategy that delivers results.

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    Your SAP ERP systems are critical to supporting the organization’s business processes. They are expensive. Direct benefits and ROI can be hard to measure.

    SAP application portfolios are often behemoths to support. With complex integration points and unique business processes, stabilization is the norm.

    Application optimization is essential to staying competitive and productive in today’s digital environment.

    Balancing optimization with stabilization is one of the most difficult decisions for ERP application leaders.

    Competing priorities and often unclear ERP strategies make it difficult to make decisions about what, how, and when to optimize.

    Enterprise applications involve large numbers of processes, users, and evolving vendor roadmaps.

    Teams do not have a framework to illustrate, communicate, and justify the optimization effort in the language your stakeholders understand.

    In today’s rapidly changing SAP landscape it is imperative to evaluate your applications for optimization, no matter what your strategy is moving forward.

    Assess your SAP applications and the environment in which they exist. Take a business-first strategy to prioritize optimization efforts.

    Validate ERP capabilities, user satisfaction, issues around data, vendor management, and costs to build out an overall roadmap and optimization strategy.

    Pull this all together to prioritize optimization efforts and develop a concrete roadmap.

    Info-Tech Insight

    SAP ERP environments are changing, but we cannot stand still on our optimization efforts. Understand your product(s), processes, user satisfaction, integration points, and the availability of data to business decision makers. Examine these areas to develop a personalized SAP optimization roadmap that fits the needs of your organization. Incorporate these methodologies into an ongoing optimization strategy aimed at enabling the business, increasing productivity, and reducing costs.

    The image contains an Info-Tech Thought model on get the most out of your ERP.

    Insight summary

    Continuous assessment and optimization of your SAP ERP systems is critical to the success of your organization.

    • Applications and the environments in which they live are constantly evolving.
    • This blueprint provides business and application managers with a method to complete a health assessment of their ERP systems to identify areas for improvement and optimization.
    • Put optimization practices into effect by:
      • Aligning and prioritizing key business and technology drivers.
      • Identifying ERP process classification and performing a gap analysis.
      • Measuring user satisfaction across key departments.
      • Evaluating vendor relations.
      • Understanding how data plays into the mix.
      • Pulling it all together into an optimization roadmap.

    SAP enterprise resource planning (ERP) systems facilitate the flow of information across business units. It allows for the seamless integration of systems and creates a holistic view of the enterprise to support decision making. In many organizations, the SAP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow. ERP implementation should not be a one-and-done exercise. There needs to be ongoing optimization to enable business processes and optimal organizational results.

    SAP enterprise resource planning (ERP)

    The image contains a diagram of the SAP enterprise resource planning. The diagram includes a circle with smaller circles all around it. The inside of the circle contains SAP logos. The circles around the big circle are labelled: Human Resources Management, Sales, Marketing, Customer Service, Asset Management, Logistics, Supply Chain Management, Manufacturing, R&D and Engineering, and Finance.

    What is SAP?

    SAP ERP systems facilitate the flow of information across business units. They allow for the seamless integration of systems and create a holistic view of the enterprise to support decision making.

    In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

    An ERP system:

    • Automates processes, reducing the amount of manual, routine work.
    • Integrates with core modules, eliminating the fragmentation of systems.
    • Centralizes information for reporting from multiple parts of the value chain to a single point.

    SAP use cases:

    Product-Centric

    Suitable for organizations that manufacture, assemble, distribute, or manage material goods.

    Service-Centric

    Suitable for organizations that provide and manage field services and/or professional services.

    SAP Fast Facts

    Product Description

    • SAP has numerous ERP products. Products can be found under ERP, Finance, Customer Relations and Experience, Supply Chain Management, Human Resources, and Technology Platforms.
    • SAP offers on-premises and cloud solutions for its ERP. In 2011, SAP released the HANA in-memory database. SAP ECC 6.0 reaches the end of life in 2027 (2030 extended support).
    • Many organizations are facing mandatory transformation. This is an excellent opportunity to examine ERP portfolios for optimization opportunities.
    • Now is the time to optimize to ensure you are prepared for the journey ahead.
    The image contains a timeline of the evolution of SAP ERP. The timeline is ordered: SAP R1-R3 1972-1992, SAP ECC 2003-2006, ERP Business Suite 2000+, SAP HANA In-Memory Database 2011, S/4 2015.

    Vendor Description

    • SAP SE was founded in 1972 by five former IBM employees.
    • The organization is focused on enterprise software that integrates all business processes and enables data processing in real-time.
    • SAP stands for Systems, Applications, and Products in Data Processing.
    • SAP offers more than 100 solutions covering all business functions.
    • SAP operates 65 data centers at 35 locations in 16 countries.

    Employees

    105,000

    Headquarters

    Walldorf, Baden-Württemberg, Germany

    Website

    sap.com

    Founded

    1972

    Presence

    Global, Publicly Traded

    SAP by the numbers

    Only 72% of SAP S/4HANA clients were satisfied with the product’s business value in 2022. This was 9th out of 10 in the enterprise resource planning category.

    Source: SoftwareReviews

    As of 2022, 65% of SAP customers have not made the move to S/4HANA. These customers will continue to need to optimize the current ERP to meet the demanding needs of the business.

    Source: Statista

    Organizations will need to continue to support and optimize their SAP ERP portfolios. As of 2022, 42% of ASUG members were planning a move to S/4HANA but had not yet started to move.

    Source: ASUG

    Your challenge

    This research is designed to help organizations who need to:

    • Understand the multiple deployment models and the roadmap to successfully navigate a move to S/4HANA.
    • Build a business case to understand the value behind a move.
    • Map functionality to ensure future compatibility.
    • Understand the process required to commercially navigate a move to S/4HANA.
    • Avoid a costly audit due to missed requirements or SAP whiteboarding sessions.

    HANA used to be primarily viewed as a commercial vehicle to realize legacy license model discounts. Now, however, SAP has built a roadmap to migrate all customers over to S/4HANA. While timelines may be delayed, the inevitable move is coming.

    30-35% of SAP customers likely have underutilized assets. This can add up to millions in unused software and maintenance.

    – Upperedge

    SAP challenges and dissatisfaction

    Drivers of Dissatisfaction

    Organizational

    People and teams

    Technology

    Data

    Competing priorities

    Knowledgeable staff/turnover

    Integration issues

    Access to data

    Lack of strategy

    Lack of internal skills

    Selecting tools and technology

    Data hygiene

    Budget challenges

    Ability to manage new products

    Keeping pace with technology changes

    Data literacy

    Lack of training

    Update challenges

    One view of the customer

    Finance, IT, Sales, and other users of the ERP system can only optimize ERP with the full support of each other. The cooperation of the departments is crucial when trying to improve ERP technology capabilities and customer interaction.

    Info-Tech Insight

    While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder-to-shoulder with the business to develop a technology framework for ERP.

    Where are applications leaders focusing?

    Big growth numbers

    Year-over-year call topic requests

    Other changes

    Year-over-year call topic requests

    The image contains a graph to demonstrate year-over-year call topic requests. Year 1 has 79%, Year 2 76%, Year 3 65% requests, and Year 4 has 124% requests. The image contains a graph to demonstrate other changes in year-over-year call topic requests. Year 1 has -25%, Year 2 has 4%, and Year 3 has 13%.

    We are seeing applications leaders’ priorities change year over year, driven by a shift in their approach to problem solving. Leaders are moving from a process-centric approach to a collaborative approach that breaks down boundaries and brings teams together.

    Software development lifecycle topics are tactical point solutions. Organizations have been “shifting left” to tackle the strategic issues such as product vision and Agile mindset to optimize the whole organization.

    The S/4HANA journey

    Optimization can play a role in your transition to S/4HANA.

    • The business does not stop. Satisfy ongoing needs for business enablement.
    • Build out a collaborative SAP optimization team across the business and IT.
    • Engage the business to understand requirements.
    • Discover applications and processes.
    • Explore current-state capabilities and future-state needs.
    • Evaluate optimization opportunities. Are there short-term wins? What are the long-term goals?
    • Navigate the path to S/4HANA and develop some timelines and stage gates.
    • Set your course and optimization roadmap.
    • Capitalize on the methodologies for an ongoing optimization effort that can be continued after the S/4HANA go-live date.

    Many organizations may be coming up against changes to their SAP ERP application portfolio.

    Some challenges organizations may be dealing with include:

    • Heavily customized instances
    • Large volumes of data
    • Lack of documentation
    • Outdated business processes
    • Looming end of life

    Application optimization is risky without a plan

    Avoid these common pitfalls:

    • Not pursuing optimization because you are migrating to S/4HANA.
    • Not considering how this plays into the short-, medium-, and long-term ERP strategy.
    • Not considering application optimization as a business and IT partnership, which requires the continuous formal engagement of all participants.
    • Not having a good understanding of your current state, including integration points and data.
    • Not adequately accommodating feedback and changes after digital applications are deployed and employed.
    • Not treating digital applications as a motivator for potential future IT optimization efforts and incorporating digital assets in strategic business planning.
    • Not involving department leads, management, and other subject-matter experts to facilitate the organizational change digital applications bring.

    “[A] successful application [optimization] strategy starts with the business need in mind and not from a technological point of view. No matter from which angle you look at it, modernizing a legacy application is a considerable undertaking that can’t be taken lightly. Your best approach is to begin the journey with baby steps.”

    – Medium

    Info-Tech’s methodology for getting the most out of your ERP

    1. Map Current-State Capabilities

    2. Assess Your Current State

    3. Identify Key Optimization Areas

    4. Build Your Optimization Roadmap

    Phase Steps

    1. Identify stakeholders and build your SAP optimization team.
    2. Build an SAP strategy model.
    3. Inventory current system state.
    4. Define business capabilities.
    1. Conduct a gap analysis for ERP processes.
    2. Assess user satisfaction.
    3. Review your satisfaction with the vendor and product.
    1. Identify key optimization areas.
    2. Evaluate product sustainability over the short, medium, and long term.
    3. Identify any product changes anticipated over short, medium, and long term.
    1. Prioritize optimization opportunities.
    2. Identify key optimization areas.
    3. Compile optimization assessment results.

    Phase Outcomes

    1. Stakeholder map
    2. SAP optimization team
    3. SAP business model
    4. Strategy alignment
    5. Systems inventory and diagram
    6. Business capabilities map
    7. Key SAP processes list
    1. Gap analysis for SAP-related processes
    2. Understanding of user satisfaction across applications and processes
    3. Insight into SAP data quality
    4. Quantified satisfaction with the vendor and product
    5. Understanding SAP costs
    1. List of SAP optimization opportunities
    1. SAP optimization roadmap

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Get the Most Out of Your SAP Workbook

    Identify and prioritize your SAP optimization goals.

    The image contains screenshots of the SAP Workbook.

    Application Portfolio Assessment

    Assess IT-enabled user satisfaction across your SAP portfolio.

    The image contains a screenshot of the Application Portfolio Assessment.

    Key deliverable:

    The image contains a screenshot of the SAP Organization Roadmap.

    SAP Optimization Roadmap

    Complete an assessment of processes, user satisfaction, data quality, and vendor management.

    The image contains screenshots further demonstrating SAP deliverables.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.

    Guided Implementation

    Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.

    Workshop

    We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.

    Consulting

    Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3 Phase 4

    Call #1: Scope requirements, objectives, and your specific challenge.

    Call #2:

    • Build the SAP team.
    • Align organizational goals.

    Call #3:

    • Map current state.
    • Inventory SAP capabilities and processes.
    • Explore SAP-related costs.

    Call #4: Understand product satisfaction and vendor management.

    Call #5: Review APA results.

    Call #6: Understand SAP optimization opportunities.

    Call #7: Determine the right SAP path for your organization.

    Call #8:

    Build out optimization roadmap and next steps.

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Define Your SAP Application Vision

    Map Current State

    Assess SAP

    Build Your Optimization Roadmap

    Next Steps and Wrap-Up (offsite)

    Activities

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. SAP optimization team
    2. SAP business model
    3. SAP optimization goals
    4. System inventory and data flow
    5. Application and business capabilities list
    6. SAP optimization timeline
    1. SAP capability gap analysis
    2. SAP user satisfaction (application portfolio assessment)
    3. SAP SoftwareReviews survey results
    4. SAP current costs
    1. Product and vendor satisfaction opportunities
    2. Capability and feature optimization opportunities
    3. Process optimization opportunities
    4. Integration optimization opportunities
    5. Data optimization opportunities
    6. SAP cost-saving opportunities
    1. SAP optimization roadmap

    Phase 1

    Map Current-State Capabilities

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    This phase will guide you through the following activities:

    • Align your organizational goals
    • Gain a firm understanding of your current state
    • Inventory ERP and related applications
    • Confirm the organization’s capabilities

    This phase involves the following participants:

    • CFO
    • Department Leads – Finance, Procurement, Asset Management
    • Applications Director
    • Senior Business Analyst
    • Senior Developer
    • Procurement Analysts

    Step 1.1

    Identify Stakeholders and Build Your Optimization Team

    Activities

    1.1.1 Identify stakeholders critical to success

    1.1.2 Map your SAP optimization stakeholders

    1.1.3 Determine your SAP optimization team

    This step will guide you through the following activities:

    • Identify ERP drivers and objectives
    • Explore ERP challenges and pain points
    • Discover ERP benefits and opportunities
    • Align the ERP foundation with the corporate strategy

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Stakeholder map
    • SAP Optimization Team

    ERP optimization stakeholders

    • Understand the roles necessary to get the most out of your SAP.
    • Understand the role of each player within your project structure. Look for listed participants on the activities slides to determine when each player should be involved.

    Title

    Role Within the Project Structure

    Organizational Sponsor

    • Owns the project at the management/C-suite level
    • Responsible for breaking down barriers and ensuring alignment with your organizational strategy
    • CIO, CFO, COO, or similar

    Project Manager

    • The IT individual(s) that oversee day-to-day project operations
    • Responsible for preparing and managing the project plan and monitoring the project team’s progress
    • Applications Manager or other IT Manager, Business Analyst, Business Process Owner, or similar

    Business Unit Leaders

    • Works alongside the IT Project Manager to ensure the strategy is aligned with business needs
    • In this case, likely to be a marketing, sales, or customer service lead
    • Sales Director, Marketing Director, Customer Care Director, or similar

    Optimization Team

    • Comprised of individuals whose knowledge and skills are crucial to project success
    • Responsible for driving day-to-day activities, coordinating communication, and making process and design decisions; can assist with persona and scenario development for ERP
    • Project Manager, Business Lead, ERP Manager, Integration Manager, Application SMEs, Developers, Business Process Architects, and/or similar SMEs

    Steering Committee

    • Comprised of the C-suite/management-level individuals that act as the project’s decision makers
    • Responsible for validating goals and priorities, defining the project scope, enabling adequate resourcing, and managing change
    • Project Sponsor, Project Manager, Business Lead, CFO, Business Unit SMEs, or similar

    Info-Tech Insight

    Do not limit project input or participation. Include subject-matter experts and internal stakeholders at stages within the project. Such inputs can be solicited on a one-off basis as needed. This ensures you take a holistic approach to create your ERP optimization strategy.

    1.1.1 Identify SAP optimization stakeholders

    1 hour

    1. Hold a meeting to identify the SAP optimization stakeholders.
    2. Use next slide as a guide.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot from the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Understand how to navigate the complex web of stakeholders in ERP

    Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.

    Sponsor

    End User

    IT

    Business

    Description

    An internal stakeholder who has final sign-off on the ERP project.

    Front-line users of the ERP technology.

    Back-end support staff who are tasked with project planning, execution, and eventual system maintenance.

    Additional stakeholders that will be impacted by any ERP technology changes.

    Examples

    • CEO
    • CIO/CTO
    • COO
    • CFO
    • Warehouse personnel
    • Sales teams
    • HR admins
    • Applications manager
    • Vendor relationship manager(s)
    • Director, Procurement
    • VP, Marketing
    • Manager, HR

    Value

    Executive buy-in and support is essential to the success of the project. Often, the sponsor controls funding and resource allocation.

    End users determine the success of the system through user adoption. If the end user does not adopt the system, the system is deemed useless and benefits realization is poor.

    IT is likely to be responsible for more in-depth requirements gathering. IT possesses critical knowledge around system compatibility, integration, and data.

    Involving business stakeholders in the requirements gathering will ensure alignment between HR and organizational objectives.

    Large-scale ERP projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.

    EXAMPLE: Stakeholder involvement during selection

    The image contains an example of stakeholder involvement during selection. The graph is comparing influence and interest. In the lowest section of both influence and interest, it is labelled Monitor. With low interest but high influence that is labelled Keep Satisfied. In low influence but high interest it is labelled Keep Informed. The section that is high in both interest and influence that is labelled Involve closely.

    Activity 1.1.2 Map your SAP optimization stakeholders

    1 hour

    1. Use the list of SAP optimization stakeholders.
    2. Map each stakeholder on the quadrant based on their expected influence and involvement in the project.
    3. [Optional] Color code the users using the scale below to quickly identify the group that the stakeholder belongs to.

    The image contains an example of a colour scheme. Sponsor is coloured blue, End user is purple, IT is yellow, and Business is light blue.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of an example map on organization's stakeholders.

    Download the Get the Most Out of Your SAP Workbook

    Map the organization’s stakeholders

    The image contains a larger version of the image from the previous slide where there is a graph comparing influence and involvement and has a list of stakeholders in a legend on the side.

    The SAP optimization team

    Consider the core team functions when putting together the project team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, Operations) to create a well-aligned ERP optimization strategy. Don’t let your project team become too large when trying to include all relevant stakeholders. Carefully limiting the size of the project team will enable effective decision making while still including functional business units such as Marketing, Sales, Service, and Finance as well as IT.

    Required Skills/Knowledge

    Suggested Project Team Members

    Business

    • Department leads
    • Business process leads
    • Business analysts
    • Subject matter experts
    • SMEs/Business process leads –All functional areas; example: Strategy, Sales, Marketing, Customer Service, Finance, HR

    IT

    • Application development
    • Enterprise integration
    • Business processes
    • Data management
    • Product owner
    • ERP application manager
    • Business process manager
    • Integration manager
    • Application developer
    • Data stewards

    Other

    • Operations
    • Administrative
    • Change management
    • COO
    • CFO
    • Change management officer

    1.1.3 Determine your SAP optimization team

    1 hour

    1. Have the project manager and other key stakeholders discuss and determine who will be involved in the SAP optimization project.
    • The size of the team will depend on the initiative and size of your organization.
    • Key business leaders in key areas and IT representatives should be involved.

    Note: Depending on your initiative and the size of your organization, the size of this team will vary.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the section ERP Optimization Team in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Step 1.2

    Build an SAP Strategy Model

    Activities

    1.2.1 Explore environmental factors and technology drivers

    1.2.2 Consider potential barriers and challenges

    1.2.3 Discuss enablers of success

    1.2.4 Develop your SAP optimization goals

    This step will guide you through the following activities:

    • Identify ERP drivers and objectives
    • Explore ERP challenges and pain points
    • Discover ERP benefits and opportunities
    • Align the ERP foundation with the corporate strategy

    This step involves the following participants:

    • SAP Optimization Team

    Outcomes of this step

    • ERP business model
    • Strategy alignment

    Align your SAP strategy with the corporate strategy

    Corporate Strategy

    Unified ERP Strategy

    IT Strategy

    Your corporate strategy:

    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and business aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the desired future state.
    • The ideal ERP strategy is aligned with overarching organizational business goals and with broader IT initiatives.
    • Include all affected business units and departments in these conversations.
    • The ERP optimization can be and should be linked, with metrics, to the corporate strategy and ultimate business objectives

    Your IT strategy:

    • Communicates the organization’s budget and spending on ERP.
    • Identifies IT initiatives that will support the business and key ERP objectives.
    • Outlines staffing and resourcing for ERP initiatives.

    ERP projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with ERP capabilities. Effective alignment between IT and the business should happen daily. Alignment doesn’t just need to occur just at the executive level but at each level of the organization.

    ERP Business Model Template

    The image contains a screenshot of a ERP Business Model Template.

    Conduct interviews to elicit the business context

    Stakeholder Interviews

    Begin by conducting interviews of your executive team. Interview the following leaders:

    1. Chief Information Officer
    2. Chief Executive Officer
    3. Chief Financial Officer
    4. Chief Revenue Officer/Sales Leader
    5. Chief Operating Officer/Supply Chain & Logistics Leader
    6. Chief Technology Officer/Chief Product Officer

    INTERVIEWS MUST UNCOVER

    1. Your organization’s top three business goals
    2. Your organization’s top ten business initiatives
    3. Your organization’s mission and vision

    Understand the ERP drivers and organizational objectives

    Business Needs

    Business Drivers

    Technology Drivers

    Environmental Factors

    Definition

    A business need is a requirement associated with a particular business process.

    Business drivers can be thought of as business-level goals. These are tangible benefits the business can measure such as customer retention, operation excellence, and financial performance.

    Technology drivers are technological changes that have created the need for a new ERP enablement strategy. Many organizations turn to technology systems to help them obtain a competitive edge.

    These external considerations are factors that take place outside of the organization and impact the way business is conducted inside the organization. These are often outside the control of the business.

    Examples

    • Audit tracking
    • Authorization levels
    • Business rules
    • Data quality
    • Customer satisfaction
    • Branding
    • Time-to-resolution
    • Deployment model (i.e. SaaS)
    • Integration
    • Reporting capabilities
    • Fragmented technologies
    • Economic and political factors
    • Competitive influencers
    • Compliance regulations

    Info-Tech Insight

    One of the biggest drivers for ERP adoption is the ability to make quicker decisions from timely information. This driver is a result of external considerations. Many industries today are highly competitive, uncertain, and rapidly changing. To succeed under these pressures, there needs to be timely information and visibility into all components of the organization.

    1.2.1 Explore environmental factors and technology drivers

    30 minutes

    1. Identify business drivers that are contributing to the organization’s need for ERP.
    2. Understand how the company is running today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization. Use a whiteboard or flip charts and markers to capture key findings.
    3. Consider external considerations, organizational drivers, technology drivers, and key functional requirements.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a diagram on exploring the environmental factors and technology drivers.

    External Considerations

    Organizational Drivers

    Technology Considerations

    Functional Requirements

    • Funding constraints
    • Regulations
    • Compliance
    • Scalability
    • Operational efficiency
    • Data accuracy
    • Data quality
    • Better reporting
    • Information availability
    • Integration between systems
    • Secure data

    Download the Get the Most Out of Your SAP Workbook

    Create a realistic ERP foundation by identifying the challenges and barriers the project will bestow

    There are several different factors that may stifle the success of an ERP implementation. Organizations that are creating an ERP foundation must scan their current environment to identify internal barriers and challenges.

    Common Internal Barriers

    Management Support

    Organizational Culture

    Organizational Structure

    IT Readiness

    Definition

    The degree of understanding and acceptance toward ERP systems.

    The collective shared values and beliefs.

    The functional relationships between people and departments in an organization.

    The degree to which the organization’s people and processes are prepared for a new ERP system.

    Questions

    • Is an ERP project recognized as a top priority?
    • Will management commit time to the project?
    • Are employees resistant to change?
    • Is the organization highly individualized?
    • Is the organization centralized?
    • Is the organization highly formalized?
    • Is there strong technical expertise?
    • Is there strong infrastructure?

    Impact

    • Funding
    • Resources
    • Knowledge sharing
    • User acceptance
    • Flow of knowledge
    • Quality of implementation
    • Need for reliance on consultants

    ERP Business Model

    Organizational Goals

    Enablers

    Barriers

    • Efficiency
    • Effectiveness
    • Integrity
    • One source of truth for data
    • One team
    • Customer service, external and internal
    • Cross-trained employees
    • Desire to focus on value-add activities
    • Collaborative
    • Top-level executive support
    • Effective change management process
    • Organizational silos
    • Lack of formal process documentation
    • Funding availability
    • What goes first? Organizational priorities

    What does success look like?

    Top 15 critical success factors for ERP system implementation

    The image contains a graph that demonstrates the top 15 critical success factors for ERP system implementation. The top 15 are: Top management support and commitment, Interdepartmental communication and cooperations throughout the institution, Commitment to business process re-engineering to do away with redundant processes, Implementation project management from initiation to closing, Change management program to ensure awareness and readiness for possible changes, Project team competence, Education and training for stakeholders, Project champion to lead implementation, Project mission and goals for the system with clear objectives agreed upon, ERP expert consultant use to guide the implementation process, Minimum level of customization to use ERP functionalities to maximum, Package selection, Understanding the institutional culture, Use involvement and participation throughout implementation, ERP vendor support and partnership.

    Source: Epizitone and Olugbara, 2020; CC BY 4.0

    Info-Tech Insight

    Complement your ability to deliver on your critical success factors with the capabilities of your implementation partner to drive a successful ERP implementation.

    “Implementation partners can play an important role in successful ERP implementations. They can work across the organizational departments and layers creating a synergy and a communications mechanism.” – Ayogeboh Epizitone, Durban University of Technology

    1.2.2 Consider potential barriers and challenges

    1-3 hours

    • Open tab “1.2 Strategy & Goals,” in the Get the Most Out of Your SAP Workbook.
    • Identify barriers to ERP optimization success.
    • Review the ERP critical success factors and how they relate to your optimization efforts.
    • Discuss potential barriers to successful ERP optimization.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains the same diagram as shown previously, where it demonstrated the environmental factors in relation to the ERP strategy. The same diagram is used and highlights the barriers section.

    Functional Gaps

    Technical Gaps

    Process Gaps

    Barriers to Success

    • No online purchase order for requisitions
    • Inconsistent reporting – data quality concerns
    • Duplication of data
    • Lack of system integration
    • Cultural mindset
    • Resistance to change
    • Lack of training
    • Funding

    Download the Get the Most Out of Your SAP Workbook

    1.2.3 Discuss enablers of success

    1-3 hours

    1. Open tab “1.2 Strategy & Goals,” in the Get the Most Out of Your SAP Workbook.
    2. Identify barriers to ERP optimization success.
    3. Review the ERP critical success factors and how they relate to your optimization efforts.
    4. Discuss potential barriers to successful ERP optimization.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains the same diagram as shown previously, where it demonstrated the environmental factors in relation to the ERP strategy. The same diagram is used and highlights the enablers and organizational goals sections.

    Business Benefits

    IT Benefits

    Organizational Benefits

    Enablers of Success

    • Business-IT alignment
    • Compliance
    • Scalability
    • Operational efficiency
    • Data accuracy
    • Data quality
    • Better reporting
    • Change management
    • Training
    • Alignment with strategic objectives

    Download the Get the Most Out of Your SAP Workbook

    The Business Value Matrix

    Rationalizing and quantifying the value of SAP

    Benefits can be realized internally and externally to the organization or department and have different drivers of value.

    • Financial benefits refer to the degree to which the value source can be measured through monetary metrics and are often quite tangible.
    • Human benefits refer to how an application can deliver value through a user’s experience.
    • Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.
    • Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Organizational Goals

    • Increased Revenue
    • Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.

    • Reduced Costs
    • Reduction of overhead. The ways in which an application limits the operational costs of business functions.

    • Enhanced Services
    • Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    • Reach Customers
    • Application functions that enable and improve the interaction with customers or produce market information and insights.

    Business Value Matrix

    The image contains a screenshot of a Business Value Matrix. It includes: Reach Customers, Increase Revenue or Deliver Value, Reduce Costs, and Enhance Services.

    Link SAP capabilities to organizational value

    The image contains screenshots that demonstrate linking SAP capabilities to organizational value.

    1.2.4 Define your SAP optimization goals

    30 minutes

    1. Discuss the ERP business model and ERP critical success factors.
    2. Through the lens of corporate goals and objectives think about supporting ERP technology. How can the ERP system bring value to the organization? What are the top things that will make this initiative a success?
    3. Develop five to ten optimization goals that will form the basis for the success of this initiative.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains an example of the activity describe above on defining your SAP optimization goals.

    Download the Get the Most Out of Your SAP Workbook

    Step 1.3

    Inventory Current System State

    Activities

    1.3.1 Inventory SAP applications and interactions

    1.3.2 Draw your SAP system diagram

    1.3.3 Inventory your SAP modules and business capabilities (or business processes)

    1.3.4 Define your key SAP optimization modules and business capabilities

    This step will guide you through the following activities:

    • Inventory of applications
    • Mapping interactions between systems

    This step involves the following participants:

    • SAP Optimization Team
    • Enterprise Architect
    • Data Architect

    Outcomes of this step

    • Systems inventory
    • Systems diagram

    1.3.1 Inventory SAP applications and interfaces

    1-3+ hours

    1. Enter your SAP systems, SAP extended applications, and integrated applications within scope.
    2. Include any abbreviated names or nicknames.
    3. List the application type or main function.
    4. List the modules the organization has licensed.
    5. List any integrations.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the SAP application inventory.

    Download the Get the Most Out of Your SAP Workbook

    ERP Data Flow

    The image contains an example ERP Data Flow with a legend.

    Be sure to include enterprise applications that are not included in the ERP application portfolio. Popular systems to consider for POIs include billing, directory services, content management, and collaboration tools.

    ERP – enterprise resource planning

    Email – email system such as Microsoft Exchange

    Calendar – calendar system such as Microsoft Outlook

    WEM – web experience management

    ECM – enterprise content management

    When assessing the current application portfolio that supports your ERP, the tendency will be to focus on the applications under the ERP umbrella. These relate mostly to marketing, sales, and customer service. Be sure to include systems that act as input to, or benefit due to outputs from, ERP or similar applications.

    1.3.2 Draw your SAP system diagram

    1-3+ hours

    1. From the SAP application inventory, diagram your network.
    2. Include:

    • Any internal or external systems
    • Integration points
    • Data flow

    The image contains a screenshot of the example ERP Systems Diagram.

    Download the Get the Most Out of Your SAP Workbook

    Sample SAP and integrations map

    The image contains a screenshot of a sample SAP and integrations map.

    Business capability map (Level 0)

    The image contains a screenshot of the business capability map, level 0. The capability map includes: Products and Services Development, Revenue Generation, Demand Fulfillment, and Enterprise Management and Planning.

    In business architecture, the primary view of an organization is known as a business capability map. A business capability defines what a business does to enable value creation, rather than how.

    Business capabilities:

    • Represent stable business functions.
    • Are unique and independent of each other.
    • Will typically have a defined business outcome.

    A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

    ERP process mapping

    The image contains screenshots to demonstrate the ERP process mapping. One of the screenshots is of the business capability map, level 0, the second screenshot contains the objectives , value streams, capabilities, and processes. The third image contains a screenshot of the SAP screenshot with the circles around it as previously shown.

    The operating model

    An operating model is a framework that drives operating decisions. It helps to set the parameters for the scope of ERP and the processes that will be supported. The operating model will serve to group core operational processes. These groupings represent a set of interrelated, consecutive processes aimed at generating a common output. From your developed processes and your SAP license agreements you will be able to pinpoint the scope for investigation including the processes and modules.

    APQC Framework

    Help define your inventory of sales, marketing, and customer services processes.

    Operating Processes

    1. Develop vision and strategy 2. Develop and manage products and services 3. Market and sell products and services 4. Deliver physical products 5. Deliver services

    Management and Support Processes

    6.Manage customer service

    7. Develop and manage human capital

    8. Manage IT

    9. Manage financial resources

    10. Acquire, construct, and manage assets

    11. Manage enterprise risk, compliance, remediation, and resiliency

    12. Manage external relationships

    13. Develop and manage business capabilities

    Source: APQC

    If you do not have a documented process model, you can use the APQC Framework to help define your inventory of sales business processes. APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.

    APQC’s Process Classification Framework

    The value stream

    Value stream defined:

    Value Streams

    Design Product

    Produce Product

    Sell Product

    Customer Service

    • Manufacturers work proactively to design products and services that will meet consumer demand.
    • Products are driven by consumer demand and government regulations.
    • Production processes and labor costs are constantly analyzed for efficiencies and accuracies.
    • Quality of product and services are highly regulated through all levels of the supply chain.
    • Sales networks and sales staff deliver the product from the organization to the end consumer.
    • Marketing plays a key role throughout the value stream, connecting consumers’ wants and needs to the products and services offered.
    • Relationships with consumers continue after the sale of products and services.
    • Continued customer support and data mining is important to revenue streams.

    Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates.

    There are two types of value streams: core value streams and support value streams.

    • Core value streams are mostly externally facing. They deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map.
    • Support value streams are internally facing and provide the foundational support for an organization to operate.

    An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers.

    Process mapping hierarchy

    The image contains a screenshot of the PCF levels explained. The levels are 1-5. The levels are: Category, Process Group, Process, Activity, and Task.

    Source: APQC

    APQC provides a process classification framework. It allows organizations to effectively define their processes and manage them appropriately.

    APQC’s Process Classification Framework

    Cross-industry classification framework

    Level 1 Level 2 Level 3 Level 4

    Market and sell products and services

    Understand markets, customers, and capabilities

    Perform customer and market intelligence analysis

    Conduct customer and market research

    Market and sell products and services

    Develop a sales strategy

    Develop a sales forecast

    Gather current and historic order information

    Deliver services

    Manage service delivery resources

    Manage service delivery resource demand

    Develop baseline forecasts

    ? ? ? ?

    Info-Tech Insight

    Focus your initial assessment on the level 1 processes that matter to your organization. This allows you to target your scant resources on the areas of optimization that matter most to the organization and minimize the effort required from your business partners. You may need to iterate the assessment as challenges are identified. This allows you to be adaptive and deal with emerging issues more readily and become a more responsive partner to the business.

    SAP modules and process enablement

    Cloud/Hardware

    Fiori

    Analytics

    Integrations

    Extended Solutions

    R&D Engineering

    • Enterprise Portfolio and Project Management
    • Product Development Foundation
    • Enterprise Portfolio and Project Management
    • Product Lifecycle Management
    • Product Compliance
    • Enterprise Portfolio and Project Management
    • Product Safety and Stewardship
    • Engineering Record

    Sourcing and Procurement

    • Procurement Analytics
    • Sourcing & Contract Management
    • Operational Procurement
    • Invoice Management
    • Supplier Management

    Supply Chain

    • Inventory
    • Delivery & Transportation
    • Warehousing
    • Order Promising

    Asset Management

    • Maintenance Operations
    • Resource Scheduling
    • Env, Health and Safety
    • Maintenance Management
    The image contains a diagram of the SAP enterprise resource planning. The diagram includes a circle with smaller circles all around it. The inside of the circle contains SAP logos. The circles around the big circle are labelled: Human Resources Management, Sales, Marketing, Customer Service, Asset Management, Logistics, Supply Chain Management, Manufacturing, R&D and Engineering, and Finance.

    Finance

    • Financial Planning and Analysis
    • Accounting and Financial Close
    • Treasury Management
    • Financial Operations
    • Governance, Risk & Compliance
    • Commodity Management

    Human Resources

    • Core HR
    • Payroll
    • Timesheets
    • Organization Management
    • Talent Management

    Sales

    • Sales Support
    • Order and Contract Management
    • Agreement Management
    • Performance Management

    Service

    • Service Operations and Processes
    • Basic Functions
    • Workforce Management
    • Case Management
    • Professional Services
    • Service Master Data Management
    • Service Management

    Beyond the core

    The image contains a screenshot of a diagram to demonstrate beyond the core. In the middle of the image is S/4 Core, and the BTP: Business Technology Platform. Surrounding it are: SAP Fieldglass, SAP Concur, SAP Success Factors, SAP CRM SAO Hybris, SAP Ariba. On the left side of the image are: Business Planning and Consolidations, Transportation Management System, Integrated Business Planning, Extended Warehouse Management.

    1.3.3 Inventory your SAP modules and business capabilities

    1-3+ hours

    1. Look at the major functions or processes within the scope of ERP.
    2. From the inventory of current systems, choose the submodules or processes that you want to investigate and are within scope for this optimization initiative.
    3. Use tab 1.3 “SAP Capabilities” in Get the Most Out of Your SAP Workbook for a list of common SAP Level 1 and Level 2 modules/business capabilities.
    4. List the top modules, capabilities, or processes that will be within the scope of this optimization initiative.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of an example of what to do for the activity 1.3.3.

    Download the Get the Most Out of Your SAP Workbook

    1.3.4 Define your key SAP optimization modules and business capabilities

    1-3+ hours

    1. Look at the major functions or processes within the scope of ERP.
    2. From the inventory of current systems, choose the submodules or processes for this optimization initiative. Base this on those that are most critical to the business, those with the lowest levels of satisfaction, or those that perhaps need more knowledge around them.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the Key SAP Optimization Capabilities.

    Download the Get the Most Out of Your SAP Workbook

    Step 1.4

    Define Optimization Timeframe

    Activities

    1.4.1 Define SAP key dates and SAP optimization roadmap timeframe and structure

    This step will guide you through the following activities:

    • Defining key dates related to your optimization initiative
    • Identifying key building blocks for your optimization roadmap

    This step involves the following participants:

    • SAP Optimization Team
    • Vendor Management

    Outcomes of this step

    • Optimization Key Dates
    • Optimization Roadmap Timeframe and Structure

    1.4.1 Optimization roadmap timeframe and structure

    1-3+ hours

    1. Record key items and dates relevant to your optimization initiatives, such as any products reaching end of life or end of contract or budget proposal submission deadlines.
    2. Enter the expected Optimization Initiative Start Date.
    3. Enter the Roadmap Length. This is the total amount of time you expect to participate in the SAP optimization initiative.
    4. This includes short-, medium- and long-term initiatives.
    5. Enter your Roadmap Date markers: how you want dates displayed on the roadmap.
    6. Enter Column time values: what level of granularity will be helpful for this initiative?
    7. Enter the sprint or cycle timeframe; use this if following Agile.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the Optimization Roadmap Timeframe and Structure.

    Download the Get the Most Out of Your SAP Workbook

    Step 1.5

    Understand SAP Costs

    Activities

    1.5.1 Document costs associated with SAP

    This step will walk you through the following activities:

    • Define your SAP direct and indirect costs
    • List your SAP expense line items

    This step involves the following participants:

    • Finance Representatives
    • SAP Optimization Team

    Outcomes of this step

    • Current SAP and related costs

    1.5.1 Document costs associated with SAP

    1-3 hours

    Before you can make changes and optimization decisions, you need to understand the high-level costs associated with your current application architecture. This activity will help you identify the types of technology and people costs associated with your current systems.

    1. Identify the types of technology costs associated with each current system:
      1. System Maintenance
      2. Annual Renewal
      3. Licensing
    2. Identify the cost of people associated with each current system:
      1. Full-Time Employees
      2. Application Support Staff
      3. Help Desk Tickets

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the activity 1.5.1 on documenting costs associated with SAP.

    Download the Get the Most Out of Your SAP Workbook

    Phase 2

    Assess Your Current State

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    This phase will walk you through the following activities:

    • Determine process relevance
    • Perform a gap analysis
    • Perform a user satisfaction survey
    • Assess software and vendor satisfaction

    This phase involves the following participants:

    • SAP Optimization Team
    • Users across functional areas of your ERP and related technologies

    Step 2.1

    Assess SAP Capabilities

    Activities

    2.1.1 Rate capability relevance to organizational goals

    2.1.2 Complete an SAP application portfolio assessment

    2.1.3 (Optional) Assess SAP process maturity

    This step will guide you through the following activities:

    • Capability relevance
    • Process gap analysis
    • Application Portfolio Assessment

    This step involves the following participants:

    • SAP Users

    Outcomes of this step

    • SAP Capability Assessment

    Benefits of the Application Portfolio Assessment

    The image contains a screenshot of the activity of assessing the health of the application portfolio.

    Assess the health of the application portfolio

    • Get a full 360-degree view of the effectiveness, criticality, and prevalence of all relevant applications to get a comprehensive view of the health of the applications portfolio.
    • Identify opportunities to drive more value from effective applications, retire nonessential applications, and immediately address at-risk applications that are not meeting expectations.
    The image contains a screenshot of the activity on providing targeted department feedback.

    Provide targeted department feedback

    • Share end-user satisfaction and importance ratings for core IT services, IT communications, and business enablement to focus on the right end-user groups or lines of business, and ramp up satisfaction and productivity.
    The image contains a screenshot of the activity on gaining insight into the state of data quality.

    Gain insight into the state of data quality

    • Data quality is one of the key issues causing poor CRM user satisfaction and business results. This can include the relevance, accuracy, timeliness, or usability of the organization’s data.
    • Targeted, open-ended feedback around data quality will provide insight into where optimization efforts should be focused.

    2.1.1 Complete a current-state assessment (via the Application Portfolio Assessment)

    3 hours

    Option 1: Use Info-Tech’s Application Portfolio Assessment to generate your user satisfaction score. This tool not only measures application satisfaction but also elicits great feedback from users regarding the support they receive from the IT team around SAP.

    1. Download the ERP Application Inventory Tool.
    2. Complete the “Demographics” tab (tab 2).
    3. Complete the “Inventory” tab (tab 3).
      1. Complete the inventory by treating each module within your SAP system as an application.
      2. Treat every department as a separate column in the department section. Feel free to add, remove, or modify department names to match your organization.
      3. Include data quality for all applications applicable.

    Option 2: Create a survey manually.

    1. Use tab (Reference) 2.1 “APA Questions” as a guide for creating your survey.
    2. Send out surveys to end users.
    3. Modify tab 2.1, “SAP Assessment,” if required.

    Record Results

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the Application Portfolio Assessment.

    Download the ERP Application Inventory Tool

    Download the Get the Most Out of Your SAP Workbook

    Sample Report from Application Portfolio Assessment.

    The image contains a screenshot of a sample report from the Application Portfolio Assessment.

    2.1.2 (Optional) Assess SAP process and technical maturity

    1-3 hours

    1. As with any ERP system, the issues encountered may not be related to the system itself but processes that have developed over time.
    2. Use this opportunity to interview key stakeholders to learn about deeper capability processes.
    • Identify key stakeholders.
    • Hold sessions to document deeper processes.
    • Discuss processes and technical enablement in each area.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains an example of the process maturity activity.

    Download the Get the Most Out of Your SAP Workbook

    Process Maturity Assessment

    The image contains a screenshot of the Process Maturity Assessment.

    Step 2.2

    Review Your Satisfaction With the Vendor/Product and Willingness for Change

    Activities

    2.2.1 Rate your vendor and product satisfaction

    2.2.2 Review SAP product scores (if applicable)

    2.2.3 Evaluate your product satisfaction

    2.2.4 Check your business process change tolerance

    This step will guide you through the following activities:

    • Rate your vendor and product satisfaction
    • Compare with survey data from SoftwareReviews

    This step involves the following participants:

    • SAP Product Owner(s)
    • Procurement Representative
    • Vendor Contracts Manager

    Outcomes of this step

    • Quantified satisfaction with vendor and product

    2.2.1 Rate your vendor and product satisfaction

    30 minutes

    Use Info-Tech’s vendor satisfaction survey to identify optimization areas with your ERP product(s) and vendor(s).

    1. Option 1 (recommended): Conduct a satisfaction survey using SoftwareReviews. This option allows you to see your results in the context of the vendor landscape.
    2. Option 2: Use the Get the Most Out of Your SAP Workbook to review your satisfaction with your SAP software.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the activity Vendor Optimization.

    SoftwareReviews’ Enterprise Resource Planning Category

    Download the Get the Most Out of Your SAP Workbook

    2.2.2 Review SAP product scores (if applicable)

    30 minutes

    1. Download the scorecard for your SAP product from the SoftwareReviews website. (Note: Not all products are represented or have sufficient data, so a scorecard may not be available.)
    2. Use the Get the Most Out of Your SAP Workbook tab 2.2 “Vend. & Prod. Sat” to record the scorecard results.
    3. Use your Get the Most Out of Your SAP Workbook to flag areas where your score may be lower than the product scorecard. Brainstorm ideas for optimization.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the activity 2.2.2 review SAP product scores.

    Download the Get the Most Out of Your SAP Workbook

    SoftwareReviews’ Enterprise Resource Planning Category

    2.2.3 How does your satisfaction compare with your peers?

    Use SoftwareReviews to explore product features, vendor experience, and capability satisfaction.

    The image contains two screenshots of SoftwareReviews. One is of the ERP Mid-Market, and the second is of the ERP Enterprise.

    Source: SoftwareReviews ERP Mid-Market, April 2022

    Source: SoftwareReviews ERP Enterprise, April 2022

    2.2.4 Check your business process change tolerance

    1 hours

    1. As a group, review the level 0 business capabilities on the previous slide.
    2. Assess the department’s willingness for change and the risk of maintaining the status quo.
    3. Color-code the level 0 business capabilities based on:
    • Green – Willing to follow best practices
    • Yellow – May be challenging or unique business model
    • Red – Low tolerance for change
  • For clarity, move to level 1 if specific areas need to be called out and use the same color code.
  • Input Output
    • Business process capability map
    • Heat map of risk areas that require more attention for validating best practices or minimizing customization
    Materials Participants
    • Whiteboard/flip charts
    • Get the Most Out of Your SAP Workbook
    • Implementation team
    • CIO
    • Key stakeholders

    Download Get the Most Out of Your SAP Workbook for additional process levels

    Heat map representing desire for best practice or those having the least tolerance for change

    The image contains a screenshot of a heat map to demonstrate desire for best practice or those having the least tolerance for change.

    Determine the areas of risk to conform to best practice and minimize customization. These will be areas needing focus from the vendor supporting change and guiding best practice. For example: Must be able to support our unique process manufacturing capabilities and enhance planning and visibility to detailed costing.

    Phase 3

    Identify Key Optimization Opportunities

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    This phase will walk you through the following activities:

    • Identify key optimization areas
    • Create an optimization roadmap

    This phase involves the following participants:

    • SAP Optimization Team

    Assessing application business value

    In this context…business value is

    the value of the business outcome that the application produces. Additionally, it is how effective the application is at producing that outcome.

    Business value is not

    the user’s experience or satisfaction with the application.

    The image contains a screenshot of a Venn Diagram. In the left circle, labelled The Business it contains the following text: Keepers of the organization’s mission, vision, and value statements that define IT success. The business maintains the overall ownership and evaluation of the applications. In the right circle labelled IT, it contains the following text: Technical subject-matter experts of the applications they deliver and maintain. Each IT function works together to ensure quality applications are delivered to stakeholder expectations. The middle space is labelled: Business Value of Applications.

    First, the authorities on business value need to define and weigh their value drivers that describe the priorities of the organization. This will allow the applications team to apply a consistent, objective, and strategically aligned evaluation of applications across the organization.

    Brainstorm IT initiatives to enable high areas of opportunity to support the business

    Brainstorm ERP optimization initiatives in each area. Ensure you are looking for all-encompassing opportunities within the context of IT, the business, and SAP systems.

    Capabilities are what the system and business does that creates value for the organization. Optimization initiatives are projects with a definitive start and end date, and they enhance, create, maintain, or remove capabilities with the goal of increasing value.

    The image contains a Venn Diagram with 3 circles. The circles are labelled as: Process, Technology, and Organization.

    Info-Tech Insight

    Enabling a high-performing organization requires excellent management practices and continuous optimization efforts. Your technology portfolio and architecture are important, but we must go deeper. Taking a holistic view of ERP technologies in the environments in which they operate allows for the inclusion of people and process improvements – this is key to maximizing business results. Using a formal ERP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    Address process gaps:

    • ERP and related technologies are invaluable to the goal of organizational enablement, but they must have supported processes driven by business goals.
    • Identify areas where capabilities need to be improved and work toward optimization.

    Support user satisfaction:

    • The best technology in the world won’t deliver business results if it’s not working for the users who need it.
    • Understand concerns, communicate improvements, and support users in all roles.

    Improve data quality:

    • Data quality is unique to each business unit and requires tolerance, not perfection.
    • Implement data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.

    Proactively manage vendors:

    • Vendor management is a critical component of technology enablement and IT satisfaction.
    • Assess your current satisfaction against that of your peers and work toward building a process that is best fit for your organization.

    Step 3.1

    Prioritize Optimization Opportunities

    Activities

    3.1.1 Prioritize optimization capability areas

    This step will guide you through the following activities:

    • Explore existing process gaps
    • Identify the impact of processes on user satisfaction
    • Identify the impact of data quality on user satisfaction
    • Review your overall product satisfaction and vendor management

    This step involves the following participants:

    • SAP Optimization Team

    Outcomes of this step

    • Application optimization plan

    The Business Value Matrix

    Rationalizing and quantifying the value of SAP

    Benefits can be realized internally and externally to the organization or department and have different drivers of value.

    • Financial benefits refer to the degree to which the value source can be measured through monetary metrics and are often quite tangible.
    • Human benefits refer to how an application can deliver value through a user’s experience.
    • Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.
    • Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Organizational Goals

    • Increased Revenue
    • Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.

    • Reduced Costs
    • Reduction of overhead. The ways in which an application limits the operational costs of business functions.

    • Enhanced Services
    • Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    • Reach Customers
    • Application functions that enable and improve the interaction with customers or produce market information and insights.

    Business Value Matrix

    The image contains a screenshot of a Business Value Matrix. It includes: Reach Customers, Increase Revenue or Deliver Value, Reduce Costs, and Enhance Services.

    Prioritize SAP optimization areas that will bring the most value to the organization

    Review your ERP capability areas and rate them according to relevance to organizational goals. This will allow you to eliminate optimization ideas that may not bring value to the organization.

    The image contains a screenshot of a graph that compares satisfaction by relevance to organizational goals to demonstrate high priority.

    3.1.1 Prioritize and rate optimization capability areas

    1-3 hours

    1. From the SAP capabilities, discuss areas of scope for the SAP optimization initiative.
    2. Discuss the four areas of the business value matrix and identify how each module, along with organizational goals, can bring value to the organization.
    3. Rate each of your SAP capabilities for the level of importance to your organization. The levels of importance are:
    • Crucial
    • Important
    • Secondary
    • Unimportant
    • Not applicable

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of activity 3.1.1.

    Download the Get the Most Out of Your SAP Workbook

    Step 3.2

    Discover Optimization Initiatives

    Activities

    3.2.1 Discover product and vendor satisfaction opportunities

    3.2.2 Discover capability and feature optimization opportunities

    3.2.3 Discover process optimization opportunities

    3.2.4 Discover integration optimization opportunities

    3.2.5 Discover data optimization opportunities

    3.2.6 Discover SAP cost-saving opportunities

    This step will guide you through the following activities:

    • Explore existing process gaps
    • Identify the impact of processes on user satisfaction
    • Identify the impact of data quality on user satisfaction
    • Review your overall product satisfaction and vendor management

    This step involves the following participants:

    • SAP Optimization Team

    Outcomes of this step

    • Application optimization plan

    Satisfaction with SAP product

    The image contains three screenshots to demonstrate satisfaction with sap product.

    Improving vendor management

    Create a right-size, right-fit strategy for managing the vendors relevant to your organization.

    The image contains a diagram to demonstrate lower strategic value, higher vendor spend/switching costs, higher strategic value, and lower vendor spend/switching costs.

    Info-Tech Insight

    A vendor management initiative (VMI) is an organization’s formalized process for evaluating, selecting, managing, and optimizing third-party providers of goods and services.

    The amount of resources you assign to managing vendors depends on the number and value of your organization’s relationships. Before optimizing your vendor management program around the best practices presented in Info-Tech’s Jump Start Your Vendor Management Initiative blueprint, assess your current maturity and build the process around a model that reflects the needs of your organization.

    Note: Info-Tech uses VMI interchangeably with the terms “vendor management office (VMO),” “vendor management function,” “vendor management process,” and “vendor management program.”

    Jump Start Your Vendor Management Initiative

    3.2.1 Discover product and vendor satisfaction

    1-2 hours

    1. Use tab 3.1 “Optimization Priorities” and tab 2.2 “Vend. & Prod. Sat” to review the capabilities and features of your SAP system.
    2. Answer the following questions:
      1. Document overall product satisfaction.
      2. How does your satisfaction compare with your peers?
      3. Is the overall system fit for use?
      4. Do you have a proactive vendor management strategy in place?
      5. Is the product dissatisfaction at the point that you need to evaluate if it is time to replace the product?
      6. Could your vendor or Systems Integrator help you achieve better results?
    3. Review the Value Effort Matrix for each initiative.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Examples from Application Portfolio Assessment

    The image contains screenshots from the Application Portfolio Assessment.

    3.2.2 Discover capability and feature optimization opportunities

    1-2 hours

    1. Use tab 3.1 “Optimization Priorities” and tab 2.2 “Vend. & Prod. Sat” to review the capabilities and features of your SAP system.
    2. Answer the following questions:
      1. What capabilities and features are performing the worst?
      2. Do other organizations and users struggle with these areas?
      3. Why is it not performing well?
      4. Is there an opportunity for improvement?
      5. What are some optimization initiatives that could be undertaken?
    3. Review the Value Effort Matrix for each initiative.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Process optimization: the hidden goldmine

    In ~90% of SAP business process analysis reports, SAP identified significant potential for improving the existing SAP implementation, i.e. the large majority of customers are not yet using their SAP Business Suite to the full extent.

    Goals of Process Improvement

    Process Improvement Sample Areas

    Improvement Possibilities

    • Optimize business and improve value drivers
    • Reduce TCO
    • Reduce process complexity
    • Eliminate manual processes
    • Increase efficiencies
    • Support digital transformation and enablement
    • Order to cash
    • Procure to pay
    • Order to replenish
    • Plan to produce
    • Request to settle
    • Make to order
    • Make to stock
    • Purchase to order
    • Increase number of process instances processed successfully end-to-end
    • Increase number of instances processed in time
    • Increase degree of process automation
    • Speed up cycle times of supply chain processes
    • Reduce number of process exceptions
    • Apply internal best practices across organizational units

    3.2.3 Discover process optimization opportunities

    1-2 hours

    1. Use exercise 2.13 and tab 2.1 “SAP Current State Assessment” to assess process optimization opportunities.
    2. List underperforming capabilities around process.
    3. Answer the following:
      1. What is the state of the current processes?
      2. Is there an opportunity for process improvement?
      3. What are some optimization initiatives that could be undertaken in this area?

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Integration provides long-term usability

    Balance the need for secure, compliant data availability with organizational agility.

    The Benefits of Integration

    The Challenges of Integration

    • The largest benefit is the extended use of data. The ERP data can be used in the enterprise-level business intelligence suite rather than the application-specific analytics.
    • Enhanced data security. Integrated approaches lend themselves to auditable processes such as sign-on and limiting the email movement of data.
    • Regulatory compliance. Large multi-site organizations have many layers of regulation. A clear understanding of where orders, deliveries, and payments were made streamlines the audit process.
    • Extending a single instance ERP to multiple sites. The challenge for data management is the same as any SaaS application. The connection and data replication present challenges.
    • Combining data from equally high-volume systems. For SAP it is recommended that one instance is set to primary and all other sites are read-only to maintain data integrity.
    • Incorporating data from the separate system(s). The proprietary and locked-in nature of the data collection and definitions for ERP systems often limit the movement of data between separate systems.

    Common integration and consolidation scenarios

    Financial Consolidation

    Data Backup

    Synchronization Across Sites

    Legacy Consolidation

    • Require a holistic view of data format and accounting schedules.
    • Use a data center as the main repository to ensure all geographic locations have equal access to the necessary data.
    • Set up synchronization schedules based on data usage, not site location.
    • Carefully define older transactions. Only active transactions should be brought in the ERP. Send older data to storage.
    • Problem: Controlling financial documentation across geographic regions.
      Most companies are required to report in each region where they maintain a presence. Stakeholders and senior management also need a holistic view. This leads to significant strain on the financial department to consolidate both revenue and budget allocations for cross-site projects across the various geographic locations on a regular basis.
    • Solution: For enterprises with a single vendor, SAP-only portfolios, SAP can offer integration tools. For those needing to integrate with other ERPs, the use of a connector may be required to send financial data to the main system. The format and accounting calendar for transactions should match the primary ERP system to allow consolidation. The local-specific format should be a role-based customization at the level of the site’s specific instance.
    • Problem: ERP systems generate high volumes of data. Most systems have a defined schedule of back-up during off-hours. Multi-instance brings additional issues through lack of defined off-hours, higher volume of data, and the potential for cross-site or instance data relationships. This leads to headaches for both the database administrator and business analysts.
    • Solution: The best solution is an off-site data center with high availability. This may include cloud storage or hosted data centers. Regardless of where the data is stored, centralize the data and replicate to each site. Ensure that the data center can mirror the database and binary large object (BLOB) storage that exists for each site.
    • Problem: Providing access to up-to-date transactions requires copying of both contextual information (permissions, timestamp, location, history) and the transaction itself across multiple sites to allow local copies to be used for analysis and audits. The sheer volume of information makes timely synchronization difficult.
    • Solution: Not all data needs to be synchronized in a timely fashion. In SAP, administrators can use NetWeaver to maintain and alter global data synchronization through the Master Data Management module. Permissions can be given to users to perform on-demand synchronization of data attached to that user.
    • The Problem: Subsidiaries and acquired companies often have a Tier 2 ERP product. Prior to fully consolidating the processes many enterprises will want to migrate data to their ERP system to build compliance and audit trails. Migration of data often breaks historical linkages between transactions.
    • Solution: SAP offers tools to integrate data across applications that can be used as part of a data migration strategy. The process of data migration should be combined with data warehousing to ensure a cost-effective process. For most enterprises, the lack of experience in data migration will necessitate the use of consultants and independent software vendors (ISV).

    For more information: Implement a Multi-site ERP

    3.2.4 Discover integration optimization opportunities

    1-2 hours

    1. Use tab 1.3.1 “SAP Application Inventory” to discuss integrations and how they are related to capability areas that are not performing well.
    2. List capabilities that might be affected by integration issues. Think about exercise 3.2.1 and discuss how integrations could be affecting overall product satisfaction.
    3. Answer the following:
      1. Are there some areas where integration could be improved?
      2. Is there an opportunity for process improvement?
      3. What are some optimization initiatives that could be undertaken in this area?

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    System and data optimization

    Consolidating your business and technology requires an overall system and data migration plan.

    The image contains a screenshot of a diagram that demonstrates three different integrations: system, organization, and data.

    Info-Tech Insight

    Have an overall data migration plan before beginning your systems consolidation journey to S/4HANA.

    Use a data strategy that fixes the enterprise-wide data management issues

    Your data management must allow for flexibility and scalability for future needs.

    IT has several concerns around ERP data and wide dissemination of that data across sites. Large organizations can benefit from building a data warehouse or at least adopting some of the principles of data warehousing. The optimal way to deal with the issue of integration is to design a metadata-driven data warehouse that acts as a central repository for all ERP data. They serve as the storage facility for millions of transactions, formatted to allow analysis and comparison.

    Key considerations:

    • Technical: At what stage does data move to the warehouse? Can processes be automated to dump data or to do a scheduled data movement?
    • Process: Data integration requires some level of historical context for all data. Ensure that all data has multiple metadata tags to future-proof the data.
    • People: Who will be accessing the data and what are the key items that users will need to adapt to the data warehouse process?

    Info-Tech Insight

    Data warehouse solutions can be expensive. See Info-Tech’s Build a Data Warehouse on a Solid Foundation for guidance on what options are available to meet your budget and data needs.

    Optimizing SAP data, additional considerations

    Data Quality Management

    Effective Data Governance

    Data-Centric Integration Strategy

    Extensible Data Warehousing

    • Prevention is ten times cheaper than remediation. Stop fixing data quality with band-aid solutions and start fixing at the source of the problem.
    • Data quality is unique to each business unit and requires tolerance, not perfection. If the data allows the business to operate at the desired level, don’t waste time fixing data that may not need to be fixed.
    • Implement a set of data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.
    • Develop a prioritized data quality improvement project roadmap and long-term improvement strategy.
    • Build related practices with more confidence and less risk after achieving an appropriate level of data quality.
    • Data governance enables data-driven insight. Think of governance as a structure for making better use of data.
    • Collaboration is critical. The business may own the data, but IT understands the data. Data governance will not work unless the business and IT work together.
    • Data governance powers the organization up the data value chain through policies and procedures, master data management, data quality, and data architecture.
    • Create a roadmap to prioritize initiatives and delineate responsibilities among data stewards, data owners, and the data governance steering committee.
    • Ensure buy-in from business and IT stakeholders. Communicate initiatives to end users and executives to reduce resistance.
    • Every enterprise application involves data integration. Any change in the application and database ecosystem requires you to solve a data integration problem.
    • Data integration is becoming more and more critical for downstream functions of data management and for business operations to be successful. Poor integration holds back these critical functions.
    • Build your data integration practice with a firm foundation in governance and a reference architecture. Ensure that your process is scalable and sustainable.
    • Support the flow of data through the organization and meet the organization’s requirements for data latency, availability, and relevancy.
    • Data availability must be frequently reviewed and repositioned to continue to grow with the business.
    • A data warehouse is a project, but successful data warehousing is a program. An effective data warehouse requires planning beyond the technology implementation.
    • Governance, not technology, needs to be the core support system for enabling a data warehouse program.
    • Leverage an approach that focuses on constructing a data warehouse foundation that can address a combination of operational, tactical, and ad hoc business needs.
    • Invest time and effort to put together pre-project governance to inform and guide your data warehouse implementation.
    • Select the most suitable architecture pattern to ensure the data warehouse is “built right” at the very beginning.

    Restore Trust in Your Data Using a Business-Aligned Data Quality Management Approach

    Establish Data Governance

    Build a Data Integration Strategy

    Build an Extensible Data Warehouse Foundation

    Data Optimization

    Organizations are faced with challenges associated with changing data landscapes.

    Data migrations should not be taken lightly. It requires an overall data governance to assure data integrity for the move to S/4HANA and beyond.

    Have a solid plan before engaging S/4HANA Migration Cockpit.

    Develop a Master Data Management Strategy and Roadmap

    • Master data management (MDM) is complex in practice and requires investments in governance, technology, and planning.
    • Develop a MDM strategy and initiative roadmap using Info-Tech’s MDM framework, which takes data governance, architecture, and other critical data capabilities into consideration.

    Establish Data Governance

    • Ensure your data governance program delivers measurable business value by aligning the associated data governance initiatives with the business architecture.
    • Data governance must continuously align with the organization’s enterprise governance function. It should not be perceived as a pet project of IT but rather as an enterprise-wide, business-driven initiative.
    The image contains a screenshot of the S/4HANA Migration Cockpit.

    3.2.5 Discover data optimization opportunities

    1-2 hours

    1. Use your APA or user satisfaction survey to understand issues related to data.
      Note: Data issues happen for a number of reasons:
    • Poor underlying data in the system
    • More than one source of truth
    • Inability to consolidate data
    • Inability to measure KPIs effectively
    • Reporting that is cumbersome or non-existent
  • List underperforming capabilities related to data.
  • Answer the following:
    1. What are some underlying issues?
    2. Is there an opportunity for data improvement?
    3. What are some optimization initiatives that could be undertaken in this area?

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    SAP cost savings

    SAP cost savings does not have to be complicated.

    Look for quick wins:

    • Evaluate user licensing:
      • Ensure you are not double paying for employees or paying for employees who are no longer with the organization.
      • Verify user activity – if users are accessing the system very infrequently it does not make sense to license them as full users.
      • Audit your user classifications – ensure title positions and associated licenses are up to date.
    • Curb data sprawl.
    • Consolidate applications.

    30-35% of SAP customers likely have underutilized assets. This can add up to millions in unused software and maintenance.

    -Riley et al.

    20% Only 20 percent of companies manage to capture more than half the projected benefits from ERP systems.

    -McKinsey
    The image contains a screenshot of the Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk.

    Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk

    The image contains a screenshot of Secrets of SAP S/4HANA Licensing.

    Secrets of SAP S/4HANA Licensing

    License Optimization

    With the relatively slow uptake of the S/4HANA platform, the pressure is immense for SAP to maintain revenue growth.

    SAP’s definitions and licensing rules are complex and vague, making it extremely difficult to purchase with confidence while remaining compliant.

    Without having a holistic negotiation strategy, it is easy to hit a common obstacle and land into SAP’s playbook, requiring further spend.

    Price Benchmarking & Negotiation

    • Use price benchmarking and negotiation intelligence to secure a market-competitive price.
    • Understand negotiation tactics that can be used to better your deal.

    Secrets of SAP S/4HANA Licensing:

    • Build a business case to evaluate S/4HANA.
    • Understand the S/4HANA roadmap and map current functionality to ensure compatibility.

    SAP’s 2025 Support End of Life Date Delayed…As Predicted Here First

    • The math simply did not add up for SAP.
    • Extended support post 2027 is a mixed bag.

    3.2.6 Discover SAP cost-saving opportunities

    1-2 hours

    1. Use tab 1.5 “Current Costs” as an input for this exercise.
    2. Look for opportunities to cut SAP costs, both quick-wins and long-term strategy.
    3. Review Info-Tech’s SAP vendor management resources to understand cost-saving strategies:
    4. List cost-savings initiatives and opportunities.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Other optimization opportunities

    There are many opportunities to improve your SAP portfolio. Choose the ones that are right for your business:

    • Artificial intelligence (AI) (and management of the AI lifecycle)
    • Machine learning (ML)
    • Augment business interactions
    • Automatically execute sales pipelines
    • Process mining
    • SAP application monitoring
    • Be aware of the SAP product roadmap
    • Implement and take advantage of SAP tools and product offerings

    Phase 4

    Build Your Optimization Roadmap

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    This phase will walk you through the following activities:

    • Review the different options to solve the identified pain points
    • Build out a roadmap showing how you will get to those solutions
    • Build a communication plan that includes the stakeholder presentation

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Get the Most Out of Your SAP

    Step 4.1

    4.1 Build Your Optimization Roadmap

    Activities

    4.1.1 Pick your path

    4.1.2 Pick the right SAP migration path

    4.1.3 Build a roadmap

    4.1.4 Build a visual roadmap

    This step will walk you through the following activities:

    • Review the different options to solve the identified pain points then build out a roadmap of how to get to that solution.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Outcomes of this step

    • A strategic direction is set
    • An initial roadmap is laid out

    Choose the right path for your organization

    There are several different paths you can take to achieve your ideal future state. Make sure to pick the one that suits your needs as defined by your current state.

    The image contains a diagram to demonstrate the different paths that can be taken. The pathways are: Optimize current system, augment current system, consolidate current systems, upgrade system, and replace system.

    Explore the options for achieving your ideal future state

    CURRENT STATE

    STRATEGY

    There is significant evidence of poor user satisfaction, inefficient processes, lack of data usage, poor integrations, and little vendor management. Look for opportunities to improve the system.

    OPTIMIZE CURRENT SYSTEM

    Your existing application is, for the most part, functionally rich but may need some tweaking. Spend time and effort building and enhancing additional functionalities or consolidating and integrating interfaces.

    AUGMENT CURRENT SYSTEM

    Your ERP application portfolio consists of multiple apps serving the same functions. Consolidating applications with duplicate functionality is more cost efficient and makes integration and data sharing simpler.

    CONSOLIDATE CURRENT SYSTEMS

    The current system is reaching end of life and the software vendor offers a fit-for-use upgrade or system to which you can migrate. Prepare your migration strategy to move forward on the product roadmap.

    UPGRADE SYSTEM

    The current SAP system and future SAP roadmap are not fit for use. Vendor satisfaction is at an all-time low. Revisit your ERP strategy as you move into requirements gathering and selection.

    REPLACE SYSTEM

    Option: Optimize your current system

    Look for process, workflow, data usage, and vendor relation improvements.

    MAINTAIN CURRENT SYSTEM

    Keep the system but look for optimization opportunities.

    Your existing application portfolio satisfies both functionality and integration requirements. The processes surrounding it likely need attention, but the system should be considered for retention.

    Maintaining your current system entails adjusting current processes and/or adding new ones and involves minimal cost, time, and effort.

    INDICATORS

    POTENTIAL SOLUTIONS

    People

    • User satisfaction is in the mid-range
    • There is an opportunity to rectify problems
    • Contact vendor to inquire about employee training opportunities
    • Build a change management strategy

    Process

    • Processes are old and have not been optimized
    • There are many manual processes and workarounds
    • Low process maturity or undocumented inconsistent processes
    • Explore process reengineering and process improvement opportunities
    • Evaluate and standardize processes

    Technology

    • No major capability gaps
    • Supported for 5+ years
    • Explore opportunities outside of the core technology including workflows, integrations, and reporting

    Alternative 1: Optimize your current system

    MAINTAIN CURRENT SYSTEM

    • Keep your SAP system running
    • Invest in resolving current challenges
    • Automate manual processes where appropriate
    • Improve/modify current system
    • Evaluate current system against requirements/processes
    • Reimplement functionality

    Alternative Overview

    Initial Investment ($)

    Medium

    Risk

    Medium

    Change Management Required

    Medium

    Operating Costs ($)

    Low

    Alignment With Organizational Goals and ERP Strategy

    Medium-Low

    Key Considerations

    • Now that I know my needs, where is the current system underused?
    • Do we have specialized needs?
    • Which functions can best enable the business?

    Advantages

    • Less cost investment than upgrading or replacing the system
    • Less technology risk
    • The current system has several optimization initiatives that can be implemented
    • Familiarity with the system; IT and business users know the system well
    • Least amount of changes
    • Integrations will be able to be maintained and will mean less complexity
    • Will allow us to leverage current investments and build on our current confidence in the solution
    • Allow us to review processes and engineer some workflow and process improvements

    Disadvantages

    • The system may need some augmentation to handle some improvement areas
    • Build some items from scratch
    • Less user-friendly
    • Need to reimplement and reconfigure some modules
    • Lots of workarounds – more staff needed to support current processes
    • Increase customization (additional IT development investment)
    • System gaps would remain
    • System feels “hard” to use
    • Workarounds still needed
    • Hard to overcome “negative” experience with the current system
    • Some functional gaps will remain
    • Less system development and support from the vendor as the product ages.
    • May become a liability and risk area in the future

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Option: Augment your current system

    Use augmentation to resolve your existing technology and data pain points.

    AUGMENT CURRENT SYSTEM

    Add to the system.

    Your existing application is for the most part functionally rich but may need some tweaking. Spend time and effort enhancing your current system.

    You will be able to add functions by leveraging existing system features. Augmentation requires limited investment and less time and effort than a full system replacement.

    INDICATORS

    POTENTIAL SOLUTIONS

    Technology Pain Points

    • Lack of reporting functions
    • Lacking functional depth in key process areas
    • Add point solutions or enable modules to address missing functionality

    Data Pain Points

    • Poor data quality
    • Lack of data for processing and reporting
    • Single-source data entry
    • Add modules or augment processes to capture data

    Alternative 2: Augment current solution

    AUGMENT CURRENT SYSTEM

    Maintain core system.

    Invest in SAP modules or extended functionality.

    Add functionality with bolt-on targeted “best of breed” solutions.

    Invest in tools to make the SAP portfolio and ecosystem work better.

    Alternative Overview

    Initial Investment ($)

    High

    Risk

    High

    Change Management

    High

    Operating Costs ($)

    High

    Alignment With Organizational Goals and ERP Strategy

    High

    Key Considerations

    • Now that I know my needs, where is the current system underused?
    • Do we have specialized needs?
    • Which functions can best enable the business?

    Advantages

    • Meet specific business needs – right solution for each component
    • Well-aligned to specific business needs
    • Higher morale – best solution with improved user interface
    • Allows you to find the right solution for the unique needs of the organization
    • Allows you to incorporate a light change management strategy that can include training for the end users and IT
    • Incorporate best practice processes
    • Leverage out-of-the-box functionality

    Disadvantages

    • Multiple technological solutions
    • Lots of integrations
    • Out-of-sync upgrades
    • Extra costs – potential less negotiation leverage
    • Multiple solutions to support
    • Multiple vendors
    • Less control over upgrades – including timing (potential out of sync)
    • More training – multiple products, multiple interfaces
    • Confusion – which system to use when
    • Need more HR specialization
    • More complexity in reporting
    • More alignment with JDE E1 information

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Option: Consolidate systems

    Consolidate and integrate your current systems to address your technology and data pain points.

    CONSOLIDATE AND INTEGRATE SYSTEMS

    Get rid of one system, combine two, or connect many.

    Your ERP application portfolio consists of multiple apps serving the same functions.

    Consolidating your systems eliminates the need to manage multiple pieces of software that provide duplicate functionality. Reducing the number of ERP applications makes integration and data sharing simpler.

    INDICATORS

    POTENTIAL SOLUTIONS

    Technology Pain Points

    • Disparate and disjointed systems
    • Multiple systems supporting the same function
    • Unused software licenses
    • System consolidation
    • System and module integration
    • Assess usage and consolidate licensing

    Data Pain Points

    • Multiple versions of same data
    • Duplication of data entry in different modules or systems
    • Poor data quality
    • Centralize core records
    • Assign data ownership
    • Single-source data entry

    Alternative 3: Consolidate systems

    AUGMENT CURRENT SYSTEM

    Get rid of old disparate on-premise solutions.

    Consolidate into an up-to-date ERP solution.

    Standardize across the organization.

    Alternative Overview

    Initial Investment ($)

    High

    Risk

    Med

    Change Management

    Med

    Operating Costs ($)

    Med

    Alignment With Organizational Goals and ERP Strategy

    High

    Key Considerations

    • Now that I know my needs, where is the current system underused?
    • Do we have specialized needs?
    • Which functions can best enable the business?

    Advantages

    • Aligns the technology across the organization
    • Streamlining of processes
    • Opportunity for decreased costs
    • Easier to maintain
    • Modernizes the SAP portfolio
    • Easier to facilitate training
    • Incorporate best practice processes
    • Leverage out-of-the-box functionality

    Disadvantages

    • Unique needs of some business units may not be addressed
    • Will require change management and training
    • Deeper investment in SAP

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Option: Upgrade System

    Upgrade your system to address gaps in your existing processes and various pain points.

    REPLACE CURRENT SYSTEM

    Move to a new SAP solution

    You’re transitioning from an end-of-life legacy system. Your existing system offers poor functionality and poor integration. It would likely be more cost- and time-efficient to replace the application and its surrounding processes altogether. You are satisfied with SAP overall and want to continue to leverage your SAP relationships and investments.

    INDICATORS

    POTENTIAL SOLUTIONS

    Technology Pain Points

    • Obsolete or end-of-life technology portfolio
    • Lack of functionality and poor integration
    • Not aligned with technology direction or enterprise architecture plans
    • Evaluate the ERP technology landscape
    • Determine if you need to replace the current system with a point solution or an all-in-one solution
    • Align ERP technologies with enterprise architecture

    Data Pain Points

    • Limited capability to store and retrieve data
    • Understand your data requirements

    Process Pains

    • Insufficient tools to manage workflow
    • Review end-to-end processes
    • Assess user satisfaction

    Alternative 4: Upgrade System

    UPGRADE SYSTEM

    Upgrade your current SAP systems with SAP product replacements.

    Invest in SAP with the appropriate migration path for your organization.

    Alternative Overview

    Initial Investment ($)

    High

    Risk

    Med

    Change Management

    Med

    Operating Costs ($)

    Med

    Alignment With Organizational Goals and ERP Strategy

    High

    Key Considerations

    • Now that I know my needs, where is the current system underused?
    • Do we have specialized needs?
    • Which functions can best enable the business?

    Advantages

    • Aligns the technology across the organization
    • Opportunity for business transformation
    • Allows you to leverage your SAP and SI relationships
    • Modernizes your ERP portfolio
    • May offer you advantages around business transformation and process improvement
    • Opportunity for new hosting options
    • May offer additional opportunities for consolidation or business enablement

    Disadvantages

    • Big initiative
    • Costly
    • Adds business risk during ERP upgrade
    • May require a high amount of change management
    • Organization will have to build resources to support the replacement and ongoing support of the new product
    • Training will be required across business and IT
    • Integrations with other applications may need to be rebuilt

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Option: Replace your current system

    Replace your system to address gaps in your existing processes and various pain points.

    REPLACE CURRENT SYSTEM

    Start from scratch.

    You’re transitioning from an end-of-life legacy system. Your existing system offers poor functionality and poor integration. It would likely be more cost and time efficient to replace the application and its surrounding processes all together.

    INDICATORS

    POTENTIAL SOLUTIONS

    Technology Pain Points

    • Lack of functionality and poor integration
    • Obsolete technology
    • Not aligned with technology direction or enterprise architecture plans
    • Dissatisfaction with SAP and SI
    • Evaluate the ERP technology landscape
    • Determine if you need to replace the current system with a point solution or an all-in-one solution
    • Align ERP technologies with enterprise architecture

    Data Pain Points

    • Limited capability to store and retrieve data
    • Understand your data requirements

    Process Pains

    • Insufficient tools to manage workflow
    • Review end-to-end processes
    • Assess user satisfaction

    Alternative 5: Replace SAP with another ERP solution

    AUGMENT CURRENT SYSTEM

    Get rid of old disparate on-premises solutions.

    Consolidate into an up-to-date ERP solution.

    Standardize across the organization.

    Alternative Overview

    Initial Investment ($)

    High

    Risk

    Med

    Change Management

    Med

    Operating Costs ($)

    Med

    Alignment With Organizational Goals and ERP Strategy

    High

    Key Considerations

    • Do we have the appetite to walk away from SAP?
    • What opportunities are we looking for?
    • Are other ERP solutions better for our business?

    Advantages

    • Allows you to explore ERP options outside of SAP
    • Aligns the technology across the organization
    • Opportunity for business transformation
    • Allows you to move away from SAP
    • Modernizes your ERP portfolio
    • May offer you advantages around business transformation and process improvement
    • Opportunity for new hosting options
    • May offer additional opportunities for consolidation or business enablement

    Disadvantages

    • Big initiative
    • Costly
    • Adds business risk during ERP replacement
    • Relationships will have to be rebuilt with ERP vendor and SIs
    • May require a high amount of change management
    • Organization will have to build resources to support the replacement and ongoing support of the new product
    • Training will be required across business and IT
    • Integrations with other applications may need to be rebuilt

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Activity 4.1.1: Pick your path

    1.5 hours

    For each given path selected, identify:

    • Advantage
    • Disadvantages
    • Initial Investment ($)
    • Risk
    • Change Management
    • Operating Costs ($)
    • Alignment With ERP Objectives
    • Key Considerations
    • Timeframe

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of activity 4.1.1 pick your path.

    Download the Get the Most Out of Your SAP Workbook

    Pick the right SAP migration path for your organization

    There are three S/4HANA paths you can take to achieve your ideal future state. Make sure to pick the one that suits your needs as defined by your current state and meets your overall long-term roadmap.

    The image contains a diagram of the pathways that can be take from current state to future state. The options are: BEST PRACTICE QUICK WIN
(Public Cloud), AUGMENT BEST PRACTICE (Private Cloud), OWN FULL SOLUTION (On Premise)

    SAP S/4 HANA offerings can be confusing

    The image contains a screenshot that demonstrates the SAP S/4 Offerings.

    What is the cloud, how is it deployed, and how is service provided?

    The image contains a screenshot from the National Institute of Standards and Technology that describes the Cloud Characteristics, Service Model, and Delivery Model.

    A workload-first approach will allow you to take full advantage of the cloud’s strengths

    • Under all but the most exceptional circumstances good cloud strategies will incorporate different service models. Very few organizations are “IaaS shops” or “SaaS shops,” even if they lean heavily in a one direction.
    • These different service models (including non-cloud options like colocation and on-premises infrastructure) each have different strengths. Part of your cloud strategy should involve determining which of the services makes the most sense for you.
    • Own the cloud by understanding which cloud (or non-cloud!) offering makes the most sense for you, given your unique context.

    See Info-Tech’s Define Your Cloud Vision for more information.

    Cloud service models

    • This research focuses on five key service models, each of which has its own strengths and weaknesses. Moving right from “on-prem” customers gradually give up more control over their environments to cloud service providers.
    • An entirely premises-based environment means that the customer is responsible for everything ranging from the dirt under the datacenter to application-level configurations. Conversely, in a SaaS environment, the provider is responsible for everything but those top-level application configurations.
    • A managed service provider or other third-party can manage any or of the components of the infrastructure stack. A service provider may, for example, build a SaaS solution on top of another provider’s IaaS or offer configuration assistance with a commercially available SaaS.

    Info-Tech Insight

    Not all workloads fit well in the cloud. Many environments will mix service models (e.g. SaaS for some workloads, some in IaaS, some on-premises) and this can be perfectly effective. It must be consistent and intentional, however.

    The image contains a screenshot of cloud service models: On-prem, CoLo, laaS, PaaS, and SaaS

    Option: Best Practice Quick Win

    S/4HANA Cloud, Essentials

    Updates

    4 times a year

    License Model

    Subscription

    Server Platform

    SAP

    Platform Management

    SAP only

    Pre-Set Templates (industries)

    Not allowed

    Single vs. Multi-Tenant

    Multi-client

    Maintenance ALM Tool

    SAP ALM

    New Implementation

    This is a public cloud solution for new clients adopting SAP that are mostly looking for full functionality within best practice.

    Consider a full greenfield approach. Even for mid-size existing customers looking for a best-practice overhaul.

    Functionality is kept to the core. Any specialties or unique needs would be outside the core.

    Regional localization is still being expanded and must be evaluated early if you are a global company.

    Option: Augment Best Practice

    S/4HANA Cloud, Extended Edition

    Updates

    Every 1-2 years or up to client’s schedule

    License Model

    Subscription

    Server Platform

    AZURE, AWS, Google

    Platform Management

    SAP only

    Pre-Set Templates (industries)

    Coded separately

    Single vs. Multi-Tenant

    Single tenant

    Maintenance ALM Tool

    SAP ALM or SAP Solution Manager

    New Implementation With Client Specifics

    No longer available to new customers from January 25, 2022, though available for renewals.

    Replacement is called SAP Extended Services for SAP S/4HANA Cloud, private edition.

    This offering is a grey area, and the extended offerings are being defined.

    New S/4HANA Cloud extensibility is being offered to early adopters, allowing for customization within a separate system landscape (DTP) and aiming for an SAP Central Business Configuration solution for the cloud. A way of fine-tuning to meet customer-specific needs.

    Option: Augment Best Practice (Cont.)

    S/4HANA Cloud, Private Edition

    Updates

    Every 1-5 years or up to client’s schedule

    License Model

    Subscription

    Server Platform

    AZURE, AWS, Google

    Platform Management

    SAP only

    Pre-Set Templates (industries)

    Allowed

    Single vs. Multi-Tenant

    Single tenant

    Maintenance ALM Tool

    SAP ALM or SAP Solution Manager

    New Implementation With Client Specifics

    This is a private cloud solution for existing or new customers needing more uniqueness, though still looking to adopt best practice.

    Still considered a new implementation with data migration requirements that need close attention.

    This offering is trying to move clients to the S/4HANA Cloud with close competition with the Any Premise product offering. Providing client specific scalability while allowing for standardization in the cloud and growth in the digital strategy. All customizations and ABAP functionality must be revisited or revamped to fit standardization.

    Option: Own Full Solution

    S/4HANA Any Premise

    Updates

    Client decides

    License Model

    Perpetual or subscription

    Server Platform

    AZURE, AWS, Google, partner's or own server room

    Platform Management

    Client and/or partner

    Pre-Set Templates (industries)

    Allowed

    Single vs. Multi-Tenant

    Single tenant

    Maintenance ALM Tool

    SAP Solution Manager

    Status Quo Migration to S/4HANA

    This is for clients looking for a quick transition to S/4HANA with minimal risks and without immediate changes to their operations.

    Though knowing the direction with SAP is toward its cloud solution, this may be a long costly path to getting the that end state.

    The Any Premise version carries over existing critical ABAP functionalities, and the SAP GUI can remain as the user interface.

    Activity 4.1.2 (Optional) Evaluate optimization initiatives

    1 hour

    1. If there is an opportunity to optimize the current SAP environment or prepare for the move to a new platform, continue with this step.
    2. Valuate your optimization initiatives from tab 3.2 “Optimization Initiatives.”

    Consider: relevance to achieving goals, number of users, importance to role, satisfaction with features, usability, data quality

    Value Opportunities: increase revenue, decrease costs, enhanced services, reach customers

    Additional Factors:

    • Current to Future Risk Profile
    • Number of Departments to Benefit
    • Importance to Stakeholder Relations
    • Resources: Do we have resources available and the skillset?
    • Cost
    • Overall Effort Rating
    • "Gut Check: Is it achievable? Have we done it or something similar before? Are we willing to invest in it?"

    Prioritize

    • Relative priority
    • Determine if this will be included in your optimization roadmap
    • Decision to proceed
    • Next steps

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Activity 4.1.3 Roadmap building blocks: SAP migration

    1 hour

    Migration paths: Determine your migration path and next steps using the Activity 4.1.1 “SAP System Options.”

    1. Identify initiatives and next steps.
    2. For each item on your roadmap, assign an owner who will be accountable to the completion of the roadmap item.
    3. Wherever possible, assign a start date, month, or quarter. The more specific you can be the better.
    4. Identify completion dates to create a sense of urgency. If you are struggling with start dates, it can help to start with a finish date and “back in” to a start date based on estimated efforts.
    5. Include periphery tasks such as communication strategy.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Note: Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.

    The image contains a diagram of the pathways that can be take from current state to future state. The options are: BEST PRACTICE QUICK WIN
(Public Cloud), AUGMENT BEST PRACTICE (Private Cloud), OWN FULL SOLUTION (On Premise)

    Download the Get the Most Out of Your SAP Workbook

    Activity 4.1.4 Roadmap building blocks: SAP optimization

    1 hour

    Optimization initiatives: Determine which if any to proceed with.

    1. Identify initiatives.
    2. For each item on your roadmap, assign an owner who will be accountable to the completion of the roadmap item.
    3. Wherever possible, assign a start date, month, or quarter. The more specific you can be the better.
    4. Identify completion dates to create a sense of urgency. If you are struggling with start dates, it can help to start with a finish date and “back in” to a start date based on estimated efforts.
    5. Include periphery tasks such as communication strategy.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Note: Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.

    The image contains a screenshot of activity 4.1.4 SAP optimization.

    Download the Get the Most Out of Your SAP Workbook

    SAP optimization roadmap

    Initiative

    Owner

    Start Date

    Completion Date

    Create final workshop deliverable

    Info-Tech

    16 September 2021

    Review final deliverable

    Workshop sponsor

    Present to executive team

    October 2021

    Build business case

    CFO, CIO, Directors

    3 weeks to build

    3-4 weeks process time

    Build an RFI for initial costings

    1-2 weeks

    Stage 1 approval for requirements gathering

    Executive committee

    Milestone

    Determine and acquire BA support for next step

    1 week

    Requirements gathering – level 2 processes

    Project team

    1 week

    Build RFP (based on informal approval)

    CFO, CIO, Directors

    4th calendar quarter 2022

    Possible completion: January 2023

    2-4 weeks

    Data strategy optimization

    The image contains a graph to demonstrate the data strategy optimization.

    Activity 4.1.5 (Optional) Build a visual SAP roadmap

    1 hour

    1. For some, a visual representation of a roadmap is easier to comprehend. Consider taking the roadmap built in 4.1.4 and creating a visual.
    2. Record this information in the Get the Most Out of Your SAP Workbook.

      The image contains a screenshot of activity 4.1.5 build a visual SAP roadmap.

    Download the Get the Most Out of Your SAP Workbook

    SAP strategy roadmap

    The image contains a screenshot of the SAP strategy roadmap.

    Implementations Partners

    • Able to consult, migrate, implement, and manage the SAP S/4HANA business suite across industries.
    • Able to transform the enterprise’s core business system to achieve the desired outcome.
    • Capable in strategic planning, building business cases, developing roadmaps, cost and time analysis, deployment model (on-prem, cloud, hybrid model), database conversion, database and operational support, and maintenance services.

    Info-Tech Insight

    It is becoming a common practice for implementation partners to engage in a two- to three-month Discovery Phase or Phase 0 to prepare an implementation roadmap. It is important to understand how this effort is tied to the overall service agreement.

    The image contains several logos of the implementation partners: Atos, Accenture, Cognizant, EY, Infosys, Tech Mahindra, LTI, Capgemini, Wipro, IBM, tos.

    Summary of Accomplishment

    Get the Most Out of Your SAP

    ERP technology is critical to facilitating an organization’s flow of information across business units. It allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making. ERP implementation should not be a one-and-done exercise. There needs to be an ongoing optimization to enable business processes and optimal organizational results.

    Get the Most Out of Your SAP allows organizations to proactively implement continuous assessment and optimization of their enterprise resource planning system, including:

    • Alignment and prioritization of key business and technology drivers.
    • Identification of processes, including classification and gap analysis.
    • Measurement of user satisfaction across key departments.
    • Improved vendor relations.
    • Data quality initiatives.

    This formal SAP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Research Contributors

    The image contains a picture of Ben Dickie.

    Ben Dickie

    Research Practice Lead

    Info-Tech Research Group

    Ben Dickie is a Research Practice Lead at Info-Tech Research Group. His areas of expertise include customer experience management, CRM platforms, and digital marketing. He has also led projects pertaining to enterprise collaboration and unified communications.

    The image contains a picture of Scott Bickley.

    Scott Bickley

    Practice Lead and Principal Research Director

    Info-Tech Research Group

    Scott Bickley is a Practice Lead and Principal Research Director at Info-Tech Research Group focused on vendor management and contract review. He also has experience in the areas of IT asset management (ITAM), software asset management (SAM), and technology procurement along with a deep background in operations, engineering, and quality systems management.

    The image contains a picture of Andy Neil.

    Andy Neil

    Practice Lead, Applications

    Info-Tech Research Group

    Andy is a Senior Research Director, Data Management and BI, at Info-Tech Research Group. He has over 15 years of experience in managing technical teams, information architecture, data modeling, and enterprise data strategy. He is an expert in enterprise data architecture, data integration, data standards, data strategy, big data, and the development of industry standard data models.

    Bibliography

    Armel, Kate. "New Article: Data-Driven Estimation, Management Lead to High Quality." QSM: Quantitative Software Management, 14 May 2013. Accessed 4 Feb. 2021.

    Enterprise Resource Planning. McKinsey, n.d. Accessed 13 Apr. 2022.

    Epizitone, Ayogeboh. Info-Tech Interview, 10 May 2021.

    Epizitone, Ayogeboh, and Oludayo O. Olugbara. “Principal Component Analysis on Morphological Variability of Critical Success Factors for Enterprise Resource Planning.” International Journal of Advanced Computer Science and Applications (IJACSA), vol. 11, no. 5, 2020. Web.

    Gheorghiu, Gabriel. "The ERP Buyer’s Profile for Growing Companies." Selecthub, 2018. Accessed 21 Feb. 2021.

    Karlsson, Johan. "Product Backlog Grooming Examples and Best Practices." Perforce, 18 May 2018. Accessed 4 Feb. 2021.

    Lichtenwalter, Jim. “A look back at 2021 and a look ahead to 2022.” ASUG, 23 Jan. 2022. Web.

    “Maximizing the Emotional Economy: Behavioral Economics." Gallup, n.d. Accessed 21 Feb. 2021.

    Mell, Peter, and Timothy Grance. “The NIST Definition of Cloud Computing.” National Institute of Standards and Technology. Sept. 2011. Web.

    Norelus, Ernese, Sreeni Pamidala, and Oliver Senti. "An Approach to Application Modernization: Discovery and Assessment Phase," Medium, 24 Feb 2020. Accessed 21 Feb. 2021.

    “Process Frameworks." APQC, n.d. Accessed 21 Feb. 2021.

    “Quarterly number of SAP S/4HANA subscribers worldwide, from 2015 to 2021.” Statista, n.d. Accessed 13 Apr. 2022.

    Riley, L., C.Hanna, and M. Tucciarone. “Rightsizing SAP in these unprecedented times.” Upperedge, 19 May 2020.

    Rubin, Kenneth S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Pearson Education, 2012.

    “SAP S/4HANA Product Scorecard Report.” SoftwareReviews, n.d. Accessed 18 Apr. 2022.

    Saxena, Deepak, and Joe Mcdonagh. "Evaluating ERP Implementations: The Case for a Lifecycle-based Interpretive Approach." The Electronic Journal of Information Systems Evaluation, vol. 22, no. 1, 2019, pp. 29-37. Accessed 21 Feb. 2021.

    Smith, Anthony. "How To Create A Customer-Obsessed Company Like Netflix." Forbes, 12 Dec. 2017. Accessed 21 Feb. 2021.

    Establish Data Governance – APAC Edition

    • Buy Link or Shortcode: {j2store}348|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $172,999 Average $ Saved
    • member rating average days saved: 63 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Organisations are faced with challenges associated with changing data landscapes, evolving business models, industry disruptions, regulatory and compliance obligations, and changing and maturing user landscapes and demands for data.
    • Although the need for a data governance program is often evident, organisations miss the mark when their data governance efforts are not directly aligned to delivering measurable business value by supporting key strategic initiatives, value streams, and their underlying business capabilities.

    Our Advice

    Critical Insight

    • Your organisation’s value streams and the associated business capabilities require effectively governed data. Without this, you face the impact of elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.
    • Ensure your data governance program delivers measurable business value by aligning the associated data governance initiatives with the business architecture.
    • Data governance must continuously align with the organisation’s enterprise governance function. It should not be perceived as an IT pet project, but rather as a business-driven initiative.

    Impact and Result

    Info-Tech’s approach to establishing and sustaining effective data governance is anchored in the strong alignment of organisational value streams and their business capabilities with key data governance dimensions and initiatives.

    • Align with enterprise governance, business strategy and organizational value streams to ensure the program delivers measurable business value.
    • Understand your current data governance capabilities and build out a future state that is right sized and relevant.
    • Define data governance leadership, accountability, and responsibility, supported by an operating model that effectively manages change and communication and fosters a culture of data excellence.

    Establish Data Governance – APAC Edition Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Data Governance Research – A step-by-step document to ensure that the people handling the data are involved in the decisions surrounding data usage, data quality, business processes, and change implementation.

    Data governance is a strategic program that will help your organisation control data by managing the people, processes, and information technology needed to ensure that accurate and consistent data policies exist across varying lines of the business, enabling data-driven insight. This research will provide an overview of data governance and its importance to your organization, assist in making the case and securing buy-in for data governance, identify data governance best practices and the challenges associated with them, and provide guidance on how to implement data governance best practices for a successful launch.

    • Establish Data Governance – Phases 1-3 – APAC

    2. Data Governance Planning and Roadmapping Workbook – A structured tool to assist with establishing effective data governance practices.

    This workbook will help your organisation understand the business and user context by leveraging your business capability map and value streams, developing data use cases using Info-Tech's framework for building data use cases, and gauging the current state of your organisation's data culture.

    • Data Governance Planning and Roadmapping Workbook – APAC

    3. Data Use Case Framework Template – An exemplar template to highlight and create relevant use cases around the organisation’s data-related problems and opportunities.

    This business needs gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organisation. This template provides a framework for data requirements and a mapping methodology for creating use cases.

    • Data Use Case Framework Template – APAC

    4. Data Governance Initiative Planning and Roadmap Tool – A visual roadmapping tool to assist with establishing effective data governance practices.

    This tool will help your organisation plan the sequence of activities, capture start dates and expected completion dates, and create a roadmap that can be effectively communicated to the organisation.

    • Data Governance Initiative Planning and Roadmap Tool – APAC

    5. Business Data Catalogue – A comprehensive template to help you to document the key data assets that are to be governed based on in-depth business unit interviews, data risk/value assessments, and a data flow diagram for the organisation.

    Use this template to document information about key data assets such as data definition, source system, possible values, data sensitivity, data steward, and usage of the data.

    • Business Data Catalogue – APAC

    6. Data Governance Program Charter Template – A program charter template to sell the importance of data governance to senior executives.

    This template will help get the backing required to get a data governance project rolling. The program charter will help communicate the project purpose, define the scope, and identify the project team, roles, and responsibilities.

    • Data Governance Program Charter Template – APAC

    7. Data Policies – A set of policy templates to support the data governance framework for the organisation.

    This set of policies supports the organisation's use and management of data to ensure that it efficiently and effectively serves the needs of the organisation.

    • Data Governance Policy – APAC
    • Data Classification Policy, Standard, and Procedure – APAC
    • Data Quality Policy, Standard, and Procedure – APAC
    • Data Management Definitions – APAC
    • Metadata Management Policy, Standard, and Procedure – APAC
    • Data Retention Policy and Procedure – APAC
    [infographic]

    Workshop: Establish Data Governance – APAC Edition

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Business Context and Value

    The Purpose

    Identify key business data assets that need to be governed.

    Create a unifying vision for the data governance program.

    Key Benefits Achieved

    Understand the value of data governance and how it can help the organisation better leverage its data.

    Gain knowledge of how data governance can benefit both IT and the business.

    Activities

    1.1 Establish business context, value, and scope of data governance at the organisation.

    1.2 Introduction to Info-Tech’s data governance framework.

    1.3 Discuss vision and mission for data governance.

    1.4 Understand your business architecture, including your business capability map and value streams.

    1.5 Build use cases aligned to core business capabilities.

    Outputs

    Sample use cases (tied to the business capability map) and a repeatable use case framework

    Vision and mission for data governance

    2 Understand Current Data Governance Capabilities and Plot Target-State Levels

    The Purpose

    Assess which data contains value and/or risk and determine metrics that will determine how valuable the data is to the organisation.

    Assess where the organisation currently stands in data governance initiatives.

    Determine gaps between the current and future states of the data governance program.

    Key Benefits Achieved

    Gain a holistic understanding of organisational data and how it flows through business units and systems.

    Identify which data should fall under the governance umbrella.

    Determine a practical starting point for the program.

    Activities

    2.1 Understand your current data governance capabilities and maturity.

    2.2 Set target-state data governance capabilities.

    Outputs

    Current state of data governance maturity

    Definition of target state

    3 Build Data Domain to Data Governance Role Mapping

    The Purpose

    Determine strategic initiatives and create a roadmap outlining key steps required to get the organisation to start enabling data-driven insights.

    Determine timing of the initiatives.

    Key Benefits Achieved

    Establish clear direction for the data governance program.

    Step-by-step outline of how to create effective data governance, with true business-IT collaboration.

    Activities

    3.1 Evaluate and prioritise performance gaps.

    3.2 Develop and consolidate data governance target-state initiatives.

    3.3 Define the role of data governance: data domain to data governance role mapping.

    Outputs

    Target-state data governance initiatives

    Data domain to data governance role mapping

    4 Formulate a Plan to Get to Your Target State

    The Purpose

    Consolidate the roadmap and other strategies to determine the plan of action from day one.

    Create the required policies, procedures, and positions for data governance to be sustainable and effective.

    Key Benefits Achieved

    Prioritised initiatives with dependencies mapped out.

    A clearly communicated plan for data governance that will have full business backing.

    Activities

    4.1 Identify and prioritise next steps.

    4.2 Define roles and responsibilities and complete a high-level RACI.

    4.3 Wrap-up and discuss next steps and post-workshop support.

    Outputs

    Initialised roadmap

    Initialised RACI

    Further reading

    Establish Data Governance

    Deliver measurable business value.

    Analyst Perspective

    Establish a data governance program that brings value to your organisation.

    Picture of analyst

    Data governance does not sit as an island on its own in the organisation – it must align with and be driven by your enterprise governance. As you build out data governance in your organisation, it's important to keep in mind that this program is meant to be an enabling framework of oversight and accountabilities for managing, handling, and protecting your company's data assets. It should never be perceived as bureaucratic or inhibiting to your data users. It should deliver agreed-upon models that are conducive to your organisation's operating culture, offering clarity on who can do what with the data and via what means. Data governance is the key enabler for bringing high-quality, trusted, secure, and discoverable data to the right users across your organisation. Promote and drive the responsible and ethical use of data while helping to build and foster an organisational culture of data excellence.

    Crystal Singh

    Director, Research & Advisory, Data & Analytics Practice

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The amount of data within organisations is growing at an exponential rate, creating a need to adopt a formal approach to governing data. However, many organisations remain uninformed on how to effectively govern their data. Comprehensive data governance should define leadership, accountability, and responsibility related to data use and handling and be supported by a well-oiled operating model and relevant policies and procedures. This will help ensure the right data gets to the right people at the right time, using the right mechanisms.

    Common Obstacles

    Organisations are faced with challenges associated with changing data landscapes, evolving business models, industry disruptions, regulatory and compliance obligations, and changing and maturing user landscape and demand for data. Although the need for a data governance program is often evident, organisations miss the mark when their data governance efforts are not directly aligned to delivering measurable business value. Initiatives should support key strategic initiatives, as well as value streams and their underlying business capabilities.

    Info-Tech's Approach

    Info-Tech's approach to establishing and sustaining effective data governance is anchored in the strong alignment of organisational value streams and their business capabilities with key data governance dimensions and initiatives. Organisations should:

    • Align their data governance with enterprise governance, business strategy and value streams to ensure the program delivers measurable business value.
    • Understand their current data governance capabilities so as to build out a future state that is right-sized and relevant.
    • Define data leadership, accountability, and responsibility. Support these with an operating model that effectively manages change and communication and fosters a culture of data excellence.

    Info-Tech Insight

    Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face elevated operating costs, missed opportunities, eroded stakeholder satisfaction, and increased business risk.

    Your challenge

    This research is designed to help organisations build and sustain an effective data governance program.

    • Your organisation has recognised the need to treat data as a corporate asset for generating business value and/or managing and mitigating risk.
    • This has brought data governance to the forefront and highlighted the need to build a performance-driven enterprise program for delivering quality, trusted, and readily consumable data to users.
    • An effective data governance program is one that defines leadership, accountability. and responsibility related to data use and handling. It's supported by a well-oiled operating model and relevant policies and procedures, all of which help build and foster a culture of data excellence where the right users get access to the right data at the right time via the right mechanisms.

    As you embark on establishing data governance in your organisation, it's vital to ensure from the get-go that you define the drivers and business context for the program. Data governance should never be attempted without direction on how the program will yield measurable business value.

    'Data processing and cleanup can consume more than half of an analytics team's time, including that of highly paid data scientists, which limits scalability and frustrates employees.' – Petzold, et al., 2020

    Image is a circle graph and 30% of it is coloured with the number 30% in the middle of the graph

    'The productivity of employees across the organisation can suffer.' – Petzold, et al., 2020

    Respondents to McKinsey's 2019 Global Data Transformation Survey reported that an average of 30% of their total enterprise time was spent on non-value-added tasks because of poor data quality and availability. – Petzold, et al., 2020

    Common obstacles

    Some of the barriers that make data governance difficult to address for many organisations include:

    • Gaps in communicating the strategic value of data and data governance to the organisation. This is vital for securing senior leadership buy-in and support, which, in turn, is crucial for sustained success of the data governance program.
    • Misinterpretation or a lack of understanding about data governance, including what it means for the organisation and the individual data user.
    • A perception that data governance is inhibiting or an added layer of bureaucracy or complication rather than an enabling and empowering framework for stakeholders in their use and handling of data.
    • Embarking on data governance without firmly substantiating and understanding the organisational drivers for doing so. How is data governance going to support the organisation's value streams and their various business capabilities?
    • Neglecting to define and measure success and performance. Just as in any other enterprise initiative, you have to be able to demonstrate an ROI for time, resources and funding. These metrics must demonstrate the measurable business value that data governance brings to the organisation.
    • Failure to align data governance with enterprise governance.
    Image is a circle graph and 78% of it is coloured with the number 78% in the middle of the graph

    78% of companies (and 92% of top-tier companies) have a corporate initiative to become more data-driven. – Alation, 2020.

    Image is a circle graph and 58% of it is coloured with the number 58% in the middle of the graph

    But despite these ambitions, there appears to be a 'data culture disconnect' – 58% of leaders overestimate the current data culture of their enterprises, giving a grade higher than the one produced by the study. – Fregoni, 2020.

    The strategic value of data

    Power intelligent and transformative organisational performance through leveraging data.

    Respond to industry disruptors

    Optimise the way you serve your stakeholders and customers

    Develop products and services to meet ever-evolving needs

    Manage operations and mitigate risk

    Harness the value of your data

    The journey to being data-driven

    The journey to declaring that you are a data-driven organisation requires a pit stop at data enablement.

    The Data Economy

    Data Disengaged

    You have a low appetite for data and rarely use data for decision making.

    Data Enabled

    Technology, data architecture, and people and processes are optimised and supported by data governance.

    Data Driven

    You are differentiating and competing on data and analytics; described as a 'data first' organisation. You're collaborating through data. Data is an asset.

    Data governance is essential for any organisation that makes decisions about how it uses its data.

    Data governance is an enabling framework of decision rights, responsibilities, and accountabilities for data assets across the enterprise.

    Data governance is:

    • Executed according to agreed-upon models that describe who can take what actions with what information, when, and using what methods (Olavsrud, 2021).
    • True business-IT collaboration that will lead to increased consistency and confidence in data to support decision making. This, in turn, helps fuel innovation and growth.

    If done correctly, data governance is not:

    • An annoying, finger-waving roadblock in the way of getting things done.
    • Meant to solve all data-related business or IT problems in an organisation.
    • An inhibitor or impediment to using and sharing data.

    Info-Tech's Data Governance Framework

    An image of Info-Tech's Data Governance Framework

    Create impactful data governance by embedding it within enterprise governance

    A model is depicted to show the relationship between enterprise governance and data governance.

    Organisational drivers for data governance

    Data governance personas:

    Conformance: Establishing data governance to meet regulations and compliance requirements.

    Performance: Establishing data governance to fuel data-driven decision making for driving business value and managing and mitigating business risk.

    Two images are depicted that show the difference between conformance and performance.

    Data Governance is not a one-person show

    • Data governance needs a leader and a home. Define who is going to be leading, driving, and steering data governance in your organisation.
    • Senior executive leaders play a crucial role in championing and bringing visibility to the value of data and data governance. This is vital for building and fostering a culture of data excellence.
    • Effective data governance comes with business and IT alignment, collaboration, and formally defined roles around data leadership, ownership, and stewardship.
    Four circles are depicted. There is one person in the circle on the left and is labelled: Data Governance Leadership. The circle beside it has two people in it and labelled: Organisational Champions. The circle beside it has three people in it and labelled: Data Owners, Stewards & Custodians. The last circle has four people in it and labelled: The Organisation & Data Storytellers.

    Traditional data governance organisational structure

    A traditional structure includes committees and roles that span across strategic, tactical, and operational duties. There is no one-size-fits-all data governance structure. However, most organisations follow a similar pattern when establishing committees, councils, and cross-functional groups. Most organisations strive to identify roles and responsibilities at a strategic and operational level. Several factors will influence the structure of the program, such as the focus of the data governance project and the maturity and size of the organisation.

    A triangular model is depicted and is split into three tiers to show the traditional data governance organisational structure.

    A healthy data culture is key to amplifying the power of your data.

    'Albert Einstein is said to have remarked, "The world cannot be changed without changing our thinking." What is clear is that the greatest barrier to data success today is business culture, not lagging technology.' – Randy Bean, 2020

    What does it look like?

    • Everybody knows the data.
    • Everybody trusts the data.
    • Everybody talks about the data.

    'It is not enough for companies to embrace modern data architectures, agile methodologies, and integrated business-data teams, or to establish centres of excellence to accelerate data initiatives, when only about 1 in 4 executives reported that their organisation has successfully forged a data culture.'– Randy Bean, 2020

    Data literacy is an essential part of a data-driven culture

    • In a data-driven culture, decisions are made based on data evidence, not on gut instinct.
    • Data often has untapped potential. A data-driven culture builds tools and skills, builds users' trust in the condition and sources of data, and raises the data skills and understanding among their people on the front lines.
    • Building a data culture takes an ongoing investment of time, effort, and money. This investment will not achieve the transformation you want without data literacy at the grassroots level.

    Data-driven culture = 'data matters to our company'

    Despite investments in data initiative, organisations are carrying high levels of data debt

    Data debt is 'the accumulated cost that is associated with the sub-optimal governance of data assets in an enterprise, like technical debt.'

    Data debt is a problem for 78% of organisations.

    40% of organisations say individuals within the business do not trust data insights.

    66% of organisations say a backlog of data debt is impacting new data management initiatives.

    33% of organisations are not able to get value from a new system or technology investment.

    30% of organisations are unable to become data-driven.

    Source: Experian, 2020

    Absent or sub-optimal data governance leads to data debt

    Only 3% of companies' data meets basic quality standards. (Source: Nagle, et al., 2017)

    Organisations suspect 28% of their customer and prospect data is inaccurate in some way. (Source: Experian, 2020)

    Only 51% of organisations consider the current state of their CRM or ERP data to be clean, allowing them to fully leverage it. (Source: Experian, 2020)

    35% of organisations say they're not able to see a ROI for data management initiatives. (Source: Experian, 2020)

    Embrace the technology

    Make the available data governance tools and technology work for you:

    • Data catalogue
    • Business data glossary
    • Data lineage
    • Metadata management

    While data governance tools and technologies are no panacea, leverage their automated and AI-enabled capabilities to augment your data governance program.

    Logos of data governance tools and technology.

    Measure success to demonstrate tangible business value

    Put data governance into the context of the business:

    • Tie the value of data governance and its initiatives back to the business capabilities that are enabled.
    • Leverage the KPIs of those business capabilities to demonstrate tangible and measurable value. Use terms and language that will resonate with senior leadership.

    Don't let measurement be an afterthought:

    Start substantiating early on how you are going to measure success as your data governance program evolves.

    Build a right-sized roadmap

    Formulate an actionable roadmap that is right-sized to deliver value in your organisation.

    Key considerations:

    • When building your data governance roadmap, ensure you do so through an enterprise lens. Be cognizant of other initiatives that might be coming down the pipeline that may require you to align your data governance milestones accordingly.
    • Apart from doing your planning with consideration for other big projects or launches that might be in-flight and require the time and attention of your data governance partners, also be mindful of the more routine yet still demanding initiatives.
    • When doing your roadmapping, consider factors like the organisation's fiscal cycle, typical or potential year-end demands, and monthly/quarterly reporting periods and audits. Initiatives such as these are likely to monopolise the time and focus of personnel key to delivering on your data governance milestones.

    Sample milestones:

    Data Governance Leadership & Org Structure Definition

    Define the home for data governance and other key roles around ownership and stewardship, as approved by senior leadership.

    Data Governance Charter and Policies

    Create a charter for your program and build/refresh associated policies.

    Data Culture Diagnostic

    Understand the organisation's current data culture, perception of data, value of data, and knowledge gaps.

    Use Case Build and Prioritisation

    Build a use case that is tied to business capabilities. Prioritise accordingly.

    Business Data Glossary

    Build and/or refresh the business' glossary for addressing data definitions and standardisation issues.

    Tools & Technology

    Explore the tools and technology offering in the data governance space that would serve as an enabler to the program. (e.g. RFI, RFP).

    Key takeaways for effective business-driven data governance

    Data governance leadership and sponsorship is key.

    Ensure strategic business alignment.

    Build and foster a culture of data excellence.

    Evolve along the data journey.

    Make data governance an enabler, not a hindrance.

    Insight summary

    Overarching insight

    Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face the impact of elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.

    Insight 1

    Data governance should not sit as an island in your organisation. It must continuously align with the organisation's enterprise governance function. It shouldn't be perceived as a pet project of IT, but rather as an enterprise-wide, business-driven initiative.

    Insight 2

    Ensure your data governance program delivers measurable business value by aligning the associated data governance initiatives with the business architecture. Leverage the measures of success or KPIs of the underlying business capabilities to demonstrate the value data governance has yielded for the organisation.

    Insight 3

    Data governance remains the foundation of all forms of reporting and analytics. Advanced capabilities such as AI and machine learning require effectively governed data to fuel their success.

    Tactical insight

    Tailor your data literacy program to meet your organisation's needs, filling your range of knowledge gaps and catering to your different levels of stakeholders. When it comes to rolling out a data literacy program, there is no one-size-fits-all solution. Your data literacy program is intended to fill the knowledge gaps about data, as they exist in your organisation. It should be targeted across the board – from your executive leadership and management through to the subject matter experts across different lines of the business in your organisation.

    Info-Tech's methodology for establishing data governance

    1. Build Business and User Context 2. Understand Your Current Data Governance Capabilities 3. Build a Target State Roadmap and Plan
    Phase Steps
    1. Substantiate Business Drivers
    2. Build High-Value Use Cases for Data Governance
    1. Understand the Key Components of Data Governance
    2. Gauge Your Organisation's Current Data Culture
    1. Formulate an Actionable Roadmap and Right-Sized Plan
    Phase Outcomes
    • Your organisation's business capabilities and value streams
    • A business capability map for your organisation
    • Categorisation of your organisation's key capabilities
    • A strategy map tied to data governance
    • High-value use cases for data governance
    • An understanding of the core components of an effective data governance program
    • An understanding your organisation's current data culture
    • A data governance roadmap and target-state plan comprising of prioritised initiatives

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Screenshot of Info-Tech's Data Governance Planning and Roadmapping Workbook data-verified=

    Data Governance Planning and Roadmapping Workbook

    Use the Data Governance Planning and Roadmapping Workbook as you plan, build, roll out, and scale data governance in your organisation.

    Screenshot of Info-Tech's Data Use Case Framework Template

    Data Use Case Framework Template

    This template takes you through a business needs gathering activity to highlight and create relevant use cases around the organisation's data-related problems and opportunities.

    Screenshot of Info-Tech's Business Data Glossary data-verified=

    Business Data Glossary

    Use this template to document the key data assets that are to be governed and create a data flow diagram for your organisation.

    Screenshot of Info-Tech's Data Culture Diagnostic and Scorecard data-verified=

    Data Culture Diagnostic and Scorecard

    Leverage Info-Tech's Data Culture Diagnostic to understand how your organisation scores across 10 areas relating to data culture.

    Key deliverable:

    Data Governance Planning and Roadmapping Workbook

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Data Governance Initiative Planning and Roadmap Tool

    Leverage this tool to assess your current data governance capabilities and plot your target state accordingly.

    This tool will help you plan the sequence of activities, capture start dates and expected completion dates, and create a roadmap that can be effectively communicated to the organisation.

    Data Governance Program Charter Template

    This template will help get the backing required to get a data governance project rolling. The program charter will help communicate the project purpose, define the scope, and identify the project team, roles, and responsibilities.

    Data Governance Policy

    This policy establishes uniformed data governance standards and identifies the shared responsibilities for assuring the integrity of the data and that it efficiently and effectively serves the needs of your organisation

    Other Deliverables:

    • Data Governance Initiative Planning and Roadmap Tool
    • Data Governance Program Charter Template
    • Data Governance Policy

    Blueprint benefits

    Defined data accountability & responsibility

    Shared knowledge & common understanding of data assets

    Elevated trust & confidence in traceable data

    Improved data ROI & reduced data debt

    Support for ethical use and handling of data in a culture of excellence

    Measure the value of this blueprint

    Leverage this blueprint's approach to ensure your data governance initiatives align and support your key value streams and their business capabilities.

    • Aligning your data governance program and its initiatives to your organisation's business capabilities is vital for tracing and demonstrating measurable business value for the program.
    • This alignment of data governance with value streams and business capabilities enables you to use business-defined KPIs and demonstrate tangible value.
    Screenshot from this blueprint on the Measurable Business Value

    In phases 1 and 2 of this blueprint, we will help you establish the business context, define your business drivers and KPIs, and understand your current data governance capabilities and strengths.

    In phase 3, we will help you develop a plan and a roadmap for addressing any gaps and improving the relevant data governance capabilities so that data is well positioned to deliver on those defined business metrics.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    'Our team, has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.'

    Guided Implementation

    'Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keeps us on track.'

    Workshop

    'We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.'

    Consulting

    'Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.'

    Diagnostics and consistent frameworks are used throughout all four options.

    Establish Data Governance project overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    1. Build Business and User context2. Understand Your Current Data Governance Capabilities3. Build a Target State Roadmap and Plan
    Best-Practice Toolkit
    1. Substantiate Business Drivers
    2. Build High-Value Use Cases for Data Governance
    1. Understand the Key Components of Data Governance
    2. Gauge Your Organisation's Current Data Culture
    1. Formulate an Actionable Roadmap and Right-Sized Plan
    Guided Implementation
    • Call 1
    • Call 2
    • Call 3
    • Call 4
    • Call 5
    • Call 6
    • Call 7
    • Call 8
    • Call 9
    Phase Outcomes
    • Your organisation's business capabilities and value streams
    • A business capability map for your organisation
    • Categorisation of your organisation's key capabilities
    • A strategy map tied to data governance
    • High-value use cases for data governance
    • An understanding of the core components of an effective data governance program
    • An understanding your organisation's current data culture
    • A data governance roadmap and target-state plan comprising of prioritised initiatives

    Guided Implementation

    What does a typical GI on this topic look like?

    An outline of what guided implementation looks like.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organisation. A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Workshop overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4
    Establish Business Context and Value Understand Current Data Governance Capabilities and Plot Target-State Levels Build Data Domain to Data Governance Role Mapping Formulate a Plan to Get to Your Target State
    Activities
    • Establish business context, value, and scope of data governance at the organisation
    • Introduction to Info-Tech's data governance framework
    • Discuss vision and mission for data governance
    • Understand your business architecture, including your business capability map and value streams
    • Build use cases aligned to core business capabilities
    • Understand your current data governance capabilities and maturity
    • Set target state data governance capabilities
    • Evaluate and prioritise performance gaps
    • Develop and consolidate data governance target-state initiatives
    • Define the role of data governance: data domain to data governance role mapping
    • Identify and prioritise next steps
    • Define roles and responsibilities and complete a high-level RACI
    • Wrap-up and discuss next steps and post-workshop support
    Deliverables
    1. Sample use cases (tied to the business capability map) and a repeatable use case framework
    2. Vision and mission for data governance
    1. Current state of data governance maturity
    2. Definition of target state
    1. Target-state data governance initiatives
    2. Data domain to data governance role mapping
    1. Initialised roadmap
    2. Initialised RACI
    3. Completed Business Data Glossary (BDG)

    Phase 1

    Build Business and User Context

    Three circles are in the image that list the three phases and the main steps. Phase 1 is highlighted.

    'When business users are invited to participate in the conversation around data with data users and IT, it adds a fundamental dimension — business context. Without a real understanding of how data ties back to the business, the value of analysis and insights can get lost.' – Jason Lim, Alation

    This phase will guide you through the following activities:

    • Identify Your Business Capabilities
    • Define your Organisation's Key Business Capabilities
    • Develop a Strategy Map that Aligns Business Capabilities to Your Strategic Focus

    This phase involves the following participants:

    • Data Governance Leader/Data Leader (CDO)
    • Senior Business Leaders
    • Business SMEs
    • Data Leadership, Data Owners, Data Stewards and Custodians

    Step 1.1

    Substantiate Business Drivers

    Activities

    1.1.1 Identify Your Business Capabilities

    1.1.2 Categorise Your Organisation's Key Business Capabilities

    1.1.3 Develop a Strategy Map Tied to Data Governance

    This step will guide you through the following activities:

    • Leverage your organisation's existing business capability map or initiate the formulation of a business capability map, guided by Info-Tech's approach
    • Determine which business capabilities are considered high priority by your organisation
    • Map your organisation's strategic objectives to value streams and capabilities to communicate how objectives are realised with the support of data

    Outcomes of this step

    • A foundation for data governance initiative planning that's aligned with the organisation's business architecture: value streams, business capability map, and strategy map

    Info-Tech Insight

    Gaining a sound understanding of your business architecture (value streams and business capabilities) is a critical foundation for establishing and sustaining a data governance program that delivers measurable business value.

    1.1.1 Identify Your Business Capabilities

    Confirm your organisation's existing business capability map or initiate the formulation of a business capability map:

    1. If you have an existing business capability map, meet with the relevant business owners/stakeholders to confirm that the content is accurate and up to date. Confirm the value streams (how your organisation creates and captures value) and their business capabilities are reflective of the organisation's current business environment.
    2. If you do not have an existing business capability map, follow this activity to initiate the formulation of a map (value streams and related business capabilities):
      1. Define the organisation's value streams. Meet with senior leadership and other key business stakeholders to define how your organisation creates and captures value.
      2. Define the relevant business capabilities. Meet with senior leadership and other key business stakeholders to define the business capabilities.

    Note: A business capability defines what a business does to enable value creation. Business capabilities are business terms defined using descriptive nouns such as 'Marketing' or 'Research and Development.' They represent stable business functions, are unique and independent of each other, and typically will have a defined business outcome.

    Input

    • List of confirmed value streams and their related business capabilities

    Output

    • Business capability map with value streams for your organisation

    Materials

    • Your existing business capability map or the template provided in the Data Governance Planning and Roadmapping Workbook accompanying this blueprint

    Participants

    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data Governance Working Group

    For more information, refer to Info-Tech's Document Your Business Architecture.

    Define or validate the organisation's value streams

    Value streams connect business goals to the organisation's value realisation activities. These value realisation activities, in turn, depend on data.

    If the organisation does not have a business architecture function to conduct and guide Activity 1.1.1, you can leverage the following approach:

    • Meet with key stakeholders regarding this topic, then discuss and document your findings.
    • When trying to identify the right stakeholders, consider: Who are the decision makers and key influencers? Who will impact this piece of business architecture related work? Who has the relevant skills, competencies, experience, and knowledge about the organisation?
    • Engage with these stakeholders to define and validate how the organisation creates value.
    • Consider:
      • Who are your main stakeholders? This will depend on the industry in which you operate. For example, customers, residents, citizens, constituents, students, patients.
      • What are your stakeholders looking to accomplish?
      • How does your organisation's products and/or services help them accomplish that?
      • What are the benefits your organisation delivers to them and how does your organisation deliver those benefits?
      • How do your stakeholders receive those benefits?

    Align data governance to the organisation's value realisation activities.

    Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Info-Tech Insight

    Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face the possibilities of elevated operational costs, missed opportunities, eroded stakeholder satisfaction, negative impact to reputation and brand, and/or increased exposure to business risk.

    Example of value streams – Retail Banking

    Value streams connect business goals to the organisation's value realisation activities.

    Example value stream descriptions for: Retail Banking

    Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Model example of value streams for retail banking.

    For this value stream, download Info-Tech's Info-Tech's Industry Reference Architecture for Retail Banking.

    Example of value streams – Higher Education

    Value streams connect business goals to the organisation's value realisation activities.

    Example value stream descriptions for: Higher Education

    Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Model example of value streams for higher education

    For this value stream, download Info-Tech's Industry Reference Architecture for Higher Education.

    Example of value streams – Local Government

    Value streams connect business goals to the organisation's value realisation activities.

    Example value stream descriptions for: Local Government

    Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Model example of value streams for local government

    For this value stream, download Info-Tech's Industry Reference Architecture for Local Government.

    Example of value streams – Manufacturing

    Value streams connect business goals to the organisation's value realisation activities.

    Example value stream descriptions for: Manufacturing

    Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Model example of value streams for manufacturing

    For this value stream, download Info-Tech's Industry Reference Architecture for Manufacturing.

    Example of value streams – Retail

    Value streams connect business goals to the organisation's value realisation activities.

    Example value stream descriptions for: Retail

    Model example of value streams for retail

    Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    For this value stream, download Info-Tech's Industry Reference Architecture for Retail.

    Define the organisation's business capabilities in a business capability map

    A business capability defines what a business does to enable value creation. Business capabilities represent stable business functions and typically will have a defined business outcome.

    Business capabilities can be thought of as business terms defined using descriptive nouns such as 'Marketing' or 'Research and Development.'

    If your organisation doesn't already have a business capability map, you can leverage the following approach to build one. This initiative requires a good understanding of the business. By working with the right stakeholders, you can develop a business capability map that speaks a common language and accurately depicts your business.

    Working with the stakeholders as described above:

    • Analyse the value streams to identify and describe the organisation's capabilities that support them.
    • Consider: What is the objective of your value stream? (This can highlight which capabilities support which value stream.)
    • As you initiate your engagement with your stakeholders, don't start a blank page. Leverage the examples on the next slides as a starting point for your business capability map.
    • When using these examples, consider: What are the activities that make up your particular business? Keep the ones that apply to your organisation, remove the ones that don't, and add any needed.

    Align data governance to the organisation's value realisation activities.

    Info-Tech Insight

    A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

    For more information, refer to Info-Tech's Document Your Business Architecture.

    Example business capability map – Retail Banking

    A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Retail Banking

    Model example business capability map for retail banking

    For this business capability map, download Info-Tech's Industry Reference Architecture for Retail Banking.

    Example business capability map – Higher Education

    A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Higher Education

    Model example business capability map for higher education

    For this business capability map, download Info-Tech's Industry Reference Architecture for Higher Education.

    Example business capability map – Local Government

    A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Local Government

    Model example business capability map for local government

    For this business capability map, download Info-Tech's Industry Reference Architecture for Local Government.

    Example business capability map – Manufacturing

    A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Manufacturing

    Model example business capability map for manufacturing

    For this business capability map, download Info-Tech's Industry Reference Architecture for Manufacturing.

    Example business capability map - Retail

    A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Retail

    Model example business capability map for retail

    For this business capability map, download Info-Tech's Industry Reference Architecture for Retail.

    1.1.2 Categorise Your Organisation's Key Capabilities

    Determine which capabilities are considered high priority in your organisation.

    1. Categorise or heatmap the organisation's key capabilities. Consult with senior and other key business stakeholders to categorise and prioritise the business' capabilities. This will aid in ensuring your data governance future state planning is aligned with the mandate of the business. One approach to prioritising capabilities with business stakeholders is to examine them through the lens of cost advantage creators, competitive advantage differentiators, and/or by high value/high risk.
    2. Identify cost advantage creators. Focus on capabilities that drive a cost advantage for your organisation. Highlight these capabilities and prioritise programs that support them.
    3. Identify competitive advantage differentiators. Focus on capabilities that give your organisation an edge over rivals or other players in your industry.

    This categorisation/prioritisation exercise helps highlight prime areas of opportunity for building use cases, determining prioritisation, and the overall optimisation of data and data governance.

    Input

    • Strategic insight from senior business stakeholders on the business capabilities that drive value for the organisation

    Output

    • Business capabilities categorised and prioritised (e.g. cost advantage creators, competitive advantage differentiators, high value/high risk)

    Materials

    • Your existing business capability map or the business capability map derived in the previous activity

    Participants

    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data Governance Working Group

    For more information, refer to Info-Tech's Document Your Business Architecture.

    Example of business capabilities categorisation or heatmapping – Retail

    This exercise is useful in ensuring the data governance program is focused and aligned to support the priorities and direction of the business.

    • Depending on the mandate from the business, priority may be on developing cost advantage. Hence the capabilities that deliver efficiency gains are the ones considered to be cost advantage creators.
    • The business' priority may be on maintaining or gaining a competitive advantage over its industry counterparts. Differentiation might be achieved in delivering unique or enhanced products, services, and/or experiences, and the focus will tend to be on the capabilities that are more end-stakeholder-facing (e.g. customer-, student-, patient,- and/or constituent-facing). These are the organisation's competitive advantage creators.

    Example: Retail

    Example of business capabilities categorisation or heatmapping – Retail

    For this business capability map, download Info-Tech's Industry Reference Architecture for Retail.

    1.1.3 Develop a Strategy Map Tied to Data Governance

    Identify the strategic objectives for the business. Knowing the key strategic objectives will drive business-data governance alignment. It's important to make sure the right strategic objectives of the organisation have been identified and are well understood.

    1. Meet with senior business leaders and other relevant stakeholders to help identify and document the key strategic objectives for the business.
    2. Leverage their knowledge of the organisation's business strategy and strategic priorities to visually represent how these map to value streams, business capabilities, and, ultimately, to data and data governance needs and initiatives. Tip: Your map is one way to visually communicate and link the business strategy to other levels of the organisation.
    3. Confirm the strategy mapping with other relevant stakeholders.

    Guide to creating your map: Starting with strategic objectives, map the value streams that will ultimately drive them. Next, link the key capabilities that enable each value stream. Then map the data and data governance to initiatives that support those capabilities. This is one approach to help you prioritise the data initiatives that deliver the most value to the organisation.

    Input

    • Strategic objectives as outlined by the organisation's business strategy and confirmed by senior leaders

    Output

    • A strategy map that maps your organisational strategic objectives to value streams, business capabilities, and, ultimately, to data program

    Materials

    Participants

    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data Governance Working Group

    Download Info-Tech's Data Governance Planning and Roadmapping Workbook

    Example of a strategy map tied to data governance

    • Strategic objectives are the outcomes that the organisation is looking to achieve.
    • Value streams enable an organisation to create and capture value in the market through interconnected activities that support strategic objectives.
    • Business capabilities define what a business does to enable value creation in value streams.
    • Data capabilities and initiatives are descriptions of action items on the data and data governance roadmap and which will enable one or multiple business capabilities in its desired target state.

    Info-Tech Tip:

    Start with the strategic objectives, then map the value streams that will ultimately drive them. Next, link the key capabilities that enable each value stream. Then map the data and data governance initiatives that support those capabilities. This process will help you prioritise the data initiatives that deliver the most value to the organisation.

    Example: Retail

    Example of a strategy map tied to data governance for retail

    For this strategy map, download Info-Tech's Industry Reference Architecture for Retail.

    Step 1.2

    Build High-Value Use Cases for Data Governance

    Activities

    1.2.1 Build High-Value Use Cases

    This step will guide you through the following activities:

    • Leveraging your categorised business capability map to conduct deep-dive sessions with key business stakeholders for creating high-value uses cases
    • Discussing current challenges, risks, and opportunities associated with the use of data across the lines of business
    • Exploring which other business capabilities, stakeholder groups, and business units will be impacted

    Outcomes of this step

    • Relevant use cases that articulate the data-related challenges, needs, or opportunities that are clear and contained and, if addressed ,will deliver value to the organisation

    Info-Tech Tip

    One of the most important aspects when building use cases is to ensure you include KPIs or measures of success. You have to be able to demonstrate how the use case ties back to the organisational priorities or delivers measurable business value. Leverage the KPIs and success factors of the business capabilities tied to each particular use case.

    1.2.1 Build High-Value Use Cases

    This business needs-gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organisation.

    1. Bring together key business stakeholders (data owner, stewards, SMEs) from a particular line of business as well as the relevant data custodian(s) to build cases for their units. Leverage the business capability map you created for facilitating this act.
    2. Leverage Info-Tech's framework for data requirements and methodology for creating use cases, as outlined in the Data Use Case Framework Template and seen on the next slide.
    3. Have the stakeholders move through each breakout session outlined in the Use Case Worksheet. Use flip charts or a whiteboard to brainstorm and document their thoughts.
    4. Debrief and document results in the Data Use Case Framework Template.
    5. Repeat this exercise with as many lines of the business as possible, leveraging your business capability map to guide your progress and align with business value.

    Tip: Don't conclude these use case discussions without substantiating what measures of success will be used to demonstrate the business value of the effort to produce the desired future state, as relevant to each particular use case.

    This business needs-gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organisation.

    1. Bring together key business stakeholders (data owner, stewards, SMEs) from a particular line of business as well the relevant data custodian(s) to build cases for their units. Leverage the business capability map you created for facilitating this act.
    2. Leverage Info-Tech's framework for data requirements and methodology for creating use cases, as outlined in the Data Use Case Framework Template and seen on the next slide.
    3. Have the stakeholders move through each breakout session outlined in the Use Case Worksheet. Use flip charts or a whiteboard to brainstorm and document their thoughts.
    4. Debrief and document results in the Data Use Case Framework Template
    5. Repeat this exercise with as many lines of the business as possible, leveraging your business capability map to guide your progress and align with business value.

    Tip: Don't conclude these use case discussions without substantiating what measures of success will be used to demonstrate the business value of the effort to produce the desired future state, as relevant to each particular use case.

    Input

    • Value streams and business capabilities as defined by business leaders
    • Business stakeholders' subject area expertise
    • Data custodian systems, integration, and data knowledge

    Output

    • Use cases that articulate data-related challenges, needs or opportunities that are tied to defined business capabilities and hence if addressed will deliver measurable value to the organisation.

    Materials

    • Your business capability map from activity 1.1.1
    • Info-Tech's Data Use Case Framework Template
    • Whiteboard or flip charts (or shared screen if working remotely)
    • Markers/pens

    Participants

    • Key business stakeholders
    • Data stewards and business SMEs
    • Data custodians
    • Data Governance Working Group

    Download Info-Tech's Data Use Case Framework Template

    Info-Tech's Framework for Building Use Cases

    Objective: This business needs-gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organisation.

    Leveraging your business capability map, build use cases that align with the organisation's key business capabilities.

    Consider:

    • Is the business capability a cost advantage creator or an industry differentiator?
    • Is the business capability currently underserved by data?
    • Does this need to be addressed? If so, is this risk- or value-driven?

    Info-Tech's Data Requirements and Mapping Methodology for Creating Use Cases

    1. What business capability (or capabilities) is this use case tied to for your business area(s)?
    2. What are your data-related challenges in performing this today?
    3. What are the steps in this process/activity today?
    4. What are the applications/systems used at each step today?
    5. What data domains are involved, created, used, and/or transformed at each step today?
    6. What does an ideal or improved state look like?
    7. What other business units, business capabilities, activities, and/or processes will be impacted or improved if this issue was solved?
    8. Who are the stakeholders impacted by these changes? Who needs to be consulted?
    9. What are the risks to the organisation (business capability, revenue, reputation, customer loyalty, etc.) if this is not addressed?
    10. What compliance, regulatory, and/or policy concerns do we need to consider in any solution?
    11. What measures of success or change should we use to prove the value of the effort (such as KPIs, ROI)? What is the measurable business value of doing this?

    The resulting use cases are to be prioritised and leveraged for informing the business case and the data governance capabilities optimisation plan.

    Taken from Info-Tech's Data Use Case Framework Template

    Phase 2

    Understand Your Current Data Governance Capabilities

    Three circles are in the image that list the three phases and the main steps. Phase 2 is highlighted.

    This phase will guide you through the following activities:

    • Understand the Key Components of Data Governance
    • Gauge Your Organisation's Current Data Culture

    This phase involves the following participants:

    • Data Leadership
    • Data Ownership & Stewardship
    • Policies & Procedures
    • Data Literacy & Culture
    • Operating Model
    • Data Management
    • Data Privacy & Security
    • Enterprise Projects & Services

    Step 2.1

    Understand the Key Components of Data Governance

    This step will guide you through the following activities:

    • Understanding the core components of an effective data governance program and determining your organisation's current capabilities in these areas:
      • Data Leadership
      • Data Ownership & Stewardship
      • Policies & Procedures
      • Data Literacy & Culture
      • Operating Model
      • Data Management
      • Data Privacy & Security
      • Enterprise Projects & Services

    Outcomes of this step

    • An understanding of the core components of an effective data governance program
    • An understanding your organisation's current data governance capabilities

    Leverage Info-Tech's: Data Governance Initiative Planning and Roadmap Tool to assess your current data governance capabilities and plot your target state accordingly.

    This tool will help your organisation plan the sequence of activities, capture start dates and expected completion dates, and create a roadmap that can be effectively communicated to the organisation.

    Review: Info-Tech's Data Governance Framework

    An image of Info-Tech's Data Governance Framework

    Key components of data governance

    A well-defined data governance program will deliver:

    • Defined accountability and responsibility for data.
    • Improved knowledge and common understanding of the organisation's data assets.
    • Elevated trust and confidence in traceable data.
    • Improved data ROI and reduced data debt.
    • An enabling framework for supporting the ethical use and handling of data.
    • A foundation for building and fostering a data-driven and data-literate organisational culture.

    The key components of establishing sustainable enterprise data governance, taken from Info-Tech's Data Governance Framework:

    • Data Leadership
    • Data Ownership & Stewardship
    • Operating Model
    • Policies & Procedures
    • Data Literacy & Culture
    • Data Management
    • Data Privacy & Security
    • Enterprise Projects & Services

    Data Leadership

    • Data governance needs a dedicated head or leader to steer the organisation's data governance program.
    • For organisations that do have a chief data officer (CDO), their office is the ideal and effective home for data governance.
    • Heads of data governance also have titles such as director of data governance, director of data quality, and director of analytics.
    • The head of your data governance program works with all stakeholders and partners to ensure there is continuous enterprise governance alignment and oversight and to drive the program's direction.
    • While key stakeholders from the business and IT will play vital data governance roles, the head of data governance steers the various components, stakeholders, and initiatives, and provides oversight of the overall program.
    • Vital data governance roles include: data owners, data stewards, data custodians, data governance steering committee (or your organisation's equivalent), and any data governance working group(s).

    The role of the CDO: the voice of data

    The office of the chief data officer (CDO):

    • Has a cross-organisational vision and strategy for data.
    • Owns and drives the data strategy; ensures it supports the overall organisational strategic direction and business goals.
    • Leads the organisational data initiatives, including data governance
    • Is accountable for the policy, strategy, data standards, and data literacy necessary for the organisation to operate effectively.
    • Educates users and leaders about what it means to be 'data-driven.'
    • Builds and fosters a culture of data excellence.

    'Compared to most of their C-suite colleagues, the CDO is faced with a unique set of problems. The role is still being defined. The chief data officer is bringing a new dimension and focus to the organisation: "data." '
    – Carruthers and Jackson, 2020

    Who does the CDO report to?

    Example reporting structure.
    • The CDO should be a true C- level executive.
    • Where the organisation places the CDO role in the structure sends an important signal to the business about how much it values data.

    'The title matters. In my opinion, you can't have a CDO without executive authority. Otherwise no one will listen.'

    – Anonymous European CDO

    'The reporting structure depends on who's the 'glue' that ties together all these uniquely skilled individuals.'

    – John Kemp, Senior Director, Executive Services, Info-Tech Research Group

    Data Ownership & Stewardship

    Who are best suited to be data owners?

    • Wherever they may sit in your organisation, data owners will typically have the highest stake in that data.
    • Data owners needs to be suitably senior and have the necessary decision-making power.
    • They have the highest interest in the related business data domain, whether they are the head of a business unit or the head of a line of business that produces data or consumes data (or both).
    • If they are neither of these, it's unlikely they will have the interest in the data (in terms of its quality, protection, ethical use, and handling, for instance) necessary to undertake and adopt the role effectively.

    Data owners are typically senior business leaders with the following characteristics:

    • Positioned to accept accountability for their data domain.
    • Hold authority and influence to affect change, including across business processes and systems, needed to improve data quality, use, handling, integration, etc.
    • Have access to a budget and resources for data initiatives such as resolving data quality issues, data cleansing initiatives, business data catalogue build, related tools and technology, policy management, etc.
    • Hold the influence needed to drive change in behaviour and culture.
    • Act as ambassadors of data and its value as an organisational strategic asset.

    Right-size your data governance organisational structure

    • Most organisations strive to identify roles and responsibilities at a strategic, and operational level. Several factors will influence the structure of the program such as the focus of the data governance project as well as the maturity and size of the organisation.
    • Your data governance structure has to work for your organisation, and it has to evolve as the organisation evolves.
    • Formulate your blend of data governance roles, committees, councils, and cross-functional groups, that make sense for your organisation.
    • Your data governance organisational structure should not add complexity or bureaucracy to your organisation's data landscape; it should support and enable your principle of treating data as an asset.

    There is no one-size-fits-all data governance organisational structure.

    Example of a Data Governance Organisational Structure

    Critical roles and responsibilities for data governance

    Data Governance Working Groups

    Data governance working groups:

    • Are cross-functional teams
    • Deliver on data governance projects, initiatives, and ad hoc review committees.

    Data Stewards

    Traditionally, data stewards:

    • Serve on an operational level addressing issues related to adherence to standards/procedures, monitoring data quality, raising issues identified, etc.
    • Are responsible for managing access, quality, escalating issues, etc.

    Data Custodians

    • Traditionally, data custodians:
    • Serve on an operational level addressing issues related to data and database administration.
    • Support the management of access, data quality, escalating issues, etc.
    • Are SMEs from IT and database administration.

    Example: Business capabilities to data owner and data stewards mapping for a selected data domain

    Info-Tech Insight

    Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.

    Enabling business capabilities with data governance role definitions

    Example: Business capabilities to data owner and data stewards mapping for a selected data domain

    Operating Model

    Your operating model is the key to designing and operationalizing a form of data governance that delivers measurable business value to your organisation.

    'Generate excitement for data: When people are excited and committed to the vision of data enablement, they're more likely to help ensure that data is high quality and safe.' – Petzold, et al., 2020

    Operating Model

    Defining your data governance operating model will help create a well-oiled program that sustainably delivers value to the organisation and manages risks while building and fostering a culture of data excellence along the way. Some organisations are able to establish a formal data governance office, whether independent or attached to the office of the chief data officer. Regardless of how you are organised, data governance requires a home, a leader, and an operating model to ensure its sustainability and evolution.

    Examples of focus areas for your operating model:

    • Delivery: While there are core tenets to every data governance program, there is a level of variability in the implementation of data governance programs across organisations, sectors, and industries. Every organisation has its own particular drivers and mandates, so the level and rigour applied will also vary.
    • The key is to determine what style will work best in your organisation, taking into consideration your organisational culture, executive leadership support (present and ongoing), catalysts such as other enterprise-wide transformative and modernisation initiatives, and/or regulatory and compliances drivers.

    • Communication: Communication is vital across all levels and stakeholder groups. For instance, there needs to be communication from the data governance office up to senior leadership, as well as communication within the data governance organisation, which is typically made up of the data governance steering committee, data governance council, executive sponsor/champion, data stewards, and data custodians and working groups.
    • Furthermore, communication with the wider organisation of data producers, users, and consumers is one of the core elements of the overall data governance communications plan.

    Communication is vital for ensuring acceptance of new processes, rules, guidelines, and technologies by all data producers and users as well as for sharing success stories of the program.

    Operating Model

    Tie the value of data governance and its initiatives back to the business capabilities that are enabled.

    'Leading organisations invest in change management to build data supporters and convert the sceptics. This can be the most difficult part of the program, as it requires motivating employees to use data and encouraging producers to share it (and ideally improve its quality at the source)[.]' – Petzold, et al., 2020

    Operating Model

    Examples of focus areas for your operating model (continued):

    • Change management and issue resolution: Data governance initiatives will very likely bring about a level of organisational disruption, with governance recommendations and future state requiring potentially significant business change. This may include a redesign of a substantial number of data processes affecting various business units, which will require tweaking the organisation's culture, thought processes, and procedures surrounding its data.
    • Preparing people for change well in advance will allow them to take the steps necessary to adapt and reduce potential confrontation. By planning for and efficiently communicating any changes that a data governance initiative may bring, many initial issues can be resolved from the outset.

      Attempting to implement change without an effective communications plan can result in disagreements over data control and stalemates between stakeholder units. The recommendations of the governance group must reflect the needs of all stakeholders or there will be pushback.

    • Performance measuring, monitoring and reporting: Measuring and reporting on performance, successes, and realisation of tangible business value are a must for sustaining, growing, and scaling your data governance program.
    • Aligning your data governance to the organisation's value realisation activities enables you to leverage the KPIs of those business capabilities to demonstrate tangible and measurable value. Use terms and language that will resonate with your senior business leadership.

    Info-Tech Tip:

    Launching a data governance program will bring with it a level of disruption to the culture of the organisation. That disruption doesn't have to be detrimental if you are prepared to manage the change proactively and effectively.

    Policies, Procedures & Standards

    'Data standards are the rules by which data are described and recorded. In order to share, exchange, and understand data, we must standardise the format as well as the meaning.' – U.S. Geological Survey

    Policies, Procedures & Standards

    • When defining, updating, or refreshing your data policies, procedures, and standards, ensure they are relevant, serve a purpose, and/or support the use of data in the organisation.
    • Avoid the common pitfall of building out a host of policies, procedures, and standards that are never used or followed by users and therefore don't bring value or serve to mitigate risk for the organisation.
    • Data policies can be thought of as formal statements and are typically created, approved, and updated by the organisation's data decision-making body (such as a data governance steering committee).
    • Data standards and procedures function as actions, or rules, that support the policies and their statements.
    • Standards and procedures are designed to standardise the processes during the overall data lifecycle. Procedures are instructions to achieve the objectives of the policies. The procedures are iterative and will be updated with approval from your data governance committee as needed.
    • Your organisation's data policies, standards, and procedures should not bog down or inhibit users; rather, they should enable confident data use and handling across the overall data lifecycle. They should support more effective and seamless data capture, integration, aggregation, sharing, and retention of data in the organisation.

    Examples of data policies:

    • Data Classification Policy
    • Data Retention Policy
    • Data Entry Policy
    • Data Backup Policy
    • Data Provenance Policy
    • Data Management Policy

    See Info-Tech's Data Governance Policy Template: This policy establishes uniformed data governance standards and identifies the shared responsibilities for assuring the integrity of the data and that it efficiently and effectively serves the needs of your organisation.

    Data Domain Documentation

    Select the correct granularity for your business need

    Diagram of data domain documentation
    Sources: Dataversity; Atlan; Analytics8

    Data Domain Documentation Examples

    Data Domain Documentation Examples

    Data Culture

    'Organisational culture can accelerate the application of analytics, amplify its power, and steer companies away from risky outcomes.' – Petzold, et al., 2020

    A healthy data culture is key to amplifying the power of your data and to building and sustaining an effective data governance program.

    What does a healthy data culture look like?

    • Everybody knows the data.
    • Everybody trusts the data.
    • Everybody talks about the data.

    Building a culture of data excellence.

    Leverage Info-Tech's Data Culture Diagnostic to understand your organisation's culture around data.

    Screenshot of Data Culture Scorecard

    Contact your Info-Tech Account Representative for more information on the Data Culture Diagnostic

    Cultivating a data-driven culture is not easy

    'People are at the heart of every culture, and one of the biggest challenges to creating a data culture is bringing everyone into the fold.' – Lim, Alation

    It cannot be purchased or manufactured,

    It must be nurtured and developed,

    And it must evolve as the business, user, and data landscapes evolve.

    'Companies that have succeeded in their data-driven efforts understand that forging a data culture is a relentless pursuit, and magic bullets and bromides do not deliver results.' – Randy Bean, 2020

    Hallmarks of a data-driven culture

    There is a trusted, single source of data the whole company can draw from.

    There's a business glossary and data catalogue and users know what the data fields mean.

    Users have access to data and analytics tools. Employees can leverage data immediately to resolve a situation, perform an activity, or make a decision – including frontline workers.

    Data literacy, the ability to collect, manage, evaluate, and apply data in a critical manner, is high.

    Data is used for decision making. The company encourages decisions based on objective data and the intelligent application of it.

    A data-driven culture requires a number of elements:

    • High-quality data
    • Broad access and data literacy
    • Data-driven decision-making processes
    • Effective communication

    Data Literacy

    Data literacy is an essential part of a data-driven culture.

    • Building a data-driven culture takes an ongoing investment of time, effort, and money.
    • This investment will not realise its full return without building up the organisation's data literacy.
    • Data literacy is about filling data knowledge gaps across all levels of the organisation.
    • It's about ensuring all users – senior leadership right through to core users – are equipped with appropriate levels of training, skills, understanding, and awareness around the organisation's data and the use of associated tools and technologies. Data literacy ensures users have the data they need and they know how to interpret and leverage it.
    • Data literacy drives the appetite, demand, and consumption for data.
    • A data-literate culture is one where the users feel confident and skilled in their use of data, leveraging it for making informed or evidence-based decisions and generating insights for the organisation.

    Data Management

    • Data governance serves as an enabler to all of the core components that make up data management:
      • Data quality management
      • Data architecture management
      • Data platform
      • Data integration
      • Data operations management
      • Data risk management
      • Reference and master data management (MDM)
      • Document and content management
      • Metadata management
      • Business intelligence (BI), reporting, analytics and advanced analytics, artificial intelligence (AI), machine learning (ML)
    • Key tools such as the business data glossary and data catalogue are vital for operationalizing data governance and in supporting data management disciplines such as data quality management, metadata management, and MDM as well as BI, reporting, and analytics.

    Enterprise Projects & Services

    • Data governance serves as an enabler to enterprise projects and services that require, use, share, sell, and/or rely on data for their viability and, ultimately, their success.
    • Folding or embedding data governance into the organisation's project management function or project management office (PMO) serves to ensure that, for any initiative, suitable consideration is given to how data is treated.
    • This may include defining parameters, following standards and procedures around bringing in new sources of data, integrating that data into the organisation's data ecosystem, using and sharing that data, and retaining that data post-project completion.
    • The data governance function helps to identify and manage any ethical issues, whether at the start of the project and/or throughout.
    • It provides a foundation for asking relevant questions as it relates to the use or incorporation of data in delivering the specific project or service. Do we know where the data obtained from? Do we have rights to use that data? Are there legislations, policies, or regulations that guide or dictate how that data can be used? What are the positive effects, negative impacts, and/or risks associated with our intended use of that data? Are we positioned to mitigate those risks?
    • Mature data governance creates organisations where the above considerations around data management and the ethical use and handling of data is routinely implemented across the business and in the rollout and delivery of projects and services.

    Data Privacy & Security

    • Data governance supports the organisation's data privacy and security functions.
    • Key tools include the data classification policy and standards and defined roles around data ownership and data stewardship. These are vital for operationalizing data governance and supporting data privacy, security, and the ethical use and handling of data.
    • While some organisations may have a dedicated data security and privacy group, data governance provides an added level of oversight in this regard.
    • Some of the typical checks and balances include ensuring:
      • There are policies and procedures in place to restrict and monitor staff's access to data (one common way this is done is according to job descriptions and responsibilities) and that these comply with relevant laws and regulations.
      • There's a data classification scheme in place where data has been classified on a hierarchy of sensitivity (e.g. top secret, confidential, internal, limited, public).
      • The organisation has a comprehensive data security framework, including administrative, physical, and technical procedures for addressing data security issues (e.g. password management and regular training).
      • Risk assessments are conducted, including an evaluation of risks and vulnerabilities related to intentional and unintentional misuse of data.
      • Policies and procedures are in place to mitigate the risks associated with incidents such as data breaches.
      • The organisation regularly audits and monitors its data security.

    Ethical Use & Handling of Data

    Data governance will support your organisation's ethical use and handling of data by facilitating definition around important factors, such as:

    • What are the various data assets in the organisation and what purpose(s) can they be used for? Are there any limitations?
    • Who is the related data owner? Who holds accountability for that data? Who will be answerable?
    • Where was the data obtained from? What is the intended use of that data? Do you have rights to use that data? Are there legislations, policies, or regulations that guide or dictate how that data can be used?
    • What are the positive effects, negative impacts, and/or risks associated with the use of that data?

    Ethical Use & Handling of Data

    • Data governance serves as an enabler to the ethical use and handling of an organisation's data.
    • The Open Data Institute (ODI) defines data ethics as: 'A branch of ethics that evaluates data practices with the potential to adversely impact on people and society – in data collection, sharing and use.'
    • Data ethics relates to good practice around how data is collected, used and shared. It's especially relevant when data activities have the potential to impact people and society, whether directly or indirectly (Open Data Institute, 2019).
    • A failure to handle and use data ethically can negatively impact an organisation's direct stakeholders and/or the public at large, lead to a loss of trust and confidence in the organisation's products and services, lead to financial loss, and impact the organisation's brand, reputation, and legal standing.
    • Data governance plays a vital role is building and managing your data assets, knowing what data you have, and knowing the limitations of that data. Data ownership, data stewardship, and your data governance decision-making body are key tenets and foundational components of your data governance. They enable an organisation to define, categorise, and confidently make decisions about its data.

    Step 2.2

    Gauge Your Organisation's Current Data Culture

    Activities

    2.2.1 Gauge Your Organisation's Current Data Culture

    This step will guide you through the following activities:

    • Conduct a data culture survey or leverage Info-Tech's Data Culture Diagnostic to increase your understanding of your organisation's data culture

    Outcomes of this step

    • An understanding of your organisational data culture

    2.2.1 Gauge Your Organisation's Current Data Culture

    Conduct a Data Culture Survey or Diagnostic

    The objectives of conducting a data culture survey are to increase the understanding of the organisation's data culture, your users' appetite for data, and their appreciation for data in terms of governance, quality, accessibility, ownership, and stewardship. To perform a data culture survey:

    1. Identify members of the data user base, data consumers, and other key stakeholders for surveying.
    2. Conduct an information session to introduce Info-Tech's Data Culture Diagnostic survey. Explain the objective and importance of the survey and its role in helping to understand the organisation's current data culture and inform the improvement of that culture.
    3. Roll out the Info-Tech Data Culture Diagnostic survey to the identified users and stakeholders.
    4. Debrief and document the results and scorecard in the Data Strategy Stakeholder Interview Guide and Findings document.

    Input

    • Email addresses of participants in your organisation who should receive the survey

    Output

    • Your organisation's Data Culture Scorecard for understanding current data culture as it relates to the use and consumption of data
    • An understanding of whether data is currently perceived to be an asset to the organisation

    Materials

    Screenshot of Data Culture Scorecard

    Participants

    • Participants include those at the senior leadership level through to middle management, as well as other business stakeholders at varying levels across the organisation
    • Data owners, stewards, and custodians
    • Core data users and consumers

    Contact your Info-Tech Account Representative for details on launching a Data Culture Diagnostic.

    Phase 3

    Build a Target State Roadmap and Plan

    Three circles are in the image that list the three phases and the main steps. Phase 3 is highlighted.

    'Achieving data success is a journey, not a sprint. Companies that set a clear course, with reasonable expectations and phased results over a period of time, get to the destination faster.' – Randy Bean, 2020

    This phase will guide you through the following activities:

    • Build your Data Governance Roadmap
    • Develop a target state plan comprising of prioritised initiatives

    This phase involves the following participants:

    • Data Governance Leadership
    • Data Owners/Data Stewards
    • Data Custodians
    • Data Governance Working Group(s)

    Step 3.1

    Formulate an Actionable Roadmap and Right-Sized Plan

    This step will guide you through the following activities:

    • Build your data governance roadmap
    • Develop a target state plan comprising of prioritised initiatives

    Download Info-Tech's Data Governance Planning and Roadmapping Workbook

    See Info-Tech's Data Governance Program Charter Template: A program charter template to sell the importance of data governance to senior executives.

    This template will help get the backing required to get a data governance project rolling. The program charter will help communicate the project purpose, define the scope, and identify the project team, roles, and responsibilities.

    Outcomes of this step

    • A foundation for data governance initiative planning that's aligned with the organisation's business architecture: value streams, business capability map, and strategy map

    Build a right-sized roadmap

    Formulate an actionable roadmap that is right sized to deliver value in your organisation.

    Key considerations:

    • When building your data governance roadmap, ensure you do so through an enterprise lens. Be cognizant of other initiatives that might be coming down the pipeline that may require you to align your data governance milestones accordingly.
    • Apart from doing your planning with consideration for other big projects or launches that might be in-flight and require the time and attention of your data governance partners, also be mindful of the more routine yet still demanding initiatives.
    • When doing your roadmapping, consider factors like the organisation's fiscal cycle, typical or potential year-end demands, and monthly/quarterly reporting periods and audits. Initiatives such as these are likely to monopolise the time and focus of personnel key to delivering on your data governance milestones.

    Sample milestones:

    Data Governance Leadership & Org Structure Definition

    Define the home for data governance and other key roles around ownership and stewardship, as approved by senior leadership.

    Data Governance Charter and Policies

    Create a charter for your program and build/refresh associated policies.

    Data Culture Diagnostic

    Understand the organisation's current data culture, perception of data, value of data, and knowledge gaps.

    Use Case Build and Prioritisation

    Build a use case that is tied to business capabilities. Prioritise accordingly.

    Business Data Glossary/catalogue

    Build and/or refresh the business' glossary for addressing data definitions and standardisation issues.

    Tools & Technology

    Explore the tools and technology offering in the data governance space that would serve as an enabler to the program. (e.g. RFI, RFP).

    Recall: Info-Tech's Data Governance Framework

    An image of Info-Tech's Data Governance Framework

    Build an actionable roadmap

    Data Governance Leadership & Org Structure Division

    Define key roles for getting started.

    Use Case Build & Prioritisation

    Start small and then scale – deliver early wins.

    Literacy Program

    Start understanding data knowledge gaps, building the program, and delivering.

    Tools & Technology

    Make the available data governance tools and technology work for you.

    Key components of your data governance roadmap

    Data Governance Program Charter Template – A program charter template to sell the importance of data governance to senior executives.

    This template will help get the backing required to get a data governance project rolling. The program charter will help communicate the project purpose, define the scope, and identify the project team, roles, and responsibilities.

    By now, you have assessed current data governance environment and capabilities. Use this assessment, coupled with the driving needs of your business, to plot your data Governance roadmap accordingly.

    Sample data governance roadmap milestones:

    • Define data governance leadership.
    • Define and formalise data ownership and stewardship (as well as the role IT/data management will play as data custodians).
    • Build/confirm your business capability map and data domains.
    • Build business data use cases specific to business capabilities.
    • Define business measures/KPIs for the data governance program (i.e. metrics by use case that are relevant to business capabilities).
    • Data management:
      • Build your data glossary or catalogue starting with identified and prioritised terms.
      • Define data domains.
    • Design and define the data governance operating model (oversight model definition, communication plan, internal marketing such as townhalls, formulate change management plan, RFP of data governance tool and technology options for supporting data governance and its administration).
    • Data policies and procedures:
      • Formulate, update, refresh, consolidate, rationalise, and/or retire data policies and procedures.
      • Define policy management and administration framework (i.e. roll-out, maintenance, updates, adherence, system to be used).
    • Conduct Info-Tech's Data Culture Diagnostic or survey (across all levels of the organisation).
    • Define and formalise the data literacy program (build modules, incorporate into LMS, plan lunch and learn sessions).
    • Data privacy and security: build data classification policy, define classification standards.
    • Enterprise projects and services: embed data governance in the organisation's PMO, conduct 'Data Governance 101' for the PMO.

    Defining data governance roles and organisational structure at Organisation

    The approach employed for defining the data governance roles and supporting organisational structure for .

    Key Considerations:

    • The data owner and data steward roles are formally defined and documented within the organisation. Their involvement is clear, well-defined, and repeatable.
    • There are data owners and data stewards for each data domain within the organisation. The data steward role is given to someone with a high degree of subject matter expertise.
    • Data owners and data stewards are effective in their roles by ensuring that their data domain is clean and free of errors and that they protect the organisation against data loss.
    • Data owners and data stewards have the authority to make final decisions on data definitions, formats, and standard processes that apply to their respective data sets. Data owners and data stewards have authority regarding who has access to certain data.
    • Data owners and data stewards are not from the IT side of the organisation. They understand the lifecycle of the data (how it is created, curated, retrieved, used, archived, and destroyed) and they are well-versed in any compliance requirements as it relates to their data.
    • The data custodian role is formally defined and is given to the relevant IT expert. This is an individual with technical administrative and/or operational responsibility over data (e.g. a DBA).
    • A data governance steering committee exists and is comprised of well-defined roles, responsibilities, executive sponsors, business representatives, and IT experts.
    • The data governance steering committee works to provide oversight and enforce policies, procedures, and standards for governing data.
    • The data governance working group has cross-functional representation. This comprises business and IT representation, as well as project management and change management where applicable: data stewards, data custodians, business subject matter experts, PM, etc.).
    • Data governance meetings are coordinated and communicated about. The meeting agenda is always clear and concise, and meetings review pressing data-related issues. Meeting minutes are consistently documented and communicated.

    Sample: Business capabilities to data owner and data stewards mapping for a selected data domain

    Info-Tech Insight

    Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.

    Enable business capabilities with data governance role definitions.

    Sample: Business capabilities to data owner and data stewards mapping for a selected data domain

    Consider your technology options:

    Make the available data governance tools and technology work for you:

    • Data catalogue
    • Business data glossary
    • Data lineage
    • Metadata management

    Logos of data governance tools and technology.

    These are some of the data governance tools and technology players. Check out SoftwareReviews for help making better software decisions.

    Make the data steward the catalyst for organisational change and driving data culture

    The data steward must be empowered and backed politically with decision-making authority, or the role becomes stale and powerless.

    Ensuring compliance can be difficult. Data stewards may experience pushback from stakeholders who must deliver on the policies, procedures, and processes that the data steward enforces.

    Because the data steward must enforce data processes and liaise with so many different people and departments within the organisation, the data steward role should be their primary full-time job function – where possible.

    However, in circumstances where budget doesn't allow a full-time data steward role, develop these skills within the organisation by adding data steward responsibilities to individuals who are already managing data sets for their department or line of business.

    Info-Tech Tip

    A stewardship role is generally more about managing the cultural change that data governance brings. This requires the steward to have exceptional interpersonal skills that will assist in building relationships across departmental boundaries and ensuring that all stakeholders within the organisation believe in the initiative, understand the anticipated outcomes, and take some level of responsibility for its success.

    Changes to organisational data processes are inevitable; have a communication plan in place to manage change

    Create awareness of your data governance program. Use knowledge transfer to get as many people on board as possible.

    Data governance initiatives must contain a strong organisational disruption component. A clear and concise communication strategy that conveys milestones and success stories will address the various concerns that business unit stakeholders may have.

    By planning for and efficiently communicating any changes that a data governance initiative may bring, many initial issues can be resolved from the outset.

    Governance recommendations will require significant business change. The redesign of a substantial number of data processes affecting various business units will require an overhaul of the organisation's culture, thought processes, and procedures surrounding its data. Preparing people for change well in advance will allow them to take the necessary steps to adapt and reduce potential confrontation.

    Because a data governance initiative will involve data-driven business units across the organisation, the governance team must present a compelling case for data governance to ensure acceptance of new processes, rules, guidelines, and technologies by all data producers and users.

    Attempting to implement change without an effective communication plan can result in disagreements over data control and stalemates between stakeholder units. The recommendations of the governance group must reflect the needs of all stakeholders or there will be pushback.

    Info-Tech Insight

    Launching a data governance initiative is guaranteed to disrupt the culture of the organisation. That disruption doesn't have to be detrimental if you are prepared to manage the change proactively and effectively.

    Create a common data governance vision that is consistently communicated to the organisation

    A data governance program should be an enterprise-wide initiative.

    To create a strong vision for data governance, there must be participation from the business and IT. A common vision will articulate the state the organisation wishes to achieve and how it will reach that state. Visioning helps to develop long-term goals and direction.

    Once the vision is established, it must be effectively communicated to everyone, especially those who are involved in creating, managing, disposing, or archiving data.

    The data governance program should be periodically refined. This will ensure the organisation continues to incorporate best methods and practices as the organisation grows and data needs evolve.

    Info-Tech Tips

    • Use information from the stakeholder interviews to derive business goals and objectives.
    • Work to integrate different opinions and perspectives into the overall vision for data governance.
    • Brainstorm guiding principles for data and understand the overall value to the organisation.

    Develop a compelling data governance communications plan to get all departmental lines of business on board

    A data governance program will impact all data-driven business units within the organisation.

    A successful data governance communications plan involves making the initiative visible and promoting staff awareness. Educate the team on how data is collected, distributed, and used, what internal processes use data, and how that data is used across departmental boundaries.

    By demonstrating how data governance will affect staff directly, you create a deeper level of understanding across lines of business, and ultimately, a higher level of acceptance for new processes, rules, and guidelines.

    A clear and concise communications strategy will raise the profile of data governance within the organisation, and staff will understand how the program will benefit them and how they can share in the success of the initiative. This will end up providing support for the initiative across the board.

    A proactive communications plan will:

    • Assist in overcoming issues with data control, stalemates between stakeholder units, and staff resistance.
    • Provide a formalised process for implementing new policies, rules, guidelines, and technologies, and managing organisational data.
    • Detail data ownership and accountability for decision making, and identify and resolve data issues throughout the organisation.
    • Encourage acceptance and support of the initiative.

    Info-Tech Tip

    Focus on literacy and communication: include training in the communication plan. Providing training for data users on the correct procedures for updating and verifying the accuracy of data, data quality, and standardised data policies will help validate how data governance will benefit them and the organisation.

    Leverage the data governance program to communicate and promote the value of data within the organisation

    The data governance program is responsible for continuously promoting the value of data to the organisation. The data governance program should seek a variety of ways to educate the organisation and data stakeholders on the benefit of data management.

    Even if data policies and procedures are created, they will be highly ineffective if they are not properly communicated to the data producers and users alike.

    There needs to be a communication plan that highlights how the data producer and user will be affected, what their new responsibilities are, and the value of that change.

    To learn how to manage organisational change, refer to Info-Tech's Master Organisational Change Management Practices.

    Understand what makes for an effective policy for data governance

    It can be difficult to understand what a policy is, and what it is not. Start by identifying the differences between a policy and standards, guidelines, and procedures.

    Diagram of an effective policy for data governance

    The following are key elements of a good policy:

    Heading Descriptions
    Purpose Describes the factors or circumstances that mandate the existence of the policy. Also states the policy's basic objectives and what the policy is meant to achieve.
    Scope Defines to whom and to what systems this policy applies. Lists the employees required to comply or simply indicates 'all' if all must comply. Also indicates any exclusions or exceptions, i.e. those people, elements, or situations that are not covered by this policy or where special consideration may be made.
    Definitions Define any key terms, acronyms, or concepts that will be used in the policy. A standard glossary approach is sufficient.
    Policy Statements Describe the rules that comprise the policy. This typically takes the form of a series of short prescriptive and proscriptive statements. Sub-dividing this section into sub-sections may be required depending on the length or complexity of the policy.
    Non-Compliance Clearly describe consequences (legal and/or disciplinary) for employee non-compliance with the policy. It may be pertinent to describe the escalation process for repeated non-compliance.
    Agreement Confirms understanding of the policy and provides a designated space to attest to the document.

    Leverage myPolicies, Info-Tech's web-based application for managing your policies and procedures

    Most organisations have problems with policy management. These include:

    1. Policies are absent or out of date
    2. Employees largely unaware of policies in effect
    3. Policies are unmonitored and unenforced
    4. Policies are in multiple locations
    5. Multiple versions of the same policy exist
    6. Policies managed inconsistently across different silos
    7. Policies are written poorly by untrained authors
    8. Inadequate policy training program
    9. Draft policies stall and lose momentum
    10. Weak policy support from senior management

    Technology should be used as a means to solve these problems and effectively monitor, enforce, and communicate policies.

    Product Overview

    myPolicies is a web-based solution to create, distribute, and manage corporate policies, procedures, and forms. Our solution provides policy managers with the tools they need to mitigate the risk of sanctions and reduce the administrative burden of policy management. It also enables employees to find the documents relevant to them and build a culture of compliance.

    Some key success factors for policy management include:

    • Store policies in a central location that is well known and easy to find and access. A key way that technology can help communicate policies is by having them published on a centralised website.
    • Link this repository to other policies' taxonomies of your organisation. E.g. HR policies to provide a single interface for employees to access guidance across the organisation.
    • Reassess policies annually at a minimum. myPolicies can remind you to update the organisation's policies at the appropriate time.
    • Make the repository searchable and easily navigable.
    • myPolicies helps you do all this and more.
    myPolicies logo myPolicies

    Enforce data policies to promote consistency of business processes

    Data policies are short statements that seek to manage the creation, acquisition, integrity, security, compliance, and quality of data. These policies vary amongst organisations, depending on your specific data needs.

    • Policies describe what to do, while standards and procedures describe how to do something.
    • There should be few data policies, and they should be brief and direct. Policies are living documents and should be continuously updated to respond to the organisation's data needs.
    • The data policies should highlight who is responsible for the data under various scenarios and rules around how to manage it effectively.

    Examples of Data Policies

    Trust

    • Data Cleansing and Quality Policy
    • Data Entry Policy

    Availability

    • Acceptable Use Policy
    • Data Backup Policy

    Security

    • Data Security Policy
    • Password Policy Template
    • User Authorisation, Identification, and Authentication Policy Template
    • Data Protection Policy

    Compliance

    • Archiving Policy
    • Data Classification Policy
    • Data Retention Policy

    Leverage data management-related policies to standardise your data management practices

    Info-Tech's Data Management Policy:

    This policy establishes uniform data management standards and identifies the shared responsibilities for assuring the integrity of the data and that it efficiently and effectively serves the needs of the organisation. This policy applies to all critical data and to all staff who may be creators and/or users of such data.

    Info-Tech's Data Entry Policy:

    The integrity and quality of data and evidence used to inform decision making is central to both the short-term and long-term health of an organisation. It is essential that required data be sourced appropriately and entered into databases and applications in an accurate and complete manner to ensure the reliability and validity of the data and decisions made based on the data.

    Info-Tech's Data Provenance Policy:

    Create policies to keep your data's value, such as:

    • Only allow entry of data from reliable sources.
    • Employees entering and accessing data must observe requirements for capturing/maintaining provenance metadata.
    • Provenance metadata will be used to track the lifecycle of data from creation through to disposal.

    Info-Tech's Data Integration and Virtualisation Policy:

    This policy aims to assure the organisation, staff, and other interested parties that data integration, replication, and virtualisation risks are taken seriously. Staff must use the policy (and supporting guidelines) when deciding whether to integrate, replicate, or virtualise data sets.

    Select the right mix of metrics to successfully supervise data policies and processes

    Policies are only as good as your level of compliance. Ensure supervision controls exist to oversee adherence to policies and procedures.

    Although they can be highly subjective, metrics are extremely important to data governance success.

    • Establishing metrics that measure the performance of a specific process or data set will:
      • Create a greater degree of ownership from data stewards and data owners.
      • Help identify underperforming individuals.
      • Allow the steering committee to easily communicate tailored objectives to individual data stewards and owners.
    • Be cautious when establishing metrics. The wrong metrics can have negative repercussions.
      • They will likely draw attention to an aspect of the process that doesn't align with the initial strategy.
      • Employees will work hard and grow frustrated as their successes aren't accurately captured.

    Policies are great to have from a legal perspective, but unless they are followed, they will not benefit the organisation.

    • One of the most useful metrics for policies is currency. This tracks how up to date the policy is and how often employees are informed about the policy. Often, a policy will be introduced and then ignored. Policies must be continuously reviewed by management and employees.
    • Some other metrics include adherence (including performance in tests for adherence) and impacts from non-adherence.

    Review metrics on an ongoing basis with those data owners/stewards who are accountable, the data governance steering committee, and the executive sponsors.

    Establish data standards and procedures for use across all organisational lines of business

    A data governance program will impact all data-driven business units within the organisation.

    • Data management procedures are the methods, techniques, and steps to accomplish a specific data objective. Creating standard data definitions should be one of the first tasks for a data governance steering committee.
    • Data moves across all departmental boundaries and lines of business within the organisation. These definitions must be developed as a common set of standards that can be accepted and used enterprise wide.
    • Consistent data standards and definitions will improve data flow across departmental boundaries and between lines of business.
    • Ensure these standards and definitions are used uniformly throughout the organisation to maintain reliable and useful data.

    Data standards and procedural guidelines will vary from company to company.

    Examples include:

    • Data modelling and architecture standards.
    • Metadata integration and usage procedures.
    • Data security standards and procedures.
    • Business intelligence standards and procedures.

    Info-Tech Tip

    Have a fundamental data definition model for the entire business to adhere to. Those in the positions that generate and produce data must follow the common set of standards developed by the steering committee and be accountable for the creation of valid, clean data.

    Changes to organisational data processes are inevitable; have a communications plan in place to manage change

    Create awareness of your data governance program, using knowledge transfer to get as many people on board as possible.

    By planning for and efficiently communicating any changes that a data governance initiative may bring, many initial issues can be resolved from the outset.

    Governance recommendations will require significant business change. The redesign of a substantial number of data processes affecting various business units will require an overhaul of the organisation's culture, thought processes, and procedures surrounding its data. Preparing people for change well in advance will allow them to take the necessary steps to adapt and reduce potential confrontation.

    Because a data governance initiative will involve data-driven business units across the organisation, the governance team must present a compelling case for data governance to ensure acceptance of new processes, rules, guidelines, and technologies by all data producers and users.

    Attempting to implement change without an effective communications plan can result in disagreements over data control and stalemates between stakeholder units. The recommendations of the governance group must reflect the needs of all stakeholders or there will be pushback.

    Data governance initiatives will very likely bring about a level of organisational disruption. A clear and concise communications strategy that conveys milestones and success stories will address the various concerns that business unit stakeholders may have.

    Info-Tech Tip

    Launching a data governance program will bring with it a level of disruption to the culture of the organisation. That disruption doesn't have to be detrimental if you are prepared to manage the change proactively and effectively.

    Other Deliverables:

    The list of supporting deliverables will help to kick start on some of the Data Governance initiatives

    • Data Classification Policy, Standard, and Procedure
    • Data Quality Policy, Standard, and Procedure
    • Metadata Management Policy, Standard, and Procedure
    • Data Retention Policy and Procurement

    Screenshot from Data Classification Policy, Standard, and Procedure

    Data Classification Policy, Standard, and Procedure

    Screenshot from Data Retention Policy and Procedure

    Data Retention Policy and Procedure

    Screenshot from Metadata Management Policy, Standard, and Procedure

    Metadata Management Policy, Standard, and Procedure

    Screenshot from Data Quality Policy, Standard, and Procedure

    Data Quality Policy, Standard, and Procedure

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    Picture of analyst

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Screenshot of example data governance strategy map.

    Build Your Business and User Context

    Work with your core team of stakeholders to build out your data governance strategy map, aligning data governance initiatives with business capabilities, value streams, and, ultimately, your strategic priorities.

    Screenshot of Data governance roadmap

    Formulate a Plan to Get to Your Target State

    Develop a data governance future state roadmap and plan based on an understanding of your current data governance capabilities, your operating environment, and the driving needs of your business.

    Related Info-Tech Research

    Build a Robust and Comprehensive Data Strategy

    Key to building and fostering a data-driven culture.

    Create a Data Management Roadmap

    Streamline your data management program with our simplified framework.

    The First 100 Days as CDO

    Be the voice of data in a time of transformation.

    Research Contributors

    Name Position Company
    David N. Weber Executive Director - Planning, Research and Effectiveness Palm Beach State College
    Izabela Edmunds Information Architect Mott MacDonald
    Andy Neill Practice Lead, Data & Analytics Info-Tech Research Group
    Dirk Coetsee Research Director, Data & Analytics Info-Tech Research Group
    Graham Price Executive Advisor, Advisory Executive Services Info-Tech Research Group
    Igor Ikonnikov Research Director, Data & Analytics Info-Tech Research Group
    Jean Bujold Senior Workshop Delivery Director Info-Tech Research Group
    Rajesh Parab Research Director, Data & Analytics Info-Tech Research Group
    Reddy Doddipalli Senior Workshop Director Info-Tech Research Group
    Valence Howden Principal Research Director, CIO Info-Tech Research Group

    Bibliography

    Alation. “The Alation State of Data Culture Report – Q3 2020.” Alation, 2020. Accessed 25 June 2021.

    Allott, Joseph, et al. “Data: The Next Wave in Forestry Productivity.” McKinsey & Company, 27 Oct. 2020. Accessed 25 June 2021.

    Bean, Randy. “Why Culture Is the Greatest Barrier to Data Success.” MIT Sloan Management Review, 30 Sept. 2020. Accessed 25 June 2021.

    Brence, Thomas. “Overcoming the Operationalization Challenge With Data Governance at New York Life.” Informatica, 18 March 2020. Accessed 25 June 2021.

    Bullmore, Simon, and Stuart Coleman. “ODI Inside Business – A Checklist for Leaders.” Open Data Institute, 19 Oct. 2020. Accessed 25 June 2021.

    Canadian Institute for Health Information. “Developing and Implementing Accurate National Standards for Canadian Health Care Information.” Canadian Institute for Health Information. Accessed 25 June 2021.

    Carruthers, Caroline, and Peter Jackson. “The Secret Ingredients of the Successful CDO.” IRM UK Connects, 23 Feb. 2017.

    Dashboards. “Useful KPIs for Healthy Hospital Quality Management.” Dashboards. Accessed 25 June 2021.

    Dashboards. “Why (and How) You Should Improve Data Literacy in Your Organization Today.” Dashboards. Accessed 25 June 2021.

    Datapine. “Healthcare Key Performance Indicators and Metrics.” Datapine. Accessed 25 June 2021.

    Datapine. “KPI Examples & Templates: Measure what matters the most and really impacts your success.” Datapine. Accessed 25 June 2021.

    Diaz, Alejandro, et al. “Why Data Culture Matters.” McKinsey Quarterly, Sept. 2018. Accessed 25 June 2021.

    Everett, Dan. “Chief Data Officer (CDO): One Job, Four Roles.” Informatica, 9 Sept. 2020. Accessed 25 June 2021.

    Experian. “10 Signs You Are Sitting On A Pile Of Data Debt.” Experian. Accessed 25 June 2021.

    Fregoni, Silvia. “New Research Reveals Why Some Business Leaders Still Ignore the Data.” Silicon Angle, 1 Oct. 2020

    Informatica. Holistic Data Governance: A Framework for Competitive Advantage. Informatica, 2017. Accessed 25 June 2021.

    Knight, Michelle. “What Is a Data Catalog?” Dataversity, 28 Dec. 2017. Web.

    Lim, Jason. “Alation 2020.3: Getting Business Users in the Game.” Alation, 2020. Accessed 25 June 2021.

    McDonagh, Mariann. “Automating Data Governance.” Erwin, 29 Oct. 2020. Accessed 25 June 2021.

    NewVantage Partners. Data-Driven Business Transformation: Connecting Data/AI Investment to Business Outcomes. NewVantage Partners, 2020. Accessed 25 June 2021.

    Olavsrud, Thor. “What Is Data Governance? A Best Practices Framework For Managing Data Assets.” CIO.com, 18 March 2021. Accessed 25 June 2021.

    Open Data Institute. “Introduction to Data Ethics and the Data Ethics Canvas.” Open Data Institute, 2020. Accessed 25 June 2021.

    Open Data Institute. “The UK National Data Strategy 2020: Doing Data Ethically.” Open Data Institute, 17 Nov. 2020. Accessed 25 June 2021.

    Open Data Institute. “What Is the Data Ethics Canvas?” Open Data Institute, 3 July 2019. Accessed 25 June 2021.

    Pathak, Rahul. “Becoming a Data-Driven Enterprise: Meeting the Challenges, Changing the Culture.” MIT Sloan Management Review, 28 Sept. 2020. Accessed 25 June 2021.

    Petzold, Bryan, et al. “Designing Data Governance That Delivers Value.” McKinsey & Company, 26 June 2020. Accessed 25 June 2021.

    Redman, Thomas, et al. “Only 3% of Companies’ Data Meets Basic Quality Standards.” Harvard Business Review. 11 Sept 2017.

    Smaje, Kate. “How Six Companies Are Using Technology and Data To Transform Themselves.” McKinsey & Company, 12 Aug. 2020. Accessed 25 June 2021.

    Talend. “The Definitive Guide to Data Governance.” Talend. Accessed 25 June 2021.

    “The Powerfully Simple Modern Data Catalog.” Atlan, 2021. Web.

    U.S. Geological Survey. “Data Management: Data Standards.” U.S. Geological Survey. Accessed 25 June 2021.

    Waller, David. “10 Steps to Creating a Data-Driven Culture.” Harvard Business Review, 6 Feb. 2020. Accessed 25 June 2021.

    “What Is the Difference Between A Business Glossary, A Data Dictionary, and A Data Catalog, and How Do They Play A Role In Modern Data Management?” Analytics8, 23 June 2021. Web.

    Wikipedia. “RFM (Market Research).” Wikipedia. Accessed 25 June 2021.

    Windheuser, Christoph, and Nina Wainwright. “Data in a Modern Digital Business.” Thoughtworks, 12 May 2020. Accessed 25 June 2021.

    Wright, Tom. “Digital Marketing KPIs - The 12 Key Metrics You Should Be Tracking.” Cascade, 3 March 2021. Accessed 25 June 2021.

    Enterprise Storage Solution Considerations

    • Buy Link or Shortcode: {j2store}507|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • Enterprise storage technology and options are challenging to understand.
    • There are so many options. How do you decide what the best solution is for your storage challenge??
    • Where do you start when trying to solve your enterprise storage challenge?

    Our Advice

    Critical Insight

    Take the time to understand the various data storage formats, disk types, and associated technology, as well as the cloud-based and on-premises options. This will help you select the right tool for your needs.

    Impact and Result

    Look to existing use cases based on actual Info-Tech analyst calls to help in your decision-making process.

    Enterprise Storage Solution Considerations Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Enterprise Storage Solution Considerations – Narrow your focus with the right product type and realize efficiencies.

    Explore the building blocks of enterprise storage so you can select the best solution, narrow your focus with the correct product type, explore the features that should be considered when evaluating enterprise storage offerings, and examine use cases based on actual Info-Tech analyst calls to find a storage solution for your situation.

    • Enterprise Storage Solution Considerations Storyboard

    2. Modernize Enterprise Storage Workbook – Understand your data requirements.

    The first step in solving your enterprise storage challenge is identifying your data sources, data volumes, and growth rates. This information will give you insight into what data sources could be stored on premises or in the cloud, how much storage you will require for the coming five to ten years, and what to consider when exploring enterprise storage solutions. This tool can be a valuable asset for determining your current storage drivers and future storage needs, structuring a plan for future storage purchases, and determining timelines and total cost of ownership.

    • Modernize Enterprise Storage Workbook
    [infographic]

    Further reading

    Enterprise Storage Solution Considerations

    Narrow your focus with the right product type and realize efficiencies.

    Analyst Perspective

    The vendor landscape is continually evolving, as are the solutions they offer. The options and features are increasing and appealing.

    The image contains a picture of P.J. Ryan.

    To say that the current enterprise storage landscape looks interesting would be an understatement. The solutions offered by vendors continue to grow and evolve. Flash and NVMe are increasing the speed of storage media and reducing latency. Software-defined storage is finding the most efficient use of media to store data where it is best served while managing a variety of vendor storage and older storage area networks and network-attached storage devices.

    Storage as a service is taking on a new meaning with creative solutions that let you keep the storage appliance on premises or in a colocated data center while administration, management, and support are performed by the vendor for a nominal monthly fee.

    We cannot discuss enterprise storage without mentioning the cloud. Bring a thermometer because you must understand the difference between hot, warm, and cold storage when discussing the cloud options. Very hot and very cold may also come into play.

    Storage hardware can assume a higher total cost of ownership with support options that replace the controllers on a regular basis. The options with this type of service are also varied, but the concept of not having to replace all disks and chassis nor go through a data migration is very appealing to many companies.

    The cloud is growing in popularity when it comes to enterprise storage, but on-premises solutions are still in demand, and whether you choose cloud or on premises, you can be guaranteed an array of features and options to add stability, security, and efficiency to your enterprise storage.

    P.J. Ryan
    Research Director, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Info-Tech Insight

    The vendor landscape is continually evolving, as are the solutions they offer.

    Storage providers are getting acquired by bigger players, “outside the box” thinking is disrupting the storage support marketplace, “as a service” storage offerings are evolving, and what is a data lake and do I need one? The traditional storage vendors are not alone in the market, and the solutions they offer are no longer traditional either. Explore the landscape and understand your options before you make any enterprise storage solution purchases.

    Understand the building blocks of storage so you can select the best solution.

    There are multiple storage formats for data, along with multiple hardware form factors and disk types to hold those various data formats. Software plays a significant role in many of these storage solutions, and cloud offerings take advantage of all the various formats, form factors, and disks. The challenge is matching your data type with the correct storage format and solution.

    Look to existing use cases to help in your decision-making process.

    Explore previous experiences from others by reading use cases to determine what the best solution is for your challenge. You’re probably not the first to encounter the challenge you’re facing. Another organization may have previously reached out for assistance and found a viable solution that may be just what you also need.

    Enterprise storage has evolved, with more options than ever

    Data is growing, data security will always be a concern, and vendors are providing more and more options for enterprise storage.

    “By 2025, it’s estimated that 463 exabytes of data will be created each day globally – that’s the equivalent of 212,765,957 DVDs per day!” (Visual Capitalist)

    “Modern criminal groups target not only endpoints and servers, but also central storage systems and their backup infrastructure.” (Continuity Software)

    Cloud or on premises? Maybe a hybrid approach with both cloud and on premises is best for you. Do you want to remove the headaches of storage administration, management, and support with a fully managed storage-as-a-service solution? Would you like to upgrade your controllers every three or four years without a major service interruption? The options are increasing and appealing.

    High-Level Considerations

    1. Understand Your Data

    Understand how much data you have and where it is located. This will be crucial when evaluating enterprise storage solutions.

    2. Plan for Growth

    Your enterprise storage considerations should include your data needs now and in the future.

    3. Understand the Mechanics

    Take the time to understand the various data storage formats, disk types, and associated technology, as well as the cloud-based and on-premises options. This will help you select the right tool for your needs.

    Storage formats, disk drives, and technology

    Common data storage formats, technology, and drive types are outlined below. Understanding how data is stored as well as the core building blocks for larger systems will help you decide which solution is best for your storage needs.

    Format

    What it is

    Disk Drives and Technology

    File Storage

    File storage is hierarchical storage that uses files, folders, subfolders, and directories. You enter a specific filename and path to access the file, such as P:\users\johndoe\strategy\cloud.doc. If you ever saved a file on a server, you used file storage. File storage is usually managed by some type of file manager, such as File Explorer in Windows. Network-attached storage (NAS) devices use file storage.

    Hard Disk Drives (HDD)

    HDD use a platter of spinning disks to magnetically store data. The disks are thick enough to make them rigid and are referred to as hard disks.

    HDD is older technology but is still in demand and offered by vendors.

    Object Storage

    Object storage is when data is broken into distinct units, called objects. These objects are stored in a flat, non-hierarchical structure in a single location or repository. Each object is identified by its associated ID and metadata. Objects are accessed by an application programming interface (API).

    Flash

    Flash storage uses flash memory chips to store data. The flash memory chips are written with electricity and contain no moving parts. Flash storage is very fast, which is how the technology got its name (“Flash vs. SSD Storage,” Enterprise Storage Forum, 2018).

    Block Storage

    Block storage is when data is divided up into fixed-size blocks and stored with a unique identifier. Blocks can be stored in different environments, such as Windows or Linux. Storage area networks (SANs) use block storage.

    Solid-State Drive (SSD)

    SSD is a storage mechanism that also does not use any moving parts. Most SSD drives use flash storage, but other options are available for SSD.

    Nonvolatile Memory Express (NVMe)

    NVMe is a communications standard developed specially for SSDs by a consortium of vendors including Intel, Samsung, SanDisk, Dell, and Seagate. It operates across the PCIe bus (hence the “Express” in the name), which allows the drives to act more like the fast memory that they are rather than the hard disks they imitate (PCWorld).

    Narrow your focus with the right product type

    On-premises enterprise storage solutions fit into a few distinct product types.

    Network-Attached Storage

    Storage Area Network

    Software-Defined Storage

    Hyperconverged Infrastructure

    NAS refers to a storage device that is connected directly to your network. Any user or device with access to your network can access the available storage provided by the NAS. NAS storage is easily scalable and can add data redundancy through RAID technology. NAS uses the file storage format.

    NAS storage may or may not be the first choice in terms of enterprise storage, but it does have a solid market appeal as an on-premises primary backup storage solution.

    A SAN is a dedicated network of pooled storage devices. The dedicated network, separate from the regular network, provides high speed and scalability without concern for the regular network traffic. SANs use block storage format and can be divided into logical units that can be shared between servers or segregated from other servers. SANs can be accessed by multiple servers and systems at the same time. SANs are scalable and offer high availability and redundancy through RAID technology.

    SANs can use a variety of disk types and sizes and are quite common among on-premises storage solutions.

    “Software-defined storage (SDS) is a storage architecture that separates storage software from its hardware. Unlike traditional network-attached storage (NAS) or storage area network (SAN) systems, SDS is generally designed to perform on any industry-standard or x86 system, removing the software’s dependence on proprietary hardware.” (RedHat)

    SDS uses software-based policies and rules to grow and protect storage attached to applications.

    SDS allows you to use server-based storage products to add management, protection, and better usage.

    Hyperconverged storage uses virtualization and software-defined storage to combine the storage, compute, and network resources along with a hypervisor into one appliance.

    Hyperconverged storage can scale out by adding more nodes or appliances, but scaling up, or adding more resources to each appliance, can have limitations. There is flexibility as hyperconverged storage can work with most network and compute manufacturers.

    Cloud storage

    • Cloud storage is online storage offered by a cloud provider. Cloud storage is available almost anywhere and is set up with high availability features such as data duplication, redundancy, backup, and power failure protection.
    • Cloud storage is very scalable and typically is offered as object storage, block storage, or file storage. Cloud storage vendors may have their own naming scheme for object, block, or file storage.
    • Cloud-hosted data is marketed according to the frequency of access and length of time in storage. There are typically three main levels of storage: hot, warm, or cold. Vendors may have their own naming convention for hot, warm, and cold storage. Some may also add more layers such as very hot or very cold.
      • Hot storage is for data that is frequently accessed and modified. It is available on demand and is the most costly of the storage levels.
      • Cold storage is for data that will sit for a long period of time and not need to be accessed. Cold storage is usually only available after several hours or days. Cold storage is very low cost and, in some cases, even free, but retrieval or restoration for the free services can be costly.
      • Warm storage sits in between hot and cold storage. It is for data that is infrequently needed. The cost of warm storage is also in between hot and cold storage costs, and access times are measured in terms of minutes or hours.
      • It is not uncommon for data to start in hot storage and, as it ages, move to warm and eventually cold storage.

    “Enterprise cloud storage offers nearly unlimited scalability. Enterprises can add storage quickly and easily as it is needed, eliminating the risk and cost of over-provisioning.”

    – Spectrum Enterprise

    “Hot data will operate on fresh data. Cold data will operate on less frequent data and [is] used mainly for reporting and planning. Warm data is a balance between the two.”

    – TechBlost

    Enterprise storage features

    The features listed below, while not intended to cover all features offered by all vendors, should be considered and could act as a baseline for discussions with storage providers when evaluating enterprise storage offerings.

    • Scalability
      • What are the options to expand, and how easy or difficult it is to expand capacity in the future?
    • Security
      • Does the solution offer data encryption options as well as ransomware protections?
    • Integration options
      • Can the solution support seamless connectivity with other solutions and applications, such as cloud-based storage or backup software?
    • Storage reduction
      • Does the solution offer space-reduction options such as deduplication or data compression?
    • Replication
      • Does the solution offer replication options such as device to device on premises, device to device when geographically separated, device to cloud, or a combination of these scenarios?
    • Performance
      • “Enterprise storage systems have two main ‘speed’ measurements: throughput and IOPS. Throughput is the data transfer rate to and from storage media, measured in bytes per second; IOPS measures the number of reads and writes – input/output (I/O) operations – per second.” (Computer Weekly)
    • Protocol support
      • Does the solution support object-based, block-based, and file-based storage protocols?
    • Storage Efficiency
      • How efficient is the solution? Can they prove it?
      • Storage efficiencies must be available and baselined.
    • Management platform
      • A management/reporting platform should be a component included in the system.
    • Multi-parity
      • Does the solution offer multi-level block “parity” for RAID 6 protection equivalency, which would allow for the simultaneous failure of two disks?
    • Proactive support
      • Features such as call home, dial in, or remote support must be available on the system.
    • Financial considerations
      • The cost is always a concern, but are there subscription-based or “as-a-service” options?
      • Internally, is it better for this expenditure to be a capital expenditure or an ongoing operating expense?

    What’s new in enterprise storage

    • Data warehouses are not a new concept, but the data storage evolution and growth of data means that data lakes and data lakehouses are growing in popularity.
      • “A data lake is a centralized repository that allows you to store all your structured and unstructured data at any scale. You can store your data as-is, without having to first structure the data” (Amazon Web Services).
      • Analytics with a data lake is possible, but manipulation of the data is hindered due to the nature of the data. A data lakehouse adds data management and analytics to a data lake, similar to the data warehouse functionality added to databases.
    • Options for on-premises hardware support is changing.
      • Pure Storage was the first to shake up the SAN support model with its Evergreen support option. Evergreen//Forever support allows for storage controller upgrades without having to migrate data or replace your disks or chassis (Pure Storage).
      • In response to the Pure Storage Evergreen offering, Dell, HPE, NetApp, and others have come out with similar programs that offer controller upgrades while maintaining the data, disks, and chassis.
    • “As a service” is available as a hybrid solution.
      • Storage as a service (STaaS) originally referred to hosted, fully cloud-based offerings without the need for any on-premises hardware.
      • The latest STaaS offerings provide on-premises or colocated hardware with pay-as-you-go subscription pricing for data consumption. Administration, management, and support are included. The vendor will supply support and manage everything on your behalf.
      • Most of the major storage vendors offer a variation of storage as a service.

    “Because data lakes mostly consist of raw unprocessed data, a data scientist with specialized expertise is typically needed to manipulate and translate the data.”

    – DevIQ

    “A Lakehouse is also a type of centralized data repository, integrated from heterogeneous sources. As can be expected from its name, It shares features with both datawarehouses and data lakes.”

    – Cesare

    “Storage as a service (STaaS) eliminates Capex, simplifies management and offers extensive flexibility.”

    – TechTarget

    Major vendors

    The current vendor landscape for enterprise storage solutions represents a range of industry veterans and the brands they’ve aggregated along the way, as well as some relative newcomers who have come to the forefront within the past ten years.

    Vendors like Dell EMC and HPE are longstanding veterans of storage appliances with established offerings and a back catalogue of acquisitions fueling their growth. Others such as Pure Storage offer creative solutions like all-flash arrays, which are becoming more and more appealing as flash storage becomes more commoditized.

    Cloud-based vendors have become popular options in recent years. Cloud storage provides many options and has attracted many other vendors to provide a cloud option in addition to their on-premises solutions. Some software and hardware vendors also partner with cloud vendors to offer a complete solution that includes storage.

    Info-Tech Insight

    Explore your current vendor’s solutions as a starting point, then use that understanding as a reference point to dive into other players in the market

    Key Players

    • Amazon
    • Cisco
    • Dell EMC
    • Google
    • Hewlett Packard Enterprise
    • Hitachi Vantara
    • IBM
    • Microsoft
    • NetApp
    • Nutanix
    • Pure Storage

    Enterprise Storage Use Cases

    Block, object, or file storage? NAS, SAN, SDS, or HCI? Cloud or on prem? Hot, warm, or cold?
    Which one do you choose?
    The following use cases based on actual Info-Tech analyst calls may help you decide.

    1. Offsite backup solution
    2. Infrastructure consolidation
    3. DR/BCP datacenter duplication
    4. Expansion of existing storage
    5. Complete backup solution
    6. Existing storage solution going out of support soon
    7. Video storage
    8. Classify and offload storage

    Offsite backup solution

    “Offsite” may make you think of geographical separation or even cloud-based storage, but what is the best option and why?

    Use Case: How a manufacturing company dealt with retired applications

    • A leading manufacturing company had to preserve older applications no longer in use.
    • The company had completed several acquisitions and ended up with multiple legacy applications that had been merged or migrated into replacement solutions. These legacy applications were very important to the original companies, and although the data they held had been migrated to a replacement solution, executives felt they should hold on to these applications for a period of time, just in case.
    • A modern archiving solution was considered, but a research advisor from Info-Tech Research joined a call with the manufacturing company and helped the client realize that the solution was a modified backup. The application data had already been preserved through the migration, so data could be accessed in the production environment.
    • The data could be exported from the legacy application into a nonsequential database, compressed, and stored in cloud-based cold storage for less than $5 per terabyte per month. The manufacturing company staff realized that they could apply this same approach to several of their legacy applications and save tens of thousands of dollars in the process.
    • Cold storage is inexpensive until you start retrieving that data frequently. The manufacturing company knew they did not have a requirement to retrieve the application and data for a very long time, so cloud-based cold storage was ideal.

    “Data retrieval from cold storage is harder and slower than it is from hot storage. … Because of the longer retrieval time, online cold storage plans are often much cheaper. … The downside is that you’d incur additional costs when retrieving the data.”

    – Ben Stockton, Cloudwards

    Infrastructure consolidation

    Hyperconverged infrastructure combines storage, virtual infrastructure, and associated management into one piece of equipment.

    Use Case: How one company dealt with equipment and storage needs

    • One Info-Tech client had recently started in the role of IT director and realized he had inherited aging infrastructure along with a serious data challenge. The storage appliances were old and out of support. The appliances were performing inadequately, and the client was in need of more data due to ongoing growth, but he also realized that the virtual environment was running on very old servers that were no longer supported. The IT director reached out to Info-Tech to find solutions to the virtualization challenge, but the storage problem also came up throughout the course of the conversation with an analyst.
    • The analyst quickly realized that the IT director was an ideal candidate for a hyperconverged infrastructure (HCI) storage solution, which would also provide the necessary virtual environment.
    • The analyst explained the benefits of having a single appliance that would provide virtualization needs as well as storage needs. The built-in management features would ease the burden of administration, and the software-defined nature of the HCI would allow for the migration of data as well as future expansion options.
    • Hyperconverged infrastructure is offered by many vendors under a variety of names. Most are similar but some may have a better interface or other features. The expansion process is simple, and HCI is a good fit for many organizations looking to consolidate virtual infrastructure and storage.

    “HCI environments use a hypervisor, usually running on a server that uses direct-attached storage (DAS), to create a data center pool of systems and resources.”

    – Samuel Greengard, Datamation

    Datacenter duplication

    SAN providers offer a varied range of options for their products, and those options are constantly evolving.

    Use Case: Independent school district provides better data access using SAN technology

    • An independent school district was expanding by adding a second data center in a new school. This new data center would be approximately 20 miles away from the original data center used by the district. The intent was not to replace the original data center but to use both centers to store data and provide services concurrently. The district’s ideal scenario would be that users would not know or care which data center they were reaching, and there would be no difference in the service received from each data center. The school district reached out to Info-Tech when planning discussions reached the topic of data duplication and replication software.
    • An Info-Tech analyst joined a call with the school district and guided the conversation toward the existing environment to understand what options might be available. The analyst quickly discovered that all the district’s servers were virtual, and all associated data was stored on a single SAN.
    • The analyst informed the school district staff about SAN options, including SAN-to-SAN replication. If the school district had a sufficient link between the two data centers, SAN-to-SAN replication would work for them and provide the two identical copies of data at two locations.
    • The analyst continued to offer explanations of other features that some vendors offer with their SANs, such as the ability to turn on or off deduplication and compression, as well as disk options such as flash or NVMe.
    • The school district was moving to the request for proposal (RFP) stage but hoped to have SAN-to-SAN replication implemented before the next academic year started.

    “SAN-to-SAN replication is a low-cost, highly efficient way to manage mounting quantities of stored data.”

    – Secure Infrastructure & Services

    Expansion of existing storage

    That old storage area network may still have some useful life left in it.

    Use Case: Municipality solves data storage aging and growth challenge

    • A municipality in the United States reached out to Info-Tech for guidance on its storage challenge. The municipality had accumulated multiple SANs from different vendors over the years. These SANs were running out of storage, and more data storage was needed. The municipality’s data was growing at a rapid pace, thanks to municipal growth and expansion of services. The IT team was also concerned with modernizing their storage and not hindering their long-term growth by making the wrong purchase decision for their current storage needs.
    • An analyst from Info-Tech discussed several options with the municipality but in the end advised that software-defined storage may be the best solution.
    • Software-defined storage (SDS) would allow the municipality to gain better visibility into existing storage while making more efficient use of existing and new storage. SDS could take over the management of the existing storage from multiple vendors and add additional storage as required. SDS would also be able to integrate cloud-based storage if that was the direction taken by the municipality in the future.
    • The municipality moved forward with an SDS solution and added some additional storage capacity. They used some of their existing SANs but retired the more troublesome ones. The SDS system managed all the storage instances and data management. The administration of the storage environment was easier for the storage admins, and long-term savings were achieved through better storage management.

    “Often enterprises have added storage on an ad hoc basis as they needed it for various applications. That can result in a mishmash of heterogenous storage hardware from a wide variety of vendors. SDS offers the ability to unify management of these different storage devices, allowing IT to be more efficient.”

    – Cynthia Harvey, Enterprise Storage Forum (“What Is Software Defined Storage?”, 2018)

    Complete backup solution

    Many backup software solutions can provide backups to multiple locations, making two-location backups simple.

    Use Case: How an oil refinery modernized its backup solution

    • A large oil refinery needed a better solution for the storage of backups. The refinery was replacing its backup software solution but also wanted to improve the backup storage situation and move away from tape-based storage. All other infrastructure was reasonably modern and not in need of replacement at this time.
    • A research analyst from Info-Tech helped the client realize that the solution was a modified backup. The general guidance for backups is have a least one copy offsite, so the cloud was the obvious focal point. The analyst also explained that it would be beneficial to have a recent copy of the backup available on site for common restoration requests in addition to having the offsite copy for disaster recovery (DR) purposes.
    • The refinery staff conducted a data analysis to determine how much data was being backed up on a daily basis. The solution proposed by the analyst included network-attached storage (NAS) with adequate storage to hold 30 days' worth of on-premises data. The backup software would also simultaneously copy each backup to a cloud-based storage repository. The backup software was smart enough to only back up and transfer data that had changed since the previous backup, so transfer time and capacity was not a factor.
    • The NAS would allow for the restoration of any local, on-premises data while the cloud storage would provide a safe location offsite for backup data. It could also serve as the backup location for other cloud-based services that required a backup.

    “Data protection demands that enterprises have multiple methods of keeping data safe and replicating it in case of disaster or loss.”

    – Drew Robb, Enterprise Storage Forum, 2021

    Storage going out of support

    SAN solutions have come a long way with improvements in how data is stored and what is used to store the data.

    Use Case: How one organization replaced its old storage with a similar solution

    • A government organization was looking for a solution for its aging storage area network appliances. The SANs were old and would be no longer supported by the manufacturer within four months. The SANs had slower spinning disks and their individual capacity was at its limit through the addition of extra shelves and disks over the years.
    • The organization reached out to Info-Tech for guidance. An analyst arranged a call with them, and they discussed the storage situation in detail, including desired benefits from a storage solution and growth requirements. They also discussed cloud storage, but the government organization was not in a position to move its data to the cloud for a variety of reasons.
    • Although the individual SANs were at their storage capacity limit, the total amount of data was well within the limits of many modern on-premises storage solutions. SSD and flash or NVMe storage can store large amounts of data in small footprints and form factors.
    • The analyst reviewed several vendors with the client and discussed some advantages and disadvantages of each. They explored the features offered as well as scalability options.
    • SANs have been around for a long time but the features and capabilities that come with them has evolved. They are still a very viable solution for many organizations in a variety of scenarios.

    “A rapidly growing portion of SAN deployments leverages all-flash storage to gain its high performance, consistent low latency, and lower total cost when compared to spinning disk.”

    – NetApp

    Video storage

    Cloud storage would not be sufficient if you were using a dial up connection, just as on-premises storage solutions would not suffice if they were using floppy disks.

    Use Case: Body cams and public cameras in municipalities are driving storage growth

    • Municipal law enforcement agencies are wearing body cameras more frequently, for their own protection as well as for the protection of the public. Camera footage can be useful in legal situations as well. Municipalities are also installing more and more public cameras for the purposes of public safety. The recorded video footage from these cameras can result in large data files, which in turn drive data storage requirements.
    • Info-Tech analysts are joining calls about video data storage with increasing frequency. The concerns are repetitive, and the guidance is similar on most of these calls.
    • The “object” storage format is ideal for video and media data. Most cloud-based storage solutions use object storage, but it is also available with on-premises solutions such as NAS or SAN. The challenges clients are expressing are typically related to inadequate bandwidth for cloud-based storage or other storage formats instead of “object” storage. Cloud-based storage can also grow beyond the budgeted numbers, causing an increase in the monthly cloud cost. Older, slower on-premises hardware sometimes reveals itself as the latency culprit.
    • Object storage is well suited for the unstructured data that is video footage. It uses metadata to tag the video file for future retrieval and is easily expandable, which also makes it cost effective.
    • Video data stored in a cloud-based repository will work fine as long as the bandwidth is adequate. On-premises storage of video data is also quite adequate on the right storage format, with fast disks and a reasonably up-to-date network infrastructure.

    “The captured video is stored for days, weeks, months and sometimes years and consumes a lot of space. Data storage plays a new and important role in these systems. Object storage is ideal to store the video data.”

    – Object-Storage.Info

    Classify and offload primary storage

    Some software products have storage options available as a result of agreements with other storage vendors. Several backup and archive software products fall into this category.

    Use Case: Enterprise storage can help reduce data sprawl

    • A large engineering firm was trying to manage its data sprawl. The team sampled a small percentage of their data and quickly realized that when they applied their findings on the 1% of data to their entire data estate, the sheer volume of personal files, older files, and unclassified data was going to be a challenge.
    • They found a solution in archiving software. The archiving software would tag data based on several factors. The software would move older files away from primary storage to an alternate storage platform but still leave a stub of the moved file in place and maintain limited access to those files. This would reduce primary storage requirements and allow the firm to eliminate multiple file servers
    • The engineering firm reached out to Info-Tech and participated in an analyst call. During that call, they laid out their plans, and the analyst made them aware of cloud storage. The positive and negative aspects of cloud storage were discussed, and the firm fully understood that the colder the storage tier, the slower the recovery. The firm's stance was if the files had not been accessed in the past six months, waiting a day or two for retrieval would not be a concern, and the firm was content with cold storage in the cloud.
    • The firm had not purchased the archiving software at the time of the analyst call, and the analyst also explained to them that the archiving software may have an existing agreement with a cloud provider for storage options, which could be more cost effective than purchasing cloud storage separately.
    • Cold cloud-based storage was the preferred solution for this firm, but this use case also highlights the option that some software products carry regarding storage. Several backup and archive products have a cloud storage option that should be investigated, as they may be cost-effective options.

    “Cold storage is perfect for archiving your data. Online backup providers offer low-cost, off-site data backups at the expense of fast speeds and easy access, even though data retrieval often comes at an added cost. If you need to keep your data long-term, but don’t need to access it often, this is the kind of storage you need.”

    – Ben Stockton, Cloudwards

    Understand your data requirements

    Activity

    The first step in solving your enterprise storage challenge is identifying your data sources or drivers, data volume size, and growth rates. This information will give you insight into what data sources could be stored on premises or in the cloud, how much storage you will require for the coming five to ten years, and what to consider when exploring enterprise storage solutions.

    • Info-Tech’s Modernize Enterprise Storage Workbook can be a valuable asset for determining your current storage drivers and future storage needs, structuring a plan for future storage purchases, and determining timelines and total cost of ownership.
    • An example of the Storage Capacity Calculator tab from that workbook is displayed on the right. Using the Storage Capacity Requirements Calculator requires minimal steps.
    1. Enter the current date and planning timeline (horizon) in months
    2. Identify the top sources of data within the business – the current data drivers. Areas of focus could include business applications, file shares, backup, and archives.
    3. For each of these data drivers, include your best estimate of:
    • Current data volume
    • Growth rate
  • Identify the top future data drivers, such as new applications or initiatives that will result from current business plans and priorities, and record the following details:
    • Initial data volumes
    • Projected growth rates
    • Planned implementation date
  • The spreadsheet will automatically calculate the data volume at the planning horizon based on the growth rate.
  • Download the Modernize Enterprise Storage Workbook and take the first step toward understanding your data requirements.

    The image contains a screenshot of the Modernize Enterprise Storage Workbook.

    Download the Modernize Enterprise Storage Workbook

    Related Info-Tech Research

    Modernize Enterprise Storage

    Current and emerging storage technologies are disrupting the status quo – prepare your infrastructure for the exponential rise in data and its storage requirements.

    Modernize Enterprise Storage Workbook

    This workbook will complement the discussions and activities found in the Modernize Enterprise Storage blueprint. Use this workbook in conjunction with the blueprint to develop a strategy for storage modernization.

    Bibliography

    Bakkianathan, Raghunathan. “What is the difference between Hot Warm and Cold data storage?” TechBlost, n.d.. Accessed 14 July 2022.
    Cesare. “Data warehouse vs Data lake vs Lakehouse… and DeltaLake?“ Medium, 14 June 2021. Accessed 26 July 2022.
    Davison, Shawn and Ryan Sappenfield. “Data Lake Vs Lakehouse Vs Data Mesh: The Evolution of Data Transformation.” DevIQ, May 2022. Accessed 23 July 2022.
    Desjardins, Jeff. “Infographic: How Much Data is Generated Each Day?” Visual Capitalist, 15 April 2019. Accessed 26 July 2022.
    Greengard, Samuel. “Top 10 Hyperconverged Infrastructure (HCI) Solutions.” Datamation, 22 December 2020. Accessed 23 July 2022.
    Harvey, Cynthia. “Flash vs. SSD Storage: Is there a Difference?” Enterprise Storage Forum, 10 July 2018. Accessed 23 July 2022.
    Harvey, Cynthia. “What Is Software Defined Storage? Features & Benefits.” Enterprise Storage Forum, 22 February 2018. Accessed 23 July 2022.
    Hecht, Gil. “4 Predictions for storage and backup security in 2022.” Continuity Software, 09 January 2022. Accessed 22 July 2022.
    Jacobi, Jonl. “NVMe SSDs: Everything you need to know about this insanely fast storage.” PCWorld, 10 March 2019. Accessed 22 July 2022
    Pritchard, Stephen. “Briefing: Cloud storage performance metrics.” Computer Weekly, 16 July 2021. Accessed 23 July 2022
    Robb, Drew. “Best Enterprise Backup Software & Solutions 2022.” Enterprise Storage Forum, 09 April 2021. Accessed 23 July 2022.
    Sheldon, Robert. “On-premises STaaS shifts storage buying to Opex model.” TechTarget, 10 August 2020. Accessed 22 July 2022.
    “Simplify Your Storage Ownership, Forever.” PureStorage. Accessed 20 July 2022.
    Stockton, Ben. “Hot Storage vs Cold Storage in 2022: Instant Access vs Long-Term Archives.” Cloudwards, 29 September 2021. Accessed 22 July 2022.
    “The Cost Savings of SAN-to-SAN Replication.” Secure Infrastructure and Services, 31 March 2016. Accessed 16 July 2022.
    “Video Surveillance.” Object-Storage.Info, 18 December 2019. Accessed 25 July 2022.
    “What is a Data Lake?” Amazon Web Services, n.d. Accessed 17 July 2022.
    “What is enterprise cloud storage?” Spectrum Enterprise, n.d. Accessed 28 July 2022.
    “What is SAN (Storage Area Network).” NetApp, n.d. Accessed 25 July 2022.
    “What is software-defined storage?” RedHat, 08 March 2018. Accessed 16 July 2022.

    Identify Opportunities to Mature the Security Architecture

    • Buy Link or Shortcode: {j2store}385|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Secure Cloud & Network Architecture
    • Parent Category Link: /secure-cloud-network-architecture
    • Organizations do not have a solid grasp on the complexity of their infrastructure and are unaware of the overall risk to their infrastructure posed by inadequate security.
    • Organizations do not understand how to properly create and deliver value propositions of technical security solutions.

    Our Advice

    Critical Insight

    • The security architecture is a living, breathing thing based on the risk profile of your organization.
    • Compliance and risk mitigation create an intertwined relationship between the business and your security architecture. The security architecture roadmap must be regularly assessed and continuously maintained to ensure security controls align with organizational objectives.

    Impact and Result

    • A right-sized security architecture can be created by assessing the complexity of the IT department, the operations currently underway for security, and the perceived value of a security architecture within the organization. This will bring about a deeper understanding of the organizational infrastructure.
    • Developing a security architecture should also result in a list of opportunities (i.e. initiatives) that an organization can integrate into a roadmap. These initiatives will seek to improve security operations and strengthen the IT department’s understanding of security’s role within the organization.
    • A better understanding of the infrastructure will help to save time on determining the correct technologies required from vendors and therefore cut down on the amount of vendor noise.
    • Creating a defensible roadmap will assist with justifying future security spend.

    Identify Opportunities to Mature the Security Architecture Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a right-sized security architecture, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify the organization’s ideal security architecture

    Complete three unique assessments to define the ideal security architecture maturity for your organization.

    • Identify Opportunities to Mature the Security Architecture – Phase 1: Identify the Organization's Ideal Security Architecture
    • Security Architecture Recommendation Tool
    • None

    2. Create a security program roadmap

    Use the results of the assessments from Phase 1 of this research to create a roadmap for improving the security program.

    • Identify Opportunities to Mature the Security Architecture – Phase 2: Create a Security Program Roadmap
    [infographic]

    First 30 Days Pandemic Response Plan

    • Buy Link or Shortcode: {j2store}418|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Given the speed and scope of the spread of the pandemic, governments are responding with changes almost daily as to what organizations and people can and can’t do. This volatility and uncertainty challenges organizations to respond, particularly in the absence of a business continuity or crisis management plan.

    Our Advice

    Critical Insight

    • Assess the risk to and viability of your organization in order to create appropriate action and communication plans quickly.

    Impact and Result

    • HR departments must be directly involved in developing the organization’s pandemic response plan. Use Info-Tech's Risk and Viability Matrix and uncover the crucial next steps to take during the first 30 days of the COVID-19 pandemic.

    First 30 Days Pandemic Response Plan Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a response plan for the first 30 days of a pandemic

    Manage organizational risk and viability during the first 30 days of a crisis.

    • First 30 Days Pandemic Response Plan Storyboard
    • Crisis Matrix Communications Template: Business As Usual
    • Crisis Matrix Communications Template: Organization Closing
    • Crisis Matrix Communications Template: Manage Risk and Leverage Resilience
    • Crisis Matrix Communications Template: Reduce Labor and Mitigate Risk
    [infographic]

    Redesign Your IT Organizational Structure

    • Buy Link or Shortcode: {j2store}275|cart{/j2store}
    • member rating overall impact (scale of 10): 9.2/10 Overall Impact
    • member rating average dollars saved: $71,830 Average $ Saved
    • member rating average days saved: 25 Average Days Saved
    • Parent Category Name: Organizational Design
    • Parent Category Link: /organizational-design

    Most organizations go through an organizational redesign to:

    • Better align to the strategic objectives of the organization.
    • Increase the effectiveness of IT as a function.
    • Provide employees with clarity in their roles and responsibilities.
    • Support new capabilities.
    • Better align IT capabilities to suit the vision.
    • Ensure the IT organization can support transformation initiatives.

    Our Advice

    Critical Insight

    • Organizational redesign is only as successful as the process leaders engage in. It shapes a story framed in a strong foundation of need and a method to successfully implement and adopt the new structure.
    • Benchmarking your organizational redesign to other organizations will not work. Other organizations have different strategies, drivers, and context. It’s important to focus on your organization, not someone else's.
    • You could have the best IT employees in the world, but if they aren’t structured well your organization will still fail in reaching its vision.

    Impact and Result

    • We are often unsuccessful in organizational redesign because we lack an understanding of why this initiative is required or fail to recognize that it is a change initiative.
    • Successful organizational design requires a clear understanding of why it is needed and what will be achieved by operating in a new structure.
    • Additionally, understanding the impact of the change initiative can lead to greater adoption by core stakeholders.

    Redesign Your IT Organizational Structure Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Redesign Your IT Organizational Structure Deck – A defined method of redesigning your IT structure that is founded by clear drivers and consistently considering change management practices.

    The purpose of this storyboard is to provide a four-phased approach to organizational redesign.

    • Redesign Your IT Organizational Structure – Phases 1-4

    2. Communication Deck – A method to communicate the new organizational structure to critical stakeholders to gain buy-in and define the need.

    Use this templated Communication Deck to ensure impacted stakeholders have a clear understanding of why the new organizational structure is needed and what that structure will look like.

    • Organizational Design Communications Deck

    3. Redesign Your IT Organizational Structure Executive Summary Template – A template to secure executive leadership buy-in and financial support for the new organizational structure to be implemented.

    This template provides IT leaders with an opportunity to present their case for a change in organizational structure and roles to secure the funding and buy-in required to operate in the new structure.

    • Redesign Your IT Organizational Structure Executive Summary

    4. Redesign Your IT Organizational Structure Workbook – A method to document decisions made and rationale to support working through each phase of the process.

    This Workbook allows IT and business leadership to work through the steps required to complete the organizational redesign process and document key rationale for those decisions.

    • Redesign Your IT Organizational Structure Workbook

    5. Redesign Your IT Organizational Structure Operating Models and Capability Definitions – A tool that can be used to provide clarity on the different types of operating models that exist as well as the process definitions of each capability.

    Refer to this tool when working through the redesign process to better understand the operating model sketches and the capability definitions. Each capability has been tied back to core frameworks that exist within the information and technology space.

    • Redesign Your IT Organizational Structure Operating Models and Capability Definitions

    Infographic

    Workshop: Redesign Your IT Organizational Structure

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish the Organizational Design Foundation

    The Purpose

    Lay the foundation for your organizational redesign by establishing a set of organizational design principles that will guide the redesign process.

    Key Benefits Achieved

    Clearly articulate why this organizational redesign is needed and the implications the strategies and context will have on your structure.

    Activities

    1.1 Define the org design drivers.

    1.2 Document and define the implications of the business context.

    1.3 Align the structure to support the strategy.

    1.4 Establish guidelines to direct the organizational design process.

    Outputs

    Clear definition of the need to redesign the organizational structure

    Understanding of the business context implications on the organizational structure creation.

    Strategic impact of strategies on organizational design.

    Customized Design Principles to rationalize and guide the organizational design process.

    2 Create the Operating Model Sketch

    The Purpose

    Select and customize an operating model sketch that will accurately reflect the future state your organization is striving towards. Consider how capabilities will be sourced, gaps in delivery, and alignment.

    Key Benefits Achieved

    A customized operating model sketch that informs what capabilities will make up your IT organization and how those capabilities will align to deliver value to your organization.

    Activities

    2.1 Augmented list of IT capabilities.

    2.2 Capability gap analysis

    2.3 Identified capabilities for outsourcing.

    2.4 Select a base operating model sketch.

    2.5 Customize the IT operating model sketch.

    Outputs

    Customized list of IT processes that make up your organization.

    Analysis of which capabilities require dedicated focus in order to meet goals.

    Definition of why capabilities will be outsourced and the method of outsourcing used to deliver the most value.

    Customized IT operating model reflecting sourcing, centralization, and intended delivery of value.

    3 Formalize the Organizational Structure

    The Purpose

    Translate the operating model sketch into a formal structure with defined functional teams, roles, reporting structure, and responsibilities.

    Key Benefits Achieved

    A detailed organizational chart reflecting team structures, reporting structures, and role responsibilities.

    Activities

    3.1 Categorize your IT capabilities within your defined functional work units.

    3.2 Create a mandate statement for each work unit.

    3.3 Define roles inside the work units and assign accountability and responsibility.

    3.4 Finalize your organizational structure.

    Outputs

    Capabilities Organized Into Functional Groups

    Functional Work Unit Mandates

    Organizational Chart

    4 Plan for the Implementation & Change

    The Purpose

    Ensure the successful implementation of the new organizational structure by strategically communicating and involving stakeholders.

    Key Benefits Achieved

    A clear plan of action on how to transition to the new structure, communicate the new organizational structure, and measure the effectiveness of the new structure.

    Activities

    4.1 Identify and mitigate key org design risks.

    4.2 Define the transition plan.

    4.3 Create the change communication message.

    4.4 Create a standard set of FAQs.

    4.5 Align sustainment metrics back to core drivers.

    Outputs

    Risk Mitigation Plan

    Change Communication Message

    Standard FAQs

    Implementation and sustainment metrics.

    Further reading

    Redesign Your IT Organizational Structure

    Designing an IT structure that will enable your strategic vision is not about an org chart – it’s about how you work.

    EXECUTIVE BRIEF

    Analyst Perspective

    Structure enables strategy.

    The image contains a picture of Allison Straker.

    Allison Straker

    Research Director,

    Organizational Transformation

    The image contains a picture of Brittany Lutes.

    Brittany Lutes

    Senior Research Analyst,

    Organizational Transformation

    An organizational structure is much more than a chart with titles and names. It defines the way that the organization operates on a day-to-day basis to enable the successful delivery of the organization’s information and technology objectives. Moreover, organizational design sees beyond the people that might be performing a specific role. People and role titles will and often do change frequently. Those are the dynamic elements of organizational design that allow your organization to scale and meet specific objectives at defined points of time. Capabilities, on the other hand, are focused and related to specific IT processes.

    Redesigning an IT organizational structure can be a small or large change transformation for your organization. Create a structure that is equally mindful of the opportunities and the constraints that might exist and ensure it will drive the organization towards its vision with a successful implementation. If everyone understands why the IT organization needs to be structured that way, they are more likely to support and adopt the behaviors required to operate in the new structure.

    Executive Summary

    Your Challenge

    Your organization needs to reorganize itself because:

    • The current IT structure does not align to the strategic objectives of the organization.
    • There are inefficiencies in how the IT function is currently operating.
    • IT employees are unclear about their role and responsibilities, leading to inconsistencies.
    • New capabilities or a change in how the capabilities are organized is required to support the transformation.

    Common Obstacles

    Many organizations struggle when it comes redesigning their IT organizational structure because they:

    • Jump right into creating the new organizational chart.
    • Do not include the members of the IT leadership team in the changes.
    • Do not include the business in the changes.
    • Consider the context in which the change will take place and how to enable successful adoption.

    Info-Tech’s Approach

    Successful IT organization redesign includes:

    • Understanding the drivers, context, and strategies that will inform the structure.
    • Remaining objective by focusing on capabilities over people or roles.
    • Identifying gaps in delivery, sourcing strategies, customers, and degrees of centralization.
    • Remembering that organizational design is a change initiative and will require buy-in.

    Info-Tech Insight

    A successful redesign requires a strong foundation and a plan to ensure successful adoption. Without these, the organizational chart has little meaning or value.

    Your challenge

    This research is designed to help organizations who are looking to:

    • Redesign the IT structure to align to the strategic objectives of the enterprise.
    • Increase the effectiveness in how the IT function is operating in the organization.
    • Provide clarity to employees around their roles and responsibilities.
    • Ensure there is an ability to support new IT capabilities and/or align capabilities to better support the direction of the organization.
    • Align the IT organization to support a business transformation such as becoming digitally enabled or engaging in M&A activities.

    Organizational design is a challenge for many IT and digital executives

    69% of digital executives surveyed indicated challenges related to structure, team silos, business-IT alignment, and required roles when executing on a digital strategy.

    Source: MIT Sloan, 2020

    Common obstacles

    These barriers make IT organizational redesign difficult to address for many organizations:

    • Confuse organizational design and organizational charts as the same thing.
    • Start with the organizational chart, not taking into consideration the foundational elements that will make that chart successful.
    • Fail to treat organizational redesign as a change management initiative and follow through with the change.
    • Exclude impacted or influential IT leaders and/or business stakeholders from the redesign process.
    • Leverage an operating model because it is trending.

    To overcome these barriers:

    • Understand the context in which the changes will take place.
    • Communicate the changes to those impacted to enable successful adoption and implementation of a new organizational structure.
    • Understand that organizational design is for more than just HR leaders now; IT executives should be driving this change.

    Succeed in Organizational Redesign

    75% The percentage of change efforts that fail.

    Source: TLNT, 2019

    55% The percentage of practitioners who identify how information flows between work units as a challenge for their organization.

    Source: Journal of Organizational Design, 2019

    Organizational design defined

    If your IT strategy is your map, your IT organizational design represents the optimal path to get there.

    IT organizational design refers to the process of aligning the organization’s structure, processes, metrics, and talent to the organization’s strategic plan to drive efficiency and effectiveness.

    Why is the right IT organizational design so critical to success?

    Adaptability is at the core of staying competitive today

    Structure is not just an organizational chart

    Organizational design is a never-ending process

    Digital technology and information transparency are driving organizations to reorganize around customer responsiveness. To remain relevant and competitive, your organizational design must be forward looking and ready to adapt to rapid pivots in technology or customer demand.

    The design of your organization dictates how roles function. If not aligned to the strategic direction, the structure will act as a bungee cord and pull the organization back toward its old strategic direction (ResearchGate.net, 2014). Structure supports strategy, but strategy also follows structure.

    Organization design is not a one-time project but a continuous, dynamic process of organizational self-learning and continuous improvement. Landing on the right operating model will provide a solid foundation to build upon as the organization adapts to new challenges and opportunities.

    Understand the organizational differences

    Organizational Design

    Organizational design the process in which you intentionally align the organizational structure to the strategy. It considers the way in which the organization should operate and purposely aligns to the enterprise vision. This process often considers centralization, sourcing, span of control, specialization, authority, and how those all impact or are impacted by the strategic goals.

    Operating Model

    Operating models provide an architectural blueprint of how IT capabilities are organized to deliver value. The placement of the capabilities can alter the culture, delivery of the strategic vision, governance model, team focus, role responsibility, and more. Operating model sketches should be foundational to the organizational design process, providing consistency through org chart changes.

    Organizational Structure

    The organizational structure is the chosen way of aligning the core processes to deliver. This can be strategic, or it can be ad hoc. We recommend you take a strategic approach unless ad hoc aligns to your culture and delivery method. A good organizational structure will include: “someone with authority to make the decisions, a division of labor and a set of rules by which the organization operates” (Bizfluent, 2019).

    Organizational Chart

    The capstone of this change initiative is an easy-to-read chart that visualizes the roles and reporting structure. Most organizations use this to depict where individuals fit into the organization and if there are vacancies. While this should be informed by the structure it does not necessarily depict workflows that will take place. Moreover, this is the output of the organizational design process.

    Sources: Bizfluent, 2019; Strategy & Business, 2015; SHRM, 2021

    The Technology Value Trinity

    The image contains a diagram of the Technology Value Trinity as described in the text below.

    All three elements of the Technology Value Trinity work in harmony to delivery business value and achieve strategic needs. As one changes, the others need to change as well.

    How do these three elements relate?

    • Digital and IT strategy tells you what you need to achieve to be successful.
    • Operating model and organizational design align resources to deliver on your strategy and priorities. This is done by strategically structuring IT capabilities in a way that enables the organizations vision and considers the context in which the structure will operate.
    • I&T governance is the confirmation of IT’s goals and strategy, which ensures the alignment of IT and business strategy and is the mechanism by which you continuously prioritize work to ensure that what is delivered is in line with the strategy.

    Too often strategy, organizational design, and governance are considered separate practices – strategies are defined without teams and resources to support. Structure must follow strategy.

    Info-Tech’s approach to organizational design

    Like a story, a strategy without a structure to deliver on it is simply words on paper.

    Books begin by setting the foundation of the story.

    Introduce your story by:

    • Defining the need(s) that are driving this initiative forward.
    • Introducing the business context in which the organizational redesign must take place.
    • Outlining what’s needed in the redesign to support the organization in reaching its strategic IT goals.

    The plot cannot thicken without the foundation. Your organizational structure and chart should not exist without one either.

    The steps to establish your organizational chart - with functional teams, reporting structure, roles, and responsibilities defined – cannot occur without a clear definition of goals, need, and context. An organizational chart alone won’t provide the insight required to obtain buy-in or realize the necessary changes.

    Conclude your story through change management and communication.

    Good stories don’t end without referencing what happened before. Use the literary technique of foreshadowing – your change management must be embedded throughout the organizational redesign process. This will increase the likelihood that the organizational structure can be communicated, implemented, and reinforced by stakeholders.

    Info-Tech uses a capability-based approach to help you design your organizational structure

    Once your IT strategy is defined, it is critical to identify the capabilities that are required to deliver on those strategic initiatives. Each initiative will require a combination of these capabilities that are only supported through the appropriate organization of roles, skills, and team structures.

    The image contains a diagram of the various services and blueprints that Info-Tech has to offer.

    Embed change management into organizational design

    Change management practices are needed from the onset to ensure the implementation of an organizational structure.

    For each phase of this blueprint, its important to consider change management. These are the points when you need to communicate the structure changes:

    • Phase 1: Begin to socialize the idea of new organizational structure with executive leadership and explain how it might be impactful to the context of the organization. For example, a new control, governance model, or sourcing approach could be considered.
    • Phase 2: The chosen operating model will influence your relationships with the business and can create/eliminate silos. Ensure IT and business leaders have insight into these possible changes and a willingness to move forward.
    • Phase 3: The new organizational structure could create or eliminate teams, reduce or increase role responsibilities, and create different reporting structures than before. It’s time to communicate these changes with those most impacted and be able to highlight the positive outcomes of the various changes.
    • Phase 4: Should consider the change management practices holistically. This includes the type of change and length of time to reach the end state, communication, addressing active resistors, acquiring the right skills, and measuring the success of the new structure and its adoption.

    Info-Tech Insight

    Do not undertake an organizational redesign initiative if you will not engage in change management practices that are required to ensure its successful adoption.

    Measure the value of the IT organizational redesign

    Given that the organizational redesign is intended to align with the overall vision and objectives of the business, many of the metrics that support its success will be tied to the business. Adapt the key performance indicators (KPIs) that the business is using to track its success and demonstrate how IT can enable the business and improve its ability to reach those targets.

    Strategic Resources

    The percentage of resources dedicated to strategic priorities and initiatives supported by IT operating model. While operational resources are necessary, ensuring people are allocating time to strategic initiatives as well will drive the business towards its goal state. Leverage Info-Tech’s IT Staffing Assessment diagnostic to benchmark your IT resource allocation.

    Business Satisfaction

    Assess the improvement in business satisfaction overall with IT year over year to ensure the new structure continues to drive satisfaction across all business functions. Leverage Info-Tech’s CIO Business Vision diagnostic to see how your IT organization is perceived.

    Role Clarity

    The degree of clarity that IT employees have around their role and its core responsibilities can lead to employee engagement and retention. Consider measuring this core job driver by leveraging Info-Tech’s Employee Engagement Program.

    Customer & User Satisfaction

    Measure customer satisfaction with technology-enabled business services or products and improvements in technology-enabled client acquisition or retention processes. Assess the percentage of users satisfied with the quality of IT service delivery and leverage Info-Tech’s End-User Satisfaction Survey to determine improvements.

    Info-Tech’s methodology for Redesigning Your IT Organization

    Phase

    1. Establish the Organizational Design Foundation

    2. Create the Operating Model Sketch

    3. Formalize the Organizational Structure

    4. Plan for Implementation and Change

    Phase Outcomes

    Lay the foundation for your organizational redesign by establishing a set of organizational design principles that will guide the redesign process.

    Select and customize an operating model sketch that will accurately reflect the future state your organization is striving towards. Consider how capabilities will be sourced, gaps in delivery, and alignment.

    Translate the operating model sketch into a formal structure with defined functional teams, roles, reporting structure, and responsibilities.

    Ensure the successful implementation of the new organizational structure by strategically communicating and involving stakeholders.

    Insight summary

    Overarching insight

    Organizational redesign processes focus on defining the ways in which you want to operate and deliver on your strategy – something an organizational chart will never be able to convey.

    Phase 1 insight

    Focus on your organization, not someone else's’. Benchmarking your organizational redesign to other organizations will not work. Other organizations have different strategies, drivers, and context.

    Phase 2 insight

    An operating model sketch that is customized to your organization’s specific situation and objectives will significantly increase the chances of creating a purposeful organizational structure.

    Phase 3 insight

    If you follow the steps outlined in the first three phases, creating your new organizational chart should be one of the fastest activities.

    Phase 4 insight

    Throughout the creation of a new organizational design structure, it is critical to involve the individuals and teams that will be impacted.

    Tactical insight

    You could have the best IT employees in the world, but if they aren’t structured well your organization will still fail in reaching its vision.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:


    Communication Deck

    Communicate the changes to other key stakeholders such as peers, managers, and staff.

    Workbook

    As you work through each of the activities, use this workbook as a place to document decisions and rationale.

    Reference Deck

    Definitions for every capability, base operating model sketches, and sample organizational charts aligned to those operating models.

    Job Descriptions

    Key deliverable:

    Executive Presentation

    Leverage this presentation deck to gain executive buy-in for your new organizational structure.

    Blueprint benefits

    IT Benefits

    • Create an organizational structure that aligns to the strategic goals of IT and the business.
    • Provide IT employees with clarity on their roles and responsibilities to ensure the successful delivery of IT capabilities.
    • Highlight and sufficiently staff IT capabilities that are critical to the organization.
    • Define a sourcing strategy for IT capabilities.
    • Increase employee morale and empowerment.

    Business Benefits

    • IT can carry out the organization’s strategic mission and vision of all technical and digital initiatives.
    • Business has clarity on who and where to direct concerns or questions.
    • Reduce the likelihood of turnover costs as IT employees understand their roles and its importance.
    • Create a method to communicate how the organizational structure aligns with the strategic initiatives of IT.
    • Increase ability to innovate the organization.

    Executive Brief Case Study

    IT design needs to support organizational and business objectives, not just IT needs.

    INDUSTRY: Government

    SOURCE: Analyst Interviews and Working Sessions

    Situation

    IT was tasked with providing equality to the different business functions through the delivery of shared IT services. The government created a new IT organizational structure with a focus on two areas in particular: strategic and operational support capabilities.

    Challenge

    When creating the new IT structure, an understanding of the complex and differing needs of the business functions was not reflected in the shared services model.

    Outcome

    As a result, the new organizational structure for IT did not ensure adequate meeting of business needs. Only the operational support structure was successfully adopted by the organization as it aligned to the individual business objectives. The strategic capabilities aspect was not aligned to how the various business lines viewed themselves and their objectives, causing some partners to feel neglected.

    Info-Tech offers various levels of support to best suit your needs.

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    Phase 1

    Call #1: Define the process, understand the need, and create a plan of action.

    Phase 2

    Call #2: Define org. design drivers and business context.

    Call #3: Understand strategic influences and create customized design principles.

    Call #4: Customize, analyze gaps, and define sourcing strategy for IT capabilities.

    Call #5: Select and customize the IT operating model sketch.

    Phase 3

    Call #6: Establish functional work units and their mandates.

    Call #7: Translate the functional organizational chart to an operational organizational chart with defined roles.

    Phase 4

    Call #8: Consider risks and mitigation tactics associated with the new structure and select a transition plan.

    Call #9: Create your change message, FAQs, and metrics to support the implementation plan.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Establish the Organizational Redesign Foundation

    Create the Operating Model Sketch

    Formalize the Organizational Structure

    Plan for Implementation and Change

    Next Steps and
    Wrap-Up (offsite)

    Activities

    1.1 Define the org. design drivers.

    1.2 Document and define the implications of the business context.

    1.3 Align the structure to support the strategy.

    1.4 Establish guidelines to direct the organizational design process.

    2.1 Augment list of IT capabilities.

    2.2 Analyze capability gaps.

    2.3 Identify capabilities for outsourcing.

    2.4 Select a base operating model sketch.

    2.5 Customize the IT operating model sketch.

    3.1 Categorize your IT capabilities within your defined functional work units.

    3.2 Create a mandate statement for each work unit.

    3.3 Define roles inside the work units and assign accountability and responsibility.

    3.4 Finalize your organizational structure.

    4.1 Identify and mitigate key org. design risks.

    4.2 Define the transition plan.

    4.3 Create the change communication message.

    4.4 Create a standard set of FAQs.

    4.5 Align sustainment metrics back to core drivers.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Foundational components to the organizational design
    2. Customized design principles
    1. Heat mapped IT capabilities
    2. Defined outsourcing strategy
    3. Customized operating model
    1. Capabilities organized into functional groups
    2. Functional work unit mandates
    3. Organizational chart
    1. Risk mitigation plan
    2. Change communication message
    3. Standard FAQs
    4. Implementation and sustainment metrics
    1. Completed organizational design communications deck

    This blueprint is part one of a three-phase approach to organizational transformation

    PART 1: DESIGN

    PART 2: STRUCTURE

    PART 3: IMPLEMENT

    IT Organizational Architecture

    Organizational Sketch

    Organizational Structure

    Organizational Chart

    Transition Strategy

    Implement Structure

    1. Define the organizational design drivers, business context, and strategic alignment.

    2. Create customized design principles.

    3. Develop and customize a strategically aligned operating model sketch.

    4. Define the future-state work units.

    5. Create future-state work unit mandates.

    6. Define roles by work unit.

    7. Turn roles into jobs with clear capability accountabilities and responsibilities.

    8. Define reporting relationships between jobs.

    9. Assess options and select go-forward organizational sketch.

    11. Validate organizational sketch.

    12. Analyze workforce utilization.

    13. Define competency framework.

    14. Identify competencies required for jobs.

    15. Determine number of positions per job

    16. Conduct competency assessment.

    17. Assign staff to jobs.

    18. Build a workforce and staffing plan.

    19. Form an OD implementation team.

    20. Develop change vision.

    21. Build communication presentation.

    22. Identify and plan change projects.

    23. Develop organizational transition plan.

    24. Train managers to lead through change.

    25. Define and implement stakeholder engagement plan.

    26. Develop individual transition plans.

    27. Implement transition plans.

    Risk Management: Create, implement, and monitor risk management plan.

    HR Management: Develop job descriptions, conduct job evaluation, and develop compensation packages.

    Monitor and Sustain Stakeholder Engagement

    Phase 1

    Establish the Organizational Redesign Foundation

    This phase will walk you through the following activities:

    1.1 Define the organizational redesign driver(s)

    1.2 Create design principles based on the business context

    1.3a (Optional Exercise) Identify the capabilities from your value stream

    1.3b Identify the capabilities required to deliver on your strategies

    1.4 Finalize your list of design principles

    This phase involves the following participants:

    • CIO
    • IT Leadership
    • Business Leadership

    Embed change management into the organizational design process

    Articulate the Why

    Changes are most successful when leaders clearly articulate the reason for the change – the rationale for the organizational redesign of the IT function. Providing both staff and executive leaders with an understanding for this change is imperative to its success. Despite the potential benefits to a redesign, they can be disruptive. If you are unable to answer the reason why, a redesign might not be the right initiative for your organization.

    Employees who understand the rationale behind decisions made by executive leaders are 3.6 times more likely to be engaged.

    McLean & Company Engagement Survey Database, 2021; N=123,188

    Info-Tech Insight

    Successful adoption of the new organizational design requires change management from the beginning. Start considering how you will convey the need for organizational change within your IT organization.

    The foundation of your organizational design brings together drivers, context, and strategic implications

    All aspects of your IT organization’s structure should be designed with the business’ context and strategic direction in mind.

    Use the following set of slides to extract the key components of your drivers, business context, and strategic direction to land on a future structure that aligns with the larger strategic direction.

    REDESIGN DRIVERS

    Driver(s) can originate from within the IT organization or externally. Ensuring the driver(s) are easy to understand and articulate will increase the successful adoption of the new organizational structure.

    BUSINESS CONTEXT

    Defines the interactions that occur throughout the organization and between the organization and external stakeholders. The context provides insight into the environment by both defining the purpose of the organization and the values that frame how it operates.

    STRATEGY IMPLICATIONS

    The IT strategy should be aligned to the overall business strategy, providing insight into the types of capabilities required to deliver on key IT initiatives.

    Understand IT’s desired maturity level, alignment with business expectations, and capabilities of IT

    Where are we today?

    Determine the current overall maturity level of the IT organization.

    Where do we want to be as an organization?

    Use the inputs from Info-Tech’s diagnostic data to determine where the organization should be after its reorganization.

    How can you leverage these results?

    The result of these diagnostics will inform the design principles that you’ll create in this phase.

    Leverage Info-Tech’s diagnostics to provide an understanding of critical areas your redesign can support:

    CIO Business Vision Diagnostic

    Management & Governance Diagnostic

    IT Staffing Diagnostic

    The image contains a picture of Info-Tech's maturity ladder.

    Consider the organizational design drivers

    Consider organizational redesign if …

    Effectiveness is a concern:

    • Insufficient resources to meet demand
    • Misalignment to IT (and business) strategies
    • Lack of clarity around role responsibility or accountability
    • IT functions operating in silos

    New capabilities are needed:

    • Organization is taking on new capabilities (digital, transformation, M&A)
    • Limited innovation
    • Gaps in the capabilities/services of IT
    • Other external environmental influences or changes in strategic direction

    Lack of business understanding

    • Misalignment between business and IT or how the organization does business
    • Unhappy customers (internal or external)

    Workforce challenges

    • Frequent turnover or inability to attract new skills
    • Low morale or employee empowerment

    These are not good enough reasons …

    • New IT leader looking to make a change for the sake of change or looking to make their legacy known
    • To work with specific/hand-picked leaders over others
    • To “shake things up” to see what happens
    • To force the organization to see IT differently

    Info-Tech Insight

    Avoid change for change’s sake. Restructuring could completely miss the root cause of the problem and merely create a series of new ones.

    1.1 Define the organizational redesign driver(s)

    1-2 hours

    1. As a group, brainstorm a list of current pain points or inhibitors in the current organizational structure, along with a set of opportunities that can be realized during your restructuring. Group these pain points and opportunities into themes.
    2. Leverage the pain points and opportunities to help further define why this initiative is something you’re driving towards. Consider how you would justify this initiative to different stakeholders in the organization.
    3. Questions to consider:
      1. Who is asking for this initiative?
      2. What are the primary benefits this is intended to produce?
      3. What are you optimizing for?
      4. What are we capable of achieving as an IT organization?
      5. Are the drivers coming from inside or outside the IT organization?
    4. Once you’ve determined the drivers for redesigning the IT organization, prioritize those drivers to ensure there is clarity when communicating why this is something you are focusing time and effort on.

    Input

    Output

    • Knowledge of the current organization
    • Pain point and opportunity themes
    • Defined drivers of the initiative

    Materials

    Participants
    • Whiteboard/flip charts (physical or electronic)
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Communications Deck

    Frame the organizational design within the context of the business

    Workforce Considerations:

    • How does your organization view its people resources? Does it have the capacity to increase the number of resources?
    • Do you currently have sufficient staff to meet the demands of the organization? Are you able to outsource resources when demand requires it?
    • Are the members of your IT organization unionized?
    • Is your workforce distributed? Do time zones impact how your team can collaborate?

    Business Context Consideration

    IT Org. Design Implication

    Culture:

    Culture, "the way we do things here,” has huge implications for executing strategy, driving engagement, and providing a guiding force that ensures organizations can work together toward common goals.

    • What is the culture of your organization? Is it cooperative, traditional, competitive, or innovative? (See appendix for details.)
    • Is this the target culture or a stepping-stone to the ideal culture?
    • How do the attitudes and behaviors of senior leaders in the organization reinforce this culture?

    Consider whether your organization’s culture can accept the operating model and organizational structure changes that make sense on paper.

    Certain cultures may lean toward particular operating models. For example, the demand-develop-service operating model may be supported by a cooperative culture. A traditional organization may lean towards the plan-build-run operating model.

    Ensure you have considered your current culture and added exercises to support it.

    If more capacity is required to accomplish the goals of the organization, you’ll want to prepare the leaders and explain the need in your design principles (to reflect training, upskilling, or outsourcing). Unionized environments require additional consideration. They may necessitate less structural changes, and so your principles will need to reflect other alternatives (hiring additional resources, creative options) to support organizational needs. Hybrid or fully remote workforces may impact how your organization interacts.

    Business context considerations

    Business Context Consideration

    IT Org. Design Implication

    Control & Governance:

    It is important to consider how your organization is governed, how decisions are made, and who has authority to make decisions.

    Strategy tells what you do, governance validates you’re doing the right things, and structure is how you execute on what’s been approved.

    • How do decisions get considered and approved in your organization? Are there specific influences that impact the priorities of the organization?
    • Are those in the organization willing to release decision-making authority around specific IT components?
    • Should the organization take on greater accountability for specific IT components?

    Organizations that require more controls may lean toward more centralized governance. Organizations that are looking to better enable and empower their divisions (products, groups, regions, etc.) may look to embed governance in these parts of the organization.

    For enterprise organizations, consider where IT has authority to make decisions (at the global, local, or system level). Appropriate governance needs to be built into the appropriate levels.

    Business context considerations

    Business Context Consideration

    IT Org. Design Implication

    Financial Constraints:

    Follow the money: You may need to align your IT organization according to the funding model.

    • Do partners come to IT with their budgets, or does IT have a central pool that they use to fund initiatives from all partners?
    • Are you able to request finances to support key initiatives/roles prioritized by the organization?
    • How is funding aligned: technology, data, digital, etc.? Is your organization business-line funded? Pooled?
    • Are there special products or digital transformation initiatives with resources outside IT? Product ownership funding?
    • How are regulatory changes funded?
    • Do you have the flexibility to adjust your budget throughout the fiscal year?
    • Are chargebacks in place? Are certain services charged back to business units

    Determine if you can move forward with a new model or if you can adjust your existing one to suit the financial constraints.

    If you have no say over your funding, pre-work may be required to build a business case to change your funding model before you look at your organizational structure – without this, you might have to rule out centralized and focus on hybrid/centralized. If you don’t control the budget (funding comes from your partners), it will be difficult to move to a more centralized model.

    A federated business organization may require additional IT governance to help prioritize across the different areas.

    Budgets for digital transformation might come from specific areas of the business, so resources may need to be aligned to support that. You’ll have to consider how you will work with those areas. This may also impact the roles that are going to exist within your IT organization – product owners or division owners might have more say.

    Business context considerations

    Business Context Consideration

    IT Org. Design Implication

    Business Perspective of IT:

    How the business perceives IT and how IT perceives itself are sometimes not aligned. Make sure the business’ goals for IT are well understood.

    • Are your business partners satisfied if IT is an order taker? Do they agree with the need for IT to become a business partner? Is IT expected to innovate and transform the organization?
    • Is what the business needs from IT the same as what IT is providing currently?

    Business Organization Structure and Growth:

    • How is the overall organization structured: Centralized/decentralized? Functionally aligned? Divided by regions?
    • In what areas does the organization prioritize investments?
    • Is the organization located across a diverse geography?
    • How big is the organization?
    • How is the organization growing and changing – by mergers and acquisitions?

    If IT needs to become more of a business partner, you’ll want to define what that means to your organization and focus on the capabilities to enable this. Educating your partners might also be required if you’re not aligned.

    For many organizations, this will include stakeholder management, innovation, and product/project management. If IT and its business partners are satisfied with an order-taker relationship, be prepared for the consequences of that.

    A global organization will require different IT needs than a single location. Specifically, site reliability engineering (SRE) or IT support services might be deployed in each region. Organizations growing through mergers and acquisitions can be structured differently depending on what the organization needs from the transaction. A more centralized organization may be appropriate if the driver is reuse for a more holistic approach, or the organization may need a more decentralized organization if the acquisitions need to be handled uniquely.

    Business context considerations

    Business Context Consideration

    IT Org. Design Implication

    Sourcing Strategy:

    • What are the drivers for sourcing? Staff augmentation, best practices, time zone support, or another reason?
    • What is your strategy for sourcing?
    • Does IT do all of your technology work, or are parts being done by business or other units?
    • Are we willing/able to outsource, and will that place us into non-compliance (regulations)?
    • Do you have vendor management capabilities in areas that you might outsource?
    • How cloud-driven is your organization?
    • Do you have global operations?

    Change Tolerance:

    • What’s your organization’s tolerance to make changes around organizational design?
    • What's the appetite and threshold for risk?

    Your sourcing strategy affects your organizational structure, including what capabilities you group together. Since managing outsourced capabilities also includes the need for vendor management, you’ll need to ensure there aren’t too many capabilities required per leader. Look closely at what can be achieved through your operating model if IT is done through other groups. Even though these groups may not be in scope of your organization changes, you need to ensure your IT team works with them effectively.

    If your organization is going to push back if there are big structural changes, consider whether the changes are truly necessary. It may be preferred to take baby steps – use an incremental versus big-bang approach.

    A need for incremental change might mean not making a major operating model change.

    Business context considerations

    Business Context Consideration

    IT Org Design. Implication

    Stakeholder Engagement & Focus:

    Identify who your customers and stakeholders are; clarify their needs and engagement model.

    • Who is the customer for IT products and services?
    • Is your customer internal? External? Both?
    • How much of a priority is customer focus for your organization?
    • How will IT interact with customers, end users, and partners? What is the engagement model desired?

    Business Vision, Services, and Products:

    Articulate what your organization was built to do.

    • What does the organization create or provide?
    • Are these products and services changing?
    • What are the most critical capabilities to your organization?
    • What makes your organization a success? What are critical success factors of the organization and how are they measuring this to determine success?

    For a customer or user focus, ensure capabilities related to understanding needs (stakeholder, UX, etc.) are prioritized. Hybrid, decentralized, or demand-develop-service models often have more of a focus on customer needs.

    Outsourcing the service desk might be a consideration if there’s a high demand for the service. A differentiation between these users might mean there’s a different demand for services.

    Think broadly in terms of your organizational vision, not just the tactical (widget creation). You might need to choose an operating model that supports vision.

    Do you need to align your organization with your value stream? Do you need to decentralize specific capabilities to enable prioritization of the key capabilities?

    1.2 Create design principles based on the business context

    1-3 hours

    1. Discuss the business context in which the IT organizational redesign will be taking place. Consider the following standard components of the business context; include other relevant components specific to your organization:
    • Culture
    • Workforce Considerations
    • Control and Governance
    • Financial Constraints
    • Business Perspective of IT
    • Business Organization Structure and Growth
    • Sourcing Strategy
    • Change Tolerance
    • Stakeholder Engagement and Focus
    • Business Vision, Services, and Products
  • Different stakeholders can have different perspectives on these questions. Be sure to consider a holistic approach and engage these individuals.
  • Capture your findings and use them to create initial design principles.
  • Input

    Output

    • Business context
    • Design principles reflecting how the business context influences the organizational redesign for IT

    Materials

    Participants

    • Whiteboard/flip charts (physical or electronic)
    • List of Context Questions
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Communications Deck

    How your IT organization is structured needs to reflect what it must be built to do

    Structure follows strategy – the way you design will impact what your organization can produce.

    Designing your IT organization requires an assessment of what it needs to be built to do:

    • What are the most critical capabilities that you need to deliver, and what does success look like in those different areas?
    • What are the most important things that you deliver overall in your organization?

    The IT organization must reflect your business needs:

    • Understand your value stream and/or your prioritized business goals.
    • Understand the impact of your strategies – these can include your overall digital strategy and/or your IT strategy

    1.3a (Optional Exercise) Identify the capabilities from your value stream

    1 hour

    1. Identify your organization’s value stream – what your overall organization needs to do from supplier to consumer to provide value. Leverage Info-Tech’s industry reference architectures if you haven’t identified your value stream, or use the Document Your Business Architecture blueprint to create yours.
    2. For each item in your value stream, list capabilities that are critical to your organizational strategy and IT needs to further invest in to enable growth.
    3. Also, list those that need further support, e.g. those that lead to long wait times, rework time, re-tooling, down-time, unnecessary processes, unvaluable processes.*
    4. Capture the IT capabilities required to enable your business in your draft principles.
    The image contains a screenshot of the above activity: Sampling Manufacturing Business Capabilities.
    Source: Six Sigma Study Guide, 2014
    Input Output
    • Organization’s value stream
    • List of IT capabilities required to support the IT strategy
    Materials Participants
    • Whiteboard/flip charts (physical or electronic)
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Communications Deck

    Your strategy will help you decide on your structure

    Ensure that you have a clear view of the goals and initiatives that are needed in your organization. Your IT, digital, business, and/or other strategies will surface the IT capabilities your organization needs to develop. Identify the goals of your organization and the initiatives that are required to deliver on them. What capabilities are required to enable these? These capabilities will need to be reflected in your design principles.

    Sample initiatives and capabilities from an organization’s strategies

    The image contains a screenshot of sample initiatives and capabilities from an organization's strategies.

    1.3b Identify the capabilities required to deliver on your strategies

    1 hour

    1. For each IT goal, there may be one or more initiatives that your organization will need to complete in order to be successful.
    2. Document those goals and infinitives. For each initiative, consider which core IT capabilities will be required to deliver on that goal. There might be one IT capability or there might be several.
    3. Identify which capabilities are being repeated across the different initiatives. Consider whether you are currently investing in those capabilities in your current organizational structure.
    4. Highlight the capabilities that require IT investment in your design principles.
    InputOutput
    • IT goals
    • IT initiatives
    • IT, digital, and business strategies
    • List of IT capabilities required to support the IT strategy
    MaterialsParticipants
    • Whiteboard/flip charts (physical or electronic)
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Communications Deck

    Create your organizational design principles

    Your organizational design principles should define a set of loose rules that can be used to design your organizational structure to the specific needs of the work that needs to be done. These rules will guide you through the selection of the appropriate operating model that will meet your business needs. There are multiple ways you can hypothetically organize yourself to meet these needs, and the design principles will point you in the direction of which solution is the most appropriate as well as explain to your stakeholders the rationale behind organizing in a specific way. This foundational step is critical: one of the key reasons for organizational design failure is a lack of requisite time spent on the front-end understanding what is the best fit.

    The image contains an example of organizing design principles as described above.

    1.4 Finalize your list of design principles

    1-3 hours

    1. As a group, review the key outputs from your data collection exercises and their implications.
    2. Consider each of the previous exercises – where does your organization stand from a maturity perspective, what is driving the redesign, what is the business context, and what are the key IT capabilities requiring support. Identify how each will have an implication on your organizational redesign. Leverage this conversation to generate design principles.
    3. Vote on a finalized list of eight to ten design principles that will guide the selection of your operating model. Have everyone leave the meeting with these design principles so they can review them in more detail with their work units or functional areas and elicit any necessary feedback.
    4. Reconvene the group that was originally gathered to create the list of design principles and make any final amendments to the list as necessary. Use this opportunity to define exactly what each design principle means in the context of your organization so everyone has the same understanding of what this means moving forward.
    InputOutput
    • Organizational redesign drivers
    • Business context
    • IT strategy capabilities
    • Organizational design principles to help inform the selection of the right operating model sketch
    MaterialsParticipants
    • Whiteboard/flip charts (physical or electronic)
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Communications Deck

    Example design principles

    Your eight to ten design principles will be those that are most relevant to YOUR organization. Below are samples that other organizations have created, but yours will not be the same.

    Design Principle

    Description

    Decision making

    We will centralize decision making around the prioritization of projects to ensure that the initiatives driving the most value for the organization as a whole are executed.

    Fit for purpose

    We will build and maintain fit-for-purpose solutions based on business units’ unique needs.

    Reduction of duplication

    We will reduce role and application duplication through centralized management of assets and clearly differentiated roles that allow individuals to focus within key capability areas.

    Managed security

    We will manage security enterprise-wide and implement compliance and security governance policies.

    Reuse > buy > build

    We will maximize reuse of existing assets by developing a centralized application portfolio management function and approach.

    Managed data

    We will create a specialized data office to provide data initiatives with the focus they need to enable our strategy.

    Design Principle

    Description

    Controlled technical diversity

    We will control the variety of technology platforms we use to allow for increased operability and reduction of costs.

    Innovation

    R&D and innovation are critical – we will build an innovation team into our structure to help us meet our digital agenda.

    Resourcing

    We will separate our project and maintenance activities to ensure each are given the dedicated support they need for success and to reduce the firefighting mentality.

    Customer centricity

    The new structure will be directly aligned with customer needs – we will have dedicated roles around relationship management, requirements, and strategic roadmapping for business units.

    Interoperability

    We will strengthen our enterprise architecture practices to best prepare for future mergers and acquisitions.

    Cloud services

    We will move toward hosted versus on-premises infrastructure solutions, retrain our data center team in cloud best practices, and build roles around effective vendor management, cloud provisioning, and architecture.

    Phase 2

    Create the Operating Model Sketch

    This phase will walk you through the following activities:

    2.1 Augment the capability list

    2.2 Heatmap capabilities to determine gaps in service

    2.3 Identify the target state of sourcing for your IT capabilities

    2.4 Review and select a base operating model sketch

    2.5 Customize the selected overlay to reflect the desired future state

    This phase involves the following participants:

    • CIO
    • IT Leadership

    Embed change management into the organizational design process

    Gain Buy-In

    Obtain desire from stakeholders to move forward with organizational redesign initiative by involving them in the process to gain interest. This will provide the stakeholders with assurance that their concerns are being heard and will help them to understand the benefits that can be anticipated from the new organizational structure.

    “You’re more likely to get buy-in if you have good reason for the proposed changes – and the key is to emphasize the benefits of an organizational redesign.”

    Source: Lucid Chart

    Info-Tech Insight

    Just because people are aware does not mean they agree. Help different stakeholders understand how the change in the organizational structure is a benefit by specifically stating the benefit to them.

    Info-Tech uses capabilities in your organizational design

    We differentiate between capabilities and competencies.

    Capabilities

    • Capabilities are focused on the entire system that would be in place to satisfy a particular need. This includes the people who are competent to complete a specific task and also the technology, processes, and resources to deliver.
    • Capabilities work in a systematic way to deliver on specific need(s).
    • A functional area is often made up of one or more capabilities that support its ability to deliver on that function.
    • Focusing on capabilities rather then the individuals in organizational redesign enables a more objective and holistic view of what your organization is striving toward.

    Competencies

    • Competencies on the other hand are specific to an individual. It determines if the individual poses the skills or ability to perform.
    • Competencies are rooted in the term competent, which looks to understand if you are proficient enough to complete the specific task at hand.
    • Source: The People Development Magazine, 2020

    Use our IT capabilities to establish your IT organization design

    The image contains a diagram of the various services and blueprints that Info-Tech has to offer.

    2.1 Augment the capability list

    1-3 hours

    1. Using the capability list on the previous slide, go through each of the IT capabilities and remove any capabilities for which your IT organization is not responsible and/or accountable. Refer to the Operating Model and Capability Definition List for descriptions of each of the IT capabilities.
    2. Augment the language of specific capabilities that you feel are not directly reflective of what is being done within your organizational context or that you feel need to be changed to reflect more specifically how work is being done in your organization.
    • For example, some organizations may refer to their service desk capability as help desk or regional support. Use a descriptive term that most accurately reflects the terminology used inside the organization today.
  • Add any core capabilities from your organization that are missing from the provided IT capability list.
    • For example, organizations that leverage DevOps capabilities for their product development may desire to designate this in their operating model.
  • Document the rationale for decisions made for future reference.
  • Input Output
    • Baseline list of IT capabilities
    • IT capabilities required to support IT strategy
    • Customized list of IT capabilities
    Materials Participants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership

    Record the results in the Organizational Design Workbook

    Gaps in delivery

    Identify areas that require greater focus and attention.

    Assess the gaps between where you currently are and where you need to be. Evaluate how critical and how effective your capabilities are:

    • Criticality = Importance
      • Try to focus on those which are highly critical to the organization.
      • These may be capabilities that have been identified in your strategies as areas to focus on.
    • Effectiveness = Performance
      • Identify those where the process or system is broken or ineffective, preventing the team from delivering on the capability.
      • Effectiveness could take into consideration how scalable, adaptable, or sustainable each capability is.
      • Focus on the capabilities that are low or medium in effectiveness but highly critical. Addressing the delivery of these capabilities will lead to the most positive outcomes in your organization.

    Remember to identify what allows the highly effective capabilities to perform at the capacity they are. Leverage this when increasing effectiveness elsewhere.

    High Gap

    There is little to no effectiveness (high gap) and the capability is highly important to your organization.

    Medium Gap

    Current ability is medium in effectiveness (medium gap) and there might be some priority for that capability in your organization.

    Low Gap

    Current ability is highly effective (low gap) and the capability is not necessarily a priority for your organization.

    2.2 Heatmap capabilities to determine gaps in delivery

    1-3 hours

    1. At this point, you should have identified what capabilities you need to have to deliver on your organization's goals and initiatives.
    2. Convene a group of the key stakeholders involved in the IT organizational design initiative.
    3. Review your IT capabilities and color each capability border according to the effectiveness and criticality of that capability, creating a heat map.
    • Green indicates current ability is highly effective (low gap) and the capability is not necessarily a priority for your organization.
    • Yellow indicates current ability is medium in effectiveness (medium gap) and there might be some priority for that capability in your organization.
    • Red indicates that there is little to no effectiveness (high gap) and the capability is highly important to your organization.
    Input Output
    • Selected capabilities from activity 2.1
    • Gap analysis in delivery of capabilities currently
    Materials Participants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership

    Record the results in the Organizational Design Workbook

    Don’t forget the why: why are you considering outsourcing?

    There are a few different “types” of outsourcing:

    1. Competitive Advantage – Working with a third-party organization for the knowledge, insights, and best practices they can bring to your organization.
    2. Managed Service– The third party manages a capability or function for your organization.
    3. Staff Augmentation – Your organization brings in contractors and third-party organizations to fill specific skills gaps.

    Weigh which sourcing model(s) will best align with the needed capabilities to deliver effectively

    Insourcing

    Staff Augmentation

    Managed Service

    Competitive Advantage

    Description

    The organization maintains full responsibility for the management and delivery of the IT capability or service.

    Vendor provides specialized skills and enables the IT capability or service together with the organization to meet demand.

    Vendor completely manages the delivery of value for the IT capability, product or service.

    Vendor has unique skills, insights, and best practices that can be taught to staff to enable insourced capability and competency.

    Benefits

    • Retains in-house control over proprietary knowledge and assets that provide competitive or operational advantage.
    • Gains efficiency due to integration into the organization’s processes.
    • Provision of unique skills.
    • Addresses variation in demand for resources.
    • Labor cost savings.
    • Improves use of internal resources.
    • Improves effectiveness due to narrow specialization.
    • Labor cost savings.
    • Gain insights into aspects that could provide your organization with advantages over competitors.
    • Long-term labor cost savings.
    • Short-term outsourcing required.
    • Increase in-house competencies.

    Drawbacks

    • Quality of services/capabilities might not be as high due to lack of specialization.
    • No labor cost savings.
    • Potentially inefficient distribution of labor for the delivery of services/capabilities.
    • Potential conflicts in management or delivery of IT services and capabilities.
    • Negative impact on staff morale.
    • Limited control over services/capabilities.
    • Limited integration into organization’s processes.
    • Short-term labor expenses.
    • Requires a culture of continuous learning and improvement.

    Your strategy for outsourcing will vary with capability and capacity

    The image contains a diagram to show the Develop Vendor Management Capabilities, as described in the text below.

    Capability

    Capacity

    Outsourcing Model

    Low

    Low

    Your solutions may be with you for a long time, so it doesn’t matter whether it is a strategic decision to outsource development or if you are not able to attract the talent required to deliver in your market. Look for a studio, agency, or development shop that has a proven reputation for long-term partnership with its clients.

    Low

    High

    Your team has capacity but needs to develop new skills to be successful. Look for a studio, agency, or development shop that has a track record of developing its customers and delivering solutions.

    High

    Low

    Your organization knows what it is doing but is strapped for people. Look at “body shops” and recruiting agencies that will support short-term development contracts that can be converted to full-time staff or even a wholesale development shop acquisition.

    High

    High

    You have capability and capacity for delivering on your everyday demands but need to rise to the challenge of a significant, short-term rise in demand on a critical initiative. Look for a major system integrator or development shop with the specific expertise in the appropriate technology.

    Use these criteria to inform your right sourcing strategy

    Sourcing Criteria

    Description

    Determine whether you’ll outsource using these criteria

    1. Critical or commodity

    Determine whether the component to be sourced is critical to your organization or if it is a commodity. Commodity components, which are either not strategic in nature or related to planning functions, are likely candidates for outsourcing. Will you need to own the intellectual property created by the third party? Are you ok if they reuse that for their other clients?

    2. Readiness to outsource

    Identify how easy it would be to outsource a particular IT component. Consider factors such as knowledge transfer, workforce reassignment or reduction, and level of integration with other components.

    Vendor management readiness – ensuring that you have sufficient capabilities to manage vendors – should also be considered here.

    3. In-house capabilities

    Determine if you have the capability to deliver the IT solutions in-house. This will help you establish how easy it would be to insource an IT component.

    4. Ability to attract resources (internal vs. outsourced)

    Determine if the capability is one that is easily sourced with full-time, internal staff or if it is a specialty skill that is best left for a third-party to source.

    Determine your sourcing model using these criteria

    5. Cost

    Consider the total cost (investment and ongoing costs) of the delivery of the IT component for each of the potential sourcing models for a component.

    6. Quality

    Define the potential impact on the quality of the IT component being sourced by the possible sourcing models.

    7. Compliance

    Determine whether the sourcing model would fit with regulations in your industry. For example, a healthcare provider would only go for a cloud option if that provider is HIPAA compliant.

    8. Security

    Identify the extent to which each sourcing option would leave your organization open to security threats.

    9. Flexibility

    Determine the extent to which the sourcing model will allow your organization to scale up or down as demand changes.

    2.3 Identify capabilities that could be outsourced

    1-3 hours

    1. For each of the capabilities that will be in your future-state operating model, determine if it could be outsourced. Review the sourcing criteria available on the previous slide to help inform which sourcing strategy you will use for each capability.
    2. When looking to outsource or co-source capabilities, consider why that capability would be outsourced:
    • Competitive Advantage – Work with a third-party organization for the knowledge, insights, and best practices they can bring to your organization.
    • Managed Service – The third party manages a capability or function for your organization.
    • Staff Augmentation – Your organization brings in contractors and third-party organizations to fill specific skills gaps.
  • Place an asterisk (*) around the capabilities that will be leveraging one of the three previous sourcing options.
  • InputOutput
    • Customized IT capabilities
    • Sourcing strategy for each IT capability
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership

    Record the results in the Organizational Design Workbook

    What is an operating model?

    Leverage a cohesive operating model throughout the organizational design process.

    An IT operating model sketch is a visual representation of the way your IT organization needs to be designed and the capabilities it requires to deliver on the business mission, strategic objectives, and technological ambitions. It ensures consistency of all elements in the organizational structure through a clear and coherent blueprint.

    The visual should be the optimization and alignment of the IT organization’s structure to deliver the capabilities required to achieve business goals. Additionally, it should clearly show the flow of work so that key stakeholders can understand where inputs flow in and outputs flow out of the IT organization. Investing time in the front end getting the operating model right is critical. This will give you a framework to rationalize future organizational changes, allowing you to be more iterative and your model to change as the business changes.

    The image contains an example of an operating model as described in the text above.

    Info-Tech Insight

    Every structure decision you make should be based on an identified need, not on a trend.Build your IT organization to enable the priorities of the organization.

    Each IT operating model is characterized by a variety of advantages and disadvantages

    Centralized

    Hybrid

    Decentralized

    Advantages
    • Maximum flexibility to allocate IT resources across business units.
    • Low-cost delivery model and greatest economies of scale.
    • Control and consistency offers opportunity for technological rationalization and standardization and volume purchasing at the highest degree.
    • Centralizes processes and services that require consistency across the organization.
    • Decentralizes processes and services that need to be responsive to local market conditions.
    • Eliminates duplication and redundancy by allowing effective use of common resources (e.g. shared services, standardization).
    • Goals are aligned to the distinct business units or functions.
    • Greater flexibility and more timely delivery of services.
    • Development resources are highly knowledgeable about business-unit-specific applications.
    • Business unit has greatest control over IT resources and can set and change priorities as needed.

    Disadvantages

    • Less able to respond quickly to local requirements with flexibility.
    • IT can be resistant to change and unwilling to address the unique needs of end users.
    • Business units can be frustrated by perception of lack of control over resources.
    • Development of special business knowledge can be limited.
    • Requires the most disciplined governance structure and the unwavering commitment of the business; therefore, it can be the most difficult to maintain.
    • Requires new processes as pooled resources must be staffed to approved projects.
    • Redundancies, conflicts, and incompatible technologies can result from business units having differentiated services and applications – increasing cost.
    • Ability to share IT resources is low due to lack of common approaches.
    • Lack of integration limits the communication of data between businesses and reduces common reporting.

    Decentralization can take many forms – define what it means to your organization

    Decentralization can take a number of different forms depending on the products the organization supports and how the organization is geographically distributed. Use the following set of explanations to understand the different types of decentralization possible and when they may make sense for supporting your organizational objectives.

    Line of Business

    Decentralization by lines of business (LoB) aligns decision making with business operating units based on related functions or value streams. Localized priorities focus the decision making from the CIO or IT leadership team. This form of decentralization is beneficial in settings where each line of business has a unique set of products or services that require specific expertise or flexible resourcing staffing between the teams.

    Product Line

    Decentralization by product line organizes your team into operationally aligned product families to improve delivery throughput, quality, and resource flexibility within the family. By adopting this approach, you create stable product teams with the right balance between flexibility and resource sharing. This reinforces value delivery and alignment to enterprise goals within the product lines.

    Geographical

    Geographical decentralization reflects a shift from centralized to regional influences. When teams are in different locations, they can experience a number of roadblocks to effective communication (e.g. time zones, regulatory differences in different countries) that may necessitate separating those groups in the organizational structure, so they have the autonomy needed to make critical decisions.

    Functional

    Functional decentralization allows the IT organization to be separated by specialty areas. Organizations structured by functional specialization can often be organized into shared service teams or centers of excellence whereby people are grouped based on their technical, domain, or functional area within IT (Applications, Data, Infrastructure, Security, etc.). This allows people to develop specialized knowledge and skills but can also reinforce silos between teams.

    2.4 Review and select a base operating model sketch

    1 hour

    1. Review the set of base operating model sketches available on the following slides.
    2. For each operating model sketch, there are benefits and risks to be considered. Make an informed selection by understanding the risks that your organization might be taking on by adopting that particular operating model.
    3. If at any point in the selection process the group is unsure about which operating model will be the right fit, refer back to your design principles established in activity 1.4. These should guide you in the selection of the right operating model and eliminate those which will not serve the organization.
    InputOutput
    • Organizational design principles
    • Customized list of IT capabilities
    • Operating model sketch examples
    • Selected operating model sketch
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership

    Record the results in the Organizational Design Workbook

    Centralized Operating Model #1: Plan-Build-Run

    I want to…

    • Establish a formalized governance process that takes direction from the organization on which initiatives should be prioritized by IT.
    • Ensure there is a clear separation between teams that are involved in strategic planning, building solutions, and delivering operational support.
    • Be able to plan long term by understanding the initiatives that are coming down the pipeline and aligning to an infrequent budgeting plan.

    BENEFITS

    • Effective at implementing long-term plans efficiently; separates maintenance and projects to allow each to have the appropriate focus.
    • More oversight over financials; better suited for fixed budgets.
    • Works across centralized technology domains to better align with the business’ strategic objectives – allows for a top-down approach to decision making.
    • Allows for economies of scale and expertise pooling to improve IT’s efficiency.
    • Well-suited for a project-driven environment that employs waterfall or a hybrid project management methodology that is less iterative.

    RISKS

    • Creates artificial silos between the build (developers) and run (operations staff) teams, as both teams focus on their own responsibilities and often fail to see the bigger picture.
    • Miss opportunities to deliver value to the organization or innovate due to an inability to support unpredictable/shifting project demands as decision making is centralized in the plan function.
    • The portfolio of initiatives being pursued is often determined before requirements analysis takes place, meaning the initiative might be solving the wrong need or problem.
    • Depends on strong hand-off processes to be defined and strong knowledge transfer from build to run functions in order to be successful.
    The image contains an example of a Centralized Operating Model: Plan-Build-Run.

    Centralized Operating Model #2: Demand-Develop-Service

    I want to…

    • Listen to the business to understand new initiatives or service enhancements being requested.
    • Enable development and operations to work together to seamlessly deliver in a DevOps culture.
    • Govern and confirm that initiatives being requested by the business are still aligned to IT’s overarching strategy and roadmap before prioritizing those initiatives.

    BENEFITS

    • Aligns well with an end-to-end services model; constant attention to customer demand and service supply.
    • Centralizes service operations under one functional area to serve shared needs across lines of business.
    • Allows for economies of scale and expertise pooling to improve IT’s efficiency.
    • Elevates sourcing and vendor management as its own strategic function; lends well to managed service and digital initiatives.
    • Development and operations housed together; lends well to DevOps-related initiatives and reduces the silos between these two core groups.

    RISKS

    • IT prioritizes the initiatives it thinks are a priority to the business based on how well it establishes good stakeholder relations and communications.
    • Depends on good governance to prevent enhancements and demands from being prioritized without approval from those with accountability and authority.
    • This model thrives in a DevOps culture but does not mean it ensures your organization is a “DevOps” organization. Be sure you're encouraging the right behaviors and attitudes.

    The image contains an example of a Centralized Operating Model: Demand, Develop, Service.

    Hybrid Operating Model #1: LOB/Functional Aligned

    I want to…

    • Better understand the various needs of the organization to align IT priorities and ensure the right services can be delivered.
    • Keep all IT decisions centralized to ensure they align with the overarching strategy and roadmap that IT has set.
    • Organize your shared services in a strategic manner that enables delivery of those services in a way that fits the culture of the organization and the desired method of operating.

    BENEFITS

    • Best of both worlds of centralization and decentralization; attempts to channel benefits from both centralized and decentralized models.
    • Embeds key IT functions that require business knowledge within functional areas, allowing for critical feedback and the ability to understand those business needs.
    • Places IT in a position to not just be “order takers” but to be more involved with the different business units and promote the value of IT.
    • Achieves economies of scale where necessary through the delivery of shared services that can be requested by the function.
    • Shared services can be organized to deliver in the best way that suits the organization.

    RISKS

    • Different business units may bypass governance to get their specific needs met by functions – to alleviate this, IT must have strong governance and prioritize amongst demand.
    • Decentralized role can be viewed as an order taker by the business if not properly embedded and matured.
    • No guaranteed synergy and integration across functions; requires strong communication, collaboration, and steering.
    • Cannot meet every business unit’s needs – can cause tension from varying effectiveness of the IT functions.

    The image contains an example of a Hybrid Operating Model: LOB/Functional Aligned.

    Hybrid Model #2: Product-Aligned Operating Model

    I want to…

    • Align my IT organization into core products (services) that IT provides to the organization and establish a relationship with those in the organization that have alignment to that product.
    • Have roles dedicated to the lifecycle of their product and ensure the product can continuously deliver value to the organization.
    • Maintain centralized set of standards as it applies to overall IT strategy, security, and architecture to ensure consistency across products and reduce silos.

    BENEFITS

    • Focus is on the full lifecycle of a product – takes a strategic view of how technology enables the organization.
    • Promotes centralized backlog around a specific value creator, rather than a traditional project focus that is more transactional.
    • Dedicated teams around the product family ensure you have all of the resources required to deliver on your product roadmap.
    • Reduces barriers between IT and business stakeholders; focuses on technology as a key strategic enabler.
    • Delivery is largely done through frequent releases that can deliver value.

    RISKS

    • If there is little or no business involvement, it could prevent IT from truly understanding business demand and prioritizing the wrong work.
    • A lack of formal governance can create silos between the IT products, causing duplication of efforts, missed opportunities for collaboration, and redundancies in application or vendor contracts.
    • Members of each product can interpret the definition of standards (e.g. architecture, security) differently.

    The image contains an example of the Hybrid Operating Model: Product-Aligned Operating Model.

    Hybrid Operating Model #3: Service-Aligned Operating Model

    I want to…

    • Decentralize the IT organization by the various IT services it offers to the organization while remaining centralized with IT strategy, governance, security and operational services.
    • Ensure IT services are defined and people resources are aligned to deliver on those services.
    • Enable each of IT’s services to have the autonomy to understand the business needs and be able to manage the operational and new project initiatives with a dedicated service owner or business relationship manager.

    BENEFITS

    • Strong enabler of agility as each service has the autonomy to make decisions around operational work versus project work based on their understanding of the business demand.
    • Individuals in similar roles that are decentralized across services are given coaching to provide common direction.
    • Allows teams to efficiently scale with service demand.
    • This is a structurally baseline DevOps model. Each group will have services built within that have their own dedicated teams that will handle the full gambit of responsibilities, from new features to enhancements and maintenance.

    RISKS

    • Service owners require a method to collaborate to avoid duplication of efforts or projects that conflict with the efforts of other IT services.
    • May result in excessive cost through role redundancies across different services, as each will focus on components like integration, stakeholder management, project management, and user experiences.
    • Silos cause a high degree of specialization, making it more difficult for team members to imagine moving to another defined service group, limiting potential career advancement opportunities.
    • The level of complex knowledge required by shared services (e.g. help desk) is often beyond what they can provide, causing them to rely on and escalate to defined service groups more than with other operating models.

    The image contains an example of the Hybrid Operating Model: Service-Aligned Operating Model.

    Decentralized Model: Division Decentralization (LoB, Geography, Function, Product)

    I want to…

    • Decentralize the IT organization to enable greater autonomy within specific groups that have differing customer demands and levels of support.
    • Maintain a standard level of service that can be provided by IT for all divisions.
    • Ensure each division has access to critical data and reports that supports informed decision making.

    BENEFITS

    • Organization around functions allows for diversity in approach in how areas are run to best serve a specific business unit’s needs.
    • Each functional line exists largely independently, with full capacity and control to deliver service at the committed SLAs.
    • Highly responsive to shifting needs and demands with direct connection to customers and all stages of the solution development lifecycle.
    • Accelerates decision making by delegating authority lower into the function.
    • Promotes a flatter organization with less hierarchy and more direct communication with the CIO.

    RISKS

    • Requires risk and security to be centralized and have oversight of each division to prevent the decisions of one division from negatively impacting other divisions or the enterprise.
    • Less synergy and integration across what different lines of business are doing can result in redundancies and unnecessary complexity.
    • Higher overall cost to the IT group due to role and technology duplication across different divisions.
    • It will be difficult to centralize aspects of IT in the future, as divisions adopt to a culture of IT autonomy.

    The image contains an example of the Decentralized Model: Division Decentralization.

    Enterprise Model: Multi-Modal

    I want to…

    • Have an organizational structure that leverages several different operating models based on the needs and requirements of the different divisions.
    • Provide autonomy and authority to the different divisions so they can make informed and necessary changes as they see fit without seeking approval from a centralized IT group.
    • Support the different initiatives the enterprise is focused on delivering and ensure the right model is adopted based on those initiatives.

    BENEFITS

    • Allows for the organization to work in ways that best support individual areas; for example, areas that support legacy systems can be supported through traditional operating models while areas that support digital transformations may be supported through more flexible operating models.
    • Enables a specialization of knowledge related to each division.

    RISKS

    • Inconsistency across the organization can lead to confusion on how the organization should operate.
    • Parts of the organization that work in more traditional operating models may feel limited in career growth and innovation.
    • Cross-division initiatives may require greater oversight and a method to enable operations between the different focus areas.

    The image contains an example of the Enterprise Model: Multi-Modal.

    Create enabling teams that bridge your divisions

    The following bridges might be necessary to augment your divisions:

    • Specialized augmentation: There might not be a sufficient number of resources to support each division. These teams will be leveraged across the divisions; this means that the capabilities needed for each division will exist in this bridge team, rather than in the division.
    • Centers of Excellence: Capabilities that exist within divisions can benefit from shared knowledge across the enterprise. Your organization might set up centers of excellence to support best practices in capabilities organization wide. These are Forums in the unfix model, or communities of practice and support capability development rather than deliveries of each division.
    • Facilitation teams might be required to support divisions through coaching. This might include Agile or other coaches who can help teams adopt practices and embed learnings.
    • Holistic teams provide an enterprise view as they work with various divisions. This can include capabilities like user experience, which can benefit from the holistic perspective rather than a siloed one. People with these capabilities augment the divisions on an as-needed basis.
    The image contains a diagram to demonstrate the use of bridges on divisions.

    2.5 Customize the selected sketch to reflect the desired future state

    1-3 hours

    1. Using the baseline operating model sketch, walk through each of the IT capabilities. Based on the outputs from activity 2.1:
      1. Remove any capabilities for which your IT organization is not responsible and/or accountable.
      2. Augment the language of specific capabilities that you feel are not directly reflective of what is being done within your organizational context or that you feel need to be changed to reflect more specifically how work is being done in your organization.
      3. Add any core capabilities from your organization that are missing from the provided IT capability list.
    2. Move capabilities to the right places in the operating model to reflect how each of the core IT processes should interact with one another.
    3. Add bridges as needed to support the divisions in your organization. Identify which capabilities will sit in these bridges and define how they will enable the operating model sketch to deliver.
    InputOutput
    • Selected base operating model sketch
    • Customized list of IT capabilities
    • Understanding of outsourcing and gaps
    • Customized operating model sketch
    MaterialsParticipants
    • Whiteboard/flip charts
    • Operating model sketch examples
    • CIO
    • IT Leadership

    Record the results in the Organizational Design Workbook

    Document the final operating model sketch in the Communications Deck

    Phase 3

    Formalize the Organizational Structure

    This phase will walk you through the following activities:

    3.1 Create work units

    3.2 Create work unit mandates

    3.3 Define roles inside the work units

    3.4 Finalize the organizational chart

    3.5 Identify and mitigate key risks

    This phase involves the following participants:

    • CIO
    • IT Leadership
    • Business Leadership

    Embed change management into the organizational design process

    Enable adoption of the new structure.

    You don’t have to make the change in one big bang. You can adopt alternative transition plans such as increments or pilots. This allows people to see the benefits of why you are undergoing the change, allows the change message to be repeated and applied to the individuals impacted, and provides people with time to understand their role in making the new organizational structure successful.

    “Transformational change can be invigorating for some employees but also highly disruptive and stressful for others.”

    Source: OpenStax, 2019

    Info-Tech Insight

    Without considering the individual impact of the new organizational structure on each of your employees, the change will undoubtedly fail in meeting its intended goals and your organization will likely fall back into old structured habits.

    Use a top-down approach to build your target-state IT organizational sketch

    The organizational sketch is the outline of the organization that encompasses the work units and depicts the relationships among them. It’s important that you create the structure that’s right for your organization, not one that simply fits with your current staff’s skills and knowledge. This is why Info-Tech encourages you to use your operating model as a mode of guidance for structuring your future-state organizational sketch.

    The organizational sketch is made up of unique work units. Work units are the foundational building blocks on which you will define the work that IT needs to get done. The number of work units you require and their names will not match your operating model one to one. Certain functional areas will need to be broken down into smaller work units to ensure appropriate leadership and span of control.

    Use your customized operating model to build your work units

    WHAT ARE WORK UNITS?

    A work unit is a functional group or division that has a discrete set of processes or capabilities that it is responsible for, which don’t overlap with any others. Your customized list of IT capabilities will form the building blocks of your work units. Step one in the process of building your structure is grouping IT capabilities together that are similar or that need to be done in concert in the case of more complex work products. The second step is to iterate on these work units based on the organizational design principles from Phase 1 to ensure that the future-state structure is aligned with enablement of the organization’s objectives.

    Work Unit Examples

    Here is a list of example work units you can use to brainstorm what your organization’s could look like. Some of these overlap in functionality but should provide a strong starting point and hint at some potential alternatives to your current way of organizing.

    • Office of the CIO
    • Strategy and Architecture
    • Architecture and Design
    • Business Relationship Management
    • Projection and Portfolio Management
    • Solution Development
    • Solution Delivery
    • DevOps
    • Infrastructure and Operations
    • Enterprise Information Security
    • Security, Risk & Compliance
    • Data and Analytics

    Example of work units

    The image contains an example of work units.

    3.1 Create functional work units

    1-3 hours

    1. Using a whiteboard or large tabletop, list each capability from your operating model on a sticky note and recreate your operating model. Use one color for centralized activities and a second color for decentralized activities.
    2. With the group of key IT stakeholders, review the operating model and any important definitions and rationale for decisions made.
    3. Starting with your centralized capabilities, review each in turn and begin to form logical groups of compatible capabilities. Review the decentralized capabilities and repeat the process, writing additional sticky notes for capabilities that will be repeated in decentralized units.
    4. Note: Not all capabilities need to be grouped. If you believe that a capability has a high enough priority, has a lot of work, or is significantly divergent from others put this capability by itself.
    5. Define a working title for each new work unit, and discuss the pros and cons of the model. Ensure the work units still align with the operating model and make any changes to the operating model needed.
    6. Review your design principles and ensure that they are aligned with your new work units.
    InputOutput
    • Organizational business objectives
    • Customized operating model
    • Defined work units
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    Group formation

    Understand the impact of the functional groups you create.

    A group consists of two or more individuals who are working toward a common goal. Group formation is how those individuals are organized to deliver on that common goal. It should take into consideration the levels of hierarchy in your structure, the level of focus you give to processes, and where power is dispersed within your organizational design.

    Importance: Balance highly important capabilities with lower priority capabilities

    Specialization: The scope of each role will be influenced by specialized knowledge and a dedicated leader

    Effectiveness: Group capabilities that increase their efficacy

    Span of Control: Identify the right number of employees reporting to a single leader

    Choose the degree of specialization required

    Be mindful of the number of hats you’re placing on any one role.

    • Specialization exists when individuals in an organization are dedicated to performing specific tasks associated with a common goal and requiring a particular skill set. Aligning the competencies required to carry out the specific tasks based on the degree of complexity associated with those tasks ensures the right people and number of people can be assigned.
    • When people are organized by their specialties, it reduces the likelihood of task switching, reduces the time spent training or cross-training, and increases the focus employees can provide to their dedicated area of specialty.
    • There are disadvantages associated with aligning teams by their specialization, such as becoming bored and seeing the tasks they are performing as monotonous. Specialization doesn’t come without its problems. Monitor employee motivation

    Info-Tech Insight

    Smaller organizations will require less specialization simply out of necessity. To function and deliver on critical processes, some people might be asked to wear several hats.

    Avoid overloading the cognitive capacity of employees

    Cognitive load refers to the number of responsibilities that one can successfully take on.

    • When employees are assigned an appropriate number of responsibilities this leads to:
      • Engaged employees
      • Less task switching
      • Increased effectiveness on assigned responsibilities
      • Reduced bottlenecks
    • While this cognitive load can differ from employee to employee, when assigning role responsibilities, ensure each role isn’t being overburdened and spreading their focus thin.
    • Moreover, capable does not equal successful. Just because someone has the capability to take on more responsibilities doesn’t mean they will be successful.
    • Leverage the cognitive load being placed on your team to help create boundaries between teams and demonstrate clear role expectations.
    Source: IT Revolution, 2021

    Info-Tech Insight

    When you say you are looking for a team that is a “jack of all trades,” you are likely exceeding appropriate cognitive loads for your staff and losing productivity to task switching.

    Factors to consider for span of control

    Too many and too few direct reports have negative impacts on the organization.

    Complexity: More complex work should have fewer direct reports. This often means the leader will need to provide lots of support, even engaging in the work directly at times.

    Demand: Dynamic shifts in demand require more managerial involvement and therefore should have a smaller span of control. Especially if this demand is to support a 24/7 operation.

    Competency Level: Skilled employees should require less hands-on assistance and will be in a better position to support the business as a member of a larger team than those who are new to the role.

    Purpose: Strategic leaders are less involved in the day-to-day operations of their teams, while operational leaders tend to provide hands-on support, specifically when short-staffed.

    Group formation will influence communication structure

    Pick your poison…

    It’s important to understand the impacts that team design has on your services and products. The solutions that a team is capable of producing is highly dependent on how teams are structured. For example, Conway’s Law tells us that small distributed software delivery teams are more likely to produce modular service architecture, where large collocated teams are better able to create monolithic architecture. This doesn’t just apply to software delivery but also other products and services that IT creates. Note that small distributed teams are not the only way to produce quality products as they can create their own silos.

    Sources: Forbes, 2017

    Create mandates for each of your identified work units

    WHAT ARE WORK UNIT MANDATES?

    The work unit mandate should provide a quick overview of the work unit and be clear enough that any reader can understand why the work unit exists, what it does, and what it is accountable for.

    Each work unit will have a unique mandate. Each mandate should be distinguishable enough from your other work units to make it clear why the work is grouped in this specific way, rather than an alternative option. The mandate will vary by organization based on the agreed upon work units, design archetype, and priorities.

    Don’t just adopt an example mandate from another organization or continue use of the organization’s pre-existing mandate – take the time to ensure it accurately depicts what that group is doing so that its value-added activities are clear to the larger organization.

    Examples of Work Unit Mandates

    The Office of the CIO will be a strategic enabler of the IT organization, driving IT organizational performance through improved IT management and governance. A central priority of the Office of the CIO is to ensure that IT is able to respond to evolving environments and challenges through strategic foresight and a centralized view of what is best for the organization.

    The Project Management Office will provide standardized and effective project management practices across the IT landscape, including an identified project management methodology, tools and resources, project prioritization, and all steps from project initiation through to evaluation, as well as education and development for project managers across IT.

    The Solutions Development Group will be responsible for the high-quality development and delivery of new solutions and improvements and the production of customized business reports. Through this function, IT will have improved agility to respond to new initiatives and will be able to deliver high-quality services and insights in a consistent manner.

    3.2 Create work unit mandates

    1-3 hours

    1. Break into teams of three to four people and assign an equal number of work units to each team.
    2. Have each team create a set of statements that describe the overall purpose of that working group. Each mandate statement should:
    • Be clear enough that any reader can understand.
    • Explain why the work unit exists, what it does, and what it is accountable for.
    • Be distinguishable enough from your other work units to make it clear why the work is grouped in this specific way, rather than an alternative option.
  • Have each group present their work unit mandates and make changes wherever necessary.
  • InputOutput
    • Work units
    • Work unit mandates
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    Identify the key roles and responsibilities for the target IT organization

    Now that you have identified the main units of work in the target IT organization, it is time to identify the roles that will perform that work. At the end of this step, the key roles will be identified, the purpose statement will be built, and accountability and responsibility for roles will be clearly defined. Make sure that accountability for each task is assigned to one role only. If there are challenges with a role, change the role to address them (e.g. split roles or shift responsibilities).

    The image contains an example of two work units: Enterprise Architecture and PMO. It then lists the roles of the two work units.

    Info-Tech Insight

    Do not bias your role design by focusing on your existing staff’s competencies. If you begin to focus on your existing team members, you run the risk of artificially narrowing the scope of work or skewing the responsibilities of individuals based on the way it is, rather than the way it should be.

    3.3 Define roles inside the work units

    1-3 hours

    1. Select a work unit from the organizational sketch.
    2. Describe the most senior role in that work unit by asking, “what would the leader of this group be accountable or responsible for?” Define this role and move the capabilities they will be accountable for under that leader. Repeat this activity for the capabilities this leader would be responsible for.
    3. Continue to define each role that will be required in that work unit to deliver or provide oversight related to those capabilities.
    4. Continue until key roles are identified and the capabilities each role will be accountable or responsible for are clarified.
    5. Remember, only one role can have accountability for each capability but several can have responsibility.
    6. For each role, use the list of capabilities that the position will be accountable, responsible, or accountable and responsible for to create a job description. Leverage your own internal job descriptions or visit our Job Descriptions page.
    InputOutput
    • Work units
    • Work unit mandates
    • Responsibilities
    • Accountabilities
    • Roles with clarified responsibilities and accountabilities
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    Delivery model for product or solution development

    Can add additional complexity or clarity

    • Certain organizational structures will require a specific type of resourcing model to meet expectations and deliver on the development or sustainment of core products and solutions.
    • There are four common methods that we see in IT organizations:
      • Functional Roles: Completed work is handed off from functional team to functional team sequentially as outlined in the organization’s SDLC.
      • Shared Service & Resource Pools (Matrix): Resources are pulled whenever the work requires specific skills or pushed to areas where product demand is high.
      • Product or System: Work is directly sent to the teams who are directly managing the product or directly supporting the requestor.
      • Skills & Competencies: Work is directly sent to the teams who have the IT and business skills and competencies to complete the work.
    • Each of these will lead to a difference in how the functional team is skilled. They could have a great understanding of their customer, the product, the solution, or their service.

    Info-Tech Insight

    Despite popular belief, there is no such thing as the Spotify model, and organizations that structured themselves based on the original Spotify drawing might be missing out on key opportunities to obtain productivity from employees.

    Sources: Indeed, 2020; Agility Scales

    There can be different patterns to structure and resource your product delivery teams

    The primary goal of any product delivery team is to improve the delivery of value for customers and the business based on your product definition and each product’s demand. Each organization will have different priorities and constraints, so your team structure may take on a combination of patterns or may take on one pattern and then transform into another.

    Delivery Team Structure Patterns

    How Are Resources and Work Allocated?

    Functional Roles

    Teams are divided by functional responsibilities (e.g. developers, testers, business analysts, operations, help desk) and arranged according to their placement in the software development lifecycle (SDLC).

    Completed work is handed off from team to team sequentially as outlined in the organization’s SDLC.

    Shared Service and Resource Pools

    Teams are created by pulling the necessary resources from pools (e.g. developers, testers, business analysts, operations, help desk).

    Resources are pulled whenever the work requires specific skills or pushed to areas where product demand is high.

    Product or System

    Teams are dedicated to the development, support, and management of specific products or systems.

    Work is directly sent to the teams who are directly managing the product or directly supporting the requester.

    Skills and Competencies

    Teams are grouped based on skills and competencies related to technology (e.g. Java, mobile, web) or familiarity with business capabilities (e.g. HR, Finance).

    Work is directly sent to the teams who have the IT and business skills and competencies to complete the work.

    Delivery teams will be structured according to resource and development needs

    Functional Roles

    Shared Service and Resource Pools

    Product or System

    Skills and Competencies

    When your people are specialists versus having cross-functional skills

    Leveraged when specialists such as Security or Operations will not have full-time work on the product

    When you have people with cross-functional skills who can self-organize around a product’s needs

    When you have a significant investment in a specific technology stack

    The image contains a diagram of functional roles.The image contains a diagram of shared service and resource pools.The image contains a diagram of product or system.The image contains a diagram of skills and competencies.

    For more information about delivering in a product operating model, refer to our Deliver Digital Products at Scale blueprint.

    3.4 Finalize the organizational chart

    1-3 hours

    1. Import each of your work units and the target-state roles that were identified for each.
    2. In the place of the name of each work unit in your organizational sketch, replace the work unit name with the prospective role name for the leader of that group.
    3. Under each of the leadership roles, import the names of team members that were part of each respective work unit.
    4. Validate the final structure as a group to ensure each of the work units includes all the necessary roles and responsibilities and that there is clear delineation of accountabilities between the work units.

    Input

    Output

    • Work units
    • Work unit mandates
    • Roles with accountabilities and responsibilities
    • Finalized organizational chart

    Materials

    Participants

    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook & Executive Communications Deck

    Proactively consider and mitigate redesign risks

    Every organizational structure will include certain risks that should have been considered and accepted when choosing the base operating model sketch. Now that the final organizational structure has been created, consider if those risks were mitigated by the final organizational structure that was created. For those risks that weren’t mitigated, have a tactic to control risks that remain present.

    3.5 Identify and mitigate key risks

    1-3 hours

    1. For each of the operating model sketch options, there are specific risks that should have been considered when selecting that model.
    2. Take those risks and transfer them into the correct slide of the Organizational Design Workbook.
    3. Consider if there are additional risks that need to be considered with the new organizational structure based on the customizations made.
    4. For each risk, rank the severity of that risk on a scale of low, medium, or high.
    5. Determine one or more mitigation tactic(s) for each of the risks identified. This tactic should reduce the likelihood or impact of the risk event happening.
    InputOutput
    • Final organizational structure
    • Operating model sketch benefits and risks
    • Redesign risk mitigation plan
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    Phase 4

    Plan for Implementation & Change

    This phase will walk you through the following activities:

    4.1 Select a transition plan

    4.2 Establish the change communication messages

    4.3 Be consistent with a standard set of FAQs

    4.4 Define org. redesign resistors

    4.5 Create a sustainment plan

    This phase involves the following participants:

    • CIO
    • IT Leadership
    • Business Leadership
    • HR Business Partners

    All changes require change management

    Change management is:

    Managing a change that requires replanning and reorganizing and that causes people to feel like they have lost control over aspects of their jobs.

    – Padar et al., 2017
    People Process Technology

    Embedding change management into organizational design

    PREPARE A

    Awareness: Establish the need for organizational redesign and ensure this is communicated well.

    This blueprint is mostly focused on the prepare and transition components.

    D

    Desire: Ensure the new structure is something people are seeking and will lead to individual benefits for all.

    TRANSITION K

    Knowledge: Provide stakeholders with the tools and resources to function in their new roles and reporting structure.

    A

    Ability: Support employees through the implementation and into new roles or teams.

    FUTURE R

    Reinforcement: Emphasize and reward positive behaviors and attitudes related to the new organizational structure.

    Implementing the new organizational structure

    Implementing the organizational structure can be the most difficult part of the process.

    • To succeed in the process, consider creating an implementation plan that adequately considers these five components.
    • Each of these are critical to supporting the final organizational structure that was established during the redesign process.

    Implementation Plan

    Transition Plan: Identify the appropriate approach to making the transition, and ensure the transition plan works within the context of the business.

    Communication Strategy: Create a method to ensure consistent, clear, and concise information can be provided to all relevant stakeholders.

    Plan to Address Resistance: Given that not everyone will be happy to move forward with the new organizational changes, ensure you have a method to hear feedback and demonstrate concerns have been heard.

    Employee Development Plan: Provide employees with tools, resources, and the ability to demonstrate these new competencies as they adjust to their new roles.

    Monitor and Sustain the Change: Establish metrics that inform if the implementation of the new organizational structure was successful and reinforce positive behaviors.

    Define the type of change the organizational structure will be

    As a result, your organization must adopt OCM practices to better support the acceptance and longevity of the changes being pursued.

    Incremental Change

    Transformational Change

    Organizational change management is highly recommended and beneficial for projects that require people to:

    • Adopt new tools and workflows.
    • Learn new skills.
    • Comply with new policies and procedures.
    • Stop using old tools and workflows.

    Organizational change management is required for projects that require people to:

    • Move into different roles, reporting structures, and career paths.
    • Embrace new responsibilities, goals, reward systems, and values.
    • Grow out of old habits, ideas, and behaviors.
    • Lose stature in the organization.

    Info-Tech Insight

    How you transition to the new organizational structure can be heavily influenced by HR. This is the time to be including them and leveraging their expertise to support the transition “how.”

    Transition Plan Options

    Description

    Pros

    Cons

    Example

    Big Bang Change

    Change that needs to happen immediately – “ripping the bandage off.”

    • It puts an immediate stop to the current way of operating.
    • Occurs quickly.
    • More risky.
    • People may not buy into the change immediately.
    • May not receive the training needed to adjust to the change.

    A tsunami in Japan stopped all imports and exports. Auto manufacturers were unable to get parts shipped and had to immediately find an alternative supplier.

    Incremental Change

    The change can be rolled out slower, in phases.

    • Can ensure that people are bought in along the way through the change process, allowing time to adjust and align with the change.
    • There is time to ensure training takes place.
    • It can be a timely process.
    • If the change is dragged on for too long (over several years) the environment may change and the rationale and desired outcome for the change may no longer be relevant.

    A change in technology, such as HRIS, might be rolled out one application at a time to ensure that people have time to learn and adjust to the new system.

    Pilot Change

    The change is rolled out for only a select group, to test and determine if it is suitable to roll out to all impacted stakeholders.

    • Able to test the success of the change initiative and the implementation process.
    • Able to make corrections before rolling it out wider, to aid a smooth change.
    • Use the pilot group as an example of successful change.
    • Able to gain buy-in and create change champions from the pilot group who have experienced it and see the benefits.
    • Able to prevent an inappropriate change from impacting the entire organization.
    • Lengthy process.
    • Takes time to ensure the change has been fully worked through.

    A retail store is implementing a new incentive plan to increase product sales. They will pilot the new incentive plan at select stores, before rolling it out broadly.

    4.1 Select a transition plan approach

    1-3 hours

    1. List each of the changes required to move from your current structure to the new structure. Consider:
      1. Changes in reporting structure
      2. Hiring new members
      3. Eliminating positions
      4. Developing key competencies for staff
    2. Once you’ve defined all the changes required, consider the three different transition plan approaches: big bang, incremental, and pilot. Each of the transition plan approaches will have drawbacks and benefits. Use the list of changes to inform the best approach.
    3. If you are proceeding with the incremental or the pilot, determine the order in which you will proceed with the changes or the groups that will pilot the new structure first.
    InputOutput
    • Customized operating model sketch
    • New org. chart
    • Current org. chart
    • List of changes to move from current to future state
    • Transition plan to support changes
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • HR Business Partners

    Record the results in the Organizational Design Workbook

    Make a plan to effectively manage and communicate the change

    Success of your new organizational structure hinges on adequate preparation and effective communication.

    The top challenge facing organizations in completing the organizational redesign is their organizational culture and acceptance of change. Effective planning for the implementation and communication throughout the change is pivotal. Make sure you understand how the change will impact staff and create tailored plans for communication.

    65% of managers believe the organizational change is effective when provided with frequent and clear communication.

    Source: SHRM, 2021

    Communicate reasons for organizational structure changes and how they will be implemented

    Leaders of successful change spend considerable time developing a powerful change message, i.e. a compelling narrative that articulates the desired end state, and that makes the change concrete and meaningful to staff.

    The organizational change message should:

    • Explain why the change is needed.
    • Summarize what will stay the same.
    • Highlight what will be left behind.
    • Emphasize what is being changed.
    • Explain how change will be implemented.
    • Address how change will affect various roles in the organization.
    • Discuss the staff’s role in making the change successful.

    Five elements of communicating change

    • What is the change?
    • Why are we doing it?
    • How are we going to go about it?
    • How long will it take us to do it?
    • What will the role be for each department and individual?
    Source: Cornelius & Associates, 2010

    4.2 Establish the change communication messages

    2 hours

    1. The purpose of this activity is to establish a change communication message you can leverage when talking to stakeholders about the new organizational structure.
    2. Review the questions in the Organizational Design Workbook.
    3. Establish a clear message around the expected changes that will have to take place to help realize the new organizational structure.
    InputOutput
    • Customized operating model sketch
    • New org. chart
    • Current org. chart
    • List of changes
    • Transition plan
    • Change communication message for new organizational structure
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    Apply the following communication principles to make your IT organization redesign changes relevant to stakeholders

    Be Clear

    • Say what you mean and mean what you say.
    • Choice of language is important: “Do you think this is a good idea? I think we could really benefit from your insights and experience here.” Or do you mean: “I think we should do this. I need you to do this to make it happen.”
    • Don’t use jargon.

    Be Consistent

    • The core message must be consistent regardless of audience, channel, or medium.
    • Test your communication with your team or colleagues to obtain feedback before delivering to a broader audience.
    • A lack of consistency can be interpreted as an attempt at deception. This can hurt credibility and trust.

    Be Concise

    • Keep communication short and to the point so key messages are not lost in the noise.
    • There is a risk of diluting your key message if you include too many other details.

    Be Relevant

    • Talk about what matters to the stakeholder.
    • Talk about what matters to the initiative.
    • Tailor the details of the message to each stakeholder’s specific concerns.
    • IT thinks in processes but stakeholders only care about results: talk in terms of results.
    • IT wants to be understood but this does not matter to stakeholders. Think: “what’s in it for them?”
    • Communicate truthfully; do not make false promises or hide bad news.

    Frequently asked questions (FAQs) provide a chance to anticipate concerns and address them

    As a starting point for building an IT organizational design implementation, look at implementing an FAQ that will address the following:

    • The what, who, when, why, and where
    • The transition process
    • What discussions should be held with clients in business units
    • HR-centric questions

    Questions to consider answering:

    • What is the objective of the IT organization?
    • What are the primary changes to the IT organization?
    • What does the new organizational structure look like?
    • What are the benefits to our IT staff and to our business partners?
    • How will the IT management team share new information with me?
    • What is my role during the transition?
    • What impact is there to my reporting relationship within my department?
    • What are the key dates I should know about?

    4.3 Be consistent with a standard set of FAQs

    1 hour

    1. Beyond the completed communications plans, brainstorm a list of answers to the key “whats” of your organizational design initiative:
    • What is the objective of the IT organization?
    • What are the primary changes to the IT organization?
    • What does the new organizational structure look like?
    • What are the benefits to our IT staff and to our business partners?
  • Think about any key questions that may rise around the transition:
    • How will the IT management team share new information with me?
    • What is my role during the transition?
    • What impact is there to my reporting relationship within my department?
    • What are the key dates I should know about?
  • Determine the best means of socializing this information. If you have an internal wiki or knowledge-sharing platform, this would be a useful place to host the information.
  • InputOutput
    • Driver(s) for the new organizational structure
    • List of changes to move from current to future state
    • Change communication message
    • FAQs to provide to staff about the organizational design changes
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    The change reaction model

    The image contains a picture of the change reaction model. The model includes a double arrow pointing in both directions of left and right. On top of the arrow are 4 circles spread out on the arrow. They are labelled: Active Resistance, Detachment, Questioning, Acceptance.

    (Adapted from Cynthia Wittig)

    Info-Tech Insight

    People resist changes for many reasons. When it comes to organizational redesign changes, some of the most common reasons people resist change include a lack of understanding, a lack of involvement in the process, and fear.

    Include employees in the employee development planning process

    Prioritize

    Assess employee to determine competency levels and interests.

    Draft

    Employee drafts development goals; manager reviews.

    Select

    Manager helps with selection of development activities.

    Check In

    Manager provides ongoing check-ins, coaching, and feedback.

    Consider core and supplementary components that will sustain the new organizational structure

    Supplementary sustainment components:

    • Tools & Resources
    • Structure
    • Skills
    • Work Environment
    • Tasks
    • Disincentives

    Core sustainment components:

    • Empowerment
    • Measurement
    • Leadership
    • Communication
    • Incentives

    Sustainment Plan

    Sustain the change by following through with stakeholders, gathering feedback, and ensuring that the change rationale and impacts are clearly understood. Failure to so increases the potential that the change initiative will fail or be a painful experience and cost the organization in terms of loss of productivity or increase in turnover rates.

    Support sustainment with clear measurements

    • Measurement is one of the most important components of monitoring and sustaining the new organizational structure as it provides insight into where the change is succeeding and where further support should be added.
    • There should be two different types of measurements:
    1. Standard Change Management Metrics
    2. Organizational Redesign Metrics
  • When gathering data around metrics, consider other forms of measurement (qualitative) that can provide insights on opportunities to enhance the success of the organizational redesign change.
    1. Every measurement should be rooted to a goal. Many of the goals related to organizational design will be founded in the driver of this change initiative
    2. Once the goals have been defined, create one or more measurements that determines if the goal was successful.
    3. Use specific key performance indicators (KPIs) that contain a metric that is being measured and the frequency of that measurement.

    Info-Tech Insight

    Obtaining qualitative feedback from employees, customers, and business partners can provide insight into where the new organizational structure is operating optimally versus where there are further adjustments that could be made to support the change.

    4.4 Consider sustainment metrics

    1 hour

    1. Establish metrics that bring the entire process together and that will ensure the new organizational design is a success.
    2. Go back to your driver(s) for the organizational redesign. Use these drivers to help inform a particular measurement that can be used to determine if the new organizational design will be successful. Each measurement should be related to the positive benefits of the organization, an individual, or the change itself.
    3. Once you have a list of measurements, use these to determine the specific KPI that can be qualified through a metric. Often you are looking for an increase or decrease of a particular measurement by a dollar or percentage within a set time frame.
    4. Use the example metrics in the workbook and update them to reflect your organization’s drivers.
    InputOutput
    • Driver(s) for the new organizational structure
    • List of changes to move from current to future state
    • Change communication message
    • Sustainment metrics
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    Related Info-Tech Research

    Build a Strategic IT Workforce Plan

    • Continue into the second phase of the organizational redesign process by defining the required workforce to deliver.
    • Leveraging trends, data, and feedback from your employees, define the competencies needed to deliver on the defined roles.

    Implement a New IT Organizational Structure

    • Organizational design implementations can be highly disruptive for IT staff and business partners.
    • Without a structured approach, IT leaders may experience high turnover, decreased productivity, and resistance to the change.

    Define the Role of Project Management in Agile and Product-Centric Delivery

    • There are many voices with different opinions on the role of project management. This causes confusion and unnecessary churn.
    • Project management and product management naturally align to different time horizons. Harmonizing their viewpoints can take significant work.

    Research Contributors and Experts

    The image contains a picture of Jardena London.

    Jardena London

    Transformation Catalyst, Rosetta Technology Group

    The image contains a picture of Jodie Goulden.

    Jodie Goulden

    Consultant | Founder, OrgDesign Works

    The image contains a picture of Shan Pretheshan.

    Shan Pretheshan

    Director, SUPA-IT Consulting

    The image contains a picture of Chris Briley.

    Chris Briley

    CIO, Manning & Napier

    The image contains a picture of Dean Meyer.

    Dean Meyer

    President N. Dean Meyer and Associates Inc.

    The image contains a picture of Jimmy Williams.

    Jimmy Williams

    CIO, Chocktaw Nation of Oklahoma

    Info-Tech Research Group

    Cole Cioran, Managing Partner

    Dana Daher, Research Director

    Hans Eckman, Principal Research Director

    Ugbad Farah, Research Director

    Ari Glaizel, Practice Lead

    Valence Howden, Principal Research Director

    Youssef Kamar, Senior Manager, Consulting

    Carlene McCubbin, Practice Lead

    Baird Miller, Executive Counsellor

    Josh Mori, Research Director

    Rajesh Parab, Research Director

    Gary Rietz, Executive Counsellor

    Bibliography

    “A Cheat Sheet for HR Professionals: The Organizational Development Process.” AIHR, 2021. Web.

    Acharya, Ashwin, Roni Lieber, Lissa Seem, and Tom Welchman. “How to identify the right ‘spans of control’ for your organization.” McKinsey, 21 December 2017. Web.

    Anand. N., and Jean-Louis Barsoux. “What everyone gets wrong about change management. Harvard Business Review, December 2017. Web.

    Atiken, Chris. “Operating model design-first principles.” From Here On, 24 August 2018. Web.

    “Avoid common digital transformation challenges: Address your IT Operating Model Now.” Sofigate, 5 May 2020. Web.

    Baumann, Oliver, and Brian Wu. “The many dimensions of research on designing flat firms.” Journal of Organizational Design, no. 3, vol. 4. 09 May 2022.Web.

    Bertha, Michael. “Cross the project to product chasm.” CIO, 1 May 2020. Web.

    Blenko, Marcia, and James Root. “Design Principles for a Robust Operating Model.” Bain & Company, 8 April 2015. Web.

    Blenko, Marcia, Leslie Mackrell, and Kevin Rosenberg. “Operating models: How non-profits get from strategy to results.” The Bridge Span Group, 15 August 2019. Web.

    Boulton, Clint. “PVH finds perfect fit in hybrid IT operating model amid pandemic.” CIO, 19 July 2021. Web.

    Boulton, Clint. “Why digital disruption leaves no room for bimodal IT.” CIO, 11 May 2017. Web.

    Bright, David, et al. “Chapter 10: Organizational Structure & Change.” Principles of Management, OpenStax, Rice University, 20 March 2019. Book.

    Campbell, Andrew. “Design Principles: How to manage them.” Ashridge Operating Models. 1 January 2022. Web.

    D., Maria. “3 Types of IT Outsourcing Models and How to Choose Between Them.” Cleveroad, 29 April 2022. Web.

    Devaney, Eric. “9 Types of Organizational Structure Every Company Should Consider.” HubSpot, 11 February 2022. Web.

    Devaney, Erik. “The six building blocks of organizational structure.” Hubspot, 3 June 2020. Web.

    Eisenman, M., S. Paruchuri, and P. Puranam. “The design of emergence in organizations.” Journal of Organization Design, vol. 9, 2020. Web.

    Forbes Business Development Council. “15 Clear Signs It’s Time to Restructure the Business.” Forbes, 10 February 2020. Web.

    Freed, Joseph. “Why Cognitive Load Could Be The Most Important Employee Experience Metric In The Next 10 Years.” Forbes, 30 June 2020. Web.

    Galibraith, Jay. “The Star Model.” JayGalbraith.com, n.d. Web.

    Girod, Stéphane, and Samina Karim. “Restructure or reconfigure?” Harvard Business Review, April 2017. Web.

    Goldman, Sharon. “The need for a new IT Operating Model: Why now?” CIO, 27 August 2019. Web.

    Halapeth, Milind. “New age IT Operating Model: Creating harmony between the old and the new.” Wirpo, n.d. Web.

    Harvey, Michelle. “Why a common operating model is efficient for business productivity.” CMC, 10 May 2020. Web.

    Helfand, Heidi. “Dynamic Reteaming.” O’Reilly Media, 7 July 2020. Book.

    JHeller, Martha. “How Microsoft CIO Jim DuBois changed the IT Operating Model.” CIO, 2 February 2016. Web.

    Heller, Martha. “How Stryker IT Shifted to a global operating model.” CIO, 19 May 2021. Web.

    Heller, Michelle. “Inside blue Shields of California’s IT operating model overhaul.” CIO, 24 February 2021. Web.

    Hessing, Ted. “Value Stream Mapping.” Six Sigma Study Guide, 11 April 2014. Web.

    Huber, George, P. “What is Organization Design.” Organizational Design Community, n.d. Web.

    Indeed Editorial Team. “5 Advantages and Disadvantages of the Matrix Organizational Structure.” Indeed, 23 November 2020. Web.

    Indeed Editorial Team. “How to plan an effective organization restructure.” Indeed, 10 June 2021. Web.

    “Insourcing vs Outsourcing vs Co-Sourcing.” YML Group, n.d. Web.

    “Investing in more strategic roles.” CAPS Research, 3 February 2022. Web.

    Jain, Gagan. “Product IT Operating Model: The next-gen model for a digital work.” DevOps, 22 July 2019. Web.

    Kane, Gerald, D. Plamer, and Anh Phillips. “Accelerating Digital Innovation Inside and Out.” Deloitte Insights, 4 June 2019. Web.

    Krush, Alesia. “IT companies with ‘flat’ structures: utopia or innovative approach?” Object Style, 18 October 2018. Web.

    Law, Michael. “Adaptive Design: Increasing Customer Value in Your Organisation.” Business Agility Institute, 5 October 2020. Web.

    LucidContent Team. “How to get buy-in for changes to your organizational structure.” Lucid Chart, n.d. Web.

    Matthews, Paul. “Do you know the difference between competence and capability?” The People Development Magazine, 25 September 2020. Web.

    Meyer, Dean N. “Analysis: Common symptoms of organizational structure problems.” NDMA, n.d. Web.

    Meyer, N. Dean. “Principle-based Organizational Structure.” NDMA Publishing, 2020. Web.

    Morales Pedraza, Jorge. Answer to posting, “What is the relationship between structure and strategy?” ResearchGate.net, 5 March 2014. Web.

    Nanjad, Len. “Five non-negotiables for effective organization design change.” MNP, 01 October 2021. Web.

    Neilson, Gary, Jaime Estupiñán, and Bhushan Sethi. “10 Principles of Organizational Design.” Strategy & Business, 23 March 2015. Web.

    Nicastro, Dom. “Understanding the Foundational Concepts of Organizational Design.” Reworked, 24 September 2020. Web.

    Obwegeser, Nikolaus, Tomoko Yokoi, Michael Wade, and Tom Voskes. “7 Key Principles to Govern Digital Initiatives.” MIT Sloan, 1 April 2020. Web.

    “Operating Models and Tools.” Business Technology Standard, 23 February 2021. Web.

    “Organizational Design Agility: Journey to a combined community.” ODF-BAI How Space, Organizational Design Forum, 2022. Web.

    “Organizational Design: Understanding and getting started.” Ingentis, 20 January 2021. Web.

    Padar, Katalin, et al. “Bringing project and change management roles into sync.” Journal of Change Management, 2017. Web.

    Partridge, Chris. “Evolve your Operating Model- It will drive everything.” CIO, 30 July 2021. Web.

    Pijnacker, Lieke. “HR Analytics: role clarity impacts performance.” Effectory, 25 September 2019. Web.

    Pressgrove, Jed. “Centralized vs. Federated: Breaking down IT Structures.” Government Technology, March 2020. Web.

    Sherman, Fraser. “Differences between Organizational Structure and Design.” Bizfluent, 20 September 2019. Web.

    Skelton, Matthew, and Manual Pais. “Team Cognitive Load.” IT Revolution, 19 January 2021. Web.

    Skelton, Matthew, and Manual Pais. Team Topologies. IT Revolution Press, 19 September 2019. Book

    Spencer, Janet, and Michael Watkins. “Why organizational change fails.” TLNT, 26 November 2019. Web.

    Storbakken, Mandy. “The Cloud Operating Model.” VMware, 27 January 2020. Web.

    "The Qualities of Leadership: Leading Change.” Cornelius & Associates, 2010. Web.

    “Understanding Organizational Structures.” SHRM, 31 August 2021. Web.

    "unfix Pattern: Base.” AgilityScales, n.d. Web.

    Walker, Alex. “Half-Life: Alyx helped change Valve’s Approach to Development.” Kotaku, 10 July 2020. Web.

    "Why Change Management.” Prosci, n.d. Web.

    Wittig, Cynthia. “Employees' Reactions to Organizational Change.” OD Practioner, vol. 44, no. 2, 2012. Web.

    Woods, Dan. “How Platforms are neutralizing Conway’s Law.” Forbes, 15 August 2017. Web.

    Worren, Nicolay, Jeroen van Bree, and William Zybach. “Organization Design Challenges. Results from a practitioner survey.” Journal of Organizational Design, vol. 8, 25 July 2019. Web.

    Appendix

    IT Culture Framework

    This framework leverages McLean & Company’s adaptation of Quinn and Rohrbaugh’s Competing Values Approach.

    The image contains a diagram of the IT Culture Framework. The framework is divided into four sections: Competitive, Innovative, Traditional, and Cooperative, each with their own list of descriptors.

    Measure and Manage Customer Satisfaction Metrics That Matter the Most

    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Lack of understanding of what is truly driving customer satisfaction or dissatisfaction.
    • Lack of insight into who our satisfied and dissatisfied customers are.
    • Lack of a system for early detection of declines in satisfaction.
    • Lack of clarity on what to improve and how resources should be allocated.

    Our Advice

    Critical Insight

    • All software companies measure satisfaction in some way, but many lack understanding of what’s truly driving customers to stay or leave. By understanding the true drivers of satisfaction, solution providers can measure and monitor satisfaction more effectively, pull actionable insights and feedback, and make changes to products and services that customers really care about and will keep them coming back to you to have their needs met.
    • Obstacles:
      • Use of metrics that don’t provide the insight needed to make impactful changes that will boost satisfaction and ultimately, retention and profit.
      • Lack of a clear definition of what satisfaction means to customers, metric definitions and/or standard methods of measurement, and a consistent monitoring cadence.

    Impact and Result

    • Understanding of who your satisfied and dissatisfied customers are.
    • Understanding of the true drivers of satisfaction and dissatisfaction among your customer segments.
    • Establishment of a repeatable process and cadence for effective satisfaction measurement and monitoring.
    • Development of an executable customer satisfaction improvement plan that identifies customer journey pain points and areas of dissatisfaction, and outlines how to improve them.
    • Knowledge of where money, time, and other resources are needed most to improve satisfaction levels and ultimately increase retention.

    Measure and Manage Customer Satisfaction Metrics That Matter the Most Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Measure and Manage the Customer Satisfaction Metrics that Matter the Most Deck – An overview of how to understand what drives customer satisfaction and how to measure and manage it for improved business outcomes.

    Understand the true drivers of customer satisfaction and build a process for managing and improving customer satisfaction.

    [infographic]

    Further reading

    Measure and Manage the Customer Satisfaction Metrics that Matter the Most

    Understand what truly keeps your customer satisfied. Start to measure what matters to improve customer experience and increase satisfaction and advocacy. 

    EXECUTIVE BRIEF

    Analyst perspective

    Understanding and measuring the true drivers of satisfaction enable the delivery of real customer value

    The image contains a picture of Emily Wright.

    “Healthy customer relationships are the paramount to long-term growth. When customers are satisfied, they remain loyal, spend more, and promote your company to others in their network. The key to high satisfaction is understanding and measuring the true drivers of satisfaction to enable the delivery of real customer value.

    Most companies believe they know who their satisfied customers are and what keeps them satisfied, and 76% of B2B buyers expect that providers understand their unique needs (Salesforce Research, 2020). However, on average B2B companies have customer experience scores of less than 50% (McKinsey, 2016). This disconnect between customer expectations and provider experience indicates that businesses are not effectively measuring and monitoring satisfaction and therefore are not making meaningful enhancements to their service, offerings, and overall experience.

    By focusing on the underlying drivers of customer satisfaction, organizations develop a truly accurate picture of what is driving deep satisfaction and loyalty, ensuring that their company will achieve sustainable growth and stay competitive in a highly competitive market.”

    Emily Wright

    Senior Research Analyst, Advisory

    SoftwareReviews

    Executive summary

    Your Challenge

    Common Obstacles

    SoftwareReviews’ Approach

    Getting a truly accurate picture of satisfaction levels among customers, and where to focus efforts to improve satisfaction, is challenging. Providers often find themselves reacting to customer challenges and being blindsided when customers leave. More effective customer satisfaction measurement is possible when providers self-assess for the following challenges:

    • Lack of understanding of what is truly driving customer satisfaction or dissatisfaction.
    • Lack of insight into who our satisfied and dissatisfied customers are.
    • Lack of a system for early detection of declines in satisfaction.
    • Lack of clarity of what needs to be improved and how resources should be allocated.
    • Lack of reliable internal data for effective customer satisfaction monitoring.

    What separates customer success leaders from developing a full view of their customers are several nagging obstacles:

    • Use of metrics that don’t provide the insight needed to make impactful changes that will boost satisfaction and ultimately, retention and profit.
    • Friction from customers participating in customer satisfaction studies.
    • Lack of data, or integrated databases from which to track, pull, and analyze customer satisfaction data.
    • Lack a clear definition of what satisfaction means to customers, metric definitions, and/or standard methods of measurement and a consistent monitoring cadence.
    • Lack of time, resources, or technology to uncover and effectively measure and monitor satisfaction drivers.

    Through the SoftwareReviews’ approach, customer success leaders will:

    • Understand who your satisfied and dissatisfied customers are.
    • Understand the true drivers of satisfaction and dissatisfaction among your customer segments.
    • Establish a repeatable process and cadence for effective satisfaction measurement and monitoring.
    • Develop an executable customer satisfaction improvement plan that identifies customer journey pain points and areas of dissatisfaction, and outlines how to improve them.
    • Know where money, time, and resources are needed most to improve satisfaction levels and ultimately retention.

    Overarching SoftwareReviews Advisory Insight:

    All companies measure satisfaction in some way, but many lack understanding of what’s truly driving customers to stay or leave. By understanding the true drivers of satisfaction, solution providers can measure and monitor satisfaction more effectively, pull actionable insights and feedback, and make changes to products and services that customers really care about. This will keep them coming back to you to have their needs met.

    Healthy Customer Relationships are vital for long-term success and growth

    Measuring customer satisfaction is critical to understanding the overall health of your customer relationships and driving growth.

    Through effective customer satisfaction measurement, organizations can:

    Improve Customer Experience

    Increase Retention and CLV

    Increase Profitability

    Reduce Costs

    • Provide insight into where and how to improve.
    • Enhance experience, increase loyalty.
    • By providing strong CX, organizations can increase revenue by 10-15% (McKinsey, 2014).
    • Far easier to retain existing customers than to acquire new ones.
    • Ensuring high satisfaction among customers increases Customer Lifetime Value (CLV) through longer tenure and higher spending.
    • NPS Promoter score has a customer lifetime value that's 600%-1,400% higher than a Detractor (Bain & Company, 2015).
    • Highly satisfied customers spend more through expansions and add-ons, as well as through their long tenure with your company.
    • They also spread positive word of mouth, which brings in new customers.
    • “Studies demonstrate a strong correlation between customer satisfaction and increased profits — with companies with high customer satisfaction reporting 5.7 times more revenue than competitors.” (Matthew Loper, CEO and Co-Founder of WELLTH, 2022)
    • Measuring, monitoring, and maintaining high satisfaction levels reduces costs across the board.
    • “Providing a high-quality customer experience can save up to 33% of customer service costs” (Deloitte, 2018).
    • Satisfied customers are more likely to spread positive word of mouth which reduces acquisition / marketing costs for your company.

    “Measuring customer satisfaction is vital for growth in any organization; it provides insights into what works and offers opportunities for optimization. Customer satisfaction is essential for improving loyalty rate, reducing costs and retaining your customers.”

    -Ken Brisco, NICE, 2019

    Poor customer satisfaction measurement is costly

    Virtually all companies measure customer satisfaction, but few truly do it well. All too often, customer satisfaction measurement consists of a set of vanity metrics that do not result in actionable insight for product/service improvement. Improper measurement can result in numerous consequences:

    Direct and Indirect Costs

    Being unaware of true drivers of satisfaction that are never remedied costs your business directly through customer churn, service costs, etc.

    Tarnished Brand

    Tarnished brand through not resolving issues drives dissatisfaction; dissatisfied customers share their negative experiences, which can damage brand image and reputation.

    Waste Limited Resources

    Putting limited resources towards vanity programs and/or fixes that have little to no bearing on core satisfaction drivers wastes time and money.

    “When customer dissatisfaction goes unnoticed, it can slowly kill a company. Because of the intangible nature of customer dissatisfaction, managers regularly underestimate the magnitude of customer dissatisfaction and its impact on the bottom line.”

    - Lakshmiu Tatikonda, “The Hidden Costs of Customer Dissatisfaction”, 2013

    SoftwareReviews Advisory Insight:

    Most companies struggle to understand what’s truly driving customers to stay or leave. By understanding the true satisfaction drivers, tech providers can measure and monitor satisfaction more effectively, avoiding the numerous harmful consequences that result from average customer satisfaction measurement.

    Does your customer satisfaction measurement process need improvement?

    Getting an accurate picture of customer satisfaction is no easy task. Struggling with any of the following means you are ready for a detailed review of your customer satisfaction measurement efforts:

    • Not knowing who your most satisfied customers are.
    • Lacking early detection for declining satisfaction – either reactive, or unaware of dissatisfaction as it’s occurring.
    • Lacking a process for monitoring changes in satisfaction and lack ability to be proactive; you feel blindsided when customers leave.
    • Inability to fix the problem and wasting money on the wrong areas, like vanity metrics that don’t bring value to customers.
    • Spending money and other resources towards fixes based on a gut feeling, without quantifying the real root cause drivers and investing in their improvement.
    • Having metrics and data but lacking context; don’t know what contributed to the metrics/results, why people are dissatisfied or what contributes to satisfaction.
    • Lacking clear definition of what satisfaction means to customers / customer segments.
    • Difficulty tying satisfaction back to financial results.

    Customers are more satisfied with software vendors who understand the difference between surface level and short-term satisfaction, and deep or long-term satisfaction

    Surface-level satisfaction

    Surface-level satisfaction has immediate effects, but they are usually short-term or limited to certain groups of users. There are several factors that contribute to satisfaction including:

    • Novelty of new software
    • Ease of implementation
    • Financial savings
    • Breadth of features

    Software Leaders Drive Deep Satisfaction

    Deep satisfaction has long-term and meaningful impacts on the way that organizations work. Deep satisfaction has staying power and increases or maintains satisfaction over time, by reducing complexity and delivering exceptional quality for end-users and IT alike. This report found that the following capabilities provided the deepest levels of satisfaction:

    • Usability and intuitiveness
    • Quality of features
    • Ease of customization
    • Vendor-specific capabilities

    The above solve issues that are part of everyday problems, and each drives satisfaction in deep and meaningful ways. While surface-level satisfaction is important, deep and impactful capabilities can sustain satisfaction for a longer time.

    Deep Customer Satisfaction Among Software Buyers Correlates Highly to “Emotional Attributes”

    Vendor Capabilities and Product Features remain significant but are not the primary drivers

    The image contains a graph to demonstrate a correlation to Satisfaction, all Software Categories.
    Source: SoftwareReviews buyer reviews (based on 82,560 unique reviews).

    Driving deep satisfaction among software customers vs. surface-level measures is key

    Vendor capabilities and product features correlate significantly to buyer satisfaction

    Yet, it’s the emotional attributes – what we call the “Emotional Footprint”, that correlate more strongly

    Business-Value Created and Emotional Attributes are what drives software customer satisfaction the most

    The image contains a screenshot of a graph to demonstrate Software Buyer Satisfaction Drivers and Emotional Attributes are what drives software customer satisfaction.

    Software companies looking to improve customer satisfaction will focus on business value created and the Emotional Footprint attributes outlined here.

    The essential ingredient is understanding how each is defined by your customers.

    Leaders focus on driving improvements as described by customers.

    SoftwareReviews Insight:

    These true drivers of satisfaction should be considered in your customer satisfaction measurement and monitoring efforts. The experience customers have with your product and brand is what will differentiate your brand from competitors, and ultimately, power business growth. Talk to a SoftwareReviews Advisor to learn how users rate your product on these satisfaction drivers in the SoftwareReviews Emotional Footprint Report.

    Benefits of Effective Customer Satisfaction Measurement

    Our research provides Customer Success leaders with the following key benefits:

    • Ability to know who is satisfied, dissatisfied, and why.
    • Confidence in how to understand or uncover the factors behind customer satisfaction; understand and identify factors driving satisfaction, dissatisfaction.
    • Ability to develop a clear plan for improving customer satisfaction.
    • Knowledge of how to establish a repeatable process for customer satisfaction measurement and monitoring that allows for proactivity when declines in satisfaction are detected.
    • Understanding of what metrics to use, how to measure them, and where to find the right information/data.
    • Knowledge of where money, time, and other resources are needed most to drive tangible customer value.

    “81% of organizations cite CX as a competitive differentiator. The top factor driving digital transformation is improving CX […] with companies reporting benefits associated with improving CX including:

    • Increased customer loyalty (92%)
    • An uplift in revenue (84%)
    • Cost savings (79%).”

    – Dan Cote, “Advocacy Blooms and Business Booms When Customers and Employees Engage”, Influitive, 2021

    The image contains a screenshot of a thought model that focuses on Measure & Manage the Customer Satisfaction Metrics That Matter the Most.

    Who benefits from improving the measurement and monitoring of customer satisfaction?

    This Research Is Designed for:

    • Customer Success leaders and marketers who are:
      • Responsible for understanding how to benchmark, measure, and understand customer satisfaction to improve satisfaction, NPS, and ROI.
      • Looking to take a more proactive and structured approach to customer satisfaction measurement and monitoring.
      • Looking for a more effective and accurate way to measure and understand how to improve customer satisfaction around products and services.

    This Research Will Help You:

    • Understand the factors driving satisfaction and dissatisfaction.
    • Know which customers are satisfied/dissatisfied.
    • Know where time, money, and resources are needed the most in order to improve or maintain satisfaction levels.
    • Develop a formal plan to improve customer satisfaction.
    • Establish a repeatable process for customer satisfaction measurement and monitoring that allows for proactivity when declines in satisfaction are detected.

    This Research Will Also Assist:

    • Customer Success Leaders, Marketing and Sales Directors and Managers, Product Marketing Managers, and Advocacy Managers/Coordinators who are responsible for:
      • Product improvements and enhancements
      • Customer service and onboarding
      • Customer advocacy programs
      • Referral/VoC programs

    This Research Will Help Them:

    • Coordinate and align on customer experience efforts and actions.
    • Gather and make use of customer feedback to improve products, solutions, and services provided.
    • Provide an amazing customer experience throughout the entirety of the customer journey.

    SoftwareReviews’ methodology for measuring the customer satisfaction metrics that matter the most

    1. Identify true customer satisfaction drivers

    2. Develop metrics dashboard

    3. Develop customer satisfaction measurement and management plan

    Phase Steps

    1. Identify data sources, documenting any gaps in data
    2. Analyze all relevant data on customer experiences and outcomes
    3. Document top satisfaction drivers
    1. Identify business goals, problems to be solved / define business challenges and marketing/customer success goals
    2. Use SR diagnostic to assess current state of satisfaction measurement, assessing metric alignment to satisfaction drivers
    3. Define your metrics dashboard
    4. Develop common metric definitions, language for discussing, and standards for measuring customer satisfaction
    1. Determine committee structure to measure performance metrics over time
    2. Map out gaps in satisfaction along customer journey/common points in journey where customers are least dissatisfied
    3. Build plan that identifies weak areas and shows how to fix using SR’s emotional footprint, other measures
    4. Create plan and roadmap for CSat improvement
    5. Create communication deck

    Phase Outcomes

    1. Documented satisfaction drivers
    2. Documented data sources and gaps in data
    1. Current state customer satisfaction measurement analysis
    2. Common metric definitions and measurement standards
    3. Metrics dashboard
    1. Customer satisfaction measurement plan
    2. Customer satisfaction improvement plan
    3. Customer journey maps
    4. Customer satisfaction improvement communication deck
    5. Customer Satisfaction Committee created

    Insight summary

    Understanding and measuring the true drivers of satisfaction enable the delivery of real customer value

    All software companies measure satisfaction in some way, but many lack understanding of what’s truly driving customers to stay or leave. By understanding the true drivers of satisfaction, solution providers can measure and monitor satisfaction more effectively, pull actionable insights and feedback, and make changes to products and services that customers really care about and which will keep them coming back to you to have their needs met.

    Positive experiences drive satisfaction more so than features and cost

    According to our analysis of software buyer reviews data*, the biggest drivers of satisfaction and likeliness to recommend are the positive experiences customers have with vendors and their products. Customers want to feel that:

    1. Their productivity and performance is enhanced, and the vendor is helping them innovate and grow as a company.
    2. Their vendor inspires them and helps them to continually improve.
    3. They can rely on the vendor and the product they purchased.
    4. They are respected by the vendor.
    5. They can trust that the vendor will be on their side and save them time.
    *8 million data points across all software categories

    Measure Key Relationship KPIs to gauge satisfaction

    Key metrics to track include the Business Value Created score, Net Emotional Footprint, and the Love/Hate score (the strength of emotional connection).

    Orient the organization around customer experience excellence

    1. Arrange staff incentives around customer value instead of metrics that are unrelated to satisfaction.
    2. Embed customer experience as a core company value and integrate it into all functions.
    3. Make working with your organization easy and seamless for customers.

    Have a designated committee for customer satisfaction measurement

    Best in class organizations create customer satisfaction committees that meet regularly to measure and monitor customer satisfaction, resolve issues quickly, and work towards improved customer experience and profit outcomes.

    Use metrics that align to top satisfaction drivers

    This will give you a more accurate and fulsome view of customer satisfaction than standard satisfaction metrics alone will.

    Guided Implementation

    What is our GI on measuring and managing the customer satisfaction metrics that matter most?

    Identify True Customer Satisfaction Drivers

    Develop Metrics Dashboard Develop Customer Satisfaction Measurement and Management Plan

    Call #1: Discuss current pain points and barriers to successful customer satisfaction measurement, monitoring and maintenance. Plan next call – 1 week.

    Call #2: Discuss all available data, noting any gaps. Develop plan to fill gaps, discuss feasibility and timelines. Plan next call – 1 week.

    Call #3: Walk through SoftwareReviews reports to understand EF and satisfaction drivers. Plan next call – 3 days.

    Call #4: Segment customers and document key satisfaction drivers. Plan next call – 2 week.

    Call #5: Document business goals and align them to metrics. Plan next call – 1 week.

    Call #6: Complete the SoftwareReviews satisfaction measurement diagnostic. Plan next call – 3 days.

    Call #7: Score list of metrics that align to satisfaction drivers. Plan next call – 2 days.

    Call #8: Develop metrics dashboard and definitions. Plan next call – 2 weeks.

    Call #9: Finalize metrics dashboard and definitions. Plan next call – 1 week.

    Call #10: Discuss committee and determine governance. Plan next call – 2 weeks.

    Call #11: Map out gaps in satisfaction along customer journey as they relate to top satisfaction drivers. Plan next call –2 weeks.

    Call #12: Develop plan and roadmap for satisfaction improvement. Plan next call – 1 week.

    Call #13: Finalize plan and roadmap. Plan next call – 1 week.

    Call # 14: Review and coach on communication deck.

    A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization.

    For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst.

    Your engagement managers will work with you to schedule analyst calls.

    Software Reviews offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
    Included within Advisory Membership Optional add-ons

    Bibliography

    “Are you experienced?” Bain & Company, Apr. 2015. Accessed 6 June. 2022.

    Brisco, Ken. “Measuring Customer Satisfaction and Why It’s So Important.” NICE, Feb. 2019. Accessed 6 June. 2022.

    CMO.com Team. “The Customer Experience Management Mandate.” Adobe Experience Cloud Blog, July 2019. Accessed 14 June. 2022.

    Cote, Dan. “Advocacy Blooms and Business Booms When Customers and Employees Engage.” Influitive, Dec. 2021. Accessed 15 June. 2022.

    Fanderl, Harald and Perrey, Jesko. “Best of both worlds: Customer experience for more revenues and lower costs.” McKinsey & Company, Apr. 2014. Accessed 15 June. 2022.

    Gallemard, Jeremy. “Why – And How – Should Customer Satisfaction Be Measured?” Smart Tribune, Feb. 2020. Accessed 6 June. 2022.

    Kumar, Swagata. “Customer Success Statistics in 2021.” Customer Success Box, 2021. Accessed 17 June. 2022.

    Lakshmiu Tatikonda, “The Hidden Costs of Customer Dissatisfaction”, Management Accounting Quarterly, vol. 14, no. 3, 2013, pp 38. Accessed 17 June. 2022.

    Loper, Matthew. “Why ‘Customer Satisfaction’ Misses the Mark – And What to Measure Instead.” Newsweek, Jan. 2022. Accessed 16 June. 2022.

    Maechler, Nicolas, et al. “Improving the business-to-business customer experience.” McKinsey & Company, Mar. 2016. Accessed 16 June.

    “New Research from Dimension Data Reveals Uncomfortable CX Truths.” CISION PR Newswire, Apr. 2017. Accessed 7 June. 2022.

    Sheth, Rohan. 75 Must-Know Customer Experience Statistics to move Your Business Forward in 2022.” SmartKarrot, Feb. 2022. Accessed 17 June. 2022.

    Smith, Mercer. “111 Customer Service Statistics and Facts You Shouldn’t Ignore.” HelpScout, May 2022. Accessed 17 June. 2022.

    “State of the Connected Customer.” Salesforce, 2020. Accessed 14 June. 2022

    “The true value of customer experiences.” Deloitte, 2018. Accessed 15 June. 2022.

    Align Projects With the IT Change Lifecycle

    • Buy Link or Shortcode: {j2store}464|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Coordinate IT change and project management to successfully push changes to production.
    • Manage representation of project management within the scope of the change lifecycle to gather requirements, properly approve and implement changes, and resolve incidents that arise from failed implementations.
    • Communicate effectively between change management, project management, and the business.

    Our Advice

    Critical Insight

    Improvement can be incremental. You do not have to adopt every recommended improvement right away. Ensure every process change you make will create value and slowly add improvements to ease buy-in.

    Impact and Result

    • Establish pre-set touchpoints between IT change management and project management at strategic points in the change and project lifecycles.
    • Include appropriate project representation at the change advisory board (CAB).
    • Leverage standard change resources such as the change calendar and request for change form (RFC).

    Align Projects With the IT Change Lifecycle Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Align Projects With the IT Change Lifecycle Deck – A guide to walk through integrating project touchpoints in the IT change management lifecycle.

    Use this storyboard as a guide to align projects with your IT change management lifecycle.

    • Align Projects With the IT Change Lifecycle Storyboard

    2. The Change Management SOP – This template will ensure that organizations have a comprehensive document in place that can act as a point of reference for the program.

    Use this SOP as a template to document and maintain your change management practice.

    • Change Management Standard Operating Procedure
    [infographic]

    Further reading

    Align Projects With the IT Change Lifecycle

    Increase the success of your changes by integrating project touchpoints in the change lifecycle.

    Analyst Perspective

    Focus on frequent and transparent communications between the project team and change management.

    Benedict Chang

    Misalignment between IT change management and project management leads to headaches for both practices. Project managers should aim to be represented in the change advisory board (CAB) to ensure their projects are prioritized and scheduled appropriately. Advanced notice on project progress allows for fewer last-minute accommodations at implementation. Widespread access of the change calendar can also lead project management to effectively schedule projects to give change management advanced notice.

    Moreover, alignment between the two practices at intake allows for requests to be properly sorted, whether they enter change management directly or are governed as a project.

    Lastly, standardizing implementation and post-implementation across everyone involved ensures more successful changes and socialized/documented lessons learned for when implementations do not go well.

    Benedict Chang
    Senior Research Analyst, Infrastructure and Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    To align projects with the change lifecycle, IT leaders must:

    • Coordinate IT change and project management to successfully push changes to production.
    • Manage representation of project management within the scope of the change lifecycle to gather requirements, properly approve and implement changes, and resolve incidents that arise from failed implementations.
    • Communicate effectively between change management, project management, and the business.

    Loose definitions may work for clear-cut examples of changes and projects at intake, but grey-area requests end up falling through the cracks.

    Changes to project scope, when not communicated, often leads to scheduling conflicts at go-live.

    Too few checkpoints between change and project management can lead to conflicts. Too many checkpoints can lead to delays.

    Set up touchpoints between IT change management and project management at strategic points in the change and project lifecycles.

    Include appropriate project representation at the change advisory board (CAB).

    Leverage standard change resources such as the change calendar and request for change form (RFC).

    Info-Tech Insight

    Improvement can be incremental. You do not have to adopt every recommended improvement right away. Ensure every process change you make will create value, and slowly add improvements to ease buy-in.

    Info-Tech’s approach

    Use the change lifecycle to identify touchpoints.

    The image contains a screenshot of Info-Tech's approach.

    The Info-Tech difference:

    1. Start with your change lifecycle to define how change control can align with project management.
    2. Make improvements to project-change alignment to benefit the relationship between the two practices and the practices individually.
    3. Scope the alignment to your organization. Take on the improvements to the left one by one instead of overhauling your current process.

    Use this research to improve your current process

    This deck is intended to align established processes. If you are just starting to build IT change processes, see the related research below.

    Align Projects With the IT Change Lifecycle

    02 Optimize IT Project Intake, Approval, and Prioritization

    01 Optimize IT Change Management

    Increase the success of your changes by integrating project touchpoints in your change lifecycle.

    (You are here)

    Decide which IT projects to approve and when to start them.

    Right-size IT change management to protect the live environment.

    Successful change management will provide benefits to both the business and IT

    Respond to business requests faster while reducing the number of change-related disruptions.

    IT Benefits

    Business Benefits

    • Fewer incidents and outages at project go-live
    • Upfront identification of project and change requirements
    • Higher rate of change and project success
    • Less rework
    • Fewer service desk calls related to failed go-lives
    • Fewer service disruptions
    • Faster response to requests for new and enhanced functionalities
    • Higher rate of benefits realization when changes are implemented
    • Lower cost per change
    • Fewer “surprise” changes disrupting productivity

    IT satisfaction with change management will drive business satisfaction with IT. Once the process is working efficiently, staff will be more motivated to adhere to the process, reducing the number of unauthorized changes. As fewer changes bypass proper evaluation and testing, service disruptions will decrease and business satisfaction will increase.

    Change management improves core benefits to the business: the four Cs

    Most organizations have at least some form of change control in place, but formalizing change management leads to the four Cs of business benefits:

    Control

    Collaboration

    Consistency

    Confidence

    Change management brings daily control over the IT environment, allowing you to review every relatively new change, eliminate changes that would have likely failed, and review all changes to improve the IT environment.

    Change management planning brings increased communication and collaboration across groups by coordinating changes with business activities. The CAB brings a more formalized and centralized communication method for IT.

    Request-for-change templates and a structured process result in implementation, test, and backout plans being more consistent. Implementing processes for pre-approved changes also ensures these frequent changes are executed consistently and efficiently.

    Change management processes will give your organization more confidence through more accurate planning, improved execution of changes, less failure, and more control over the IT environment. This also leads to greater protection against audits.

    1. Alignment at intake

    Define what is a change and what is a project.

    Both changes and projects will end up in change control in the end. Here, we define the intake.

    Changes and projects will both go to change control when ready to go live. However, defining the governance needed at intake is critical.

    A change should be governed by change control from beginning to end. It would typically be less than a week’s worth of work for a SME to build and come in at a nominal cost (e.g. <$20k over operating costs).

    Projects on the other hand, will be governed by project management in terms of scope, scheduling, resourcing, etc. Projects typically take over a week and/or cost more. However, the project, when ready to go live, should still be scheduled through change control to avoid any conflicts at implementation. At triage and intake, a project can be further scoped based on projected scale.

    This initial touchpoint between change control and project management is crucial to ensure tasks and request are executed with the proper governance. To distinguish between changes and projects at intake, list examples of each and determine what resourcing separates changes from projects.

    Need help scoping projects? Download the Project Intake Classification Matrix

    Change

    Project

    • Smaller scale task that typically takes a short time to build and test
    • Generates a single change request
    • Governed by IT Change Management for the entire lifecycle
    • Larger in scope
    • May generate multiple change requests
    • Governed by PMO
    • Longer to build and test

    Info-Tech Insight

    While effort and cost are good indicators of changes and projects, consider evaluating risk and complexity too.

    1 Define what constitutes a change

    1. As a group, brainstorm examples of changes and projects. If you wish, you may choose to also separate out additional request types such as service requests (user), operational tasks (backend), and releases.
    2. Have each participant write the examples on sticky notes and populate the following chart on the whiteboard/flip chart.
    3. Use the examples to draw lines and determine what defines each category.
    • What makes a change distinct from a project?
    • What makes a change distinct from a service request?
    • What makes a change distinct from an operational task?
    • When do the category workflows cross over with other categories? (For example, when does a project interact with change management?
  • Record the definitions of requests and results in section 2.3 of the Change Management Standard Operating Procedure (SOP).
  • Change

    Project

    Service Request (Optional)

    Operational Task (Optional)

    Release (Optional)

    Changing Configuration

    New ERP

    Add new user

    Delete temp files

    Software release

    Download the Change Management Standard Operating Procedure (SOP).

    Input Output
    • List of examples of each category of the chart
    • Definitions for each category to be used at change intake
    Materials Participants
    • Whiteboard/flip charts (or shared screen if working remotely)
    • Service catalog (if applicable)
    • Sticky notes
    • Markers/pens
    • Change Management SOP
    • Change Manager
    • Project Managers
    • Members of the Change Advisory Board

    2. Alignment at build and test

    Keep communications open by pre-defining and communicating project milestones.

    CAB touchpoints

    Consistently communicate the plan and timeline for hitting these milestones so CAB can prioritize and plan changes around it. This will give change control advanced notice of altered timelines.

    RFCs

    Projects may have multiple associated RFCs. Keeping CAB appraised of the project RFC or RFCs gives them the ability to further plan changes.

    Change Calendar

    Query and fill the change calendar with project timelines and milestones to compliment the CAB touchpoints.

    Leverage the RFC to record and communicate project details

    The request for change (RFC) form does not have to be a burden to fill out. If designed with value in mind, it can be leveraged to set standards on all changes (from projects and otherwise).

    When looking at the RFC during the Build and Test phase of a project, prioritize the following fields to ensure the implementation will be successful from a technical and user-adoption point of view.

    Filling these fields of the RFC and communicating them to the CAB at go-live approval gives the approvers confidence that the project will be implemented successfully and measures are known for when that implementation is not successful.

    Download the Request for Change Form Template

    Communication Plan

    The project may be successful from a technical point of view, but if users do not know about go-live or how to interact with the project, it will ultimately fail.

    Training Plan

    If necessary, think of how to train different stakeholders on the project go-live. This includes training for end users interacting with the project and technicians supporting the project.

    Implementation Plan

    Write the implementation plan at a high enough level that gives the CAB confidence that the implementation team knows the steps well.

    Rollback Plan

    Having a well-formulated rollback plan gives the CAB the confidence that the impact of the project is well known and the impact to the business is limited even if the implementation does not go well.

    Provide clear definitions of what goes on the change calendar and who’s responsible

    Inputs

    • Freeze periods for individual business departments/applications (e.g. finance month-end periods, HR payroll cycle, etc. – all to be investigated)
    • Maintenance windows and planned outage periods
    • Project schedules, and upcoming major/medium changes
    • Holidays
    • Business hours (some departments work 9-5, others work different hours or in different time zones, and user acceptance testing may require business users to be available)

    Guidelines

    • Business-defined freeze periods are the top priority.
    • No major or medium normal changes should occur during the week between Christmas and New Year’s Day.
    • Vendor SLA support hours are the preferred time for implementing changes.
    • The vacation calendar for IT will be considered for major changes.
    • Change priority: High > Medium > Low.
    • Minor changes and preapproved changes have the same priority and will be decided on a case-by-case basis.

    Roles

    • The Change Manager will be responsible for creating and maintaining a change calendar.
    • Only the Change Manager can physically alter the calendar by adding a new change after the CAB has agreed upon a deployment date.
    • All other CAB members, IT support staff, and other impacted stakeholders should have access to the calendar on a read-only basis to prevent people from making unauthorized changes to deployment dates.

    Info-Tech Insight

    Make the calendar visible to as many parties as necessary. However, limit the number of personnel who can make active changes to the calendar to limit calendar conflicts.

    3. Alignment at approval

    How can project management effectively contribute to CAB?

    As optional CAB members

    Project SMEs may attend when projects are ready to go live and when invited by the change manager. Optional members provide details on change cross-dependencies, high-level testing, rollback, communication plans, etc. to inform prioritization and scheduling decisions.

    As project management representatives

    Project management should also attend CAB meetings to report in on changes to ongoing projects, implementation timelines, and project milestones. Projects are typically high-priority changes when going live due to their impact. Advanced notice of timeline and milestone changes allow the rest of the CAB to properly manage other changes going into production.

    As core CAB members

    The core responsibilities of CAB must still be fulfilled:

    1. Protect the live environment from poorly assessed, tested, and implemented changes.

    2. Prioritize changes in a way that fairly reflects change impact, urgency, and likelihood.

    3. Schedule deployments in a way the minimizes conflict and disruption.

    If you need to define the authority and responsibilities of the CAB, see Activity 2.1.3 of the Optimize IT Change Management blueprint.

    4. Alignment at implementation

    At this stage, the project or project phase is treated as any other change.

    Verification

    Once the change has been implemented, verify that all requirements are fulfilled.

    Review

    Ensure all affected systems and applications are operating as predicted.

    Update change ticket and change log

    Update RFC status and CMDB as well (if necessary).

    Transition

    Once the change implementation is complete, it’s imperative that the team involved inform and train the operational and support groups.

    If you need to define transitioning changes to production, download Transition Projects to the Service Desk

    5. Alignment at post-implementation

    Tackle the most neglected portion of change management to avoid making the same mistake twice.

    1. Define RFC statuses that need a PIR
    2. Conduct PIRs for failed changes. Successful changes can simply be noted and transitioned to operations.

    3. Conduct a PIR for every failed change
    4. It’s best to perform a PIR once a change-related incident is resolved.

    5. Avoid making the same mistake twice
    6. Include a root-cause analysis, mitigation actions/timeline, and lessons learned in the documentation.

    7. Report to CAB
    8. Socialize the findings of the PIR at the subsequent CAB meeting.

    9. Circle back on previous PIRs
    10. If a similar change is conducted, append the related PIR to avoid the same mistakes.

    Info-Tech Insight

    Include your PIR documentation right in the RFC for easy reference.

    Download the RFC template for more details on post-implementation reviews

    2 Implement your alignments stepwise

    1. As a group, decide on which implementations you need to make to align change management and project management.
    2. For each improvement, list a timeline for implementation.
    3. Update section 3.5 in the Change Management Standard Operating Procedure (SOP). to outline the responsibilities of project management within IT Change Management.

    The image contains a screenshot of the Change Management SOP

    Download the Change Management Standard Operating Procedure (SOP).

    Input Output
    • This deck
    • SOP update
    Materials Participants
    • Whiteboard/flip charts (or shared screen if working remotely)
    • Service catalog (if applicable)
    • Sticky notes
    • Markers/pens
    • Change Management SOP
    • Change Manager
    • Project Managers
    • Members of the Change Advisory Board

    Related Info-Tech Research

    Optimize IT Change Management

    Right-size IT change management to protect the live environment.

    Optimize IT Project Intake, Approval, and Prioritization

    Decide which IT projects to approve and when to start them.

    Maintain an Organized Portfolio

    Align portfolio management practices with COBIT (APO05: Manage Portfolio).

    Drive Technology Adoption

    • Buy Link or Shortcode: {j2store}111|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    The project isn’t over if the new product or system isn’t being used. How do you ensure that what you’ve put in place isn’t going to be ignored or only partially adopted? People are more complicated than any new system and managing them through the change needs careful planning.

    Our Advice

    Critical Insight

    Cultivating a herd mentality, where people adopt new technology merely because everyone else is, is an important goal in getting the bulk of users using the new product or system. The herd needs to gather momentum though and this can be done by using the more tech-able and enthused to lead the rest on the journey. Identifying and engaging these key resources early in the process will greatly assist in starting the flow.

    Impact and Result

    While communication is key throughout, involving staff in proof-of-concept activities and contests and using the train-the-trainer techniques and technology champions will all start the momentum toward technology adoption. Group activities will address the bulk of users, but laggards may need special attention.

    Drive Technology Adoption Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Drive Technology Adoption – A brief deck describing how to encourage users to adopt newly implemented technology.

    This document will help you to ensure that newly implemented systems and technologies are correctly adopted by the intended recipients.

    • Drive Technology Adoption Storyboard
    [infographic]

    Further reading

    Drive Technology Adoption

    The project is over. The new technology is implemented. Now how do we make sure it's used?

    Executive Summary

    Your Challenge

    Technology endlessly changes and evolves. Similarly, business directions and requirements change, and these changes need to be supported by technology. Improved functionality and evolvement of systems, along with systems becoming redundant or unsupported, means that maintaining a static environment is virtually impossible.

    Enormous amounts of IT budget are allocated to these changes each year. But once the project is over, how do you manage that change and ensure the systems are being used? Planning your technology adoption is vital.

    Common Obstacles

    The obstacles to technology adoption can be many and various, covering a broad spectrum of areas including:

    • Reluctance of staff to let go of familiar processes and procedures.
    • Perception that any change will add complications but not add value, thereby hampering enthusiasm to adopt.
    • Lack of awareness of the change.
    • General fear of change.
    • Lack of personal confidence.

    Info-Tech’s Approach

    Start by identifying, understanding, categorizing, and defining barriers and put in place a system to:

    • Gain an early understanding of the different types of users and their attitudes to technology and change.
    • Review different adoption techniques and analyze which are most appropriate for your user types.
    • Use a “Follow the Leader” approach, by having technical enthusiasts and champions to show the way.
    • Prevent access to old systems and methods.

    Info-Tech Insight

    For every IT initiative that will be directly used by users, consider the question, “Will the final product be readily accepted by those who are going to use it?” There is no point in implementing a product that no one is prepared to use. Gaining user acceptance is much more than just ticking a box in a project plan once UAT is complete.

    The way change should happen is clear

    Prosci specializes in change. Its ADKAR model outlines what’s required to bring individuals along on the change journey.

    AWARENESS

    • Awareness means more than just knowing there’s a change occurring,
    • it means understanding the need for change.

    DESIRE

    • To achieve desire, there needs to be motivation, whether it be from an
    • organizational perspective or personal.

    KNOWLEDGE

    • Both knowledge on how to train during the transition and knowledge
    • on being effective after the change are required. This can only be done
    • once awareness and desire are achieved.

    ABILITY

    • Ability is not knowledge. Knowing how to do something doesn’t necessarily translate to having the skills to do it.

    REINFORCEMENT

    • Without reinforcement there can be a tendency to revert.

    When things go wrong

    New technology is not being used

    The project is seen as complete. Significant investments have been made, but the technology either isn’t being used or is only partially in use.

    Duplicate systems are now in place

    Even worse. The failure to adopt the new technology by some means that the older systems are still being used. There are now two systems that fail to interact; business processes are being affected and there is widespread confusion.

    Benefits not being realized

    Benefits promised to the business are not being realized. Projected revenue increases, savings, or efficiencies that were forecast are now starting to be seen as under threat.

    There is project blowout

    The project should be over, but the fact that the technology is not being used has created a perception that the implementation is not complete and the project needs to continue.

    Info-Tech Insight

    People are far more complicated than any technology being implemented.

    Consider carefully your approach.

    Why does it happen?

    POOR COMMUNICATION

    There isn’t always adequate communications about what’s changing in the workplace.

    FEAR

    Fear of change is natural and often not rational. Whether the fear is about job loss or not being able to adapt to change; it needs to be managed.

    TRAINING

    Training can be insufficient or ineffective and when this happens people are left feeling like they don’t have the skills to make the change.

    LACK OF EXECUTIVE SUPPORT

    A lack of executive support for change means the change is seen as less important.

    CONFLICTING VIEWS OF CHANGE

    The excitement the project team and business feels about the change is not necessarily shared throughout the business. Some may just see the change as more work, changing something that already works, or a reason to reduce staff levels.

    LACK OF CONFIDENCE

    Whether it’s a lack of confidence generally with technology or concern about a new or changing tool, a lack of confidence is a huge barrier.

    BUDGETARY CONSTRAINTS

    There is a cost with managing people during a change, and budget must be allocated to allow for it.

    Communications

    Info-Tech Insight

    Since Sigmund Freud there has been endless work to understand people’s minds.
    Don’t underestimate the effect that people’s reactions to change can have on your project.

    This is a Kubler-ross change curve graph, plotting the following Strategies: Create Alignment; Maximize Communication; Spark Motivation; Develop Capability; Share Knowledge

    Communication plans are designed to properly manage change. Managing change can be easier when we have the right tools and information to adapt to new circumstances. The Kubler-Ross change curve illustrates the expected steps on the path to acceptance of change. With the proper communications strategy, each can be managed appropriately

    Analyst perspective

    Paul Binns – Principal Research Advisor, Info-Tech

    The rapidly changing technology landscape in our world has always meant that an enthusiasm or willingness to embrace change has been advantageous. Many of us have seen how the older generation has struggled with that change and been left behind.

    In the work environment, the events of the past two years have increased pressure on those slow to adopt as in many cases they couldn't perform their tasks without new tools. Previously, for example, those who may have been reluctant to use digital tools and would instead opt for face-to-face meetings, suddenly found themselves without an option as physical meetings were no longer possible. Similarly, digital collaboration tools that had been present in the market for some time were suddenly more heavily used so everyone could continue to work together in the “online world.”

    At this stage no one is sure what the "new normal" will be in the post-pandemic world, but what has been clearly revealed is that people are prepared to change given the right motivation.

    “Technology adoption is about the psychology of change.”
    Bryan Tutor – Executive Counsellor, Info-Tech

    The Fix

    • Categorize Users
      • Gain a clear understanding of your user types.
    • Identify Adoption Techniques
      • Understand the range of different tools and techniques available.
    • Match Techniques To Categories
      • Determine the most appropriate techniques for your user base.
    • Follow-the-Leader
      • Be aware of the different skills in your environment and use them to your advantage.
    • Refresh, Retrain, Restrain
      • Prevent reversion to old methods or systems.

    Categories

    Client-Driven Insight

    Consider your staff and industry when looking at the Everett Rogers curve. A technology organization may have less laggards than a traditional manufacturing one.

    In Everett Rogers’ book Diffusion of Innovations 5th Edition (Free Press, 2005), Rogers places adopters of innovations into five different categories.

    This is an image of an Innovation Adoption Curve from Everett Rogers' book Diffusion of Innovations 5th Edition

    Category 1: The Innovator – 2.5%

    Innovators are technology enthusiasts. Technology is a central interest of theirs, either at work, at home, or both. They tend to aggressively pursue new products and technologies and are likely to want to be involved in any new technology being implemented as soon as possible, even before the product is ready to be released.

    For people like this the completeness of the new technology or the performance can often be secondary because of their drive to get new technology as soon as possible. They are trailblazers and are not only happy to step out of their comfort zone but also actively seek to do so.

    Although they only make up about 2.5% of the total, their enthusiasm, and hopefully endorsement of new technology, offers reassurance to others.

    Info-Tech Insight

    Innovators can be very useful for testing before implementation but are generally more interested in the technology itself rather than the value the technology will add to the business.

    Category 2: The Early Adopter – 13.5%

    Whereas Innovators tend to be technologists, Early Adopters are visionaries that like to be on board with new technologies very early in the lifecycle. Because they are visionaries, they tend to be looking for more than just improvement – a revolutionary breakthrough. They are prepared to take high risks to try something new and although they are very demanding as far as product features and performance are concerned, they are less price-sensitive than other groups.

    Early Adopters are often motivated by personal success. They are willing to serve as references to other adopter groups. They are influential, seen as trendsetters, and are of utmost importance to win over.

    Info-Tech Insight

    Early adopters are key. Their enthusiasm for technology, personal drive, and influence make them a powerful tool in driving adoption.

    Category 3: The Early Majority – 34%

    This group is comprised of pragmatists. The first two adopter groups belong to early adoption, but for a product to be fully adopted the mainstream needs to be won over, starting with the Early Majority.

    The Early Majority share some of the Early Adopters’ ability to relate to technology. However, they are driven by a strong sense of practicality. They know that new products aren’t always successful. Consequently, they are content to wait and see how others fare with the technology before investing in it themselves. They want to see well-established references before adopting the technology and to be shown there is no risk.

    Because there are so many people in this segment (roughly 34%), winning these people over is essential for the technology to be adopted.

    Category 4: The Late Majority – 34%

    The Late Majority are the conservatives. This group is generally about the same size as the Early Majority. They share all the concerns of the Early Majority; however, they are more resistant to change and are more content with the status quo than eager to progress to new technology. People in the Early Majority group are comfortable with their ability to handle new technology. People in the Late Majority are not.

    As a result, these conservatives prefer to wait until something has become an established standard and take part only at the end of the adoption period. Even then, they want to see lots of support and ensure that there is proof there is no risk in them adopting it.

    Category 5: The Laggard – 16%

    This group is made up of the skeptics and constitutes 16% of the total. These people want nothing to do with new technology and are generally only content with technological change when it is invisible to them. These skeptics have a strong belief that disruptive new technologies rarely deliver the value promised and are almost always worried about unintended consequences.

    Laggards need to be dealt with carefully as their criticism can be damaging and without them it is difficult for a product to become fully adopted. Unfortunately, the effort required for this to happen is often disproportional to the size of the group.

    Info-Tech Insight

    People aren’t born laggards. Technology projects that have failed in the past can alter people’s attitudes, especially if there was a negative impact on their working lives. Use empathy when dealing with people and respect their hesitancy.

    Adoption Techniques

    Different strokes for different folks

    Technology adoption is all about people; and therefore, the techniques required to drive that adoption need to be people oriented.

    The following techniques are carefully selected with the intention of being impactful on all the different categories described previously.

    Technology Adoption: Herd Mentality; Champions; Force; Group Training; One-on-One; Contests; Marketing; Proof of Concept; Train the Trainer

    There are multitudes of different methods to get people to adopt new technology, but which is the most appropriate for your situation? Generally, it’s a combination.

    Technology Adoption: Herd Mentality; Champions; Force; Group Training; One-on-One; Contests; Marketing; Proof of Concept; Train the Trainer

    Train the Trainer

    Use your staff to get your message across.

    Abstract

    This technique involves training key members of staff so they can train others. It is important that those selected are strong communicators, are well respected by others, and have some expertise in technology.

    Advantages

    • Cost effective
    • Efficient dissemination of information
    • Trusted internal staff

    Disadvantages

    • Chance of inconsistent delivery
    • May feel threatened by co-worker

    Best to worst candidates

    • Early Adopter: Influential trendsetters. Others receptive of their lead.
    • Innovator: Comfortable and enthusiastic about new technology, but not necessarily a trainer.
    • Early Majority: Tendency to take others’ lead.
    • Late Majority: Risk averse and tend to follow others, only after success is proven.
    • Laggard: Last to adopt usually. Unsuitable as Trainer.

    Marketing

    Marketing should be continuous throughout the change to encourage familiarity.

    Abstract

    Communication is key as people are comfortable with what is familiar to them. Marketing is an important tool for convincing adopters that the new product is mainstream, widely adopted and successful.

    Advantages

    • Wide communication
    • Makes technology appear commonplace
    • Promotes effectiveness of new technology

    Disadvantages

    • Reliant on staff interest
    • Can be expensive

    Best to worst candidates

    • Early Majority: Pragmatic about change. Marketing is effective encouragement.
    • Early Adopter: Receptive and interested in change. Marketing is supplemental.
    • Innovator: Actively seeks new technology. Does not need extensive encouragement.
    • Late Majority: Requires more personal approach.
    • Laggard: Resistant to most enticements.

    One-on-One

    Tailored for individuals.

    Abstract

    One-on-one training sometimes is the only way to train if you have staff with special needs or who are performing unique tasks.
    It is generally highly effective but inefficient as it only addresses individuals.

    Advantages

    • Tailored to specific need(s)
    • Only relevant information addressed
    • Low stress environment

    Disadvantages

    • Expensive
    • Possibility of inconsistent delivery
    • Personal conflict may render it ineffective

    Best to worst candidates

    • Laggard: Encouragement and cajoling can be used during training.
    • Late Majority: Proof can be given of effectiveness of new product.
    • Early Majority: Effective, but not cost efficient.
    • Early Adopter: Effective, but not cost-efficient.
    • Innovator: Effective, but not cost-efficient.

    Group Training

    Similar roles, attitudes, and abilities.

    Abstract

    Group training is one of the most common methods to start people on their journey toward new technology. Its effectiveness with the two largest groups, Early Majority and Late Majority, make it a primary tool in technology adoption.

    Advantages

    • Cost effective
    • Time effective
    • Good for team building

    Disadvantages

    • Single method may not work for all
    • Difficult to create single learning pace for all

    Best to worst candidates

    • Early Majority: Receptive. The formality of group training will give confidence.
    • Late Majority: Conservative attitude will be receptive to traditional training.
    • Early Adopter: Receptive and attentive. Excited about the change.
    • Innovator: Will tend to want to be ahead or want to move ahead of group.
    • Laggard: Laggards in group training may have a negative impact.

    Force

    The last resort.

    Abstract

    The transition can’t go on forever.

    At some point the new technology needs to be fully adopted and if necessary, force may have to be used.

    Advantages

    • Immediate full transition
    • Fixed delivery timeline

    Disadvantages

    • Alienation of some staff
    • Loss of faith in product if there are issues

    Best to worst candidates

    • Laggard: No choice but to adopt. Forces the issue.
    • Late Majority: Removes issue of reluctance to change.
    • Early Majority: Content, but worried about possible problems.
    • Early Adopter: Feel less personal involvement in change process.
    • Innovator: Feel less personal involvement in change process.

    Contests

    Abstract

    Contests can generate excitement and create an explorative approach to new technology. People should not feel pressured. It should be enjoyable and not compulsory.

    Advantages

    • Rapid improvement of skills
    • Bring excitement to the new technology
    • Good for team building

    Disadvantages

    • Those less competitive or with lower skills may feel alienated
    • May discourage collaboration

    Best to worst candidates

    • Early Adopter: Seeks personal success. Risk taker. Effective.
    • Innovator: Enthusiastic to explore limits of technology.
    • Early Majority: Less enthusiastic. Pragmatic. Less competitive.
    • Late Majority: Conservative. Not enthusiastic about new technology.
    • Laggard: Reluctant to get involved.

    Incentives

    Incentives don’t have to be large.

    Abstract

    For some staff, merely taking management’s lead is not enough. Using “Nudge” techniques to give that extra incentive is quite effective. Incentivizing staff either financially or through rewards, recognition, or promotion is a successful adoption technique for some.

    Advantages

    Encouragement to adopt from receiving tangible benefit

    Draws more attention to the new technology

    Disadvantages

    Additional expense to business or project

    Possible poor precedent for subsequent changes

    Best to worst candidates

    Early Adopter: Desire for personal success makes incentives enticing.

    Early Majority: Prepared to change, but extra incentive will assist.

    Late Majority: Conservative attitude means incentive may need to be larger.

    Innovator: Enthusiasm for new technology means incentive not necessary.

    Laggard: Sceptical about change. Only a large incentive likely to make a difference.

    Champions

    Strong internal advocates for your new technology are very powerful.

    Abstract

    Champions take on new technology and then use their influence to promote it in the organization. Using managers as champions to actively and vigorously promote the change is particularly effective.

    Advantages

    • Infectious enthusiasm encourages those who tend to be reluctant
    • Use of trusted internal staff

    Disadvantages

    • Removes internal staff from regular duties
    • Ineffective if champion not respected

    Best to worst candidates

    • Early Majority: Champions as references of success provide encouragement.
    • Late Majority: Management champions in particular are effective.
    • Laggard: Close contact with champions may be effective.
    • Early Adopter: Receptive of technology, less effective.
    • Innovator: No encouragement or promotion required.

    Herd Mentality

    Follow the crowd.

    Abstract

    Herd behavior is when people discount their own information and follow others. Ideally all adopters would understand the reason and advantages in adopting new technology, but practically, the result is most important.

    Advantages

    • New technology is adopted without question
    • Increase in velocity of adoption

    Disadvantages

    • Staff may not have clear understanding of the reason for change and resent it later
    • Some may adopt the change before they are ready to do so

    Best to worst candidates

    • Early Majority: Follow others’ success.
    • Late Majority: Likely follow an established proven standard.
    • Early Adopter: Less effective as they prefer to set trends rather than follow.
    • Innovator: Seeks new technology rather than following others.
    • Laggard: Suspicious and reluctant to change.

    Proof of Concepts

    Gain early input and encourage buy-in.

    Abstract

    Proof of concept projects give early indications of the viability of a new initiative. Involving the end users in these projects can be beneficial in gaining their support

    Advantages

    Involve adopters early on

    Valuable feedback and indications of future issues

    Disadvantages

    If POC isn’t fully successful, it may leave lingering negativity

    Usually, involvement from small selection of staff

    Best to worst candidates

    • Innovator: Strong interest in getting involved in new products.
    • Early Adopter: Comfortable with new technology and are influencers.
    • Early Majority: Less interest. Prefer others to try first.
    • Late Majority: Conservative attitude makes this an unlikely option.
    • Laggard: Highly unlikely to get involved.

    Match techniques to categories

    What works for who?

    This clustered column chart categorizes techniques by category

    Follow the leader

    Engage your technology enthusiasts early to help refine your product, train other staff, and act as champions. A combination of marketing and group training will develop a herd mentality. Finally, don’t neglect the laggards as they can prevent project completion.

    This is an inverted funnel chart with the output of: Change Destination.  The inputs are: 16% Laggards; 34% Late Majority; 34% Early Majority; 13.3% Early Adopters; 2% Innovators

    Info-Tech Insight

    Although there are different size categories, none can be ignored. Consider your budget when dealing with smaller groups, but also consider their impact.

    Refresh, retrain, restrain

    We don’t want people to revert.

    Don’t assume that because your staff have been trained and have access to the new technology that they will keep using it in the way they were trained. Or that they won’t revert back to their old methods or system.

    Put in place methods to remove completely or remove access to old systems. Schedule refresh training or skill enhancement sessions and stay vigilant.

    Research Authors

    Paul Binns

    Paul Binns

    Principal Research Advisor, Info-Tech Research Group

    With over 30 years in the IT industry, Paul brings to his work his experience as a Strategic Planner, Consultant, Enterprise Architect, IT Business Owner, Technologist, and Manager. Paul has worked with both small and large companies, local and international, and has had senior roles in government and the finance industry.

    Scott Young

    Scott Young

    Principal Research Advisor, Info-Tech Research Group

    Scott Young is a Director of Infrastructure Research at Info-Tech Research Group. Scott has worked in the technology field for over 17 years, with a strong focus on telecommunications and enterprise infrastructure architecture. He brings extensive practical experience in these areas of specialization, including IP networks, server hardware and OS, storage, and virtualization.

    Related Info-Tech Research

    User Group Analysis Workbook

    Use Info-Tech’s workbook to gather information about user groups, business processes, and day-to-day tasks to gain familiarity with your adopters.

    Governance and Management of Enterprise Software Implementation

    Use our research to engage users and receive timely feedback through demonstrations. Our iterative methodology with a task list focused on the business’ must-have functionality allows staff to return to their daily work sooner.

    Quality Management User Satisfaction Survey

    This IT satisfaction survey will assist you with early information to use for categorizing your users.

    Master Organizational Change Management Practices

    Using a soft, empathetic approach to change management is something that all PMOs should understand. Use our research to ensure you have an effective OCM plan that will ensure project success.

    Bibliography

    Beylis, Guillermo. “COVID-19 accelerates technology adoption and deepens inequality among workers in Latin America and the Caribbean.” World Bank Blogs, 4 March 2021. Web.

    Cleland, Kelley. “Successful User Adoption Strategies.” Insight Voices, 25 Apr. 2017. Web.

    Hiatt, Jeff. “The Prosci ADKAR ® Model.” PROSCI, 1994. Web.

    Malik, Priyanka. “The Kübler Ross Change Curve in the Workplace.” whatfix, 24 Feb. 2022. Web.

    Medhaugir, Tore. “6 Ways to Encourage Software Adoption.” XAIT, 9 March 2021. Web.

    Narayanan, Vishy. “What PwC Australia learned about fast tracking tech adoption during COVID-19” PWC, 13 Oct. 2020. Web.

    Sridharan, Mithun. “Crossing the Chasm: Technology Adoption Lifecycle.” Think Insights, 28 Jun 2022. Web.

    Organizational Change Management

    • Buy Link or Shortcode: {j2store}35|cart{/j2store}
    • Related Products: {j2store}35|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.6/10
    • member rating average dollars saved: $19,055
    • member rating average days saved: 24
    • Parent Category Name: Project Portfolio Management and Projects
    • Parent Category Link: /ppm-and-projects
    If you don't know who is responsible for organizational change, it's you.

    The Essential COVID-19 Childcare Policy for Every Organization, Yesterday

    • Buy Link or Shortcode: {j2store}598|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Manage & Coach
    • Parent Category Link: /manage-coach
    • Helping employees navigate personal and business responsibilities to find solutions that ensure both are taken care of.
    • Reducing potential disruption to business operations through employee absenteeism due to increased care-provider responsibilities.

    Our Advice

    Critical Insight

    • Remote work is complicated by children at home with school closures. Implement alternative temporary work arrangements that allow and support employees to balance work and personal obligations.
    • Adjustments to work arrangements and pay may be necessary. Temporary work arrangements while caring for dependents over a longer-term pandemic may require adjustments to the duties carried out, number of hours worked, and adjustments to employee pay.
    • Managing remotely is more than staying in touch by phone. As a leader you will need to provide clear options that provide solutions to your employees to avoid them getting overwhelmed while taking care of the business to ensure there is a business long term.

    Impact and Result

    • Develop a policy that provides parameters around mutually agreed adjustments to performance levels while balancing dependent care with work during a pandemic.
    • Take care of the business through clear guidelines on compensation while taking care of the health and wellness of your people.
    • Develop detailed work-from-home plans that lessen disruption to your work while taking care of children or aged parents.

    The Essential COVID-19 Childcare Policy for Every Organization, Yesterday Research & Tools

    Start here. Read The Essential COVID-19 Childcare Policy for Every Organization, Yesterday

    Read our recommendations and follow the steps to develop a policy that will help your employees work productively while managing care-provider responsibilities at home.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • The Essential COVID-19 Childcare Policy for Every Organization, Yesterday Storyboard
    • Pandemic Dependent Care Policy
    • COVID-19 Dependent Care Policy Manager Action Toolkit
    • COVID-19 Dependent Care Policy Employee Guide
    • Dependent-Flextime Agreement Template
    • Workforce Planning Tool
    • Nine Ways to Support Working Caregivers Today
    • Employee Resource Group (ERG) Charter Template
    [infographic]

    Get the Most Out of Your CRM

    • Buy Link or Shortcode: {j2store}537|cart{/j2store}
    • member rating overall impact (scale of 10): 9.7/10 Overall Impact
    • member rating average dollars saved: $31,749 Average $ Saved
    • member rating average days saved: 22 Average Days Saved
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Application optimization is essential to stay competitive and productive in today’s digital environment.
    • Enterprise applications often involve large capital outlay, unquantified benefits, and high risk of failure.
    • Customer relationship management (CRM) application portfolios are often messy with multiple integration points, distributed data, and limited ongoing end-user training.
    • User dissatisfaction is common.

    Our Advice

    Critical Insight

    A properly optimized CRM ecosystem will reduce costs and increase productivity.

    Impact and Result

    • Build an ongoing optimization team to conduct application improvements.
    • Assess your CRM application(s) and the environment in which they exist. Take a business-first strategy to prioritize optimization efforts.
    • Validate CRM capabilities, user satisfaction, issues around data, vendor management, and costs to build out an optimization strategy.
    • Pull this all together to develop a prioritized optimization roadmap.

    Get the Most Out of Your CRM Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should optimize your CRM, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Map current-state capabilities

    Gather information around the application:

    • Get the Most Out of Your CRM Workbook

    2. Assess your current state

    Assess CRM and related environment. Perform CRM process assessment. Assess user satisfaction across key processes, applications, and data. Understand vendor satisfaction

    • CRM Application Inventory Tool

    3. Build your optimization roadmap

    Build your optimization roadmap: process improvements, software capability improvements, vendor relationships, and data improvement initiatives.

    Infographic

    Workshop: Get the Most Out of Your CRM

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your CRM Application Vision

    The Purpose

    Define your CRM application vision.

    Key Benefits Achieved

    Develop an ongoing application optimization team.

    Realign CRM and business goals.

    Understand your current system state capabilities.

    Explore CRM and related costs.

    Activities

    1.1 Determine your CRM optimization team.

    1.2 Align organizational goals.

    1.3 Inventory applications and interactions.

    1.4 Define business capabilities.

    1.5 Explore CRM-related costs (optional).

    Outputs

    CRM optimization team

    CRM business model

    CRM optimization goals

    CRM system inventory and data flow

    CRM process list

    CRM and related costs

    2 Map Current-State Capabilities

    The Purpose

    Map current-state capabilities.

    Key Benefits Achieved

    Complete a CRM process gap analysis to understand where the CRM is underperforming.

    Review the CRM application portfolio assessment to understand user satisfaction and data concerns.

    Undertake a software review survey to understand your satisfaction with the vendor and product.

    Activities

    2.1 Conduct gap analysis for CRM processes.

    2.2 Perform an application portfolio assessment.

    2.3 Review vendor satisfaction.

    Outputs

    CRM process gap analysis

    CRM application portfolio assessment

    CRM software reviews survey

    3 Assess CRM

    The Purpose

    Assess CRM.

    Key Benefits Achieved

    Learn which processes you need to focus on.

    Uncover underlying user satisfaction issues to address these areas.

    Understand where data issues are occurring so that you can mitigate this.

    Investigate your relationship with the vendor and product, including that relative to others.

    Identify any areas for cost optimization (optional).

    Activities

    3.1 Explore process gaps.

    3.2 Analyze user satisfaction.

    3.3 Assess data quality.

    3.4 Understand product satisfaction and vendor management.

    3.5 Look for CRM cost optimization opportunities (optional).

    Outputs

    CRM process optimization priorities

    CRM vendor optimization opportunities

    CRM cost optimization

    4 Build the Optimization Roadmap

    The Purpose

    Build the optimization roadmap.

    Key Benefits Achieved

    Understanding where you need to improve is the first step, now understand where to focus your optimization efforts.

    Activities

    4.1 Identify key optimization areas.

    4.2 Build your CRM optimization roadmap and next steps.

    Outputs

    CRM optimization roadmap

    Further reading

    Get the Most Out of Your CRM

    In today’s connected world, continuous optimization of enterprise applications to realize your digital strategy is key.

    Get the Most Out of Your CRM

    In today’s connected world, continuous optimization of enterprise applications to realize your digital strategy is key.

    EXECUTIVE BRIEF

    Analyst Perspective

    Focus optimization on organizational value delivery.

    Customer relationship management (CRM) systems are at the core of a customer-centric strategy to drive business results. They are critical to supporting marketing, sales, and customer service efforts.

    CRM systems are expensive, their benefits are difficult to quantify, and they often suffer from poor user satisfaction. Post implementation, technology evolves, organizational goals change, and the health of the system is not monitored. This is complicated in today’s digital landscape with multiple integration points, siloed data, and competing priorities.

    Too often organizations jump into the selection of replacement systems without understanding the health of their current systems. IT leaders need to stop reacting and take a proactive approach to continually monitor and optimize their enterprise applications. Strategically realign business goals, identify business application capabilities, complete a process assessment, evaluate user adoption, and create an optimization roadmap that will drive a cohesive technology strategy that delivers results.

    This is a picture of Lisa Highfield

    Lisa Highfield
    Research Director,
    Enterprise Applications
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    In today’s connected world, continuous optimization of enterprise applications to realize your digital strategy is key.

    Enterprise applications often involve large capital outlay and unquantified benefits.

    CRM application portfolios are often messy. Add to that poor processes, distributed data, and lack of training – business results and user dissatisfaction is common.

    Technology owners are often distributed across the business. Consolidation of optimization efforts is key.

    Common Obstacles

    Enterprise applications involve large numbers of processes and users. Without a clear focus on organizational needs, decisions about what and how to optimize can become complicated.

    Competing and conflicting priorities may undermine optimization value by focusing on the approaches that would only benefit one line of business rather than the entire organization.

    Teams do not have a framework to illustrate, communicate, and justify the optimization effort in the language your stakeholders understand.

    Info-Tech’s Approach

    Build an ongoing optimization team to conduct application improvements.

    Assess your CRM application(s) and the environment in which they exist. Take a business-first strategy to prioritize optimization efforts.

    Validate CRM capabilities, user satisfaction, issues around data, vendor management, and costs to build out an optimization strategy

    Pull this all together to develop a prioritized optimization roadmap.

    Info-Tech Insight

    CRM implementation should not be a one-and-done exercise. A properly optimized CRM ecosystem will reduce costs and increase productivity.

    This is an image of the thought model: Get the Most Out of Your CRM

    Insight Summary

    Continuous assessment and optimization of customer relationship management (CRM) systems is critical to their success.

    • Applications and the environments in which they live are constantly evolving.
    • Get the Most Out of Your CRM provides business and application managers a method to complete a health assessment on their CRM systems to identify areas for improvement and optimization.
    • Put optimization practices into effect by:
      • Aligning and prioritizing key business and technology drivers.
      • Identifying CRM process classification, and performing a gap analysis.
      • Measuring user satisfaction across key departments.
      • Evaluating vendor relations.
      • Understanding how data fits.
      • Pulling it all together into an optimization roadmap.

    CRM platforms are the applications that provide functional capabilities and data management around the customer experience (CX).

    Marketing, sales, and customer service are enabled through CRM technology.

    CRM technologies facilitate an organization’s relationships with customers, service users, employees, and suppliers.

    CRM technology is critical to managing the lifecycle of these relationships, from lead generation, to sales opportunities, to ongoing support and nurturing of these relationships.

    Customer experience management (CXM)

    CRM platforms sit at the core of a well-rounded customer experience management ecosystem.

    Customer Relationship Management

    • Web Experience Management Platform
    • E-Commerce & Point-of-Sale Solutions
    • Social Media Management Platform
    • Customer Intelligence Platform
    • Customer Service Management Tools
    • Marketing Management Suite

    Customer relationship management suites are one piece of the overall customer experience management ecosystem, alongside tools such as customer intelligence platforms and adjacent point solutions for sales, marketing, and customer service. Review Info-Tech’s CXM blueprint to build a complete, end-to-end customer interaction solution portfolio that encompasses CRM alongside other critical components. The CXM blueprint also allows you to develop strategic requirements for CRM based on customer personas and external market analysis.

    CRM by the numbers

    1/3

    Statistical analysis of CRM projects indicate failures vary from 18% to 69%. Taking an average of those analyst reports, about one-third of CRM projects are considered a failure.
    Source: CIO Magazine, 2017

    85%

    Companies that apply the principles of behavioral economics outperform their peers by 85% in sales growth and more than 25% in gross margin.
    Source: Gallup, 2012

    40%

    In 2019, 40% of executives name customer experience the top priority for their digital transformation.
    Source: CRM Magazine, 2019

    CRM dissatisfaction

    Drivers of Dissatisfaction

    Business Data People and Teams Technology
    • Misaligned objectives
    • Product fit
    • Changing priorities
    • Lack of metrics
    • Access to data
    • Data hygiene
    • Data literacy
    • One view of the customer
    • User adoption
    • Lack of IT support
    • Training (use of data and system)
    • Vendor relations
    • Systems integration
    • Multichannel complexity
    • Capability shortfall
    • Lack of product support

    Info-Tech Insight

    While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder to shoulder with the business to develop a technology framework for customer relationship management.

    Marketing, Sales, and Customer Service, along with IT, can only optimize CRM with the full support of each other. The cooperation of the departments is crucial when trying to improve CRM technology capabilities and customer interaction.

    Application optimization is risky without a plan

    Avoid the common pitfalls.

    • Not considering application optimization as a business and IT partnership that requires continuous formal engagement of all participants.
    • Not having a good understanding of current state, including integration points and data.
    • Not adequately accommodating feedback and changes after digital applications are deployed and employed.
    • Not treating digital applications as a motivator for potential future IT optimization effort, and not incorporating digital assets in strategic business planning.
    • Not involving department leads, management, and other subject matter experts to facilitate the organizational change digital applications bring.

    “A successful application optimization strategy starts with the business need in mind and not from a technological point of view. No matter from which angle you look at it, modernizing a legacy application is a considerable undertaking that can’t be taken lightly. Your best approach is to begin the journey with baby steps.”
    – Ernese Norelus, Sreeni Pamidala, and Oliver Senti
    Medium, 2020

    Info-Tech’s methodology for Get the Most Out of Your CRM

    1. Map Current-State Capabilities 2. Assess Your Current State 3. Build Your Optimization Roadmap
    Phase Steps
    1. Identify stakeholders and build your CRM optimization team
    2. Build a CRM strategy model
    3. Inventory current system state
    4. Define business capabilities
    1. Conduct a gap analysis for CRM processes
    2. Assess user satisfaction
    3. Review your satisfaction with the vendor and product
    1. Identify key optimization areas
    2. Compile optimization assessment results
    Phase Outcomes
    1. Stakeholder map
    2. CRM optimization team
    3. CRM business model
    4. Strategy alignment
    5. Systems inventory and diagram
    6. Business capabilities map
    7. Key CRM processes list
    1. Gap analysis for CRM-related processes
    2. Understanding of user satisfaction across applications and processes
    3. Insight into CRM data quality
    4. Quantified satisfaction with the vendor and product
    1. Application optimization plan

    Get the Most Out of Your CRM Workbook

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    Key deliverable:

    CRM Optimization Roadmap (Tab 8)

    This image contains a screenshot from Tab 9 of the Get the most out of your CRM WorkshopThis image contains a screenshot from Tab 9 of the Get the most out of your CRM Workshop

    Complete an assessment of processes, user satisfaction, data quality, and vendor management using the Workbook or the APA diagnostic.

    CRM Business Model (Tab 2)

    This image contains a screenshot from Tab 2 of the Get the most out of your CRM Workshop

    Align your business and technology goals and objectives in the current environment.

    Prioritized CRM Optimization Goals (Tab 3)

    This image contains a screenshot from Tab 3 of the Get the most out of your CRM Workshop

    Identify and prioritize your CRM optimization goals.

    Application Portfolio Assessment (APA)

    This image contains a screenshot of the Application Portfolio Assessment

    Assess IT-enabled user satisfaction across your CRM portfolio.

    Prioritized Process Assessment (Tab 5)

    This image contains a screenshot from Tab 5 of the Get the most out of your CRM Workshop

    Understand areas for improvement.

    Case Study

    Align strategy and technology to meet consumer demand.

    INDUSTRY - Entertainment
    SOURCE - Forbes, 2017

    Challenge

    Beginning as a mail-out service, Netflix offered subscribers a catalog of videos to select from and have mailed to them directly. Customers no longer had to go to a retail store to rent a video. However, the lack of immediacy of direct mail as the distribution channel resulted in slow adoption.

    Blockbuster was the industry leader in video retail but was lagging in its response to industry, consumer, and technology trends around customer experience

    Solution

    In response to the increasing presence of tech-savvy consumers on the internet, Netflix invested in developing its online platform as its primary distribution channel. The benefit of doing so was two-fold: passive brand advertising (by being present on the internet) and meeting customer demands for immediacy and convenience. Netflix also recognized the rising demand for personalized service and created an unprecedented, tailored customer experience.

    Results

    Netflix’s disruptive innovation is built on the foundation of great customer experience management. Netflix is now a $28-billion company, which is tenfold what Blockbuster was worth.

    Netflix used disruptive technologies to innovatively build a customer experience that put it ahead of the long-time, video rental industry leader, Blockbuster.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2:

    Build the CRM team.

    Align organizational goals.

    Call #4:

    Conduct gap analysis for CRM processes.

    Prepare application portfolio assessment.

    Call #5:

    Understand product satisfaction and vendor management.

    Look for CRM cost optimization opportunities (optional).

    Call #7:

    Identify key optimization areas.

    Build out optimization roadmap and next steps.

    Call #3:

    Map current state.

    Inventory CRM processes.

    Explore CRM-related costs.

    Call #6:

    Review APA results.

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Define Your CRM Application Vision Map Current-State Capabilities Assess CRM Build the Optimization Roadmap Next Steps and Wrap-Up (offsite)

    Activities

    1.1 Determine your CRM optimization team

    1.2 Align organizational goals

    1.3 Inventory applications and interactions

    1.4 Define business capabilities

    1.5 Explore CRM-related costs

    2.1 Conduct gap analysis for CRM processes

    2.2 Perform an application portfolio assessment

    2.3 Review vendor satisfaction

    3.1 Explore process gaps

    3.2 Analyze user satisfaction

    3.3 Assess data quality

    3.4 Understand product satisfaction and vendor management

    3.5 Look for CRM cost optimization opportunities (optional)

    4.1 Identify key optimization areas

    4.2 Build your CRM optimization roadmap and next steps

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables
    1. CRM optimization team
    2. CRM business model
    3. CRM optimization goals
    4. CRM system inventory and data flow
    5. CRM process list
    6. CRM and related costs
    1. CRM process gap analysis
    2. CRM application portfolio assessment
    3. CRM software reviews survey
    1. CRM process optimization priorities
    2. CRM vendor optimization opportunities
    3. CRM cost optimization
    1. CRM optimization roadmap

    Phase 1

    Map Current-State Capabilities

    • 1.1 Identify Stakeholders and Build Your Optimization Team
    • 1.2 Build a CRM Strategy Model
    • 1.3 Inventory Current System State
    • 1.4 Define Business Capabilities
    • 1.5 Understand CRM Costs

    Get the Most Out of Your CRM

    This phase will walk you through the following activities:

    • Align your organizational goals
    • Gain a firm understanding of your current state
    • Inventory CRM and related applications
    • Confirm the organization’s capabilities

    This phase involves the following participants:

    • Product Owners
    • CMO
    • Departmental leads – Sales, Marketing, Customer Service, or other
    • Applications Director
    • Senior Business Analyst
    • Senior Developer
    • Procurement Analysts

    Inventory of CRM and related systems

    Develop an integration map to specify which applications will interface with each other.

    This is an image of an integration map, integrating the following Terms to CRM: Telephony Systems; Directory Services; Email; Content Management; Point Solutions; ERP

    Integration is paramount: your CRM application often integrates with other applications within the organization. Create an integration map to reflect a system of record and the exchange of data. To increase customer engagement, channel integration is a must (i.e. with robust links to unified communications solutions, email, and VoIP telephony systems).

    CRM plays a key role in the more holistic customer experience framework. However, it is heavily influenced by and often interacts with many other platforms.

    Data is one key consideration that needs to be considered here. If customer information is fragmented, it will be nearly impossible to build a cohesive view of the customer. Points of integration (POIs) are the junctions between the CRM(s) and other applications where data is flowing to and from. They are essential to creating value, particularly in customer insight-focused and omnichannel-focused deployments.

    Customer expectations are on the rise

    CRM strategy is a critical component of customer experience (CX).

    CUSTOMER EXPERIENCE

    1. Thoughtfulness is in
      Connect with customers on a personal level
    2. Service over products
      The experience is more important than the product
    3. Culture is now number one
      Culture is the most overlooked piece of customer experience strategy
    4. Engineering and service finally join forces
      Companies are combining their technology and service efforts to create
      strong feedback loops
    5. The B2B world is inefficiently served
      B2B needs to step up with more tools and a greater emphasis placed on
      customer experience

    Source: Forbes, 2019

    Build a cohesive CRM strategy that aligns business goals with CRM capabilities.

    Info-Tech Insight

    Customers expect to interact with organizations through the channels of their choice. Now more than ever, you must enable your organization to provide tailored customer experiences.

    IT is critical to the success of your CRM strategy

    Today’s shared digital landscape of the CIO and CMO

    CIO

    • IT Operations
    • Service Delivery and Management
    • IT Support
    • IT Systems and Application
    • IT Strategy and Governance
    • Cybersecurity

    Collaboration and Partnership

    • Digital Strategy = Transformation
      Business Goals | Innovation | Leadership | Rationalization
    • Customer Experience
      Architecture | Design | Omnichannel Delivery | Management
    • Insight (Market Facing)
      Analytics | Business Intelligence | Machine Learning | AI
    • Marketing Integration + Operating Model
      Apps | Channels | Experiences | Data | Command Center
    • Master Data
      Customer | Audience | Industry | Digital Marketing Assets

    CMO

    • PEO Media
    • Brand Management
    • Campaign Management
    • Marketing Tech
    • Marketing Ops
    • Privacy, Trust, and Regulatory Requirements

    Info-Tech Insight

    Technology is the key enabler of building strong customer experiences: IT must stand shoulder to shoulder with the business to develop a technology framework for customer relationship management.

    Step 1.1

    Identify Stakeholders and Build Your Optimization Team

    Activities

    1.1.1 Identify the stakeholders whose support will be critical to success

    1.1.2 Select your CRM optimization team

    Map Current-State Capabilities

    This step will walk you through the following activities:

    • Identify CRM drivers and objectives.
    • Explore CRM challenges and pain points.
    • Discover CRM benefits and opportunities.
    • Align the CRM foundation with the corporate strategy.

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Stakeholder map
    • CRM optimization team composition

    CRM optimization stakeholders

    Understand the roles necessary to get the most out of your CRM.

    Understand the role of each player within your optimization initiative. Look for listed participants on the activity slides to determine when each player should be involved.

    Info-Tech Insight

    Do not limit input or participation. Include subject matter experts and internal stakeholders at stages within the optimization initiative. Such inputs can be solicited on a one-off basis as needed. This ensures you take a holistic approach to creating your CRM optimization strategy.

    Title

    Roles Within CRM Optimization Initiative

    Optimization Sponsor

    • Owns the project at the management/C-suite level
    • Responsible for breaking down barriers and ensuring alignment with organizational strategy
    • CMO, VP od Marketing, VP of Sales, VP of Customer Care, or similar

    Optimization Initiative Manager

    • Typically IT individual(s) that oversee day-to-day operations
    • Responsible for preparing and managing the project plan and monitoring the project team’s progress
    • Applications Manager or other IT Manager, Business Analyst, Business Process Owner, or similar

    Business Leads/
    Product Owners

    • Works alongside the Optimization Initiative Manager to ensure that the strategy is aligned with business needs
    • In this case, likely to be a marketing, sales, or customer service lead
    • Product Owners
    • Sales Director, Marketing Director, Customer Care Director, or similar

    CRM Optimization Team

    • Comprised of individuals whose knowledge and skills are crucial to optimization success
    • Responsible for driving day-to-day activities, coordinating communication, and making process and design decisions
    • Project Manager, Business Lead, CRM Manager, Integration Manager, Application SMEs, Developers, Business Process Architects, and/or similar SMEs

    Steering Committee

    • Comprised of C-suite/management level individuals that act as the CRM optimization decision makers.
    • Responsible for validating goals and priorities, defining the optimization scope, enabling adequate resourcing, and managing change
    • Project Sponsor, Project Manager, Business Lead, CMO, Business Unit SMEs, or similar

    1.1.1 Identify stakeholders critical to success

    1 hour

    1. Hold a meeting to identify the stakeholders that should be included in the project’s steering committee.
    2. Finalize selection of steering committee members.
    3. Contact members to ensure their willingness to participate.
    4. Document the steering committee members and the milestone/presentation expectations for reporting project progress and results.

    Input

    • Stakeholder interviews
    • Business process owners list

    Output

    • CRM optimization stakeholders
    • Steering committee members

    Materials

    • N/A

    Participants

    • Product Owners
    • CMO
    • Departmental Leads – Sales, Marketing, Customer Service (and others)
    • Applications Director
    • Senior Business Analyst
    • Senior Developer
    • Procurement Analyst

    The CRM optimization team

    Consider the core team functions when composing the CRM optimization team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, Operations) to create a well-aligned CRM optimization strategy.

    Don’t let your core team become too large when trying to include all relevant stakeholders. Carefully limiting the size of the optimization team will enable effective decision making while still including functional business units such as Marketing, Sales, Service, and Customer Service.

    Required Skills/Knowledge

    Suggested Optimization Team Members

    Business

    • Understanding of the customer
    • Departmental processes
    • Sales Manager
    • Marketing Manager
    • Customer Service Manager

    IT

    • Product Owner
    • Application developers
    • Enterprise architects
    • CRM Application Manager
    • Business Process Manager
    • Data Stewards
    Other
    • Operations
    • Administrative
    • Change management
    • Operations Manager
    • CFO
    • Change Management Manager

    1.1.2 Select your CRM optimization team

    30 minutes

    1. Have the CMO and other key stakeholders discuss and determine who will be involved in the CRM optimization project.
      • Depending on the initiative and the size of the organization the size of the team will vary.
      • Key business leaders in key areas – Sales, Marketing, Customer Service, and IT – should be involved.
    2. Document the members of your optimization team in the Get the Most Out of Your CRM Workbook, tab “1. Optimization Team.”
      • Depending on your initiative and size of your organization, the size of this team will vary.

    Get the Most Out of Your CRM Workbook

    Input

    • Stakeholders

    Output

    • List of CRM Optimization Team members

    Materials

    • Get the Most Out of Your CRM Workbook

    Participants

    • Product Owners
    • CMO
    • Departmental Leads – Sales, Marketing, Customer Service
    • Applications Director
    • Senior Business Analyst
    • Senior Developer
    • Procurement Analyst

    Step 1.2

    Build a CRM Strategy Model

    Activities

    • 1.2.1 Explore environmental factors and technology drivers
    • 1.2.2 Discuss challenges and pain points
    • 1.2.3 Discuss opportunities and benefits
    • 1.2.4 Align CRM strategy with organizational goals

    Map Current-State Capabilities

    This step will walk you through the following activities:

    • Identify CRM drivers and objectives.
    • Explore CRM challenges and pain points.
    • Discover the CRM benefits and opportunities.
    • Align the CRM foundation with the corporate strategy.

    This step involves the following participants:

    • CRM Optimization Team

    Outcomes of this step

    • CRM business model
    • Strategy alignment

    Align the CRM strategy with the corporate strategy

    Corporate Strategy

    Your corporate strategy:

    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and business aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the future state.

    Unified Strategy

    • The CRM optimization can be and should be linked, with metrics, to the corporate strategy and ultimate business objectives.

    CRM Strategy

    Your CRM Strategy:

    • Communicates the organization’s budget and spending on CRM.
    • Identifies IT initiatives that will support the business and key CRM objectives.
    • Outlines staffing and resourcing for CRM initiatives.

    CRM projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with CRM capabilities. Effective alignment between Sales, Marketing, Customer Service, Operations, IT, and the business should happen daily. Alignment doesn’t just need to occur at the executive level but at each level of the organization.

    Sample CRM objectives

    Increase Revenue

    Enable lead scoring

    Deploy sales collateral management tools

    Improve average cost per lead via a marketing automation tool

    Enhance Market Share

    Enhance targeting effectiveness with a CRM

    Increase social media presence via an SMMP

    Architect customer intelligence analysis

    Improve Customer Satisfaction

    Reduce time-to-resolution via better routing

    Increase accessibility to customer service with live chat

    Improve first contact resolution with customer KB

    Increase Customer Retention

    Use a loyalty management application

    Improve channel options for existing customers

    Use customer analytics to drive targeted offers

    Create Customer-Centric Culture

    Ensure strong training and user adoption programs

    Use CRM to provide 360-degree view of all customer interactions

    Incorporate the voice of the customer into product development

    Identifying organizational objectives of high priority will assist in breaking down business needs and CRM objectives. This exercise will better align the CRM systems with the overall corporate strategy and achieve buy-in from key stakeholders.

    CRM business model Template

    This image contains a screenshot of the CRM business model template

    Understand objectives for creating a strong CRM strategy

    Business Needs

    Business Drivers

    Technology Drivers

    Environmental Factors

    Definition A business need is a requirement associated with a particular business process. Business drivers can be thought of as business-level goals. These are tangible benefits the business can measure such as employee retention, operation excellence, and financial performance. Technology drivers are technological changes that have created the need for a new CRM enablement strategy. Many organizations turn to technology systems to help them obtain a competitive edge. External considerations are factors taking place outside of the organization that are impacting the way business is conducted inside the organization. These are often outside the control of the business.

    Examples

    • Audit tracking
    • Authorization levels
    • Business rules
    • Data quality
    • Employee engagement
    • Productivity
    • Operational efficiency
    • Deployment model (i.e. SaaS)
    • Integration
    • Reporting capabilities
    • Fragmented technologies
    • Economic and political factors, the labor market
    • Competitive influencers
    • Compliance regulations

    Info-Tech Insight

    One of the biggest drivers for CRM adoption is the ability to make decisions through consolidated data. This driver is a result of external considerations. Many industries today are highly competitive, uncertain, and rapidly changing. To succeed under these pressures, there needs to be timely information and visibility into all components of the organization.

    1.2.1 Explore environmental factors and technology drivers

    30 minutes

    1. Identify business drivers that are contributing to the organization’s need for CRM.
    2. Understand how the company is running today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization. Use a whiteboard and markers to capture key findings.
    3. Consider environmental factors: external considerations, organizational drivers, technology drivers, and key functional requirements.
    4. Use the Get the Most Out of Your CRM Workbook, tab “2. Business Model,” to complete this exercise.

    Get the Most Out of Your CRM Workbook

    This is a screenshot of the CRM Business Model the following boxes highlighted in purple boxes.  CRM business Needs; Environmental Factors; Technology Drivers

    External Considerations

    Organizational Drivers

    Technology Considerations

    Functional Requirements

    • Funding Constraints
    • Regulations
    • Compliance
    • Scalability
    • Operational Efficiency
    • Data Accuracy
    • Data Quality
    • Better Reporting
    • Information Availability
    • Integration Between Systems
    • Secure Data

    Create a realistic CRM foundation by identifying the challenges and barriers to the project

    There are several different factors that may stifle the success of an CRM portfolio. Organizations creating an CRM foundation must scan their current environment to identify internal barriers and challenges.

    Common Internal Barriers

    Management Support

    Organizational Culture

    Organizational Structure

    IT Readiness

    Definition The degree of understanding and acceptance towards CRM technology and systems. The collective shared values and beliefs. The functional relationships between people and departments in an organization. The degree to which the organization’s people and processes are prepared for new CRM system(s.)

    Questions

    • Is a CRM project recognized as a top priority?
    • Will management commit time to the project?
    • Are employees resistant to change?
    • Is the organization highly individualized?
    • Is the organization centralized?
    • Is the organization highly formalized?
    • Is there strong technical expertise?
    • Is there strong infrastructure?
    Impact
    • Funding
    • Resources
    • Knowledge sharing
    • User acceptance
    • Flow of knowledge
    • Poor implementation
    • Need for reliance on consultants

    1.2.2 Discuss challenges and pain points

    30 minutes

    1. Identify challenges with current systems and processes.
    2. Brainstorm potential barriers to success. Use a whiteboard and markers to capture key findings.
    3. Consider the project barriers: functional gaps, technical gaps, process gaps, and barriers to CRM success.
    4. Use the Get the Most Out of Your CRM Workbook, tab “2. Business Model,” to complete this exercise.

    Get the Most Out of Your CRM Workbook

    This is a screenshot of the CRM Business Model the following boxes highlighted in purple boxes.  Barriers

    Functional Gaps

    Technical Gaps

    Process Gaps

    Barriers to Success

    • No sales tracking within core CRM
    • Inconsistent reporting – data quality concerns
    • Duplication of data
    • Lack of system integration
    • Cultural mindset
    • Resistance to change
    • Lack of training
    • Funding

    1.2.3 Discuss opportunities and benefits

    30 minutes

    1. Identify opportunities and benefits from an integrated system.
    2. Brainstorm potential enablers for successful CRM enablement and the ideal portfolio.
    3. Consider the project enablers: business benefits, IT benefits, organizational benefits, and enablers of CRM success.
    4. Use the Get the Most Out of Your CRM Workbook, tab “2. Business Model,” to complete this exercise.
    This is a screenshot of the CRM Business Model the following boxes highlighted in purple boxes.  Enablers

    Business Benefits

    IT Benefits

    Organizational Benefits

    Enablers of Success

    • Business-IT alignment
    • Compliance
    • Scalability
    • Operational Efficiency
    • Data Accuracy
    • Data Quality
    • Better Reporting
    • Change Management
    • Training
    • Alignment to Strategic Objectives

    1.2.4 Align CRM strategy with organizational goals

    1 hour

    1. Discuss your corporate objectives (organizational goals). Choose three to five corporate objectives that are a priority for the organization in the current year.
    2. Break into groups and assign each group one corporate objective.
    3. For each objective, produce several ways an optimized CRM system will meet the given objective.
    4. Think about the modules and CRM functions that will help you realize these benefits.
    5. Use the Get the Most Out of Your CRM Workbook, tab “2. Business Model,” to complete this exercise.
    Increase Revenue

    CRM Benefits

    • Increase sales by 5%
    • Expand to new markets
    • Offer new product
    • Identify geographies underperforming
    • Build out global customer strategy
    • Allow for customer segmentation
    • Create targeted marketing campaigns

    Input

    • Organizational goals
    • CRM strategy model

    Output

    • Optimization benefits map

    Materials

    • Get the Most Out of Your CRM Workbook

    Participants

    • Product Owners
    • CMO
    • Departmental Leads – Sales, Marketing, Customer Service
    • Applications Director
    • Senior Business Analyst
    • Senior Developer
    • Procurement Analyst

    Download the Get the Most Out of Your CRM Workbook

    Step 1.3

    Inventory Current System State

    Activities

    1.3.1 Inventory applications and interactions

    Map Current-State Capabilities

    This step will walk you through the following activities:

    • Inventory applications
    • Map interactions between systems

    This step involves the following participants:

    • CRM Optimization Team
    • Enterprise Architect
    • Data Architect

    Outcomes of this step

    • Systems inventory
    • Systems diagram

    1.3.1 Inventory applications and interactions

    1-3 hours

    1. Individually list all electronic systems involved in the organization. This includes anything related to customer information and interactions, such as CRM, ERP, e-commerce, finance, email marketing, and social media, etc.
    2. Document data flows into and out of each system to the ERP. Refer to the example on the next slide (CRM data flow).
    3. Review the processes in place (e.g. reporting, marketing, data moving into and out of systems). Document manual processes. Identify integration points. If flowcharts exist for these processes, it may be useful to provide these to the participants.
    4. If possible, diagram the system. Include information direction flow. Use the sample CRM map, if needed.

    This image contains an example of a CRM Data Flow

    CRM data flow

    This image contains an example of a CRM Data Flow

    Be sure to include enterprise applications that are not included in the CRM application portfolio. Popular systems to consider for POIs include billing, directory services, content management, and collaboration tools.

    When assessing the current application portfolio that supports CRM, the tendency will be to focus on the applications under the CRM umbrella, relating mostly to Marketing, Sales, and Customer Service. Be sure to include systems that act as input to, or benefit due to outputs from, the CRM or similar applications.

    Sample CRM map

    This image contains an example of a CRM map

    Step 1.4

    Define Business Capabilities

    Activities

    1.4.1 Define business capabilities

    1.4.2 List your key CRM processes

    Map Current-State Capabilities

    This step will walk you through the following activities:

    • Define your business capabilities
    • List your key CRM processes

    This step involves the following participants:

    • CRM Optimization Team
    • Business Architect

    Outcomes of this step

    • Business capabilities map
    • Key CRM processes list

    Business capability map (Level 0)

    This image contains a screenshot of a business capability map.  an Arrow labeled CRM points to the Revenue Generation section. Revenue Generation: Marketing; Sales; Customer Service.

    In business architecture, the primary view of an organization is known as a business capability map.

    A business capability defines what a business does to enable value creation, rather than how.

    Business capabilities:

    • Represent stable business functions.
    • Are unique and independent of each other.
    • Typically will have a defined business outcome.

    A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

    Capability vs. process vs. feature

    Understanding the difference

    When examining CRM optimization, it is important we approach this from the appropriate layer.

    Capability:

    • The ability of an entity (e.g. organization or department) to achieve its objectives (APQC, 2017).
    • An ability that an organization, person, or system possesses. Typically expressed in general and high-level terms and typically require a combination of organization, people, processes, and technology to achieve (TOGAF).

    Process:

    • Can be manual or technology enabled. A process is a series of interrelated activities that convert inputs into results (outputs). Processes consume resources, require standards for repeatable performance, and respond to control systems that direct the quality, rate, and cost of performance. The same process can be highly effective in one circumstance and poorly effective in another with different systems, tools, knowledge, and people (APQC, 2017).

    Feature:

    • Is a distinguishing characteristic of a software item (e.g. performance, portability, or functionality) (IEEE, 2005).

    In today’s complex organizations, it can be difficult to understand where inefficiencies stem from and how performance can be enhanced.
    To fix problems and maximize efficiencies business capabilities and processes need to be examined to determine gaps and areas of lagging performance.

    Info-Tech’s CRM framework and industry tools such as the APQC’s Process Classification Framework can help make sense of this.

    1.4.1 Define business capabilities

    1-3 hours

    1. Look at the major functions or processes within the scope of CRM.
    2. Compile an inventory of current systems that interact with the chosen processes. In its simplest form, document your application inventory in a spreadsheet (see tab 3 of the CRM Application Inventory Tool). For large organizations, interview representatives of business domains to help create your list of applications.
    3. Make sure to include any processes that are manual versus automated.
    4. Use your current state drawing from activity 1.3.1 to link processes to applications for further effect.

    CRM Application Inventory Tool

    Input

    • Current systems
    • Key processes
    • APQC Framework
    • Organizational process map

    Output

    • List of key business processes

    Materials

    • CRM Application Inventory Tool
    • CRM APQC Framework
    • Whiteboard, PowerPoint, or flip charts
    • Pens/markers

    Participants

    • CRM Optimization Team

    CRM process mapping

    This image contains two screenshots.  one is of the business capability map seen earlier in this blueprint, and the other includes the following operating model: Objectives; Value Streams; Capabilities; Processes

    The operating model

    An operating model is a framework that drives operating decisions. It helps to set the parameters for the scope of CRM and the processes that will be supported. The operating model will serve to group core operational processes. These groupings represent a set of interrelated, consecutive processes aimed at generating a common output.

    The Value Stream

    Value Stream Defined

    Value Streams

    Design Product

    Produce Product

    Sell Product

    Customer Service

    • Manufacturers work proactively to design products and services that will meet consumer demand.
    • Products are driven by consumer demand and governmental regulations.
    • Production processes and labor costs are constantly analyzed for efficiencies and accuracies.
    • Quality of product and services are highly regulated through all levels of the supply chain.
    • Sales networks and sales staff deliver the product from the organization to the end consumer.
    • Marketing plays a key role throughout the value stream connecting consumers wants and needs to the product and services offered.
    • Relationships with consumers continue after the sale of a product and services.
    • Continued customer support and mining is important to revenue streams.

    Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates.

    There are two types of value streams: core value streams and support value streams.

    • Core value streams are mostly externally facing. They deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map.
    • Support value streams are internally facing and provide the foundational support for an organization to operate.

    An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers.

    APQC Framework

    Help define your inventory of sales, marketing, and customer services processes.

    Operating Processes

    1. Develop Vision and Strategy
    2. Develop and Manage Products and Services
    3. Market and Sell Products and Services
    4. Deliver Physical Products
    5. Deliver Services

    Management and Support Processes

    1. Manage Customer Service
    2. Develop and Manage Human Capital
    3. Manage Information Technology (IT)
    4. Manage Financial Resources
    5. Acquire, Construct, and Manage Assets
    6. Manage Enterprise Risk, Compliance, Remediation, and Resiliency
    7. Manage External Relationships
    8. Develop and Manage Business Capabilities

    Source: APQC, 2020

    If you do not have a documented process model, you can use the APQC Framework to help define your inventory of sales business processes.

    APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.

    Go to this link

    Process mapping hierarchy

    This image includes explanations for the following PCF levels:  Level 1 - Category; Level 2 - Process Group; Level 3 - Process; Level 4 - Activity; Level 5 - Task

    APQC provides a process classification framework. It allows organizations to effectively define their processes and manage them appropriately.

    THE APQC PROCESS CLASSIFICATION FRAMEWORK (PCF)® was developed by non-profit APQC, a global resource for benchmarking and best practices, and its member companies as an open standard to facilitate improvement through process management and benchmarking, regardless of industry, size, or geography. The PCF organizes operating and management processes into 12 enterprise level categories, including process groups and over 1,000 processes and associated activities. To download the full PCF or industry-specific versions of the PCF as well as associated measures and benchmarking, visit www.apqc.org/pcf.

    Cross-industry classification framework

    Level 1 Level Level 3 Level 4

    Market and sell products and services

    Understand markets, customers, and capabilities Perform customer and market intelligence analysis Conduct customer and market research

    Market and sell products and services

    Develop sales strategy Develop sales forecast Gather current and historic order information

    Deliver services

    Manage service delivery resources Manage service delivery resource demand Develop baseline forecasts
    ? ? ? ?

    Info-Tech Insight

    Focus your initial assessment on the level 1 processes that matter to your organization. This allows you to target your scant resources on the areas of optimization that matter most to the organization and minimize the effort required from your business partners.

    You may need to iterate the assessment as challenges are identified. This allows you to be adaptive and deal with emerging issues more readily and become a more responsive partner to the business.

    1.4.2 List your key CRM processes

    1-3 hours

    1. Reflect on your organization’s CRM capabilities and processes.
    2. Refer to tab 4, “Process Importance,” in your Get the Most Out of Your CRM Workbook. You can use your own processes if you prefer. Consult tab 10. “Framework (Reference)” in the Workbook to explore additional capabilities.
    3. Use your CRM goals as a guide.

    Get the Most Out of Your CRM Workbook

    This is a screenshot from the APQC Cross-Industry Process Classification Framework, adapted to list key CRM processes

    *Adapted from the APQC Cross-Industry Process Classification Framework, 2019.

    Step 1.5

    Understand CRM Costs

    Activities

    1.5.1 List CRM-related costs (optional)

    Map Current-State Capabilities

    This step will walk you through the following activities:

    • Define your business capabilities
    • List your key CRM processes

    This step involves the following participants:

    • Finance Representatives
    • CRM Optimization Team

    Outcomes of this step

    • Current CRM and related operating costs

    1.5.1 List CRM-related costs (optional)

    3+ hours

    Before you can make changes and optimization decisions, you need to understand the high-level costs associated with your current application architecture. This activity will help you identify the types of technology and people costs associated with your current systems.

    1. Identify the types of technology costs associated with each current system:
      1. System Maintenance
      2. Annual Renewal
      3. Licensing
    2. Identify the cost of people associated with each current system:
      1. Full-Time Employees
      2. Application Support Staff
      3. Help Desk Tickets
    3. Use the Get the Most Out of Your CRM Workbook, tab “9. Costs (Optional),” to complete this exercise.

    This is a screenshot of an example of a table which lays out CRM and Associated Costs.

    Get the Most Out of Your CRM Workbook

    Phase 2

    Assess Your Current State

    • 2.1 Conduct a Gap Analysis for CRM Processes
    • 2.2 Assess User Satisfaction
    • 2.3 Review Your Satisfaction With the Vendor and Product

    Get the Most Out of Your CRM

    This phase will guide you through the following activities:

    • Determine process relevance
    • Perform a gap analysis
    • Perform a user satisfaction survey
    • Assess software and vendor satisfaction

    This phase involves the following participants:

    • CRM optimization team
    • Users across functional areas of your CRM and related technologies

    Step 2.1

    Conduct a Gap Analysis for CRM Processes

    Activities

    • 2.1.1 Determine process relevance
    • 2.1.2 Perform process gap analysis

    Assess Your Current State

    This step will walk you through the following activities:

    • Determine process relevance
    • Perform a gap analysis

    This step involves the following participants:

    • CRM optimization team

    Outcomes of this step

    • Gap analysis for CRM-related processes (current vs. desired state)

    2.1.1 Determine process relevance

    1-3 hours

    1. Open tab “4. Process Importance,” in the Get the Most Out of Your CRM Workbook.
    2. Rate each process for level of importance to your organization on the following scale:
      • Crucial
      • Important
      • Secondary
      • Unimportant
      • Not applicable

    This image contains a screenshot of tab 4 of the Get the most out of your CRM Workbook.

    Get the Most Out of Your CRM Workbook

    2.1.2 Perform process gap analysis

    1-3 hours

    1. Open tab “5. Process Assessment,” in the Get the Most Out of Your CRM Workbook.
    2. For each line item, identify your current state and your desired state on the following scale:
      • Not important
      • Poor
      • Moderate
      • Good
      • Excellent

    This is a screenshot of Tab 5 of the Get the Most Out of your CRM Workshop

    Get the Most Out of Your CRM Workbook

    Step 2.2

    Assess User Satisfaction

    Activities

    • 2.2.1 Prepare and complete a user satisfaction survey
    • 2.2.2 Enter user satisfaction

    Assess Your Current State

    This step will walk you through the following activities:

    • Preparation and completion of an application portfolio assessment (APA)
    • Entry of the user satisfaction scores into the workbook

    This step involves the following participants:

    • CRM optimization team
    • Users across functional areas of CRM and related technologies

    Outcomes of this step

    • Understanding of user satisfaction across applications and processes
    • Insight into CRM data quality

    Benefits of the Application Portfolio Assessment

    This is a screenshot of the application  Overview tab

    Assess the health of the application portfolio

    • Get a full 360-degree view of the effectiveness, criticality, and prevalence of all relevant applications to get a comprehensive view of the health of the applications portfolio.
    • Identify opportunities to drive more value from effective applications, retire nonessential applications, and immediately address at-risk applications that are not meeting expectations.

    This is a screenshot of the Finance Overview tab

    Provide targeted department feedback

    • Share end-user satisfaction and importance ratings for core IT services, IT communications, and business enablement to focus on the right end-user groups or lines of business, and ramp up satisfaction and productivity.

    This is a screenshot of the application  Overview tab

    Insight into the state of data quality

    • Data quality is one of the key issues causing poor CRM user satisfaction and business results. This can include the relevance, accuracy, timeliness, or usability of the organization’s data.
    • Targeted, open-ended feedback around data quality will provide insight into where optimization efforts should be focused.

    2.2.1 Prepare and complete a user satisfaction survey

    1 hour

    Option 1: Use Info-Tech’s Application Portfolio Assessment to generate your user satisfaction score. This tool not only measures application satisfaction but also elicits great feedback from users regarding support they receive from the IT team.

    1. Download the CRM Application Inventory Tool.
    2. Complete the “Demographics” tab (tab 2).
    3. Complete the “Inventory” tab (tab 3).
      1. Complete the inventory by treating each process within the organization as a separate row. Use the processes identified in the process gap analysis as a reference.
      2. Treat every department as a separate column in the department section. Feel free to add, remove, or modify department names to match your organization.
      3. Include data quality for all applications applicable.

    Option 2: Use the method of choice to elicit current user satisfaction for each of the processes identified as important to the organization.

    1. List processes identified as important (from the Get the Most Out of Your CRM Workbook, tab 4, “Process Importance”).
    2. Gather user contact information by department.
    3. Ask users to rate satisfaction: Extremely Satisfied, Satisfied, Neutral, Dissatisfied, and Extremely Dissatisfied (on Get the Most Out of Your CRM Workbook, tab 5. “Process Assessment”).

    This image contains a screenshot of the CRM Application Inventory Tool Tab

    Understand user satisfaction across capabilities and departments within your organization.

    Download the CRM Application Inventory Tool

    2.2.2 Enter user satisfaction

    20 minutes

    Using the results from the Application Portfolio Assessment or your own user survey:

    1. Open your Get the Most Out of Your CRM Workbook, tab “5. Process Assessment.”
    2. For each process, record up to three different department responses.
    3. Enter the answers to the survey for each line item using the drop-down options:
      • Extremely Satisfied
      • Satisfied
      • Neutral
      • Dissatisfied
      • Extremely Dissatisfied

    This is a screenshot of Tab 5 of the Get the most out of your CRM Workbook

    Understand user satisfaction across capabilities and departments within your organization.

    Get the Most Out of Your CRM Workbook

    Step 2.3

    Review Your Satisfaction With the Vendor and Product

    Activities

    2.3.1 Rate your vendor and product satisfaction

    2.3.2 Enter SoftwareReviews scores from your CRM Product Scorecard (optional)

    Assess Your Current State

    This step will walk you through the following activities:

    • Rate your vendor and product satisfaction
    • Compare with survey data from SoftwareReviews

    This step involves the following participants:

    • CRM Owner(s)
    • Procurement Representative
    • Vendor Contracts Manager

    Outcomes of this step

    • Quantified satisfaction with vendor and product

    Use a SoftwareReviews Product Scorecard to evaluate your satisfaction compared to other organizations.

    This is a screenshot of the SoftwareReviews Product Scorecard

    Source: SoftwareReviews, March 2019

    Where effective IT leaders spend their time

    This image contains two lists.  One list is where CIOs with  data-verified=80% satisfaction score, and the other list is CIOs with <80% satisfaction score.">

    Info-Tech Insight

    The data shows that effective IT leaders invest a significant amount of time (8%) on vendor management initiatives.

    Be proactive in managing you calendar and block time for these important tasks.

    CIOs who prioritize vendor management see improved results

    Analysis of CIOs’ calendars revealed that how CIOs spend their time has a correlation to both stakeholder IT satisfaction and CEO-CIO alignment.

    Those CIOs that prioritized vendor management were more likely to have a business satisfaction score greater than 80%.

    This image demonstrates that CIOs who spend time with the team members of their direct reports delegate management responsibilities to direct reports and spend less time micromanaging, and CIOs who spend time on vendor management align rapidly changing business needs with updated vendor offerings.

    2.3.1 Rate your vendor and product satisfaction

    30 minutes

    Use Info-Tech’s vendor satisfaction survey to identify optimization areas with your CRM product(s) and vendor(s).

    Option 1 (recommended): Conduct a satisfaction survey using SoftwareReviews. This option allows you to see your results in the context of the vendor landscape.

    Download the Get the Most Out of Your CRM Workbook

    Option 2: Use your Get the Most Out of Your CRM Workbook, tab “6. Vendor Optimization,” to review your satisfaction with your software.

    SoftwareReviews’ Customer Relationship Management

    This is a screenshot of tab 6 of the Get the most out of your CRM Workbook.

    2.3.2 Enter SoftwareReviews scores (optional)

    30 minutes

    1. Download the scorecard for your CRM product from the SoftwareReviews website. (Note: Not all products are represented or have sufficient data, so a scorecard may not be available.)
    2. Use your Get the Most Out of Your CRM Workbook, tab “6. Vendor Optimization,” to record the scorecard results.
    3. Use your Get the Most Out of Your CRM Workbook, tab “6. Vendor Optimization,” to flag areas where your score may be lower than the product scorecard. Brainstorm ideas for optimization.

    Download the Get the Most Out of Your CRM Workbook

    SoftwareReviews’ Customer Relationship Management

    This is a screenshot of the optional vendor optimization scorecard

    Phase 3

    Build Your Optimization Roadmap

    • 3.1 Identify Key Optimization Areas
    • 3.2 Compile Optimization Assessment Results

    Get the Most Out of Your CRM

    This phase will walk you through the following activities:

    • Identify key optimization areas
    • Create an optimization roadmap

    This phase involves the following participants:

    • CRM Optimization Team

    Build your optimization roadmap

    Address process gaps

    • CRM and related technologies are invaluable to sales, marketing, and customer service enablement, but they must have supported processes driven by business goals.
    • Identify areas where capabilities need to be improved and work towards.

    Support user satisfaction

    • The best technology in the world won’t deliver business results if it is not working for the users who need it.
    • Understand concerns, communicate improvements, and support users in all roles.

    Improve data quality

    • Data quality is unique to each business unit and requires tolerance, not perfection.
    • Implement a set of data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.

    Proactively manage vendors

    • Vendor management is a critical component of technology enablement and IT satisfaction.
    • Assess your current satisfaction against those of your peers and work towards building a process that is best fit for your organization.

    Info-Tech Insight

    Enabling a high-performing, customer-centric sales, marketing, and customer service operations program requires excellent management practices and continuous optimization efforts.

    Technology portfolio and architecture is important, but we must go deeper. Taking a holistic view of CRM technologies in the environments in which they operate allows for the inclusion of people and process improvements – this is key to maximizing business results.

    Using a formal CRM optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    Step 3.1

    Identify Key Optimization Areas

    Activities

    • 3.1.1 Explore process gaps
    • 3.1.2 Analyze user satisfaction
    • 3.1.3 Assess data quality
    • 3.1.4 Analyze product satisfaction and vendor management

    Build Your Optimization Roadmap

    This step will guide you through the following activities:

    • Explore existing process gaps
    • Identify the impact of processes on user satisfaction
    • Identify the impact of data quality on user satisfaction
    • Review your overall product satisfaction and vendor management

    This step involves the following participants:

    • CRM Optimization Team

    Outcomes of this step

    • Application optimization plan

    3.1.1 Explore process gaps

    1 hour

    1. Review the compiled CRM Process Assessment in the Get the Most Out of Your CRM Workbook, tab “7. Process Prioritization.”
    2. These are processes you should prioritize.
    • The activities in the rest of Step 3.1 help you create optimization strategies for the different areas of improvement these processes relate to: user satisfaction, data quality, product satisfaction, and vendor management.
  • Consolidate your optimization strategies in the Get the Most Out of Your CRM Workbook, tab “8. Optimization Roadmap.” (See next slide for screenshot.)
  • This image consists of the CRM Process Importance Rankings

    Get the Most Out of Your CRM Workbook

    Plan your product optimization strategy for each area of improvement

    This is a screenshot from the Get the most out of your CRM Workbook, with the Areas of Improvement column  highlighted in a red box.

    3.1.2 Analyze user satisfaction

    1 hour

    1. Use the APA survey results from activity 2.2.1 (or your own internal survey) to identify areas where the organization is performing low in user satisfaction across the CRM portfolio.
      1. Understand application portfolio and IT service satisfaction.
      2. Identify cost savings opportunities from unused or unimportant apps.
      3. Build a roadmap for improving user IT services.
      4. Manage needs by department and seniority.
    2. Consolidate your optimization strategies in the Get the Most Out of Your CRM Workbook, tab “8. Optimization Roadmap.” (See next slide for screenshot.)

    this is an image of the Business & IT Communications Overview Tab from the Get the Most Out of Your CRM Workbook

    Get the Most Out of Your CRM Workbook

    Plan your user satisfaction optimization strategy

    This is a screenshot from the Get the most out of your CRM Workbook, with the Optimization Strategies column  highlighted in a red box.

    Next steps in improving your data quality

    Data Quality Management Effective Data Governance Data-Centric Integration Strategy Extensible Data Warehousing
    • Prevention is ten times cheaper than remediation. Stop fixing data quality with band-aid solutions and start fixing it by healing it at the source of the problem.
    • Data governance enables data-driven insight. Think of governance as a structure for making better use of data.
    • Every enterprise application involves data integration. Any change in the application and database ecosystem requires you to solve a data integration problem.
    • A data warehouse is a project; but successful data warehousing is a program. An effective data warehouse requires planning beyond the technology implementation.
    • Data quality is unique to each business unit and requires tolerance, not perfection. If the data allows the business to operate at the desired level, don’t waste time fixing data that may not need to be fixed.
    • Collaboration is critical. The business may own the data, but IT understands the data. Data governance will not work unless the business and IT work together.
    • Data integration is becoming more and more critical for downstream functions of data management and for business operations to be successful. Poor integration holds back these critical functions.
    • Governance, not technology, needs to be the core support system for enabling a data warehouse program.
    • Implement a set of data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.
    • Data governance powers the organization up the data value chain through policies and procedures, master data management, data quality, and data architecture.
    • Build your data integration practice with a firm foundation in governance and reference architecture. Ensure your process is scalable and sustainable.
    • Leverage an approach that focuses on constructing a data warehouse foundation that can address a combination of operational, tactical, and ad hoc business needs.
    • Develop a prioritized data quality improvement project roadmap and long-term improvement strategy.
    • Create a roadmap to prioritize initiatives and delineate responsibilities among data stewards, data owners, and members of the data governance steering committee.
    • Support the flow of data through the organization and meet the organization’s requirements for data latency, availability, and relevancy.
    • Invest time and effort to put together pre-project governance to inform and provide guidance to your data warehouse implementation.
    • Build related practices with more confidence and less risk after achieving an appropriate level of data quality.
    • Ensure buy-in from the business and IT stakeholders. Communicate initiatives to end users and executives to reduce resistance.
    • Data availability must be frequently reviewed and repositioned to continue to grow with the business.
    • Select the most suitable architecture pattern to ensure the data warehouse is “built right” at the very beginning.

    Build Your Data Quality Program

    Establish Data Governance

    Build a Data Integration Strategy

    Build an Extensible Data Warehouse Foundation

    3.1.3 Assess data quality

    1 hour

    1. Use your APA survey results (if available) to identify areas where the organization is performing low in data quality initiatives. Common areas for improvement include:
      • Overall data quality management
      • Effective data governance
      • Poor data integration
      • The need to implement extensible data warehousing
    2. Consolidate your optimization strategies in the Get the Most Out of Your CRM Workbook, tab “8. Optimization Roadmap.” (See next slide for screenshot.)

    This is an image of the Business & IT Communications Overview tab from the Get the most out of your CRM Workbook

    Get the Most Out of Your CRM Workbook

    Plan your data quality optimization strategy

    This is a screenshot from the Get the most out of your CRM Workbook, with the Optimization Strategies column  highlighted in a red box.

    Use Info-Tech’s vendor management initiative (VMI)

    Create a right-size, right-fit strategy for managing the vendors relevant to your organization.

    A crowd chart is depicted, with quadrants for strategic value, and Vendor spend/switching cost.

    Info-Tech Insight

    A VMI is a formalized process within an organization, responsible for evaluating, selecting, managing, and optimizing third-party providers of goods and services.

    The amount of resources you assign to managing vendors depends on the number and value of your organization’s relationships. Before optimizing your vendor management program around the best practices presented in this blueprint, assess your current maturity and build the process around a model that reflects the needs of your organization.

    Info-Tech uses VMI interchangeably with the terms “vendor management office (VMO),” “vendor management function,” “vendor management process,” and “vendor management program.”

    Jump Start Your Vendor Management Initiative

    3.1.4 Analyze product satisfaction and vendor management

    1 hour

    1. Use the Get the Most Out of Your CRM Workbook, tab “6. Vendor Optimization.”
    2. Download the SoftwareReviews Vendor Scorecard.
    3. Using the scorecards, compare your results with those of your peers.
    4. Consolidate areas of improvement and optimization strategies in the Get the Most Out of Your CRM Workbook, tab “8. Optimization Roadmap.” (See next slide for screenshot.)

    See previous slide for help around implementing a vendor management initiative.

    This is a screenshot from the Get the most out of your CRM Workbook, with the Areas for Optimization column  highlighted in a red box.

    Get the Most Out of Your CRM Workbook

    Plan your vendor management optimization strategy

    This is a screenshot from the Get the most out of your CRM Workbook, with the Optimization Strategies column  highlighted in a red box.

    Step 3.2

    Compile Optimization Assessment Results

    Activities

    • 3.2.1 Identify key optimization areas

    Build Your Optimization Roadmap

    This step will guide you through the following activities:

    • Use your work from previous activities and prioritization to build your list of optimization activities and lay them out on a roadmap

    This step involves the following participants:

    • CRM Optimization Team

    Outcomes of this step

    • Application optimization plan

    3.2.1 Identify key optimization areas

    1-3 hours

    Before you can make changes and optimization decisions, you need to understand the high-level costs associated with your current application architecture. This activity will help you identify the types of technology and people costs associated with your current systems.

    1. Consolidate your findings and identify optimization priorities (Step 3.1).
    2. Prioritize those most critical to the organization, easiest to change, and whose impact will be highest.
    3. Use the information gathered from exercise 1.5.1 on Get the Most Out of Your CRM Workbook, tab “9. Costs (Optional).”
    4. These costs could affect the priority or timeline of the initiatives. Consolidate your thoughts on your Get the Most Out of Your CRM Workbook, tab 8, “Optimization Roadmap.” Note: There is no column specific to costs on tab 8.

    This is meant as a high-level roadmap. For formal, ongoing optimization project management, refer to “Build a Better Backlog” (Phase 2 of the Info-Tech blueprint Deliver on Your Digital Product Vision).

    This is a screenshot from the Get the most out of your CRM Workbook, with the Priority; Owner; and Timeline columns highlighted in a red box.

    Next steps: Manage your technical debt

    Use a holistic assessment of the “interest” paid on technical debt to quantify and prioritize risk and enable the business make better decisions.

    • Technical debt is an IT risk, which in turn is a category of business risk.
    • The business must decide how to manage business risk.
    • At the same time, business decision makers may not be aware of technical debt or be able to translate technical challenges into business risk. IT must help the business make decisions around IT risk by describing the risk of technical debt in business terms and by outlining the options available to address risk.
    • Measure the ongoing business impact (the “interest” paid on technical debt) to establish the business risk of technical debt. Consider a range of possible impacts including direct costs, lost goodwill, lost flexibility and resilience, and health, safety, and compliance impacts.
    • When weighing these impacts, the business may choose to accept the risk of technical debt if the cost of addressing the debt outweighs the benefit. But it’s critically important that the business accepts that risk – not IT.

    Manage Your Technical Debt

    Take it a step further…

    Deliver on Your Digital Product Vision

    Phase 2: Build a Better Product Backlog

    Build a structure for your backlog that supports your product vision.

    Deliver on Your Digital Product Vision

    Build a better backlog

    An ongoing CRM optimization effort is best facilitated through a continuous Agile process. Use info-Tech’s developed tools to build out your backlog.

    The key to a better backlog is a common structure and guiding principles that product owners and product teams can align to.

    Info-Tech Insight

    Exceptional customer value begins with a clearly defined backlog focused on items that will create the greatest human and business benefits.

    Activity Participants

    Backlog Activity

    Quality Filter

    Product Manager

    Product Owner

    Dev Team

    Scrum Master

    Business

    Architects

    Sprint

    Sprint Planning

    “Accepted”

    Ready

    Refine

    “Ready”

    Qualified

    Analysis

    “Qualified”

    Ideas

    Intake

    “Backlogged”

    A product owner and the product backlog are critical to realize the benefits of Agile development

    A product owner is accountable for defining and prioritizing the work that will be of the greatest value to the organization and its customers. The backlog is the key to facilitating this process and accomplishing the most fundamental goals of delivery.

    For more information on the role of a product owner, see Build a Better Product Owner.

    Highly effective Agile teams spend 28% of their time on product backlog management and roadmapping (Quantitative Software Management, 2015).

    1. Manage Stakeholders

    • Stakeholders need to be kept up to speed on what the future holds for a product, or at least they should be heard. This task falls to the product owner.

    2. Inform and Protect the Team

    • The product owner is a servant leader of the team. They need to protect the team from all the noise and give them the time they need to focus on what they do best: develop.

    3. Maximize Value to the Product

    • Sifting through all of these voices and determining what is valuable, or what is most valuable, falls to the product owner.

    A backlog stores and organizes PBIs at various stages of readiness.

    Your backlog must give you a holistic understanding of demand for change in the product

    A well-formed backlog can be thought of as a DEEP backlog:

    Detailed Appropriately: PBIs are broken down and refined as necessary.

    Emergent: The backlog grows and evolves over time as PBIs are added and removed.

    Estimated: The effort a PBI requires is estimated at each tier.

    Prioritized: The PBI’s value and priority are determined at each tier.

    Ideas; Qualified; Ready

    3 - IDEAS

    Composed of raw, vague, and potentially large ideas that have yet to go through any formal valuation.

    2 - QUALIFIED

    Researched and qualified PBIs awaiting refinement.

    1 - READY

    Discrete, refined PBIs that are ready to be placed in your development teams’ sprint plans.

    Summary of Accomplishment

    Get the Most Out of Your CRM

    CRM technology is critical to facilitate an organization’s relationships with customers, service users, employees, and suppliers. CRM implementation should not be a one-and-done exercise. There needs to be an ongoing optimization to enable business processes and optimal organizational results.

    Get the Most Out of Your CRM allows organizations to proactively implement continuous assessment and optimization of a customer relationship management system. This includes:

    • Alignment and prioritization of key business and technology drivers
    • Identification of CRM processes including classification and gap analysis
    • Measurement of user satisfaction across key departments
    • Improved vendor relations
    • Data quality initiatives

    This formal CRM optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process-improvement.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    Contact your account representative for more information

    workshops@infotech.com
    1-866-670-8889

    Research Contributors

    Ben Dickie

    Ben Dickie
    Research Practice Lead
    Info-Tech Research Group

    Ben Dickie is a Research Practice Lead at Info-Tech Research Group. His areas of expertise include customer experience management, CRM platforms, and digital marketing. He has also led projects pertaining to enterprise collaboration and unified communications.

    Scott Bickley

    Scott Bickley
    Practice Lead & Principal Research Director
    Info-Tech Research Group

    Scott Bickley is a Practice Lead & Principal Research Director at Info-Tech Research Group focused on vendor management and contract review. He also has experience in the areas of IT asset management (ITAM), software asset management (SAM), and technology procurement, along with a deep background in operations, engineering, and quality systems management.

    Andy Neil

    Andy Neil
    Practice Lead, Applications
    Info-Tech Research Group

    Andy is Senior Research Director, Data Management and BI, at Info-Tech Research Group. He has over 15 years of experience in managing technical teams, information architecture, data modeling, and enterprise data strategy. He is an expert in enterprise data architecture, data integration, data standards, data strategy, big data, and the development of industry-standard data models.

    Bibliography

    Armel, Kate. “Data-driven Estimation, Management Lead to High Quality.” Quantitative Software Management Inc. 2015. Web.

    Chappuis, Bertil, and Brian Selby. “Looking beyond Technology to Drive Sales Operations.” McKinsey & Company, 24 June 2016. Web.

    Cross-Industry Process Classification Framework (PCF) Version 7.2.1. APQC, 26 Sept. 2019. Web.

    Fleming, John, and Hater, James. “The Next Discipline: Applying Behavioral Economics to Drive Growth and Profitability.” Gallup, 22 Sept. 2012. Accessed 6 Oct. 2020.

    Hinchcliffe, Dion. “The evolving role of the CIO and CMO in customer experience.” ZDNet, 22 Jan. 2020. Web.

    Karlsson, Johan. “Backlog Grooming: Must-Know Tips for High-Value Products.” Perforce. 18 May 2018. Web. Feb. 2019.

    Klie, L. “CRM Still Faces Challenges, Most Speakers Agree: CRM systems have been around for decades, but interoperability and data siloes still have to be overcome.” CRM Magazine, vol. 23, no. 5, 2019, pp. 13-14.

    Kumar, Sanjib, et al. “Improvement of CRM Using Data Mining: A Case Study at Corporate Telecom Sector.” International Journal of Computer Applications, vol. 178, no. 53, 2019, pp. 12-20, doi:10.5120/ijca2019919413.

    Morgan, Blake. “50 Stats That Prove The Value Of Customer Experience.” Forbes, 24 Sept. 2019. Web.

    Norelus, Ernese, et al. “An Approach to Application Modernization: Discovery and Assessment Phase.” IBM Garage, Medium, 24 Feb 2020. Accessed 4 Mar. 2020.

    “Process Frameworks.” APQC, 4 Nov. 2020. Web.

    “Process vs. Capability: Understanding the Difference.” APCQ, 2017. Web.

    Rubin, Kenneth S. "Essential Scrum: A Practical Guide to the Most Popular Agile Process." Pearson Education, 2012.

    Savolainen, Juha, et al. “Transitioning from Product Line Requirements to Product Line Architecture.” 29th Annual International Computer Software and Applications Conference (COMPSAC'05), IEEE, vol. 1, 2005, pp. 186-195, doi: 10.1109/COMPSAC.2005.160

    Smith, Anthony. “How To Create A Customer-Obsessed Company Like Netflix.” Forbes, 12 Dec. 2017. Web.

    “SOA Reference Architecture – Capabilities and the SOA RA.” The Open Group, TOGAF. Web.

    Taber, David. “What to Do When Your CRM Project Fails.” CIO Magazine, 18 Sept. 2017. Web.

    “Taudata Case Study.” Maximizer CRM Software, 17 Jan. 2020. Web.

    Create a Service Management Roadmap

    • Buy Link or Shortcode: {j2store}394|cart{/j2store}
    • member rating overall impact (scale of 10): 8.9/10 Overall Impact
    • member rating average dollars saved: $71,003 Average $ Saved
    • member rating average days saved: 24 Average Days Saved
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • Inconsistent adoption of holistic practices has led to a chaotic service delivery model that results in poor customer satisfaction.
    • There is little structure, formalization, or standardization in the way IT services are designed and managed, leading to diminishing service quality and low business satisfaction.

    Our Advice

    Critical Insight

    • Having effective service management practices in place will allow you to pursue activities, such as innovation, and drive the business forward.
    • Addressing foundational elements like business alignment and management practices will enable you to build effective core practices that deliver business value.
    • Providing consistent leadership support and engagement is essential to allow practitioners to focus on delivering expected outcomes.

    Impact and Result

    • Understand the foundational and core elements that allow you to build a successful service management practice focused on outcomes.
    • Use Info-Tech’s advice and tools to perform an assessment of your organization’s current state, identify the gaps, and create a roadmap for success.
    • Increase business and customer satisfaction by delivering services focused on creating business value.

    Create a Service Management Roadmap Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why many service management maturity projects fail to address foundational and core elements, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch the project

    Kick-off the project and complete the project charter.

    • Create a Service Management Roadmap – Phase 1: Launch Project
    • Service Management Roadmap Project Charter

    2. Assess the current state

    Determine the current state for service management practices.

    • Create a Service Management Roadmap – Phase 2: Assess the Current State
    • Service Management Maturity Assessment Tool
    • Organizational Change Management Capability Assessment Tool
    • Service Management Roadmap Presentation Template

    3. Build the roadmap

    Build your roadmap with identified initiatives.

    • Create a Service Management Roadmap – Phase 3: Identify the Target State

    4. Build the communication slide

    Create the communication slide that demonstrates how things will change, both short and long term.

    • Create a Service Management Roadmap – Phase 4: Build the Roadmap
    [infographic]

    Workshop: Create a Service Management Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Service Management

    The Purpose

    Understand service management.

    Key Benefits Achieved

    Gain a common understanding of service management, the forces that impact your roadmap, and the Info-Tech Service Management Maturity Model.

    Activities

    1.1 Understand service management.

    1.2 Build a compelling vision and mission.

    Outputs

    Constraints and enablers chart

    Service management vision, mission, and values

    2 Assess the Current State of Service Management

    The Purpose

    Assess the organization’s current service management capabilities.

    Key Benefits Achieved

    Understand attitudes, behaviors, and culture.

    Understand governance and process ownership needs.

    Understand strengths, weaknesses, opportunities, and threats.

    Defined desired state.

    Activities

    2.1 Assess cultural ABCs.

    2.2 Assess governance needs.

    2.3 Perform SWOT analysis.

    2.4 Define desired state.

    Outputs

    Cultural improvements action items

    Governance action items

    SWOT analysis action items

    Defined desired state

    3 Continue Current-State Assessment

    The Purpose

    Assess the organization’s current service management capabilities.

    Key Benefits Achieved

    Understand the current maturity of service management processes.

    Understand organizational change management capabilities.

    Activities

    3.1 Perform service management process maturity assessment.

    3.2 Complete OCM capability assessment.

    3.3 Identify roadmap themes.

    Outputs

    Service management process maturity activities

    OCM action items

    Roadmap themes

    4 Build Roadmap and Communication Tool

    The Purpose

    Use outputs from previous steps to build your roadmap and communication one-pagers.

    Key Benefits Achieved

    Easy-to-understand roadmap one-pager

    Communication one-pager

    Activities

    4.1 Build roadmap one-pager.

    4.2 Build communication one-pager.

    Outputs

    Service management roadmap

    Service management roadmap – Brought to Life communication slide

    Further reading

    Create a Service Management Roadmap

    Implement service management in an order that makes sense.

    ANALYST PERSPECTIVE

    "More than 80% of the larger enterprises we’ve worked with start out wanting to develop advanced service management practices without having the cultural and organizational basics or foundational practices fully in place. Although you wouldn’t think this would be the case in large enterprises, again and again IT leaders are underestimating the importance of cultural and foundational aspects such as governance, management practices, and understanding business value. You must have these fundamentals right before moving on."

    Tony Denford,

    Research Director – CIO

    Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • CIO
    • Senior IT Management

    This Research Will Help You:

    • Create or maintain service management (SM) practices to ensure user-facing services are delivered seamlessly to business users with minimum interruption.
    • Increase the level of reliability and availability of the services provided to the business and improve the relationship and communication between IT and the business.

    This Research Will Also Assist

    • Service Management Process Owners

    This Research Will Help Them:

    • Formalize, standardize, and improve the maturity of service management practices.
    • Identify new service management initiatives to move IT to the next level of service management maturity.

    Executive summary

    Situation

    • Inconsistent adoption of holistic practices has led to a chaotic service delivery model that results in poor customer satisfaction.
    • There is little structure, formalization, or standardization in the way IT services are designed and managed, leading to diminishing service quality and low business satisfaction.

    Complication

    • IT organizations want to be seen as strategic partners, but they fail to address the cultural and organizational constraints.
    • Without alignment with the business goals, services often fail to provide the expected value.
    • Traditional service management approaches are not adaptable for new ways of working.

    Resolution

    • Follow Info-Tech’s methodology to create a service management roadmap that will help guide the optimization of your IT services and improve IT’s value to the business.
    • The blueprint will help you right-size your roadmap to best suit your specific needs and goals and will provide structure, ownership, and direction for service management.
    • This blueprint allows you to accurately identify the current state of service management at your organization. Customize the roadmap and create a plan to achieve your target service management state.

    Info-Tech Insight

    Having effective service management practices in place will allow you to pursue activities such as innovation and drive the business forward. Addressing foundational elements like business alignment and management practices will enable you to build effective core practices that deliver business value. Consistent leadership support and engagement is essential to allow practitioners to focus on delivering expected outcomes.

    Poor service management manifests in many different pains across the organization

    Immaturity in service management will not result in one pain – rather, it will create a chaotic environment for the entire organization, crippling IT’s ability to deliver and perform.

    Low Service Management Maturity

    These are some of the pains that can be attributed to poor service management practices.

    • Frequent service-impacting incidents
    • Low satisfaction with the service desk
    • High % of failed deployments
    • Frequent change-related incidents
    • Frequent recurring incidents
    • Inability to find root cause
    • No communication with the business
    • Frequent capacity-related incidents

    And there are many more…

    Mature service management practices are a necessity, not a nice-to-have

    Immature service management practices are one of the biggest hurdles preventing IT from reaching its true potential.

    In 2004, PwC published a report titled “IT Moves from Cost Center to Business Contributor.” However, the 2014-2015 CSC Global CIO Survey showed that a high percentage of IT is still considered a cost center.

    And low maturity of service management practices is inhibiting activities such as agility, DevOps, digitalization, and innovation.

    A pie chart is shown that is titled: Where does IT sit? The chart has 3 sections. One section represents IT and the business have a collaborative partnership 28%. The next section represents at 33% where IT has a formal client/service provider relationship with the business. The last section has 39% where IT is considered as a cost center.
    Source: CSC Global CIO Survey: 2014-2015 “CIOs Emerge as Disruptive Innovators”

    39%: Resources are primarily focused on managing existing IT workloads and keeping the lights on.

    31%: Too much time and too many resources are used to handle urgent incidents and problems.

    There are many misconceptions about what service management is

    Misconception #1: “Service management is a process”

    Effective service management is a journey that encompasses a series of initiatives that improves the value of services delivered.

    Misconception #2: “Service Management = Service Desk”

    Service desk is the foundation, since it is the main end-user touch point, but service management is a set of people and processes required to deliver business-facing services.

    Misconception #3: “Service management is about the ITSM tool”

    The tool is part of the overall service management program, but the people and processes must be in place before implementing.

    Misconception #4: “Service management development is one big initiative”

    Service management development is a series of initiatives that takes into account an organization’s current state, maturity, capacities, and objectives.

    Misconception #5: “Service management processes can be deployed in any order, assuming good planning and design”

    A successful service management program takes into account the dependencies of processes.

    Misconception #6: “Service management is resolving incidents and deploying changes”

    Service management is about delivering high-value and high-quality services.

    Misconception #7: “Service management is not the key determinant of success”

    As an organization progresses on the service management journey, its ability to deliver high-value and high-quality services increases.

    Misconception #8: “Resolving Incidents = Success”

    Preventing incidents is the name of the game.

    Misconception #9: “Service Management = Good Firefighter”

    Service management is about understanding what’s going on with user-facing services and proactively improving service quality.

    Misconception #10: “Service management is about IT and technical services (e.g. servers, network, database)”

    Service management is about business/user-facing services and the value the services provide to the business.

    Service management projects often don’t succeed because they are focused on process rather than outcomes

    Service management projects tend to focus on implementing process without ensuring foundational elements of culture and management practices are strong enough to support the change.

    1. Aligning your service management goals with your organizational objectives leads to better understanding of the expected outcomes.
    2. Understand your customers and what they value, and design your practices to deliver this value.

    3. IT does not know what order is best when implementing new practices or process improvements.
    4. Don't run before you can walk. Fundamental practices must reach the maturity threshold before developing advanced practices. Implement continuous improvement on your existing processes so they continue to support new practices.

    5. IT does not follow best practices when implementing a practice.
    6. Our best-practice research is based on extensive experience working with clients through advisory calls and workshops.

    Info-Tech can help you create a customized, low-effort, and high-value service management roadmap that will shore up any gaps, prove IT’s value, and achieve business satisfaction.

    Info-Tech’s methodology will help you customize your roadmap so the journey is right for you

    With Info-Tech, you will find out where you are, where you want to go, and how you will get there.

    With our methodology, you can expect the following:

    • Eliminate or reduce rework due to poor execution.
    • Identify dependencies/prerequisites and ensure practices are deployed in the correct order, at the correct time, and by the right people.
    • Engage all necessary resources to design and implement required processes.
    • Assess current maturity and capabilities and design the roadmap with these factors in mind.

    Doing it right the first time around

    You will see these benefits at the end

      ✓ Increase the quality of services IT provides to the business.

      ✓ Increase business satisfaction through higher alignment of IT services.

      ✓ Lower cost to design, implement, and manage services.

      ✓ Better resource utilization, including staff, tools, and budget.

    Focus on a strong foundation to build higher value service management practices

    Info-Tech Insight

    Focus on behaviors and expected outcomes before processes.

    Foundational elements

    • Operating model facilitates service management goals
    • Culture of service delivery
    • Governance discipline to evaluate, direct, and monitor
    • Management discipline to deliver

    Stabilize

    • Deliver stable, reliable IT services to the business
    • Respond to user requests quickly and efficiently
    • Resolve user issues in a timely manner
    • Deploy changes smoothly and successfully

    Proactive

    • Avoid/prevent service disruptions
    • Improve quality of service (performance, availability, reliability)

    Service Provider

    • Understand business needs
    • Ensure services are available
    • Measure service performance, based on business-oriented metrics

    Strategic Partner

    • Fully aligned with business
    • Drive innovation
    • Drive measurable value

    Info-Tech Insight

    Continued leadership support of the foundational elements will allow delivery teams to provide value to the business. Set the expectation of the desired maturity level and allow teams to innovate.

    Follow our model and get to your target state

    A model is depicted that shows the various target states. There are 6 levels showing in the example, and the example is made to look like a tree with a character watering it. In the roots, the level is labelled foundational. The trunk is labelled the core. The lowest hanging branches of the tree is the stabilize section. Above it is the proactive section. Nearing the top of the tree is the service provider. The canopy of the tree are labelled strategic partner.

    Before moving to advanced service management practices, you must ensure that the foundational and core elements are robust enough to support them. Leadership must nurture these practices to ensure they are sustainable and can support higher value, more mature practices.

    Each step along the way, Info-Tech has the tools to help you

    Phase 1: Launch the Project

    Assemble a team with the right talent and vision to increase the chances of project success.

    Phase 2: Assess Current State

    Understand where you are currently on the service management journey using the maturity assessment tool.

    Phase 3: Build Roadmap

    Based on the assessments, build a roadmap to address areas for improvement.

    Phase 4: Build Communication slide

    Based on the roadmap, define the current state, short- and long-term visions for each major improvement area.

    Info-Tech Deliverables:

    • Project Charter
    • Assessment Tools
    • Roadmap Template
    • Communication Template

    CIO call to action

    Improving the maturity of the organization’s service management practice is a big commitment, and the project can only succeed with active support from senior leadership.

    Ideally, the CIO should be the project sponsor, even the project leader. At a minimum, the CIO needs to perform the following activities:

    1. Walk the talk – demonstrate personal commitment to the project and communicate the benefits of the service management journey to IT and the steering committee.
    2. Improving or adopting any new practice is difficult, especially for a project of this size. Thus, the CIO needs to show visible support for this project through internal communication and dedicated resources to help complete this project.

    3. Select a senior, capable, and results-driven project leader.
    4. Most likely, the implementation of this project will be lengthy and technical in some nature. Therefore, the project leader must have a good understanding of the current IT structure, senior standing within the organization, and the relationship and power in place to propel people into action.

    5. Help to define the target future state of IT’s service management.
    6. Determine a realistic target state for the organization based on current capability and resource/budget restraints.

    7. Conduct periodic follow-up meetings to keep track of progress.
    8. Reinforce or re-emphasize the importance of this project to the organization through various communication channels if needed.

    Stabilizing your environment is a must before establishing any more-mature processes

    CASE STUDY

    Industry: Manufacturing

    Source: Engagement

    Challenge

    • The business landscape was rapidly changing for this manufacturer and they wanted to leverage potential cost savings from cloud-first initiatives and consolidate multiple, self-run service delivery teams that were geographically dispersed.

    Solution

    Original Plan

    • Consolidate multiple service delivery teams worldwide and implement service portfolio management.

    Revised Plan with Service Management Roadmap:

    • Markets around the world had very different needs and there was little understanding of what customers value.
    • There was also no understanding of what services were currently being offered within each geography.

    Results

    • Plan was adjusted to understand customer value and services offered.
    • Services were then stabilized and standardized before consolidation.
    • Team also focused on problem maturity and drove a continuous improvement culture and increasing transparency.

    MORAL OF THE STORY:

    Understanding the value of each service allowed the organization to focus effort on high-return activities rather than continuous fire fighting.

    Understand the processes involved in the proactive phase

    CASE STUDY

    Industry: Manufacturing

    Source: Engagement

    Challenge

    • Services were fairly stable, but there were significant recurring issues for certain services.
    • The business was not satisfied with the service quality for certain services, due to periodic availability and reliability issues.
    • Customer feedback for the service desk was generally good.

    Solution

    Original Plan

    • Review all service desk and incident management processes to ensure that service issues were handled in an effective manner.

    Revised Plan with Service Management Roadmap:

    • Design and deploy a rigorous problem management process to determine the root cause of recurring issues.
    • Monitor key services for events that may lead to a service outage.

    Results

    • Root cause of recurring issues was determined and fixes were deployed to resolve the underlying cause of the issues.
    • Service quality improved dramatically, resulting in high customer satisfaction.

    MORAL OF THE STORY:

    Make sure that you understand which processes need to be reviewed in order to determine the cause for service instability. Focusing on the proactive processes was the right answer for this company.

    Have the right culture and structure in place before you become a service provider

    CASE STUDY

    Industry: Healthcare

    Source:Journal of American Medical Informatics Association

    Challenge

    • The IT organization wanted to build a service catalog to demonstrate the value of IT to the business.
    • IT was organized in technology silos and focused on applications, not business services.
    • IT services were not aligned with business activities.
    • Relationships with the business were not well established.

    Solution

    Original Plan

    • Create and publish a service catalog.

    Revised Plan: with Service Management Roadmap:

    • Establish relationships with key stakeholders in the business units.
    • Understand how business activities interface with IT services.
    • Lay the groundwork for the service catalog by defining services from the business perspective.

    Results

    • Strong relationships with the business units.
    • Deep understanding of how business activities map to IT services.
    • Service definitions that reflect how the business uses IT services.

    MORAL OF THE STORY:

    Before you build and publish a service catalog, make sure that you understand how the business is using the IT services that you provide.

    Calculate the benefits of using Info-Tech’s methodology

    To measure the value of developing your roadmap using the Info-Tech tools and methodology, you must calculate the effort saved by not having to develop the methods.

    A. How much time will it take to develop an industry-best roadmap using Info-Tech methodology and tools?

    Using Info-Tech’s tools and methodology you can accurately estimate the effort to develop a roadmap using industry-leading research into best practice.

    B. What would be the effort to develop the insight, assess your team, and develop the roadmap?

    This metric represents the time your team would take to be able to effectively assess themselves and develop a roadmap that will lead to service management excellence.

    C. Cost & time saving through Info-Tech’s methodology

    Measured Value

    Step 1: Assess current state

    Cost to assess current state:

    • 5 Directors + 10 Managers x 10 hours at $X an hour = $A

    Step 2: Build the roadmap

    Cost to create service management roadmap:

    • 5 Directors + 10 Managers x 8 hours at $X an hour = $B

    Step 3: Develop the communication slide

    Cost to create roadmaps for phases:

    • 5 Directors + 10 Managers x 6 hours at $X an hour = $C

    Potential financial savings from using Info-Tech resources:

    Estimated cost to do “B” – (Step 1 ($A) + Step 2 ($B) + Step 3 ($C)) = $Total Saving

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keeps us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Create a Service Management Roadmap – project overview


    Launch the project

    Assess the current state

    Build the roadmap

    Build communication slide

    Best-Practice Toolkit

    1.1 Create a powerful, succinct mission statement

    1.2 Assemble a project team with representatives from all major IT teams

    1.3 Determine project stakeholders and create a communication plan

    1.4 Establish metrics to track the success of the project

    2.1 Assess impacting forces

    2.2 Build service management vision, mission, and values

    2.3 Assess attitudes, behaviors, and culture

    2.4 Assess governance

    2.5 Perform SWOT analysis

    2.6 Identify desired state

    2.7 Assess SM maturity

    2.8 Assess OCM capabilities

    3.1 Document overall themes

    3.2 List individual initiatives

    4.1 Document current state

    4.2 List future vision

    Guided Implementations

    • Kick-off the project
    • Build the project team
    • Complete the charter
    • Understand current state
    • Determine target state
    • Build the roadmap based on current and target state
    • Build short- and long-term visions and initiative list

    Onsite Workshop

    Module 1: Launch the project

    Module 2: Assess current service management maturity

    Module 3: Complete the roadmap

    Module 4: Complete the communication slide

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information

    Workshop Day 1

    Workshop Day 2

    Workshop Day 3

    Workshop Day 4

    Activities

    Understand Service Management

    1.1 Understand the concepts and benefits of service management.

    1.2 Understand the changing impacting forces that affect your ability to deliver services.

    1.3 Build a compelling vision and mission for your service management program.

    Assess the Current State of Your Service Management Practice

    2.1 Understand attitudes, behaviors, and culture.

    2.2 Assess governance and process ownership needs.

    2.3 Perform SWOT analysis.

    2.4 Define the desired state.

    Complete Current-State Assessment

    3.1 Conduct service management process maturity assessment.

    3.2 Identify organizational change management capabilities.

    3.3 Identify themes for roadmap.

    Build Roadmap and Communication Tool

    4.1 Build roadmap one-pager.

    4.2 Build roadmap communication one-pager.

    Deliverables

    1. Constraints and enablers chart
    2. Service management vision, mission, and values
    1. Action items for cultural improvements
    2. Action items for governance
    3. Identified improvements from SWOT
    4. Defined desired state
    1. Service Management Process Maturity Assessment
    2. Organizational Change Management Assessment
    1. Service management roadmap
    2. Roadmap Communication Tool in the Service Management Roadmap Presentation Template

    PHASE 1

    Launch the Project

    Launch the project

    This step will walk you through the following activities:

    • Create a powerful, succinct mission statement based on your organization’s goals and objectives.
    • Assemble a project team with representatives from all major IT teams.
    • Determine project stakeholders and create a plan to convey the benefits of this project.
    • Establish metrics to track the success of the project.

    Step Insights

    • The project leader should have a strong relationship with IT and business leaders to maximize the benefit of each initiative in the service management journey.
    • The service management roadmap initiative will touch almost every part of the organization; therefore, it is important to have representation from all impacted stakeholders.
    • The communication slide needs to include the organizational change impact of the roadmap initiatives.

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Launch the Project

    Step 1.1 – Kick-off the Project

    Start with an analyst kick-off call:

    • Identify current organization pain points relating to poor service management practices
    • Determine high-level objectives
    • Create a mission statement

    Then complete these activities…

    • Identify potential team members who could actively contribute to the project
    • Identify stakeholders who have a vested interest in the completion of this project

    With these tools & templates:

    • Service Management Roadmap Project Charter

    Step 1.2 – Complete the Charter

    Review findings with analyst:

    • Create the project team; ensure all major IT teams are represented
    • Review stakeholder list and identify communication messages

    Then complete these activities…

    • Establish metrics to complete project planning
    • Complete the project charter

    With these tools & templates:

    • Service Management Roadmap Project Charter

    Use Info-Tech’s project charter to begin your initiative

    1.1 Service Management Roadmap Project Charter

    The Service Management Roadmap Project Charter is used to govern the initiative throughout the project. It provides the foundation for project communication and monitoring.

    The template has been pre-populated with sample information appropriate for this project. Please review this sample text and change, add, or delete information as required.

    The charter includes the following sections:

    • Mission Statement
    • Goals & Objectives
    • Project Team
    • Project Stakeholders
    • Current State (from phases 2 & 3)
    • Target State (from phases 2 & 3)
    • Target State
    • Metrics
    • Sponsorship Signature
    A screenshot of Info-Tech's Service Management Roadmap Project Charter is shown.

    Use Info-Tech’s ready-to-use deliverable to customize your mission statement

    Adapt and personalize Info-Tech’s Service Management Roadmap Mission Statement and Goals & Objectives below to suit your organization’s needs.

    Goals & Objectives

    • Create a plan for implementing service management initiatives that align with the overall goals/objectives for service management.
    • Identify service management initiatives that must be implemented/improved in the short term before deploying more advanced initiatives.
    • Determine the target state for each initiative based on current maturity and level of investment available.
    • Identify service management initiatives and understand dependencies, prerequisites, and level of effort required to implement.
    • Determine the sequence in which initiatives should be deployed.
    • Create a detailed rollout plan that specifies initiatives, time frames, and owners.
    • Engage the right teams and obtain their commitment throughout both the planning and assessment of roadmap initiatives.
    • both the planning and assessment of roadmap initiatives. Obtain support for the completed roadmap from executive stakeholders.

    Example Mission Statement

    To help [Organization Name] develop a set of service management practices that will better address the overarching goals of the IT department.

    To create a roadmap that sequences initiatives in a way that incorporates best practices and takes into consideration dependencies and prerequisites between service management practices.

    To garner support from the right people and obtain executive buy-in for the roadmap.

    Create a well-balanced project team

    The project leader should be a member of your IT department’s senior executive team with goals and objectives that will be impacted by service management implementation. The project leader should possess the following characteristics:

    Leader

    • Influence and impact
    • Comprehensive knowledge of IT and the organization
    • Relationship with senior IT management
    • Ability to get things done

    Team Members

    Identify

    The project team members are the IT managers and directors whose day-to-day lives will be impacted by the service management roadmap and its implementation. The service management initiative will touch almost every IT staff member in the organization; therefore, it is important to have representatives from every single group, including those that are not mentioned. Some examples of individuals you should consider for your team:

    • Service Delivery Managers
    • Director/Manager of Applications
    • Director/Manager of Infrastructure
    • Director/Manager of Service Desk
    • Business Relationship Managers
    • Project Management Office

    Engage & Communicate

    You want to engage your project participants in the planning process as much as possible. They should be involved in the current-state assessment, the establishment of goals and objectives, and the development of your target state.

    To sell this project, identify and articulate how this project and/or process will improve the quality of their job. For example, a formal incident management process will benefit people working at the service desk or on the applications or infrastructure teams. Helping them understand the gains will help to secure their support throughout the long implementation process by giving them a sense of ownership.

    The project stakeholders should also be project team members

    When managing stakeholders, it is important to help them understand their stake in the project as well as their own personal gain that will come out of this project.

    For many of the stakeholders, they also play a critical role in the development of this project.

    Role & Benefits

    • CIO
    • The CIO should be actively involved in the planning stage to help determine current and target stage.

      The CIO also needs to promote and sell the project to the IT team so they can understand that higher maturity of service management practices will allow IT to be seen as a partner to the business, giving IT a seat at the table during decision making.

    • Service Delivery Managers/Process Owners
    • Service Delivery Managers are directly responsible for the quality and value of services provided to the business owners. Thus, the Service Delivery Managers have a very high stake in the project and should be considered for the role of project leader.

      Service Delivery Managers need to work closely with the process owners of each service management process to ensure clear objectives are established and there is a common understanding of what needs to be achieved.

    • IT Steering Committee
    • The Committee should be informed and periodically updated about the progress of the project.

    • Manager/Director – Service Desk
    • The Manager of the Service Desk should participate closely in the development of fundamental service management processes, such as service desk, incident management, and problem management.

      Having a more established process in place will create structure, governance, and reduce service desk staff headaches so they can handle requests or incidents more efficiently.

    • Manager/Director –Applications & Infrastructure
    • The Manager of Applications and Infrastructure should be heavily relied on for their knowledge of how technology ties into the organization. They should be consulted regularly for each of the processes.

      This project will also benefit them directly, such as improving the process to deploy a fix into the environment or manage the capacity of the infrastructure.

    • Business Relationship Manager
    • As the IT organization moves up the maturity ladder, the Business Relationship Manager will play a fundamental role in the more advanced processes, such as business relationship management, demand management, and portfolio management.

      This project will be an great opportunity for the Business Relationship Manager to demonstrate their value and their knowledge of how to align IT objectives with business vision.

    Ensure you get the entire IT organization on board for the project with a well-practiced change message

    Getting the IT team on board will greatly maximize the project’s chance of success.

    One of the top challenges for organizations embarking on a service management journey is to manage the magnitude of the project. To ensure the message is not lost, communicate this roadmap in two steps.

    1. Communicate the roadmap initiative

    The most important message to send to the IT organization is that this project will benefit them directly. Articulate the pains that IT is currently experiencing and explain that through more mature service management, these pains can be greatly reduced and IT can start to earn a place at the table with the business.

    2. Communicate the implementation of each process separately

    The communication of process implementation should be done separately and at the beginning of each implementation. This is to ensure that IT staff do not feel overwhelmed or overloaded. It also helps to keep the project more manageable for the project team.

    Continuously monitor feedback and address concerns throughout the entire process

    • Host lunch and learns to provide updates on the service management initiative to the entire IT team.
    • Understand if there are any major roadblocks and facilitate discussions on how to overcome them.

    Articulate the service management initiative to the IT organization

    Spread the word and bring attention to your change message through effective mediums and organizational changes.

    Key aspects of a communication plan

    The methods of communication (e.g. newsletters, email broadcast, news of the day, automated messages) notify users of implementation.

    In addition, it is important to know who will deliver the message (delivery strategy). You need IT executives to deliver the message – work hard on obtaining their support as they are the ones communicating to their staff and should be your project champions.

    Anticipate organizational changes

    The implementation of the service management roadmap will most likely lead to organizational changes in terms of structure, roles, and responsibilities. Therefore, the team should be prepared to communicate the value that these changes will bring.

    Communicating Change

    • What is the change?
    • Why are we doing it?
    • How are we going to go about it?
    • What are we trying to achieve?
    • How often will we be updated?

    The Qualities of Leadership: Leading Change

    Create a project communication plan for your stakeholders

    This project cannot be successfully completed without the support of senior IT management.

    1. After the CIO has introduced this project through management meetings or informal conversation, find out how each IT leader feels about this project. You need to make sure the directors and managers of each IT team, especially the directors of application and infrastructure, are on board.
    2. After the meeting, the project leader should seek out the major stakeholders (particularly the heads of applications and infrastructure) and validate their level of support through formal or informal meetings. Create a list documenting the major stakeholders, their level of support, and how the project team will work to gain their approval.
    3. For each identified stakeholder, create a custom communication plan based on their role. For example, if the director of infrastructure is not a supporter, demonstrate how this project will enable them to better understand how to improve service quality. Provide periodic reporting or meetings to update the director on project progress.

    INPUT

    • A collaborative discussion between team members

    OUTPUT

    • Thorough briefing for project launch
    • A committed team

    Materials

    • Communication message and plan
    • Metric tracking

    Participants

    • Project leader
    • Core project team

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst is shown.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1

    A screenshot of activity 1.1 is shown.

    Create a powerful, succinct mission statement

    Using Info-Tech’s sample mission statement as a guide, build your mission statement based on the objectives of this project and the benefits that this project will achieve. Keep the mission statement short and clear.

    1.2

    A screenshot of activity 1.2 is shown.

    Assemble the project team

    Create a project team with representatives from all major IT teams. Engage and communicate to the project team early and proactively.

    1.3

    A screenshot of activity 1.3 is shown.

    Identify project stakeholders and create a communication plan

    Info-Tech will help you identify key stakeholders who have a vested interest in the success of the project. Determine the communication message that will best gain their support.

    1.4

    A screenshot of activity 1.4 is shown.

    Use metrics to track the success of the project

    The onsite analyst will help the project team determine the appropriate metrics to measure the success of this project.

    PHASE 2

    Assess Your Current Service Management State

    Assess your current state

    This step will walk you through the following activities:

    • Use Info-Tech’s Service Management Maturity Assessment Tool to determine your overall practice maturity level.
    • Understand your level of completeness for each individual practice.
    • Understand the three major phases involved in the service management journey; know the symptoms of each phase and how they affect your target state selection.

    Step Insights

    • To determine the real maturity of your service management practices, you should focus on the results and output of the practice, rather than the activities performed for each process.
    • Focus on phase-level maturity as opposed to the level of completeness for each individual process.

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Determine Your Service Management Current State

    Step 2.1 – Assess Impacting Forces

    Start with an analyst kick-off call:

    • Discuss the impacting forces that can affect the success of your service management program
    • Identify internal and external constraints and enablers
    • Review and interpret how to leverage or mitigate these elements

    Then complete these activities…

    • Present the findings of the organizational context
    • Facilitate a discussion and create consensus amongst the project team members on where the organization should start

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 2.2 – Build Vision, Mission, and Values

    Review findings with analyst:

    • Review your service management vision and mission statement and discuss the values

    Then complete these activities…

    • Socialize the vision, mission, and values to ensure they are aligned with overall organizational vision. Then, set the expectations for behavior aligned with the vision, mission, and values

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 2.3 – Assess Attitudes, Behaviors, and Culture

    Review findings with analyst:

    • Discuss tactics for addressing negative attitudes, behaviors, or culture identified

    Then complete these activities…

    • Add items to be addressed to roadmap

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 2.4 – Assess Governance Needs

    Review findings with analyst:

    • Understand the typical types of governance structure and the differences between management and governance
    • Choose the management structure required for your organization

    Then complete these activities…

    • Determine actions required to establish an effective governance structure and add items to be addressed to roadmap

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 2.5 – Perform SWOT Analysis

    Review findings with analyst:

    • Discuss SWOT analysis results and tactics for addressing within the roadmap

    Then complete these activities…

    • Add items to be addressed to roadmap

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 2.6 – Identify Desired State

    Review findings with analyst:

    • Discuss desired state and commitment needed to achieve aspects of the desired state

    Then complete these activities…

    • Use the desired state to critically assess the current state of your service management practices and whether they are achieving the desired outcomes
    • Prep for the SM maturity assessment

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 2.7 – Perform SM Maturity Assessment

    Review findings with analyst:

    • Review and interpret the output from your service management maturity assessment

    Then complete these activities…

    • Add items to be addressed to roadmap

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Service Management Maturity Assessment

    Step 2.8 – Review OCM Capabilities

    Review findings with analyst:

    • Review and interpret the output from your organizational change management maturity assessment

    Then complete these activities…

    • Add items to be addressed to roadmap

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Organizational Change Management Assessment

    Understand and assess impacting forces – constraints and enablers

    Constraints and enablers are organizational and behavioral triggers that directly impact your ability and approach to establishing Service Management practices.

    A model is shown to demonstrate the possibe constraints and enablers on your service management program. It incorporates available resources, the environment, management practices, and available technologies.

    Effective service management requires a mix of different approaches and practices that best fit your organization. There’s not a one-size-fits-all solution. Consider the resources, environment, emerging technologies, and management practices facing your organization. What items can you leverage or use to mitigate to move your service management program forward?

    Use Info-Tech’s “Organizational Context” template to list the constraints and enablers affecting your service management

    The Service Management Roadmap Presentation Template will help you understand the business environment you need to consider as you build out your roadmap.

    Discuss and document constraints and enablers related to the business environment, available resources, management practices, and emerging technologies. Any constraints will need to be addressed within your roadmap and enablers should be leveraged to maximize your results.


    Screenshot of Info-Tech's Service Management Roadmap Presentation Template is shown.

    Document constraints and enablers

    1. Discuss and document the constrains and enablers for each aspect of the management mesh: environment, resources, management practices, or technology.
    2. Use this as a thought provoker in later exercises.

    INPUT

    • A collaborative discussion

    OUTPUT

    • Organizational context constraints and enablers

    Materials

    • Whiteboards or flip charts

    Participants

    • All stakeholders

    Build compelling vision and mission statements to set the direction of your service management program

    While you are articulating the vision and mission, think about the values you want the team to display. Being explicit can be a powerful tool to create alignment.

    A vision statement describes the intended state of your service management organization, expressed in the present tense.

    A mission statement describes why your service management organization exists.

    Your organizational values state how you will deliver services.

    Use Info-Tech’s “Vision, Mission, and Values” template to set the aspiration & purpose of your service management practice

    The Service Management Roadmap Presentation Template will help you document your vision for service management, the purpose of the program, and the values you want to see demonstrated.

    If the team cannot gain agreement on their reason for being, it will be difficult to make traction on the roadmap items. A concise and compelling statement can set the direction for desired behavior and help team members align with the vision when trying to make ground-level decisions. It can also be used to hold each other accountable when undesirable behavior emerges. It should be revised from time to time, when the environment changes, but a well-written statement should stand the test of time.

    A screenshot of the Service Management Roadmap Presentation Temaplate is shown. Specifically it is showing the section on the vision, mission, and values results.

    Document your organization’s vision, mission , and values

    1. Vision: Identify your desired target state, consider the details of that target state, and create a vision statement.
    2. Mission: Consider the fundamental purpose of your SM program and craft a statement of purpose.
    3. Values: As you work through the vision and mission, identify values that your organization prides itself in or has the aspiration for.
    4. Discuss common themes and then develop a concise vision statement and mission statement that incorporates the group’s ideas.

    INPUT

    • A collaborative discussion

    OUTPUT

    • Vision statement
    • Mission statement
    • Organizational values

    Materials

    • Whiteboards or flip charts
    • Sample vision and mission statements

    Participants

    • All stakeholders
    • Senior leadership

    Understanding attitude, behavior, and culture

    Attitude

    • What people think and feel. It can be seen in their demeanor and how they react to change initiatives, colleagues, and users.

    Any form of organizational change involves adjusting people’s attitudes, creating buy-in and commitment. You need to identify and address attitudes that can lead to negative behaviors and actions or that are counter-productive. It must be made visible and related to your desired behavior.

    Behaviour

    • What people do. This is influenced by attitude and the culture of the organization.

    To implement change within IT, especially at a tactical level, both IT and organizational behavior needs to change. This is relevant because people don’t like to change and will resist in an active or passive way unless you can sell the need, value, and benefit of changing their behavior.

    Culture

    • The accepted and understood ways of working in an organization. The values and standards that people find normal and what would be tacitly identified to new resources.

    The organizational or corporate “attitude,” the impact on employee behavior and attitude is often not fully understood. Culture is an invisible element, which makes it difficult to identify, but it has a strong impact and must be addressed to successfully embed any organizational change or strategy.

    Culture is a critical and under-addressed success factor

    43% of CIOs cited resistance to change as the top impediment to a successful digital strategy.

    CIO.com

    75% of organizations cannot identify or articulate their culture or its impact.

    Info-Tech

    “Shortcomings in organizational culture are one of the main barriers to company success in the digital age.”

    McKinsey – “Culture for a digital age”

    Examples of how they apply

    Attitude

    • “I’ll believe that when I see it”
    • Positive outlook on new ideas and changes

    Behaviour

    • Saying you’ll follow a new process but not doing so
    • Choosing not to document a resolution approach or updating a knowledge article, despite being asked

    Culture

    • Hero culture (knowledge is power)
    • Blame culture (finger pointing)
    • Collaborative culture (people rally and work together)

    Why have we failed to address attitude, behavior, and culture?

      ✓ While there is attention and better understanding of these areas, very little effort is made to actually solve these challenges.

      ✓ The impact is not well understood.

      ✓ The lack of tangible and visible factors makes it difficult to identify.

      ✓ There is a lack of proper guidance, leadership skills, and governance to address these in the right places.

      ✓ Addressing these issues has to be done proactively, with intent, rigor, and discipline, in order to be successful.

      ✓ We ignore it (head in the sand and hoping it will fix itself).

    Avoidance has been a common strategy for addressing behavior and culture in organizations.

    Use Info-Tech’s “Culture and Environment” template to identify cultural constraints that should be addressed in roadmap

    The Service Management Roadmap Presentation Template will help you document attitude, behavior, and culture constraints.

    Discuss as a team attitudes, behaviors, and cultural aspects that can either hinder or be leveraged to support your vision for the service management program. Capture all items that need to be addressed in the roadmap.

    A screenshot of the Service Management Roadmap Presentation Template is shown. Specifically showing the culture and environment slide.

    Document your organization’s attitudes, behaviors, and culture

    1. Discuss and document positive and negative aspects of attitude, behavior, or culture within your organization.
    2. Identify the items that need to be addressed as part of your roadmap.

    INPUT

    • A collaborative discussion

    OUTPUT

    • Culture and environment worksheet

    Materials

    • Whiteboards or flip charts

    Participants

    • All stakeholders

    The relationship to governance

    Attitude, behavior, and culture are still underestimated as core success factors in governance and management.

    Behavior is a key enabler of good governance. Leading by example and modeling behavior has a cascading impact on shifting culture, reinforcing the importance of change through adherence.

    Executive leadership and governing bodies must lead and support cultural change.

    Key Points

    • Less than 25% of organizations have formal IT governance in place (ITSM Tools).
    • Governance tends to focus on risk and compliance (controls), but forgets the impact of value and performance.

    Lack of oversight often limits the value of service management implementations

    Organizations often fail to move beyond risk mitigation, losing focus of the goals of their service management practices and the capabilities required to produce value.

    Risk Mitigation

    • Stabilize IT
    • Service Desk
    • Incident Management
    • Change Management

    Gap

    • Organizational alignment through governance
    • Disciplined focus on goals of SM

    Value Production

    • Value that meets business and consumer needs

    This creates a situation where service management activities and roadmaps focus on adjusting and tweaking process areas that no longer support how the organization needs to work.

    How does establishing governance for service management provide value?

    Governance of service management is a gap in most organizations, which leads to much of the failure and lack of value from service management processes and activities.

    Once in place, effective governance enables success for organizations by:

    1. Ensuring service management processes improve business value
    2. Measuring and confirming the value of the service management investment
    3. Driving a focus on outcome and impact instead of simply process adherence
    4. Looking at the integrated impact of service management in order to ensure focused prioritization of work
    5. Driving customer-experience focus within organizations
    6. Ensuring quality is achieved and addressing quality impacts and dependencies between processes

    Four common service management process ownership models

    Your ownership structure largely defines how processes will need to be implemented, maintained, and improved. It has a strong impact on their ability to integrate and how other teams perceive their involvement.

    An organizational structure is shown. In the image is an arrow, with the tip facing in the right direction. The left side of the arrow is labelled: Traditional, and the right side is labelled: Complex. The four models are noted along the arrow. Starting on the left side and going to the right are: Distributed Process Ownership, Centralized Process Ownership, Federated Process Ownership, and Service Management Office.

    Most organizations are somewhere within this spectrum of four core ownership models, usually having some combination of shared traits between the two models that are closest to them on the scale.

    Info-Tech Insight

    The organizational structure that is best for you depends on your needs, and one is not necessarily better than another. The next four slides describe when each ownership level is most appropriate.

    Distributed process ownership

    Distributed process ownership is usually evident when organizations initially establish their service management practices. The processes are assigned to a specific group, who assumes some level of ownership over its execution.

    The distributed process ownership model is shown. CIO is listed at the top with four branches leading out from below it. The four branches are labelled: Service Desk, Operations, Applications, and Security.

    Info-Tech Insight

    This model is often a suitable approach for initial implementations or where it may be difficult to move out of siloes within the organization’s structure or culture.

    Centralized process ownership

    Centralized process ownership usually becomes necessary for organizations as they move into a more functional structure. It starts to drive management of processes horizontally across the organization while still retaining functional management control.

    A centralized process ownership model is shown. The CIO is at the top and the following are branches below it: Service Manager, Support, Middleware, Development, and Infrastructure.

    Info-Tech Insight

    This model is often suitable for maturing organizations that are starting to look at process integration and shared service outcomes and accountability.

    Federated process ownership

    Federated process ownership allows for global control and regional variation, and it supports product orientation and Agile/DevOps principles

    A federated process ownership model is shown. The Sponsor/CIO is at the top, with the ITSM Executive below it. Below that level is the: Process Owner, Process Manager, and Process Manager.

    Info-Tech Insight

    Federated process ownership is usually evident in organizations that have an international or multi-regional presence.

    Service management office (SMO)

    SMO structures tend to occur in highly mature organizations, where service management responsibility is seen as an enterprise accountability.

    A service management office model is shown. The CIO is at the top with the following branches below it: SMO, End-User Services, Infra., Apps., and Architecture.

    Info-Tech Insight

    SMOs are suitable for organizations with a defined IT and organizational strategy. A SMO supports integration with other enterprise practices like enterprise architecture and the PMO.

    Determine which process ownership and governance model works best for your organization

    The Service Management Roadmap Presentation Template will help you document process ownership and governance model

    Example:

    Key Goals:

      ☐ Own accountability for changes to core processes

      ☐ Understand systemic nature and dependencies related to processes and services

      ☐ Approve and prioritize improvement and CSI initiatives related to processes and services

      ☐ Evaluate success of initiative outcomes based on defined benefits and expectations

      ☐ Own Service Management and Governance processes and policies

      ☐ Report into ITSM executive or equivalent body

    Membership:

      ☐ Process Owners, SM Owner, Tool Owner/Liaison, Audit

    Discuss as a team which process ownership model works for your organization. Determine who will govern the service management practice. Determine items that should be identified in your roadmap to address governance and process ownership gaps.

    Use Info-Tech’s “SWOT” template to identify strengths, weaknesses, opportunities & threats that should be addressed

    The Service Management Roadmap Presentation Template will help you document items from your SWOT analysis.

    A screenshot of the Service Management Roadmap Presentation Template is shown. Specifically the SWOT section is shown.

    Brainstorm the strengths, weaknesses, opportunities, and threats related to resources, environment, technology, and management practices. Add items that need to be addressed to your roadmap.

    Perform a SWOT analysis

    1. Brainstorm each aspect of the SWOT with an emphasis on:
    • Resources
    • Environment
    • Technologies
    • Management Practices
  • Record your ideas on a flip chart or whiteboard.
  • Add items to be addressed to the roadmap.
  • INPUT

    • A collaborative discussion

    OUTPUT

    • SWOT analysis
    • Priority items identified

    Materials

    • Whiteboards or flip charts

    Participants

    • All stakeholders

    Indicate desired maturity level for your service management program to be successful

    Discuss the various maturity levels and choose a desired level that would meet business needs.

    The desired maturity model is depicted.

    INPUT

    • A collaborative discussion

    OUTPUT

    • Desired state of service management maturity

    Materials

    • None

    Participants

    • All stakeholders

    Use Info-Tech’s Service Management Process Maturity Assessment Tool to understand your current state

    The Service Management Process Maturity Assessment Tool will help you understand the true state of your service management.

    A screenshot of Info-Tech's Service Management Process Assessment Tool is shown.

    Part 1, Part 2, and Part 3 tabs

    These three worksheets contain questions that will determine the overall maturity of your service management processes. There are multiple sections of questions focused on different processes. It is very important that you start from Part 1 and continue the questions sequentially.

    Results tab

    The Results tab will display the current state of your service management processes as well as the percentage of completion for each individual process.

    Complete the service management process maturity assessment

    The current-state assessment will be the foundation of building your roadmap, so pay close attention to the questions and answer them truthfully.

    1. Start with tab 1 in the Service Management Process Maturity Assessment Tool. Remember to read the questions carefully and always use the feedback obtained through the end-user survey to help you determine the answer.
    2. In the “Degree of Process Completeness” column, use the drop-down menu to input the results solicited from the goals and objectives meeting you held with your project participants.
    3. A screenshot of Info-Tech's Service Management Process Assessment Tool is shown. Tab 1 is shown.
    4. Host a meeting with all participants following completion of the survey and have them bring their results. Discuss in a round-table setting, keeping a master sheet of agreed upon results.

    INPUT

    • Service Management Process Maturity Assessment Tool questions

    OUTPUT

    • Determination of current state

    Materials

    • Service Management Process Maturity Assessment Tool

    Participants

    • Project team members

    Review the results of your current-state assessment

    At the end of the assessment, the Results tab will have action items you could perform to close the gaps identified by the process assessment tool.

    A screenshot of Info-Tech's Service Management Process Maturity Assessment Results is shown.

    INPUT

    • Maturity assessment results

    OUTPUT

    • Determination of overall and individual practice maturity

    Materials

    • Service Management Maturity Assessment Tool

    Participants

    • Project team members

    Use Info-Tech’s OCM Capability Assessment tool to understand your current state

    The Organizational Change Management Capabilities Assessment tool will help you understand the true state of your organizational change management capabilities.

    A screenshot of Info-Tech's Organizational Change Management Capabilities Assessment

    Complete the Capabilities tab to capture the current state for organizational change management. Review the Results tab for interpretation of the capabilities. Review the Recommendations tab for actions to address low areas of maturity.

    Complete the OCM capability assessment

    1. Open Organizational Change Management Capabilities Assessment tool.
    2. Come to consensus on the most appropriate answer for each question. Use the 80/20 rule.
    3. Review result charts and discuss findings.
    4. Identify roadmap items based on maturity assessment.

    INPUT

    • A collaborative discussion

    OUTPUT

    • OCM Assessment tool
    • OCM assessment results

    Materials

    • OCM Capabilities Assessment tool

    Participants

    • All stakeholders

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst is shown.

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1

    A screenshot of activity 2.1 is shown.

    Create a powerful, succinct mission statement

    Using Info-Tech’s sample mission statement as a guide, build your mission statement based on the objectives of this project and the benefits that this project will achieve. Keep the mission statement short and clear.

    2.2

    A screenshot of activity 2.2 is shown.

    Complete the assessment

    With the project team in the room, go through all three parts of the assessment with consideration of the feedback received from the business.

    2.3

    A screenshot of activity 2.3 is shown.

    Interpret the results of the assessment

    The Info-Tech onsite analyst will facilitate a discussion on the overall maturity of your service management practices and individual process maturity. Are there any surprises? Are the results reflective of current service delivery maturity?

    PHASE 3

    Build Your Service Management Roadmap

    Build Roadmap

    This step will walk you through the following activities:

    • Document your vision and mission on the roadmap one-pager.
    • Using the inputs from the current-state assessments, identify the key themes required by your organization.
    • Identify individual initiatives needed to address key themes.

    Step Insights

    • Using the Info-Tech thought model, address foundational gaps early in your roadmap and establish the management methods to continuously make them more robust.
    • If any of the core practices are not meeting the vision for your service management program, be sure to address these items before moving on to more advanced service management practices or processes.
    • Make sure the story you are telling with your roadmap is aligned to the overall organizational goals.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Determine Your Service Management Target State

    Step 3.1 – Document the Overall Themes

    Start with an analyst kick-off call:

    • Review the outputs from your current-state assessments to identify themes for areas that need to be included in your roadmap

    Then complete these activities…

    • Ensure foundational elements are solid by adding any gaps to the roadmap
    • Identify any changes needed to management practices to ensure continuous improvement

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 3.2 – Determine Individual Initiatives

    Review findings with analyst:

    • Determine the individual initiatives needed to close the gaps between the current state and the vision

    Then complete these activities…

    • Finalize and document roadmap for executive socialization

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Focus on a strong foundation to build higher value service management practices

    Info-Tech Insight

    Focus on behaviors and expected outcomes before processes.

    Foundational elements

    • Operating model facilitates service management goals
    • Culture of service delivery
    • Governance discipline to evaluate, direct, and monitor
    • Management discipline to deliver

    Stabilize

    • Deliver stable, reliable IT services to the business
    • Respond to user requests quickly and efficiently
    • Resolve user issues in a timely manner
    • Deploy changes smoothly and successfully

    Proactive

    • Avoid/prevent service disruptions
    • Improve quality of service (performance, availability, reliability)

    Service Provider

    • Understand business needs
    • Ensure services are available
    • Measure service performance, based on business-oriented metrics

    Strategic Partner

    • Fully aligned with business
    • Drive innovation
    • Drive measurable value

    Info-Tech Insight

    Continued leadership support of the foundational elements will allow delivery teams to provide value to the business. Set the expectation of the desired maturity level and allow teams to innovate.

    Identify themes that can help you build a strong foundation before moving to higher level practices

    A model is depicted that shows the various target states. There are 6 levels showing in the example, and the example is made to look like a tree with a character watering it. In the roots, the level is labelled foundational. The trunk is labelled the core. The lowest hanging branches of the tree is the stabilize section. Above it is the proactive section. Nearing the top of the tree is the service provider. The top most branches of the tree is labelled strategic partner.

    Before moving to advanced service management practices, you must ensure that the foundational and core elements are robust enough to support them. Leadership must nurture these practices to ensure they are sustainable and can support higher value, more mature practices.

    Use Info-Tech’s “Service Management Roadmap” template to document your vision, themes and initiatives

    The Service Management Roadmap Presentation Template contains a roadmap template to help communicate your vision, themes to be addressed, and initiatives

    A screenshot of Info-Tech's Service Management Roadmap template is shown.

    Working from the lower maturity items to the higher value practices, identify logical groupings of initiatives into themes. This will aid in communicating the reasons for the needed changes. List the individual initiatives below the themes. Adding the service management vision and mission statements can help readers understand the roadmap.

    Document your service management roadmap

    1. Document the service management vision and mission on the roadmap template.
    2. Identify, from the assessments, areas that need to be improved or implemented.
    3. Group the individual initiatives into logical themes that can ease communication of what needs to happen.
    4. Document the individual initiatives.
    5. Document in terms that business partners and executive sponsors can understand.

    INPUT

    • Current-state assessment outputs
    • Maturity model

    OUTPUT

    • Service management roadmap

    Materials

    • Whiteboard
    • Roadmap template

    Participants

    • All stakeholders

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst is shown.

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1

    A screenshot of activity 3.1 is shown.

    Identify themes to address items from the foundational level up to higher value service management practices

    Identify easily understood themes that will help others understand the expected outcomes within your organization.

    A screenshot of activity 3.2 is shown.

    Document individual initiatives that contribute to the themes

    Identify specific activities that will close gaps identified in the assessments.

    PHASE 2

    Build Communication Slide

    Complete your service management roadmap

    This step will walk you through the following activities:

    • Use the current-state assessment exercises to document the state of your service management practices. Document examples of the behaviors that are currently seen.
    • Document the expected short-term gains. Describe how you want the behaviors to change.
    • Document the long-term vision for each item and describe the benefits you expect to see from addressing each theme.

    Step Insights

    • Use the communication template to acknowledge the areas that need to be improved and paint the short- and long-term vision for the improvements to be made through executing the roadmap.
    • Write it in business terms so that it can be used widely to gain acceptance of the upcoming changes that need to occur.
    • Include specific areas that need to be fixed to make it more tangible.
    • Adding the values from the vision, mission, and values exercise can also help you set expectations about how the team will behave as they move towards the longer-term vision.

    Phase 4 Outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Build the Service Management Roadmap

    Step 4.1: Document the Current State

    Start with an analyst kick-off call:

    • Review the pain points identified from the current state analysis
    • Discuss tactics to address specific pain points

    Then complete these activities…

    • Socialize the pain points within the service delivery teams to ensure nothing is being misrepresented
    • Gather ideas for the future state

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 4.2: List the Future Vision

    Review findings with analyst:

    • Review short- and long-term vision for improvements for the pain points identified in the current state analysis

    Then complete these activities…

    • Prepare to socialize the roadmap
    • Ensure long-term vision is aligned with organizational objectives

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Use Info-Tech’s “Service Management Roadmap – Brought to Life” template to paint a picture of the future state

    The Service Management Roadmap Presentation Template contains a communication template to help communicate your vision of the future state

    A screenshot of Info-Tech's Service Management Roadmap - Brought to Life template

    Use this template to demonstrate how existing pain points to delivering services will improve over time by painting a near- and long-term picture of how things will change. Also list specific initiatives that will be launched to affect the changes. Listing the values identified in the vision, mission, and values exercise will also demonstrate the team’s commitment to changing behavior to create better outcomes.

    Document your current state and list initiatives to address them

    1. Use the previous assessments and feedback from business or customers to identify current behaviors that need addressing.
    2. Focus on high-impact items for this document, not an extensive list.
    3. An example of step 1 and 2 are shown.
    4. List the initiatives or actions that will be used to address the specific pain points.

    An example of areas for improvement.

    INPUT

    • Current-state assessment outputs
    • Feedback from business

    OUTPUT

    • Service Management Roadmap Communication Tool, in the Service Management Roadmap Presentation

    Materials

    • Whiteboard
    • Roadmap template

    Participants

    • All stakeholders

    Document your future state

    An example of document your furture state is shown.

    1. For each pain point document the expected behaviors, both short term and longer term.
    2. Write in terms that allow readers to understand what to expect from your service management practice.

    INPUT

    • Current-state assessment outputs
    • Feedback from business

    OUTPUT

    • Service Management Roadmap Communication Tool, in the Service Management Roadmap Presentation Template

    Materials

    • Whiteboard
    • Roadmap template

    Participants

    • All stakeholders

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst is shown.

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.1

    A screenshot of activity 4.1 is shown.

    Identify the pain points and initiatives to address them

    Identify items that the business can relate to and initiatives or actions to address them.

    4.2

    A screenshot of activity 4.2 is shown.

    Identify short- and long-term expectations for service management

    Communicate the benefits of executing the roadmap both short- and long-term gains.

    Research contributors and experts

    Photo of Valence Howden

    Valence Howden, Principal Research Director, CIO Practice

    Info-Tech Research Group

    Valence helps organizations be successful through optimizing how they govern, design, and execute strategies, and how they drive service excellence in all work. With 30 years of IT experience in the public and private sectors, he has developed experience in many information management and technology domains, with focus in service management, enterprise and IT governance, development and execution of strategy, risk management, metrics design and process design, and implementation and improvement.

    Photo of Graham Price

    Graham Price, Research Director, CIO Practice

    Info-Tech Research Group

    Graham has an extensive background in IT service management across various industries with over 25 years of experience. He was a principal consultant for 17 years, partnering with Fortune 500 clients throughout North America, leveraging and integrating industry best practices in IT service management, service catalog, business relationship management, IT strategy, governance, and Lean IT and Agile.

    Photo of Sharon Foltz

    Sharon Foltz, Senior Workshop Director

    Info-Tech Research Group

    Sharon is a Senior Workshop Director at Info-Tech Research Group. She focuses on bringing high value to members via leveraging Info-Tech’s blueprints and other resources enhanced with her breadth and depth of skills and expertise. Sharon has spent over 15 years in various IT roles in leading companies within the United States. She has strong experience in organizational change management, program and project management, service management, product management, team leadership, strategic planning, and CRM across various global organizations.

    Related Info-Tech Research

    Build a Roadmap for Service Management Agility

    Extend the Service Desk to the Enterprise

    Bibliography

    • “CIOs Emerge as Disruptive Innovators.” CSC Global CIO Survey: 2014-2015. Web.
    • “Digital Transformation: How Is Your Organization Adapting?” CIO.com, 2018. Web.
    • Goran, Julie, Laura LaBerge, and Ramesh Srinivasan. “Culture for a digital age.” McKinsey, July 2017. Web.
    • The Qualities of Leadership: Leading Change. Cornelius & Associates, 14 April 2012.
    • Wilkinson, Paul. “Culture, Ethics, and Behavior – Why Are We Still Struggling?” ITSM Tools, 5 July 2018. Web.

    Leadership Workshop Overview

    • Buy Link or Shortcode: {j2store}475|cart{/j2store}
    • member rating overall impact (scale of 10): 8.8/10 Overall Impact
    • member rating average dollars saved: $69,299 Average $ Saved
    • member rating average days saved: 28 Average Days Saved
    • Parent Category Name: Leadership Development Programs
    • Parent Category Link: /leadership-development-programs

    Leadership has evolved over time. The velocity of change has increased and leadership for the future looks different than the past.

    Our Advice

    Critical Insight

    Development of the leadership mind should never stop. This program will help IT leaders continue to craft their leadership competencies to navigate the ever-changing world in which we operate.

    Impact and Result

    • Embrace and lead change through active sharing, transparency, and partnerships.
    • Encourage growth mindset to enhance innovative ideas and go past what has always been done.
    • Actively delegate responsibilities and opportunities that engage and develop team members to build on current skills and prepare for the future.

    Leadership Workshop Overview Research & Tools

    Start here – read the Workshop Overview

    Read our concise Workshop Overview to find out how this program can support the development needs of your IT leadership teams.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Info-Tech Leadership Workshop Overview
    [infographic]

    Build a Data Pipeline for Reporting and Analytics

    • Buy Link or Shortcode: {j2store}126|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $61,999 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Continuous and disruptive database design updates while trying to have one design pattern to fit all use cases.
    • Sub-par performance while loading, retrieving, and querying data.
    • You want to shorten time-to-market of the projects aimed at data delivery and consumption.
    • Unnecessarily complicated database design limits usability of the data and requires knowledge of specific data structures for their effective use.

    Our Advice

    Critical Insight

    • Evolve your data architecture. Data pipeline is an evolutionary break away from the enterprise data warehouse methodology.
    • Avoid endless data projects. Building centralized all-in-one enterprise data warehouses takes forever to deliver a positive ROI.
    • Facilitate data self-service. Use-case optimized data delivery repositories facilitate data self-service.

    Impact and Result

    • Understand your high-level business capabilities and interactions across them – your data repositories and flows should be just a digital reflection thereof.
    • Divide your data world in logical verticals overlaid with various speed data progression lanes, i.e. build your data pipeline – and conquer it one segment at a time.
    • Use the most appropriate database design pattern for a given phase/component in your data pipeline progression.

    Build a Data Pipeline for Reporting and Analytics Research & Tools

    Start here – read the Executive Brief

    Build your data pipeline using the most appropriate data design patterns.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand data progression

    Identify major business capabilities, business processes running inside and across them, and datasets produced or used by these business processes and activities performed thereupon.

    • Build a Data Pipeline for Reporting and Analytics – Phase 1: Understand Data Progression

    2. Identify data pipeline components

    Identify data pipeline vertical zones: data creation, accumulation, augmentation, and consumption, as well as horizontal lanes: fast, medium, and slow speed.

    • Build a Data Pipeline for Reporting and Analytics – Phase 2: Identify Data Pipeline Components

    3. Select data design patterns

    Select the right data design patterns for the data pipeline components, as well as an applicable data model industry standard (if available).

    • Build a Data Pipeline for Reporting and Analytics – Phase 3: Select Data Design Patterns
    [infographic]

    Workshop: Build a Data Pipeline for Reporting and Analytics

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Data Progression

    The Purpose

    Identify major business capabilities, business processes running inside and across them, and datasets produced or used by these business processes and activities performed thereupon.

    Key Benefits Achieved

    Indicates the ownership of datasets and the high-level data flows across the organization.

    Activities

    1.1 Review & discuss typical pitfalls (and their causes) of major data management initiatives.

    1.2 Discuss the main business capabilities of the organization and how they interact.

    1.3 Discuss the business processes running inside and across business capabilities and the datasets involved.

    1.4 Create the Enterprise Business Process Model (EBPM).

    Outputs

    Understanding typical pitfalls (and their causes) of major data management initiatives.

    Business capabilities map

    Business processes map

    Enterprise Business Process Model (EBPM)

    2 Identify Data Pipeline Components

    The Purpose

    Identify data pipeline vertical zones: data creation, accumulation, augmentation, and consumption, as well as horizontal lanes: fast, medium, and slow speed.

    Key Benefits Achieved

    Design the high-level data progression pipeline.

    Activities

    2.1 Review and discuss the concept of a data pipeline in general, as well as the vertical zones: data creation, accumulation, augmentation, and consumption.

    2.2 Identify these zones in the enterprise business model.

    2.3 Review and discuss multi-lane data progression.

    2.4 Identify different speed lanes in the enterprise business model.

    Outputs

    Understanding of a data pipeline design, including its zones.

    EBPM mapping to Data Pipeline Zones

    Understanding of multi-lane data progression

    EBPM mapping to Multi-Speed Data Progression Lanes

    3 Develop the Roadmap

    The Purpose

    Select the right data design patterns for the data pipeline components, as well as an applicable data model industry standard (if available).

    Key Benefits Achieved

    Use of appropriate data design pattern for each zone with calibration on the data progression speed.

    Activities

    3.1 Review and discuss various data design patterns.

    3.2 Discuss and select the data design pattern selection for data pipeline components.

    3.3 Discuss applicability of data model industry standards (if available).

    Outputs

    Understanding of various data design patterns.

    Data Design Patterns mapping to the data pipeline.

    Selection of an applicable data model from available industry standards.

    Build a Strategy for Big Data Platforms

    • Buy Link or Shortcode: {j2store}203|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • The immaturity of the big data market means that organizations lack examples and best practices to follow, and they are often left trailblazing their own paths.
    • Experienced and knowledgeable big data professionals are limited and without creative resourcing; IT might struggle to fill big data positions.
    • The term NoSQL has become a catch-all phrase for big data technologies; however, the technologies falling under the umbrella of NoSQL are disparate and often misunderstood. Organizations are at risk of adopting incorrect technologies if they don’t take the time to learn the jargon.

    Our Advice

    Critical Insight

    • NoSQL plays a key role in the emergence of the big data market, but it has not made relational databases outdated. Successful big data strategies can be conducted using SQL, NoSQL, or a combination of the two.
    • Assign a Data Architect to oversee your initiative. Hire or dedicate someone who has the ability to develop both a short-term and long-term vision and that has hands-on experience with data management, mining and modeling. You will still need someone (like a database administrator) who understands the database, the schemas, and the structure.
    • Understand your data before you attempt to use it. Take a master data management approach to ensure there are rules and standards for managing your enterprise’s data, and take extra caution when integrating external sources.

    Impact and Result

    • Assess whether SQL, NoSQL, or a combination of both technologies will provide you with the appropriate capabilities to achieve your business objectives and gain value from your data.
    • Form a Big Data Team to bring together IT and the business in order to leave a successful initiative.
    • Conduct ongoing training with your personnel to ensure up-to-date skills and end-user understanding.
    • Frequently scan the big data market space to identify new technologies and opportunities to help optimize your big data strategy.

    Build a Strategy for Big Data Platforms Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop a big data strategy

    Know where to start and where to focus attention in the implementation of a big data strategy.

    • Storyboard: Build a Strategy for Big Data Platforms

    2. Assess the appropriateness of big data technologies

    Decide the most correct tools to use in order to solve enterprise data management problems.

    • Big Data Diagnostic Tool

    3. Determine the TCO of a scale out implementation

    Compare the TCO of a SQL (scale up) with a NoSQL (scale out) deployment to determine whether NoSQL will save costs.

    • Scale Up vs. Scale Out TCO Tool
    [infographic]

    Optimize IT Project Intake, Approval, and Prioritization

    • Buy Link or Shortcode: {j2store}433|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $124,419 Average $ Saved
    • member rating average days saved: 31 Average Days Saved
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • Companies are approving more projects than they can deliver. Most organizations say they have too many projects on the go and an unmanageable and ever-growing backlog of things to get to.
    • While organizations want to achieve a high throughput of approved projects, many are unable or unwilling to allocate an appropriate level of IT resourcing to adequately match the number of approved initiatives.
    • Portfolio management practices must find a way to accommodate stakeholder needs without sacrificing the portfolio to low-value initiatives that do not align with business goals.

    Our Advice

    Critical Insight

    • Approve only the right projects that you have capacity to deliver. Failure to align projects with strategic goals and resource capacity are the most common causes of portfolio waste across organizations.
    • More time spent with stakeholders during the ideation phase to help set realistic expectations for stakeholders and enhance visibility into IT’s capacity and processes is key to both project and organizational success.
    • Too much intake red tape will lead to an underground economy of projects that escape portfolio oversight, while too little intake formality will lead to a wild west of approvals that could overwhelm the PMO. Finding the right balance of intake formality for your organization is the key to establishing a PMO that has the ability to focus on the right things.

    Impact and Result

    • Establish an effective scorecard to create transparency into IT’s capacity and processes. This will help set realistic expectations for stakeholders, eliminate “squeaky wheel” prioritization, and give primacy to the highest value requests.
    • Build a centralized process that funnels requests into a single intake channel to eliminate confusion and doubt for stakeholders and staff while also reducing off-the-grid initiatives.
    • Clearly define a series of project approval steps, and communicate requirements for passing them.
    • Develop practices that incorporate the constraint of resource capacity to cap the amount of project approvals to that which is realistic to help improve the throughput of projects through the portfolio.

    Optimize IT Project Intake, Approval, and Prioritization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should optimize project intake, approval, and prioritization process, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Set realistic goals for optimizing project intake, approval, and prioritization process

    Get value early by piloting a scorecard for objectively determining project value, and then examine your current state of project intake to set realistic goals for optimizing the process.

    • Optimize Project Intake, Approval, and Prioritization – Phase 1: Set Realistic Goals for Optimizing Process
    • Project Value Scorecard Development Tool
    • Project Intake Workflow Template - Visio
    • Project Intake Workflow Template - PDF
    • Project Intake, Approval, and Prioritization SOP

    2. Build an optimized project intake, approval, and prioritization process

    Take a deeper dive into each of the three processes – intake, approval, and prioritization – to ensure that the portfolio of projects is best aligned to stakeholder needs, strategic objectives, and resource capacity.

    • Optimize Project Intake, Approval, and Prioritization – Phase 2: Build New Optimized Processes
    • Light Project Request Form
    • Detailed Project Request Form
    • Project Intake Classification Matrix
    • Benefits Commitment Form Template
    • Proposed Project Technology Assessment Tool
    • Fast Track Business Case Template
    • Comprehensive Business Case Template
    • Project Intake and Prioritization Tool

    3. Integrate the new optimized processes into practice

    Plan a course of action to pilot, refine, and communicate the new optimized process using Info-Tech’s expertise in organizational change management.

    • Optimize Project Intake, Approval, and Prioritization – Phase 3: Integrate the New Processes into Practice
    • Intake Process Pilot Plan Template
    • Project Backlog Manager
    • Intake and Prioritization Impact Analysis Tool
    [infographic]

    Workshop: Optimize IT Project Intake, Approval, and Prioritization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Refocus on Project Value to Set Realistic Goals

    The Purpose

    Set the course of action for optimizing project intake, approval, and prioritization by examining the current state of the process, the team, the stakeholders, and the organization as a whole.

    Key Benefits Achieved

    The overarching goal of optimizing project intake, approval, and prioritization process is to maximize the throughput of the best projects. To achieve this goal, one must have a clear way to determine what are “the best” projects.

    Activities

    1.1 Define the criteria with which to determine project value.

    1.2 Envision your target state for your optimized project intake, approval, and prioritization process.

    Outputs

    Draft project valuation criteria

    Examination of current process, definition of process success criteria

    2 Examine, Optimize, and Document the New Process

    The Purpose

    Drill down into, and optimize, each of the project intake, approval, and prioritization process.

    Key Benefits Achieved

    Info-Tech’s methodology systemically fits the project portfolio into its triple constraint of stakeholder needs, strategic objectives, and resource capacity, to effectively address the challenges of establishing organizational discipline for project intake.

    Activities

    2.1 Conduct retrospectives of each process against Info-Tech’s best practice methodology for project intake, approval, and prioritization process.

    2.2 Pilot and customize a toolbox of deliverables that effectively captures the right amount of data developed for informing the appropriate decision makers for approval.

    Outputs

    Documentation of new project intake, approval, and prioritization process

    Tools and templates to aid the process

    3 Pilot, Plan, and Communicate the New Process

    The Purpose

    Reduce the risks of prematurely implementing an untested process.

    Methodically manage the risks associated with organizational change and maximize the likelihood of adoption for the new process.

    Key Benefits Achieved

    Engagement paves the way for smoother adoption. An “engagement” approach (rather than simply “communication”) turns stakeholders into advocates who can help boost your message, sustain the change, and realize benefits without constant intervention or process command-and-control.

    Activities

    3.1 Create a plan to pilot your intake, approval, and prioritization process to refine it before rollout.

    3.2 Analyze the impact of organizational change through the eyes of PPM stakeholders to gain their buy-in.

    Outputs

    Process pilot plan

    Organizational change communication plan

    Further reading

    Optimize IT Project Intake, Approval, and Prioritization

    Decide which IT projects to approve and when to start them.

    ANALYST PERSPECTIVE

    Capacity-constrained intake is the only sustainable path forward.

    "For years, the goal of project intake was to select the best projects. It makes sense and most people take it on faith without argument. But if you end up with too many projects, it’s a bad strategy. Don’t be afraid to say NO or NOT YET if you don’t have the capacity to deliver. People might give you a hard time in the near term, but you’re not helping by saying YES to things you can’t deliver."

    Barry Cousins,

    Senior Director, PMO Practice

    Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • PMO Directors who have trouble with project throughput
    • CIOs who want to improve IT’s responsive-ness to changing needs of the business
    • CIOs who want to maximize the overall business value of IT’s project portfolio

    This Research Will Help You:

    • Align project intake and prioritization with resource capacity and strategic objectives
    • Balance proactive and reactive demand
    • Reduce portfolio waste on low-value projects
    • Manage project delivery expectations and satisfaction of business stakeholders
    • Get optimized project intake processes off the ground with low-cost, high-impact tools and templates

    This Research Will Also Assist:

    • C-suite executives and steering committee members who want to ensure IT’s successful delivery of projects with high business impact
    • Project sponsors and product owners who seek visibility and transparency toward proposed projects

    This Research Will Help Them:

    • Ensure that high-impact projects are approved and delivered in a timely manner
    • Gain clarity and visibility in IT’s project approval process
    • Improve your understanding of IT’s capacity to set more realistic expectations on what gets done

    Executive summary

    Situation

    • As a portfolio manager, you do not have the authority to decline or defer new projects – but you also lack the capacity to realistically say yes to more project work.
    • Stakeholders have unrealistic expectations of what IT can deliver. Too many projects are approved, and it may be unclear why their project is delayed or in a state of suspended animation.

    Complication

    • The cycle of competition is making it increasingly difficult to follow a longer-term strategy during project intake, making it unproductive to approve projects for any horizon longer than one to two years.
    • As project portfolios become more aligned to “transformative” projects, resourcing for smaller, department-level projects becomes increasingly opaque.

    Resolution

    • Establish an effective scorecard to create transparency into IT’s capacity and processes. This will help set realistic expectations for stakeholders, eliminate “squeaky wheel” prioritization, and give primacy to the highest value requests.
    • Build a centralized process that funnels requests into a single intake channel to eliminate confusion and doubt for stakeholders and staff while also reducing off-the-grid initiatives.
    • Clearly define a series of project approval steps, and communicate requirements for passing them.
    • Developing practices that incorporate the constraint of resource capacity to cap the amount of project approvals to that which is realistic will help improve the throughput of projects through the portfolio.

    Info-Tech Insight

    1. Approve only the right projects… Counterbalance stakeholder needs with strategic objectives of the business and that of IT, in order to maintain the value of your project portfolio at a high level.
    2. …that you have capacity to deliver. Resource capacity-informed project approval process enables you to avoid biting off more than you can chew and, over time, build a track record of fulfilling promises to deliver on projects.

    Most organizations are good at approving projects, but bad at starting them – and even worse at finishing them

    Establishing project intake discipline should be a top priority from a long-term strategy and near-term tactical perspective.

    Most organizations approve more projects than they can finish. In fact, many approve more than they can even start, leading to an ever-growing backlog where project ideas – often good ones – are never heard from again.

    The appetite to approve more runs directly counter to the shortage of resources that plagues most IT departments. This tension of wanting more from less suggests that IT departments need to be more disciplined in choosing what to take on.

    Info-Tech’s data shows that most IT organizations struggle with their project backlog (Source: N=397 organizations, Info-Tech Research Group PPM Current State Scorecard, 2017).

    “There is a minimal list of pending projects”

    A bar graph is depicted. It has 5 bars to show that when it comes to minimal lists of pending projects, 34% strongly disagree, 35% disagree, and 21% are ambivalent. Only 7% agree and 3% strongly agree.

    “Last year we delivered the number of projects we anticipated at the start of the year”

    A bar graph is depicted. It has 5 bars to show that when it comes to the number of projects anticipated at the start of the year, they were delivered. Surveyors strongly disagreed at 24%, disagreed at 31%, and were ambivalent at 30%. Only 13% agreed and 2% strongly agreed.

    The concept of fiduciary duty demonstrates the need for better discipline in choosing what projects to take on

    Unless someone is accountable for making the right investment of resource capacity for the right projects, project intake discipline cannot be established effectively.

    What is fiduciary duty?

    Officers and directors owe their corporation the duty of acting in the corporation’s best interests over their own. They may delegate the responsibility of implementing the actions, but accountability can't be delegated; that is, they have the authority to make choices and are ultimately answerable for them.

    No question is more important to the organization’s bottom line. Projects directly impact the bottom line because they require investment of resource time and money for the purposes of realizing benefits. The scarcity of resources requires that choices be made by those who have the right authority.

    Who approves your projects?

    Historically, the answer would have been the executive layer of the organization. However, in the 1990s management largely abdicated its obligation to control resources and expenditures via “employee empowerment.”

    Controls on approvals became less rigid, and accountability for choosing what to do (and not do) shifted onto the shoulders of the individual worker. This creates a current paradigm where no one is accountable for the malinvestment…

    …of resources that comes from approving too many projects. Instead, it’s up to individual workers to sink or swim as they attempt to reconcile, day after day, seemingly infinite organizational demand with their finite supply of working hours.

    Ad hoc project selection schemes do not work

    Without active management, reconciling the imbalance between demand with available work hours is a struggle that results largely in one of these two scenarios:

    “Squeaky wheel”: Projects with the most vocal stakeholders behind them are worked on first.

    • IT is seen to favor certain lines of business, leading to disenfranchisement of other stakeholders.
    • Everything becomes the highest priority, which reinforces IT’s image as a firefighter, rather than a business value contributor
    • High-value projects without vocal support never get resourced; opportunities are missed.

    “First in, first out”: Projects are approved and executed in the order they are requested.

    • Urgent or important projects for the business languish in the project backlog; opportunities are missed.
    • Low-value projects dominate the project portfolio.
    • Stakeholders leave IT out of the loop and resort to “underground economy” for getting their needs addressed.

    80% of organizations feel that their portfolios are dominated by low-value initiatives that do not deliver value to the business (Source: Cooper).

    Approve the right projects that you have capacity to deliver by actively managing the intake of projects

    Project intake, approval, and prioritization (collectively “project intake”) reconciles the appetite for new projects with available resource capacity and strategic goals.

    Project intake is a key process of project portfolio management (PPM). The Project Management Institute (PMI) describes PPM as:

    "Interrelated organizational processes by which an organization evaluates, selects, prioritizes, and allocates its limited internal resources to best accomplish organizational strategies consistent with its vision, mission, and values."

    (PMI, Standard for Portfolio Management, 3rd ed.)

    Triple Constraint Model of the Project Portfolio

    Project Intake:

    • Stakeholder Need
    • Strategic Objectives
    • Resource Capacity

    All three components are required for the Project Portfolio

    Organizations practicing PPM recognize available resource capacity as a constraint and aim to select projects – and commit the said capacity – to projects that:

    1. Best satisfy the stakeholder needs that constantly change with the market
    2. Best align to the strategic objectives and contribute the most to business
    3. Have sufficient resource capacity available to best ensure consistent project throughput

    92% vs. 74%: 92% of high-performing organizations in PPM report that projects are well aligned to strategic initiatives vs. 74% of low performers (PMI, 2015).

    82% vs. 55%: 82% of high-performing organizations in PPM report that resources are effectively reallocated across projects vs. 55% of low performers (PMI, 2015)

    Info-Tech’s data demonstrates that optimizing project intake can also improve business leaders’ satisfaction of IT

    CEOs today perceive IT to be poorly aligned to business’ strategic goals:

    43% of CEOs believe that business goals are going unsupported by IT (Source: Info-Tech’s CEO-CIO Alignment Survey (N=124)).

    60% of CEOs believe that improvement is required around IT’s understanding of business goals (Source: Info-Tech’s CEO-CIO Alignment Survey (N=124)).

    Business leaders today are generally dissatisfied with IT:

    30% of business stakeholders are supporters of their IT departments (Source: Info-Tech’s CIO Business Vision Survey (N=21,367)).

    The key to improving business satisfaction with IT is to deliver on projects that help the business achieve its strategic goals:

    A chart is depicted to show a list of reported important projects, and then reordering the projects based on actual importance.
    Source: Info-Tech’s CIO Business Vision Survey (N=21,367)

    Optimized project intake not only improves the project portfolio’s alignment to business goals, but provides the most effective way to improve relationships with IT’s key stakeholders.

    Benchmark your own current state with overall & industry-specific data using Info-Tech’s Diagnostic Program.

    However, establishing organizational discipline for project intake, approval, and prioritization is difficult

    Capacity awareness

    Many IT departments struggle to realistically estimate available project capacity in a credible way. Stakeholders question the validity of your endeavor to install capacity-constrained intake process, and mistake it for unwillingness to cooperate instead.

    Many moving parts

    Project intake, approval, and prioritization involve the coordination of various departments. Therefore, they require a great deal of buy-in and compliance from multiple stakeholders and senior executives.

    Lack of authority

    Many PMOs and IT departments simply lack the ability to decline or defer new projects.

    Unclear definition of value

    Defining the project value is difficult because there are so many different and conflicting ways that are all valid in their own right. However, without it, it's impossible to fairly compare among projects to select what's "best."

    Establishing intake discipline requires a great degree of cooperation and conformity among stakeholders that can be cultivated through strong processes.

    Info-Tech’s intake, approval, and prioritization methodology systemically fits the project portfolio to its triple constraint

    Info-Tech’s Methodology

    Info-Tech’s Methodology
    Project Intake Project Approval Project Prioritization
    Project requests are submitted, received, triaged, and scoped in preparation for approval and prioritization. Business cases are developed, evaluated, and selected (or declined) for investment, based on estimated value and feasibility. Work is scheduled to begin, based on relative value, urgency, and availability of resources.
    Stakeholder Needs Strategic Objectives Resource Capacity
    Project Portfolio Triple Constraint

    Info-Tech’s methodology for optimizing project intake delivers extraordinary value, fast

    In the first step of the blueprint, you will prototype a set of scorecard criteria for determining project value.

    Our methodology is designed to tackle your hardest challenge first to deliver the highest-value part of the deliverable. Since the overarching goal of optimizing project intake, approval, and prioritization process is to maximize the throughput of the best projects, one must define how “the best projects” are determined.

    In nearly all instances…a key challenge for the PPM team is reaching agreement over how projects should rank.

    – Merkhofer

    A Project Value Scorecard will help you:

    • Evolve the discussions on project and portfolio value beyond a theoretical concept
    • Enable apples-to-apples comparisons amongst many different kinds of projects

    The Project Value Scorecard Development Tool is designed to help you develop the project valuation scheme iteratively. Download the pre-filled tool with content that represents a common case, and then, customize it with your data.

    A screenshot of Info-Tech's Project Value Scorecard Development Tool

    This blueprint provides a clear path to maximizing your chance of success in optimizing project intake

    Info-Tech’s practical, tactical research is accompanied by a suite of tools and templates to accelerate your process optimization efforts.

    Organizational change and stakeholder management are critical elements of optimizing project intake, approval, and prioritization processes because they require a great degree of cooperation and conformity among stakeholders, and the list of key stakeholders are long and far-reaching.

    This blueprint will provide a clear path to not only optimize the processes themselves, but also for the optimization effort itself. This research is organized into three phases, each requiring a few weeks of work at your team’s own pace – or all in one week, through a workshop facilitated by Info-Tech analysts.

    Set Realistic Goals for Optimizing Project Intake, Approval, and Prioritization

    Tools and Templates:

    • Project Value Scorecard Development Tool (.xlsx)
    • PPM Assessment Report (Info-Tech Diagnostics)
    • Standard Operating Procedure Template (.docx)

    Build Optimized Project Intake, Approval, and Prioritization Processes

    Tools and Templates:

    • Project Request Forms (.docx)
    • Project Classification Matrix (.xlsx)
    • Benefits Commitment Form (.xlsx)
    • Proposed Project Technology Assessment Tool (.xlsx)
    • Business Case Templates (.docx)
    • Intake and Prioritization Tool (.xlsx)

    Integrate the Newly Optimized Processes into Practice

    Tools and Templates:

    • Process Pilot Plan Template (.docx)
    • Impact Assessment and Communication Planning Tool (.xlsx)

    Info-Tech’s approach to PPM is informed by industry best practices and rooted in practical insider research

    Info-Tech uses PMI and ISACA frameworks for areas of this research.

    The logo for PMI is in the picture.

    PMI’s Standard for Portfolio Management, 3rd ed. is the leading industry framework, proving project portfolio management best practices and process guidelines.

    The logo for COBIT 5 is in the picture.

    COBIT 5 is the leading framework for the governance and management of enterprise IT.

    In addition to industry-leading frameworks, our best-practice approach is enhanced by the insights and guidance from our analysts, industry experts, and our clients.

    Info-Tech's logo is shown.

    33,000+

    Our peer network of over 33,000 happy clients proves the effectiveness of our research.

    1,000+

    Our team conducts 1,000+ hours of primary and secondary research to ensure that our approach is enhanced by best practices.

    Deliver measurable project intake success for your organization with this blueprint

    Measure the value of your effort to track your success quantitatively and demonstrate the proposed benefits, as you aim to do so with other projects through improved PPM.

    Optimized project intake, approval, and prioritization processes lead to a high PPM maturity, which will improve the successful delivery and throughput of your projects, resource utilization, business alignment, and stakeholder satisfaction ((Source: BCG/PMI).

    A double bar graph is depicted to show high PPM maturity yields measurable benefits. It covers 4 categories: Management for individual projects, financial performance, strategy implementation, and organizational agility.

    Measure your success through the following metrics:

    • Reduced turnaround time between project requests and initial scoping
    • Number of project proposals with articulated benefits
    • Reduction in “off-the-grid” projects
    • Team satisfaction and workplace engagement
    • PPM stakeholder satisfaction score from business stakeholders: see Info-Tech’s PPM Customer Satisfaction Diagnostics

    $44,700: In the past 12 months, Info-Tech clients have reported an average measured value of $44,700 from undertaking a guided implementation of this research.

    Add your own organization-specific goals, success criteria, and metrics by following the steps in the blueprint.

    Case Study: Financial Services PMO prepares annual planning process with Project Value Scorecard Development Tool

    CASE STUDY

    Industry: Financial Services

    Source: Info-Tech Client

    Challenge

    PMO plays a diverse set of roles, including project management for enterprise projects (i.e. PMI’s “Directive” PMO), standards management for department-level projects (i.e. PMI’s “Supportive” PMO), process governance of strategic projects (i.e. PMI’s “Controlling” PMO), and facilitation / planning / reporting for the corporate business strategy efforts (i.e. Enterprise PMO).

    To facilitate the annual planning process, the PMO needed to develop a more data-driven and objective project intake process that implicitly aligned with the corporate strategy.

    Solution

    Info-Tech’s Project Value Scorecard tool was incorporated into the strategic planning process.

    Results

    The scorecard provided a simple way to list the competing strategic initiatives, objectively score them, and re-sort the results on demand as the leadership chooses to switch between ranking by overall score, project value, ability to execute, strategic alignment, operational alignment, and feasibility.

    The Project Value Scorecard provided early value with multiple options for prioritized rankings.

    A screenshot of the Project Value Scorecard is shown in the image.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Optimize Project Intake, Approval, and Prioritization – project overview

    1. Set Realistic Goals for Optimizing Process 2. Build New Optimized Processes 3. Integrate the New Processes into Practice
    Best-Practice Toolkit

    1.1 Define the criteria with which to determine project value.


    2.1 Streamline intake to manage stakeholder expectations.

    2.2 Set up steps of project approval to maximize strategic alignment while right-sizing the required effort.

    2.3 Prioritize projects to maximize the value of the project portfolio within the constraint of resource capacity.

    3.1 Pilot your intake, approval, and prioritization process to refine it before rollout.

    3.2 Analyze the impact of organizational change through the eyes of PPM stakeholders to gain their buy-in.

    Guided Implementations
    • Introduce Project Value Scorecard Development Tool and pilot Info-Tech’s example scorecard on your own backlog.
    • Map current project intake, approval, and prioritization process and key stakeholders.
    • Set realistic goals for process optimization.
    • Improve the management of stakeholder expectations with an optimized intake process.
    • Improve the alignment of the project portfolio to strategic objectives with an optimized approval process.
    • Enable resource capacity-constrained greenlighting of projects with an optimized prioritization process.
    • Create a process pilot strategy with supportive stakeholders.
    • Conduct a change impact analysis for your PPM stakeholders to create an effective communication strategy.
    • Roll out the new process and measure success.
    Onsite Workshop

    Module 1:

    Refocus on Project Value to Set Realistic Goals for Optimizing Project Intake, Approval, and Prioritization Process

    Module 2:

    Examine, Optimize, and Document the New Project Intake, Approval, and Prioritization Process

    Module 3:

    Pilot, Plan, and Communicate the New Process and Its Required Organizational Changes

    Phase 1 Outcome:
    • Draft project valuation criteria
    • Examination of current process
    • Definition of process success criteria
    Phase 2 Outcome:
    • Documentation of new project intake, approval, and prioritization process
    • Tools and templates to aid the process
    Phase 3 Outcome:
    • Process pilot plan
    • Organizational change communication plan

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities

    Benefits of optimizing project intake and project value definition

    1.1 Complete and review PPM Current State Scorecard Assessment

    1.2 Define project value for the organization

    1.3 Engage key PPM stakeholders to iterate on the scorecard prototype

    Set realistic goals for process optimization

    2.1 Map current intake, approval, and prioritization workflow

    2.2 Enumerate and prioritize process stakeholders

    2.3 Determine the current and target capability levels

    2.4 Define the process success criteria and KPIs

    Optimize project intake and approval processes

    3.1 Conduct focused retrospectives for project intake and approval

    3.2 Define project levels

    3.3 Optimize project intake processes

    3.4 Optimize project approval processes

    3.5 Compose SOP for intake and approval

    3.6 Document the new intake and approval workflow

    Optimize project prioritization process plan for a process pilot

    4.1 Conduct focused retrospective for project prioritization

    4.2 Estimate available resource capacity

    4.3 Pilot Project Intake and Prioritization Tool with your project backlog

    4.4 Compose SOP for prioritization

    4.5 Document the new prioritization workflow

    4.6 Discuss process pilot

    Analyze stakeholder impact and create communication strategy

    5.1 Analyze stakeholder impact and responses to impending organization change

    5.2 Create message canvas for at-risk change impacts and stakeholders

    5.3 Set course of action for communicating change

    Deliverables
    1. PPM Current State Scorecard
    2. Project Value Scorecard prototype
    1. Current intake, approval, and prioritization workflow
    2. Stakeholder register
    3. Intake process success criteria
    1. Project request form
    2. Project level classification matrix
    3. Proposed project deliverables toolkit
    4. Customized intake and approval SOP
    5. Flowchart for the new intake and approval workflow
    1. Estimated resource capacity for projects
    2. Customized Project Intake and Prioritization Tool
    3. Customized prioritization SOP
    4. Flowchart for the new prioritization workflow
    5. Process pilot plan
    1. Completed Intake and Prioritization Impact Analysis Tool
    2. Communication strategy and plan

    Phase 1

    Set Realistic Goals for Optimizing Project Intake, Approval, and Prioritization Process

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Set Realistic Goals for Project Intake, Approval, and Prioritization Process Proposed Time to Completion: 1-2 weeks

    Step 1.1: Define the project valuation criteria

    Start with an analyst kick-off call:

    • Discuss how a project value is currently determined
    • Introduce Info-Tech’s scorecard-driven project valuation approach

    Then complete these activities…

    • Create a first-draft version of a project value-driven prioritized list of projects
    • Review and iterate on the scorecard criteria

    With these tools & templates:

    Project Value Scorecard Development Tool

    Step 1.2: Envision your process target state

    Start with an analyst kick-off call:

    • Introduce Info-Tech’s project intake process maturity model
    • Discuss the use of Info-Tech’s Diagnostic Program for an initial assessment of your current PPM processes

    Then complete these activities…

    • Map your current process workflow
    • Enumerate and prioritize your key stakeholders
    • Define process success criteria

    With these tools & templates:

    Project Intake Workflow Template

    Project Intake, Approval, and Prioritization SOP Template

    Phase 1 Results & Insights:
    • The overarching goal of optimizing project intake, approval, and prioritization process is to maximize the throughput of the best projects. To achieve this goal, one must have a clear way to determine what are “the best” projects.

    Get to value early with Step 1.1 of this blueprint

    Define how to determine a project’s value and set the stage for maximizing the value of your project portfolio using Info-Tech’s Project Value Scorecard Development Tool.

    Where traditional models of consulting can take considerable amounts of time before delivering value to clients, Info-Tech’s methodology for optimizing project intake, approval, and prioritization process gets you to value fast.

    The overarching goal of optimizing project intake, approval, and prioritization process is to maximize the throughput of the best projects. To achieve this goal, one must have a clear way to determine what are “the best” projects.

    In the first step of this blueprint, you will pilot a multiple-criteria scorecard for determining project value that will help answer that question. Info-Tech’s Project Value Scorecard Development Tool is pre-populated with a ready-to-use, real-life example that you can leverage as a starting point for tailoring it to your organization – or adopt as is.

    Introduce objectivity and clarity to your discussion of maximizing the value of your project portfolio with Info-Tech’s practical IT research that drives measurable results.

    Download Info-Tech’s Project Value Scorecard Development Tool.

    A screenshot of Info-Tech's Project Value Scorecard Development Tool

    Step 1.1: Define the criteria with which to determine project value

    PHASE 1 PHASE 2 PHASE 3

    1.1

    Define project valuation criteria

    1.2

    Envision process target state

    2.1

    Streamline intake

    2.2

    Right-size approval steps

    2.3

    Prioritize projects to fit resource capacity

    3.1

    Pilot your optimized process

    3.2

    Communicate organizational change

    This step will walk you through the following activities:

    • Learn how to use the Project Value Scorecard Development Tool
    • Create a first-draft version of a project value-driven prioritized list of projects

    This step involves the following participants:

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts
    • CIO (optional)

    Outcomes of this step

    • Understand the importance of devising a consensus criteria for project valuation.
    • Try a project value scorecard-driven prioritization process with your currently proposed.
    • Set the stage for optimizing project intake, approval, and prioritization processes.

    Intake, Approval, and Prioritization is a core process in Info-Tech’s project portfolio management (PPM) framework

    PPM is an infrastructure around projects that aims to ensure that the best projects are worked on at the right time with the right people.

    PPM’s goal is to maximize the throughput of projects that provide strategic and operational value to the organization. To do this, a PPM strategy must help to:

    Info-Tech's Project Portfolio Management Process Model
    3. Status & Progress Reporting
    1. Intake, Approval & Prioritization 2. Resource Management 3. Project Management 4. Project Closure 5. Benefits Tracking
    Intake Execution Closure
    1. Select the best projects
    2. Pick the right time and people to execute the projects
    3. Make sure the projects are okay
    4. Make sure the projects get done
    5. Make sure they were worth doing

    If you don’t yet have a PPM strategy in place, or would like to revisit your existing PPM strategy before optimizing your project intake, approval, and prioritization practices, see Info-Tech’s blueprint, Develop a Project Portfolio Management Strategy.

    A screenshot of Info-Tech's blueprint Develop a Project Portfolio Management Strategy is shown.

    “Too many projects, not enough resources” is the reality of most IT environments

    A profound imbalance between demand (i.e. approved project work and service delivery commitments) and supply (i.e. people’s time) is the top challenge IT departments face today.

    In today’s organizations, the desires of business units for new products and enhancements, and the appetites of senior leadership to approve more and more projects for those products and services, far outstrip IT’s ability to realistically deliver on everything.

    The vast majority of IT departments lack the resourcing to meet project demand – especially given the fact that day-to-day operational demands frequently trump project work.

    As a result, project throughput suffers – and with it, IT’s reputation within the organization.

    An image is depicted that has several projects laid out near a scale filling one side of it and off of it. On the other part of the scale which is higher, has an image of people in it to help show the relationship between resource supply and project demand.

    Info-Tech Insight

    Where does the time go? The portfolio manager (or equivalent) should function as the accounting department for time, showing what’s available in IT’s human resources budget for projects and providing ongoing visibility into how that budget of time is being spent.

    Don’t weigh your portfolio down by starting more than you can finish

    Focus on what will deliver value to the organization and what you can realistically deliver.

    Most of the problems that arise during the lifecycle of a project can be traced back to issues that could have been mitigated during the initiation phase.

    More than simply a means of early problem detection at the project level, optimizing your initiation processes is also the best way to ensure the success of your portfolio. With optimized intake processes you can better guarantee:

    • The projects you are working on are of high value
    • Your project list aligns with available resource capacity
    • Stakeholder needs are addressed, but stakeholders do not determine the direction of the portfolio

    80% of organizations feel their portfolios are dominated by low-value initiatives that do not deliver value to the business (Source: Cooper).

    "(S)uccessful organizations select projects on the basis of desirability and their capability to deliver them, not just desirability" (Source: John Ward, Delivering Value from Information Systems and Technology Investments).

    Establishing project value is the first – and difficult – step for optimizing project intake, approval, and prioritization

    What is the best way to “deliver value to the organization”?

    Every organization needs to explicitly define how to determine project value that will fairly represent all projects and provide a basis of comparison among them during approval and prioritization. Without it, any discussions on reducing “low-value initiatives” from the previous slide cannot yield any actionable plan.

    However, defining the project value is difficult, because there are so many different and conflicting ways that are all valid in their own right and worth considering. For example:

    • Strategic growth vs. operational stability
    • Important work vs. urgent work
    • Return on investment vs. cost containment
    • Needs of a specific line of business vs. business-wide needs
    • Financial vs. intangible benefits

    This challenge is further complicated by the difficulty of identifying the right criteria for determining project value:

    Managers fail to identify around 50% of the important criteria when making decisions (Source: Transparent Choice).

    Info-Tech Insight

    Sometimes it can be challenging to show the value of IT-centric, operational-type projects that maintain critical infrastructure since they don’t yield net-new benefits. Remember that benefits are only half the equation; you must also consider the costs of not undertaking the said project.

    Find the right mix of criteria for project valuation with Info-Tech’s Project Value Scorecard Development Tool

    Scorecard-driven approach is an easy-to-understand, time-tested solution to a multiple-criteria decision-making problem, such as project valuation.

    This approach is effective for capturing benefits and costs that are not directly quantifiable in financial terms. Projects are evaluated on multiple specific questions, or criteria, that each yield a score on a point scale. The overall score is calculated as a weighted sum of the scores.

    Info-Tech’s Project Value Scorecard is pre-populated with a best-practice example of eight criteria, two for each category (see box at bottom right). This example helps your effort to develop your own project scorecard by providing a solid starting point:

    60%: On their own, decision makers could only identify around 6 of their 10 most important criteria for making decisions (Source: Transparent Choice).

    Finally, in addition, the overall scores of approved projects can be used as a metric on which success of the process can be measured over time.

    Download Info-Tech’s Project Value Scorecard Development Tool.

    A screenshot of Info-Tech's Project Value Scorecard Development Tool

    Categories of project valuation criteria

    • Strategic alignment: projects must be aligned with the strategic goals of the business and IT.
    • Operational alignment: projects must be aligned with the operational goals of the business and IT.
    • Feasibility: practical considerations for projects must be taken into account in selecting projects.
    • Financial: projects must realize monetary benefits, in increased revenue or decreased costs, while posing as little risk of cost overrun as possible.

    Review the example criteria and score description in the Project Value Scorecard Development Tool

    1.1.1 Project Value Scorecard Development Tool, Tab 2: Evaluation Criteria

    This tab lists eight criteria that cover strategic alignment, operational alignment, feasibility, and financial benefits/risks. Each criteria is accompanied by a qualitative score description to standardize the analysis across all projects and analysts. While this tool supports up to 15 different criteria, it’s better to minimize the number of criteria and introduce additional ones as the organization grows in PPM maturity.

    A screenshot of Info-Tech's Project Value Scorecard Development Tool, Tab 2: Evaluation Criteria

    Type: It is useful to break down projects with similar overall scores by their proposed values versus ease of execution.

    Scale: Five-point scale is not required for this tool. Use more or less granularity of description as appropriate for each criteria.

    Blank Criteria: Rows with blank criteria are greyed out. Enter a new criteria to turn on the row.

    Score projects and search for the right mix of criteria weighting using the scorecard tab

    1.1.1 Project Value Scorecard Development Tool, Tab 3: Project Scorecard

    In this tab, you can see how projects are prioritized when they are scored according to the criteria from the previous tab. You can enter the scores of up to 30 projects in the scorecard table (see screenshot to the right).

    A screenshot of Info-Tech's Project Value Scorecard Development Tool, Tab 3: Project Scorecard is shown.

    Value (V) or Execution (E) & Relative Weight: Change the relative weights of each criteria and review any changes to the prioritized list of projects change, whose rankings are updated automatically. This helps you iterate on the weights to find the right mix.

    Feasibility: Custom criteria category labels will be automatically updated.

    A screenshot of Info-Tech's Project Value Scorecard Development Tool, Tab 3: Project Scorecard is shown.

    Overall: Choose the groupings of criteria by which you want to see the prioritized list. Available groupings are:

    • Overall score
    • By value or by execution
    • By category

    Ranks and weighted scores for each project is shown.

    For example, click on the drop-down and choose “Execution.”

    A screenshot of Info-Tech's Project Value Scorecard Development Tool, Tab 3: Project Scorecard is shown.

    Project ranks are based only on execution criteria.

    Create a first-draft version of a project value-driven prioritized list of projects

    1.1.1 Estimated Time: 60 minutes

    Follow the steps below to test Info-Tech’s example Project Value Scorecard and examine the prioritized list of projects.

    1. Using your list of proposed, ongoing, and completed projects, identify a representative sample of projects in your project portfolio, varying in size, scope, and perceived value – about 10-20 of them.
    2. Arrange these projects in the order of priority using any processes or prioritization paradigm currently in place in your organization.
    • In the absence of formal process, use your intuition, as well as knowledge of organizational priorities, and your stakeholders.
  • Use the example criteria and score description in Tab 2 of Info-Tech’s Project Value Scorecard Development Tool to score the same list of projects:
    • Avoid spending too much time at this step. Prioritization criteria will be refined in the subsequent parts of the blueprint.
    • If multiple scorers are involved, allow some overlap to benchmark for consistency.
  • Enter the scores in Tab 3 of the tool to obtain the first-draft version of a project value-driven prioritized project list. Compare it with your list from Step 2.
  • INPUT

    • Knowledge of proposed, ongoing, and completed projects in your project portfolio

    OUTPUT

    • Prioritized project lists

    Materials

    • Project Value Scorecard Development Tool

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts
    • CIO (optional)

    Iterate on the scorecard to set the stage for optimizing project intake, approval, and prioritization

    1.1.2 Estimated Time: 60 minutes

    Conduct a retrospective of the previous activity by asking these questions:

    • How smooth was the overall scoring experience (Step 3 of Activity 1.1.1)?
    • Did you experience challenges in interpreting and applying the example project valuation criteria? Why? (e.g. lack of information, absence of formalized business strategic goals, too much room for interpretation in scoring description)
    • Did the prioritized project list agree with your intuition?

    Iterate on the project valuation criteria:

    • Manipulate the relatives weights of valuation criteria to fine-tune them.
    • Revise the scoring descriptions to provide clarity or customize them to better fit your organization’s needs, then update the project scores accordingly.
    • For projects that did not score well, will this cause concern from any stakeholders? Are the concerns legitimate? If so, this may indicate the need for inclusion of new criteria.
    • For projects that score too well, this may indicate a bias toward a specific type of project or group of stakeholders. Try adjusting the relative weights of existing criteria.

    INPUT

    • Activity 1.1.1

    OUTPUT

    • Retrospective on project valuation
    • Review of project valuation criteria

    Materials

    • Project Value Scorecard Development Tool

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts
    • CIO (optional)

    Next steps: engage key PPM stakeholders to reach a consensus when establishing how to determine project value

    Engage these key players to create the evaluation criteria that all stakeholders will support:

    • Business units: Projects are undertaken to provide value to the business. Senior management from business units must help define how project will be valued.
    • IT: IT must ensure that technical/practical considerations are taken into account when determining project value.
    • Finance: The CFO or designated representative will ensure that estimated project costs and benefits can be used to manage the budget.
    • PMO: PMO is the administrator of the project portfolio. PMO must provide coordination and support to ensure the process operates smoothly and its goals are realized.
    • Business analysts: BAs carry out the evaluation of project value. Therefore, their understanding of the evaluation criteria and the process as a whole are critical to the success of the process.
    • Project sponsors: Project sponsors are accountable for the realization of benefits for which projects are undertaken.

    Optimize the process with the new project value definition to focus your discussion with stakeholders

    This blueprint will help you not only optimize the process, but also help you work with your stakeholders to realize the benefits of the optimized process.

    In this step, you’ve begun improving the definition of project value. Getting it right will require several more iterations and will require a series of discussions with your key stakeholders.

    The optimized intake process built around the new definition of project value will help evolve a conceptual discussion about project value into a more practical one. The new process will paint a picture of what the future state will look like for your stakeholders’ requested projects getting approved and prioritized for execution, so that they can provide feedback that’s concrete and actionable. To help you with that process, you will be taken through a series of activities to analyze the impact of change on your stakeholders and create a communication plan in the last phase of the blueprint.

    For now, in the next step of this blueprint, you will undergo a series of activities to assess your current state to identify the specific areas for process optimization.

    "To find the right intersection of someone’s personal interest with the company’s interest on projects isn’t always easy. I always try to look for the basic premise that you can get everybody to agree on it and build from there… But it’s sometimes hard to make sure that things stick. You may have to go back three or four times to the core agreement."

    -Eric Newcomer

    Step 1.2: Envision your target state for your optimized project intake, approval, and prioritization process

    PHASE 1 PHASE 2 PHASE 3

    1.1

    Define project valuation criteria

    1.2

    Envision process target state

    2.1

    Streamline intake

    2.2

    Right-size approval steps

    2.3

    Prioritize projects to fit resource capacity

    3.1

    Pilot your optimized process

    3.2

    Communicate organizational change

    This step will walk you through the following activities:

    • Map your current project intake, approval, and prioritization workflow, and document it in a flowchart
    • Enumerate and prioritize your key process stakeholders
    • Determine your process capability level within Info-Tech’s Framework
    • Establish your current and target states for project intake, approval, and prioritization process

    This step involves the following participants:

    • CIO
    • PMO Director/Portfolio Manager
    • Project Managers
    • Business Analysts
    • Other PPM stakeholders

    Outcomes of this step

    • Current project intake, approval, and prioritization process is mapped out and documented in a flowchart
    • Key process stakeholders are enumerated and prioritized to inform future discussion on optimizing processes
    • Current and target organizational process capability levels are determined
    • Success criteria and key performance indicators for process optimization are defined

    Use Info-Tech’s Diagnostic Program for an initial assessment of your current PPM processes

    This step is highly recommended but not required. Call 1-888-670-8889 to inquire about or request the PPM Diagnostics.

    Info-Tech's Project Portfolio Management Assessmentprovides you with a data-driven view of the current state of your portfolio, including your intake processes. Our PPM Assessment measures and communicates success in terms of Info-Tech’s best practices for PPM.

    A screenshot of Info-Tech's Project Portfolio Management Assessment blueprint is shown.

    Use the diagnostic program to:

    • Assess resource utilization across the portfolio.
    • Determine project portfolio reporting completeness.
    • Solicit feedback from your customers on the clarity of your portfolio’s business goals.
    • Rate the overall quality of your project management practices and benchmark your rating over time.
    A screenshot of Info-Tech's Project Portfolio Management Assessment blueprint is shown.

    Scope your process optimization efforts with Info-Tech’s high-level intake, approval, and prioritization workflow

    Info-Tech recommends the following workflow at a high level for a capacity-constrained intake process that aligns to strategic goals and stakeholder need.

    • Intake (Step 2.1)*
      • Receive project requests
      • Triage project requests and assign a liaison
      • High-level scoping & set stakeholder expectations
    • Approval (Step 2.2)*
      • Concept approval by project sponsor
      • High-level technical solution approval by IT
      • Business case approval by business
      • Resource allocation & greenlight projects
    • Prioritization (Step 2.3)*
      • Update project priority scores & available project capacity
      • Identify high-scoring and “on-the-bubble” projects
      • Recommend projects to greenlight or deliberate

    * Steps denote the place in the blueprint where the steps are discussed in more detail.

    Use this workflow as a baseline to examine your current state of the process in the next slide.

    Map your current project intake, approval, and prioritization workflow

    1.2.1 Estimated Time: 60-90 minutes

    Conduct a table-top planning exercise to map out the processes currently in place for project intake, approval, and prioritization.

    1. Use white 4”x6” recipe cards / large sticky notes to write out unique steps of a process. Use the high-level process workflow from the previous slides as a guide.
    2. Arrange the steps into chronological order. Benchmark the arrangement through a group discussion.
    3. Use green cards to identify artifacts or deliverables that result from a step.
    4. Use yellow cards to identify who does the work (i.e. responsible parties), and who makes the decisions (i.e. accountable party). Keep in mind that while multiple parties may be responsible, accountability cannot be shared and only a single party can be accountable for a process.
    5. Use red cards to identify issues, problems, or risks. These are opportunities for optimization.

    INPUT

    • Documentation describing the current process (e.g. standard operating procedures)
    • Info-Tech’s high-level intake workflow

    OUTPUT

    • Current process, mapped out

    Materials

    • 4x6” recipe cards
    • Whiteboard

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts
    • Other PPM stakeholders

    Document the current project intake, approval, and prioritization workflow in a flowchart

    1.2.2 Estimated Time: 60 minutes

    Document the results of the previous table-top exercise (Activity 1.1.1) into a flow chart. Flowcharts provide a bird’s-eye view of process steps that highlight the decision points and deliverables. In addition, swim lanes can be used to indicate process stages, task ownership, or responsibilities (example below).

    An example is shown for activity 1.2.2

    Review and customize section 1.2, “Overall Process Workflow” in Info-Tech’s Project Intake, Approval, and Prioritization SOP Template.

    "Flowcharts are more effective when you have to explain status and next steps to upper management."

    – Assistant Director-IT Operations, Healthcare Industry

    Browser-based flowchart tool examples

    INPUT

    • Mapped-out project intake process (Activity 1.2.1)

    OUTPUT

    • Flowchart representation of current project intake workflow

    Materials

    • Microsoft Visio, flowchart software, or Microsoft PowerPoint

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts

    Example of a project intake, approval, and prioritization flow chart – without swim lanes

    An example project intake, approval, and prioritization flow chart without swim lanes is shown.

    Example of a project intake, approval, and prioritization flow chart – with swim lanes

    An example project intake, approval, and prioritization flow chart with swim lanes is shown.

    Download Info-Tech’s Project Intake Workflow Template (Visio and PDF)

    Enumerate your key stakeholders for optimizing intake, approval, and prioritization process

    1.2.3 30-45 minutes

    In the previous activity, accountable and responsible stakeholders for each of the steps in the current intake, approval, and prioritization process were identified.

    1. Based on your knowledge and insight of your organization, ensure that all key stakeholders with accountable and responsible stakeholders are accounted for in the mapped-out process. Note any omissions: it may indicate a missing step, or that the stakeholder ought to be, but are not currently, involved.
    2. For each step, identify any stakeholders that are currently consulted or informed. Then, examine the whole map and identify any other stakeholders that ought to be consulted or informed.
    3. Compile a list of stakeholders from steps 1-2, and write each of their names in two sticky notes.
    4. Put both sets of sticky notes on a wall. Use the wisdom-of-the-crowd approach to arrange one set in a descending order of influence. Record their ranked influence from 1 (least) to 10 (most).
    5. Rearrange the other set in a descending order of interest in seeing the project intake process optimized. Record their ranked interest from 1 (least) to 10 (most).

    INPUT

    • Mapped-out project intake process (Activity 1.2.1)
    • Insight on organizational culture

    OUTPUT

    • List of stakeholders in project intake
    • Ranked list in their influence and interest

    Materials

    • Sticky notes
    • Walls

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts
    • Other PPM stakeholders

    Prioritize your stakeholders for project intake, approval, and prioritization process

    There are three dimensions for stakeholder prioritization: influence, interest, and support.

    1. Map your stakeholders in a 2D stakeholder power map (top right) according to their relative influence and interest.
    2. Rate their level of support by asking the following question: how likely is it that your stakeholder would welcome an improved process for project intake?

    These parameters will inform how to prioritize your stakeholders according to the stakeholder priority heatmap (bottom right). This priority should inform how to focus your attention during the subsequent optimization efforts.

    A flowchart is shown to show the relationship between influence and interest.

    Level of Support
    Stakeholder Category Supporter Evangelist Neutral Blocker
    Engage Critical High High Critical
    High Medium Low Low Medium
    Low High Medium Medium High
    Passive Low Irrelevant Irrelevant Low

    Info-Tech Insight

    There may be too many stakeholders to be able to achieve complete satisfaction. Focus your attention on the stakeholders that matter the most.

    Most organizations have low to medium capabilities around intake, approval, and prioritization

    1.2.4 Estimated Time: 15 minutes

    Use Info-Tech’s Intake Capability Framework to help define your current and target states for intake, approval, and prioritization.

    Capability Level Capability Level Description
    Capability Level 5: Optimized Our department has effective intake processes with right-sized administrative overhead. Work is continuously prioritized to keep up with emerging challenges and opportunities.
    Capability Level 4: Aligned Our department has very strong intake processes. Project approvals are based on business cases and aligned with future resource capacity.
    Capability Level 3: Engaged Our department has processes in place to track project requests and follow up on them. Priorities are periodically re-evaluated, based largely on the best judgment of one or several executives.
    Capability Level 2: Defined Our department has some processes in place but no capacity to say no to new projects. There is a formal backlog, but little or no method for grooming it.
    Capability Level 1: Unmanaged Our department has no formal intake processes in place. Most work is done reactively, with little ability to prioritize proactive project work.

    Refer to the subsequent slides for more detail on these capability levels.

    Level 1: Unmanaged

    Use these descriptions to place your organization at the appropriate level of intake capability.

    Intake Projects are requested through personal conversations and emails, with minimal documentation and oversight.
    Approval Projects are approved by default and rarely (if ever) declined. There is no definitive list of projects in the pipeline or backlog.
    Prioritization Most work is done reactively, with little ability to prioritize proactive project work.

    Symptoms

    • Poorly defined – or a complete absence of – PPM processes.
    • No formal approval committee.
    • No processes in place to balance proactive and reactive demands.

    Long Term

    PMOs at this level should work to have all requests funneled through a proper request form within six months. Decision rights for approval should be defined, and a scorecard should be in place within the year.

    Quick Win

    To get a handle on your backlog, start tracking all project requests using the “Project Data” tab in Info-Tech’s Project Intake and Prioritization Tool.

    Level 2: Defined

    Use these descriptions to place your organization at the appropriate level of intake capability.

    Intake Requests are formally documented in a request form before they’re assigned, elaborated, and executed as projects.
    Approval Projects are approved by default and rarely (if ever) declined. There is a formal backlog, but little or no method for grooming it.
    Prioritization There is a list of priorities but no process for updating it more than annually or quarterly.

    Symptoms

    • Organization does not have clear concept of project capacity.
    • There is a lack of discipline enforced on stakeholders.
    • Immature PPM processes in general.

    Long Term

    PMOs at this level should strive for greater visibility into the portfolio to help make the case for declining (or at least deferring) requests. Within the year, have a formal PPM strategy up and running.

    Quick Win

    Something PMOs at this level can accomplish quickly without any formal approval is to spend more time with stakeholders during the ideation phase to better define scope and requirements.

    Level 3: Engaged

    Use these descriptions to place your organization at the appropriate level of intake capability.

    Intake Processes and skills are in place to follow up on requests to clarify project scope before going forward with approval and prioritization.
    Approval Projects are occasionally declined based on exceptionally low feasibility or value.
    Prioritization Priorities are periodically re-evaluated based largely on the best judgment of one or several executives.

    Challenges

    • Senior executives’ “best judgement” is frequently fallible or influenced. Pet projects still enter the portfolio and deplete resources.
    • While approval processes “occasionally” filter out some low-value projects, many still get approved.

    Long Term

    PMOs at this level should advocate for a more formal cadence for prioritization and, within the year, establish a formal steering committee that will be responsible for prioritizing and re-prioritizing quarterly or monthly.

    Quick Win

    At the PMO level, employ Info-Tech’s Project Intake and Prioritization Tool to start re-evaluating projects in the backlog. Make this data available to senior executives when prioritization occurs.

    Level 4: Aligned

    Use these descriptions to place your organization at the appropriate level of intake capability.

    Intake Occurs through a centralized process. Processes and skills are in place for follow-up.
    Approval Project approvals are based on business cases and aligned with future resource capacity.
    Prioritization Project prioritization is visibly aligned with business goals.

    Challenges

    • The process of developing business cases can be too cumbersome, distracting resources from actual project work.
    • “Future” resource capacity predictions are unreliable. Reactive support work and other factors frequently change actual resource availability.

    Long Term

    PMOs at this level can strive for more accurate and frequent resource forecasting, establishing a more accurate picture of project vs. non-project work within the year.

    Quick Win

    PMOs at this level can start using Info-Tech’s Business Case Template (Comprehensive or Fast Track) to help simplify the business case process.

    Level 5: Optimizing

    Use these descriptions to place your organization at the appropriate level of intake capability.

    Intake Occurs through a centralized portal. Processes and skills are in place for thorough follow-up.
    Approval Project approvals are based on business cases and aligned with future resource capacity.
    Prioritization Work is continuously prioritized to keep up with emerging challenges and opportunities.

    Challenges

    • Establishing a reliable forecast for resource capacity remains a concern at this level as well.
    • Organizations at this level may experience an increasing clash between Agile practices and traditional Waterfall methodologies.

    A screenshot of Info-Tech's Manage an Agile Portfolio Blueprint

    PMOs at this level should look at Info-Tech’s Manage an Agile Portfolio for comprehensive tools and guidance on maintaining greater visibility at the portfolio level into work in progress and committed work.

    Establish your current and target states for process intake, approval, and prioritization

    1.2.5 Estimated Time: 20 minutes

    • Having reviewed the intake capability framework, you should be able to quickly identify where you currently reside in the model. Document this in the “Current State” box below.
    • Next, spend some time as a group discussing your target state. Make sure to set a realistic target as well as a realistic timeframe for meeting this target. Level 1s will not be able to become Level 5s overnight and certainly not without passing through the other levels on the way.
      • A realistic goal for a Level 1 to become a Level 2 is within six to eight months.
    Current State:
    Target State:
    Timeline for meeting target

    INPUT

    • Intake, approval, and prioritization capability framework (Activity 1.2.4)

    OUTPUT

    • Current and target state, with stated time goals

    Materials

    • Whiteboard

    Participants

    • CIO
    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts

    Align your intake success with the strategic expectations of overall project portfolio management

    A successful project intake, approval, and prioritization process puts your leadership in a position to best steer the portfolio, like a conductor of an orchestra.

    To frame the discussion on deciding what intake success will look like, review Info-Tech’s PPM strategic expectations:

    • Project Throughput: Maximize throughput of the best projects.
    • Portfolio Visibility: Ensure visibility of current and pending projects.
    • Portfolio Responsiveness: Make the portfolio responsive to executive steering when new projects and changing priorities need rapid action.
    • Resource Utilization: Minimize resource waste and optimize the alignment of skills to assignments.
    • Benefits Realization: Clarify accountability for post-project benefits attainment for each project, and facilitate the process of tracking/reporting those benefits.
    A screenshot of Info-Tech's Develop a Project Portfolio Management Strategy blueprint.

    For a more detailed discussion and insight on PPM strategic expectations see Info-Tech’s blueprint, Develop a Project Portfolio Management Strategy.

    Decide what successful project intake, approval, prioritization process will look like

    1.2.6 Estimated Time: 60 minutes

    While assessing your current state, it is important to discuss and determine as a team how success will be defined.

    • During this process, it is important to consider tentative timelines for success milestones and to ask the question: what will success look like and when should it occur by?
    • Use the below table to help document success factors and timeliness. Follow the lead of our example in row 1.
    Optimization Benefit Objective Timeline Success Factor
    Facilitate project intake, prioritization, and communication with stakeholders to maximize time spent on the most valuable or critical projects. Look at pipeline as part of project intake approach and adjust priorities as required. July 1st Consistently updated portfolio data. Dashboards to show back capacity to customers. SharePoint development resources.

    Review and customize section 1.5, “Process Success Criteria” in Info-Tech’s Project Intake, Approval, and Prioritization SOP Template.

    Info-Tech Insight

    Establish realistic short-term goals. Even with optimized intake procedures, you may not be able to eliminate underground project economies immediately. Make your initial goals realistic, leaving room for those walk-up requests that may still appear via informal channels.

    Prepare to optimize project intake and capture the results in the Intake, Approval, and Prioritization SOP

    Standard Operating Procedure (SOP) is the reference document to get all PPM stakeholders on the same page with the new optimized process.

    The current state explored and documented in this step will serve as a starting point for each step of the next phase of the blueprint. The next phase will take a deeper dive into each of the three components of Info-Tech’s project intake methodology, so that they can achieve the success criteria you’ve defined in the previous activity.

    Info-Tech’s Project Intake, Approval, and Prioritization SOP Template is intended to capture the outcome of your process optimization efforts. This blueprint guides you through numerous activities designed for your core project portfolio management team to customize each section.

    To maximize the chances of success, it is important that the team makes a concerted effort to participate. Schedule a series of working sessions over the course of several weeks for your team to work through it – or get through it in one week, with onsite Info-Tech analyst-facilitated workshops.

    Download Info-Tech’s Project Intake, Approval, and Prioritization SOP.

    A screenshot of Info-Tech's Project Intake, Approval, and Prioritization SOP.

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Case study: PMO develops mature intake and prioritization processes by slowly evolving its capability level

    CASE STUDY

    Industry: Not-for-Profit

    Source: Info-Tech Interview

    Challenge

    • A PMO for a large not-for-profit benefits provider had relatively high project management maturity, but the enterprise had low PPM maturity.
    • There were strong intake processes in place for following up on requests. For small projects, project managers would assist as liaisons to help control scope. For corporate initiates, PMs were assigned to work with a sponsor to define scope and write a charter.

    Solution

    Prioritization was a challenge. Initially, the organization had ad hoc prioritization practices, but they had developed a scoring criteria to give more formality and direction to the portfolio. However, the activity of formally prioritizing proved to be too time consuming.

    Off-the-grid projects were a common problem, with initiatives consuming resources with no portfolio oversight.

    Results

    After trying “heavy” prioritization, the PMO loosened up the process. PMO staff now go through and quickly rank projects, with two senior managers making the final decisions. They re-prioritize quarterly to have discussions around resource availability and to make sure stakeholders are in tune to what IT is doing on a daily basis. IT has a monthly meeting to go over projects consuming resources and to catch anything that has fallen between the cracks.

    "Everything isn't a number one, which is what we were dealing with initially. We went through a formal prioritization period, where we painstakingly scored everything. Now we have evolved: a couple of senior managers have stepped up to make decisions, which was a natural evolution from us being able to assign a formal ranking. Now we are able to prioritize more easily and effectively without having to painstakingly score everything."

    – PMO Director, Benefits Provider

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    A photo of an Info-Tech analyst is shown.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.1-2

    A screenshot of activities 1.1.1 and 1.1.2 are shown.

    Pilot Info-Tech’s Project Value Scorecard-driven prioritization method

    Use Info-Tech’s example to prioritize your current project backlog to pilot a project value-driven prioritization, which will be used to guide the entire optimization process.

    1.2.1-3

    A screenshot of activities 1.2.1 and 1.2.3 are shown.

    Map out and document current project intake, approval, and prioritization process, and the involved key stakeholders

    A table-top planning exercise helps you visualize the current process in place and identify opportunities for optimization.

    Phase 2

    Build an Optimized Project Intake, Approval, and Prioritization Process

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Build an Optimized Project Intake, Approval, and Prioritization Process Proposed Time to Completion: 3-6 weeks

    Step 2.1: Streamline Intake

    Start with an analyst kick-off call:

    • Challenges of project intake
    • Opportunities for improving the management of stakeholder expectations by optimizing intake

    Then complete these activities…

    • Perform a process retrospective
    • Optimize your process to receive, triage, and follow up on project requests

    With these tools & templates:

    • Project Request Form.
    • Project Intake Classification Matrix

    Step 2.2: Right-Size Approval

    Start with an analyst call:

    • Challenges of project approval
    • Opportunities for improving strategic alignment of the project portfolio by optimizing project approval

    Then complete these activities…

    • Perform a process retrospective
    • Clarify accountability at each step
    • Decide on deliverables to support decision makers at each step

    With these tools & templates:

    • Benefits Commitment Form
    • Technology Assessment Tool
    • Business Case Templates

    Step 3.3: Prioritize Realistically

    Start with an analyst call:

    • Challenges in project prioritization
  • Opportunities for installing a resource capacity-constrained intake by optimizing prioritization
  • Then complete these activities…

    • Perform a process retrospective
    • Pilot the Intake and Prioritization Tool for prioritization within estimated resource capacity

    With these tools & templates:

    • Project Intake and Prioritization Tool

    Phase 2 Results & Insights:

    • Info-Tech’s methodology systemically fits the project portfolio into its triple constraint of stakeholder needs, strategic objectives, and resource capacity, to effectively address the challenges of establishing organizational discipline for project intake.

    Step 2.1: Streamline intake to manage stakeholder expectations

    PHASE 1 PHASE 2 PHASE 3

    1.1

    Define project valuation criteria

    1.2

    Envision process target state

    2.1

    Streamline intake

    2.2

    Right-size approval steps

    2.3

    Prioritize projects to fit resource capacity

    3.1

    Pilot your optimized process

    3.2

    Communicate organizational change

    This step will walk you through the following activities:

    • Perform a deeper retrospective on current project intake process
    • Optimize your process to receive project requests
    • Revisit the definition of a project for triaging requests
    • Optimize your process to triage project requests
    • Optimize your process to follow up on project requests

    This step involves the following participants:

    • PMO Director / Portfolio Manager
    • Project Managers
    • Business Analysts
    • PMO Administrative Staff

    Outcomes of this Step

    • Retrospective of the current project intake process: to continue doing, to start doing, and to stop doing
    • A streamlined, single-funnel intake channel with the right procedural friction to receive project requests
    • A refined definition of what constitutes a project, and project levels that will determine the necessary standard of rigor with which project requests should be scoped and developed into a proposal throughout the process
    • An optimized process for triaging and following up on project requests to prepare them for the steps of project approval
    • Documentation of the optimized process in the SOP document

    Understand the risks of poor intake practices

    Too much red tape could result in your portfolio falling victim to underground economies. Too little intake formality could lead to the Wild West.

    Off-the-grid projects, i.e. projects that circumvent formal intake processes, lead to underground economies that can deplete resource capacity and hijack your portfolio.

    These underground economies are typically the result of too much intake red tape. When the request process is made too complex or cumbersome, project sponsors may unsurprisingly seek alternative means to get their projects done.

    While the most obvious line of defence against the appearance of underground economies is an easy-to-use and access request form, one must be cautious. Too little intake formality could lead to a Wild West of project intake where everyone gets their initiatives approved regardless of their business merit and feasibility.

    Benefits of optimized intake Risks of poor intake
    Alignment of portfolio with business goals Portfolio overrun by off-the-grid projects
    Resources assigned to high-value projects Resources assigned to low-value projects
    Better throughput of projects in the portfolio Ever-growing project backlog
    Strong stakeholder relations Stakeholders lose faith in value of PMO

    Info-Tech Insight

    Intake is intimately bound to stakeholder management. Finding the right balance of friction for your team is the key to successfully walking the line between asking for too much and not asking for enough. If your intake process is strong, stakeholders will no longer have any reason to circumvent formal process.

    An excess number of intake channels is the telltale sign of a low capability level for intake

    Excess intake channels are also a symptom of a portfolio in turmoil.

    If you relate to the graphic below in any way, your first priority needs to be limiting the means by which projects get requested. A single, centralized channel with review and approval done in batches is the goal. Otherwise, with IT’s limited capacity, most requests will simply get added to the backlog.

    A graphic is shown to demonstrate how one may receive project requests. The following icons are in a circle: Phone, Intranet Request Form, In person, anywhere, anytime, SharePoint Request Form, Weekly Scrum, Document, and Email.

    Info-Tech Insight

    The PMO needs to have the authority – and needs to exercise the authority – to enforce discipline on stakeholders. Organizations that solicit in verbal requests (by phone, in person, or during scrum) lack the orderliness required for PPM success. In these cases, it needs to be the mission of the PMO to demand proper documentation and accountability from stakeholders before proceeding with requests.

    "The golden rule for the project documentation is that if anything during the project life cycle is not documented, it is the same as if it does not exist or never happened…since management or clients will never remember their undocumented requests or their consent to do something."

    – Dan Epstein, “Project Initiation Process: Part Two”

    Develop an intake workflow

    Info-Tech recommends following a four-step process for managing intake.

    1. Requestor fills out form and submits the request.

    Project Request Form Templates

    2. Requests are triaged into the proper queue.

    1. Divert non-project request
    2. Quickly assess value and urgency
    3. Assign specialist to follow up on request
    4. Inform the requestor

    Project Intake Classification Matrix

    3. BA or PM prepares to develop requests into a project proposal.

    1. Follow up with requestor and SMEs to refine project scope, benefits, and risks
    2. Estimate size of project and determine the required level of detail for proposal
    3. Prepare for concept approval

    Benefits Commitment Form Template

    4. Requestor is given realistic expectations for approval process.

    Perform a start-stop-continue exercise to help determine what is working and what is not working

    2.1.1 Estimated Time: 45 minutes

    Optimizing project intake may not require a complete overhaul of your existing processes. You may only need to tweak certain templates or policies. Perhaps you started out with a strong process and simply lost resolve over time – in which case you will need to focus on establishing motivation and discipline, rather than rework your entire process.

    Perform a start-stop-continue exercise with your team to help determine what should be salvaged, what should be abandoned, and what should be introduced:

    1. On a whiteboard or equivalent, write “Start,” “Stop,” and “Continue” in three separate columns. 3. As a group, discuss the responses and come to an agreement as to which are most valid.
    2. Equip your team with sticky notes or markers and have them populate the columns with ideas and suggestions surrounding your current processes. 4. Document the responses to help structure your game plan for intake optimization.
    Start Stop Continue
    • Explicitly manage follow-up expectations with project requestor
    • Receiving informal project requests
    • Take too long in proposal development
    • Quarterly approval meetings
    • Approve resources for proposal development

    INPUT

    • Current project intake workflow (Activity 1.2.2)
    • Project intake success criteria (Activity 1.2.6)

    OUTPUT

    • Retrospective review of current intake process

    Materials

    • Whiteboard
    • Sticky notes/markers

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts
    • PMO Admin Staff

    Streamline project requests into a single funnel

    It is important to identify all of the ways through which projects currently get requested and initiated, especially if you have various streams of intake competing with each other for resources and a place in the portfolio. Directing multiple channels into a single, centralized funnel is step number one in optimizing intake.

    To help you identify project sources within your organization, we’ve broken project requests into three archetypes: the good, the bad, and the ugly.

    1. The Good – Proper Requests: written formal requests that come in through one appropriate channel.

    The Bad – Walk-Ups: requests that do not follow the appropriate intake channel(s), but nevertheless make an effort to get into the proper queue. The most common instance of this is a portfolio manager or CIO filling out the proper project request form on behalf of, and under direction from, a senior executive.

    The Ugly – Guerilla Tactics: initiatives that make their way into the portfolio through informal methods or that consume portfolio resources without formal approval, authority, or oversight. This typically involves a key resource getting ambushed to work on a stakeholder’s “side project” without any formal approval from, or knowledge of, the PMO.

    Funnel requests through a single portal to streamline intake

    Decide how you would funnel project requests on a single portal for submitting project requests. Determining the right portal for your organization will depend on your current infrastructure options, as well as your current and target state capability levels.

    Below are examples of a platform for your project request portal.

    Platform Template document, saved in a repository or shared drive Email-based form (Outlook forms) Intranet form (SharePoint, internal CMS) Dedicated intake solution (PPM tool, idea/innovation tool)
    Pros Can be deployed very easily Consolidates requests into a single receiver Users have one place to go from any device All-in-one solution that includes scoring and prioritization
    Cons Manual submission and intake process consumes extra effort Can pose problems in managing requests across multiple people and platforms Requires existing intranet infrastructure and some development effort Solution is costly; requires adoption across all lines of business

    Increasing intake capability and infrastructure availability

    Introduce the right amount of friction into your intake process

    The key to an effective intake process is determining the right amount of friction to include for your organization. In this context, friction comes from the level of granularity within your project request form and the demands or level of accountability your intake processes place on requestors. You will want to have more or less friction on your intake form, depending on your current intake pain points.

    If you are inundated with a high volume of requests:

    • Make your intake form more detailed to deter “half-baked” requests.
    • Have more managerial oversight into the process. Require approval for each request.

    If you want to encourage the use of a formal channel:

    • Make your intake form more concise and lightweight.
    • Have less managerial oversight into the process. Inform managers of each request rather than requiring approval.

    Download Info-Tech’s Detailed Project Request Form.

    Download Info-Tech’s Light Project Request Form.

    A screenshot of Info-Tech's Project Request Form is shown.

    Info-Tech Insight

    Optimizing a process should not automatically mean reducing friction. Blindly reducing friction could generate a tidal wave of poorly thought-out requests, which only drives up unrealistic expectations. Mitigate the risk of unrealistic stakeholder expectations by carefully managing the message: optimize friction.

    Document your process to receive project requests

    2.1.2 Estimated Time: 30-60 minutes

    Review and customize section 2.2, “Receive project requests” in Info-Tech’s Project Intake, Approval, and Prioritization SOP Template.

    The goal of optimizing this process is to consolidate multiple intake channels into a single funnel with the right amount of friction to improve visibility and manageability of incoming project requests.

    The important decisions to document for this step include:

    1. What data will be collected, and from whom? For example, Info-Tech’s Light Project Request Form Template will be used to collect project requests from everyone.
    2. How will requests be collected, and from where? For example, the template will be available as a fillable form on a SharePoint site.
    3. Who will be informed of the requests? For example, the PMO Director and the BA team will be notified with a hyperlink to the completed request form.
    4. Who will handle exceptions? For example, PMO will maintain this process and will handle any questions or issues that pertain to this part of the process.

    INPUT

    • Retrospective of current process (Activity 2.1.1)

    OUTPUT

    • Customized Project Request Form
    • Method of implementation

    Materials

    • Project Request Form Templates

    Participants

    • PMO Director/ Portfolio Manager
    • Business Analysts

    Info-Tech Best Practice

    Whatever method of request collection you choose, ensure there is no doubt about how requesters can access the intake form.

    Establish a triage process to improve portfolio success

    Once a request has been submitted, it will need to be triaged. Triage begins as soon as the request is received. The end goal of the triage process is to set appropriate expectations for stakeholders and to ensure that all requests going forward for approval are valid requests.

    PPM Triage Process

    1. Divert non-project requests by validating that what is described on the request form qualifies as a “project.” Make sure requests are in the appropriate queue – for example, service desk request queue, change and release management queue, etc.
    2. Quickly assess value and urgency to determine whether the request requires fast-tracking or any other special consideration.
    3. Assign a specialist to follow up on the request. Match the request to the most suitable BA, PM, or equivalent. This person will become the Request Liaison (“RL”) for the request and will work with the requestor to define preliminary requirements.
    4. Inform the requestor that the request has been received and provide clear direction on what will happen with the request next, such as who will follow up on it and when. See the next slide for some examples of this follow-up.

    The PMO Triage Team

    • Portfolio Manager, or equivalent
    • Request Liaisons (business analysts, project managers, or equivalent)

    “Request Liaison” Role

    The BAs and PMs who follow up on requests play an especially important role in the triage process. They serve as the main point of contact to the requestor as the request evolves into a business case. In this capacity they perform a valuable stakeholder management function, helping to increase confidence and enhance trust in IT.

    To properly triage project requests, define exactly what a project is

    Bring color to the grey area that can exist in IT between those initiatives that fall somewhere in between “clearly a service ticket” and “clearly a project.”

    What constitutes a project?

    Another way of asking this question that gets more to the point for this blueprint – for what types of initiatives is project intake, approval, and prioritization rigor required?

    This is especially true in IT where, for some smaller initiatives, there can be uncertainty in many organizations during the intake and initiation phase about what should be included on the formal project list and what should go to help desk’s queue.

    As the definitions in the table below show, formal project management frameworks each have similar definitions of “a project.”

    Source Definition
    PMI A temporary endeavor undertaken to create a unique product, service, or result.” (553)
    COBIT A structured set of activities concerned with delivering a defined capability (that is necessary but not sufficient to achieve a required business outcome) to the enterprise based on an agreed‐on schedule and budget.” (74)
    PRINCE2 A temporary organization that is created for the purpose of delivering one or more business products according to an agreed business case.

    For each, a project is a temporary endeavor planned around producing a specific organizational/business outcome. The challenge of those small initiatives in IT is knowing when those endeavors require a business case, formal resource tracking, and project management rigor, and when they don’t.

    Separating small projects from non-projects requires a consideration of approval rights

    While conventional wisdom says to base your project definition on an estimation of cost, risk, etc., you also need to ask, “does this initiative require formal approval?”

    In the next step, we will define a suggested minimum threshold for a small “level 1” project. While these level thresholds are good and necessary for a number of reasons – including triaging your project requests – you may still often need to exercise some critical judgment in separating the tickets from the projects. In addition to the level criteria that we will develop in this step, use the checklist below to help with your differentiating.

    Service Desk Ticket Small Project
    • Approval seems implicit given the scope of the task.
    • No expectations of needing to report on status.
    • No indications that management will require visibility during execution.
    • The scope of the task suggests formal approval may be required.
    • You may have to report on status.
    • Possibility that management may require visibility during execution.

    Info-Tech Insight

    Guard the value of the portfolio. Because tickets carry with them an implicit approval, you need to be wary at the portfolio level of those that might possess a larger scope than their status of ticket implies. Sponsors that, for whatever reason, resist the formal intake process may use the ticketing process to sneak projects in through the backdoor. When assessing tickets and small projects at the portfolio level, you need to ask: is it possible that someone at an executive level might want to get updates on this because of its duration, scope, risk, cost, etc.? Could someone at the management level get upset that the initiative came in as a ticket and is burning up time and driving costs without any visibility?

    Sample Project/Non-Project Separation Criteria

    Non-Project Small Project
    e.g. Time required e.g. < 40 hours e.g. 40 > hours
    e.g. Complexity e.g. Very low e.g. Moderate – Low Difficulty: Does not require highly developed or specialized skill sets
    e.g. Collaboration e.g. None required e.g. Limited coordination and collaboration between resources and departments
    e.g. Repeatability of work e.g. Fully repeatable e.g. Less predictable
    e.g. Frequency of request type e.g. Hourly to daily e.g. Weekly to monthly

    "If you worked for the help desk, over time you would begin to master your job since there is a certain rhythm and pattern to the work…On the other hand, projects are unique. This characteristic makes them hard to estimate and hard to manage. Even if the project is similar to one you have done before, new events and circumstances will occur. Each project typically holds its own challenges and opportunities"

    – Jeffrey and Thomas Mochal

    Define the minimum-threshold criteria for small projects

    2.1.3 Estimated Time: 30 minutes

    Follow the steps below to define the specifics of a “level 1” project for your organization.

    1. Using your project list and/or ticketing system, identify a handful of small projects, large service desk tickets, and especially those items that fall somewhere in the grey area in between (anywhere between 10 to 20 of each). Then, determine the organizationally appropriate considerations for defining your project levels. Options include:
    • Duration
    • Budget/Cost
    • Technology requirements
    • Customer involvement
    • Integration
    • Organizational impact
    • Complexity
    • Number of cross-functional workgroups and teams involved
  • Using the list of projects established in the previous step, determine the organizationally appropriate considerations for defining your project levels –anywhere from four to six considerations is a good number.
  • Using these criteria and your list of small projects, define the minimum threshold for your level one projects across each of these categories. Record these thresholds in the table on the next slide.
  • INPUT

    • Data concerning small projects and service desk tickets, including size, duration, etc.

    OUTPUT

    • Clarity around how to define your level 1 projects

    Materials

    • Whiteboard

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts

    Remove room for stakeholder doubt and confusion by informing requests forward in a timely manner

    During triaging, requestors should be notified as quickly as possible (a) that their request has been received and (b) what to expect next for the request. Make this forum as productive and informative as possible, providing clear direction and structure for the future of the request. Be sure to include the following:

    • A request ID or ticket number.
    • Some direction on who will be following up on the request –provide an individual’s name when possible.
    • An estimated timeframe of when they can expect to hear from the individual following up.

    The logistic of this follow-up will depend on a number of different factors.

    • The number of requests you receive.
    • Your ability to automate the responses.
    • The amount of detail you would like to, or need to, provide stakeholders with.

    Info-Tech Best Practice

    Assign an official request number or project ID to all requests during this initial response. An official request number anchors the request to a specific and traceable dataset that will accompany the project throughout its lifecycle.

    Sample “request received” emails

    If you receive a high volume of requests or need a quick win for improving stakeholder relations:

    Sample #1: Less detailed, automatic response

    Hello Emma,

    Thank you. Your project request has been received. Requests are reviewed and assigned every Monday. A business analyst will follow up with you in the next 5-10 business days. Should you have any questions in the meantime, please reply to this email.

    Best regards,

    Information Technology Services

    If stakeholder management is a priority, and you want to emphasize the customer-facing focus:

    Sample #2: More detailed, tailored response

    Hi Darren,

    Your project request has been received and reviewed. Your project ID number is #556. Business analyst Alpertti Attar has been assigned to follow up on your request. You can expect to hear from him in the next 5-10 business days to set up a meeting for preliminary requirements gathering.

    If you have any questions in the meantime, please contact Alpertti at aattar@projectco.com. Please include the Project ID provided in this email in all future correspondences regarding this request.

    Thank you for your request. We look forward to helping you bring this initiative to fruition.

    Sincerely,

    Jim Fraser

    PMO Director, Information Technology Services

    Info-Tech Insight

    A simple request response will go a long way in terms of stakeholder management. It will not only help assure stakeholders that their requests are in progress but the request confirmation will also help to set expectations and take some of the mystery out of IT’s processes.

    Document your process to triage project requests

    2.1.4 Estimated Time: 30-60 minutes

    Review and customize section 2.3, “Triage project requests” in Info-Tech’s Project Intake, Approval, and Prioritization SOP Template.

    The goal of optimizing this process is to divert non-project requests and set an appropriate initial set of stakeholder expectations for next steps. The important decisions to document for this step include:

    1. What defines a project? Record the outcomes of Activities 2.1.3 into the SOP.
    2. Who triages the requests and assign request liaisons? Who are they? For example, a lead BA can assign a set roster of BAs to project requests.
    3. What are the steps to follow for sending the initial response? See the previous slides on automated responses vs. detailed, tailored responses.
    4. How will you account for the consumption of resource capacity? For example, impose a maximum of four hours per week per analyst, and track the hours worked for each request to establish a pattern for capacity consumption.
    5. Who will handle exceptions? For example, PMO will maintain this process and will handle any questions or issues that pertain to this part of the process.

    INPUT

    • Results of activity 2.1.3

    OUTPUT

    • SOP for triaging project requests

    Materials

    • SOP Template

    Participants

    • PMO Director/ Portfolio Manager
    • Business Analysts

    Info-Tech Best Practice

    Whatever method of request collection you choose, ensure there is no doubt about how requesters can access the intake form.

    Follow up on requests to define project scope and set realistic expectations

    The purpose of this follow-up is to foster communication among the requestor, IT, and the sponsor to scope the project at a high level. The follow-up should:

    • Clarify the goals and value of the request.
    • Begin to manage expectations based on initial assessment of feasibility.
    • Ensure the right information is available for evaluating project proposals downstream. Every project should have the below key pieces of scope defined before any further commitments are made.

    Focus on Defining Key Pieces of Scope

    • Budget (funding, source)
    • Business outcome
    • Completion criteria
    • Timeframes (start date and duration)
    • Milestones/deliverables

    Structure the Follow-Up Process to Enhance Alignment Between IT and the Business

    Once a Request Liaison (RL) has been assigned to a request, it is their responsibility to schedule time (if necessary) with the requestor to perform a scoping exercise that will help define preliminary requirements. Ideally, this follow-up should occur no later than a week of the initial request.

    Structure the follow-up for each request based on your preliminary estimates of project size (next slide). Use the “Key Pieces of Scope” to the left as a guide.

    It may also be helpful for RLs and stakeholders to work together to produce a rough diagram or mock-up of the final deliverable. This will ensure that the stakeholder’s idea has been properly communicated, and it could also help refine or broaden this idea based on IT’s capabilities.

    After the scoping exercise, it is the RL’s responsibility to inform the requestor of next steps.

    Info-Tech Insight

    More time spent with stakeholders defining high-level requirements during the ideation phase is key to project success. It will not only improve the throughput of projects, but it will enhance the transparency of IT’s capacity and enable IT to more effectively support business processes.

    Perform a preliminary estimation of project size

    Project estimation is a common pain point felt by many organizations. At this stage, a range-of-magnitude (ROM) estimate is sufficient for the purposes of sizing the effort required for developing project proposals with appropriate detail.

    A way to structure ROM estimates is to define a set of standard project levels. It will help you estimate 80% of projects with sufficient accuracy over time with little effort. The remaining 20% of projects that don’t meet their standard target dates can be managed as exceptions.

    The increased consistency of most projects will enable you to focus more on managing the exceptions.

    Example of standard project sizes:

    Level Primary unit of estimation Target completion date*
    1 Weeks 3 weeks – 3 months
    2 Months 3 months – 6 months
    3 Quarters 2 – 4 quarters
    3+ Years 1 year or more

    * Target completion date is simply that – a target, not a service level agreement (SLA). Some exceptions will far exceed the target date, e.g. projects that depend heavily on external or uncontrollable factors.

    Info-Tech Best Practice

    Project levelling is useful for right-sizing many downstream processes; it sets appropriate levels of detail and scrutiny expected for project approval and prioritization steps, as well as the appropriate extent of requirements gathering, project management, and reporting requirements afterwards.

    Set your thresholds for level 2 and level 3 projects

    2.1.5 Estimated Time: 30 minutes

    Now that the minimum threshold for your smallest projects has been identified, it’s time to identify the maximum threshold in order to better apply project intake, approval, and prioritization rigor where it’s needed.

    1. Looking at your project list (e.g. Activity 1.1.1, or your current project backlog), isolate the medium and large projects. Examine the two categories in turn.
    2. Start with the medium projects. Using the criteria identified in Activity 2.1.3, identify where your level one category ends.
    • What are the commonly recurring thresholds that distinguish medium-sized projects from smaller initiatives?
    • Are there any criteria that would need to take on a greater importance when making the distinction? For instance, will cost or duration take on a greater weighting when determining level thresholds?
    • Once you have reached consensus, record these in the table on the next slide.
  • Now examine your largest projects. Once again relying on the criteria from Activity 2.1.3, determine where your medium-sized projects end and your large projects begin.
    • What are the commonly recurring thresholds that distinguish large and extra-large projects from medium-sized initiatives?
    • Once you have reached consensus, records these in the table on the next slide.

    INPUT

    • Leveling criteria from Activity 2.1.3
    • Project backlog, or list of projects from Activity 1.1.1

    OUTPUT

    • Clarity around how to define your level two and three projects

    Materials

    • Whiteboard
    • The project level table on the next slide

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts
    • PMO Admin Staff

    Sample Project Levels Table

    Project Level Level 1 Level 2 Level 3
    Work Effort 40-100 hours 100-500 hours 500+ hours
    Budget $100,000 and under $100,000 to $500,000 $500,000 and over
    Technology In-house expertise Familiar New or requires system-wide change/training
    Complexity Well-defined solution; no problems expected Solution is known; some problems expected Solution is unknown or not clearly defined
    Cross-Functional Workgroups/Teams 1-2 3-5 > 6

    Apply a computation decision-making method for project levelling

    2.1.5 Project Intake Classification Matrix

    Capture the project levels in Info-Tech’s Project Intake Classification Matrix Tool to benchmark your levelling criteria and to determine project levels for proposed projects.

    Download Info-Tech’s Project Intake Classification Matrix tool.

    A screenshot of Info-Tech's Project Intake Classification Matrix Tool, tab 2 is shown.
    1. Pick a category to define project levels.
    2. Enter the descriptions for each project level.
    3. Assign a relative weight for each category.
    4. A screenshot of Info-Tech's Project Intake Classification Matrix Tool, tab 3 is shown.
    5. Enter a project name.
    6. Choose the description that best fits the project. If unknown, leave it blank.
    7. Suggested project levels are displayed.

    Get tentative buy-in and support from an executive sponsor for project requests

    In most organizations a project requires sponsorship from the executive layer, especially for strategic initiatives. The executive sponsor provides several vital factors for projects:

    • Funding and resources
    • Direct support and oversight of the project leadership
    • Accountability, acting as the ultimate decision maker for the project
    • Ownership of, and commitment to, project benefits

    Sometimes a project request may be made directly by a sponsor; in other times, the Request Liaison may need to connect the project request to a project sponsor.

    In either case, project request has a tentative buy-in and support of an executive sponsor before a project request is developed into a proposal and examined for approval – the subject of this blueprint’s next step.

    PMs and Sponsors: The Disconnect

    A study in project sponsorship revealed a large gap between the perception of the project managers and the perception of sponsors relative to the sponsor capability. The widest gaps appear in the areas of:

    • Motivation: 34% of PMs say sponsors frequently motivate the team, compared to 82% of executive sponsors who say they do so.
    • Active listening: 42% of PMs say that sponsors frequently listen actively, compared to 88% of executive sponsors who say they do so.
    • Effective communication: 47% of PMs say sponsors communicate effectively and frequently, compared to 92% of executive sponsors who say they do so.
    • Managing change: 37% of PMs say sponsors manage change, compared to 82% of executive sponsors who say they do so.

    Source: Boston Consulting Group/PMI, 2014

    Actively engaged executive sponsors continue to be the top driver of whether projects meet their original goals and business intent.

    – PMI Pulse of the Profession, 2017

    76% of respondents [organizations] agree that the role of the executive sponsor has grown in importance over the past five years.

    – Boston Consulting Group/PMI, 2014

    Document your process to follow up on project requests

    2.1.6 45 minutes

    Review and customize section 2.4, “Follow up on project requests” in Info-Tech’s Project Intake, Approval, and Prioritization SOP Template.

    The goal of optimizing this process is to initiate communication among the requestor, IT, and the sponsor to scope the project requests at a high level. The important decisions to document for this step include:

    1. How will you perform a scoping exercise with the requestor? Leverage existing organizational processes (e.g. high-level requirements gathering). Look to the previous slides for suggested outcomes of the exercise.
    2. How will you determine project levels? Record the outcomes of activities 2.1.5 into the SOP.
    3. How will the RL follow up on the scoped project request with a project sponsor? For example, project requests scoped at a high level will be presented to senior leadership whose lines of business are affected by the proposed project to gauge their initial interest.
    4. How will you account for the consumption of resource capacity? For example, impose a maximum of 8 hours per week per analyst, and track the hours worked for each request to establish a pattern for capacity consumption.
    5. Who will handle exceptions? For example, PMO will maintain this process and will handle any questions or issues that pertain to this part of the process.

    INPUT

    • Activity 2.1.5
    • Existing processes for scoping exercises

    OUTPUT

    • SOP for following up on project requests

    Materials

    • SOP Template

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts
    • PMO Admin Staff

    Examine the new project intake workflow as a whole and document it in a flow chart

    2.1.7 Estimated Time: 30-60 minutes

    Review and customize section 2.1, “Project Intake Workflow” in Info-Tech’s Project Intake, Approval, and Prioritization SOP Template.

    In Step 1.2 of the blueprint, you mapped out the current project intake, approval, and prioritization workflow and documented it in a flow chart. In this step, take the time to examine the new project intake process as a whole, and document the new workflow in the form of a flow chart.

    1. Requestor fills out form and submits the request.
    2. Requests are triaged into the proper queue.
    3. BA or PM prepares to develop requests into a project proposal.
    4. Requestor is given realistic expectations for approval process.

    Consider the following points:

    1. Are the inputs and outputs of each step clear? Who’s doing the work? How long will each step take, on average?
    2. Is the ownership of each step clear? How will we ensure a smooth handoff between each step and prevent requests from falling through the cracks?

    INPUT

    • New process steps for project intake (Activities 2.1.2-6)

    OUTPUT

    • Flowchart representation of new project intake workflow

    Materials

    • Microsoft Visio, flowchart software, or Microsoft PowerPoint

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts
    • PMO Admin Staff

    Case study: Portfolio manager achieves intake and project success through detailed request follow-up

    Case Study

    Industry: Municipal Government

    Source: Info-Tech Client

    Challenge

    • There is an IT department with a relatively high level of project management maturity.
    • They have approximately 30 projects on the go, ranging from small to large.
    • To help with intake, IT assembled a project initiation team. It was made up of managers from throughout the county. This group “owned the talent” and met once a month to assess requests. As a group, they were able to assemble project teams quickly.

    Solution

    • Project initiation processes kept failing. A lot of time was spent within IT getting estimations precise, only to have sponsors reject business cases because they did not align with what those sponsors had in mind.
    • Off-the-grid projects were a challenge. Directors did not follow intake process and IT talent was torn in multiple directions. There was nothing in place for protecting the talent and enforcing processes on stakeholders.

    Results

    • IT dedicated a group of PMs and BAs to follow up on requests.
    • Working with stakeholders, this group collects specific pieces of information that allows IT to get to work on requests faster. Through this process, requests reach the charter stage more quickly and with greater success.
    • An intake ticketing system was established to protect IT talent. Workers are now better equipped to redirect stakeholders through to the proper channels.

    Step 2.2: Set up steps of project approval to maximize strategic alignment while right-sizing the required effort

    PHASE 1 PHASE 2 PHASE 3

    1.1

    Define project valuation criteria

    1.2

    Envision process target state

    2.1

    Streamline intake

    2.2

    Right-size approval steps

    2.3

    Prioritize projects to fit resource capacity

    3.1

    Pilot your optimized process

    3.2

    Communicate organizational change

    This step will walk you through the following activities:

    • Perform a deeper retrospective on current project approval process
    • Define the approval steps, their accountabilities, and the corresponding terminologies for approval
    • Right-size effort and documentation required for each project level through the approval steps

    This step involves the following participants:

    • PMO Director / Portfolio Manager
    • Project Managers
    • Business Analysts
    • PMO Administrative Staff

    Outcomes of this step

    • Retrospective of the current project intake process: to continue doing, to start doing, and to stop doing
    • A series of approval steps are defined, in which their accountabilities, responsibilities, and the nomenclature for what is approved at each steps are clarified and documented
    • A toolbox of deliverables for proposed projects that captures key information developed to inform project approval decisions at each step of the approval process, and the organizational standard for what to use for which project level
    • Documentation of the optimized process in the SOP document

    Set up an incremental series of approval stage-gates to tackle common challenges in project approval

    This section will help you address key challenges IT leaders face around project approval.

    Challenges Info-Tech’s Advice
    Project sponsors receive funding from their business unit or other source (possibly external, such as a grant), and assume this means their project is “approved” without any regard to IT costs or resource constraints. Clearly define a series of approval steps, and communicate requirements for passing them.
    Business case documentation is rarely updated to reflect unforeseen costs, emerging opportunities, and changing priorities. As a result, time and money is spent finishing diminished priority projects while the value of more recent projects erodes in the backlog. Approve projects in smaller pieces, with early test/pilot phases focused on demonstrating the value of later phases.
    Project business cases often focus on implementation and overlook ongoing operating costs imposed on IT after the project is finished. These costs further diminish IT’s capacity for new projects, unless investment in more capacity (such as hiring) is included in business cases. Make ongoing support and maintenance costs a key element in business case templates and evaluations.
    Organizations approve new projects without regard to the availability of resource capacity (or lack thereof). Project lead times grow and stakeholders become more dissatisfied because IT is unable to show how the business is competing with itself for IT’s time. Increase visibility into what IT is already working on and committed to, and for whom.

    Develop a project approval workflow

    Clearly define a series of approval steps, and communicate requirements for passing them. “Approval” can be a dangerous word in project and portfolio management, so it is important to clarify what is required to pass each step, and how long the process will take.

    1 2 3 4
    Approval step Concept Approval Feasibility Approval Business Case Approval Resource Allocation (Prioritization)
    Alignment Focus Business need / Project sponsorship Technology Organization-wide business need Resource capacity
    Possible dispositions at each gate
    • Approve developing project proposal
    • Reject concept
    • Proceed to business case approval
    • Approve a test/pilot project for feasibility
    • Reject proposal
    • Approve project and funding in full
    • Approve a test/pilot project for viability
    • Reject proposal
    • Begin or continue project work
    • Hold project
    • Outsource project
    • Reject project
    Accountability e.g. Project Sponsor e.g. CIO e.g. Steering Committee e.g. CIO
    Deliverable Benefits Commitment Form Template Proposed Project Technology Assessment Tool Business Case (Fast Track, Comprehensive) Intake and Prioritization Tool

    Identify the decision-making paradigm at each step

    In general, there are three different, mutually exclusive decision-making paradigms for approving projects:

    Paradigm Description Benefits Challenges Recommendation
    Unilateral authority One individual makes decisions. Decisions tend to be made efficiently and unambiguously. Consistency of agenda is easier to preserve. Decisions are subject to one person’s biases and unseen areas. Decision maker should solicit and consider input from others and seek objective rigor.
    Ad hoc deliberation Stakeholders informally negotiate and communicate decisions between themselves. Deliberation helps ensure different perspectives are considered to counterbalance individual biases and unseen areas. Ad hoc decisions tend to lack documentation and objective rationale, which can perpetuate disagreement. Use where unilateral decisions are unfeasible (due to complexity, speed of change, culture, etc.), and stakeholders are very well aligned or highly skilled negotiators and communicators.
    Formal steering committee A select group that represent various parts of the organization is formally empowered to make decisions for the organization. Formal committees can ensure oversight into decisions, with levers available to help resolve uncertainty or disagreement. Formal committees introduce administrative overhead and effort that might not be warranted by the risks involved. Formal steering committees are best where formality is warranted by the risks and costs involved, and the organizational culture has an appetite for administrative oversight.

    Info-Tech Insight

    The individual or party who has the authority to make choices, and who is ultimately answerable for those decisions, is said to be accountable. Understanding the needs of the accountable party is critical to the success of the project approval process optimization efforts.

    Perform a start-stop-continue exercise to help determine what is working and what is not working

    2.2.1 Estimated Time: 45 minutes

    Optimizing project approval may not require a complete overhaul of your existing processes. You may only need to tweak certain templates or policies. Perhaps you started out with a strong process and simply lost resolve over time – in which case you will need to focus on establishing motivation and discipline, rather than rework your entire process.

    Perform a start-stop-continue exercise with your team to help determine what should be salvaged, what should be abandoned, and what should be introduced:

    1.On a whiteboard or equivalent, write “Start,” “Stop,” and “Continue” in three separate columns. 3.As a group, discuss the responses and come to an agreement as to which are most valid.
    2.Equip your team with sticky notes or markers and have them populate the columns with ideas and suggestions surrounding your current processes. 4.;Document the responses to help structure your game plan for intake optimization.
    StartStopContinue
    • Inject technical feasibility approval step as an input to final approval
    • Simplify business cases
    • Approve low-value projects
    • Take too long in proposal development
    • Quarterly approval meetings
    • Approve resources for proposal development

    INPUT

    • Current project approval workflow (Activity 1.2.2)
    • Project approval success criteria (Activity 1.2.6)

    OUTPUT

    • Retrospective review of current approval process

    Materials

    • Whiteboard
    • Sticky notes/markers

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts
    • PMO Admin Staff

    Customize the approval steps and describe them at a high level

    2.2.2 Estimated Time: 30-60 minutes

    Review and customize section 3.2, “Project Approval Steps” in Info-Tech’s Project Intake, Approval, and Prioritization SOP Template.

    The goal of this activity is to customize the definition of the approval steps for your organization, so that it makes sense for the existing organizational governance structure, culture, and need. Use the results of the start-stop-continue to inform what to customize. Consider the following factors:

    1. Order of steps: given the current decision-making paradigm, does it make sense to reorder the steps?
    2. Dispositions at each step: what are the possible dispositions, and who is accountable for making the dispositions?
    3. Project levels: do all projects require three-step approval before they’re up for prioritization? For example, IT steering committee may wish to be involved only for Level 3 projects and Level 2 projects with significant business impact, and not for Level 1 projects and IT-centric Level 2 projects.
    4. Accountability at each step: who makes the decisions?
    5. Who will handle exceptions? Aim to prevent the new process from being circumvented by vocal stakeholders, but also allow for very urgent requests. A quick win to strike this balance is to clarify who will exercise this discretion.

    INPUT

    • Retrospective of current process (Activity 2.2.1)
    • Project level definition
    • Approval steps in the previous slide

    OUTPUT

    • Customized project approval steps for each project level

    Materials

    • Whiteboard

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts
    • PMO Admin Staff

    Specify what “approval” really means to manage expectations for what project work can be done and when

    2.2.3 Estimated Time: 15 minutes

    Review and customize section 3.2, “Project Approval Steps” in Info-Tech’s Project Intake, Approval, and Prioritization SOP Template.

    In the old reality, projects were approved and never heard back from again, which effectively gave your stakeholders a blanket default expectation of “declined.” With the new approval process, manage your stakeholder expectations more explicitly by refining your vocabulary around approval.

    Within this, decision makers should view their role in approval as approving that which can and should be done. When a project is approved and slated to backlog, the intention should be to allocate resources to it within the current intake cycle.

    Customize the table to the right with organizationally appropriate definitions, and update your SOP.

    “No” Declined.
    “Not Now” “It’s a good idea, but the time isn’t right. Try resubmitting next intake cycle.”
    “Concept Approval” Approval to add the item to the backlog with the intention of starting it this intake cycle.
    “Preliminary Approval” Approval for consumption of PMO resources to develop a business case.
    “Full Approval” Project is greenlighted and project resources are being allocated to it.

    Info-Tech Insight

    Refine the nomenclature. Add context to “approved” and “declined.” Speak in terms of “not now” or “you can have it when these conditions are met.” With clear expectations of the resources required to support each request, you can place accountability for keeping the request alive back on the sponsors.

    Continuously work out a balance between disciplined decision making and “analysis paralysis"

    A graph is depicted to show the relationship between disciplined decision making and analysis paralysis. The sweet spot for disciplined decisions changes between situations and types of decisions.

    A double bar graph is depicted to show the relative effort spent on management practice. The first bar shows that 20% has a high success of portfolio management. 35% has a low success of portfolio management. A caption on the graph: Spending additional time assessing business cases doesn’t necessarily improve success.

    Info-Tech Insight

    Estimates that form the basis of business cases are often based on flawed assumptions. Use early project phases or sprints to build working prototypes to test the assumptions on which business cases are built, rather than investing time improving precision of estimates without improving accuracy.

    Right-size project approval process with Info-Tech’s toolbox of deliverables

    Don’t paint every project with the same brush. Choose the right set of information needed for each project level to maximize the throughput of project approval process.

    The next several slides will take you through a series of tools and templates that help guide the production of deliverables. Each deliverable wireframes the required analysis of the proposed project for one step of the approval process, and captures that information in a document. This breaks down the overall work for proposal development into digestible chunks.

    As previously discussed, aim to right-size the approval process rigor for project levels. Not all project levels may call for all steps of approval, or the extent of required analysis within an approval step may differ. This section will conclude by customizing the requirement for deliverables for each project level.

    Tools and Templates for the Project Approval Toolbox

    • Benefits Commitment Form Template (.xlsx) Document the project sponsor’s buy-in and commitment to proposed benefits in a lightweight fashion.
    • Proposed Technology Assessment Tool (.xlsx) Determine the proposed project’s readiness for adoption from a technological perspective.
    • Business Case Templates (.docx) Guide the analysis process for the overall project proposal development in varying levels of detail.

    Use Info-Tech’s lightweight Benefits Commitment Form Template to document the sponsor buy-in and support

    2.2.4 Benefits Commitment Form Template

    Project sponsors are accountable for the realization of project benefits. Therefore, for a project to be approved by a project sponsor, they must buy-in and commit to the proposed benefits.

    Defining project benefits and obtaining project sponsor commitment has been demonstrated to improve the project outcome by providing the focal point of the project up-front. This will help reduce wasted efforts to develop parts of the proposals that are not ultimately needed.

    A double bar graph titled: Benefits realization improves project outcome is shown.

    Download Info-Tech’s Benefits Commitment Form Template.

    Contents of a Benefits Commitment Form

    • One-sentence highlight of benefits and risks
    • Primary benefit, hard (quantitative) and soft (qualitative)
    • Proposed measurements for metrics
    • Responsible and accountable parties for benefits
    A screenshot of Info-Tech's Establish the Benefits Realization Process blueprint is shown.

    For further discussion on benefits realization, use Info-Tech’s blueprint, Establish the Benefits Realization Process.

    Use Info-Tech’s Proposed Project Technology Assessment Tool to analyze a technology’s readiness for adoption

    2.2.4 Proposed Project Technology Assessment Tool

    In some projects, there needs to be an initial idea of what the project might look like. Develop a high-level solution for projects that:

    • Are very different from previous projects.
    • Are fairly complex, or not business as usual.
    • Require adoption of new technology or skill set.

    IT should advise and provide subject matter expertise on the technology requirements to those that ultimately approve the proposed projects, so that they can take into account additional costs or risks that may be borne from it.

    Info-Tech’s Proposed Project Technology Assessment Tool has a series of questions to address eight categories of considerations to determine the project’s technological readiness for adoption. Use this tool to ensure that you cover all the bases, and help you devise alternate solutions if necessary – which will factor into the overall business case development.

    Download Info-Tech’s Proposed Project Technology Assessment Tool.

    A screenshot of Info-Tech's Proposed Project Technology Assessment Tool is shown.

    Enable project valuation beyond financial metrics with Info-Tech’s Business Case Templates

    2.2.4 Business Case Template (Comprehensive and Fast Track)

    Traditionally, a business case is centered around financial metrics. While monetary benefits and costs are matters of bottom line and important, financial metrics are only part of a project’s value. As the project approval decisions must be based on the holistic comparison of project value, the business case document must capture all the necessary – and only those that are necessary – information to enable it.

    However, completeness of information does not always require comprehensiveness. Allow for flexibility to speed up the process of developing business plan by making a “fast-track” business case template available. This enables the application of the project valuation criteria with all other projects, with right-sized effort.

    Alarming business case statistics

    • Only one-third of companies always prepare a business case for new projects.
    • Nearly 45% of project managers admit they are unclear on the business objectives of their IT projects.

    (Source: Wrike)

    Download Info-Tech’s Comprehensive Business Case Template.

    A screenshot of Info-Tech's Comprehensive Business Case Template is shown.

    Download Info-Tech’s Fast Track Business Case Template.

    A screenshot of Info-Tech's Fast Track Business Case Template is shown.

    Info-Tech Insight

    Pass on that which is known. Valuable information about projects is lost due to a disconnect between project intake and project initiation, as project managers are typically not brought on board until project is actually approved. This will be discussed more in Phase 3 of this blueprint.

    Document the right-sized effort and documentation required for each project level

    2.2.4 Estimated Time:60-90 minutes

    Review and customize section 3.3, “Project Proposal Deliverables” in Info-Tech’s Project Intake, Approval, and Prioritization SOP Template.

    The goal of this activity is to customize the requirements for project proposal deliverables, so that it properly informs each of the approval steps discussed in the previous activity. The deliverables will also shape the work effort required for projects of various levels. Consider the following factors:

    1. Project levels: what deliverables should be required, recommended, or suggested for each of the project levels? How will exceptions be handled, and who will be accountable?
    2. Existing project proposal documents: what existing proposal documents, tools and templates can we leverage for the newly optimized approval steps?
    3. Skills availability: do these tools and templates represent a significant departure from the current state? If so, is there capacity (time and skill) to achieve the desired target state?
    4. How will you account for the consumption of resource capacity? Do a rough order of estimate for the resource capacity consumed the new deliverable standard.
    5. Who will handle exceptions? For example, PMO will maintain this process and will handle any questions or issues that pertain to this part of the process.

    INPUT

    • Process steps (Activity 2.2.2)
    • Current approval workflow(Activity 1.2.1)
    • Artifacts introduced in the previous slides

    OUTPUT

    • Requirement for artifacts and effort for each approval step

    Materials

    • Whiteboard

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts
    • PMO Admin Staff

    Examine the new project approval workflow as a whole and document it in a flow chart

    2.2.5 Estimated Time: 30-60 minutes

    Review and customize section 3.1, “Project Approval Workflow” in Info-Tech’s Project Intake, Approval, and Prioritization SOP Template.

    In Step 1.2 of the blueprint, you mapped out the current project intake, approval, and prioritization workflow and documented it in a flow chart. In this step, take the time to examine the new project intake process as a whole, and document the new workflow in the form of a flow chart.

    1 2 3 4
    Approval Step Concept Approval Feasibility Approval Business Case Approval Resource Allocation (Prioritization)
    Alignment Focus Business need/ Project Sponsorship Technology

    Organization-wide

    Business need

    Resource capacity

    Consider the following points:

    1. Are the inputs and outputs of each step clear? Who’s doing the work? How long will each step take, on average?
    2. Is the ownership of each step clear? How will we ensure a smooth hand-off between each step and prevent requests from falling through the cracks?

    INPUT

    • New process steps for project approval (Activities 2.2.2-4)

    OUTPUT

    • Flowchart representation of new project approval workflow

    Materials

    • Microsoft Visio, flowchart software, or Microsoft PowerPoint

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts
    • PMO Admin Staff

    Step 2.3: Prioritize projects to maximize the value of the project portfolio within the constraint of resource capacity

    PHASE 1 PHASE 2 PHASE 3

    1.1

    Define project valuation criteria

    1.2

    Envision process target state

    2.1

    Streamline intake

    2.2

    Right-size approval steps

    2.3

    Prioritize projects to fit resource capacity

    3.1

    Pilot your optimized process

    3.2

    Communicate organizational change

    This step will walk you through the following activities:

    • Perform a deeper retrospective on current project prioritization process
    • Optimize your process to maintain resource capacity supply and project demand data
    • Optimize your process to formally make disposition recommendations to appropriate decision makers

    This step involves the following participants:

    • PMO Director / Portfolio Manager
    • Project Managers
    • Business Analysts
    • PMO Administrative Staff

    Outcomes of this step

    • Retrospective of the current project prioritization process: to continue doing, to start doing, and to stop doing
    • Realistic estimate of available resource capacity, in the absence of a resource management practice
    • Optimized process for presenting the decision makers with recommendations and facilitating capacity-constrained steering of the project portfolio
    • Project Intake and Prioritization Tool for facilitating the prioritization process
    • Documentation of the optimized process in the SOP document

    The availability of staff time is rarely factored into IT project and service delivery commitments

    A lot gets promised and worked on, and staff are always busy, but very little actually gets done – at least not within given timelines or to expected levels of quality.

    Organizations tend to bite off more than they can chew when it comes to project and service delivery commitments involving IT resources.

    While the need for businesses to make an excess of IT commitments is understandable, the impacts of systemically over-allocating IT are clearly negative:

    • Stakeholder relations suffer. Promises are made to the business that can’t be met by IT.
    • IT delivery suffers. Project timelines and quality frequently suffer, and service support regularly lags.
    • Employee engagement suffers. Anxiety and stress levels are consistently high among IT staff, while morale and engagement levels are low.

    76%: 76% of organizations say they have too many projects on the go and an unmanageable and ever-growing backlog of things to get to.

    – Cooper, 2014

    70%: Almost 70% of workers feel as though they have too much work on their plates and not enough time to do it.

    – Reynolds, 2016

    Unconstrained, unmanaged demand leads to prioritization of work based on consequences rather than value

    Problems caused by the organizational tendency to make unrealistic delivery commitments is further complicated by the reality of the matrix environment.

    Today, many IT departments use matrix organization. In this system, demands on a resource’s time come from many directions. While resources are expected to prioritize their work, they lack the authority to formally reject any demand. As a result, unconstrained, unmanaged demand frequently outstrips the supply of work-hours the resource can deliver.

    When this happens, the resource has three options:

    1. Work more hours, typically without compensation.
    2. Choose tasks not to do in a way that minimizes personal consequences.
    3. Diminish work quality to meet quantity demands.

    The result is an unsustainable system for all those involved:

    1. Individual workers cannot meet expectations, leading to frustration and disengagement.
    2. Managers cannot deliver on the projects or services they manage and struggle to retain skilled resources who are looking elsewhere for “greener pastures.”
    3. Executives cannot execute strategic plans as they lose decision-making power over their resources.

    Prioritize project demand by project value to get the most out of constrained project capacity – but practicing it is difficult

    The theory may be simple and intuitive, but the practice is extremely challenging. There are three practical challenges to making project prioritization effective.

    Project Prioritization

    Capacity awareness

    Many IT departments struggle to realistically estimate available project capacity in a credible way. Stakeholders question the validity of your endeavor to install capacity-constrained intake process, and mistake it for unwillingness to cooperate instead.

    Lack of authority

    Many PMOs and IT departments simply lack the ability to decline or defer new projects.

    Many moving parts

    Project intake, approval, and prioritization involve the coordination of various departments. Therefore, they require a great deal of buy-in and compliance from multiple stakeholders and senior executives.

    Project Approval

    Unclear definition of value

    Defining the project value is difficult, because there are so many different and conflicting ways that are all valid in their own right. However, without it, it's impossible to fairly compare among projects to select what's "best."

    Unclear definition of value

    In Step 1.1 of the blueprint, we took the first step toward resolving this challenge by prototyping a project valuation scorecard.

    A screenshot of Step 1.1 of this blueprint is shown.

    "Prioritization is a huge issue for us. We face the simultaneous challenges of not having enough resources but also not having a good way to say no. "

    – CIO, governmental health agency

    Address the challenges of capacity awareness and authority with a project prioritization workflow

    Info-Tech recommends following a four-step process for managing project prioritization.

    1. Collect and update supply and demand data
      1. Re-evaluate project value for all proposed, on-hold and ongoing projects
      2. Estimate available resource capacity for projects
    2. Prioritize project demand by value
      1. Identify highest-value, “slam-dunk” projects
      2. Identify medium-value, “on-the-bubble” projects
      3. Identify lower-value projects that lie beyond the available capacity
    3. Approve projects for initiation or continuation
      1. Submit recommendations for review
      2. Adjust prioritized list with business judgment
      3. Steering committee approves projects to work on
    4. Manage a realistically defined project portfolio
    • Stakeholder Need
    • Strategic Objectives
    • Resource Capacity

    Intake and Prioritization Tool

    Perform a start-stop-continue exercise to help determine what is working and what is not working

    2.3.1 Estimated Time: 60 minutes

    Optimizing project prioritization may not require a complete overhaul of your existing processes. You may only need to tweak certain templates or policies. Perhaps you started out with a strong process and simply lost resolve over time – in which case you will need to focus on establishing motivation and discipline, rather than rework your entire process.

    Perform a start-stop-continue exercise with your team to help determine what should be salvaged, what should be abandoned, and what should be introduced:

    1. On a whiteboard or equivalent, write “Start,” “Stop,” and “Continue” in three separate columns. 3. As a group, discuss the responses and come to an agreement as to which are most valid.
    2. Equip your team with sticky notes or markers and have them populate the columns with ideas and suggestions surrounding your current processes. 4. Document the responses to help structure your game plan for intake optimization.
    Start Stop Continue
    • Periodically review the project value scorecard with business stakeholders
    • “Loud Voices First” prioritization
    • Post-prioritization score changes
    • Updating project value scores for current projects

    INPUT

    • Current project prioritization workflow (Activity 1.2.2)
    • Project prioritization success criteria (Activity 1.2.6)

    OUTPUT

    • Retrospective review of current prioritization process

    Materials

    • Whiteboard
    • Sticky notes/markers

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts
    • PMO Admin Staff

    Use Info-Tech’s lightweight Intake and Prioritization Tool to get started on capacity-constrained project prioritization

    Use Info-Tech’s Project Intake and Prioritization Tool to facilitate the scorecard-driven prioritization and ensure effective flow of data.

    This tool builds on the Project Valuation Scorecard Tool to address the challenges in project prioritization:

    1. Lack of capacity awareness: quickly estimate a realistic supply of available work hours for projects for a given prioritization period, in the absence of a reliable and well-maintained resource utilization and capacity data.
    2. Using standard project sizing, quickly estimate the size of the demand for proposed and ongoing projects and produce a report that recommends the list of projects to greenlight – and highlight the projects within that list that are at risk of being short-charged of resources – that will aim to help you tackle:

    3. Lack of authority to say “no” or “not yet” to projects: save time and effort in presenting the results of project prioritization analysis that will enable the decision makers to make well-informed, high-quality portfolio decisions.
    4. The next several slides will walk you through the tool and present activities to facilitate its use for your organization.

    Download Info-Tech’s Project Intake and Prioritization Tool.

    A screenshot of Info-Tech's Project Intake Prioritization Tool is shown.

    Create a high-level estimate of available project capacity to inform how many projects can be greenlighted

    2.3.2 Project Intake and Prioritization Tool, Tab 2: Project Capacity

    Estimate how many work-hours are at your disposal for projects using Info-Tech’s resource calculator.

    A screenshot of Info-Tech's Project Intake and Prioritization Tool, Tab 2: Project Capacity

    1. Compile a list of each role within your department, the number of staff, and the hours in a typical work week.

    2. Enter the foreseeable out-of-office time (vacation, sick time, etc.). Typically, this value is 12-16% depending on the region.

    3. Enter how much working time is spent on non-projects for each role: administrative duties and “keep the lights on” work.

    4. Select a period of time for breaking down available resource capacity in hours.

    Project Work (%): Percentage of your working time that goes toward project work is calculated as what’s left after your non-project working time allocations have been subtracted.

    Project (h) Total Percentage: Take a note of this percentage as your project capacity. This number will put the estimated project demand in context for the rest of the tool.

    Example for a five-day work week:

    • 2 weeks (10 days) of statutory holidays
    • 3 weeks of vacation
    • 1.4 weeks (7 days) of sick days on average
    • 1 week (5 days) for company holidays

    Result: 7.4/52 weeks’ absence = 14%

    Estimate your available project capacity for the next quarter, half-year, or year

    2.3.2 Estimated Time: 30 minutes

    Discover how many work-hours are at your disposal for project work.

    1. Use the wisdom-of-the-crowd approach or resource utilization data to fill out Tab 2 of the tool. This is intended to be somewhat of a rough estimate; avoid the pitfall of being too granular in role or in time split.
    2. Choose a time period that corresponds to your project prioritization period: monthly, quarterly, 4 months, semi-annually (6 months), or annually.
    3. Examine the pie graph representation of your overall capacity breakdown, like the one shown below.

    Screenshot from Tab 2 of Project Intake and Prioritization Tool

    INPUT

    • Knowledge of organization’s personnel and their distribution of time

    OUTPUT

    • Estimate of available project capacity

    Materials

    • Project Intake and Prioritization Tool

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts
    • PMO Admin Staff

    On average, only about half of the available project capacity results in productive project work

    Place realistic expectations on your resources’ productivity.

    Info-Tech’s PPM Current State Scorecard diagnostic provides a comprehensive view of your portfolio management strengths and weaknesses, including project portfolio management, project management, customer management, and resource utilization.

    A screenshot of Info-Tech's PPM Current State Scorecard diagnostic

    Use the wisdom of the crowd to estimate resource waste in:

    • Cancelled projects
    • Inefficiency
    • Suboptimal assignment of resources
    • Unassigned resources
    • Analyzing, fixing, and redeploying

    50% of PPM resource is wasted on average, effectively halving your available project capacity.

    Source: Info-Tech PPM Current State Scorecard

    Define project capacity and project t-shirt sizes

    2.3.3 Project Intake and Prioritization Tool, Tab 3: Settings

    The resource capacity calculator in the previous tab yields a likely optimistic estimate for how much project capacity is available. Based on this estimate as a guide, enter your optimistic (maximum) and pessimistic (minimum) estimates of project capacity as a percentage of total capacity:

    A screenshot of Info-Tech's Project Intake and Prioritization Tool Tab 3

    Info-Tech’s data shows that only about 50% of time spent on project work is wasted: cancelled projects, inefficiency, rework, etc. As a general rule, enter half of your maximum estimate of your project capacity.

    Capacity in work hours is shown here from the previous tab, to put the percentages in context. This example shows a quarterly breakdown (Step 4 from the previous slide; cell N5 in Tab 2.).

    Next, estimate the percentage of your maximum estimated project capacity that a single project would typically consume in the given period for prioritization.

    A screenshot of Info-Tech's Project Intake and Prioritization Tool Tab 3

    These project sizes might not line up with the standard project levels from Step 2.1 of the blueprint: for example, an urgent mid-sized project that requires all hands on deck may need to consume almost 100% of maximum available project capacity.

    Estimate available project capacity and standard project demand sizes for prioritizing project demand

    2.3.3 Estimated Time: 30 minutes

    Refine your estimates of project capacity supply and demand as it applies to a prioritization period.

    1. The estimated project capacity from Activity 2.3.2 represents a theoretical limit. It is most likely an overestimation (see box below). As a group, discuss and decide on a more realistic available project capacity:
      1. Optimistic estimate, assuming sustained peak productivity from everyone in your organization;
      2. Pessimistic estimate, taking into account the necessary human downtime and the PPM resource waste (see previous slide).
    2. Refine the choices of standard project effort sizes, expressed as percentages of maximum project capacity. As a reminder, this sizing is for the chosen prioritization period, and is independent from the project levels set previously in Activity 2.1.4 and 2.1.5.

    Dedicated work needs dedicated break time

    In a study conducted by the Draugiem Group, the ideal work-to-break ratio for maximizing focus and productivity was 52 minutes of work, followed by 17 minutes of rest (Evans). This translates to 75% of resource capacity yielding productive work, which could inform your optimistic estimate of project capacity.

    INPUT

    • Project capacity (Activity 2.3.2)
    • PPM Current State Scorecard (optional)

    OUTPUT

    • Capacity and demand estimate data for tool use

    Materials

    • Project Intake and Prioritization Tool

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts
    • PMO Admin Staff

    Finish setting up the Project Intake and Prioritization Tool

    2.3.4 Project Intake and Prioritization Tool, Tab 3: Settings

    Enter the scoring criteria, which was worked out from Step 1.1 of the blueprint. This workbook supports up to ten scoring criteria; use of more than ten may make the prioritization step unwieldy.

    A screenshot of Info-Tech's Project Intake and Prioritization Tool Tab 3

    Leave unused criteria rows blank.

    Choose “value” or “execution” from a drop-down.

    Score does not need to add up to 100.

    Finally, set up the rest of the drop-downs used in the next tab, Project Data. These can be customized to fit your unique project portfolio needs.

    A screenshot of Info-Tech's Project Intake and Prioritization Tool Tab 3

    Enter project data into the Project Intake and Prioritization Tool

    2.3.4 Project Intake and Prioritization Tool, Tab 4: Project Data

    A screenshot of Info-Tech's Project Intake and Prioritization Tool Tab 4

    Ensure that each project has a unique name.

    Completed (or cancelled) projects will not be included in prioritization.

    Choose the standard project size defined in the previous tab.

    Change the heading when you customize the workbook.

    Days in Backlog is calculated from the Date Added column.

    A screenshot of Info-Tech's Project Intake and Prioritization Tool Tab 4

    Overall weighted project prioritization score is calculated as a sum of value and execution scores.

    Weighted value and execution scores are calculated according to the scoring criteria table in the 2. Settings tab.

    Enter the raw scores. Weights will be taken into calculation behind the scenes.

    Spaces for unused intake scores will be greyed out. You can enter data, but they will not affect the calculated scores.

    Document your process to maintain resource capacity supply and project demand data

    2.3.4 Estimated Time: 30 minutes

    Review and customize section 4.2, “Maintain Supply and Demand Data” in Info-Tech’s Project Intake, Approval, and Prioritization SOP Template.

    The goal of this activity is to document the process with which the supply and demand information will be updated for projects. Consider the following factors:

    1. Estimates of resource supply: how often will the resource supply be updated? How are you estimating the range (maximum vs. minimum, optimistic vs. pessimistic)? Leverage your existing organizational process assets for resource management.
    2. Updating project data for proposed projects: when and how often will the project valuation scores be updated? Do you have sufficient inputs? Examine the overall project approval process from Step 2.2 of the blueprint, and ensure that sufficient information is available for project valuation (Activity 2.2.3).
    3. Updating project data for ongoing projects: will you prioritize ongoing projects along with proposed projects? When and how often will the project valuation scores be updated? Do you have sufficient inputs?
    4. How will you account for the consumption of resource capacity? Do a rough order of estimate for the resource capacity consumed in this process.
    5. Who will handle exceptions? For example, PMO will maintain this process and will handle any questions or issues that pertain to this part of the process.

    INPUT

    • Organizational process assets for resource management, strategic planning, etc.
    • Activity 2.3.3
    • Activity 2.2.3

    OUTPUT

    • Process steps for refreshing supply and demand data

    Materials

    • SOP Template
    • Project Intake and Prioritization Tool

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts
    • PMO Admin Staff

    Prioritized list of projects shows what fits under available project capacity for realizing maximum value

    2.3.5 Project Intake and Prioritization Tool, Tab 5: Results

    The output of the Project Intake and Prioritization Tool is a prioritized list of projects with indicators to show that their demand on project capacity will fit within the estimated available project capacity for the prioritization period.

    A screenshot of Info-Tech's Project Intake and Prioritization Tool Tab 5

    Status indicates whether the project is proposed or ongoing; completed projects are excluded.

    Disposition indicates the course of recommended action based on prioritization.

    Proposed projects display how long they have been sitting in the backlog.

    Projects highlighted yellow are marked as “deliberate” for their dispositions. These projects pose risks of not getting properly resourced. One must proceed with caution if they are to be initiated or continued.

    Provide better support to decision makers with the prioritized list, and be prepared for their steering

    It is the portfolio manager’s responsibility to provide the project portfolio owners with reliable data and enable them to make well-informed decisions for the portfolio.

    The prioritized list of proposed and ongoing projects, and an approximate indication for how they fill out the estimated available resource capacity, provide a meaningful starting ground for discussion on which projects to continue or initiate, to hold, or to proceed with caution.

    However, it is important to recognize the limitation of the prioritization methodology. There may be legitimate reasons why some projects should be prioritized over another that the project valuation method does not successfully capture. At the end of the day, it’s the prerogative of the portfolio owners who carry on the accountabilities to steer the portfolio.

    The portfolio manager has a responsibility to be prepared for reconciling the said steering with the unchanged available resource capacity for project work. What comes off the list of projects to continue or initiate? Or, will we outsource capacity if we must meet irreconcilable demand? The next slide will show how Info-Tech’s tool helps you with this process.

    Info-Tech Best Practice

    Strive to become the best co-pilot. Constantly iterate on the scoring criteria to better adapt to the portfolio owners’ preference in steering the project portfolio.

    Manipulate the prioritized list with the Force Disposition list

    2.3.5 Project Intake and Prioritization Tool, Tab 5: Results

    The Force Disposition list enables you to inject subjective judgment in project prioritization. Force include and outsource override project prioritization scores and include the projects for approval:

    • Force include counts the project demand against capacity.
    • Outsource, on the other hand, does not count the project demand.
    • Force exclude removes a project from prioritized list altogether, without deleting the row and losing its data.

    A screenshot of Info-Tech's Project Intake and Prioritization Tool Tab 5

    Choose a project name and a disposition using a drop-down.

    Use this list to test out various scenarios, useful for what-if analysis.

    A screenshot of Info-Tech's Project Intake and Prioritization Tool Tab 5

    Document your process to formally make disposition recommendations to appropriate decision-making party

    2.3.5 Estimated Time: 60 minutes

    Review and customize section 4.3, “Approve projects for initiation or continuation” in Info-Tech’s Project Intake, Approval, and Prioritization SOP Template.

    The goal of this activity is to formalize the process of presenting the prioritized list of projects for review, modify the list based on steering decisions, and obtain the portfolio owners’ approval for projects to initiate or continue, hold, or terminate. Consider the following factors:

    1. Existing final approval process: what are the new injections to the current decision-making process for final approval?
    2. Meeting prep, agenda, and follow-up: what are the activities that must be carried out by PMO / portfolio manager to support the portfolio decision makers and obtain final approval?
    3. “Deliberate” projects: what additional information should portfolio owners be presented with, in order to deliberate on the projects at risk of being not properly resourced? For example, consider a value-execution plot (right).

    A screenshot of Info-Tech's Project Intake and Prioritization Tool Tab 5

    INPUT

    • Approval process steps (Activity 2.2.2)
    • Steering Committee process documentation

    OUTPUT

    • Activities for supporting the decision-making body

    Materials

    • SOP Template
    • Project Intake and Prioritization Tool

    Participants

    • CIO
    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts

    Once a project is approved, pass that which is known on to those responsible for downstream processes

    Aim to be responsible stewards of important and costly information developed throughout project intake, approval, and prioritization processes.

    Once the proposed project is given a green light, the project enters an initiation phase.

    No matter what project management methodology is employed, it is absolutely vital to pass on the knowledge gained and insights developed through the intake, approval, and prioritization processes. This ensures that the project managers and team are informed of the project’s purpose, business benefits, rationale for the project approval, etc. and be able to focus their efforts in realizing the project’s business goals.

    Recognize that this does not aim to create any new artifacts. It is simply a procedural safeguard against the loss of important and costly information assets for your organization.

    A flowchart is shown as an example of business documents leading to the development of a project charter.

    Information from the intake process directly feeds into, for example, developing a project charter.

    Source: PMBOK, 6th edition

    "If the project manager can connect strategy to the project they are leading (and therefore the value that the organization desires by sanctioning the project), they can ensure that the project is appropriately planned and managed to realize those benefits."

    – Randall T. Black, P.Eng., PMP; source: PMI Today

    Examine the new project intake workflow as a whole and document it in a flow chart

    2.3.6 Estimated Time: 30-60 minutes

    Review and customize section 4.1, “Project Prioritization Workflow” in Info-Tech’s Project Intake, Approval, and Prioritization SOP Template.

    In Step 1.2 of the blueprint, you mapped out the current project intake, approval, and prioritization workflow and documented it in a flow chart. In this step, take the time to examine the new project intake process as a whole, and document the new workflow in the form of a flow chart.

    1. Collect and update supply and demand data
    2. Prioritize project demand by value
    3. Approve projects for initiation or continuation
    4. Manage a realistically defined project portfolio

    Consider the following points:

    1. Are the inputs and outputs of each step clear? Who’s doing the work? How long will each step take, on average?
    2. Is the ownership of each step clear? How will we ensure a smooth handoff between each step and prevent requests from falling through the cracks?

    INPUT

    • New process steps for project prioritization (Activities 2.3.x-y)

    OUTPUT

    • Flowchart representation of new project prioritization workflow

    Materials

    • Microsoft Visio, flowchart software, or Microsoft PowerPoint

    Participants

    • CIO
    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts

    Leverage Info-Tech’s other blueprints to complement your project prioritization processes

    The project capacity estimates overlook a critical piece of the resourcing puzzle for the sake of simplicity: skills. You need the right skills at the right time for the right project.

    Use Info-Tech’s Balance Supply and Demand with Realistic Resource Management Practices blueprint to enhance the quality of information on your project supply.

    A screenshot of Info-Tech's Balance Supply and Demand with Realistic Resource Management Practices blueprint.

    There is more to organizing your project portfolio than a strict prioritization by project value. For example, as with a financial investment portfolio, project portfolio must achieve the right investment mix to balance your risks and leverage opportunities.

    Use Info-Tech’s Maintain an Organized Portfolio blueprint to refine the makeup of your project portfolio.

    A screenshot of Info-Tech's Maintain an Organized Portfolio blueprint.

    Continuous prioritization of projects allow organizations to achieve portfolio responsiveness.

    Use Info-Tech’s Manage an Agile Portfolio blueprint to take prioritization of your project portfolio to the next level.

    A screenshot of Info-Tech's Manage an Agile Portfolio blueprint

    46% of organizations use a homegrown PPM solution. Info-Tech’s Grow Your Own PPM Solution blueprint debuts a spreadsheet-based Portfolio Manager tool that provides key functionalities that integrates those of the Intake and Prioritization Tool with resource management, allocation and portfolio reporting capabilities.

    A screenshot of Info-Tech's Grow Your Own PPM Solution blueprint

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    A picture of an Info-Tech analyst is shown.

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.2-6

    A screenshot of activities 2.1.2-6 is shown.

    Optimize your process to receive, triage, and follow up on project requests

    Discussion on decision points and topics of consideration will be facilitated to leverage the diverse viewpoints amongst the workshop participants.

    2.3.2-5

    A screenshot of activities 2.3.2-5 is shown.

    Set up a capacity-informed project prioritization process using Info-Tech’s Project Intake and Prioritization Tool

    A table-top planning exercise helps you visualize the current process in place and identify opportunities for optimization.

    Phase 3

    Integrate the New Optimized Processes into Practice

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Integrate the New Optimized Processes into Practice

    Proposed Time to Completion: 6-12 weeks

    Step 3.1: Pilot your process to refine it prior to rollout

    Start with an analyst kick-off call:

    • Review the proposed intake, approval, and prioritization process

    Then complete these activities…

    • Select receptive stakeholders to work with
    • Define the scope of your pilot and determine logistics
    • Document lessons learned and create an action plan for any changes

    With these tools & templates:

    • Process Pilot Plan
    • Project Backlog Manager Job Description

    Step 3.2: Analyze the impact of organizational change

    Review findings with analyst:

    • Results of the process pilot and the finalized intake SOP
    • Key PPM stakeholders
    • Current organizational climate

    Then complete these activities…

    • Analyze the stakeholder impact and responses to impending organizational change
    • Create message canvases for at-risk change impacts and stakeholders to create an effective communication plan

    With these tools & templates:

    • Intake Process Implementation Impact Analysis Tool

    Phase 3 Results & Insights:

    • Engagement paves the way for smoother adoption. An “engagement” approach (rather than simply “communication”) turns stakeholders into advocates who can help boost your message, sustain the change, and realize benefits without constant intervention or process command-and-control.

    Step 3.1: Pilot your intake, approval, and prioritization process to refine it before rollout

    PHASE 1 PHASE 2 PHASE 3

    1.1

    Define project valuation criteria

    1.2

    Envision process target state

    2.1

    Streamline intake

    2.2

    Right-size approval steps

    2.3

    Prioritize projects to fit resource capacity

    3.1

    Pilot your optimized process

    3.2

    Communicate organizational change

    This step will walk you through the following activities:

    • Select receptive managers to work with during your pilot
    • Define the scope of your pilot and determine logistics
    • Plan to obtain feedback, document lessons learned, and create an action plan for any changes
    • Finalize Project Intake, Approval, and Prioritization SOP

    This step involves the following participants:

    • PMO Director / Portfolio Manager
    • Project Managers
    • Business Analysts

    Outcomes of this step

    • A pilot team
    • A process pilot plan that defines the scope, logistics, and process for retrospection
    • Project Backlog Manager job description
    • Finalized Project Intake, Approval, and Prioritization SOP for rollout

    Pilot your new processes to test feasibility and address issues before a full deployment

    Adopting the right set of practices requires a significant degree of change that necessitates buy-in from varied stakeholders throughout IT and the business.

    Rome wasn’t built in a day. Similarly, benefits of optimized project intake, approval, and prioritization process will not be realized overnight.

    Resist the urge to deploy a big-bang roll out of your new intake practices. The approach is ill advised for two main reasons:

    • It will put more of a strain on the implementation team in the near term, with a larger pool of end users to train and collect data from.
    • Putting untested practices in a department-wide spotlight could lead to mass confusion in the near-term and color the new processes in a negative light, leading to a loss of stakeholder trust and engagement right out-of-the-gate.

    Start with a pilot phase. Identify receptive lines of business and IT resources to work with, and leverage their insights to help iron out the kinks in your process before unveiling your practices to IT and all business users at large.

    This step will help you to:

    • Plan and execute a pilot of the processes we developed in Phase 2.
    • Incorporate the lessons learned from that pilot to strengthen your SOP and ease the communication process.

    Info-Tech Insight

    Engagement paves the way for smoother adoption. An “engagement” approach (rather than simply “communication”) turns stakeholders into advocates who can help boost your message, sustain the change, and realize benefits without constant intervention or process command-and-control.

    Plan your pilot like you would any project to ensure it’s well defined and its goals are clearly articulated

    Use Info-Tech’s Intake Process Pilot Plan Template to help define the scope of your pilot and set appropriate goals for the test-run of your new processes.

    A process pilot is a limited scope of an implementation (constrained by time and resources involved) in order to test the viability and effectiveness of the process as it has been designed.

    • Investing time and energy into a pilot phase can help to lower implementation risk, enhance the details and steps within a process, and improve stakeholder relations prior to a full scale rollout.
    • More than a dry run, however, a pilot should be approached strategically, and planned out to limit the scope of it and achieve specific outcomes.
    • Leverage a planning document to ensure your process pilot is grounded in a common set of definitions, that the pilot is delivering value and insight, and that ultimately the pilot can serve as a starting point for a full-scale process implementation.

    Download Info-Tech’s Process Pilot Plan Template

    A screenshot of Info-Tech's Process Pilot Plan Template is shown.

    "The advantages to a pilot are several. First, risk is constrained. Pilots are closely monitored so if a problem does occur, it can be fixed immediately. Second, the people working in the pilot can become trainers as you roll the process out to the rest of the organization. Third, the pilot is another opportunity for skeptics to visit the pilot process and learn from those working in it. There’s nothing like seeing a new process working for people to change their minds."

    Daniel Madison

    Select receptive stakeholders to work with during your pilot

    3.1.1 Estimated Time: 20-60 minutes

    Info-Tech recommends selecting PPM stakeholders who are aware of your role and some of the challenges in project intake, approval, and prioritization to assist in the implementation process.

    1. If receptive PPM stakeholders are known, schedule a 15-minute meeting with them to inquire if they would be willing to be part of the pilot process.
    2. If receptive project managers are not known, use Info-Tech’s Stakeholder Engagement Workbook to conduct a formal selection process.
      1. Enter a list of potential participants for pilot in tab 3.
      2. Rate project managers in terms of influence, pilot interest, and potential deployment contribution within tab 4.
      3. Review tab 5 in the workbook. Receptive PPM stakeholders will appear in the top quadrants. Ideal PPM stakeholders for the pilot are located in the top right quadrant of the graph.

    A screenshot of Info-Tech's Stakeholder Engagement Workbook Tab 5 is shown.

    INPUT

    • Project portfolio management stakeholders (Activity 1.2.3)

    OUTPUT

    • Pilot project team

    Materials

    • Stakeholder Engagement Workbook
    • Process Pilot Plan Template

    Participants

    • PMO Director/ Portfolio Manager
    • CIO (optional)

    Document the PPM stakeholders involved in your pilot in Section 3 of Info-Tech’s Process Pilot Plan Template.

    Define the scope of your pilot and determine logistics

    3.1.2 Estimated Time: 60-90 minutes

    Use Info-Tech’s Process Pilot Plan Template to design the details of your pilot.

    Investing time into planning your pilot phase strategically will ensure a clear scope, better communications for those piloting the processes, and – overall – better, more actionable results for the pilot phase. The Pilot Plan Template is broken into five sections to assist in these goals:

    • Pilot Overview and Scope
    • Success and Risk Factors
    • Stakeholders Involved and Communications Plan
    • Pilot Retrospective and Feedback Protocol

    The duration of your pilot should go at least one prioritization period, e.g. one to two quarters.

    Estimates of time commitments should be captured for each stakeholder. During the retrospective at the end of the pilot you should capture actuals to help determine the time-cost of the process itself and measure its sustainability.

    Once the Plan Template is completed, schedule time to share and communicate it with the pilot team and executive sponsors of the process.

    While you should invest time in this planning document, continue to lean on the Intake, Approval, and Prioritization SOP throughout the pilot phase.

    INPUT

    • Sections 1 through 4 of the Process Pilot Plan Template

    OUTPUT

    • A process pilot plan

    Materials

    • Process Pilot Plan Template

    Participants

    • PMO Director / Portfolio Manager
    • Project Managers
    • Business Analysts
    • CIO (optional)

    Execute your pilot and prepare to make process revisions before the full rollout

    Hit play! Begin the process pilot and get familiar with the work routine and resource management solution.

    Some things to keep in mind during the pilot include:

    • Depending on the solution you are using, you will likely need to spend one day or less to populate the tool. During the pilot, measure the time and effort required to manage the data within the tool. Determine whether time and effort required is viable on an ongoing basis (i.e. can you do it every month or quarter) and has value.
    • Meet with the pilot team and other stakeholders regularly during the pilot, at least biweekly. Allow the team (and yourself) to speak honestly and openly about what isn’t working. The pilot is your chance to make things better.
    • Keep notes about what will need to change in the SOP. For major changes, you may have to tweak the process during the pilot itself. Update the process documents as needed and communicate the changes and why they’re being made. If required, update the scope of the pilot in the Pilot Plan Template.
    An example is shown on how to begin the process pilot and getting familiar with the work routine and resource management solution.

    Obtain feedback from the pilot group to improve your processes before a wider rollout

    3.1.3 Estimated Time: 30 minutes

    Pilot projects allow you to validate your assumptions and leverage lessons learned. During the planning of the pilot, you should have scheduled a retrospective meeting with the pilot team to formally assess strengths and weaknesses in the process you have drafted.

    • Schedule the retrospective shortly after the pilot is completed. Info-Tech recommends performing a Stop/Start/Continue meeting with pilot participants to obtain and capture feedback.
    • Have members of the meeting record any processes/activities on sticky notes that should:
      • Stop: because they are ineffective or not useful
      • Start: because they would be useful for the tool and have not been incorporated into current processes
      • Continue: because they are useful and positively contribute to intended process outcomes.

    An example of how to structure a Stop/Start/Continue activity on a whiteboard using sticky notes.

    An example of stop, start, and continue is activity is shown.

    INPUT

    • What’s working and what isn’t in the process

    OUTPUT

    • Ideas to improve process

    Materials

    • Whiteboard
    • Sticky notes
    • Process Pilot Plan Template

    Participants

    • Process owner (PMO director or portfolio owner)
    • Pilot team

    See the following slide for additional instructions.

    Document lessons learned and create an action plan for any changes to the processes

    3.1.4 Estimated Time: 30 minutes

    An example of stop, start, and continue is activity is shown.

    As a group, discuss everyone’s responses and organize according to top priority (mark with a 1) and lower priority/next steps (mark with a 2). At this point, you can also remove any sticky notes that are repetitive or no longer relevant.

    Once you have organized based on priority, be sure to come to a consensus with the group regarding which actions to take. For example, if the group agrees that they should “stop holding meetings weekly,” come to a consensus regarding how often meetings will be held, i.e. monthly.

    Priority Action Required Who is Responsible Implementation Date
    Stop: Holding meetings weekly Hold meetings monthly Jane Doe, PMO Next Meeting: August 1, 2017
    Start: Discussing backlog during meetings Ensure that backlog data is up to date for discussion on date of next meeting. John Doe, Portfolio Manager August 1, 2017

    Create an action plan for the top priority items that require changes (the Stops and Starts). Record in this slide, or your preferred medium. Be sure to include who is responsible for the action and the date that it will be implemented.

    Document the outcomes of the start/stop/continue and your action plan in Section 6 of Info-Tech’s Process Pilot Plan Template.

    Use Info-Tech’s Backlog Manager Job Description Template to help fill any staffing needs around data maintenance

    3.1 Project Backlog Manager Job Description

    You will need to determine responsibilities and accountabilities for portfolio management functions within your team.

    If you do not have a clearly identifiable portfolio manager at this time, you will need to clarify who will wear which hats in terms of facilitating intake and prioritization, high-level capacity awareness, and portfolio reporting.

    • Use Info-Tech’s Project Backlog Manager job description template to help clarify some of the required responsibilities to support your intake, approval, and prioritization strategy.
      • If you need to bring in an additional staff member to help support the strategy, you can customize the job description template to help advertise the position. Simply edit the text in grey within the template.
    • If you have other PPM tasks that you need to define responsibilities for, you can use the RASCI chart on the final tab of the PPM Strategy Development Tool.

    Download Info-Tech’s Project Backlog Manager job description template.

    A screenshot of Info-Tech's Project Backlog Manager template is shown.

    Finalize the Intake, Approval, and Prioritization SOP and prepare to communicate your processes

    Once you’ve completed the pilot process and made the necessary tweaks, you should finalize your Intake, Approval, and Prioritization SOP and prepare to communicate it.

    Update section 1.2, “Overall Process Workflow” in Info-Tech’s Project Intake, Approval, and Prioritization SOP Template with the new process flow.

    Revisit your SOP from Phase 2 and ensure it has been updated to reflect the process changes that were identified in activity 3.1.4.

    • If during the pilot process the data was too difficult or time consuming to maintain, revisit the dimensions you have chosen and choose dimensions that are easier to accurately maintain. Tweak your process steps in the SOP accordingly.
    • In the long term, if you are not observing any progress toward achieving your success criteria, revisit the impact analysis that we’ll prepare in step 3.2 and address some of these inhibitors to organizational change.

    Download Info-Tech’s Project Intake, Approval, and Prioritization SOP template.

    A screenshot of Info-Tech's Project Intake, Approval, and Prioritization SOP template.

    Info-Tech Best Practice

    Make your SOP high impact. SOPs are often at risk of being left unmaintained and languishing in disuse. Improve the SOP’s succinctness and usability by making it visual; consult Info-Tech’s blueprint, Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind.

    Step 3.2: Analyze the impact of organizational change through the eyes of PPM stakeholders to gain their buy-in

    PHASE 1 PHASE 2 PHASE 3

    1.1

    Define project valuation criteria

    1.2

    Envision process target state

    2.1

    Streamline intake

    2.2

    Right-size approval steps

    2.3

    Prioritize projects to fit resource capacity

    3.1

    Pilot your optimized process

    3.2

    Communicate organizational change

    This step will walk you through the following activities:

    • Analyze the stakeholder impact and responses to impending organizational change
    • Create message canvases for at-risk change impacts and stakeholders
    • Set the course of action for communicating changes to your stakeholders

    This step involves the following participants:

    • PMO Director / Portfolio Manager
    • Project Managers
    • Business Analysts

    Outcomes of this step

    • A thorough organizational change impact analysis, based on Info-Tech’s expertise in organizational change management
    • Message canvases and communication plan for your stakeholders
    • Go-live for the new intake, approval, and prioritization process

    Manage key PPM stakeholders and communicate changes

    • Business units: Projects are undertaken to provide value to the business. Senior management from business units must help define how project will be valued.
    • IT: IT must ensure that technical/practical considerations are taken into account when determining project value.
    • Finance: The CFO or designated representative will ensure that estimated project costs and benefits can be used to manage the budget.
    • PMO: PMO is the administrator of the project portfolio. PMO must provide coordination and support to ensure the process operates smoothly and its goals are realized.
    • Business analysts: BAs carry out the evaluation of project value. Therefore, their understanding of the evaluation criteria and the process as a whole are critical to the success of the process.
    • Project sponsors: Project sponsors are accountable for the realization of benefits for which projects are undertaken.

    Impacts will be felt differently by different stakeholders and stakeholder groups

    As you assess change impacts, keep in mind that no impact will be felt the same across the organization. Depth of impact can vary depending on the frequency (will the impact be felt daily, weekly, monthly?), the actions necessitated by it (e.g. will it change the way the job is done or is it simply a minor process tweak?), and the anticipated response of the stakeholder (support, resistance, indifference?).

    Use the Organizational Change Depth Scale below to help visualize various depths of impact. The deeper the impact, the tougher the job of managing change will be.

    Procedural Behavioral Interpersonal Vocational Cultural
    Procedural change involves changes to explicit procedures, rules, policies, processes, etc. Behavioral change is similar to procedural change, but goes deeper to involve the changing tacit or unconscious habits. Interpersonal change goes beyond behavioral change to involve changing relationships, teams, locations, reporting structures, and other social interactions. Vocational change requires acquiring new knowledge and skills, and accepting the loss or decline in the value or relevance of previously acquired knowledge and skills. Cultural change goes beyond interpersonal and vocational change to involve changing personal values, social norms, and assumptions about the meaning of good vs. bad or right vs. wrong.
    Example: providing sales reps with mobile access to the CRM application to let them update records from the field. Example: requiring sales reps to use tablets equipped with a custom mobile application for placing orders from the field. Example: migrating sales reps to work 100% remotely. Example: migrating technical support staff to field service and sales support roles. Example: changing the operating model to a more service-based value proposition or focus.

    Perform a change impact analysis to maximize the chances of adoption for the new intake process

    Invest time and effort to analyze the impact of change to create an actionable stakeholder communication plan that yields the desirable result: adoption.

    Info-Tech’s Drive Organizational Change from the PMO blueprint offers the OCM Impact Analysis Tool to helps document the change impact across multiple dimensions, enabling the project team to review the analysis with others to ensure that the most important impacts are captured.

    This tool has been customized for optimizing project intake, approval, and prioritization process to deliver the same result in a more streamlined way. The next several slides will take you through the activities to ultimately create an OCM message canvas and a communication plan for your key stakeholders.

    Download Info-Tech’s Intake and Prioritization Impact Analysis Tool.

    A screenshot of Info-Tech's Intake and Prioritization Impact Analysis Tool is shown.

    "As a general principle, project teams should always treat every stakeholder initially as a recipient of change. Every stakeholder management plan should have, as an end goal, to change recipients’ habits or behaviors."

    -PMI, 2015

    Set up the Intake Process and Prioritization Impact Analysis Tool

    3.2.1 Intake and Prioritization Impact Analysis Tool, Tab 2-3

    In Tab 2, enter your stakeholders’ names. Represent stakeholders as a group if you expect the impact of change on them to be reasonably uniform, as well as their anticipated responses. Otherwise, consider adding them as individuals or subgroups.

    A screenshot of Info-Tech's Intake and Prioritization Impact Analysis Tool, Tab 2 is shown.

    In Tab 3, enter whether you agree or disagree with each statement that represents an element of organizational change that be introduced as the newly optimized intake process is implemented.

    As a result of the change initiative in question:

    A screenshot of Info-Tech's Intake and Prioritization Impact Analysis Tool, Tab 3 is shown.

    Analyze the impact and the anticipated stakeholder responses of each change

    3.2.1 Intake and Prioritization Impact Analysis Tool, Tab 4: Impact Analysis Inputs

    Each change statement that you agreed with in Tab 3 are listed here in Tab 4 of the Intake and Prioritization Impact Analysis Tool. For each stakeholder, estimate and enter the following data:

    1. Frequency of the Impact: how often will the impact of the change be felt?
    2. Effort Associated with Impact: what is the demand on a stakeholder’s effort to implement the change?
    3. Anticipated Response: rate from enthusiastic response to active subversion. Honest and realistic estimates of anticipated responses are critical to the rest of the impact analysis.
    A screenshot of Info-Tech's Intake and Prioritization Impact Analysis Tool, Tab 4 is shown.

    Analyze the stakeholder impact and responses to impending organizational change as a group

    3.2.1 Estimated Time: 60-90 minutes

    Divide and conquer. Leverage the group to get through the seemingly daunting amount of work involved with impact analysis.

    1. Divide the activity participants into subgroups and assign a section of the impact analysis. It may be helpful to do one section together as a group to make sure everyone is roughly on the same page for assessing impact.
    2. Suggested ways to divide up the impact analysis include:

    • By change impact. This would be suitable when the process owners (or would-be process owners) are available and participating.
    • By stakeholders. This would be suitable for large organizations where the activity participants know some stakeholders better than others.

    Tip: use a spreadsheet tool that supports multi-user editing (e.g. Google Sheets, Excel Online).

  • Aggregate the completed work and benchmark one another’s analysis by reviewing them with the entire group.
  • INPUT

    • Organizational and stakeholder knowledge
    • Optimized intake process

    OUTPUT

    • Estimates of stakeholder-specific impact and response

    Materials

    • Intake and Prioritization Impact Analysis Tool

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts

    Info-Tech Insight

    Beware of bias. Groups are just as susceptible to producing overly optimistic or pessimistic analysis as individuals, just in different ways. Unrealistic change impact analysis will compromise your chances of arriving at a reasonable, tactful stakeholder communication plan.

    Examine your impact analysis report

    3.2.2 Intake and Prioritization Impact Analysis Tool, Tab 5: Impact Analysis Outputs

    These outputs are based on the impacts you analyzed in Tab 4 of the tool (Activity 3.2.1). They are organized in seven sections:

    1. Top Five Highest Risk Impacts, based on the frequency and effort inputs across all impacts.
    2. Overall Process Adoption Rating (top right), showing the overall difficulty of this change given likelihood/risk that the stakeholders involved will absorb the anticipated change impacts.
    3. Top Five Most Impacted Stakeholders, based on the frequency and effort inputs across all impacts.
    4. Top Five Process Supporters and;
    5. Top Five Process Resistors, based on the anticipated response inputs across all impacts.
    6. Impact Register (bottom right): this list breaks down each change’s likelihood of adoption.
    7. Potential Impacts to Watch Out For: this list compiles all of the "Don't Know" responses from Tab 3.
    A screenshot of Info-Tech's Intake and Prioritization Impact Analysis Tool, Tab 5 is shown. It shows Section 2. Overall process adoption rating. A screenshot of Info-Tech's Intake and Prioritization Impact Analysis Tool, Tab 5 is shown. It shows Section 6. Impact Register.

    Tailor messages for at-risk change impacts and stakeholders with Info-Tech’s Message Canvas

    3.2.2 Intake and Prioritization Impact Analysis Tool, Tab 6: Message Canvas

    Use Info-Tech’s Message Canvas on this tab to help rationalize and elaborate the change vision for each group.

    Elements of a Message Canvas

    • Why is there a need for this process change?
    • What will be new for this audience?
    • What will go away for this audience?
    • What will be meaningfully unchanged for this audience?
    • How will this change benefit this audience?
    • When and how will the benefits be realized for this audience?
    • What does this audience have to do for this change to succeed?
    • What does this audience have to stop doing for this change to succeed?
    • What should this audience continue doing?
    • What support will this audience receive to help manage the transition?
    • What should this audience expect to do/happen next?

    A screenshot of Info-Tech's Intake and Prioritization Impact Analysis Tool, Tab 6 is shown.

    Info-Tech Insight

    Change thy language, change thyself.

    Jargon, acronyms, and technical terms represent deeply entrenched cultural habits and assumptions.

    Continuing to use jargon or acronyms after a transition tends to drag people back to old ways of thinking and working.

    You don’t need to invent a new batch of buzzwords for every change (nor should you), but every change is an opportunity to listen for words and phrases that have lost their meaning through overuse and abuse.

    Create message canvases for at-risk change impacts and stakeholders as a group

    3.2.2 Estimated Time: 90-120 minutes

    1. Decide on the number of message canvases to complete. This will be based on the number of at-risk change impacts and stakeholders.
    2. Divide the activity participants into subgroups and assign a section of the message canvas. It may be helpful to do one section together as a group to make sure everyone is roughly on the same page for assessing impact.
    3. Aggregate the completed work and benchmark the message canvases amongst subgroups.

    Remember these guidelines to help your messages resonate:

    • People are busy and easily distracted. Tell people what they really need to know first, before you lose their attention.
    • Repetition is good. Remember the Aristotelian triptych: “Tell them what you’re going to tell them, then tell them, then tell them what you told them.”
    • Don’t use technical terms, jargon, or acronyms. Different groups in organizations tend to develop specialized vocabularies. Everybody grows so accustomed to using acronyms and jargon every day that it becomes difficult to notice how strange it sounds to outsiders. This is especially important when IT communicates with non-technical audiences. Don’t alienate your audience by talking at them in a strange language.
    • Test your message. Run focus groups or deliver communications to a test audience (which could be as simple as asking 2–3 people to read a draft) before delivering messages more broadly.

    – Info-Tech Blueprint, Drive Organizational Change from the PMO

    INPUT

    • Impact Analysis Outputs
    • Organizational and stakeholder knowledge

    OUTPUT

    • Estimates of stakeholder-specific impact and response

    Materials

    • Intake and Prioritization Impact Analysis Tool

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts

    Distill the message canvases into a comprehensive communication plan

    3.2.3 Intake and Prioritization Impact Analysis Tool, Tab 7: Communication Plan

    The communication plan creates an action plan around the message canvases to coordinate the responsibilities of delivering them, so the risks of “dropping the ball” on your stakeholders are minimized.

    A screenshot of Info-Tech's Intake and Prioritization Impact Analysis Tool, Tab 7: Communication is shown.

    1. Choose a change impact from a drop-down menu.

    2. Choose an intended audience...

    … and the message canvas to reference.

    3. Choose the method of delivery. It will influence how to craft the message for the stakeholder.

    4. Indicate who is responsible for creating and communicating the message.

    A screenshot of Info-Tech's Intake and Prioritization Impact Analysis Tool, Tab 7: Communication is shown.

    5. Briefly indicate goal of the communication and the likelihood of success.

    6. Record the dates to plan and track the communications that take place.

    Set the course of action for communicating changes to your stakeholders

    3.2.2 Estimated Time: 90-120 minutes

    1. Divide the activity participants into subgroups and assign communication topics to each group. There should be one communication topic for each change impact. Based on the message canvas, create a communication plan draft.
    2. Aggregate the completed work and benchmark the communication topic amongst subgroups.
    3. Share the finished communication plan with the rest of the working group. Do not share this file widely, but keep it private within the group.

    Identify critical points in the change curve:

    1. Honeymoon of “Uninformed Optimism”: There is usually tentative support and even enthusiasm for change before people have really felt or understood what it involves.
    2. Backlash of “Informed Pessimism” (leading to “Valley of Despair”): As change approaches or begins, people realize they’ve overestimated the benefits (or the speed at which benefits will be achieved) and underestimated the difficulty of change.
    3. Valley of Despair and beginning of “Hopeful Realism”: Eventually, sentiment bottoms out and people begin to accept the difficulty (or inevitability) of change.
    4. Bounce of “Informed Optimism”: People become more optimistic and supportive when they begin to see bright spots and early successes.
    5. Contentment of “Completion”: Change has been successfully adopted and benefits are being realized.

    Based on Don Kelley and Daryl Conner’s Emotional Cycle of Change.

    INPUT

    • Change impact analysis results
    • Message canvases
    • List of stakeholders

    OUTPUT

    • Communication Plan

    Materials

    • Intake and Prioritization Impact Analysis Tool

    Participants

    • PMO Director/ Portfolio Manager
    • Project Managers
    • Business Analysts

    Roll out the optimized intake, approval, and prioritization process, and continually monitor adoption and success

    As you implement your new project intake process, familiarize yourself with common barriers and challenges.

    There will be challenges to watch for in evaluating the effectiveness of your intake processes. These may include circumvention of process by key stakeholders, re-emergence of off-the-grid projects and low-value initiatives.

    As a quick and easy way to periodically assess your processes, consider the following questions:

    • Are you confident that all work in progress is being tracked via the project list?
    • Are your resources all currently working on high-value initiatives?
    • Since optimizing, have you been able to deliver (or are you on target to deliver) all that has been approved, with no initiatives in states of suspended animation for long periods of time?
    • Thanks to sufficient portfolio visibility and transparency into your capacity, have you been able to successfully decline requests that did not add value or that did not align with resourcing?

    If you answer “no” to any of these questions after a sufficient post-implementation period (approximately six to nine months, depending on the scope of your optimizing), you may need to tweak certain aspects of your processes or seek to align your optimization with a lower capability level in the short term.

    Small IT department struggles to optimize intake and to communicate new processes to stakeholders

    CASE STUDY

    Industry: Government

    Source: Info-Tech Client

    Challenge

    There is an IT department for a large municipal government. Possessing a relatively low level of PPM maturity, IT is in the process of establishing more formal intake practices in order to better track, and respond to, project requests. New processes include a minimalist request form (sent via email) coupled with more thorough follow-up from BAs and PMs to determine business value, ROI, and timeframes.

    Solution

    Even with new user-friendly processes in place, IT struggles to get stakeholders to adopt, especially with smaller initiatives. These smaller requests frequently continue to come in outside of the formal process and, because of this, are often executed outside of portfolio oversight. Without good, reliable data around where staff time is spent, IT lacks the authority to decline new requests.

    Results

    IT is seeking further optimization through better communication. They are enforcing discipline on stakeholders and reiterating that all initiatives, regardless of size, need to be directed through the process. IT is also training its staff to be more critical. “Don’t just start working on an initiative because a stakeholder asks.” With staff being more critical and directing requests through the proper queues, IT is getting better at tracking and prioritizing requests.

    "The biggest challenge when implementing the intake process was change management. We needed to shift our focus from responding to requests to strategically thinking about how requests should be managed. The intake process allows the IT Department to be transparent to customers and enables decision makers."

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    A picture of an Info-Tech analyst is shown.

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.1

    A screenshot of activity 3.1.1 is shown

    Select receptive stakeholders to work with during your pilot

    Identify the right team of supportive PPM stakeholders to carry out the process pilot. Strategies to recruit the right people outside the workshop will be discussed if appropriate.

    3.2.1

    A screenshot of activity 3.2.1 is shown.

    Analyze the stakeholder impact and responses to impending organizational change

    Carry out a thorough analysis of change impact in order to maximize the effectiveness of the communication strategy in support of the implementation of the optimized process.

    Insight breakdown

    Insight 1

    • The overarching goal of optimizing project intake, approval, and prioritization process is to maximize the throughput of the best projects. To achieve this goal, one must have a clear way to determine what are “the best” projects.

    Insight 2

    • Info-Tech’s methodology systemically fits the project portfolio into its triple constraint of stakeholder needs, strategic objectives, and resource capacity to effectively address the challenges of establishing organizational discipline for project intake.

    Insight 3

    • Engagement paves the way for smoother adoption. An “engagement” approach (rather than simply “communication”) turns stakeholders into advocates who can help boost your message, sustain the change, and realize benefits without constant intervention or process command-and-control.

    Summary of accomplishment

    Knowledge Gained

    • Triple constraint model of project portfolio: stakeholder needs, strategic objectives, and resource capacity
    • Benefits of optimizing project intake, approval, and prioritization for managing a well-behaved project portfolio
    • Challenges of installing well-run project intake
    • Importance of piloting the process and communicating impacts to stakeholders

    Processes Optimized

    • Project valuation process: scorecard, weights
    • Project intake process: reception, triaging, follow-up
    • Project approval process: steps, accountabilities, deliverables
    • Project prioritization process: estimation of resource capacity for projects, project demand
    • Communication for organizational change

    Deliverables Completed

    • Optimized Project Intake, Approval, and Prioritization Process
    • Documentation of the optimized process in the form of a Standard Operating Procedure
    • Project valuation criteria, developed with Project Value Scorecard Development Tool and implemented through the Project Intake and Prioritization Tool
    • Standardized project request form with right-sized procedural friction
    • Standard for project level classification, implemented through the Project Intake Classification Matrix
    • Toolbox of deliverables for capturing information developed to inform decision makers for approval: Benefits Commitment Form, Technology Assessment Tool, Business Case Templates
    • Process pilot plan
    • Communication plan for organizational change, driven by a thorough analysis of change impacts on key stakeholders using the Intake and Prioritization Impact Analysis Tool

    Research contributors and experts

    Picture of Kiron D. Bondale

    Kiron D. Bondale, PMP, PMI - RMP

    Senior Project Portfolio & Change Management Professional

    A placeholder photo is shown here.

    Scot Ganshert, Portfolio Group Manager

    Larimer County, CO

    Picture of Garrett McDaniel

    Garrett McDaniel, Business Analyst II – Information Technology

    City of Boulder, CO

    A placeholder photo is shown here.

    Joanne Pandya, IT Project Manager

    New York Property Insurance Underwriters

    Picture of Jim Tom.

    Jim Tom, CIO

    Public Health Ontario

    Related Info-Tech research

    A screenshot of Info-Tech's Develop a Project Portfolio Management Strategy blueprint

    Develop a Project Portfolio Management Strategy blueprint"

    A screenshot of Info-Tech's Grow Your Own PPM Solution blueprint is shown.

    Grow Your Own PPM Solution

    A screenshot of Info-Tech's Balance Supply and Demand with Realistic Resource Management Practices blueprint is shown.

    Balance Supply and Demand with Realistic Resource Management Practices

    A screenshot of Info-Tech's Maintain an Organized Portfolio blueprint is shown.

    Maintain an Organized Portfolio

    A screenshot of Info-Tech's Manage a Minimum Viable PMO blueprint is shown.

    Manage a Minimum Viable PMO

    A screenshot of Info-Tech's Establish the Benefits Realization Process blueprint is shown.

    Establish the Benefits Realization Process

    A screenshot of Info-Tech's Manage an Agile Portfolio blueprint is shown.

    Manage an Agile Portfolio

    A screenshot of Info-Tech's Tailor Project Management Processes to Fit Your Projects blueprint is shown.

    Tailor Project Management Processes to Fit Your Projects

    A screenshot of Info-Tech's Project Portfolio Management Diagnostic Program blueprint is shown.

    Project Portfolio Management Diagnostic Program

    The Project Portfolio Management Diagnostic Program is a low-effort, high-impact program designed to help project owners assess and improve their PPM practices. Gather and report on all aspects of your PPM environment to understand where you stand and how you can improve.

    Bibliography

    Boston Consulting Group. “Executive Sponsor Engagement: Top Driver of Project and Program Success.” PMI, 2014. Web.

    Boston Consulting Group. “Winning Through Project Portfolio Management: the Practitioners’ Perspective.” PMI, 2015. Web.

    Bradberry, Travis. “Why The 8-Hour workday Doesn’t Work.” Forbes, 7 Jun 2016. Web.

    Cook, Scott. Playbook: Best Practices. Business Week

    Cooper, Robert, G. “Effective Gating: Make product innovation more productive by using gates with teeth.” Stage-Gate International and Product Development Institute. March/April 2009. Web.

    Epstein, Dan. “Project Initiation Process: Part Two.” PM World Journal. Vol. IV, Issue III. March 2015. Web.

    Evans, Lisa. “The Exact Amount of Time You Should Work Every Day.” Fast Company, 15 Sep. 2014. Web.

    Madison, Daniel. “The Five Implementation Options to Manage the Risk in a New Process.” BPMInstitute.org. n.d. Web.

    Merkhofer, Lee. “Improve the Prioritization Process.” Priority Systems, n.d. Web.

    Miller, David, and Mike Oliver. “Engaging Stakeholder for Project Success.” PMI, 2015. Web.

    Mind Tools. “Kelley and Conner’s Emotional Cycle of Change.” Mind Tools, n.d. Web.

    Mochal, Jeffrey and Thomas Mochal. Lessons in Project Management. Appress: September 2011. Page 6.

    Newcomer, Eric. “Getting Decisions to Stick.” Standish Group PM2go, 20 Oct 2017. Web.

    “PMI Today.” Newtown Square, PA: PMI, Oct 2017. Web.

    Project Management Institute. “Standard for Portfolio Management, 3rd ed.” Newtown Square, PA: PMI, 2013.

    Project Management Institute. “Pulse of the Profession 2017: Success Rates Rise.” PMI, 2017. Web.

    Transparent Choice. “Criteria for Project Prioritization.” n.p., n.d. Web.

    University of New Hampshire (UNH) Project Management Office. “University of New Hampshire IT Intake and Selection Process Map.” UNH, n.d. Web.

    Ward, John. “Delivering Value from Information Systems and Technology Investments: Learning from Success.” Information Systems Research Centre. August 2006. Web.

    Excel Through COVID-19 With a Focused Business Architecture

    • Buy Link or Shortcode: {j2store}604|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model
    • Business architecture, including value stream and business capability models, is the tool you need to reposition your organization for post-COVID-19 success.
    • Your business architecture model represents your strategic business components. It guides the development of all other architectures to enable new and improved business function.
    • Evaluating your current business architecture, or indeed rebuilding it, creates a foundation for facilitated discussions and target state alignment between IT and the senior C-suite.
    • New projects and initiatives during COVID-19 must evolve business architecture so that your front-line workers and your customers are supported through the resolution of the pandemic. Specifically, your projects and initiatives must be directly traced to evolving your architecture.
    • Business architecture anchors downstream architectural iterations and initiatives. Measure business capability enablement results directly from projects and initiatives using a business architecture model.

    Our Advice

    Critical Insight

    • Focus on your most disruptive, game-changing innovations that have been on the backburner for some time. Here you will find the ingredients for post-pandemic success.

    Impact and Result

    • Craft your business architecture model, aligned to the current climate, to refocus on your highest priority goals and increase your chances of post-COVID-19 excellence.

    Excel Through COVID-19 With a Focused Business Architecture Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create minimum viable business architecture

    Create your minimum viable business architecture.

    • Excel Through COVID-19 With a Focused Business Architecture Storyboard
    • Excel Through COVID-19 With a Focused Business Architecture – Healthcare
    • Excel Through COVID-19 With a Focused Business Architecture – Higher Education
    • Excel Through COVID-19 With a Focused Business Architecture – Manufacturing
    • Business Capability Modeling

    2. Identify COVID-19 critical capabilities for your industry

    If there are a handful of capabilities that your business needs to focus on right now, what are they?

    3. Brainstorm COVID-19 business opportunities

    Identify business opportunities.

    4. Enrich capability model with COVID-19 opportunities

    Enrich your capability model.

    [infographic]

    Document and Maintain Your Disaster Recovery Plan

    • Buy Link or Shortcode: {j2store}417|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $52,224 Average $ Saved
    • member rating average days saved: 38 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Disaster recovery plan (DRP) documentation is often driven by audit or compliance requirements rather than aimed at the team that would need to execute recovery.
    • Between day-to-day IT projects and the difficulty of maintaining 300+ page manuals, DRP documentation is not updated and quickly becomes unreliable.
    • Inefficient publishing strategies result in your DRP not being accessible during disaster or key staff not knowing where to find the latest version.

    Our Advice

    Critical Insight

    • DR documentation fails when organizations try to boil the ocean with an all-in-one plan aimed at auditors, business leaders, and IT. It’s too long, too hard to maintain, and ends up being little more than shelf-ware.
    • Using flowcharts, checklists, and diagrams aimed at an IT audience is more concise and effective in a disaster, quicker to create, and easier to maintain.
    • Create your DRP in layers to keep the work manageable. Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

    Impact and Result

    • Create visual and concise DR documentation that strips out unnecessary content and is written for an IT audience – the team that would actually be executing the recovery. Your business leaders can take the same approach to create separate business response plans. Don’t mix the two in an all-in-one plan that is not effective for either audience.
    • Determine a documentation distribution strategy that supports ease of maintenance and accessibility during a disaster.
    • Incorporate DRP maintenance into change management procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

    Document and Maintain Your Disaster Recovery Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should adopt a visual-based DRP, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Streamline DRP documentation

    Start by documenting your recovery workflow. Create supporting documentation in the form of checklists, flowcharts, topology diagrams, and contact lists. Finally, summarize your DR capabilities in a DRP Summary Document for stakeholders and auditors.

    • Document and Maintain Your Disaster Recovery Plan – Phase 1: Streamline DRP Documentation

    2. Select the optimal DRP publishing strategy

    Select criteria for assessing DRP tools, and evaluate whether a business continuity management tool, document management solution, wiki site, or manually distributing documentation is best for your DR team.

    • Document and Maintain Your Disaster Recovery Plan – Phase 2: Select the Optimal DRP Publishing Strategy
    • DRP Publishing and Document Management Solution Evaluation Tool
    • BCM Tool – RFP Selection Criteria

    3. Keep your DRP relevant through maintenance best practices

    Learn how to integrate DRP maintenance into core IT processes, and learn what to look for during testing and during annual reviews of your DRP.

    • Document and Maintain Your Disaster Recovery Plan – Phase 3: Keep Your DRP Relevant Through Maintenance Best Practices
    • Sample Project Intake Form Addendum for Disaster Recovery
    • Sample Change Management Checklist for Disaster Recovery
    • DRP Review Checklist
    • DRP-BCP Review Workflow (Visio)
    • DRP-BCP Review Workflow (PDF)

    4. Appendix: XMPL Case Study

    Model your DRP after the XMPL case study disaster recovery plan documentation.

    • Document and Maintain Your Disaster Recovery Plan – Appendix: XMPL Case Study
    • XMPL DRP Summary Document
    • XMPL Notification, Assessment, and Declaration Plan
    • XMPL Systems Recovery Playbook
    • XMPL Recovery Workflows (Visio)
    • XMPL Recovery Workflows (PDF)
    • XMPL Data Center and Network Diagrams (Visio)
    • XMPL Data Center and Network Diagrams (PDF)
    • XMPL DRP Business Impact Analysis Tool
    • XMPL DRP Workbook
    [infographic]

    Workshop: Document and Maintain Your Disaster Recovery Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Streamline DRP Documentation

    The Purpose

    Teach your team how to create visual-based documentation.

    Key Benefits Achieved

    Learn how to create visual-based DR documentation.

    Activities

    1.1 Conduct a table-top planning exercise.

    1.2 Document your high-level incident response plan.

    1.3 Identify documentation to include in your playbook.

    1.4 Create an initial collection of supplementary documentation.

    1.5 Discuss what further documentation is necessary for recovering from a disaster.

    1.6 Summarize your DR capabilities for stakeholders.

    Outputs

    Documented high-level incident response plan

    List of documentation action items

    Collection of 1-3 draft checklists, flowcharts, topology diagrams, and contact lists

    Action items for ensuring that the DRP is executable for both primary and backup DR personnel

    DRP Summary Document

    2 Select the Optimal DRP Publishing Strategy

    The Purpose

    Learn the considerations for publishing your DRP.

    Key Benefits Achieved

    Identify the best strategy for publishing your DRP.

    Activities

    2.1 Select criteria for assessing DRP tools.

    2.2 Evaluate categories for DRP tools.

    Outputs

    Strategy for publishing DRP

    3 Learn How to Keep Your DRP Relevant Through Maintenance Best Practices

    The Purpose

    Address the common pain point of unmaintained DRPs.

    Key Benefits Achieved

    Create an approach for maintaining your DRP.

    Activities

    3.1 Alter your project intake considerations.

    3.2 Integrate DR considerations into change management.

    3.3 Integrate documentation into performance measurement and performance management.

    3.4 Learn best practices for maintaining your DRP.

    Outputs

    Project Intake Form Addendum Template

    Change Management DRP Checklist Template

    Further reading

    Document and Maintain Your Disaster Recovery Plan

    Put your DRP on a diet – keep it fit, trim, and ready for action.

    ANALYST PERSPECTIVE

    The traditional disaster recovery plan (DRP) “red binder” is dead. It takes too long to create, it’s too hard to maintain, and it’s not usable in a crisis.

    “This blueprint outlines the following key tactics to streamline your documentation effort and produce a better result:

    • Write for an IT audience and focus on how to recover. You don’t need 30 pages of fluff describing the purpose of the document.
    • Use flowcharts, checklists, and diagrams over traditional manuals. This drives documentation that is more concise, easier to maintain, and effective in a crisis.
    • Create your DRP in layers to get tangible results faster, starting with a recovery workflow that outlines your DR strategy, and then build out the specific documentation needed to support recovery.”
    (Frank Trovato, Research Director, Infrastructure, Info-Tech Research Group)

    This project is about DRP documentation after you have clarified your DR strategy; create these necessary inputs first

    These artifacts are the cornerstone for any disaster recovery plan.

    • Business Impact Analysis
    • DR Roles and Responsibilities
    • Recovery Workflow

    Missing a component? Start here. ➔ Create a Right-Sized Disaster Recovery Plan

    This blueprint walks you through building these inputs.
    Our approach saves clients on average US$16,825.22. (Clients self-reported an average saving of US$16,869.21 while completing the Create a Right-Sized Disaster Recovery Plan blueprint through advisory calls, guided implementations, or workshops (Info-Tech Research Group, 2017, N=129).)

    How this blueprint will help you document your DRP

    This Research is Designed For:

    • IT managers in charge of disaster recovery planning (DRP) and execution.
    • Organizations seeking to optimize their DRP using best-practice methodology.
    • Business continuity professionals that are involved with disaster recovery.

    This Research Will Help You:

    • Divide the process of creating DR documentation into manageable chunks, providing a defined scope for you to work in.
    • Identify an appropriate DRP document management and distribution strategy.
    • Ensure that DR documentation is up to date and accessible.

    This Research Will Also Assist:

    • IT managers preparing for a DR audit.
    • IT managers looking to incorporate components of DR into an IT operations document.

    This Research Will Help Them:

    • Follow a structured approach in building DR documentation using best practices.
    • Integrate DR into day-to-day IT operations.

    Executive summary

    Situation

    • DR documentation is often driven by audit or compliance requirements, rather than aimed at the team that would need to execute recovery.
    • Traditional DRPs are text-heavy, 300+ page manuals that are simply not usable in a crisis.
    • Compounding the problem, DR documentation is rarely updated, so it’s just shelf-ware.

    Complication

    • DRP is often given lower priority as day-to-day IT projects displace DR documentation efforts.
    • Inefficient publishing strategies result in your DRP not being accessible during disasters or key staff not knowing where to find the latest version.
    • Organizations that create traditional DRPs end up with massive manuals that are difficult to maintain, so they quickly become unreliable.

    Resolution

    • Create visual and concise DR documentation that strips out unnecessary content and is written for an IT audience – the team that would actually be executing the recovery. Your business leaders can take the same approach to create separate business response plans – don’t mix the two into an all-in-one plan that is not effective for either audience.
    • Determine a documentation distribution strategy that supports ease of maintenance and accessibility during a disaster.
    • Incorporate DRP maintenance into change management and project intake procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

    Info-Tech Insight

    1. DR documentation fails when organizations try to boil the ocean with an all-in-one plan aimed at auditors, business leaders, and IT. It’s too long, too hard to maintain, and ends up being little more than shelf-ware.
    2. Using flowcharts, checklists, and diagrams aimed at an IT audience is more concise and effective in a disaster, quicker to create, and easier to maintain.
    3. Create your DRP in layers to keep the work manageable. Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

    An effective DRP that mitigates a wide range of potential outages is critical to minimizing the impact of downtime

    The criticality of having an effective DRP is underestimated.

    Cost of Downtime for the Fortune 1000
    • Cost of unplanned apps downtime per year: $1.25B to $2.5B
    • Cost of critical apps failure per hour: $500,000 to $1M
    • Cost of infrastructure failure per hour: $100,000
    • 35% reported to have recovered within 12 hours.
    • 17% of infrastructure failures took more than 24 hours to recover.
    • 13% of application failures took more than 24 hours to recover.
    Size of Impact Increasing Across Industries
    • The cost of downtime is rising across the board and not just for organizations that traditionally depend on IT (e.g. e-commerce).
    • Downtime cost increase since 2010:
      • Hospitality: 129% increase
      • Transportation: 108% increase
      • Media organizations: 104% increase
    Potential Lost Revenue
    A line graph of Potential Lost Revenue with vertical axis 'LOSS ($)' and horizontal axis 'TIME'. The line starts with low losses near the origin where 'Incident Occurs', gradually accelerates to higher losses as time passes, then decelerates before 'All Revenue Lost'. Note: 'Delay in recovery causes exponential revenue loss'.
    (Adapted from: Rothstein, Philip Jan. Disaster Recovery Testing: Exercising Your Contingency Plan (2007 Edition).)

    The impact of downtime increases significantly over time, not just in terms of lost revenue (as illustrated here) but also goodwill/reputation and health/safety. An effective DR solution and overall resiliency that mitigate a wide range of potential outages are critical to minimizing the impact of downtime.

    Without an effective DRP, your organization is gambling on being able to define and implement a recovery strategy during a time of crisis. At the very least, this means extended downtime – potentially weeks – and substantial impact.

    Only 38% of those with a full or mostly complete DRP believe their DRPs would be effective in a real crisis

    Organizations continue to struggle with creating DRPs, let alone making them actionable.

    Why are so many living with either an incomplete or ineffective DRP? For the same reasons that IT documentation in general continues to be a pain point:

    • It is an outdated model of what documentation should be – the traditional manual with detailed (lengthy) descriptions and procedures.
    • Despite the importance of DR, low priority is placed on creating a DRP and the day-to-day SOPs required to support a recovery.
    • There is a lack of effective processes for ensuring documentation stays up to date.
    A bar graph documenting percentages of survey responses about the completeness of their DRP. 'Only 20% of survey respondents indicated they have a complete DRP'. 13% said 'No DRP'. 33% said 'Partial DRP'. 34% said 'Mostly Completed'. 20% said 'Full DRP'.
    (Source: Info-Tech Research Group, N=165)
    A bar graph documenting percentages of survey responses about the level of confidence in their DRP. 'Only 38% of those who have a mostly completed or full DRP actually feel it would be effective in a crisis'. 4% said 'Low'. 58% said 'Unsure'. 38% said 'Confident'.
    (Source: Info-Tech Research Group, N=69 (includes only those who indicated DRP is mostly completed or completed))

    Improve usability and effectiveness with visual-based and more-concise documentation

    Choose flowcharts over process guides, checklists over lengthy procedures, and diagrams over descriptions.

    If you need a three-inch binder to hold your DRP, imagine having to flip through it to determine next steps during a crisis.

    DR documentation needs to be concise, scannable, and quickly understood to be effective. Visual-based documentation meets these requirements, so it’s no surprise that it also leads to higher DR success.

    DR success scores are based on:

    • Meeting recovery time objectives (RTOs).
    • Meeting recovery point objectives (RPOs).
    • IT staff’s confidence in their ability to meet RTOs/RPOs.
    A line graph of DR documentation types and their effectiveness. The vertical axis is 'DR Success', from Low to High. The horizontal axis is Documentation Type, from 'Traditional Manual' to 'Primarily flowcharts, checklists, and diagrams'. The line trends up to higher success with visual-based and more-concise documentation.(Source: Info-Tech Research Group, N=95)

    “Without question, 300-page DRPs are not effective. I mean, auditors love them because of the detail, but give me a 10-page DRP with contact lists, process flows, diagrams, and recovery checklists that are easy to follow.” (Bernard Jones, MBCI, CBCP, CORP, Manager Disaster Recovery/BCP, ActiveHealth Management)

    Maintainability is another argument for visual-based, concise documentation

    There are two end goals for your DR documentation: effectiveness and maintainability. Without either, you will not have success during a disaster.

    Organizations using a visual-based approach were 30% more likely to find that DR documentation is easy to maintain. “Easy to maintain” leads to a 46% higher rate of DR success.
    Two bar graphs documenting survey responses regarding maintenance ease of DR documentation types. The first graph compares Traditional Manual vs Visual-based. For 'Traditional Manual' 72% responded they were Difficult to maintain while 28% responded they were Easy to maintain; for 'Visual-based' 42% responded they were Difficult to maintain while 58% responded they were Easy to maintain. Visual-based DR documentation received 30% more votes for Easy to Maintain. The second graph compares success rates of 'Difficult to Maintain' vs 'Easy to Maintain' DR documentation with Difficult being 31% and Easy being 77%, a 46% difference. 'Source: Info-Tech Research Group, N=96'.

    Not only are visual-based disaster recovery plans more effective, but they are also easier to maintain.

    Overcome documentation inertia with a tiered model that allows you to eat the elephant one bite at a time

    Start with a recovery workflow to at least ensure a coordinated response. Then use that workflow to determine required supporting documentation.

    Recovery Workflow: Starting the project with overly detailed documentation can slow down the entire process. Overcome planning inertia by starting with high-level incident response plans in a flowchart format. For examples and additional information, see XMPL Medical’s Recovery Workflows.

    Recovery Procedures (Systems Recovery Playbook): For each step in the high-level flowchart, create recovery procedures where necessary using additional flowcharts, checklists, and diagrams as appropriate. Leverage Info-Tech’s Systems Recovery Playbook example as a starting point.

    Additional Reference Documentation: Reference existing IT documentation, such as network diagrams and configuration documents, as well as more detailed step-by-step procedures where necessary (e.g. vendor documentation), particularly where needed to support alternate recovery staff who may not be as well versed as the primary system owners.

    Info-Tech Insight

    Organizations that use flowcharts, checklist, and diagrams over traditional, dense DRP manuals are far more likely to meet their RTOs/RPOs because their documentation is more usable and easier to maintain.

    Use a DRP summary document to satisfy executives, auditors, and clients

    Stakeholders don’t have time to sift through a pile of paper. Summarize your overall continuity capabilities in one, easy-to-read place.

    DRP Summary Document

    • Summarize BIA results
    • Summarize DR strategy (including DR sites)
    • Summarize backup strategy
    • Summarize testing and maintenance plans

    Follow Info-Tech’s methodology to make DRP documentation efficient and effective

    Phases

    Phase 1: Streamline DRP documentation Phase 2: Select the optimal DRP publishing strategy Phase 3: Keep your DRP relevant through maintenance best practices

    Phases

    1.1

    Start with a recovery workflow

    2.1

    Decide on a publishing strategy

    3.1

    Incorporate DRP maintenance into core IT processes

    1.2

    Create supporting DRP documentation

    3.2

    Conduct an annual focused review

    1.3

    Write the DRP Summary

    Tools and Templates

    End-to-End Sample DRP DRP Publishing Evaluation Tool Project In-take/Request Form

    Change Management Checklist

    Follow XMPL Medical’s journey through DR documentation

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Streamline your documentation and maintenance process by following the approach outlined in XMPL Medical’s journey to an end-to-end DRP.

    Outline of the Disaster Recovery Plan

    XMPL’s disaster recovery plan includes its business impact analysis and a subset of tier 1 and tier 2 patient care applications.

    Its DRP includes incident response flowcharts, system recovery checklists, and a communication plan. Its DRP also references IT operations documentation (e.g. asset management documents, system specs, and system configuration docs), but this material is not published with the example documentation.

    Resulting Disaster Recovery Plan

    XMPL’s DRP includes actionable documents in the form of high-level disaster response plan flowcharts and system recovery checklists. During an incident, the DR team is able to clearly see the items for which they are responsible.

    Disaster Recovery Plan
    • Recovery Workflow
    • Business Impact Analysis
    • DRP Summary
    • System Recovery Checklists
    • Communication, Assessment, and Disaster Declaration Plan

    Info-Tech Best Practice

    XMPL Medical’s disaster recovery plan illustrates an effective DRP. Model your end-to-end disaster recovery plan after XMPL’s completed templates. The specific data points will differ from organization to organization, but the structure of each document will be similar.

    Model your disaster recovery documentation off of our example

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Recovery Workflow:

    • Recovery Workflows (PDF, VSDX)

    Recovery Procedures (Systems Recovery Playbook):

    • DR Notification, Assessment, and Disaster Declaration Plan
    • Systems Recovery Playbook
    • Network Topology Diagrams

    Additional Reference Documentation:

    • DRP Workbook
    • Business Impact Analysis
    • DRP Summary Document

    Use Info-Tech’s DRP Maturity Scorecard to evaluate your progress

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Document and Maintain Your Disaster Recovery Plan – Project Overview

    1. Streamline DRP Documentation 2. Select the Optimal DRP Publishing Strategy 3. Keep Your DRP Relevant
    Supporting Tool icon
    Best-Practice Toolkit

    1.1 Start with a recovery workflow

    1.2 Create supporting DRP documentation

    1.3 Write the DRP summary

    2.1 Create Committee Profiles

    3.1 Build Governance Structure Map

    3.2 Create Committee Profiles

    Guided Implementations
    • Review Info-Tech’s approach to DRP documentation.
    • Create a high-level recovery workflow.
    • Create supporting DRP documentation.
    • Write the DRP summary.
    • Identify criteria for selecting a DRP publishing strategy.
    • Select a DRP publishing strategy.
    • Optional: Select requirements for a BCM tool and issue an RFP.
    • Optional: Review responses to RFP.
    • Learn best practices for integrating DRP maintenance into day-to-day IT processes.
    • Learn best practices for DRP-focused reviews.
    Associated Activity icon
    Onsite Workshop
    Module 1:
    Streamline DRP documentation
    Module 2:
    Select the optimal DRP publishing strategy
    Module 3:
    Learn best practices for keeping your DRP relevant
    Phase 1 Outcome:
    • A complete end-to-end DRP
    Phase 2 Outcome:
    • Selection of a publishing and management tool for your DRP documentation
    Phase 3 Outcome:
    • Strategy for maintaining your DRP documentation

    Workshop Overview Associated Activity icon

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Info-Tech Analysts Finalize Deliverables
    Activities
    Assess DRP Maturity and Review Current Capabilities

    0.1 Assess current DRP maturity through Info-Tech’s Maturity Scorecard.

    0.2 Identify the IT systems that support mission-critical business activities, and select 2 or 3 key applications to be the focus of the workshop.

    0.3 Identify current recovery strategies for selected applications.

    0.4 Identify current DR challenges for selected applications.

    Document Your Recovery Workflow

    1.1 Create a recovery workflow: review tabletop planning, walk through DR scenarios, identify DR gaps, and determine how to fill them.

    Create Supporting Documentation

    1.2 Create supporting DRP documentation.

    1.3 Write the DRP summary.

    Establish a DRP Publishing, Management, and Maintenance Strategy

    2.1 Decide on a publishing strategy.

    3.1 Incorporate DRP maintenance into core IT.

    3.2 Considerations for reviewing your DRP regularly.

    Deliverables
    1. Baseline DRP metric (based on DRP Maturity Scorecard)
    1. High-level DRP workflow
    2. DRP gaps and risks identified
    1. Recovery workflow and/or checklist for sample of IT systems
    2. Customized DRP Summary Template
    1. Strategy for selecting a DRP publishing tool
    2. DRP management and maintenance strategy
    3. Workshop summary presentation deck

    Workshop Goal: Learn how to document and maintain your DRP.

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.


    Phase 1: Streamline DRP Documentation

    Step 1.1: Start with a recovery workflow

    PHASE 1
    PHASE 2
    PHASE 3
    1.1 1.2 1.3 2.1 3.1 3.2
    Start with a Recovery Workflow Create Supporting Documentation Write the DRP Summary Select DRP Publishing Strategy Integrate into Core IT Processes Conduct an Annual Focused Review

    This step will walk you through the following activities:

    • Review a model DRP.
    • Review your recovery workflow.
    • Identify documentation required to support the recovery workflow.

    This step involves the following participants:

    • DRP Owner
    • System SMEs
    • Alternate DR Personnel

    Outcomes of this step

    • Understanding the visual-based, concise approach to DR documentation.
    • Creating a recovery workflow that provides a roadmap for coordinating incident response and identifying required supporting documentation.

    Info-Tech Insights

    A DRP is a collection of procedures and supporting documents that allow an organization to recover its IT services to minimize system downtime for the business.

    1.1 — Start with a recovery workflow to ensure a coordinated response and identify required supporting documentation

    The recovery workflow clarifies your DR strategy and ensures the DR team is on the same page.

    Recovery Workflow

    The recovery workflow maps out the incident response plan from event detection, assessment, and declaration to systems recovery and validation.

    This documentation includes:

    • Clarifying initial incident response steps.
    • Clarifying the order of systems recovery and which recovery actions can occur concurrently.
    • Estimating actual recovery timeline through each stage of recovery.
    Recovery Procedures (Playbook)
    Additional Reference Documentation

    “We use flowcharts for our declaration procedures. Flowcharts are more effective when you have to explain status and next steps to upper management.” (Assistant Director-IT Operations, Healthcare Industry)

    Review business impact analysis (BIA) results to plan your recovery workflow

    The BIA defines system criticality from the business’s perspective. Use it to guide system recovery order.

    Specifically, review the following from your BIA:

    • The list of tier 1, 2, and 3 applications. This will dictate the recovery order in your recovery workflow.
    • Application dependencies. This will outline what needs to be included as part of an application recovery workflow.
    • The recovery time objective (RTO) and recovery point objective (RPO) for each application. This will also guide the recovery, and enable you to identify gaps where the recovery workflow does not meet RTOs and RPOs.

    CASE STUDY: The XMPL DRP documentation is based on this Business Impact Analysis Tool.

    Haven’t conducted a BIA? Use Info-Tech’s streamlined approach.

    Info-Tech’s publication Create a Right-Sized Disaster Recovery Plan takes a very practical approach to BIA work. Our process gives IT leaders a mechanism to quickly get agreement on system recovery order and DR investment priorities.

    Conduct a tabletop planning exercise to determine your recovery workflow

    Associated Activity icon 1.1.1 Tabletop Planning Exercise

    1. Define a scenario to drive the tabletop planning exercise:
      • Use a scenario that forces a full failover to your DR environment, so you can capture an end-to-end recovery workflow.
      • Avoid scenarios that impact health and safety such as tornados or a fire. You want to focus on IT recovery.
      • Example scenarios: Burst water pipe that causes data-center-wide damage or a gas leak that forces evacuation and power to be shut down for at least two days.

    Note: You may have already completed this exercise as part of Create a Right-Sized Disaster Recovery Plan.

    Info-Tech Insight

    Use scenarios to provide context for DR planning, and to test your plans, but don’t create a separate plan for every possibility.

    The high-level recovery plan will be the same whether the incident is a fire, flood, or tornado. While there might be some variances and outliers, these scenarios can be addressed by adding decision points and/or separate, supplementary instructions.

    Walk through the scenario and capture the recovery workflow

    Associated Activity icon 1.1.2 Tabletop Planning Exercise
    1. Capture the following information for tier 1, tier 2, and tier 3 systems:
      1. On white cue cards, record the steps and track start and end times for each step (where 00:00 is when the incident occurred).
      2. On yellow cue cards, document gaps in people, process, and technology requirements to complete the step.
      3. On red cue cards, indicate risks (e.g. no backup person for a key staff member).

    Note:

    • Ensure the language is sufficiently genericized (e.g. refer to events, not specifically a burst water pipe).
    • Review isolated failures (e.g. hardware, software). Typically, the recovery procedure documented for individual systems covers the essence of the recovery workflow whether it’s just the one system that failed or it’s part of a site-wide recovery.

    Note: You may have already completed this exercise as part of Create a Right-Sized Disaster Recovery Plan.

    Document your current-state recovery workflow based on the results of the tabletop planning

    Supporting Tool icon 1.1.2 Incident Response Plan Flowcharts, Tabs 2 and 3

    After you finish the tabletop planning exercise, the steps on the set of cue cards define your recovery workflow. Capture this in a flowchart format.

    Use the sample DRP to guide your own flowchart. Some notes on the example are:

    • XMPL’s Incident Management to DR flowchart shows the connection between its standard Service Desk processes and DR processes.
    • XMPL’s high-level workflows outline its recovery of tier 1, 2, and 3 systems.
    • Where more detail is required, include links to supporting documentation. In this example, XMPL Medical includes links to its Systems Recovery Playbook.
    Preview of an Info-Tech Template depicting a sample flowchart.

    This sample flowchart is included in XMPL Recovery Workflows.

    Step 1.2: Create Supporting DRP Documentation

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Create checklists for your playbook.
    • Document more complex procedures with flowcharts.
    • Gather and/or write network topology diagrams.
    • Compile a contact list.
    • Ensure there is enough material for backup personnel.

    This step involves the following participants:

    • DRP Owner
    • System SMEs
    • Backup DR Personnel

    Outcomes of this step

    • Actionable supporting documentation for your disaster recovery plan.
    • Contact list for IT personnel, business personnel, and vendor support.

    1.2 — Create supporting documentation for your disaster recovery plan

    Now that you have a high-level incident response plan, collect the information you need for executing that plan.

    Recovery Workflow

    Write your recovery procedures playbook to be effective and usable. Your playbook documentation should include:

    • Supplementary flowcharts
    • Checklists
    • Topology diagrams
    • Contact lists
    • DRP summary

    Reference vendors’ technical information in your flowcharts and checklists where appropriate.

    Recovery Procedures (Playbook)

    Additional Reference Documentation

    Info-Tech Insight

    Write for your audience. The playbook is for IT; include only the information they need to execute the plan. DRP summaries are for executives and auditors; do not include information intended for IT. Similarly, your disaster recovery plan is not for business units; keep BCP content out of your DRP.

    Use checklists to streamline step-by-step procedures

    Supporting Tool icon 1.2.1 XMPL Medical’s System Recovery Checklists

    Checklists are ideal when staff just need a reminder of what to do, not how to do it.

    XMPL Medical used its high-level flowcharts as a roadmap for creating its Systems Recovery Playbook.

    • Since its Playbook is intended for experienced IT staff, the writing style in the checklists is concise. XMPL includes links to reference material to support recovery, especially for alternate staff who might need additional instruction.
    • XMPL includes key parameters (e.g. IP addresses) rather than assume those details would be memorized, especially in a stressful DR scenario.
    • Similarly, include links to other useful resources such as VM templates.
    Preview of the Info-Tech Template 'Systems Recovery Playbook'.

    Included in the XMPL Systems Recovery Playbook are checklists for recovering XMPL’s virtual desktop infrastructure, mission-critical applications, and core infrastructure components.

    Use flowcharts to document processes with concurrent tasks not easily captured in a checklist

    Supporting Tool icon 1.2.2 XMPL Medical’s Phone Services Recovery Flowchart

    Recovery procedures can consist of flowcharts, checklists, or both, as well as diagrams. The main goal is to be clear and concise.

    • XMPL Medical created a flowchart to capture its phone services recovery procedure to capture concurrent tasks.
    • Additional instructions, where required, could still be captured in a Playbook checklist or other supporting documentation.
    • The flowchart could have also included key settings or other details as appropriate, particularly if the DR team chose to maintain this recovery procedure just in a flowchart format.
    Preview of the Info-Tech Template 'Recovery Workflows'.

    Included in the XMPL DR documentation is an example flowchart for recovering phone systems. This flowchart is in Recovery Workflows.

    Reference this blueprint for more SOP flowchart examples: Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Use topology diagrams to capture network layout, integrations, and system information

    Supporting Tool icon 1.2.4 XMPL Medical’s Data Center and Network Diagrams

    Topology diagrams, key checklists, and configuration settings are often enough for experienced networking staff to carry out their DR tasks.

    • XMPL Medical includes these diagrams with its DRP. Instead of recreating these diagrams, the XMPL Medical DR Manager asked their network team for these diagrams:
      • Primary data center diagram
      • DR site diagram
      • High-level network diagrams
    • Often, organizations already have network topology diagrams for reference purposes.

    “Our network engineers came to me and said our standard SOP template didn't work for them. They're now using a lot of diagrams and flowcharts, and that has worked out better for them.” (Assistant Director-IT Operations, Healthcare Industry)

    Preview of the Info-Tech Template 'Systems Recovery Playbook'.

    You can download a PDF and a VSD version of these Data Center and Network Diagrams from Info-Tech’s website.

    Create a list of organizational, IT, and vendor contacts that may be required to assist with recovery

    If there is something strange happening to your IT infrastructure, who you gonna call?

    Many DR managers have their team on speed dial. However, having the contact info of alternate staff, BCP leads, and vendors can be very helpful during a disaster. XMPL Medical lists the following information in its DRP Workbook:

    • The DR Teams, SMEs critical to disaster recovery, their backups, and key contacts (e.g. BC Management team leads, vendor contacts) that would be involved in:
      • Declaring a disaster.
      • Coordinating a response at an organizational level.
      • Executing recovery.
    • The people that have authority to declare a disaster.
    • Each person’s spending authority.
    • The rules for delegating authority.
    • Primary and alternate staff for each role.
    Example list of alternate staff, BCP leads, and vendors.

    Confirm with your DR team that you have all of the documentation that you need to recover during a disaster

    Associated Activity icon 1.2.7 Group Discussion

    DISCUSS: Is there enough information in your DRP for both primary and backup DR personnel?

    • Is it clear who is responsible for each DR task, including notification steps?
    • Have alternate staff for each role been identified?
    • Does the recovery workflow capture all of the high-level steps?
    • Is there enough documentation for alternate staff (e.g. network specs)?

    Step 1.3: Write the DRP Summary

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Write a DRP summary document.

    This step involves the following participants:

    • DRP Owner

    Outcomes of this step

    • High-level outline of your DRP capabilities for stakeholders such as executives, auditors, and clients.

    Summarize your DR capabilities using a DRP summary document

    Supporting Tool icon 1.3.1 DRP Summary Document

    The sample included on Info-Tech’s website is customized for the XMPL Medical Case Study – use the download as a starting point for your own summary document.

    DRP Summary Document

    XMPL’s DRP Summary is organized into the following categories:

    • DR requirements: This includes a summary of scope, business impact analysis (BIA), risk assessment, and high-level RTOs and achievable RTOs.
    • DR strategy: This includes a summary of XMPL’s recovery procedures, DR site, and backup strategy.
    • Testing and maintenance: This includes a summary of XMPL’s DRP testing and maintenance strategy.

    Be transparent about existing business risks in your DRP summary

    The DRP summary document is business facing. Include information of which business leaders (and other stakeholders) need to be aware.

    • Discrepancies between desired and achievable RTOs? Organizational leadership needs to know this information. Only then can they assign the resources and budget that IT needs to achieve the desired DR capabilities.
    • What is the DRP’s scope? XMPL Medical lists the IT components that will be recovered during a disaster, and components which will not. For instance, XMPL’s DRP does not recover medical equipment, and XMPL has separate plans for business continuity and emergency response coordination.
    Application tier Desired RTO (hh:mm) Desired RPO (hh:mm) Achievable RTO (hh:mm) Achievable RPO (hh:mm)
    Tier 1 4:00 1:00 *90:00 1:00
    Tier 2 8:00 1:00 *40:00 1:00
    Tier 3 48:00 24:00 *96:00 24:00

    The above table to is a snippet from the XMPL DR Summary Document (section 2.1.3.2).

    In the example, the DR team is unable to recover tier 1, 2, and 3 systems within the desired RTO. As such, they clearly communicate this information in the DRP summary, and include action items to address these gaps.

    Phase 2: Select the Optimal DRP Publishing Strategy

    Step 2.1: Select a DRP Publishing Strategy

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Select criteria for assessing DRP tools.
    • Evaluate categories for DRP tools.
    • Optional: Write an RFP for a BCM tool.

    This step involves the following participants:

    • DRP Owner

    Outcomes of this step

    • Identified strategies for publishing your DRP (i.e. making it available to your DR team).

    Info-Tech Insights

    Diversify your publishing strategy to ensure you can access your DRP in a disaster. For example, if you are using a BCM tool or SharePoint Online as your primary documentation repository, also push the DRP to your DR team’s smartphones as a backup in case the disaster affects internet access.

    2.1 — Select a DR publishing and document management strategy that fits your organization

    Publishing and document management considerations:

    Portability/External Access: Assume your primary site is down and inaccessible. Can you still access your documentation? As shown in this chart, traditional strategies of either keeping a copy at another location (e.g. at the failover site) or with staff (e.g. on a USB drive) still dominate, but these aren’t necessarily the best options.
    A bar chart titled 'Portability Strategy Popularity'. 'External Website (wiki site, cloud-based DRP tool, etc.)' scored 16%. 'Failover Site (network drive or redundant SharePoint, etc.)' scored 53%. 'Distribute to Staff (use USB drive, personal email, etc.)' scored 50%. 'Not Accessible Offsite' scored 7%.
    Note: Percentages total more than 100% due to respondents using more than one portability strategy.
    (Source: Info-Tech Research Group, N=118)
    Maintainability/Usability: How easy is it to create, update, and use the documentation? Is it easy to link to other documents as shown in the flowchart and checklist examples? Is there version control? Lack of version control can create a maintenance nightmare as well as issues in a crisis if staff are questioning whether they have the right version.
    Cost/Effort: Is the cost and effort appropriate? For example, a large enterprise may need a formal solution (e.g. DRP tools or SharePoint), but the cost might be hard to justify for a smaller company.

    Pros and cons of potential strategies

    This section will review the following strategies, their pros and cons, and how they meet publishing and document management requirements:

    • DRP tools (e.g. eBRP, Recovery Planner, LDRPS)
    • In-house solutions combining SharePoint and MS Office (or equivalent)
    • Wiki site
    • “Manual” approaches such as storing documents on a USB drive

    Avoid 42 hours of downtime due to a non-diversified publishing strategy

    CASE STUDY

    Industry Municipality
    Source Interview

    Situation

    • A municipal government has recently completed an end-to-end disaster recovery plan.
    • The team is feeling good about the fact that they were able to identify:
      • Relative criticality of applications.
      • Dependencies for each application.
      • Incident response plans for the current state and desired state.
      • System recovery procedures.

    Challenge

    • While the DR plan itself was comprehensive, the team only published the DR onto the government’s network drives.
    • A power generation issue caused power to be shut down, which in turn cascaded into downtime for the network.
    • Once the network was down, their DRP was inaccessible.

    Insights

    • Each piece of documentation that was created could have contributed to recovery efforts. However, because they were inaccessible, there was a delayed response to the incident. The result was 42 hours of downtime for end users.
    • Having redundant publishing strategies is just like having redundant IT infrastructure. In the event of downtime, not only do you need to have DR documentation, but you also need to make sure that it is accessible.

    Decide on a DR publishing strategy by looking at portability, maintainability, cost, and required effort

    Supporting Tool icon 2.1.1 DRP Publishing and Management Evaluation Tool

    Use the information included in Step 2.1 to guide your analysis of DRP publishing solutions.

    The tool enables you to compare two possible solutions based on these key considerations discussed in this section:

    • Portability/external access
    • Maintainability/usability
    • Cost
    • Effort

    The right choice will depend on factors such as current in-house tools, maturity around document management, the size of your IT department, and so on.

    For example, a small shop may do very well with the USB drive strategy, whereas a multi-national company will need a more formal strategy to manage consistent DRP distribution.

    Preview of Info-Tech's 'DRP Publishing and Management Solution Evaluation Tool'.

    The DRP Publishing and Management Solution Evaluation Tool helps you to evaluate the tools included in this section.

    Don’t think of a business continuity management (BCM) tool as a silver bullet; know what you’re getting out of it

    Portability/External Access:
    • Pros: Typically a SaaS option provides built-in external access with appropriate security and user administration to vary access rights.
    • Cons: Degree of external access is often dependent on the vendor.
    Maintainability/Usability:
    • Pros: Built-in templates encourage consistency and guide initial content development by indicating what details need to be captured.
    • Pros: Built-in document management (e.g. version control, metadata support), centralized access/navigation to required documents, and some automation (e.g. update contacts throughout the system).
    • Cons: Not a silver bullet. You still have to do the work to define and capture your processes.
    • Cons: Requires end-user and administrator training.
    Cost/Effort:
    • Pros: For large enterprises, the convenience of built-in document management and templates can outweigh the cost.
    • Cons: Expect leading DRP tools to cost $20K or more per year.

    About this approach:
    BCM tools are solutions that provide templates, tools, and document management to create BC and DR documentation.

    Info-Tech Insight

    The business case for a BCM tool is built by answering the following questions:

    • Will the BCM tool solve an unmet need?
    • Will the tool be more effective and efficient than an in-house solution?
    • Will the solution provide enhanced capabilities that an in-house solution cannot provide?

    If you cannot get a satisfactory answer to each of these questions, then opt for an in-house solution.

    “We explored a DRP tool, and it was something we might have used, but it was tens of thousands of pounds per year, so it didn’t stack up financially for us at all.” (Rik Toms, Head of Strategy – IP and IT, Cable and Wireless Communications)

    For in-house solutions, leverage tools such as SharePoint to provide document management capabilities

    Portability/External Access:
    • Pros: SharePoint is commonly web-enabled and supports external access with appropriate security and user administration.
    • Cons: Must be installed at redundant sites or be cloud-based to be effective in a crisis that takes down your primary data center.
    Maintainability/Usability:
    • Pros: Built-in document management (e.g. version control, metadata support) as well as centralized access/navigation to required documents.
    • Pros: No tool learning curve – SharePoint and MS Office would be existing solutions already used on a daily basis.
    • Cons: No built-in automation (e.g. automated updates to contacts throughout the system).
    • Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: Using existing tools, so this is a sunk cost in terms of capex.
    • Cons: Additional effort required to create templates and manage the documentation library.

    About this approach:
    DRPs and SOPs most often start as MS Office documents, even if there is a DRP tool available. For organizations that elect to bypass a formal DRP tool, and most do, the biggest gap they have to overcome is document management.

    Many organizations are turning to SharePoint to meet this need. For those that already have SharePoint in place, it makes sense to further leverage SharePoint for DR documentation and day-to-day SOPs.

    For SharePoint to be a practical solution, the documentation must still be accessible if the primary data center is down, e.g. by having redundant SharePoint instances at multiple in-house locations, or using a cloud-based SharePoint solution.

    “Just about everything that a DR planning tool does, you can do yourself using homegrown solutions or tools that you're already familiar with such as Word, Excel, and SharePoint.” (Allen Zuk, President and CEO, Sierra Management Consulting)

    A healthcare company uses SharePoint as its DRP and SOP documentation management solution

    CASE STUDY Healthcare

    • This organization is responsible for 50 medical facilities across three states.
    • It explored DRP tools, but didn’t find the right fit, so it has developed an in-house solution based in SharePoint. While DRP tools have improved, the organization no longer needs that type of solution. Its in-house solution is meeting its needs.
    • It has SharePoint instances at multiple locations to ensure availability if one site is down.

    Documentation Strategy

    • Created an IT operations library in SharePoint for DR and SOPs, from basic support to bare-metal restore procedures.
    • SOPs are linked from SharePoint to the virtual help desk for greater accessibility.
    • Where practical, diagrams and flowcharts are used, e.g. DR process flowcharts and network services SOPs dominated by diagrams and flowcharts.

    Management Strategy

    • Directors and the CIO have made finishing off SOPs their performance improvement objective for the year. The result is staff have made time to get this work done.
    • Status updates are posted monthly, and documentation is a regular agenda item in leadership meetings.
    • Regular tabletop testing validates documentation and ensures familiarity with procedures, including where to find required information.

    Results

    • Dependency on a few key individuals has been reduced. All relevant staff know what they need to do and where to access required documentation.
    • SOPs are enabling DR training as well as day-to-day operations training for new staff.
    • The organization has a high confidence in its ability to recovery from a disaster within established timelines.

    Explore using a wiki site as an inexpensive alternative to SharePoint and other content management solutions

    Portability/External Access:
    • Pros: Wiki sites can support external access as with any web solution.
    • Cons: Must be installed at redundant sites, hosted, or cloud-based to be effective in a crisis that takes down your primary data center.
    Maintainability/Usability:
    • Pros: Built-in document management (version control, metadata support, etc.) as well as centralized access/navigation to required information.
    • Pros: Authorized users can make updates dynamically, depending on how much restriction you have on the site.
    • Cons: No built-in automation (e.g. automated updates to contacts throughout the system).
    • Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: An inexpensive option compared to traditional content management solutions such as SharePoint.
    • Cons: Learning curve if wikis are new to your organization.

    About this approach:
    Wiki sites are websites where users collaborate to create and edit the content. Wikipedia is an example.

    While wiki sites are typically used for collaboration and dynamic content development, the traditional collaborative authoring model can be restricted to provide structure and an approval process.

    Several tools are available to create and manage wiki sites (and other collaboration solutions), as outlined in the following research:

    Info-Tech Insight

    If your organization is not already using wiki sites, this technology can introduce a culture shock. Start slow by using a wiki site within a specific department or for a particular project. Then evaluate how well your staff adapt to this technology as well as its potential effectiveness in your organization. Refer to our collaboration strategy research for additional guidance.

    For small IT shops, distributing documentation to key staff (e.g. via a USB drive) can still be effective

    Portability/External Access:
    • Pros: Appropriate staff have the documentation with them; there is no need to log into a remote site or access a tool to get at the information.
    • Cons: Relies on staff to be diligent about ensuring they have the latest documentation and keep it with them (not leave it in their desk drawer).
    Maintainability/Usability:
    • Pros: With this strategy, MS Office (or equivalent) is used to create and maintain the documentation, so there is no learning curve.
    • Pros: Simple, straightforward methodology – keep the master on a network drive, and download a copy to your USB drive.
    • Cons: No built-in automation (e.g. automated updates to contact information) or document management (e.g. version control).
    • Cons: Consistency depends on creating templates and implementing rigid processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: Little to no cost and no tool management required.
    • Cons: “Manual” document management requires strict attention to process for version control, updates, approvals, and distribution.

    About this approach:
    With this strategy, your ERT and key IT staff keep a copy of your DRP and relevant documentation with them (e.g. on a USB drive). If the primary site experiences a major event, they have ready access to the documentation.

    Fifty percent of respondents in our recent survey use this strategy. A common scenario is to use a shared network drive or a solution such as SharePoint as the master centralized repository, but distribute a copy to key staff.

    Info-Tech Insight

    This approach can have similar disadvantages as using hard copies. Ensuring the USB drives are up to date, and that all staff who might need access have a copy, can become a burdensome process. More often, USB drives are updated periodically, so there is the risk that the information will be out of date or incomplete.

    Avoid extensive use of paper copies of DR documentation

    DR documents need to be easy to update, accessible from anywhere, and searchable. Paper doesn’t meet these needs.

    Portability/External Access:
    • Pros: Does not rely on technology or power.
    • Cons: Requires all staff who might be involved in a DR to have a copy, and to have it with them at all times, to truly have access at any time from anywhere.
    Maintainability/Usability:
    • Pros: In terms of usability, again there is no dependence on technology.
    • Cons: Updates need to be printed and distributed to all relevant staff every time there is a change to ensure staff have access to the latest, most accurate documentation if a disaster occurred. You can’t schedule disasters, so information needs to be current all the time.
    • Cons: Navigation to other information is manual – flipping through pages, etc. No searching or hyperlinks.
    Cost/Effort:
    • Pros: No technology system to maintain, aside from what you use for printing.
    • Cons: Printing expenses are actually among the highest incurred by organizations, and this adds to it.
    • Cons: Labor intensive due to need to print and physically distribute documentation updates.

    About this approach:
    Traditionally DRPs are printed and distributed to managers and/or kept in a central location at both the primary site and a secondary site. In addition, wallet cards are distributed that contain key information such as contact numbers.

    A wallet card or even a few printed copies of your high-level DRP for general reference can be helpful, but paper is not a practical solution for your overall DR documentation library, particularly when you include SOPs for recovery procedures.

    One argument in favor of paper is there is no dependency on power during a crisis. However, in a power outage, staff can use smartphones and potentially laptops (with battery power) to access electronically stored documentation to get through first response steps. In addition, your DR site should have backup power to be an appropriate recovery site.

    Optional: Partial list of BCM tool vendors

    A partial list of BCM tool vendors, including: Business Protector, catalyst, clearview, ContinuityLogic. Fusion, Logic Manager, Quantivate, RecoveryPlanner.com, MetricStream, SimpleRisk, riskonnect, Strategic BCP - ResilienceONE, RSA, and Sungard Availability Services.

    The list is only a partial list of BCM tool vendors. The order in which vendors are presented, and inclusion in this list, does not represent an endorsement.

    Optional: Use our list of requirements as a foundation for selecting and reviewing BCM tools

    Supporting Tool icon 2.1.2 BCM Tool – RFP Selection Criteria

    If a BCM tool is the best option for your environment, expedite the evaluation process with our BCM Tool – RFP Selection Criteria.

    Through advisory services, workshops, and consulting engagements, we have created this BCM Tool Requirements List. The featured requirements includes the following categories:

    1. Integrations
    2. Planning and Monitoring
    3. Administration
    4. Architecture
    5. Security
    6. Support and Training
    Preview of the Info-Tech template 'BCM Tool – RFP Selection Criteria'.

    This BCM Tool – RFP Selection Criteria can be appended to an RFP. You can leverage Info-Tech’s RFP Template if your organization does not have one.

    Info-Tech can write full RFPs

    As part of a consulting engagement, Info-Tech can write RFPs for BCM tools and provide a customized scoring tool based on your environment’s unique requirements.

    Phase 3: Keep Your DRP Relevant Through Maintenance Best Practices

    Step 3.1: Integrate DRP maintenance into core IT processes

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Integrate DRP maintenance with Project Management.
    • Integrate DRP considerations into Change Management.
    • Integrate with Performance Management.

    This step involves the following participants:

    • DRP Owner
    • Head of Project Management Office
    • Head of Change Advisory Board
    • CIO

    Outcomes of this step

    • Updated project intake form.
    • Updated change management practice.
    • Updated performance appraisals.

    3.1 — Incorporate DRP maintenance into core IT processes

    Focusing on these three processes will help ensure that your plan stays current, accurate, and usable.

    The Info-Tech / COBIT5 'IT Management and Governance Framework' with three processes highlighted: 'MEA01 Performance Measurement', 'BAI06 Change Management', and 'BAI01 Project Management'.

    Info-Tech Best Practice

    Prioritize quick wins that will have large benefits. The advice presented in this section offers easy ways to help keep your DRP up to date. These simple solutions can save a lot of time and effort for your DRP team as opposed to more intricate changes to the processes above.

    Assess how new projects impact service criticality and DR requirements upfront during project intake

    Icon for process 'BAI01 Project Management'.
    Supporting Tool icon 3.1.1 Sample Project Intake Form Addendum

    Understand the RTO/RPO requirements and IT impacts for new or enhanced services to ensure appropriate provisioning and overall DRP updates.

    • Have submitters include service continuity requirements. This information can be inserted into your business impact analysis. Use similar language that you use in your own BIA.
      • The submitter should know how critical the resulting project will be. Any items that the submitter doesn’t know, the Project Steering Committee should investigate.
    • Have IT assess the impact on the DRP. The submitter will not know how the DRP will be impacted directly. Ask the project committee to consider how DRP documentation and the DR environment will need to be changed due to the project under consideration.

    Note: The goal is not to make DR a roadblock, but rather to ensure project requirements will be met – including availability and DR requirements.

    Preview of the Info-Tech template 'Project Intake Form'.

    This Project Intake Form asks the submitter to fill out the availability and criticality requirements for the project.

    Leverage your change management process to identify required DRP updates as they occur

    Icon for process 'BAI06 Change Management'.

    Avoid the year-end rush to update your DRP. Keeping it up to date as changes occur saves time in the long run and ensures your plan is accurate when you need it.

    • As part of your change management process, identify potential updates to:
      • System documentation (e.g. configuration settings).
      • Recovery procedures (e.g. if a system has been virtualized, that changes the recovery procedure).
      • Your DR environment (e.g. system configuration updates for standby systems).
    • Keep track of how often a system has changed. Relevant DRP documentation might be due for a deeper review:
      • After a system has been changed ten times (even from routine changes), notify your DRP Manager to flag the relevant DRP documentation for review.
      • As part of formal DRP reviews, pay closer attention to DRP documentation for the flagged systems.
    Preview of the Info-Tech template 'Disaster Recovery Change Management'.

    This template asks the submitter to fill out the availability and criticality requirements for the project.

    For change management best practices beyond DRP considerations, please see Optimize Change Management.

    Integrate documentation into performance measurement and performance management

    Icon for process 'MEA01 Performance Measurement'.

    Documentation is a necessary evil – few like to create it and more immediate tasks take priority. If it isn’t scheduled and prioritized, it won’t happen.

    Why documentation is such a challenge

    How management can address these challenges

    We all know that IT staff typically do not like to write documentation. That’s not why they were hired, and good documentation is not what gets them promoted. Include documentation deliverables in your IT staff’s performance appraisal to stress the importance of ensuring documentation is up to date, especially where it might impact DR success.
    Similarly, documentation is secondary to more urgent tasks. Time to write documentation is often not allocated by project managers. Schedule time for developing documentation, just like any other project, or it won’t happen.
    Writing manuals is typically a time-intensive task. Focus on what is necessary for another experienced IT professional to execute the recovery. As discussed earlier, often a diagram or checklist is good enough and actually far more usable in a crisis.

    “Our directors and our CIO have tied SOP work to performance evaluations, and SOP status is reviewed during management meetings. People have now found time to get this work done.” (Assistant Director – IT Operations, Healthcare Industry)

    Step 3.2: Conduct an Annual Focused Review

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    1. Identify components of your DRP to refresh.
    2. Identify organizational changes requiring further focus.
    3. Test your DRP and identify problems.
    4. Correct problems identified with DRP.

    This step involves the following participants:

    • DRP Owner
    • System SMEs
    • Backup DR Personnel

    Outcomes of this step

    • An actionable, up-to-date DRP.

    Info-Tech Insight

    Testing is a waste of time and resources if you do not fix what’s broken. Tabletop testing is effective at uncovering gaps in your DR processes, but if you don’t address those gaps, then your DRP will still be unusable in a disaster.

    Set up a safety net to capture changes that slipped through the cracks with a focused review process

    Evaluate documentation supporting high-priority systems, as well as documentation supporting IT systems that have been significantly changed.

    • Ideally you’re maintaining documentation as you go along. But you need to have an annual review to catch items that may have slipped through.
    • Don’t review everything. Instead, review:
      • IT systems that have had 10+ changes: small changes and updates can add up over time. Ensure:
        • The plans for these systems are updated for changes (e.g. configuration changes).
        • SMEs and backup personnel are familiar with the changes.
      • Tier 1 / Gold Systems: Ensure that you can still recover tier 1 systems with your existing DRP documentation.
    • Track documentation issues that you discovered with your ticketing system or service desk tool to ensure necessary documentation changes are made.
    1. Annual Focused Review
    2. Tier 1 Systems
    3. Significantly Changed Systems
    4. Organizational Changes

    Identify larger changes, both organizational and within IT, that necessitate DRP updates

    During your focused review, consider how organizational changes have impacted your DRP.

    The COBIT 5 Enablers provide a foundation for this analysis. Consider:

    • Changes in regulatory requirements: Are there new requirements for IT that are not reflected in your DRP? Is the organization required to comply with any additional regulations?
    • Changes to organizational structures, business processes, and how employees work: Can employees still be productive once tier 1 services are restored or have RTOs changed? Has organizational turnover impacted your DRP?
    • SMEs leaving or changing roles: Can IT still execute your DRP? Are there still people for all the key roles?
    • Changes to IT infrastructure and applications: Can the business still access the information they need during a disaster? Is your BIA still accurate? Do new services need to be considered tier 1?

    Info-Tech Best Practice

    COBIT 5 Enablers
    What changes need to be reflected in your DRP?

    A cycle visualization titled 'Disaster Recovery Plan'. Starting at 'Changes in Regulatory Requirements', it proceeds clockwise to 'Organizational Structure', 'Changes in Business Processes', and 'How Employees Work', before it returns to DRP. Then 'Changes to Applications', 'Changes to Infrastructure', 'SMEs Leaving or Changing Roles', and then back to the DRP.

    Create a plan during your annual focused review to test your DRP throughout the year

    Regardless of your documentation approach, training and familiarity with relevant procedures is critical.

    • Start with tabletop exercises and progress to technology-based testing (simulation, parallel, and full-scale testing).
    • Ask staff to reference documentation while testing, even if they do not need to. This practice helps to confirm documentation accuracy and accessibility.
    • Incorporate cross-training in DR testing. This gives important experience to backup personnel and will further validate that documents are complete and accurate.
    • Track any discovered documentation issues with your ticketing system or project tracking tools to ensure necessary documentation changes are made.

    Example Test Schedule:

    1. Q1: Tabletop testing shadowed by backup personnel
    2. Q2: Tabletop testing led by backup personnel
    3. Q3: Technology-based testing
    4. Annual Focused Review: Review Results

    Reference this blueprint for guidance on DRP testing plans: Reduce Costly Downtime Through DR Testing

    Appendix A: XMPL Case Study

    Follow XMPL Medical’s journey through DR documentation

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Streamline your documentation and maintenance process by following the approach outlined in XMPL Medical’s journey to an end-to-end DRP.

    Outline of the Disaster Recovery Plan

    XMPL’s disaster recovery plan includes its business impact analysis and a subset of tier 1 and tier 2 patient care applications.

    Its DRP includes incident response flowcharts, system recovery checklists, and a communication plan. Its DRP also references IT operations documentation (e.g. asset management documents, system specs, and system configuration docs), but this material is not published with the example documentation.

    Resulting Disaster Recovery Plan

    XMPL’s DRP includes actionable documents in the form of high-level disaster response plan flowcharts and system recovery checklists. During an incident, the DR team is able to clearly see the items for which they are responsible.

    Disaster Recovery Plan
    • Recovery Workflow
    • Business Impact Analysis
    • DRP Summary
    • System Recovery Checklists
    • Communication, Assessment, and Disaster Declaration Plan

    Info-Tech Best Practice

    XMPL Medical’s disaster recovery plan illustrates an effective DRP. Model your end-to-end disaster recovery plan after XMPL’s completed templates. The specific data points will differ from organization to organization, but the structure of each document will be similar.

    Model your disaster recovery documentation off of our example

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Recovery Workflow:

    • Recovery Workflows (PDF, VSDX)

    Recovery Procedures (Systems Recovery Playbook):

    • DR Notification, Assessment, and Disaster Declaration Plan
    • Systems Recovery Playbook
    • Network Topology Diagrams

    Additional Reference Documentation:

    • DRP Workbook
    • Business Impact Analysis
    • DRP Summary Document

    Use our structure to create your practical disaster recovery plan.

    Appendix B: Summary, Next Steps, and Bibliography

    Insight breakdown

    Use visual-based documentation instead of a traditional DRP manual.

    • Flowcharts, checklists, and diagrams are more concise, easier to maintain, and more effective in a crisis.
    • Write for an IT audience and focus on how to recover. You don’t need 30 pages of fluff describing the purpose of the document.

    Create your DRP in layers to keep the work manageable.

    • Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

    Prioritize quick wins to make DRP maintenance easier and more likely to happen.

    • Incorporate DRP maintenance into change management and project intake procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

    Summary of accomplishment

    Knowledge Gained

    • How to create visual-based DRP documentation
    • How to integrate DRP maintenance into core IT processes

    Processes Optimized

    • DRP documentation creation
    • DRP publishing tool selection
    • DRP documentation maintenance

    Deliverables Completed

    • DRP documentation
    • Strategy for publishing your DRP
    • Modified project-intake form
    • Change management checklist for DR considerations

    Project step summary

    Client Project: Document and Maintain Your Disaster Recovery Plan

    • Create a recovery workflow.
    • Create supporting DRP documentation.
    • Write a summary for your DRP.
    • Decide on a publishing strategy.
    • Incorporate DRP maintenance into core IT processes.
    • Conduct an annual focused review.

    Info-Tech Insight

    This project has the ability to fit the following formats:

    • Onsite workshop by Info-Tech Research Group consulting analysts.
    • Do-it-yourself with your team.
    • Remote delivery (Info-Tech Guided Implementation).

    Related Info-Tech research

    Create a Right-Sized Disaster Recovery Plan
    Close the gap between your DR capabilities and service continuity requirements.

    Reduce Costly Downtime Through DR Testing
    Improve the accuracy of your DRP and your team’s ability to efficiently execute recovery procedures through regular DR testing.

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind
    Go beyond satisfying auditors to drive process improvement, consistent IT operations, and effective knowledge transfer.

    Prepare for a DRP Audit
    Assess your current DRP maturity, identify required improvements, and complete an audit-ready DRP summary document.

    Bibliography

    A Structured Approach to Enterprise Risk Management (ERM) and the Requirements of ISO 31000. The Association of Insurance and Risk Managers, Alarm: The Public Risk Management Association, and The Institute of Risk Management, 2010.

    “APO012: Manage Risk.” COBIT 5: Enabling Processes. ISACA, 2012.

    Bird, Lyndon, Ian Charters, Mel Gosling, Tim Janes, James McAlister, and Charlie Maclean-Bristol. Good Practice Guidelines: A Guide to Global Good Practice in Business Continuity. Global ed. Business Continuity Institute, 2013.

    COBIT 5: A Business Framework for the Governance and Management of Enterprise IT. ISACA, 2012.

    “EDM03: Ensure Risk Optimisation.” COBIT 5: Enabling Processes. ISACA, 2012.

    Risk Management. ISO 31000:2009.

    Rothstein, Philip Jan. Disaster Recovery Testing: Exercising Your Contingency Plan. Rothstein Associates: 1 Oct. 2007.

    Societal Security – Business continuity management systems – Guidance. ISO 22313:2012.

    Societal Security – Business continuity management systems – Requirements. ISO 22301:2012.

    Understanding and Articulating Risk Appetite. KPMG, 2008.

    Spread Best Practices With an Agile Center of Excellence

    • Buy Link or Shortcode: {j2store}152|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $97,499 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Your organization is looking to create consistency across all Agile teams to drive greater business results and alignment.
    • You are seeking to organically grow Agile capabilities within the organization through a set of support structures and facilitated through shared learning and capabilities.

    Our Advice

    Critical Insight

    • Social capital can be an enabler, but also a barrier. People can only manage a finite number of relationships; ensure that the connections the Center of Excellence (CoE) facilitates are purposeful.
    • Don’t over govern. Empowerment is critical to enable improvements; set boundaries and let teams work inside them with autonomy.
    • Legitimize through listening. A CoE will not be leveraged unless it aligns with the needs of its users. Invest the time to align with the functional expectations of your Agile teams.

    Impact and Result

    • Create a set of service offerings aligned with both corporate objectives and the functional expectations of its customers to ensure broad support and utility of the invested resources.
    • Understand some of the cultural and processual challenges you will face when forming a center of excellence, and address them using Info-Tech’s Agile adoption model.

    Spread Best Practices With an Agile Center of Excellence Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build an Agile Center of Excellence, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Strategically align the Center of Excellence

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision.

    • Spread Best Practices With an Agile Center of Excellence – Phase 1: Strategically Align the Center of Excellence

    2. Standardize the Center of Excellence’s service offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization.

    • Spread Best Practices With an Agile Center of Excellence – Phase 2: Standardize the Center of Excellence’s Service Offerings

    3. Operate the Center of Excellence

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change.

    • Spread Best Practices With an Agile Center of Excellence – Phase 3: Operationalize Your Agile Center of Excellence
    • ACE Satisfaction Survey
    • CoE Maturity Diagnostic Tool
    • ACE Benefits Tracking Tool
    • ACE Communications Deck
    [infographic]

    Workshop: Spread Best Practices With an Agile Center of Excellence

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Determine Vision of CoE

    The Purpose

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision.

    Understand how your key stakeholders will impact the longevity of your CoE.

    Determine your CoE structure and staff.

    Key Benefits Achieved

    Top-down alignment with strategic aims of the organization.

    A set of high-level use cases to form the CoE’s service offerings around.

    Visualization of key stakeholders, with their current and desired power and involvement documented.

    Activities

    1.1 Identify and prioritize organizational business objectives.

    1.2 Form use cases for the points of alignment between your Agile Center of Excellence (ACE) and business objectives.

    1.3 Prioritize your ACE stakeholders.

    Outputs

    Prioritized business objectives

    Business-aligned use cases to form CoE’s service offerings

    Stakeholder map of key influencers

    2 Define Service Offerings of CoE

    The Purpose

    Document the functional expectations of the Agile teams.

    Refine your business-aligned use cases with your collected data to achieve both business and functional alignment.

    Create a capability map that visualizes and prioritizes your key service offerings.

    Key Benefits Achieved

    Understanding of some of the identified concerns, pain points, and potential opportunities from your stakeholders.

    Refined use cases that define the service offerings the CoE provides to its customers.

    Prioritization for the creation of service offerings with a capability map.

    Activities

    2.1 Classified pains and opportunities.

    2.2 Refine your use cases to identify your ACE functions and services.

    2.3 Visualize your ACE functions and service offerings with a capability map.

    Outputs

    Classified pains and opportunities

    Refined use cases based on pains and opportunities identified during ACE requirements gathering

    ACE Capability Map

    3 Define Engagement Plans

    The Purpose

    Align service offerings with an Agile adoption model so that teams have a structured way to build their skills.

    Standardize the way your organization will interact with the Center of Excellence to ensure consistency in best practices.

    Key Benefits Achieved

    Mechanisms put in place for continual improvement and personal development for your Agile teams.

    Interaction with the CoE is standardized via engagement plans to ensure consistency in best practices and predictability for resourcing purposes.

    Activities

    3.1 Further categorize your use cases within the Agile adoption model.

    3.2 Create an engagement plan for each level of adoption.

    Outputs

    Adoption-aligned service offerings

    Role-based engagement plans

    4 Define Metrics and Plan Communications

    The Purpose

    Develop a set of metrics for the CoE to monitor business-aligned outcomes with.

    Key Benefits Achieved

    The foundations of continuous improvement are established with a robust set of Agile metrics.

    Activities

    4.1 Define metrics that align with your Agile business objectives.

    4.2 Define target ACE performance metrics.

    4.3 Define Agile adoption metrics.

    4.4 Assess the interaction and communication points of your Agile team.

    4.5 Create a communication plan for change.

    Outputs

    Business objective-aligned metrics

    CoE performance metrics

    Agile adoption metrics

    Assessment of organizational design

    CoE communication plan

    Further reading

    Spread Best Practices With an Agile Center of Excellence

    Achieve ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    ANALYST PERSPECTIVE

    "Inconsistent processes and practices used across Agile teams is frequently cited as a challenge to adopting and scaling Agile within organizations. (VersionOne’s 13th Annual State of Agile Report [N=1,319]) Creating an Agile Center of Excellence (ACE) is a popular way to try to impose structure and improve performance. However, simply establishing an ACE does not guarantee you will be successful with Agile. When setting up an ACE you must: Define ACE services based on identified stakeholder needs. Staff the ACE with respected, “hands on” people, who deliver identifiable value to your Agile teams. Continuously evolve ACE service offerings to maximize stakeholder satisfaction and value delivered."

    Alex Ciraco, Research Director, Applications Practice Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • A CIO who is looking for a way to optimize their Agile capabilities and ensure ongoing alignment with business objectives.
    • An applications director who is looking for mechanisms to inject continuous improvement into organization-wide Agile practices.

    This Research Will Help You:

    • Align your Agile support structure with business objectives and the functional expectations of its users.
    • Standardize the ways in which Agile teams develop and learn to create consistency in purpose and execution.
    • Track and communicate successes to ensure the long-term viability of an Agile Center of Excellence (ACE).

    This Research Will Also Assist

    • Project managers who are tasked with managing Agile projects.
    • Application development managers who are struggling with establishing consistency, transparency, and collaboration across their teams.

    This Research Will Help Them:

    • Provide service offerings to their team members that will help them personally and collectively to develop desired skills.
    • Provide oversight and transparency into Agile projects and outcomes through ongoing monitoring.

    Executive summary

    Situation

    • Your organization has had some success with Agile, but needs to drive consistency across Agile teams for better business results and alignment.
    • You are seeking to organically grow Agile capabilities within the organization through a set of support services and facilitated through shared learning and capabilities.

    Complication

    • Organizational constraints, culture clash, and lack of continuous top-down support are hampering your Agile growth and maturity.
    • Attempts to create consistency across Agile teams and processes fail to account for the expectations of users and stakeholders, leaving them detached from projects and creating resistance.

    Resolution

    • Align the service offerings of your ACE with both corporate objectives and the functional expectations of its stakeholders to ensure broad support and utilization of the invested resources.
    • Understand some of the culture and process challenges you will face when forming an ACE, and address them using Info-Tech’s Agile adoption journey model.
    • Track the progress of the ACE and your Agile teams. Use this data to find root causes for issues, and ideate to implement solutions for challenges as they arise over time.
    • Effectively define and propagate improvements to your Agile teams in order to drive business-valued results.
    • Communicate progress to interested stakeholders to ensure long-term viability of the Center of Excellence (CoE).

    Info-Tech Insight

    1. Define ACE services based on stakeholder needs.Don’t assume you know what your stakeholders need without talking to them.
    2. Staff the ACE strategically. Choose those who are thought leaders and proven change agents.
    3. Continuously improve based on metrics and feedback.Constantly monitor how your ACE is performing and adjust to feedback.

    Info-Tech’s Agile Journey related Blueprints

    1. Stabilize

    Implement Agile Practices That Work

    Begin your Agile transformation with a comprehensive readiness assessment and a pilot project to adopt Agile development practices and behaviors that fit.

    2. Sustain

    YOU ARE HERE

    Spread Best Practices with an Agile Center of Excellence

    Form an ACE to support Agile development at all levels of the organization with thought leadership, strategic development support & process innovation.

    3. Scale

    Enable Organization-Wide Collaboration by Scaling Agile

    Extend the benefits of your Agile pilot project into your organization by strategically scaling Agile initiatives that will meet stakeholders’ needs.

    4. Satisfy

    Transition to Product Delivery Introduce product-centric delivery practices to drive greater benefits and better delivery outcomes.

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    2.1 Define an adoption plan for Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives

    Supporting Capabilities and Practices

    Modernize Your SDLC

    Remodel the stages of your lifecycle to standardize your definition of a successful product.

    Build a Strong Foundation for Quality

    Instill quality assurance practices and principles in each stage of your software development lifecycle.

    Implement DevOps Practices That Work

    Fix, deploy, and support applications quicker though development and operations collaboration.

    What is an Agile Center of Excellence?

    NOTE: Organizational change is hard and prone to failure. Determine your organization’s level of readiness for Agile transformation (and recommended actions) by completing Info-Tech’s Agile Transformation Readiness Tool.

    An ACE amplifies good practices that have been successfully employed within your organization, effectively allowing you to extend the benefits obtained from your Agile pilot(s) to a wider audience.

    From the viewpoint of the business, members of the ACE provide expertise and insights to the entire organization in order to facilitate Agile transformation and ensure standard application of Agile good practices.

    From the viewpoint of your Agile teams, it provides a community of individuals that share experiences and lessons learned, propagate new ideas, and raise questions or concerns so that delivering business value is always top of mind.

    An ACE provides the following:

    1. A mechanism to gather thought leadership to maximize the accessibility and reach of your Agile investment.
    2. A mechanism to share innovations and ideas to facilitate knowledge transfer and ensure broadly applicable innovations do not go to waste.
    3. Strategic alignment to ensure that Agile practices are driving value towards business objectives.
    4. Purposeful good practices to ensure that the service offerings provided align with expectations of both your Agile practitioners and stakeholders.

    SIDEBAR: What is a Community of Practice? (And how does it differ from a CoE?)

    Some organizations prefer Communities of Practice (CoP) to Centers of Excellence (CoE). CoPs are different from CoEs:

    A CoP is an affiliation of people who share a common practice and who have a desire to further the practice itself … and of course to share knowledge, refine best practices, and introduce standards. CoPs are defined by their domain of interest, but the membership is a social structure comprised of volunteer practitioners

    – Wenger, E., R. A. McDermott, et al. (2002) Cultivating communities of practice: A guide to managing knowledge, Harvard Business Press.

    CoPs differ from a CoE mainly in that they tend to have no geographical boundaries, they hold no hierarchical power within a firm, and they definitely can never have structure determined by the company. However, one of the most obvious and telling differences lies in the stated motive of members – CoPs exist because they have active practitioner members who are passionate about a specific practice, and the goals of a CoP are to refine and improve their chosen domain of practice – and the members provide discretionary effort that is not paid for by the employer

    – Matthew Loxton (June 1, 2011) CoP vs CoE – What’s the difference, and Why Should You Care?, Wordpress.com

    What to know about CoPs:

    1. Less formal than a CoE
      • Loosely organized by volunteer practitioners who are interested in advancing the practice.
    2. Not the Authoritative Voice
      • Stakeholders engage the CoP voluntarily, and are not bound by them.
    3. Not funded by Organization
      • CoP members are typically volunteers who provide support in addition to their daily responsibilities.
    4. Not covered in this Blueprint
      • In depth analysis on CoPs is outside the scope of this Blueprint.

    What does an ACE do? Six main functions derived from Info-Tech’s CLAIM+G Framework

    1. Learning
    • Provide training and development and enable engagement based on identified interaction points to foster organizational growth.
  • Tooling
    • Promote the use of standardized tooling to improve efficiency and consistency throughout the organization.
  • Supporting
    • Enable your Agile teams to access subject-matter expertise by facilitating knowledge transfer and documenting good practices.
  • Governing
    • Create operational boundaries for Agile teams, and monitor their progress and ability to meet business objectives within these boundaries.
  • Monitoring
    • Demonstrate the value the CoE is providing through effective metric setting and ongoing monitoring of Agile’s effectiveness.
  • Guiding
    • Provide guidance, methodology, and knowledge for teams to leverage to effectively meet organizational business objectives.
  • Many organizations encounter challenges to scaling Agile

    Tackle the following barriers to Agile adoption with a business-aligned ACE.

    List based on reported impediments from VersionOne’s 13th Annual State of Agile Report (N=1,319)

    1. Organizational culture at odds with Agile values
    • The ACE identifies and measures the value of Agile to build support from senior business leaders for shifting the organizational culture and achieving tangible business benefits.
  • General organizational resistance to change
    • Resistance comes from a lack of trust. Optimized value delivery from Info-Tech’s Agile adoption model will build the necessary social capital to drive cultural change.
  • Inadequate management support and sponsorship
    • Establishing an ACE will require senior management support and sponsorship. Its formation sends a strong signal to the organizational leadership that Agile is here to stay.
  • Lack of skills/experience with Agile methods
    • The ACE provides a vehicle to absorb external training into an internal development program so that Agile capabilities can be grown organically within the organization.
  • Inconsistent processes and practices across teams
    • The ACE provides support to individual Agile teams and will guide them to adopt consistent processes and practices which have a proven track record in the organization.
  • Insufficient training and education
    • The ACE will assist teams with obtaining the Agile skills training they need to be effective in the organization, and support a culture of continuous learning.
  • Overcome your Agile scaling challenges with a business aligned ACE

    An ACE drives consistency and transparency without sacrificing the ability to innovate. It can build on the success of your Agile pilot(s) by encouraging practices known to work in your organization.

    Support Agile Teams

    Provide services designed to inject evolving good practices into workflows and remove impediments or roadblocks from your Agile team’s ability to deliver value.

    Maintain Business Alignment

    Maintain alignment with corporate objectives without impeding business agility in the long term. The ACE functions as an interface layer so that changing expectations can be adapted without negatively impacting Agile teams.

    Facilitate Learning Events

    Avoid the risk of innovation and subject-matter expertise being lost or siloed by facilitating knowledge transfer and fostering a continuous learning environment.

    Govern Improvements

    Set baselines, monitor metrics, and run retrospectives to help govern process improvements and ensure that Agile teams are delivering expected benefits.

    Shift Culture

    Instill Agile thinking and behavior into the organization. The ACE must encourage innovation and be an effective agent for change.

    Use your ACE to go from “doing” Agile to “being” Agile

    Organizations that do Agile without embracing the changes in behavior will not reap the benefits.

    Doing what was done before

    • Processes and Tools
    • Comprehensive Documentation
    • Contract Negotiation
    • Following a Plan

    Being Prescriptive

    Going through the motions

    • Uses SCRUM and tools such as Jira
    • Plans multiple sprints in detail
    • Talks to stakeholders once in a release
    • Works off a fixed scope BRD

    Doing Agile

    Living the principles

    • Individuals and Interactions
    • Working Software
    • Customer Collaboration
    • Responding to Change

    Being Agile

    “(‘Doing Agile’ is) just some rituals but without significant change to support the real Agile approach as end-to-end, business integration, value focus, and team empowerment.” - Arie van Bennekum

    Establishing a CoE does not guarantee success

    Simply establishing a Center of Excellence for any discipline does not guarantee its success:

    The 2019 State of DevOps Report found that organizations which had established DevOps CoEs underperformed compared to organizations which adopted other approaches for driving DevOps transformation. (Accelerate State of DevOps Report 2019 [N=~1,000])

    Still, Agile Centers of Excellence can and do successfully drive Agile adoption in organizations. So what sets the successful examples apart from the others? Here’s what some have to say:

    The ACE must be staffed with qualified people with delivery experience! … [It is] effectively a consulting practice, that can evolve and continuously improve its services … These services are collectively about ‘enablement’ as an output, more than pure training … and above all, the ability to empirically measure the progress” – Paul Blaney, TD Bank

    “When leaders haven’t themselves understood and adopted Agile approaches, they may try to scale up Agile the way they have attacked other change initiatives: through top-down plans and directives. The track record is better when they behave like an Agile team. That means viewing various parts of the organization as their customers.” – HBR, “Agile at Scale”

    “the Agile CoE… is truly meant to be measured by the success of all the other groups, not their own…[it] is meant to be serving the teams and helping them improve, not by telling them what to do, but rather by listening, understanding and helping them adapt.” - Bart Gerardi, PMI

    The CoE must also avoid becoming static, as it’s crucial the team can adjust as quickly as business and customer needs change, and evolve the technology as necessary to remain competitive.” – Forbes, “RPA CoE (what you need to know)”

    "The best CoEs are formed from thought leaders and change agents within the CoE domain. They are the process and team innovators who will influence your CoE roadmap and success. Select individuals who feel passionate about Agile." – Hans Eckman, InfoTech

    To be successful with your ACE, do the following…

    Info-Tech Insight

    Simply establishing an Agile Center of Excellence does not guarantee its success. When setting up your ACE, optimize its impact on the organization by doing the following 3 things:

    1. Define ACE services based on stakeholder needs. Be sure to broadly survey your stakeholders and identify the ACE functions and services which will best meet their needs. ACE services must clearly deliver business value to the organization and the Agile teams it supports.
    2. Staff the ACE strategically. Select ACE team members who have real world, hands-on delivery experience, and are well respected by the Agile teams they will serve. Where possible, select internal thought leaders in your organization who have the credibility needed to effect positive change.
    3. Continuously improve ACE services based on metrics and feedback. The value your ACE brings to the organization must be clear and measurable, and do not assume that your functions and services will remain static. You must regularly monitor both your metrics and feedback from your Agile teams, and adjust ACE behavior to improve/maximize these over time.

    Spread Best Practices With an Agile Center of Excellence

    This blueprint will walk you through the steps needed to build the foundations for operational excellence within an Agile Center of Excellence.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Info-Tech’s Practice Adoption Journey

    Use Info-Tech’s Practice Adoption Journey model to establish your ACE. Building social capital (stakeholders’ trust in your ability to deliver positive outcomes) incrementally is vital to ensure that everyone is aligned to new mindsets and culture as your Agile practices scale.

    Trust & Competency ↓

    DEFINE

    Begin to document your development workflow or value chain, implement a tracking system for KPIs, and start gathering metrics and reporting them transparently to the appropriate stakeholders.

    ITERATE

    Use collected metrics and retrospectives to stabilize team performance by reducing areas of variability in your workflow and increasing the consistency at which targets are met.

    COLLABORATE

    Use information to support changes and adopt appropriate practices to make incremental improvements to the existing environment.

    EMPOWER

    Drive behavioral and cultural changes that will empower teams to be accountable for their own success and learning.

    INNOVATE

    Use your built-up trust and support practice innovation, driving the definition and adoption of new practices.

    Align your ACE with your organization’s strategy

    This research set will assist you with aligning your ACEs services to the objectives of the business in order to justify the resources and funding required by your Agile program.

    Business Objectives → Alignment ←ACE Functions

    Business justification to continue to fund a Center of Excellence can be a challenge, especially with traditional thinking and rigid stakeholders. Hit the ground running and show value to your key influencers through business alignment and metrics that will ensure that the ACE is worth continuous investment.

    Alignment leads to competitive advantage

    The pace of change in customer expectations, competitive landscapes, and business strategy is continuously increasing. It is critical to develop a method to facilitate ongoing alignment to shifting business and development expectations seamlessly and ensure that your Agile teams are able to deliver expected business value.

    Use Info-Tech’s CoE Operating Model to define the service offerings of your ACE

    Understand where your inputs and outputs lie to create an accessible set of service offerings for your Agile teams.

    The image shows a graphic of the COE Operating Model, showing the inputs and outputs, including Other CoEs (at top); Stakeholder Needs (at left); Metrics and Feedback (at bottom); and ACE Functions and Services (at right)

    Continuously improve the ACE to ensure long-term viability

    Improvement involves the continuous evaluation of the performance of your teams, using well-defined metrics and reasonable benchmarks that are supplemented by analogies and root-cause analysis in retrospectives.

    Monitor

    Monitor your metrics to ensure desired benefits are being realized. The ACE is responsible for ensuring that expected Agile benefits are achievable and on track. Monitor against your defined baselines to create transparency and accountability for desired outcomes.

    Iterate

    Run retrospectives to drive improvements and fixes into Agile projects and processes. Metrics falling short of expectations must be diagnosed and their root causes found, and fixes need to be communicated and injected back into the larger organization.

    Define

    Define metrics and set targets that align with the goals of the ACE. These metrics represent the ACEs expected value to the organization and must be measured against on a regular basis to demonstrate value to your key stakeholders.

    Beware the common risks of implementing your ACE

    Culture clash between Agile teams and larger organization

    Agile leverages empowered teams, meritocracy, and broad collaboration for success, but typical organizations are siloed and hierarchical with top down decision making. There needs to be a plan to enable a smooth transition from the current state towards the Agile target state.

    Persistence of tribal knowledge

    Agile relies on easy and open knowledge sharing, but organizational knowledge can sit in siloes. Employees may also try to protect their expertise for job security. It is important to foster knowledge sharing to ensure that critical know-how is accessible and doesn’t leave the organization with the individual.

    Rigid management structures

    Rigidity in how managers operate (performance reviews, human resource management, etc.) can result in cultural rejection of Agile. People need to be assessed on how they enable their teams rather than as individual contributors. This can help ensure that they are given sufficient opportunities to succeed. More support and less strict governance is key.

    Breakdown due to distributed teams

    When face-to-face interactions are challenging, ensure that you invest in the right communication technologies and remove cultural and process impediments to facilitate organization-wide collaboration. Alternative approaches like using documentation or email will not provide the same experience and value as a face-to-face conversation.

    The State of Maine used an ACE to foster positive cultural change

    CASE STUDY

    Industry - Government

    Source - Cathy Novak, Agile Government Leadership

    The State of Maine’s Agile Center of Excellence

    “The Agile CoE in the State of Maine is completely focused on the discipline of the methodology. Every person who works with Agile, or wants to work with Agile, belongs to the CoE. Every member of the CoE tells the same story, approaches the methodology the same way, and uses the same tools. The CoE also functions as an Agile research lab, experimenting with different standards and tools.

    The usual tools of project management – mission, goals, roles, and a high-level definition of done – can be found in Maine’s Agile CoE. For story mapping, teams use sticky notes on a large wall or whiteboard. Demonstrating progress this way provides for positive team dynamics and a psychological bang. The State of Maine uses a project management framework that serves as its single source of truth. Everyone knows what’s going on at all times and understands the purpose of what they are doing. The Agile team is continually looking for components that can be reused across other agencies and programs.”

    Results:

    • Realized positive culture change, leading to more collaborative and supportive teams.
    • Increased visibility of Agile benefits across functional groups.
    • Standardized methodology across Agile teams and increased innovation and experimentation with new standards and tools.
    • Improved traceability of projects.
    • Increased visibility and ability to determine root causes of problems and right the course when outcomes are not meeting expectations.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Spread Best Practices With an Agile Center of Excellence – project overview

    1. Strategically align the Center of Excellence 2. Standardize the CoEs service offerings 3. Operate the Center of Excellence
    Best-Practice Toolkit

    1.1 Determine the vision of your ACE.

    1.2 Define the service offerings of your ACE.

    2.1 Define an adoption plan for your Agile teams.

    2.2 Create an ACE engagement plan.

    2.3 Define metrics to measure success.

    3.1 Optimize the success of your ACE.

    3.2 Plan change to enhance your Agile initiatives.

    3.3 Conduct ongoing retrospectives of your ACE.

    Guided Implementations
    • Align your ACE with the business.
    • Align your ACE with its users.
    • Dissect the key attributes of Agile adoption.
    • Form engagement plans for your Agile teams.
    • Discuss effective ACE metrics.
    • Conduct a baseline assessment of your Agile environment.
    • Interface ACE with your change management function.
    • Build a communications deck for key stakeholders.
    Onsite Workshop Module 1: Strategically align the ACE Module 2: Standardize the offerings of the ACE Module 3: Prepare for organizational change
    Phase 1 Outcome: Create strategic alignment between the CoE and organizational goals.

    Phase 2 Outcome: Build engagement plans and key performance indicators based on a standardized Agile adoption plan.

    Phase 3 Outcome: Operate the CoEs monitoring function, identify improvements, and manage the change needed to continuously improve.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Module 1 Workshop Module 2 Workshop Module 3 Workshop Module 4
    Activities

    Determine vision of CoE

    1.1 Identify and prioritize organizational business objectives.

    1.2 Form use cases for the points of alignment between your ACE and business objectives.

    1.3 Prioritize your ACE stakeholders.

    Define service offerings of CoE

    2.1 Form a solution matrix to organize your pain points and opportunities.

    2.2 Refine your use cases to identify your ACE functions and services.

    2.3 Visualize your ACE functions and service offerings with a capability map.

    Define engagement plans

    3.1 Further categorize your use cases within the Agile adoption model.

    3.2 Create an engagement plan for each level of adoption.

    Define metrics and plan communications

    4.1 Define metrics that align with your Agile business objectives.

    4.2 Define target ACE performance metrics.

    4.3 Define Agile adoption metrics.

    4.4 Assess the interaction and communication points of your Agile team.

    4.5 Create a communication plan for change.

    Deliverables
    1. Prioritized business objectives
    2. Business-aligned use cases to form CoEs service offerings
    3. Prioritized list of stakeholders
    1. Classified pains and opportunities
    2. Refined use cases based on pains and opportunities identified during ACE requirements gathering
    3. ACE capability map
    1. Adoption-aligned service offerings
    2. Role-specific engagement plans
    1. Business objective-aligned metrics
    2. ACE performance metrics
    3. Agile adoption metrics
    4. Assessment of organization design
    5. ACE Communication Plan

    Phase 1

    Strategically Align the Center of Excellence

    Spread Best Practices With an Agile Center of Excellence

    Begin by strategically aligning your Center of Excellence

    The first step to creating a high-functioning ACE is to create alignment and consensus amongst your key stakeholders regarding its purpose. Engage in a set of activities to drill down into the organization’s goals and objectives in order to create a set of high-level use cases that will evolve into the service offerings of the ACE.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Strategically align the ACE

    Proposed Time to Completion (in weeks): 1

    Step 1.1: Determine the vision of your ACE

    Start with an analyst kick off call:

    • Align your ACE with the business.

    Then complete these activities…

    1.1.1 Optional: Baseline your ACE maturity.

    1.1.2 Identify and prioritize organizational business objectives.

    1.1.3 Form use cases for the points of alignment between your ACE and business objectives.

    1.1.4 Prioritize your ACE stakeholders.

    1.1.5 Select a centralized or decentralized model for your ACE.

    1.1.6 Staff your ACE strategically.

    Step 1.2: Define the service offerings of your ACE

    Start with an analyst kick off call:

    • Align your ACE with its users.

    Then complete these activities…

    1.2.1 Form the Center of Excellence.

    1.2.2 Gather and document your existing Agile practices for the CoE.

    1.2.3 Interview stakeholders to align ACE requirements with functional expectations.

    1.2.4 Form a solution matrix to organize your pain points and opportunities.

    1.2.5 Refine your use cases to identify your ACE functions and services.

    1.2.6 Visualize your ACE functions and service offerings with a capability map.

    Phase 1 Results & Insights:

    • Aligning your ACE with the functional expectations of its users is just as critical as aligning with the business. Invest the time to understand how the ACE fits at all levels of the organization to ensure its highest effectiveness.

    Phase 1, Step 1: Determine the vision of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    1.1.1 Optional: Baseline your ACE maturity.

    1.1.2 Identify and prioritize organizational business objectives.

    1.1.3 Form use cases for the points of alignment between your ACE and business objectives.

    1.1.4 Prioritize your ACE stakeholders.

    1.1.5 Select a centralized or decentralized model for your ACE.

    1.1.6 Staff your ACE strategically.

    Outcomes:

    • Gather your leadership to position the ACE and align it with business priorities.
    • Form a set of high-level use cases for services that will support the enablement of business priorities.
    • Map the stakeholders of the ACE to visualize expected influence and current support levels for your initiative.

    What does an ACE do? Six main functions derived from Info-Tech’s CLAIM+G Framework

    1. Learning
    • Provide training and development and enable engagement based on identified interaction points to foster organizational growth.
  • Tooling
    • Promote the use of standardized tooling to improve efficiency and consistency throughout the organization.
  • Supporting
    • Enable your Agile teams to access subject-matter expertise by facilitating knowledge transfer and documenting good practices.
  • Governing
    • Create operational boundaries for Agile teams, and monitor their progress and ability to meet business objectives within these boundaries.
  • Monitoring
    • Demonstrate the value the CoE is providing through effective metric setting and ongoing monitoring of Agile’s effectiveness.
  • Guiding
    • Provide guidance, methodology, and knowledge for teams to leverage to effectively meet organizational business objectives.
  • OPTIONAL: If you have an existing ACE, use Info-Tech’s CoE Maturity Diagnostic Tool to baseline current practices

    1.1.1 Existing CoE Maturity Assessment

    Purpose

    If you already have established an ACE, use Info-Tech’s CoE Maturity Diagnostic Tool to baseline its current maturity level (this will act as a baseline for comparison after you complete this Blueprint). Assessing your ACEs maturity lets you know where you currently are, and where to look for improvements.

    Steps

    1. Download the CoE Maturity Diagnostic Tool to assess the maturity of your ACE.
    2. Complete the assessment tool with all members of your ACE team to determine your current Maturity score.
    3. Document the results in the ACE Communications Deck.

    Document results in the ACE Communications Deck.

    INFO-TECH DELIVERABLE

    The image is a screen capture of the CoE Maturity Diagnostic Tool

    Download the CoE Maturity Diagnostic Tool.

    Get your Agile leadership together and position the ACE

    Stakeholder Role Why they are essential players
    CIO/ Head of IT Program sponsor: Champion and set the tone for the Agile program. Critical in gaining and maintaining buy-in and momentum for the spread of Agile service offerings. The head of IT has insight and influence to drive buy-in from executive stakeholders and ensure the long-term viability of the ACE.
    Applications Director Program executor: Responsible for the formation of the CoE and will ensure the viability of the initial CoE objectives, use cases, and service offerings. Having a coordinator who is responsible for collating performance data, tracking results, and building data-driven action plans is essential to ensuring continuous success.
    Agile Subject-Matter Experts Program contributor: Provide information on the viability of Agile practices and help build capabilities on existing best practices. Agile’s success relies on adoption. Leverage the insights of people who have implemented and evangelized Agile within your organization to build on top of a working foundation.
    Functional Group Experts Program contributor: Provide information on the functional group’s typical processes and how Agile can achieve expected benefits. Agile’s primary function is to drive value to the business – it needs to align with the expected capabilities of existing functional groups in order to enhance them for the better.

    Align your ACE with your organization’s strategy

    This research set will assist you with aligning your ACEs services to the objectives of the business in order to justify the resources and funding required by your Agile program.

    Business Objectives → Alignment ←ACE Functions

    Business justification to continue to fund a Center of Excellence can be a challenge, especially with traditional thinking and rigid stakeholders. Hit the ground running and show value to your key influencers through business alignment and metrics that will ensure that the ACE is worth continuous investment.

    Alignment leads to competitive advantage

    The pace of change in customer expectations, competitive landscapes, and business strategy is continuously increasing. It is critical to develop a method to facilitate ongoing alignment to shifting business and development expectations seamlessly and ensure that your Agile teams are able to deliver expected business value.

    Activity: Identify and prioritize organizational business objectives

    1.1.2 2 Hours

    Input

    • Organizational business objectives

    Output

    • Prioritized business objectives

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. List the primary high-level business objectives that your organization aims to achieve over the course of the following year (focusing on those that ACE can impact/support).
    2. Prioritize these business objectives while considering the following:
    • Criticality of completion: How critical is the initiative in enabling the business to achieve its goals?
    • Transformational impact: To what degree is the foundational structure of the business affected by the initiative (rationale: Agile can support impact on transformational issues)?
  • Document the hypothesized role of Agile in supporting these business objectives. Take the top three prioritized objectives forward for the establishment of your ACE. While in future years or iterations you can inject more offerings, it is important to target your service offerings to specific critical business objectives to gain buy-in for long-term viability of the CoE.
  • Sample Business Objectives:

    • Increase customer satisfaction.
    • Reduce time-to-market of product releases.
    • Foster a strong organizational culture.
    • Innovate new feature sets to differentiate product. Increase utilization rates of services.
    • Reduce product delivery costs.
    • Effectively integrate teams from a merger.
    • Offer more training programs for personal development.
    • Undergo a digital transformation.

    Understand potential hurdles when attempting to align with business objectives

    While there is tremendous pressure to align IT functions and the business due to the accelerating pace of change and technology innovation, you need to be aware that there are limitations in achieving this goal. Keep these challenges at the top of mind as you bring together your stakeholders to position the service offerings of your ACE. It is beneficial to make your stakeholders self-aware of these biases as well, so they come to the table with an open mind and are willing to find common ground.

    The search for total alignment

    There are a plethora of moving pieces within an organization and total alignment is not a plausible outcome.

    The aim of a group should not be to achieve total alignment, but rather reframe and consider ways to ensure that stakeholders are content with the ways they interact and that misalignment does not occur due to transparency or communication issues.

    “The business” implies unity

    While it may seem like the business is one unified body, the reality is that the business can include individuals or groups (CEO, CFO, IT, etc.) with conflicting priorities. While there are shared business goals, these entities may all have competing visions of how to achieve them. Alignment means compromise and agreement more than it means accommodating all competing views.

    Cost vs. reputation

    There is a political component to alignment, and sometimes individual aspirations can impede collective gain.

    While the business side may be concerned with cost, those on the IT side of things can be concerned with taking on career-defining projects to bolster their own credentials. This conflict can lead to serious breakdowns in alignment.

    Panera Bread used Agile to adapt to changing business needs

    CASE STUDY

    Industry Food Services

    Source Scott Ambler and Associates, Case Study

    Challenge

    Being in an industry with high competition, Panera Bread needed to improve its ability to quickly deliver desired features to end customers and adapt to changing business demands from high internal growth.

    Solution

    Panera Bread engaged in an Agile transformation through a mixture of Agile coaching and workshops, absorbing best practices from these engagements to drive Agile delivery frameworks across the enterprise.

    Results

    Adopting Agile delivery practices resulted in increased frequency of solution delivery, improving the relationship between IT and the business. Business satisfaction increased both with the development process and the outcomes from delivery.

    The transparency that was needed to achieve alignment to rapidly changing business needs resulted in improved communication and broad-scale reduced risk for the organization.

    "Agile delivery changed perception entirely by building a level of transparency and accountability into not just our software development projects, but also in our everyday working relationships with our business stakeholders. The credibility gains this has provided our IT team has been immeasurable and immediate."

    – Mike Nettles, VP IT Process and Architecture, Panera Bread

    Use Info-Tech’s CoE Operating Model to define the service offerings of your ACE

    Understand where your inputs and outputs lie to create an accessible set of service offerings for your Agile teams.

    Functional Input

    • Application Development
    • Project Management
    • CIO
    • Enterprise Architecture
    • Data Management
    • Security
    • Infrastructure & Operations
    • Who else?

    The image shows a graphic of the COE Operating Model, showing the inputs and outputs, including Other CoEs (at top); Stakeholder Needs (at left); Metrics and Feedback (at bottom); and ACE Functions and Services (at right)

    Input arrows represent functional group needs, feedback from Agile teams, and collaboration with other CoEs and CoPs

    Output arrows represent the services the CoE delivers and the benefits realized across the organization.

    ACE Operating Model: Governance & Metrics

    Governance & Metrics involves enabling success through the management of the ACEs resources and services, and ensuring that organizational structures evolve in concert with Agile growth and maturity. Your focus should be on governing, measuring, implementing, and empowering improvements.

    Effective governance will function to ensure the long-term effectiveness and viability of your ACE. Changes and improvements will happen continuously and you need a way to decide which to adopt as best practices.

    "Organizations have lengthy policies and procedures (e.g. code deployment, systems design, how requirements are gathered in a traditional setting) that need to be addressed when starting to implement an Agile Center of Excellence. Legacy ideas that end up having legacy policy are the ones that are going to create bottlenecks, waste resources, and disrupt your progress." – Doug Birgfeld, Senior Partner, Agile Wave

    Governance & Metrics

    • Manage organizational Agile standards, policies, and procedures.
    • Define organizational boundaries based on regulatory, compliance, and cultural requirements.
    • Ensure ongoing alignment of service offerings with business objectives.
    • Adapt organizational change management policies to reflect Agile practices.
    • CoE governance functions include:
      • Policy Management
      • Change Management
      • Risk Management
      • Stakeholder Management
      • Metrics/Feedback Monitoring

    ACE Operating Model: Services

    Services refers to the ability to deliver resourcing, guidance, and assistance across all Agile teams. By creating a set of shared services, you enable broad access to specialized resources, knowledge, and insights that will effectively scale to more teams and departments as Agile matures in your organization.

    A Services model:

    • Supports the organization by standardizing and centralizing service offerings, ensuring consistency of service delivery and accessibility across functional groups.
    • Provides a mechanism for efficient knowledge transfer and on-demand support.
    • Helps to drive productivity and project efficiencies through the organization by disseminating best practices.

    Services

    • Provide reference, support, and re-assurance to implement and adapt organizational best practices.
    • Interface relevant parties and facilitate knowledge transfer through shared learning and communities of practice.
    • Enable agreed-upon service levels through standardized support structures.
    • Shared services functions include:
      • Engagement Planning
      • Knowledge Management
      • Subject-Matter Expertise
      • Agile Team Evaluation

    ACE Operating Model: Technology

    Technology refers to a broad range of supporting tools to enable employees to complete their day-to-day tasks and effectively report on their outcomes. The key to technological support is to strike the right balance between flexibility and control based on your organization's internal and external constraints (policy, equipment, people, regulatory, etc.).

    "We sometimes forget the obvious truth that technology provides no value of its own; it is the application of technology to business opportunities that produces return on investment." – Robert McDowell, Author, In Search of Business Value

    Technology

    • Provide common software tools to enable alignment to organizational best practices.
    • Enable access to locally desired tools while considering organizational, technical, and scaling constraints.
    • Enable communication with a technical subject matter expert (SME).
    • Enable reporting consistency through training and maintenance of reporting mechanisms.
    • Technology functions can include:
      • Vendor Management
      • Application Support
      • Tooling Standards
      • Tooling Use Cases

    ACE Operating Model: Staff

    Staff is all about empowerment. The ACE should support and facilitate the sharing of ideas and knowledge sharing. Create processes and spaces where people are encouraged to come together, learn from, and share with each other. This setting will bring up new ideas to enhance productivity and efficiency in day-to-day activities while maintaining alignment with business objectives.

    "An Agile CoE is legitimized by its ability to create a space where people can come together, share, and learn from one another. By empowering teams to grow by themselves and then re-connect with each other you allow the creativity of your employees to flow back into the CoE." – Anonymous, Founder, Agile consultancy group

    Staff

    • Develop and provide training and day-to-day coaching that are aligned with organizational engagement and growth plans.
    • Include workflow change management to assist traditional roles with accommodating Agile practices.
    • Support the facilitation of knowledge transfer from localized Agile teams into other areas of the organization.
    • Achieve team buy-in and engagement with ACE services and capabilities. Provide a forum for collaboration and innovation.
    • People functions can include:
      • Onboarding
      • Coaching
      • Learning Facilitation

    Form use cases to align your ACE with business objectives

    What is a use case?

    A use case tells a story about how a system will be used to achieve a goal from the perspective of a user of that system. The people or other systems that interact with the use case are called “actors.” Use cases describe what a system must be able to do, not how it will do it.

    How does a use case play a role in building your ACE?

    Use cases are used to guide design by allowing you to highlight the intended function of a service provided by the Center of Excellence while maintaining a business focus. Jumping too quickly to a solution without fully understanding user and business needs leads to the loss of stakeholder buy-in and the Centers of Excellence rejection by teams.

    Hypothesized ACE user needs →Use Case←Business objective

    Activity: Form use cases for the points of alignment between your ACE and business objectives

    1.1.3 2 Hours

    Input

    • Prioritized business objectives
    • ACE functions

    Output

    • ACE use cases

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Using your prioritized business objectives and the six functions of a CoE, create high-level use cases for each point of alignment that describe how the Center of Excellence will better facilitate the realization of that business objective.
    2. For each use case, define the following:
      • Name: Generalized title for the use case.
      • Description: A high-level description of the expected CoE action.
    AGILE CENTER OF EXCELLENCE FUNCTIONS:
    Guiding Learning Tooling Supporting Governing Monitoring
    BUSINESS OBJECTIVES Reduce time-to-market of product releases
    Reduce product delivery costs
    Effectively integrate teams from a merger

    Activity: Form use cases for the points of alignment between your ACE and business objectives (continued)

    1.1.3 2 Hours

    The image shows the Reduce time-to-market of product releases row from the table in the previous section, filled in with sample information.

    Your goal should be to keep these as high level and generally applicable as possible as they provide an initial framework to further develop your service offerings. Begin to talk about the ways in which the ACE can support the realization of your business objectives and what those interactions may look like to customers of the ACE.

    Involve all relevant stakeholders to discuss the organizational goals and objectives of your ACE

    Avoid the rifts in stakeholder representation by ensuring you involve the relevant parties. Without representation and buy-in from all interested parties, your ACE may omit and fail to meet long-term organizational goals.

    By ensuring every group receives representation, your service offerings will speak for the broad organization and in turn meet the needs of the organization as a whole.

    • Business Units: Any functional groups that will be expected to engage with the ACE in order to achieve their business objectives.
    • Team Leads: Representation from the internal Agile community who is aware of the backgrounds, capabilities, and environments of their respective Agile teams.
    • Executive Sponsors: Those expected to evangelize and set the tone and direction for the ACE within the executive ranks of the organization. These roles are critical in gaining buy-in and maintaining momentum for ACE initiatives.

    Organization

    • ACE
      • Executive Sponsors
      • Team Leads
      • Business Units

    Activity: Prioritize your ACE stakeholders

    1.1.4 1 Hour

    Input

    • Prioritized business objectives

    Output

    • Prioritized list of stakeholders

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Using your prioritized business objectives, brainstorm, as a group, the potential list of stakeholders (representatives from business units, team leads, and executive sponsors) that would need to be involved in setting the tone and direction of your ACE.
    2. Evaluate each stakeholder in terms of power, involvement, impact, and support.
    • Power: How much influence does the stakeholder have? Enough to drive the CoE forward or into the ground?
    • Involvement: How interested is the stakeholder? How involved is the stakeholder in the project already?
    • Impact: To what degree will the stakeholder be impacted? Will this significantly change how they do their job?
    • Support: Is the stakeholder a supporter of the project? Neutral? A resister?
  • Map each stakeholder to an area on the power map on the next slide based on his or her level of power and involvement.
  • Vary the size of the circle to distinguish stakeholders that are highly impacted by the ACE from those who are not. Color each circle to show each stakeholder’s estimated or gauged level of support for the project.
  • Prioritize your ACE stakeholders (continued)

    1.1.4 1 Hour

    The image shows a matrix on the left, and a legend on the right. The matrix is labelled with Involvement at the bottom, and Power on the left side, and has the upper left quadrant labelled Keep Satisfied, the upper right quadrant labelled Key players, the lower right quadrant labelled Keep informed, and the lower left quadrant labelled Minimal effort.

    Should your ACE be Centralized or Decentralized?

    An ACE can be organized differently depending on your organization’s specific needs and culture.

    The SAFe Model:©

    “For smaller enterprises, a single centralized [ACE] can balance speed with economies of scale. However, in larger enterprises—typically those with more than 500 – 1,000 practitioners—it’s useful to consider employing either a decentralized model or a hub-and-spoke model.”

    The image shows 3 models: centralized, represented by a single large circle; decentralized, represented by 5 smaller circles; and hub-and-spoke, represented by a central circle, connected to 5 surrounding circles.

    © Scaled Agile, Inc.

    The Spotify Model:

    Spotify avoids using an ACE and instead spreads agile practices using Squads, Tribes, Chapters, Guilds, etc.

    It can be a challenging model to adopt because it is constantly changing, and must be fundamentally supported by your organization’s culture. (Linders, Ben. “Don't Copy the Spotify Model.” InfoQ.com. 6 Oct. 2016.)

    Detailed analysis of The Spotify Model is out of scope for this Blueprint.

    The image shows the Spotify model, with two sections, each labelled Tribe, and members from within each Tribe gathered together in a section labelled Guild.

    Activity: Select a Centralized or Decentralized ACE Model

    1.1.5 30 minutes

    Input

    • Prioritized business objectives
    • Use Cases
    • Organization qualities

    Output

    • Centralized or decentralized ACE model

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Using your prioritized business objectives, your ACE use cases, your organization size, structure, and culture, brainstorm the relative pros and cons of a centralized vs decentralized ACE model.
    2. Consider this: to improve understanding and acceptance, ask participants who prefer a centralized model to brainstorm the pros and cons of a decentralized model, and vice-versa.
    3. Collectively decide whether your ACE should be centralized, decentralized or hub-and-spoke and document it.
    Centralized ACE Decentralized ACE
    Pros Cons Pros Cons
    Centralize Vs De-centralize Considerations Prioritized Business Objectives
    • Neutral (objectives don’t favor either model)
    • Neutral (objectives don’t favor either model)
    ACE Use Cases
    • Neutral (use cases don’t favor either model)
    • Neutral (use cases don’t favor either model)
    Organization Size
    • Org. is small enough for centralized ACE
    • Overkill for a small org. like ours
    Organization Structure
    • All development done in one location
    • Not all locations do development
    Organization Culture
    • All development done in one location
    • Decentralized ACE may have yield more buy-in

    SELECTED MODEL: Centralized ACE

    Activity: Staff your ACE strategically

    1.1.6 1 Hour

    Input

    • List of potential ACE staff

    Output

    • Rated list of ACE staff

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Identify your list of potential ACE staff (this may be a combination of full time and contract staff).
    2. Add/modify/delete the rating criteria to meet your specific needs.
    3. Discuss and adjust the relative weightings of the rating criteria to best suit your organization’s needs.
    4. Rate each potential staff member and compare results to determine the best suited staff for your ACE.
    Candidate: Jane Doe
    Rating Criteria Criteria Weighting Candidate's Score (1-5)
    Candidate has strong theoretical knowledge of Agile. 8% 4
    Candidate has strong hands on experience with Agile. 18% 5
    Candidate has strong hands on experience with Agile. 10% 4
    Candidate is highly respected by the Agile teams. 18% 5
    Candidate is seen as a thought leader in the organization. 18% 5
    Candidate is seen as a change agent in the organization. 18% 5
    Candidate has strong desire to be member of ACE staff. 10% 3
    Total Weighted Score 4.6

    Phase 1, Step 2: Define the service offerings of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    1.2.1 Form the Center of Excellence.

    1.2.2 Gather and document your existing Agile practices for the CoE.

    1.2.3 Interview stakeholders to align ACE requirements with functional expectations.

    1.2.4 Form a solution matrix to organize your pain points and opportunities.

    1.2.5 Refine your use cases to identify your ACE functions and services.

    1.2.6 Visualize your ACE functions and service offerings with a capability map.

    Outcomes:

    • Collect data regarding the functional expectations of the Agile teams.
    • Refine your business-aligned use cases with your collected data to achieve both business and functional alignment.
    • Create a capability map that visualizes and prioritizes your key service offerings.

    Structure your ACE with representation from all of your key stakeholders

    Now that you have a prioritized list of stakeholders, use their influence to position the ACE to ensure maximum representation with minimal bottlenecks.

    By operating within a group of your key players, you can legitimize your Center of Excellence by propagating the needs and interests of those who interface and evangelize the CoE within the larger organization.

    The group of key stakeholders will extend the business alignment you achieved earlier by refining your service offerings to meet the needs of the ACEs customers. Multiple representations at the table will generate a wide arrangement of valuable insights and perspectives.

    Info-Tech Insight

    While holistic representation is necessary, ensure that the list is not too comprehensive and will not lead to progress roadblocks. The goal is to ensure that all factors relevant to the organization are represented; too many conflicting opinions may create an obstruction moving forward.

    ACE

    • Executive Sponsors
    • Team Leads
    • Business Units

    Determine how you will fund your ACE

    Choose the ACE funding model which is most aligned to your current system based on the scenarios provided below. Both models will offer the necessary support to ensure the success of your Agile program going forward.

    Funding Model Funding Scenario I Funding Scenario II
    Funded by the CIO Funded by the CIO office and a stated item within the general IT budget. Charged back to supported functional groups with all costs allocated to each functional group’s budget.
    Funded by the PMO Charged back to supported functional groups with all costs allocated to each functional group’s budget. Charged back to supported functional groups with all costs allocated to each functional group’s budget.

    Info-Tech Insight

    Your funding model may add additional key influencers into the mix. After you choose your funding model, ensure that you review your stakeholder map and add anyone who will have a direct impact in the viability and stability of your ACE.

    Determine how you will govern your ACE

    An Agile Center of Excellence is unique in the way you must govern the actions of its customers. Enable “flexible governance” to ensure that Agile teams have the ability to locally optimize and innovate while still operating within expected boundaries.

    ACE Governing Body

    ↑ Agile Team → ACE ← Agile Team ↑

    Who should take on the governance role?

    The governing body can be the existing executive or standing committees, or a newly formed committee involving your key ACE influencers and stakeholders.

    Flexible governance means that your ACE set boundaries based on your cultural, regulatory, and compliance requirements, and your governance group monitors your Agile teams’ adherence to these boundaries.

    Governing Body Responsibilities

    • Review and approve ACE strategy annually and ensure that it is aligned with current business strategy.
    • Provide detailed quality information for board members.
    • Ensure that the ACE is adequately resourced and that the organization has the capacity to deliver the service offerings.
    • Assure that the ACE is delivering benefits and achieving targets.
    • Assure that the record keeping and reporting systems are capable of providing the information needed to properly assess the quality of service.

    Modify your resourcing strategy based on organizational need

    Your Agile Center of Excellence can be organized either in a dedicated or a virtual configuration, depending on your company’s organizational structure and complexity.

    There is no right answer to how your Center of Excellence should be resourced. Consider your existing organizational structure and culture, the quality of relationships between functional groups, and the typical budgetary factors that would weigh on choosing between a virtual and dedicated CoE structure.

    COE Advantages Disadvantages
    Virtual
    • No change in organization structure required, just additional task delegation to your Agile manager or program manager.
    • Less effort and cost to implement.
    • Investment in quality is proportional to return.
    • Resources are shared between practice areas, and initiatives will take longer to implement.
    • Development and enhancement of best practices can become difficult without a centralized knowledge repository.
    Dedicated
    • Demonstrates a commitment to the ACEs long-term existence.
    • Allows for dedicated maintenance of best practices.
    • Clear lines of accountability for Agile processes.
    • Ability to develop highly skilled employees as their responsibilities are not shared.
    • Requires dedicated resources that can in turn be more costly.
    • Requires strong relationships with the functional groups that interface with the ACE.

    Staffing the ACE: Understand virtual versus dedicated ACE organizational models

    Virtual CoE

    The image shows an organizational chart titled Virtual CoE, with Head of IT at the top, then PMO and CoE Lead/Apps Director at the next level. The chart shows that there is crossover between the CoE Lead's reports, and the PMO's, indicated through dotted lines that connect them.

    • Responsibilities for CoE are split and distributed throughout departments on a part-time basis.
    • CoE members from the PMO report to apps director who also functions as the CoE lead on a part-time basis.

    The image shows a organizational chart titled Dedicated CoE, with all CoE members under the CoE.

    • Requires re-organization and dedicated full-time staff to run the CoE with clear lines of responsibility and accountability.
    • Hiring or developing highly skilled employees who have a sole function to facilitate and monitor quality best practices within the IT department may be necessary.

    Activity: Form the Center of Excellence

    1.2.1 1 Hour

    Input

    • N/A

    Output

    • ACE governance and resourcing plan

    Materials

    • Whiteboard

    Participants

    • Agile leadership group
    1. As a group, discuss if there is an existing body that would be able to govern the Center of Excellence. This body will monitor progress on an ongoing basis and assess any change requests that would impact the CoEs operation or goals.
    • List current governing bodies that are closely aligned with your current Agile environment and determine if the group could take on additional responsibilities.
    • Alternatively, identify individuals who could form a new ACE governing body.
  • Using the results of Exercise 1.1.6 in Step 1, select the individuals who will participate in the Center of Excellence. As a rough rule of thumb for sizing, an ACE staffed with 3-5 people can support 8-12 Agile Teams.
  • Document results in the ACE Communications Deck.

    Leverage your existing Agile practices and SMEs when establishing the ACE

    The synergy between Agile and CoE relies on its ability to build on existing best practices. Agile cannot grow without a solid foundation. ACE gives you the way to disseminate these practices and facilitate knowledge transfer from a centralized sharing environment. As part of defining your service offerings, engage with stakeholders across the organization to evaluate what is already documented so that it can be accommodated in the ACE.

    Documentation

    • Are there any existing templates that can be leveraged (e.g. resource planning, sprint planning)?
    • Are there any existing process documents that can be leveraged (e.g. SIPOC, program frameworks)?
    • Are there any existing standards documents the CoE can incorporate (e.g. policies, procedures, guidelines)?

    SMEs

    • Interview existing subject-matter experts that can give you an idea of your current pains and opportunities.
    • You already have feedback from those in your workshop group, so think about the rest of the organization:
      • Agile practitioners
      • Business stakeholders
      • Operations
      • Any other parties not represented in the workshop group

    Metrics

    • What are the current metrics being used to measure the success of Agile teams?
    • What metrics are currently being used to measure the completion of business objectives?
    • What tools or mediums are currently used for recording and communicating metrics?

    Info-Tech Insight

    When considering existing practices, it is important to evaluate the level of adherence to these practices. If they have been efficiently utilized, injecting them into ACE becomes an obvious decision. If they have been underutilized, however, it is important to understand why this occurred and discuss how you can drive higher adherence.

    Examples of existing documents to leverage

    People

    • Agile onboarding planning documents
    • Agile training documents
    • Organizational Agile manifesto
    • Team performance metrics dashboard
    • Stakeholder engagement and communication plan
    • Development team engagement plan
    • Organizational design and structure
    • Roles and responsibilities chart (i.e. RACI)
    • Compensation plan Resourcing plan

    Process

    • Tailored Scrum process
    • Requirements gathering process
    • Quality stage-gate checklist (including definitions of ready and done)
    • Business requirements document
    • Use case document
    • Business process diagrams
    • Entity relationship diagrams
    • Data flow diagrams
    • Solution or system architecture
    • Application documentation for deployment
    • Organizational and user change management plan
    • Disaster recovery and rollback process
    • Test case templates

    Technology

    • Code review policies and procedures
    • Systems design policies
    • Build, test, deploy, and rollback scripts
    • Coding guidelines
    • Data governance and management policies
    • Data definition and glossary
    • Request for proposals (RFPs)
    • Development tool standards and licensing agreements
    • Permission to development, testing, staging, and production environments
    • Application, system, and data integration policies

    Build upon the lessons learned from your Agile pilots

    The success of your Center of Excellence relies on the ability to build sound best practices within your organization’s context. Use your previous lessons learned and growing pains as shared knowledge of past Agile implementations within the ACE.

    Implement Agile Practices That Work

    Draw on the experiences of your initial pilot where you learned how to adapt the Agile manifesto and practices to your specific context. These lessons will help onboard new teams to Agile since they will likely experience some of the same challenges.

    Download

    Documents for review include:

    • Tailored Scrum Process
    • Agile Pilot Metrics
    • Info-Tech’s Agile Pilot Playbook

    Enable Organization-Wide Collaboration by Scaling Agile

    Draw on previous scaling Agile experiences to help understand how to interface, facilitate, and orchestrate cross-functional teams and stakeholders for large and complex projects. These lessons will help your ACE teams develop collaboration and problem-solving techniques involving roles with different priorities and lines of thinking.

    Download

    Documents for review include:

    • Agile Program Framework
    • Agile Pilot Program Metrics
    • Scaled Agile Development Process
    • Info-Tech’s Scaling Agile Playbook

    Activity: Gather and document your existing Agile practices for the CoE

    1.2.2 Variable time commitment based on current documentation state

    Input

    • Existing practices

    Output

    • Practices categorized within operating model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Compile a list of existing practices that will be shared by the Center of Excellence. Consider any documents, templates, or tools that are used regularly by Agile teams.
    2. Evaluate the level of adherence to use of the practices (whether the practice is complied with regularly or not) with a high, medium, or low. Low compliance will need a root-cause analysis to understand why and how to remedy the situation.
    3. Determine the best fit for each practice under the ACE operational model.
    Name Type Adherence Level CoE Best Fit Source
    1 Tailored Scrum process Process High Shared Services Internal Wiki
    2
    3

    Activity: Interview stakeholders to understand the ACE functional expectations

    1.2.3 30-60 Minutes per interview

    Interview Stakeholders (from both Agile teams and functional areas) on their needs from the ACE. Ensure you capture both pain points and opportunities. Capture these as either Common Agile needs or Functional needs. Document using the tables below:

    Common Agile Needs
    Common Agile Needs
    • Each Agile Team interprets Agile differently
    • Need common approach to Agile with a proven track record within the organization
    • Making sure all Team members have a good understanding of Agile
    • Common set of tool(s) with a proven track record, along with a strong understanding of how to use the tool(s) efficiently and effectively
    • Help troubleshooting process related questions
    • Assistance with addressing the individual short comings of each Agile Team
    • Determining what sort of help each Agile Team needs most
    • Better understanding of the role played by Scrum Master and associated good practices
    • When and how do security/privacy/regulatory requirements get incorporated into Agile projects
    Functional Needs Ent Arch Needs
    • How do we ensure Ent Arch has insight and influence on Agile software design
    • Better understanding of Agile process
    • How to measure compliance with reference architectures

    PMO Needs

    • Better understanding of Agile process
    • Understanding role of PM in Agile
    • Project status reports that determine current level of project risk
    • How does project governance apply on Agile projects
    • What deliverables/artifacts are produced by Agile projects and when are they completed

    Operations Needs

    • Alignment on approaches for doing releases
    • Impact of Agile on change management and support desk processes
    • How and when will installation and operation instructions be available in Agile

    Activity: Form a solution matrix to organize your pain points and opportunities

    1.2.4 Half day

    Input

    • Identified requirements

    Output

    • Classified pains and opportunities

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Review the listed pain points from the data gathering process. Sort the pain points on sticky notes into technology, governance, people, and shared services.
    2. Consider opportunities under each defining element based on the identified business requirements.
    3. Document your findings.
    4. Discuss the results with the project team and prioritize the opportunities.
      • Where do the most pains occur?
      • What opportunities exist to alleviate pains?
    Governance Shared Services Technology People
    Pain Points
    Opportunities

    Document results in the ACE Communications Deck.

    Activity: Refine your use cases to identify your ACE functions and services

    1.2.5 1 Hour

    Input

    • Use cases from activity 1.1.2

    Output

    • Refined use cases based on data collection

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Refine your initial use cases for the points of alignment between your ACE and business objectives using your classified pain points and opportunities.
    2. Add use cases to address newly realized pain points.
    3. Determine the functions and services the CoE can offer to address the identified requirements.
    4. Evaluate the outputs in the form of realized benefits and extracted inefficiencies.

    Possible ACE use cases:

    • Policy Management
    • Change Management
    • Risk Management
    • Stakeholder Management
    • Engagement Planning
    • Knowledge Management
    • Subject-Matter Expertise
    • Agile Team Evaluation
    • Operations Support
    • Onboarding
    • Coaching
    • Learning Facilitation
    • Communications Training
    • Vendor Management
    • Application Support
    • Tooling Standards

    Document results in the ACE Communications Deck.

    Activity: Visualize your ACE functions and service offerings with a capability map

    1.2.6 1 Hour

    Input

    • Use cases from activity 1.2.4

    Output

    • ACE capability map

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Review the refined and categorized list of service offerings.
    2. Determine how these new capabilities will add, remove, or enhance your existing service and capabilities.
    3. Categorize the capabilities into the following groups:
    • Governance and Metrics
    • Services
    • Staff
    • Technology
  • Label the estimated impact of the service offering based on your business priorities for the year. This will guide your strategy for implementing your Agile Center of Excellence moving forward.
  • Document results in the ACE Communications Deck.

    Activity: Visualize your ACE functions and service offerings with a capability map (continued)

    Governance

    Policy Management (Medium Potential)

    Change Management (High Potential)

    Risk Management (High Potential)

    Stakeholder Management (High Potential)

    Metrics/Feedback Monitoring (High Potential)

    Shared Services

    Engagement Planning (High Potential)

    Knowledge Management (High Potential)

    Subject-Matter Expertise (High Potential)

    Agile Team Evaluation (High Potential)

    Operations Support (High Potential)

    People

    Onboarding (Medium Potential)

    Coaching (High Potential)

    Learning Facilitation (High Potential)

    Internal Certification Program (Low Potential)

    Communications Training (Medium Potential)

    Technology

    Vendor Management (Medium Potential)

    Application Support (Low Potential)

    Tooling Standards (High Potential)

    Checkpoint: Are you ready to standardize your CoEs service offerings?

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Self-Auditing Guidelines

    • Have you identified and prioritized the key business objectives for the upcoming year that the ACE will align with?
    • Do you have a high-level set of use cases for points of alignment between your ACE and business objectives?
    • Have you mapped your stakeholders and identified the key players that will have an influence over the future success of your ACE?
    • Have you identified how your organization will fund, resource, and govern the ACE?
    • Have you collected data to understand the functional expectations of the users the ACE is intended to serve?
    • Have you refined your use cases to align with both business objectives and functional expectations?

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.2 Identify and prioritize organizational business objectives

    Our analyst team will help you organize and prioritize your business objectives for the year in order to ensure that the service offerings the ACE offers are delivering consistent business value.

    1.1.3 Form use cases for the points of alignment between your ACE and business objectives

    Our analyst team will help you turn your prioritized business objectives into a set of high-level use cases that will provide the foundation for defining user-aligned services.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.1.4 Prioritize your ACE stakeholders

    Our analysts will walk you through an exercise of mapping and prioritizing your Centers of Excellence stakeholders based on impact and power within so you can ensure appropriate presentation of interests within the organization.

    1.2.4 Form a solution matrix to organize your pain points and opportunities

    Our analyst team will help you solidify the direction of your Center of Excellence by overlaying your identified needs, pain points, and potential opportunities in a matrix guided by Info-Tech’s CoE operating model.

    1.2.5 Refine your use cases to identify your ACE functions and services

    Our analyst team will help you further refine your business-aligned use cases with the functional expectations from your Agile teams and stakeholders, ensuring the ACEs long-term utility.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.2.6 Visualize your ACE functions and service offerings with a capability map

    Our analysts will walk you through creating your Agile Centers of Excellence capability map and help you to prioritize which service offerings are critical to the success of your Agile teams in meeting their objectives.

    Phase 2

    Standardize the Centers of Excellence Service Offerings

    Spread Best Practices With an Agile Center of Excellence

    The ACE needs to ensure consistency in service delivery

    Now that you have aligned the CoE to the business and functional expectations, you need to ensure its service offerings are consistently accessible. To effectively ensure accessibility and delegation of shared services in an efficient way, the CoE needs to have a consistent framework to deliver its services.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Standardize the CoEs Service Offerings

    Proposed Time to Completion (in weeks): 2

    Step 2.1: Define an adoption plan for your Agile teams

    Start with an analyst kick off call:

    • Dissect the key attributes of Agile adoption.

    Then complete these activities…

    2.1.1 Further categorize your use cases within the Agile adoption model.

    Step 2.2: Create an ACE engagement plan

    Start with an analyst kick off call:

    • Form engagement plans for your Agile teams.

    Then complete these activities…

    2.2.1 Create an engagement plan for each level of adoption.

    Step 2.3: Define metrics to measure success

    Finalize phase deliverable:

    • Discuss effective ACE metrics.

    Then complete these activities…

    2.3.1 Collect existing team-level metrics.

    2.3.2 Define metrics that align with your Agile business objectives.

    2.3.3 Define target ACE performance metrics.

    2.3.4 Define Agile adoption metrics.

    2.3.5 Consolidate metrics for stakeholder impact.

    2.3.6 Use Info-Tech’s ACE Benefits Tracking Tool to monitor, evaluate, refine, and ensure continued business value.

    Phase 2 Results & Insights:

    • Standardizing your service offerings allows you to have direct influence on the dissemination of best practices.

    Phase 2, Step 1: Define an adoption plan for your Agile teams

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    2.1.1 Further categorize your use cases within the Agile adoption model.

    Outcomes:

    • Refine your previously determined use cases within the Agile adoption model to ensure that teams can be assisted at any level of Agile adoption.
    • Understand the key attributes of Agile adoption and how they impact success.

    Understand the implementation challenges that the ACE may face

    Culture clash between ACE and larger organization

    It is important to carefully consider the compatibility between the current organizational culture and Agile moving forward. Agile compels empowered teams, meritocracy, and broad collaboration for success; while typical organizational structures are siloed and hierarchical and decisions are delegated from the top down.

    This is not to say that the culture of the ACE has to match the larger organizational culture; part of the overarching aim of the ACE is to evolve the current organizational culture for the better. The point is to ensure you enable a smooth transition with sufficient management support and a team of Agile champions.

    The changing role of middle management

    Very similar to the culture clash challenge, cultural rigidity in how middle managers operate (performance review, human resource management, etc.) can cause cultural rejection. They need to become enablers for high performance and give their teams the sufficient tools, skills, and opportunities to succeed and excel.

    What impedes Agile adoption?

    Based on a global survey of Agile practitioners (N=1,319)*:

    52% Organizational culture at odds with agile values

    44% Inadequate management support and sponsorship

    48% General organization resistance to change

    *Respondents were able to make multiple selections

    (13th Annual State of Agile Report, VersionOne, 2019)

    Build competency and trust through a structured Agile adoption plan

    The reality of cultural incompatibility between Agile and traditional organization structures necessitates a structured adoption plan. Systematically build competency so teams can consistently achieve project success and solidify trust in your teams’ ability to meet business needs with Agile.

    By incrementally gaining the trust of management as you build up your Agile capabilities, you enable a smooth cultural transition to an environment where teams are empowered, adapt quickly to changing needs, and are trusted to innovate and make successes out of their failures.

    Optimized value delivery occurs when there is a direct relationship between competency and trust. There will be unrealized value when competency or trust outweigh the other. That value loss increases as either dimension of adoption continues to grow faster than the other.

    The image shows a graph with Competency on the x-axis and Trust on the y-axis. There are 3 sections: Level 1, Level 2, and Level 3, in subsequently larger arches in the background of the graph. The graph shows two diagonal arrows, the bottom one labelled Current Value Delivery and the top one labelled Optimized Value Delivery. The space between the two arrows is labelled Value Loss.

    Use Info-Tech’s Practice Adoption Optimization Model to systematically increase your teams’ ability to deliver

    Using Info-Tech’s Practice adoption optimization model will ensure you incrementally build competency and trust to optimize your value delivery.

    Agile adoption at its core, is about building social capital. Your level of trust with key influencers increases as you continuously enhance your capabilities, enabling the necessary cultural changes away from traditional organizational structures.

    Trust & Competency ↓

    DEFINE

    Begin to document your development workflow or value chain, implement a tracking system for KPIs, and start gathering metrics and reporting them transparently to the appropriate stakeholders.

    ITERATE

    Use collected metrics and retrospectives to stabilize team performance by reducing areas of variability in your workflow and increasing the consistency at which targets are met.

    COLLABORATE

    Use information to support changes and adopt appropriate practices to make incremental improvements to the existing environment.

    EMPOWER

    Drive behavioral and cultural changes that will empower teams to be accountable for their own success and learning.

    INNOVATE

    Use your built-up trust and support practice innovation, driving the definition and adoption of new practices.

    Review these key attributes of Agile adoption

    Agile adoption is unique to every organization. Consider these key attributes within your own organizational context when thinking about levels of Agile adoption.

    Adoption Attributes

    Team Organization

    Considers the degree to which teams are able to self-organize based on internal organizational structures (hierarchy vs. meritocracy) and inter-team capabilities.

    Team Coordination

    Considers the degree to which teams can coordinate, both within and across functions.

    Business Alignment

    Considers the degree to which teams can understand and/or map to business objectives.

    Coaching

    Considers what kind of coaching/training is offered and how accessible the training is.

    Empowerment

    Considers the degree to which teams are able and capable to address project, process, and technical challenges without significant burden from process controls and bureaucracy.

    Failure Tolerance

    Considers the degree to which stakeholders are risk tolerant and if teams are capable of turning failures into learning outcomes.

    Why are these important?

    These key attributes function as qualities or characteristics that, when improved, will successively increase the degree to which the business trusts your Agile teams’ ability to meet their objectives.

    Systematically improving these attributes as you graduate levels of the adoption model allows the business to acclimatize to the increased capability the Agile team is offering, and the risk of culture clash with the larger organization decreases.

    Start to consider at what level of adoption each of your service offerings become useful. This will allow you to standardize the way your Agile teams interact with the CoE.

    Activity: Further categorize your use cases within the Agile adoption model

    2.1.1 1.5 Hours

    Input

    • List of service offerings

    Output

    • Service offerings categorized within adoption model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team
    1. Gather the list of your categorized use cases.
    2. Based on Info-Tech’s Agile adoption model, categorize which use cases would be useful to help the Agile team graduate to the next level of adoption.
      • Conceptualize: Begin to document your workflow or value chain, implement a tracking system for KPIs, and gather metrics and report them transparently to the appropriate stakeholders.
      • Iterate: Use collected metrics to stabilize team performance by reducing areas of variability in your workflow and increasing the consistency at which targets are met.
      • Collaborate: Use information to drive changes and adopt appropriate Agile practices to make incremental improvements to the existing environment.
      • Empower: Drive behavioral and cultural changes that will empower teams to be accountable for their own successes given the appropriate resources.
      • Innovate: Use your built-up trust to begin to make calculated risks and innovate more, driving new best practices into the CoE.

    The same service offering could be offered at different levels of adoption. In these cases, you will need to re-visit the use case and differentiate how the service (if at all) will be delivered at different levels of adoption.

    1. Use this opportunity to brainstorm alternative or new use cases for any gaps identified. It is the CoEs goal to assist teams at every level of adoption to meet their business objectives. Use a different colored sticky note for these so you can re-visit and map out their inputs, outputs, metrics, etc.

    Activity: Further categorize your use cases within the Agile adoption model (continued)

    2.1.1 1.5 Hours

    Input

    • List of service offerings

    Output

    • Service offerings categorized within adoption model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team

    Example:

    Service Offerings
    Level 5: Innovate
    Level 4: Empower
    Level 3: Collaborate Coaching -- Communications Training
    Level 2: Iterate Tooling Standards
    Level 1: Conceptualize

    Learning Facilitation

    Draw on the service offerings identified in activity 1.2.4

    Phase 2, Step 2: Create an ACE engagement plan

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    2.2.1 Create an engagement plan for each level of adoption.

    Outcomes:

    • Understand the importance of aligning with the functional expectations of your ACE customers.
    • Understand the relationship between engagement and continuous improvement.
    • Create an engagement plan for each level of adoption to standardize the way customers interact with the ACE.

    Enable Agile teams to interface with ACE service offerings to meet their business objectives

    A Center of Excellence aligned with your service offerings is only valuable if your CoEs customers can effectively access those services. At this stage, you have invested in ensuring that your CoE aligns to your business objectives and that your service offerings align to its customers. Now you need to ensure that these services are accessible in the day-to-day operation of your Agile teams.

    Engagement Process → Service Offering

    Use backwards induction from your delivery method to the service offering. This is an effective method to determine the optimal engagement action for the CoE, as it considers the end customer as the driver for best action for every possible situation.

    Info-Tech Insight

    Your engagement process should be largely informed by your ACE users. Teams have constraints as well as in-the-trenches concerns and issues. If your service offerings don’t account for these, it can lead to rejection of the culture you are trying to inspire.

    Show the way, do not dictate

    Do not fix problems for your Agile teams, give them the tools and knowledge to fix the problems themselves.

    Facilitate learning to drive success

    A primary function of your ACE is to transfer knowledge to Agile teams to increase their capability to achieve desired outcomes.

    While this can take the form of coaching, training sessions, libraries, and wikis, a critical component of ACE is creating interactions where individuals from Agile teams can come together and share their knowledge.

    Ideas come from different experiences. By creating communities of practice (CoP) around topics that the ACE is tasked with supporting (e.g. Agile business analysts), you foster social learning and decrease the likelihood that change will result in some sort of cultural rejection.

    Consider whether creating CoPs would be beneficial in your organization’s context.

    "Communities of practice are a practical way to frame the task of managing knowledge. They provide a concrete organizational infrastructure for realizing the dream of a learning organization." – Etienne Wenger, Digital Habitats: Stewarding technology for communities

    A lack of top-down support will result in your ACE being underutilized

    Top-down support is critical to validate the CoE to its customers and ensure they feel compelled to engage with its services. Relevancy is a real concern for the long-term viability of a CoE and championing its use from a position of authority will legitimize its function and deter its fading from relevancy of day-to-day use for Agile teams.

    Although you are aligning your engagement processes to the customers of your Agile Center of Excellence, you still need your key influencers to champion its lasting organizational relevancy. Don’t let your employees think the ACE is just a coordinating body or a committee that is convenient but non-essential – make sure they know that it drives their own personal growth and makes everyone better as a collective.

    "Even if a CoE is positioned to meet a real organizational need, without some measure of top-down support, it faces an uphill battle to remain relevant and avoid becoming simply one more committee in the eyes of the wider organization. Support from the highest levels of the organization help fight the tendency of the larger organization to view the CoE as a committee with no teeth and tip the scales toward relevancy for the CoE." – Joe Shepley, VP and Practice Lead, Doculabs

    Info-Tech Insight

    Stimulate top-down support with internal certifications. This allows your employees to gain accreditation while at the same time encouraging top-down support and creating a compliance check for the continual delivery and acknowledgement of your evolving best practices.

    Ensure that best practices and lessons learned are injected back into the ACE

    For your employees to continuously improve, so must the Center of Excellence. Ensure the ACE has the appropriate mechanisms to absorb and disseminate best practices that emerge from knowledge transfer facilitation events.

    Facilitated Learning Session →Was the localized adaption well received by others in similar roles? →Document Localized Adaptation →Is there broad applicability and benefit to the proposed innovation? →CoE Absorbs as Best Practice

    Continuous improvement starts with the CoE

    While facilitating knowledge transfer is key, it is even more important that the Center of Excellence can take localized adaptations from Agile teams and standardize them as best practices when well received. If an individual were to leave without sharing their knowledge, the CoE and the larger organization will lose that knowledge and potential innovation opportunities.

    Experience matters

    To organically grow your ACE and be cost effective, you want your teams to continuously improve and to share that knowledge. As individual team members develop and climb the adoption model, they should participate as coaches and champions for less experienced groups so that their knowledge is reaching the widest audience possible.

    Case study: Agile learning at Spotify

    CASE STUDY

    Industry Digital Media

    Source Henrik Kniberg & Anders Ivarsson, 2012

    Methods of Agile learning at Spotify

    Spotify has continuously introduced innovative techniques to facilitate learning and ensure that that knowledge gets injected back into the organization. Some examples are the following:

    • Hack days: Self-organizing teams, referred to as squads, come together, try new ideas, and share them with their co-workers. This facilitates a way to stay up to date with new tools and techniques and land new product innovations.
    • Coaching: Every squad has access to an Agile coach to help inject best practices into their workflow – coaches run retrospectives, sprint planning meetings, facilitate one-on-one coaching, etc.
    • Tribes: Collections of squads that hold regular gatherings to show the rest of the tribe what they’ve been working on so others can learn from what they are doing.
    • Chapters: People with similar skills within a tribe come together to discuss their area of expertise and their specific challenges.
    • Guilds: A wide-reaching community of interest where members from different tribes can come together to share knowledge, tools, and codes, and practice (e.g. a tester guild, an Agile coaching guild).

    The image shows the Spotify model, with two sections, each labelled Tribe, and members from within each Tribe gathered together in a section labelled Guild.

    "As an example of guild work, we recently had a ‘Web Guild Unconference,’ an open space event where all web developers at Spotify gathered up in Stockholm to discuss challenges and solutions within their field."

    Activity: Create an engagement plan for each level of adoption

    2.2.1 30 Minutes per role

    Input

    • Categorized use cases

    Output

    • Role-based engagement plans

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team
    1. On the top bar, define the role you are developing the engagement plan for. This will give you the ability to standardize service delivery across all individuals in similar roles.
    2. Import your categorized service offerings for each level of adoption that you think are applicable to the given role.
    3. Using backwards induction, determine the engagement processes that will ensure that those service offerings are accessible and fit the day-to-day operations of the role.
    4. Fill in the template available on the next slide with each role’s engagement plan.

    Document results in the ACE Communications Deck.

    Example engagement plan: Developer

    2.2.1 30 Minutes per role

    Role: Developer
    Level 1 Level 2 Level 3 Level 4 Level 5
    Service Offering
    1. Onboarding
    2. Coaching
    3. Learning Facilitation
    1. Tooling Standards
    2. Learning Facilitation
    1. Communications Training
    2. Learning Facilitation
    1. Subject-Matter Expertise
    2. Coaching
    1. Knowledge Management
    Engagement Process
    1. Based on service request or need identified by dev. manager.
    2. Based on service request or need identified by dev. manager.
    3. Weekly mandatory community of practice meetings.
    1. When determined to have graduated to level 2, receive standard Agile tooling standards training.
    2. Weekly mandatory community of practice meetings.
    1. When determined to have graduated to level 3, receive standard Agile communications training.
    2. Weekly mandatory community of practice meetings
    1. Peer-based training on how to effectively self-organize.
    2. Based on service request or need identified by dev. manager.
    1. Review captured key learnings from last and have CoE review KPIs related to any area changed.

    Example engagement plan: Tester

    2.2.1 30 Minutes per role

    Role: Tester
    Level 1Level 2Level 3Level 4Level 5
    Service Offering
    1. Onboarding
    2. Coaching
    1. Product Training
    2. Communications Training
    1. Communications Training
    2. Learning Facilitation
    1. Subject-Matter Expertise
    2. Coaching
    1. Tooling Standards
    2. Training
    3. Coaching
    Engagement Process
    1. Based on service request or need identified by dev. manager.
    1. Weekly mandatory community of practice meetings.
    2. Provide training on effective methods for communicating with development teams based on organizational best practices.
    1. When determined to have graduated to level 3, receive standard training based on organizational testing best practices. Weekly mandatory community of practice meetings.
    1. Peer-to-peer training with level 5 certified coach.
    2. Based on service request or need identified by dev. manager. .
    1. Periodic updates of organizational tooling standards based on community of practice results.
    2. Automation training.
    3. Provide coaching to level 1 developers on a rotating basis to develop facilitation skills.

    Example engagement plan: Product Owner

    2.2.1 30 Minutes per role

    Role: Product Owner
    Level 1 Level 2 Level 3 Level 4 Level 5
    Service Offering
    1. Onboarding
    2. Coaching
    1. Coaching
    2. Learning Facilitation
    1. Coaching
    2. Communications Training
    3. Learning Facilitation
    1. Coaching
    2. Learning Facilitation
    1. Coaching
    2. Learning Facilitation
    Engagement Process
    1. Provide onboarding materials for Agile product owners.
    2. Provide bi-weekly reviews and subsequent guidance at the end of retrospective processes.
    1. Provide monthly reviews and subsequent guidance based on retrospective results.
    2. Bi-weekly mandatory community of practice meetings
    1. When determined to have graduated to level 3, receive standard training based on organizational testing best practices.
    2. Bi-weekly mandatory community of practice meetings.
    1. Provide monthly reviews and subsequent guidance based on retrospective results.
    2. Bi-weekly mandatory community of practice meetings
    1. Provide quarterly reviews and subsequent guidance based on retrospective results.
    2. Bi-weekly mandatory community of practice meetings

    Phase 2, Step 3: Define metrics to measure success

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    2.3.1 Define existing team-level metrics.

    2.3.2 Define metrics that align with your Agile business objectives.

    2.3.3 Define target ACE performance metrics.

    2.3.4 Define Agile adoption metrics.

    2.3.5 Consolidate your metrics for stakeholder impact.

    2.3.6 Use Info-Tech’s ACE Benefits Tracking Tool to monitor, evaluate, refine, and ensure continued business value.

    Outcomes:

    • Understand the importance of aligning with the functional expectations of your ACE customers.
    • Understand the relationship between engagement and continuous improvement.
    • Create an engagement plan for each level of adoption to standardize the way customers interact with the ACE.

    Craft metrics that will measure the success of your Agile teams

    Quantify measures that demonstrate the effectiveness of your ACE by establishing distinct metrics for each of your service offerings. This will ensure that you have full transparency over the outputs of your CoE and that your service offerings maintain relevance and are utilized.

    Questions to Ask

    1. What are leading indicators of improvements that directly affect the mandate of the CoE?
    2. How do you measure process efficiency and effectiveness?

    Creating meaningful metrics

    Specific

    Measureable

    Achievable

    Realistic

    Time-bound

    Follow the SMART framework when developing metrics for each service offering.

    Adhering to this methodology is a key component of the lean management methodology. This framework will help you avoid establishing general metrics that aren’t relevant.

    "It’s not about telling people what they are doing wrong. It’s about constantly steering everyone on the team in the direction of success, and never letting any individual compromise the progress of the team toward success." – Mary Poppendieck, qtd. in “Questioning Servant Leadership”

    For important advice on how to avoid the many risks associated with metrics, refer to Info-Tech’s Select and Use SDLC Metrics Effectively.

    Ensure your metrics are addressing criteria from different levels of stakeholders and enterprise context

    There will be a degree of overlap between the metrics from your business objectives, service offerings, and existing Agile teams. This is a positive thing. If a metric can speak to multiple benefits it is that much more powerful in commuting successes to your key stakeholders.

    Existing metrics

    Business objective metrics

    Service offering metrics

    Agile adoption metrics

    Finding points of overlap means that you have multiple stakeholders with a vested interest in the positive trend of a specific metric. These consolidated metrics will be fundamental for your CoE as they will help build consensus through communicating the success of the ACE in a common language for a diverse audience.

    Activity: Define existing team-level metrics

    2.3.1 1 Hour

    Input

    • Current metrics

    Output

    • Service offerings categorized within adoption model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team
    1. Gather any metrics related documentation that you collected during your requirements gathering in Phase 1.
    2. Collect team-level metrics for your existing Agile teams:
      • Examine outputs from any feedback mechanisms you have (satisfaction surveys, emails, existing SLAs, burndown charts, resourcing costs, licensing costs per sprint, etc.).
      • Look at historical trends and figures when available. Be careful of frequent anomalies as these may indicate a root cause that needs to be addressed.
      • Explore the definition of specific metrics across different functional teams to ensure consistency of measurement and reporting.
    Team Objective Expected Benefits Metrics
    Improve productivity
    • Improve transparency with business decisions
    • Team burndown and velocity
    • Number of releases per milestone
    Increase team morale and motivation
    • Teams are engaged and motivated to develop new opportunities to deliver more value quicker.
    • Team satisfaction with Agile environment
    • Degree of engagement in ceremonies
    Improve transparency with business decisions
    • Teams are engaged and motivated to develop new opportunities to deliver more value quicker.
    • Stakeholder satisfaction with completed product
    • Number of revisions to products in demonstrations

    Activity: Define metrics that align with your Agile business objectives

    2.3.2 1 Hour

    Input

    • Organizational business objectives from Phase 1

    Output

    • Metrics aligned to organizational business objectives

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE
    1. List the business objectives that you determined in 1.1.2.
    2. Create a shortlist of expected benefits from those business objectives. These will help to drive metrics that align with the intended purpose of completing those business objectives, and affirm they are aligned to realizable benefits.
    3. Define metrics that speak to the benefits of your business objectives. While engaging in this process, ensure to document the collection method for each metrics.
    Business Objectives Expected Benefits Metrics
    Decrease time-to-market of product releases
    • Faster feedback from customers.
    • Increased customer satisfaction.
    • Competitive advantage.
    Decrease time-to-market of product releases
    • Alignment to organizational best practices.
    • Improved team productivity.
    • Greater collaboration across functional teams.
    • Policy and practice adherence and acknowledgement
    • Number of requests for ACE services
    • Number of suggestions to improve Agile best practices and ACE operations

    Activity: Define target ACE performance metrics

    2.3.3 1 Hour

    Input

    • Service offerings
    • Satisfaction surveys
    • Usage rates

    Output

    • CoE performance metrics

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE
    1. Define metrics to measure the success of each of your service offerings.
    2. Create a shortlist of expected benefits from those business objectives. These will help to drive metrics that align with the intended purpose of those service offerings, and affirm they are aligned to realizable benefits.
    3. Define metrics that speak to the benefits of your service offerings.
    4. Compare these to your team performance metrics.
    Service Offering Expected Benefits Metrics
    Knowledge management
    • Comprehensive knowledgebase that accommodates various company products and office locations.
    • Easily accessible resources.
    • Number of practices extracted from ACE and utilized
    • Frequency of updates to knowledgebase
    Tooling standards
    • Tools adhere to company policies, security guidelines, and regulations.
    • Improved support of tools and technologies.
    • Tools integrate and function well with enterprise systems.
    • Number of teams and functional groups using standardized tools
    • Number of supported standardized tools
    • Number of new tools added to the standards list
    • Number of tools removed from standards list

    Activity: Define Agile adoption metrics

    2.3.4 1 Hour

    Input

    • Agile adoption model

    Output

    • Agile adoption metrics
    1. Define metrics to measure the success of each of your service offerings.
    2. Create a shortlist of expected benefits from those business objectives. These will help to drive metrics that align with the intended purpose of those service offerings, and affirm they are aligned to realizable benefits.
    3. Define metrics that speak to the benefits of your service offerings.
    4. It is possible that you will need to adjust these metrics after baselines are established when you begin to operate the ACE. Keep this in mind moving forward.
    Adoption attributes Expected Benefits Metrics
    Team organization
    • Acquisition of the appropriate roles and skills to successfully deliver products.
    • Degree of flexibility to adjust team compositions on a per project basis
    Team coordination
    • Ability to successfully undertake large and complex projects involving multiple functional groups.
    • Number of ceremonies involving teams across functional groups
    Business alignment
    • Increased delivery of business value from process optimizations.
    • Number of business-objective metrics surpassing targets
    Coaching
    • Teams are regularly trained with new and better best practices.
    • Number of coaching and training requests
    Empowerment
    • Teams can easily and quickly modify processes to improve productivity without following a formal, rigorous process.
    • Number of implemented changes from team retrospectives
    Failure tolerance
    • Stakeholders trust teams will adjust when failures occur during a project.
    • Degree of stakeholder trust to address project issues quickly and effectively

    Activity: Consolidate your metrics for stakeholder impact

    2.3.5 30 Minutes

    Input

    • New and existing Agile metrics

    Output

    • Consolidated Agile metrics

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE
    1. Take all the metrics defined from the previous activities and compare them as a group.
    2. If there are overlapping metrics that are measuring similar outcomes or providing similar benefits, see if there is a way to merge them together so that a single metric can report outcomes to multiple stakeholders. This reduces the amount of resources invested in metrics gathering and helps to show consensus or alignment between multiple stakeholder interests.
    3. Compare these to your existing Agile metrics, and explore ways to consolidate existing metrics that are established with some of your new metrics. Established metrics are trusted and if they can be continued it can be viewed as beneficial from a consensus and consistency perspective to your stakeholders.

    Activity: Use Info-Tech’s ACE Benefits Tracking Tool to monitor, evaluate, refine, and ensure continued business value

    2.3.6 1 Hour

    Purpose

    The CoE governance team can use this tool to take ownership of the project’s benefits, track progress, and act on any necessary changes to address gaps. In the long term, it can be used to identify whether the team is ahead, on track, or lagging in terms of benefits realization.

    Steps

    1. Enter your identified metrics from the following activities into the ACE Benefits Tracking Tool.
    2. Input your baselines from your data collection (Phase 3) and a goal value for each metric.
    3. Document the results at key intervals as defined by the tool.
    4. Use the summary report to identify metrics that are not tracking well for root cause analysis and communicate with key stakeholders the outcomes of your Agile Center of Excellence based on your communication schedule from Phase 3, Step 3.

    INFO-TECH DELIVERABLE

    Download the ACE Benefits Tracking Tool.

    Checkpoint: Are you ready to operate your ACE?

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Self Auditing Guidelines

    • Have you categorized your ACE service offerings within Info-Tech’s Agile adoption model?
    • Have you formalized engagement plans to standardize the access to your service offerings?
    • Do you understand the function of learning events and their criticality to the function of the ACE?
    • Do you understand the key attributes of Agile adoption and how social capital leads to optimized value delivery?
    • Have you defined metrics for different goals (adoption, effective service offerings, business objectives) of the ACE?
    • Do your defined metrics align to the SMART framework?

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1 Further categorize your use cases within the Agile adoption model

    Our analyst team will help you categorize the Centers of Excellence service offerings within Info-Tech’s Agile adoption model to help standardize the way your organization engages with the Center of Excellence.

    2.2.1 Create an engagement plan for each level of adoption

    Our analyst team will help you structure engagement plans for each role within your Agile environment to provide a standardized pathway to personal development and consistency in practice.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    2.3.2 Define metrics that align with your Agile business objectives

    Our analysts will walk you through defining a set of metrics that align with your Agile business objectives identified in Phase 1 of the blueprint so the CoEs monitoring function can ensure ongoing alignment during operation.

    2.3.3 Define target ACE performance metrics

    Our analysts will walk you through defining a set of metrics that monitors how successful the ACE has been at providing its services so that business and IT stakeholders can ensure the effectiveness of the ACE.

    2.3.4 Define Agile adoption metrics

    Our analyst team will help you through defining a set of metrics that aligns with your organization’s fit of the Agile adoption model in order to provide a mechanism to track the progress of Agile teams maturing in capability and organizational trust.

    Phase 3

    Operationalize Your Agile Center of Excellence

    Spread Best Practices With an Agile Center of Excellence

    Operate your ACE to drive optimized value from your Agile teams

    The final step is to engage in monitoring of your metrics program to identify areas for improvement. Using metrics as a driver for operating your ACE will allow you to identify and effectively manage needed change, as well as provide you with the data necessary to promote outcomes to your stakeholders to ensure the long-term viability of the ACE within your organization.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Operate the CoE

    Proposed Time to Completion (in weeks): Variable depending on communication plan

    Step 3.1: Optimize the success of your ACE

    Start with an analyst kick off call:

    • Conduct a baseline assessment of your Agile environment.

    Then complete these activities…

    3.1.1 Use Info-Tech’s ACE Satisfaction Survey to help establish your baseline.

    3.1.2 Use Info-Tech’s CoE Maturity Diagnostic Tool to measure the maturity level of your ACE.

    3.1.3 Prioritize ACE actions by monitoring your metrics.

    Step 3.2: Plan change to enhance your Agile initiatives

    Start with an analyst kick off call:

    • Interface with the ACE with your change management function.

    Then complete these activities…

    3.2.1 Assess the interaction and communication points of your Agile teams.

    3.2.2 Determine the root cause of each metric falling short of expectations.

    3.2.3 Brainstorm solutions to identified issues.

    3.2.4 Review your metrics program.

    3.2.5 Create a communication plan for change.

    Step 3.3: Conduct ongoing retrospectives of your ACE

    Finalize phase deliverable:

    • Build a communications deck for key stakeholders.

    Then complete these activities…

    3.3.1 Use the outputs from your metrics tracking tool to communicate progress.

    3.3.2 Summarize adjustments in areas where the ACE fell short.

    3.3.3 Review the effectiveness of your service offerings.

    3.3.4 Evaluate your ACE Maturity.

    3.3.5 Use Info-Tech’s ACE Communications Deck to deliver your outcomes to the key stakeholders.

    Phase 3 Results & Insights:

    Inject improvements into your Agile environment with operational excellence. Plan changes and communicate them effectively, monitor outcomes on a regular basis, and keep stakeholders in the loop to ensure that their interests are being looked after to ensure long-term viability of the CoE.

    Phase 3, Step 1: Optimize the success of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Tools:

    3.1.1 Use Info-Tech’s ACE Satisfaction Survey to help establish your baseline.

    3.1.2 Use Info-Tech’s CoE Maturity Diagnostic Tool to measure the maturity level of your ACE.

    3.1.3 Prioritize ACE actions by monitoring your metrics.

    Outcomes:

    • Conduct a baseline assessment of your ACE to measure against using a variety of data sources, including interviews, satisfaction surveys, and historical data.
    • Use the Benefits Tracking Tool to start monitoring the outcomes of the ACE and to keep track of trends.

    Ensure the CoE is able to collect the necessary data to measure success

    Establish your collection process to ensure that the CoE has the necessary resources to collect metrics and monitor progress, that there is alignment on what data sources are to be used when collecting data, and that you know which stakeholder is interested in the outcomes of that metric.

    Responsibility

    • Does the CoE have enough manpower to collect the metrics and monitor them?
    • If automated through technology, is it clear who is responsible for its function?

    Source of metric

    • Is the method of data collection standardized so that multiple people could collect the data in the same way?

    Impacted stakeholder

    • Do you know which stakeholder is interested in this metric?
    • How often should the interested stakeholder be informed of progress?

    Intended function

    • What is the expected benefit of increasing this metric?
    • What does the metric intend to communicate to the stakeholder?

    Conduct a baseline assessment of your ACE to measure success

    Establishing the baseline performance of the ACE allows you to have a reasonable understanding of the impact it is having on meeting business objectives. Use user satisfaction surveys, stakeholder interviews, and any current metrics to establish a concept of how you are performing now. Setting new metrics can be a difficult task so it is important to collect as much current data as possible. After the metrics have been established and monitored for a period of time, you can revisit the targets you have set to ensure they are realistic and usable.

    Without a baseline, you cannot effectively:

    • Establish reasonable target metrics that reflect the performance of your Center of Excellence.
    • Identify, diagnose, and resolve any data that deviates from expected outcomes.
    • Measure ongoing business satisfaction given the level of service.

    Info-Tech Insight

    Invest the needed time to baseline your activities. These data points are critical to diagnose successes and failures of the CoE moving forward, and you will need them to be able to refine your service offerings as business conditions or user expectations change. While it may seem like something you can breeze past, the investment is critical.

    Use a variety of sources to get the best picture of your current state; a combination of methods provides the richest insight

    Interviews

    What to do:

    • Conduct interviews (or focus groups) with key influencers and Agile team members.

    Benefits:

    • Data comes from key business decision makers.
    • Identify what is top of mind for your top-level stakeholders.
    • Ask follow-up questions for detail.

    Challenges:

    • This will only provide a very high-level view.
    • Interviewer biases may skew the results.

    Surveys

    What to do:

    • Distribute an Agile-specific stakeholder satisfaction survey. The survey should be specific to identify factors of your current environment.

    Benefits:

    • Every end user/business stakeholder will be able to provide feedback.
    • The survey will be simple to develop and distribute.

    Challenges:

    • Response rates can be low if stakeholders do not understand the value in their opinions.

    Historical Data

    What to do:

    • Collect and analyze existing Agile data such as past retrospectives, Agile team metrics, etc.

    Benefits:

    • Get a full overview of current service offerings, past issues, and current service delivery.
    • Allows you to get an objective view of what is really going on within your Agile teams.

    Challenges:

    • Requires a significant time investment and analytical skills to analyze the data and generate insights on business satisfaction and needs.

    Use Info-Tech’s ACE Satisfaction Survey to help establish your baseline

    3.1.1 Baseline satisfaction survey

    Purpose

    Conduct a user satisfaction survey prior to setting your baseline for your ACE. This will include high-level questions addressing your overall Agile environment and questions addressing teams’ current satisfaction with their processes and technology.

    Steps

    1. Modify the satisfaction survey template to suit your organization and the service offerings you have defined for the Agile Center of Excellence.
    2. Distribute the satisfaction survey to any users who are expected to interface with the ACE.
    3. Document the results and communicate them with the relevant key stakeholders.
    4. Combine these results with historical data points (if available) and stakeholder interviews to get a holistic picture of your current state.

    INFO-TECH DELIVERABLE

    Download the ACE Satisfaction Survey.

    Use Info-Tech’s CoE Maturity Diagnostic Tool to measure the maturity level of your ACE

    3.1.2 CoE maturity assessment

    Purpose

    Assessing your ACEs maturity lets you know where they currently are and what to track to get them to the next step. This will help ensure your ACE is following good practices and has the appropriate mechanisms in place to serve your stakeholders.

    Steps

    1. Download the CoE Maturity Diagnostic Tool to assess the maturity of your ACE.
    2. Complete the assessment tool with all members of your ACE team to determine your maturity score.
    3. Document the results and communicate them with the relevant key stakeholders.
    4. Combine these results with historical data points (if available) and stakeholder interviews to get a holistic picture of your ACE maturity level.

    Document results in the ACE Communications Deck.

    INFO-TECH DELIVERABLE

    Download the CoE Maturity Diagnostic Tool.

    Activity: Prioritize ACE actions by monitoring your metrics

    3.1.3 Variable time commitment

    Input

    • Metrics from ACE Benefits Tracking Tool

    Output

    • Prioritized actions for the ACE

    Materials

    • ACE Benefits Tracking Tool

    Participants

    • ACE team
    1. Review your ACE Benefits Tracking Tool periodically (at the end of sprint cycles, quarterly, etc.) and document metrics that are trending or actively falling short of goals or expectations.
    2. Take the documented list and have the ACE staff consider what actions or decisions can be prioritized to help mend the identified gaps. Look for any trends that could potentially speak to a larger problem or a specific aspect of the ACE or the organizational Agile environment that is not functioning as expected.
    3. Take the opportunity to review metrics that are also tracking above expected value to see if there are any lessons learned that can be extended to other ACE service offerings (e.g. effective engagement or communication strategies) so that the organization can start to learn what is effective and what is not based on their internal struggles and challenges. Spreading successes is just as important as identifying challenges in a CoE model.

    Phase 3, Step 2: Plan change to enhance your Agile initiatives

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    3.2.1 Assess the interaction and communication points of your Agile teams.

    3.2.2 Determine the root cause of each metric falling short of expectations.

    3.2.3 Brainstorm solutions to identified issues

    3.2.4 Review your metrics program.

    3.2.5 Create a communication plan for change.

    Outcomes:

    • Understand how your existing change management process interfaces with the Center of Excellence.
    • Identify issues and ideate solutions to metrics falling short of expectations.
    • Create a communication plan to prepare groups for any necessary change.

    Manage the adaptation of teams as they adopt Agile capabilities

    As Agile spreads, be cognizant of your cultural tolerance to change and its ability to deliver on such change. Change will happen more frequently and continuously, and there may be conceptual (change tolerance) or capability (delivery tolerance) roadblocks along the way that will need to be addressed.

    The Agile adoption model will help to graduate both the tolerance to change and tolerance to deliver over time. As your level of competency to deliver change increases, organizational tolerance to change, especially amongst management, will increase as well. Remember that optimized value delivery comes from this careful balance of aptitude and trust.

    Tolerance to change

    Tolerance to change refers to the conceptual capacity of your people to consume and adopt change. Change tolerance may become a barrier to success because teams might be too engrained with current structures and processes and find any changes too disruptive and uncomfortable.

    Tolerance to deliver

    Tolerance to deliver refers to the capability to deliver on expected change. While teams may be tolerant, they may not have the necessary capacity, skills, or resources to deliver the necessary changes successfully. The ACE can help solve this problem with training and coaching, or possibly by obtaining outside help where necessary.

    Understand how the ACE interfaces with your current change management process

    As the ACE absorbs best practices and identifies areas for improvement, a change management process should be established to address the implementation and sustainability of change without introducing significant disruptions and costs.

    To manage a continuously changing environment, your ACE will need to align and coordinate with organizational change management processes. This process should be capable of evaluating and incorporating multiple change initiatives continuously.

    Desired changes will need to be validated, and localized adaptations will need to be disseminated to the larger organization, and current state policy and procedures will need to be amended as the adoption of Agile spreads and capabilities increase.

    The goal here is to have the ACE governance group identify and interface with parties relevant to successfully implementing any specific change.

    INFO-TECH RELATED RESEARCH:

    Strategy and Leadership: Optimize Change Management

    Optimize your stakeholder management process to identify, prioritize, and effectively manage key stakeholders.

    Where should your Agile change requests come from?

    Changes to the services, structure, or engagement model of your ACE can be triggered from various sources in your organization. You will see that proposed changes may be requested with the best intentions; however, the potential impacts they may have to other areas of the organization can be significant. Consult all sources of ACE change requests to obtain a consensus that your change requests will not deteriorate the ACEs performance and use.

    ACE Governance

    • Sources of ACE Change Requests
      • ACE Policies/Stakeholders
        • Triggers for Change:
          • Changes in business and functional group objectives.
          • Dependencies and legacy policies and procedures.
      • ACE Customers
        • Triggers for Change:
          • Retrospectives and post-mortems.
          • Poor fit of best practices to projects.
      • Metrics
        • Triggers for Change:
          • Performance falling short of expectations.
          • Lack of alignment with changing objectives.
      • Tools and Technologies
        • Triggers for Change:
          • New or enhanced tools and technologies.
          • Changes in development and technology standards.

    Note: Each source of ACE change requests may require a different change management process to evaluate and implement the change.

    Activity: Assess the interaction and communication points of your Agile teams

    3.2.1 1.5 Hours

    Input

    • Understanding of team and organization structure

    Output

    • Current assessment of organizational design

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Development team
    1. Identify everyone who is directly or indirectly involved in projects completed by Agile teams. This can include those that are:
    • Informed of a project’s progress.
    • Expected to interface with the Agile team for solution delivery (e.g. DevOps).
    • Impacted by the success of the delivered solutions.
    • Responsible for the removal of impediments faced by the Agile team.
  • Indicate how each role interacts with the others and how frequently these interactions occur for a typical project. Do this by drawing a diagram on a whiteboard using labelled arrows to indicate types and frequency of interactions.
  • Identify the possible communication, collaboration, and alignment challenges the team will face when working with other groups.
  • Agile Team n
    Group Type of Interaction Potential challenges
    Operations
    • Release management
    • Past challenges transitioning to DevOps.
    • Communication barrier as an impediment.
    PMO
    • Planning
    • Product owner not located with team in organization.
    • PMO still primarily waterfall; need Agile training/coaching

    Activity: Determine the root cause of each metric falling short of expectations

    3.2.2 30 Minutes per metric

    Input

    • Metrics from Benefits Tracking Tool

    Output

    • Root causes to issues

    Materials

    • Whiteboard
    • Markers

    Participants

    • ACE team
    1. Take each metric from the ACE Benefits Tracking Tool that is lagging behind or has missed expectations and conduct an analysis of why it is performing that way.
    2. Conduct individual webbing sessions to clarify the issues. The goal is to drive out the reasons why these issues are present or why scaling Agile may introduce additional challenges.
    3. Share and discuss these findings with the entire team.

    Example:

    • Lack of best-practice documentation
      • Why?
        • Knowledge siloed within teams
        • No centralized repository for best practices
          • Why?
            • No mechanisms to share between teams
              • Why? Root causes
                • Teams are not sharing localized adaptations
                • CoE is not effectively monitoring team communications
            • Access issues at team level to wiki
              • Why? Root causes
                • Administration issues with best-practice wiki
                • Lack of ACE visibility into wiki access

    Activity: Brainstorm solutions to identified issues

    3.2.3 30 Minutes per metric

    Input

    • Root causes of issues

    Output

    • Fixes and solutions to scaling Agile issues

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Development team
    1. Using the results from your root-cause analysis, brainstorm potential solutions to the identified problems. Frame your brainstorming within the following perspectives: people, process, and technology. Map these solutions using the matrix below.
    2. Synthesize your ideas to create a consolidated list of initiatives.
      1. Highlight the solutions that can address multiple issues.
      2. Collaborate on how solutions can be consolidated into a single initiative.
    3. Write your synthesized solutions on sticky notes.
    SOLUTION CATEGORY
    People Process Technology
    ISSUES Poor face-to-face communication
    Lack of best-practice documentation

    Engage those teams affected by change early to ensure they are prepared

    Strategically managing change is an essential component to ensure that the ACE achieves its desired function. If the change that comes with adopting Agile best practices is going to impact other functions and change their expected workflows, ensure they are well prepared and the benefits for said changes are clearly communicated to them.

    Necessary change may be identified proactively (dependency assessments, system integrity, SME indicates need, etc.) or reactively (through retrospectives, discussions, completing root-cause analyses, etc.), but both types need to be handled the same way – through proper planning and communication with the affected parties.

    Plan any necessary change

    Understand the points where other groups will be affected by the adoption of Agile practices and recognize the potential challenges they may face. Plan changes to accommodate interactions between these groups without roadblocks or impediments.

    Communicate the change

    Structure a communication plan based on your identified challenges and proposed changes so that groups are well prepared to make the necessary adjustments to accommodate Agile workflows.

    Review and modify your metrics and baselines to ensure they are achievable in changing environments

    Consider the possible limitations that will exist from environmental complexities when measuring your Agile teams. Dependencies and legacy policies and procedures that pose a bottleneck to desired outcomes will need to be changed before teams can be measured justifiably. Take the time to ensure the metrics you crafted earlier are plausible in your current environment and there is not a need for transitional metrics.

    Are your metrics achievable?

    Specific

    Measureable

    Achievable

    • Adopting Agile is a journey, not just a destination. Ensure that the metrics a team is measured against reflect expectations for the team’s current level of Agile adoption and consider external dependencies that may limit their ability to achieve intended results.

    Realistic

    Time-bound

    Info-Tech Insight

    Use metrics as diagnostics, not as motivation. Teams will find ways to meet metrics they are measured by making sacrifices and taking unneeded risk to do so. To avoid dysfunction in your monitoring, use metrics as analytical tools to inform decision making, not as a yardstick for judgement.

    Activity: Review your metrics program

    3.2.4 Variable time commitment

    Input

    • Identified gaps
    • Agile team interaction points

    Output

    • ACE baselines
    • Past measurements

    Materials

    • ACE Benefits Tracking Tool

    Participants

    • ACE
    1. Now that you have identified gaps in your current state, see if those will have any impact on the achievability of your current metrics program.
    2. Review your root-cause analyses and brainstormed solutions, and hypothesize whether or not they will have any downstream impact to goal attainment. It is possible that there is no impact, but as cross-functional collaboration increases, the likelihood that groups will act as bottlenecks or impediments to expected performance will increase.
    3. Consider how any changes will impact the interaction points between teams based on the results from activity 3.2.1: Assess the interaction and communication points of your Agile teams. If there are too many negative impacts it may be a sign to re-consider the hypothesized solution to the problem and consider alternatives.
    4. In any cases where a metric has been altered, adjust its goal measurement to reflect its changes in the ACE Benefits Tracking Tool.

    Case study: Agile change at the GSA

    CASE STUDY

    Industry Government

    Source Navin Vembar, Agile Government Leadership

    Challenge

    The GSA is tasked with completed management of the Integrated Award Environment (IAE).

    • The IAE manages ten federal information technology systems that enable registering, searching, and applying for federal awards, as well as tracking them.
    • The IAE also manages the Federal Service Desk.

    The IAE staff had to find a way to break down the problem of modernization into manageable chunks that would demonstrate progress, but also had to be sure to capture a wide variety of user needs with the ability to respond to those needs throughout development.

    Had to work out the logistics of executing Agile change within the GSA, an agency that relies heavily on telework. In the case of modernization, they had a product owner in Florida while the development team was spread across the metro Washington, DC area.

    Solution

    Agile provided the ability to build incremental successes that allowed teams successful releases and built enthusiasm around the potential of adopting Agile practices offered.

    • GSA put in place an organization framework that allowed for planning of change at the portfolio level to enable the change necessary to allow for teams to execute tasks at the project level.
    • A four-year plan with incremental integration points allowed for larger changes on a quarterly basis while maintaining a bi-weekly sprint cycle.
    • They adopted IBM’s RTC tool for a Scrum board and on Adobe Connect for daily Scrum sessions to ensure transparency and effectiveness of outcomes across their collocated teams.

    Create a clear, concise communication plan

    Communication is key to avoid surprises and lost productivity created by the implementation of changes.

    User groups and the business need to be given sufficient notice of an impending change. Be concise, be comprehensive, and ensure that the message is reaching the right audience so that no one is blindsided and unable to deliver what is needed. This will allow them to make appropriate plans to accept the change, minimizing the impact of the change on productivity.

    Key Aspects of a Communication Plan

    • The method of communication (email, meetings, workshops, etc.).
    • The delivery strategy (who will deliver the message?).
    • The communication responsibility structure.
    • The communication frequency.
    • A feedback mechanism that allows you to review the effectiveness of your plan.
    • The message that you need to present.

    Communicating change

    • What is the change?
    • Why are we doing it?
    • How are we going to go about it?
    • What are we trying to achieve?
    • How often will we be updated?

    (Cornelius & Associates, The Qualities of Leadership: Leading Change)

    Apply the following principles to enhance the clarity of your message

    1. Be Consistent
    • "This is important because..."
      • The core message must be consistent regardless of audience, channel, or medium.
      • Test your communication and obtain feedback before delivering your message.
      • A lack of consistency can be perceived as deception.
  • Be Clear
    • "This means..."
      • Say what you mean and mean what you say.
      • Choice of language is important.
      • Don’t use jargon.
  • Be Relevant
    • "This affects you because..."
      • Talk about what matters to the audience.
      • Talk about what matters to the change initiative.
      • Tailor the details of the message to each audience’s specific concerns.
      • Communicate truthfully; do not make false promises or hide bad news.
  • Be Concise
    • "In summary..."
      • Keep communication short and to the point so key messages are not lost in the noise.
  • Activity: Create a communication plan for change

    3.2.5 1.5 Hours

    Input

    • Desired messages
    • Stakeholder list

    Output

    • Communication plan

    Materials

    • Whiteboard
    • Markers

    Participants

    • CoE
    1. Define the audience(s) for your communications. Consider who needs to be the audience of your different communication events and how it will impact them.
    2. Identify who the messenger will be to deliver the message.
    3. Identify your communication methods. Decide on the methods you will use to deliver each communication event. Your delivery method may vary depending on the audience it is targeting.
    4. Establish a timeline for communication releases. Set dates for your communication events. This can be recurring (weekly, monthly, etc.) or one-time events.
    5. Determine what the content of the message must include. Use the guidelines on the following slide to ensure the message is concise and impactful.

    Note: It is important to establish a feedback mechanism to ensure that the communication has been effective in communicating the change to the intended audiences. This can be incorporated into your ACE satisfaction surveys.

    Audience Messenger Format Timing Message
    Operations Development team Email
    • Monthly (major release)
    • Ad hoc (minor release and fixes)
    Build ready for release
    Key stakeholders CIO Meeting
    • Monthly unless dictated otherwise
    Updates on outcomes from past two sprint cycles

    Phase 3, Step 3: Conduct ongoing retrospectives of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities/Tools:

    3.3.1 Use the outputs from your metrics tracking tool to communicate progress.

    3.3.2 Summarize adjustments in areas where the ACE fell short.

    3.3.3 Re-conduct satisfaction surveys and compare against your baseline.

    3.3.4 Use Info-Tech’s CoE Maturity Diagnostic Tool to baseline current practices

    3.3.5 Use Info-Tech’s ACE Communications Deck to deliver your outcomes to the key stakeholders.

    Outcomes:

    • Conduct a retrospective of your ACE to enable the continuous improvement of your Agile program.
    • Structure a communications deck to communicate with stakeholders the outcomes from introducing the ACE to the organization.

    Reflect on your ACEs performance to lead the way to enterprise agility

    After functioning for a period of time, it is imperative to review the function of your ACE to ensure its continual alignment and see in what ways it can improve.

    At the end of the year, take the time to deliberately review and discuss:

    1. The effectiveness and use of your ACEs service offerings.
    2. What went well or wrong during the ACEs operation.
    3. What can be done differently to improve reach, usability, and effectiveness.
    4. Bring together Agile teams and discuss the processes they follow and inquire about suggestions for improvement.

    What is involved?

    • Use your metrics program to diagnose areas of issue and success. The diagnostic value of your metrics can help lead conversations with your Agile teams when attempting to inquire about suggestions for improvement.
    • Leverage your satisfaction surveys from the creation of your ACE and compare them against satisfaction surveys run after a year of operation. What are the lessons learned between then and now?
    • While it is primarily conducted by the ACE team, keep in mind it is a collaborative function and should involve all members, including Agile teams, product owners, Scrum masters, etc.

    Communicating with your key influencers is vital to ensure long-term operation of the ACE

    To ensure the long-term viability of your ACE and that your key influencers will continue funding, you need to demonstrate the ROI the Center of Excellence has provided.

    The overlying purpose of your ACE is to effectively align your Agile teams with corporate objectives. This means that there have to be communicable benefits that point to the effort and resources invested being valuable to the organization. Re-visit your prioritized stakeholder list and get ready to show them the impact the ACE has had on business outcomes.

    Communication with stakeholders is the primary method of building and developing a lasting relationship. Correct messaging can build bridges and tear down barriers, as well as soften opposition and bolster support.

    This section will help you to prepare an effective communication piece that summarizes the metrics stakeholders are interested in, as well as some success stories or benefits that are not communicable through metrics to provide extra context to ongoing successes of the ACE.

    INFO-TECH RELATED RESEARCH:

    Strategy and Leadership: Manage Stakeholder Relations

    Optimize your stakeholder management process to identify, prioritize, and effectively manage key stakeholders.

    Involve key stakeholders in your retrospectives to justify the funding for your ACE

    Those who fund the ACE have a large influence on the long-term success of your ACE. If you have not yet involved your stakeholders, you need to re-visit your organizational funding model for the ACE and ensure that your key stakeholders include the key decision makers for your funding. While they may have varying levels of interest and desires for granularity of data reporting, they need to at least be informed on a high level and kept as champions of the ACE so that there are no roadblocks to the long-term viability of this program.

    Keep this in mind as the ACE begins to demonstrate success, as it is not uncommon to have additional members added to your funding model as your service scales, especially in the chargeback models.

    As new key influencers are included, the ACEs governing group must ensure that collective interests may align and that more priorities don’t lead to derailment.

    The image shows a matrix. The matrix is labelled with Involvement at the bottom, and Power on the left side, and has the upper left quadrant labelled Keep Satisfied, the upper right quadrant labelled Key players, the lower right quadrant labelled Keep informed, and the lower left quadrant labelled Minimal effort. In the matric, there are several roles shown, with roles such as CFO, Apps Director, Funding Group, and CIO highlighted in the Key players section.

    Use the outputs from your metrics tracking tool to communicate progress

    3.3.1 1 Hour

    Use the ACE Benefits Tracking Tool to track the progress of your Agile environment to monitor whether or not the ACE is having a positive impact on the business’ ability to meet its objectives. The outputs will allow you to communicate incremental benefits that have been realized and point towards positive trends that will ensure the long-term buy-in of your key influencers.

    For communication purposes, use this tool to:

    • Re-visit who the impacted or interested stakeholders are so you can tailor your communications to be as impactful as possible for each key influencer of the ACE.

    The image shows a screen capture of the Agile CoE Metrics Tracking sheet.

    • Collate the benefits of the current projects undertaken by the Center of Excellence to give an overall recap of the ACEs impact.

    The image is a screen capture of the Summary Report sheet.

    Communicate where the ACE fell short

    Part of communicating the effectiveness of your ACE is to demonstrate that it is able to remedy projects and processes when they fall short of expectations and brainstorm solutions that effectively address these challenges. Take the opportunity to summarize where results were not as expected, and the ways in which the ACE used its influence or services to drive a positive outcome from a problem diagnosis. Stakeholders do not want a sugar-coated story – they want to see tangible results based on real scenarios.

    Summarizing failures will demonstrate to key influencers that:

    • You are not cherry-picking positive metrics to report and that the ACE faced challenges that it was able to overcome to drive positive business outcomes.
    • You are being transparent with the successes and challenges faced by the ACE, fostering increased trust within your stakeholders regarding the capabilities of Agile.
    • Resolution mechanisms are working as intended, successfully building failure tolerance and trust in change management policies and procedures.

    Activity: Summarize adjustments in areas where the ACE fell short

    3.3.2 15 Minutes per metric

    Input

    • Diagnosed problems from tracking tool
    • Root-cause analyses

    Output

    • Summary of change management successes

    Materials

    • Whiteboard
    • Markers

    Participants

    • ACE
    1. Create a list of items from the ACE Benefits Tracking Tool that fell short of expectations or set goals.
    2. For each point, create a brief synopsis of the root-cause analysis completed and summarize the brainstormed solution and its success in remedying the issue. If this process is not complete, create a to-date summary of any progress.
    3. Choose two to three pointed success stories from this list that will communicate broad success to your set of stakeholders.
    Name of metric that fell short
    Baseline measurement 65% of users satisfied with ACE services.
    Goal measurement 80% of users satisfied with ACE services.
    Actual measurement 70% of users satisfied with ACE services.
    Results of root-cause analysis Onboarding was not extensive enough; teams were unaware of some of the services offered, rendering them unsatisfied.
    Proposed solution Revamp onboarding process to include capability map of service offered.
    Summary of success TBD

    Re-conduct surveys with the ACE Satisfaction Survey to review the effectiveness of your service offerings

    3.3.3 Re-conduct satisfaction surveys and compare against your baseline

    Purpose

    This satisfaction survey will give you a template to follow to monitor the effectiveness of your ACEs defined service offerings. The goal is to understand what worked, and what did not, so you can add, retract, or modify service offerings where necessary.

    Steps

    1. Re-use the satisfaction survey to measure the effectiveness of the service offerings. Add questions regarding specific service offerings where necessary.
    2. Cross-analyze your satisfaction survey with metrics tied to your service offerings to help understand the root cause of the issues.
    3. Use the root-cause analysis exercises from step 3.2 to find the root causes of issues.
    4. Create a set of recommendations to add, amend, or improve any existing service offerings.

    INFO-TECH DELIVERABLE

    Download the ACE Satisfaction Survey.

    Use Info-Tech’s CoE Maturity Diagnostic Tool to baseline current practices

    3.3.4 ACE Maturity Assessment

    Purpose

    Assess your ACEs maturity by using Info-Tech’s CoE Maturity Diagnostic Tool. Assessing your ACEs maturity lets you know where you currently are, and where to look for improvements. Note that your optimal Maturity Level will depend on organizational specifics (e.g. a small organization with a handful of Agile Teams can be less mature than a large organization with hundreds of Agile Teams).

    Steps

    1. Download the CoE Maturity Diagnostic Tool to assess the maturity of your ACE.
    2. Complete the assessment tool with all members of your ACE team to determine your current Maturity score.
    3. Document the results in the ACE Communications Deck.

    Document results in the ACE Communications Deck.

    INFO-TECH DELIVERABLE

    Download the CoE Maturity Diagnostic Tool.

    Use Info-Tech’s ACE Communications Deck to deliver your outcomes to the key stakeholders

    3.3.5 Structure communications to each of your key stakeholders

    Purpose

    The ACE Communications Deck will give you a template to follow to effectively communicate with your stakeholders and ensure the long-term viability of your Agile Center of Excellence. Fill in the slides as instructed and provide each stakeholder with a targeted view of the successes of the ACE.

    Steps

    1. Determine who your target audience is for the Communications Deck – you may desire to create one for each of your key stakeholders as they may have different sets of interests.
    2. Fill out the ACE Communications Deck with the suggested inputs from the exercises you have completed during this research set.
    3. Review communications with members of the ACE to ensure that there are no communicable benefits that have been missed or omitted in the deck.

    INFO-TECH DELIVERABLE

    Download the ACE Communications Deck.

    Summary of accomplishment

    Knowledge Gained

    • An understanding of social capital as the key driver for organizational Agile success, and how it optimizes the value delivery of your Agile teams.
    • Importance of flexible governance to balance the benefits of localized adaptation and centralized control.
    • Alignment of service offerings with both business objectives and functional expectations as critical to ensuring long-term engagement with service offerings.

    Processes Optimized

    • Knowledge management and transfer of Agile best practices to new or existing Agile teams.
    • Optimization of service offerings for Agile teams based on organizational culture and objectives.
    • Change request optimization via interfacing ACE functions with existing change management processes.
    • Communication planning to ensure transparency during cross-functional collaboration.

    Deliverables Completed

    • A set of service offerings offered by the Center of Excellence that are aligned with the business, Agile teams, and related stakeholders.
    • Engagement plans for Agile team members based on a standardized adoption model to access the ACEs service offerings.
    • A suite of Agile metrics to measure effectiveness of Agile teams, the ACE itself, and its ability to deliver positive outcomes.
    • A communications plan to help create cross-functional transparency over pending changes as Agile spreads.
    • A communications deck to communicate Agile goals, actions, and outcomes to key stakeholders to ensure long-term viability of the CoE.

    Research contributors and experts

    Paul Blaney, Technology Delivery Executive, Thought Leader and passionate Agile Advocate

    Paul has been an Agile practitioner since the manifesto emerged some 20 years ago, applying and refining his views through real life experience at several organizations from startups to large enterprises. He has recently completed the successful build out of the inaugural Agile Delivery Centre of Excellence at TD bank in Toronto.

    John Munro, President Scrum Masters Inc.

    John Munro is the President of Scrum Masters Inc., a software optimization professional services firm using Agile, Scrum, and Lean to help North American firms “up skill” their software delivery people and processes. Scrum Masters’ unique, highly collaborative “Master Mind” consulting model leverages Agile/Lean experts on a biweekly basis to solve clients’ technical and process challenges.

    Doug Birgfeld, Senior Partner Agile Wave

    Doug has been a leader in building great teams, Agile project management, and business process innovation for over 20 years. As Senior Partner and Chief Evangelist at Agile Wave, his mission is to educate and to learn from all those who care about effective government delivery, nationally.

    Related Info-Tech research

    Implement Agile Practices That Work

    Agile is a cultural shift. Don't just do Agile, be Agile.

    Enable Organization-Wide Collaboration by Scaling Agile

    Execute a disciplined approach to rolling out Agile methods in the organization.

    Improve Application Development Throughput

    Drive down your delivery time by eliminating development inefficiencies and bottlenecks while maintaining high quality.

    Implement DevOps Practices That Work

    Accelerate software deployment through Dev and Ops collaboration.

    Related Info-Tech research (continued)

    Maximize the Benefits from Enterprise Applications with a Center of Excellence

    Optimize your organization’s enterprise application capabilities with a refined and scalable methodology.

    Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program

    Be proactive; it costs exponentially more to fix a problem the longer it goes unnoticed.

    Optimize the Change Management Process

    Right-size your change management process.

    Improve Requirements Gathering

    Back to basics: great products are built on great requirements.

    Bibliography

    Ambler, Scott. “Agile Requirements Change Management.” Agile Modeling. Scott Amber + Associates, 2014. Web. 12 Apr. 2016.

    Ambler, Scott. “Center of Excellence (CoEs).” Disciplined Agile 2.0: A Process Decision Framework for Enterprise I.T. Scott Amber + Associates. Web. 01 Apr. 2016.

    Ambler, Scott. “Transforming From Traditional to Disciplined Agile Delivery.” Case Study: Disciplined Agile Delivery Adoption. Scott Amber + Associates, 2013. Web.

    Beers, Rick. “IT – Business Alignment Why We Stumble and the Path Forward.” Oracle Corporation, July 2013. Web.

    Cornelius & Associates. “The Qualities of Leadership: Leading Change.” Cornelius & Associates, n.d. Web.

    Craig, William et al. “Generalized Criteria and Evaluation Method for Center of Excellence: A Preliminary Report.” Carnegie Mellon University Research Showcase @ CMU – Software Engineering Institute. Dec. 2009. Web. 20 Apr. 2016.

    Forsgren, Dr. Nicole et al (2019), Accelerate: State of DevOps 2019, Google, https://services.google.com/fh/files/misc/state-of-devops-2019.pdf

    Gerardi, Bart (2017), Agile Centers of Excellence, PMI Projectmanagement.com, https://www.projectmanagement.com/articles/405819/Agile-Centers-of-Excellence

    Gerardi, Bart (2017), Champions of Agile Adoption, PMI Projectmanagement.com, https://www.projectmanagement.com/articles/418151/Champions-of-Agile-Adoption

    Gerardi, Bart (2017), The Roles of an Agile COE, PMI Projectmanagement.com, https://www.projectmanagement.com/articles/413346/The-Roles-of-an-Agile-COE

    Hohl, P. et al. “Back to the future: origins and directions of the ‘Agile Manifesto’ – views of the originators.” Journal of Software Engineering Research and Development, vol. 6, no. 15, 2018. https://link.springer.com/article/10.1186/s40411-0...

    Kaltenecker, Sigi and Hundermark, Peter. “What Are Self-Organising Teams?” InfoQ. 18 July 2014. Web. 14 Apr. 2016.

    Kniberg, Henrik and Anderson Ivarsson. “Scaling Agile @ Spotify with Tribes, Squads, Chapters & Guilds.” Oct. 2012. Web. 30 Apr. 2016.

    Kumar, Alok et al. “Enterprise Agile Adoption: Challenges and Considerations.” Scrum Alliance. 30 Oct. 2014. Web. 30 May 2016.

    Levison, Mark. “Questioning Servant Leadership.” InfoQ, 4 Sept. 2008. Web. https://www.infoq.com/news/2008/09/servant_leadership/

    Linders, Ben. “Don't Copy the Spotify Model.” InfoQ.com. 6 Oct. 2016.

    Loxton, Matthew (June 1, 2011), CoP vs CoE – What’s the difference, and Why Should You Care?, Wordpress.com

    McDowell, Robert, and Bill Simon. In Search of Business Value: Ensuring a Return on Your Technology Investment. SelectBooks, 2010

    Novak, Cathy. “Case Study: Agile Government and the State of Maine.” Agile Government Leadership, n.d. Web.

    Pal, Nirmal and Daniel Pantaleo. “Services are the Language and Building Blocks of an Agile Enterprise.” The Agile Enterprise: Reinventing your Organization for Success in an On-Demand World. 6 Dec. 2015. Springer Science & Business Media.

    Rigby, Darrell K. et al (2018), Agile at Scale, Harvard Business Review, https://hbr.org/2018/05/agile-at-scale

    Scaledagileframework.com, Create a Lean-Agile Center of Excellence, Scaled Agile, Inc, https://www.scaledagileframework.com/lace/

    Shepley, Joe. “8 reasons COEs fail (Part 2).” Agile Ramblings, 22 Feb. 2010. https://joeshepley.com/2010/02/22/8-reasons-coes-fail-part-2/

    Stafford, Jan. “How upper management misconceptions foster Agile failures.” TechTarget. Web. 07 Mar. 2016.

    Taulli, Tom (2020), RPA Center Of Excellence (CoE): What You Need To Know For Success, Forbes.com, https://www.forbes.com/sites/tomtaulli/2020/01/25/rpa-center-of-excellence-coe-what-you-need-to-know-for-success/#24364620287a

    Telang, Mukta. “The CMMI Agile Adoption Model.” ScrumAlliance. 29 May 2015. Web. 15 Apr. 2016.

    VersionOne. “13th Annual State of Agile Report.” VersionOne. 2019. Web.

    Vembar, Navin. “Case Study: Agile Government and the General Services Administration (Integrated Award Environment).” Agile Government Leadership, n.d. Web.

    Wenger, E., R. A. McDermott, et al. (2002), Cultivating communities of practice: A guide to managing knowledge, Harvard Business Press.

    Wenger, E., White, N., Smith, J.D. Digital Habitats; Stewarding Technology for Communities. Cpsquare (2009).

    Define the Role of Project Management in Agile and Product-Centric Delivery

    • Buy Link or Shortcode: {j2store}352|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $3,000 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • There are many voices with different opinions on the role of project management. This causes confusion and unnecessary churn.
    • Project management and product management naturally align to different time horizons. Harmonizing their viewpoints can take significant work.
    • Different parts of the organization have diverse views on how to govern and fund pieces of work, which leads to confusion when it comes to the role of project management.

    Our Advice

    Critical Insight

    There is no one-size-fits-all approach to product delivery. For many organizations product delivery requires detailed project management practices, while for others it requires much less. Taking an outcome-first approach when planning your product transformation is critical to make the right decision on the balance between project and product management.

    Impact and Result

    • Get alignment on the definition of projects and products.
    • Understand the differences between delivering projects and delivering products.
    • Line up your project management activities with the needs of Agile and product-centric projects.
    • Understand how funding can change when moving away from project-centric delivery.

    Define the Role of Project Management in Agile and Product-Centric Delivery Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define the Role of Project Management in Agile and Product-Centric Delivery – A guide that walks you through how to define the role of project management in product-centric and Agile delivery environments.

    The activities in this research will guide you through clarifying how you want to talk about projects and products, aligning project management and agility, specifying the different activities for project management, and identifying key differences with funding of products instead of projects.

    • Define the Role of Project Management in Agile and Product-Centric Delivery Storyboard
    [infographic]

    Further reading

    Define the Role of Project Management in Agile and Product-Centric Delivery

    Projects and products are not mutually exclusive.

    Table of Contents

    3 Analyst Perspective

    4 Executive Summary

    7 Step 1.1: Clarify How You Want to Talk About Projects and Products

    13 Step 1.2: Align Project Management and Agility

    16 Step 1.3: Specify the Different Activities for Project Management

    20 Step 1.4: Identify Key Differences in Funding of Products Instead of Projects

    25 Where Do I Go Next?

    26 Bibliography

    Analyst Perspective

    Project management still has an important role to play!

    When moving to more product-centric delivery practices, many assume that projects are no longer necessary. That isn’t necessarily the case!

    Product delivery can mean different things to different organizations, and in many cases it can involve the need to maintain both projects and project delivery.

    Projects are a necessary vehicle in many organizations to drive value delivery, and the activities performed by project managers still need to be done by someone. It is the form and who is involved that will change the most.

    Photo of Ari Glaizel, Practice Lead, Applications Delivery and Management, Info-Tech Research Group.

    Ari Glaizel
    Practice Lead, Applications Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Organizations are under pressure to align the value they provide with the organization’s goals and overall company vision.
    • In response, they are moving to more product-centric delivery practices.
    • Previously, project managers focused on the delivery of objectives through a project, but changes in delivery practices result in de-emphasizing this. What should project managers should be doing?
    Common Obstacles
    • There are many voices with different opinions on the role of project management. This causes confusion and unnecessary churn.
    • Project management and product management naturally align to different time horizons. Harmonizing their viewpoints can take significant work.
    • Different parts of the organization have very specific views on how to govern and fund pieces of work, which leads to confusion about the role of project management.
    Info-Tech’s Approach
    • Get alignment on the definition of projects and products.
    • Understand the differences between delivering projects and products.
    • Line up your project management activities with the needs of Agile and product-centric projects.
    • Understand how funding can change when moving away from project-centric delivery.

    Info-Tech Insight

    There is no one-size-fits-all approach to product delivery. For many organizations product delivery requires detailed project management practices, while for others it requires much less. Taking an outcome-first approach when planning your product transformation is critical to make the right decision on the balance between project and product management.

    Your evolution of delivery practice is not a binary switch

    1. PROJECTS WITH WATERFALL The project manager is accountable for delivery of the project, and the project manager owns resources and scope.
    2. PROJECTS WITH AGILE DELIVERY A transitional state where the product owner is accountable for feature delivery and the project manager accountable for the overall project.
    3. PRODUCTS WITH AGILE PROJECT AND OPERATIONAL DELIVERY The product owner is accountable for the delivery of the project and products, and the project manager plays a role of facilitator and enabler.
    4. PRODUCTS WITH AGILE DELIVERY Delivery of products can happen without necessarily having projects. However, projects could be instantiated to cover major initiatives.

    Info-Tech Insight

    • Organizations do not need to go to full product and Agile delivery to improve delivery practices! Every organization needs to make its own determination on how far it needs to go. You can do it in one step or take each step and evaluate how well you are delivering against your goals and objectives.
    • Many organizations will go to Products With Agile Project and Operational Delivery, and some will go to Products With Agile Delivery.

    Activities to undertake as you transition to product-centric delivery

    1. PROJECTS WITH WATERFALL
      • Clarify how you want to talk about projects and products. The center of the conversation will start to change.
    2. PROJECTS WITH AGILE DELIVERY
      • Align project management and agility. They are not mutually exclusive (but not necessarily always aligned).
    3. PRODUCTS WITH AGILE PROJECT AND OPERATIONAL DELIVERY
      • Specify the different activities for project management. As you mature your product practices, project management becomes a facilitator and collaborator.
    4. PRODUCTS WITH AGILE DELIVERY
      • Identify key differences in funding. Delivering products instead of projects requires a change in the focus of your funding.

    Step 1.1

    Clarify How You Want to Talk About Projects and Products

    Activities
    • 1.1.1 Define “product” and “project” in your context
    • 1.1.2 Brainstorm potential changes in the role of projects as you become Agile and product-centric

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • An understanding of how the role can change through the evolution from project to more product-centric practices

    Definition of terms

    Project

    “A temporary endeavor undertaken to create a unique product, service, or result. The temporary nature of projects indicates a beginning and an end to the project work or a phase of the project work. Projects can stand alone or be part of a program or portfolio.” (PMBOK, PMI)
    Stock image of an open head with a city for a brain.

    Product

    “A tangible solution, tool, or service (physical or digital) that enables the long-term and evolving delivery of value to customers and stakeholders based on business and user requirements.” (Deliver on Your Digital Product Vision, Info-Tech Research Group)

    Info-Tech InsightLet these definitions be a guide, not necessarily to be taken verbatim. You need to define these terms in your context based on your particular needs and objectives. The only caveat is to be consistent with your usage of these terms in your organization.

    1.1.1 Define “product” and “project” in your context

    30-60 minutes

    Output: Your enterprise/organizational definition of products and projects

    Participants: Executives, Product/project managers, Applications teams

    1. Discuss what “product” and “project” mean in your organization.
    2. Create common, enterprise-wide definitions for “product” and “project.”
    3. Screenshot of the previous slide's definitions of 'Project' and 'Product'.

    Agile and product management does not mean projects go away

    Diagram laying out the roadmap for 'Continuous delivery of value'. Beginning with 'Projects With Agile Delivery' in which Projects with features and services end in a Product Release that is disconnected from the continuum. Then the 'Products With Agile Project and Operational Delivery' and 'Products With Agile Delivery' which are connected by a 'Product Roadmap' and 'Product Backlog' have Product Releases that connect to the continuum.

    Projects Within Products

    Regardless of whether you recognize yourself as a “product-based” or “project-based” shop, the same basic principles should apply.

    You go through a period or periods of project-like development to build or implement a version of an application or product.

    You also have parallel services along with your project development that encompass the more product-based view. These may range from basic support and maintenance to full-fledged strategy teams or services like sales and marketing.

    Info-Tech Note

    As your product transformation continues, projects can become optional and needed only as part of your organization’s overall delivery processes

    Identify the differences between a project-centric and a product-centric organization

    Project Product
    Fund projects — Funding –› Fund teams
    Line-of-business sponsor — Prioritization –› Product owner
    Project owner — Accountability –› Product owner
    Makes specific changes to a product —Product management –› Improves product maturity and support of the product
    Assignment of people to work — Work allocation –› Assignment of work to product teams
    Project manager manages — Capacity management –› Team manages

    Info-Tech Insight

    Product delivery requires significant shifts in the way you complete development and implementation work and deliver value to your users. Make the changes that support improving end-user value and enterprise alignment.

    1.1.2 Brainstorm potential changes in the role of projects as you become Agile and product-centric

    5-10 minutes

    Output: Increased appreciation of the relationship between project and product delivery

    Participants: Executives, Product/project managers, Applications teams

    • Discuss as a group:
      • What stands out in the evolution from project to product?
      • What concerns do you have with the change?
      • What will remain the same?
      • Which changes feel the most impactful?
      • Screenshot of the slide's 'Continuous delivery of value' diagram.

    Step 1.2

    Align Project Management and Agility

    Activities
    • 1.2.1 Explore gaps in Agile/product-centric delivery of projects

    This step involves the following participants:

    • Executives
    • Product/Project managers
    • Applications teams

    Outcomes of this step

    • A clearer view of how agility can be introduced into projects.

    Challenges with the project management role in Agile and product-centric organizations

    Many project managers feel left out in the cold. That should not be the case!

    In product-centric, Agile teams, many roles that a project manager previously performed are now taken care of to different degrees by the product owner, delivery team, and process manager.

    The overall change alters the role of project management from one that orchestrates all activities to one that supports, monitors, and escalates.

    Product Owner
    • Defines the “what” and heavily involved in the “when” and the “why”
    • Accountable for delivery of value
    Delivery team members
    • Define the “how”
    • Accountable for building and delivering high-quality deliverables
    • Can include roles like user experience, interaction design, business analysis, architecture
    Process Manager
    • Facilitates the other teams to ensure valuable delivery
    • Can potentially, in a Scrum environment, play the scrum master role, which involves leading scrums, retrospectives, and sprint reviews and working to resolve team issues and impediments
    • Evolves into more of a facilitator and communicator role

    1.2.1 Explore gaps in Agile/ product-centric delivery of projects

    5-10 minutes

    Output: An assessment of what is in the way to effectively deliver on Agile and product-focused projects

    Participants: Executives, Product/project managers, Applications teams

    • Discuss as a group:
      • What project management activities do you see in Agile/product roles?
      • What gaps do you see?
      • How can project management help Agile/product teams be successful?

    Step 1.3

    Specify the Different Activities for Project Management

    Activities
    • 1.3.1 Articulate the changes in a project manager’s role

    This step involves the following participants:

    • Executives
    • Product/Project managers
    • Applications teams

    Outcomes of this step

    • An understanding of the role of project management in an Agile and product context

    Kicking off the project

    Product-centric delivery still requires key activities to successfully deliver value. Where project managers get their information from does change.

    Stock photo of many hands grabbing a 2D rocketship.
    Project Charter

    Project managers should still define a charter and capture the vision and scope. The vision and high-level scope is primarily defined by the product owner.

    Key Stakeholders and Communication

    Clearly defining stakeholders and communication needs is still important. However, they are defined based on significant input and cues by the product owner.

    Standardizing on Tools and Processes

    To ensure consistency across projects, project managers will want to align tools to how the team manages their backlog and workflow. This will smooth communication about status with stakeholders.

    Info-Tech Insight

    1. Product management plays a similar role to the one that was traditionally filled by the project sponsor except for a personal accountability to the product beyond the life of the project.
    2. When fully transitioned to product-centric delivery, these activities could be replaced by a product canvas. See Deliver on Your Digital Product Vision for more information.

    During the project: Three key activities

    The role of project management evolves from a position of ownership to a position of communication, collaboration, and coordination.

    1. Support
      • Communicate Agile/product team needs to leadership
      • Liaise and co-ordinate for non-Agile/product-focused parts of the organization
      • Coach members of the team
    2. Monitoring
      • Regular status updates to PMO still required
      • Metrics aligned with Agile/product practices
      • Leverage similar tooling and approaches to what is done locally on Agile/product teams (if possible)
    3. Escalation
      • Still a key escalation point for roadblocks that go outside the product teams
      • Collaborate closely with Agile/product team leadership and scrum masters (if applicable)
    Cross-section of a head, split into three levels with icons representing the three steps detailed on the left, 'Support', 'Monitoring', and 'Escalation'.

    1.3.1: Articulate the changes in a project manager’s role

    5-10 minutes

    Output: Current understanding of the role of project management in Agile/product delivery

    Participants: Executives, Product/project managers, Applications teams

    Why is this important?

    Project managers still have a role to play in Agile projects and products. Agreeing to what they should be doing is critical to successfully moving to a product-centric approach to delivery.

    • Review how Info-Tech views the role of project management at project initiation and during the project.
    • Review the state of your Agile and product transformation, paying special attention to who performs which roles.
    • Discuss as a group:
      • What are the current activities of project managers in your organization?
      • Based on how you see delivery practices evolving, what do you see as the new role of project managers when it comes to Agile-centric and product-centric delivery.

    Step 1.4

    Identify Key Differences in Funding of Products Instead of Projects

    Activities
    • 1.4.1 Discuss traditional versus product-centric funding methods

    This step involves the following participants:

    • Executives
    • Product owners
    • Product managers
    • Project managers
    • Delivery managers

    Outcomes of this step

    • Identified differences in funding of products instead of projects

    Planning and budgeting for products and families

    Reward for delivering outcomes, not features

    Autonomy

    Icon of a diamond.

    Fund what delivers value

    Fund long-lived delivery of value through products (not projects).

    Give autonomy to the team to decide exactly what to build.

    Flexibility

    Icon of a dollar sign.

    Allocate iteratively

    Allocate to a pool based on higher-level business case.

    Provide funds in smaller amounts to different product teams and initiatives based on need.

    Arrow cycling right in a clockwise motion.



    Arrow cycling left in a clockwise motion.

    Accountability

    Icon of a target.

    Measure and adjust

    Product teams define metrics that contribute to given outcomes.

    Track progress and allocate more (or less) funds as appropriate.

    Stock image of two suited hands exchanging coins.

    Info-Tech Insight

    Changes to funding require changes to product and Agile practices to ensure product ownership and accountability.

    (Adapted from Bain & Company)

    Budgeting approaches must evolve as you mature your product operating environment

    TRADITIONAL PROJECTS WITH WATERFALL DELIVERY TRADITIONAL PROJECTS WITH AGILE DELIVERY PRODUCTS WITH AGILE PROJECT DELIVERY PRODUCTS WITH AGILE DELIVERY

    WHEN IS THE BUDGET TRACKED?

    Budget tracked by major phases Budget tracked by sprint and project Budget tracked by sprint and project Budget tracked by sprint and release

    HOW ARE CHANGES HANDLED?

    All change is by exception Scope change is routine; budget change is by exception Scope change is routine; budget change is by exception Budget change is expected on roadmap cadence

    WHEN ARE BENEFITS REALIZED?

    Benefits realization post project completion Benefits realization ongoing throughout the life of the project Benefits realization ongoing throughout the life of the product Benefits realization ongoing throughout life of the product

    WHO DRIVES?

    Project Manager
    • Project team delivery role
    • Refines project scope, advocates for changes in the budget
    • Advocates for additional funding in the forecast
    Product Owner
    • Project team delivery role
    • Refines project scope, advocates for changes in the budget
    • Advocates for additional funding in the forecast
    Product Manager
    • Product portfolio team role
    • Forecasting new initiatives during delivery to continue to drive value throughout the life of the product
    Product Manager
    • Product family team role
    • Forecasting new initiatives during delivery to continue to drive value throughout the life of the product
    ˆ ˆ
    Hybrid Operating Environments

    Info-Tech Insight

    As you evolve your approach to product delivery, you will be decoupling the expected benefits, forecast, and budget. Managing them independently will improve your ability adapt to change and drive the right outcomes!

    1.4.1 Discuss traditional versus product-centric funding methods

    30 minutes

    Output: Understanding of funding principles and challenges

    Participants: Executives, Product owners, Product managers, Project managers, Delivery managers

    1. Discuss how projects are currently funded.
    2. Review how the Agile/product funding models differ from how you currently operate.
    3. What changes do you need to consider to support a product delivery model?
    4. For each change, identify the key stakeholders and list at least one action to take.

    Case Study

    Global Digital Financial Services Company

    This financial services company looked to drive better results by adopting more product-centric practices.

    • Its projects exhibited:
      • High complexity/strong dependencies between components
      • High implementation effort
      • High clarification/reconciliation (more than two departments involved)
      • Multiple methodologies (Agile/Waterfall/Hybrid)
    • The team recognized they could not get rid of projects entirely, but getting to a level where there was a coordinated delivery between projects and products being implemented is important.
    Results
    • Moving several initiatives to more product-centric practices allowed for:
      • Delivery within current assigned capacity
      • Limited need for coordination across departments
      • Lower complexity
      • A unified Agile approach to delivery
    • Through balancing the needs of projects and products, there were three key insights about the project management’s role:
      • The role of project management changes depending on the context of the work. There is no one-size-fits-all definition.
      • Project management played a much bigger role when work spanned multiple products and business units.
      • Project management was used as a key coordinator when delivery became complicated and multilayered.
    Example of a company where practices fall equally into 'Project' and 'Product' categories, with some being shared by both.
    Example of a product-centric company where practices fall mainly into the 'Product category', leaving only one in 'Project'.

    Where Do I Go Next?

    Deliver on Your Digital Product Vision

    • Build a product vision your organization can take from strategy through execution.

    Build a Better Product Owner

    • Strengthen the product owner role in your organization by focusing on core capabilities and proper alignment.

    Implement Agile Practices That Work

    • Improve collaboration and transparency with the business to minimize project failure.

    Implement DevOps Practices That Work

    • Streamline business value delivery through the strategic adoption of DevOps practices.

    Prepare an Actionable Roadmap for Your PMO

    • Turn planning into action with a realistic PMO timeline.

    Deliver Digital Products at Scale

    • Deliver value at the scale of your organization through defining enterprise product families.

    Extend Agile Practices Beyond IT

    • Further the benefits of Agile by extending a scaled Agile framework to the business.

    Spread Best Practices With an Agile Center of Excellence

    • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Tailor IT Project Management Processes to Fit Your Projects

    • Spend less time managing processes and more time delivering results.

    Bibliography

    Cobb, Chuck. “Are there Project Managers in Agile?” High Impact Project Management, n.d. Web.

    Cohn, Mike. “What Is a Product?” Mountain Goat Software, 6 Sept. 2016. Web.

    Cobb, Chuck. “Agile Project Manager Job Description.” High Impact Project Management, n.d. Web.

    “How do you define a product?” Scrum.org, 4 April 2017. Web.

    Johnson, Darren, et al. “How to Plan and Budget for Agile at Scale.” Bain & Company, 8 Oct. 2019. Web.

    “Product Definition.” SlideShare, uploaded by Mark Curphey, 25 Feb. 2007. Web.

    Project Management Institute. A Guide to the Project Management Body of Knowledge (PMBOK Guide). 7th ed., Project Management Institute, 2021.

    Schuurman, Robbin. “Scrum Master vs Project Manager – An Overview of the Differences.” Scrum.org, 11 Feb 2020. Web.

    Schuurman, Robbin. “Product Owner vs Project Manager.” Scrum.org, 12 March 2020. Web.

    Vlaanderen, Kevin. “Towards Agile Product and Portfolio Management.” Academia.edu, 2010. Web.

    “What is a Developer in Scrum?” Scrum.org, n.d. Web.

    “What is a Scrum Master?” Scrum.org, n.d. Web.

    “What is a Product Owner?” Scrum.org, n.d. Web.

    Service Management

    • Buy Link or Shortcode: {j2store}46|cart{/j2store}
    • Related Products: {j2store}46|crosssells{/j2store}
    • Parent Category Name: Service Planning and Architecture
    • Parent Category Link: /service-planning-and-architecture

    The challenge

    • We have good, holistic practices, but inconsistent adoption leads to chaotic service delivery and low customer satisfaction.
    • You may have designed your IT services with little structure, formalization, or standardization.
    • That makes the management of these services more difficult and also leads to low business satisfaction.

    Register to read more …

    Design and Build a User-Facing Service Catalog

    • Buy Link or Shortcode: {j2store}395|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $62,821 Average $ Saved
    • member rating average days saved: 29 Average Days Saved
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • Business users don’t know what breadth of services are available to them.
    • It is difficult for business users to obtain useful information regarding services because they are often described in technical language.
    • Business users have unrealistic expectations of what IT can do for them.
    • There is no defined agreement on what is available, so the business assumes everything is.

    Our Advice

    Critical Insight

    • Define services from the business user’s perspective, not IT’s perspective.
      • A service catalog is of no use if a user looks at it and sees a significant amount of information that doesn’t apply to them.
    • Separate the enterprise services from the Line of Business (LOB) services.
      • This will simplify the process of documenting your service definitions and make it easier for users to navigate, which leads to a higher chance of user acceptance.

    Impact and Result

    • Our program helps you organize your services in a way that is relevant to the users, and practical and manageable for IT.
    • Our approach to defining and categorizing services ensures your service catalog remains a living document. You may add or revise your service records with ease.
    • Our program creates a bridge between IT and the business. Begin transforming IT’s perception within the organization by communicating the benefits of the service catalog.

    Design and Build a User-Facing Service Catalog Research & Tools

    Start here – read the Executive Brief

    Read our concise executive brief to understand why building a Service Catalog is a good idea for your business, and how following our approach will help you accomplish this difficult task.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch the project

    The Launch the Project phase will walk through completing Info-Tech's project charter template. This phase will help build a balanced project team, create a change message and communication plan, and achieve buy-in from key stakeholders.

    • Design & Build a User-Facing Service Catalog – Phase 1: Launch the Project
    • Service Catalog Project Charter

    2. Identify and define enterprise services

    The Identify and Define Enterprise Services phase will help to target enterprise services offered by the IT team. They are offered to everyone in the organization, and are grouped together in logical categories for users to access them easily.

    • Design & Build a User-Facing Service Catalog – Phase 2: Identify and Define Enterprise Services
    • Sample Enterprise Services

    3. Identify and define Line of Business (LOB) services

    After completing this phase, all services IT offers to each LOB or functional group should have been identified. Each group should receive different services and display only these services in the catalog.

    • Design & Build a User-Facing Service Catalog – Phase 3: Identify and Define Line of Business Services
    • Sample LOB Services – Industry Specific
    • Sample LOB Services – Functional Group

    4. Complete the Services Definition Chart

    Completing the Services Definition Chart will help the business pick which information to include in the catalog. This phase also prepares the catalog to be extended into a technical service catalog through the inclusion of IT-facing fields.

    • Design & Build a User-Facing Service Catalog – Phase 4: Complete Service Definitions
    • Services Definition Chart
    [infographic]

    Workshop: Design and Build a User-Facing Service Catalog

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch the Project

    The Purpose

    The purpose of this module is to help engage IT with business decision making.

    Key Benefits Achieved

    This module will help build a foundation for the project to begin. The buy-in from key stakeholders is key to having them take onus on the project’s completion.

    Activities

    1.1 Assemble the project team.

    1.2 Develop a communication plan.

    1.3 Establish metrics for success.

    1.4 Complete the project charter.

    Outputs

    A list of project members, stakeholders, and a project leader.

    A change message, communication strategy, and defined benefits for each user group.

    Metrics used to monitor the usefulness of the catalog, both from a performance and monetary perspective.

    A completed project charter to engage users in the initiative.

    2 Identify and Define Enterprise Services

    The Purpose

    The purpose of this module is to review services which are offered across the entire organization.

    Key Benefits Achieved

    A complete list of enterprise services defined from the user’s perspective to help them understand what is available to them.

    Activities

    2.1 Identify enterprise services used by almost everyone across the organization.

    2.2 Categorize services into logical groups.

    2.3 Define the services from the user’s perspective.

    Outputs

    A complete understanding of enterprise services for both IT service providers and business users.

    Logical groups for organizing the services in the catalog.

    Completed definitions in business language, preferably reviewed by business users.

    3 Identify and Define Line of Business (LOB) Services

    The Purpose

    The purpose of this module is to define the remaining LOB services for business users, and separate them into functional groups.

    Key Benefits Achieved

    Business users are not cluttered with LOB definitions that do not pertain to their business activities.

    Business users are provided with only relevant IT information.

    Activities

    3.1 Identify the LOBs.

    3.2 Determine which one of two methodologies is more suitable.

    3.3 Identify LOB services using appropriate methodology.

    3.4 Define services from a user perspective.

    Outputs

    A structured view of the different functional groups within the business.

    An easy to follow process for identifying all services for each LOB.

    A list of every service for each LOB.

    Completed definitions in business language, preferably reviewed by business users.

    4 Complete the Full Service Definitions

    The Purpose

    The purpose of this module is to guide the client to completing their service record definitions completely.

    Key Benefits Achieved

    This module will finalize the deliverable for the client by defining every user-facing service in novice terms.

    Activities

    4.1 Understand the components to each service definition (information fields).

    4.2 Pick which information to include in each definition.

    4.3 Complete the service definitions.

    Outputs

    A selection of information fields to be included in the service catalog.

    A selection of information fields to be included in the service catalog.

    A completed service record design, ready to be implemented with the right tool.

    Further reading

    Design and Build a User-Facing Service Catalog

    Improve user satisfaction with IT with a convenient menu-like catalog.

    Our understanding of the problem

    This Research Is Designed For:

    • CIOs
    • Directors and senior managers within IT and the business

    This Research Will Help You:

    • Articulate all of the services IT provides to the business in a language the business users understand.
    • Improve IT and business alignment through a common understanding of service features and IT support.

    This Research Will Help Them

    • Standardize and communicate how users request access to services.
    • Standardize and communicate how users obtain support for services.
    • Clearly understand IT’s role in providing each service.

    What is a service catalog?

    The user-facing service catalog is the go-to place for IT service-related information.

    The catalog defines, documents, and organizes the services that IT delivers to the organization. The catalog also describes the features of the services and how the services are intended to be used.

    The user-facing service catalog creates benefits for both the business and IT.

    For business users, the service catalog:

    1. Documents how to request access to the service, hours of availability, delivery timeframes, and customer responsibilities.
    2. Specifies how to obtain support for the services, support hours, and documentation.

    For IT, the service catalog:

    1. Identifies who owns the services and who is authorized to use the services.
    2. Specifies IT support requirements for the services, including support hours and documentation.

    What is the difference between a user-facing service catalog and a technical service catalog?

    This blueprint is about creating a user-facing service catalog written and organized in a way that focuses on the services from the business’ view.

    User facing

    User-friendly, intuitive, and simple overview of the services that IT provides to the business.

    The items you would see on the menu at a restaurant are an example of User Facing. The content is relatable and easy to understand.

    Technical

    Series of technical workflows, supporting services, and the technical components that are required to deliver a service.

    The recipe book with cooking instructions is an example of Technical Facing. This catalog is intended for the IT teams and is “behind the scene.”

    What is a service and what does it mean to be service oriented?

    The sum of the people, processes, and technologies required to enable users to achieve a business outcome is a Service.

    A service is used directly by the end users and is perceived as a coherent whole.

    Business Users →Service = Application & Systems + People & Processes

    Service Orientation is…

    • A focus on business requirements and business value, rather than IT driven motives.
    • Services are designed to enable required business activities.
    • Services are defined from the business perspective using business language.

    In other words, put on your user hat and leave behind the technical jargons!

    A lack of a published user-facing service catalog could be the source of many pains throughout your organization

    IT Pains

    • IT doesn’t understand all the services they provide.
    • Business users would go outside of IT for solutions, proliferating shadow IT.
    • Business users have a negative yet unrealistic perception of what IT is capable of.
    • IT has no way of managing expectations for their users, which tend to inflate.
    • There is often no defined agreement on services; the business assumes everything is available.

    Business Pains

    • Business users don’t know what services are available to them.
    • It is difficult to obtain useful information regarding a service because IT always talks in technical language.
    • Without a standard process in place, business users don’t know how to request access to a service with multiple sources of information available.
    • Receiving IT support is a painful, long process and IT doesn’t understand what type of support the business requires.

    An overwhelming majority of IT organizations still need to improve how they demonstrate their value to the business

    This image contains a pie chart with a slice representing 23% of the circle This image contains a pie chart with a slice representing 47% of the circle This image contains a pie chart with a slice representing 92% of the circle

    23% of IT is still viewed as a cost center.

    47% of business executives believe that business goals are going unsupported by IT.

    92% of IT leaders see the need to prove the business value of IT’s contribution.

    How a Service Catalog can help:

    Use the catalog to demonstrate how IT is an integral part of the organization and IT services are essential to achieve business objectives.

    Source: IT Communication in Crisis Report

    Transform the perception of IT by articulating all the services that are provided through the service catalog in a user-friendly language.

    Source: Info-Tech Benchmarking and Diagnostic Programs

    Increase IT-business communication and collaboration through the service catalog initiative. Move from technology focused to service-oriented.

    Source: IT Communication in Crisis Report

    Project Steps

    Phase 1 – Project Launch

    1.2 Project Team

    The team must be balanced between representatives from the business and IT.

    1.2 Communication Plan

    Communication plan to facilitate input from both sides and gain adoption.

    1.3 Identify Metrics

    Metrics should reflect the catalog benefits. Look to reduced number of service desk inquiries.

    1.4 Project Charter

    Project charter helps walk you through project preparation.

    This blueprint separates enterprise service from line of business service.

    This image contains a comparison between Enterprise IT Service and Line of Business Service, which will be discussed in further detail later in this blueprint.

    Project steps

    Phase 2 – Identify and Define Enterprise Services

    2.1 Identify the services that are used across the entire organization.

    2.2 Users must be able to identify with the service categories.

    2.3 Create basic definitions for enterprise services.

    Phase 3 – Identify and Define Line of Business Services

    3.1 Identify the different lines of business (LOBs) in the organization.

    3.2 Understand the differences between our two methodologies for identifying LOB services.

    3.3 Use methodology 1 if you have thorough knowledge of the business.

    3.4 Use methodology 2 if you only have an IT view of the LOB.

    Phase 4 – Complete Service Definitions

    4.1 Understand the different components to each service definition, or the fields in the service record.

    4.2 Identify which information to include for each service definition.

    4.3 Define each enterprise service according to the information and field properties.

    4.3 Define each LOB service according to the information and field properties.

    Define your service catalog in bundles to achieve better catalog design in the long run

    Trying to implement too many services at once can be overwhelming for both IT and the users. You don’t have to define and implement all of your services in one release of the catalog.

    Info-Tech recommends implementing services themselves in batches, starting with enterprise, and then grouping LOB services into separate releases. Why? It benefits both IT and business users:

    • It enables a better learning experience for IT – get to test the first release before going full-scale. In other words, IT gets a better understanding of all components of their deliverable before full adoption.
    • It is easier to meet customer agreements on what is to be delivered early, and easier to be able to meet those deadlines.
    This image depicts how you can use bundles to simplify the process of catalog design using bundles. The cycle includes the steps: Identify Services; Select a Service Bundle; Review Record Design; followed by a cycle of: Pick a service; Service X; Service Data Collection; Create Service Record, followed by Publish the bundle; Communicate the bundle; Rinse and Repeat.

    After implementing a service catalog, your IT will be able to:

    Use the service catalog to communicate all the services that IT provides to the business.

    Improve IT’s visibility within the organization by creating a single source of information for all the value creating services IT has to offer. The service catalog helps the business understand the value IT brings to each service, each line of business, and the overall organization.

    Concentrate more on high-value IT services.

    The service catalog contains information which empowers business users to access IT services and information without the help of IT support staff. The reduction in routine inquiries decreases workload and increases morale within the IT support team, and allows IT to concentrate on providing higher value services.

    Reduce shadow IT and gain control of services.

    Service catalog brings more control to your IT environment by reducing shadow IT activities. The service catalog communicates business requests responsively in a language the business users understand, thus eliminating the need for users to seek outside help.

    After implementing a service catalog, your business will be able to:

    Access IT services with ease.

    The language of IT is often confusing for the business and the users don’t know what to do when they have a concern. With a user-facing service catalog, business users can access information through a single source of information, and better understand how to request access or receive support for a service through clear, consistent, and business-relevant language.

    Empower users to self-serve.

    The service catalog enables users to “self-serve” IT services. Instead of calling the service desk every time an issue occurs, the users can rely on the service catalog for information. This simplified process not only reduces routine service requests, but also provides information in a faster, more efficient manner that increases productivity for both IT and the business.

    Gain transparency on the IT services provided.

    With every service clearly defined, business users can better understand the current support level, communicate their expectation for IT accountability, and help IT align services with critical business strategies.

    Leverage the different Info-Tech deliverable tools to help you along the way

    1. Project Charter

    A project charter template with a few samples completed. The project charter helps you govern the project progress and responsibilities.

    2. Enterprise Service Definitions

    A full list of enterprise definitions with features and descriptions pre-populated. These are meant to get you on your feet defining your own enterprise services, or editing the ones already there.

    3. Basic Line of Business Service Definitions

    Similar to the enterprise services deliverable, but with two separate deliverables focusing on different perspectives – functional groups services (e.g. HR and finance) and industry-specific services (e.g. education and government).

    Service Definitions & Service Record Design

    Get a taste of a completed service catalog with full service definitions and service record design. This is the final product of the service catalog design once all the steps and activities have been completed.

    The service catalog can be the foundation of your future IT service management endeavors

    After establishing a catalog of all IT services, the following projects are often pursued for other objectives. Service catalog is a precursor for all three.

    1. Technical Service Catalog

    Need an IT-friendly breakdown of each service?
    Keep better record of what technical components are required to deliver a service. The technical service catalog is the IT version of a user-facing catalog.

    2. Service-Based Costing

    Want to know how much each IT service is costing you?
    Get a better grip on the true cost of IT. Using service-based costing can help justify IT expenses and increase budgetary allotment.

    3. Chargeback

    Want to hold each business unit accountable for the IT services they use?
    Some business units abuse their IT services because they are thought to be free. Keep them accountable and charge them for what they use.

    The service catalog need not be expensive – organizations of all sizes (small, medium, large) can benefit from a service catalog

    No matter what size organization you may be, every organization can create a service catalog. Small businesses can benefit from the catalog the same way a large organization can. We have an easy step-by-step methodology to help introduce a catalog to your business.

    It is common that users do not know where to go to obtain services from IT… We always end up with a serious time-crunch at the beginning of a new school year. With automated on- and off-boarding services, this could change for the better.Dean Obermeyer, Technology Coordinator, Los Alamos Public Schools

    CIO Call to Action

    As the CIO and the project sponsor, you need to spearhead the development of the service catalog and communicate support to drive engagement and adoption.

      Start

    1. Select an experienced project leader
    2. Identify stakeholders and select project team members with the project leader
    3. Throughout the project

    4. Attend or lead the project kick-off meeting
    5. Create checkpoints to regularly touch base with the project team
    6. Service catalog launch

    7. Communicate the change message from beginning to implementation

    Identify a project leader who will drive measurable results with this initiative

    The project leader acts on behalf of the CIO and must be a senior level staff member who has extensive knowledge of the organization and experiences marshalling resources.

    Influential & Impactful

    Developing a service catalog requires dedication from many groups within IT and outside of IT.
    The project leader must hold a visible, senior position and can marshal all the necessary resources to ensure the success of the project. Ability to exert impact and influence around both IT and the business is a must.

    Relationship with the Business

    The user-facing service catalog cannot be successful if business input is not received.
    The project leader must leverage his/her existing relationship with the business to test out the service definitions and the service record design.

    Results Driven

    Creating a service catalog is not an easy job and the project leader must continuously engage the team members to drive results and efficiency.
    The highly visible nature of the service catalog means the project leader must produce a high-quality outcome that satisfies the business users.

    Info-Tech’s methodology helps organization to standardize how to define services

    CASE STUDY A
    Industry Municipal Government
    Source Onsite engagement

    Municipal Government
    The IT department of a large municipal government in the United States provides services to a large number of customers in various government agencies.
    Service Catalog Initiative
    The municipal government allocated a significant amount of resources to answer routine inquiries that could have been avoided through user self-service. The government also found that they do not organize all the services IT provides, and they could not document and publish them to the customer. The government has already begun the service catalog initiative, but was struggling with how to identify services. Progress was slow because people were arguing amongst themselves – the project team became demoralized and the initiative was on the brink of failure.
    Results
    With Info-Tech’s onsite support, the government was able to follow a standardized methodology to identify and define services from the user perspective. The government was able to successfully communicate the initiative to the business before the full adoption of the service catalog.

    We’re in demos with vendors right now to purchase an ITSM tool, and when the first vendor looked at our finished catalog, they were completely impressed.- Client Feedback

    [We feel] very confident. The group as a whole is pumped up and empowered – they're ready to pounce on it. We plan to stick to the schedule for the next three months, and then review progress/priorities. - Client Feedback

    CASE STUDY B
    Industry Healthcare
    Source Onsite engagement

    Healthcare Provider
    The organization is a healthcare provider in Canada. It treats patients with medical emergencies, standard operations, and manages a faculty of staff ranging from nurses and clerks, to senior doctors. This organization is run across several hospitals, various local clinics, and research centers.
    Service Catalog Initiative
    Because the organization is publicly funded, it is subject to regular audit requirements – one of which is to have a service catalog in place.
    The organization also would like to charge back its clients for IT-related costs. In order to do this, the organization must be able to trace it back to each service. Therefore, the first step would be to create a user-facing service catalog, followed by the technical service catalog, which then allows the organization to do service-based costing and chargeback.
    Results
    By leveraging Info-Tech’s expertise on the subject, the healthcare provider was able to fast-track its service catalog development and establish the groundwork for chargeback abilities.

    "There is always some reticence going in, but none of that was apparent coming out. The group dynamic was very good. [Info-Tech] was able to get that response, and no one around the table was silent.
    The [expectation] of the participants was that there was a purpose in doing the workshop. Everybody knew it was for multiple reasons, and everyone had their own accountability/stakes in the development of it. Highly engaged."
    - Client Feedback

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Launch the Project

    Identify Enterprise Services

    Identify Line of Business Services

    Complete Service Definitions

    Best-Practice Toolkit

    1.1 Assemble the project team.

    1.2 Develop a communication plan.

    1.3 Establish metrics for success.

    1.4 Complete the project charter.

    2.1 Identify services available organization-wide.

    2.2 Categorize services into logical groups.

    2.3 Define the services.

    3.1 Identify different LOBs.

    3.2 Pick one of two methodologies.

    3.3 Use method to identify LOB services.

    4.1 Learn components to each service definition.

    4.2 Pick which information to include in each definition.

    4.3 Define each service accordingly.

    Guided Implementations Identify the project leader with the appropriate skills.

    Assemble a well-rounded project team.

    Develop a mission statement and change messages.

    Create a comprehensive list of enterprise services that are used across the organization.

    Create a categorization scheme that is based on the needs of the business users.

    Walk through the two Info-Tech methodologies and understand which one is applicable.

    Define LOB services using the appropriate methodology.

    Decide what should be included and what should be kept internal for the service record design.

    Complete the full service definitions.

    Onsite Workshop Phase 1 Results:

    Clear understanding of project objectives and support obtained from the business.

    Phase 2 Results:

    Enterprise services defined and categorized.

    Phase 3 Results:

    LOB services defined based on user perspective.

    Phase 4 Results:

    Service record designed according to how IT wishes to communicate to the business.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Activities

    Launch the Project

    Identify Enterprise Services

    Identify Line of Business Services

    Complete Service Definitions

    1.1 Assemble the project team.

    1.2 Develop a communication plan.

    1.3 Establish metrics for success.

    1.4 Complete the project charter.

    2.1 Identify services available organization-wide.

    2.2 Categorize services into logical groups.

    2.3 Define the services.

    3.1 Identify different LOBs.

    3.2 Pick one of two methodologies.

    3.3 Use method to identify LOB services.

    4.1 Learn components to each service definition.

    4.2 Pick which information to include in each definition.

    4.3 Define each service accordingly.

    Deliverables
    • Service Catalog Project Charter
    • Enterprise Service Definitions
    • LOB Service Definitions – Functional groups
    • LOB Service Definitions – Industry specific
    • Service Definitions Chart

    PHASE 1

    Launch the Project

    Design & Build a User-Facing Service Catalog

    Step 1 – Create a project charter to launch the initiative

    1. Complete the Project Charter
    2. Create Enterprise Services Definitions
    3. Create Line of Business Services Definitions
    4. Complete Service Definitions

    This step will walk you through the following activities:

    • Develop a mission statement to obtain buy-ins from both IT and business stakeholders.
    • Assemble a well-rounded project team to increase the success of the project.
    • Identify and obtain support from stakeholders.
    • Create an impactful change message to the organization to promote the service catalog.
    • Determine project metrics to measure the effectiveness and value of the initiative.

    Step Insights

    • The project leader must have a strong relationship with the business, the ability to garner user input, and the authority to lead the team in creating a user-facing catalog that is accessible and understandable to the user.
    • Having two separate change messages prepared for IT and the business is a must. The business change message advocates how the catalog will make IT more accessible to users, and the IT message centers around how the catalog will make IT’s life easier through a standardized request process.

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Launch the project
    Proposed Time to Completion: 2 weeks
    Step 1.2: Create change messages

    Step 1.2: Create change messages

    Start with an analyst kick off call:

    • Identify the key objectives of creating a user-facing service catalog.
    • Identify the necessary members of the project team.

    Review findings with analyst:

    • Prioritize project stakeholders according to their involvement and influence.
    • Create a change message for IT and the business articulating the benefits.

    Then complete these activities…

  • Assemble a team with representatives from all areas of IT.
  • Identify the key project stakeholders.
  • Create a project mission statement.
  • Then complete these activities…

  • Create a separate change message for IT and the business.
  • Determine communication methods and channels.
  • With these tools & templates: Service

    Catalog Project Charter

    With these tools & templates:

    Service Catalog Project Charter

    Use Info-Tech’s Service Catalog Project Charter to begin your initiative

    1.1 Project Charter

    The following section of slides outline how to effectively use Info-Tech’s sample project charter.

    The Project Charter is used to govern the initiative throughout the project. IT should provide the foundation for project communication and monitoring.

    It has been pre-populated with information appropriate for Service Catalog projects. Please review this sample text and change, add, or delete information as required.

    Building the charter as a group will help you to clarify your key messages and help secure buy-in from critical stakeholders upfront.

    You may feel like a full charter isn’t necessary, and depending on your organizational size, it might not be. However, the exercise of building the charter is important none-the-less. No matter your current climate, some elements of communicating the value and plans for implementing the catalog will be necessary.

    The Charter includes the following sections:

    • Mission Statement
    • Project team members
    • Project stakeholders
    • Change message
    • Communication and organizational plan
    • Metrics

    Use Info-Tech’s Service Catalog Project Charter.

    Create a mission statement to articulate the purpose of this project

    The mission statement must be compelling because embarking on creating a service catalog is no easy task. It requires significant commitment from different people in different areas of the business.

    Good mission statements are directive, easy to understand, narrow in focus, and favor substance over vagueness.

    While building your mission statement, think about what it is intended to do, i.e. keep the project team engaged and engage others to adopt the service catalog. Included in the project charter’s mission statement section is a brief description of the goals and objectives of the service catalog.

    Ask yourself the following questions:

    1. What frustrations does your business face regarding IT services?
    2. f our company continues growing at this rate, will IT be able to manage service levels?
    3. How has IT benefited from consolidating IT services into a user perspective?

    Project Charter

    Info-Tech’s project charter contains two sample mission statements, along with additional tips to help you create yours.

    Tackle the project with a properly assembled team to increase the speed and quality in which the catalog will be created

    Construct a well-balanced project team to increase your chances of success.

    Project Leader

    Project leader will be the main catalyst for the creation of the catalog. This person is responsible for driving the whole initiative.

    Project Participants

    IT project participants’ input and business input will be pivotal to the creation of the catalog.

    Project Stakeholders

    The project stakeholders are the senior executives who have a vested interest in the service catalog. IT must produce periodic and targeted communication to these stakeholders.

    Increase your chances of success by creating a dynamic group of project participants

    Your project team will be a major success factor for your service catalog. Involvement from IT management and the business is a must.

    IT Team Member

    IT Service Desk Manager

    • The Service Desk team will be an integral part of the service catalog creation. Because of their client-facing work, service desk technicians can provide real feedback about how users view and request services.

    Senior Manager/Director of Application

    • The Application representative provides input on how applications are used by the business and supported by IT.

    Senior Manager/Director of Infrastructure

    • The infrastructure representative provides input on services regarding data storage, device management, security, etc.

    Business Team Member

    Business IT Liaison

    • This role is responsible for bridging the communication between IT and the business. This role could be fulfilled by the business relationship manager, service delivery manager, or business analyst. It doesn’t have to be a dedicated role; it could be part of an existing role.

    Business representatives from different LOBs

    • Business users need to validate the service catalog design and ensure the service definitions are user facing and relevant.

    Project Charter

    Input your project team, their roles, and relevant contact information into your project charter, Section 2.

    Identify the senior managers who are the stakeholders for the service catalog

    Obtain explicit buy-in from both IT and business stakeholders.

    The stakeholders could be your biggest champions for the service catalog initiative, or they could pull you back significantly. Engage the stakeholders at the start of the project and communicate the benefits of the service catalog to them to gain their approval.

    Stakeholders

    Benefits

    CIO
    • Improved visibility and perception for IT
    • Ability to better manage business expectation

    Manager of Service Desk

    • Reduced number of routine inquires
    • Respond to business needs faster and uniformly

    Senior Manager/Director of Application & Infrastructure

    • Streamlined and standardized request/support process
    • More effective communication with the business

    Senior Business Executives from Major LOBs

    • Self-service increases user productivity for business users
    • Better quality of services provided by IT

    Project Charter

    Document a list of stakeholders, their involvement in the process (why they are stakeholders), and their contact information in Section 3.

    Articulate the creation of the service catalog to the organization

    Spread the word of service catalog implementation. Bring attention to your change message through effective mediums and organizational changes.

    Key aspects of a communication plan

    The methods of communication (e.g. newsletters, email broadcast, news of the day, automated messages) notify users of implementation.

    In addition, it is important to know who will deliver the message (delivery strategy). Talking to the business leaders is very important, and you need IT executives to deliver the message. Work hard on obtaining their support as they are the ones communicating to their staff and could be your project champions.

    Recommended organizational changes

    The communication plan should consist of changes that will affect the way users interact with the catalog. Users should know of any meetings pertinent to the maintenance and improvement of the catalog, and ways to access the catalog (e.g. link on desktop/start menu).

    This image depicts the cycle of communicating change. the items in the cycle include: What is the change?; Why are we doing it?; How are we going to go about it?; What are we trying to achieve?; How often will we be updated?

    The Qualities of Leadership: Leading Change

    Project Charter

    Your communication plan should serve as a rough guide. Communication happens in several unpredictable happenstances, but the overall message should be contained within.

    Ensure you get the whole company on board for the service catalog with a well practiced change message

    The success of your catalog implementation hinges on the business’ readiness.

    One of the top challenges for organizations that are implementing a service catalog is the acceptance and adoption of the change. Effective planning for implementation and communication is pivotal. Ensure you create tailored plans for communication and understand how the change will impact staff.

    1. Draft your change message
    2. “Better Service, Better Value.” It is important to have two change messages prepared: one for the IT department and one for business users.
      Outline a few of the key benefits each user group will gain from adopting the service catalog (e.g. Faster, ease of use, convenient, consistent…)

    3. Address feedback
    4. Anticipate some resistances of service catalog adoption and prepare responses. These may be the other benefits which were not included in the change message (e.g. IT may be reluctant to think in business language.)

    5. Conduct training sessions
    6. Host lunch & learns to demonstrate the value of the service catalog to both business and IT user groups.
      These training sessions also serve as a great way to gather feedback from users regarding style and usability.

    Project Charter

    Pick your communication medium, and then identify your target audience. You should have a change message for each: the IT department and the business users. Pay careful consideration to wording and phrasing with regard for each.

    Track metrics throughout the project to keep stakeholders informed

    In order to measure the success of your service catalog, you must establish baseline metrics to determine how much value the catalog is creating for your business.

    1. Number of service requests via the service catalog
    2. The number of service catalog requests should be carefully monitored so that it does not fluctuate too greatly. In general, the number of requests via the service catalog should increase, which indicates a higher level of self-serve.

    3. Number of inquiry calls to the service desk
    4. The number of inquiry calls should decrease because customers are able to self-serve routine IT inquiries that would otherwise have gone through the service desk.

    5. Customer satisfaction – specific questions
    6. The organization could adopt the following sample survey questions:
      From 0-5: How satisfied are you with the functionality of the service catalog? How often do you turn to the service catalog first to solve IT problems?

    7. Number of non-standard requests
    8. The number of non-standard requests should decrease because a majority of services should eventually be covered in the service catalog. Users should be able to solve nearly any IT related problem through navigating the service catalog.

    Metric Description Current Metric Future Goal
    Number of service requests via the Service Catalog
    Number of inquiry calls to the service desk
    Customer Satisfaction – specific question
    Number of non-standard requests

    Use metrics to monitor the monetary improvements the service catalog creates for the business

    When measuring against your baseline, you should expect to see the following two monetary improvements:

    1. Improved service desk efficiency
    2. (# of routine inquiry calls reduced) x (average time for a call) x (average service desk wage)

      Routine inquiries often take up a significant portion of the service desk’s effort, and the majority of them can be answered via the service catalog, thus reducing the amount of time required for a service desk employee to engage in routine solutions. The reduction in routine inquiries allows IT to allocate resources to high-value services and provide higher quality of support.

    Example

    Originally, the service desk of an organization answers 850 inquiries per month, and around 540 of them are routine inquiries requesting information on when a service is available, who they can contact if they want to receive a service, and what they need to do if they want access to a service, etc.

    IT successfully communicated the introduction of the service catalog to the business and 3 months after the service catalog was implemented, the number of routine inquiries dropped to 60 per month. Given that the average time for IT to answer the inquiry is 10 minutes (0.167 hour) and the hourly wage of a service desk technician is $25, the monthly monetary cost saving of the service catalog is:

    (540 – 60) x 0.167 x 25 = $2004.00

    • Reduced expense by eliminating non-standard requests

    (Average additional cost of non-standard request) x (Reduction of non-standard request)
    +
    (Extra time IT spends on non-standard request fulfilment) x (Average wage)

    Non-standard requests require a lot of time, and often a lot of money. IT frequently incurs additional cost because the business is not aware of how to properly request service or support. Not only can the service catalog standardize and streamline the service request process, it can also help IT define its job boundary and say no to the business if needed.

    Example

    The IT department of an organization often finds itself dealing with last-minute, frustrating service requests from the business. For example, although equipment requests should be placed a week in advance, the business often requests equipment to be delivered the next day, leaving IT to pay for additional expedited shipping costs and/or working fanatically to allocate the equipment. Typically, these requests happen 4 times a month, with an additional cost of $200.00. IT staff work an extra 6 hours per each non-standard request at an hourly wage of $30.00.

    With the service catalog, the users are now aware of the rules that are in place and can submit their request with more ease. IT can also refer the users to the service catalog when a non-standard request occurs, which helps IT to charge the cost to the department or not meet the terms of the business.

    The monthly cost saving in this case is:

    $200.00 x 4 + 6 hours x 30 = $980.00

    Create your project charter for the service catalog initiative to get key stakeholders to buy in

    1.1 2-3 hours

    The project charter is an important document to govern your project process. Support from the project sponsors is important and must be documented. Complete the following steps working with Info-Tech’s sample Project Charter.

    1. The project leader and the core project team must identify key reasons for creating a service catalog. Document the project objectives and benefits in the mission statement section.
    2. Identify and document your project team. The team must include representatives from the Infrastructure, Applications, Service desk, and a Business-IT Liaison.
    3. Identify and document your project stakeholders. The stakeholders are those who have interest in seeing the service catalog completed. Stakeholders for IT are the CIO and management of different IT practices. Stakeholders for the business are executives of different LOBs.
    4. Identify your target audience and choose the communication medium most effective to reach them. Draft a communication message hitting all key elements.
      Info-Tech’s project charter contains sample change messages for the business and IT.
    5. Develop a strategy as to how the change message will be distributed, i.e. the communication and organizational change plan.
    6. Use the metrics identified as a base to measure your service catalog’s implementation. If you have identified any other objectives, add new metrics to monitor your progress from the baseline to reaching those objectives.
    7. Sign and date the project charter to officiate commitment to completing the project and reaching your objectives. Have the signed and dated charter available to members of the project team.

    INPUT

    • A collaborative discussion between team members

    OUTPUT

    • Thorough briefing for project launch
    • A committed team

    Materials

    • Communication message and plan
    • Metric tracking

    Participants

    • Project leader
    • Core project team

    Obtain buy-in from business users at the beginning of the service catalog initiative

    CASE STUDY A
    Industry Government
    Source Onsite engagement

    Challenge

    The nature of government IT is quite complex: there are several different agencies located in a number of different areas. It is extremely important to communicate the idea of the service catalog to all the users, no matter the agency or location.

    The IT department had yet to let business leaders of the various agencies know about the initiative and garner their support for the project. This has proven to be prohibitive for gaining adoption from all users.

    Solution

    The IT leaders met and identified all the opportunities to communicate the service catalog to the business leaders and end users.

    To meet with the business leaders, IT leaders hosted a service level meeting with the business directors and managers. They adopted a steering committee for the continuation of the project.

    To communicate with business users, IT leaders published announcements on the intranet website before releasing the catalog there as well.

    Results

    Because IT communicated the initiative, support from business stakeholders was obtained early and business leaders were on board shortly after.

    IT also managed to convince key business stakeholders to become project champions, and leveraged their network to communicate the initiative to their employees.

    With this level of adoption, it meant that it was easier for IT to garner business participation in the project and to obtain feedback throughout.

    Info-Tech assists project leader to garner support from the project team

    CASE STUDY A
    Industry Government
    Source Onsite engagement

    Challenge

    The project received buy-in from the CIO and director of infrastructure. Together they assembled a team and project leader.

    The two struggled to get buy-in from the rest of the team, however. They didn’t understand the catalog or its benefits and objectives. They were reluctant to change their old ways. They didn’t know how much work was required from them to accomplish the project.

    Solution

    With the Info-Tech analyst on site, the client was able to discuss the benefits within their team as well as the project team responsibilities.

    The Info-Tech analyst convinced the group to move towards focusing on a business- and service-oriented mindset.

    The workshop discussion was intended to get the entire team on board and engaged with meeting project objectives.

    Results

    The project team had experienced full buy-in after the workshop. The CIO and director relived their struggles of getting project members on-board through proper communication and engagement.

    Engaging the members of the project team with the discussion was key to having them take ownership in accomplishing the project.

    The business users understood that the service catalog was to benefit their long-term IT service development.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    1.1 this image contains a screenshot from section 1.1 of this blueprint. Begin your project with a mission statement
    A strong mission statement that outlines the benefits of the project is needed to communicate the purpose of the project. The onsite Info-Tech analysts will help you customize the message and establish the foundation of the project charter.
    1.2 this image contains a screenshot from section 1.2 of this blueprint.

    Identify project team members

    Our onsite analysts will help you identify high-value team members to contribute to this project.

    1.3 This image contains a screenshot from section 1.3 of this blueprint.

    Identify important business and IT stakeholders

    Buy-in from senior IT and business management is a must. Info-Tech will help you identify the stakeholders and determine their level of influence and impact.

    1.4 This image contains a screenshot from section 1.4 of this blueprint.

    Create a change message for the business and IT

    It is important to communicate changes early and the message must be tailored for each target audience. Our analysts will help you create an effective message by articulating the benefits of the service catalog to the business and to IT.

    1.5 This image contains a screenshot from section 1.5 of this blueprint.

    Determine service project metrics

    To demonstrate the value of the service catalog, IT must come up with tangible metrics. Info-Tech’s analysts will provide some sample metrics as well as facilitate a discussion around which metrics should be tracked and monitored.

    PHASE 2

    Identify and Define Enterprise Services

    Design & Build a User-Facing Service Catalog

    Step 2 – Create Enterprise Services Definitions

    1. Complete the Project Charter
    2. Create Enterprise Services Definitions
    3. Create Line of Business Services Definitions
    4. Complete Service Definitions

    This step will walk you through the following activities:

    • Identify and define enterprise services that are commonly used across the organization.
    • Create service descriptions and features to accurately sum up the functionality of each service.
    • Create service categories and assign each service to a category.

    Step Insights

    • When defining services, be sure to carefully distinguish between what is a feature and what is a service. Often, separate services are defined in situations when they would be better off as features of existing services, and vice versa.
    • When coming up with enterprise services categories, ensure the categories group the services in a way that is intuitive. The users should be able to find a service easily based on the names of the categories.

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Define Enterprise Services
    Proposed Time to Completion: 4 weeks

    Step 2.1: Identify enterprise services

    Step 2.2: Create service categories

    Start with an analyst kick off call:

    • Identify enterprise services that are commonly used.
    • Ensure the list is comprehensive and capture common IT needs.
    • Create service descriptions and features.

    Review findings with analyst:

    • Review full list of identified enterprise services.
    • Identify service categories that are intuitive to the users.

    Then complete these activities…

    • Use Info-Tech’s sample enterprise service definitions as a guide, and change/add/delete the service definitions to customize them to your organization.

    Then complete these activities…

    • Group identified services into categories that are intuitive to the users.

    With these tools & templates: Service

    Sample Enterprise Services

    With these tools & templates:

    Sample Enterprise Services

    Identify enterprise services in the organization apart from the services available to lines of business

    Separating enterprise services from line of business services helps keep things simple to organize the service catalog. -

    Documentation of all business-facing IT services is an intimidating task, and a lack of parameters around this process often leads to longer project times and unsatisfactory outcomes.

    To streamline this process, separating enterprise services from line of business services allows IT to effectively and efficiently organize these services. This method increases the visibility of the service catalog through user-oriented communication plans.

    Enterprise Services are common services that are used across the organization.

    1. Common Services for all users within the organization (e.g. Email, Video Conferencing, Remote Access, Guest Wireless)
    2. Service Requests organized into Service Offerings (e.g. Hardware Provisioning, Software Deployment, Hardware Repair, Equipment Loans)
    3. Consulting Services (e.g. Project Management, Business Analysis, RFP Preparation, Contract Negotiation)

    All user groups access Enterprise Services

    Enterprise Services

    • Finance
    • IT
    • Sales
    • HR

    Ensure your enterprise services are defined from the user perspective and are commonly used

    If you are unsure whether a service is enterprise wide, ask yourself these two questions:

    This image contains an example of how you would use the two questions: Does the user directly use the service themselves?; and; Is the service used by the entire organization (or nearly everyone)?. The examples given are: A. Video Conferencing; B. Exchange Server; C. Email & Fax; D. Order Entry System

    Leverage Info-Tech’s Sample Enterprise Services definition

    2.1 Info-Tech’s Sample Enterprise Services definitions

    Included with this blueprint is Info-Tech’s Sample Enterprise Services definitions.

    The sample contains dozens of services common across most organizations; however, as a whole, they are not complete for every organization. They must be modified according to the business’ needs. Phase two will serve as a guide to identifying an enterprise service as well as how to fill out the necessary fields.

    This image contains a screenshot of definitions from Info-Tech's Sample Enterprises services

    Info-Tech Insight

    Keep track of which services you either modify or delete. You will have to change the same services in the final Info-Tech deliverable.

    The next slide will introduce you to the information for each service record that can be edited.

    Info-Tech’s Sample Enterprise Services definitions is designed to be easily customized

    2.1 Info-Tech’s Sample Enterprise Services definitions

    Below is an example of a service record and its necessary fields of information. This is information that can be kept, deleted, or expanded upon.

    Name the service unambiguously and from the user’s perspective.

    Brief description of how the service allows users to perform tasks.

    Describe the functionality of the service and how it helps users to achieve their business objectives.

    Cluster the services into logical groups.

    Service Name Description Features Category
    Email Email communication to connect with other employees, suppliers, and customers
    • Inbox
    • Calendar
    • Resource Scheduling (meeting rooms)
    • Access to shared mailboxes
    • Limit on mailbox size (‘x’ GB)
    • Address book/external contacts
    • Spam filtering, virus protection
    • Archiving and retrieval of older emails
    • Web/browser access to email
    • Mass email/notification (emergency, surveys, reporting)
    • Setting up a distribution list
    • Setting up Active Sync for email access on mobile devices
    Communications

    Distinguish between a feature and a unique service

    It can be difficult to determine what is considered a service itself, and what is a feature of another service. Use these tips and examples below to help you standardize this judgement.

    Example 1

    Web Conferencing has already been defined as a service. Is Audio Conferencing its own service or a feature of Web Conferencing?

    Info-Tech Tip: Is Audio Conferencing run by the same application as the Web Conferencing? Does it use the same equipment? If not, Audio Conferencing is probably its own service.

    Example 2

    Web Conferencing has already been defined as a service. Is “Screen Sharing” its own service or a feature of Web Conferencing?

    Info-Tech Tip: It depends on how the user interacts with Screen Sharing. Do they only screen share when engaged in a Web Conference? If so, Screen Sharing is a feature and not a service itself.

    Example 3

    VoIP is a popular alternative to landline telephone nowadays, but should it be part of the telephony service or a separate service?

    Info-Tech Tip: It depends on how the VoIP phone is set up.

    If the user uses the VoIP phone the same way they would use a landline phone – because the catalog is user facing – consider the VoIP as part of the telephone service.

    If the user uses their computer application to call and receive calls, consider this a separate service on its own.

    Info-Tech Insight

    While there are some best practices for coming up with service definitions, it is not an exact science and you cannot accommodate everyone. When in doubt, think how most users would perceive the service.

    Change or delete Info-Tech’s enterprise services definitions to make them your own

    2.1 3 hours

    You need to be as comprehensive as possible and try to capture the entire breadth of services IT provides to the business.

    To achieve this, a three-step process is recommended.

    1. First, assemble your project team. It is imperative to have representatives from the service desk. Host two separate workshops, one with the business and one with IT. These workshops should take the form of focus groups and should take no more than 1-2 hours.
    2. Business Focus Group:
    • In an open-forum setting, discuss what the business needs from IT to carry out their day-to-day activities.
    • Engage user-group representatives and business relationship managers.

    IT Focus Group:

    • In a similar open-forum setting, determine what IT delivers to the business. Don’t think about it from a support perspective, but from an “ask” perspective – e.g. “Service Requests.
    • Engage the following individuals: team leads, managers, directors.
  • Review results from the focus groups and compare with your service desk tickets – are there services users inquire about frequently that are not included? Finalize your list of enterprise services as a group.
  • INPUT

    • Modify Info-Tech’s sample services

    OUTPUT

    • A list of some of your business’ enterprise services

    Materials

    • Whiteboard/marker
    • Info-Tech sample enterprise services

    Participants

    • Key members of the project team
    • Service desk rep
    • Business rep

    Using Info-Tech’s Sample Enterprise Services, expand upon the services to add those that we did not include

    2.2 1-3 hours (depending on size and complexity of the IT department)

    Have your user hat on when documenting service features and descriptions. Try to imagine how the users interact with each service.

    1. Once you have your service name, start with the service feature. This field lists all the functionality the service provides. Think from the user’s perspective and document the IT-related activities they need to complete.
    2. Review the service feature fields with internal IT first to make sure there isn’t any information that IT doesn’t want to publish. Afterwards, review with business users to ensure the language is easy to understand and the features are relatable.
    3. Lastly, create a high-level service description that defines the nature of the service in one or two sentences.

    INPUT

    • Collaborate and discuss to expand on Info-Tech’s example

    OUTPUT

    • A complete list of your business’ enterprise services

    Materials

    • Whiteboard/marker
    • Info-Tech sample enterprise services

    Participants

    • Key members of the project team
    • Service desk rep
    • Business rep

    Follow Info-Tech’s guidelines to establish categories for the enterprise services that IT provides to the business

    Similar to the services and their features, there is no right or wrong way to categorize. The best approach is to do what makes sense for your organization and understand what your users think.

    What are Service Categories?

    Categories organize services into logical groups that the users can identify with. Services with similar functions are grouped together in a common category.

    When deciding your categories, think about:

    • What is best for the users?
    • Look at the workflows from the user perspective: how and why do they use the service?
    • Will the user connect with the category name?
    • Will they think about the services within the category?
    Enterprise Service Categories
    Accounts and Access
    Collaboration
    Communication
    Connectivity
    Consulting
    Desktop, Equipment, & Software
    Employee Services
    Files and Documents
    Help & Support
    Training

    Sample categories

    Categorize the services from the list below; how would you think to group them?

    There is no right or wrong way to categorize services; it is subjective to how they are provided by IT and how they are used by the business. Use the aforementioned categories to group the following services. Sample solutions are provided on the following slide.

    Service Name
    Telephone
    Email
    Remote access
    Internet
    BYOD (wireless access)
    Instant Messaging
    Video Conferencing
    Audio Conferencing
    Guest Wi-Fi
    Document Sharing

    Tips and tricks:

    1. Think about the technology behind the service. Is it the same application that provides the services? For example: is instant messaging run by the same application as email?
    2. Consider how the service is used by the business. Are two services always used together? If instant messaging is always used during video conferencing, then they belong in the same category.
    3. Consider the purpose of the services. Do they achieve the same outcomes? For example, document sharing is different from video conferencing, though they both support a collaborative working environment.

    This is a sample of different categorizations – use these examples to think about which would better suit your business

    Example 1 Example 2

    Desktop, Equipment, & Software Services

    Connectivity

    Mobile Devices

    Communications

    Internet

    Telephone

    BYOD (wireless access)

    Telephone

    Guest Wi-Fi

    Internet

    Email

    Remote Access

    Instant Messaging

    Video Conferencing

    Audio Conferencing

    Communications

    Collaboration

    Storage and Retrieval

    Accounts and Access

    Telephone

    Email

    Document Sharing

    Remote access

    Email

    Instant Messaging

    Connectivity

    Mobile Devices

    Video Conferencing

    Internet

    BYOD (wireless access)

    Audio Conferencing

    Guest Wi-Fi

    Guest Wi-Fi

    Document Sharing

    Info-Tech Insight

    Services can have multiple categories only if it means the users will be better off. Try to limit this as much as possible.

    Neither of these two examples are the correct answer, and no such thing exists. The answers you came up with may well be better suited for the users in your business.

    With key members of your project team, categorize the list of enterprise services you have created

    2.3 1 hour

    Before you start, you must have a modified list of all defined enterprise services and a modified list of categories.

    1. Write down the service names on sticky notes and write down the categories either on the whiteboard or on the flipchart.
    2. Assign the service to a category one at a time. For each service, obtain consensus on how the users would view the service and which category would be the most logical choice. In some cases, discuss whether a service should be included in two categories to create better searchability for the users.
    3. If a consensus could not be reached on how to categorize a service, review the service features and category name. In some cases, you may go back and change the features or modify or create new categories if needed.

    INPUT

    • Collaborate and discuss to expand on Info-Tech’s example

    OUTPUT

    • A complete list of your business’ enterprise services

    Materials

    • Whiteboard/marker
    • Info-Tech sample enterprise services

    Participants

    • Key members of the project team
    • Service desk rep
    • Business rep

    Accounts & Access Services

    • User ID & Access
    • Remote Access
    • Business Applications Access

    Communication Services

    • Telephone
    • Email
    • Mobile devices

    Files & Documents

    • Shared Folders
    • File Storage
    • File Restoration
    • File Archiving

    Collaboration

    • Web Conferencing
    • Audio Conferencing
    • Video Conferencing
    • Chat
    • Document Sharing

    Employee Services

    • Onboarding & Off Boarding
    • Benefits Self Service
    • Time and Attendance
    • Employee Records Management

    Help & Support

    • Service Desk
    • Desk Side Support
    • After Hours Support

    Desktop, Equipment, & Software

    • Printing
    • Hardware Provisioning
    • Software Provisioning
    • Software Support
    • Device Move
    • Equipment Loaner

    Education & Training Services

    • Desktop Application Training
    • Corporate Application Training
    • Clinical Application Training
    • IT Training Consultation

    Connectivity

    • BYOD (wireless access)
    • Internet
    • Guest Wi-Fi

    IT Consulting Services

    • Project Management
    • Analysis
    • RFP Reviews
    • Solution Development
    • Business Analysis/Requirements Gathering
    • RFI/RFP Evaluation
    • Security Consulting & Assessment
    • Contract Management
    • Contract Negotiation

    IT department identifies a comprehensive list of enterprise services

    CASE STUDY A
    Industry Government
    Source Onsite engagement

    Challenge

    Because of the breadth of services IT provides across several agencies, it was challenging to identify what was considered enterprise beyond just the basic ones (email, internet, etc.)

    IT recognized that although the specific tasks of service could be different, there are many services that are offered universally across the organization and streamlining the service request and delivery process would reduce the burden on IT.

    Solution

    The client began with services that users interact with on a daily basis; this includes email, wireless, telephone, internet, printing, etc.

    Then, they focused on common service requests from the users, such as software and hardware provisioning, as well as remote access.

    Lastly, they began to think of other IT services that are provided across the organization, such as RFP/RFI support, project management analysis, employee onboarding/off-boarding, etc.

    Results

    By going through the lists and enterprise categories, the government was able to come up with a comprehensive list of all services IT provides to the business.

    Classifying services such as onboarding meant that IT could now standardize IT services for new recruits and employee termination.

    By capturing all enterprise services offered to the organization, IT centralized its management of services instead of having scattered request processes.

    Organization distinguishes features from services using Info-Tech’s tips and techniques

    CASE STUDY B
    Industry Government
    Source Onsite engagement

    Challenge

    For some services, the project team had difficulty deciding on what was a service and what was a feature. They found it hard to distinguish between a service with features or multiple services.

    For example, the client struggled to define the Wi-Fi services because they had many different user groups and different processes to obtain the service. Patients, visitors, doctors, researchers, and corporate employees all use Wi-Fi, but the service features for each user group were different.

    Solution

    The Info-Tech analyst came on-site and engaged the project team in a discussion around how the users would view the services.

    The analyst also provided tips and techniques on identifying services and their features.

    Because patients and visitors do not access Wi-Fi or receive support for the service in the same way as clinical or corporate employees, Wi-Fi was separated into two services (one for each user group).

    Results

    Using the tips and techniques that were provided during the onsite engagement, the project team was able to have a high degree of clarity on how to define the services by articulating who the authorized users are, and how to access the process.

    This allowed the group to focus on the users’ perspective and create clear, unambiguous service features so that users could clearly understand eligibility requirements for the service and how to request them.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    2.1 This image contains a screenshot from section 2.1 of this blueprint.

    Understand what enterprise services are

    The project team must have a clear understanding of what qualifies as an enterprise service. The onsite analysts will also promote a user-oriented mindset so the catalog focuses on business needs.

    2.2 this image contains a screenshot from section 2.2 of this blueprint.

    Identify enterprise services

    The Info-Tech analysts will provide a list of ready-to-use services and will work with the project team to change, add, and delete service definitions and to customize the service features.

    2.3 this image contains a screenshot from section 2.3 of this blueprint.

    Identify categories for enterprise services

    The Info-Tech analyst will again emphasize the importance of being service-oriented rather than IT-oriented. This will allow the group to come up with categories that are intuitive to the users.

    PHASE 3

    Identify and Define Line of Business Services

    Design & Build a User-Facing Service Catalog

    Step 3 – Create Line of Business Services Definitions

    1. Complete the Project Charter
    2. Create Enterprise Services Definitions
    3. Create Line of Business Services Definitions
    4. Complete Service Definitions

    This step will walk you through the following activities:

    • Identify lines of business (LOB) within the organization as well as the user groups within the different LOBs.
    • Determine which one of Info-Tech’s two approaches is more suitable for your IT organization.
    • Define and document LOB services using the appropriate approach.
    • Categorize the LOB services based on the organization’s functional structure.

    Step Insights

    • Collaboration with the business significantly strengthens the quality of line of business service definitions. A significant amount of user input is crucial to create impactful and effective service definitions.
    • If a strong relationship with the business is not in place, IT can look at business applications and the business activities they support in order to understand how to define line of business services.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Define LOB Services

    Proposed Time to Completion: 4 weeks

    Step 3.1: Identify LOB services

    Step 3.2: Define LOB services

    Start with an analyst kick off call:

    • Identify enterprise services that are commonly used.
    • Ensure the list is comprehensive and capture common IT needs.
    • Create service descriptions and features.

    Review findings with analyst:

    • Use either the business view or the IT view methodology to identify and define LOB services.

    Then complete these activities…

    • Select one of the methodologies and either compile a list of business applications or a list of user groups/functional departments.

    Then complete these activities…

    • Validate the service definitions and features with business users.

    With these tools & templates: Service

    LOB Services – Functional Group
    LOB Services – Industry Specific

    With these tools & templates:

    LOB Services – Functional Group
    LOB Services – Industry Specific

    Communicate with your business users to get a clear picture of each line of business

    Within a business unit, there are user groups that use unique applications and IT services to perform business activities. IT must understand which group is consuming each service to document to their needs and requirements. Only then is it logical to group services into lines of business.

    Covering every LOB service is a difficult task. Info-Tech offers two approaches to identifying LOB services, though we recommend working alongside business user groups to have input on how each service is used directly from the users. Doing so makes the job of completing the service catalog easier, and the product more detailed and user friendly.

    Some helpful questions to keep in mind when characterizing user groups:

    • Where do they fall on the organizational chart?
    • What kind of work do they do?
    • What is included in their job description?
    • What are tasks that they do in addition to their formal responsibilities?
    • What do they need from IT to do their day-to-day tasks?
    • What does their work day look like?
    • When, why, and how do they use IT services?

    Info-Tech Insight

    With business user input, you can answer questions as specific as “What requirements are necessary for IT to deliver value to each line of business?” and “What does each LOB need in order to run their operation?”

    Understand when it is best to use one of Info-Tech’s two approaches to defining LOB services

    1. Business View

    Business View is the preferred method for IT departments with a better understanding of business operations. This is because they can begin with input from the user, enabling them to more successfully define every service for each user group and LOB.

    In addition, IT will also have a chance to work together with the business and this will improve the level of collaboration and communication. However, in order to follow this methodology, IT needs to have a pre-established relationship with the business and can demonstrate their knowledge of business applications.

    2. IT View

    The IT view begins with considering each business application used within the organization’s lines of business. Start with a broad view, following with a process of narrowing down, and then iterate for each business application.

    This process leads to each unique service performed by every application within the business’ LOBs.

    The IT view does not necessarily require a substantial amount of information about the business procedures. IT staff are capable of deducing what business users often require to maintain their applications’ functionality.

    Use one of Info-Tech’s two methodologies to help you identify each LOB service

    Choose the methodology that fits your IT organization’s knowledge of the business.

    This image demonstrates a comparison between the business view of service and the IT View of Service. Under the Business View, the inputs are LOB; User Groups; and Business Activity. Under the IT View, the inputs are Business Application and Functionality, and the outputs are Business Activity; User Groups; and LOB.

    1. Business View

    If you do have knowledge of business operations, using the business view is the better option and the service definition will be more relatable to the users.

    2. IT View

    For organizations that don’t have established relationships with the business or detailed knowledge of business activities, IT can decompose the application into services. They have more familiarity and comfort with the business applications than with business activities.

    It is important to continue after the service is identified because it helps confirm and solidify the names and features. Determining the business activity and the user groups can help you become more user-oriented.

    Identifying LOB services using Info-Tech’s Business View method

    We will illustrate the two methodologies with the same example.

    If you have established an ongoing relationship with the business and you are familiar with their business operations, starting with the LOB and user groups will ensure you cover all the services IT provides to the business and create more relatable service names.

    This is a screenshot of an example of the business view of Service.

    Identifying LOB services using Info-Tech’s IT View method

    If you want to understand what services IT provides to the Sales functional group, and you don’t have comprehensive knowledge of the department, you need to start with the IT perspective.

    This is a screenshot of an example of the business view of Service.

    Info-Tech Insight

    If you are concerned about the fact that people always associate a service with an application, you can include the application in the service name or description so users can find the service through a search function.

    Group LOB services into functional groups as you did enterprise services into categories

    3.1 Sample Line of Business Services Definitions – Functional Groups & Industry Examples

    Like categories for enterprise services in Phase Two, LOB services are grouped into functional groups. Functional groups are the components of an organizational chart (HR, Finance, etc.) that are found in a company’s structure.

    Functional Groups

    Functional groups enable a clear view for business users of what services they need, while omitting services that do not apply to them. This does not overwhelm them, and provides them with only relevant information.

    Industry Services

    To be clear, industry services can be put into functional groups.

    Info-Tech provides a few sample industry services (without their functional group) to give an idea of what LOB service is specific to these industries. Try to extrapolate from these examples to create LOB services for your business.

    Use Info-Tech’s Sample LOB Services – Functional Group and Sample LOB Services – Industry Specific documents.

    This is a screenshot of Info-Tech's Functional Group Services

    Info-Tech Insight

    Keep track of which services you either modify or delete. You will have to change the same services in the final Info-Tech deliverable.

    Identify the user group and business activity within each line of business – Business view

    3.1 30-45 minutes per line of business

    Only perform this activity if you have a relationship with the business that can enable you to generate business input on service identifications and definitions.

    In a group of your project participants, repeat the sequence for each LOB.

    1. Brainstorm each user group within the LOB that is creating value for the business by performing functional activities.
    2. Think of what each individual end user must do to create their value. Think of the bigger picture rather than specifics at this point. For example, sales representatives must communicate with clients to create value.
    3. Now that you have each user group and the activities they perform, consider the specifics of how they go about doing that activity. Consider each application they use and how much they use that application. Think of any and all IT services that could occur as a result of that application usage.

    INPUT

    • A collaborative discussion (with a business relationship)

    OUTPUT

    • LOB services defined from the business perspective

    Materials

    • Sticky notes
    • Whiteboard/marker

    Participants

    • Members of the project team
    • Representatives from the LOBs

    Identify the user group and business activity within each line of business – IT view

    3.1 30-45 minutes per application

    Only perform this activity if you cannot generate business input through your relationships, and must begin service definitions with business applications.

    In a group of your project participants, repeat the sequence for each application.

    1. Brainstorm all applications that the business provides through IT. Cross out the ones that provide enterprise services.
    2. In broad terms, think about what the application is accomplishing to create value for the business from IT’s perspective. What are the modules? Is it recording interactions with the clients? Each software can have multiple functionalities.
    3. Narrow down each functionality performed by the application and think about how IT helps deliver that value. Create a name for the service that the users can relate to and understand.
    4. → Optional

    5. Now go beyond the service and think about the business activities. They are always similar to IT’s application functionality, but from the user perspective. How would the user think about what the application’s functionality to accomplish that particular service is? At this point, focus on the service, not the application.
    6. Determine the user groups for each service. This step will help you complete the service record design in phase 4. Keep in mind that multiple user groups may access one service.

    INPUT

    • A collaborative discussion (without a business relationship)

    OUTPUT

    • LOB services defined from the IT perspective

    Materials

    • Sticky notes
    • Whiteboard/marker

    Participants

    • Members of the project team

    You must review your LOB service definitions with the business before deployment

    Coming up with LOB service definitions is challenging for IT because it requires comprehension of all lines of business within the organization as well as direct interaction with the business users.

    After completing the LOB service definitions, IT must talk to the business to ensure all the user groups and business activities are covered and all the features are accurate.

    Here are some tips to reviewing your LOB Service Catalog generated content:

    • If you plan to talk to a business SME, plan ahead to help complete the project in time for rollout.
    • Include a business relationship manager on the project team to facilitate discussion if you do not have an established relationship with the business.

    Sample Meeting Agenda

    Go through the service in batches. Present 5-10 related services to the business first. Start with the service name and then focus on the features.

    In the meeting, discuss whether the service features accurately sum up the business activities, or if there are missing key activities. Also discuss whether certain services should be split up into multiple services or combined into one.

    Organization identifies LOB services using Info-Tech’s methodologies

    CASE STUDY A
    Industry Government
    Source Onsite engagement

    Challenge

    There were many users from different LOBs, and IT provided multiple services to all of them. Tracking them and who had access to what was difficult.

    IT didn’t understand who provided the services (service owner) and who the customers were (business owner) for some of the services.

    Solution

    After identifying the different Lines of Business, they followed the first approach (Business View) for those that IT had sufficient knowledge of in terms of business operations:

    1. Identified lines of business
    2. Identified user groups
    3. Identified business activities

    For the LOBs they weren’t familiar with, they used the IT view method, beginning with the application:

    1. Identified business apps
    2. Deduced the functionalities of each application
    3. Traced the application back to the service and identified the service owner and business owner

    Results

    Through these two methodologies, IT was able to define services according to how the users both perceive and utilize them.

    IT was able to capture all the services it provides to each line of business effectively without too much help from the business representatives.

    By capturing all enterprise services offered to the organization, IT centralized its management of services instead of having scattered request processes.

    Info-Tech helps organization to identify LOB services using the IT View

    CASE STUDY B
    Industry Healthcare
    Source Onsite engagement

    Challenge
    The organization uses a major application containing several modules used by different users for various business activities.

    The challenge was to break down the application into multiple services in a way that makes sense to the business users. Users should be able to find services specific to them easily.

    Therefore, the project team must understand how to map the modules to different services and user groups.


    Solution
    The project team identified the major lines of business and took various user groups such as nurses and doctors, figured out their daily tasks that require IT services, and mapped each user-facing service to the functionality of the application.

    The project team then went back to the application to ensure all the modules and functionalities within the application were accounted for. This helped to ensure that services for all user groups were covered and prepared to be released in the catalog.


    Results
    Once the project team had come up with a comprehensive list of services for each line of business, they were able to sit with the business and review the services.

    IT was also able to use this opportunity to demonstrate all the services it provides. Having all the LOB services demonstrates IT has done its preparation and can show the value they help create for the business in a language the users can understand. The end result was a strengthened relationship between the business and the IT department.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    This is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    3.1 this image contains a screenshot from section 3.1 of this blueprint.

    Understand what Line of Business services are

    The onsite analysts will provide a clear distinction between enterprise services and LOB services. The analysts will also articulate the importance of validating LOB services with the business.

    3.2 this image contains a screenshot from section 3.2 of this blueprint.

    Identify LOB services using the business’ view

    There are two methods for coming up with LOB services. If IT has comprehensive knowledge of the business, they can identify the services by outlining the user groups and their business activities.

    3.3 This image contains a screenshot from section 3.3 of this blueprint.

    Identify LOB services using IT’s view

    If IT does not understand the business and cannot obtain business input, Info-Tech’s analysts will present the second method, which allows IT to identify services with more comfortability through business applications/systems.

    3.4 This image contains a screenshot from section 3.4 of this blueprint.

    Categorize the LOB services into functional groups

    The analysts will help the project team categorize the LOB services based on user groups or functional departments.

    PHASE 4

    Complete Service Definitions

    Design & Build a User-Facing Service Catalog

    Step 4: Complete service definitions and service record design

    1. Complete the Project Charter
    2. Create Enterprise Services Definitions
    3. Create Line of Business Services Definitions
    4. Complete Service Definitions

    This step will walk you through the following activities:

    • Select which fields of information you would like to include in your service catalog design.
    • Determine which fields should be kept internal for IT use only.
    • Complete the service record design with business input if possible.

    Step Insights

    • Don’t overcomplicate the service record design. Only include the pieces of information the users really need to see.
    • Don’t publish anything that you don’t want to be held accountable for. If you are not ready, keep the metrics and costs internal.
    • It is crucial to designate a facilitator and a decision maker so confusions and disagreements regarding service definitions can be resolved efficiently.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Complete service definitions
    Proposed Time to Completion (in weeks): 4 weeks

    Step 4.1: Design service record

    Step 4.2: Complete service definitions

    Start with an analyst kick off call:

    • Review Info-Tech’s sample service record and determine which fields to add/change/delete.
    • Determine which fields should be kept internal.

    Review findings with analyst:

    • Complete all fields in the service record for each identified service.

    Then complete these activities…

    • Finalize the design of the service record and bring over enterprise services and LOB services.

    Then complete these activities…

    • Test the service definitions with business users prior to catalog implementation.

    With these tools & templates: Service

    Services Definition Chart

    With these tools & templates:

    Services Definition Chart

    Utilize Info-Tech’s Services Definition Chart to map out your final service catalog design

    Info-Tech’s Sample Services Definition Chart

    Info-Tech has provided a sample Services Definition Chart with standard service definitions and pre-populated fields. It is up to you throughout this step to decide which fields are necessary to your business users, as well as how much detail you wish to include in each of them.

    This image contains a screenshot from Info-Tech's Services Definition Chart.

    Info-Tech Insight

    Keep track of which services you either modify or delete. You will have to change the same services in the final Info-Tech deliverable.

    Tips and techniques for service record design

    The majority of the fields in the service catalog are user facing, which means they must be written in business language that the users can understand.

    If there is any confusion or disagreement in filling out the fields, a facilitator is required to lead the working groups in coming up with a definitive answer. If a decision is still not reached, it should be escalated to the decision maker (usually the service owner).

    IT-Facing Fields

    There are IT facing fields that should not be published to the business users – they are for the benefit of IT. For example, you may want to keep Performance Metrics internal to IT until you are ready to discuss it with the business.

    If the organization is interested in creating a Technical Service Catalog following this initiative, these fields will provide a helpful starting place for IT to identify the people, process, and technology required to support user-facing services.

    Info-Tech Insight

    It is important for IT-facing fields to be kept internal. If business users are having trouble with a service and the service owner’s name is available to them, they will phone them for support even if they are not the support owner.

    Design your service catalog with business input: have the user in mind

    When completing the service record, adopt the principle that “Less is More.” Keep it simple and write the service description from the user’s perspective, without IT language. From the list below, pick which fields of information are important to your business users.

    What do the users need to access the service quickly and with minimal assistance?

    The depicted image contains an example of an analysis of what users need to access the service quickly and with minimal assistance. The contents are as follows. Under Service Overview, Name; Description; Features; Category; and Supporting Services. Under Owners, are Service Owner; Business Owner. Under Access Policies and Procedures, are Authorized Users; Request Process; Approval Requirements/Process; Turnaround Time; User Responsibility. Under Availability and Service Levels are Support Hours; Hours of Availability; Planned Downtime; and Metrics. Under Support Policies & Procedures are Support Process; Support Owner; Support Documentation. Under Costs are Internal Cost; Customer Cost. The items which are IT Facing are coloured Red. These include Supporting Services; Service Owner; Business Owner; Metrics; Support Owner; and Internal Cost.

    Identify service overview

    “What information must I have in each service record? What are the fundamentals required to define a service?”

    Necessary Fields – Service Description:

    • Service name → a title for the service that gives a hint of its purpose.
    • Service description → what the service does and expected outcomes.
    • Service features → describe functionality of the service.
    • Service category → an intuitive way to group the service.
    • Support services → applications/systems required to support the service.

    Description: Delivers electronic messages to and from employees.

    Features:

    • Desk phone
    • Teleconference phones (meeting rooms)
    • Voicemail
    • Recover deleted voicemails
    • Team line: call rings multiple phones/according to call tree
    • Employee directory
    • Caller ID, Conference calling

    Category: Communications

    This image contains an example of a Service overview table. The headings are: Description; Features; Category; Supporting Services (Systems, Applications).

    Identify owners

    Who is responsible for the delivery of the service and what are their roles?

    Service Owner and Business Owner

    Service owner → the IT member who is responsible and accountable for the delivery of the service.

    Business owner → the business partner of the service owner who ensures the provided service meets business needs.

    Example: Time Entry

    Service Owner: Manager of Business Solutions

    Business Owner: VP of Human Resources

    This image depicts a blank table with the headings Service Owner, and Business Owner

    Info-Tech Insight

    For enterprise services that are used by almost everyone in the organization, the business owner is the CIO.

    Identify access policies and procedures

    “Who is authorized to access this service? How do they access it?”

    Access Policies & Procedures

    Authorized users → who can access the service.

    Request process → how to request access to the service.

    Approval requirement/process → what the user needs to have in place before accessing the service.

    Example: Guest Wi-Fi

    Authorized Users: All people on site not working for the company

    Request Process: Self-Service through website for external visitors

    Approval Requirement/Process: N/A

    This image depicts a blank table with the headings: Authorized Users; Request Process; Approval Requirement/Process

    Info-Tech Insight

    Clearly defining how to access a service saves time and money by decreasing calls to the service desk and getting users up and running faster. The result is higher user productivity.

    Identify access policies and procedures

    “Who is authorized to access this service? How do they access it?”

    Access Policies & Procedures

    Requirements & pre-requisites → details of what must happen before a service can be provided.

    Turnaround time → how much time it will take to grant access to the service.

    User responsibility → What the user is expected to do to acquire the service.

    Example: Guest Wi-Fi

    Requirements & Pre-requisites: Disclaimer of non-liability and acceptance

    Turnaround time: Immediate

    User Responsibility: Adhering to policies outlined in the disclaimer

    This image depicts a blank table with the headings: Authorized Users; Request Process; Approval Requirement/Process

    Info-Tech Insight

    Clearly defining how to access a service saves time and money by decreasing calls to the service desk and getting users up and running faster. The result is higher user productivity.

    Identify availability and service levels

    “When is this service available to users? What service levels can the user expect?”

    Availability & Service Levels

    Support hours → what days/times is this service available to users?

    Hours of availability/planned downtime → is there scheduled downtime for maintenance?

    Performance metrics → what level of performance can the user expect for this service?

    Example: Software Provisioning

    Support Hours: Standard business hours

    Hours of Availability/Planned Downtime: Standard business hours; can be agreed to work beyond operating hours either earlier or later

    Performance Metrics: N/A

    This image depicts a blank table with the headings: Support hours; Hours of availability/planned downtime; Performance Metrics.

    Info-Tech Insight

    Manage user expectations by clearly documenting and communicating service levels.

    Identify support policies and procedures

    “How do I obtain support for this service?”

    Support Policies & Procedures

    Support process → what is the process for obtaining support for this service?

    Support owner → who can users contact for escalations regarding this service?

    Support documentation → where can users find support documentation for this service?

    Example: Shared Folders

    Support Process: Contact help desk or submit a ticket via portal

    Support Owner: Manager, client support

    Support Documentation: .pdf of how-to guide

    This image depicts a blank table with the headings: Support Process; Support Owner; Support Documentation

    Info-Tech Insight

    Clearly documenting support procedures enables users to get the help they need faster and more efficiently.

    Identify service costs and approvals

    “Is there a cost for this service? If so, how much and who is expensing it?”

    Costs

    Internal Cost → do we know the total cost of the service?

    Customer Cost → a lot of services are provided without charge to the business; however, certain service requests will be charged to a department’s budget.

    Example: Hardware Provisioning

    Internal Cost: For purposes of audit, new laptops will be expensed to IT.

    Customer Cost: Cost to rush order 10 new laptops with retina displays for the graphics team. Charged for extra shipment cost, not for cost of laptop.

    This image depicts a blank table with the headings: Internal Costs; Customer costs

    Info-Tech Insight

    Set user expectations by clearly documenting costs associated with a service and how to obtain approval for these costs if required.

    Complete the service record design fields for every service

    4.1 3 Hours

    This is the final activity to completing the service record design. It has been a long journey to make it here; now, all that is left is completing the fields and transferring information from previous activities.

    1. Organize the services however you think is most appropriate. A common method of organization is alphabetically by enterprise category, and then each LOB functional group.
    2. Determine which fields you would like to keep or edit to be part of your design. Also add any other fields you can think of which will add value to the user or IT. Remember to keep them IT facing if necessary.
    3. Complete the fields for each service one by one. Keep in mind that for some services, a field or two may not apply to the nature of that service and may be left blank or filled with a null value (e.g. N/A).

    INPUT

    • A collaborative discussion

    OUTPUT

    • Completed service record design ready for a catalog

    Materials

    • Info-Tech sample service record design.

    Participants

    • Project stakeholders, business representatives

    Info-Tech Insight

    Don’t forget to delete or bring over the edited LOB and Enterprise services from the phase 2 and 3 deliverables.

    Complete the service definitions and get them ready for publication

    Now that you have completed the first run of service definitions, you can go back and complete the rest of the identified services in batches. You should observe increased efficiency and effectiveness in filling out the service definitions.

    This image depicts how you can use bundles to simplify the process of catalog design using bundles. The cycle includes the steps: Identify Services; Select a Service Bundle; Review Record Design; followed by a cycle of: Pick a service; Service X; Service Data Collection; Create Service Record, followed by Publish the bundle; Communicate the bundle; Rinse and Repeat.

    This blueprint’s purpose is to help you design a service catalog. There are a number of different platforms to build the catalog offered by application vendors. The sophistication of the catalog depends on the size of your business. It may be as simple as an Excel book, or something as complex as a website integrated with your service desk.

    Determine how you want to publish the service catalog

    There are various levels of maturity to consider when you are thinking about how to deploy your service catalog.

    1. Website/User Portal 2. Catalog Module Within ITSM Tool

    3. Homegrown Solution

    Prerequisite

    An internet website, or a user portal

    An existing ITSM tool with a built-in service catalog module

    Database development capabilities

    Website development capabilities

    Pros

    Low cost

    Low effort

    Easy to deploy

    Customized solution tailored for the organization

    High flexibility regarding how the service catalog is published

    Cons

    Not aesthetically appealing

    Lacking sophistication

    Difficult to customize to organization’s needs

    Limitation on how the service catalog info is published

    High effort

    High cost

    → Maturity Level →

    Organization uses the service catalog to outline IT’s and users’ responsibilities

    CASE STUDY A
    Industry Government
    Source Onsite engagement

    Challenge

    The client had collected a lot of good information, but they were not sure about what to include to ensure the users could understand the service clearly.

    They were also not sure what to keep internal so the service catalog did not increase IT’s workload. They want to help the business, but not appear as if they are capable of solving everything for everyone immediately. There was a fear of over-commitment.

    Solution

    The government created a Customer Responsibility field for each service, so it was not just IT who was providing solutions. Business users needed to understand what they had to do to receive some services.

    The Service Owner and Business Owner fields were also kept internal so users would go through the proper request channel instead of calling Service Owners directly.

    Lastly, the Performance Metrics field was kept internal until IT was ready to present service metrics to the business.

    Results

    The business was provided clarity on their responsibility and what was duly owed to them by IT staff. This established clear boundaries on what was to be expected of IT services projected into the future.

    The business users knew what to do and how to obtain the services provided to them. In the meantime, they didn’t feel overwhelmed by the amount of information provided by the service catalog.

    Organization leverages the service catalog as a tool to define IT workflows and business processes

    CASE STUDY B
    Industry Healthcare
    Source Onsite engagement

    Challenge

    There is a lack of clarity and a lack of agreement between the client’s team members regarding the request/approval processes for certain services. This was an indication that there is a level of ambiguity around process. Members were not sure what was the proper way to access a service and could not come up with what to include in the catalog.

    Different people from different teams had different ways of accessing services. This could be true for both enterprise and LOB services.

    Solution

    The Info-Tech analyst facilitated a discussion about workflows and business processes.

    In particular, the discussion focused around the approval/authorization process, and IT’s workflows required to deliver the service. The Info-Tech analyst on site walked the client through their different processes to determine which one should be included in the catalog.

    Results

    The discussion brought clarity to the project team around both IT and business process. Using this new information, IT was able to communicate to the business better, and create consistency for IT and the users of the catalog.

    The catalog design was a shared space where IT and business users could confer what the due process and responsibilities were from both sides. This increased accountability for both parties.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    4.1 this image contains a screenshot from section 4.1 of this blueprint.

    Determine which fields should be included in the record design

    The analysts will present the sample service definitions record and facilitate a discussion to customize the service record so unique business needs are captured.

    4.2 this image contains a screenshot from section 4.2.1 of this blueprint.

    Determine which fields should be kept internal

    The onsite analysts will explain why certain fields are used but not published. The analysts will help the team determine which fields should be kept internal.

    4.3 this image contains a screenshot from section 4.3 of this blueprint.

    Complete the service definitions

    The Info-Tech analysts will help the group complete the full service definitions. This exercise will also provide the organization with a clear understanding of IT workflows and business processes.

    Summary of accomplishment

    Knowledge Gained

    • Understanding why it is important to identify and define services from the user’s perspective.
    • Understand the differences between enterprise services and line of business services.
    • Distinguish service features from services.
    • Involve the business users to define LOB services using either IT’s view or LOB’s view.

    Processes Optimized

    • Enterprise services identification and documentation.
    • Line of business services identification and documentation.

    Deliverables Completed

    • Service catalog project charter
    • Enterprise services definitions
    • Line of business service definitions – functional groups
    • Line of business service definitions – industry specific
    • Service definition chart

    Project step summary

    Client Project: Design and Build a User-Facing Service Catalog

    1. Launch the Project – Maximize project success by assembling a well-rounded team and managing all important stakeholders.
    2. Identify Enterprise Services – Identify services that are used commonly across the organization and categorize them in a user-friendly way.
    3. Identify Line of Business Services – Identify services that are specific to each line of business using one of two Info-Tech methodologies.
    4. Complete the Service Definitions – Determine what should be presented to the users and complete the service definitions for all identified services.

    Info-Tech Insight

    This project has the ability to fit the following formats:

    • Onsite workshop by Info-Tech Research Group consulting analysts.
    • Do-it-yourself with your team.
    • Remote delivery (Info-Tech Guided Implementation).

    Related Info-Tech research

    Establish a Service-Based Costing Model

    Develop the right level of service-based costing capability by applying our methodology.

    Develop an IT Infrastructure Services Playbook

    • Buy Link or Shortcode: {j2store}451|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: 2 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Infrastructure and operations teams are managing deployments on- and off-premises, and across multiple infrastructure services providers.
    • Though automation tools speed up the delivery process, documentation is always pushed off so the team can meet urgent deadlines.
    • Without documented delivery processes, wait times are longer, controls are adequate but ad hoc, builds are non-standard, and errors are more likely to be introduced in production.

    Our Advice

    Critical Insight

    • Prioritize in-demand services to add to the playbook. Pilot a few services to get value from the project quickly.
    • Do not get lost in automation or tooling. You do not need a complex tool or back-end automation to get value from this project.
    • Learn, then iterate. With a few completed service processes, it is much easier to identify opportunities for service automation.

    Impact and Result

    • Prioritize in-demand services for documentation and standardization.
    • Build service workflows and document service requirements in the services playbook.
    • Create a costing model and track costs to deliver defined services.
    • Leverage data on costs and service requirements to improve service delivery.

    Develop an IT Infrastructure Services Playbook Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to find out why you should create an infrastructure services playbook, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define and prioritize infrastructure services

    Produce a prioritized list of high-demand infrastructure services.

    • Develop an IT Infrastructure Services Playbook – Phase 1: Define and Prioritize Infrastructure Services
    • Infrastructure Services Playbook

    2. Build workflows and an infrastructure services playbook

    Design workflows and create the first draft of the infrastructure services playbook.

    • Develop an IT Infrastructure Services Playbook – Phase 2: Build Workflows and an Infrastructure Services Playbook
    • Infrastructure Service Workflows (Visio)
    • Infrastructure Service Workflows (PDF)

    3. Identify costs and mature service delivery capabilities

    Build a service rate sheet to track costs and develop better service capabilities.

    • Develop an IT Infrastructure Services Playbook – Phase 3: Identify Costs and Mature Service Delivery Capabilities
    • Service Rate Sheet
    • Infrastructure Service Catalog Mind Map Example
    [infographic]

    Workshop: Develop an IT Infrastructure Services Playbook

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define and Prioritize Infrastructure Services

    The Purpose

    Define and prioritize infrastructure services.

    Key Benefits Achieved

    Identify candidate services for the Playbook.

    Activities

    1.1 Define the services you own.

    1.2 Prioritize infrastructure services.

    Outputs

    Affinity map of infrastructure services

    Service pain points and root causes

    A list of high-demand infrastructure services

    2 Build the Infrastructure Services Playbook

    The Purpose

    Build workflows and an infrastructure services playbook.

    Key Benefits Achieved

    Produce a draft infrastructure services playbook.

    Activities

    2.1 Design workflow for service delivery.

    2.2 Add steps and requirements to the Services Playbook.

    Outputs

    Documented service workflows

    Infrastructure Services Playbook

    3 Identify Costs and Mature Service Delivery Capabilities

    The Purpose

    Identify costs and mature service delivery capabilities.

    Key Benefits Achieved

    Build an infrastructure service rate sheet.

    Define next steps for infrastructure service capabilities.

    Activities

    3.1 Optimize infrastructure cost estimates.

    3.2 Mature your I&O organization into a service broker.

    Outputs

    Service Rate Sheet

    Master list of infrastructure services

    Action plan for Playbook implementation

    Further reading

    Develop an IT Infrastructure Services Playbook

    Automation, SDI, and DevOps – build a cheat sheet to manage a changing Infrastructure & Operations environment.

    Table of contents

    Analyst Perspective

    Executive Summary

    Project Overview

    Summary and Conclusion

    ANALYST PERSPECTIVE

    Technology is changing how infrastructure services are delivered.

    "Managing a hybrid infrastructure environment is challenge enough. Add to this the pressure on IT Operations to deliver services faster and more continuously – it’s a recipe for boondoggle deployments, overcommitted staff, end-user frustration, and operational gridlock.

    It’s not every service you provide that causes problems, so prioritize a few in-demand, painful services. Build and maintain durable, flexible processes that enable your team to provide consistent, repeatable services at a standard cost. Identify opportunities to improve service delivery.

    You’ll save the business time and money and your own team significant grief." (Andrew Sharp, Research Manager, Infrastructure & Operations, Info-Tech Research Group)

    Your infrastructure and operations team is a service provider; standardize, document, and communicate service capabilities

    This Research is Designed For:

    • CTOs and Infrastructure Managers
    • Service Level Managers
    • ITSM Managers and Process Owners

    This Research Will Help You:

    • Inventory services that IT Infrastructure & Operations (I&O) provides to the business (servers, storage, and network).
    • Standardize services and track costs.
    • Articulate the value of these services to business owners.
    • Develop a catalog of infrastructure services.

    This Research Will Also Assist:

    • CIOs
    • Application Development Managers
    • Security Managers
    • Auditors

    This Research Will Help Them:

    • Understand the complexities of technical service delivery.
    • Make better strategic IT infrastructure decisions.

    Executive summary

    Situation

    • Infrastructure and operations teams are managing deployments on- and off-premises and across multiple infrastructure service providers.
    • Though automation tools speed up the delivery process, documentation is always pushed off so the team can meet urgent deadlines.

    Complication

    • Cloud providers have set the bar high for ease of access to stable infrastructure services.
    • Without documented delivery processes, wait times are longer, controls are adequate but ad hoc, builds are non-standard, and errors are more likely to be introduced in production.

    Resolution

    • Prioritize in-demand services for documentation and standardization.
    • Build service workflows and document service requirements in the services playbook.
    • Create a costing model and track costs to deliver defined services.
    • Leverage data on costs and service requirements to improve service delivery.

    Info-Tech Insight

    1. Keep it simple. Work through a few in-demand services to get early value from the project.
    2. Don’t get lost in automation or tooling. You don’t need a complex tool or back-end automation to get value from standardized services.
    3. Do then iterate. With a few completed service processes, it’s much easier to identify opportunities for service automation.

    Create an infrastructure services playbook to improve efficiency, support DevOps, and streamline service delivery

    Begin building an infrastructure services playbook by defining the services you provide. This will also help your team support changes to service delivery (e.g. more use of cloud services and the shift to DevOps).

    In this blueprint, the first step will be to document infrastructure services to:

    1. Clarify infrastructure capabilities and achievable service levels.

      Document infrastructure services to clarify achievable service levels with given resources and what you will need to meet service-level requirement gaps. Establishing your ability to meet customer demands is the first step toward becoming a broker of internal or external services.
    2. Standardize infrastructure service delivery.

      Sometimes, it’s extremely important to do the exact same thing every time (e.g. server hardening). Sometimes, your team needs room to deviate from the script. Create a playbook that allows you to standardize service delivery as needed.
    3. Make good strategic infrastructure decisions.

      Knowledge is power. Defined services and capabilities will help you make important strategic infrastructure decisions around capacity planning and when outsourcing is appropriate.

    Review and optimize infrastructure service delivery as you shift to more cloud-based services

    If you can’t standardize and streamline how you support cloud services, you risk AppDev and business leaders circumventing the I&O team.

    Logo for 'vmware'.

    Example:

    Create a new server resource in a virtual environment vs. public cloud

    In a virtualized environment, provisioning processes can still be relatively siloed.

    In a software-defined environment, many steps require knowledge across the infrastructure stack. Better documentation will help your team deliver services outside their area of specialty.

    Logo for 'Microsoft Azure'.
    • Identify CPU requirements for a virtual machine (VM)
    • Calculate VM memory requirements
    • Configure the floppy drive for a VM
    • Configure IDE devices for a VM
    • Configure SCSI adapters for a VM
    • Configure network adapters for a VM
    • Configure VM priority for host CPU resources
    • Server is live

    • Complete SDI code development & review, version control, build status, etc.
    • Identify software and specifications for the instance you want to use
    • Review configuration, storage, and security settings
    • Secure the instance with an existing key pair or create a new key pair
    • Update documentation – public IP address, physical & logical connections, data flows, etc.
    • Launch and connect to instance
    • Server is live

    Strengthen DevOps with an infrastructure playbook

    The purpose behind DevOps is to reduce friction and deliver faster, more continuous, more automated services through the use of cross-functional teams.

    DevOps: bridging Applications Development and Infrastructure & Operations by embracing a culture, practices, and tools born out of Lean and Agile methodologies.

    • Create a common language across functions.
    • Ensure that all service steps are documented.
    • Move towards more standard deployments.
    • Increase transparency within the IT department.
    • Cultivate trust across teams.
    • Build the foundation for automated services.
    A colorful visualization of the DevOps cycle. On the Development side is 'Feedback', Plan', 'Build', 'Integrate', then over to the Operations side is 'Deploy', and 'Operate', then back to Dev with 'Feedback', starting the cycle over again.

    "The bar has been raised for delivering technology products and services – what was good enough in previous decades is not good enough now." (Kim, Humble, Debois, Willis (2016))

    Leverage an infrastructure services playbook to improve service delivery, one step at a time

    Crawl

    • Prioritize infrastructure services that are good candidates for standardization.
    • Document the steps and requirements to deliver the service.
    • Use the playbook and workflows internally as you gather requirements and deliver on requests.
    • Track costs internally.

    Walk

    • Provide infrastructure clients with the playbook and allow them to make requests against it.
    • Update and maintain existing documentation.
    • Automate, where possible.
    • Showback costs to the business.

    Run

    • Provide infrastructure customers with scripts to provision infrastructure resources.
    • Audit requests before fulfilling them.
    • Chargeback costs, as needed.
    A turtle smiles happily on four legs, simply content to be alive. Another turtle moves quickly on two legs, seemingly in a runner's trance, eyes closed, oblivious to the fact that another turtle has beaten him to finish line.

    Focus on in-demand infrastructure services — PHASE 1

    Standardize in-demand, repeatable services first.

    Demand for infrastructure services is usually driven by external requests or operational requirements. Prioritize services based on criticality, durability, frequency, availability, and urgency requirements.

    Scheduling Delays
    • Dealing with a slew of capital projects driven by a major funding initiative, the IT team of a major US transit system is struggling to execute on basic operational tasks.

    • Action:
    • A brainstorming and prioritization exercise identifies web server deployment as their most in-demand service.
    • Identifying breakdowns in web server deployment helps free up resources for other tasks and addresses a serious pain point.
    Think outside the box
    • On a new project for a sporting goods client, the IT department for a marketing firm deploys and supports a “locker” kiosk that users engage with for a chance to win a gift.

    • Action:
    • As the campaign proves successful, the I&O Manager creates a playbook to guide kiosk support and deployment in the future, including required skills, timelines, success metrics, and costs.
    Keep it standard, keep it safe
    • An IT audit at a higher education institution finds that no standard process for server hardening has been defined or documented by the infrastructure team.

    • Action:
    • Improving IT security is a strategic priority for the department.
    • The infrastructure team decides to standardize and document processes, guidelines, and configurations for hardening OS, SCCM, SaltStack, scripting, and patching.

    Leverage service workflows to populate the playbook — PHASE 2

    Infrastructure as Code is breaking down traditional infrastructure silos and support models.

    1. Document the workflow to deliver the service. Identify pain points and target broken processes first.
      Provision –› Configure –› Run –› Quiesce –› Destroy
    2. Define logical expected results and metrics for problematic steps in the process. Identify challenges and possible improvements to each problematic step.
      Building and deploying toolsets is taking a long time
      Start
      • Create a baseline offering for common requests.
      • Make clear that non-standard requests will take time to fulfil.
      Stop
      • Move to just one web server.
      Continue
      • Use weekly drop-ins to communicate the change.
    3. Document skills and roles, approvers, and pre-requirements to fill out the documentation, as needed. Use the documented process to guide internal process and align with external expectations.

    Cross-silo knowledge is needed: In a software-defined environment, building and launching a new server requires knowledge across the stack.

    • Complete SDI code development & review, version control, build status, etc.
    • Identify software and specifications for the instance you want to use
    • Review configuration, storage, and security settings
    • Secure the instance with an existing key pair, or create a new key pair
    • Update documentation – public IP address, physical & logical connections, data flows, etc.
    • Launch and connect to the instance
    • Server is live

    Take a progressive approach to cost tracking — PHASE 3

    Infrastructure & Operations are bound by two metrics:

    1. Are systems up?
    2. Is technology delivered as efficiently as possible?

    Because tracking cost is integral to efficiency, cost and budget management, by proxy, is one of the most important Infrastructure & Operations metrics.

    Cost management is not a numbers game. It is an indicator of how well infrastructure is managed.

    Track costs in a practical way that delivers value to your organization:

    1. Build and leverage an internal rate sheet to help estimate cost to serve.
    2. Showback rate sheet to help managers and architects make better infrastructure decisions.
    3. Chargeback costs to defined cost centers.

    Project overview

    Use Info-Tech’s methodology to get value faster from your infrastructure services playbook.

    Phases

    Phase 1: Define and prioritize infrastructure services Phase 2: Build the infrastructure services playbook Phase 3: Identify costs and mature service delivery capabilities

    Steps

    1.1 Define the services you own 2.1 Design workflows for service delivery 3.1 Estimate infrastructure service costs
    1.2 Prioritize infrastructure services 2.2 Add steps and requirements to the services playbook 3.2 Mature your I&O organization into a service broker

    Tools & Templates

    Infrastructure Services Playbook Infrastructure Service Workflows Service Rate Sheet

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation Overview

    Your Trusted Advisor is just a call away.

    Scoping
    (Call 1)

    Scope requirements, objectives, and stakeholders. Review the playbook toolset and methodology, and establish fit-for-need.

    Identify Services
    (Call 2)

    Brainstorm common infrastructure services your group provides. Consolidate the list and identify priority services.

    Create Service Workflows
    (Calls 3-4)

    Build Visio workflows for 2-3 priority services.

    Populate the Playbook
    (Calls 4-5)

    Add data to the playbook based on infrastructure service workflows

    Create a Rate Sheet for Costs
    (Call 6)

    Build a rate sheet that allows you to calculate costs for additional

    Your Guided Implementation will pair you with an advisor from our analyst team for the duration of your infrastructure services project.

    Workshop Overview

    Module 1
    (Day 1)
    Module 1
    (Day 1)
    Module 1
    (Day 1)
    Offsite deliverables wrap-up (Day 5)
    Activities
    Define and Prioritize Infrastructure Services

    1.1 Assess current maturity of services and standardization processes.

    1.2 Identify, group, and break out important infrastructure services.

    1.3 Define service delivery pain points and perform root-cause analysis.

    1.4 Prioritize services based on demand criteria.

    Build the Infrastructure Services Playbook

    2.1 Determine criteria for standard versus custom services.

    2.2 Document standard workflows for better alignment and consistent delivery.

    2.3 Build a flowchart for the identified high-demand service(s).

    2.4 Outline information as it relates to the service lifecycle in the Playbook template.

    Identify Costs and Mature Service Delivery Capabilities

    4.1 Gather information for the rate sheet.

    4.2 Choose an allocation method for overhead costs.

    4.3 Select the right approach in the crawl, walk, run model for your organization.

    4.4 Discuss the promotion plan and target revision dates for playbook and rate sheet.

    Deliverables
    1. High-demand infrastructure services list
    1. Right-sized criteria for standardization
    2. Service workflows
    3. Infrastructure Services Playbook
    1. Service Rate Sheet
    2. Deployment plan

    Develop an IT Infrastructure Services Playbook

    PHASE 1

    Define and Prioritize Infrastructure Services

    Step 1.1: Define the services you own

    PHASE 1

    Define and prioritize infrastructure services

    1.1

    Define the services you own

    1.2

    Prioritize infrastructure services

    This step will walk you through the following activities:

    • Define “infrastructure service”
    • Brainstorm service offerings
    • Consolidate services with affinity map

    This step involves the following participants:

    • Infrastructure Manager
    • I&O SMEs

    Results & Insights

    • Results: Consolidated list of end-to-end services
    • Insights: Avoid analysis paralysis by brainstorming without restrictions. It is more effective to cut down in Step 1.2 rather than risk neglecting important services for the playbook.

    Consider a range of infrastructure services

    Your infrastructure team is a service provider to the applications team – and sometimes other users as well.

    Service Requests
    • A developer requests a new web server.
    • The marketing department asks for a database to support a six-month digital marketing campaign.
    Projects
    • A new service is promoted to production.
    Operations
    • Firewall rules are updated to support server, network, or security posture changes.
    • Standard practices are followed and maintained to harden a range of different operating systems.
    • Engineers follow a standard process to integrate new tools and entitlements into Active Directory.
    • Patches and firmware updates are applied to core infrastructure components as needed.
    Problems
    • A database batch job often breaks on overnight batch jobs and requires manual intervention to check and restart.
    A visualization of the word 'Infrastructure Services' being orbited by 'Service Requests', 'Projects', 'Operations', and 'Problems'.

    IT infrastructure & operations teams deliver services that fulfil requests, support projects, resolve problems, and operate systems.

    Govern Office 365

    • Buy Link or Shortcode: {j2store}52|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $21,473 Average $ Saved
    • member rating average days saved: 21 Average Days Saved
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications

    Exploring the enterprise collaboration marketspace is difficult. The difficulty in finding a suitable collaboration tool is that there are many ways to collaborate, with just as many tools to match.

    Our Advice

    Critical Insight

    Map your organizational goals to the administration features available in the Office 365 console. Your governance should reflect your requirements.

    Impact and Result

    The result is a defined plan for controlling Office 365 by leveraging hard controls to align Microsoft’s toolset with your needs and creating acceptable use policies and communication plans to highlight the impact of the transition to Office 365 on the end-user population.

    Govern Office 365 Research & Tools

    Start here – read the Executive Brief

    Understand the challenges posed by governing Office 365 and the necessity of deploying proper governance.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define your organizational goals

    Develop a list of organizational goals that will enable you to leverage the Office 365 toolset to its fullest extent while also implementing sensible governance.

    • Govern Office 365 – Phase 1: Define Your Organizational Goals

    2. Control your Office 365 environment

    Use Info-Tech's toolset to build out controls for OneDrive, SharePoint, and Teams that align with your organizational goals as they relate to governance.

    • Govern Office 365 – Phase 2: Control Your Office 365 Environment
    • Office 365 Control Map
    • Microsoft Teams Acceptable Use Policy
    • Microsoft SharePoint Online Acceptable Use Policy
    • Microsoft OneDrive Acceptable Use Policy

    3. Communicate your results

    Communicate the results of your Office 365 governance program using Info-Tech's toolset.

    • Govern Office 365 – Phase 3: Communicate Your Results
    • Office 365 Communication Plan Template

    Infographic

    Workshop: Govern Office 365

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Goals

    The Purpose

    Develop a plan to assess the capabilities of the Office 365 solution and select licensing for the product.

    Key Benefits Achieved

    Office 365 capability assessment (right-size licensing)

    Acceptable Use Policies

    Mapped Office 365 controls

    Activities

    1.1 Review organizational goals.

    1.2 Evaluate Office 365 capabilities.

    1.3 Conduct the Office 365 capability assessment.

    1.4 Define user groups.

    1.5 Finalize licensing.

    Outputs

    List of organizational goals

    Targeted licensing decision

    2 Build Refined Governance Priorities

    The Purpose

    Leverage the Office 365 governance framework to develop and refined governance priorities.

    Build a SharePoint acceptable use policy and define SharePoint controls.

    Key Benefits Achieved

    Refined governance priorities

    List of SharePoint controls

    SharePoint acceptable use policy

    Activities

    2.1 Explore the Office 365 Framework.

    2.2 Conduct governance priorities refinement exercise.

    2.3 Populate the Office 365 control map (SharePoint).

    2.4 Build acceptable use policy (SharePoint).

    Outputs

    Refined governance priorities

    SharePoint control map

    Sharepoint acceptable use policy

    3 Control Office 365

    The Purpose

    Implement governance priorities for OneDrive and Teams.

    Key Benefits Achieved

    Clearly defined acceptable use policies for OneDrive and Teams

    List of OneDrive and Teams controls

    Activities

    3.1 Populate the Office 365 Control Map (OneDrive).

    3.2 Build acceptable use policy (OneDrive).

    3.3 Populate the Office 365 Control Map (Teams).

    3.4 Build acceptable use policy (Teams).

    Outputs

    OneDrive controls

    OneDrive acceptable use policy

    Teams controls

    Teams acceptable use policy

    4 SOW Walkthrough

    The Purpose

    Build a plan to communicate coming changes to the productivity environment.

    Key Benefits Achieved

    Communication plan covering SharePoint, Teams, and OneDrive

    Activities

    4.1 Build SharePoint one pager.

    4.2 Build OneDrive one pager.

    4.3 Build Teams one pager.

    4.4 Finalize communication plan.

    Outputs

    SharePoint one pager

    OneDrive one pager

    Teams one pager

    Overall finalized communication plan

    5 Communicate and Implement

    The Purpose

    Finalize deliverables and plan post-workshop communications.

    Key Benefits Achieved

    Completed Office 365 governance plan

    Finalized deliverables

    Activities

    5.1 Completed in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    5.3 Validate governance with stakeholders.

    Outputs

    Completed acceptable use policies

    Completed control map

    Completed communication plan

    Completed licensing decision

    Cost Optimization

    • Buy Link or Shortcode: {j2store}14|cart{/j2store}
    • Related Products: {j2store}14|crosssells{/j2store}
    • Up-Sell: {j2store}14|upsells{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Financial Management
    • Parent Category Link: /financial-management
    Minimize the damage of IT cost cuts

    Pandemic Preparation – The People Playbook

    • Buy Link or Shortcode: {j2store}513|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Lead
    • Parent Category Link: /lead
    • Keeping employees safe – limiting exposure of employees to the virus and supporting them in the event they become ill.
    • Reducing potential disruption to business operations through employee absenteeism and travel restrictions.

    Our Advice

    Critical Insight

    • Communication of facts and definitive action plans from credible leaders is the key to maintaining some stability during a time of uncertainty.
    • Remote work is no longer a remote possibility – implementing alternative temporary work arrangements that keep large groups of employees from congregating reduce risk of employee exposure and operational downtime.
    • Pandemic travel protocols are necessary to support staff and their continuation of work while traveling for business and/or if stuck in a high-risk, restricted area.

    Impact and Result

    • Assign accountability of key planning decisions to members of a pandemic response team.
    • Craft key messages in preparation for communicating to employees.
    • Cascade communications from credible sources in a way that will establish pandemic travel protocols.

    Pandemic Preparation – The People Playbook Research & Tools

    Start here. Read the Pandemic Preparation: The People Playbook

    Read our concise Playbook to find out how you can immediately prepare for the people side of pandemic planning.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Pandemic Preparation: The People Playbook
    [infographic]

    Develop and Deploy Security Policies

    • Buy Link or Shortcode: {j2store}256|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $19,953 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Employees are not paying attention to policies. Awareness and understanding of what the security policy’s purpose is, how it benefits the organization, and the importance of compliance are overlooked when policies are distributed.
    • Informal, un-rationalized, ad hoc policies do not explicitly outline responsibilities, are rarely comprehensive, and are difficult to implement, revise, and maintain.
    • Data breaches are still on the rise and security policies are not shaping good employee behavior or security-conscious practices.
    • Adhering to security policies is rarely a priority to users as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.

    Our Advice

    Critical Insight

    • Creating good policies is only half the solution. Having a great policy management lifecycle will keep your policies current, effective, and compliant.
    • Policies must be reasonable, auditable, enforceable, and measurable. If the policy items don’t meet these requirements, users can’t be expected to adhere to them. Focus on developing policies to be quantified and qualified for them to be relevant.

    Impact and Result

    • Save time and money using the templates provided to create your own customized security policies mapped to the Info-Tech framework, which incorporates multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA).

    Develop and Deploy Security Policies Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop and Deploy Security Policies Deck – A step-by-step guide to help you build, implement, and assess your security policy program.

    Our systematic approach will ensure that all identified areas of security have an associated policy.

  • Develop the security policy program.
  • Develop and implement the policy suite.
  • Communicate the security policy program.
  • Measure the security policy program.
    • Develop and Deploy Security Policies – Phases 1-4

    2. Security Policy Prioritization Tool – A structured tool to help your organization prioritize your policy suite to ensure that you are addressing the most important policies first.

    The Security Policy Prioritization Tool assesses the policy suite on policy importance, ease to implement, and ease to enforce. The output of this tool is your prioritized list of policies based on our policy framework.

    • Security Policy Prioritization Tool

    3. Security Policy Assessment Tool – A structured tool to assess the effectiveness of policies within your organization and determine recommended actions for remediation.

    The Security Policy Assessment Tool assesses the policy suite on policy coverage, communication, adherence, alignment, and overlap. The output of this tool is a checklist of remediation actions for each individual policy.

    • Security Policy Assessment Tool

    4. Security Policy Lifecycle Template – A customizable lifecycle template to manage your security policy initiatives.

    The Lifecycle Template includes sections on security vision, security mission, strategic security and policy objectives, policy design, roles and responsibilities for developing security policies, and organizational responsibilities.

    • Security Policy Lifecycle Template

    5. Policy Suite Templates – A best-of-breed templates suite mapped to the Info-Tech framework you can customize to reflect your organizational requirements and acquire approval.

    Use Info-Tech's security policy templates, which incorporate multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA), to ensure that your policies are clear, concise, and consistent.

    • Acceptable Use of Technology Policy Template
    • Application Security Policy Template
    • Asset Management Policy Template
    • Backup and Recovery Policy Template
    • Cloud Security Policy Template
    • Compliance and Audit Management Policy Template
    • Data Security Policy Template
    • Endpoint Security Policy Template
    • Human Resource Security Policy Template
    • Identity and Access Management Policy Template
    • Information Security Policy Template
    • Network and Communications Security Policy Template
    • Physical and Environmental Security Policy Template
    • Security Awareness and Training Policy Template
    • Security Incident Management Policy Template
    • Security Risk Management Policy Template
    • Security Threat Detection Policy Template
    • System Configuration and Change Management Policy Template
    • Vulnerability Management Policy Template

    6. Policy Communication Plan Template – A template to help you plan your approach for publishing and communicating your policy updates across the entire organization.

    This template helps you consider the budget time for communications, identify all stakeholders, and avoid scheduling communications in competition with one another.

    • Policy Communication Plan Template

    7. Security Awareness and Training Program Development Tool – A tool to help you identify initiatives to develop your security awareness and training program.

    Use this tool to first identify the initiatives that can grow your program, then as a roadmap tool for tracking progress of completion for those initiatives.

    • Security Awareness and Training Program Development Tool

    Infographic

    Workshop: Develop and Deploy Security Policies

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define the Security Policy Program

    The Purpose

    Define the security policy development program.

    Formalize a governing security policy lifecycle.

    Key Benefits Achieved

    Understanding the current state of policies within your organization.

    Prioritizing list of security policies for your organization.

    Being able to defend policies written based on business requirements and overarching security needs.

    Leveraging an executive champion to help policy adoption across the organization.

    Formalizing the roles, responsibilities, and overall mission of the program.

    Activities

    1.1 Understand the current state of policies.

    1.2 Align your security policies to the Info-Tech framework for compliance.

    1.3 Understand the relationship between policies and other documents.

    1.4 Prioritize the development of security policies.

    1.5 Discuss strategies to leverage stakeholder support.

    1.6 Plan to communicate with all stakeholders.

    1.7 Develop the security policy lifecycle.

    Outputs

    Security Policy Prioritization Tool

    Security Policy Prioritization Tool

    Security Policy Lifecycle Template

    2 Develop the Security Policy Suite

    The Purpose

    Develop a comprehensive suite of security policies that are relevant to the needs of the organization.

    Key Benefits Achieved

    Time, effort, and money saved by developing formally documented security policies with input from Info-Tech’s subject-matter experts.

    Activities

    2.1 Discuss the risks and drivers your organization faces that must be addressed by policies.

    2.2 Develop and customize security policies.

    2.3 Develop a plan to gather feedback from users.

    2.4 Discuss a plan to submit policies for approval.

    Outputs

    Understanding of the risks and drivers that will influence policy development.

    Up to 14 customized security policies (dependent on need and time).

    3 Implement Security Policy Program

    The Purpose

    Ensure policies and requirements are communicated with end users, along with steps to comply with the new security policies.

    Improve compliance and accountability with security policies.

    Plan for regular review and maintenance of the security policy program.

    Key Benefits Achieved

    Streamlined communication of the policies to users.

    Improved end user compliance with policy guidelines and be better prepared for audits.

    Incorporate security policies into daily schedule, eliminating disturbances to productivity and efficiency.

    Activities

    3.1 Plan the communication strategy of new policies.

    3.2 Discuss myPolicies to automate management and implementation.

    3.3 Incorporate policies and processes into your security awareness and training program.

    3.4 Assess the effectiveness of security policies.

    3.5 Understand the need for regular review and update.

    Outputs

    Policy Communication Plan Template

    Understanding of how myPolicies can help policy management and implementation.

    Security Awareness and Training Program Development Tool

    Security Policy Assessment Tool

    Action plan to regularly review and update the policies.

    Further reading

    Develop and Deploy Security Policies

    Enhance your overall security posture with a defensible and prescriptive policy suite.

    Analyst Perspective

    A policy lifecycle can be the secret sauce to managing your policies.

    A policy for policy’s sake is useless if it isn’t being used to ensure proper processes are followed. A policy should exist for more than just checking a requirement box. Policies need to be quantified, qualified, and enforced for them to be relevant.

    Policies should be developed based on the use cases that enable the business to run securely and smoothly. Ensure they are aligned with the corporate culture. Rather than introducing hindrances to daily operations, policies should reflect security practices that support business goals and protection.

    No published framework is going to be a perfect fit for any organization, so take the time to compare business operations and culture with security requirements to determine which ones apply to keep your organization secure.

    Photo of Danny Hammond, Research Analyst, Security, Risk, Privacy & Compliance Practice, Info-Tech Research Group. Danny Hammond
    Research Analyst
    Security, Risk, Privacy & Compliance Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Security breaches are damaging and costly. Trying to prevent and respond to them without robust, enforceable policies makes a difficult situation even harder to handle.
    • Informal, un-rationalized, ad hoc policies are ineffective because they do not explicitly outline responsibilities and compliance requirements, and they are rarely comprehensive.
    • Without a strong lifecycle to keep policies up to date and easy to use, end users will ignore or work around poorly understood policies.
    • Time and money is wasted dealing with preventable security issues that should be pre-emptively addressed in a comprehensive corporate security policy program.
    Common Obstacles

    InfoSec leaders will struggle to craft the right set of policies without knowing what the organization actually needs, such as:

    • The security policies needed to safeguard infrastructure and resources.
    • The scope the security policies will cover within the organization.
    • The current compliance and regulatory obligations based on location and industry.
    InfoSec leaders must understand the business environment and end-user needs before they can select security policies that fit.
    Info-Tech’s Approach

    Info-Tech’s Develop and Deploy Security Policies takes a multi-faceted approach to the problem that incorporates foundational technical elements, compliance considerations, and supporting processes:

    • Assess what security policies currently exist within the organization and consider additional secure policies.
    • Develop a policy lifecycle that will define the needs, develop required documentation, and implement, communicate, and measure your policy program.
    • Draft a set of security policies mapped to the Info-Tech framework, which incorporates multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA).

    Info-Tech Insight

    Creating good policies is only half the solution. Having a great policy management lifecycle will keep your policies current, effective, and compliant.

    Your Challenge

    This research is designed to help organizations design a program to develop and deploy security policies

    • A security policy is a formal document that outlines the required behavior and security controls in place to protect corporate assets.
    • The development of policy documents is an ambitious task, but the real challenge comes with communication and enforcement.
    • A good security policy allows employees to know what is required of them and allows management to monitor and audit security practices against a standard policy.
    • Unless the policies are effectively communicated, enforced, and updated, employees won’t know what’s required of them and will not comply with essential standards, making the policies powerless.
    • Without a good policy lifecycle in place, it can be challenging to illustrate the key steps and decisions involved in creating and managing a policy.

    The problem with security policies

    29% Of IT workers say it's just too hard and time consuming to track and enforce.

    25% Of IT workers say they don’t enforce security policies universally.

    20% Of workers don’t follow company security policies all the time.

    (Source: Security Magazine, 2020)

    Common obstacles

    The problem with security policies isn’t development; rather, it’s the communication, enforcement, and maintenance of them.

    • Employees are not paying attention to policies. Awareness and understanding of what the security policy’s purpose is, how it benefits the organization, and the importance of compliance are overlooked when policies are distributed.
    • Informal, un-rationalized, ad hoc policies do not explicitly outline responsibilities, are rarely comprehensive, and are difficult to implement, revise, and maintain.
    • Date breaches are still on the rise and security policies are not shaping good employee behavior or security-conscious practices.
    • Adhering to security policies is rarely a priority to users as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.
    Bar chart of the 'Average cost of a data breach' in years '2019-20', '20-21', and '21-22'.
    (Source: IBM, 2022 Cost of a Data Breach; n=537)

    Reaching an all-time high, the cost of a data breach averaged US$4.35 million in 2022. This figure represents a 2.6% increase from last year, when the average cost of a breach was US$4.24 million. The average cost has climbed 12.7% since 2020.

    Info-Tech’s approach

    The right policy for the right audience. Generate a roadmap to guide the order of policy development based on organizational policy requirements and the target audience.

    Actions

    1. Develop policy lifecycle
    2. Identify compliance requirements
    3. Understand which policies need to be developed, maintained, or decommissioned
    I. Define Security Policy Program

    a) Security policy program lifecycle template

    b) Policy prioritization tool
    Clockwise cycle arrows at the centre of the table. II. Develop & Implement Policy Suite

    a) Policy template set

    Policies must be reasonable, auditable, enforceable, and measurable. Policy items that meet these requirements will have a higher level of adherence. Focus on efficiently creating policies using pre-developed templates that are mapped to multiple compliance frameworks.

    Actions

    1. Differentiate between policies, procedures, standards, and guidelines
    2. Draft policies from templates
    3. Review policies, including completeness
    4. Approve policies
    Gaining feedback on policy compliance is important for updates and adaptation, where necessary, as well as monitoring policy alignment to business objectives.

    Actions

    1. Enforce policies
    2. Measure policy effectiveness
    IV. Measure Policy Program

    a) Security policy tracking tool

    III. Communicate Policy Program

    a) Security policy awareness & training tool

    b) Policy communication plan template
    Awareness and training on security policies should be targeted and must be relevant to the employees’ jobs. Employees will be more attentive and willing to incorporate what they learn if they feel that awareness and training material was specifically designed to help them.

    Actions

    1. Identify any changes in the regulatory and compliance environment
    2. Include policy awareness in awareness and training programs
    3. Disseminate policies
    Build trust in your policy program by involving stakeholder participation through the entire policy lifecycle.

    Blueprint benefits

    IT/InfoSec Benefits

    • Reduces complexity within the policy creation process by using a single framework to align multiple compliance regimes.
    • Introduces a roadmap to clearly educate employees on the do’s and don’ts of IT usage within the organization.
    • Reduces costs and efforts related to managing IT security and other IT-related threats.

    Business Benefits

    • Identifies and develops security policies that are essential to your organization’s objectives.
    • Integrates security into corporate culture while maximizing compliance and effectiveness of security policies.
    • Reduces security policy compliance risk.

    Key deliverable:

    Security Policy Templates

    Templates for policies that can be used to map policy statements to multiple compliance frameworks.

    Sample of Security Policy Templates.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Security Policy Prioritization Tool

    The Info-Tech Security Policy Prioritization Tool will help you determine which security policies to work on first.
    Sample of the Security Policy Prioritization Tool.
    Sample of the Security Policy Assessment Tool.

    Security Policy Assessment Tool

    Info-Tech's Security Policy Assessment Tool helps ensure that your policies provide adequate coverage for your organization's security requirements.

    Measure the value of this blueprint

    Phase

    Purpose

    Measured Value

    Define Security Policy Program Understand the value in formal security policies and determine which policies to prepare to update, eliminate, or add to your current suite. Time, value, and resources saved with guidance and templates:
    1 FTE*3 days*$80,000/year = $1,152
    Time, value, and resources saved using our recommendations and tools:
    1 FTE*2 days*$80,000/year = $768
    Develop and Implement the Policy Suite Select from an extensive policy template offering and customize the policies you need to optimize or add to your own policy program. Time, value, and resources saved using our templates:
    1 consultant*15 days*$150/hour = $21,600 (if starting from scratch)
    Communicate Security Policy Program Use Info-Tech’s methodology and best practices to ensure proper communication, training, and awareness. Time, value, and resources saved using our training and awareness resources:
    1 FTE*1.5 days*$80,000/year = $408
    Measure Security Policy Program Use Info-Tech’s custom toolkits for continuous tracking and review of your policy suite. Time, value, and resources saved by using our enforcement recommendations:
    2 FTEs*5 days*$160,000/year combined = $3,840
    Time, value, and resources saved by using our recommendations rather than an external consultant:
    1 consultant*5 days*$150/hour = $7,200

    After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

    Overall Impact

    9.5 /10

    Overall Average $ Saved

    $29,015

    Overall Average Days Saved

    25

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is six to ten calls over the course of two to four months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Call #1: Scope security policy requirements, objectives, and any specific challenges.

    Call #2: Review policy lifecycle; prioritize policy development.

    Call #3: Customize the policy templates.

    Call #4: Gather feedback on policies and get approval.

    Call #5: Communicate the security policy program.

    Call #6: Develop policy training and awareness programs.

    Call #7: Track policies and exceptions.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889
    Day 1 Day 2 Day 3 Day 4 Day 5
    Define the security policy program
    Develop the security policy suite
    Develop the security policy suite
    Implement security policy program
    Finalize deliverables and next steps
    Activities

    1.1 Understand the current state of policies.

    1.2 Align your security policies to the Info-Tech framework for compliance.

    1.3 Understand the relationship between policies and other documents.

    1.4 Prioritize the development of security policies.

    1.5 Discuss strategies to leverage stakeholder support.

    1.6 Plan to communicate with all stakeholders.

    1.7 Develop the security policy lifecycle.

    2.1 Discuss the risks and drivers your organization faces that must be addressed by policies.

    2.2 Develop and customize security policies.

    2.1 Discuss the risks and drivers your organization faces that must be addressed by policies (continued).

    2.2 Develop and customize security policies (continued).

    2.3 Develop a plan to gather feedback from users.

    2.4 Discuss a plan to submit policies for approval.

    3.1 Plan the communication strategy for new policies.

    3.2 Discuss myPolicies to automate management and implementation.

    3.3 Incorporate policies into your security awareness and training program.

    3.4 Assess the effectiveness of policies.

    3.5 Understand the need for regular review and update.

    4.1 Review customized lifecycle and policy templates.

    4.2 Discuss the plan for policy roll out.

    4.3 Schedule follow-up Guided Implementation calls.

    Deliverables
    1. Security Policy Prioritization Tool
    2. Security Policy Lifecycle
    1. Security Policies (approx. 9)
    1. Security Policies (approx. 9)
    1. Policy Communication Plan
    2. Security Awareness and Training Program Development Tool
    3. Security Policy Assessment Tool
    1. All deliverables finalized

    Develop and Deploy Security Policies

    Phase 1

    Define the Security Policy Program

    Phase 1

    1.1 Understand the current state

    1.2 Align your security policies to the Info-Tech framework

    1.3 Document your policy hierarchy

    1.4 Prioritize development of security policies

    1.5 Leverage stakeholders

    1.6 Develop the policy lifecycle

    Phase 2

    2.1 Customize policy templates

    2.2 Gather feedback from users on policy feasibility

    2.3 Submit policies to upper management for approval

    Phase 3

    3.1 Understand the need for communicating policies

    3.2 Use myPolicies to automate the management of your security policies

    3.3 Design, build, and implement your communications plan

    3.4 Incorporate policies and processes into your training and awareness programs

    Phase 4

    4.1 Assess the state of security policies

    4.2 Identify triggers for regular policy review and update

    4.3 Develop an action plan to update policies

    This phase will walk you through the following activities:

    • Understand the current state of your organization’s security policies.
    • Align your security policies to the Info-Tech framework for compliance.
    • Prioritize the development of your security policies.
    • Leverage key stakeholders to champion the policy initiative.
    • Inform all relevant stakeholders of the upcoming policy program.
    • Develop the security policy lifecycle.

    1.1 Understand the current state of policies

    Scenario 1: You have existing policies

    1. Use the Security Policy Prioritization Tool to identify any gaps between the policies you already have and those recommended based on your changing business needs.
    2. As your organization undergoes changes, be sure to incorporate new requirements in the existing policies.
    3. Sometimes, you may have more specific procedures for a domain’s individual security aspects instead of high-level policies.
    4. Group current policies into the domains and use the policy templates to create overarching policies where there are none and improve upon existing high-level policies.

    Scenario 2: You are starting from scratch

    1. To get started on new policies, use the Security Policy Prioritization Tool to identify the policies Info-Tech recommends based on your business needs. See the full list of templates in the Appendix to ensure that all relevant topics are addressed.
    2. Whether you’re starting from scratch or have incomplete/ad hoc policies, use Info-Tech’s policy templates to formalize and standardize security requirements for end users.
    Info-Tech Insight

    Policies are living, evolving documents that require regular review and update, so even if you have policies already written, you’re not done with them.

    1.2 Align your security policies to the Info-Tech framework for compliance

    You have an opportunity to improve your employee alignment and satisfaction, improve organizational agility, and obtain high policy adherence. This is achieved by translating your corporate culture into a policy-based compliance culture.

    Align your security policies to the Info-Tech Security Framework by using Info-Tech’s policy templates.

    Info-Tech’s security framework uses a best-of-breed approach to leverage and align with most major security standards, including:
    • ISO 27001/27002
    • COBIT
    • Center for Internet Security (CIS) Critical Controls
    • NIST Cybersecurity Framework
    • NIST SP 800-53
    • NIST SP 800-171

    Info-Tech Security Framework

    Info-Tech Security Framework with policies grouped into categories which are then grouped into 'Governance' and 'Management'.

    1.3 Document your policy hierarchy

    Structuring policy components at different levels allows for efficient changes and direct communication depending on what information is needed.

    Policy hierarchy pyramid with 'Security Policy Lifecycle' on top, then 'Security Policies', then 'IT and/or Supporting Documentation'.

    Defines the cycle for the security policy program and what must be done but not how to do it. Aligns the business, security program, and policies.
    Addresses the “what,” “who,” “when,” and “where.”

    Defines high-level overarching concepts of security within the organization, including the scope, purpose, and objectives of policies.
    Addresses the high-level “what” and “why.”
    Changes when business objectives change.

    Defines enterprise/technology – specific, detailed guidelines on how to adhere to policies.
    Addresses the “how.”
    Changes when technology and processes change.

    Info-Tech Insight

    Design separate policies for different areas of focus. Policies that are written as single, monolithic documents are resistant to change. A hierarchical top-level document supported by subordinate policies and/or procedures can be more rapidly revised as circumstances change.

    1.3.1 Understand the relationship between policies and other documents

    Policy:
    • Provides emphasis and sets direction.
    • Standards, guidelines, and procedures must be developed to support an overarching policy.
    Arrows stemming from the above list, connecting to the three lists below.

    Standard:

    • Specifies uniform method of support for policy.
    • Compliance is mandatory.
    • Includes process, frameworks, methodologies, and technology.
    Two-way horizontal arrow.

    Procedure:

    • Step-by-step instructions to perform desired actions.
    Two-way horizontal arrow.

    Guideline:

    Recommended actions to consider in absence of an applicable standard, to support a policy.
    This model is adapted from a framework developed by CISA (Certified Information Systems Auditor).

    Supporting Documentation

    Considerations for standards

    Standards. These support policies by being much more specific and outlining key steps or processes that are necessary to meet certain requirements within a policy document. Ideally standards should be based on policy statements with a target of detailing the requirements that show how the organization will implement developed policies.

    If policies describe what needs to happen, then standards explain how it will happen.

    A good example is an email policy that states that emails must be encrypted; this policy can be supported by a standard such as Transport Layer Security (TLS) encryption that specifically ensures that all email communication is encrypted for messages “in transit” from one secure email server that has TLS enabled to another.

    There are numerous security standards available that support security policies/programs based on the kind of systems and controls that an organization would like to put in place. A good selection of supporting standards can go a long way to further protect users, data, and other organizational assets
    Key Policies Example Associated Standards
    Access Control Policy
    • Password Management User Standard
    • Account Auditing Standard
    Data Security Policy
    • Cryptography Standard
    • Data Classification Standard
    • Data Handling Standard
    • Data Retention Standard
    Incident Response Policy
    • Incident Response Plan
    Network Security Policy
    • Wireless Connectivity Standard
    • Firewall Configuration Standard
    • Network Monitoring Standard
    Vendor Management Policy
    • Vendor Risk Management Standard
    • Third-Party Access Control Standard
    Application Security Policy
    • Application Security Standard

    1.4 Prioritize development of security policies

    The Info-Tech Security Policy Prioritization Tool will help you determine which security policies to work on first.
    • The tool allows you to prioritize your policies based on:
      • Importance: How relevant is this policy to organizational security?
      • Ease to implement: What is the effort, time, and resources required to write, review, approve, and distribute the policy?
      • Ease to enforce: How much effort, time, and resources are required to enforce the policy?
    • Additionally, the weighting or priority of each variable of prioritization can be adjusted.

    Align policies to recent security concerns. If your organization has recently experienced a breach, it may be crucial to highlight corresponding policies as immediately necessary.

    Info-Tech Insight

    If you have an existing policy that aligns with one of the Info-Tech recommended templates weight Ease to Implement and Ease to Enforce as HIGH (4-5). This will decrease the priority of these policies.

    Sample of the Security Policy Prioritization Tool.

    Download the Security Policy Prioritization Tool

    1.5 Leverage stakeholders to champion policies

    Info-Tech Insight

    While management support is essential to initiating a strong security posture, allow employees to provide input on the development of security policies. This cooperation will lead to easier incorporation of the policies into the daily routines of workers, with less resistance. The security team will be less of a police force and more of a partner.

    Executive champion

    Identify an executive champion who will ensure that the security program and the security policies are supported.

    Focus on risk and protection

    Security can be viewed as an interference, but the business is likely more responsive to the concepts of risk and protection because it can apply to overall business operations and a revenue-generating mandate.

    Communicate policy initiatives

    Inform stakeholders of the policy initiative as security policies are only effective if they support the business requirements and user input is crucial for developing a strong security culture.

    Current security landscape

    Leveraging the current security landscape can be a useful mechanism to drive policy buy-in from stakeholders.

    Management buy-in

    This is key to policy acceptance; it indicates that policies are accurate, align with the business, and are to be upheld, that funds will be made available, and that all employees will be equally accountable.

    Develop Infrastructure & Operations Policies and Procedures

    • Buy Link or Shortcode: {j2store}452|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $46,324 Average $ Saved
    • member rating average days saved: 42 Average Days Saved
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Time and money are wasted dealing with mistakes or missteps that should have been addressed by procedures or policies.
    • Standard operating procedures are less effective without a policy to provide a clear mandate and direction.
    • Adhering to policies is rarely a priority, as compliance often feels like an impediment to getting work done.
    • Processes aren’t measured or audited to assess policy compliance, which makes enforcing the policies next to impossible.

    Our Advice

    Critical Insight

    • Document what you need to document and forget the rest. Always check to see if you can use a previously approved policy before you create a new one. You may only need to create new guidelines or standards rather than approve a new policy.

    Impact and Result

    • Start with a comprehensive policy framework to help you identify policy gaps. Prioritize and address those policy gaps.
    • Create effective policies that are reasonable, measurable, auditable, and enforceable.
    • Create and document procedures to support policy changes.

    Develop Infrastructure & Operations Policies and Procedures Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should change your approach to developing Infrastructure & Operations policies and procedures, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify policy and procedure gaps

    Create a prioritized action plan for documentation based on business need.

    • Develop Infrastructure & Operations Policies and Procedures – Phase 1: Identify Policy and Procedure Gaps

    2. Develop policies

    Adapt policy templates to meet your business requirements.

    • Develop Infrastructure & Operations Policies and Procedures – Phase 2: Develop Policies
    • Availability and Capacity Management Policy
    • Business Continuity Management Policy
    • Change Control – Freezes & Risk Evaluation Policy
    • Change Management Policy
    • Configuration Management Policy
    • Firewall Policy
    • Hardware Asset Management Policy
    • IT Triage and Support Policy
    • Release Management Policy
    • Software Asset Management Policy
    • System Maintenance Policy – NIST
    • Internet Acceptable Use Policy

    3. Document effective procedures

    Improve policy adherence and service effectiveness through procedure standardization and documentation.

    • Develop Infrastructure & Operations Policies and Procedures – Phase 3: Document Effective Procedures
    • Capacity Plan Template
    • Change Management Standard Operating Procedure
    • Configuration Management Standard Operation Procedures
    • Incident Management and Service Desk SOP
    • DRP Summary Template
    • Service Desk Standard Operating Procedure
    • HAM Standard Operating Procedures
    • SAM Standard Operating Procedures
    [infographic]

    Further reading

    Develop Infrastructure & Operations Policies and Procedures

    Document what you need to document and forget the rest.

    Table of contents

    Project Rationale

    Project Outlines

    • Phase 1: Identify Policy and Procedure Gaps
    • Phase 2: Develop Policies
    • Phase 3: Document Effective Procedures

    Bibliography

    ANALYST PERSPECTIVE

    Document what you need to document now and forget the rest.

    "Most IT organizations struggle to create and maintain effective policies and procedures, despite known improvements to consistency, compliance, knowledge transfer, and transparency.

    The numbers are staggering. Fully three-quarters of IT professionals believe their policies need improvement, and the same proportion of organizations don’t update procedures as required.

    At the same time, organizations that over-document and under-document perform equally poorly on key measures such as policy quality and policy adherence. Take a practical, step-by-step approach that prioritizes the documentation you need now. Leave the rest for later."

    (Andrew Sharp, Research Manager, Infrastructure & Operations Practice, Info-Tech Research Group)

    Our understanding of the problem

    This Research Is Designed For:

    • Infrastructure Managers
    • Chief Technology Officers
    • IT Security Managers

    This Research Will Help You:

    • Address policy gaps
    • Develop effective procedures and procedure documentation to support policy compliance

    This Research Will Also Assist:

    • Chief Information Officers
    • Enterprise Risk and Compliance Officers
    • Chief Human Resources Officers
    • Systems Administrators and Engineers

    This Research Will Help Them:

    • Understand the importance of a coherent approach to policy development
    • Understand the importance of Infrastructure & Operations policies
    • Support Infrastructure & Operations policy development and enforcement

    Info-Tech Best Practice

    This blueprint supports templates for key policies and procedures that help Infrastructure & Operations teams to govern and manage internal operations. For security policies, see the NIST SP 800-171 aligned Info-Tech blueprint, Develop and Deploy Security Policies.

    Executive Summary

    Situation

    • Time and money are wasted dealing with mistakes or missteps that should have been addressed by procedures or policies.
    • Standard operating procedures are less effective without a policy to provide a clear mandate and direction.

    Complication

    • Existing policies were written, approved, signed – and forgotten for years because no one has time to maintain them.
    • Adhering to policies is rarely a priority, as compliance often feels like an impediment to getting work done.
    • Processes aren’t measured or audited to assess policy compliance, which makes enforcing the policies next to impossible.

    Resolution

    • Start with a comprehensive policy framework to help you identify policy gaps. Prioritize and address those policy gaps.
    • Create effective policies that are reasonable, measurable, auditable, and enforceable.
    • Create and document procedures to support policy changes.

    Info-Tech Insight

    1. Document what you need to document and forget the rest.
      Always check if a previously approved policy exists before you create a new one. You may only need to create new guidelines or standards rather than approve a new policy.
    2. Support policies with documented procedures.
      Build procedures that embed policy adherence in daily operations. Find opportunities to automate policy adherence (e.g. removing local admin rights from user computers).

    What are policies, procedures, and processes?

    A policy is a governing document that states the long-term goals of the organization and in broad strokes outlines how they will be achieved (e.g. a Data Protection Policy).

    In the context of policies, a procedure is composed of the steps required to complete a task (e.g. a Backup and Restore Procedure). Procedures are informed by required standards and recommended guidelines. Processes, guidelines, and standards are three pillars that support the achievement of policy goals.

    A process is higher level than a procedure – a set of tasks that deliver on an organizational goal.

    Better policies and procedures reduce organizational risk and, by strengthening the ability to execute processes, enhance the organization’s ability to execute on its goals.

    Visualization of policies, procedures, and processes using pillars. Two separate structures, 'Policy A' and 'Policy B', are each held up by three pillars labelled 'Standards', 'Procedures', and 'Guidelines'. Two lines pass through the pillars of both structures and are each labelled 'Value-creating process'.

    Document to improve governance and operational processes

    Deliver value

    Build, deliver, and support Infrastructure assets in a consistent way, which ultimately reduces costs associated with downtime, errors, and rework. A good manual process is the foundation for a good automated process.

    Simplify Training

    Use documentation for knowledge transfer. Routine tasks can be delegated to less-experienced staff.

    Maintain compliance

    Comply with laws and regulations. Policies are often required for compliance, and formally documented and enforced policies help the organization maintain compliance by mandating required due diligence, risk reduction, and reporting activities.

    Provide transparency

    Build an open kitchen. Other areas of the organization may not understand how Infra & Ops works. Your documentation can provide the answer to the perennial question: “Why does that take so long?”

    Info-Tech Best Practice

    Governance goals must be supported with effective, well-aligned procedures and processes. Use Info-Tech’s research to support the key Infrastructure & Operations processes that enable your business to create value.

    Document what you need to document – and forget the rest

    Half of all organizations believe their policy suite is insufficient. (Info-Tech myPolicies Survey Data (N=59))

    Pie chart with three sections labelled 'Too Many Policies and Procedures 14%', 'Adequate Policies and Procedures 37%', 'Insufficient Policies and Procedures 49%'

    Too much documentation and a lack of documentation are both ineffective. (Info-Tech myPolicies Survey Data (N=59))

    Two bar charts labelled 'Policy Adherence' and 'Policy Quality' each with three bars representing 'Too Many Policies and Procedures', 'Insufficient Policies and Procedures', and 'Adequate Policies and Procedures'. The values shown are an average score out of 5. For Policy Adherence: Too Many is 2.4, Insufficient is 2.1, and Adequate is 3.2. For Policy Quality: Too Many is 2.9, Insufficient is 2.6, and Adequate is 4.1.

    77% of IT professionals believe their policies require improvement. (Kaspersky Lab)

    Presenting: A COBIT-aligned policy suite

    We’ve developed a suite of effective policy templates for every Infra & Ops manager based on Info-Tech’s IT Management & Governance Framework.

    Policy templates and the related aspects of Info-Tech's IT Management & Governance Framework

    Info-Tech Best Practice

    Look for these symbols as you work through the deck. Prioritize and focus on the policies you work on first based on the value of the policy to the enterprise and the existing gaps in your governance structure.

    Project outline

    Phases

    1. Identify policy and procedure gaps 2. Develop policies 3. Document effective procedures

    Steps

    • Review and right-size the existing policy set
    • Create an action plan to address policy gaps
    • Modify policy templates and gather feedback
    • Implement, enforce, measure, and maintain new policies
    • Scope and outline procedures
    • Document and maintain procedures

    Outcomes

    Action list of policy and procedure gaps New or updated Infrastructure & Operations policies Procedure documentation

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Accelerate policy development with a Guided Implementation

    Your trusted advisor is just a call away.

    • Identify Policy and Procedure Gaps (Calls 1-2)
      Assess current policies, operational challenges, and gaps. Mitigate significant risks first.
    • Create and Review Policies (Calls 2-4)
      Modify and review policy templates with an Info-Tech analyst.
    • Create and Review Procedures (Calls 4-6)
      Workflow procedures, using templates wherever possible. Review documentation best practices.

    Contact Info-Tech to set up a Guided Implementation with a dedicated advisor who will walk you through every stage of your policy development project.

    Develop Infrastructure & Operations Policies and Procedures

    Phase 1

    Identify Policy and Procedure Gaps

    PHASE 1: Identify Policy and Procedure Gaps

    Step 1.1: Review and right-size the existing policy set

    This step will walk you through the following activities:

    • Identify gaps in your existing policy suite
    • Document challenges to core Infrastructure & Operations processes
    • Identify documentation that can close gaps
    • Prioritize your documentation effort

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Infrastructure Supervisors

    Results & Insights

    • Results: A review of the existing policy suite and identification of opportunities for improvement.
    • Insights: Not all gaps necessarily require a fresh policy. Repurpose, refresh, or supplement existing documentation wherever appropriate.

    Conduct a policy review

    Associated Activity icon 1(a) 30 minutes per policy

    You’ve got time to review your policy suite. Make the most of it.

    1. Start with organizational requirements.
      • What initiatives are on the go? What policies or procedures do you have a mandate to create?
    2. Weed out expired and dated policies.
      • Gather your existing policies. Identify when each one was published or last reviewed.
      • Decide whether to retire, merge, or update expired or obviously dated policy.
    3. Review policy statements.
      • Check that the organization is adequately supporting policy statements with SOPs, standards, and guidelines. Ensure role-related information is up to date.
    4. Document and bring any gaps forward to the next activity. If no action is required, indicate that you have completed a review and submit the findings for approval.

    But they just want one policy...

    A review of your policy suite is good practice, especially when it hasn’t been done for a while. Why?
    • Existing policies may address what you’re trying to do with a new policy. Using or modifying an existing policy avoids overlap and contradiction and saves you the effort required to create, communicate, approve, and maintain a new policy.
    • Review the suite to validate that you’re addressing the most important challenges first.

    Brainstorm improvements for core Infrastructure & Operations processes

    Associated Activity icon 1(b) 1 hour

    Supplement the list of gaps from your policy review with process challenges.

    1. Write out key Infra & Ops–related processes – one piece of flipchart paper per process. You can work through all of these processes or cherry-pick the processes you want to improve first.
    2. With participants, write out in point form how you currently execute on these processes (e.g. for Asset Management, you might be tagging hardware, tracking licenses, etc.)
    3. Work through a “Start – Stop – Continue” exercise. Ask participants: What should we start doing? What must we stop doing? What do we do currently that’s valuable and must continue? Write ideas on sticky notes.
    4. Once you’ve worked through the “Start – Stop – Continue” exercise for all processes, group similar suggestions for improvements.

    Asset Management: Manage hardware and software assets across their lifecycle to protect assets and manage costs.

    Availability and Capacity Management: Balance current and future availability, capacity, and performance needs with cost-to-serve.

    Business Continuity Management: Continue operation of critical business processes and IT services.

    Change Management: Deliver technical changes in a controlled manner.

    Configuration Management: Define and maintain relationships between technical components.

    Problem Management: Identify incident root cause.

    Operations Management: Coordinate operations.

    Release and Patch Management: Deliver updates and manage vulnerabilities in a controlled manner.

    Service Desk: Respond to user requests and all incidents.

    PHASE 1: Identify Policy and Procedure Gaps

    Step 1.2: Create an action plan to address policy gaps

    This step will walk you through the following activities:

    • Identify challenges and gaps that can be addressed via documentation
    • Prioritize high-value, high-risk gaps

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Infrastructure Supervisors

    Results & Insights

    • Results: An action plan to tackle policy and procedures gaps, aligned with business requirements and business value.
    • Insights: Not all documentation is equally valuable. Prioritize documentation that delivers value and mitigates risk.

    Support policies with procedures, standards, and guidelines

    Use a working definition for each type of document.

    Policy: Directives, rules, and mandates that support the overarching, long-term goals of the organization.

    • Standards: Prescriptive, uniform requirements.
    • Procedures: Specific, detailed, step-by-step instructions for completing a task.
    • Guidelines: Non-enforceable, recommended best practices.

    Info-Tech Best Practice

    Take advantage of your Info-Tech advisory membership by scheduling review sessions with an analyst. We provide high-level feedback to ensure your documentation is clear, concise, and consistent and aligns with the governance objectives you’ve identified.

    Answer the following questions to decide if governance documentation can help close gaps

    Associated Activity icon 1(c) 30 minutes

    Documentation supports knowledge sharing, process consistency, compliance, and transparency. Ask the following questions:

    1. What is the purpose of the documentation?
      Procedures support task completion. Policies set direction and manage organizational risk.
    2. Should it be enforceable?
      Policies and standards are enforceable; guidelines are not. Procedures are enforceable in that they should support policy enforcement.
    3. What is the scope?
      To document a task, create a procedure. Set overarching rules with policies. Use standards and guidelines to set detailed rules and best practices.
    4. What’s the expected cadence for updates?
      Policies should be revisited and revised less frequently than procedures.

    Info-Tech Best Practice

    Reinvent the wheel? I don’t think so!

    Always check to see if a gap can be addressed with existing tools before drafting a new policy

    • Is there an existing policy that could be supported with new or updated procedures, technical standards, or guidelines?
    • Is there a technical control you can deploy that would enforce the terms of an existing, approved policy?
    • It may be simpler to amend an existing policy instead of creating a new one.

    Some problems can’t be solved by better documentation (or by documentation alone). Consider additional strategies that address people, process, and technology.

    Tackle high-value, high-risk gaps first

    Associated Activity icon 1(d) 30 minutes

    Prioritize your documentation effort.

    1. List each proposed piece of documentation on the board.
    2. Assign a score to the risk posed to the business by the lack of documentation and to the expected benefit of completing the documentation. Use a scoring scale between 1 and 3 such as the one on the right.
    3. Prioritize documentation that mitigates risks and maximizes benefits.
    4. If you need to break ties, consider effort required to develop, implement, and enforce policies or procedures.

    Example Scoring Scale

    Score Business risk of missing documentation Business benefit of value of documentation

    1

    Low: Affects ad hoc activities or non-critical data. Low: Minimal impact.

    2

    Moderate: Impacts productivity or internal goodwill. Moderate: Required periodically; some cross-training opportunities.

    3

    High: Impacts revenue, safety, or external goodwill. High: Save time for common or ongoing processes; extensive improvement to training/knowledge transfer.

    Info-Tech Insight

    Documentation pulls resources away from other important programs and projects, so ultimately it must be a demonstrably higher priority than other work. This exercise is designed to align documentation efforts with business goals.

    Phase 1: Review accomplishments

    Policy pillars: Standards, Procedures, Guidelines

    Summary of Accomplishments

    • Identified gaps in the existing policy suite and identified pain points in existing Infra & Ops processes.
    • Developed a list of policies and procedures that can address existing gaps and prioritized the documentation effort.

    Develop Infrastructure & Operations Policies and Procedures

    Phase 2

    Develop Policies

    PHASE 2: Develop Policies

    Step 2.1: Modify policy templates and gather feedback

    This step will walk you through the following activities:

    • Modify policy templates

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Technical Writer

    Results & Insights

    • Results: Your own COBIT-aligned policies built by modifying Info-Tech templates.
    • Insights: Effective policies are easy to read and navigate.

    Write Good-er: Be Clear, Consistent, and Concise

    Effective policies adhere to the three Cs of documentation.

    1. Be clear. Make it as easy as possible for a user to learn how to comply with your policy.
    2. Be consistent. Write policies that complement each other, not contradict each other.
    3. Be concise. Make it as quick and easy as possible to read and understand your policy.

    Info-Tech Best Practice

    To download the full suite of templates all at once, click the “Download Research” button on the research landing page on the website.

    Use the three Cs: Be Clear

    Understanding makes compliance possible. Create policy with the goal of making compliance as easy as possible. Use positive, simple language to convey your intentions and rationale to your audience. Staff will make an effort adhere to your policy when they understand the need and are able to comply with the terms.

    1. Choose a skilled writer. Select a writer who can write clearly and succinctly.
    2. Default to simple language and define key terms. Define scope and key terms upfront. Avoid using technical terms outside of technical documentation; if they’re necessary be sure to define them as well.
    3. Use active, positive language. Where possible, tell people what they can do, not what they can’t.
    4. Keep the structure simple. Complicated documents are less likely to be understood and read. Use short sentences and paragraphs. Lists are a helpful way to summarize important information. Guide your reader through the document with appropriately named section headers, tables of contents, and numeration.
    5. Add a process for handling exceptions. Refer to procedures, standards, and guidelines documentation. Try to keep these links as static as possible. Also, refer to a process for handling exceptions.
    6. Manage the integrity of electronic documents. When published electronically, the policy should have restricted editing access or should be published in a non-editable format. Access to the procedure and policy storage database for employees should be read-only.

    Info-Tech Insight

    Highly effective policies are easy to navigate. Your policies should be “skimmable.” Very few people will fully read a policy before accepting it. Make it easy to navigate so the reader can easily find the policy statements that apply to them.

    Use the three Cs: Be Consistent

    Ensure that policies are aligned with other organizational policies and procedures. It detracts from compliance if different policies prescribe different behavior in the same situation. Moreover, your policies should reflect the corporate culture and other company standards. Use your policies to communicate rules and get employees aligned with how your company works.

    1. Use standard sentences and paragraphs. Policies are usually expressed in short, standard sentences. Lists should also be used when necessary or appropriate.
    2. Remember the three Ws. When writing a policy, always be sure to clearly state what the rule is, when it should be applied, and who needs to follow it. Policies should clearly define their scope of application and whether directives are mandatory or recommended.
    3. Use an outline format. Using a numbered or outline format will make a document easier to read and will make content easier to look up when referring back to the document at a later time.
    4. Avoid amendments. Avoid the use of information that is quickly outdated and requires regular amendment (e.g. names of people).
    5. Reference a set of supplementary documents. Codify your tactics outside of the policy document, but make reference to them within the text. This makes it easier to ensure consistency in the behavior prescribed by your policies.

    "One of the issues is the perception that policies are rules and regulations. Instead, your policies should be used to say ‘this is the way we do things around here.’" (Mike Hughes CISA CGEIT CRISC, Principal Director, Haines-Watts GRC)

    Use the three Cs: Be Concise

    Reading and understanding policies shouldn’t be challenging, and it shouldn’t significantly detract from productive time. Long policies are more difficult to read and understand, increasing the work required for employees to comply with them. Put it this way: How often do you read the Terms and Conditions of software you’ve installed before accepting them?

    1. Be direct. The quicker you get to the point, the easier it is for the reader to interpret and comply with your policy.
    2. Your policy is a rule, not a recipe. Your policy should outline what needs to be accomplished and why – your standards, guidelines, and SOPs address the how.
    3. Keep policies short. Nobody wants to read a huge policy book, so keep your policies short.
    4. Use additional documentation where needed. In addition to making consistency easier, this shortens the length of your policies, making them easier to read.
    5. Policy still too large? Modularize it. If you have an extremely large policy, it’s likely that it’s too widely scoped or that you’re including statements that should be part of procedure documentation. Consider breaking your policy into smaller, focused, more digestible documents.

    "If the policy’s too large, people aren’t going to read it. Why read something that doesn’t apply to me?" (Carole Fennelly, Owner and Principal, cFennelly Consulting)

    "I always try to strike a good balance between length and prescriptiveness when writing policy. Your policies … should be short and describe the problem and your approach to solving it. Below policies, you write standards, guidelines, and SOPs." (Michael Deskin, Policy and Technical Writer, Canadian Nuclear Safety Commission)

    Customize policy documents

    Associated Activity icon 2(a) 1-2 hours per policy

    Use the policies templates to support key Infrastructure & Operations programs.

    INPUT: List of prioritized policies

    OUTPUT: Written policy drafts ready for review

    Materials: Policy templates

    Participants: Policy writer, Signing authority

    No policy template will be a perfect fit for your organization. Use Info-Tech’s research to develop your organization’s program requirements. Customize the policy templates to support those requirements.

    1. Work through policies from highest to lowest priority as defined in Phase 1.
    2. Follow the instructions written in grey text to customize the policy. Follow the three Cs when you write your policy.
    3. When your draft is finished, prepare to request signoff from your signing authority by reviewing the draft with an Info-Tech analyst.
    4. Complete the highest ranked three or four draft policies. Review all these policies with relevant stakeholders and include all relevant signing authorities in the signoff process.
    5. Rinse and repeat. Iterate until all relevant polices are complete.

    Request, Incident, and Problem Management

    An effective, timely service desk correlates with higher overall end-user satisfaction across all other IT services. (Info-Tech Research Group, 2016 (N=25,998))

    An icon for the 'DSS02 Service Desk' template. An icon for the 'DSS03 Incident and Problem Management' template.

    Use the following template to create a policy that outlines the goals and mandate for your service and support organization:

    • IT Triage and Support Policy

    Support the program and associated policy statements using Info-Tech’s research:

    • Standardize the Service Desk
    • Incident and Problem Management
    • Design & Build a User-Facing Service Catalog

    Embrace Standardization

    • Outline the support and service mandate with the policy. Support the policy with the methodology in Info-Tech’s research.
    • Over time, organizations without standardized processes face confusion, redundancies, and cost overruns. Standardization avoids wasting energy and effort building new solutions to solved issues.
    • Standard processes for IT services define repeatable approaches to work and sandbox creative activities.
    • Create tickets for every task and categorize them using a standard classification system. Use the resulting data to support root-cause analysis and long-term trend management.
    • Create a single point of contact for users for all incidents and requests. Escalate and resolve tickets faster.
    • Empower end users and technicians with knowledge bases that help them solve problems without intervention.

    Change, Release, and Patch Management

    Slow turnaround, unauthorized changes, and change-related incidents are all too familiar to many managers.

    An icon for the 'BAI06 Change Management' template. An icon for the 'BAI07 Release Management' template.

    Use the following templates to create policies that define effective patch, release, and change management:

    • Change Management Policy
    • Release and Patch Management Policy
    • Change Control – Freezes & Risk Evaluation Policy

    Ensure the policy is supported by using the following Info-Tech research:

    • Optimize Change Management

    Embrace Change

    • IT system owners resist change management when they see it as slow and bureaucratic.
    • At the same time, an increasingly interlinked technical environment may cause issues to appear in unexpected places. Configuration management systems are often not kept up to date, so preventable conflicts get missed.
    • No process exists to support the identification and deployment of critical security patches. Tracking down users to find a maintenance window takes significant, dedicated effort and intervention from the management team.
    • Create a unified change management process that reduces risk and is balanced in its approach toward deploying changes, while also maintaining throughput of patches, fixes, enhancements, and innovation.

    IT Asset Management (ITAM)

    A proactive, dynamic ITAM program will pay dividends in support, contract management, appropriate provisioning, and more.

    An icon for the 'BAI09 Asset Management' template.

    Start by outlining the requirements for effective asset management:

    • Hardware Asset Management Policy
    • Software Asset Management Policy

    Support ITAM policies with the following Info-Tech research:

    • Implement IT Asset Management

    Leverage Asset Data

    • Create effective, directional policies for your asset management program that provide a mandate for action. Support the policies with robust procedures, capable staff, and right-fit technology solutions.
    • Poor management of assets generally leads to higher costs due to duplicated purchases, early replacement, loss, and so on.
    • Visibility into asset location and ownership improves security and accountability.
    • A centralized repository of asset data supports request fulfilment and incident management.
    • Asset management is an ongoing program, not a one-off project, and must be resourced accordingly. Organizations often implement an asset management program and let it stagnate.

    "Many of the large data breaches you hear about… nobody told the sysadmin the client data was on that server. So they weren’t protecting and monitoring it." (Carole Fennelly, Owner and Principal, cFennelly Consulting)

    Business Continuity Management (BCM)

    Streamline the traditional approach to make BCM practical and repeatable.

    An icon for the 'DSS04 DR and Business Continuity' template.

    Set the direction and requirements for effective BCM:

    • Business Continuity Management Policy

    Support the BCM policy with the following Info-Tech research:

    • Create a Right-Sized Disaster Recovery Plan
    • Develop a Business Continuity Plan

    Build Organizational Resilience

    • Evidence of disaster recovery and business continuity planning is increasingly required to comply with regulations, mitigate business risk, and meet customer demands.
    • IT leaders are often asked to take the lead on business continuity, but overall accountability for business continuity rests with the board of directors, and each business unit must create and maintain its business continuity plan.
    • Set an organizational mandate for BCM with the policy.
    • Divide the business continuity mandate into manageable parcels of work. Follow Info-Tech’s practical methodology to tackle key disaster recovery and business continuity planning activities one at a time.

    Info-Tech Best Practice

    Governance goals must be supported with effective, well-aligned procedures and processes. Use Info-Tech’s research to support the key Infrastructure & Operations processes that enable your business to create value.

    Availability, Capacity, and Operations Management

    What was old is new again. Use time-tested techniques to manage and plan cloud capacity and costs.

    An icon for the 'BAI04 Availability and Capacity Management' template. An icon for the 'DSS01 Operations Management' template. An icon for the 'BAI10 Configuration Management' template.

    Set the direction and requirements for effective availability and capacity management:

    • Availability and Capacity Management Policy
    • System Maintenance Policy – NIST

    Support the policy with the following Info-Tech research:

    • Develop an Availability and Capacity Management Plan
    • Improve IT Operations Management
    • Develop an IT Infrastructure Services Playbook

    Mature Service Delivery

    • Hybrid IT deployments – managing multiple locations, delivery models, and service providers – are the future of IT. Hybrid deployments significantly complicate capacity planning and operations management.
    • Effective operations management practices develop structured processes to automate activities and increase process consistency across the IT organization, ultimately improving IT efficiency.
    • Trying to add mature service delivery can feel like playing whack-a-mole. Systematically improve your service capabilities using the tactical, iterative approach outlined in Improve IT Operations Management.

    Enhance your overall security posture with a defensible, prescriptive policy suite

    Align your security policy suite with NIST Special Publication 800-171.

    Security policies support the organization’s larger security program. We’ve created a dedicated research blueprint and a set of templates that will help you build security policies around a robust framework.

    • Start with a security charter that aligns the security program with organizational objectives.
    • Prioritize security policies that address significant risks.
    • Work with technical and business stakeholders to adapt Info-Tech’s NIST SP 800-171–aligned policy templates (at right) to reflect your organizational objectives.

    A diagram listing all the different elements in a 'Security Charter': 'Access Control', 'Audit & Acc.', 'Awareness and Training', 'Config. Mgmt.', 'Identification and Auth.', 'Incident Response', 'Maintenance', 'Media Protection', 'Personnel Security', 'Physical Protection', 'Risk Assessment', 'Security Assessment', 'System and Comm. Protection', and 'System and Information Integrity'.

    Review and download Info-Tech's blueprint Develop and Deploy Security Policies.

    Info-Tech Best Practice

    Customize Info-Tech’s policy framework to align your policy suite to NIST SP 800-171. Given NIST’s requirements for the control of confidential information, organizations that align their policies to NIST standards will be in a strong governance position.

    PHASE 2: Develop Policies

    Step 2.2: Implement, enforce, measure, and maintain new policies

    This step will walk you through the following activities:

    • Gather stakeholder feedback
    • Identify preventive and detective controls
    • Identify required supports
    • Seek policy approval
    • Establish roles and responsibilities for policy maintenance

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Infrastructure Supervisors
    • Technical Writer
    • Policy Stakeholders

    Results & Insights

    • Results: Well-supported policies that have received signoff.
    • Insights: If you’re not prepared to enforce the policy, you might not actually need a policy. Use the policy statements as guidelines or standards, create and implement procedures, and build a culture of compliance. Once you can confidently execute on required controls, seek signoff.

    Gather feedback from users to assess the feasibility of the new policies

    Associated Activity icon 2(b) Review period: 1-2 weeks

    Once the policies are drafted, roundtable the drafts with stakeholders.

    INPUT: Draft policies

    OUTPUT: Reviewed policy drafts ready for approval

    Materials: Policy drafts

    Participants: Policy stakeholders

    1. Form a test group of users who will be affected by the policy in different ways. Keep the group to around five staff.
    2. Present new policies to the testers. Allow them to read the documents and attempt to comply with the new policies in their daily routines.
    3. Collect feedback from the group.
      • Consider using interviews, email surveys, chat channels, or group discussions.
      • Solicit ideas on how policy statements could be improved or streamlined.
    4. Make reasonable changes to the first draft of the policies before submitting them for approval. Policies will only be followed if they’re realistic and user friendly.

    Info-Tech Best Practice

    Allow staff the opportunity to provide input on policy development. Giving employees a say in policy development helps avoid obstacles down the road. This is especially true if you’re trying to change behavior rather than lock it in.

    Develop mechanisms for monitoring and enforcement

    Associated Activity icon 2(c) 20 minutes per policy

    Brainstorm preventive and detective controls.

    INPUT: Draft policies

    OUTPUT: Reviewed policy drafts ready for approval

    Materials: Policy drafts

    Participants: Policy stakeholders

    Preventive controls are designed to discourage or pre-empt policy breaches before they occur. Training, approvals processes, and segregation of duties are examples of preventive controls. (Ohio University)

    Detective controls help enforce the policy by identifying breaches after they occur. Forensic analysis and event log auditing are examples of detective controls. (Ohio University)

    Not all policies require the same level of enforcement. Policies that are required by law or regulation generally require stricter enforcement than policies that outline best practices or organizational values.

    Identify controls and enforcement mechanisms that are in line with policy requirements. Build control and enforcement into procedure documentation as needed.

    Suggestions:

    1. Have staff sign off on policies. Disclose any monitoring/surveillance.
    2. Ensure consequences match the severity of the infraction. Document infractions and ensure that enforcement is applied consistently across all infractions.
    3. Automatic controls shouldn’t get in the way of people’s ability to do their jobs. Test controls with users before you roll them out widely.

    Support the policy before seeking approval

    A policy is only as strong as its supporting pillars.

    Create Standards

    Standards are requirements that support policy adherence. Server builds and images, purchase approval criteria, and vulnerability severity definitions can all be examples of standards that improve policy adherence.

    Where reasonable, use automated controls to enforce standards. If you automate the control, consider how you’ll handle exceptions.

    Create Guidelines

    If no standards exist – or best practices can’t be monitored and enforced, as standards require – write guidelines to help users remain in compliance with the policy.

    Create Procedures: We’ll cover procedure development and documentation in Phase 3.

    Info-Tech Insight

    In general, failing to follow or strictly enforce a policy creates a risk for the business. If you’re not confident a policy will be followed or enforced, consider using policy statements as guidelines or standards as an interim measure as you update procedures and communicate and roll out changes that support adherence and enforcement.

    Seek approval and communicate the policy

    Policies ultimately need to be accepted by the business.

    • Once the drafts are completed, identify who is in charge of approving the policies.
    • Ensure all stakeholders understand the importance, context, and repercussions of the policies.
    • The approvals process is about appropriate oversight of the drafted policies. For example:
      • Do the policies satisfy compliance and regulatory requirements?
      • Do the policies work with the corporate culture?
      • Do the policies address the underlying need?

    If the draft is rejected:

    • Acquire feedback and make revisions.
    • Resubmit for approval.

    If the draft is approved:

    • Set the effective date and a review date.
    • Begin communication, training, and implementation.
    • Employees must know that there are new policies and understand the steps they must take to comply with the policies in their work.
    • Employees must be able to interpret, understand, and know how to act upon the information they find in the policies.
    • Employees must be informed on where to get help or ask questions and from whom to request policy exceptions.

    "A lot of board members and executive management teams… don’t understand the technology and the risks posed by it." (Carole Fennelly, Owner and Principal, cFennelly Consulting)

    Identify policy management roles and responsibilities

    Associated Activity icon 2(d) 30 minutes

    Discuss and assign roles and responsibilities for ongoing policy management.

    Role

    Responsibilities

    Executive sponsor

  • Supports the program at the highest levels of the business, as needed
  • Program lead

  • Leads the Infrastructure & Operations policy management program
  • Identifies and communicates status updates to the executive sponsor and the project team
  • Coordinates business demands and interviews and organizes stakeholders to identify requirements
  • Manages the work team and coordinates policy rollout
  • Policy writer

  • Authors and updates policies based on requirements
  • Coordinates with outsourced editor for completion of written documents
  • IT infrastructure SMEs

  • Provide technical insight into capabilities and limitations of infrastructure systems
  • Provide advice on possible controls that can aid policy rollout, monitoring, and enforcement
  • Legal expert

  • Provides legal advice on the policy’s legal terms and enforceability
  • "Whether at the level of a government, a department, or a sub-organization: technology and policy expertise complement one another and must be part of the conversation." (Peter Sheingold, Portfolio Manager, Cybersecurity, MITRE Corporation)

    Phase 2: Review accomplishments

    Effective Policies: Clear, Consistent, and Concise

    An icon for the 'DSS02 Service Desk' template.

    An icon for the 'DSS03 Incident and Problem Management' template.

    An icon for the 'BAI06 Change Management' template.

    An icon for the 'BAI07 Release Management' template.

    An icon for the 'BAI09 Asset Management' template.

    An icon for the 'DSS04 DR and Business Continuity' template.

    An icon for the 'BAI04 Availability and Capacity Management' template.

    An icon for the 'DSS01 Operations Management' template.

    An icon for the 'BAI10 Configuration Management' template.

    Summary of Accomplishments

    • Built priority policies based on templates aligned with the IT Management & Governance Framework and COBIT 5.
    • Reviewed controls and policy supports.
    • Assigned roles and responsibilities for ongoing policy maintenance.

    Develop Infrastructure & Operations Policies and Procedures

    Phase 3

    Document Effective Procedures

    PHASE 3: Document Effective Procedures

    Step 3.1: Scope and outline procedures

    This step will walk you through the following activities:

    • Prioritize SOP documentation
    • Draft workflows using a tabletop exercise
    • Modify templates, as applicable

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Technical Writer
    • Infrastructure Supervisors

    Results & Insights

    • Results: An action plan for SOP documentation and an outline of procedure workflows.
    • Insights: Don’t let tools get in the way of documentation – low-tech solutions are often the most effective way to build and analyze workflows.

    Prioritize your SOP documentation effort

    Associated Activity icon 3(a) 1-2 hours

    Build SOP documentation that gets used and doesn’t just check a box.

    1. Review the list of procedure gaps from Phase 1. Are any other procedures needed? Are some of the procedures now redundant?
    2. Establish the scope of the proposed procedures. Who are the stakeholders? What policies do they support?
    3. Run a basic prioritization exercise using a three-point scale. Higher scores mean greater risks or greater benefits. Score the risk of the undocumented procedure to the business (e.g. potential effect on data, productivity, goodwill, health and safety, or compliance). Score the benefit to the business of documenting the procedure (e.g. throughput improvements or knowledge transfer).
    4. Different procedures require different formats. Decide on one or more formats that can help you effectively document the procedure:
      • Flowcharts: Depict workflows and decision points. Provide an at-a-glance view that is easy to follow. Can be supported by checklists and diagrams where more detail is required.
      • Checklists: A reminder of what to do, rather than how to do it. Keep instructions brief.
      • Diagrams: Visualize objects, topologies, and connections for reference purposes.
      • Tables: Establish relationships between related categories.
      • Prose: Use full-text instructions where other documentation strategies are insufficient.

    Modify the following Info-Tech templates for larger SOPs

    Support these processes...

    ...with these blueprints...

    ...to create SOPs using these templates.

    An icon for the 'DSS04 DR and Business Continuity' template. Create a Right-Sized Disaster Recovery Plan DRP Summary
    An icon for the 'BAI09 Asset Management' template. Implement IT Asset Management HAM SOP and SAM SOP
    An icon for the 'BAI06 Change Management' template. An icon for the 'BAI07 Release Management' template. Optimize Change Management Change Management SOP
    An icon for the 'DSS02 Service Desk' template. An icon for the 'DSS03 Incident and Problem Management' template. Standardize the Service Desk Service Desk SOP

    Use tabletop planning or whiteboards to draft workflows

    Associated Activity icon 3(b) 30 minutes

    Tabletop planning is a paper-based exercise in which your team walks through a particular process and maps out what happens at each stage.

    OUTPUT: Steps in the current process for one SOP

    Materials: Tabletop, pen, and cue cards

    Participants: Process owners, SMEs

    1. For this exercise, choose one particular process to document.
    2. Document each step of the process on cue cards, which can be arranged on the table in sequence.
    3. Be sure to include task ownership in your steps.
    4. Map out the process as it currently happens – we’ll think about how to improve it later.
    5. Keep focused. Stay on task and on time.

    Example:

    • Step 3: PM reviews new defects daily
    • Step 4: PM assigns defects to tech leads
    • Step 5: Assigned resource updates status – frequency is based on ticket priority

    Info-Tech Insight

    Don’t get weighed down by tools. Relying on software or other technological tools can detract from the exercise. Use simple tools such as cue cards to record steps so that you can easily rearrange steps or insert steps based on input from the group.

    Collaborate to optimize the SOP

    Associated Activity icon 3(c) 30 minutes

    Review the tabletop exercise. What gaps exist in current processes?
    How can the processes be made better? What are the outputs and checkpoints?

    OUTPUT: Identify steps to optimize the SOP

    Materials: Tabletop, pen, and cue cards

    Participants: Process owners, SMEs

    Example:

    • Step 3: PM reviews new defects daily
    • NEW STEP: Schedule 10-minute daily defect reviews with PM and tech leads to evaluate ticket priority
    • Step 4: PM assigns defects to tech leads
    • Step 5: Assigned resource updates status – frequency is based on ticket priority
      • Step 5 Subprocess: Ticket status update
      • Step 5 Output: Ticket status moved to OPEN by assigned resource – acknowledges receipt by assigned resource

    A note on colors: Use white cards to record steps. Record gaps on yellow cards (e.g. a process step not documented) and risks on red cards (e.g. only one person knows how to execute a step) to highlight your gaps/to-dos and risks to be mitigated or accepted.

    If it’s necessary to clarify complex process flows during the exercise, you can also use green cards for decision diamonds, purple for document/report outputs, and blue for subprocesses.

    PHASE 3: Document Effective Procedures

    Step 3.2: Document effective procedures

    This step will walk you through the following activities:

    • Document workflows, checklists, and diagrams
    • Establish a cadence for document review and updates

    This step involves the following participants:

    • Infrastructure Manager
    • Technical Writer

    Results & Insights

    • Results: Improved SOP documentation and document management practices.
    • Insights: It’s possible to keep up with changes if you put the right cues and accountabilities in place. Include document review in project and change management procedures and hold staff accountable for completion.

    Document workflows with flowcharting software

    Suggestions for workflow documentation

    • Whether you draft the workflow on a whiteboard or using cue cards, the first iteration is usually messy. Clean up the flow as you document the results of the exercise.
    • Make the workflow as simple as possible and no simpler. Eliminate any decision points that aren’t strictly necessary to complete the procedure.
    • Use standard flowchart shapes (see next slide).
    • Use links to connect to related documentation.
    • Review the documented workflow with participants.

    Download the following workflow examples:

    Establish flowcharting standards

    If you don’t have existing flowchart standards, then keep it simple and stick to basic flowcharting conventions as described below.

    Basic flowcharting convention: a circle can be used for 'Start, End, and Connector'. Start, End, and Connector: Traditional flowcharting standards reserve this shape for connectors to other flowcharts or other points in the existing flowchart. Unified Modeling Language (UML) also uses the circle for start and end points.
    Basic flowcharting convention: a rounded rectangle can be used for 'Start and End'. Start and End: Traditional flowcharting standards use this for start and end. However, Info-Tech recommends using the circle shape to reduce the number of shapes and avoid confusion with other similar shapes.
    Basic flowcharting convention: a rectangle can be used for 'Process Step'. Process Step: Individual process steps or activities (e.g. create ticket or escalate ticket). If it’s a series of steps, then use the subprocess symbol and flowchart the subprocess separately.
    Basic flowcharting convention: a rectangle with double-line on the ends can be used for 'Subprocess'. Subprocess: A series of steps. For example, a critical incident SOP might reference a recovery process as one of the possible actions. Marking it as a subprocess, rather than listing each step within the critical incident SOP, streamlines the flowchart and avoids overlap with other flowcharts (e.g. the recovery process).
    Basic flowcharting convention: a diamond can be used for 'Decision'. Decision: Represents decision points, typically with Yes/No branches, but you could have other branches depending on the question (e.g. a “Priority?” question could branch into separate streams for Priority 1, 2, 3, 4, and 5 issues).
    Basic flowcharting convention: a rectangle with a wavy bottom can be used for 'Document/Report Output'. Document/Report Output: For example, the output from a backup process might include an error log.

    Support workflows with checklists and diagrams

    Diagrams

    • Diagrams are a visual representation of real-world phenomena and the connections between them.
    • Be sure to use standard shapes. Clearly label elements of the diagram. Use standard practices, including titles, dates, authorship, and versioning.
    • IT systems and interconnections are layered. Include physical, logical, protocol, and data flow connections.

    Examples:

    • XMPL Recovery Workflows
    • Workflow Library

    Checklists

    • Checklists are best used as short-form reminders on how to complete a particular task.
    • Remember the audience. If the process will be carried out by technical staff, there’s technical background material you won’t need to spell out in detail.

    Examples:

    • Employee Termination Process Checklist
    • XMPL Systems Recovery Playbook

    Establish a cadence for documentation review and maintenance

    Lock-in the work with strong document management practices.

    • Identify documentation requirements as part of project planning.
    • Require a manager or supervisor to review and approve SOPs.
    • Check documentation status as part of change management.
    • Hold staff accountable for documentation.

    "It isn’t unusual for us to see infrastructure or operations documentation that is wildly out of date. We’re talking months, even years. Often it was produced as one big effort and then not reliably maintained." (Gary Patterson, Consultant, Quorum Resources)

    Only a quarter of organizations update SOPs as needed

    A bar chart representing how often organizations update SOPs. Each option has two bars, one representing 'North America', the other representing 'Europe and Asia'. 'Never or rarely' is 11% in North America and 3% in Europe and Asia. 'Ad-hoc approach' is 38% in North America and 28% in Europe and Asia. 'For audits/annual reviews' is 33% in North America and 45% in Europe and Asia. 'As needed/via change management' is 18% in North America and 25% in Europe and Asia. Source: Info-Tech Research Group (N=104)

    Info-Tech Best Practice

    Use Info-Tech’s research Create Visual SOP Documents to further evaluate document management practices and toolsets.

    Phase 3: Review accomplishments

    Workflow documentation: Cue cards into flowcharts

    Summary of Accomplishments

    • Identified priority procedures for documentation activities.
    • Created procedure documentation in the appropriate format and level of granularity to support Infra & Ops policies.
    • Published and maintained procedure documentation.

    Research contributors and experts

    Carole Fennelly, Owner
    cFennelly Consulting

    Picture of Carole Fennelly, Owner, cFennelly Consulting.

    Carole Fennelly provides pragmatic cyber security expertise to help organizations bridge the gap between technical and business requirements. She authored the Center for Internet Security (CIS) Solaris and Red Hat benchmarks, which are used globally as configuration standards to secure IT systems. As a consultant, Carole has defined security strategies, and developed policies and procedures to implement them, at numerous Fortune 500 clients. Carole is a Certified Information Security Manager (CISM), Certified Security Compliance Specialist (CSCS), and Certified HIPAA Professional (CHP).

    Marko Diepold, IT Audit Manager
    audit2advise

    Picture of Marko Diepold, IT Audit Manager, audit2advise.

    Marko is an IT Audit Manager at audit2advise, where he delivers audit, risk advisory, and project management services. He has worked as a Security Officer, Quality Manager, and Consultant at some of Germany’s largest companies. He is a CISA and is ITIL v3 Intermediate and ITGCP certified.

    Research contributors and experts

    Martin Andenmatten, Founder & Managing Director
    Glenfis AG

    Picture of Martin Andenmatten, Founder and Managing Director, Glenfis AG.

    Martin is a digital transformation enabler who has been involved in various fields of IT for more than 30 years. At Glenfis, he leads large Governance and Service Management projects for various customers. Since 2002, he has been the course manager for ITIL® Foundation, ITIL® Service Management, and COBIT training. He has published two books on ISO 20000 and ITIL.

    Myles F. Suer, CIO Chat Facilitator
    CIO.com/Dell Boomi

    Picture of Myles F. Suer, CIO Chat Facilitator, CIO.com/Dell Boomi.

    Myles Suer, according to LeadTails, is the number 9 influencer of CIOs. He is also the facilitator for the CIOChat, which has executive-level participants from around the world in such industries as banking, insurance, education, and government. Myles is also the Industry Solutions Marketing Manager at Dell Boomi.

    Research contributors and experts

    Peter Sheingold, Portfolio Manager
    Cybersecurity, Homeland Security Center, The MITRE Corporation

    Picture of Peter Sheingold, Portfolio Manager, Cybersecurity, Homeland Security Center, The MITRE Corporation.

    Peter leads tasks that involve collaboration with the Department of Homeland Security (DHS) sponsors and MITRE colleagues and connect strategy, policy, organization, and technology. He brings a deep background in homeland security and strategic analysis to his work with DHS in the immigration, border security, and cyber mission spaces. Peter came to MITRE in 2005 but has worked with DHS from its inception.

    Robert D. Austin, Professor
    Ivey Business School

    Picture of Robert D. Austin, Professor, Ivey Business School.

    Dr. Austin is a professor of Information Systems at Ivey Business School and an affiliated faculty member at Harvard Medical School. Before his appointment at Ivey, he was a professor of Innovation and Digital Transformation at Copenhagen Business School, and, before that, a professor of Technology and Operations Management at the Harvard Business School.

    Research contributors and experts

    Ron Jones, Director of IT Infrastructure and Service Management
    DATA Communications

    Picture of Ron Jones, Director of IT Infrastructure and Service Management, DATA Communications.

    Ron is a senior IT leader with over 20 years of management experiences from engineering to IT Service Management and operations support. He is known for joining organizations and leading enhanced process efficiency and has improved software, hardware, infrastructure, and operations solution delivery and support. Ron has worked for global and Canadian firms including BlackBerry, DoubleClick, Cogeco, Infusion, Info-Tech Research Group, and Data Communications Management.

    Scott Genung, Executive Director of Networking, Infrastructure, and Service Operations
    University of Chicago

    Picture of Scott Genung, Executive Director of Networking, Infrastructure, and Service Operations, University of Chicago.

    Scott is an accomplished IT executive with 26 years of experience in technical and leadership roles. In his current role, Scott provides strategic leadership, vision, and oversight for an IT portfolio supporting 31,000 users consisting of services utilized by campuses located in North America, Asia, and Europe; oversees the University’s Command Center; and chairs the UC Cyberinfrastructure Alliance (UCCA), a group of research IT providers that collectively deliver services to the campus and partners.

    Research contributors and experts

    Steve Weil, CISSP, CISM, CRISC, Information Security Director, Cybersecurity Principal Consultant
    Point B

    Picture of Steve Weil, CISSP, CISM, CRISC, Information Security Director, Cybersecurity Principal Consultant, Point B.

    Steve has 20 years of experience in information security design, implementation, and assessment. He has provided information security services to a wide variety of organizations, including government agencies, hospitals, universities, small businesses, and large enterprises. With his background as a systems administrator, security consultant, security architect, and information security director, Steve has a strong understanding of both the strategic and tactical aspects of information security. Steve has significant hands-on experience with security controls, operating systems, and applications. Steve has a master's degree in Information Science from the University of Washington.

    Tony J. Read, Senior Program/Project Lead & Interim IT Executive
    Read & Associates

    Picture of Tony J. Read, Senior Program/Project Lead and Interim IT Executive, Read and Associates.

    Tony has over 25 years of international IT leadership experience, within high tech, computing, telecommunications, finance, banking, government, and retail industries. Throughout his career, Tony has led and successfully implemented key corporate initiatives, contributing millions of dollars to the top and bottom line. He established Read & Associates in 2002, an international IT management and program/project delivery consultancy practice whose aim is to provide IT value-based solutions, realizing stakeholder economic value and network advantage. These key concepts are presented in his new book: The IT Value Network: From IT Investment to Stakeholder Value, published by J. Wiley, NJ.

    Related Info-Tech research

    • Develop and Deploy Security Policies
    • Develop an Availability and Capacity Management Plan
    • Improve IT Operations Management
    • Develop an IT Infrastructure Services Playbook
    • Create a Right-Sized Disaster Recovery Plan
    • Develop a Business Continuity Plan
    • Implement IT Asset Management
    • Optimize Change Management
    • Standardize the Service Desk
    • Incident and Problem Management
    • Design & Build a User-Facing Service Catalog

    Bibliography

    “About Controls.” Ohio University, ND. Web. 2 Feb 2018.

    England, Rob. “How to implement ITIL for a client?” The IT Skeptic. Two Hills Ltd, 4 Feb. 2010. Web. 2018.

    “Global Corporate IT Security Risks: 2013.” Kaspersky Lab, May 2013. Web. 2018.

    “Information Security and Technology Policies.” City of Chicago, Department of Innovation and Technology, Oct. 2014. Web. 2018.

    ISACA. COBIT 5: Enabling Processes. International Systems Audit and Control Association. Rolling Meadows, IL.: 2012.

    “IT Policy & Governance.” NYC Information Technology & Telecommunications, ND. Web. 2018.

    King, Paula and Kent Wada. “IT Policy: An Essential Element of IT Infrastructure”. EDUCAUSE Review. May-June 2001. Web. 2018.

    Luebbe, Max. “Simplicity.” Site Reliability Engineering. O’Reilly Media. 2017. Web. 2018.

    Swartout, Shawn. “Risk assessment, acceptance, and exception with a process view.” ISACA Charlotte Chapter September Event, 2013. Web. 2018.

    “User Guide to Writing Policies.” Office of Policy and Efficiency, University of Colorado, ND. Web. 2018.

    “The Value of Policies and Procedures.” New Mexico Municipal League, ND. Web. 2018.

    Skills Development on the Mainframe Platform

    • Buy Link or Shortcode: {j2store}336|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    Mainframes remain a critical part of an organization’s infrastructure and will need to support these platforms for the foreseeable future. Despite the importance, it can be a challenge for organizations to find qualified resources to support them. Meanwhile, companies are unsure of where to find help to train and develop their teams on mainframe technologies and are at risk of a skills gap within their teams.

    Our Advice

    Critical Insight

    • Mainframes continue to have wide usage, particularly in enterprise organizations. The complexity of moving or replatforming many of these applications means these platforms will be around for a long time still.
    • Companies need to be proactive about developing their teams to support their mainframe systems.

    Impact and Result

    • Companies can protect their assets by cultivating a pipeline of qualified resources to support their mainframe infrastructure.
    • There is a robust training ecosystem headed by large, reputable organizations to help develop and support companies' resources. You don’t have to do it alone.

    Skills Development on the Mainframe Platform Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Skills Development on the Mainframe Platform Storyboard – An overview of the solutions available to support your mainframe training and skills development needs.

    Your mainframes are not going to disappear overnight. These systems often support the most critical operations in your organization. You need to ensure you have the right qualified resources to support your platforms.

    • Skills Development on the Mainframe Platform Storyboard
    [infographic]

    Take Action on Service Desk Customer Feedback

    • Buy Link or Shortcode: {j2store}494|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $27,500 Average $ Saved
    • member rating average days saved: 110 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • IT leaders lack information to help inform and prioritize where improvements are most needed.
    • The service desk relies only on traditional metrics such as time to respond or percentage of SLAs met, but no measures of customer satisfaction with the service they receive.
    • There are signs of dissatisfied users, but no mechanism in place to formally capture those perceptions in order to address them.
    • Even if transactional (ticket) surveys are in use, often nothing is done with the data collected or there is a low response rate, and no broader satisfaction survey is in place.

    Our Advice

    Critical Insight

    • If customer satisfaction is not being measured, it’s often because service desk leaders don’t know how to design customer satisfaction surveys, don’t have a mechanism in place to collect feedback, or lack the resources to take accountability for a customer feedback program.
    • If customer satisfaction surveys are in place, it can be difficult to get full value out of them if there is a low response rate due to poor survey design or administration, or if leadership doesn’t understand the value of / know how to analyze the data.
    • It can actually be worse to ask your customers for feedback and do nothing with it than not asking for feedback at all. Customers may end up more dissatisfied if they take the time to provide value then see nothing done with it.

    Impact and Result

    • Understand how to ask the right questions to avoid survey fatigue.
    • Design and implement two complementary satisfaction surveys: a transactional survey to capture satisfaction with individual ticket experiences and inform immediate improvements, and a relationship survey to capture broader satisfaction among the entire user base and inform longer-term improvements.
    • Build a plan and assign accountability for customer feedback management, including analyzing feedback, prioritizing customer satisfaction insights and using them to improve performance, and communicating the results back to your users and stakeholders.

    Take Action on Service Desk Customer Feedback Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take Action on Service Desk Customer Feedback Deck – A step-by-step document that walks you through how to measure customer satisfaction, design and implement transactional and relationship surveys, and analyze and act on user feedback.

    Whether you have no Service Desk customer feedback program in place or you need to improve your existing process for gathering and responding to feedback, this deck will help you design your surveys and act on their results to improve CSAT scores.

    • Take Action on Service Desk Customer Feedback Storyboard

    2. Transactional Service Desk Survey Template – A template to design a ticket satisfaction survey.

    This template provides a sample transactional (ticket) satisfaction survey. If your ITSM tool or other survey mechanism allows you to design or write your own survey, use this template as a starting point.

    • Transactional Service Desk Survey Template

    3. Sample Size Calculator – A tool to calculate the sample size needed for your survey.

    Use the Sample Size Calculator to calculate your ideal sample size for your relationship surveys.

  • Desired confidence level
  • Acceptable margin of error
  • Company population size
  • Ideal sample size
    • Sample Size Calculator

    4. End-User Satisfaction Survey Review Workflows – Visio templates to map your review process for both transactional and relationship surveys

    This template will help you map out the step-by-step process to review collected feedback from your end-user satisfaction surveys, analyze the data, and act on it.

    • End-User Satisfaction Survey Review Workflows

    Infographic

    Further reading

    Take Action on Service Desk Customer Feedback

    Drive up CSAT scores by asking the right questions and effectively responding to user feedback.

    EXECUTIVE BRIEF

    Analyst Perspective

    Collecting feedback is only half the equation.

    The image contains a picture of Natalie Sansone.

    Natalie Sansone, PhD


    Research Director, Infrastructure & Operations

    Info-Tech Research Group

    Often when we ask service desk leaders where they need to improve and if they’re measuring customer satisfaction, they either aren’t measuring it at all, or their ticket surveys are turned on but they get very few responses (or only positive responses). They fail to see the value of collecting feedback when this is their experience with it.

    Feedback is important because traditional service desk metrics can only tell us so much. We often see what’s called the “watermelon effect”: metrics appear “green”, but under the surface they’re “red” because customers are in fact dissatisfied for reasons unmeasured by standard internal IT metrics. Customer satisfaction should always be the goal of service delivery, and directly measuring satisfaction in addition to traditional metrics will help you get a clearer picture of your strengths and weaknesses, and where to prioritize improvements.

    It’s not as simple as asking customers if they were satisfied with their ticket, however. There are two steps necessary for success. The first is collecting feedback, which should be done purposefully, with clear goals in mind in order to maximize the response rate and value of responses received. The second – and most critical – is acting on that feedback. Use it to inform improvements and communicate those improvements. Doing so will not only make your service desk better, increasing satisfaction through better service delivery, but also will make your customers feel heard and valued, which alone increases satisfaction.

    The image contains a picture of Emily Sugerman.

    Emily Sugerman, PhD


    Research Analyst, Infrastructure & Operations

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • The service desk relies only on traditional metrics such as time to respond, or percentage of SLAs met, but not on measures of customer satisfaction with the service they receive.
    • There are signs of dissatisfied users (e.g. shadow IT, users avoid the service desk, go only to their favorite technician) but no mechanism in place to formally capture those perceptions.
    • Transactional ticket surveys were turned on when the ITSM tool was implemented, but either nobody responds to them, or nobody does anything with the data received.
    • IT leaders lack information to help inform and prioritize where improvements are most needed.
    • Service desk leaders don’t know how to design survey questions to ask their users for feedback and/or they don’t have a mechanism in place to survey users.
    • If customer satisfaction surveys are in place, nothing is done with the results because service desk leaders either don’t understand the value of analyzing the data or don’t know how to analyze the data.
    • Executives only want a single satisfaction number to track and don’t understand the value of collecting more detailed feedback.
    • IT lacks the resources to take accountability for the feedback program, or existing resources don’t have time to do anything with the feedback they receive.
    • Understand how to ask the right questions to avoid survey fatigue (where users get overwhelmed and stop responding).
    • Design and implement a transactional survey to capture satisfaction with individual ticket experiences and use the results to inform immediate improvements.
    • Design and implement a relationship survey to capture broader satisfaction among the entire user base and use the results to inform longer-term improvements.
    • Build a plan and assign accountability for analyzing feedback, using it to prioritize and make actionable improvements to address feedback, and communicating the results back to your users and stakeholders.

    Info-Tech Insight

    Asking your customers for feedback then doing nothing with it is worse than not asking for feedback at all. Your customers may end up more dissatisfied than they were before, if their opinion is sought out and then ignored. It’s valuable to collect feedback, but the true value for both IT and its customers comes from acting on that feedback and communicating those actions back to your users.

    Traditional service desk metrics can be misleading

    The watermelon effect

    When a service desk appears to hit all its targets according to the metrics it tracks, but service delivery is poor and customer satisfaction is low, this is known as the “watermelon effect”. Service metrics appear green on the outside, but under the surface (unmeasured), they’re red because customers are dissatisfied.

    Traditional SLAs and service desk metrics (such as time to respond, average resolution time, percentage of SLAs met) can help you understand service desk performance internally to prioritize your work and identify process improvements. However, they don’t tell you how customers perceive the service or how satisfied they are.

    Providing good service to your customers should be your end goal. Failing to measure, monitor, and act on customer feedback means you don’t have the whole picture of how your service desk is performing and whether or where improvements are needed to maximize satisfaction.

    There is a shift in ITSM to focus more on customer experience metrics over traditional ones

    The Service Desk Institute (SDI) suggests that customer satisfaction is the most important indicator of service desk success, and that traditional metrics around SLA targets – currently the most common way to measure service desk performance – may become less valuable or even obsolete in the future as customer experience-focused targets become more popular. (Service Desk Institute, 2021)

    SDI conducted a Customer Experience survey of service desk professionals from a range of organizations, both public and private, from January to March 2018. The majority of respondents said that customer experience is more important than other metrics such as speed of service or adherence to SLAs, and that customer satisfaction is more valuable than traditional metrics. (SDI, 2018).

    The image contains a screenshot of two pie graphs. The graph on the left is labelled: which of these is most important to your service desk? Customer experience is first with 54%. The graph on the right is labelled: Which measures do you find more value in? Customer satisfaction is first with 65%.

    However, many service desk leaders aren’t effectively measuring customer feedback

    Not only is it important to measure customer experience and satisfaction levels, but it’s equally important to act on that data and feed it into a service improvement program. However, many IT leaders are neglecting either one or both of those components.

    Obstacles to collecting feedback

    Obstacles to acting on collected feedback

    • Don’t understand the value of measuring customer feedback.
    • Don’t have a good mechanism in place to collect feedback.
    • Don’t think that users would respond to a survey (either generally unresponsive or already inundated with surveys).
    • Worried that results would be negative or misleading.
    • Don’t know what questions to ask or how to design a survey.
    • Don’t understand the importance of analyzing and acting on feedback collected.
    • Don’t know how to analyze survey data.
    • Lack of resources to take accountability over customer feedback (including analyzing data, monitoring trends, communicating results).
    • Executives or stakeholders only want a satisfaction score.

    A strong customer feedback program brings many benefits to IT and the business

    Insight into customer experience

    Gather insight into both the overall customer relationship with the service desk and individual transactions to get a holistic picture of the customer experience.

    Data to inform decisions

    Collect data to inform decisions about where to spend limited resources or time on improvement, rather than guessing or wasting effort on the wrong thing.

    Identification of areas for improvement

    Better understand your strengths and weaknesses from the customer’s point of view to help you identify gaps and priorities for improvement.

    Customers feel valued

    Make customers feel heard and valued; this will improve your relationship and their satisfaction.

    Ability to monitor trends over time

    Use the same annual relationship survey to be able to monitor trends and progress in making improvements by comparing data year over year.

    Foresight to prevent problems from occurring

    Understand where potential problems may occur so you can address and prevent them, or who is at risk of becoming a detractor so you can repair the relationship.

    IT staff coaching and engagement opportunities

    Turn negative survey feedback into coaching and improvement opportunities and use positive feedback to boost morale and engagement.

    Take Action on Service Desk Customer Feedback

    The image contains a screenshot of a Thought Model titled: Take Action on Service Desk Customer Feedback.

    Info-Tech’s methodology for measuring and acting on service desk customer feedback

    Phase

    1. Understand how to measure customer satisfaction

    2. Design and implement transactional surveys

    3. Design and implement relationship surveys

    4. Analyze and act on feedback

    Phase outcomes

    Understand the main types of customer satisfaction surveys, principles for survey design, and best practices for surveying your users.

    Learn why and how to design a simple survey to assess satisfaction with individual service desk transactions (tickets) and a methodology for survey delivery that will improve response rates.

    Understand why and how to design a survey to assess overall satisfaction with the service desk across your organization, or use Info-Tech’s diagnostic.

    Measure and analyze the results of both surveys and build a plan to act on both positive and negative feedback and communicate the results with the organization.

    Insight Summary

    Key Insight:

    Asking your customers for feedback then doing nothing with it is worse than not asking for feedback at all. Your customers may end up more dissatisfied than they were before if they’re asked for their opinion then see nothing done with it. It’s valuable to collect feedback, but the true value for both IT and its customers comes from acting on that feedback and communicating those actions back to your users.

    Additional insights:

    Insight 1

    Take the time to define the goals of your transactional survey program before launching it – it’s not as simple as just deploying the default survey of your ITSM tool out of the box. The objectives of the survey – including whether you want to keep a pulse on average satisfaction or immediately act on any negative experiences – will influence a range of key decisions about the survey configuration.

    Insight 2

    While transactional surveys provide useful indicators of customer satisfaction with specific tickets and interactions, they tend to have low response rates and can leave out many users who may rarely or never contact the service desk, but still have helpful feedback. Include a relationship survey in your customer feedback program to capture a more holistic picture of what your overall user base thinks about the service desk and where you most need to improve.

    Insight 3

    Satisfaction scores provide valuable data about how your customers feel, but don’t tell you why they feel that way. Don’t neglect the qualitative data you can gather from open-ended comments and questions in both types of satisfaction surveys. Take the time to read through these responses and categorize them in at least a basic way to gain deeper insight and determine where to prioritize your efforts.

    Understand how to measure customer satisfaction

    Phase 1

    Understand the main types of customer satisfaction surveys, principles for survey design, and best practices for surveying your users.

    Phase 1:

    Phase 2:

    Phase 3:

    Phase 4:

    Understand how to measure customer satisfaction

    Design and implement transactional surveys

    Design and implement relationship surveys

    Analyze and act on feedback

    Three methods of surveying your customers

    Transactional

    Relationship

    One-off

    Also known as

    Ticket surveys, incident follow-up surveys, on-going surveys

    Annual, semi-annual, periodic, comprehensive, relational

    One-time, single, targeted

    Definition

    • Survey that is tied to a specific customer interaction with the service desk (i.e. a ticket).
    • Assesses how satisfied customers are with how the ticket was handled and resolved.
    • Sent immediately after ticket is closed.
    • Short – usually 1 to 3 questions.
    • Survey that is sent periodically (i.e. semi-annually or annually) to the entire customer base to measure overall relationship with the service desk.
    • Assesses customer satisfaction with their overall service experience over a longer time period.
    • Longer – around 15-20 questions.
    • One-time survey sent at a specific, targeted point in time to either all customers or a subset.
    • Often event-driven or project-related.
    • Assesses satisfaction at one time point, or about a specific change that was implemented, or to inform a specific initiative that will be implemented.

    Pros and cons of the three methods

    Transactional

    Relationship

    One-off

    Pros

    • Immediate feedback
    • Actionable insights to immediately improve service or experience
    • Feeds into team coaching
    • Multiple touchpoints allow for trending and monitoring
    • Comprehensive insight from broad user base to improve overall satisfaction
    • Reach users who don’t contact the service desk often or respond to ticket surveys
    • Identify unhappy customers and reasons for dissatisfaction
    • Monitor broader trends over time
    • Targeted insights to measure the impact of a specific change or perception at a specific point of time

    Cons

    • Customer may become frustrated being asked to fill out too many surveys
    • Can lead to survey fatigue and low response rates
    • Tend to only see responses for very positive or negative experiences
    • High volume of data to analyze
    • Feedback is at a high-level
    • Covers the entire customer journey, not a specific interaction
    • Users may not remember past interactions accurately
    • A lot of detailed data to analyze and more difficult to turn into immediate action
    • Not as valuable without multiple surveys to see trends or change

    Which survey method should you choose?

    Only relying on one type of survey will leave gaps in your understanding of customer satisfaction. Include both transactional and relationship surveys to provide a holistic picture of customer satisfaction with the service desk.

    If you can only start with one type, choose the type that best aligns with your goals and priorities:

    If your priority is to identify larger improvement initiatives the service desk can take to improve overall customer satisfaction and trust in the service desk:

    If your priority is to provide customers with the opportunity to let you know when transactions do not go well so you can take immediate action to make improvements:

    Start with a relationship survey

    Start with a transactional survey

    The image contains a screenshot of a bar graph on SDI's 2018 Customer Experience in ITSM report.

    Info-Tech Insight

    One-off surveys can be useful to assess whether a specific change has impacted satisfaction, or to inform a planned change/initiative. However, as they aren’t typically part of an on-going customer feedback program, the focus of this research will be on transactional and relationship surveys.

    3 common customer satisfaction measures

    The three most utilized measures of customer satisfaction include CSAT, CES, and NPS.

    CSAT CES NPS
    Name Customer Satisfaction Customer Effort Score Net Promoter score
    What it measures Customer happiness Customer effort Customer loyalty
    Description Measures satisfaction with a company overall, or a specific offering or interaction Measures how much effort a customer feels they need to put forth in order to accomplish what they wanted Single question that asks consumers how likely they are to recommend your product, service, or company to other people
    Survey question How satisfied are/were you with [company/service/interaction/product]? How easy was it to [solve your problem/interact with company/handle my issue]? Or: The [company] made it easy for me to handle my issue How likely are you to recommend [company/service/product] to a friend?
    Scale 5, 7, or 10 pt scale, or using images/emojis 5, 7, or 10 pt scale 10-pt scale from highly unlikely to highly likely
    Scoring Result is usually expressed as a percentage of satisfaction Result usually expressed as an average Responses are divided into 3 groups where 0-6 are detractors, 7-8 are passives, 9-10 are promoters
    Pros
    • Well-suited for specific transactions
    • Simple and able to compare scores
    • Simple number, easy to analyze
    • Effort tends to predict future behavior
    • Actionable data
    • Simple to run and analyze
    • Widely used and can compare to other organizations
    • Allows for targeting customer segments
    Cons
    • Need high response rate to have representative numberEasy to ask the wrong questions
    • Not as useful without qualitative questions
    • Only measures a small aspect of the interaction
    • Only useful for transactions
    • Not useful for improvement without qualitative follow-up questions
    • Not as applicable to a service desk as it measures brand loyalty

    When to use each satisfaction measure

    The image contains a screenshot of a diagram that demonstrates which measure to use based off of what you would like to access, and which surveys it aligns with.

    How to choose which measure(s) to incorporate in your surveys

    The best measures are the ones that align with your specific goals for collecting feedback.

    • Most companies will use multiple satisfaction measures. For example, NPS can be tracked to monitor the overall customer sentiment, and CSAT used for more targeted feedback.
    • For internal-facing IT departments, CSAT is the most popular of the three methods, and NPS may not be as useful.
    • Choose your measure and survey types based on what you are trying to achieve and what kind of information you need to make improvements.
    • Remember that one measure alone isn’t going to give you actionable feedback; you’ll need to follow up with additional measures (especially for NPS and CES).
    • For CSAT surveys, customize the satisfaction measures in as many ways as you need to target the questions toward the areas you’re most interested in.
    • Don’t stick to just these three measures or types of surveys – there are other ways to collect feedback. Experiment to find what works for you.
    • If you’re designing your own survey, keep in mind the principles on the next slide.

    Info-Tech Insight

    While we focus mainly on traditional survey-based approaches to measuring customer satisfaction in this blueprint, there’s no need to limit yourselves to surveys as your only method. Consider multiple techniques to capture a wider audience, including:

    • Customer journey mapping
    • Focus groups with stakeholders
    • Lunch and learns or workshop sessions
    • Interviews – phone, chat, in-person
    • Kiosks

    Principles for survey design

    As you design your satisfaction survey – whether transactional or relational – follow these guidelines to ensure the survey delivers value and gets responses.

    1. Focus on your goal
    2. Don’t include unnecessary questions that won’t give you actionable information; it will only waste respondents’ time.

    3. Be brief
    4. Keep each question as short as possible and limit the total number of survey questions to avoid survey fatigue.

    5. Include open-ended questions
    6. Most of your measures will be close-ended, but include at least one comment box to allow for qualitative feedback.

    7. Keep questions clear and concise
    8. Ensure that question wording is clear and specific so that all respondents interpret it the same way.

    9. Avoid biased or leading questions
    10. You won’t get accurate results if your question leads respondents into thinking or answering a certain way.

    11. Avoid double-barreled questions
    12. Don’t ask about two different things in the same question – it will confuse respondents and make your data hard to interpret.

    13. Don’t restrict responses
    14. Response options should include all possible opinions (including “don’t know”) to avoid frustrating respondents.

    15. Make the survey easy to complete
    16. Pre-populate information where possible (e.g. name, department) and ensure the survey is responsive on mobile devices.

    17. Keep questions optional
    18. If every question is mandatory, respondents may leave the survey altogether if they can’t or don’t want to answer one question.

    19. Test your survey
    20. Test your survey with your target audience before launching, and incorporate feedback - they may catch issues you didn’t notice.

    Prevent survey fatigue to increase response rates

    If it takes too much time or effort to complete your survey – whether transactional or relational – your respondents won’t bother. Balance your need to collect relevant data with users’ needs for a simple and worthwhile task in order to get the most value out of your surveys.

    There are two types of survey fatigue:

    1. Survey response fatigue
    2. Occurs when users are overwhelmed by too many requests for feedback and stop responding.

    3. Survey taking fatigue
    4. Occurs when the survey is too long or irrelevant to users, so they grow tired and abandon the survey.

    Fight survey fatigue:

    • Make it as easy as possible to answer your survey:
      • Keep the survey as short as possible.
      • For transactional surveys, allow respondents to answer directly from email without having to click a separate link if possible.
      • Don’t make all questions mandatory or users may abandon it if they get to a difficult or unapplicable question.
      • Test the survey experience across devices for mobile users.
    • Communicate the survey’s value so users will be more likely to donate their time.
    • Act on feedback: follow up on both positive and negative responses so users see the value in responding.
    • Consider attaching an incentive to responding (e.g. name entered in a monthly draw).

    Design and implement transactional surveys

    Phase 2

    Learn why and how to design a simple survey to assess satisfaction with individual service desk transactions (tickets) and a methodology for survey delivery that will improve response rates.

    Phase 1:

    Phase 2:

    Phase 3:

    Phase 4:

    Understand how to measure customer satisfaction

    Design and implement transactional surveys

    Design and implement relationship surveys

    Analyze and act on feedback

    Use transactional surveys to collect immediate and actionable feedback

    Recall the definition of a transactional survey:

    • Survey that is tied to a specific customer interaction with the service desk (i.e. a ticket).
    • Assesses how satisfied customers are with how the ticket was handled and resolved.
    • Sent immediately after ticket is closed.
    • Short – usually 1 to 3 questions.

    Info-Tech Insight

    While feedback on transactional surveys is specific to a single transaction, even one negative experience can impact the overall perception of the service desk. Pair your transactional surveys with an annual relationship survey to capture broader sentiment toward the service desk.

    Transactional surveys serve several purposes:

    • Gives end users a mechanism to provide feedback when they want to.
    • Provides continual insight into customer satisfaction throughout the year to monitor for trends or issues in between broader surveys.
    • Provides IT leaders with actionable insights into areas for improvement in their processes, knowledge and skills, or customer service.
    • Gives the service desk the opportunity to address any negative experiences or perceptions with customers, to repair the relationship.
    • Feeds into individual or team coaching for service desk staff.

    Make key decisions ahead of launching your transactional surveys

    If you want to get the most of your surveys, you need to do more than just click a button to enable out-of-the-box surveys through your ITSM tool. Make these decisions ahead of time:

    Decision Considerations For more guidance, see
    What are the goals of your survey? Are you hoping to get an accurate pulse of customer sentiment (if so, you may want to randomly send surveys) or give customers the ability to provide feedback any time they have some (if so, send a survey after every ticket)? Slide 25
    How many questions will you ask? Keep the survey as short as possible – ideally only one mandatory question. Slide 26
    What questions will you ask? Do you want a measure of NPS, CES, or CSAT? Do you want to measure overall satisfaction with the interaction or something more specific about the interaction? Slide 27
    What will be the response options/scale? Keep it simple and think about how you will use the data after. Slide 28
    How often will you send the survey? Will it be sent after every ticket, every third ticket, or randomly to a select percentage of tickets, etc.? Slide 29
    What conditions would apply? For example, is there a subset of users who you never want to receive a survey or who you always want to receive a survey? Slide 30
    What mechanism/tool will you use to send the survey? Will your ITSM tool allow you to make all the configurations you need, or will you need to use a separate survey tool? If so, can it integrate to your ITSM solution? Slide 30

    Key decisions, continued

    Decision Considerations For more guidance, see
    What will trigger the survey? Typically, marking the ticket as either ‘resolved’ or ‘closed’ will trigger the survey. Slide 31
    How long after the ticket is closed will you send the survey? You’ll want to leave enough time for the user to respond if the ticket wasn’t resolved properly before completing a survey, but not so much time that they don’t remember the ticket. Slide 31
    Will the survey be sent in a separate email or as part of the ticket resolution email? A separate email might feel like too many emails for the user, but a link within the ticket closure email may be less noticeable. Slide 32
    Will the survey be embedded in email or accessed through a link? If the survey can be embedded into the email, users will be more likely to respond. Slide 32
    How long will the survey link remain active, and will you send any reminders? Leave enough time for the user to respond if they are busy or away, but not so much time that the data would be irrelevant. Balance the need to remind busy end users with the possibility of overwhelming them with survey fatigue. Slide 32
    What other text will be in the main body of the survey email and/or thank you page? Keep messaging short and straightforward and remind users of the benefit to them. Slide 33
    Where will completed surveys be sent/who will have access? Will the technician assigned to the ticket have access or only the manager? What email address/DL will surveys be sent to? Slide 33

    Define the goals of your transactional survey program

    Every survey should have a goal in mind to ensure only relevant and useful data is collected.

    • Your survey program must be backed by clear and actionable goals that will inform all decisions about the survey.
    • Survey questions should be structured around that goal, with every question serving a distinct purpose.
    • If you don’t have a clear plan for how you will action the data from a particular question, exclude it.
    • Don’t run a survey just for the sake of it; wait until you have a clear plan. If customers respond and then see nothing is done with the data, they will learn to avoid your surveys.

    Your survey objectives will also determine how often to send the survey:

    If your objective is:

    Keep a continual pulse on average customer satisfaction

    Gain the opportunity to act on negative feedback for any poor experience

    Then:

    Send survey randomly

    Send survey after every ticket

    Rationale:

    Sending a survey less often will help avoid survey fatigue and increase the chances of users responding whether they have good, bad, or neutral feedback

    Always having a survey available means users can provide feedback every time they want to, including for any poor experience – giving you the chance to act on it.

    Info-Tech Insight

    Service Managers often get caught up in running a transactional survey program because they think it’s standard practice, or they need to report a satisfaction metric. If that’s your only objective, you will fail to derive value from the data and will only turn customers away from responding.

    Design survey content and length

    As you design your survey, keep in mind the following principles:

    1. Keep it short. Your customers won’t bother responding if they see a survey with multiple questions or long questions that require a lot of reading, effort, or time.
    2. Make it simple. This not only makes it easier for your customers to complete, but easier for you to track and monitor.
    3. Tie your survey to your goals. Remember that every question should have a clear and actionable purpose.
    4. Don’t measure anything you can’t control. If you won’t be able to make changes based on the feedback, there’s no value asking about it.
    5. Include an (optional) open-ended question. This will allow customers to provide more detailed feedback or suggestions.

    Q: How many questions should the survey contain?

    A: Ideally, your survey will have only one mandatory question that captures overall satisfaction with the interaction.

    This question can be followed up with an optional open-ended question prompting the respondent for more details. This will provide a lot more context to the overall rating.

    If there are additional questions you need to ask based on your goals, clearly make these questions optional so they don’t deter respondents from completing the survey. For example, they can appear only after the respondent has submitted their overall satisfaction response (i.e. on a separate, thank you page).

    Additional (optional) measures may include:

    • Customer effort score (how easy or difficult was it to get your issue resolved?)
    • Customer service skills of the service desk
    • Technical skills/knowledge of the agents
    • Speed or response or resolution

    Design question wording

    Tips for writing survey questions:

    • Be clear and concise
    • Keep questions as short as possible
    • Cut out any unnecessary words or phrasing
    • Avoid biasing, or leading respondents to select a certain answer
    • Don’t attempt to measure multiple constructs in a single question.

    Sample question wording:

    How satisfied are you with this support experience?

    How would you rate your support experience?

    Please rate your overall satisfaction with the way your issue was handled.

    Instead of this….

    Ask this….

    “We strive to provide excellent service with every interaction. Please rate how satisfied you are with this interaction.”

    “How satisfied were you with this interaction?”

    “How satisfied were you with the customer service skills, knowledge, and responsiveness of the technicians?”

    Choose only one to ask about.

    “How much do you agree that the service you received was excellent?”

    “Please rate the service you received.”

    “On a scale of 1-10, thinking about your most recent experience, how satisfied would you say that you were overall with the way that your ticket was resolved?”

    “How satisfied were you with your ticket resolution?”

    Choose response options

    Once you’ve written your survey question, you need to design the response options for the question. Put careful thought into balancing ease of responding for the user with what will give you the actionable data you need to meet your goals. Keep the following in mind:

    When planning your response options, remember to keep the survey as easy to respond to as possible – this means allowing a one-click response and a scale that’s intuitive and simple to interpret.

    Think about how you will use the responses and interpret the data. If you choose a 10-point scale, for example, what would you classify as a negative vs positive response? Would a 5-point scale suffice to get the same data?

    Again, use your goals to inform your response options. If you need a satisfaction metric, you may need a numerical scale. If your goal is just to capture negative responses, you may only need two response options: good vs bad.

    Common response options:

    • Numerical scale (e.g. very dissatisfied to very satisfied on a 5-point scale)
    • Star rating (E.g. rate the experience out of 5 stars)
    • Smiley face scale
    • 2 response options: Good vs Bad (or Satisfied vs Dissatisfied)

    Investigate the capabilities of your ITSM tool. It may only allow one built-in response option style. But if you have the choice, choose the simplest option that aligns with your goals.

    Decide how often to send surveys

    There are two common choices for when to send ticket satisfaction surveys:

    After random tickets

    After every ticket

    Pros

    • May increase response rate by avoiding survey fatigue.
    • May be more likely to capture a range of responses that more accurately reflect sentiment (versus only negative).
    • Gives you the opportunity to receive feedback whenever users have it.
    • If your goal is to act on negative feedback whenever it arises, that’s only possible if you send a survey after every ticket.

    Cons

    • Overrepresents frequent service desk users and underrepresents infrequent users.
    • Users who have feedback to give may not get the chance to give it/service desk can’t act on it.
    • Customers who frequently contact the service desk will be overwhelmed by surveys and may stop responding.
    • Customers may only reply if they have very negative or positive feedback.

    SDI’s 2018 Customer Experience in ITSM survey of service desk professionals found:

    Almost two-thirds (65%) send surveys after every ticket.

    One-third (33%) send surveys after randomly selected tickets are closed.

    Info-Tech Recommendation:

    Send a survey after every ticket so that anyone who has feedback gets the opportunity to provide it – and you always get the chance to act on negative feedback. But, limit how often any one customer receives a ticket to avoid over-surveying them – restrict to anywhere between one survey a week to one per month per customer.

    Plan detailed survey logistics

    Decision #1

    Decision #2

    What tool will you use to deliver the survey?

    What (if any) conditions apply to your survey?

    Considerations

    • How much configuration does your ITSM tool allow? Will it allow you to configure the survey according to your decisions? Many ITSM tools, especially mid-market, do not allow you to change the response options or how often the survey is sent.
    • How does the survey look and act on mobile devices? If a customer receives the survey on their phone, they need to be able to easily respond from there or they won’t bother at all.
    • If you wish to use a different survey tool, does it integrate with your ITSM solution? Would agents have to manually send the survey? If so, how would they choose who to send the survey to, and when?

    Considerations

    Is there a subset of users who you never want to receive a survey (e.g. a specific department, location, role, or title)?

    Is there a subset of users who you always want to receive a survey, no matter how often they contact the service desk (e.g. VIP users, a department that scored low on the annual satisfaction survey, etc.)?

    Are there certain times of the year that you don’t want surveys to go out (e.g. fiscal year end, holidays)?

    Are there times of the day that you don’t want surveys to be sent (e.g. only during business hours; not at the end of the day)?

    Recommendations

    The built-in functionality of your ITSM tool’s surveys will be easiest to send and track; use it if possible. However, if your tool’s survey module is limited and won’t give you the value you need, consider a third-party solution or survey tool that integrates with your ITSM solution and won’t require significant manual effort to send or review the surveys.

    Recommendations

    If your survey module allows you to apply conditions, think about whether any are necessary to apply to either maximize your response rate (e.g. don’t send a survey on a holiday), avoid annoying certain users, or seek extra feedback from dissatisfied users.

    Plan detailed survey logistics

    Decision #2

    Decision #1

    What will trigger the survey?

    When will the survey be sent?

    Considerations

    • Usually a change of ticket status triggers the survey, but you may have the option to send it after the ticket is marked ‘resolved’ or ‘closed’. The risk of sending the survey after the ticket is ‘resolved’ is the issue may not actually be resolved yet, but waiting until it’s ‘closed’ means the user may be less likely to respond as more time has passed.
    • Some tools allow for a survey to be sent after every agent reply.
    • Some have the option to manually generate a survey, which may be useful in some cases; those cases would need to be well defined.

    Considerations

    • Once you’ve decided the trigger for the survey, decide how much time should pass after that trigger before the survey is sent.
    • The amount of time you choose will be highly dependent on the trigger you choose. For example, if you want the ‘resolved’ status to send a survey, you may want to wait 24h to send the survey in case the user responds that their issue hasn’t been properly resolved.
    • If you choose ‘closed’ as your trigger, you may want the survey to be sent immediately, as waiting any longer could further reduce the response rate.
    • Your average resolution time may also impact the survey wait time.

    Recommendations

    Only send the survey once you’re sure the issue has actually been resolved; you could further upset the customer if you ask them how happy they are with the resolution if resolution wasn’t achieved. This means sending the survey once the user confirms resolution (which closes ticket) or the agent closes the ticket.

    Recommendations

    If you are sending the survey upon ticket status moving to ‘resolved’, wait at least 24 hours before sending the survey in case the user responds that their issue wasn’t actually resolved. However, if you are sending the survey after the ticket has been verified resolved and closed, you can send the survey immediately while the experience is still fresh in their memory.

    Plan detailed survey logistics

    Decision #1

    Decision #2

    How will the survey appear in email?

    How long will the survey remain active?

    Considerations

    • If the survey link is included within the ticket resolution email, it’s one less email to fatigue users, but users may not notice there is a survey in the email.
    • If the survey link is included in its own separate email, it will be more noticeable to users, but could risk overwhelming users with too many emails.
    • Can users view the entire survey in the email and respond directly within the email, or do they need to click on a link and respond to the survey elsewhere?

    Considerations

    • Leaving the survey open at least a week will give users who are out of office or busy more time to respond.
    • However, if users respond to the survey too long after their ticket was resolved, they may not remember the interaction well enough to give any meaningful response.
    • Will you send any reminders to users to complete the survey? It may improve response rate, or may lead to survey fatigue from reaching out too often.

    Recommendations

    Send the survey separately from the ticket resolution email or users will never notice it. However, if possible, have the entire survey embedded within the email so users can click to respond directly from their email without having to open a separate link. Reduce effort, to make users more likely to respond.

    Recommendations

    Leave enough time for the user to respond if they are busy or away, but not so much time that the data will be irrelevant. Balance the need to remind busy end users, with the possibility of overwhelming them with survey fatigue. About a week is typical.

    Plan detailed survey logistics

    Decision #1

    Decision #2

    What will the body of the email/messaging say?

    Where will completed surveys be sent?

    Considerations

    • Communicate the value of responding to the survey.
    • Remember, the survey should be as short and concise as possible. A lengthy body of text before the actual survey can deter respondents.
    • Depending on your survey configuration, you may have a ‘thank you’ page that appears after respondents complete the survey. Think about what messaging you can save for that page and what needs to be up front.
    • Ensure there is a clear reference to which ticket the survey is referencing (with the subject of the ticket, not just ticket number).

    Considerations

    • Depending on the complexity of your ITSM tool, you may designate email addresses to receive completed surveys, or configure entire dashboards to display results.
    • Decide who needs to receive all completed surveys in order to take action.
    • Decide whether the agent who resolved the ticket will have access to the full survey response. Note that if they see negative feedback, it may affect morale.
    • Are there any other stakeholders who should receive the immediate completed surveys, or can they view summary reports and dashboards of the results?

    Recommendations

    Most users won’t read a long message, especially if they see it multiple times, so keep the email short and simple. Tell users you value their feedback, indicate which interaction you’re asking about, and say how long the survey should take. Thank them after they submit and tell them you will act on their feedback.

    Recommendations

    Survey results should be sent to the Service Manager, Customer Experience Lead, or whoever is the person responsible for managing the survey feedback. They can choose how to share feedback with specific agents and the service desk team.

    Response rates for transactional surveys are typically low…

    Most IT organizations see transactional survey response rates of less than 20%.

    The image contains a screenshot of a SDI survey taken to demonstrate customer satisfaction respond rate.

    Source: SDI, 2018

    SDI’s 2018 Customer Experience in ITSM survey of service desk professionals found that 69% of respondents had survey response rates of 20% or less. However, they did not distinguish between transactional and relationship surveys.

    Reasons for low response rates:

    • Users tend to only respond if they had a very positive or very negative experience worth writing about, but don’t typically respond for interactions that go as expected or were average.
    • Survey is too long or complicated.
    • Users receive too many requests for feedback.
    • Too much time has passed since the ticket was submitted/resolved and the user doesn’t remember the interaction.
    • Users think their responses disappear into a black hole or aren’t acted upon so they don’t see the value in taking the time to respond. Or, they don’t trust the confidentiality of their responses.

    “In my experience, single digits are a sign of a problem. And a downward trend in response rate is also a sign of a problem. World-class survey response rates for brands with highly engaged customers can be as high as 60%. But I’ve never seen it that high for internal support teams. In my experience, if you get a response rate of 15-20% from your internal customers then you’re doing okay. That’s not to say you should be content with the status quo, you should always be looking for ways to increase it.”

    – David O’Reardon, Founder & CEO of Silversix

    … but there are steps you can take to maximize your response rate

    It is still difficult to achieve high response rates to transactional surveys, but you can at least increase your response rate with these strategies:

    1. Reduce frequency
    2. Don’t over-survey any one user or they will start to ignore the surveys.

    3. Send immediately
    4. Ask for feedback soon after the ticket was resolved so it’s fresh in the user’s memory.

    5. Make it short and simple
    6. Keep the survey short, concise, and simple to respond to.

    7. Make it easy to complete
    8. Minimize effort involved as much as possible. Allow users to respond directly from email and from any device.

    9. Change email messaging
    10. Experiment with your subject line or email messaging to draw more attention.

    11. Respond to feedback
    12. Respond to customers who provide feedback – especially negative – so they know you’re listening.

    13. Act on feedback
    14. Demonstrate that you are acting on feedback so users see the value in responding.

    Use Info-Tech’s survey template as a starting point

    Once you’ve worked through all the decisions in this step, you’re ready to configure your transactional survey in your ITSM solution or survey tool.

    As a starting point, you can leverage Info-Tech’s Transactional Service Desk Survey Templatee to design your templates and wording.

    Make adjustments to match your decisions or your configuration limitations as needed.

    Refer to the key decisions tables on slides 24 and 25 to ensure you’ve made all the configurations necessary as you set up your survey.

    The image contains a screenshot of Info-Tech's survey templates.

    Design and implement relationship surveys

    Phase 3

    Understand why and how to design a survey to assess overall satisfaction with the service desk across your organization, or use Info-Tech’s diagnostic.

    Phase 1:

    Phase 2:

    Phase 3:

    Phase 4:

    Understand how to measure customer satisfaction

    Design and implement transactional surveys

    Design and implement relationship surveys

    Analyze and act on feedback

    How can we evaluate overall Service Desk service quality?

    Evaluating service quality in any industry is challenging for both those seeking feedback and those consuming the service: “service quality is more difficult for the consumer to evaluate than goods quality.”

    You are in the position of trying to measure something intangible: customer perception, which “result[s] from a comparison of consumer expectations with actual service performance,” which includes both the service outcome and also “the process of service delivery”

    (Source: Parasuraman et al, 1985, 42).

    Your mission is to design a relationship survey that is:

    • Comprehensive but not too long.
    • Easy to understand but complex enough to capture enough detail.
    • Able to capture satisfaction with both the outcome and the experience of receiving the service.

    Use relationship surveys to measure overall service desk service quality

    Recall the definition of a relationship survey:

    • Survey that is sent periodically (i.e. semi-annually or annually) to the entire customer base to measure the overall relationship with the service desk.
    • Shows you where your customer experience is doing well and where it needs improving.
    • Asks customers to rate you based on their overall experience rather than on a specific product or interaction.
    • Longer and more comprehensive than transactional surveys, covering multiple dimensions/ topics.

    Relationship surveys serve several purposes:

    • Gives end users an opportunity to provide overall feedback on a wider range of experiences with IT.
    • Gives IT the opportunity to respond to feedback and show users their voices are heard.
    • Provides insight into year-over-year trends and customer satisfaction.
    • Provides IT leaders the opportunity to segment the results by demographic (e.g. by department, location, or seniority) and target improvements where needed most.
    • Feeds into strategic planning and annual reports on user experience and satisfaction

    Info-Tech Insight

    Annual relationship surveys provide great value in the form of year-over-year internal benchmarking data, which you can use to track improvements and validate the impact of your service improvement efforts.

    Understand the gaps that decrease service quality

    The Service Quality Model (Parasuraman, Zeithaml and Berry, 1985) shows how perceived service quality is negatively impacted by the gap between expectations for quality service and the perceptions of actual service delivery:

    Gap 1: Consumer expectation – Management perception gap:

    Are there differences between your assumptions about what users want from a service and what those users expect?

    Gap 2: Management perception – Service quality specification gap:

    Do you have challenges translating user expectations for service into standardized processes and guidelines that can meet those expectations?

    Gap 3: Service quality specifications – Service delivery gap:

    Do staff members struggle to carry out the service quality processes when delivering service?

    Gap 4: Service delivery – External communications gap:

    Have users been led to expect more than you can deliver? Alternatively, are users unaware of how the organization ensures quality service, and therefore unable to appreciate the quality of service they receive?

    Gap 5: Expected service – Perceived service gap:

    Is there a discrepancy between users’ expectations and their perception of the service they received (regardless of any user misunderstanding)?

    The image contains a screenshot of the Service Quality Model to demonstrate the consumer and consumers.

    Your survey questions about service and support should provide insight into where these gaps exist in your organization

    Make key decisions ahead of launch

    Decision/step Considerations
    Align the relationship survey with your goals Align what is motivating you to launch the survey at this time and the outcomes it is intended to feed into.
    Identify what you’re measuring Clarify the purpose of the questions. Are you measuring feedback on your service desk, specifically? On all of IT? Are you trying to capture user effort? User satisfaction? These decisions will affect how you word your questions.
    Determine a framework for your survey Reporting on results and tracking year-over-year changes will be easier if you design a basic framework that your survey questions fall into. Consider drawing on an existing service quality framework to match best practices in other industries.
    Cover logistical details Designing a relationship survey requires attention to many details that may initially be overlooked: the survey’s length and timing, who it should be sent to and how, what demographic info you need to collect to slice and dice the results, and if it will be possible to conduct the survey anonymously.
    Design question wording It is important to keep questions clear and concise and to avoid overly lengthy surveys.
    Select answer scales The answer scales you select will depend on how you have worded the questions. There is a wide range of answer scales available to you; decide which ones will produce the most meaningful data.
    Test the survey Testing the survey before widely distributing it is key. When collecting feedback, conduct at least a few in person observations of someone taking the survey to get their unvarnished first impressions.
    Monitor and maximize your response rate Ensure success by staying on top of the survey during the period it is open.

    Align the relationship survey with your goals

    What is motivating you to launch the survey at this time?

    Is there a renewed focus on customer service satisfaction? If so, this survey will track the initiative’s success, so its questions must align with the sponsors’ expectations.

    Are you surveying customer satisfaction in order to comply with legislation, or directives to measure customer service quality?

    What objectives/outcomes will this survey feed into?

    What do you need to report on to your stakeholders? Have they communicated any expectations regarding the data they expect to see?

    Does the CIO want the annual survey to measure end-user satisfaction with all of IT?

    • Or do you only want to measure satisfaction with one set of processes (e.g. Service Desk)?
    • Are you seeking feedback on a project (e.g. implementation of new ERP)?
    • Are you seeking feedback on the application portfolio?

    In 1993 the U.S. president issued an Executive Order requiring executive agencies to “survey customers to determine the kind and quality of services they want and their level of satisfaction with existing services” and “post service standards and measure results against them.” (Clinton, 1993)

    Identify what you’re measuring

    Examples of Measures

    Clarify the purpose of the questions

    Each question should measure something specific you want to track and be phrased accordingly.

    Are you measuring feedback on the service desk?

    Service desk professionalism

    Are you measuring user satisfaction?

    Service desk timeliness

    Your customers’ happiness with aspects of IT’s service offerings and customer service

    Trust in agents’ knowledge

    Users’ preferred ticket intake channel (e.g. portal vs phone)

    Satisfaction with self-serve features

    Are you measuring user effort?

    Are you measuring feedback on IT overall?

    Satisfaction with IT’s ability to enable the business

    How much effort your customer needs to put forth to accomplish what they wanted/how much friction your service causes or alleviates

    Satisfaction with company-issued devices

    Satisfaction with network/Wi-Fi

    Satisfaction with applications

    Info-Tech Insight

    As you compose survey questions, decide whether they are intended to capture user satisfaction or effort: this will influence how the question is worded. Include a mix of both.

    Determine a framework for your survey

    If your relationship survey covers satisfaction with service support, ensure the questions cover the major aspects of service quality. You may wish to align your questions on support with existing frameworks: for example, the SERVQUAL service quality measurement instrument identifies 5 dimensions of service quality: Reliability, Assurance, Tangibles, Empathy, and Responsiveness (see below). As you design the survey, consider if the questions relate to these five dimensions. If you have overlooked any of the dimensions, consider if you need to revise or add questions.

    Service dimension

    Definition

    Sample questions

    Reliability

    “Ability to perform the promised service dependably and accurately”1

    • How satisfied are you with the effectiveness of Service Desk’s ability to resolve reported issues?

    Assurance

    “Knowledge and courtesy of employees and their ability to convey trust and confidence”2

    • How satisfied are you with the technical knowledge of the Service Desk staff?
    • When you have an IT issue, how likely are you to contact Service Desk by phone?

    Tangibles

    “Appearance of physical facilities, equipment, personnel, and communication materials”3

    • How satisfied are you that employees in your department have all the necessary technology to ensure optimal job performance?
    • How satisfied are you with IT’s ability to communicate to you regarding the information you need to perform your job effectively?

    Empathy

    “Caring, individualized attention the firm provides its customers”4

    • How satisfied are you that IT staff interact with end users in a respectful and professional manner?

    Responsiveness

    “Willingness to help customers and provide prompt service”5

    • How satisfied are you with the timeliness of Service Desk’s resolution to reported issues?
    1-5. Arlen, Chris,2022. Paraphrasing Zeithaml, Parasuraman, and Berry, 1990.

    Cover logistical details of the survey

    Identify who you will send it to

    Will you survey your entire user base or a specific subsection? For example, a higher education institution may choose to survey students separately from staff and faculty. If you are gathering data on customer satisfaction with a specific implementation, only survey the affected stakeholders.

    Determine timing

    Avoid sending out the survey during known periods of time pressure or absence (e.g. financial year-end, summer vacation).

    Decide upon its length

    Consider what survey length your users can tolerate. Configure the survey to show the respondents’ progression or their percentage complete.

    Clearly introduce the survey

    The survey should begin with an introduction that thanks users for completing the survey, indicates its length and anonymity status, and conveys how the data will be used, along with who the participants should contact with any questions about the survey.

    Decide upon incentives

    Will you incentivize participation (e.g. by entering the participants in a draw or rewarding highest-participating department)?

    Collect demographic information

    Ensure your data can be “sliced and diced” to give you more granular insights into the results. Ask respondents for information such as department, location, seniority, and tenure to help with your trend analysis later.

    Clarify if anonymous

    Users may be more comfortable participating if they can do so anonymously (Quantisoft, n.d.). If you promise anonymity, ensure your survey software/ partner can support this claim. Note the difference between anonymity (identity of participant is not collected) and confidentiality (identifying data is collected but removed from the reported results).

    Decide how to deliver the survey

    Will you be distributing the survey yourself through your own licensed software (e.g. through Microsoft Forms if you are an MS shop)? Or, will you be partnering with a third-party provider? Is the survey optimized for mobile? Some find up to 1/3 of participants use mobile devices for their surveys (O’Reardon, 2018).

    Use the Sample Size Calculator to determine your ideal sample size

    Use Info-Tech’s Sample Size Calculator to calculate the number of people you need to complete your survey to have statistically representative results.

    The image contains a screenshot of the Sample Size Calculator.

    In the example above, the service desk supports 1000 total users (and sent the survey to each one). To be 95% confident that the survey results fall within 5% of the true value (if every user responded), they would need 278 respondents to complete their survey. In other words, to have a sample that is representative of the whole population, they would need 278 completed surveys.

    Explanation of terms:

    Confidence Level: A measure of how reliable your survey is. It represents the probability that your sample accurately reflects the true population (e.g. your entire user base). The industry standard is typically 95%. This means that 95 times out of 100, the true data value that you would get if you surveyed the entire population would fall within the margin of error.

    Margin of Error: A measure of how accurate the data is, also known as the confidence interval. It represents the degree of error around the data point, or the range of values above and below the actual results from a survey. A typical margin of error is 5%. This means that if your survey sample had a score of 70%, the true value if you sampled the entire population would be between 65% and 75%. To narrow the margin of error, you would need a bigger sample size.

    Population Size: The total set of people you want to study with your survey. For example, the total number of users you support.

    Sample Size: The number of people who participate in your survey (i.e. complete the survey) out of the total population.

    Info-Tech’s End-User Satisfaction Diagnostics

    If you choose to leverage a third-party partner, an Info-Tech satisfaction survey may already be part of your membership. There are two options, depending on your needs:

    I need to measure and report customer satisfaction with all of IT:

    • IT’s ability to enable the organization to meet its existing goals, innovate, adapt to business needs, and provide the necessary technology.
    • IT’s ability to provide training, respond to feedback, and behave professionally.
    • Satisfaction with IT services and applications.

    Both products measure end-user satisfaction

    One is more general to IT

    One is more specific to service desk

    I need to measure and report more granularly on Service Desk customer satisfaction:

    • Efficacy and timeliness of resolutions
    • Technical and communication skills
    • Ease of contacting the service desk
    • Effectiveness of portal/ website
    • Ability to collect and apply user feedback

    Choose Info-Tech's End User Satisfaction Survey

    Choose Info-Tech’s Service Desk Satisfaction Survey

    Design question wording

    Write accessible questions:

    Instead of this….

    Ask this….

    48% of US adults meet or exceed PIACC literacy level 3 and thus able to deal with texts that are “often dense or lengthy.”

    52% of US adults meet level 2 or lower.

    Keep questions clear and concise. Avoid overly lengthy surveys.

    Source: Highlights of the 2017 U.S. PIAAC Results Web Report
    1. How satisfied are you with the response times of the service desk?
    2. How satisfied are you with the timeliness of the service desk?

    Users will have difficulty perceiving the difference between these two questions.

    1. How satisfied are you with the time we take to acknowledge receipt of your ticket?
    2. How satisfied are you with the time we take to completely resolve your ticket?

    Tips for writing survey questions:

    “How satisfied are you with the customer service skills, knowledge, and responsiveness of the technicians?”

    This question measures too many things and the data will not be useful.

    Choose only one to ask about.

    • Cut out any unnecessary words or phrasing. Highlight/bold key words or phrases.
    • Avoid biasing or leading respondents to select a certain answer.
    • Don’t attempt to measure multiple constructs in a single question.

    “On a scale of 1-10, thinking about the past year, how satisfied would you say that you were overall with the way that your tickets were resolved?”

    This question is too wordy.

    “How satisfied were you with your ticket resolution?”

    Choose answer scales that best fit your questions and reporting needs

    Likert scale

    Respondents select from a range of statements the position with which they most agree:

    E.g. How satisfied are you with how long it generally takes to resolve your issue completely?

    E.g. Very dissatisfied/Somewhat dissatisfied/ Neutral/ Somewhat satisfied/ Very satisfied/ NA

    Frequency scale

    How often does the respondent have to do something, or how often do they encounter something?

    E.g. How frequently do you need to re-open tickets that have been closed without being satisfactorily resolved?

    E.g. Never/ Rarely/ Sometimes/ Often/ Always/ NA

    Numeric scale

    By asking users to rate their satisfaction on a numeric scale (e.g., 1-5, 1-10), you can facilitate reporting on averages:

    E.g. How satisfied are you with IS’s ability to provide services to allow the organization to meet its goals?

    E.g. 1 – Not at all Satisfied to 10 – Fully Satisfied / NA

    Forced ranking

    Learn more about your users’ priorities by asking them to rank answers from most to least important, or selecting their top choices (Sauro, 2018):

    E.g. From the following list, drag and drop the 3 aspects of our service that are most important to you into the box on the right.

    Info-Tech Insight

    Always include an optional open-ended question, which allows customers to provide more feedback or suggestions.

    Test the survey before launching

    Review your questions for repetition and ask for feedback on your survey draft to discover if readers interpret the questions differently than you intended.

    Test the survey with different stakeholder groups:

    • IT staff: To discover overlooked topics.
    • Representatives of your end-user population: To discover whether they understand the intention of the questions.
    • Executives: To validate whether you are capturing the data they are interested in reporting on.

    Testing methodology:

    • Ask your test subjects to take the survey in your presence so you can monitor their experience as they take it.
    • Ask them to narrate their experience as they take the survey.
    • Watch for:
      • The time it takes to complete the survey.
      • Moments when they struggle or are uncertain with the survey’s wording.
      • Questions they find repetitive or pointless.

    Info-Tech Insight

    In the survey testing phase, try to capture at least a few real-time responses to the survey. If you collect survey feedback only once the test is over, you may miss some key insights into the user experience of navigating the survey.

    “Follow the golden rule: think of your audience and what they may or may not know. Think about what kinds of outside pressures they may bring to the work you’re giving them. What time constraints do they have?”

    – Sally Colwell, Project Officer, Government of Canada Pension Centre

    Monitor and maximize your response rate

    Ensure success by staying on top of the survey during the period it is open.

    • When will your users complete the survey? You know your own organization’s culture best, but SurveyMonkey found that weekday survey responses peaked at mid-morning and mid-afternoon (Wronski). Ensure you send the communication at a time it will not be overlooked. For example, some studies found Mondays to have higher response rates; however, the data is not consistent (Amaresan, 2021). Send the survey at a time you believe your users are least likely to be inundated with other notifications.
    • Have a trusted leader send out the first communication informing the end-user base of the survey. Ensure the recipient understands your motivation and how their responses will be used to benefit them (O’Reardon, 2016). Remind them that participating in the survey benefits them: since IT is taking actions based on their feedback, it’s their chance to improve their employee experience of the IT services and tools they use to do their job.
    • In the introductory communication, test different email subject lines and email body content to learn which versions increase respondents’ rates of opening the survey link, and “keep it short and clear” (O’Reardon, 2016).
    • If your users tend to mistrust emailed links due to security training, tell them how to confirm the legitimacy of the survey.

    “[Send] one reminder to those who haven’t completed the survey after a few days. Don’t use the word ‘reminder’ because that’ll go straight in the bin, better to say something like, ‘Another chance to provide your feedback’”

    – David O’Reardon, Founder & CEO of Silversix

    Analyze and act on feedback

    Phase 4

    Measure and analyze the results of both surveys and build a plan to act on both positive and negative feedback and communicate the results with the organization.

    Phase 1:

    Phase 2:

    Phase 3:

    Phase 4:

    Understand how to measure customer satisfaction

    Design and implement transactional surveys

    Design and implement relationship surveys

    Analyze and act on feedback

    Leverage the service recovery paradox to improve customer satisfaction

    The image contains a screenshot of a graph to demonstrate the service recovery paradox.

    A service failure or a poor experience isn’t what determines customer satisfaction – it’s how you respond to the issue and take steps to fix it that really matters.

    This means one poor experience with the service desk doesn’t necessarily lead to an unhappy user; if you quickly and effectively respond to negative feedback to repair the relationship, the customer may be even happier afterwards because you demonstrated that you value them.

    “Every complaint becomes an opportunity to turn a bad IT customer experience into a great one.”

    – David O’Reardon, Founder & CEO of Silversix

    Collecting feedback is only the first step in the customer feedback loop

    Closing the feedback loop is one of the most important yet forgotten steps in the process.

    1. Collect Feedback
    • Send transactional surveys after every ticket is resolved.
    • Send a broader annual relationship survey to all users.
  • Analyze Feedback
    • Calculate satisfaction scores.
    • Read open-ended comments.
    • Analyze for trends, categories, common issues and priorities.
  • Act on Feedback
    • Respond to users who provided feedback.
    • Make improvements based on feedback.
  • Communicate Results
    • Communicate feedback results and improvements made to respondents and to service desk staff.
    • Summarize results and actions to key stakeholders and business leaders.

    Act on feedback to get the true value of your satisfaction program

    • SDI (2018) survey data shows that the majority of service desk professionals are using their customer satisfaction data to feed into service improvements. However, 30% still aren’t doing anything with the feedback they collect.
    • Collecting feedback is only one half of a good customer feedback program. Acting on that feedback is critical to the success of the program.
    • Using feedback to make improvements not only benefits the service desk but shows users the value of responding and will increase future response rates.
    The image contains a screenshot of a bar graph that demonstrates SDI: What do service desk professionals do with customer satisfaction data?

    “Your IT service desk’s CSAT survey should be the means of improving your service (and the employee experience), and something that encourages people to provide even more feedback, not just the means for understanding how well it’s doing”

    – Joe the IT Guy, SysAid

    Assign responsibility for acting on feedback

    If collecting and analyzing customer feedback is something that happens off the side of your desk, it either won’t get done or won’t get done well.

    • Formalize the customer satisfaction program. It’s not a one-time task, but an ongoing initiative that requires significant time and dedication.
    • Be clear on who is accountable for the program and who is responsible for all the tasks involved for both transactional and relationship survey data collection, analysis, and communication.

    Assign accountability for the customer feedback program to one person (i.e. Service Desk Manager, Service Manager, Infrastructure & Operations Lead, IT Director), who may take on or assign responsibilities such as:

    • Designing surveys, including survey questions and response options.
    • Configuring survey(s) in ITSM or survey tool.
    • Sending relationship surveys and subsequent reminders to the organization.
    • Communicating results of both surveys to internal staff, business leaders, and end users.
    • Analyzing results.
    • Feeding results into improvement plans, coaching, and training.
    • Creating reports and dashboards to monitor scores and trends.

    Info-Tech Insight

    While feedback can feed into internal coaching and training, the goal should never be to place blame or use metrics to punish agents with poor results. The focus should always be on improving the experience for end users.

    Determine how and how often to analyze feedback data

    • Analyze and report scores from both transactional and relationship surveys to get a more holistic picture of satisfaction across the organization.
    • Determine how you will calculate and present satisfaction ratings/scores, both overall and for individual questions. See tips on the right for calculating and presenting NPS and CSAT scores.
    • A single satisfaction score doesn’t tell the full story; calculate satisfaction scores at multiple levels to determine where improvements are most needed.
      • For example, satisfaction by service desk tier, team or location, by business department or location, by customer group, etc.
    • Analyze survey data regularly to ensure you communicate and act on feedback promptly and avoid further alienating dissatisfied users. Transactional survey feedback should be reviewed at least weekly, but ideally in real time, as resources allow.

    Calculating NPS Scores

    Categorize respondents into 3 groups:

    • 9-10 = Promoters, 7-8 = Neutral, 1-6 = Detractors

    Calculate overall NPS score:

    • % Promoters - % Detractors

    Calculating CSAT Scores

    • CSAT is usually presented as a percentage representing the average score.
    • To calculate, take the total of all scores, divide by the maximum possible score, then multiply by 100. For example, a satisfaction rating of 80% means on average, users gave a rating of 4/5 or 8/10.
    • Note that some organizations present CSAT as the percentage of “satisfied” users, with satisfied being defined as either “yes” on a two-point scale or a score of 4 or 5 on a 5-point scale. Be clear how you are defining your satisfaction rating.

    Don’t neglect qualitative feedback

    While it may be more difficult and time-consuming to analyze, the reward is also greater in terms of value derived from the data.

    Why analyze qualitative data

    How to analyze qualitative data

    • Quantitative data (i.e. numerical satisfaction scores) tells you how many people are satisfied vs dissatisfied, but it doesn’t tell you why they feel that way.
    • If you limit your data analysis to only reporting numerical scores, you will miss out on key insights that can be derived from open-ended feedback.
    • Qualitative data from open-ended survey questions provides:
      • Explanations for the numbers
      • More detailed insight into why respondents feel a certain way
      • More honest and open feedback
      • Insight into areas you may not have thought to ask about
      • New ideas and recommendations

    Methods range in sophistication; choose a technique depending on your tools available and goals of your program.

    1. Manual 2. Semi-automated 3. AI & Analysis Tools
    • Read all comments.
    • Sort into positive vs negative groups.
    • Add tags to categorize comments (e.g. by theme, keyword, service).
    • Look for trends and priorities, differences across groups.
    • Run a script to search for specific keywords.
    • Use a word cloud generator to visualize the most commonly mentioned words (e.g. laptop, email).
    • Due to limitations, manual analysis will still be necessary.
    • Use a feedback analysis/text analysis tool to mine feedback.
    • Software will present reports and data visualizations of common themes.
    • AI-powered tools can automatically detect sentiment or emotion in comments or run a topic analysis.

    Define a process to respond to both negative and positive feedback

    Successful customer satisfaction programs respond effectively to both positive and negative outcomes. Late or lack of responses to negative comments may increase customer frustration, while not responding at all to the positive comments may give the perception of indifference.

    1. Define what qualifies as a positive vs negative score
    2. E.g. Scores of 1 to 2 out of 5 are negative, scores of 4 to 5 out of 5 are positive.

    3. Define process to respond to negative feedback
    • Negative responses should go directly to the Service Desk Manager or whoever is accountable for feedback.
    • Set an SLO for when the user will be contacted. It should be within 24h but ideally much sooner.
    • Investigate the issue to understand exactly what happened and get to the root cause.
    • Identify remediation steps to ensure the issue does not occur again.
    • Communicate to the customer the action you have taken to improve.
  • Define process to respond to positive feedback
    • Positive responses should also be reviewed by the person accountable for feedback, but the timeline to respond may be longer.
    • Show respondents that you value their time by thanking them for responding. Showing appreciate helps to build a long-term relationship with the user.
    • Share positive results with the team to improve morale, and as a coaching/training mechanism.
    • Consider how to use positive feedback as an incentive or reward.

    Build a plan to communicate results to various stakeholders

    Regular communication about your feedback results and action plan tied to those results is critical to the success of your feedback program. Build your communication plan around these questions:

    1. Who should receive communication?

    Each audience will require different messaging, so start by identifying who those audiences are. At a minimum, you should communicate to your end users who provided feedback, your service desk/IT team, and business leaders or stakeholders.

    2. What information do they need?

    End users: Thank them for providing feedback. Demonstrate what you will do with that feedback.

    IT team: Share results and what you need them to do differently as a result.

    Business leaders: Share results, highlight successes, share action plan for improvement.

    3. Who is responsible for communication?

    Typically, this will be the person who is accountable for the customer feedback program, but you may have different people responsible for communicating to different audiences.

    4. When will you communicate?

    Frequency of communication will depend on the survey type – relationship or transactional – as well as the audience, with internal communication being much more frequent than end-user communication.

    5. How will you communicate?

    Again, cater your approach to the audience and choose a method that will resonate with them. End users may view an email, an update on the portal, a video, or update in a company meeting; your internal IT team can view results on a dashboard and have regular meetings.

    Communication to your users impacts both response rates and satisfaction

    Based on the Customer Communication Cycle by David O’Reardon, 2018
    1. Ask users to provide feedback through transactional and relationship surveys.
    2. Thank them for completing the survey – show that you value their time, regardless of the type of feedback they submitted.
    3. Be transparent and summarize the results of the survey(s). Make it easy to digest with simple satisfaction scores and a summary of the main insights or priorities revealed.
    4. Before asking for feedback, explain how you will use feedback to improve the service. After collecting feedback, share your plan for making improvements based on what the data told you.
    5. After you’ve made changes, communicate again to share the results with respondents. Make it clear that their feedback had a direct result on the service they receive. Communicating this before running another survey will also increase the likelihood of respondents providing feedback again.

    Info-Tech Insight

    Focus your communications to users around them, not you. Demonstrate that you need feedback to improve their experience, not just for you to collect data.

    Translate feedback into actionable improvements

    Taking action on feedback is arguably the most important step of the whole customer feedback program.

    Prioritize improvements

    Prioritize improvements based on low scores and most commonly received feedback, then build into an action plan.

    Take immediate action on negative feedback

    Investigate the issue, diagnose the root cause, and repair both the relationship and issue – just like you would an incident.

    Apply lessons learned from positive feedback

    Don’t neglect actions you can take from positive feedback – identify how you can expand upon or leverage the things you’re doing well.

    Use feedback in coaching and training

    Share positive experiences with the team as lessons learned, and use negative feedback as an input to coaching and training.

    Make the change stick

    After making a change, train and communicate it to your team to ensure the change sticks and any negative experiences don’t happen again.

    “Without converting feedback into actions, surveys can become just a pointless exercise in number watching.”

    – David O’Reardon, Founder & CEO of Silversix

    Info-Tech Insight

    Outline exactly what you plan to do to address customer feedback in an action plan, and regularly review that action plan to select and prioritize initiatives and monitor progress.

    For more guidance on tracking and prioritizing ongoing improvement initiatives, see the blueprints Optimize the Service Desk with a Shift Left Strategy and Build a Continual Improvement Plan for the Service Desk.

    Leverage Info-Tech resources to guide your improvement efforts

    Map your identified improvements to the relevant resource that can help:

    Improve service desk processes:

    Improve end-user self-service options:

    Assess and optimize service desk staffing:

    Improve ease of contacting the service desk:

    Standardize the Service Desk Optimize the Service Desk With a Shift-Left Strategy Staff the Service Desk to Meet Demand Improve Service Desk Ticket Intake

    Improve service desk processes:

    Improve end-user self-service options:

    Assess and optimize service desk staffing:

    Improve ease of contacting the service desk::

    Improve Incident and Problem Management Improve Incident and Problem Management Deliver a Customer Service Training Program to Your IT Department Modernize and Transform Your End-User Computing Strategy

    Map process for acting on relationship survey feedback

    Use Info-Tech’s Relationship Satisfaction Survey Review Process workflow as a template to define your own process.

    The image contains a screenshot of the Relationship Satisfaction Survey Review Process.

    Map process for acting on transactional survey feedback

    Use Info-Tech’s Transactional Satisfaction Survey Review Process workflow as a template to define your own process.

    The image contains a screenshot of the Transactional Satisfaction Survey Review Process.

    Related Info-Tech Research

    Standardize the Service Desk

    This project will help you build and improve essential service desk processes, including incident management, request fulfillment, and knowledge management to create a sustainable service desk.

    Optimize the Service Desk With a Shift-Left Strategy

    This project will help you build a strategy to shift service support left to optimize your service desk operations and increase end-user satisfaction.

    Build a Continual Improvement Plan

    This project will help you build a continual improvement plan for the service desk to review key processes and services and manage the progress of improvement initiatives.

    Deliver a Customer Service Training Program to Your IT Department

    This project will help you deliver a targeted customer service training program to your IT team to enhance their customer service skills when dealing with end users, improve overall service delivery and increase customer satisfaction.

    Sources Cited

    Amaresan, Swetha. “The best time to send a survey, according to 5 studies.” Hubspot. 15 Jun 2021. Accessed October 2022.
    Arlen, Chris. “The 5 Service Dimensions All Customers Care About.” Service Performance Inc. n.d. Accessed October 2022.
    Clinton, William Jefferson. “Setting Customer Service Standards.” (1993). Federal Register, 58(176).
    “Understanding Confidentiality and Anonymity.” The Evergreen State College. 2022. Accessed October 2022.
    "Highlights of the 2017 U.S. PIAAC Results Web Report" (NCES 2020-777). U.S. Department of Education. Institute of Education Sciences, National Center for Education Statistics.
    Joe the IT Guy. “Are IT Support’s Customer Satisfaction Surveys Their Own Worst Enemy?” Joe the IT Guy. 29 August 2018. Accessed October 2022.
    O’Reardon, David. “10 Ways to Get the Most out of your ITSM Ticket Surveys.” LinkedIn. 2 July 2019. Accessed October 2022.
    O'Reardon, David. "13 Ways to increase the response rate of your Service Desk surveys".LinkedIn. 8 June 2016. Accessed October 2022.
    O’Reardon, David. “IT Customer Feedback Management – A Why & How Q&A with an Expert.” LinkedIn. 13 March 2018. Accessed October 2022.
    Parasuraman, A., Zeithaml, V. A., & Berry, L. L. (1985). "A Conceptual Model of Service Quality and Its Implications for Future Research." Journal of Marketing, 49(4), 41–50.
    Quantisoft. "How to Increase IT Help Desk Customer Satisfaction and IT Help Desk Performance.“ Quantisoft. n.d. Accessed November 2022.
    Rumberg, Jeff. “Metric of the Month: Customer Effort.” HDI. 26 Mar 2020. Accessed September 2022.
    Sauro, Jeff. “15 Common Rating Scales Explained.” MeasuringU. 15 August 2018. Accessed October 2022.
    SDI. “Customer Experience in ITSM.” SDI. 2018. Accessed October 2022.
    SDI. “CX: Delivering Happiness – The Series, Part 1.” SDI. 12 January 2021. Accessed October 2022.
    Wronski, Laura. “Who responds to online surveys at each hour of the day?” SurveyMonkey. n.d. Accessed October 2022.

    Research contributors

    Sally Colwell

    Project Officer

    Government of Canada Pension Centre

    Define and Deploy an Enterprise PMO

    • Buy Link or Shortcode: {j2store}189|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $471,249 Average $ Saved
    • member rating average days saved: 53 Average Days Saved
    • Parent Category Name: Project Management Office
    • Parent Category Link: /project-management-office
    • As an enterprise PMO leader, you need to evolve your PMO framework beyond an IT-centric model of project portfolio management (PPM) to optimize communication and coordination on enterprise-wide initiatives.
    • While senior leaders are demanding greater uniformity in strategic project execution, individual departments currently operate—to the detriment of the organization—as sovereign silos.
    • You know that the answer is a more strategically aligned enterprise PMO framework, but you’re unsure of how to start building the case for one, especially when the majority of upper management view PMOs as support entities rather than strategic partners.

    Our Advice

    Critical Insight

    • An EPMO can’t simply be imposed on an organization. If it is not backed by an executive sponsor, then there needs to be an identifiable business value in implementing one, and you need to communicate this value to stakeholders throughout the enterprise.
    • EPMOs add value not by enforcing project or program governance, but by helping organizations achieve strategic goals and manage change.
    • EPMOs enable organizations to succeed on enterprise-wide initiatives by connecting the individual parts to the whole. They should serve as the coordinating mechanism that ensures the flow of information and resources across departments and programs.

    Impact and Result

    • Find the right balance between a command and control approach that dictates governance standards versus an approach that gives business units flexibility to manage projects, programs, and portfolios the way they see fit, as long as they meet certain reporting, process, and record keeping requirements.
    • Effectively define the EPMO’s role, reach, and authority in terms of Portfolio Governance, Project Leadership, and PPM Administration. An organizationally appropriate mix of these three practices will not only ensure stakeholder buy-in, but it will help foster the right conditions for EPMO success.
    • Build strong cross-departmental relationships upon soft or informal grounds by positioning your EPMO as your organization’s portfolio network, i.e. an enterprise hub that facilitates the flow of reliable information and enables timely responsiveness to change.

    Define and Deploy an Enterprise PMO Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how implementing an EPMO could help your organization achieve business goals, review Info-Tech’s methodology, and discover the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Gather requirements

    Evaluate executive stakeholder needs and assess your current capabilities to ensure your implementation strategy sets realistic expectations.

    • Define and Deploy an Enterprise PMO – Phase 1: Gather Requirements
    • EPMO Capabilities Survey

    2. Define the plan

    Define an organizationally appropriate scope and mandate for your EPMO to ensure that your processes serve the needs of the whole.

    • Define and Deploy an Enterprise PMO – Phase 2: Define the Plan
    • EPMO Charter Template
    • EPMO Communication Planning Template

    3. Implement the plan

    Establish clearly defined and easy-to-follow EPMO processes that minimize project complexity and improve enterprise project results.

    • Define and Deploy an Enterprise PMO – Phase 3: Implement the Plan
    • EPMO Process Guide and SOP Template
    • EPMO Communications Template
    [infographic]

    Workshop: Define and Deploy an Enterprise PMO

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Gather Requirements

    The Purpose

    Identify breakdowns in the flow of portfolio data across the enterprise to pinpoint where and how an EPMO can best intervene.

    Assess areas of strength and opportunity in your PPM capabilities to help structure and drive the EPMO.

    Define stakeholder needs and expectations for the EPMO in order to cultivate capabilities and services that help drive informed and engaged project decisions at the executive level.

    Key Benefits Achieved

    A current state picture of the triggers that are driving the need for an EPMO at your organization.

    A current state understanding of the strengths you bring to the table in constructing an EPMO as well as the areas you need to focus on in building up your capabilities.

    A target state set by stakeholder requirements and expectations, which will enable you to build out an implementation strategy that is aligned with the needs of the executive layer.

    Activities

    1.1 Map current enterprise PPM workflows.

    1.2 Conduct a SWOT analysis.

    1.3 Identify resourcing considerations and other implementation factors.

    1.4 Survey stakeholders to establish the right mix of EPMO capabilities.

    Outputs

    An overview of the flow of portfolio data and information across the organization

    An overview of current strengths, weaknesses, opportunities, and threats

    A preliminary assessment of internal and external factors that could impact the success of this implementation

    The ability to construct a project plan that is aligned with stakeholder needs and expectations

    2 Define the Plan

    The Purpose

    Define an appropriate scope for the EPMO and the deployment it services.

    Devise a plan for engaging and including the appropriate stakeholders during the implementation phase.

    Key Benefits Achieved

    A clear purview for the EPMO in relation to the wider enterprise in order to establish appropriate expectations for the EPMO’s services throughout the organization.

    Engaged stakeholders who understand that they have a stake in the successful implementation of the EPMO.

    Activities

    2.1 Prepare your EPMO value proposition.

    2.2 Define the role and organizational reach of your EPPM capabilities.

    2.3 Establish a communication plan to create stakeholder awareness.

    Outputs

    A clear statement of purpose and benefit that can be used to help build the case for an EPMO with stakeholders

    A functional charter defining the scope of the EPMO and providing a statement of the services the EPMO will provide once established

    An engaged executive layer that understands the value of the EPMO and helps drive its success

    3 Implement the Plan

    The Purpose

    Establish clearly defined and easy-to-follow EPMO processes that minimize project complexity.

    Develop portfolio and project governance structures that feed the EPMO with the data decision makers require without overloading enterprise project teams with processes they can’t support.

    Devise a communications strategy that helps achieve organizational buy-in.

    Key Benefits Achieved

    The reduction of project chaos and confusion throughout the organization.

    Processes and governance requirements that work for both decision makers and project teams.

    Organizational understanding of the universal benefit of the EPMO’s processes to stakeholders throughout the enterprise. 

    Activities

    3.1 Establish EPMO roles and responsibilities.

    3.2 Document standard procedures around enterprise portfolio reporting, PPM administration, and project leadership.

    3.3 Review enterprise PPM solutions.

    3.4 Develop a stakeholder engagement and resistance plan.

    Outputs

    Clear lines of portfolio accountability

    A fully actionable EPMO Standard Operating Procedure document that will enable process clarity

    An informed understanding of the right PPM solution for your enterprise processes

    A communications strategy document to help communicate the organizational benefits of the EPMO

    Corporate security consultancy

    Corporate security consultancy

    Based on experience
    Implementable advice
    human-based and people-oriented

    Engage our corporate security consultancy firm to discover any weaknesses within your company’s security management. Tymans Group has extensive expertise in helping small and medium businesses set up clear security protocols to safeguard their data and IT infrastructure. Read on to discover how our consulting firm can help improve corporate security within your company.

    Why should you hire a corporate security consultancy company?

    These days, corporate security includes much more than just regulating access to your physical location, be it an office or a store. Corporate security increasingly deals in information and data security, as well as general corporate governance and responsibility. Proper security protocols not only protect your business from harm, but also play an important factor in your overall success. As such, corporate security is all about setting up practical and effective strategies to protect your company from harm, regardless of whether the threat comes from within or outside. As such, hiring a security consulting firm to improve corporate security and security management within your company is not an unnecessary luxury, but a must.

    Security and risk management

    Our security and risk services

    Security strategy

    Security Strategy

    Embed security thinking through aligning your security strategy to business goals and values

    Read more

    Disaster Recovery Planning

    Disaster Recovery Planning

    Create a disaster recovey plan that is right for your company

    Read more

    Risk Management

    Risk Management

    Build your right-sized IT Risk Management Program

    Read more

    Check out all our services

    Improve your corporate security with help from our consulting company

    As a consultancy firm, Tymans Group can help your business to identify possible threats and help set up strategies to avoid them. However, as not all threats can be avoided, our corporate security consultancy firm also helps you set up protocols to mitigate and manage them, as well as help you develop effective incident management protocols. All solutions are practical, people-oriented and based on our extensive experience and thus have proven effectiveness.

    Hire our experienced consultancy firm

    Engage the services of our consulting company to improve corporate security within your small or medium business. Contact us to set up an appointment on-site or book a one-hour talk with expert Gert Taeymans to discuss any security issues you may be facing. We are happy to offer you a custom solution.

    Continue reading

    Understand the Difference Between Backups and Archives

    • Buy Link or Shortcode: {j2store}506|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • You don’t understand the difference between a backup and an archive or when to use one or the other.
    • Data is not constant. It is ever-changing and growing. How do you protect it?
    • You just replaced an application that was in use since day one, and even though you have a fully functional replacement, you would like to archive that original application just in case.
    • You want to save money, so you use your backup solution to archive data, but you know that is not ideal. What is the correct solution?

    Our Advice

    Critical Insight

    Keep in mind that backups are for recovery while archives are for discovery. Backups and archives are often confused but understanding the differences can result in significant savings of time and money. Backing up and archiving may be considered IT tasks, but recovery and discovery are capabilities the business wants and is willing to pay for.

    Impact and Result

    Archives and backups are not the same, and there is a use case for each. Sometimes minor adjustments may be required to make the use case work. Understanding the basics of backups and archives can lead to significant savings at a monetary and effort level.

    Understand the Difference Between Backups and Archives Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the Difference Between Backups and Archives

    What is the difference between a backup and a data archive? When should I use one over the other? They are not the same and confusing the two concepts could be expensive.

    • Understand the Difference Between Backups and Archives Storyboard
    [infographic]

    Further reading

    Understand the Difference Between Backups and Archives

    They are not the same, and confusing the two concepts could be expensive

    Analyst Perspective

    Backups and archives are not interchangeable, but they can complement each other.

    Photo of P.J. Ryan, Research Director, Infrastructure & Operations, Info-Tech Research Group.

    Backups and archives are two very different operations that are quite often confused or misplaced. IT and business leaders are tasked with protecting corporate data from a variety of threats. They also must conform to industry, geographical, and legal compliance regulations. Backup solutions keep the data safe from destruction. If you have a backup, why do you also need an archive? Archive solutions hold data for a long period of time and can be searched. If you have an archive, why do you also need a backup solution? Backups and archives used to be the same. Remember when you would keep the DAT tape in the same room as the argon gas fire suppression system for seven years? Now that's just not feasible. Some situations require a creative approach or a combination of backups and archives.

    Understand the difference between archives and backups and you will understand why the two solutions are necessary and beneficial to the business.

    P.J. Ryan
    Research Director, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • You don’t understand the difference between a backup and an archive or when to use one over the other.
    • Data is not constant. It is ever-changing and growing. How do you protect it?
    • You just replaced an application that had been in use since day one, and even though you have a fully functional replacement, you would like to archive that original application just in case.
    • You want to save money, so you use your backup solution to archive data, but you know that is not ideal. What is the correct solution?
    Common Obstacles
    • Storage costs can be expensive, as can some backup and archiving solutions.
    • Unclear requirements definition to decide between backups or archives.
    • Historically, people referred to archiving as tossing something into a box and storing it away indefinitely. Data archiving has a different meaning.
    • Executives want retired applications preserved but do not provide reasons or requirements.
    Info-Tech’s Approach
    • Spend wisely. Why spend money on an archive solution when a backup will suffice? Don’t leave money on the table.
    • Be creative and assess each backup or archive situation carefully. A custom solution may be required.
    • Backup your production data for the purpose of restoring it and adhere to the 3-2-1 rule of backups (Naviko.com).
    • Archive your older data to an alternate storge platform to save space, allow for searchability, and provide retention parameters.

    Info-Tech Insight

    Keep in mind that backups are for recovery while archives are for discovery. Backups and archives are often confused but understanding the differences can result in significant savings of time and money. Backing up and archiving may be considered IT tasks but recovery and discovery are capabilities the business wants and is willing to pay for.

    Archive

    What it IS

    A data archive is an alternate location for your older, infrequently accessed production data. It is indexed and searchable based on keywords. Archives are deleted after a specified period based on your retention policy or compliance directives.

    What it IS NOT

    Archives are not an emergency copy of your production data. They are not any type of copy of your production data. Archives will not help you if you lose your data or accidentally delete a file. Archives are not multiple copies of production data from various recovery points.

    Why use it

    Archives move older data to an alternate location. This frees up storage space for your current data. Archives are indexed and can be searched for historical purposes, compliance reasons, or in the event of a legal matter where specific data must be provided to a legal team.

    Tips & Tricks – Archiving

    • Archiving will move older data to an alternate location. This will free up storage space in the production environment.
    • Archiving solutions index the data to allow for easier searchability. This will aid in common business searches as well as assist with any potential legal searches.
    • Archiving allows companies to hold onto data for historical purposes as well as for specific retention periods in compliance with industry and regional regulations such as SOX, GDPR, FISMA, as well as others (msp360.com).

    Backup

    What it IS

    A backup is a copy of your data from a specific day and time. It is primarily used for recovery or restoration if something happens to the production copy of data. The restore will return the file or folder to the state it was in at the time of the backup.

    Backups occur frequently to ensure the most recent version of data is copied to a safe location.

    A typical backup plan makes a copy of the data every day, once a week, and once a month. The data is stored on tapes, disk, or using cloud storage.

    What it IS NOT

    Backups are not designed for searching or discovery. If you backup your email and must go to that backup in search of all email pertaining to a specific topic, you must restore the full backup and then search for that specific topic or sender. If you kept all the monthly backups for seven years, that will mean repeating that process 84 times to have a conclusive search, assuming you have adequate storage space to restore the email database 84 times.

    Backups do not free up space.

    Why use it

    Backups protect your data in the event of disaster, deletion, or accidental damage. A good backup strategy will include multiple backups on different media and offsite storage of at least one copy.

    Tips & Tricks – Backups

    • Production data should be backed up on a regular basis, ideally once a day or more frequently if possible.
    • Backups are intended to restore data when it gets deleted, over-written, or otherwise compromised. Most restore requests are from the last 24 to 48 hours, so it may be advantageous to keep a backup readily available on disk for a quick restore when needed.
    • Some vendors and industry subject matter experts advocate the use of a 3-2-1 rule when it comes to backups:
      • Keep three copies of your production data
      • In at least two separate locations (some advocate two different formats), and
      • One copy should be offsite (nakivo.com)

    Cold Storage

    • Cold storage refers to a storage option offered by some cloud vendors. In the context of the discussion between backups and archives, it can be an option for a dedicated backup solution for a specific period. Cost is low and the data is protected from destruction.
    • If an app has been replaced and all data transferred to the replacement solution but for some reason the company wishes to hold onto the data, you want a backup, not an archive. Extract the data, convert it into MongoDB or a similar solution, and drop it into cheap cloud storage (cold storage) for less than $5 per TB/month.

    Case Study

    Understanding the difference between archives and backups could save you a lot of time and money

    INDUSTRY: Manufacturing | SOURCE: Info-Tech Research

    Understanding the difference between an archive and a backup was the first step in solving their challenge.

    A leading manufacturing company found themselves in a position where they had to decide between archiving or doing nothing.

    The company had completed several acquisitions and ended up with multiple legacy applications that had been merged or migrated into replacement solutions. These legacy applications were very important to the original companies and although the data they held had been migrated to a replacement solution, executives felt they should hold onto these applications for a period of time, just in case.

    Some of the larger applications were archived using a modern archiving solution, but when it came to the smaller applications, the cost to add them to the archiving solution greatly exceeded the cost to just keep them running and maintain the associated infrastructure.

    A research advisor from Info-Tech Research Group joined a call with the manufacturing company and discussed their situation. The difference between archives and backups was explained and through the course of the conversation it was discovered that the solution was a modified backup. The application data had already been preserved through the migration, so data could be accessed in the production environment. The requirement to keep the legacy application up and running was not necessary but in compliance with the request to keep the information, the data could be exported from the legacy application into a non-sequential database, compressed, and stored in cloud-based cold storage for less than five dollars per terabyte per month. The manufacturing company’s staff realized that they could apply this same approach to several of their legacy applications and save tens of thousands of dollars in the process.

    Understand the Difference Between Backups and Archives

    Backups

    Backups are for recovery. A backup is a snapshot copy of production data at a specific point in time. If the production data is lost, destroyed, or somehow compromised, the data can be restored from the backup.

    Archives

    Archives are for discovery. It is production data that is moved to an alternate location to free up storage space, allow the data to be searchable, and still hold onto the data for historical or compliance purposes.

    Info-Tech Insight

    Archives and backups are not the same, and there is a use case for each. Sometimes minor adjustments may be required to make the use case work. Understanding the basics of backups and archives can lead to significant savings at a monetary and effort level.

    Additional Guidance

    Production data should be backed up.

    The specific backup solution is up to the business.

    Production data that is not frequently accessed should be archived.

    The specific solution to perform and manage the archiving of the data is up to the business

    • Archived data should also be backed up at least once.
    If the app has been replaced and all data transferred, you want a backup not an archive if you want to keep the data.
    • Short term – fence it off.
    • Long term – extract into Mongo then drop it into cheap cloud storage.

    Case Study

    Using tape backups as an archive solution could result in an expensive discovery and retrieval exercise.

    INDUSTRY: Healthcare | SOURCE: Zasio Enterprises Inc.

    “Do not commingle archive data with backup or disaster recovery tapes.”

    A court case in the United States District Court for the District of Nevada involving Guardiola and Renown Health in 2015 is a good example of why using a backup solution to solve an archiving challenge is a bad idea.

    Renown Health used a retention policy that declared any email older than six months of age as inactive and moved that email to a backup tape. Renown Health was ordered by the court to produce emails from a period of time in the past. Renown estimated that it would cost at least $248,000 to produce those emails, based on the effort involved to restore data from each tape and search for the email in question. Renown Health argued that this long and expensive process would result in undue costs.

    The court reviewed the situation and ruled against Renown Health and ordered them to comply with the request (Zasio.com).

    A proper archiving solution would have provided a quick and low-cost method to retrieve the emails in question.

    Backups and archives are complementary to each other

    • Archives are still production data, but the data does not change. A backup is recommended for the archived data, but the frequency of the backups can be lowered.
    • Backups protect you if a disaster strikes by providing a copy of the production data that was compromised or damaged. Archives allow you to access older data that may have just been forgotten, not destroyed or compromised. Archives could also protect you in a legal court case by providing data that is older but may prove your argument in court.

    Archives and backups are not the same.

    Backups copy your data. Archives move your data. Backups facilitate recovery. Archives facilitate discovery.

    Archive Backup
    Definition Move rarely accessed (but still production) data to separate media. Store a copy of frequently used data on a separate media to ensure timely operational recovery.
    Use Case Legal discovery, primary storage reduction, compliance requirements, and audits. Accidental deletion and/or corruption of data, hardware/software failures.
    Method Disk, cloud storage, appliance. Disk, backup appliance, snapshots, cloud.
    Data Older, rarely accessed production data. Current production data.

    Is it a backup or archive?

    • You want to preserve older data for legal and compliance reasons, so you put extra effort into keeping your tape backups safe and secure for seven years. That’s a big mistake that may cost you time and money. You want an archive solution.
    • You replace your older application and migrate all data to the new system, but you want to hold onto the old data, just in case. That’s a backup, not an archive.
    • A long serving senior executive recently left the company. You want to preserve the contents of the executive's laptop in case it is needed in the future. That’s a backup.

    Considerations When Choosing Between Solutions

    1

    Backup or archive?

    2

    What are you protecting?

    3

    Why are you protecting data?

    4

    Solution

    Backup

    Backup and/or archive.
    Additional information required.
    Column 3 may help

    Archive

    Device

    Data

    Application

    Operational Environment

    Operational recovery

    Disaster recovery

    Just in case

    Production storage space reduction

    Retention and preservation

    Governance, risk & compliance

    Backup

    Archive

    Related Info-Tech Research

    Stock image of light grids and flares. Establish an Effective Data Protection Plan

    Give data the attention it deserves by building a strategy that goes beyond backup.

    Stock image of old fuse box switches. Modernize Enterprise Storage

    Current and emerging storage technologies are disrupting the status quo – prepare your infrastructure for the exponential rise in data and its storage requirements.

    Logo for 'Software Reviews' and their information on 'Compare and Evaluate: Data Archiving.'
    Sample of Info-Tech's 'Data Archiving Policy'. Data Archiving Policy

    Bibliography

    “Backup vs. archiving: Know the difference.” Open-E. Accessed 05 Mar 2022.Web.

    G, Denis. “How to build retention policy.” MSP360, Jan 3, 2020. Accessed 10 Mar 2022.

    Ipsen, Adam. “Archive vs Backup: What’s the Difference? A Definition Guide.” BackupAssist, 28 Mar 2017. Accessed 04 Mar 2022.

    Kang, Soo. “Mitigating the expense of E-discovery; Recognizing the difference between back-ups and archived data.” Zasio Enterprises, 08 Oct 2015. Accessed 3 Mar 2022.

    Mayer, Alex. “The 3-2-1 Backup Rule – An Efficient Data Protection Strategy.” Naviko. Accessed 12 Mar 2022.

    “What is Data-Archiving?” Proofpoint. Accessed 07 Mar 2022.

    Develop a Use Case for Smart Contracts

    • Buy Link or Shortcode: {j2store}92|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Organizations today continue to use traditional and often archaic methods of manual processing with physical paper documents.
    • These error-prone methods introduce cumbersome administrative work, causing businesses to struggle with payments and contract disputes.
    • The increasing scale and complexity of business processes has led to many third parties, middlemen, and paper hand-offs.
    • Companies remain bogged down by expensive and inefficient processes while losing sight of their ultimate stakeholder: the customer. A failure to focus on the customer is a failure to do business.

    Our Advice

    Critical Insight

    • Simplify, automate, secure. Smart contracts enable businesses to simplify, automate, and secure traditionally complex transactions.
    • Focus on the customer. Smart contracts provide a frictionless experience for customers by removing unnecessary middlemen and increasing the speed of transactions.
    • New business models. Smart contracts enable the redesign of your organization and business-to-business relationships and transactions.

    Impact and Result

    • Simplify and optimize your business processes by using Info-Tech’s methodology to select processes with inefficient transactions, unnecessary middlemen, and excessive manual paperwork.
    • Use Info-Tech’s template to generate a smart contract use case customized for your business.
    • Customize Info-Tech’s stakeholder presentation template to articulate the goals and benefits of the project and get buy-in from business executives.

    Develop a Use Case for Smart Contracts Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should leverage smart contracts in your business, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Develop a Use Case for Smart Contracts – Phases 1-2

    1. Understand smart contracts

    Understand the fundamental concepts of smart contract technology and get buy-in from stakeholders.

    • Develop a Use Case for Smart Contracts – Phase 1: Understand Smart Contracts
    • Smart Contracts Executive Buy-in Presentation Template

    2. Develop a smart contract use case

    Select a business process, create a smart contract logic diagram, and complete a smart contract use-case deliverable.

    • Develop a Use Case for Smart Contracts – Phase 2: Develop the Smart Contract Use Case
    • Smart Contracts Use-Case Template

    [infographic]

    Workshop: Develop a Use Case for Smart Contracts

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Smart Contracts

    The Purpose

    Review blockchain basics.

    Understand the fundamental concepts of smart contracts.

    Develop smart contract use-case executive buy-in presentation.

    Key Benefits Achieved

    Understanding of blockchain basics.

    Understanding the fundamentals of smart contracts.

    Development of an executive buy-in presentation.

    Activities

    1.1 Review blockchain basics.

    1.2 Understand smart contract fundamentals.

    1.3 Identify business challenges and smart contract benefits.

    1.4 Create executive buy-in presentation.

    Outputs

    Executive buy-in presentation

    2 Smart Contract Logic Diagram

    The Purpose

    Brainstorm and select a business process to develop a smart contract use case around.

    Generate a smart contract logic diagram.

    Key Benefits Achieved

    Selected a business process.

    Developed a smart contract logic diagram for the selected business process.

    Activities

    2.1 Brainstorm candidate business processes.

    2.2 Select a business process.

    2.3 Identify phases, actors, events, and transactions.

    2.4 Create the smart contract logic diagram.

    Outputs

    Smart contract logic diagram

    3 Smart Contract Use Case

    The Purpose

    Develop smart contract use-case diagrams for each business process phase.

    Complete a smart contract use-case deliverable.

    Key Benefits Achieved

    Smart contract use-case diagrams.

    Smart contract use-case deliverable.

    Activities

    3.1 Build smart contract use-case diagrams for each phase of the business process.

    3.2 Create a smart contract use-case summary diagram.

    3.3 Complete smart contract use-case deliverable.

    Outputs

    Smart contract use case

    4 Next Steps and Action Plan

    The Purpose

    Review workshop week and lessons learned.

    Develop an action plan to follow through with next steps for the project.

    Key Benefits Achieved

    Reviewed workshop week with common understanding of lessons learned.

    Completed an action plan for the project.

    Activities

    4.1 Review workshop deliverables.

    4.2 Create action plan.

    Outputs

    Smart contract action plan

     

    Build Your Data Quality Program

    • Buy Link or Shortcode: {j2store}127|cart{/j2store}
    • member rating overall impact (scale of 10): 9.1/10 Overall Impact
    • member rating average dollars saved: $40,241 Average $ Saved
    • member rating average days saved: 33 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Experiencing the pitfalls of poor data quality and failing to benefit from good data quality, including:
      • Unreliable data and unfavorable output.
      • Inefficiencies and costly remedies.
      • Dissatisfied stakeholders.
    • The chances of successful decision-making capabilities are hindered with poor data quality.

    Our Advice

    Critical Insight

    • Address the root causes of your data quality issues and form a viable data quality program.
      • Be familiar with your organization’s data environment and business landscape.
      • Prioritize business use cases for data quality fixes.
      • Fix data quality issues at the root cause to ensure proper foundation for your data to flow.
    • It is important to sustain best practices and grow your data quality program.

    Impact and Result

    • Implement a set of data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.
    • Develop a prioritized data quality improvement project roadmap and long-term improvement strategy.
    • Build related practices such as artificial intelligence and analytics with more confidence and less risk after achieving an appropriate level of data quality.

    Build Your Data Quality Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should establish a data quality program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define your organization’s data environment and business landscape

    Learn about what causes data quality issues, how to measure data quality, what makes a good data quality practice in relation to your data and business environments.

    • Business Capability Map Template

    2. Analyze your priorities for data quality fixes

    Determine your business unit priorities to create data quality improvement projects.

    • Data Quality Problem Statement Template
    • Data Quality Practice Assessment and Project Planning Tool

    3. Establish your organization’s data quality program

    Revisit the root causes of data quality issues and identify the relevant root causes to the highest priority business unit, then determine a strategy for fixing those issues.

    • Data Lineage Diagram Template
    • Data Quality Improvement Plan Template

    4. Grow and sustain your data quality practices

    Identify strategies for continuously monitoring and improving data quality at the organization.

    Infographic

    Workshop: Build Your Data Quality Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your Organization’s Data Environment and Business Landscape

    The Purpose

    Evaluate the maturity of the existing data quality practice and activities.

    Assess how data quality is embedded into related data management practices.

    Envision a target state for the data quality practice.

    Key Benefits Achieved

    Understanding of the current data quality landscape

    Gaps, inefficiencies, and opportunities in the data quality practice are identified

    Target state for the data quality practice is defined

    Activities

    1.1 Explain approach and value proposition

    1.2 Detail business vision, objectives, and drivers

    1.3 Discuss data quality barriers, needs, and principles

    1.4 Assess current enterprise-wide data quality capabilities

    1.5 Identify data quality practice future state

    1.6 Analyze gaps in data quality practice

    Outputs

    Data Quality Management Primer

    Business Capability Map Template

    Data Culture Diagnostic

    Data Quality Diagnostic

    Data Quality Problem Statement Template

    2 Create a Strategy for Data Quality Project 1

    The Purpose

    Define improvement initiatives

    Define a data quality improvement strategy and roadmap

    Key Benefits Achieved

    Improvement initiatives are defined

    Improvement initiatives are evaluated and prioritized to develop an improvement strategy

    A roadmap is defined to depict when and how to tackle the improvement initiatives

    Activities

    2.1 Create business unit prioritization roadmap

    2.2 Develop subject areas project scope

    2.3 By subject area 1 data lineage analysis, root cause analysis, impact assessment, and business analysis

    Outputs

    Business Unit Prioritization Roadmap

    Subject area scope

    Data Lineage Diagram

    3 Create a Strategy for Data Quality Project 2

    The Purpose

    Define improvement initiatives

    Define a data quality improvement strategy and roadmap

    Key Benefits Achieved

    Improvement initiatives are defined

    Improvement initiatives are evaluated and prioritized to develop an improvement strategy

    A roadmap is defined to depict when and how to tackle the improvement initiatives

    Activities

    3.1 Understand how data quality management fits in with the organization’s data governance and data management programs

    3.2 By subject area 2 data lineage analysis, root cause analysis, impact assessment, and business analysis

    Outputs

    Data Lineage Diagram

    Root Cause Analysis

    Impact Analysis

    4 Create a Strategy for Data Quality Project 3

    The Purpose

    Determine a strategy for fixing data quality issues for the highest priority business unit

    Key Benefits Achieved

    Strategy defined for fixing data quality issues for highest priority business unit

    Activities

    4.1 Formulate strategies and actions to achieve data quality practice future state

    4.2 Formulate a data quality resolution plan for the defined subject area

    4.3 By subject area 3 data lineage analysis, root cause analysis, impact assessment, and business analysis

    Outputs

    Data Quality Improvement Plan

    Data Lineage Diagram

    5 Create a Plan for Sustaining Data Quality

    The Purpose

    Plan for continuous improvement in data quality

    Incorporate data quality management into the organization’s existing data management and governance programs

    Key Benefits Achieved

    Sustained and communicated data quality program

    Activities

    5.1 Formulate metrics for continuous tracking of data quality and monitoring the success of the data quality improvement initiative

    5.2 Workshop Debrief with Project Sponsor

    5.3 Meet with project sponsor/manager to discuss results and action items

    5.4 Wrap up outstanding items from the workshop, deliverables expectations, GIs

    Outputs

    Data Quality Practice Improvement Roadmap

    Data Quality Improvement Plan (for defined subject areas)

    Further reading

    Build Your Data Quality Program

    Quality Data Drives Quality Business Decisions

    Executive Brief

    Analyst Perspective

    Get ahead of the data curve by conquering data quality challenges.

    Regardless of the driving business strategy or focus, organizations are turning to data to leverage key insights and help improve the organization’s ability to realize its vision, key goals, and objectives.

    Poor quality data, however, can negatively affect time-to-insight and can undermine an organization’s customer experience efforts, product or service innovation, operational efficiency, or risk and compliance management. If you are looking to draw insights from your data for decision making, the quality of those insights is only as good as the quality of the data feeding or fueling them.

    Improving data quality means having a data quality management practice that is sustainably successful and appropriate to the use of the data, while evolving to keep pace with or get ahead of changing business and data landscapes. It is not a matter of fixing one data set at a time, which is resource and time intensive, but instead identifying where data quality consistently goes off the rails, and creating a program to improve the data processes at the source.

    Crystal Singh

    Research Director, Data and Analytics

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Your organization is experiencing the pitfalls of poor data quality, including:

    • Unreliable data and unfavorable output.
    • Inefficiencies and costly remedies.
    • Dissatisfied stakeholders.

    Poor data quality hinders successful decision making.

    Common Obstacles

    Not understanding the purpose and execution of data quality causes some disorientation with your data.

    • Failure to realize the importance/value of data quality.
    • Unsure of where to start with data quality.
    • Lack of investment in data quality.

    Organizations tend to adopt a project mentality when it comes to data quality instead of taking the strategic approach that would be all-around more beneficial in the long term.

    Info-Tech’s Approach

    Address the root causes of your data quality issues by forming a viable data quality program.

    • Be familiar with your organization’s data environment and business landscape.
    • Prioritize business use cases for data quality fixes.
    • Fixing data quality issues at the root cause to ensure a proper foundation for your data to flow.

    It is important to sustain best practices and grow your data quality program.

    Info-Tech Insight

    Fix data quality issues as close as possible to the source of data while understanding that business use cases will each have different requirements and expectations from data quality.

    Data is the foundation of your organization’s knowledge

    Data enables your organization to make decisions.

    Reliable data is needed to facilitate data consumers at all levels of the enterprise.

    Insights, knowledge, and information are needed to inform operational, tactical, and strategic decision-making processes. Data and information are needed to manage the business and empower business processes such as billing, customer touchpoints, and fulfillment.

    Raw Data

    Business Information

    Actionable Insights

    Data should be at the foundation of your organization’s evolution. The transformational insights that executives are constantly seeking can be uncovered with a data quality practice that makes high-quality, trustworthy information readily available to the business users who need it.

    98% of companies use data to improve customer experience. (Experian Data Quality, 2019)

    High-Level Data Architecture

    The image is a graphic, which at the top shows different stages of data, and in the lower part of the graphic shows the data processes.

    Build Your Data Quality Program

    1. Data Quality & Data Culture Diagnostics Business Landscape Exercise
    2. Business Strategy & Use Cases
    3. Prioritize Use Cases With Poor Quality

    Info-Tech Insight

    As data is ingested, integrated, and maintained in the various streams of the organization's system and application architecture, there are multiple points where the quality of the data can degrade.

    1. Understand the organization's data culture and data quality environment across the business landscape.
    2. Prioritize business use cases with poor data quality.
    3. For each use case, identify data quality issues and requirements throughout the data pipeline.
    4. Fix data quality issues at the root cause.
    5. As data flow through quality assurance monitoring checkpoints, monitor data to ensure good quality output.

    Insight:

    Proper application of data quality dimensions throughout the data pipeline will result in superior business decisions.

    Data quality issues can occur at any stage of the data flow.

    The image shows the flow of data through various stages: Data Creation; Data Ingestion; Data Accumulation and Engineering; Data Delivery; and Reporting & Analytics. At the bottom, there are two bars: the left one labelled Fix data quality root causes here...; and the right reads: ...to prevent expensive cures here.

    The image is a legend that accompanies the data flow graphic. It indicates that a white and green square icon indicates Data quality dimensions; a red cube indicates a potential point of data quality degradation; the pink square indicates Root cause of poor data quality; and a green flag indicates Quality Assurance Monitoring.

    Prevent the domino effect of poor data quality

    Data is the foundation of decisions made at data-driven organizations.

    Therefore, if there are problems with the organization’s underlying data, this can have a domino effect on many downstream business functions.

    Let’s use an example to illustrate the domino effect of poor data quality.

    Organization X is looking to migrate their data to a single platform, System Y. After the migration, it has become apparent that reports generated from this platform are inconsistent and often seem wrong. What is the effect of this?

    1. Time must be spent on identifying the data quality issues, and often manual data quality fixes are employed. This will extend the time to deliver the project that depends on system Y by X months.
    2. To repair these issues, the business needs to contract two additional resources to complete the unforeseen work. The new resources cost $X each, as well as additional infrastructure and hardware costs.
    3. Now, the strategic objectives of the business are at risk and there is a feeling of mistrust in the new system Y.

    Three key challenges impacting the ability to deliver excellent customer experience

    30% Poor data quality

    30% Method of interaction changing

    30% Legacy systems or lack of new technology

    95% Of organizations indicated that poor data quality undermines business performance.

    (Source: Experian Data Quality, 2019)

    Maintaining quality data will support more informed decisions and strategic insight

    Improving your organization’s data quality will help the business realize the following benefits:

    Data-Driven Decision Making

    Business decisions should be made with a strong rationale. Data can provide insight into key business questions, such as, “How can I provide better customer satisfaction?”

    89% Of CIOs surveyed say lack of quality data is an obstacle to good decision making. (Larry Dignan, CIOs juggling digital transformation pace, bad data, cloud lock0in and business alignment, 2020)

    Customer Intimacy

    Improve marketing and the customer experience by using the right data from the system of record to analyze complete customer views of transactions, sentiments, and interactions.

    94% Percentage of senior IT leaders who say that poor data quality impinges business outcomes. (Clint Boulton, Disconnect between CIOs and LOB managers weakens data quality, 2016)

    Innovation Leadership

    Gain insights on your products, services, usage trends, industry directions, and competitor results to support decisions on innovations, new products, services, and pricing.

    20% Businesses lose as much as 20% of revenue due to poor data quality. (RingLead Data Management Solutions, 10 Stats About Data Quality I Bet You Didn’t Know)

    Operational Excellence

    Make sure the right solution is delivered rapidly and consistently to the right parties for the right price and cost structure. Automate processes by using the right data to drive process improvements.

    10-20% The implementation of data quality initiatives can lead to reductions in corporate budget of up to 20%. (HaloBI, 2015)

    However, maintaining data quality is difficult

    Avoid these pitfalls to get the true value out of your data.

    1. Data debt drags down ROI – a high degree of data debt will hinder you from attaining the ROI you’re expecting.
    2. Lack of trust means lack of usage – a lack of confidence in data results in a lack of data usage in your organization, which negatively effects strategic planning, KPIs, and business outcomes.
    3. Strategic assets become a liability – bad data puts your business at risk of failing compliance standards, which could result in you paying millions in fines.
    4. Increased costs and inefficiency – time spent fixing bad data means less workload capacity for your important initiatives and the inability to make data-based decisions.
    5. Barrier to adopting data-driven tech – emerging technologies, such as predictive analytics and artificial intelligence, rely on quality data. Inaccurate, incomplete, or irrelevant data will result in delays or a lack of ROI.
    6. Bad customer experience – Running your business on bad data can hinder your ability to deliver to your customers, growing their frustration, which negatively impacts your ability to maintain your customer base.

    Info-Tech Insight

    Data quality suffers most at the point of entry. This is one of the causes of the domino effect of data quality – and can be one of the most costly forms of data quality errors due to the error propagation. In other words, fix data ingestion, whether through improving your application and database design or improving your data ingestion policy, and you will fix a large majority of data quality issues.

    Follow Our Data & Analytics Journey

    Data Quality is laced into Data Strategy, Data Management, and Data Governance.

    • Data Strategy
      • Data Management
        • Data Quality
        • Data Governance
          • Data Architecture
            • MDM
            • Data Integration
            • Enterprise Content Management
            • Information Lifecycle Management
              • Data Warehouse/Lake/Lakehouse
                • Reporting and Analytics
                • AI

    Data quality is rooted in data management

    Extract Maximum Benefit Out of Your Data Quality Management.

    • Data management is the planning, execution, and oversight of policies, practices, and projects that acquire, control, protect, deliver, and enhance the value of data and information assets (DAMA, 2009).
    • In other words, getting the right information, to the right people, at the right time.
    • Data quality management exists within each of the data practices, information dimensions, business resources, and subject areas that comprise the data management framework.
    • Within this framework, an effective data quality practice will replace ad hoc processes with standardized practices.
    • An effective data quality practice cannot succeed without proper alignment and collaboration across this framework.
    • Alignment ensures that the data quality practice is fit for purpose to the business.

    The DAMA DMBOK2 Data Management Framework

    • Data Governance
      • Data Quality
      • Data Architecture
      • Data Modeling & Design
      • Data Storage & Operations
      • Data Security
      • Data Integration & Interoperability
      • Documents & Content
      • Reference & Master Data
      • Data Warehousing & Business Intelligence
      • Meta-data

    (Source: DAMA International)

    Related Info-Tech Research

    Build a Robust and Comprehensive Data Strategy

    • People often think that the main problems they need to fix first are related to data quality when the issues transpire at a much larger level. This blueprint is the key to building and fostering a data-driven culture.

    Create a Data Management Roadmap

    • Refer to this blueprint to understand data quality in the context of data disciplines and methods for improving your data management capabilities.

    Establish Data Governance

    • Define an effective data governance strategy and ensure the strategy integrates well with data quality with this blueprint.

    Info-Tech’s methodology for Data Quality

    Phase Steps 1. Define Your Organization’s Data Environment and Business Landscape 2. Analyze Your Priorities for Data Quality Fixes 3. Establish Your Organization’s Data Quality Program 4. Grow and Sustain Your Data Quality Practice
    Phase Outcomes This step identifies the foundational understanding of your data and business landscape, the essential concepts around data quality, as well as the core capabilities and competencies that IT needs to effectively improve data quality. To begin addressing specific, business-driven data quality projects, you must identify and prioritize the data-driven business units. This will ensure that data improvement initiatives are aligned to business goals and priorities. After determining whose data is going to be fixed based on priority, determine the specific problems that they are facing with data quality, and implement an improvement plan to fix it. Now that you have put an improvement plan into action, make sure that the data quality issues don’t keep cropping up. Integrate data quality management with data governance practices into your organization and look to grow your organization’s overall data maturity.

    Info-Tech Insight

    “Data Quality is in the eyes of the beholder.”– Igor Ikonnikov, Research Director

    Data quality means tolerance, not perfection

    Data from Info-Tech’s CIO Business Vision Diagnostic, which represents over 400 business stakeholders, shows that data quality is very important when satisfaction with data quality is low.

    However, when data quality satisfaction hit a threshold, it became less important.

    The image is a line graph, with the X-axis labelled Satisfaction with Data Quality, and the Y axis labelled Rated Importance for Data Quality. The line begins high, and then descends. There is text inside the graph, which is transcribed below.

    Respondents were asked “How satisfied are you with the quality, reliability, and effectiveness of the data you use to manage your group?” as well as to rank how important data quality was to their organization.

    When the business satisfaction of data quality reached a threshold value of 71-80%, the rated importance reached its lowest value.

    Info-Tech Insight

    Data needs to be good, but truly spectacular data may go unnoticed.

    Provide the right level of data quality, with the appropriate effort, for the correct usage. This blueprint will help you to determine what “the right level of data quality” means, as well as create a plan to achieve that goal for the business.

    Data Roles and Responsibilities

    Data quality occurs through three main layers across the data lifecycle

    Data Strategy

    Data Strategy should contain Data Quality as a standard component.

    ← Data Quality issues can occur throughout at any stage of the data flow →

    DQ Dimensions

    Timeliness – Representation – Usability – Consistency – Completeness – Uniqueness – Entry Quality – Validity – Confidence – Importance

    Source System Layer

    • Data Resource Manager/Collector: Enters data into a database and ensures that data collection sources are accurate

    Data Transformation Layer

    • ETL Developer: Designs data storage systems
    • Data Engineer: Oversees data integrations, data warehouses and data lakes, data pipelines
    • Database Administrator: Manages database systems, ensures they meet SLAs, performances, backups
    • Data Quality Engineer: Finds and cleanses bad data in data sources, creates processes to prevent data quality problems

    Consumption Layer

    • Data Scientist: Gathers and analyses data from databases and other sources, runs models, and creates data visualizations for users
    • BI Analyst: Evaluates and mines complex data and transforms it into insights that drive business value. Uses BI software and tools to analyze industry trends and create visualizations for business users
    • Data Analyst: Extracts data from business systems, analyzes it, and creates reports and dashboards for users
    • BI Engineer: Documents business needs on data analysis and reporting and develops BI systems, reports, and dashboards to support them
    Data Creation → [SLA] Data Ingestion [ QA] →Data Accumulation & Engineering → [SLA] Data Delivery [QA] →Reporting & Analytics
    Fix Data Quality root causes here… to prevent expensive cures here.

    Executive Brief Case Study

    Industry: Healthcare

    Source: Primary Info-Tech Research

    Align source systems to maximize business output.

    A healthcare insurance agency faced data quality issues in which a key business use case was impacted negatively. Business rules were not well defined, and default values instead of real value caused a concern. When dealing with multiple addresses, data was coming from different source systems.

    The challenge was to identify the most accurate address, as some were incomplete, and some lacked currency and were not up to date. This especially challenged a key business unit, marketing, to derive business value in performing key activities by being unable to reach out to existing customers to advertise any additional products.

    For this initiative, this insurance agency took an economic approach by addressing those data quality issues using internal resources.

    Results

    Without having any MDM tools or having a master record or any specific technology relating to data quality, this insurance agency used in-house development to tackle those particular issues at the source system. Data quality capabilities such as data profiling were used to uncover those issues and address them.

    “Data quality is subjective; you have to be selective in terms of targeting the data that matters the most. When getting business tools right, most issues will be fixed and lead to achieving the most value.” – Asif Mumtaz, Data & Solution Architect

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostic and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3 Phase 4
    • Call #1: Learn about the concepts of data quality and the common root causes of poor data quality.
    • Call #2: Identify the core capabilities of IT for improving data quality on an enterprise scale.
    • Call #3: Determine which business units use data and require data quality remediation.
    • Call #4: Create a plan for addressing business unit data quality issues according to priority of the business units based on value and impact of data.
    • Call #5: Revisit the root causes of data quality issues and identify the relevant root causes to the highest priority business unit.
    • Call #6: Determine a strategy for fixing data quality issues for the highest priority business unit.
    • Call #7: Identify strategies for continuously monitoring and improving data quality at the organization.
    • Call #8: Learn how to incorporate data quality practices in the organization’s larger data management and data governance frameworks.
    • Call #9: Summarize results and plan next steps on how to evolve your data landscape.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between eight to twelve calls over the course of four to six months.

    Workshop Overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Define Your Organization’s Data Environment and Business Landscape Create a Strategy for Data Quality Project 1 Create a Strategy for Data Quality Project 2 Create a Strategy for Data Quality Project 3 Create a Plan for Sustaining Data Quality
    Activities
    1. Explain approach and value proposition.
    2. Detail business vision, objectives, and drivers.
    3. Discuss data quality barriers, needs, and principles.
    4. Assess current enterprise-wide data quality capabilities.
    5. Identify data quality practice future state.
    6. Analyze gaps in data quality practice.
    1. Create business unit prioritization roadmap.
    2. Develop subject areas project scope.
    3. By subject area 1:
    • Data lineage analysis
    • Root cause analysis
    • Impact assessment
    • Business analysis
    1. Understand how data quality management fits in with the organization’s data governance and data management programs.
    2. By subject area 2:
    • Data lineage analysis
    • Root cause analysis
    • Impact assessment
    • Business analysis
    1. Formulate strategies and actions to achieve data quality practice future state.
    2. Formulate data quality resolution plan for defined subject area.
    3. By subject area 3:
    • Data lineage analysis
    • Root cause analysis
    • Impact assessment
    • Business analysis
    1. Formulate metrics for continuous tracking of data quality and monitoring the success of the data quality improvement initiative.
    2. Workshop Debrief with Project Sponsor.
    • Meet with project sponsor/manager to discuss results and action items.
    • Wrap up outstanding items from the workshop, deliverables expectations, GIs.
    Deliverables
    1. Data Quality Management Primer
    2. Business Capability Map Template
    3. Data Culture Diagnostic
    4. Data Quality Diagnostic
    5. Data Quality Problem Statement Template
    1. Business Unit Prioritization Roadmap
    2. Subject area scope
    3. Data Lineage Diagram
    1. Data Lineage Diagram
    2. Root Cause Analysis
    3. Impact Analysis
    1. Data Lineage Diagram
    2. Data Quality Improvement Plan
    1. Data Quality Practice Improvement Roadmap
    2. Data Quality Improvement Plan (for defined subject areas)

    Phase 1

    Define Your Organization’s Data Environment and Business Landscape

    Build Your Data Quality Program

    Data quality is a methodology and must be treated as such

    A comprehensive data quality practice includes appropriate business requirements gathering, planning, governance, and oversight capabilities, as well as empowering technologies for properly trained staff, and ongoing development processes.

    Some common examples of appropriate data management methodologies for data quality are:

    • The data quality team has the necessary competencies and resources to perform the outlined workload.
    • There are processes that exist for continuously evaluating data quality performance capabilities.
    • Improvement strategies are designed to increase data quality performance capabilities.
    • Policies and procedures that govern data quality are well-documented, communicated, followed, and updated.
    • Change controls exist for revising policies and procedures, including communication of updates and changes.
    • Self-auditing techniques are used to ensure business-IT alignment when designing or recalibrating strategies.

    Effective data quality practices coordinate with other overarching data disciplines, related data practices, and strategic business objectives.

    “You don’t solve data quality with a Band-Aid; you solve it with a methodology.” – Diraj Goel, Growth Advisor, BC Tech

    Data quality can be defined by four key quality indicators

    Similar to measuring the acidity of a substance with a litmus test, the quality of your data can be measured using a simple indicator test. As you learn about common root causes of data quality problems in the following slides, think about these four quality indicators to assess the quality of your data:

    • Completeness – Closeness to the correct value. Encompasses accuracy, consistency, and comparability to other databases.
    • Usability – The degree to which data meets current user needs. To measure this, you must determine if the user is satisfied with the data they are using to complete their business functions.
    • Timeliness – Length of time between creation and availability of data.
    • Accessibility – How easily a user can access and understand the data (including data definitions and context). Interpretability can also be used to describe this indicator.

    Info-Tech Insight

    Quality is a relative term. Data quality is measured in terms of tolerance. Perfect data quality is both impossible and a waste of time and effort.

    How to get investment for your data quality program

    Follow these steps to convince leadership of the value of data quality:

    “You have to level with people, you cannot just start talking with the language of data and expect them to understand when the other language is money and numbers.” – Izabela Edmunds, Information Architect at Mott MacDonald

    1. Perform Phases 0 & 1 of this blueprint as this will offer value in carrying out the following steps.
    2. Build credibility. Show them your understanding of data and how it aligns to the business.
    3. Provide tangible evidence of how significant business use cases are impacted by poor quality data.
    4. Present the ROI of fixing the data quality issues you have prioritized.
    5. Explain how the data quality program will be established, implemented, and sustained.
    6. Prove the importance of fixing data quality issues at the source and how it is the most efficient, effective, and cost-friendly solution.

    Phase 1 deliverables

    Each of these deliverables serve as inputs to detect key outcomes about your organization and to help complete this blueprint:

    1. Data Culture Diagnostic

    Use this report to understand where your organization lies across areas relating to data culture.

    While the Quality & Trust area of the report might be most prevalent to this blueprint, this diagnostic may point out other areas demanding more attention.

    Please speak to your account manager for access

    2. Business Capability Map Template

    Perform this process to understand the capabilities that enable specific value streams. The output of this deliverable is a high-level view of your organization’s defined business capabilities.

    Download this tool

    Info-Tech Insight

    Understanding your data culture and business capabilities are foundational to starting the journey of data quality improvement.

    Key deliverable:

    3. Data Quality Diagnostic

    The Data Quality Report is designed to help you understand, assess, and improve key organizational data quality issues. This is where respondents across various areas in the organization can assess Data Quality across various dimensions.

    Download this tool

    Data Quality Diagnostic Value

    Prioritize business use cases with our data quality dimensions.

    • Complete this diagnostic for each major business use case. The output from the Data Culture Diagnostic and the Business Capability Map should help you understand which use cases to address.
    • Involve all key stakeholders involved in the business use case. There may be multiple business units involved in a single use case.
    • Prioritize the business use cases that need the most attention pertaining to data quality by comparing the scores of the Importance and Confidence data quality dimensions.

    If there are data elements that are considered of high importance and low confidence, then they must be prioritized.

    Sample Scorecard

    The image shows a screen capture of a scorecard, with sample information filled in.

    The image shows a screen capture of a scorecard, with sample information filled in.

    Poor data quality develops due to multiple root causes

    After you get to know the properties of good quality data, understand the underlying causes of why those indicators can point to poor data quality.

    If you notice that the usability, completeness, timeliness, or accessibility of the organization’s data is suffering, one or more of the following root causes are likely plaguing your data:

    Common root causes of poor data quality, through the lens of Info-Tech’s Five-Tier Data Architecture:

    The image shows a graphic of Info-Tech's Five-Tier Data Architecture, with root causes of poor data quality identified. In the data creation and ingestion stages, the root causes are identified as Poor system/application design, Poor database design, Inadequate enterprise integration. The root causes identified in the latter stages are: Absence of data quality policies, procedures, and standards, and Incomplete/suboptimal business processes

    These root causes of poor data quality are difficult to avoid, not only because they are often generated at an organization’s beginning stages, but also because change can be difficult. This means that the root causes are often propagated through stale or outdated business processes.

    Data quality problems root cause #1:

    Poor system or application design

    Application design plays one of the largest roles in the quality of the organization’s data. The proper design of applications can prevent data quality issues that can snowball into larger issues downstream.

    Proper ingestion is 90% of the battle. An ounce of prevention is worth a pound of cure. This is true in many different topics, and data quality is one of them. Designing an application so that data gets entered properly, whether by internal staff or external customers, is the single most effective way to prevent data quality issues.

    Some common causes of data quality problems at the application/system level include:

    • Too many open fields (free-form text fields that accept a variety of inputs).
    • There are no lookup capabilities present. Reference data should be looked up instead of entered.
    • Mandatory fields are not defined, resulting in blank fields.
    • No validation of data entries before writing to the underlying database.
    • Manual data entry encourages human error. This can be compounded by poor application design that facilitates the incorrect data entry.

    Data quality problems root cause #2:

    Poor database design

    Database design also affects data quality. How a database is designed to handle incoming data, including the schema and key identification, can impact the integrity of the data used for reporting and analytics.

    The most common type of database is the relational database. Therefore, we will focus on this type of database.

    When working with and designing relational databases, there are some important concepts that must be considered.

    Referential integrity is a term that is important for the design of relational database schema, and indicates that table relationships must always be consistent.

    For table relationships to be consistent, primary keys (unique value for each row) must uniquely identify entities in columns of the table. Foreign keys (field that is defined in a second table but refers to the primary key in the first table) must agree with the primary key that is referenced by the foreign key. To maintain referential integrity, any updates must be propagated to the primary parent key.

    Info-Tech Insight

    Other types of databases, including databases with unstructured data, need data quality consideration. However, unstructured data may have different levels of quality tolerance.

    At the database level, some common root causes include:

    1. Lack of referential integrity.
    2. Lack of unique keys.
    3. Don’t have restricted data range.
    4. Incorrect datatype, string fields that can hold too many characters.
    5. Orphaned records.

    Databases and People:

    Even though database design is a technology issue, don’t forget about the people.

    A lack of training employees on database permissions for updating/entering data into the physical databases is a common problem for data quality.

    Data quality problems root cause #3:

    Improper integration and synchronization of enterprise data

    Data ingestion is another category of data-quality-issue root causes. When moving data in Tier 2, whether it is through ETL, ESB, point-to-point integration, etc., the integrity of the data during movement and/or transformation needs to be maintained.

    Tier 2 (the data ingestion layer) serves to move data for one of two main purposes:

    • To move data from originating systems to downstream systems to support integrated business processes.
    • To move data to Tier 3 where data rests for other purposes. This movement of data in its purest form means we move raw data to storage locations in an overall data warehouse environment reflecting any security, compliance and other standards in our choices for how to store. Also, it is where data is transformed for unique business purpose that will also be moved to a place of rest or a place of specific use. Data cleansing and matching and other data-related blending tasks occur at this layer.

    This ensures the data is pristine throughout the process and improves trustworthiness of outcomes and speed to task completion.

    At the integration layer, some common root causes of data quality problems include:

    1. No data mask. For example, zip code should have a mask of five numeric characters.
    2. Questionable aggregation, transformation process, or incorrect logic.
    3. Unsynchronized data refresh process in an integrated environment.
    4. Lack of a data matching tool.
    5. Lack of a data quality tool.
    6. Don’t have data profiling capability.
    7. Errors with data conversion or migration processes – when migrating, decommissioning, or converting systems – movement of data sets.
    8. Incorrect data mapping between data sources and targets.

    Data quality problems root cause #4:

    Insufficient and ineffective data quality policies and procedures

    Data policies and procedures are necessary for establishing standards around data and represent another category of data-quality-issue root causes. This issue spans across all five of the 5 Tier Architecture.

    Data policies are short statements that seek to manage the creation, acquisition, integrity, security, compliance, and quality of data. These policies vary amongst organizations, depending on your specific data needs.

    • Policies describe what to do, while standards and procedures describe how to do something.
    • There should be few data policies, and they should be brief and direct. Policies are living documents and should be continuously updated to respond to the organization’s data needs.
    • The data policies should highlight who is responsible for the data under various scenarios and rules around how to manage it effectively.

    Some common root causes of data quality issues related to policies and procedures include:

    1. Policies are absent or out of date.
    2. Employees are largely unaware of policies in effect.
    3. Policies are unmonitored and unenforced.
    4. Policies are in multiple locations.
    5. Multiple versions of the same policy exist.
    6. Policies are managed inconsistently across different silos.
    7. Policies are written poorly by untrained authors.
    8. Inadequate policy training program.
    9. Draft policies stall and lose momentum.
    10. Weak policy support from senior management.

    Data quality problems root cause #5:

    Inefficient or ineffective business processes

    Some common root causes of data quality issues related to business processes include:

    1. Multiple entries of the same record leads to duplicate records proliferating in the database.
    2. Many business definitions of data.
    3. Failure to document data manipulations when presenting data.
    4. Failure to train people on how to understand data.
    5. Manually intensive processes can result in duplication of effort (creates room for errors).
    6. No clear delineation of dependencies of business processes within or between departments, which leads to a siloed approach to business processes, rather than a coordinated and aligned approach.

    Business processes can impact data quality. How data is entered into systems, as well as employee training and knowledge about the correct data definitions, can impact the quality of your organization’s data.

    These problematic business process root causes can lead to:

    Duplicate records

    Incomplete data

    Improper use of data

    Wrong data entered into fields

    These data quality issues will result in costly and inefficient manual fixes, wasting valuable time and resources.

    Phase 1 Summary

    1. Data Quality Understanding

    • Understanding that data quality is a methodology and should be treated as such.
    • Data quality can be defined by four key indicators which are completeness, usability, timeliness, and accessibility.
    • Explained how to get investment for your data quality program and showcasing its value to leadership.

    2. Phase 0 Deliverables

    Introduced foundational tools to help you throughout this blueprint:

    • Complete the Data Culture Diagnostic and Business Capability Map Template as they are foundational in understanding your data culture and business capabilities to start the journey of data quality improvement.
    • Involve key relevant stakeholders when completing the Data Quality Diagnostic for each major business use case. Use the Importance and Confidence dimensions to help you prioritize which use case to address.

    3. Common Root Causes

    Addressed where multiple root causes can occur throughout the flow of your data.

    Analyzed the following common root causes of data quality:

    1. Poor system or application design
    2. Poor database design
    3. Improper integration and synchronization of enterprise data
    4. Insufficient and ineffective data quality policies and procedures
    5. Inefficient or ineffective business processes

    Phase 2

    Analyze Your Priorities for Data Quality Fixes

    Build Your Data Quality Program

    Business Context & Data Quality

    Establish the business context of data quality improvement projects at the business unit level to find common goals.

    • To ensure the data improvement strategy is business driven, start your data quality project evaluation by understanding the business context. You will then determine which business units use data and create a roadmap for prioritizing business units for data quality repairs.
    • Your business context is represented by your corporate business vision, mission, goals and objectives, differentiators, and drivers. Collectively, they provide essential information on what is important to your organization, and some hints on how to achieve that. In this step, you will gather important information about your business view and interpret the business view to establish a data view.

    Business Vision

    Business Goals

    Business Drivers

    Business Differentiators

    Not every business unit uses data to the same extent

    A data flow diagram can provide value by allowing an organization to adopt a proactive approach to data quality. Save time by knowing where the entry points are and where to look for data flaws.

    Understanding where data lives can be challenging as it is often in motion and rarely resides in one place. There are multiple benefits that come from taking the time to create a data flow diagram.

    • Mapping out the flow of data can help provide clarity on where the data lives and how it moves through the enterprise systems.
    • Having a visual of where and when data moves helps to understand who is using data and how it is being manipulated at different points.
    • A data flow diagram will allow you to elicit how data is used in a different use case.

    Info-Tech’s Four-Column Model of Data will help you to identify the essential aspects of your data:

    Business Use Case →Used by→Business Unit →Housed in→Systems→Used for→Usage of the Data

    Not every business unit requires the same standard of data quality

    To prioritize your business units for data quality improvement projects, you must analyze the relative importance of the data they use to the business. The more important the data is to the business, the higher the priority is of fixing that data. There are two measures for determining the importance of data: business value and business impact.

    Business Value of Data

    Business value of data can be evaluated by thinking about its ties to revenue generation for the organization, as well as how it is used for productivity and operations at the organization.

    The business value of data is assessed by asking what would happen to the following parameters if the data is not usable (due to poor quality, for example):

    • Loss of Revenue
    • Loss of Productivity
    • Increased Operating Costs

    Business Impact of Data

    Business impact of data should take into account the effects of poor data on both internal and external parties.

    The business impact of data is assessed by asking what the impact would be of bad data on the following parameters:

    • Impact on Customers
    • Impact on Internal Staff
    • Impact on Business Partners

    Value + Impact = Data Priority Score

    Ensure that the project starts on the right foot by completing Info-Tech’s Data Quality Problem Statement Template

    Before you can identify a solution, you must identify the problem with the business unit’s data.

    Download this tool

    Use Info-Tech’s Data Quality Problem Statement Template to identify the symptoms of poor data quality and articulate the problem.

    Info-Tech’s Data Quality Problem Statement Template will walk you through a step-by-step approach to identifying and describing the problems that the business unit feels regarding its data quality.

    Before articulating the problem, it helps to identify the symptoms of the problem. The following W’s will help you to describe the symptoms of the data quality issues:

    What

    Define the symptoms and feelings produced by poor data quality in the business unit.

    Where

    Define the location of the data that are causing data quality issues.

    When

    Define how severe the data quality issues are in frequency and duration.

    Who

    Define who is affected by the data quality problems and who works with the data.

    Info-Tech Best Practice

    Symptoms vs. Problems. Often, people will identify a list of symptoms of a problem and mistake those for the problem. Identifying the symptoms helps to define the problem, but symptoms do not help to identify the solution. The problem statement helps you to create solutions.

    Define the project problem to articulate the purpose

    1 hour

    Input

    • Symptoms of data quality issues in the business unit

    Output

    • Refined problem description

    Materials

    • Data Quality Problem Statement Template

    Participants

    • Data Quality Improvement Project team
    • Business line representatives

    A defined problem helps you to create clear goals, as well as lead your thinking to determine solutions to the problem.

    A problem statement consists of one or two sentences that summarize a condition or issue that a quality improvement team is meant to address. For the improvement team to fix the problem, the problem statement therefore has to be specific and concise.

    Instructions

    1. Gather the Data Quality Improvement Project Team in a room and start with an issue that is believed to be related to data quality.
    2. Ask what are the attributes and symptoms of that reality today; do this with the people impacted by the issue. This should be an IT and business collaboration.
    3. Draw your conclusions of what it all means: what have you collectively learned?
    4. Consider the implications of your conclusions and other considerations that must be taken into account such as regulatory needs, compliance, policy, and targets.
    5. Develop solutions – Contain the problem to something that can be solved in a realistic timeframe, such as three months.

    Download the Data Quality Problem Statement Template

    Case Study

    A strategic roadmap rooted in business requirements primes a data quality improvement plan for success.

    MathWorks

    Industry

    Software Development

    Source

    Primary Info-Tech Research

    As part of moving to a formalized data quality practice, MathWorks leveraged an incremental approach that took its time investigating business cases to support improvement actions. Establishing realistic goals for improvement in the form of a roadmap was a central component for gaining executive approval to push the project forward.

    Roadmap Creation

    In constructing a comprehensive roadmap that incorporated findings from business process and data analyses, MathWorks opted to document five-year and three-year overall goals, with one-year objectives that supported each goal. This approach ensured that the tactical actions taken were directed by long-term strategic objectives.

    Results – Business Alignment

    In presenting their roadmap for executive approval, MathWorks placed emphasis on communicating the progression and impact of their initiatives in terms that would engage business users. They focused on maintaining continual lines of communication with business stakeholders to demonstrate the value of the initiatives and also to gradually shift the corporate culture to one that is invested in an effective data quality practice.

    “Don’t jump at the first opportunity, because you may be putting out a fire with a cup of water where a fire truck is needed.” – Executive Advisor, IT Research and Advisory Firm

    Use Info-Tech’s Practice Assessment and Project Planning Tool to create your strategy for improving data quality

    Assess IT’s capabilities and competencies around data quality and plan to build these as the organization’s data quality practice develops. Before you can fix data quality, make sure you have the necessary skills and abilities to fix data quality correctly.

    The following IT capabilities are developed on an ongoing basis and are necessary for standardizing and structuring a data quality practice:

    • Meeting Business Needs
    • Services and Projects
    • Policies, Procedures, and Standards
    • Roles and Organizational Structure
    • Oversight and Communication
    • Data Quality of Different Data Types

    Download this Tool

    Data Handling and Remediation Competencies:

    • Data Standardization: Formatting values into consistent standards based on industry standards and business rules.
    • Data Cleansing: Modification of values to meet domain restrictions, integrity constraints, or other business rules for sufficient data quality for the organization.
    • Data Matching: Identification, linking, and merging related entries in or across sets of data.
    • Data Validation: Checking for correctness of the data.

    After these capabilities and competencies are assessed for a current and desired target state, the Data Quality Practice Assessment and Project Planning Tool will suggest improvement actions that should be followed in order to build your data quality practice. In addition, a roadmap will be generated after target dates are set to create your data quality practice development strategy.

    Benchmark current and identify target capabilities for your data quality practice

    1 hour

    Input

    • Current and desired data quality practices in the organization

    Output

    • Assessment of where the gaps lie in your data quality practice

    Materials

    • Data Quality Practice Assessment and Project Planning Tool

    Participants

    • Data Quality Project Lead
    • Business Line Representatives
    • Business Architects

    Use the Data Quality Practice Assessment and Project Planning Tool to evaluate the baseline and target capabilities of your practice in terms of how data quality is approached and executed.

    Download this Tool

    Instructions

    1. Invite the appropriate stakeholders to participate in this exercise. Examples:
      1. Business executives will have input in Tab 2
      2. Unique stakeholders: communications expert or executive advisors may have input
    2. On Tab 2: Practice Components, assess the current and target states of each capability on a scale of 1–5. Note: “Ad hoc” implies a capability is completed, but randomly, informally, and without a standardized method.

    These results will set the baseline against which you will monitor performance progress and keep track of improvements over time.

    Info-Tech Insight

    Focus on early alignment. Assessing capabilities within specific people’s job functions can naturally result in disagreement or debate, especially between business and IT people. Remind everyone that data quality should ultimately serve business needs wherever possible.

    Visualization improves the holistic understanding of where gaps exist in your data quality practice

    To enable deeper analysis on the results of your practice assessment, Tab 3: Data Quality Practice Scorecard in the Data Quality Practice Assessment and Project Planning Tool creates visualizations of the gaps identified in each of your practice capabilities and related data management practices. These diagrams serve as analysis summaries.

    Gap assessment of “Meeting Business Needs” capabilities

    The image shows a screen capture of the Gap assessment of 
“Meeting Business Needs” capabilities, with sample information filled in.

    Visualization of gap assessment of data quality practice capabilities

    The image shows a bar graph titled Data Quality Capabilities.

    1. Enhance your gap analyses by forming a relative comparison of total gaps in key practice capability areas, which will help in determining priorities.
    • Example: In Tab 2 compare your capabilities within “Policies, Procedures, and Standards.” Then in Tab 3, compare your overall capabilities in “Policies, Procedures, and Standards” versus “Empowering Technologies.”
  • Put these up on display to improve discussion in the gap analyses and prioritization sessions.
  • Improve the clarity and flow of your strategy template, final presentations, and summary documents by copying and pasting the gap assessment diagrams.
  • Before engaging in the data quality improvement project plan, receive signoff from IT regarding feasibility

    The final piece of the puzzle is to gain sign-off from IT.

    Hofstadter's law: It always takes longer than you expect, even when you take into account Hofstadter’s Law.

    This means that before engaging IT in data quality projects to fix the business units’ data in Phase 2, IT must assess feasibility of the data quality improvement plan. A feasibility analysis is typically used to review the strengths and weaknesses of the projects, as well as the availability of required skills and technologies needed to complete them. Use the following workflow to guide you in performing a feasibility analysis:

    Project evaluation process:

    Present capabilities

    • Operational Capabilities
    • System Capabilities
    • Schedule Capabilities
      • Summary of Evaluation Results
        • Recommendations/ modifications to the project plan

    Info-Tech Best Practice

    While the PMO identifies and coordinates projects, IT must determine how long and for how much.

    Conduct gap analysis sessions to review and prioritize the capability gaps

    1 hour

    Input

    • Current and Target State Assessment

    Output

    • Documented initiatives to help you get to the target state

    Materials

    • Data Quality Practice Assessment and Project Planning Tool

    Participants

    • Data Quality team
    • IT representatives

    Instructions

    • Analyze Gap Analysis Results – As a group, discuss the high-level results on Tab 3: Data Quality Practice Score. Discuss the implications of the gaps identified.
    • Do a line-item review of the gaps between current and target levels for each assessed capability by using Tab 2: Practice Components.
    • Brainstorm Alignment Strategies – Brainstorm the effort and activities that will be necessary to support the practice in building its capabilities to the desired target level. Ask the following questions:
      • What activities must occur to enable this capability?
      • What changes/additions to resources, process, technology, business involvement, and communication must occur?
    • Document Data Quality Initiatives – Turn activities into initiatives by documenting them in Tab 4. Data Quality Practice Roadmap. Review the initiatives and estimate the start and end dates of each one.
    • Continue to evaluate the assessment results in order to create a comprehensive set of data quality initiatives that support your practice in building capabilities.

    Download this Tool

    Create the organization’s data quality improvement strategy roadmap

    1 hour

    Input

    • Data quality practice gaps and improvement actions

    Output

    • Data quality practice improvement roadmap

    Materials

    • Data Quality Practice Assessment and Project Planning Tool

    Participants

    • Data Quality Project Lead
    • Business Executives
    • IT Executives
    • Business Architects

    Generating Your Roadmap

    1. Plan the sequence, starting time, and length of each initiative in the Data Quality Practice Assessment and Project Planning Tool.
    2. The tool will generate a Gantt chart based on the start and length of your initiatives.
    3. The Gantt chart is generated in Tab 4: Data Quality Practice Roadmap, and can be used to organize and ensure that all of the essential aspects of data quality are addressed.

    Use the Practice Roadmap to plan and improve data quality capabilities

    Download this Tool

    Info-Tech Best Practice

    To help get you started, Info-Tech has provided an extensive list of data quality improvement initiatives that are commonly undertaken by organizations looking to improve their data quality.

    Establish Baseline Metrics

    Baseline metrics will be improved through:

    2 hours

    Create practice-level metrics to monitor your data quality practice.

    Instructions:

    1. Establish metrics for both the business and IT that will be used to determine if the data quality practice development is effective.
    2. Set targets for each metric.
    3. Collect current data to calculate the metrics and establish a baseline.
    4. Assign an owner for tracking each metric to be accountable for performance.
    Metric Current Goal
    Usage (% of trained users using the data warehouse)
    Performance (response time)
    Performance (response time)
    Resource utilization (memory usage, number of machine cycles)
    User satisfaction (quarterly user surveys)
    Data quality (% values outside valid values, % fields missing, wrong data type, data outside acceptable range, data that violates business rules. Some aspects of data quality can be automatically tracked and reported)
    Costs (initial installation and ongoing, Total Cost of Ownership including servers, software licenses, support staff)
    Security (security violations detected, where violations are coming from, breaches)
    Patterns that are used
    Reduction in time to market for the data
    Completeness of data that is available
    How many "standard" data models are being used
    What is the extra business value from the data governance program?
    How much time is spent for data prep by BI & analytics team?

    Phase 2 summary

    As you improve your data quality practice and move from reactive to stable, don’t rest and assume that you can let data quality keep going by itself. Rapidly changing consumer requirements or other pains will catch up to your organization and you will fall behind again. By moving to the proactive and predictive end of the maturity scale, you can stay ahead of the curve. By following the methodology laid out in Phase 1, the data quality practices at your organization will improve over time, leading to the following results:

    Chaotic

    Before Data Quality Practice Improvements

    • No standards to data quality

    Reactive

    Year 1

    • Processes defined
    • Data cleansing approach to data quality

    Stable

    Year 2

    • Business rules/ stewardship in place
    • Education and training

    Proactive

    Year 3

    • Data quality practices fully in place and embedded in the culture
    • Trusted and intelligent enterprise

    (Global Data Excellence, Data Excellence Maturity Model)

    Phase 3

    Establish Your Organization’s Data Quality Program

    Build Your Data Quality Program

    Create a data lineage diagram to map the data journey and identify the data subject areas to be targeted for fixes

    It is important to understand the various data that exist in the business unit, as well as which data are essential to business function and require the highest degree of quality efforts.

    Visualize your databases and the flow of data. A data lineage diagram can help you and the Data Quality Improvement Team visualize where data issues lie. Keeping the five-tier architecture in mind, build your data lineage diagram.

    Reminder: Five-Tier Architecture

    The image shows the Five-Tier Architecture graphic.

    Use the following icons to represent your various data systems and databases.

    The image shows four icons. They are: the image of a square and a computer monitor, labelled Application; the image of two sheets of paper, labelled Desktop documents; the image of a green circle next to a computer monitor, labelled Web Application; and a blue cylinder labelled Database.

    Use Info-Tech’s Data Lineage Diagram to document the data sources and applications used by the business unit

    2 hours

    Input

    • Data sources and applications used by the business unit

    Output

    • Data lineage diagram

    Materials

    • Data Lineage Diagram Template

    Participants

    • Business Unit Head/Data Owner
    • Business Unit SMEs
    • Data Analysts/Architects

    Map the flow and location of data within a business unit by creating a system context diagram.

    Gain an accurate view of data locations and uses: Engage business users and representatives with a wide breadth of knowledge-related business processes and the use of data by related business operations.

    1. Sit down with key business representatives of the business unit.
    2. Document the sources of data and processes in which they’re involved, and get IT confirmation that the sources of the data are correct.
    3. Map out the sources and processes in a system context diagram.

    Download this Tool

    Sample Data Lineage Diagram

    The image shows a sample data lineage diagram, split into External Applications and Internal Applications, and showing the processes involved in each.

    Leverage Info-Tech’s Data Quality Practice Assessment and Project Planning Tool to document business context

    1 hour

    Input

    • Business vision, goals, and drivers

    Output

    • Business context for the data quality improvement project

    Materials

    • Data Quality Practice Assessment and Project Planning Tool

    Participants

    • Data Quality project lead
    • Business line representatives
    • IT executives

    Develop goals and align them with specific objectives to set the framework for your data quality initiatives.

    In the context of achieving business vision, mission, goals, and objectives and sustaining differentiators and key drivers, think about where and how data quality is a barrier. Then brainstorm data quality improvement objectives that map to these barriers. Document your list of objectives in Tab 5. Prioritize business units of the Data Quality Practice Assessment and Project Planning Tool.

    Establishing Business Context Example

    Healthcare Industry

    Vision To improve member services and make service provider experience more effective through improving data quality and data collection, aggregation, and accessibility for all the members.
    Goals

    Establish meaningful metrics that guide to the improvement of healthcare for member effectiveness of health care providers:

    • Data collection
    • Data harmonization
    • Data accessibility and trust by all constituents.
    Differentiator Connect service consumers with service providers, that comply with established regulations by delivering data that is accurate, trusted, timely, and easy to understand to connect service providers and eliminate bureaucracy and save money and time.
    Key Driver Seamlessly provide a healthcare for members.

    Download this Tool

    Document the identified business units and their associated data

    30 minutes

    Input

    • Business units

    Output

    • Documented business units to begin prioritization

    Materials

    • Data Quality Practice Assessment and Project Planning Tool

    Participants

    • Project Manager

    Instructions

    1. Using Tab 5: Prioritize Business Units of the Data Quality Practice Assessment and Project Planning Tool, document the business units that use data in the organization. This will likely be all business units in the organization.
    2. Next, document the primary data used by those business units.
    3. These inputs will then be used to assess business unit priority to generate a data quality improvement project roadmap.

    The image shows a screen capture of Tab 5: Prioritize Business Units, with sample information inputted.

    Reminder – Not every business unit requires the same standard of data quality

    To prioritize your business units for data quality improvement projects, you must analyze the relative importance of the data they use to the business. The more important the data is to the business, the higher the priority is of fixing that data. There are two measures for determining the importance of data: business value and business impact.

    Business Value of Data

    Business value of data can be evaluated by thinking about its ties to revenue generation for the organization, as well as how it is used for productivity and operations at the organization.

    The business value of data is assessed by asking what would happen to the following parameters if the data is not usable (due to poor quality, for example):

    • Loss of Revenue
    • Loss of Productivity
    • Increased Operating Costs

    Business Impact of Data

    Business impact of data should take into account the effects of poor data on both internal and external parties.

    The business impact of data is assessed by asking what the impact would be of bad data on the following parameters:

    • Impact on Customers
    • Impact on Internal Staff
    • Impact on Business Partners

    Value + Impact = Data Priority Score

    Assess the business unit priority order for data quality improvements

    2 hours

    Input

    • Assessment of value and impact of business unit data

    Output

    • Prioritization list for data quality improvement projects

    Materials

    • Data Quality Practice Assessment and Project Planning Tool

    Participants

    • Project Manager
    • Data owners

    Instructions

    Instructions In Tab 5: Prioritize Business Units of the Data Quality Practice Assessment and Project Planning Tool, assess business value and business impact of the data within each documented business unit.

    Use the ratings High, Medium, and Low to measure the financial, productivity, and efficiency value and impact of each business unit’s data.

    In addition to these ratings, assess the number of help desk tickets that are submitted to IT regarding data quality issues. This parameter is an indicator that the business unit’s data is high priority for data quality fixes.

    Download this Tool

    Create a business unit order roadmap for your data quality improvement projects

    1 hour

    Input

    • Rating of importance of data for each business unit

    Output

    • Roadmap for data quality improvement projects

    Materials

    • Data Quality Practice Assessment and Project Planning Tool

    Participants

    • Project Manager
    • Product Manager
    • Business line representatives

    Instructions

    After assessing the business units for the business value and business impact of their data, the Data Quality Practice Assessment and Project Planning Tool automatically assesses the prioritization of the business units based on your ratings. These prioritizations are then summarized in a roadmap on Tab 6: Data Quality Project Roadmap. The following is an example of a project roadmap:

    The image shows an example of a project roadmap, with three business units listed vertically along the left hand side, and a Gantt chart showing the time periods in which each Business Unit would work. At the bottom, a table shows the Length of the Project in days (100), and the start date for the first project.

    On Tab 6, insert the timeline for your data quality improvement projects, as well as the starting date of your first data quality project. The roadmap will automatically update with the chosen timing and dates.

    Download this Tool

    Identify metrics at the business unit level to track data quality improvements

    As you improve the data quality for specific business units, measuring the benefits of data quality improvements will help you demonstrate the value of the projects to the business.

    Use the following table to guide you in creating business-aligned metrics:

    Business Unit Driver Metrics Goal
    Sales Customer Intimacy Accuracy of customer data. Percent of missing or incomplete records. 10% decrease in customer record errors.

    Marketing

    Customer Intimacy Accuracy of customer data. Percent of missing or incomplete records. 10% decrease in customer record errors.
    Finance Operational Excellence Relevance of financial reports. Decrease in report inaccuracy complaints.
    HR Risk Management Accuracy of employee data. 10% decrease in employee record errors.
    Shipping Operational Excellence Timeliness of invoice data. 10% decrease in time to report.

    Info-Tech Insight

    Relating data governance success metrics to overall business benefits keeps executive management and executive sponsors engaged because they are seeing actionable results. Review metrics on an ongoing basis with those data owners/stewards who are accountable, the data governance steering committee, and the executive sponsors.

    Case Study

    Address data quality with the right approach to maximize the ROI

    EDC

    Industry: Government

    Source: Environment Development of Canada (EDC)

    Challenge

    Environment Development Canada (EDC) would initially identify data elements that are important to the business purely based on their business instinct.

    Leadership attempted to tackle the enterprise’s data issues by bringing a set of different tools into the organization.

    It didn’t work out because the fundamental foundational layer, which is the data and infrastructure, was not right – they didn't have the foundational capabilities to enable those tools.

    Solution

    Leadership listened to the need for one single team to be responsible for the data persistence.

    Therefore, the data platform team was granted that mandate to extensively execute the data quality program across the enterprise.

    A data quality team was formed under the Data & Analytics COE. They had the mandate to profile the data and to understand what quality of data needed to be achieved. They worked constantly with the business to build the data quality rules.

    Results

    EDC tackled the source of their data quality issues through initially performing a data quality management assessment with business stakeholders.

    From then on, EDC was able to establish their data quality program and carry out other key initiatives that prove the ROI on data quality.

    Begin your data quality improvement project starting with the highest priority business unit

    Now that you have a prioritized list for your data quality improvement projects, identify the highest priority business unit. This is the business unit you will work through Phase 3 with to fix their data quality issues.

    Once you have initiated and identified solutions for the first business unit, tackle data quality for the next business unit in the prioritized list.

    The image is a graphic labelled as Phase 2. On the left, there is a vertical arrow pointing upward labelled Priority of Business Units. Next to it, there are three boxes, with downward pointing arrows between them, each box labelled as each Business Unit's Data Quality Improvement Project. From there an arrow points right to a circle. Inside the circle are the steps necessary to complete the data quality improvement project.

    Create and document your data quality improvement team

    1 hour

    Input

    • Individuals who fit the data quality improvement plan team roles

    Output

    • Project team

    Materials

    • Data Quality Improvement Plan Template

    Participants

    • Data owner
    • Project Manager
    • Product Manager

    The Data Quality Improvement Plan is a concise document that should be created for each data quality project (i.e. for each business unit) to keep track of the project.

    Instructions

    1. Meet with the data owner of the business unit identified for the data quality improvement project.
    2. Identify individuals who fit the data quality improvement plan team roles.
    3. Using the Data Quality Improvement Plan Template to document the roles and individuals who will fit those roles.
    4. Have an introductory meeting with the Improvement team to clarify roles and responsibilities for the project.

    Download this Tool

    Team role Assigned to
    Data Owner [Name]
    Project Manager [Name]
    Business Analyst/BRM [Name]
    Data Steward [Name]
    Data Analyst [Name]

    Document the business context of the Data Quality Improvement Plan

    1 hour

    Input

    • Project team
    • Identified data attributes

    Output

    • Business context for the data quality improvement plan

    Materials

    • Data Quality Improvement Plan Template

    Participants

    • Data owner
    • Project Sponsor
    • Product owner

    Data quality initiatives have to be relevant to the business, and the business context will be used to provide inputs to the data improvement strategy. The context can then be used to determine exactly where the root causes of data quality issues are, which will inform your solutions.

    Instructions

    The business context of the data quality improvement plan includes documenting from previous activities:

    1. The Data Quality Improvement Team.
    2. Your Data Lineage Diagram.
    3. Your Data Quality Problem Statement.

    Info-Tech Best Practice

    While many organizations adopt data quality principles, not all organizations express them along the same terms. Have multiple perspectives within your organization outline principles that fit your unique data quality agenda. Anyone interested in resolving the day-to-day data quality issues that they face can be helpful for creating the context around the project.

    Download this tool

    Now that you have a defined problem, revisit the root causes of poor data quality

    You previously fleshed out the problem with data quality present in the business unit chosen as highest priority. Now it is time to figure out what is causing those problems.

    In the table below, you will find some of the common categories of causes of data quality issues, as well as some specific root causes.

    Category Description
    1. System/Application Design Ineffective, insufficient, or even incorrect system/application design accepts incorrect and missing data elements to the source applications and databases. The data records in those source systems may propagate into systems in tiers 2, 3, 4, and 5 of the 5-tier architecture, creating domino and ripple effects.
    2. Database design Database is created and modeled in an incorrect manner so that the management of the data records is incorrect, resulting in duplicated and orphaned records, and records that are missing data elements or records that contain incorrect data elements. Poor operational data in databases often leads to issues in tiers 2, 3, 4, and 5.
    3. Enterprise Integration Data or information is improperly integrated, transformed, masked, and aggregated in tier 2. In addition, some data integration tasks might not be timely, resulting in out-of-date data or even data that contradicts with other data. Enterprise integration is a precursor of loading a data warehouse and data marts. Issues in this layer affect tier 3, 4 and 5 on the 5-tier architecture.
    4. Policies and Procedures Policies and procedures are not effectively used to reinforce data quality. In some situations, policy gaps are found. In others, policies are overlapped and duplicated. Policies may also be out-of-date or too complex, affecting the users’ ability to interpret the policy objectives. Policies affect all tiers in the 5-tier architecture.
    5. Business Processes Improper business process design introduces poor data into the data systems. Failure to create processes around approving data changes, failure to document key data elements, and failure to train employees on the proper uses of data make data quality a burning problem.

    Leverage a root cause analysis approach to pinpoint the origins of your data issues

    A root cause analysis is a systematic approach to decompose a problem into its components. Use fishbone diagrams to help reveal the root causes of data issues.

    The image shows a fishbone diagram on the left, which starts with Process on the left, and then leads to Application and Integration, and then Database and Policies. This section is titled Root causes. The right hand section is titled Lead to problems with data... and includes 4 circles with the word or in between each. The circles are labelled: Completeness; Usability; Timeliness; Accessibility.

    Info-Tech recommends five root cause categories for assessing data quality issues:

    Application Design. Is the issue caused by human error at the application level? Consider internal employees, external partners/suppliers, and customers.

    Database Design. Is the issue caused by a particular database and stems from inadequacies in its design?

    Integration. Data integration tools may not be fully leveraged, or data matching rules may be poorly designed.

    Policies and Procedures. Do the issues take place because of lack of governance?

    Business Processes. Do the issues take place due to insufficient processes?

    For Example:

    When performing a deeper analysis of your data issues related to the accuracy of the business unit’s data, you would perform a root cause analysis by assessing the contribution of each of the five categories of data quality problem root causes:

    The image shows another fishbone diagram, with example information filled in. The first section on the left is titled Application Design, and includes the text: Data entry problems lead to incorrect accounting entries. The second is Integration, and includes the text: Data integration tools are not fully leveraged. The third section is Policies, and includes the text: No policy on standardizing name and address. The last section is Database design, with text that reads: Databases do not contain unique keys. The diagram ends with an arrow pointing right to a blue circle with Accuracy in it.

    Leverage a combination of data analysis techniques to identify and quantify root causes

    Info-Tech Insight

    Including all attributes of the key subject area in your data profiling activities may produce too much information to make sense of. Conduct data profiling primarily at the table level and undergo attribute profiling only if you are able to narrow down your scope sufficiently.

    Data Profiling Tool

    Data profiling extracts a sample of the target data set and runs it through multiple levels of analysis. The end result is a detailed report of statistics about a variety of data quality criteria (duplicate data, incomplete data, stale data, etc.).

    Many data profiling tools have built-in templates and reports to help you uncover data issues. In addition, they quantify the occurrences of the data issues.

    E-Discovery Tool

    This supplements a profiling tool. For Example, use a BI tool to create a custom grouping of all the invalid states (e.g. “CAL,” “AZN,” etc.) and visualize the percentage of invalid states compared to all states.

    SQL Queries

    This supplements a profiling tool. For example, use a SQL statement to group the customer data by customer segment and then by state to identify which segment–state combinations contain poor data.

    Identify the data issues for the particular business unit under consideration

    2 hours

    Input

    • Issues with data quality felt by the business unit
    • Data lineage diagram

    Output

    • Categorized data quality issues

    Materials

    • Whiteboard, markers, sticky notes
    • Data Quality Improvement Plan Template

    Participants

    • Data quality improvement project team
    • Business line representatives

    Instructions

    1. Gather the data quality improvement project team in a room, along with sticky notes and a whiteboard.
    2. Display your previously created data lineage diagram on the whiteboard.
    3. Using color-coded sticky notes, attach issues to each component of the data lineage diagram that team members can identify. Use different colors for the four quality attributes: Completeness, Usability, Timeliness, and Accessibility.

    Example:

    The image shows the data lineage diagram that has been shown in previous sections. In addition, the image shows 4 post-its arranges around the diagram, labelled: Usability; Completeness; Timeliness; and Accessibility.

    Map the data issues on fishbone diagrams to identify root causes

    1 hour

    Input

    • Categorized data quality issues

    Output

    • Completed fishbone diagrams

    Materials

    • Whiteboard, markers, sticky notes
    • Data Quality Improvement Plan Template

    Participants

    • Data quality improvement project team

    Now that you have data quality issues classified according to the data quality attributes, map these issues onto four fishbone diagrams.

    The image shows a fishbone diagram, which is titled Example: Root cause analysis diagram for data accuracy.

    Download this Tool

    Get to know the root causes behind system/application design mistakes

    Suboptimal system/application design provides entry points for bad data.

    Business Process
    Usually found in → Tier 1 Tier 2 Tier 3 Tier 4 Tier 5
    Issue Root Causes Usability Completeness Timeliness Accessibility
    Insufficient data mask No data mask is defined for a free-form text field in a user interface. E.g. North American phone number should have 4 masks – country code (1-digit), area code (3-digit), and local number (7-digit). X X
    Too many free-form text fields Incorrect use of free-form text fields (fields that accept a variety of inputs). E.g. Use a free-form text field for zip code instead of a backend look up. X X
    Lack of value lookup Reference data is not looked up from a reference list. E.g. State abbreviation is entered instead of being looked up from a standard list of states. X X
    Lack of mandatory field definitions Mandatory fields are not identified and reinforced. Resulting data records with many missing data elements. E.g. Some users may fill up 2 or 3 fields in a UI that has 20 non-mandatory fields. X

    The image shows a fishbone diagram, with the following sections, from left to right: Application Design; Integration; Processes; Policies; Database Design; Data Quality Measure. The Application Design section is highlighted.

    Get to know the root causes behind common database design mistakes

    Improper database design allows incorrect data to be stored and propagated.

    Business Process
    Usually found in → Tier 1 Tier 2 Tier 3 Tier 4 Tier 5
    Issue Root Causes Usability Completeness Timeliness Accessibility
    Incorrect referential integrity Referential integrity constraints are absent or incorrectly implemented, resulting in child records without parent records, or related records are updated or deleted in a cascading manner. E.g. An invoice line item is created before an invoice is created. X X
    Lack of unique keys Lack of unique keys creating scenarios where record uniqueness cannot be guaranteed. E.g. Customer records with the same customer_ID. X X
    Data range Fail to define a data range for incoming data, resulting in data values that are out of range. E.g. The age field is able to store an age of 999. X X
    Incorrect data type Incorrect data types are used to store data fields. E.g. A string field is used to store zip codes. Some users use that to store phone numbers, birthdays, etc. X X

    The image shows a fishbone diagram, with the following sections, from left to right: Application Design; Integration; Processes; Policies; Database Design; Data Quality Measure. The Database Design section is highlighted

    Get to know the root causes behind enterprise integration mistakes

    Improper data integration or synchronization may create poor analytical data.

    Business Process
    Usually found in → Tier 1 Tier 2 Tier 3 Tier 4 Tier 5
    Issue Root Causes Usability Completeness Timeliness Accessibility
    Incorrect transformation Transformation is done incorrectly. A wrong formula may have been used, transformation is done at the wrong data granularity, or aggregation logic is incorrect. E.g. Aggregation is done for all customers instead of just active customers. X X
    Data refresh is out of sync Data is synchronized at different intervals, resulting in a data warehouse where data domains are out of sync. E.g. Customer transactions are refreshed to reflect the latest activities but the account balance is not yet refreshed. X X
    Data is matched incorrectly Fail to match records from disparate systems, resulting in duplications and unmatched records. E.g. Unable to match customers from different systems because they have different cust_ID. X X
    Incorrect data mapping Fields from source systems are not properly matched with data warehouse fields. E.g. Status fields from different systems are mixed into one field. X X

    The image shows a fishbone diagram, with the following sections, from left to right: Application Design; Integration; Processes; Policies; Database Design; Data Quality Measure. The Integration section is highlighted

    Get to know the root causes behind policy and procedure mistakes

    Suboptimal policies and procedures undermine the effect of best practices.

    Business Process
    Usually found in → Tier 1 Tier 2 Tier 3 Tier 4 Tier 5
    Issue Root Causes Usability Completeness Timeliness Accessibility
    Policy Gaps There are gaps in the policy landscape in terms of some missing key policies or policies that are not refreshed to reflect the latest changes. E.g. A data entry policy is absent, leading to inconsistent data entry practices. X X
    Policy Communications Policies are in place but the policies are not communicated effectively to the organization, resulting in misinterpretation of policies and under-enforcement of policies. E.g. The data standard is created but very few developers are aware of its existence. X X
    Policy Enforcement Policies are in place but not proactively re-enforced and that leads to inconsistent application of policies and policy adoption. E.g. Policy adoption is dropping over time due to lack of reinforcement. X X
    Policy Quality Policies are written by untrained authors and they do not communicate the messages. E.g. A non-technical data user may find a policy that is loaded with technical terms confusing. X X

    The image shows a fishbone diagram, with the following sections, from left to right: Application Design; Integration; Processes; Policies; Database Design; Data Quality Measure. The Policies section is highlighted

    Get to know the root causes behind common business process mistakes

    Ineffective and inefficient business processes create entry points for poor data.

    Business Process
    Usually found in → Tier 1 Tier 2 Tier 3 Tier 4 Tier 5
    Issue Root Causes Usability Completeness Timeliness Accessibility
    Lack of training Key data personnel and business analysts are not trained in data quality and data governance, leading to lack of accountability. E.g. A data steward is not aware of downstream impact of a duplicated financial statement. X X
    Ineffective business process The same piece of information is entered into data systems two or more times. Or a piece of data is stalled in a data system for too long. E.g. A paper form is scanned multiple times to extract data into different data systems. X X
    Lack of documentation Fail to document the work flows of the key business processes. A lack of work flow results in sub-optimal use of data. E.g. Data is modeled incorrectly due to undocumented business logic. X X
    Lack of integration between business silos Business silos hold on to their own datasets resulting in data silos in which data is not shared and/or data is transferred with errors. E.g. Data from a unit is extracted as a data file and stored in a shared drive with little access. X X

    The image shows a fishbone diagram, with the following sections, from left to right: Application Design; Integration; Processes; Policies; Database Design; Data Quality Measure. The Processes section is highlighted

    Phase 3 Summary

    1. Data Lineage Diagram
    • Creating the data lineage diagram is recommended to help visualize the flow of your data and to map the data journey and identify the data subject areas to be targeted for fixes.
    • The data lineage diagram was leveraged multiple times throughout this Phase. For example, the data lineage diagram was used to document the data sources and applications used by the business unit
  • Business Context
    • Business context was documented through the Data Quality Practice Assessment and Project Planning Tool.
    • The same tool was used to document identified business units and their associated data.
    • Metrics were also identified at the business unit level to track data quality improvements.
  • Common Root Causes
    • Leverage a root cause analysis approach to pinpoint the origins of your data quality issues.
    • Analyzed and got to know the root causes behind the following:
      1. System/application design mistakes
      2. Common database design mistakes
      3. Enterprise integration mistakes
      4. Policies and procedures mistakes
      5. Common business processes mistakes
  • Phase 4

    Grow and Sustain Your Data Quality Program

    Build Your Data Quality Program

    For the identified root causes, determine the solutions for the problem

    As you worked through the previous step, you identified the root causes of your data quality problems within the business unit. Now, it is time to identify solutions.

    The following slides provide an overview of the solutions to common data quality issues. As you identify solutions that apply to the business unit being addressed, insert the solution tables in Section 4: Proposed Solutions of the Data Quality Improvement Plan Template.

    All data quality solutions have two components to them:

    • Technology
    • People

    For the next five data quality solution slides, look for the slider for the contributions of each category to the solution. Use this scale to guide you in creating solutions.

    When designing solutions, keep in mind that solutions to data quality problems are not mutually exclusive. In other words, an identified root cause may have multiple solutions that apply to it.

    For example, if an application is plagued with inaccurate data, the application design may be suboptimal, but also the process that leads to data being entered may need fixing.

    Data quality improvement strategy #1:

    Fix data quality issues by improving system/application design.

    Technology

    Application Interface Design

    Restrict field length – Capture only the characters you need for your application.

    Leverage data masks – Use data masks in standardized fields like zip code and phone number.

    Restrict the use of open text fields and use reference tables – Only present open text fields when there is a need. Use reference tables to limit data values.

    Provide options – Use radio buttons, drop-down lists, and multi-select instead of using open text fields.

    Data Validation at the Application Level

    Validate data before committing – Use simple validation to ensure the data entered is not random numbers and letters.

    Track history – Keep track of who entered what fields.

    Cannot submit twice – Only design for one-time submission.

    People

    Training

    Data-entry training – Training that is related to data entry, creating, or updating data records.

    Data resolution training – Training data stewards or other dedicated data personnel on how to resolve data records that are not entered properly.

    Continuous Improvement

    Standards – Develop application design principles and standards.

    Field testing – Field data entry with a few people to look for abnormalities and discrepancies.

    Detection and resolution – Abnormal data records should be isolated and resolved ASAP.

    Application Testing

    Thorough testing – Application design is your first line of defence against poor data. Test to ensure bad data is kept out of the systems.

    Case Study

    HMS

    Industry: Healthcare

    Source: Informatica

    Improve your data quality ingestion procedures to provide better customer intimacy for your users

    Healthcare Management Systems (HMS) provides cost containment services for healthcare sponsors and payers, and coordinates benefits services. This is to ensure that healthcare claims are paid correctly to both government agencies and individuals. To do so, HMS relies on data, and this data needs to be of high quality to ensure the correct decisions are made, the right people get the correct claims, and the appropriate parties pay out.

    To improve the integrity of HMS’s customer data, HMS put in place a framework that helped to standardize the collection of high volume and highly variable data.

    Results

    Working with a data quality platform vendor to establish a framework for data standardization, HMS was able to streamline data analysis and reduce new customer implementations from months to weeks.

    HMS data was plagued with a lack of standardization of data ingestion procedures.

    Before improving data quality processes After improving data quality processes
    Data Ingestion Data Ingestion
    Many standards of ingestion. Standardized data ingestion
    Data Storage Data Storage
    Lack of ability to match data, creating data quality errors.
    Data Analysis Data Analysis
    = =
    Slow Customer Implementation Time 50% Reduction in Customer Implementation Time

    Data quality improvement strategy #2:

    Fix data quality issues using proper database design.

    Technology

    Database Design Best Practices

    Referential integrity – Ensure parent/child relationships are maintained in terms of cascade creation, update, and deletion.

    Primary key definition – Ensure there is at least one key to guarantee the uniqueness of the data records, and primary key should not allow null.

    Validate data domain – Create triggers to check the data values entered in the database fields.

    Field type and length – Define the most suitable data type and length to hold field values.

    One-Time Data Fix (more on the next slide)

    Explore solutions – Where to fix the data issues? Is there a case to fix the issues?

    Running profiling tools to catch errors – Run scans on the database with defined criteria to identify occurrences of questionable data.

    Fix a sample before fixing all records – Use a proof-of-concept approach to explore fix options and evaluate impacts before fixing the full set.

    People

    The DBA Team

    Perform key tasks in pairs – Take a pair approach to perform key tasks so that validation and cross-check can happen.

    Skilled DBAs – DBAs should be certified and accredited.

    Competence – Assess DBA competency on an ongoing basis.

    Preparedness – Develop drills to stimulate data issues and train DBAs.

    Cross train – Cross train team members so that one DBA can cover another DBA.

    Data quality improvement strategy #3:

    Improve integration and synchronization of enterprise data.

    Technology

    Integration Architecture

    Info-Tech’s 5-Tier Architecture – When doing transformations, it is good practice to persist the integration results in tier 3 before the data is further refined and presented in tier 4.

    Timing, timing, and timing – Think of the sequence of events. You may need to perform some ETL tasks before other tasks to achieve synchronization and consistence.

    Historical changes – Ensure your tier 3 is robust enough to include historical data. You need to enable type 2 slowly, changing dimension to recreate the data at a point in time.

    Data Cleansing

    Standardize – Leverage data standardization to standardize name and address fields to improve matching and integration.

    Fuzzy matching – When there are no common keys between datasets. The datasets can only be matched by fuzzy matching. Fuzzy matching is not hard science; define a confidence level and think about a mechanism to deal with the unmatched.

    People

    Reporting and Documentations

    Business data glossary and data lineage – Define a business data glossary to enhance findability of key data elements. Document data mappings and ETL logics.

    Create data quality reports – Many ETL platforms provide canned data quality reports. Leverage those quality reports to monitor the data health.

    Code Review

    Create data quality reports – Many ETL platforms provide canned data quality reports. Leverage those quality reports to monitor the data health.

    ARB (architectural review board) – All ETL codes should be approved by the architectural review board to ensure alignment with the overall integration strategy.

    Data quality improvement strategy #4:

    Improve data quality policies and procedures.

    Technology

    Policy Reporting

    Data quality reports – Leverage canned data quality reports from the ETL platforms to monitor data quality on an on-going basis. When abnormalities are found, provoke the right policies to deal with the issues.

    Store policies in a central location that is well known and easy to find and access. A key way that technology can help communicate policies is by having them published on a centralized website.

    Make the repository searchable and easily navigable. myPolicies helps you do all this and more.

    myPolicies helps you do all this and more.

    Go to this link

    People

    Policy Review and Training

    Policy review – Create a schedule for reviewing policies on a regular basis – invite professional writers to ensure polices are understandable.

    Policy training – Policies are often unread and misread. Training users and stakeholders on policies is an effective way to make sure those users and stakeholders understand the rationale of the policies. It is also a good practice to include a few scenarios that are handled by the policies.

    Policy hotline/mailbox – To avoid misinterpretation of the policies, a policy hotline/mailbox should be set up to answer any data policy questions from the end users/stakeholders.

    Policy Communications

    Simplified communications – Create handy one-pagers and infographic posters to communicate the key messages of the polices.

    Policy briefing – Whenever a new data project is initiated, a briefing of data policies should be given to ensure the project team follows the policies from the very beginning.

    Data quality improvement strategy #5:

    Streamline and optimize business processes.

    Technology

    Requirements Gathering

    Data Lineage – Leverage a metadata management tool to construct and document data lineage for future reference.

    Documentations Repository – It is a best practice to document key project information and share that knowledge across the project team and with the stakeholder. An improvement understanding of the project helps to identify data quality issues early on in the project.

    “Automating creation of data would help data quality most. You have to look at existing processes and create data signatures. You can then derive data off those data codes.” – Patrick Bossey, Manager of Business Intelligence, Crawford and Company

    People

    Requirements Gathering

    Info-Tech’s 4-Column Model – The datasets may exist but the business units do not have an effective way of communicating the quality needs. Use our four-column model and the eleven supporting questions to better understand the quality needs. See subsequent slides.

    I don’t know what the data means so I think the quality is poor – It is not uncommon to see that the right data presented to the business but the business does not trust the data. They also do not understand the business logic done on the data. See our Business Data Glossary in subsequent slides.

    Understand the business workflow – Know the business workflow to understand the manual steps associated with the workflow. You may find steps in which data is entered, manipulated, or consumed inappropriately.

    “Do a shadow data exercise where you identify the human workflows of how data gets entered, and then you can identify where data entry can be automated.” – Diraj Goel, Growth Advisor, BC Tech

    Brainstorm solutions to your data quality issues

    4 hours

    Input

    • Data profiling results
    • Preliminary root cause analyses

    Output

    • Proposals for data fix
    • Fixed issues

    Materials

    • Data Quality Improvement Plan Template

    Participants

    • Business and Data Analysts
    • Data experts and stewards

    After walking through the best-practice solutions to data quality issues, propose solutions to fix your identified issues.

    Instructions

    1. Review Root Cause Analyses: Revisit the root cause analysis and data lineage diagram you have generated in Step 3.2. to understand the issues in greater details.
    2. Characterize Each Issue: You may need to generate a data profiling report to characterize the issue. The report can be generated by using data quality suites, BI platforms, or even SQL statements.
    3. Brainstorm the Solutions: As a group, discuss potential ways to fix the issue. You can tackle the issues by approaching from these areas:
    Solution Approaches
    Technology Approach
    People Approach

    X crossover with

    Problematic Areas
    Application/System Design
    Database Design
    Data Integration and Synchronization
    Policies and Procedures
    Business Processes
    1. Document and Communicate: Document the solutions to your data issues. You may need to reuse or refer to the solutions. Also brainstorm some ideas on how to communicate the results back to the business.

    Download this Tool

    Sustaining your data quality requires continuous oversight through a data governance practice

    Quality data is the ultimate outcome of data governance and data quality management. Data governance enables data quality by providing the necessary oversight and controls for business processes in order to maintain data quality. There are three primary groups (at right) that are involved in a mature governance practice. Data quality should be tightly integrated with all of them.

    Define an effective data governance strategy and ensure the strategy integrates well with data quality with Info-Tech’s Establish Data Governance blueprint.

    Visit this link

    Data Governance Council

    This council establishes data management practices that span across the organization. This should be comprised of senior management or C-suite executives that can represent the various departments and lines of business within the organization. The data governance council can help to promote the value of data governance, facilitate a culture that nurtures data quality, and ensure that the goals of the data governance program are well aligned with business objectives.

    Data Owners

    Identifying the data owner role within an organization helps to create a greater degree of accountability for data issues. They often oversee how the data is being generated as well as how it is being consumed. Data owners come from the business side and have legal rights and defined control over a data set. They ensure data is available to the right people within the organization.

    Data Stewards

    Conflict can occur within an organization’s data governance program when a data steward’s role is confused with that of the steering committee’s role. Data stewards exist to enforce decisions made about data governance and data management. Data stewards are often business analysts or power users of a particular system/dataset. Where a data owner is primarily responsible for access, a data steward is responsible for the quality of a dataset.

    Integrate the data quality management strategy with existing data governance committees

    Ongoing and regular data quality management is the responsibility of the data governance bodies of the organization.

    The oversight of ongoing data quality activities rests on the shoulders of the data governance committees that exist in the organization.

    There is no one-size-fits-all data governance structure. However, most organizations follow a similar pattern when establishing committees, councils, and cross-functional groups. They strive to identify roles and responsibilities at a strategic, tactical, and operational level:

    The image shows a pyramid, with Executive Sponsors at the top, with the following roles in descending order: DG Council; Steering Committee; Working Groups; Data Owners and Data Stewards; and Data Users. Along the left side of the pyramid, there are three labels, in ascending order: Operational, Tactical, and Strategic.

    The image is a flow chart showing project roles, in two sections: the top section is labelled Governing Bodies, and the lower section is labelled Data Quality Improvement Team. There is a note indicating that the Data Owner reports to and provides updates regarding the state of data quality and data quality initiatives.

    Create and update the organization’s Business Data Glossary to keep up with current data definitions

    2 hours

    Input

    • Metrics and goals for data quality

    Output

    • Regularly scheduled data quality checkups

    Materials

    • Business Data Glossary Template
    • Data Quality Dashboard

    Participants

    • Data steward

    A crucial aspect of data quality and governance is the Business Data Glossary. The Business Data Glossary helps to align the terminology of the business with the organization’s data assets. It allows the people who interact with the data to quickly identify the applications, processes, and stewardship associated with it, which will enhance the accuracy and efficiency of searches for organization data definitions and attributes, enabling better access to the data. This will, in turn, enhance the quality of the organization’s data because it will be more accurate, relevant, and accessible.

    Use the Business Data Glossary Template to document key aspects of the data, such as:

    • Definition
    • Source System
    • Possible Values
    • Data Steward
    • Data Sensitivity
    • Data Availability
    • Batch or Live
    • Retention

    Data Element

    • Mkt-Product
    • Fin-Product

    Info-Tech Insight

    The Business Data Glossary ensures that the crucial data that has key business use by key business systems and users is appropriately owned and defined. It also establishes rules that lead to proper data management and quality to be enforced by the data owners.

    Download this Tool

    Data Steward(s): Use the Data Quality Improvement Plan of the business unit for ongoing quality monitoring

    Integrating your data quality strategy into the organization’s data governance program requires passing the strategy over to members of the data governance program. The data steward role is responsible for data quality at the business unit level, and should have been involved with the creation and implementation of the data quality improvement project. After the data quality repairs have been made, it is the responsibility of the data steward to regularly monitor the quality of the business unit’s data.

    Create Improvement Plan ↓
    • Data Quality Improvement Team identifies root cause issues.
    • Brainstorm solutions.
    Implement Improvement Plan ↓
    • Data Quality Improvement Team works with IT.
    Sustain Improvement Plan
    • Data Steward should regularly monitor data quality.

    Download this tool

    See Info-Tech’s Data Steward Job Description Template for a detailed understanding of the roles and responsibilities of the data steward.

    Responsible for sustaining

    The image shows a screen capture of a document entitled Business Context & Subject Area Selection.

    Develop a business-facing data quality dashboard to show improvements or a sudden dip in data quality

    One tool that the data steward can take advantage of is the data quality dashboard. Initiatives that are implemented to address data quality must have metrics defined by business objectives in order to demonstrate the value of the data quality improvement projects. In addition, the data steward should have tools for tracking data quality in the business unit to report issues to the data owner and data governance steering committee.

    • Example 1: Marketing uses data for direct mail and e-marketing campaigns. They care about customer data in particular. Specifically, they require high data quality in attributes such as customer name, address, and product profile.
    • Example 2: Alternatively, Finance places emphasis on financial data, focusing on attributes like account balance, latency in payment, credit score, and billing date.

    The image is Business dashboard on Data Quality for Marketing. It features Data Quality metrics, listed in the left column, and numbers for each quarter over the course of one year, on the right.

    Notes on chart:

    General improvement in billing address quality

    Sudden drop in touchpoint accuracy may prompt business to ask for explanations

    Approach to creating a business-facing data quality dashboard:

    1. Schedule a meeting with the functional unit to discuss what key data quality metrics are essential to their business operations. You should consider the business context, functional area, and subject area analyses you completed in Phase 1 as a starting point.
    2. Discuss how to gather data for the key metrics and their associated calculations.
    3. Discuss and decide the reporting intervals.
    4. Discuss and decide the unit of measurement.
    5. Generate a dashboard similar to the example. Consider using a BI or analytics tool to develop the dashboard.

    Data quality management must be sustained for ongoing improvements to the organization’s data

    • Data quality is never truly complete; it is a set of ongoing processes and disciplines that requires a permanent plan for monitoring practices, reviewing processes, and maintaining consistent data standards.
    • Setting the expectation to stakeholders that a long-term commitment is required to maintain quality data within the organization is critical to the success of the program.
    • A data quality maintenance program will continually revise and fine-tune ongoing practices, processes, and procedures employed for organizational data management.

    Data quality is a program that requires continual care:

    →Maintain→Good Data →

    Data quality management is a long-term commitment that shifts how an organization views, manages, and utilizes its corporate data assets. Long-term buy-in from all involved is critical.

    “Data quality is a process. We are trying to constantly improve the quality over time. It is not a one-time fix.” – Akin Akinwumi, Manager of Data Governance, Startech.com

    Define a data quality review agenda for data quality sustainment

    2 hours

    Input

    • Metrics and goals for data quality

    Output

    • Regularly scheduled data quality checkups

    Materials

    • Data Quality Diagnostic
    • Data Quality Dashboard

    Participants

    • Data Steward

    As a data steward, you are responsible for ongoing data quality checks of the business unit’s data. Define an improvement agenda to organize the improvement activities. Organize the activities yearly and quarterly to ensure improvement is done year-round.

    Quarterly

    • Measure data quality metrics against milestones. Perform a regular data quality health check with Info-Tech’s Data Quality Diagnostic.
    • Review the business unit’s Business Data Glossary to ensure that it is up to date and comprehensive.
    • Assess progress of practice area initiatives (time, milestones, budget, benefits delivered).
    • Analyze overall data quality and report progress on key improvement projects and corrective actions in the executive dashboard.
    • Communicate overall status of data quality to oversight body.

    Annually

    • Calculate your current baseline and measure progress by comparing it to previous years.
    • Set/revise quality objectives for each practice area and inter-practice hand-off processes.
    • Re-evaluate/re-establish data quality objectives.
    • Set/review data quality metrics and tracking mechanisms.
    • Set data quality review milestones and timelines.
    • Revisit data quality training from an end-user perspective and from a practitioner perspective.

    Info-Tech Insight

    Do data quality diagnostic at the beginning of any improvement plan, then recheck health with the diagnostic at regular intervals to see if symptoms are coming back. This should be a monitoring activity, not a data quality fixing activity. If symptoms are bad enough, repeat the improvement plan process.

    Take the next step in your Data & Analytics Journey

    After establishing your data quality program, look to increase your data & analytics maturity.

    • Artificial Intelligence (AI) is a concept that many organizations strive to implement. AI can really help in areas such as data preparation. However, implementing AI solutions requires a level of maturity that many organizations are not at.
    • While a solid data quality foundation is essential for AI initiatives being successful, AI can also ensure high data quality.
    • An AI analytics solution can address data integrity issues at the earliest point of data processing, rapidly transforming these vast volumes of data into trusted business information. This can be done through Anomaly detection, which flags “bad” data, identifying suspicious anomalies that can impact data quality. By tracking and evaluating data, anomaly detection gives critical insights into data quality as data is processed. (Ira Cohen, The End to a Never-Ending Story? Improve Data Quality with AI Analytics, anodot, 2020)

    Consider… “Garbage in, garbage out.”

    Lay a solid foundation by addressing your data quality issues prior to investing heavily in an AI solution.

    Related Info-Tech Research

    Are You Ready for AI?

    • Use AI as a compelling event to expedite funding, resources, and project plans for your data-related initiatives. Check out this note to understand what it takes to be ready to implement AI solutions.

    Get Started With Artificial Intelligence

    • Current AI technology is data-enabled, automated, adaptive decision support. Once you believe you are ready for AI, check out this blueprint on how to get started.

    Build a Data Architecture Roadmap

    • The data lineage diagram was a key tool used in establishing your data quality program. Check out this blueprint and learn how to optimize your data architecture to provide greatest value from data.

    Create an Architecture for AI

    • Build your target state architecture from predefined best practice building blocks. This blueprint assists members first to assess if they have the maturity to embrace AI in their organization, and if so, which AI acquisition model fits them best.

    Phase 4 Summary

    1. Data Quality Improvement Strategy
    • Brainstorm solutions to your data quality issues using the following data quality improvement strategies as a guide:
      1. Fix data quality issues by improving system/application design
      2. Fix data quality issues using proper database design
      3. Improve integration and synchronization of enterprise data
      4. Improve data quality policies and procedures
      5. Streamline and optimize business processes
  • Sustain Your Data Quality Program
    • Quality data is the ultimate outcome of data governance and data quality management.
    • Sustaining your data quality requires continuous oversight through a data governance practice.
    • There are three primary groups (Data Governance Council, Data Owners, and Data Stewards) that are involved in a mature governance practice.
  • Grow Your Data & Analytics Maturity
    • After establishing your data quality program, take the next step in increasing your data & analytics maturity.
    • Good data quality is the foundation of pursuing different ways of maximizing the value of your data such as implementing AI solutions.
    • Continue your data & analytics journey by referring to Info-Tech’s quality research.
  • Research Contributors and Experts

    Izabela Edmunds

    Information Architect Mott MacDonald

    Akin Akinwumi

    Manager of Data Governance Startech.com

    Diraj Goel

    Growth Advisor BC Tech

    Sujay Deb

    Director of Data Analytics Technology and Platforms Export Development Canada

    Asif Mumtaz

    Data & Solution Architect Blue Cross Blue Shield Association

    Patrick Bossey

    Manager of Business Intelligence Crawford and Company

    Anonymous Contributors

    Ibrahim Abdel-Kader

    Research Specialist Info-Tech Research Group

    Ibrahim is a Research Specialist at Info-Tech Research Group. In his career to date he has assisted many clients using his knowledge in process design, knowledge management, SharePoint for ECM, and more. He is expanding his familiarity in many areas such as data and analytics, enterprise architecture, and CIO-related topics.

    Reddy Doddipalli

    Senior Workshop Director Info-Tech Research Group

    Reddy is a Senior Workshop Director at Info-Tech Research Group, focused on data management and specialized analytics applications. He has over 25 years of strong industry experience in IT leading and managing analytics suite of solutions, enterprise data management, enterprise architecture, and artificial intelligence–based complex expert systems.

    Andy Neill

    Practice Lead, Data & Analytics and Enterprise Architecture Info-Tech Research Group

    Andy leads the data and analytics and enterprise architecture practices at ITRG. He has over 15 years of experience in managing technical teams, information architecture, data modeling, and enterprise data strategy. He is an expert in enterprise data architecture, data integration, data standards, data strategy, big data, and development of industry standard data models.

    Crystal Singh

    Research Director, Data & Analytics Info-Tech Research Group

    Crystal is a Research Director at Info-Tech Research Group. She brings a diverse and global perspective to her role, drawing from her professional experiences in various industries and locations. Prior to joining Info-Tech, Crystal led the Enterprise Data Services function at Rogers Communications, one of Canada’s leading telecommunications companies.

    Igor Ikonnikov

    Research Director, Data & Analytics Info-Tech Research Group

    Igor is a Research Director at Info-Tech Research Group. He has extensive experience in strategy formation and execution in the information management domain, including master data management, data governance, knowledge management, enterprise content management, big data, and analytics.

    Andrea Malick

    Research Director, Data & Analytics Info-Tech Research Group

    Andrea Malick is a Research Director at Info-Tech Research Group, focused on building best practices knowledge in the enterprise information management domain, with corporate and consulting leadership in enterprise architecture and content management (ECM).

    Natalia Modjeska

    Research Director, Data & Analytics Info-Tech Research Group

    Natalia Modjeska is a Research Director at Info-Tech Research Group. She advises members on topics related to AI, machine learning, advanced analytics, and data science, including ethics and governance. Natalia has over 15 years of experience in developing, selling, and implementing analytical solutions.

    Rajesh Parab

    Research Director, Data & Analytics Info-Tech Research Group

    Rajesh Parab is a Research Director at Info-Tech Research Group. He has over 20 years of global experience and brings a unique mix of technology and business acumen. He has worked on many data-driven business applications. In his previous architecture roles, Rajesh created a number of product roadmaps, technology strategies, and models.

    Bibliography

    Amidon, Kirk. "Case Study: How Data Quality Has Evolved at MathWorks." The Fifth MIT Information Quality Industry Symposium. 13 July 2011. Web. 19 Aug. 2015.

    Boulton, Clint. “Disconnect between CIOs and LOB managers weakens data quality.” CIO. 05 February 2016. Accessed June 2020.

    COBIT 5: Enabling Information. Rolling Meadows, IL: ISACA, 2013. Web.

    Cohen, Ira. “The End to a Never-Ending Story? Improve Data Quality with AI Analytics.” anodot. 2020.

    “DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK Guide).” First Edition. DAMA International. 2009. Digital. April 2014.

    "Data Profiling: Underpinning Data Quality Management." Pitney Bowes. Pitney Bowes - Group 1 Software, 2007. Web. 18 Aug. 2015.

    Data.com. “Data.com Clean.” Salesforce. 2016. Web. 18 Aug. 2015.

    “Dawn of the CDO." Experian Data Quality. 2015. Web. 18 Aug. 2015.

    Demirkan, Haluk, and Bulent Dal. "Why Do So Many Analytics Projects Fail?" The Data Economy: Why Do so Many Analytics Projects Fail? Analytics Magazine. July-Aug. 2014. Web.

    Dignan, Larry. “CIOs juggling digital transformation pace, bad data, cloud lock-in and business alignment.” ZDNet. 11 March 2020. Accessed July.

    Dumbleton, Janani, and Derek Munro. "Global Data Quality Research - Discussion Paper 2015." Experian Data Quality. 2015. Web. 18 Aug. 2015.

    Eckerson, Wayne W. "Data Quality and the Bottom Line - Achieving Business Success through a Commitment to High Quality Data." The Data Warehouse Institute. 2002. Web. 18 Aug. 2015.

    “Infographic: Data Quality in BI the Costs and Benefits.” HaloBI. 2015 Web.

    Lee, Y.W. and Strong, D.M. “Knowing-Why About Data Processes and Data Quality.” Journal of Management Information Systems. 2004.

    “Making Data Quality a Way of Life.” Cognizant. 2014. Web. 18 Aug. 2015.

    "Merck Serono Achieves Single Source of Truth with Comprehensive RIM Solutions." www.productlifegroup.com. ProductLife Group. 15 Apr. 2015. Web. 23 Nov. 2015.

    Myers, Dan. “List of Conformed Dimensions of Data Quality.” Conformed Dimensions of Data Quality (CDDQ). 2019. Web.

    Redman, Thomas C. “Make the Case for Better Data Quality.” Harvard Business Review. 24 Aug. 2012. Web. 19 Aug. 2015.

    RingLead Data Management Solutions. “10 Stats About Data Quality I Bet You Didn’t Know.” RingLead. Accessed 7 July 2020.

    Schwartzrock, Todd. "Chrysler's Data Quality Management Case Study." Online video clip. YouTube. 21 April. 2011. Web. 18 Aug. 2015

    “Taking control in the digital age.” Experian Data Quality. Jan 2019. Web.

    “The data-driven organization, a transformation in progress.” Experian Data Quality. 2020. Web.

    "The Data Quality Benchmark Report." Experian Data Quality. Jan. 2015. Web. 18 Aug. 2015.

    “The state of data quality.” Experian Data Quality. Sept. 2013. Web. 17 Aug. 2015.

    Vincent, Lanny. “Differentiating Competence, Capability and Capacity.” Innovation Management Services. Web. June 2008.

    “7 ways poor data quality is costing your business.” Experian Data Quality. July 2020. Web.

    Position and Agree on ROI to Maximize the Impact of Data and Analytics

    • Buy Link or Shortcode: {j2store}341|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Because ROI is a financial concept, it can be difficult to apply ROI to anything that produces intangible value.
    • It is a lot harder to apply ROI to functions like data and analytics than it is to apply it to functions like sales without misrepresenting its true purpose.

    Our Advice

    Critical Insight

    • The standard ROI formula cannot be easily applied to data and analytics and other critical functions across the organization.
    • Data and analytics ROI strategy is based on the business problem being solved.
    • The ROI score itself doesn’t have to be perfect. Key decision makers need to agree on the parameters and measures of success.

    Impact and Result

    • Agreed-upon ROI parameters
    • Defined measures of success
    • Optimized ROI program effectiveness by establishing an appropriate cadence between key stakeholders

    Position and Agree on ROI to Maximize the Impact of Data and Analytics Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Data and Analytics ROI Strategy Deck – A guide for positioning ROI to maximize the value of data and analytics.

    This research is meant to ensure that data and analytics executives are aligned with the key business decision makers. Focus on the value you are trying to achieve rather than perfecting the ROI score.

    • Position and Agree on ROI to Maximize the Impact of Data and Analytics Storyboard

    2. Data and Analytics Service to Business ROI Map – An aligned ROI approach between key decision makers and data and analytics.

    A tool to be used by business and data and analytics decision makers to facilitate discussions about how to approach ROI for data and analytics.

    • Data and Analytics Service to Business ROI Map
    [infographic]

    Further reading

    Position and Agree on ROI to Maximize the Impact of Data and Analytics

    Data and analytics ROI strategy is based on the business problem being solved and agreed-upon value being generated.

    Analyst Perspective

    Missing out on a significant opportunity for returns could be the biggest cost to the project and its sponsor.

    This research is directed to the key decision makers tasked with addressing business problems. It also informs stakeholders that have any interest in ROI, especially when applying it to a data and analytics platform and practice.

    While organizations typically use ROI to measure the performance of their investments, the key to determining what investment makes sense is opportunity cost. Missing out on a significant opportunity for return could be the biggest cost to the project and its sponsor. By making sure you appropriately estimate costs and value returned for all data and analytics activities, you can prioritize the ones that bring in the greatest returns.

    Ibrahim Abdel-Kader
    Research Analyst,
    Data & Analytics Practice
    Info-Tech Research Group
    Ben Abrishami-Shirazi
    Technical Counselor
    Info-Tech Research Group

    Executive Summary – ROI on Data and Analytics

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    Return on investment (ROI) is a financial term, making it difficult to articulate value when trying to incorporate anything that produces something intangible.

    The more financial aspects there are to a professional function (e.g. sales and commodity-related functions), the easier it is to properly assess the ROI.

    However, for functions that primarily enable or support business functions (such as IT and data and analytics), it is a lot harder to apply ROI without misrepresenting its true purpose.

    • Apples and oranges – There is no simple way to apply the standard ROI formula to data and analytics among other critical functions across the organization.
    • Boiling the ocean – Obsession with finding a way to calculate a perfect ROI on data and analytics.
    • Not getting the big picture – Data and analytics teams suffer a skill set deficit when it comes to commercial acumen.
    • Not seeing eye to eye – ROI does not account for time in its calculation, making it prone to misalignment between stakeholders.

    Approach ROI for data and analytics appropriately:

    • Answer the following questions:
      • What is the business problem?
      • Whose business problem is it?
      • What is the objective?
    • Define measures of success based on the answers to the questions above.
    • Determine an appropriate cadence to continuously optimize the ROI program for data and analytics in collaboration with business problem owners.

    Info-Tech Insight

    ROI doesn’t have to be perfect. Parameters and measures of success need to be agreed upon with the key decision makers.

    Glossary

    Return on Investment (ROI): A financial term used to determine how much value has been or will be gained or lost based on the total cost of investment. It is typically expressed as a percentage and is supported by the following formula:

    Payback: How quickly money is paid back (or returned) on the initial investment.
    Business Problem Owner (BPO): A leader in the organization who is accountable and is the key decision maker tasked with addressing a business problem through a series of investments. BPOs may use ROI as a reference for how their financial investments have performed and to influence future investment decisions.
    Problem Solver: A key stakeholder tasked with collaborating with the BPO in addressing the business problem at hand. One of the problem solver’s responsibilities is to ensure that there is an improved return on the BPO’s investments.
    Return Enhancers: A category for capabilities that directly or indirectly enhance the return of an investment.
    Cost Savers: A category for capabilities that directly or indirectly save costs in relation of an investment.
    Investment Opportunity Enablers: A category for capabilities that create or enable a new investment opportunity that may yield a potential return.
    Game Changing Components: The components of a capability that directly yield value in solving a business problem.

    ROI strategy on data and analytics

    The image contains a screenshot of a diagram that demonstrates the ROI strategy on data and analytics.

    ROI roles

    Typical roles involved in the ROI strategy across the organization

    CDOs and CAOs typically have their budget allocated from both IT and business units.

    This is evidenced by the “State of the CIO Survey 2023” reporting that up to 63% of CDOs and CAOs have some budget allocated from within IT; therefore, up to 37% of budgets are entirely funded by business executives.

    This signifies the need to be aligned with peer executives and to use mechanisms like ROI to maximize the performance of investments.

    Source: Foundry, “State of the CIO Survey 2023.”

    IT Management and Policies

    • Buy Link or Shortcode: {j2store}23|cart{/j2store}
    • Related Products: {j2store}23|crosssells{/j2store}
    • InfoTech Academy Title: IT management and policies videos
    • InfoTech Academy Excerpt: More videos are available once you join. Contact us for more information.
    • Teaser Video: Visit Website
    • Teaser Video Title: Policies Academy Overview
    • member rating overall impact (scale of 10): 9.5/10
    • member rating average dollars saved: $23101
    • member rating average days saved: 11
    • Parent Category Name: Strategy and Governance
    • InfotechAcademy-Executivebrief: Visit Website
    • Parent Category Link: /strategy-and-governance
    Create policies that matter most to your organization.

    Management, policy, policies