Availability and Capacity Management

  • Buy Link or Shortcode: {j2store}10|cart{/j2store}
  • Related Products: {j2store}10|crosssells{/j2store}
  • Up-Sell: {j2store}10|upsells{/j2store}
  • member rating overall impact: 8.0/10.0
  • member rating average dollars saved: $2,950
  • member rating average days saved: 10
  • Parent Category Name: Resilient IT Operations
  • Parent Category Link: /resilience/resilient-operations-and-it
Develop your availability and capacity management plant and align it with exactly what the business expects.

Leadership Workshop Overview

  • Buy Link or Shortcode: {j2store}475|cart{/j2store}
  • member rating overall impact: 8.8/10 Overall Impact
  • member rating average dollars saved: $69,299 Average $ Saved
  • member rating average days saved: 28 Average Days Saved
  • Parent Category Name: Leadership Development Programs
  • Parent Category Link: /leadership-development-programs

Leadership has evolved over time. The velocity of change has increased and leadership for the future looks different than the past.

Our Advice

Critical Insight

Development of the leadership mind should never stop. This program will help IT leaders continue to craft their leadership competencies to navigate the ever-changing world in which we operate.

Impact and Result

  • Embrace and lead change through active sharing, transparency, and partnerships.
  • Encourage growth mindset to enhance innovative ideas and go past what has always been done.
  • Actively delegate responsibilities and opportunities that engage and develop team members to build on current skills and prepare for the future.

Leadership Workshop Overview Research & Tools

Start here – read the Workshop Overview

Read our concise Workshop Overview to find out how this program can support the development needs of your IT leadership teams.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

  • Info-Tech Leadership Workshop Overview
[infographic]

Develop an Availability and Capacity Management Plan

  • Buy Link or Shortcode: {j2store}500|cart{/j2store}
  • member rating overall impact: 8.0/10 Overall Impact
  • member rating average dollars saved: $2,840 Average $ Saved
  • member rating average days saved: 10 Average Days Saved
  • Parent Category Name: Availability & Capacity Management
  • Parent Category Link: /availability-and-capacity-management
  • It is crucial for capacity managers to provide capacity in advance of need to maximize availability.
  • In an effort to ensure maximum uptime, organizations are overprovisioning (an average of 59% for compute, and 48% for storage). With budget pressure mounting (especially on the capital side), the cost of this approach can’t be ignored.
  • Half of organizations have experienced capacity-related downtime, and almost 60% wait more than three months for additional capacity.

Our Advice

Critical Insight

  • All too often capacity management is left as an afterthought. The best capacity managers bake capacity management into their organization’s business processes, becoming drivers of value.
  • Communication is key. Build bridges between your organization’s silos, and involve business stakeholders in a dialog about capacity requirements.

Impact and Result

  • Map business metrics to infrastructure component usage, and use your organization’s own data to forecast demand.
  • Project future needs in line with your hardware lifecycle. Never suffer availability issues as a result of a lack of capacity again.
  • Establish infrastructure as a driver of business value, not a “black hole” cost center.

Develop an Availability and Capacity Management Plan Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should build a capacity management plan, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

  • Develop an Availability and Capacity Management Plan – Phases 1-4

1. Conduct a business impact analysis

Determine the most critical business services to ensure availability.

  • Develop an Availability and Capacity Management Plan – Phase 1: Conduct a Business Impact Analysis
  • Business Impact Analysis Tool

2. Establish visibility into core systems

Craft a monitoring strategy to gather usage data.

  • Develop an Availability and Capacity Management Plan – Phase 2: Establish Visibility into Core Systems
  • Capacity Snapshot Tool

3. Solicit and incorporate business needs

Integrate business stakeholders into the capacity management process.

  • Develop an Availability and Capacity Management Plan – Phase 3: Solicit and Incorporate Business Needs
  • Capacity Plan Template

4. Identify and mitigate risks

Identify and mitigate risks to your capacity and availability.

  • Develop an Availability and Capacity Management Plan – Phase 4: Identify and Mitigate Risks

[infographic]

Workshop: Develop an Availability and Capacity Management Plan

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Conduct a Business Impact Analysis

The Purpose

Determine the most important IT services for the business.

Key Benefits Achieved

Understand which services to prioritize for ensuring availability.

Activities

1.1 Create a scale to measure different levels of impact.

1.2 Evaluate each service by its potential impact.

1.3 Assign a criticality rating based on the costs of downtime.

Outputs

RTOs/RPOs

List of gold systems

Criticality matrix

2 Establish Visibility Into Core Systems

The Purpose

Monitor and measure usage metrics of key systems.

Key Benefits Achieved

Capture and correlate data on business activity with infrastructure capacity usage.

Activities

2.1 Define your monitoring strategy.

2.2 Implement your monitoring tool/aggregator.

Outputs

RACI chart

Capacity/availability monitoring strategy

3 Develop a Plan to Project Future Needs

The Purpose

Determine how to project future capacity usage needs for your organization.

Key Benefits Achieved

Data-based, systematic projection of future capacity usage needs.

Activities

3.1 Analyze historical usage trends.

3.2 Interface with the business to determine needs.

3.3 Develop a plan to combine these two sources of truth.

Outputs

Plan for soliciting future needs

Future needs

4 Identify and Mitigate Risks

The Purpose

Identify potential risks to capacity and availability.

Develop strategies to ameliorate potential risks.

Key Benefits Achieved

Proactive approach to capacity that addresses potential risks before they impact availability.

Activities

4.1 Identify capacity and availability risks.

4.2 Determine strategies to address risks.

4.3 Populate and review completed capacity plan.

Outputs

List of risks

List of strategies to address risks

Completed capacity plan

Further reading

Develop an Availability and Capacity Management Plan

Manage capacity to increase uptime and reduce costs.

ANALYST PERSPECTIVE

The cloud changes the capacity manager’s job, but it doesn’t eliminate it.

"Nobody doubts the cloud’s transformative power. But will its ascent render “capacity manager” an archaic term to be carved into the walls of datacenters everywhere for future archaeologists to puzzle over? No. While it is true that the cloud has fundamentally changed how capacity managers do their jobs , the process is more important than ever. Managing capacity – and, by extent, availability – means minimizing costs while maximizing uptime. The cloud era is the era of unlimited capacity – and of infinite potential costs. If you put the infinity symbol on a purchase order… well, it’s probably not a good idea. Manage demand. Manage your capacity. Manage your availability. And, most importantly, keep your stakeholders happy. You won’t regret it."

Jeremy Roberts,

Consulting Analyst, Infrastructure Practice

Info-Tech Research Group

Availability and capacity management transcend IT

This Research Is Designed For:

✓ CIOs who want to increase uptime and reduce costs

✓ Infrastructure managers who want to deliver increased value to the business

✓ Enterprise architects who want to ensure stability of core IT services

✓ Dedicated capacity managers

This Research Will Help You:

✓ Develop a list of core services

✓ Establish visibility into your system

✓ Solicit business needs

✓ Project future demand

✓ Set SLAs

✓ Increase uptime

✓ Optimize spend

This Research Will Also Assist:

✓ Project managers

✓ Service desk staff

This Research Will Help Them:

✓ Plan IT projects

✓ Better manage availability incidents caused by lack of capacity

Executive summary

Situation

  • IT infrastructure leaders are responsible for ensuring that the business has access to the technology needed to keep the organization humming along. This requires managing capacity and availability.
  • Dependencies go undocumented. Services are provided on an ad hoc basis, and capacity/availability are managed reactively.

Complication

  • Organizations are overprovisioning an average of 59% for compute, and 48% for storage. This is expensive. With budget pressure mounting, the cost of this approach can’t be ignored.
  • Lead time to respond to demand is long. Half of organizations have experienced capacity-related downtime, and almost 60% wait 3+ months for additional capacity. (451 Research, 3)

Resolution

  • Conduct a business impact analysis to determine which of your services are most critical, and require active capacity management that will reap more in benefits than it produces in costs.
  • Establish visibility into your system. You can’t track what you can’t see, and you can’t see when you don’t have proper monitoring tools in place.
  • Develop an understanding of business needs. Use a combination of historical trend analyses and consultation with line of business and project managers to separate wants from needs. Overprovisioning used to be necessary, but is no longer required.
  • Project future needs in line with your hardware lifecycle. Never suffer availability issues as a result of a lack of capacity again.

Info-Tech Insight

  1. Components are critical. The business doesn’t care about components. You, however, are not so lucky…
  2. Ask what the business is working on, not what they need. If you ask them what they need, they’ll tell you – and it won’t be cheap. Find out what they’re going to do, and use your expertise to service those needs.
  3. Cloud shmoud. The role of the capacity manager is changing with the cloud, but capacity management is as important as ever.

Save money and drive efficiency with an effective availability and capacity management plan

Overprovisioning happens because of the old style of infrastructure provisioning (hardware refresh cycles) and because capacity managers don’t know how much they need (either as a result of inaccurate or nonexistent information).

According to 451 Research, 59% of enterprises have had to wait 3+ months for new capacity. It is little wonder, then, that so many opt to overprovision. Capacity management is about ensuring that IT services are available, and with lead times like that, overprovisioning can be more attractive than the alternative. Fortunately there is hope. An effective availability and capacity management plan can help you:

  • Identify your gold systems
  • Establish visibility into them
  • Project your future capacity needs

Balancing overprovisioning and spending is the capacity manager’s struggle.

Availability and capacity management go together like boots and feet

Availability and capacity are not the same, but they are related and can be effectively managed together as part of a single process.

If an IT department is unable to meet demand due to insufficient capacity, users will experience downtime or a degradation in service. To be clear, capacity is not the only factor in availability – reliability, serviceability, etc. are significant as well. But no organization can effectively manage availability without paying sufficient attention to capacity.

"Availability Management is concerned with the design, implementation, measurement and management of IT services to ensure that the stated business requirements for availability are consistently met."

– OGC, Best Practice for Service Delivery, 12

"Capacity management aims to balance supply and demand [of IT storage and computing services] cost-effectively…"

– OGC, Business Perspective, 90

Integrate the three levels of capacity management

Successful capacity management involves a holistic approach that incorporates all three levels.

Business The highest level of capacity management, business capacity management, involves predicting changes in the business’ needs and developing requirements in order to make it possible for IT to adapt to those needs. Influx of new clients from a failed competitor.
Service Service capacity management focuses on ensuring that IT services are monitored to determine if they are meeting pre-determined SLAs. The data gathered here can be used for incident and problem management. Increased website traffic.
Component Component capacity management involves tracking the functionality of specific components (servers, hard drives, etc.), and effectively tracking their utilization and performance, and making predictions about future concerns. Insufficient web server compute.

The C-suite cares about business capacity as part of the organization’s strategic planning. Service leads care about their assigned services. IT infrastructure is concerned with components, but not for their own sake. Components mean services that are ultimately designed to facilitate business.

A healthcare organization practiced poor capacity management and suffered availability issues as a result

CASE STUDY

Industry: Healthcare

Source: Interview

New functionalities require new infrastructure

There was a project to implement an elastic search feature. This had to correlate all the organization’s member data from an Oracle data source and their own data warehouse, and pool them all into an elastic search index so that it could be used by the provider portal search function. In estimating the amount of space needed, the infrastructure team assumed that all the data would be shared in a single place. They didn’t account for the architecture of elastic search in which indexes are shared across multiple nodes and shards are often split up separately.

Beware underestimating demand and hardware sourcing lead times

As a result, they vastly underestimated the amount of space that was needed and ended up short by a terabyte. The infrastructure team frantically sourced more hardware, but the rush hardware order arrived physically damaged and had to be returned to the vendor.

Sufficient budget won’t ensure success without capacity planning

The project’s budget had been more than sufficient to pay for the extra necessary capacity, but because a lack of understanding of the infrastructure impact resulted in improper forecasting, the project ended up stuck in a standstill.

Manage availability and keep your stakeholders happy

If you run out of capacity, you will inevitably encounter availability issues like downtime and performance degradation . End users do not like downtime, and neither do their managers.

There are three variables that are monitored, measured, and analyzed as part of availability management more generally (Valentic).

    1. Uptime:

The availability of a system is the percentage of time the system is “up,” (and not degraded) which can be calculated using the following formula: uptime/(uptime + downtime) x 100%. The more components there are in a system, the lower the availability, as a rule.

    1. Reliability:

The length of time a component/service can go before there is an outage that brings it down, typically measured in hours.

    1. Maintainability:

The amount of time it takes for a component/service to be restored in the event of an outage, also typically measured in hours.

Enter the cloud: changes in the capacity manager role

There can be no doubt – the rise of the public cloud has fundamentally changed the nature of capacity management.

Features of the public cloudImplications for capacity management
Instant, or near-instant, instantiation Lead times drop; capacity management is less about ensuring equipment arrives on time.
Pay-as-you go services Capacity no longer needs to be purchased in bulk. Pay only for what you use and shut down instances that are no longer necessary.
Essentially unlimited scalability Potential capacity is infinite, but so are potential costs.
Offsite hosting Redundancy, but at the price of the increasing importance of your internet connection.

Vendors will sell you the cloud as a solution to your capacity/availability problems

The image contains two graphs. The first graph on the left is titled: Reactive Management, and shows the struggling relationship between capacity and demand. The second graph on the right is titled: Cloud future (ideal), which demonstrates a manageable relationship between capacity and demand over time.

Traditionally, increases in capacity have come in bursts as a reaction to availability issues. This model inevitably results in overprovisioning, driving up costs. Access to the cloud changes the equation. On-demand capacity means that, ideally, nobody should pay for unused capacity.

Reality check: even in the cloud era, capacity management is necessary

You will likely find vendors to nurture the growth of a gap between your expectations and reality. That can be damaging.

The cloud reality does not look like the cloud ideal. Even with the ostensibly elastic cloud, vendors like the consistency that longer-term contracts offer. Enter reserved instances: in exchange for lower hourly rates, vendors offer the option to pay a fee for a reserved instance. Usage beyond the reserved will be billed at a higher hourly rate. In order to determine where that line should be drawn, you should engage in detailed capacity planning. Unfortunately, even when done right, this process will result in some overprovisioning, though it does provide convenience from an accounting perspective. The key is to use spot instances where demand is exceptional and bounded. Example: A university registration server that experiences exceptional demand at the start of term but at no other time.

The image contains an example of cloud reality not matching with the cloud ideal in the form of a graph. The graph is split horizontally, the top half is red, and there is a dotted line splitting it from the lower half. The line is labelled: Reserved instance ceiling. In the bottom half, it is the colour green and has a curving line.

Use best practices to optimize your cloud resources

The image contains two graphs. The graph on the left is labelled: Ineffective reserve capacity. At the top of the graph is a dotted line labelled: Reserved Instance ceiling. The graph is measuring capacity requirements over time. There is a curved line on the graph that suddenly spikes and comes back down. The spike is labelled unused capacity. The graph on the right is labelled: Effective reserve capacity. The reserved instance ceiling is about halfway down this graph, and it is comparing capacity requirements over time. This graph has a curved line on it, also has a spike and is labelled: spot instance.

Even in the era of elasticity, capacity planning is crucial. Spot instances – the spikes in the graph above – are more expensive, but if your capacity needs vary substantially, reserving instances for all of the space you need can cost even more money. Efficiently planning capacity will help you draw this line.

Evaluate business impact; not all systems are created equal

Limited resources are a reality. Detailed visibility into every single system is often not feasible and could be too much information.

Simple and effective. Sometimes a simple display can convey all of the information necessary to manage critical systems. In cars it is important to know your speed, how much fuel is in the tank, and whether or not you need to change your oil/check your engine.

Where to begin?! Specialized information is sometimes necessary, but it can be difficult to navigate.

Take advantage of a business impact analysis to define and understand your critical services

Ideally, downtime would be minimal. In reality, though, downtime is a part of IT life. It is important to have realistic expectations about its nature and likelihood.

STEP 1

STEP 2

STEP 3

STEP 4

STEP 5

Record applications and dependencies

Utilize your asset management records and document the applications and systems that IT is responsible for managing and recovering during a disaster.

Define impact scoring scale

Ensure an objective analysis of application criticality by establishing a business impact scale that applies to all applications.

Estimate impact of downtime

Leverage the scoring criteria from the previous step and establish an estimated impact of downtime for each application.

Identify desired RTO and RPO

Define what the RTOs/RPOs should be based on the impact of a business interruption and the tolerance for downtime and data loss.

Determine current RTO/RPO

Conduct tabletop planning and create a flowchart of your current capabilities. Compare your current state to the desired state from the previous step.

Info-Tech Insight

According to end users, every system is critical and downtime is intolerable. Of course, once they see how much totally eliminating downtime can cost, they might change their tune. It is important to have this discussion to separate the critical from the less critical – but still important – services.

Establish visibility into critical systems

You may have seen “If you can’t measure it, you can’t manage it” or a variation thereof floating around the internet. This adage is consumable and makes sense…doesn’t it?

"It is wrong to suppose that if you can’t measure it, you can’t manage it – a costly myth."

– W. Edwards Deming, statistician and management consultant, author of The New Economics

While it is true that total monitoring is not absolutely necessary for management, when it comes to availability and capacity – objectively quantifiable service characteristics – a monitoring strategy is unavoidable. Capturing fluctuations in demand, and adjusting for those fluctuations, is among the most important functions of a capacity manager, even if hovering over employees with a stopwatch is poor management.

Solicit needs from line of business managers

Unless you head the world’s most involved IT department (kudos if you do) you’re going to have to determine your needs from the business.

Do

Do not

✓ Develop a positive relationship with business leaders responsible for making decisions.

✓ Make yourself aware of ongoing and upcoming projects.

✓ Develop expertise in organization-specific technology.

✓ Make the business aware of your expenses through chargebacks or showbacks.

✓ Use your understanding of business projects to predict business needs; do not rely on business leaders’ technical requests alone.

X Be reactive.

X Accept capacity/availability demands uncritically.

X Ask line of business managers for specific computing requirements unless they have the technical expertise to make informed judgments.

X Treat IT as an opaque entity where requests go in and services come out (this can lead to irresponsible requests).

Demand: manage or be managed

You might think you can get away with uncritically accepting your users’ demands, but this is not best practice. If you provide it, they will use it.

The company meeting

“I don’t need this much RAM,” the application developer said, implausibly. Titters wafted above the assembled crowd as her IT colleagues muttered their surprise. Heads shook, eyes widened. In fact, as she sat pondering her utterance, the developer wasn’t so sure she believed it herself. Noticing her consternation, the infrastructure manager cut in and offered the RAM anyway, forestalling the inevitable crisis that occurs when seismic internal shifts rock fragile self-conceptions. Until next time, he thought.

"Work expands as to fill the resources available for its completion…"

– C. Northcote Parkinson, quoted in Klimek et al.

Combine historical data with the needs you’ve solicited to holistically project your future needs

Predicting the future is difficult, but when it comes to capacity management, foresight is necessary.

Critical inputs

In order to project your future needs, the following inputs are necessary.

  1. Usage trends: While it is true that past performance is no indication of future demand, trends are still a good way to validate requests from the business.
  2. Line of business requests: An understanding of the projects the business has in the pipes is important for projecting future demand.
  3. Institutional knowledge: Read between the lines. As experts on information technology, the IT department is well-equipped to translate needs into requirements.
The image contains a graph that is labelled: Projected demand, and graphs demand over time. There is a curved line that passes through a vertical line labelled present. There is a box on top of the graph that contains the text: Note: confidence in demand estimates will very by service and by stakeholder.

Follow best practice guidelines to maximize the efficiency of your availability and capacity management process

The image contains Info-Tech's IT Management & Governance Framework. The framework displays many of Info-Tech's research to help optimize and improve core IT processes. The name of this blueprint is under the Infrastructure & Operations section, and has been circled to point out where it is in the framework.

Understand how the key frameworks relate and interact

The image contains a picture of the COBIT 5 logo.

BA104: Manage availability and capacity

  • Current state assessment
  • Forecasting based on business requirements
  • Risk assessment of planning and implementation of requirements
The image contains a picture of the ITIL logo

Availability management

  • Determine business requirements
  • Match requirements to capabilities
  • Address any mismatch between requirements and capabilities in a cost-effective manner

Capacity management

  • Monitoring services and components
  • Tuning for efficiency
  • Forecasting future requirements
  • Influencing demand
  • Producing a capacity plan
The image contains a picture of Info-Tech Research Group logo.

Availability and capacity management

  • Conduct a business impact analysis
  • Establish visibility into critical systems
  • Solicit and incorporate business needs
  • Identify and mitigate risks

Disaster recovery and business continuity planning are forms of availability management

The scope of this project is managing day-to-day availability, largely but not exclusively, in the context of capacity. For additional important information on availability, see the following Info-Tech projects.

    • Develop a Business Continuity Plan

If your focus is on ensuring process continuity in the event of a disaster.

    • Establish a Program to Enable Effective Performance Monitoring

If your focus is on flow mapping and transaction monitoring as part of a plan to engage APM vendors.

    • Create a Right-Sized Disaster Recovery Plan

If your focus is on hardening your IT systems against major events.

Info-Tech’s approach to availability and capacity management is stakeholder-centered and cloud ready

Phase 1:

Conduct a business impact analysis

Phase 2:

Establish visibility into core systems

Phase 3:

Solicit and incorporate business needs

Phase 4:

Identify and mitigate risks

1.1 Conduct a business impact analysis

1.2 Assign criticality ratings to services

2.1 Define your monitoring strategy

2.2 Implement monitoring tool/aggregator

3.1 Solicit business needs

3.2 Analyze data and project future needs

4.1 Identify and mitigate risks

Deliverables

  • Business impact analysis
  • Gold systems
  • Monitoring strategy
  • List of stakeholders
  • Business needs
  • Projected capacity needs
  • Risks and mitigations
  • Capacity management summary cards

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Availability & capacity management – project overview

 

Conduct a business impact analysis

Establish visibility into core systems

Solicit and incorporate business needs

Identify and
mitigate risks

Best-Practice Toolkit

1.1 Create a scale to measure different levels of impact

1.2 Assign criticality ratings to services

2.1 Define your monitoring strategy

2.2 Implement your monitoring tool/aggregator

3.1 Solicit business needs and gather data

3.2 Analyze data and project future needs

4.1 Identify and mitigate risks

Guided Implementations

Call 1: Conduct a business impact analysis Call 1: Discuss your monitoring strategy

Call 1: Develop a plan to gather historical data; set up plan to solicit business needs

Call 2: Evaluate data sources

Call 1: Discuss possible risks and strategies for risk mitigation

Call 2: Review your capacity management plan

Onsite Workshop

Module 1:

Conduct a business impact analysis

Module 2:

Establish visibility into core systems

Module 3:

Develop a plan to project future needs

Module 4:

Identify and mitigate risks

 

Phase 1 Results:

  • RTOs/RPOs
  • List of gold systems
  • Criticality matrix

Phase 2 Results:

  • Capacity/availability monitoring strategy

Phase 3 Results:

  • Plan for soliciting future needs
  • Future needs

Phase 4 Results:

  • Strategies for reducing risks
  • Capacity management plan

Workshop overview

Contact your account representative or email Workshops@InfoTech.com for more information.

 

Workshop Day 1

Workshop Day 2

Workshop Day 3

Workshop Day 4

 

Conduct a business
impact analysis

Establish visibility into
core systems

Solicit and incorporate business needs

Identify and mitigate risks

Activities

1.1 Conduct a business impact analysis

1.2 Create a list of critical dependencies

1.3 Identify critical sub-components

1.4 Develop best practices to negotiate SLAs

2.1 Determine indicators for sub-components

2.2 Establish visibility into components

2.3 Develop strategies to ameliorate visibility issues

3.1 Gather relevant business-level data

3.2 Gather relevant service-level data

3.3 Analyze historical trends

3.4 Build a list of business stakeholders

3.5 Directly solicit requirements from the business

3.6 Map business needs to technical requirements

3.7 Identify inefficiencies and compare historical data

  • 4.1 Brainstorm potential causes of availability and capacity risk
  • 4.2 Identify and mitigate capacity risks
  • 4.3 Identify and mitigate availability risks

Deliverables

  1. Business impact analysis
  2. List of gold systems
  3. SLA best practices
  1. Sub-component metrics
  2. Strategy to establish visibility into critical sub-components
  1. List of stakeholders
  2. Business requirements
  3. Technical requirements
  4. Inefficiencies
  1. Strategies for mitigating risks
  2. Completed capacity management plan template

PHASE 1

Conduct a Business Impact Analysis

Step 1.1: Conduct a business impact analysis

This step will walk you through the following activities:

  • Record applications and dependencies in the Business Impact Analysis Tool.
  • Define a scale to estimate the impact of various applications’ downtime.
  • Estimate the impact of applications’ downtime.

This involves the following participants:

  • Capacity manager
  • Infrastructure team

Outcomes of this step

  • Estimated impact of downtime for various applications

Execute a business impact analysis (BIA) as part of a broader availability plan

1.1a Business Impact Analysis Tool

Business impact analyses are an invaluable part of a broader IT strategy. Conducting a BIA benefits a variety of processes, including disaster recovery, business continuity, and availability and capacity management

STEP 1

STEP 2

STEP 3

STEP 4

STEP 5

Record applications and dependencies

Utilize your asset management records and document the applications and systems that IT is responsible for managing and recovering during a disaster.

Define impact scoring scale

Ensure an objective analysis of application criticality by establishing a business impact scale that applies to all applications.

Estimate impact of downtime

Leverage the scoring criteria from the previous step and establish an estimated impact of downtime for each application.

Identify desired RTO and RPO

Define what the RTOs/RPOs should be based on the impact of a business interruption and the tolerance for downtime and data loss.

Determine current RTO/RPO

Conduct tabletop planning and create a flowchart of your current capabilities. Compare your current state to the desired state from the previous step.

Info-Tech Insight

Engaging in detailed capacity planning for an insignificant service draws time and resources away from more critical capacity planning exercises. Time spent tracking and planning use of the ancient fax machine in the basement is time you’ll never get back.

Control the scope of your availability and capacity management planning project with a business impact analysis

Don’t avoid conducting a BIA because of a perception that it’s too onerous or not necessary. If properly managed, as described in this blueprint, the BIA does not need to be onerous and the benefits are tangible.

A BIA enables you to identify appropriate spend levels, continue to drive executive support, and prioritize disaster recovery planning for a more successful outcome. For example, an Info-Tech survey found that a BIA has a significant impact on setting appropriate recovery time objectives (RTOs) and appropriate spending.

The image contains a graph that is labelled: BIA Impact on Appropriate RTOS. With no BIA, there is 59% RTOs are appropriate. With BIA, there is 93% RTOS being appropriate. The image contains a graph that is labelled: BIA Impact on Appropriate Spending. No BIA has 59% indication that BCP is cost effective. With a BIA there is 86% indication that BCP is cost effective.

Terms

No BIA: lack of a BIA, or a BIA bases solely on the perceived importance of IT services.

BIA: based on a detailed evaluation or estimated dollar impact of downtime.

Source: Info-Tech Research Group; N=70

Select the services you wish to evaluate with the Business Impact Analysis Tool

1.1b 1 hour

In large organizations especially, collating an exhaustive list of applications and services is going to be onerous. For the purposes of this project, a subset should suffice.

Instructions

  1. Gather a diverse group of IT staff and end users in a room with a whiteboard.
  2. Solicit feedback from the group. Questions to ask:
  • What services do you regularly use? What do you see others using? (End users)
  • Which service inspires the greatest number of service calls? (IT)
  • What services are you most excited about? (Management)
  • What services are the most critical for business operations? (Everybody)
  • Record these applications in the Business Impact Analysis Tool.
  • Input

    • Applications/services

    Output

    • Candidate applications for the business impact analysis

    Materials

    • Whiteboard
    • Markers

    Participants

    • Infrastructure manager
    • Enterprise architect
    • Application owners
    • End users

    Info-Tech Insight

    Include a variety of services in your analysis. While it might be tempting to jump ahead and preselect important applications, don’t. The process is inherently valuable, and besides, it might surprise you.

    Record the applications and dependencies in the BIA tool

    1.1c Use tab 1 of the Business Impact Analysis Tool

    1. In the Application/System column, list the applications identified for this pilot as well as the Core Infrastructure category. Also indicate the Impact on the Business and Business Owner.
    2. List the dependencies for each application in the appropriate columns:
    • Hosted On-Premises (In-House) – If the physical equipment is in a facility you own, record it here, even if it is managed by a vendor.
    • Hosted by a Co-Lo/MSP – List any dependencies hosted by a co-lo/MSP vendor.
    • Cloud (includes "as a Service”) – List any dependencies hosted by a cloud vendor.

    Note: If there are no dependencies for a particular category, leave it blank.

  • If you wish to highlight specific dependencies, put an asterisk in front of them (e.g. *SAN). This will cause the dependency to be highlighted in the remaining tabs in this tool.
  • Add comments as needed in the Notes columns. For example, for equipment that you host in-house but is remotely managed by an MSP, specify this in the notes. Similarly, note any DR support services.
  • Example

    The image contains a screenshot of Info-Tech's Business Impact Analysis Tool specifically tab 1.

    ID is optional. It is a sequential number by default.

    In-House, Co-Lo/MSP, and Cloud dependencies; leave blank if not applicable.

    Add notes as applicable – e.g. critical support services.

    Define a scoring scale to estimate different levels of impact

    1.1d Use tab 2 of the Business Impact Analysis Tool

    Modify the Business Impact Scales headings and Overall Criticality Rating terminology to suit your organization. For example, if you don’t have business partners, use that column to measure a different goodwill impact or just ignore that column in this tool (i.e. leave it blank). Estimate the different levels of potential impact (where four is the highest impact and zero is no impact) and record these in the Business Impact Scales columns.

    The image contains a screenshot of Info-Tech's Business Impact Analysis Tool, specifically tab 2.

    Estimate the impact of downtime for each application

    1.1e Use tab 3 of the Business Impact Analysis Tool

    In the BIA tab columns for Direct Costs of Downtime, Impact on Goodwill, and Additional Criticality Factors, use the drop-down menu to assign a score of zero to four based on levels of impact defined in the Scoring Criteria tab. For example, if an organization’s ERP is down, and that affects call center sales operations (e.g. ability to access customer records and process orders), the impact might be as described below:

      • Loss of Revenue might score a two or three depending on the proportion of overall sales lost due to the downtime.
      • The Impact on Customers might be a one or two depending on the extent that existing customers might be using the call center to purchase new products or services, and are frustrated by the inability to process orders.
      • The Legal/Regulatory Compliance and Health or Safety Risk might be a zero.

    On the other hand, if payroll processing is down, this may not impact revenue, but it certainly impacts internal goodwill and productivity.

    Rank service criticality: gold, silver, and bronze

    Gold

    Mission critical services. An outage is catastrophic in terms of cost or public image/goodwill. Example: trading software at a financial institution.

    Silver

    Important to daily operations, but not mission critical. Example: email services at any large organization.

    Bronze

    Loss of these services is an inconvenience more than anything, though they do serve a purpose and will be missed if they are never brought back online. Example: ancient fax machines.

    Info-Tech Best Practice

    Info-Tech recommends gold, silver, and bronze because of this typology’s near universal recognition. If you would prefer a particular designation (it might help with internal comprehension), don’t hesitate to use that one instead.

    Use the results of the business impact analysis to sort systems based on their criticality

    1.1f 1 hour

    Every organization has its own rules about how to categorize service importance. For some (consumer-facing businesses, perhaps) reputational damage may trump immediate costs.

    Instructions

    1. Gather a group of key stakeholders and project the completed Business Impact Analysis Tool onto a screen for them.
    2. Share the definitions of gold, silver, and bronze services with them (if they are not familiar), and begin sorting the services by category,
    • How long would it take to notice if a particular service went out?
    • How important are the non-quantifiable damages that could come with an outage?
  • Sort the services into gold, silver, and bronze on a whiteboard, with sticky notes, or with chart paper.
  • Verify your findings and record them in section 2.1 of the Capacity Plan Template.
  • Input

    • Results of the business impact analysis exercise

    Output

    • List of gold, silver, and bronze systems

    Materials

    • Projector
    • Business Impact Analysis Tool
    • Capacity Plan Template

    Participants

    • Infrastructure manager
    • Enterprise architect

    Leverage the rest of the BIA tool as part of your disaster recovery planning

    Disaster recovery planning is a critical activity, and while it is a sort of availability management, it is beyond this project’s scope. You can complete the business impact analysis (including RTOs and RPOs) for the complete disaster recovery package.

    See Info-Tech’s Create a Right-Sized Disaster Recovery Plan blueprint for instructions on how to complete your business impact analysis.

    Step 1.2: Assign criticality ratings to services

    This step will walk you through the following activities:

    • Create a list of dependencies for your most important applications.
    • Identify important sub-components.
    • Use best practices to develop and negotiate SLAs.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team

    Outcomes of this step

    • List of dependencies of most important applications
    • List of important sub-components
    • SLAs based on best practices

    Determine the base unit of the capacity you’re looking to purchase

    Not every IT organization should approach capacity the same way. Needs scale, and larger organizations will inevitably deal in larger quantities.

    Large cloud provider

    Local traditional business

    • Thousands of servers housed in a number of datacenters around the world.
    • Dedicated capacity manager.
    • Purchases components from OEMs in bulk as part of bespoke contracts that are worth many millions of dollars over time.
    • May deal with components at a massive scale (dozens of servers at once, for example).
    • A small server room that runs non-specialized services (email, for example).
    • Barely even a dedicated IT person, let alone an IT capacity manager.
    • Purchases new components from resellers or even retail stores.
    • Deals with components at a small scale (a single switch here, a server upgrade there).

    "Cloud capacity management is not exactly the same as the ITIL version because ITIL has a focus on the component level. I actually don’t do that, because if I did I’d go crazy. There’s too many components in a cloud environment."

    – Richie Mendoza, IT Consultant, SMITS Inc.

    Consider the relationship between component capacity and service capacity

    End users’ thoughts about IT are based on what they see. They are, in other words, concerned with service availability: does the organization have the ability to provide access to needed services?

    Service

    • Email
    • CRM
    • ERP

    Component

    • Switch
    • SMTP server
    • Archive database
    • Storage

    "You don’t ask the CEO or the guy in charge ‘What kind of response time is your requirement?’ He doesn’t really care. He just wants to make sure that all his customers are happy."

    – Todd Evans, Capacity and Performance Management SME, IBM.

    One telco solved its availability issues by addressing component capacity issues

    CASE STUDY

    Industry: Telecommunications

    Source: Interview

    Coffee and Wi-Fi – a match made in heaven

    In tens of thousands of coffee shops around the world, patrons make ample use of complimentary Wi-Fi. Wi-Fi is an important part of customers’ coffee shop experience, whether they’re online to check their email, do a YouTube, or update their Googles. So when one telco that provided Wi-Fi access for thousands of coffee shops started encountering availability issues, the situation was serious.

    Wi-Fi, whack-a-mole, and web woes

    The team responsible for resolving the issue took an ad hoc approach to resolving complaints, fixing issues as they came up instead of taking a systematic approach.

    Resolution

    Looking at the network as a whole, the capacity manager took a proactive approach by using data to identify and rank the worst service areas, and then directing the team responsible to fix those areas in order of the worst first, then the next worst, and so on. Soon the availability of Wi-Fi service was restored across the network.

    Create a list of dependencies for your most important applications

    1.2a 1.5 hours

    Instructions

    1. Work your way down the list of services outlined in step 1, starting with your gold systems. During the first iteration of this exercise select only 3-5 of your most important systems.
    2. Write the name of each application on a sticky note or at the top of a whiteboard (leaving ample space below for dependency mapping).
    3. In the first tier below the application, include the specific services that the general service provides.
    • This will vary based on the service in question, but an example for email is sending, retrieving, retrieving online, etc.
  • For each of the categories identified in step 3, identify the infrastructure components that are relevant to that system. Be broad and sweeping; if the component is involved in the service, include it here. The goal is to be exhaustive.
  • Leave the final version of the map intact. Photographing or making a digital copy for posterity. It will be useful in later activities.
  • Input

    • List of important applications

    Output

    • List of critical dependencies

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Infrastructure manager
    • Enterprise architect

    Info-Tech Insight

    Dependency mapping can be difficult. Make sure you don’t waste effort creating detailed dependency maps for relatively unimportant services.

    Dependency mapping can be difficult. Make sure you don’t waste effort creating detailed dependency maps for relatively unimportant services.

    The image contains a sample dependency map on ride sharing. Ride Sharing has been split between two categories: Application and Drivers. Under drivers it branches out to: Availability, Car, and Pay. Under Application, it branches out to: Compute, Network, Edge devices, Q/A maintenance, and Storage. Compute branches out to Cloud Services. Network branches out to Cellular network and Local. Edge Devices branch out to Drivers and Users. Q/A maintenance does not have a following branch. Storage branches out to Storage (Enterprise) and Storage (local).

    Ride sharing cannot work, at least not at maximum effectiveness, without these constituent components. When one or more of these components are absent or degraded, the service will become unavailable. This example illustrates some challenges of capacity management; some of these components are necessary, but beyond the ride-sharing company’s control.

    Leverage a sample dependency tree for a common service

    The image contains a sample dependency tree for the Email service. Email branches out to: Filtering, Archiving, Retrieval, and Send/receive. Filtering branches out to security appliance which then branches out to CPU, Storage, and Network. Archiving branches to Archive server, which branches out to CPU, Storage, and Network. Retrieval branches out to IMAP/PoP which branches out to CPU, Storage, and Network. Send/receive branches out to IMAP/PoP and SMTP. SMTP branches out to CPU, Storage and Network.

    Info-Tech Best Practice

    Email is an example here not because it is necessarily a “gold system,” but because it is common across industries. This is a useful exercise for any service, but it can be quite onerous, so it should be conducted on the most important systems first.

    Separate the wheat from the chaff; identify important sub-components and separate them from unimportant ones

    1.2b 1.5 hours

    Use the bottom layer of the pyramid drawn in step 1.2a for a list of important sub-components.

    Instructions

    1. Record a list of the gold services identified in the previous activity. Leave space next to each service for sub-components.
    2. Go through each relevant sub-component. Highlight those that are critical and could reasonably be expected to cause problems.
    • Has this sub-component caused a problem in the past?
    • Is this sub-component a bottleneck?
    • What could cause this component to fail? Is it such an occurrence feasible?
  • Record the results of the exercise (and the service each sub-component is tied to) in tab 2 (columns B &C) of the Capacity Snapshot Tool.
  • Input

    • List of important applications

    Output

    • List of critical dependencies

    Materials

    • Whiteboard
    • Markers

    Participants

    • Infrastructure manager
    • Enterprise architect

    Understand availability commitments with SLAs

    With the rise of SaaS, cloud computing, and managed services, critical services and their components are increasingly external to IT.

    • IT’s lack of access to the internal working of services does not let them off the hook for performance issues (as much as that might be the dream).
    • Vendor management is availability management. Use the dependency map drawn earlier in this phase to highlight the components of critical services that rely on capacity that cannot be managed internally.
    • For each of these services ensure that an appropriate SLA is in place. When acquiring new services, ensure that the vendor SLA meets business requirements.

    The image contains a large blue circle labelled: Availability. Also in the blue circle is a small red circle labelled: Capacity.

    In terms of service provision, capacity management is a form of availability management. Not all availability issues are capacity issues, but the inverse is true.

    Info-Tech Insight

    Capacity issues will always cause availability issues, but availability issues are not inherently capacity issues. Availability problems can stem from outages unrelated to capacity (e.g. power or vendor outages).

    Use best practices to develop and negotiate SLAs

    1.2c 20 minutes per service

    When signing contracts with vendors, you will be presented with an SLA. Ensure that it meets your requirements.

    1. Use the business impact analysis conducted in this project’s first step to determine your requirements. How much downtime can you tolerate for your critical services?
    2. Once you have been presented with an SLA, be sure to scour it for tricks. Remember, just because a vendor offers “five nines” of availability doesn’t mean that you’ll actually get that much uptime. It could be that the vendor is comfortable eating the cost of downtime or that the contract includes provisions for planned maintenance. Whether or not the vendor anticipated your outage does little to mitigate the damage an outage can cause to your business, so be careful of these provisions.
    3. Ensure that the person ultimately responsible for the SLA (the approver) understands the limitations of the agreement and the implications for availability.

    Input

    • List of external component dependencies

    Output

    • SLA requirements

    Materials

    • Whiteboard
    • Markers

    Participants

    • Infrastructure manager
    • Enterprise architect

    Info-Tech Insight

    Vendors are sometimes willing to eat the cost of violating SLAs if they think it will get them a contract. Be careful with negotiation. Just because the vendor says they can do something doesn’t make it true.

    Negotiate internal SLAs using Info-Tech’s rigorous process

    Talking past each other can drive misalignment between IT and the business, inconveniencing all involved. Quantify your needs through an internal SLA as part of a comprehensive availability management plan.

    See Info-Tech’s Improve IT-Business Alignment Through an Internal SLA blueprint for instructions on why you should develop internal SLAs and the potential benefits they bring.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop.

    The image contains a picture of an Info-Tech analyst.

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.2

    The image contains a screenshot of activity 1.2 as previously described above.

    Create a list of dependencies for your most important applications

    Using the results of the business impact analysis, the analyst will guide workshop participants through a dependency mapping exercise that will eventually populate the Capacity Plan Template.

    Phase 1 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Conduct a business impact analysis

    Proposed Time to Completion: 1 week

    Step 1.1: Create a scale to measure different levels of impact

    Review your findings with an analyst

    Discuss how you arrived at the rating of your critical systems and their dependencies. Consider whether your external SLAs are appropriate.

    Then complete these activities…

    • Use the results of the business impact analysis to sort systems based on their criticality

    With these tools & templates:

    Business Impact Analysis Tool

    Step 1.2: Assign criticality ratings to services

    Review your findings with an analyst

    Discuss how you arrived at the rating of your critical systems and their dependencies. Consider whether your external SLAs are appropriate.

    Then complete these activities…

    • Create a list of dependencies for your most important applications
    • Identify important sub-components
    • Use best practices to develop and negotiate SLAs

    With these tools & templates:

    Capacity Snapshot Tool

    Phase 1 Results & Insights:

    • Engaging in detailed capacity planning for an insignificant service is a waste of resources. Focus on ensuring availability for your most critical systems.
    • Carefully evaluate vendors’ service offerings. Make sure the SLA works for you, and approach pie-in-the-sky promises with skepticism.

    PHASE 2

    Establish Visibility Into Core Systems

    Step 2.1: Define your monitoring strategy

    This step will walk you through the following activities:

    • Determine the indicators you should be tracking for each sub-component.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team

    Outcomes of this step

    • List of indicators to track for each sub-component

    Data has its significance—but also its limitations

    The rise of big data can be a boon for capacity managers, but be warned: not all data is created equal. Bad data can lead to bad decisions – and unemployed capacity managers.

    Your findings are only as good as your data. Remember: garbage in, garbage out. There are three characteristics of good data:*

    1. Accuracy: is the data exact and correct? More detail and confidence is better.
    2. Reliability: is the data consistent? In other words, if you run the same test twice will you get the same results?
    3. Validity: is the information gleaned believable and relevant?

    *National College of Teaching & Leadership, “Reliability and Validity”

    "Data is king. Good data is absolutely essential to [the capacity manager] role."

    – Adrian Blant, Independent Capacity Consultant, IT Capability Solutions

    Info-Tech Best Practice

    Every organization’s data needs are different; your data needs are going to be dictated by your services, delivery model, and business requirements. Make sure you don’t confuse volume with quality, even if others in your organization make that mistake.

    Take advantage of technology to establish visibility into your systems

    Managing your availability and capacity involves important decisions about what to monitor and how thresholds should be set.

    • Use the list of critical applications developed through the business impact analysis and the list of components identified in the dependency mapping exercise to produce a plan for effectively monitoring component availability and capacity.
    • The nature of IT service provision – the multitude of vendors providing hardware and services necessary for even simple IT services to work effectively – means that it is unlikely that capacity management will be visible through a single pane of glass. In other words, “email” and “CRM” don’t have a defined capacity. It always depends.
    • Establishing visibility into systems involves identifying what needs to be tracked for each component.

    Too much monitoring can be as bad as the inverse

    In 2013, a security breach at US retailer Target compromised more than 70 million customers’ data. The company received an alert, but it was thought to be a false positive because the monitoring system produced so many false and redundant alerts. As a result of the daily deluge, staff did not respond to the breach in time.

    Info-Tech Insight

    Don’t confuse monitoring with management. While establishing visibility is a crucial step, it is only part of the battle. Move on to this project’s next phase to explore opportunities to improve your capacity/availability management process.

    Determine the indicators you should be tracking for each sub-component

    2.1a Tab 3 of the Capacity Snapshot Tool

    It is nearly impossible to overstate the importance of data to the process of availability and capacity management. But the wrong data will do you no good.

    Instructions

    1. Open the Capacity Snapshot Tool to tab 2. The tool should have been populated in step 1.2 as part of the component mapping exercise.
    2. For each service, determine which metric(s) would most accurately tell the component’s story. Consider the following questions when completing this activity (you may end up with more than one metric):
    • How would the component’s capacity be measured (storage space, RAM, bandwidth, vCPUs)?
    • Is the metric in question actionable?
  • Record each metric in the Metric column (D) of the Capacity Snapshot Tool. Use the adjacent column for any additional information on metrics.
  • Info-Tech Insight

    Bottlenecks are bad. Use the Capacity Snapshot Tool (or another tool like it) to ensure that when the capacity manager leaves (on vacation, to another role, for good) the knowledge that they have accumulated does not leave as well.

    Understand the limitations of this approach

    Although we’ve striven to make it as easy as possible, this process will inevitably be cumbersome for organizations with a complicated set of software, hardware, and cloud services.

    Tracking every single component in significant detail will produce a lot of noise for each bit of signal. The approach outlined here addresses that concern in two ways:

    • A focus on gold services
    • A focus on sub-components that have a reasonable likelihood of being problematic in the future.

    Despite this effort, however, managing capacity at the component level is a daunting task. Ultimately, tools provided by vendors like SolarWinds and AppDynamics will fill in some of the gaps. Nevertheless, an understanding of the conceptual framework underlying availability and capacity management is valuable.

    Step 2.2: Implement your monitoring tool/aggregator

    This step will walk you through the following activities:

    • Clarify visibility.
    • Determine whether or not you have sufficiently granular visibility.
    • Develop strategies to .any visibility issues.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team
    • Applications personnel

    Outcomes of this step

    • Method for measuring and monitoring critical sub-components

    Companies struggle with performance monitoring because 95% of IT shops don’t have full visibility into their environments

    CASE STUDY

    Industry: Financial Services

    Source: AppDynamics

    Challenge

    • Users are quick to provide feedback when there is downtime or application performance degradation.
    • The challenge for IT teams is that while they can feel the pain, they don’t have visibility into the production environment and thus cannot identify where the pain is coming from.
    • The most common solution that organizations rely on is leveraging the log files for issue diagnosis. However, this method is slow and often unable to pinpoint the problem areas, leading to delays in problem resolution.

    Solution

    • Application and infrastructure teams need to work together to develop infrastructure flow maps and transaction profiles.
    • These diagrams will highlight the path that each transaction travels across your infrastructure.
    • Ideally at this point, teams will also capture latency breakdowns across every tier that the business transaction flows through.
      • This will ultimately kick start the baselining process.

    Results

    • Ninety-five percent of IT departments don’t have full visibility into their production environment. As a result, a slow business transaction will often require a war-room approach where SMEs from across the organization gather to troubleshoot.
    • Having visibility into the production environment through infrastructure flow mapping and transaction profiling will help IT teams pinpoint problems.
      • At the very least, teams will be able to identify common problem areas and expedite the root-cause analysis process.

    Source: “Just how complex can a Login Transaction be? Answer: Very!,” AppDynamics

    Monitor your critical sub-components

    Establishing a monitoring plan for your capacity involves answering two questions: can I see what I need to see, and can I see it with sufficient granularity?

    • Having the right tool for the job is an important step towards effective capacity and availability management.
    • Application performance management tools (APMs) are essential to the process, but they tend to be highly specific and vertically oriented, like using a microscope.
    • Some product families can cover a wider range of capacity monitoring functions (SolarWinds, for example). It is still important, however, to codify your monitoring needs.

    "You don’t use a microscope to monitor an entire ant farm, but you might use many microscopes to monitor specific ants."

    – Fred Chagnon, Research Director, Infrastructure Practice, Info-Tech Research Group

    Monitor your sub-components: clarify visibility

    2.2a Tab 2 of the Capacity Snapshot Tool

    The next step in capacity management is establishing whether or not visibility (in the broad sense) is available into critical sub-components.

    Instructions

    1. Open the Capacity Snapshot Tool and record the list of sub-components identified in the previous step.
    2. For each sub-component answer the following question:
    • Do I have easy access to the information I need to monitor to ensure this component remains available?
  • Select “Yes” or “No” from the drop-down menus as appropriate. In the adjacent column record details about visibility into the component.
    • What tool provides the information? Where can it be found?

    The image contains a screenshot of Info-Tech's Capacity Snapshot Tool, Tab 2.

    Monitor your sub-components; determine whether or not you have sufficient granular visibility

    2.2b Tab 2 of the Capacity Snapshot Tool

    Like ideas and watches, not all types of visibility are created equal. Ensure that you have access to the right information to make capacity decisions.

    Instructions

    1. For each of the sub-components clarify the appropriate level of granularity for the visibility gained to be useful. In the case of storage, for example, is raw usage (in gigabytes) sufficient, or do you need a breakdown of what exactly is taking up the space? The network might be more complicated.
    2. Record the details of this ideation in the adjacent column.
    3. Select “Yes” or “No” from the drop-down menu to track the status of each sub-component.

    The image contains a picture of an iPhone storage screen where it breaks down the storage into the following categories: apps, media, photos, and other.

    For most mobile phone users, this breakdown is sufficient. For some, more granularity might be necessary.

    Info-Tech Insight

    Make note of monitoring tools and strategies. If anything changes, be sure to re-evaluate the visibility status. An outdated spreadsheet can lead to availability issues if management is unaware of looming problems.

    Develop strategies to ameliorate any visibility issues

    2.2c 1 hour

    The Capacity Snapshot Tool color-codes your components by status. Green – visibility and granularity are both sufficient; yellow – visibility exists, though not at sufficient granularity; and red – visibility does not exist at all.

    Instructions

    1. Write each of the yellow and red sub-components on a whiteboard or piece of chart paper.
    2. Brainstorm amelioration strategies for each of the problematic sub-components.
    • Does the current monitoring tool have sufficient functionality?
    • Does it need to be further configured/customized?
    • Do we need a whole new tool?
  • Record these strategies in the Amelioration Strategy column on tab 4 of the tool.
  • Input

    • Sub-components
    • Capacity Snapshot Tool

    Output

    • Amelioration strategies

    Materials

    • Whiteboard
    • Markers
    • Capacity Snapshot Tool

    Participants

    • Infrastructure manager

    Info-Tech Best Practice

    It might be that there is no amelioration strategy. Make note of this difficulty and highlight it as part of the risk section of the Capacity Plan Template.

    See Info-Tech’s projects on storage and network modernization for additional details

    Leverage other products for additional details on how to modernize your network and storage services.

    The process of modernizing the network is fraught with vestigial limitations. Develop a program to gather requirements and plan.

    As part of the blueprint, Modernize Enterprise Storage, the Modernize Enterprise Storage Workbook includes a section on storage capacity planning.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop.

    The image contains a picture of an Info-Tech analyst.

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.2

    The image contains a screenshot of activity 2.2.

    Develop strategies to ameliorate visibility issues

    The analyst will guide workshop participants in brainstorming potential solutions to visibility issues and record them in the Capacity Snapshot Tool.

    Phase 2 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Establish visibility into core systems

    Proposed Time to Completion: 3 weeks

    Step 2.1: Define your monitoring strategy

    Review your findings with an analyst

    Discuss your monitoring strategy and ensure you have sufficient visibility for the needs of your organization.

    Then complete these activities…

    • Determine the indicators you should be tracking for each sub-component

    With these tools & templates:

    • Capacity Snapshot Tool

    Step 2.2: Implement your monitoring tool/aggregator

    Review your findings with an analyst

    Discuss your monitoring strategy and ensure you have sufficient visibility for the needs of your organization.

    Then complete these activities…

    • Clarify visibility
    • Determine whether or not you have sufficiently granular visibility
    • Develop strategies to ameliorate any visibility issues

    With these tools & templates:

    • Capacity Snapshot Tool

    Phase 2 Results & Insights:

    • Every organization’s data needs are different. Adapt data gathering, reporting, and analysis according to your services, delivery model, and business requirements.
    • Don’t confuse monitoring with management. Build a system to turn reported data into useful information that feeds into the capacity management process.

    PHASE 3

    Solicit and Incorporate Business Needs

    Step 3.1: Solicit business needs and gather data

    This step will walk you through the following activities:

    • Build relationships with business stakeholders.
    • Analyze usage data and identify trends.
    • Correlate usage trends with business needs.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team members
    • Business stakeholders

    Outcomes of this step

    • System for involving business stakeholders in the capacity planning process
    • Correlated data on business level, service level, and infrastructure level capacity usage

    Summarize your capacity planning activities in the Capacity Plan Template

    The availability and capacity management summary card pictured here is a handy way to capture the results of the activities undertaken in the following phases. Note its contents carefully, and be sure to record specific outputs where appropriate. One such card should be completed for each of the gold services identified in the project’s first phase. Make note of the results of the activities in the coming phase, and populate the Capacity Snapshot Tool. These will help you populate the tool.

    The image contains a screenshot of Info-Tech's Capacity Plan Template.

    Info-Tech Best Practice

    The Capacity Plan Template is designed to be a part of a broader mapping strategy. It is not a replacement for a dedicated monitoring tool.

    Analyze historical trends as a crucial source of data

    The first place to look for information about your organization is not industry benchmarks or your gut (though those might both prove useful).

    • Where better to look than internally? Use the data you’ve gathered from your APM tool or other sources to understand your historical capacity needs and to highlight any periods of unavailability.
    • Consider monitoring the status of the capacity of each of your crucial components. The nature of this monitoring will vary based on the component in question. It can range from a rough Excel sheet all the way to a dedicated application performance monitoring tool.

    "In all cases the very first thing to do is to look at trending…The old adage is ‘you don’t steer a boat by its wake,’ however it’s also true that if something is growing at, say, three percent a month and it has been growing at three percent a month for the last twelve months, there’s a fairly good possibility that it’s going to carry on going in that direction."

    – Mike Lynch, Consultant, CapacityIQ

    Gather relevant data at the business level

    3.1a 2 hours per service

    A holistic approach to capacity management involves peering beyond the beaded curtain partitioning IT from the rest of the organization and tracking business metrics.

    Instructions

    1. Your service/application owners know how changes in business activities impact their systems. Business level capacity management involves responding to those changes. Ask service/application owners what changes will impact their capacity. Examples include:
    • Business volume (net new customers, number of transactions)
    • Staff changes (new hires, exits, etc.)
  • For each gold service, brainstorm relevant metrics. How can you capture that change in business volume?
  • Record these metrics in the summary card of the Capacity Plan Template.
  • In the notes section of the summary card record whether or not you have access to the required business metric.
  • Input

    • Brainstorming
    • List of gold services

    Output

    • Business level data

    Materials

    • In-house solution or commercial tool

    Participants

    • Capacity manager
    • Application/service owners

    Gather relevant data at the service level

    3.1b 2 hours per service

    One level of abstraction down is the service level. Service level capacity management, recall that service level capacity management is about ensuring that IT is meeting SLAs in its service provision.

    Instructions

    1. There should be internal SLAs for each service IT offers. (If not, that’s a good place to start. See Info-Tech’s research on the subject.) Prod each of your service owners for information on the metrics that are relevant for their SLAs. Consider the following:
    • Peak hours, requests per second, etc.
    • This will usually include some APM data.
  • Record these metrics in the summary card of the Capacity Plan Template.
  • Include any visibility issues in the notes in a similar section of the Capacity Plan Template.
  • Input

    • Brainstorming
    • List of gold services

    Output

    • Service level data

    Materials

    • In-house solution or commercial tool

    Participants

    • Capacity manager
    • Application/service owners

    Leverage the visibility into your infrastructure components and compare all of your data over time

    You established visibility into your components in the second phase of this project. Use this data, and that gathered at the business and service levels, to begin analyzing your demand over time.

    • Different organizations will approach this issue differently. Those with a complicated service catalog and a dedicated capacity manager might employ a tool like TeamQuest. If your operation is small, or you need to get your availability and capacity management activities underway as quickly as possible, you might consider using a simple spreadsheet software like Excel.
    • If you choose the latter option, select a level of granularity (monthly, weekly, etc.) and produce a line graph in Excel.
    • Example: Employee count (business metric)

    Jan

    Feb

    Mar

    Apr

    May

    June

    July

    74

    80

    79

    83

    84

    100

    102

    The image contains a graph using the example of employee count described above.

    Note: the strength of this approach is that it is easy to visualize. Use the same timescale to facilitate simple comparison.

    Manage, don’t just monitor; mountains of data need to be turned into information

    Information lets you make a decision. Understand the questions you don’t need to ask, and ask the right ones.

    "Often what is really being offered by many analytics solutions is just more data or information – not insights."

    – Brent Dykes, Director of Data Strategy, Domo

    Info-Tech Best Practice

    You can have all the data in the world and absolutely nothing valuable to add. Don’t fall for this trap. Use the activities in this phase to structure your data collection operation and ensure that your organization’s availability and capacity management plan is data driven.

    Analyze historical trends and track your services’ status

    3.1c Tab 3 of the Capacity Snapshot Tool

    At-a-glance – it’s how most executives consume all but the most important information. Create a dashboard that tracks the status of your most important systems.

    Instructions

    1. Consult infrastructure leaders for information about lead times for new capacity for relevant sub-components and include that information in the tool.
    • Look to historical lead times. (How long does it traditionally take to get more storage?)
    • If you’re not sure, contact an in-house expert, or speak to your vendor
  • Use tab 3 of the tool to record whether your existing capacity will be exceeded before you can stand more hardware up (red), you have a plan to ameliorate capacity issues but new capacity is not yet in place (yellow), or if you are not slated to run out of capacity any time soon (green).
  • Repeat the activity regularly. Include notes about spikes that might present capacity challenges, and information about when capacity may run out.
  • This tool collates and presents information gathered from other sources. It is not a substitute for a performance monitoring tool.

    Build a list of key business stakeholders

    3.1d 10 minutes

    Stakeholder analysis is crucial. Lines of authority can be diffuse. Understand who needs to be involved in the capacity management process early on.

    Instructions

    1. With the infrastructure team, brainstorm a group of departments, roles, and people who may impact demand on capacity.
    2. Go through the list with your team and identify stakeholders from two groups:
    • Line of business: who in the business makes use of the service?
    • Application owner: who in IT is responsible for ensuring the service is up?
  • Insert the list into section 3 of the Capacity Plan Template, and update as needed.
  • Input

    • Gold systems
    • Personnel Information

    Output

    • List of key business stakeholders

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Best Practice

    Consider which departments are most closely aligned with the business processes that fuel demand. Prioritize those that have the greatest impact. Consider the stakeholders who will make purchasing decisions for increasing infrastructure capacity.

    Organize stakeholder meetings

    3.1e 10 hours

    Establishing a relationship with your stakeholders is a necessary step in managing your capacity and availability.

    Instructions

    1. Gather as many of the stakeholders identified in the previous activity as you can and present information on availability and capacity management
    • If you can’t get everyone in the same room, a virtual meeting or even an email blast could get the job done.
  • Explain the importance of capacity and availability management
    • Consider highlighting the trade-offs between cost and availability.
  • Field any questions the stakeholders might have about the process. Be honest. The goal of this meeting is to build trust. This will come in handy when you’re gathering business requirements.
  • Propose a schedule and seek approval from all present. Include the results in section 3 of the Capacity Plan Template.
  • Input

    • List of business stakeholders
    • Hard work

    Output

    • Working relationship, trust
    • Regular meetings

    Materials

    • Work ethic
    • Executive brief

    Participants

    • Capacity manager
    • Business stakeholders

    Info-Tech Insight

    The best capacity managers develop new business processes that more closely align their role with business stakeholders. Building these relationships takes hard work, and you must first earn the trust of the business.

    Bake stakeholders into the planning process

    3.1f Ongoing

    Convince, don’t coerce. Stakeholders want the same thing you do. Bake them into the planning process as a step towards this goal.

    1. Develop a system to involve stakeholders regularly in the capacity planning process.
    • Your system will vary depending on the structure and culture of your organization.
    • See the case study on the following slide for ideas.
    • It may be as simple as setting a recurring reminder in your own calendar to touch base with stakeholders.
  • Liaise with stakeholders regularly to keep abreast of new developments.
    • Ensure stakeholders have reasonable expectations about IT’s available resources, the costs of providing capacity, and the lead times required to source additional needed capacity.
  • Draw on these stakeholders for the step “Gather information on business requirements” later in this phase.
  • Input

    • List of business stakeholders
    • Ideas

    Output

    • Capacity planning process that involves stakeholders

    Materials

    • Meeting rooms

    Participants

    • Capacity manager
    • Business stakeholders
    • Infrastructure team

    A capacity manager in financial services wrangled stakeholders and produced results

    CASE STUDY

    Industry: Financial Services

    Source: Interview

    In financial services, availability is king

    In the world of financial services, availability is absolutely crucial. High-value trades occur at all hours, and any institution that suffers outages runs the risk of losing tens of thousands of dollars, not to mention reputational damage.

    People know what they want, but sometimes they have to be herded

    While line of business managers and application owners understand the value of capacity management, it can be difficult to establish the working relationship necessary for a fruitful partnership.

    Proactively building relationships keeps services available

    He built relationships with all the department heads on the business side, and all the application owners.

    • He met with department heads quarterly.
    • He met with application owners and business liaisons monthly.

    He established a steering committee for capacity.

    He invited stakeholders to regular capacity planning meetings.

    • The first half of each meeting was high-level outlook, such as business volume and IT capacity utilization, and included stakeholders from other departments.
    • The second half of the meeting was more technical, serving the purpose for the infrastructure team.

    He scheduled lunch and learn sessions with business analysts and project managers.

    • These are the gatekeepers of information, and should know that IT needs to be involved when things come down the pipeline.

    Step 3.2: Analyze data and project future needs

    This step will walk you through the following activities:

    • Solicit needs from the business.
    • Map business needs to technical requirements, and technical requirements to infrastructure requirements.
    • Identify inefficiencies in order to remedy them.
    • Compare the data across business, component, and service levels, and project your capacity needs.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team members
    • Business stakeholders

    Outcomes of this step

    • Model of how business processes relate to technical requirements and their demand on infrastructure
    • Method for projecting future demand for your organization’s infrastructure
    • Comparison of current capacity usage to projected demand

    “Nobody tells me anything!” – the capacity manager’s lament

    Sometimes “need to know” doesn’t register with sales or marketing. Nearly every infrastructure manager can share a story about a time when someone has made a decision that has critically impacted IT infrastructure without letting anyone in IT in on the “secret.”

    In brief

    The image contains a picture of a man appearing to be overwhelmed.

    Imagine working for a media company as an infrastructure capacity manager. Now imagine that the powers that be have decided to launch a content-focused web service. Seems like something they would do, right? Now imagine you find out about it the same way the company’s subscribers do. This actually happened – and it shouldn’t have. But a similar lack of alignment makes this a real possibility for any organization. If you don’t establish a systematic plan for soliciting and incorporating business requirements, prepare to lose a chunk of your free time. The business should never be able to say, in response to “nobody tells me anything,” “nobody asked.”

    Pictured: an artist’s rendering of the capacity manager in question.

    Directly solicit requirements from the business

    3.2a 30 minutes per stakeholder

    Once you’ve established, firmly, that everyone’s on the same team, meet individually with the stakeholders to assess capacity.

    Instructions

    1. Schedule a one-on-one meeting with each line of business manager (stakeholders identified in 3.1). Ideally this will be recurring.
    • Experienced capacity managers suggest doing this monthly.
  • In the meeting address the following questions:
    • What are some upcoming major initiatives?
    • Is the department going to expand or contract in a noticeable way?
    • Have customers taken to a particular product more than others?
  • Include the schedule in the Capacity Plan Template, and consider including details of the discussion in the notes section in tab 3 of the Capacity Snapshot Tool.
  • Input

    • Stakeholder opinions

    Output

    • Business requirements

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Insight

    Sometimes line of business managers will evade or ignore you when you come knocking. They do this because they don’t know and they don’t want to give you the wrong information. Explain that a best guess is all you can ask for and allay their fears.

    Below, you will find more details about what to look for when soliciting information from the line of business manager you’ve roped into your scheme.

    1. Consider the following:
    • Projected sales pipeline
    • Business growth
    • Seasonal cycles
    • Marketing campaigns
    • New applications and features
    • New products and services
  • Encourage business stakeholders to give you their best guess for elements such as projected sales or business growth.
  • Estimate variance and provide a range. What can you expect at the low end? The high end? Record your historical projections for an idea of how accurate you are.
  • Consider carefully the infrastructure impact of new features (and record this in the notes section of the Capacity Snapshot Tool).
  • Directly solicit requirements from the business (optional)

    3.2a 1 hour

    IT staff and line of business staff come with different skillsets. This can lead to confusion, but it doesn’t have to. Develop effective information solicitation techniques.

    Instructions

    1. Gather your IT staff in a room with a whiteboard. As a group, select a gold service/line of business manager you would like to use as a “practice dummy.”
    2. Have everyone write down a question they would ask of the line of business representative in a hypothetical business/service capacity discussion.
    3. As a group discuss the merits of the questions posed:
    • Are they likely to yield productive information?
    • Are they too vague or specific?
    • Is the person in question likely to know the answer?
    • Is the information requested a guarded trade secret?
  • Discuss the findings and include any notes in section 3 of the Capacity Plan Template.
  • Input

    • Workshop participants’ ideas

    Output

    • Interview skills

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Capacity manager
    • Infrastructure staff

    Map business needs to technical requirements, and technical requirements to infrastructure requirements

    3.2b 5 hours

    When it comes to mapping technical requirements, IT alone has the ability to effectively translate business needs.

    Instructions

    1. Use your notes from stakeholder meetings to assess the impact of any changes on gold systems.
    2. For each system brainstorm with infrastructure staff (and any technical experts as necessary) about what the information gleaned from stakeholder discussions. Consider the following discussion points:
    • How has demand for the service been trending? Does it match what the business is telling us?
    • Have we had availability issues in the past?
    • Has the business been right with their estimates in the past?
  • Estimate what a change in business/service metrics means for capacity.
    • E.g. how much RAM does a new email user require?
  • Record the output in the summary card of the Capacity Plan Template.
  • Input

    • Business needs

    Output

    • Technical and infrastructure requirements

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Insight

    Adapt the analysis to the needs of your organization. One capacity manager called the one-to-one mapping of business process to infrastructure demand the Holy Grail of capacity management. If this level of precision isn’t attainable, develop your own working estimates using the higher-level data

    Avoid putting too much faith in the cloud as a solution to your problem

    Has the rise of on-demand, functionally unlimited services eliminated the need for capacity and availability management?

    Capacity management

    The role of the capacity manager is changing, but it still has a purpose. Consider this:

    • Not everything can move to the cloud. For security/functionality reasons, on-premises infrastructure will continue to exist.
    • Cost management is more relevant than ever in the cloud age. Manage your instances.
    • While a cloud migration might render some component capacity management functions irrelevant, it could increase the relevance of others (the network, perhaps).

    Availability management

    Ensuring services are available is still IT’s wheelhouse, even if that means a shift to a brokerage model:

    • Business availability requirements (as part of the business impact analysis, potentially) are important; internal SLAs and contracts with vendors need to be managed.
    • Even in the cloud environment, availability is not guaranteed. Cloud providers have outages (unplanned, maintenance related, etc.) and someone will have to understand the limitations of cloud services and the impact on availability.

    Info-Tech Insight

    The cloud comes at the cost of detailed performance data. Sourcing a service through an SLA with a third party increases the need to perform your own performance testing of gold level applications. See performance monitoring.

    Beware Parkinson’s law

    A consequence of our infinite capacity for creativity, people have the enviable skill of making work. In 1955, C. Northcote Parkinson pointed out this fact in The Economist . What are the implications for capacity management?

    "It is a commonplace observation that work expands so as to fill the time available for its completion. Thus, an elderly lady of leisure can spend the entire day in writing and despatching a postcard to her niece at Bognor Regis. An hour will be spent in finding the postcard, another in hunting for spectacles, half-an-hour in a search for the address, an hour and a quarter in composition, and twenty minutes in deciding whether or not to take an umbrella when going to the pillar-box in the next street."

    C. Northcote Parkinson, The Economist, 1955

    Info-Tech Insight

    If you give people lots of capacity, they will use it. Most shops are overprovisioned, and in some cases that’s throwing perfectly good money away. Don’t be afraid to prod if someone requests something that doesn’t seem right.

    Optimally align demand and capacity

    When it comes to managing your capacity, look for any additional efficiencies.

    Questions to ask:

    • Are there any infrastructure services that are not being used to their full potential, sitting idle, or allocated to non-critical or zombie functions?
      • Are you managing your virtual servers? If, for example, you experience a seasonal spike in demand, are you leaving virtual machines running after the fact?
    • Do your organization’s policies and your infrastructure setup allow for the use of development resources for production during periods of peak demand?
    • Can you make organizational or process changes in order to satisfy demand more efficiently?

    In brief

    Who isn’t a sports fan? Big games mean big stakes for pool participants and armchair quarterbacks—along with pressure on the network as fans stream games from their work computers. One organization suffered from this problem, and, instead of taking a hardline and banning all streams, opted to stream the game on a large screen in a conference room where those interested could work for its duration. This alleviated strain on the network and kept staff happy.

    Shutting off an idle cloud to cut costs

    CASE STUDY

    Industry:Professional Services

    Source:Interview

    24/7 AWS = round-the-clock costs

    A senior developer realized that his development team had been leaving AWS instances running without any specific reason.

    Why?

    The development team appreciated the convenience of an always-on instance and, because the people spinning them up did not handle costs, the problem wasn’t immediately apparent.

    Resolution

    In his spare time over the course of a month, the senior developer wrote a program to manage the servers, including shutting them down during times when they were not in use and providing remote-access start-up when required. His team alone saved $30,000 in costs over the next six months, and his team lead reported that it would have been more than worth paying the team to implement such a project on company time.

    Identify inefficiencies in order to remediate them

    3.2c 20 minutes per service

    Instructions

    1. Gather the infrastructure team together and discuss existing capacity and demand. Use the inputs from your data analysis and stakeholder meetings to set the stage for your discussion.
    2. Solicit ideas about potential inefficiencies from your participants:
    • Are VMs effectively allocated? If you need 7 VMs to address a spike, are those VMs being reallocated post-spike?
    • Are developers leaving instances running in the cloud?
    • Are particular services massively overprovisioned?
    • What are the biggest infrastructure line items? Are there obvious opportunities for cost reduction there?
  • Record any potential opportunities in the summary of the Capacity Plan Template.
  • Input

    • Gold systems
    • Data inputs

    Output

    • Inefficiencies

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Insight

    The most effective capacity management takes a holistic approach and looks at the big picture in order to find ways to eliminate unnecessary infrastructure usage, or to find alternate or more efficient sources of required capacity.

    Dodging the toll troll by rerouting traffic

    CASE STUDY

    Industry:Telecommunications

    Source: Interview

    High-cost lines

    The capacity manager at a telecommunications provider mapped out his firm’s network traffic and discovered they were using a number of VP circuits (inter building cross connects) that were very expensive on the scale of their network.

    Paying the toll troll

    These VP circuits were supplying needed network services to the telecom provider’s clients, so there was no way to reduce this demand.

    Resolution

    The capacity manager analyzed where the traffic was going and compared this to the cost of the lines they were using. After performing the analysis, he found he could re-route much of the traffic away from the VP circuits and save on costs while delivering the same level of service to their users.

    Compare the data across business, component, and service levels, and project your capacity needs

    3.2d 2 hour session/meeting

    Make informed decisions about capacity. Remember: retain all documentation. It might come in handy for the justification of purchases.

    Instructions

    1. Using either a dedicated tool or generic spreadsheet software like Excel or Sheets, evaluate capacity trends. Ask the following questions:
    • Are there times when application performance degraded, and the service level was disrupted?
    • Are there times when certain components or systems neared, reached, or exceeded available capacity?
    • Are there seasonal variations in demand?
    • Are there clear trends, such as ongoing growth of business activity or the usage of certain applications?
    • What are the ramifications of trends or patterns in relation to infrastructure capacity?
  • Use the insight gathered from stakeholders during the stakeholder meetings, project required capacity for the critical components of each gold service.
  • Record the results of this activity in the summary card of the Capacity Plan Template.
  • Compare current capacity to your projections

    3.2e Section 5 of the Capacity Plan Template

    Capacity management (and, by extension, availability management) is a combination of two balancing acts: cost against capacity and supply and demand.*

    Instructions

    1. Compare your projections with your reality. You already know whether or not you have enough capacity given your lead times. But do you have too much? Compare your sub-component capacity projections to your current state.
    2. Highlight any outliers. Is there a particular service that is massively overprovisioned?
    3. Evaluate the reasons for the overprovisioning.
    • Is the component critically important?
    • Did you get a great deal on hardware?
    • Is it an oversight?
  • Record the results in the notes section of the summary card of the Capacity Plan Template.
  • *Office of Government Commerce 2001, 119.

    In brief

    The fractured nature of the capacity management space means that every organization is going to have a slightly different tooling strategy. No vendor has dominated, and every solution requires some level of customization. One capacity manager (a cloud provider, no less!) relayed a tale about a capacity management Excel sheet programmed with 5,000+ lines of code. As much work as that is, a bespoke solution is probably unavoidable.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop.

    The image contains a picture of an Info-Tech analyst.

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.2

    The image contains a screenshot of activity 3.2.

    Map business needs to technical requirements and technical requirements to infrastructure requirements

    The analyst will guide workshop participants in using their organization’s data to map out the relationships between applications, technical requirements, and the underlying infrastructure usage.

    Phase 3 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Solicit and incorporate business needs

    Proposed Time to Completion: 2 weeks

    Step 3.1: Solicit business needs and gather data

    Review your findings with an analyst

    Discuss the effectiveness of your strategies to involve business stakeholders in the planning process and your methods of data collection and analysis.

    Then complete these activities…

    • Analyze historical trends and track your services’ status
    • Build a list of key business stakeholders
    • Bake stakeholders into the planning process

    With these tools & templates:

    Capacity Plan Template

    Step 3.2: Analyze data and project future needs

    Review your findings with an analyst

    Discuss the effectiveness of your strategies to involve business stakeholders in the planning process and your methods of data collection and analysis.

    Then complete these activities…

    • Map business needs to technical requirements and technical requirements to infrastructure requirements
    • Compare the data across business, component, and service levels, and project your capacity needs
    • Compare current capacity to your projections

    With these tools & templates:

    Capacity Snapshot Tool

    Capacity Plan Template

    Phase 3 Results & Insights:

    • Develop new business processes that more closely align your role with business stakeholders. Building these relationships takes hard work, and won’t happen overnight.
    • Take a holistic approach to eliminate unnecessary infrastructure usage or source capacity more efficiently.

    PHASE 4

    Identify and Mitigate Risks

    Step 4.1: Identify and mitigate risks

    This step will walk you through the following activities:

    • Identify potential risks.
    • Determine strategies to mitigate risks.
    • Complete your capacity management plan.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team members
    • Business stakeholders

    Outcomes of this step

    • Strategies for reducing risks
    • Capacity management plan

    Understand what happens when capacity/availability management fails

    1. Services become unavailable. If availability and capacity management are not constantly practiced, an inevitable consequence is downtime or a reduction in the quality of that service. Critical sub-component failures can knock out important systems on their own.
    2. Money is wasted. In response to fears about availability, it’s entirely possible to massively overprovision or switch entirely to a pay-as-you-go model. This, unfortunately, brings with it a whole host of other problems, including overspending. Remember: infinite capacity means infinite potential cost.
    3. IT remains reactive and is unable to contribute more meaningfully to the organization. If IT is constantly putting out capacity/availability-related fires, there is no room for optimization and activities to increase organizational maturity. Effective availability and capacity management will allow IT to focus on other work.

    Mitigate availability and capacity risks

    Availability: how often a service is usable (that is to say up and not too degraded to be effective). Consequences of reduced availability can include financial losses, impacted customer goodwill, and reduced faith in IT more generally.

    Causes of availability issues:

    • Poor capacity management – a service becomes unavailable when there is insufficient supply to meet demand. This is the result of poor capacity management.
    • Scheduled maintenance – services go down for maintenance with some regularity. This needs to be baked into service-level negotiations with vendors.
    • Vendor outages – sometimes vendors experience unplanned outages. There is typically a contract provision that covers unplanned outages, but that doesn’t change the fact that your service will be interrupted.

    Capacity: a particular component’s/service’s/business’ wiggle room. In other words, its usage ceiling.

    Causes of capacity issues:

    • Poor demand management – allowing users to run amok without any regard for how capacity is sourced and paid for.
    • Massive changes in legitimate demand – more usage means more demand.
    • Poor capacity planning – predictable changes in demand that go unaddressed can lead to capacity issues.

    Add additional potential causes of availability and capacity risks as needed

    4.1a 30 minutes

    Availability and capacity issues can stem from a number of different causes. Include a list in your availability and capacity management plan.

    Instructions

    1. Gather the group together. Go around the room and have participants provide examples of incidents and problems that have been the result of availability and capacity issues.
    2. Pose questions to the group about the source of those availability and capacity issues.
    • What could have been done differently to avoid these issues?
    • Was the availability/capacity issue a result of a faulty internal/external SLA?
  • Record the results of the exercise in sections 4.1 and 4.2 of the Capacity Plan Template.
  • Input

    • Capacity Snapshot Tool results

    Output

    • Additional sources of availability and capacity risks

    Materials

    • Capacity Plan Template

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Insight

    Availability and capacity problems result in incidents, critical incidents, and problems. These are addressed in a separate project (incident and problem management), but information about common causes can streamline that process.

    Identify capacity risks and mitigate them

    4.1b 30 minutes

    Based on your understanding of your capacity needs (through written SLAs and informal but regular meetings with the business) highlight major risks you foresee.

    Instructions

    1. Make a chart with two columns on a whiteboard. They should be labelled “risk” and “mitigation” respectively.
    2. Record risks to capacity you have identified in earlier activities.
    • Refer to the Capacity Snapshot Tool for components that are highlighted in red and yellow. These are specific components that present special challenges. Identify the risk(s) in as much detail as possible. Include service and business risks as well.
    • Examples: a marketing push will put pressure on the web server; a hiring push will require more Office 365 licenses; a downturn in registration will mean that fewer VMs will be required to run the service.

    Input

    • Capacity Snapshot Tool results

    Output

    • Inefficiencies

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Insight

    It’s an old adage, but it checks out: don’t come to the table armed only with problems. Be a problem solver and prove IT’s value to the organization.

    Identify capacity risks and mitigate them (cont.)

    4.1b 1.5 hours

    Instructions (cont.)

    1. Begin developing mitigation strategies. Options for responding to known capacity risks fall into one of two camps:
    • Acceptance: responding to the risk is costlier than acknowledging its existence without taking any action. For gold systems, acceptance is typically not acceptable.
    • Mitigation: limiting/reducing, eliminating, or transferring risk (Herrera) comprise the sort of mitigation discussed here.
      • Limiting/reducing: taking steps to improve the capacity situation, but accepting some level of risk (spinning up a new VM, pushing back on demands from the business, promoting efficiency).
      • Eliminating: the most comprehensive (and most expensive) mitigation strategy, elimination could involve purchasing a new server or, at the extreme end, building a new datacenter.
      • Transfer: “robbing Peter to pay Paul,” in the words of capacity manager Todd Evans, is one potential way to limit your exposure. Is there a less critical service that can be sacrificed to keep your gold service online?
  • Record the results of this exercise in section 5 of the Capacity Plan Template.
  • Input

    • Capacity Snapshot Tool results

    Output

    • Capacity risk mitigations

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Insight

    It’s an old adage, but it checks out: don’t come to the table armed only with problems. Be a problem solver and prove IT’s value to the organization.

    Identify availability risks and mitigate them

    4.1c 30 minutes

    While capacity management is a form of availability management, it is not the only form. In this activity, outline the specific nature of threats to availability.

    Instructions

    1. Make a chart with two columns on a whiteboard. They should be labelled “risk” and “mitigation” respectively.
    2. Begin brainstorming general availability risks based on the following sources of information/categories:
    • Vendor outages
    • Disaster recovery
    • Historical availability issues

    The image contains a large blue circle labelled: Availability. Also in the blue circle is a small red circle labelled: Capacity.

    Input

    • Capacity Snapshot Tool results

    Output

    • Availability risks and mitigations

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Best Practice

    A dynamic central repository is a good way to ensure that availability issues stemming from a variety of causes are captured and mitigated.

    Identify availability risks and mitigate them (cont.)

    4.1c 1.5 hours

    Although it is easier said than done, identifying potential mitigations is a crucial part of availability management as an activity.

    Instructions (cont.)

    1. Begin developing mitigation strategies. Options for responding to known capacity risks fall into one of two camps:
    • Acceptance – responding to the risk is costlier than taking it on. Some unavailability is inevitable, between maintenance and unscheduled downtime. Record this, though it may not require immediate action.
    • Mitigation strategies:
      • Limiting/reducing – taking steps to increase availability of critical systems. This could include hot spares for unreliable systems or engaging a new vendor.
      • Eliminating – the most comprehensive (and most expensive) mitigation strategy. It could include selling.
      • Transfer – “robbing Peter to pay Paul,” in the words of capacity manager Todd Evans, is one potential way to limit your exposure. Is there a less critical service that can be sacrificed to keep your gold service online?
  • Record the results of this exercise in section 5 of Capacity Plan Template.
  • Input

    • Capacity Snapshot Tool results

    Output

    • Availability risks and mitigations

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Iterate on the process and present your completed availability and capacity management plan

    The stakeholders consulted as part of the process will be interested in its results. Share them, either in person or through a collaboration tool.

    The current status of your availability and capacity management plan should be on the agenda for every stakeholder meeting. Direct the stakeholders’ attention to the parts of the document that are relevant to them, and solicit their thoughts on the document’s accuracy. Over time you should get a pretty good idea of who among your stakeholder group is skilled at projecting demand, and who over- or underestimates, and by how much. This information will improve your projections and, therefore, your management over time.

    Info-Tech Insight

    Use the experience gained and the artifacts generated to build trust with the business. The meetings should be regular, and demonstrating that you’re actually using the information for good is likely to make hesitant participants in the process more likely to open up.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop.

    The image contains a picture of an Info-Tech analyst.

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.1

    The image contains a screenshot of activity 4.1.

    Identify capacity risks and mitigate them

    The analyst will guide workshop participants in identifying potential risks to capacity and determining strategies for mitigating them.

    Phase 4 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Identify and mitigate risks

    Proposed Time to Completion: 1 week

    Step 4.1: Identify and mitigate risks

    Review your findings with an analyst

    • Discuss your potential risks and your strategies for mitigating those risks.

    Then complete these activities…

    • Identify capacity risks and mitigate them
    • Identify availability risks and mitigate them
    • Complete your capacity management plan

    With these tools & templates:

    Capacity Snapshot Tool

    Capacity Plan Template

    Phase 4 Results & Insights:

    • Be a problem solver and prove IT’s value to the organization. Capacity management allows infrastructure to drive business value.
    • Iterate and share results. Reinforce your relationships with stakeholders and continue to refine how capacity management transforms your organization’s business processes.

    Insight breakdown

    Insight 1

    Components are critical to availability and capacity management.

    The CEO doesn’t care about the SMTP server. She cares about meeting customer needs and producing profit. For IT capacity and availability managers, though, the devil is in the details. It only takes one faulty component to knock out a service. Keep track and keep the lights on.

    Insight 2

    Ask what the business is working on, not what they need.

    If you ask them what they need, they’ll tell you – and it won’t be cheap. Find out what they’re going to do, and use your expertise to service those needs. Use your IT experience to estimate the impact of business and service level changes on the components that secure the availability you need.

    Insight 3

    Cloud shmoud.

    The role of the capacity manager might be changing with the advent of the public cloud, but it has not disappeared. Capacity managers in the age of the cloud are responsible for managing vendor relationships, negotiating external SLAs, projecting costs and securing budgets, reining in prodigal divisions, and so on.

    Summary of accomplishment

    Knowledge Gained

    • Impact of downtime on the organization
    • Gold systems
    • Key dependencies and sub-components
    • Strategy for monitoring components
    • Strategy for soliciting business needs
    • Projected capacity needs
    • Availability and capacity risks and mitigations

    Processes Optimized

    • Availability management
    • Capacity management

    Deliverables Completed

    • Business Impact Analysis
    • Capacity Plan Template

    Project step summary

    Client Project: Develop an Availability and Capacity Management Plan

    1. Conduct a business impact analysis
    2. Assign criticality ratings to services
    3. Define your monitoring strategy
    4. Implement your monitoring tool/aggregator
    5. Solicit business needs and gather data
    6. Analyze data and project future needs
    7. Identify and mitigate risks

    Info-Tech Insight

    This project has the ability to fit the following formats:

    • Onsite workshop by Info-Tech Research Group consulting analysts.
    • Do-it-yourself with your team.
    • Remote delivery via Info-Tech Guided Implementation.

    Research contributors and experts

    The image contains a picture of Adrian Blant.

    Adrian Blant, Independent Capacity Consultant, IT Capability Solutions

    Adrian has over 15 years' experience in IT infrastructure. He has built capacity management business processes from the ground up, and focused on ensuring a productive dialogue between IT and the business.

    The image contains a picture of James Zhang.

    James Zhang, Senior Manager Disaster Recovery, AIG Technology

    James has over 20 years' experience in IT and 10 years' experience in capacity management. Throughout his career, he has focused on creating new business processes to deliver value and increase efficiency over the long term.

    The image contains a picture of Mayank Banerjee.

    Mayank Banerjee, CTO, Global Supply Chain Management, HelloFresh

    Mayank has over 15 years' experience across a wide range of technologies and industries. He has implemented highly automated capacity management processes as part of his role of owning and solving end-to-end business problems.

    The image contains a picture of Mike Lynch

    Mike Lynch, Consultant, CapacityIQ

    Mike has over 20 years' experience in IT infrastructure. He takes a holistic approach to capacity management to identify and solve key problems, and has developed automated processes for mapping performance data to information that can inform business decisions.

    The image contains a picture of Paul Waguespack.

    Paul Waguespack, Manager of Application Systems Engineering, Tufts Health Plan

    Paul has over 10 years' experience in IT. He has specialized in implementing new applications and functionalities throughout their entire lifecycle, and integrating with all aspects of IT operations.

    The image contains a picture of Richie Mendoza.

    Richie Mendoza, IT Consultant, SMITS Inc.

    Richie has over 10 years' experience in IT infrastructure. He has specialized in using demand forecasting to guide infrastructure capacity purchasing decisions, to provide availability while avoiding costly overprovisioning.

    The image contains a picture of Rob Thompson.

    Rob Thompson, President, IT Tools & Process

    Rob has over 30 years’ IT experience. Throughout his career he has focused on making IT a generator of business value. He now runs a boutique consulting firm.

    Todd Evans, Capacity and Performance Management SME, IBM

    Todd has over 20 years' experience in capacity and performance management. At Kaiser Permanente, he established a well-defined mapping of the businesses workflow processes to technical requirements for applications and infrastructure.

    Bibliography

    451 Research. “Best of both worlds: Can enterprises achieve both scalability and control when it comes to cloud?” 451 Research, November 2016. Web.

    Allen, Katie. “Work Also Shrinks to Fit the Time Available: And We Can Prove It.” The Guardian. 25 Oct. 2017.

    Amazon. “Amazon Elastic Compute Cloud.” Amazon Web Services. N.d. Web.

    Armandpour, Tim. “Lies Vendors Tell about Service Level Agreements and How to Negotiate for Something Better.” Network World. 12 Jan 2016.

    “Availability Management.” ITIL and ITSM World. 2001. Web.

    Availability Management Plan Template. Purple Griffon. 30 Nov. 2012. Web.

    Bairi, Jayachandra, B., Murali Manohar, and Goutam Kumar Kundu. “Capacity and Availability Management by Quantitative Project Management in the IT Service Industry.” Asian Journal on Quality 13.2 (2012): 163-76. Web.

    BMC Capacity Optimization. BMC. 24 Oct 2017. Web.

    Brooks, Peter, and Christa Landsberg. Capacity Management in Today’s IT Environment. MentPro. 16 Aug 2017. Web.

    "Capacity and Availability Management." CMMI Institute. April 2017. Web.

    Capacity and Availability Management. IT Quality Group Switzerland. 24 Oct. 2017. Web.

    Capacity and Performance Management: Best Practices White Paper. Cisco. 4 Oct. 2005. Web.

    "Capacity Management." Techopedia.

    “Capacity Management Forecasting Best Practices and Recommendations.” STG. 26 Jan 2015. Web.

    Capacity Management from the Ground up. Metron. 24 Oct. 2017. Web.

    Capacity Management in the Modern Datacenter. Turbonomic. 25 Oct. 2017. Web.

    Capacity Management Maturity Assessing and Improving the Effectiveness. Metron. 24 Oct. 2017. Web.

    “Capacity Management Software.” TeamQuest. 24 Oct 2017. Web,

    Capacity Plan Template. Purainfo. 11 Oct 2012. Web.

    “Capacity Planner—Job Description.” Automotive Industrial Partnership. 24 Oct. 2017. Web.

    Capacity Planning. CDC. Web. Aug. 2017.

    "Capacity Planning." TechTarget. 24 Oct 2017. Web.

    “Capacity Planning and Management.” BMC. 24 Oct 2017. Web.

    "Checklist Capacity Plan." IT Process Wiki. 24 Oct. 2017. Web.

    Dykes, Brent. “Actionable Insights: The Missing Link Between Data and Business Value.” Forbes. April 26, 2016. Web.

    Evolved Capacity Management. CA Technologies. Oct. 2013. Web.

    Francis, Ryan. “False positives still cause threat alert fatigue.” CSO. May 3, 2017. Web.

    Frymire, Scott. "Capacity Planning vs. Capacity Analytics." ScienceLogic. 24 Oct. 2017. Web.

    Glossary. Exin. Aug. 2017. Web.

    Herrera, Michael. “Four Types of Risk Mitigation and BCM Governance, Risk and Compliance.” MHA Consulting. May 17, 2013.

    Hill, Jon. How to Do Capacity Planning. TeamQuest. 24 Oct. 2017. Web.

    “How to Create an SLA in 7 Easy Steps.” ITSM Perfection. 25 Oct. 2017. Web.

    Hunter, John. “Myth: If You Can’t Measure It: You Can’t Manage It.” W. Edwards Deming Institute Blog. 13 Aug 2015. Web.

    IT Service Criticality. U of Bristol. 24 Oct. 2017. Web.

    "ITIL Capacity Management." BMC's Complete Guide to ITIL. BMC Software. 22 Dec. 2016. Web.

    “Just-in-time.” The Economist. 6 Jul 2009. Web.

    Kalm, Denise P., and Marv Waschke. Capacity Management: A CA Service Management Process Map. CA. 24 Oct. 2017. Web.

    Klimek, Peter, Rudolf Hanel, and Stefan Thurner. “Parkinson’s Law Quantified: Three Investigations in Bureaucratic Inefficiency.” Journal of Statistical Mechanics: Theory and Experiment 3 (2009): 1-13. Aug. 2017. Web.

    Landgrave, Tim. "Plan for Effective Capacity and Availability Management in New Systems." TechRepublic. 10 Oct. 2002. Web.

    Longoria, Gina. “Hewlett Packard Enterprise Goes After Amazon Public Cloud in Enterprise Storage.” Forbes. 2 Dec. 2016. Web.

    Maheshwari, Umesh. “Understanding Storage Capacity.” NimbleStorage. 7 Jan. 2016. Web.

    Mappic, Sandy. “Just how complex can a Login Transaction be? Answer: Very!” Appdynamics. Dec. 11 2011. Web.

    Miller, Ron. “AWS Fires Back at Larry Ellison’s Claims, Saying It’s Just Larry Being Larry.” Tech Crunch. 2 Oct. 2017. Web.

    National College for Teaching & Leadership. “The role of data in measuring school performance.” National College for Teaching & Leadership. N.d. Web,

    Newland, Chris, et al. Enterprise Capacity Management. CETI, Ohio State U. 24 Oct. 2017. Web.

    Office of Government Commerce . Best Practice for Service Delivery. London: Her Majesty’s Stationery Office, 2001.

    Office of Government Commerce. Best Practice for Business Perspective: The IS View on Delivering Services to the Business. London: Her Majesty’s Stationery Office, 2004.

    Parkinson, C. Northcote. “Parkinson’s Law.” The Economist. 19 Nov. 1955. Web.

    “Parkinson’s Law Is Proven Again.” Financial Times. 25 Oct. 2017. Web.

    Paul, John, and Chris Hayes. Performance Monitoring and Capacity Planning. VM Ware. 2006. Web.

    “Reliability and Validity.” UC Davis. N.d. Web.

    "Role: Capacity Manager." IBM. 2008. Web.

    Ryan, Liz. “‘If You Can’t Measure It, You Can’t Manage It’: Not True.” Forbes. 10 Feb. 2014. Web.

    S, Lalit. “Using Flexible Capacity to Lower and Manage On-Premises TCO.” HPE. 23 Nov. 2016. Web.

    Snedeker, Ben. “The Pros and Cons of Public and Private Clouds for Small Business.” Infusionsoft. September 6, 2017. Web.

    Statement of Work: IBM Enterprise Availability Management Service. IBM. Jan 2016. Web.

    “The Road to Perfect AWS Reserved Instance Planning & Management in a Nutshell.” Botmetric. 25 Oct. 2017. Web.

    Transforming the Information Infrastructure: Build, Manage, Optimize. Asigra. Aug. 2017. Web.

    Valentic, Branimir. "Three Faces of Capacity Management." ITIL/ISO 20000 Knowledge Base. Advisera. 24 Oct. 2017. Web.

    "Unify IT Performance Monitoring and Optimization." IDERA. 24 Oct. 2017. Web.

    "What is IT Capacity Management?" Villanova U. Aug. 2017. Web.

    Wolstenholme, Andrew. Final internal Audit Report: IT Availability and Capacity (IA 13 519/F). Transport For London. 23 Feb. 2015. Web.

    Mandate Data Valuation Before It’s Mandated

    • Buy Link or Shortcode: {j2store}121|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $25,000 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Data can be valuable if used properly or dangerous when mishandled.
    • The organization needs to understand the value of their data before they can establish proper data management practice.
    • Data is not considered a capital asset unless there is a financial transaction (e.g. buying or selling data assets).
    • Data valuation is not easy, and it costs money to collect, store, and maintain data.

    Our Advice

    Critical Insight

    • Data always outlives people, processes, and technology. They all come and go, while data remains.
    • Oil is a limited resource, data is not. Contrary to oil, data is likely to grow over time.
    • Data is likely to outlast all other current popular financial instruments including currency, assets, or commodities.
    • Data is used internally and externally and can easily be replicated or combined.
    • Data is beyond currency, assets, or commodities and needs to be a category of its own.

    Impact and Result

    • Every organization must calculate the value of their data. This will enable organizations to become truly data-driven.
    • Too much time has been spent arguing different methods of valuation. An organization must settle on valuation that is acceptable to all its stakeholders.
    • Align data governance and data management to data valuation. Often organizations struggle to justify data initiatives due to lack of visibility in data valuation.
    • Establish appropriate roles and responsibilities and ensure alignment to a common set of goals as a foundation to get the most accurate future data valuation for your organization.
    • Assess organization data assets and implementation roadmap that considers the necessary competencies and capabilities and their dependencies in moving towards the higher maturity of data assets.

    Mandate Data Valuation Before It’s Mandated Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the value associated with the organization's data. Review Info-Tech’s methodology for assessing data value and justifying your data initiatives with a value proposition.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Demystify data valuation

    Understand the benefits of data valuation.

    • Mandate Data Valuation Before It’s Mandated – Phase 1: Demystify Data Valuation

    2. Data value chain

    Learn about the data value chain framework and preview the step-by-step guide to start collecting data sources.

    • Mandate Data Valuation Before It’s Mandated – Phase 2: Data Value Chain

    3. Data value assessment

    Mature your data valuation by putting in the valuation dimensions and metrics. Establish documented results that can be leveraged to demonstrate value in your data assets.

    • Mandate Data Valuation Before It’s Mandated – Phase 3: Data Value Assessment
    [infographic]

    Workshop: Mandate Data Valuation Before It’s Mandated

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Value of Data Valuation

    The Purpose

    Explain data valuation approach and value proposition.

    Key Benefits Achieved

    A clear understanding and case for data valuation.

    Activities

    1.1 Review common business data sources and how the organization will benefit from data valuation assessment.

    1.2 Understand Info-Tech’s data valuation framework.

    Outputs

    Organization data valuation priorities

    2 Capture Organization Data Value Chain

    The Purpose

    Capture data sources and data collection methods.

    Key Benefits Achieved

    A clear understanding of the data value chain.

    Activities

    2.1 Assess data sources and data collection methods.

    2.2 Understand key insights and value proposition.

    2.3 Capture data value chain.

    Outputs

    Data Valuation Tool

    3 Data Valuation Framework

    The Purpose

    Leverage the data valuation framework.

    Key Benefits Achieved

    Capture key data valuation dimensions and align with data value chain.

    Activities

    3.1 Introduce data valuation framework.

    3.2 Discuss key data valuation dimensions.

    3.3 Align data value dimension to data value chain.

    Outputs

    Data Valuation Tool

    4 Plan for Continuous Improvement

    The Purpose

    Improve organization’s data value.

    Key Benefits Achieved

    Continue to improve data value.

    Activities

    4.1 Capture data valuation metrics.

    4.2 Define data valuation for continuous monitoring.

    4.3 Create a communication plan.

    4.4 Define a plan for continuous improvements.

    Outputs

    Data valuation metrics

    Data Valuation Communication Plan

    Understand and Apply Internet-of-Things Use Cases to Drive Organizational Success

    • Buy Link or Shortcode: {j2store}535|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • The Internet of Things (IoT) is a rapidly proliferating technology – connected devices have experienced unabated growth over the last ten years.
    • The business wants to capitalize on the IoT and move the needle forward for proactive customer service and operational efficiency.
    • Moreover, IT wants to maintain its reputation as forward-thinking, and the business wants to be innovative.

    Our Advice

    Critical Insight

    • Leverage Info-Tech’s comprehensive three-phase approach to IoT projects: understand the fundamentals of IoT capabilities, assess where the IoT will drive value within the organization, and present findings to stakeholders.
    • Conduct a foundational IoT discussion with stakeholders to level set expectations about the technology’s capabilities.
    • Determine your organization’s approach to the IoT in terms of both hardware and software.
    • Determine which use case your organization fits into: three of the use cases highlighted in this report include predictive customer service, smart offices, and supply chain applications.

    Impact and Result

    • Our methodology addresses the possible issues by using a case-study approach to demonstrate the “Art of the Possible” for the IoT.
    • With an understanding of the IoT, it is possible to find applicable use cases for this emerging technology and get a leg up on competitors.

    Understand and Apply Internet-of-Things Use Cases to Drive Organizational Success Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why your organization should care about the IoT’s potential to transform the service and the workplace, and how Info-Tech will support you as you identify and build your IoT use cases.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand core IoT use cases

    Analyze the scope of the IoT and the three most prominent enterprise use cases.

    • Understand and Apply Internet-of-Things Use Cases to Drive Organizational Success – Phase 1: Understand Core IoT Use Cases

    2. Build the business case for IoT applications

    Develop and prioritize use cases for the IoT using Info-Tech’s IoT Initiative Framework.

    • Understand and Apply Internet-of-Things Use Cases to Drive Organizational Success – Phase 2: Build the Business Case for IoT Initiatives

    3. Present IoT initiatives to stakeholders

    Present the IoT initiative to stakeholders and understand the way forward for the IoT initiative.

    • Understand and Apply Internet-of-Things Use Cases to Drive Organizational Success – Phase 3: Present IoT Initiatives to Stakeholders
    • Internet of Things Stakeholder Presentation Template
    [infographic]

    Document Your Cloud Strategy

    • Buy Link or Shortcode: {j2store}468|cart{/j2store}
    • member rating overall impact: 8.9/10 Overall Impact
    • member rating average dollars saved: $35,642 Average $ Saved
    • member rating average days saved: 21 Average Days Saved
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy

    Despite the universally agreed-upon benefit of formulating a coherent strategy, several obstacles make execution difficult:

    • Inconsistent understanding of what the cloud means
    • Inability to come to a consensus on key decisions
    • Ungoverned decision-making
    • Unclear understanding of cloud roles and responsibilities

    Our Advice

    Critical Insight

    A cloud strategy might seem like a big project, but it’s just a series of smaller conversations. The methodology presented here is designed to facilitate those conversations, using a curated list of topics, prompts, participant lists, and sample outcomes. We have divided the strategy into four key areas:

    • Vision and alignment
    • People
    • Governance
    • Technology

    Impact and Result

    • A shared understanding of what is necessary to succeed in the cloud
    • An end to ad hoc deployments that solve small problems and create larger ones
    • A unified approach and set of principles that apply to governance, architecture, integration, skills, and roles (and much, much more).

    Document Your Cloud Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Document Your Cloud Strategy – a phased guide to identifying, validating, and recording the steps you’ll take, the processes you’ll leverage, and the governance you’ll deploy to succeed in the cloud.

    This storyboard comprises four phases, covering mission and vision, people, governance, and technology, and how each of these areas requires forethought when migrating to the cloud.

    • Document Your Cloud Strategy – Phases 1-4

    2. Cloud Strategy Document Template – a template that allows you to record the results of the cloud strategy exercise in a clear, readable way.

    Each section of Document Your Cloud Strategy corresponds to a section in the document template. Once you’ve completed each exercise, you can record your results in the document template, leaving you with an artifact you can share with stakeholders.

    • Cloud Strategy Document Template
    [infographic]

    Workshop: Document Your Cloud Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Document Your Vision and Alignment

    The Purpose

    Understand and document your cloud vision and its alignment with your other strategic priorities.

    Key Benefits Achieved

    A complete understanding of your strategy, vision, alignment, and a list of success metrics that will help you find your way.

    Activities

    1.1 Record your cloud mission and vision.

    1.2 Document your cloud strategy’s alignment with other strategic plans.

    1.3 Record your cloud guiding principles.

    Outputs

    Documented strategy, vision, and alignment.

    Defined success metrics.

    2 Record Your People Strategy

    The Purpose

    Define how people, skills, and roles will contribute to the broader cloud strategy.

    Key Benefits Achieved

    Sections of the strategy that highlight skills, roles, culture, adoption, and the creation of a governance body.

    Activities

    2.1 Outline your skills and roles strategy.

    2.2 Document your approach to culture and adoption

    2.3 Create a cloud governing body.

    Outputs

    Documented people strategy.

    3 Document Governance Principles

    The Purpose

    This section facilitates governance in the cloud, developing principles that apply to architecture, integration, finance management, and more.

    Key Benefits Achieved

    Sections of the strategy that define governance principles.

    Activities

    3.1 Conduct discussion on architecture.

    3.2 Conduct discussion on integration and interoperability.

    3.3 Conduct discussion on operations management.

    3.4 Conduct discussion on cloud portfolio management.

    3.5 Conduct discussion on cloud vendor management.

    3.6 Conduct discussion on finance management.

    3.7 Conduct discussion on security.

    3.8 Conduct discussion on data controls.

    Outputs

    Documented cloud governance strategy.

    4 Formalize Your Technology Strategy

    The Purpose

    Creation of a formal cloud strategy relating to technology around provisioning, monitoring, and migration.

    Key Benefits Achieved

    Completed strategy sections of the document that cover technology areas.

    Activities

    4.1 Formalize organizational approach to monitoring.

    4.2 Document provisioning process.

    4.3 Outline migration processes and procedures.

    Outputs

    Documented cloud technology strategy.

    Further reading

    Document Your Cloud Strategy

    Get ready for the cloudy future with a consistent, proven strategy.

    Analyst perspective

    Any approach is better than no approach

    The image contains a picture of Jeremy Roberts

    Moving to the cloud is a big, scary transition, like moving from gas-powered to electric cars, or from cable to streaming, or even from the office to working from home. There are some undeniable benefits, but we must reorient our lives a bit to accommodate those changes, and the results aren’t always one-for-one. A strategy helps you make decisions about your future direction and how you should respond to changes and challenges. In Document Your Cloud Strategy we hope to help you accomplish just that: clarifying your overall mission and vision (as it relates to the cloud) and helping you develop an approach to changes in technology, people management, and, of course, governance. The cloud is not a panacea. Taken on its own, it will not solve your problems. But it can be an important tool in your IT toolkit, and you should aim to make the best use of it – whatever “best” happens to mean for you.

    Jeremy Roberts

    Research Director, Infrastructure and Operations

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The cloud is multifaceted. It can be complicated. It can be expensive. Everyone has an opinion on the best way to proceed – and in many cases has already begun the process without bothering to get clearance from IT. The core challenge is creating a coherent strategy to facilitate your overall goals while making the best use of cloud technology, your financial resources, and your people.

    Common Obstacles

    Despite the universally agreed-upon benefit of formulating a coherent strategy, several obstacles make execution difficult:

    • Inconsistent understanding of what the cloud means
    • Inability to come to a consensus on key decisions
    • Ungoverned decision making
    • Unclear understanding of cloud roles and responsibilities

    Info-Tech’s Approach

    A cloud strategy might seem like a big project, but it’s just a series of smaller conversations. The methodology presented here is designed to facilitate those conversations, using a curated list of topics, prompts, participant lists, and sample outcomes. We have divided the strategy into four key areas:

    1. Vision and alignment
    2. People
    3. Governance
    4. Technology

    The answers might be different, but the questions are the same

    Every organization will approach the cloud differently, but they all need to ask the same questions: When will we use the cloud? What forms will our cloud usage take? How will we manage governance? What will we do about people? How will we incorporate new technology into our environment? The answers to these questions are as numerous as there are people to answer them, but the questions must be asked.

    Your challenge

    This research is designed to help organizations that are facing these challenges or looking to:

    • Ensure that the cloud strategy is complete and accurately reflects organizational goals and priorities.
    • Develop a consistent and coherent approach to adopting cloud services.
    • Design an approach to mitigate risks and challenges associated with adopting cloud services.
    • Create a shared understanding of the expected benefits of cloud services and the steps required to realize those benefits.

    Grappling with a cloud strategy is a top initiative: 43% of respondents report progressing on a cloud-first strategy as a top cloud initiative.

    Source: Flexera, 2021.

    Definition: Cloud strategy

    A document providing a systematic overview of cloud services, their appropriate use, and the steps that an organization will take to maximize value and minimize risk.

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • The cloud means different things to different people, and creating a strategy that is comprehensive enough to cover a multitude of use cases while also being written to be consumable by all stakeholders is difficult.
    • The incentives to adopt the cloud differ based on the expected benefit for the individual customer. User-led decision making and historically ungoverned deployments can make it difficult to reset expectation and align with a formal strategy.
    • Getting all the right people in a room together to agree on the key components of the strategy and the direction undertaken for each one is often difficult.

    Info-Tech’s approach

    Define Your Cloud Vision

    Vision and alignment

    • Mission and vision
    • Alignment to other strategic plans
    • Guiding principles
    • Measuring success

    Technology

    • Monitoring
    • Provisioning
    • Migration

    Governance

    • Architecture
    • Integration and interoperability
    • Operations management
    • Cloud portfolio management
    • Cloud vendor management
    • Finance management
    • Security
    • Data controls

    People

    • Skills and roles
    • Culture and adoption
    • Governing bodies

    Info-Tech’s approach

    Your cloud strategy will comprise the elements listed under “vision and alignment,” “technology,” “governance,” and “people.” The Info-Tech methodology involves breaking the strategy down into subcomponents and going through a three-step process for each one. Start by reviewing a standard set of questions and understanding the goal of the exercise: What do we need to know? What are some common considerations and best practices? Once you’ve had a chance to review, discuss your current state and any gaps: What has been done? What still needs to be done? Finally, outline how you plan to go forward: What are your next steps? Who needs to be involved?

    Review

    • What questions do we need to answer to complete the discussion of this strategy component? What does the decision look like?
    • What are some key terms and best practices we must understand before deciding?

    Discuss

    • What steps have we already taken to address this component?
    • Does anything still need to be done?
    • Is there anything we’re not sure about or need further guidance on?

    Go forward

    • What are the next steps?
    • Who needs to be involved?
    • What questions still need to be asked/answered?
    • What should the document’s wording look like?

    Info-Tech’s methodology for documenting your cloud strategy

    1. Document your vision and alignment

    2. Record your people strategy

    3. Document governance principles

    4. Formalize your technology strategy

    Phase Steps

    1. Record your cloud mission and vision
    2. Document your cloud strategy’s alignment with other strategic plans
    3. Record your cloud guiding principles
    4. Define success
    1. Outline your skills and roles strategy
    2. Document your approach to culture and adoption
    3. Create a cloud governing body

    Document official organizational positions in these governance areas:

    1. Architecture
    2. Integration and interoperability
    3. Operations management
    4. Cloud portfolio management
    5. Cloud vendor management
    6. Finance management
    7. Security
    8. Data controls
    1. Formalize organizational approach to monitoring
    2. Document provisioning process
    3. Outline migration processes and procedures

    Phase Outcomes

    Documented strategy: vision and alignment

    Documented people strategy

    Documented cloud governance strategy

    Documented cloud technology strategy

    Insight summary

    Separate strategy from tactics

    Separate strategy from tactics! A strategy requires building out the framework for ongoing decision making. It is meant to be high level and achieve a large goal. The outcome of a strategy is often a sense of commitment to the goal and better communication on the topic.

    The cloud does not exist in a vacuum

    Your cloud strategy flows from your cloud vision and should align with the broader IT strategy. It is also part of a pantheon of strategies and should exist harmoniously with other strategies – data, security, etc.

    People problems needn’t preponderate

    The cloud doesn’t have to be a great disruptor. If you handle the transition well, you can focus your people on doing more valuable work – and this is generally engaging.

    Governance is a means to an end

    Governing your deployment for its own sake will only frustrate your end users. Articulate the benefits users and the organization can expect to see and you’re more likely to receive the necessary buy-in.

    Technology isn’t a panacea

    Technology won’t solve all your problems. Technology is a force multiplier, but you will still have to design processes and train your people to fully leverage it.

    Key deliverable

    Cloud Strategy Document template

    Inconsistency and informality are the enemies of efficiency. Capture the results of the cloud strategy generation exercises in the Cloud Strategy Document template.

    The image contains a screenshot of the Cloud Strategy Document Template.
    • Record the results of the exercises undertaken as part of this blueprint in the Cloud Strategy Document template.
    • It is important to remember that not every cloud strategy will look exactly the same, but this template represents an amalgamation of best practices and cloud strategy creation honed over several years of advisory service in the space.
    • You know your audience better than anyone. If you would prefer a strategy delivered in a different way (e.g. presentation format) feel free to adapt the Cloud Vision Executive Presentation into a longer strategy presentation.
    • Emphasis is an area where you should exercise discretion as well. A cost-oriented cloud strategy, or one that prioritizes one type of cloud (e.g. SaaS) at the exclusion of others, may benefit from more focus on some areas than others, or the introduction of relevant subcategories. Include as many of these as you think will be relevant.
    • Parsimony is king – if you can distill a concept to its essence, start there. Include additional detail only as needed. You want your cloud strategy document to be read. If it’s too long or overly detailed, you’ll encounter readability issues.

    Blueprint benefits

    IT benefits

    Business benefits

    • A consistent, well-defined approach to the cloud
    • Consensus on key strategy components, including security, architecture, and integration
    • A clear path forward on skill development and talent acquisition/retention
    • A comprehensive resource for information about the organization’s approach to key strategy components
    • Predictable access to cloud services
    • A business-aligned approach to leveraging the resources available in the cloud
    • Efficient and secure consumption of cloud resources where appropriate to do so
    • Answers to questions about the cloud and how it will be leveraged in the environment

    Measure the value of this blueprint

    Don’t take our word for it:

    • Document Your Cloud Strategy has been available for several years in various forms as both a workshop and as an analyst-led guided implementation.
    • After each engagement, we send a survey that asks members how they benefited from the experience. Those who have worked through Info-Tech’s cloud strategy material have given overwhelmingly positive feedback.
    • Additionally, members reported saving between 10 and 20 days and an average of $46,499.
    • Measure the value by calculating the time saved as a result of using Info-Tech’s framework vs. a home-brewed cloud strategy alternative and by comparing the overall cost of a guided implementation or workshop with the equivalent offering from another firm. We’re confident you’ll come out ahead.

    8.8/10 Average reported satisfaction

    13 Days Average reported time savings

    $46,499 Average cost savings

    Executive Brief Case Study

    INDUSTRY: Pharmaceuticals

    SOURCE: Info-Tech workshop

    Pharmaceutical company

    The unnamed pharmaceutical company that is the subject of this case study was looking to make the transition to the cloud. In the absence of a coherent strategy, the organization had a few cloud deployments with no easily discernable overall approach. Representatives of several distinct functions (legal, infrastructure, data, etc.) all had opinions on the uses and abuses of cloud services, but it had been difficult to round everyone up and have the necessary conversations. As a result, the strategy exercise had not proceeded in a speedy or well-governed way. This lack of strategic readiness presented a roadblock to moving forward with the cloud strategy and to work with the cloud implementation partner, tasked with execution.

    Results

    The company engaged Info-Tech for a four-day workshop on cloud strategy documentation. Over the course of four days, participants drawn from across the organization discussed the strategic components and generated consensus statements and next steps. The team was able to formalize the cloud strategy and described the experience as saving 10 days.

    Example output: Document your cloud strategy workshop exercise

    The image contains an example of Document your cloud streatgy workshop exercise.

    Anything in green, the team was reasonably sure they had good alignment and next steps. Those yellow flags warranted more discussion and were not ready for documentation.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Document your vision and alignment

    Record your people strategy

    Document governance principles

    Formalize your technology strategy

    Call #1: Review existing vision/strategy documentation.

    Call #2: Review progress on skills, roles, and governance bodies.

    Call #3: Work through integration, architecture, finance management, etc. based on reqs. (May be more than one call.)

    Call #4: Discuss challenges with monitoring, provisioning, and migration as-needed.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is 4 to 6 calls over the course of 1 to 3 months

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Answer
    “so what?”

    Define the
    IT target state

    Assess the IT
    current state

    Bridge the gap and
    create the strategy

    Next steps and
    wrap-up (offsite)

    Activities

    1.1 Introduction

    1.2 Discuss cloud mission and vision

    1.3 Discuss alignment with other strategic plans

    1.4 Discuss guiding principles

    1.5 Define success metrics

    2.1 Discuss skills and roles

    2.2 Review culture and adoption

    2.3 Discuss a cloud governing body

    2.4 Review architecture position

    2.5 Discuss integration and interoperability

    3.1 Discuss cloud operations management

    3.2 Review cloud portfolio management

    3.3 Discuss cloud vendor management

    3.4 Discuss cloud finance management

    3.5 Discuss cloud security

    4.1 Review and formalize data controls

    4.2 Design a monitoring approach

    4.3 Document the workload provisioning process

    4.4 Outline migration processes and procedures

    5.1 Populate the Cloud Strategy Document

    Deliverables

    Formalized cloud mission and vision, along with alignment with strategic plans, guiding principles, and success metrics

    Position statement on skills and roles, culture and adoption, governing bodies, architecture, and integration/interoperability

    Position statements on cloud operations management, portfolio management, vendor management, finance management, and cloud security

    Position statements on data controls, monitoring, provisioning, and migration

    Completed Cloud Strategy Document

    Phase 1

    Document Your Vision and Alignment

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Document your mission and vision

    1.2 Document alignment to other strategic plans

    1.3 Document guiding principles

    1.4 Document success metrics

    2.1 Define approach to skills and roles

    2.2 Define approach to culture and adoption

    2.3 Define cloud governing bodies

    3.1 Define architecture direction

    3.2 Define integration approach

    3.3 Define operations management process

    3.4 Define portfolio management direction

    3.5 Define vendor management direction

    3.6 Document finance management tactics

    3.7 Define approach to cloud security

    3.8 Define data controls in the cloud

    4.1 Define cloud monitoring strategy

    4.2 Define cloud provisioning strategy

    4.3 Define cloud migration strategy

    This phase will walk you through the following activities:

    1. Record your cloud mission and vision
    2. Document your cloud strategy’s alignment with other strategic plans
    3. Record your cloud guiding principles
    4. Define success

    This phase has the following outcome:

    • Documented strategy: vision and alignment

    Record your mission and vision

    Build on the work you’ve already done

    Before formally documenting your cloud strategy, you should ensure that you have a good understanding of your overall cloud vision. How do you plan to leverage the cloud? What goals are you looking to accomplish? How will you distribute your workloads between different cloud service models (SaaS, PaaS, IaaS)? What will your preferred delivery model be (public, private, hybrid)? Will you support your cloud deployment internally or use the services of various consultants or managed service providers?

    The answers to these questions will inform the first section of your cloud strategy. If you haven’t put much thought into this or think you could use a deep dive on the fundamentals of your cloud vision and cloud archetypes, consider reviewing Define Your Cloud Vision, the companion blueprint to this one.

    Once you understand your cloud vision and what you’re trying to accomplish with your cloud strategy, this phase will walk you through aligning the strategy with other strategic initiatives. What decisions have others made that will impact the cloud strategy (or that the cloud strategy will impact)? Who must be involved/informed? What callouts must be involved at what point? Do users have access to the appropriate strategic documentation (and would they understand it if they did)?

    You must also capture some guiding principles. A strategy by its nature provides direction, helping readers understand the decisions they should make and why those decisions align with organizational interests. Creating some top-level principles is a useful exercise because those principles facilitate comprehension and ensure the strategy’s applicability.

    Finally, this phase will walk you through the process of measuring success. Once you know where you’d like to go, the principles that underpin your direction, and how your cloud strategy figures into the broader strategic pantheon, you should record what success actually means. If you’re looking to save money, overall cost should be a metric you track. If the cloud is all about productivity, generate appropriate productivity metrics. If you’re looking to expand into new technology or close a datacenter, you will need to track output specific to those overall goals.

    Review: mission and vision

    The overall organizational mission is a key foundational element of the cloud strategy. If you don’t understand where you’re going, how can you begin the journey to get there? This section of the strategy has four key parts that you should understand and incorporate into the beginning of the strategy document. If you haven’t already, review Define Your Cloud Vision for instructions on how to generate these elements.

    1. Cloud vision statement: This is a succinct encapsulation of your overall perspective on the suitability of cloud services for your environment – what you hope to accomplish. The ideal statement includes a scope (who/what does the strategy impact?), a goal (what will it accomplish?), and a key differentiator (what will make it happen?). This is an example: “[Organization] will leverage public cloud solutions and retire existing datacenter and colocation facilities. This transition will simplify infrastructure administration, support and security, while modernizing legacy infrastructure and reducing the need for additional capital expenditure.” You might also consider reviewing your overall cloud archetype (next slide) and including the output of that exercise in the document

    2. Service model decision framework: Services can be provided as software as a service (SaaS), platform as a service (PaaS), infrastructure as a service (IaaS), or they can be colocated or remain on premises. Not all cloud service models serve the same purpose or provide equal value in all circumstances. Understanding how you plan to take advantage of these distinct service models is an important component of the cloud strategy. In this section of the strategy, a rubric that captures the characteristics of the ideal workload for each of the named service models, along with some justification for the selection, is essential. This is a core component of Define Your Cloud Vision, and if you would like to analyze individual workloads, you can use the Cloud Vision Workbook for that purpose.

    3. Delivery model decision framework: Just as there are different cloud service models that have unique value propositions, there are several unique cloud delivery models as well, distinguished by ownership, operation, and customer base. Public clouds are the purview of third-party providers who make them available to paying customers. Private clouds are built for the exclusive use of a designated organization or group of organizations with internal clients to serve. Hybrid clouds involve the use of multiple, interoperable delivery models (interoperability is the key term here), while multi-cloud deployment models incorporate multiple delivery and service models into a single coherent strategy. What will your preferred delivery model be? Why?

    4. Support model decision framework: Once you have a service model nailed down and understand how you will execute on the delivery, the question then becomes about how you will support your cloud deployment going forward. Broadly speaking, you can choose to manage your deployment in house using internal resources (e.g. staff), to use managed service providers for ongoing support, or to hire consultants to handle specific projects/tasks. Each approach has its strengths and weaknesses, and many cloud customers will deploy multiple support models across time and different workloads. A foundational perspective on the support model is a key component of the cloud vision and should appear early in the strategy.

    Understand key cloud concepts: Archetype

    Once you understand the value of the cloud, your workloads’ general suitability for the cloud, and your proposed risks and mitigations, the next step is to define your cloud archetype. Your organization’s cloud archetype is the strategic posture that IT adopts to best support the organization’s goals. Info-Tech’s model recognizes seven archetypes, divided into three high-level archetypes. After consultation with your stakeholders, and based on the results of the suitability and risk assessment activities, define your archetype. The archetype feeds into the overall cloud vision and provides simple insight into the cloud future state for all stakeholders. The cloud vision itself is captured in a “vision statement,” a short summary of the overall approach that includes the overall cloud archetype.

    The image contains an arrow facing vertically up. The pointed end of the arrow is labelled more cloud, and the bottom of the arrow is labelled less cloud.

    We can best support the organization’s goals by:

    Cloud-Focused

    Cloud-Centric

    Providing all workloads through cloud delivery.

    Cloud-First

    Using the cloud as our default deployment model. For each workload, we should ask “why NOT cloud?”

    Cloud-Opportunistic

    Hybrid

    Enabling the ability to transition seamlessly between on-premises and cloud resources for many workloads.

    Integrated

    Combining cloud and traditional infrastructure resources, integrating data and applications through APIs or middleware.

    Split

    Using the cloud for some workloads and traditional infrastructure resources for others.

    Cloud-Averse

    Cloud-Light

    Using traditional infrastructure resources and limiting our use of the cloud to when it is absolutely necessary.

    Anti-Cloud

    Using traditional infrastructure resources and avoiding the use of cloud wherever possible.

    We may not be able to show you this

    We may not be able to show you this just yet.
    Our deeper, more detailed content is reserved for Tymans Group clients. 

    If you are interested in retaining our services or would really like access, please contact us. 

    Assess the Viability of M365-O365 Security Add-Ons

    • Buy Link or Shortcode: {j2store}251|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting

    The technical side of IT security demands the best security possible, but the business side of running IT demands that you determine what is cost-effective and can still do the job. You likely shrugged off the early iterations of Microsoft’s security efforts, but you may have heard that things have changed. Where do you start in evaluating Microsoft’s security products in terms of effectiveness? The value proposition sounds tremendous to the CFO, “free” security as part of your corporate license, but how does it truly measure up and how do you articulate your findings to the business?

    Our Advice

    Critical Insight

    Microsoft’s security products have improved to the point where they are often ranked competitively with mainstream security products. Depending on your organization’s licensing of Office 365/Microsoft 365, some of these products are included in what you’re already paying for. That value proposition is hard to deny.

    Impact and Result

    Determine what is important to the business, and in what order of priority.

    Take a close look at your current solution and determine what are table stakes, what features you would like to have in its replacement, and what your current solution is missing.

    Consider Microsoft’s security solutions using an objective methodology. Sentiment will still be a factor, but it shouldn’t dictate the decision you make for the good of the business.

    Assess the Viability of M365/O365 Security Add-Ons Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to assess the viability of M365/O365 security add-ons. Review Info-Tech’s methodology and understand the four key steps to completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review your current state

    Examine what you are licensed for, what you are paying, what you need, and what your constraints are.

    • Microsoft 365/Office 365 Security Add-Ons Assessment Tool

    2. Assess your needs

    Determine what is “good enough” security and assess the needs of your organization.

    3. Select your path

    Decide what you will go with and start planning your next steps.

    [infographic]

    Craft a Customer-Driven Market Strategy With Unbiased Data

    • Buy Link or Shortcode: {j2store}611|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Market strategies are informed by gut feel and endless brainstorming instead of market data to take their product from concept to customer.
    • Hiring independent market research firms results in a lack of unbiased third-party data. Research firms tell vendors what they want to hear instead of offering an agnostic view of software trends.
    • Dissatisfied customers don’t tell you directly why they are leaving, so there is no feedback loop back into product improvements.
    • Often a market strategy is built after a product is developed to force the product’s fit in the market. The product marketing team has no say in the product vision or future improvements.

    Our Advice

    Critical Insight

    • Adopt the 5 P’s to building a winning market strategy: Proposition, Product, Pricing, Placement, and Promotion.
    • You can’t be everything to everyone. Testing your proposition in the market to see what sticks is a risky move. Promise future value using past successes by gaining a deeper understanding of which customers and submarkets truly align to your product.
    • Customers have learned to avoid shiny new objects but still expect rapid feature releases. Differentiating features require a closer look at the underpinning vendor capabilities. Having intentional feature releases requires a feedback loop into the product roadmap and increases influence by the product marketing team.
    • Price transparency and sensitivity should drive what you offer to customers. Negotiating solely on price is a race to the bottom.

    Impact and Result

    • Leverage this report to gain insights on the software selection process and what top vendors do best.
    • Gain a bird’s-eye view on customer purchasing behavior using over 40,000 data points on satisfaction and importance collected directly from the source.
    • Build a winning market strategy influenced by real customer data that drives vendor success.

    Craft a Customer-Driven Market Strategy With Unbiased Data Research & Tools

    Read the storyboard

    Read our storyboard to find out why you should leverage SoftwareReviews data to craft your market strategy, review Info-Tech’s methodology, and understand unbiased customer data on software purchasing triggers.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Craft a Customer-Driven Market Strategy With Unbiased Data Storyboard
    [infographic]

    Run Better Meetings

    • Buy Link or Shortcode: {j2store}287|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Voice & Video Management
    • Parent Category Link: /voice-video-management

    Your newly hybrid workplace will include virtual, hybrid, and physical meetings, presenting several challenges:

    • The experience for onsite and remote attendees is not equal.
    • Employees are experiencing meeting and video fatigue.
    • Meeting rooms are not optimized for hybrid meetings.
    • The fact is that many people have not successfully run hybrid meetings before.

    Our Advice

    Critical Insight

    • Successful hybrid workplace plans must include planning around hybrid meetings. Seamless hybrid meetings are the result of thoughtful planning and documented best practices.

    Impact and Result

    • Identify your current state and the root cause of unsatisfactory meetings.
    • Review and identify meetings best practices around meeting roles, delivery models, and training.
    • Improve the technology that supports meetings.
    • Use Info-Tech’s quick checklists and decision flowchart to accelerate meeting planning and cover your bases.

    Run Better Meetings Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should run better meetings, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify the current state of meetings

    Understand the problem before you try to fix it. Before you can improve meetings, you need to understand what your norms and challenges currently are.

    • Checklist: Run a Virtual or Hybrid Meeting

    2. Publish best practices for how meetings should run

    Document meeting roles, expectations, and how meetings should run. Decide what kind of meeting delivery model to use and develop a training program.

    • Meeting Challenges and Best Practices
    • Meeting Type Decision Flowchart (Visio)
    • Meeting Type Decision Flowchart (PDF)

    3. Improve meeting technology

    Always be consulting with users: early in the process to set a benchmark, during and after every meeting to address immediate concerns, and quarterly to identify trends and deeper issues.

    • Team Charter
    • Communications Guide Poster Template
    [infographic]

    Workshop: Run Better Meetings

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Current State of Meetings

    The Purpose

    Understand the current state of meetings in your organization.

    Key Benefits Achieved

    What you need to keep doing and what you need to change

    Activities

    1.1 Brainstorm meeting types.

    1.2 Document meeting norms.

    1.3 Document and categorize meeting challenges.

    Outputs

    Documented challenges with meetings

    Meeting norms

    Desired changes to meeting norms

    2 Review and Identify Best Practices

    The Purpose

    Review and implement meeting best practices.

    Key Benefits Achieved

    Defined meeting best practices for your organization

    Activities

    2.1 Document meeting roles and expectations.

    2.2 Review common meeting challenges and identify best practices.

    2.3 Document when to use a hybrid meeting, virtual meeting, or an in-person meeting.

    2.4 Develop a training program.

    Outputs

    Meeting roles and expectations

    List of meeting best practices

    Guidelines to help workers choose between a hybrid, virtual, or in-person meeting

    Training plan for meetings

    3 Improve Meeting Technology

    The Purpose

    Identify opportunities to improve meeting technology.

    Key Benefits Achieved

    A strategy for improving the underlying technologies and meeting spaces

    Activities

    3.1 Empower virtual meeting attendees.

    3.2 Optimize spaces for hybrid meetings.

    3.3 Build a team of meeting champions.

    3.4 Iterate to build and improve meeting technology.

    3.5 Guide users toward each technology.

    Outputs

    Desired improvements to meeting rooms and meeting technology

    Charter for the team of meeting champions

    Communications Guide Poster

    Define the Role of Project Management in Agile and Product-Centric Delivery

    • Buy Link or Shortcode: {j2store}352|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $3,000 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • There are many voices with different opinions on the role of project management. This causes confusion and unnecessary churn.
    • Project management and product management naturally align to different time horizons. Harmonizing their viewpoints can take significant work.
    • Different parts of the organization have diverse views on how to govern and fund pieces of work, which leads to confusion when it comes to the role of project management.

    Our Advice

    Critical Insight

    There is no one-size-fits-all approach to product delivery. For many organizations product delivery requires detailed project management practices, while for others it requires much less. Taking an outcome-first approach when planning your product transformation is critical to make the right decision on the balance between project and product management.

    Impact and Result

    • Get alignment on the definition of projects and products.
    • Understand the differences between delivering projects and delivering products.
    • Line up your project management activities with the needs of Agile and product-centric projects.
    • Understand how funding can change when moving away from project-centric delivery.

    Define the Role of Project Management in Agile and Product-Centric Delivery Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define the Role of Project Management in Agile and Product-Centric Delivery – A guide that walks you through how to define the role of project management in product-centric and Agile delivery environments.

    The activities in this research will guide you through clarifying how you want to talk about projects and products, aligning project management and agility, specifying the different activities for project management, and identifying key differences with funding of products instead of projects.

    • Define the Role of Project Management in Agile and Product-Centric Delivery Storyboard
    [infographic]

    Further reading

    Define the Role of Project Management in Agile and Product-Centric Delivery

    Projects and products are not mutually exclusive.

    Table of Contents

    3 Analyst Perspective

    4 Executive Summary

    7 Step 1.1: Clarify How You Want to Talk About Projects and Products

    13 Step 1.2: Align Project Management and Agility

    16 Step 1.3: Specify the Different Activities for Project Management

    20 Step 1.4: Identify Key Differences in Funding of Products Instead of Projects

    25 Where Do I Go Next?

    26 Bibliography

    Analyst Perspective

    Project management still has an important role to play!

    When moving to more product-centric delivery practices, many assume that projects are no longer necessary. That isn’t necessarily the case!

    Product delivery can mean different things to different organizations, and in many cases it can involve the need to maintain both projects and project delivery.

    Projects are a necessary vehicle in many organizations to drive value delivery, and the activities performed by project managers still need to be done by someone. It is the form and who is involved that will change the most.

    Photo of Ari Glaizel, Practice Lead, Applications Delivery and Management, Info-Tech Research Group.

    Ari Glaizel
    Practice Lead, Applications Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Organizations are under pressure to align the value they provide with the organization’s goals and overall company vision.
    • In response, they are moving to more product-centric delivery practices.
    • Previously, project managers focused on the delivery of objectives through a project, but changes in delivery practices result in de-emphasizing this. What should project managers should be doing?
    Common Obstacles
    • There are many voices with different opinions on the role of project management. This causes confusion and unnecessary churn.
    • Project management and product management naturally align to different time horizons. Harmonizing their viewpoints can take significant work.
    • Different parts of the organization have very specific views on how to govern and fund pieces of work, which leads to confusion about the role of project management.
    Info-Tech’s Approach
    • Get alignment on the definition of projects and products.
    • Understand the differences between delivering projects and products.
    • Line up your project management activities with the needs of Agile and product-centric projects.
    • Understand how funding can change when moving away from project-centric delivery.

    Info-Tech Insight

    There is no one-size-fits-all approach to product delivery. For many organizations product delivery requires detailed project management practices, while for others it requires much less. Taking an outcome-first approach when planning your product transformation is critical to make the right decision on the balance between project and product management.

    Your evolution of delivery practice is not a binary switch

    1. PROJECTS WITH WATERFALL The project manager is accountable for delivery of the project, and the project manager owns resources and scope.
    2. PROJECTS WITH AGILE DELIVERY A transitional state where the product owner is accountable for feature delivery and the project manager accountable for the overall project.
    3. PRODUCTS WITH AGILE PROJECT AND OPERATIONAL DELIVERY The product owner is accountable for the delivery of the project and products, and the project manager plays a role of facilitator and enabler.
    4. PRODUCTS WITH AGILE DELIVERY Delivery of products can happen without necessarily having projects. However, projects could be instantiated to cover major initiatives.

    Info-Tech Insight

    • Organizations do not need to go to full product and Agile delivery to improve delivery practices! Every organization needs to make its own determination on how far it needs to go. You can do it in one step or take each step and evaluate how well you are delivering against your goals and objectives.
    • Many organizations will go to Products With Agile Project and Operational Delivery, and some will go to Products With Agile Delivery.

    Activities to undertake as you transition to product-centric delivery

    1. PROJECTS WITH WATERFALL
      • Clarify how you want to talk about projects and products. The center of the conversation will start to change.
    2. PROJECTS WITH AGILE DELIVERY
      • Align project management and agility. They are not mutually exclusive (but not necessarily always aligned).
    3. PRODUCTS WITH AGILE PROJECT AND OPERATIONAL DELIVERY
      • Specify the different activities for project management. As you mature your product practices, project management becomes a facilitator and collaborator.
    4. PRODUCTS WITH AGILE DELIVERY
      • Identify key differences in funding. Delivering products instead of projects requires a change in the focus of your funding.

    Step 1.1

    Clarify How You Want to Talk About Projects and Products

    Activities
    • 1.1.1 Define “product” and “project” in your context
    • 1.1.2 Brainstorm potential changes in the role of projects as you become Agile and product-centric

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • An understanding of how the role can change through the evolution from project to more product-centric practices

    Definition of terms

    Project

    “A temporary endeavor undertaken to create a unique product, service, or result. The temporary nature of projects indicates a beginning and an end to the project work or a phase of the project work. Projects can stand alone or be part of a program or portfolio.” (PMBOK, PMI)
    Stock image of an open head with a city for a brain.

    Product

    “A tangible solution, tool, or service (physical or digital) that enables the long-term and evolving delivery of value to customers and stakeholders based on business and user requirements.” (Deliver on Your Digital Product Vision, Info-Tech Research Group)

    Info-Tech InsightLet these definitions be a guide, not necessarily to be taken verbatim. You need to define these terms in your context based on your particular needs and objectives. The only caveat is to be consistent with your usage of these terms in your organization.

    1.1.1 Define “product” and “project” in your context

    30-60 minutes

    Output: Your enterprise/organizational definition of products and projects

    Participants: Executives, Product/project managers, Applications teams

    1. Discuss what “product” and “project” mean in your organization.
    2. Create common, enterprise-wide definitions for “product” and “project.”
    3. Screenshot of the previous slide's definitions of 'Project' and 'Product'.

    Agile and product management does not mean projects go away

    Diagram laying out the roadmap for 'Continuous delivery of value'. Beginning with 'Projects With Agile Delivery' in which Projects with features and services end in a Product Release that is disconnected from the continuum. Then the 'Products With Agile Project and Operational Delivery' and 'Products With Agile Delivery' which are connected by a 'Product Roadmap' and 'Product Backlog' have Product Releases that connect to the continuum.

    Projects Within Products

    Regardless of whether you recognize yourself as a “product-based” or “project-based” shop, the same basic principles should apply.

    You go through a period or periods of project-like development to build or implement a version of an application or product.

    You also have parallel services along with your project development that encompass the more product-based view. These may range from basic support and maintenance to full-fledged strategy teams or services like sales and marketing.

    Info-Tech Note

    As your product transformation continues, projects can become optional and needed only as part of your organization’s overall delivery processes

    Identify the differences between a project-centric and a product-centric organization

    Project Product
    Fund projects — Funding –› Fund teams
    Line-of-business sponsor — Prioritization –› Product owner
    Project owner — Accountability –› Product owner
    Makes specific changes to a product —Product management –› Improves product maturity and support of the product
    Assignment of people to work — Work allocation –› Assignment of work to product teams
    Project manager manages — Capacity management –› Team manages

    Info-Tech Insight

    Product delivery requires significant shifts in the way you complete development and implementation work and deliver value to your users. Make the changes that support improving end-user value and enterprise alignment.

    1.1.2 Brainstorm potential changes in the role of projects as you become Agile and product-centric

    5-10 minutes

    Output: Increased appreciation of the relationship between project and product delivery

    Participants: Executives, Product/project managers, Applications teams

    • Discuss as a group:
      • What stands out in the evolution from project to product?
      • What concerns do you have with the change?
      • What will remain the same?
      • Which changes feel the most impactful?
      • Screenshot of the slide's 'Continuous delivery of value' diagram.

    Step 1.2

    Align Project Management and Agility

    Activities
    • 1.2.1 Explore gaps in Agile/product-centric delivery of projects

    This step involves the following participants:

    • Executives
    • Product/Project managers
    • Applications teams

    Outcomes of this step

    • A clearer view of how agility can be introduced into projects.

    Challenges with the project management role in Agile and product-centric organizations

    Many project managers feel left out in the cold. That should not be the case!

    In product-centric, Agile teams, many roles that a project manager previously performed are now taken care of to different degrees by the product owner, delivery team, and process manager.

    The overall change alters the role of project management from one that orchestrates all activities to one that supports, monitors, and escalates.

    Product Owner
    • Defines the “what” and heavily involved in the “when” and the “why”
    • Accountable for delivery of value
    Delivery team members
    • Define the “how”
    • Accountable for building and delivering high-quality deliverables
    • Can include roles like user experience, interaction design, business analysis, architecture
    Process Manager
    • Facilitates the other teams to ensure valuable delivery
    • Can potentially, in a Scrum environment, play the scrum master role, which involves leading scrums, retrospectives, and sprint reviews and working to resolve team issues and impediments
    • Evolves into more of a facilitator and communicator role

    1.2.1 Explore gaps in Agile/ product-centric delivery of projects

    5-10 minutes

    Output: An assessment of what is in the way to effectively deliver on Agile and product-focused projects

    Participants: Executives, Product/project managers, Applications teams

    • Discuss as a group:
      • What project management activities do you see in Agile/product roles?
      • What gaps do you see?
      • How can project management help Agile/product teams be successful?

    Step 1.3

    Specify the Different Activities for Project Management

    Activities
    • 1.3.1 Articulate the changes in a project manager’s role

    This step involves the following participants:

    • Executives
    • Product/Project managers
    • Applications teams

    Outcomes of this step

    • An understanding of the role of project management in an Agile and product context

    Kicking off the project

    Product-centric delivery still requires key activities to successfully deliver value. Where project managers get their information from does change.

    Stock photo of many hands grabbing a 2D rocketship.
    Project Charter

    Project managers should still define a charter and capture the vision and scope. The vision and high-level scope is primarily defined by the product owner.

    Key Stakeholders and Communication

    Clearly defining stakeholders and communication needs is still important. However, they are defined based on significant input and cues by the product owner.

    Standardizing on Tools and Processes

    To ensure consistency across projects, project managers will want to align tools to how the team manages their backlog and workflow. This will smooth communication about status with stakeholders.

    Info-Tech Insight

    1. Product management plays a similar role to the one that was traditionally filled by the project sponsor except for a personal accountability to the product beyond the life of the project.
    2. When fully transitioned to product-centric delivery, these activities could be replaced by a product canvas. See Deliver on Your Digital Product Vision for more information.

    During the project: Three key activities

    The role of project management evolves from a position of ownership to a position of communication, collaboration, and coordination.

    1. Support
      • Communicate Agile/product team needs to leadership
      • Liaise and co-ordinate for non-Agile/product-focused parts of the organization
      • Coach members of the team
    2. Monitoring
      • Regular status updates to PMO still required
      • Metrics aligned with Agile/product practices
      • Leverage similar tooling and approaches to what is done locally on Agile/product teams (if possible)
    3. Escalation
      • Still a key escalation point for roadblocks that go outside the product teams
      • Collaborate closely with Agile/product team leadership and scrum masters (if applicable)
    Cross-section of a head, split into three levels with icons representing the three steps detailed on the left, 'Support', 'Monitoring', and 'Escalation'.

    1.3.1: Articulate the changes in a project manager’s role

    5-10 minutes

    Output: Current understanding of the role of project management in Agile/product delivery

    Participants: Executives, Product/project managers, Applications teams

    Why is this important?

    Project managers still have a role to play in Agile projects and products. Agreeing to what they should be doing is critical to successfully moving to a product-centric approach to delivery.

    • Review how Info-Tech views the role of project management at project initiation and during the project.
    • Review the state of your Agile and product transformation, paying special attention to who performs which roles.
    • Discuss as a group:
      • What are the current activities of project managers in your organization?
      • Based on how you see delivery practices evolving, what do you see as the new role of project managers when it comes to Agile-centric and product-centric delivery.

    Step 1.4

    Identify Key Differences in Funding of Products Instead of Projects

    Activities
    • 1.4.1 Discuss traditional versus product-centric funding methods

    This step involves the following participants:

    • Executives
    • Product owners
    • Product managers
    • Project managers
    • Delivery managers

    Outcomes of this step

    • Identified differences in funding of products instead of projects

    Planning and budgeting for products and families

    Reward for delivering outcomes, not features

    Autonomy

    Icon of a diamond.

    Fund what delivers value

    Fund long-lived delivery of value through products (not projects).

    Give autonomy to the team to decide exactly what to build.

    Flexibility

    Icon of a dollar sign.

    Allocate iteratively

    Allocate to a pool based on higher-level business case.

    Provide funds in smaller amounts to different product teams and initiatives based on need.

    Arrow cycling right in a clockwise motion.



    Arrow cycling left in a clockwise motion.

    Accountability

    Icon of a target.

    Measure and adjust

    Product teams define metrics that contribute to given outcomes.

    Track progress and allocate more (or less) funds as appropriate.

    Stock image of two suited hands exchanging coins.

    Info-Tech Insight

    Changes to funding require changes to product and Agile practices to ensure product ownership and accountability.

    (Adapted from Bain & Company)

    Budgeting approaches must evolve as you mature your product operating environment

    TRADITIONAL PROJECTS WITH WATERFALL DELIVERY TRADITIONAL PROJECTS WITH AGILE DELIVERY PRODUCTS WITH AGILE PROJECT DELIVERY PRODUCTS WITH AGILE DELIVERY

    WHEN IS THE BUDGET TRACKED?

    Budget tracked by major phases Budget tracked by sprint and project Budget tracked by sprint and project Budget tracked by sprint and release

    HOW ARE CHANGES HANDLED?

    All change is by exception Scope change is routine; budget change is by exception Scope change is routine; budget change is by exception Budget change is expected on roadmap cadence

    WHEN ARE BENEFITS REALIZED?

    Benefits realization post project completion Benefits realization ongoing throughout the life of the project Benefits realization ongoing throughout the life of the product Benefits realization ongoing throughout life of the product

    WHO DRIVES?

    Project Manager
    • Project team delivery role
    • Refines project scope, advocates for changes in the budget
    • Advocates for additional funding in the forecast
    Product Owner
    • Project team delivery role
    • Refines project scope, advocates for changes in the budget
    • Advocates for additional funding in the forecast
    Product Manager
    • Product portfolio team role
    • Forecasting new initiatives during delivery to continue to drive value throughout the life of the product
    Product Manager
    • Product family team role
    • Forecasting new initiatives during delivery to continue to drive value throughout the life of the product
    ˆ ˆ
    Hybrid Operating Environments

    Info-Tech Insight

    As you evolve your approach to product delivery, you will be decoupling the expected benefits, forecast, and budget. Managing them independently will improve your ability adapt to change and drive the right outcomes!

    1.4.1 Discuss traditional versus product-centric funding methods

    30 minutes

    Output: Understanding of funding principles and challenges

    Participants: Executives, Product owners, Product managers, Project managers, Delivery managers

    1. Discuss how projects are currently funded.
    2. Review how the Agile/product funding models differ from how you currently operate.
    3. What changes do you need to consider to support a product delivery model?
    4. For each change, identify the key stakeholders and list at least one action to take.

    Case Study

    Global Digital Financial Services Company

    This financial services company looked to drive better results by adopting more product-centric practices.

    • Its projects exhibited:
      • High complexity/strong dependencies between components
      • High implementation effort
      • High clarification/reconciliation (more than two departments involved)
      • Multiple methodologies (Agile/Waterfall/Hybrid)
    • The team recognized they could not get rid of projects entirely, but getting to a level where there was a coordinated delivery between projects and products being implemented is important.
    Results
    • Moving several initiatives to more product-centric practices allowed for:
      • Delivery within current assigned capacity
      • Limited need for coordination across departments
      • Lower complexity
      • A unified Agile approach to delivery
    • Through balancing the needs of projects and products, there were three key insights about the project management’s role:
      • The role of project management changes depending on the context of the work. There is no one-size-fits-all definition.
      • Project management played a much bigger role when work spanned multiple products and business units.
      • Project management was used as a key coordinator when delivery became complicated and multilayered.
    Example of a company where practices fall equally into 'Project' and 'Product' categories, with some being shared by both.
    Example of a product-centric company where practices fall mainly into the 'Product category', leaving only one in 'Project'.

    Where Do I Go Next?

    Deliver on Your Digital Product Vision

    • Build a product vision your organization can take from strategy through execution.

    Build a Better Product Owner

    • Strengthen the product owner role in your organization by focusing on core capabilities and proper alignment.

    Implement Agile Practices That Work

    • Improve collaboration and transparency with the business to minimize project failure.

    Implement DevOps Practices That Work

    • Streamline business value delivery through the strategic adoption of DevOps practices.

    Prepare an Actionable Roadmap for Your PMO

    • Turn planning into action with a realistic PMO timeline.

    Deliver Digital Products at Scale

    • Deliver value at the scale of your organization through defining enterprise product families.

    Extend Agile Practices Beyond IT

    • Further the benefits of Agile by extending a scaled Agile framework to the business.

    Spread Best Practices With an Agile Center of Excellence

    • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Tailor IT Project Management Processes to Fit Your Projects

    • Spend less time managing processes and more time delivering results.

    Bibliography

    Cobb, Chuck. “Are there Project Managers in Agile?” High Impact Project Management, n.d. Web.

    Cohn, Mike. “What Is a Product?” Mountain Goat Software, 6 Sept. 2016. Web.

    Cobb, Chuck. “Agile Project Manager Job Description.” High Impact Project Management, n.d. Web.

    “How do you define a product?” Scrum.org, 4 April 2017. Web.

    Johnson, Darren, et al. “How to Plan and Budget for Agile at Scale.” Bain & Company, 8 Oct. 2019. Web.

    “Product Definition.” SlideShare, uploaded by Mark Curphey, 25 Feb. 2007. Web.

    Project Management Institute. A Guide to the Project Management Body of Knowledge (PMBOK Guide). 7th ed., Project Management Institute, 2021.

    Schuurman, Robbin. “Scrum Master vs Project Manager – An Overview of the Differences.” Scrum.org, 11 Feb 2020. Web.

    Schuurman, Robbin. “Product Owner vs Project Manager.” Scrum.org, 12 March 2020. Web.

    Vlaanderen, Kevin. “Towards Agile Product and Portfolio Management.” Academia.edu, 2010. Web.

    “What is a Developer in Scrum?” Scrum.org, n.d. Web.

    “What is a Scrum Master?” Scrum.org, n.d. Web.

    “What is a Product Owner?” Scrum.org, n.d. Web.

    Develop a Web Experience Management Strategy

    • Buy Link or Shortcode: {j2store}555|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Web Experience Management (WEM) solutions have emerged as applications that provide marketers and other customer experience professionals with a complete set of tools for web content management, delivery, campaign execution, and site analytics.
    • However, many organizations are unsure of how to leverage these new technologies to enhance their customer interaction strategy.

    Our Advice

    Critical Insight

    • WEM products are not a one-size-fits-all investment: unique evaluations and customization is required in order to deploy a solution that fits your organization.
    • WEM technology often complements core CRM and marketing management products – it does not supplant it, and must augment the rest of your customer experience management portfolio.
    • WEM provides benefits by giving web visitors a better experience – leveraging tools such as web analytics gives the customer a tailored experience. Marketing can then monitor their behavior and use this information to warm leads.

    Impact and Result

    • Deploy a WEM platform and execute initiatives that will strengthen the web-facing customer experience, improving customer satisfaction and unlocking new revenue opportunities.
    • Avoid making unnecessary new WEM investments.
    • Make informed decisions about the types of technologies and initiatives that are necessary to support WEM.

    Develop a Web Experience Management Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a WEM strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Harness the value of web experience management

    Make the case for a web experience management suite and structure the WEM strategy project.

    • Develop a Web Experience Management Strategy Phase 1: Harness the Value of Web Experience Management
    • Web Experience Management Strategy Summary Template
    • WEM Project Charter Template

    2. Create the vision for web experience management

    Identify the target state WEM strategy, assess current state, and identify gaps.

    • Develop a Web Experience Management Strategy Phase 2: Create the Vision for Web Experience Management

    3. Execute initiatives for WEM deployment

    Build the WEM technology stack and create a web strategy initiatives roadmap.

    • Develop a Web Experience Management Strategy Phase 3: Execute Initiatives for WEM Deployment
    • Web Process Automation Investment Appropriateness Assessment Tool
    [infographic]

    Workshop: Develop a Web Experience Management Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch the WEM Selection Project

    The Purpose

    Discuss the general project overview for the WEM selection.

    Key Benefits Achieved

    Launch of your WEM selection project.

    Development of your organization’s WEM requirements. 

    Activities

    1.1 Facilitation of activities from the Launch the WEM Project and Collect Requirements phase, including project scoping and resource planning.

    1.2 Conduct overview of the WEM market landscape, trends, and vendors.

    1.3 Conduct process mapping for selected marketing processes.

    1.4 Interview business stakeholders.

    1.5 Prioritize WEM functional requirements.

    Outputs

    WEM Procurement Project Charter

    WEM Use-Case Fit Assessment

    2 Plan the Procurement and Implementation Process

    The Purpose

    Plan the procurement and the implementation of the WEM solution.

    Key Benefits Achieved

    Selection of a WEM solution.

    A plan for implementing the selected WEM solution. 

    Activities

    2.1 Complete marketing process mapping with business stakeholders.

    2.2 Interview IT staff and project team, identify technical requirements for the WEM suite, and document high-level solution requirements.

    2.3 Perform a use-case scenario assessment, review use-case scenario results, identify use-case alignment, and review the WEM Vendor Landscape vendor profiles and performance.

    2.4 Create a custom vendor shortlist and investigate additional vendors for exploration in the marketplace.

    2.5 Meet with project manager to discuss results and action items.

    Outputs

    Vendor Shortlist

    WEM RFP

    Vendor Evaluations

    Selection of a WEM Solution

    WEM projected work break-down

    Implementation plan

    Framework for WEM deployment and CRM/Marketing Management Suite Integration

    Get the Most Out of Your SAP

    • Buy Link or Shortcode: {j2store}240|cart{/j2store}
    • member rating overall impact: 9.7/10 Overall Impact
    • member rating average dollars saved: $6,499 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: Optimization
    • Parent Category Link: /optimization
    • SAP systems are changed rarely and changing them has significant impact on an organization.
    • Research shows that even newly installed systems often fail to realize their full potential benefit to the organization.
    • Business process improvement is rarely someone’s day job.

    Our Advice

    Critical Insight

    A properly optimized SAP business process will reduce costs and increase productivity.

    Impact and Result

    • Build an ongoing optimization team to conduct application improvements.
    • Assess your SAP application(s) and the environment in which they exist. Take a business first strategy to prioritize optimization efforts.
    • Validate SAP capabilities, user satisfaction, issues around data, vendor management, and costs to build out an optimization strategy.
    • Pull this all together to develop a prioritized optimization roadmap.

    Get the Most Out of Your SAP Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Get the Most Out of Your SAP Storyboard – A guide to optimize your SAP.

    SAP is a core tool that the business leverages to accomplish its goals. Use this blueprint to strategically re-align business goals, identify business application capabilities, complete a process assessment, evaluate user adoption, and create an optimization plan that will drive a cohesive technology strategy that delivers results.

    • Get the Most Out of Your SAP – Phases 1-4

    2. Get the Most Out of Your SAP Workbook – A tool to document and assist with optimizing your SAP.

    The Get the Most out of Your SAP Workbook serves as the holding document for the different elements for the Get the Most out of Your SAP blueprint. Use each assigned tab to input the relevant information for the process of optimizing your SAP.

    • Get the Most Out of Your SAP Workbook

    Infographic

    Workshop: Get the Most Out of Your SAP

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your SAP Application Vision

    The Purpose

    Get the most out of your SAP.

    Key Benefits Achieved

    Develop an ongoing SAP optimization team.

    Re-align SAP and business goals.

    Understand your current system state capabilities and processes.

    Validate user satisfaction, application fit, and areas of improvement to optimize your SAP.

    Take a 360-degree inventory of your SAP and related systems.

    Realign business and technology drivers. Assess user satisfaction.

    Review the SAP marketplace.

    Complete a thorough examination of capabilities and processes.

    Manage your vendors and data.

    Pull this all together to prioritize optimization efforts and develop a concrete roadmap.

    Activities

    1.1 Determine your SAP optimization team.

    1.2 Align organizational goals.

    1.3 Inventory applications and interactions.

    1.4 Define business capabilities.

    1.5 Explore SAP-related costs.

    Outputs

    SAP optimization team

    SAP business model

    SAP optimization goals

    SAP system inventory and data flow

    SAP process list

    SAP and related costs

    2 Map Current-State Capabilities

    The Purpose

    Map current-state capabilities.

    Key Benefits Achieved

    Complete an SAP process gap analysis to understand where the SAP is underperforming.

    Review the SAP application portfolio assessment to understand user satisfaction and data concerns.

    Undertake a software review survey to understand your satisfaction with the vendor and product.

    Activities

    2.1 Conduct gap analysis for SAP processes.

    2.2 Perform an application portfolio assessment.

    2.3 Review vendor satisfaction.

    Outputs

    SAP process gap analysis

    SAP application portfolio assessment

    ERP software reviews survey

    3 Assess SAP

    The Purpose

    Assess SAP.

    Key Benefits Achieved

    Learn the processes that you need to focus on.

    Uncover underlying user satisfaction issues to address these areas.

    Understand where data issues are occurring so that you can mitigate this.

    Investigate your relationship with the vendor and product, including that relative to others.

    Identify any areas for cost optimization (optional).

    Activities

    3.1 Explore process gaps.

    3.2 Analyze user satisfaction.

    3.3 Assess data quality.

    3.4 Understand product satisfaction and vendor management.

    3.5 Look for SAP cost optimization opportunities (optional).

    Outputs

    SAP process optimization priorities

    SAP vendor optimization opportunities

    SAP cost optimization

    4 Build the Optimization Roadmap

    The Purpose

    Build the optimization roadmap.

    Key Benefits Achieved

    Understanding where you need to improve is the first step, now understand where to focus your optimization efforts.

    Activities

    4.1 SAP process gap analysis

    4.2 SAP application portfolio assessment

    4.3 SAP software reviews survey

    Outputs

    ERP optimization roadmap

    Further reading

    Get the Most Out of Your SAP

    In today’s connected world, the continuous optimization of enterprise applications to realize your digital strategy is key.

    EXECUTIVE BRIEF

    Analyst Perspective

    Focus optimization on organizational value delivery.

    The image contains a picture of Chad Shortridge.

    Chad Shortridge

    Senior Research Director, Enterprise Applications

    Info-Tech Research Group

    The image contains a picture of Lisa Highfield.

    Lisa Highfield

    Research Director, Enterprise Applications

    Info-Tech Research Group

    Enterprise resource planning (ERP) is a core tool that the business leverages to accomplish its goals. An ERP that is doing its job well is invisible to the business. The challenges come when the tool is no longer invisible. It has become a source of friction in the functioning of the business.

    SAP systems are expensive, benefits can be difficult to quantify, and issues with the products can be difficult to understand. Over time, technology evolves, organizational goals change, and the health of these systems is often not monitored. This is complicated in today’s digital landscape with multiple integrations points, siloed data, and competing priorities.

    Too often organizations jump into selecting replacement systems without understanding the health of their systems. We can do better than this.

    IT leaders need to take a proactive approach to continually monitor and optimize their enterprise applications. Strategically re-align business goals, identify business application capabilities, complete a process assessment, evaluate user adoption, and create an optimization plan that will drive a cohesive technology strategy that delivers results.

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    Your SAP ERP systems are critical to supporting the organization’s business processes. They are expensive. Direct benefits and ROI can be hard to measure.

    SAP application portfolios are often behemoths to support. With complex integration points and unique business processes, stabilization is the norm.

    Application optimization is essential to staying competitive and productive in today’s digital environment.

    Balancing optimization with stabilization is one of the most difficult decisions for ERP application leaders.

    Competing priorities and often unclear ERP strategies make it difficult to make decisions about what, how, and when to optimize.

    Enterprise applications involve large numbers of processes, users, and evolving vendor roadmaps.

    Teams do not have a framework to illustrate, communicate, and justify the optimization effort in the language your stakeholders understand.

    In today’s rapidly changing SAP landscape it is imperative to evaluate your applications for optimization, no matter what your strategy is moving forward.

    Assess your SAP applications and the environment in which they exist. Take a business-first strategy to prioritize optimization efforts.

    Validate ERP capabilities, user satisfaction, issues around data, vendor management, and costs to build out an overall roadmap and optimization strategy.

    Pull this all together to prioritize optimization efforts and develop a concrete roadmap.

    Info-Tech Insight

    SAP ERP environments are changing, but we cannot stand still on our optimization efforts. Understand your product(s), processes, user satisfaction, integration points, and the availability of data to business decision makers. Examine these areas to develop a personalized SAP optimization roadmap that fits the needs of your organization. Incorporate these methodologies into an ongoing optimization strategy aimed at enabling the business, increasing productivity, and reducing costs.

    The image contains an Info-Tech Thought model on get the most out of your ERP.

    Insight summary

    Continuous assessment and optimization of your SAP ERP systems is critical to the success of your organization.

    • Applications and the environments in which they live are constantly evolving.
    • This blueprint provides business and application managers with a method to complete a health assessment of their ERP systems to identify areas for improvement and optimization.
    • Put optimization practices into effect by:
      • Aligning and prioritizing key business and technology drivers.
      • Identifying ERP process classification and performing a gap analysis.
      • Measuring user satisfaction across key departments.
      • Evaluating vendor relations.
      • Understanding how data plays into the mix.
      • Pulling it all together into an optimization roadmap.

    SAP enterprise resource planning (ERP) systems facilitate the flow of information across business units. It allows for the seamless integration of systems and creates a holistic view of the enterprise to support decision making. In many organizations, the SAP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow. ERP implementation should not be a one-and-done exercise. There needs to be ongoing optimization to enable business processes and optimal organizational results.

    SAP enterprise resource planning (ERP)

    The image contains a diagram of the SAP enterprise resource planning. The diagram includes a circle with smaller circles all around it. The inside of the circle contains SAP logos. The circles around the big circle are labelled: Human Resources Management, Sales, Marketing, Customer Service, Asset Management, Logistics, Supply Chain Management, Manufacturing, R&D and Engineering, and Finance.

    What is SAP?

    SAP ERP systems facilitate the flow of information across business units. They allow for the seamless integration of systems and create a holistic view of the enterprise to support decision making.

    In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

    An ERP system:

    • Automates processes, reducing the amount of manual, routine work.
    • Integrates with core modules, eliminating the fragmentation of systems.
    • Centralizes information for reporting from multiple parts of the value chain to a single point.

    SAP use cases:

    Product-Centric

    Suitable for organizations that manufacture, assemble, distribute, or manage material goods.

    Service-Centric

    Suitable for organizations that provide and manage field services and/or professional services.

    SAP Fast Facts

    Product Description

    • SAP has numerous ERP products. Products can be found under ERP, Finance, Customer Relations and Experience, Supply Chain Management, Human Resources, and Technology Platforms.
    • SAP offers on-premises and cloud solutions for its ERP. In 2011, SAP released the HANA in-memory database. SAP ECC 6.0 reaches the end of life in 2027 (2030 extended support).
    • Many organizations are facing mandatory transformation. This is an excellent opportunity to examine ERP portfolios for optimization opportunities.
    • Now is the time to optimize to ensure you are prepared for the journey ahead.
    The image contains a timeline of the evolution of SAP ERP. The timeline is ordered: SAP R1-R3 1972-1992, SAP ECC 2003-2006, ERP Business Suite 2000+, SAP HANA In-Memory Database 2011, S/4 2015.

    Vendor Description

    • SAP SE was founded in 1972 by five former IBM employees.
    • The organization is focused on enterprise software that integrates all business processes and enables data processing in real-time.
    • SAP stands for Systems, Applications, and Products in Data Processing.
    • SAP offers more than 100 solutions covering all business functions.
    • SAP operates 65 data centers at 35 locations in 16 countries.

    Employees

    105,000

    Headquarters

    Walldorf, Baden-Württemberg, Germany

    Website

    sap.com

    Founded

    1972

    Presence

    Global, Publicly Traded

    SAP by the numbers

    Only 72% of SAP S/4HANA clients were satisfied with the product’s business value in 2022. This was 9th out of 10 in the enterprise resource planning category.

    Source: SoftwareReviews

    As of 2022, 65% of SAP customers have not made the move to S/4HANA. These customers will continue to need to optimize the current ERP to meet the demanding needs of the business.

    Source: Statista

    Organizations will need to continue to support and optimize their SAP ERP portfolios. As of 2022, 42% of ASUG members were planning a move to S/4HANA but had not yet started to move.

    Source: ASUG

    Your challenge

    This research is designed to help organizations who need to:

    • Understand the multiple deployment models and the roadmap to successfully navigate a move to S/4HANA.
    • Build a business case to understand the value behind a move.
    • Map functionality to ensure future compatibility.
    • Understand the process required to commercially navigate a move to S/4HANA.
    • Avoid a costly audit due to missed requirements or SAP whiteboarding sessions.

    HANA used to be primarily viewed as a commercial vehicle to realize legacy license model discounts. Now, however, SAP has built a roadmap to migrate all customers over to S/4HANA. While timelines may be delayed, the inevitable move is coming.

    30-35% of SAP customers likely have underutilized assets. This can add up to millions in unused software and maintenance.

    – Upperedge

    SAP challenges and dissatisfaction

    Drivers of Dissatisfaction

    Organizational

    People and teams

    Technology

    Data

    Competing priorities

    Knowledgeable staff/turnover

    Integration issues

    Access to data

    Lack of strategy

    Lack of internal skills

    Selecting tools and technology

    Data hygiene

    Budget challenges

    Ability to manage new products

    Keeping pace with technology changes

    Data literacy

    Lack of training

    Update challenges

    One view of the customer

    Finance, IT, Sales, and other users of the ERP system can only optimize ERP with the full support of each other. The cooperation of the departments is crucial when trying to improve ERP technology capabilities and customer interaction.

    Info-Tech Insight

    While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder-to-shoulder with the business to develop a technology framework for ERP.

    Where are applications leaders focusing?

    Big growth numbers

    Year-over-year call topic requests

    Other changes

    Year-over-year call topic requests

    The image contains a graph to demonstrate year-over-year call topic requests. Year 1 has 79%, Year 2 76%, Year 3 65% requests, and Year 4 has 124% requests. The image contains a graph to demonstrate other changes in year-over-year call topic requests. Year 1 has -25%, Year 2 has 4%, and Year 3 has 13%.

    We are seeing applications leaders’ priorities change year over year, driven by a shift in their approach to problem solving. Leaders are moving from a process-centric approach to a collaborative approach that breaks down boundaries and brings teams together.

    Software development lifecycle topics are tactical point solutions. Organizations have been “shifting left” to tackle the strategic issues such as product vision and Agile mindset to optimize the whole organization.

    The S/4HANA journey

    Optimization can play a role in your transition to S/4HANA.

    • The business does not stop. Satisfy ongoing needs for business enablement.
    • Build out a collaborative SAP optimization team across the business and IT.
    • Engage the business to understand requirements.
    • Discover applications and processes.
    • Explore current-state capabilities and future-state needs.
    • Evaluate optimization opportunities. Are there short-term wins? What are the long-term goals?
    • Navigate the path to S/4HANA and develop some timelines and stage gates.
    • Set your course and optimization roadmap.
    • Capitalize on the methodologies for an ongoing optimization effort that can be continued after the S/4HANA go-live date.

    Many organizations may be coming up against changes to their SAP ERP application portfolio.

    Some challenges organizations may be dealing with include:

    • Heavily customized instances
    • Large volumes of data
    • Lack of documentation
    • Outdated business processes
    • Looming end of life

    Application optimization is risky without a plan

    Avoid these common pitfalls:

    • Not pursuing optimization because you are migrating to S/4HANA.
    • Not considering how this plays into the short-, medium-, and long-term ERP strategy.
    • Not considering application optimization as a business and IT partnership, which requires the continuous formal engagement of all participants.
    • Not having a good understanding of your current state, including integration points and data.
    • Not adequately accommodating feedback and changes after digital applications are deployed and employed.
    • Not treating digital applications as a motivator for potential future IT optimization efforts and incorporating digital assets in strategic business planning.
    • Not involving department leads, management, and other subject-matter experts to facilitate the organizational change digital applications bring.

    “[A] successful application [optimization] strategy starts with the business need in mind and not from a technological point of view. No matter from which angle you look at it, modernizing a legacy application is a considerable undertaking that can’t be taken lightly. Your best approach is to begin the journey with baby steps.”

    – Medium

    Info-Tech’s methodology for getting the most out of your ERP

    1. Map Current-State Capabilities

    2. Assess Your Current State

    3. Identify Key Optimization Areas

    4. Build Your Optimization Roadmap

    Phase Steps

    1. Identify stakeholders and build your SAP optimization team.
    2. Build an SAP strategy model.
    3. Inventory current system state.
    4. Define business capabilities.
    1. Conduct a gap analysis for ERP processes.
    2. Assess user satisfaction.
    3. Review your satisfaction with the vendor and product.
    1. Identify key optimization areas.
    2. Evaluate product sustainability over the short, medium, and long term.
    3. Identify any product changes anticipated over short, medium, and long term.
    1. Prioritize optimization opportunities.
    2. Identify key optimization areas.
    3. Compile optimization assessment results.

    Phase Outcomes

    1. Stakeholder map
    2. SAP optimization team
    3. SAP business model
    4. Strategy alignment
    5. Systems inventory and diagram
    6. Business capabilities map
    7. Key SAP processes list
    1. Gap analysis for SAP-related processes
    2. Understanding of user satisfaction across applications and processes
    3. Insight into SAP data quality
    4. Quantified satisfaction with the vendor and product
    5. Understanding SAP costs
    1. List of SAP optimization opportunities
    1. SAP optimization roadmap

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Get the Most Out of Your SAP Workbook

    Identify and prioritize your SAP optimization goals.

    The image contains screenshots of the SAP Workbook.

    Application Portfolio Assessment

    Assess IT-enabled user satisfaction across your SAP portfolio.

    The image contains a screenshot of the Application Portfolio Assessment.

    Key deliverable:

    The image contains a screenshot of the SAP Organization Roadmap.

    SAP Optimization Roadmap

    Complete an assessment of processes, user satisfaction, data quality, and vendor management.

    The image contains screenshots further demonstrating SAP deliverables.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.

    Guided Implementation

    Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.

    Workshop

    We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.

    Consulting

    Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3 Phase 4

    Call #1: Scope requirements, objectives, and your specific challenge.

    Call #2:

    • Build the SAP team.
    • Align organizational goals.

    Call #3:

    • Map current state.
    • Inventory SAP capabilities and processes.
    • Explore SAP-related costs.

    Call #4: Understand product satisfaction and vendor management.

    Call #5: Review APA results.

    Call #6: Understand SAP optimization opportunities.

    Call #7: Determine the right SAP path for your organization.

    Call #8:

    Build out optimization roadmap and next steps.

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Define Your SAP Application Vision

    Map Current State

    Assess SAP

    Build Your Optimization Roadmap

    Next Steps and Wrap-Up (offsite)

    Activities

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. SAP optimization team
    2. SAP business model
    3. SAP optimization goals
    4. System inventory and data flow
    5. Application and business capabilities list
    6. SAP optimization timeline
    1. SAP capability gap analysis
    2. SAP user satisfaction (application portfolio assessment)
    3. SAP SoftwareReviews survey results
    4. SAP current costs
    1. Product and vendor satisfaction opportunities
    2. Capability and feature optimization opportunities
    3. Process optimization opportunities
    4. Integration optimization opportunities
    5. Data optimization opportunities
    6. SAP cost-saving opportunities
    1. SAP optimization roadmap

    Phase 1

    Map Current-State Capabilities

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    This phase will guide you through the following activities:

    • Align your organizational goals
    • Gain a firm understanding of your current state
    • Inventory ERP and related applications
    • Confirm the organization’s capabilities

    This phase involves the following participants:

    • CFO
    • Department Leads – Finance, Procurement, Asset Management
    • Applications Director
    • Senior Business Analyst
    • Senior Developer
    • Procurement Analysts

    Step 1.1

    Identify Stakeholders and Build Your Optimization Team

    Activities

    1.1.1 Identify stakeholders critical to success

    1.1.2 Map your SAP optimization stakeholders

    1.1.3 Determine your SAP optimization team

    This step will guide you through the following activities:

    • Identify ERP drivers and objectives
    • Explore ERP challenges and pain points
    • Discover ERP benefits and opportunities
    • Align the ERP foundation with the corporate strategy

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Stakeholder map
    • SAP Optimization Team

    ERP optimization stakeholders

    • Understand the roles necessary to get the most out of your SAP.
    • Understand the role of each player within your project structure. Look for listed participants on the activities slides to determine when each player should be involved.

    Title

    Role Within the Project Structure

    Organizational Sponsor

    • Owns the project at the management/C-suite level
    • Responsible for breaking down barriers and ensuring alignment with your organizational strategy
    • CIO, CFO, COO, or similar

    Project Manager

    • The IT individual(s) that oversee day-to-day project operations
    • Responsible for preparing and managing the project plan and monitoring the project team’s progress
    • Applications Manager or other IT Manager, Business Analyst, Business Process Owner, or similar

    Business Unit Leaders

    • Works alongside the IT Project Manager to ensure the strategy is aligned with business needs
    • In this case, likely to be a marketing, sales, or customer service lead
    • Sales Director, Marketing Director, Customer Care Director, or similar

    Optimization Team

    • Comprised of individuals whose knowledge and skills are crucial to project success
    • Responsible for driving day-to-day activities, coordinating communication, and making process and design decisions; can assist with persona and scenario development for ERP
    • Project Manager, Business Lead, ERP Manager, Integration Manager, Application SMEs, Developers, Business Process Architects, and/or similar SMEs

    Steering Committee

    • Comprised of the C-suite/management-level individuals that act as the project’s decision makers
    • Responsible for validating goals and priorities, defining the project scope, enabling adequate resourcing, and managing change
    • Project Sponsor, Project Manager, Business Lead, CFO, Business Unit SMEs, or similar

    Info-Tech Insight

    Do not limit project input or participation. Include subject-matter experts and internal stakeholders at stages within the project. Such inputs can be solicited on a one-off basis as needed. This ensures you take a holistic approach to create your ERP optimization strategy.

    1.1.1 Identify SAP optimization stakeholders

    1 hour

    1. Hold a meeting to identify the SAP optimization stakeholders.
    2. Use next slide as a guide.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot from the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Understand how to navigate the complex web of stakeholders in ERP

    Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.

    Sponsor

    End User

    IT

    Business

    Description

    An internal stakeholder who has final sign-off on the ERP project.

    Front-line users of the ERP technology.

    Back-end support staff who are tasked with project planning, execution, and eventual system maintenance.

    Additional stakeholders that will be impacted by any ERP technology changes.

    Examples

    • CEO
    • CIO/CTO
    • COO
    • CFO
    • Warehouse personnel
    • Sales teams
    • HR admins
    • Applications manager
    • Vendor relationship manager(s)
    • Director, Procurement
    • VP, Marketing
    • Manager, HR

    Value

    Executive buy-in and support is essential to the success of the project. Often, the sponsor controls funding and resource allocation.

    End users determine the success of the system through user adoption. If the end user does not adopt the system, the system is deemed useless and benefits realization is poor.

    IT is likely to be responsible for more in-depth requirements gathering. IT possesses critical knowledge around system compatibility, integration, and data.

    Involving business stakeholders in the requirements gathering will ensure alignment between HR and organizational objectives.

    Large-scale ERP projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.

    EXAMPLE: Stakeholder involvement during selection

    The image contains an example of stakeholder involvement during selection. The graph is comparing influence and interest. In the lowest section of both influence and interest, it is labelled Monitor. With low interest but high influence that is labelled Keep Satisfied. In low influence but high interest it is labelled Keep Informed. The section that is high in both interest and influence that is labelled Involve closely.

    Activity 1.1.2 Map your SAP optimization stakeholders

    1 hour

    1. Use the list of SAP optimization stakeholders.
    2. Map each stakeholder on the quadrant based on their expected influence and involvement in the project.
    3. [Optional] Color code the users using the scale below to quickly identify the group that the stakeholder belongs to.

    The image contains an example of a colour scheme. Sponsor is coloured blue, End user is purple, IT is yellow, and Business is light blue.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of an example map on organization's stakeholders.

    Download the Get the Most Out of Your SAP Workbook

    Map the organization’s stakeholders

    The image contains a larger version of the image from the previous slide where there is a graph comparing influence and involvement and has a list of stakeholders in a legend on the side.

    The SAP optimization team

    Consider the core team functions when putting together the project team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, Operations) to create a well-aligned ERP optimization strategy. Don’t let your project team become too large when trying to include all relevant stakeholders. Carefully limiting the size of the project team will enable effective decision making while still including functional business units such as Marketing, Sales, Service, and Finance as well as IT.

    Required Skills/Knowledge

    Suggested Project Team Members

    Business

    • Department leads
    • Business process leads
    • Business analysts
    • Subject matter experts
    • SMEs/Business process leads –All functional areas; example: Strategy, Sales, Marketing, Customer Service, Finance, HR

    IT

    • Application development
    • Enterprise integration
    • Business processes
    • Data management
    • Product owner
    • ERP application manager
    • Business process manager
    • Integration manager
    • Application developer
    • Data stewards

    Other

    • Operations
    • Administrative
    • Change management
    • COO
    • CFO
    • Change management officer

    1.1.3 Determine your SAP optimization team

    1 hour

    1. Have the project manager and other key stakeholders discuss and determine who will be involved in the SAP optimization project.
    • The size of the team will depend on the initiative and size of your organization.
    • Key business leaders in key areas and IT representatives should be involved.

    Note: Depending on your initiative and the size of your organization, the size of this team will vary.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the section ERP Optimization Team in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Step 1.2

    Build an SAP Strategy Model

    Activities

    1.2.1 Explore environmental factors and technology drivers

    1.2.2 Consider potential barriers and challenges

    1.2.3 Discuss enablers of success

    1.2.4 Develop your SAP optimization goals

    This step will guide you through the following activities:

    • Identify ERP drivers and objectives
    • Explore ERP challenges and pain points
    • Discover ERP benefits and opportunities
    • Align the ERP foundation with the corporate strategy

    This step involves the following participants:

    • SAP Optimization Team

    Outcomes of this step

    • ERP business model
    • Strategy alignment

    Align your SAP strategy with the corporate strategy

    Corporate Strategy

    Unified ERP Strategy

    IT Strategy

    Your corporate strategy:

    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and business aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the desired future state.
    • The ideal ERP strategy is aligned with overarching organizational business goals and with broader IT initiatives.
    • Include all affected business units and departments in these conversations.
    • The ERP optimization can be and should be linked, with metrics, to the corporate strategy and ultimate business objectives

    Your IT strategy:

    • Communicates the organization’s budget and spending on ERP.
    • Identifies IT initiatives that will support the business and key ERP objectives.
    • Outlines staffing and resourcing for ERP initiatives.

    ERP projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with ERP capabilities. Effective alignment between IT and the business should happen daily. Alignment doesn’t just need to occur just at the executive level but at each level of the organization.

    ERP Business Model Template

    The image contains a screenshot of a ERP Business Model Template.

    Conduct interviews to elicit the business context

    Stakeholder Interviews

    Begin by conducting interviews of your executive team. Interview the following leaders:

    1. Chief Information Officer
    2. Chief Executive Officer
    3. Chief Financial Officer
    4. Chief Revenue Officer/Sales Leader
    5. Chief Operating Officer/Supply Chain & Logistics Leader
    6. Chief Technology Officer/Chief Product Officer

    INTERVIEWS MUST UNCOVER

    1. Your organization’s top three business goals
    2. Your organization’s top ten business initiatives
    3. Your organization’s mission and vision

    Understand the ERP drivers and organizational objectives

    Business Needs

    Business Drivers

    Technology Drivers

    Environmental Factors

    Definition

    A business need is a requirement associated with a particular business process.

    Business drivers can be thought of as business-level goals. These are tangible benefits the business can measure such as customer retention, operation excellence, and financial performance.

    Technology drivers are technological changes that have created the need for a new ERP enablement strategy. Many organizations turn to technology systems to help them obtain a competitive edge.

    These external considerations are factors that take place outside of the organization and impact the way business is conducted inside the organization. These are often outside the control of the business.

    Examples

    • Audit tracking
    • Authorization levels
    • Business rules
    • Data quality
    • Customer satisfaction
    • Branding
    • Time-to-resolution
    • Deployment model (i.e. SaaS)
    • Integration
    • Reporting capabilities
    • Fragmented technologies
    • Economic and political factors
    • Competitive influencers
    • Compliance regulations

    Info-Tech Insight

    One of the biggest drivers for ERP adoption is the ability to make quicker decisions from timely information. This driver is a result of external considerations. Many industries today are highly competitive, uncertain, and rapidly changing. To succeed under these pressures, there needs to be timely information and visibility into all components of the organization.

    1.2.1 Explore environmental factors and technology drivers

    30 minutes

    1. Identify business drivers that are contributing to the organization’s need for ERP.
    2. Understand how the company is running today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization. Use a whiteboard or flip charts and markers to capture key findings.
    3. Consider external considerations, organizational drivers, technology drivers, and key functional requirements.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a diagram on exploring the environmental factors and technology drivers.

    External Considerations

    Organizational Drivers

    Technology Considerations

    Functional Requirements

    • Funding constraints
    • Regulations
    • Compliance
    • Scalability
    • Operational efficiency
    • Data accuracy
    • Data quality
    • Better reporting
    • Information availability
    • Integration between systems
    • Secure data

    Download the Get the Most Out of Your SAP Workbook

    Create a realistic ERP foundation by identifying the challenges and barriers the project will bestow

    There are several different factors that may stifle the success of an ERP implementation. Organizations that are creating an ERP foundation must scan their current environment to identify internal barriers and challenges.

    Common Internal Barriers

    Management Support

    Organizational Culture

    Organizational Structure

    IT Readiness

    Definition

    The degree of understanding and acceptance toward ERP systems.

    The collective shared values and beliefs.

    The functional relationships between people and departments in an organization.

    The degree to which the organization’s people and processes are prepared for a new ERP system.

    Questions

    • Is an ERP project recognized as a top priority?
    • Will management commit time to the project?
    • Are employees resistant to change?
    • Is the organization highly individualized?
    • Is the organization centralized?
    • Is the organization highly formalized?
    • Is there strong technical expertise?
    • Is there strong infrastructure?

    Impact

    • Funding
    • Resources
    • Knowledge sharing
    • User acceptance
    • Flow of knowledge
    • Quality of implementation
    • Need for reliance on consultants

    ERP Business Model

    Organizational Goals

    Enablers

    Barriers

    • Efficiency
    • Effectiveness
    • Integrity
    • One source of truth for data
    • One team
    • Customer service, external and internal
    • Cross-trained employees
    • Desire to focus on value-add activities
    • Collaborative
    • Top-level executive support
    • Effective change management process
    • Organizational silos
    • Lack of formal process documentation
    • Funding availability
    • What goes first? Organizational priorities

    What does success look like?

    Top 15 critical success factors for ERP system implementation

    The image contains a graph that demonstrates the top 15 critical success factors for ERP system implementation. The top 15 are: Top management support and commitment, Interdepartmental communication and cooperations throughout the institution, Commitment to business process re-engineering to do away with redundant processes, Implementation project management from initiation to closing, Change management program to ensure awareness and readiness for possible changes, Project team competence, Education and training for stakeholders, Project champion to lead implementation, Project mission and goals for the system with clear objectives agreed upon, ERP expert consultant use to guide the implementation process, Minimum level of customization to use ERP functionalities to maximum, Package selection, Understanding the institutional culture, Use involvement and participation throughout implementation, ERP vendor support and partnership.

    Source: Epizitone and Olugbara, 2020; CC BY 4.0

    Info-Tech Insight

    Complement your ability to deliver on your critical success factors with the capabilities of your implementation partner to drive a successful ERP implementation.

    “Implementation partners can play an important role in successful ERP implementations. They can work across the organizational departments and layers creating a synergy and a communications mechanism.” – Ayogeboh Epizitone, Durban University of Technology

    1.2.2 Consider potential barriers and challenges

    1-3 hours

    • Open tab “1.2 Strategy & Goals,” in the Get the Most Out of Your SAP Workbook.
    • Identify barriers to ERP optimization success.
    • Review the ERP critical success factors and how they relate to your optimization efforts.
    • Discuss potential barriers to successful ERP optimization.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains the same diagram as shown previously, where it demonstrated the environmental factors in relation to the ERP strategy. The same diagram is used and highlights the barriers section.

    Functional Gaps

    Technical Gaps

    Process Gaps

    Barriers to Success

    • No online purchase order for requisitions
    • Inconsistent reporting – data quality concerns
    • Duplication of data
    • Lack of system integration
    • Cultural mindset
    • Resistance to change
    • Lack of training
    • Funding

    Download the Get the Most Out of Your SAP Workbook

    1.2.3 Discuss enablers of success

    1-3 hours

    1. Open tab “1.2 Strategy & Goals,” in the Get the Most Out of Your SAP Workbook.
    2. Identify barriers to ERP optimization success.
    3. Review the ERP critical success factors and how they relate to your optimization efforts.
    4. Discuss potential barriers to successful ERP optimization.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains the same diagram as shown previously, where it demonstrated the environmental factors in relation to the ERP strategy. The same diagram is used and highlights the enablers and organizational goals sections.

    Business Benefits

    IT Benefits

    Organizational Benefits

    Enablers of Success

    • Business-IT alignment
    • Compliance
    • Scalability
    • Operational efficiency
    • Data accuracy
    • Data quality
    • Better reporting
    • Change management
    • Training
    • Alignment with strategic objectives

    Download the Get the Most Out of Your SAP Workbook

    The Business Value Matrix

    Rationalizing and quantifying the value of SAP

    Benefits can be realized internally and externally to the organization or department and have different drivers of value.

    • Financial benefits refer to the degree to which the value source can be measured through monetary metrics and are often quite tangible.
    • Human benefits refer to how an application can deliver value through a user’s experience.
    • Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.
    • Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Organizational Goals

    • Increased Revenue
    • Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.

    • Reduced Costs
    • Reduction of overhead. The ways in which an application limits the operational costs of business functions.

    • Enhanced Services
    • Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    • Reach Customers
    • Application functions that enable and improve the interaction with customers or produce market information and insights.

    Business Value Matrix

    The image contains a screenshot of a Business Value Matrix. It includes: Reach Customers, Increase Revenue or Deliver Value, Reduce Costs, and Enhance Services.

    Link SAP capabilities to organizational value

    The image contains screenshots that demonstrate linking SAP capabilities to organizational value.

    1.2.4 Define your SAP optimization goals

    30 minutes

    1. Discuss the ERP business model and ERP critical success factors.
    2. Through the lens of corporate goals and objectives think about supporting ERP technology. How can the ERP system bring value to the organization? What are the top things that will make this initiative a success?
    3. Develop five to ten optimization goals that will form the basis for the success of this initiative.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains an example of the activity describe above on defining your SAP optimization goals.

    Download the Get the Most Out of Your SAP Workbook

    Step 1.3

    Inventory Current System State

    Activities

    1.3.1 Inventory SAP applications and interactions

    1.3.2 Draw your SAP system diagram

    1.3.3 Inventory your SAP modules and business capabilities (or business processes)

    1.3.4 Define your key SAP optimization modules and business capabilities

    This step will guide you through the following activities:

    • Inventory of applications
    • Mapping interactions between systems

    This step involves the following participants:

    • SAP Optimization Team
    • Enterprise Architect
    • Data Architect

    Outcomes of this step

    • Systems inventory
    • Systems diagram

    1.3.1 Inventory SAP applications and interfaces

    1-3+ hours

    1. Enter your SAP systems, SAP extended applications, and integrated applications within scope.
    2. Include any abbreviated names or nicknames.
    3. List the application type or main function.
    4. List the modules the organization has licensed.
    5. List any integrations.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the SAP application inventory.

    Download the Get the Most Out of Your SAP Workbook

    ERP Data Flow

    The image contains an example ERP Data Flow with a legend.

    Be sure to include enterprise applications that are not included in the ERP application portfolio. Popular systems to consider for POIs include billing, directory services, content management, and collaboration tools.

    ERP – enterprise resource planning

    Email – email system such as Microsoft Exchange

    Calendar – calendar system such as Microsoft Outlook

    WEM – web experience management

    ECM – enterprise content management

    When assessing the current application portfolio that supports your ERP, the tendency will be to focus on the applications under the ERP umbrella. These relate mostly to marketing, sales, and customer service. Be sure to include systems that act as input to, or benefit due to outputs from, ERP or similar applications.

    1.3.2 Draw your SAP system diagram

    1-3+ hours

    1. From the SAP application inventory, diagram your network.
    2. Include:

    • Any internal or external systems
    • Integration points
    • Data flow

    The image contains a screenshot of the example ERP Systems Diagram.

    Download the Get the Most Out of Your SAP Workbook

    Sample SAP and integrations map

    The image contains a screenshot of a sample SAP and integrations map.

    Business capability map (Level 0)

    The image contains a screenshot of the business capability map, level 0. The capability map includes: Products and Services Development, Revenue Generation, Demand Fulfillment, and Enterprise Management and Planning.

    In business architecture, the primary view of an organization is known as a business capability map. A business capability defines what a business does to enable value creation, rather than how.

    Business capabilities:

    • Represent stable business functions.
    • Are unique and independent of each other.
    • Will typically have a defined business outcome.

    A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

    ERP process mapping

    The image contains screenshots to demonstrate the ERP process mapping. One of the screenshots is of the business capability map, level 0, the second screenshot contains the objectives , value streams, capabilities, and processes. The third image contains a screenshot of the SAP screenshot with the circles around it as previously shown.

    The operating model

    An operating model is a framework that drives operating decisions. It helps to set the parameters for the scope of ERP and the processes that will be supported. The operating model will serve to group core operational processes. These groupings represent a set of interrelated, consecutive processes aimed at generating a common output. From your developed processes and your SAP license agreements you will be able to pinpoint the scope for investigation including the processes and modules.

    APQC Framework

    Help define your inventory of sales, marketing, and customer services processes.

    Operating Processes

    1. Develop vision and strategy 2. Develop and manage products and services 3. Market and sell products and services 4. Deliver physical products 5. Deliver services

    Management and Support Processes

    6.Manage customer service

    7. Develop and manage human capital

    8. Manage IT

    9. Manage financial resources

    10. Acquire, construct, and manage assets

    11. Manage enterprise risk, compliance, remediation, and resiliency

    12. Manage external relationships

    13. Develop and manage business capabilities

    Source: APQC

    If you do not have a documented process model, you can use the APQC Framework to help define your inventory of sales business processes. APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.

    APQC’s Process Classification Framework

    The value stream

    Value stream defined:

    Value Streams

    Design Product

    Produce Product

    Sell Product

    Customer Service

    • Manufacturers work proactively to design products and services that will meet consumer demand.
    • Products are driven by consumer demand and government regulations.
    • Production processes and labor costs are constantly analyzed for efficiencies and accuracies.
    • Quality of product and services are highly regulated through all levels of the supply chain.
    • Sales networks and sales staff deliver the product from the organization to the end consumer.
    • Marketing plays a key role throughout the value stream, connecting consumers’ wants and needs to the products and services offered.
    • Relationships with consumers continue after the sale of products and services.
    • Continued customer support and data mining is important to revenue streams.

    Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates.

    There are two types of value streams: core value streams and support value streams.

    • Core value streams are mostly externally facing. They deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map.
    • Support value streams are internally facing and provide the foundational support for an organization to operate.

    An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers.

    Process mapping hierarchy

    The image contains a screenshot of the PCF levels explained. The levels are 1-5. The levels are: Category, Process Group, Process, Activity, and Task.

    Source: APQC

    APQC provides a process classification framework. It allows organizations to effectively define their processes and manage them appropriately.

    APQC’s Process Classification Framework

    Cross-industry classification framework

    Level 1 Level 2 Level 3 Level 4

    Market and sell products and services

    Understand markets, customers, and capabilities

    Perform customer and market intelligence analysis

    Conduct customer and market research

    Market and sell products and services

    Develop a sales strategy

    Develop a sales forecast

    Gather current and historic order information

    Deliver services

    Manage service delivery resources

    Manage service delivery resource demand

    Develop baseline forecasts

    ? ? ? ?

    Info-Tech Insight

    Focus your initial assessment on the level 1 processes that matter to your organization. This allows you to target your scant resources on the areas of optimization that matter most to the organization and minimize the effort required from your business partners. You may need to iterate the assessment as challenges are identified. This allows you to be adaptive and deal with emerging issues more readily and become a more responsive partner to the business.

    SAP modules and process enablement

    Cloud/Hardware

    Fiori

    Analytics

    Integrations

    Extended Solutions

    R&D Engineering

    • Enterprise Portfolio and Project Management
    • Product Development Foundation
    • Enterprise Portfolio and Project Management
    • Product Lifecycle Management
    • Product Compliance
    • Enterprise Portfolio and Project Management
    • Product Safety and Stewardship
    • Engineering Record

    Sourcing and Procurement

    • Procurement Analytics
    • Sourcing & Contract Management
    • Operational Procurement
    • Invoice Management
    • Supplier Management

    Supply Chain

    • Inventory
    • Delivery & Transportation
    • Warehousing
    • Order Promising

    Asset Management

    • Maintenance Operations
    • Resource Scheduling
    • Env, Health and Safety
    • Maintenance Management
    The image contains a diagram of the SAP enterprise resource planning. The diagram includes a circle with smaller circles all around it. The inside of the circle contains SAP logos. The circles around the big circle are labelled: Human Resources Management, Sales, Marketing, Customer Service, Asset Management, Logistics, Supply Chain Management, Manufacturing, R&D and Engineering, and Finance.

    Finance

    • Financial Planning and Analysis
    • Accounting and Financial Close
    • Treasury Management
    • Financial Operations
    • Governance, Risk & Compliance
    • Commodity Management

    Human Resources

    • Core HR
    • Payroll
    • Timesheets
    • Organization Management
    • Talent Management

    Sales

    • Sales Support
    • Order and Contract Management
    • Agreement Management
    • Performance Management

    Service

    • Service Operations and Processes
    • Basic Functions
    • Workforce Management
    • Case Management
    • Professional Services
    • Service Master Data Management
    • Service Management

    Beyond the core

    The image contains a screenshot of a diagram to demonstrate beyond the core. In the middle of the image is S/4 Core, and the BTP: Business Technology Platform. Surrounding it are: SAP Fieldglass, SAP Concur, SAP Success Factors, SAP CRM SAO Hybris, SAP Ariba. On the left side of the image are: Business Planning and Consolidations, Transportation Management System, Integrated Business Planning, Extended Warehouse Management.

    1.3.3 Inventory your SAP modules and business capabilities

    1-3+ hours

    1. Look at the major functions or processes within the scope of ERP.
    2. From the inventory of current systems, choose the submodules or processes that you want to investigate and are within scope for this optimization initiative.
    3. Use tab 1.3 “SAP Capabilities” in Get the Most Out of Your SAP Workbook for a list of common SAP Level 1 and Level 2 modules/business capabilities.
    4. List the top modules, capabilities, or processes that will be within the scope of this optimization initiative.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of an example of what to do for the activity 1.3.3.

    Download the Get the Most Out of Your SAP Workbook

    1.3.4 Define your key SAP optimization modules and business capabilities

    1-3+ hours

    1. Look at the major functions or processes within the scope of ERP.
    2. From the inventory of current systems, choose the submodules or processes for this optimization initiative. Base this on those that are most critical to the business, those with the lowest levels of satisfaction, or those that perhaps need more knowledge around them.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the Key SAP Optimization Capabilities.

    Download the Get the Most Out of Your SAP Workbook

    Step 1.4

    Define Optimization Timeframe

    Activities

    1.4.1 Define SAP key dates and SAP optimization roadmap timeframe and structure

    This step will guide you through the following activities:

    • Defining key dates related to your optimization initiative
    • Identifying key building blocks for your optimization roadmap

    This step involves the following participants:

    • SAP Optimization Team
    • Vendor Management

    Outcomes of this step

    • Optimization Key Dates
    • Optimization Roadmap Timeframe and Structure

    1.4.1 Optimization roadmap timeframe and structure

    1-3+ hours

    1. Record key items and dates relevant to your optimization initiatives, such as any products reaching end of life or end of contract or budget proposal submission deadlines.
    2. Enter the expected Optimization Initiative Start Date.
    3. Enter the Roadmap Length. This is the total amount of time you expect to participate in the SAP optimization initiative.
    4. This includes short-, medium- and long-term initiatives.
    5. Enter your Roadmap Date markers: how you want dates displayed on the roadmap.
    6. Enter Column time values: what level of granularity will be helpful for this initiative?
    7. Enter the sprint or cycle timeframe; use this if following Agile.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the Optimization Roadmap Timeframe and Structure.

    Download the Get the Most Out of Your SAP Workbook

    Step 1.5

    Understand SAP Costs

    Activities

    1.5.1 Document costs associated with SAP

    This step will walk you through the following activities:

    • Define your SAP direct and indirect costs
    • List your SAP expense line items

    This step involves the following participants:

    • Finance Representatives
    • SAP Optimization Team

    Outcomes of this step

    • Current SAP and related costs

    1.5.1 Document costs associated with SAP

    1-3 hours

    Before you can make changes and optimization decisions, you need to understand the high-level costs associated with your current application architecture. This activity will help you identify the types of technology and people costs associated with your current systems.

    1. Identify the types of technology costs associated with each current system:
      1. System Maintenance
      2. Annual Renewal
      3. Licensing
    2. Identify the cost of people associated with each current system:
      1. Full-Time Employees
      2. Application Support Staff
      3. Help Desk Tickets

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the activity 1.5.1 on documenting costs associated with SAP.

    Download the Get the Most Out of Your SAP Workbook

    Phase 2

    Assess Your Current State

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    This phase will walk you through the following activities:

    • Determine process relevance
    • Perform a gap analysis
    • Perform a user satisfaction survey
    • Assess software and vendor satisfaction

    This phase involves the following participants:

    • SAP Optimization Team
    • Users across functional areas of your ERP and related technologies

    Step 2.1

    Assess SAP Capabilities

    Activities

    2.1.1 Rate capability relevance to organizational goals

    2.1.2 Complete an SAP application portfolio assessment

    2.1.3 (Optional) Assess SAP process maturity

    This step will guide you through the following activities:

    • Capability relevance
    • Process gap analysis
    • Application Portfolio Assessment

    This step involves the following participants:

    • SAP Users

    Outcomes of this step

    • SAP Capability Assessment

    Benefits of the Application Portfolio Assessment

    The image contains a screenshot of the activity of assessing the health of the application portfolio.

    Assess the health of the application portfolio

    • Get a full 360-degree view of the effectiveness, criticality, and prevalence of all relevant applications to get a comprehensive view of the health of the applications portfolio.
    • Identify opportunities to drive more value from effective applications, retire nonessential applications, and immediately address at-risk applications that are not meeting expectations.
    The image contains a screenshot of the activity on providing targeted department feedback.

    Provide targeted department feedback

    • Share end-user satisfaction and importance ratings for core IT services, IT communications, and business enablement to focus on the right end-user groups or lines of business, and ramp up satisfaction and productivity.
    The image contains a screenshot of the activity on gaining insight into the state of data quality.

    Gain insight into the state of data quality

    • Data quality is one of the key issues causing poor CRM user satisfaction and business results. This can include the relevance, accuracy, timeliness, or usability of the organization’s data.
    • Targeted, open-ended feedback around data quality will provide insight into where optimization efforts should be focused.

    2.1.1 Complete a current-state assessment (via the Application Portfolio Assessment)

    3 hours

    Option 1: Use Info-Tech’s Application Portfolio Assessment to generate your user satisfaction score. This tool not only measures application satisfaction but also elicits great feedback from users regarding the support they receive from the IT team around SAP.

    1. Download the ERP Application Inventory Tool.
    2. Complete the “Demographics” tab (tab 2).
    3. Complete the “Inventory” tab (tab 3).
      1. Complete the inventory by treating each module within your SAP system as an application.
      2. Treat every department as a separate column in the department section. Feel free to add, remove, or modify department names to match your organization.
      3. Include data quality for all applications applicable.

    Option 2: Create a survey manually.

    1. Use tab (Reference) 2.1 “APA Questions” as a guide for creating your survey.
    2. Send out surveys to end users.
    3. Modify tab 2.1, “SAP Assessment,” if required.

    Record Results

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the Application Portfolio Assessment.

    Download the ERP Application Inventory Tool

    Download the Get the Most Out of Your SAP Workbook

    Sample Report from Application Portfolio Assessment.

    The image contains a screenshot of a sample report from the Application Portfolio Assessment.

    2.1.2 (Optional) Assess SAP process and technical maturity

    1-3 hours

    1. As with any ERP system, the issues encountered may not be related to the system itself but processes that have developed over time.
    2. Use this opportunity to interview key stakeholders to learn about deeper capability processes.
    • Identify key stakeholders.
    • Hold sessions to document deeper processes.
    • Discuss processes and technical enablement in each area.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains an example of the process maturity activity.

    Download the Get the Most Out of Your SAP Workbook

    Process Maturity Assessment

    The image contains a screenshot of the Process Maturity Assessment.

    Step 2.2

    Review Your Satisfaction With the Vendor/Product and Willingness for Change

    Activities

    2.2.1 Rate your vendor and product satisfaction

    2.2.2 Review SAP product scores (if applicable)

    2.2.3 Evaluate your product satisfaction

    2.2.4 Check your business process change tolerance

    This step will guide you through the following activities:

    • Rate your vendor and product satisfaction
    • Compare with survey data from SoftwareReviews

    This step involves the following participants:

    • SAP Product Owner(s)
    • Procurement Representative
    • Vendor Contracts Manager

    Outcomes of this step

    • Quantified satisfaction with vendor and product

    2.2.1 Rate your vendor and product satisfaction

    30 minutes

    Use Info-Tech’s vendor satisfaction survey to identify optimization areas with your ERP product(s) and vendor(s).

    1. Option 1 (recommended): Conduct a satisfaction survey using SoftwareReviews. This option allows you to see your results in the context of the vendor landscape.
    2. Option 2: Use the Get the Most Out of Your SAP Workbook to review your satisfaction with your SAP software.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the activity Vendor Optimization.

    SoftwareReviews’ Enterprise Resource Planning Category

    Download the Get the Most Out of Your SAP Workbook

    2.2.2 Review SAP product scores (if applicable)

    30 minutes

    1. Download the scorecard for your SAP product from the SoftwareReviews website. (Note: Not all products are represented or have sufficient data, so a scorecard may not be available.)
    2. Use the Get the Most Out of Your SAP Workbook tab 2.2 “Vend. & Prod. Sat” to record the scorecard results.
    3. Use your Get the Most Out of Your SAP Workbook to flag areas where your score may be lower than the product scorecard. Brainstorm ideas for optimization.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the activity 2.2.2 review SAP product scores.

    Download the Get the Most Out of Your SAP Workbook

    SoftwareReviews’ Enterprise Resource Planning Category

    2.2.3 How does your satisfaction compare with your peers?

    Use SoftwareReviews to explore product features, vendor experience, and capability satisfaction.

    The image contains two screenshots of SoftwareReviews. One is of the ERP Mid-Market, and the second is of the ERP Enterprise.

    Source: SoftwareReviews ERP Mid-Market, April 2022

    Source: SoftwareReviews ERP Enterprise, April 2022

    2.2.4 Check your business process change tolerance

    1 hours

    1. As a group, review the level 0 business capabilities on the previous slide.
    2. Assess the department’s willingness for change and the risk of maintaining the status quo.
    3. Color-code the level 0 business capabilities based on:
    • Green – Willing to follow best practices
    • Yellow – May be challenging or unique business model
    • Red – Low tolerance for change
  • For clarity, move to level 1 if specific areas need to be called out and use the same color code.
  • Input Output
    • Business process capability map
    • Heat map of risk areas that require more attention for validating best practices or minimizing customization
    Materials Participants
    • Whiteboard/flip charts
    • Get the Most Out of Your SAP Workbook
    • Implementation team
    • CIO
    • Key stakeholders

    Download Get the Most Out of Your SAP Workbook for additional process levels

    Heat map representing desire for best practice or those having the least tolerance for change

    The image contains a screenshot of a heat map to demonstrate desire for best practice or those having the least tolerance for change.

    Determine the areas of risk to conform to best practice and minimize customization. These will be areas needing focus from the vendor supporting change and guiding best practice. For example: Must be able to support our unique process manufacturing capabilities and enhance planning and visibility to detailed costing.

    Phase 3

    Identify Key Optimization Opportunities

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    This phase will walk you through the following activities:

    • Identify key optimization areas
    • Create an optimization roadmap

    This phase involves the following participants:

    • SAP Optimization Team

    Assessing application business value

    In this context…business value is

    the value of the business outcome that the application produces. Additionally, it is how effective the application is at producing that outcome.

    Business value is not

    the user’s experience or satisfaction with the application.

    The image contains a screenshot of a Venn Diagram. In the left circle, labelled The Business it contains the following text: Keepers of the organization’s mission, vision, and value statements that define IT success. The business maintains the overall ownership and evaluation of the applications. In the right circle labelled IT, it contains the following text: Technical subject-matter experts of the applications they deliver and maintain. Each IT function works together to ensure quality applications are delivered to stakeholder expectations. The middle space is labelled: Business Value of Applications.

    First, the authorities on business value need to define and weigh their value drivers that describe the priorities of the organization. This will allow the applications team to apply a consistent, objective, and strategically aligned evaluation of applications across the organization.

    Brainstorm IT initiatives to enable high areas of opportunity to support the business

    Brainstorm ERP optimization initiatives in each area. Ensure you are looking for all-encompassing opportunities within the context of IT, the business, and SAP systems.

    Capabilities are what the system and business does that creates value for the organization. Optimization initiatives are projects with a definitive start and end date, and they enhance, create, maintain, or remove capabilities with the goal of increasing value.

    The image contains a Venn Diagram with 3 circles. The circles are labelled as: Process, Technology, and Organization.

    Info-Tech Insight

    Enabling a high-performing organization requires excellent management practices and continuous optimization efforts. Your technology portfolio and architecture are important, but we must go deeper. Taking a holistic view of ERP technologies in the environments in which they operate allows for the inclusion of people and process improvements – this is key to maximizing business results. Using a formal ERP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    Address process gaps:

    • ERP and related technologies are invaluable to the goal of organizational enablement, but they must have supported processes driven by business goals.
    • Identify areas where capabilities need to be improved and work toward optimization.

    Support user satisfaction:

    • The best technology in the world won’t deliver business results if it’s not working for the users who need it.
    • Understand concerns, communicate improvements, and support users in all roles.

    Improve data quality:

    • Data quality is unique to each business unit and requires tolerance, not perfection.
    • Implement data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.

    Proactively manage vendors:

    • Vendor management is a critical component of technology enablement and IT satisfaction.
    • Assess your current satisfaction against that of your peers and work toward building a process that is best fit for your organization.

    Step 3.1

    Prioritize Optimization Opportunities

    Activities

    3.1.1 Prioritize optimization capability areas

    This step will guide you through the following activities:

    • Explore existing process gaps
    • Identify the impact of processes on user satisfaction
    • Identify the impact of data quality on user satisfaction
    • Review your overall product satisfaction and vendor management

    This step involves the following participants:

    • SAP Optimization Team

    Outcomes of this step

    • Application optimization plan

    The Business Value Matrix

    Rationalizing and quantifying the value of SAP

    Benefits can be realized internally and externally to the organization or department and have different drivers of value.

    • Financial benefits refer to the degree to which the value source can be measured through monetary metrics and are often quite tangible.
    • Human benefits refer to how an application can deliver value through a user’s experience.
    • Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.
    • Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Organizational Goals

    • Increased Revenue
    • Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.

    • Reduced Costs
    • Reduction of overhead. The ways in which an application limits the operational costs of business functions.

    • Enhanced Services
    • Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    • Reach Customers
    • Application functions that enable and improve the interaction with customers or produce market information and insights.

    Business Value Matrix

    The image contains a screenshot of a Business Value Matrix. It includes: Reach Customers, Increase Revenue or Deliver Value, Reduce Costs, and Enhance Services.

    Prioritize SAP optimization areas that will bring the most value to the organization

    Review your ERP capability areas and rate them according to relevance to organizational goals. This will allow you to eliminate optimization ideas that may not bring value to the organization.

    The image contains a screenshot of a graph that compares satisfaction by relevance to organizational goals to demonstrate high priority.

    3.1.1 Prioritize and rate optimization capability areas

    1-3 hours

    1. From the SAP capabilities, discuss areas of scope for the SAP optimization initiative.
    2. Discuss the four areas of the business value matrix and identify how each module, along with organizational goals, can bring value to the organization.
    3. Rate each of your SAP capabilities for the level of importance to your organization. The levels of importance are:
    • Crucial
    • Important
    • Secondary
    • Unimportant
    • Not applicable

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of activity 3.1.1.

    Download the Get the Most Out of Your SAP Workbook

    Step 3.2

    Discover Optimization Initiatives

    Activities

    3.2.1 Discover product and vendor satisfaction opportunities

    3.2.2 Discover capability and feature optimization opportunities

    3.2.3 Discover process optimization opportunities

    3.2.4 Discover integration optimization opportunities

    3.2.5 Discover data optimization opportunities

    3.2.6 Discover SAP cost-saving opportunities

    This step will guide you through the following activities:

    • Explore existing process gaps
    • Identify the impact of processes on user satisfaction
    • Identify the impact of data quality on user satisfaction
    • Review your overall product satisfaction and vendor management

    This step involves the following participants:

    • SAP Optimization Team

    Outcomes of this step

    • Application optimization plan

    Satisfaction with SAP product

    The image contains three screenshots to demonstrate satisfaction with sap product.

    Improving vendor management

    Create a right-size, right-fit strategy for managing the vendors relevant to your organization.

    The image contains a diagram to demonstrate lower strategic value, higher vendor spend/switching costs, higher strategic value, and lower vendor spend/switching costs.

    Info-Tech Insight

    A vendor management initiative (VMI) is an organization’s formalized process for evaluating, selecting, managing, and optimizing third-party providers of goods and services.

    The amount of resources you assign to managing vendors depends on the number and value of your organization’s relationships. Before optimizing your vendor management program around the best practices presented in Info-Tech’s Jump Start Your Vendor Management Initiative blueprint, assess your current maturity and build the process around a model that reflects the needs of your organization.

    Note: Info-Tech uses VMI interchangeably with the terms “vendor management office (VMO),” “vendor management function,” “vendor management process,” and “vendor management program.”

    Jump Start Your Vendor Management Initiative

    3.2.1 Discover product and vendor satisfaction

    1-2 hours

    1. Use tab 3.1 “Optimization Priorities” and tab 2.2 “Vend. & Prod. Sat” to review the capabilities and features of your SAP system.
    2. Answer the following questions:
      1. Document overall product satisfaction.
      2. How does your satisfaction compare with your peers?
      3. Is the overall system fit for use?
      4. Do you have a proactive vendor management strategy in place?
      5. Is the product dissatisfaction at the point that you need to evaluate if it is time to replace the product?
      6. Could your vendor or Systems Integrator help you achieve better results?
    3. Review the Value Effort Matrix for each initiative.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Examples from Application Portfolio Assessment

    The image contains screenshots from the Application Portfolio Assessment.

    3.2.2 Discover capability and feature optimization opportunities

    1-2 hours

    1. Use tab 3.1 “Optimization Priorities” and tab 2.2 “Vend. & Prod. Sat” to review the capabilities and features of your SAP system.
    2. Answer the following questions:
      1. What capabilities and features are performing the worst?
      2. Do other organizations and users struggle with these areas?
      3. Why is it not performing well?
      4. Is there an opportunity for improvement?
      5. What are some optimization initiatives that could be undertaken?
    3. Review the Value Effort Matrix for each initiative.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Process optimization: the hidden goldmine

    In ~90% of SAP business process analysis reports, SAP identified significant potential for improving the existing SAP implementation, i.e. the large majority of customers are not yet using their SAP Business Suite to the full extent.

    Goals of Process Improvement

    Process Improvement Sample Areas

    Improvement Possibilities

    • Optimize business and improve value drivers
    • Reduce TCO
    • Reduce process complexity
    • Eliminate manual processes
    • Increase efficiencies
    • Support digital transformation and enablement
    • Order to cash
    • Procure to pay
    • Order to replenish
    • Plan to produce
    • Request to settle
    • Make to order
    • Make to stock
    • Purchase to order
    • Increase number of process instances processed successfully end-to-end
    • Increase number of instances processed in time
    • Increase degree of process automation
    • Speed up cycle times of supply chain processes
    • Reduce number of process exceptions
    • Apply internal best practices across organizational units

    3.2.3 Discover process optimization opportunities

    1-2 hours

    1. Use exercise 2.13 and tab 2.1 “SAP Current State Assessment” to assess process optimization opportunities.
    2. List underperforming capabilities around process.
    3. Answer the following:
      1. What is the state of the current processes?
      2. Is there an opportunity for process improvement?
      3. What are some optimization initiatives that could be undertaken in this area?

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Integration provides long-term usability

    Balance the need for secure, compliant data availability with organizational agility.

    The Benefits of Integration

    The Challenges of Integration

    • The largest benefit is the extended use of data. The ERP data can be used in the enterprise-level business intelligence suite rather than the application-specific analytics.
    • Enhanced data security. Integrated approaches lend themselves to auditable processes such as sign-on and limiting the email movement of data.
    • Regulatory compliance. Large multi-site organizations have many layers of regulation. A clear understanding of where orders, deliveries, and payments were made streamlines the audit process.
    • Extending a single instance ERP to multiple sites. The challenge for data management is the same as any SaaS application. The connection and data replication present challenges.
    • Combining data from equally high-volume systems. For SAP it is recommended that one instance is set to primary and all other sites are read-only to maintain data integrity.
    • Incorporating data from the separate system(s). The proprietary and locked-in nature of the data collection and definitions for ERP systems often limit the movement of data between separate systems.

    Common integration and consolidation scenarios

    Financial Consolidation

    Data Backup

    Synchronization Across Sites

    Legacy Consolidation

    • Require a holistic view of data format and accounting schedules.
    • Use a data center as the main repository to ensure all geographic locations have equal access to the necessary data.
    • Set up synchronization schedules based on data usage, not site location.
    • Carefully define older transactions. Only active transactions should be brought in the ERP. Send older data to storage.
    • Problem: Controlling financial documentation across geographic regions.
      Most companies are required to report in each region where they maintain a presence. Stakeholders and senior management also need a holistic view. This leads to significant strain on the financial department to consolidate both revenue and budget allocations for cross-site projects across the various geographic locations on a regular basis.
    • Solution: For enterprises with a single vendor, SAP-only portfolios, SAP can offer integration tools. For those needing to integrate with other ERPs, the use of a connector may be required to send financial data to the main system. The format and accounting calendar for transactions should match the primary ERP system to allow consolidation. The local-specific format should be a role-based customization at the level of the site’s specific instance.
    • Problem: ERP systems generate high volumes of data. Most systems have a defined schedule of back-up during off-hours. Multi-instance brings additional issues through lack of defined off-hours, higher volume of data, and the potential for cross-site or instance data relationships. This leads to headaches for both the database administrator and business analysts.
    • Solution: The best solution is an off-site data center with high availability. This may include cloud storage or hosted data centers. Regardless of where the data is stored, centralize the data and replicate to each site. Ensure that the data center can mirror the database and binary large object (BLOB) storage that exists for each site.
    • Problem: Providing access to up-to-date transactions requires copying of both contextual information (permissions, timestamp, location, history) and the transaction itself across multiple sites to allow local copies to be used for analysis and audits. The sheer volume of information makes timely synchronization difficult.
    • Solution: Not all data needs to be synchronized in a timely fashion. In SAP, administrators can use NetWeaver to maintain and alter global data synchronization through the Master Data Management module. Permissions can be given to users to perform on-demand synchronization of data attached to that user.
    • The Problem: Subsidiaries and acquired companies often have a Tier 2 ERP product. Prior to fully consolidating the processes many enterprises will want to migrate data to their ERP system to build compliance and audit trails. Migration of data often breaks historical linkages between transactions.
    • Solution: SAP offers tools to integrate data across applications that can be used as part of a data migration strategy. The process of data migration should be combined with data warehousing to ensure a cost-effective process. For most enterprises, the lack of experience in data migration will necessitate the use of consultants and independent software vendors (ISV).

    For more information: Implement a Multi-site ERP

    3.2.4 Discover integration optimization opportunities

    1-2 hours

    1. Use tab 1.3.1 “SAP Application Inventory” to discuss integrations and how they are related to capability areas that are not performing well.
    2. List capabilities that might be affected by integration issues. Think about exercise 3.2.1 and discuss how integrations could be affecting overall product satisfaction.
    3. Answer the following:
      1. Are there some areas where integration could be improved?
      2. Is there an opportunity for process improvement?
      3. What are some optimization initiatives that could be undertaken in this area?

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    System and data optimization

    Consolidating your business and technology requires an overall system and data migration plan.

    The image contains a screenshot of a diagram that demonstrates three different integrations: system, organization, and data.

    Info-Tech Insight

    Have an overall data migration plan before beginning your systems consolidation journey to S/4HANA.

    Use a data strategy that fixes the enterprise-wide data management issues

    Your data management must allow for flexibility and scalability for future needs.

    IT has several concerns around ERP data and wide dissemination of that data across sites. Large organizations can benefit from building a data warehouse or at least adopting some of the principles of data warehousing. The optimal way to deal with the issue of integration is to design a metadata-driven data warehouse that acts as a central repository for all ERP data. They serve as the storage facility for millions of transactions, formatted to allow analysis and comparison.

    Key considerations:

    • Technical: At what stage does data move to the warehouse? Can processes be automated to dump data or to do a scheduled data movement?
    • Process: Data integration requires some level of historical context for all data. Ensure that all data has multiple metadata tags to future-proof the data.
    • People: Who will be accessing the data and what are the key items that users will need to adapt to the data warehouse process?

    Info-Tech Insight

    Data warehouse solutions can be expensive. See Info-Tech’s Build a Data Warehouse on a Solid Foundation for guidance on what options are available to meet your budget and data needs.

    Optimizing SAP data, additional considerations

    Data Quality Management

    Effective Data Governance

    Data-Centric Integration Strategy

    Extensible Data Warehousing

    • Prevention is ten times cheaper than remediation. Stop fixing data quality with band-aid solutions and start fixing at the source of the problem.
    • Data quality is unique to each business unit and requires tolerance, not perfection. If the data allows the business to operate at the desired level, don’t waste time fixing data that may not need to be fixed.
    • Implement a set of data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.
    • Develop a prioritized data quality improvement project roadmap and long-term improvement strategy.
    • Build related practices with more confidence and less risk after achieving an appropriate level of data quality.
    • Data governance enables data-driven insight. Think of governance as a structure for making better use of data.
    • Collaboration is critical. The business may own the data, but IT understands the data. Data governance will not work unless the business and IT work together.
    • Data governance powers the organization up the data value chain through policies and procedures, master data management, data quality, and data architecture.
    • Create a roadmap to prioritize initiatives and delineate responsibilities among data stewards, data owners, and the data governance steering committee.
    • Ensure buy-in from business and IT stakeholders. Communicate initiatives to end users and executives to reduce resistance.
    • Every enterprise application involves data integration. Any change in the application and database ecosystem requires you to solve a data integration problem.
    • Data integration is becoming more and more critical for downstream functions of data management and for business operations to be successful. Poor integration holds back these critical functions.
    • Build your data integration practice with a firm foundation in governance and a reference architecture. Ensure that your process is scalable and sustainable.
    • Support the flow of data through the organization and meet the organization’s requirements for data latency, availability, and relevancy.
    • Data availability must be frequently reviewed and repositioned to continue to grow with the business.
    • A data warehouse is a project, but successful data warehousing is a program. An effective data warehouse requires planning beyond the technology implementation.
    • Governance, not technology, needs to be the core support system for enabling a data warehouse program.
    • Leverage an approach that focuses on constructing a data warehouse foundation that can address a combination of operational, tactical, and ad hoc business needs.
    • Invest time and effort to put together pre-project governance to inform and guide your data warehouse implementation.
    • Select the most suitable architecture pattern to ensure the data warehouse is “built right” at the very beginning.

    Restore Trust in Your Data Using a Business-Aligned Data Quality Management Approach

    Establish Data Governance

    Build a Data Integration Strategy

    Build an Extensible Data Warehouse Foundation

    Data Optimization

    Organizations are faced with challenges associated with changing data landscapes.

    Data migrations should not be taken lightly. It requires an overall data governance to assure data integrity for the move to S/4HANA and beyond.

    Have a solid plan before engaging S/4HANA Migration Cockpit.

    Develop a Master Data Management Strategy and Roadmap

    • Master data management (MDM) is complex in practice and requires investments in governance, technology, and planning.
    • Develop a MDM strategy and initiative roadmap using Info-Tech’s MDM framework, which takes data governance, architecture, and other critical data capabilities into consideration.

    Establish Data Governance

    • Ensure your data governance program delivers measurable business value by aligning the associated data governance initiatives with the business architecture.
    • Data governance must continuously align with the organization’s enterprise governance function. It should not be perceived as a pet project of IT but rather as an enterprise-wide, business-driven initiative.
    The image contains a screenshot of the S/4HANA Migration Cockpit.

    3.2.5 Discover data optimization opportunities

    1-2 hours

    1. Use your APA or user satisfaction survey to understand issues related to data.
      Note: Data issues happen for a number of reasons:
    • Poor underlying data in the system
    • More than one source of truth
    • Inability to consolidate data
    • Inability to measure KPIs effectively
    • Reporting that is cumbersome or non-existent
  • List underperforming capabilities related to data.
  • Answer the following:
    1. What are some underlying issues?
    2. Is there an opportunity for data improvement?
    3. What are some optimization initiatives that could be undertaken in this area?

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    SAP cost savings

    SAP cost savings does not have to be complicated.

    Look for quick wins:

    • Evaluate user licensing:
      • Ensure you are not double paying for employees or paying for employees who are no longer with the organization.
      • Verify user activity – if users are accessing the system very infrequently it does not make sense to license them as full users.
      • Audit your user classifications – ensure title positions and associated licenses are up to date.
    • Curb data sprawl.
    • Consolidate applications.

    30-35% of SAP customers likely have underutilized assets. This can add up to millions in unused software and maintenance.

    -Riley et al.

    20% Only 20 percent of companies manage to capture more than half the projected benefits from ERP systems.

    -McKinsey
    The image contains a screenshot of the Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk.

    Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk

    The image contains a screenshot of Secrets of SAP S/4HANA Licensing.

    Secrets of SAP S/4HANA Licensing

    License Optimization

    With the relatively slow uptake of the S/4HANA platform, the pressure is immense for SAP to maintain revenue growth.

    SAP’s definitions and licensing rules are complex and vague, making it extremely difficult to purchase with confidence while remaining compliant.

    Without having a holistic negotiation strategy, it is easy to hit a common obstacle and land into SAP’s playbook, requiring further spend.

    Price Benchmarking & Negotiation

    • Use price benchmarking and negotiation intelligence to secure a market-competitive price.
    • Understand negotiation tactics that can be used to better your deal.

    Secrets of SAP S/4HANA Licensing:

    • Build a business case to evaluate S/4HANA.
    • Understand the S/4HANA roadmap and map current functionality to ensure compatibility.

    SAP’s 2025 Support End of Life Date Delayed…As Predicted Here First

    • The math simply did not add up for SAP.
    • Extended support post 2027 is a mixed bag.

    3.2.6 Discover SAP cost-saving opportunities

    1-2 hours

    1. Use tab 1.5 “Current Costs” as an input for this exercise.
    2. Look for opportunities to cut SAP costs, both quick-wins and long-term strategy.
    3. Review Info-Tech’s SAP vendor management resources to understand cost-saving strategies:
    4. List cost-savings initiatives and opportunities.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Other optimization opportunities

    There are many opportunities to improve your SAP portfolio. Choose the ones that are right for your business:

    • Artificial intelligence (AI) (and management of the AI lifecycle)
    • Machine learning (ML)
    • Augment business interactions
    • Automatically execute sales pipelines
    • Process mining
    • SAP application monitoring
    • Be aware of the SAP product roadmap
    • Implement and take advantage of SAP tools and product offerings

    Phase 4

    Build Your Optimization Roadmap

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    This phase will walk you through the following activities:

    • Review the different options to solve the identified pain points
    • Build out a roadmap showing how you will get to those solutions
    • Build a communication plan that includes the stakeholder presentation

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Get the Most Out of Your SAP

    Step 4.1

    4.1 Build Your Optimization Roadmap

    Activities

    4.1.1 Pick your path

    4.1.2 Pick the right SAP migration path

    4.1.3 Build a roadmap

    4.1.4 Build a visual roadmap

    This step will walk you through the following activities:

    • Review the different options to solve the identified pain points then build out a roadmap of how to get to that solution.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Outcomes of this step

    • A strategic direction is set
    • An initial roadmap is laid out

    Choose the right path for your organization

    There are several different paths you can take to achieve your ideal future state. Make sure to pick the one that suits your needs as defined by your current state.

    The image contains a diagram to demonstrate the different paths that can be taken. The pathways are: Optimize current system, augment current system, consolidate current systems, upgrade system, and replace system.

    Explore the options for achieving your ideal future state

    CURRENT STATE

    STRATEGY

    There is significant evidence of poor user satisfaction, inefficient processes, lack of data usage, poor integrations, and little vendor management. Look for opportunities to improve the system.

    OPTIMIZE CURRENT SYSTEM

    Your existing application is, for the most part, functionally rich but may need some tweaking. Spend time and effort building and enhancing additional functionalities or consolidating and integrating interfaces.

    AUGMENT CURRENT SYSTEM

    Your ERP application portfolio consists of multiple apps serving the same functions. Consolidating applications with duplicate functionality is more cost efficient and makes integration and data sharing simpler.

    CONSOLIDATE CURRENT SYSTEMS

    The current system is reaching end of life and the software vendor offers a fit-for-use upgrade or system to which you can migrate. Prepare your migration strategy to move forward on the product roadmap.

    UPGRADE SYSTEM

    The current SAP system and future SAP roadmap are not fit for use. Vendor satisfaction is at an all-time low. Revisit your ERP strategy as you move into requirements gathering and selection.

    REPLACE SYSTEM

    Option: Optimize your current system

    Look for process, workflow, data usage, and vendor relation improvements.

    MAINTAIN CURRENT SYSTEM

    Keep the system but look for optimization opportunities.

    Your existing application portfolio satisfies both functionality and integration requirements. The processes surrounding it likely need attention, but the system should be considered for retention.

    Maintaining your current system entails adjusting current processes and/or adding new ones and involves minimal cost, time, and effort.

    INDICATORS

    POTENTIAL SOLUTIONS

    People

    • User satisfaction is in the mid-range
    • There is an opportunity to rectify problems
    • Contact vendor to inquire about employee training opportunities
    • Build a change management strategy

    Process

    • Processes are old and have not been optimized
    • There are many manual processes and workarounds
    • Low process maturity or undocumented inconsistent processes
    • Explore process reengineering and process improvement opportunities
    • Evaluate and standardize processes

    Technology

    • No major capability gaps
    • Supported for 5+ years
    • Explore opportunities outside of the core technology including workflows, integrations, and reporting

    Alternative 1: Optimize your current system

    MAINTAIN CURRENT SYSTEM

    • Keep your SAP system running
    • Invest in resolving current challenges
    • Automate manual processes where appropriate
    • Improve/modify current system
    • Evaluate current system against requirements/processes
    • Reimplement functionality

    Alternative Overview

    Initial Investment ($)

    Medium

    Risk

    Medium

    Change Management Required

    Medium

    Operating Costs ($)

    Low

    Alignment With Organizational Goals and ERP Strategy

    Medium-Low

    Key Considerations

    • Now that I know my needs, where is the current system underused?
    • Do we have specialized needs?
    • Which functions can best enable the business?

    Advantages

    • Less cost investment than upgrading or replacing the system
    • Less technology risk
    • The current system has several optimization initiatives that can be implemented
    • Familiarity with the system; IT and business users know the system well
    • Least amount of changes
    • Integrations will be able to be maintained and will mean less complexity
    • Will allow us to leverage current investments and build on our current confidence in the solution
    • Allow us to review processes and engineer some workflow and process improvements

    Disadvantages

    • The system may need some augmentation to handle some improvement areas
    • Build some items from scratch
    • Less user-friendly
    • Need to reimplement and reconfigure some modules
    • Lots of workarounds – more staff needed to support current processes
    • Increase customization (additional IT development investment)
    • System gaps would remain
    • System feels “hard” to use
    • Workarounds still needed
    • Hard to overcome “negative” experience with the current system
    • Some functional gaps will remain
    • Less system development and support from the vendor as the product ages.
    • May become a liability and risk area in the future

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Option: Augment your current system

    Use augmentation to resolve your existing technology and data pain points.

    AUGMENT CURRENT SYSTEM

    Add to the system.

    Your existing application is for the most part functionally rich but may need some tweaking. Spend time and effort enhancing your current system.

    You will be able to add functions by leveraging existing system features. Augmentation requires limited investment and less time and effort than a full system replacement.

    INDICATORS

    POTENTIAL SOLUTIONS

    Technology Pain Points

    • Lack of reporting functions
    • Lacking functional depth in key process areas
    • Add point solutions or enable modules to address missing functionality

    Data Pain Points

    • Poor data quality
    • Lack of data for processing and reporting
    • Single-source data entry
    • Add modules or augment processes to capture data

    Alternative 2: Augment current solution

    AUGMENT CURRENT SYSTEM

    Maintain core system.

    Invest in SAP modules or extended functionality.

    Add functionality with bolt-on targeted “best of breed” solutions.

    Invest in tools to make the SAP portfolio and ecosystem work better.

    Alternative Overview

    Initial Investment ($)

    High

    Risk

    High

    Change Management

    High

    Operating Costs ($)

    High

    Alignment With Organizational Goals and ERP Strategy

    High

    Key Considerations

    • Now that I know my needs, where is the current system underused?
    • Do we have specialized needs?
    • Which functions can best enable the business?

    Advantages

    • Meet specific business needs – right solution for each component
    • Well-aligned to specific business needs
    • Higher morale – best solution with improved user interface
    • Allows you to find the right solution for the unique needs of the organization
    • Allows you to incorporate a light change management strategy that can include training for the end users and IT
    • Incorporate best practice processes
    • Leverage out-of-the-box functionality

    Disadvantages

    • Multiple technological solutions
    • Lots of integrations
    • Out-of-sync upgrades
    • Extra costs – potential less negotiation leverage
    • Multiple solutions to support
    • Multiple vendors
    • Less control over upgrades – including timing (potential out of sync)
    • More training – multiple products, multiple interfaces
    • Confusion – which system to use when
    • Need more HR specialization
    • More complexity in reporting
    • More alignment with JDE E1 information

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Option: Consolidate systems

    Consolidate and integrate your current systems to address your technology and data pain points.

    CONSOLIDATE AND INTEGRATE SYSTEMS

    Get rid of one system, combine two, or connect many.

    Your ERP application portfolio consists of multiple apps serving the same functions.

    Consolidating your systems eliminates the need to manage multiple pieces of software that provide duplicate functionality. Reducing the number of ERP applications makes integration and data sharing simpler.

    INDICATORS

    POTENTIAL SOLUTIONS

    Technology Pain Points

    • Disparate and disjointed systems
    • Multiple systems supporting the same function
    • Unused software licenses
    • System consolidation
    • System and module integration
    • Assess usage and consolidate licensing

    Data Pain Points

    • Multiple versions of same data
    • Duplication of data entry in different modules or systems
    • Poor data quality
    • Centralize core records
    • Assign data ownership
    • Single-source data entry

    Alternative 3: Consolidate systems

    AUGMENT CURRENT SYSTEM

    Get rid of old disparate on-premise solutions.

    Consolidate into an up-to-date ERP solution.

    Standardize across the organization.

    Alternative Overview

    Initial Investment ($)

    High

    Risk

    Med

    Change Management

    Med

    Operating Costs ($)

    Med

    Alignment With Organizational Goals and ERP Strategy

    High

    Key Considerations

    • Now that I know my needs, where is the current system underused?
    • Do we have specialized needs?
    • Which functions can best enable the business?

    Advantages

    • Aligns the technology across the organization
    • Streamlining of processes
    • Opportunity for decreased costs
    • Easier to maintain
    • Modernizes the SAP portfolio
    • Easier to facilitate training
    • Incorporate best practice processes
    • Leverage out-of-the-box functionality

    Disadvantages

    • Unique needs of some business units may not be addressed
    • Will require change management and training
    • Deeper investment in SAP

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Option: Upgrade System

    Upgrade your system to address gaps in your existing processes and various pain points.

    REPLACE CURRENT SYSTEM

    Move to a new SAP solution

    You’re transitioning from an end-of-life legacy system. Your existing system offers poor functionality and poor integration. It would likely be more cost- and time-efficient to replace the application and its surrounding processes altogether. You are satisfied with SAP overall and want to continue to leverage your SAP relationships and investments.

    INDICATORS

    POTENTIAL SOLUTIONS

    Technology Pain Points

    • Obsolete or end-of-life technology portfolio
    • Lack of functionality and poor integration
    • Not aligned with technology direction or enterprise architecture plans
    • Evaluate the ERP technology landscape
    • Determine if you need to replace the current system with a point solution or an all-in-one solution
    • Align ERP technologies with enterprise architecture

    Data Pain Points

    • Limited capability to store and retrieve data
    • Understand your data requirements

    Process Pains

    • Insufficient tools to manage workflow
    • Review end-to-end processes
    • Assess user satisfaction

    Alternative 4: Upgrade System

    UPGRADE SYSTEM

    Upgrade your current SAP systems with SAP product replacements.

    Invest in SAP with the appropriate migration path for your organization.

    Alternative Overview

    Initial Investment ($)

    High

    Risk

    Med

    Change Management

    Med

    Operating Costs ($)

    Med

    Alignment With Organizational Goals and ERP Strategy

    High

    Key Considerations

    • Now that I know my needs, where is the current system underused?
    • Do we have specialized needs?
    • Which functions can best enable the business?

    Advantages

    • Aligns the technology across the organization
    • Opportunity for business transformation
    • Allows you to leverage your SAP and SI relationships
    • Modernizes your ERP portfolio
    • May offer you advantages around business transformation and process improvement
    • Opportunity for new hosting options
    • May offer additional opportunities for consolidation or business enablement

    Disadvantages

    • Big initiative
    • Costly
    • Adds business risk during ERP upgrade
    • May require a high amount of change management
    • Organization will have to build resources to support the replacement and ongoing support of the new product
    • Training will be required across business and IT
    • Integrations with other applications may need to be rebuilt

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Option: Replace your current system

    Replace your system to address gaps in your existing processes and various pain points.

    REPLACE CURRENT SYSTEM

    Start from scratch.

    You’re transitioning from an end-of-life legacy system. Your existing system offers poor functionality and poor integration. It would likely be more cost and time efficient to replace the application and its surrounding processes all together.

    INDICATORS

    POTENTIAL SOLUTIONS

    Technology Pain Points

    • Lack of functionality and poor integration
    • Obsolete technology
    • Not aligned with technology direction or enterprise architecture plans
    • Dissatisfaction with SAP and SI
    • Evaluate the ERP technology landscape
    • Determine if you need to replace the current system with a point solution or an all-in-one solution
    • Align ERP technologies with enterprise architecture

    Data Pain Points

    • Limited capability to store and retrieve data
    • Understand your data requirements

    Process Pains

    • Insufficient tools to manage workflow
    • Review end-to-end processes
    • Assess user satisfaction

    Alternative 5: Replace SAP with another ERP solution

    AUGMENT CURRENT SYSTEM

    Get rid of old disparate on-premises solutions.

    Consolidate into an up-to-date ERP solution.

    Standardize across the organization.

    Alternative Overview

    Initial Investment ($)

    High

    Risk

    Med

    Change Management

    Med

    Operating Costs ($)

    Med

    Alignment With Organizational Goals and ERP Strategy

    High

    Key Considerations

    • Do we have the appetite to walk away from SAP?
    • What opportunities are we looking for?
    • Are other ERP solutions better for our business?

    Advantages

    • Allows you to explore ERP options outside of SAP
    • Aligns the technology across the organization
    • Opportunity for business transformation
    • Allows you to move away from SAP
    • Modernizes your ERP portfolio
    • May offer you advantages around business transformation and process improvement
    • Opportunity for new hosting options
    • May offer additional opportunities for consolidation or business enablement

    Disadvantages

    • Big initiative
    • Costly
    • Adds business risk during ERP replacement
    • Relationships will have to be rebuilt with ERP vendor and SIs
    • May require a high amount of change management
    • Organization will have to build resources to support the replacement and ongoing support of the new product
    • Training will be required across business and IT
    • Integrations with other applications may need to be rebuilt

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Activity 4.1.1: Pick your path

    1.5 hours

    For each given path selected, identify:

    • Advantage
    • Disadvantages
    • Initial Investment ($)
    • Risk
    • Change Management
    • Operating Costs ($)
    • Alignment With ERP Objectives
    • Key Considerations
    • Timeframe

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of activity 4.1.1 pick your path.

    Download the Get the Most Out of Your SAP Workbook

    Pick the right SAP migration path for your organization

    There are three S/4HANA paths you can take to achieve your ideal future state. Make sure to pick the one that suits your needs as defined by your current state and meets your overall long-term roadmap.

    The image contains a diagram of the pathways that can be take from current state to future state. The options are: BEST PRACTICE QUICK WIN
(Public Cloud), AUGMENT BEST PRACTICE (Private Cloud), OWN FULL SOLUTION (On Premise)

    SAP S/4 HANA offerings can be confusing

    The image contains a screenshot that demonstrates the SAP S/4 Offerings.

    What is the cloud, how is it deployed, and how is service provided?

    The image contains a screenshot from the National Institute of Standards and Technology that describes the Cloud Characteristics, Service Model, and Delivery Model.

    A workload-first approach will allow you to take full advantage of the cloud’s strengths

    • Under all but the most exceptional circumstances good cloud strategies will incorporate different service models. Very few organizations are “IaaS shops” or “SaaS shops,” even if they lean heavily in a one direction.
    • These different service models (including non-cloud options like colocation and on-premises infrastructure) each have different strengths. Part of your cloud strategy should involve determining which of the services makes the most sense for you.
    • Own the cloud by understanding which cloud (or non-cloud!) offering makes the most sense for you, given your unique context.

    See Info-Tech’s Define Your Cloud Vision for more information.

    Cloud service models

    • This research focuses on five key service models, each of which has its own strengths and weaknesses. Moving right from “on-prem” customers gradually give up more control over their environments to cloud service providers.
    • An entirely premises-based environment means that the customer is responsible for everything ranging from the dirt under the datacenter to application-level configurations. Conversely, in a SaaS environment, the provider is responsible for everything but those top-level application configurations.
    • A managed service provider or other third-party can manage any or of the components of the infrastructure stack. A service provider may, for example, build a SaaS solution on top of another provider’s IaaS or offer configuration assistance with a commercially available SaaS.

    Info-Tech Insight

    Not all workloads fit well in the cloud. Many environments will mix service models (e.g. SaaS for some workloads, some in IaaS, some on-premises) and this can be perfectly effective. It must be consistent and intentional, however.

    The image contains a screenshot of cloud service models: On-prem, CoLo, laaS, PaaS, and SaaS

    Option: Best Practice Quick Win

    S/4HANA Cloud, Essentials

    Updates

    4 times a year

    License Model

    Subscription

    Server Platform

    SAP

    Platform Management

    SAP only

    Pre-Set Templates (industries)

    Not allowed

    Single vs. Multi-Tenant

    Multi-client

    Maintenance ALM Tool

    SAP ALM

    New Implementation

    This is a public cloud solution for new clients adopting SAP that are mostly looking for full functionality within best practice.

    Consider a full greenfield approach. Even for mid-size existing customers looking for a best-practice overhaul.

    Functionality is kept to the core. Any specialties or unique needs would be outside the core.

    Regional localization is still being expanded and must be evaluated early if you are a global company.

    Option: Augment Best Practice

    S/4HANA Cloud, Extended Edition

    Updates

    Every 1-2 years or up to client’s schedule

    License Model

    Subscription

    Server Platform

    AZURE, AWS, Google

    Platform Management

    SAP only

    Pre-Set Templates (industries)

    Coded separately

    Single vs. Multi-Tenant

    Single tenant

    Maintenance ALM Tool

    SAP ALM or SAP Solution Manager

    New Implementation With Client Specifics

    No longer available to new customers from January 25, 2022, though available for renewals.

    Replacement is called SAP Extended Services for SAP S/4HANA Cloud, private edition.

    This offering is a grey area, and the extended offerings are being defined.

    New S/4HANA Cloud extensibility is being offered to early adopters, allowing for customization within a separate system landscape (DTP) and aiming for an SAP Central Business Configuration solution for the cloud. A way of fine-tuning to meet customer-specific needs.

    Option: Augment Best Practice (Cont.)

    S/4HANA Cloud, Private Edition

    Updates

    Every 1-5 years or up to client’s schedule

    License Model

    Subscription

    Server Platform

    AZURE, AWS, Google

    Platform Management

    SAP only

    Pre-Set Templates (industries)

    Allowed

    Single vs. Multi-Tenant

    Single tenant

    Maintenance ALM Tool

    SAP ALM or SAP Solution Manager

    New Implementation With Client Specifics

    This is a private cloud solution for existing or new customers needing more uniqueness, though still looking to adopt best practice.

    Still considered a new implementation with data migration requirements that need close attention.

    This offering is trying to move clients to the S/4HANA Cloud with close competition with the Any Premise product offering. Providing client specific scalability while allowing for standardization in the cloud and growth in the digital strategy. All customizations and ABAP functionality must be revisited or revamped to fit standardization.

    Option: Own Full Solution

    S/4HANA Any Premise

    Updates

    Client decides

    License Model

    Perpetual or subscription

    Server Platform

    AZURE, AWS, Google, partner's or own server room

    Platform Management

    Client and/or partner

    Pre-Set Templates (industries)

    Allowed

    Single vs. Multi-Tenant

    Single tenant

    Maintenance ALM Tool

    SAP Solution Manager

    Status Quo Migration to S/4HANA

    This is for clients looking for a quick transition to S/4HANA with minimal risks and without immediate changes to their operations.

    Though knowing the direction with SAP is toward its cloud solution, this may be a long costly path to getting the that end state.

    The Any Premise version carries over existing critical ABAP functionalities, and the SAP GUI can remain as the user interface.

    Activity 4.1.2 (Optional) Evaluate optimization initiatives

    1 hour

    1. If there is an opportunity to optimize the current SAP environment or prepare for the move to a new platform, continue with this step.
    2. Valuate your optimization initiatives from tab 3.2 “Optimization Initiatives.”

    Consider: relevance to achieving goals, number of users, importance to role, satisfaction with features, usability, data quality

    Value Opportunities: increase revenue, decrease costs, enhanced services, reach customers

    Additional Factors:

    • Current to Future Risk Profile
    • Number of Departments to Benefit
    • Importance to Stakeholder Relations
    • Resources: Do we have resources available and the skillset?
    • Cost
    • Overall Effort Rating
    • "Gut Check: Is it achievable? Have we done it or something similar before? Are we willing to invest in it?"

    Prioritize

    • Relative priority
    • Determine if this will be included in your optimization roadmap
    • Decision to proceed
    • Next steps

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Activity 4.1.3 Roadmap building blocks: SAP migration

    1 hour

    Migration paths: Determine your migration path and next steps using the Activity 4.1.1 “SAP System Options.”

    1. Identify initiatives and next steps.
    2. For each item on your roadmap, assign an owner who will be accountable to the completion of the roadmap item.
    3. Wherever possible, assign a start date, month, or quarter. The more specific you can be the better.
    4. Identify completion dates to create a sense of urgency. If you are struggling with start dates, it can help to start with a finish date and “back in” to a start date based on estimated efforts.
    5. Include periphery tasks such as communication strategy.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Note: Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.

    The image contains a diagram of the pathways that can be take from current state to future state. The options are: BEST PRACTICE QUICK WIN
(Public Cloud), AUGMENT BEST PRACTICE (Private Cloud), OWN FULL SOLUTION (On Premise)

    Download the Get the Most Out of Your SAP Workbook

    Activity 4.1.4 Roadmap building blocks: SAP optimization

    1 hour

    Optimization initiatives: Determine which if any to proceed with.

    1. Identify initiatives.
    2. For each item on your roadmap, assign an owner who will be accountable to the completion of the roadmap item.
    3. Wherever possible, assign a start date, month, or quarter. The more specific you can be the better.
    4. Identify completion dates to create a sense of urgency. If you are struggling with start dates, it can help to start with a finish date and “back in” to a start date based on estimated efforts.
    5. Include periphery tasks such as communication strategy.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Note: Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.

    The image contains a screenshot of activity 4.1.4 SAP optimization.

    Download the Get the Most Out of Your SAP Workbook

    SAP optimization roadmap

    Initiative

    Owner

    Start Date

    Completion Date

    Create final workshop deliverable

    Info-Tech

    16 September 2021

    Review final deliverable

    Workshop sponsor

    Present to executive team

    October 2021

    Build business case

    CFO, CIO, Directors

    3 weeks to build

    3-4 weeks process time

    Build an RFI for initial costings

    1-2 weeks

    Stage 1 approval for requirements gathering

    Executive committee

    Milestone

    Determine and acquire BA support for next step

    1 week

    Requirements gathering – level 2 processes

    Project team

    1 week

    Build RFP (based on informal approval)

    CFO, CIO, Directors

    4th calendar quarter 2022

    Possible completion: January 2023

    2-4 weeks

    Data strategy optimization

    The image contains a graph to demonstrate the data strategy optimization.

    Activity 4.1.5 (Optional) Build a visual SAP roadmap

    1 hour

    1. For some, a visual representation of a roadmap is easier to comprehend. Consider taking the roadmap built in 4.1.4 and creating a visual.
    2. Record this information in the Get the Most Out of Your SAP Workbook.

      The image contains a screenshot of activity 4.1.5 build a visual SAP roadmap.

    Download the Get the Most Out of Your SAP Workbook

    SAP strategy roadmap

    The image contains a screenshot of the SAP strategy roadmap.

    Implementations Partners

    • Able to consult, migrate, implement, and manage the SAP S/4HANA business suite across industries.
    • Able to transform the enterprise’s core business system to achieve the desired outcome.
    • Capable in strategic planning, building business cases, developing roadmaps, cost and time analysis, deployment model (on-prem, cloud, hybrid model), database conversion, database and operational support, and maintenance services.

    Info-Tech Insight

    It is becoming a common practice for implementation partners to engage in a two- to three-month Discovery Phase or Phase 0 to prepare an implementation roadmap. It is important to understand how this effort is tied to the overall service agreement.

    The image contains several logos of the implementation partners: Atos, Accenture, Cognizant, EY, Infosys, Tech Mahindra, LTI, Capgemini, Wipro, IBM, tos.

    Summary of Accomplishment

    Get the Most Out of Your SAP

    ERP technology is critical to facilitating an organization’s flow of information across business units. It allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making. ERP implementation should not be a one-and-done exercise. There needs to be an ongoing optimization to enable business processes and optimal organizational results.

    Get the Most Out of Your SAP allows organizations to proactively implement continuous assessment and optimization of their enterprise resource planning system, including:

    • Alignment and prioritization of key business and technology drivers.
    • Identification of processes, including classification and gap analysis.
    • Measurement of user satisfaction across key departments.
    • Improved vendor relations.
    • Data quality initiatives.

    This formal SAP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Research Contributors

    The image contains a picture of Ben Dickie.

    Ben Dickie

    Research Practice Lead

    Info-Tech Research Group

    Ben Dickie is a Research Practice Lead at Info-Tech Research Group. His areas of expertise include customer experience management, CRM platforms, and digital marketing. He has also led projects pertaining to enterprise collaboration and unified communications.

    The image contains a picture of Scott Bickley.

    Scott Bickley

    Practice Lead and Principal Research Director

    Info-Tech Research Group

    Scott Bickley is a Practice Lead and Principal Research Director at Info-Tech Research Group focused on vendor management and contract review. He also has experience in the areas of IT asset management (ITAM), software asset management (SAM), and technology procurement along with a deep background in operations, engineering, and quality systems management.

    The image contains a picture of Andy Neil.

    Andy Neil

    Practice Lead, Applications

    Info-Tech Research Group

    Andy is a Senior Research Director, Data Management and BI, at Info-Tech Research Group. He has over 15 years of experience in managing technical teams, information architecture, data modeling, and enterprise data strategy. He is an expert in enterprise data architecture, data integration, data standards, data strategy, big data, and the development of industry standard data models.

    Bibliography

    Armel, Kate. "New Article: Data-Driven Estimation, Management Lead to High Quality." QSM: Quantitative Software Management, 14 May 2013. Accessed 4 Feb. 2021.

    Enterprise Resource Planning. McKinsey, n.d. Accessed 13 Apr. 2022.

    Epizitone, Ayogeboh. Info-Tech Interview, 10 May 2021.

    Epizitone, Ayogeboh, and Oludayo O. Olugbara. “Principal Component Analysis on Morphological Variability of Critical Success Factors for Enterprise Resource Planning.” International Journal of Advanced Computer Science and Applications (IJACSA), vol. 11, no. 5, 2020. Web.

    Gheorghiu, Gabriel. "The ERP Buyer’s Profile for Growing Companies." Selecthub, 2018. Accessed 21 Feb. 2021.

    Karlsson, Johan. "Product Backlog Grooming Examples and Best Practices." Perforce, 18 May 2018. Accessed 4 Feb. 2021.

    Lichtenwalter, Jim. “A look back at 2021 and a look ahead to 2022.” ASUG, 23 Jan. 2022. Web.

    “Maximizing the Emotional Economy: Behavioral Economics." Gallup, n.d. Accessed 21 Feb. 2021.

    Mell, Peter, and Timothy Grance. “The NIST Definition of Cloud Computing.” National Institute of Standards and Technology. Sept. 2011. Web.

    Norelus, Ernese, Sreeni Pamidala, and Oliver Senti. "An Approach to Application Modernization: Discovery and Assessment Phase," Medium, 24 Feb 2020. Accessed 21 Feb. 2021.

    “Process Frameworks." APQC, n.d. Accessed 21 Feb. 2021.

    “Quarterly number of SAP S/4HANA subscribers worldwide, from 2015 to 2021.” Statista, n.d. Accessed 13 Apr. 2022.

    Riley, L., C.Hanna, and M. Tucciarone. “Rightsizing SAP in these unprecedented times.” Upperedge, 19 May 2020.

    Rubin, Kenneth S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Pearson Education, 2012.

    “SAP S/4HANA Product Scorecard Report.” SoftwareReviews, n.d. Accessed 18 Apr. 2022.

    Saxena, Deepak, and Joe Mcdonagh. "Evaluating ERP Implementations: The Case for a Lifecycle-based Interpretive Approach." The Electronic Journal of Information Systems Evaluation, vol. 22, no. 1, 2019, pp. 29-37. Accessed 21 Feb. 2021.

    Smith, Anthony. "How To Create A Customer-Obsessed Company Like Netflix." Forbes, 12 Dec. 2017. Accessed 21 Feb. 2021.

    IT Strategy

    • Buy Link or Shortcode: {j2store}20|cart{/j2store}
    • Related Products: {j2store}20|crosssells{/j2store}
    • Up-Sell: {j2store}20|upsells{/j2store}
    • member rating overall impact: 9.3/10
    • member rating average dollars saved: $105,465
    • member rating average days saved: 35
    • Parent Category Name: Strategy and Governance
    • Parent Category Link: strategy-and-governance
    Success depends on IT initiatives clearly aligned to business goals.

    Define Service Desk Metrics That Matter

    • Buy Link or Shortcode: {j2store}491|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • Consolidate your metrics and assign context and actions to ones currently tracked.
    • Establish tension metrics to see and tell the whole story.
    • Split your metrics for each stakeholder group. Assign proper cadences for measurements as a first step to building an effective dashboard.

    Our Advice

    Critical Insight

    • Identify the metrics that serve a real purpose and eliminate the rest. Establish a formal review process to ensure metrics are still valid, continue to provide the answers needed, and are at a manageable and usable level.

    Impact and Result

    • Tracking goal- and action-based metrics allows you to make meaningful, data-driven decisions for your service desk. You can establish internal benchmarks to set your own baselines.
    • Predefining the audience and cadence of each metric allows you to construct targeted dashboards to aid your metrics analysis.

    Define Service Desk Metrics That Matter Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define Service Desk Metrics That Matter Storyboard – A deck that shows you how to look beyond benchmarks and rely on internal metrics to drive success.

    Deciding which service desk metrics to track and how to analyze them can be daunting. Use this deck to narrow down your goal-oriented metrics as a starting point and set your own benchmarks.

    • Define Service Desk Metrics That Matter Storyboard

    2. Service Desk Metrics Workbook – A tool to organize your service desk metrics.

    For each metric, consider adding the relevant overall goal, audience, cadence, and action. Use the audience and cadence of the metric to split your tracked metrics into various dashboards. Your final list of metrics and reports can be added to your service desk SOP.

    • Service Desk Metrics Workbook
    [infographic]

    Further reading

    Define Service Desk Metrics That Matter

    Look beyond benchmarks and rely on internal metrics to drive success.

    Analyst Perspective

    Don’t get paralyzed by benchmarks when establishing metrics

    When establishing a suite of metrics to track, it’s tempting to start with the metrics measured by other organizations. Naturally, benchmarking will enter the conversation. While benchmarking is useful, measuring you organization against others with a lack of context will only highlight your failures. Furthermore, benchmarks will highlight the norm or common practice. It does not necessarily highlight best practice.

    Keeping the limitations of benchmarking in mind, establish your own metrics suite with action-based metrics. Define the audience, cadence, and actions for each metric you track and pair them with business goals. Measure only what you need to.

    Slowly improve your metrics process over time and analyze your environment using your own data as your benchmark.

    Benedict Chang

    Research Analyst, Infrastructure & Operations

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Measure the business value provided by the service desk.
    • Consolidate your metrics and assign context and actions to ones currently tracked.
    • Establish tension metrics to see and tell the whole story.
    • Split your metrics for each stakeholder group. Assign proper cadences for measurements as a first step to building an effective dashboard or effective dashboards.

    Common Obstacles

    • Becoming too focused on benchmarks or unidimensional metrics (e.g. cost, first-contact resolution, time to resolve) can lead to misinterpretation of the data and poorly informed actions.
    • Sifting through the many sources of data post hoc can lead to stalling in data analysis or slow reaction times to poor metrics.
    • Dashboards can quickly become cluttered with uninformative metrics, thus reducing the signal-to-noise ratio of meaningful data.

    Info-Tech's Approach

    • Use metrics that drive productive change and improvement. Track only what you need to report on.
    • Ensure each metric aligns with the desired business goal, is action-based, and includes the answers to what, why, how, and who.
    • Establish internal benchmarks by analyzing the trends from your own data to set baselines.
    • Act on the results of your metrics by adjusting targets and measuring success.

    Info-Tech Insight

    Identify the metrics that serve a real purpose and eliminate the rest. Establish a formal review process to ensure metrics are still valid, continue to provide the answers needed, and are at a manageable and usable level.

    Improve your metrics to align IT with strategic business goals

    The right metrics can tell the business how hard IT works and how well they perform.

    • Only 19% of CXOs feel that their organization is effective at measuring the success of IT projects with their current metrics.
    • Implementing the proper metrics can facilitate communication between the business division and IT practice.
    • The proper metrics can help IT know what issues the business has and how the CEO and CIO should tackle them.
    • If the goals above resonate with your organization, our blueprint Take Control of Infrastructure and Operations Metrics will take you through the right steps.

    Current Metrics Suite

    19% Effective

    36% Some Improvement Necessary

    45% Significant Improvement Necessary

    Source: Info-Tech Research Group’s CEO/CIO Alignment Diagnostic, 2019; N=622

    CXOs stress that value is the most critical area for IT to improve in reporting

    • You most likely have to improve your metrics suite by addressing business value.
    • Over 80% of organizations say they need improvement to their business value metrics, with 32% of organizations reporting that significant improvement is needed.
    • Of course, measuring metrics for service desk operations is important, but don’t forget business-oriented metrics such as measuring knowledgebase articles written for shift-left enablement, cost (time and money) of service desk tickets, and overall end-user satisfaction.

    The image shows a bar graph with percentages on the Y-Acis, and the following categories on the X-Axis: Business value metrics; Stakeholder satisfaction reporting; Risk metrics; Technology performance & operating metrics; Cost & Salary metrics; and Ad hoc feedback from executives and staff. Each bar is split into two sections, with the blue section marked a Significant Improvement Necessary, and the purple section labelled Some Improvement necessary. Two sections are highlighted with red circles: Business Value metrics--32% blue; 52% purple; and Technology performance & operating metrics--23% blue and 51% purple.

    Source: Info-Tech Research Group’s CEO/CIO Alignment Diagnostic, 2019; N=622

    Benchmarking used in isolation will not tell the whole story

    Benchmarks can be used as a step in the metrics process

    They can be the first step to reach an end goal, but if benchmarks are observed in isolation, it will only highlight your failures.

    Benchmarking relies on standardized models

    This does not account for all the unique variables that make up an IT organization.

    For example, benchmarks that include cost and revenue may include organizations that prioritize first-call resolution (FCR), but the variables that make up this benchmark model will be quite different within your own organization.

    Info-Tech Insight

    Benchmarks reflect the norm and common practice, not best practice.

    Benchmarks are open to interpretation

    Taking the time to establish proper metrics is often more valuable time spent than going down the benchmark rabbit hole.

    Being above or below the norm is neither a good nor a bad thing.

    Determining what the results mean for you depends on what’s being measured and the unique factors, characteristics, and priorities in your organization.

    If benchmark data is a priority within your IT organization, you may look up organizations like MetricNet, but keep the following in mind:

    Review the collected benchmark data

    See where IT organizations in your industry typically stand in relation to the overall benchmark.

    Assess the gaps

    Large gaps between yourself and the overall benchmark could indicate areas for improvement or celebration. Use the data to focus your analysis, develop deeper self-awareness, and prioritize areas for potential concern.

    Benchmarks are only guidelines

    The benchmark source data may not come from true peers in every sense. Each organization is different, so always explore your unique context when interpreting any findings.

    Rely on internal metrics to measure and improve performance

    Measure internal metrics over time to define goals and drive real improvement

    • Internally measured metrics are more reliable because they provide information about your actual performance over time. This allows for targeted improvements and objective measurements of your milestones.
    • Whether a given metric is the right one for your service desk will depend on several different factors, including:
      • The maturity and capability of your service desk processes
      • The volume of service requests and incidents
      • The complexity of your environment when resolving tickets
      • The degree to which your end users are comfortable with self-service

    Take Info-Tech’s approach to metrics management

    Use metrics that drive productive change and improvement. Track only what you need to report on.

    Ensure each metric aligns with the desired business goal, is action-based, and includes the answers to what, why, how, and who.

    Establish internal benchmarks by analyzing the trends from your own data to set baselines.

    Act on the results of your metrics by adjusting targets and measuring success.

    Define action-based metrics to cut down on analysis paralysis

    Every metric needs to be backed with the following criteria:

    • Defining audience, cadence, goal, and action for each metric allows you to keep your tracked metrics to a minimum while maximizing the value.
    • The audience and cadence of each metric may allow you to define targeted dashboards.

    Audience - Who is this metric tracked for?

    Goal - Why are you tracking this metric? This can be defined along with the CSFs and KPIs.

    Cadence - How often are you going to view, analyze, and action this metric?

    Action - What will you do if this metric spikes, dips, trends up, or trends down?

    Activity 1. Define your critical success factors and key performance indicators

    Critical success factors (CSFs) are high-level goals that help you define the direction of your service desk. Key performance indicators (KPIs) can be treated as the trend of metrics that will indicate that you are moving in the direction of your CSFs. These will help narrow the data you have to track and action (metrics).

    CSFs, or your overall goals, typically revolve around three aspects of the service desk: time spent on tickets, resources spent on tickets, and the quality of service provided.

    1. As a group, brainstorm the CSFs and the KPIs that will help narrow your metrics. Use the Service Desk Metrics Workbook to record the results.
    2. Look at the example to the right as a starting point.

    Example metrics:

    Critical success factor Key performance indicator
    High End-User Satisfaction Increasing CSAT score on transactional surveys
    High end-user satisfaction score
    Proper resolution of tickets
    Low time to resolve
    Low Cost per Ticket Decreasing cost per ticket (due to efficient resolution, FCR, automation, self-service, etc.)
    Improve Access to Self-Service (tangential to improve customer service) High utilization of knowledgebase
    High utilization of portal

    Download the Service Desk Metrics Workbook

    Activity 2. Define action-based metrics that align with your KPIs and CSFs

    1. Now that you have defined your goals, continue to fill the workbook by choosing metrics that align with those goals.
    2. Use the chart below as a guide. For every metric, define the cadence of measurement, audience of the metric, and action associated with the metric. There may be multiple metrics for each KPI.
    3. If you find you are unable to define the cadence, audience, or action associated with a metric, you may not need to track the metric in the first place. Alternatively, if you find that you may action a metric in the future, you can decide to start gathering data now.

    Example metrics:

    Critical success factor Key performance indicator Metric Cadence Audience Action
    High End-User Satisfaction Increasing CSAT score on transactional surveys Monthly average of ticket satisfaction scores Monthly Management Action low scores immediately, view long-term trends
    High end-user satisfaction score Average end-user satisfaction score from annual survey Annually IT Leadership View IT satisfaction trends to align IT with business direction
    Proper resolution of tickets Number of tickets reopened Weekly Service Desk Technicians Action reopened tickets, look for training opportunities
    SLA breach rate Daily Service Desk Technicians Action reopened tickets, look for training opportunities
    Low time to resolve Average TTR (incidents) Weekly Management Look for trends to monitor resources
    Average TTR by priority Weekly Management Look for TTR solve rates to align with SLA
    Average TTR by tier Weekly Management Look for improperly escalated tickets or shift-left opportunities

    Download the Service Desk Metrics Workbook

    Activity 3. Define the data ownership, metric viability, and dashboards

    1. For each metric, define where the data is housed. Ideally, the data is directly in the ticketing tool or ITSM tool. This will make it easy to pull and analyze.
    2. Determine how difficult the metric will be to pull or track. If the effort is high, decide if the value of tracking the metric is worth the hassle of gathering it.
    3. Lastly, for each metric, use the cadence and audience to place the metric in a reporting dashboard. This will help divide your metrics and make them easier to report and action.
    4. You may use the output of this exercise to add your tracked metrics to your service desk SOP.
    5. A full suite of metrics can be found in our Infrastructure & Operations Metrics Library in the Take Control of Infrastructure Metrics Storyboard. The metrics have been categorized by low, medium, and advanced capabilities for you.

    Example metrics:

    Metric Who Owns the Data? Efforts to Track? Dashboards
    Monthly average of ticket satisfaction scores Service Desk Low Monthly Management Meeting
    Average end-user satisfaction score Service Desk Low Leadership Meeting
    Number of tickets reopened Service Desk Low Weekly Technician Standup
    SLA breach rate Service Desk Low Daily Technician Standup
    Average TTR (incidents) Service Desk Low Weekly Technician Standup
    Average TTR by priority Service Desk Low Weekly Technician Standup
    Average TTR by tier Service Desk Low Weekly Technician Standup
    Average TTR (SRs) Service Desk Low Weekly Technician Standup
    Number of tickets reopened Service Desk Low Daily Technician Standup

    Download the Service Desk Metrics Workbook

    Keep the following considerations in mind when defining which metrics matter

    Keep the customer in mind

    Metrics are typically focused on transactional efficiency and process effectiveness and not what was achieved against the customers’ need and satisfaction.

    Understand the relationships between performance and metrics management to provide the end-to-end service delivery picture you are aiming to achieve.

    Don’t settle for tool defaults

    ITSM solutions offer an abundance of metrics to choose from. The most common ones are typically built into the reporting modules of the tool suite.

    Do not start tracking everything. Choose metrics that are specifically aligned to your organization’s desired business outcomes.

    Establish tension metrics to achieve balance

    Don’t ignore the correlation and context between the suites of metrics chosen and how one interacts and affects the other.

    Measuring metrics in isolation may lead to an incomplete picture or undesired technician behavior. Tension metrics help complete the picture and lead to proper actions.

    Adjust those targets

    An arbitrary target on a metric that is consistently met month over month is useless. Each metric should inform the overall performance by combining capable service level management and customer experience programs to prove the value IT is providing to the organization.

    Related Info-Tech Research

    Standardize the Service Desk

    This project will help you build and improve essential service desk processes, including incident management, request fulfillment, and knowledge management, to create a sustainable service desk.

    Take Control of Infrastructure and Operations Metrics

    Make faster decisions and improve service delivery by using the right metrics for the job.

    Analyze Your Service Desk Ticket Data

    Take a data-driven approach to service desk optimization.

    IT Diagnostics: Build a Data-Driven IT Strategy

    Our data-driven programs ask business and IT stakeholders the right questions to ensure you have the inputs necessary to build an effective IT strategy.

    Build a Zero Trust Roadmap

    • Buy Link or Shortcode: {j2store}253|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $48,932 Average $ Saved
    • member rating average days saved: 42 Average Days Saved
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Many IT and security leaders struggle to understand zero trust and how best to deploy it with their existing IT resources.
    • The need to move from a perimeter-based approach to security toward an “Always Verify” approach is clear. The path to getting there is complex and expensive.
    • Zero trust as a principle is a moving target due to competing definitions and standards. A strategy that adapts evolving best practices must be supported by business stakeholders.
    • Full zero trust includes many components. Performing an accurate assessment of readiness and benefits to adopt zero trust can be extremely difficult when you don’t know where to start.

    Our Advice

    Critical Insight

    Apply zero trust to key protect surfaces. A successful zero trust strategy should evolve through an iterative and repeatable process by assessing the full spectrum of available technologies to apply zero trust principles to the most relevant protect surfaces.

    Impact and Result

    Every organization should have a zero trust strategy and the roadmap to deploy it must always be tested and refined. Our unique approach:

    • Assess resources and determine zero trust readiness.
    • Prioritize initiatives and build out roadmap.
    • Deploy zero trust and monitor with zero trust progress metrics.

    Build a Zero Trust Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a Zero Trust Roadmap Deck – The purpose of the storyboard is to provide a detailed description of the steps involving in building a roadmap for implementing zero trust.

    The storyboard contains five easy-to-follow steps on building a roadmap for implementing zero trust, from aligning initiatives to business goals to establishing metrics for measuring the progress and effectiveness of a zero trust implementation.

    • Build a Zero Trust Roadmap – Phases 1-5

    2. Zero Trust Protect Surface Mapping Tool – A tool to identify key protect surfaces and map them to business goals.

    Use this tool to develop your zero trust strategy by having it focus on key protect surfaces that are aligned to the goals of the business.

    • Zero Trust Protect Surface Mapping Tool

    3. Zero Trust Program Gap Analysis Tool – A tool to perform a gap analysis between the organization's current implementation of zero trust controls and its desired target state and to build a roadmap to achieve the target state.

    Use this tool to develop your zero trust strategy by creating a roadmap that is aligned with the current state of the organization when it comes to zero trust and its desired target state.

    • Zero Trust Program Gap Analysis Tool

    4. Zero Trust Candidate Solutions Selection Tool – A tool to identify and evaluate solutions for identified zero trust initiatives.

    Use this tool to develop your zero trust strategy by identifying the best solutions for zero trust initiatives.

    • Zero Trust Candidate Solutions Selection Tool

    5. Zero Trust Progress Monitoring Tool – A tool to identify metrics to measure the progress and efficiency of the zero trust implementation.

    Use this tool to develop your zero trust strategy by identifying metrics that will allow the organization to monitor how the zero trust implementation is progressing, and whether it is proving to be effective.

    • Zero Trust Progress Monitoring Tool

    6. Zero Trust Communication Deck – A template to present the zero trust template to key stakeholders.

    Use this template to present the zero trust strategy and roadmap to ensure all key elements are captured.

    • Zero Trust Communication Deck

    Infographic

    Workshop: Build a Zero Trust Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Business Goals and Protect Surfaces

    The Purpose

    Align business goals to protect surfaces.

    Key Benefits Achieved

    A better understanding of how business goals can map to key protect surfaces and their associated DAAS elements.

    Activities

    1.1 Understand business and IT strategy and plans.

    1.2 Define business goals.

    1.3 Identify five critical protect surfaces and their associated DAAS elements.

    1.4 Map business goals and protect surfaces.

    Outputs

    Mapping of business goals to key protect surfaces and their associated DAAS elements.

    2 Begin Gap Analysis

    The Purpose

    Identify and define zero trust initiatives.

    Key Benefits Achieved

    A list of zero trust initiatives to be prioritized and set into a roadmap.

    Activities

    2.1 Assess current security capabilities and define the zero trust target state for a set of controls.

    2.2 Identify tasks to close maturity gaps.

    2.3 Assign tasks to zero trust initiatives.

    Outputs

    Security capabilities current state assessment

    Zero trust target state

    Tasks to address maturity gaps

    3 Complete Gap Analysis

    The Purpose

    Complete the zero trust gap analysis and prioritize zero trust initiatives.

    Key Benefits Achieved

    A prioritized list of zero trust initiatives aligned to business goals and key protect surfaces.

    Activities

    3.1 Align initiatives to business goals and key protect surfaces.

    3.2 Conduct cost/benefit analysis on zero trust initiatives.

    3.3 Prioritize initiatives.

    Outputs

    Zero trust initiative list mapped to business goals and key protect surfaces

    Prioritization of zero trust initiatives

    4 Finalize Roadmap and Formulate Policies

    The Purpose

    Finalize the zero trust roadmap and begin to formulate zero trust policies for roadmap initiatives.

    Key Benefits Achieved

    A zero trust roadmap of prioritized initiatives.

    Activities

    4.1 Define solution criteria.

    4.2 Identify candidate solutions.

    4.3 Evaluate candidate solutions.

    4.4 Finalize roadmap.

    4.5 Formulate policies for critical DAAS elements.

    4.6 Establish metrics for high-priority initiatives.

    Outputs

    Zero trust roadmap

    Zero trust policies for critical protect surfaces

    Method for defining zero trust policies for candidate solutions

    Metrics for high-priority initiatives

    Further reading

    Build a Zero Trust Roadmap

    Leverage an iterative and repeatable process to apply zero trust to your organization.

    EXECUTIVE BRIEF

    Analyst Perspective

    Internet is the new corporate network.

    For the longest time we have focused on reducing the attack surface to deter malicious actors from attacking organizations, but I dare say that has made these actors scream “challenge accepted.” With sophisticated tools, time, and money in their hands, they have embarrassed even the finest of organizations. A popular hybrid workforce and rapid cloud adoption have introduced more challenges for organizations, as the security and network perimeter have shifted and the internet is now the corporate network. Suffice it to say that a new mindset needs to be adopted to stay on top of the game.

    The success of most attacks is tied to denial of service, data exfiltration, and ransom. A shift from focusing on the attack surface to the protect surface will help organizations implement an inside-out architecture that protects critical infrastructure, prevents the success of any attack, makes it difficult to gain access, and links directly to business goals.

    Zero trust principles aid that shift across several pillars (Identity, Device, Application, Network, and Data) that make up a typical infrastructure; hence, the need for a zero trust roadmap to accomplish that which we desire for our organization.

    Victor Okorie
    Senior Research Analyst, Security and Privacy
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Many IT and security leaders struggle to understand zero trust and how best to deploy it with their existing IT resources.
    • The need to move from a perimeter-based approach to security toward an “Always Verify” approach is clear. The path to getting there is complex and expensive.

    Common Obstacles

    • Zero trust as a principle is a moving target due to competing definitions and standards. A strategy that adapts evolving best practices must be supported by business stakeholders.
    • Full zero trust includes many components. Performing an accurate assessment of readiness and benefits to adopt zero trust can be extremely difficult when you don’t know where to start.

    Info-Tech’s Approach

    • Every organization should have a zero trust strategy and the roadmap to deploy it must always be tested and refined.
    • Our unique approach:
      • Assess resources and determine zero trust readiness.
      • Address barriers and identify enablers.
      • Prioritize initiatives and build out roadmap.
      • Identify most appropriate vendors via vendor selection framework.
      • Deploy zero trust and monitor with zero trust progress metrics.

    Info-Tech Insight

    A successful zero trust strategy should evolve through an iterative and repeatable process by assessing the full spectrum of available technologies to apply zero trust principles to the most relevant protect surfaces.

    Your challenge

    This research is designed to help organizations:

    • Understand what zero trust is and decide how best to deploy it with their existing IT resources. Zero trust is a set of principles that defaults to the highest level of security; a failed implementation can easily disrupt the business. A pragmatic zero trust implementation must be flexible and adaptable yet maintain a consistent level of protection.
    • Move from a perimeter-based approach to security toward an “Always Verify” approach. The path to getting there is complex without a clear understanding of desired outcomes. Focusing efforts on key protection gaps and leveraging capable controls in existing architecture allows for a repeatable process that carries IT, security, and the business along on the journey.

    On this zero trust journey, identify your valuable assets and zero trust controls to protect them.

    Top three reasons for building a zero trust strategy

    44%

    Reduce attacker’s ability to move laterally

    44%

    Enforce least privilege access to critical resources

    41%

    Reduce enterprise attack surface

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • Due to zero trust’s many components, performing an accurate assessment of readiness and benefits to adopt zero trust can be extremely difficult when you don’t know where to start.
      • To feel ready to implement and to understand the benefits of zero trust, IT must first understand what zero trust means to the organization.
    • Zero trust as a set of principles is a moving target, with many developing standards and competing technology definitions. A strategy built around evolving best practices must be supported by related business stakeholders.
      • To ensure support, IT must be able to “sell” zero trust to business stakeholders by illustrating the value zero trust can bring to business objectives.

    43%

    Organizations with a full implementation of zero trust saved 43% on the costs of data breaches.
    (Source: Teramind, 2021)

    96%

    Zero trust is considered key to the success of 96% of organizations in a survey conducted by Microsoft.
    (Source: Microsoft, 2021)

    What is zero trust?

    It depends on who you ask…

    • Vendors use zero trust as a marketing buzzword.
    • Organizations try to comprehend zero trust in their own limited views.
    • Zero trust regulations/standards are still developing.

    “A cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.”

    Source: NIST, SP 800-207: Zero Trust Architecture, 2020

    “An evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.”

    Source: DOD, Zero Trust Reference Architecture, 2021

    “A security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist both inside and outside traditional network boundaries.”

    Source: NSA, Embracing a Zero Trust Security Model, 2021

    “Zero trust provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.”

    Source: CISA, Zero Trust Maturity Model, 2021

    “The foundational tenet of the zero trust model is that no actor, system, network, or service operating outside or within the security perimeter is trusted.”

    Source: OMB, Moving the U.S. Government Toward Zero Trust Cybersecurity Principles, 2022

    What is zero trust?

    From Theoretical to Practical

    Zero trust is an ideal in the literal sense of the word, because it is a standard defined by its perfection. Just as nothing in life is perfect, there is no measure that determines an organization is absolutely zero trust. The best organizations can do is improve their security iteratively and get as close to ideal as possible.

    In the most current application of zero trust in the enterprise, a zero trust strategy applies a set of principles, including least-privilege access and per-request access enforcement, to minimize compromise to critical assets. A zero trust roadmap is a plan that leverages zero trust concepts, considers relationships between technical elements as well as security solutions, and applies consistent access policies to minimize areas of exposure.

    Zero Trust; Identity; Workloads & Applications; Network; Devices; Data

    Info-Tech Insight

    Solutions offering zero trust often align with one of five pillars. A successful zero trust implementation may involve a combination of solutions, each protecting the various data, application, assets, and/or services elements in the protect surface.

    Zero trust business benefits

    Reduce business and organizational risk

    Reduced business risks as continuous verification of identity, devices, network, applications, and data is embedded in the organizations practice.

    36% of data breaches involved internal actors.
    Source: Verizon, 2021

    Reduce CapEx and OpEx

    Reduced CapEx and OpEx due to the scalability, low staffing requirement, and improved time-to-respond to threats.
    Source: SecurityBrief - Australia, 2020.

    Reduce scope and cost of compliance

    Helps achieve compliance with several privacy standards and regulations, improves maturity for cyber insurance premium, and fewer gaps during audits.

    Scope of compliance reduced due to segmentation.

    Reduce risk of data breach

    Reduced risk of data breach in any instance of a malicious attack as there’s no lateral movement, secure segment, and improved visibility.

    10% Increase in data breach costs; costs went from $3.86 million to $4.24 million.
    Source: IBM, 2021

    This is an image of a thought map detailing Info-Tech's Build A Zero Trust Roadmap.  The main headings are: Define; Design; Develop; Monitor

    Info-Tech’s methodology for Building a Zero Trust Roadmap

    1. Define Business Goals and Protect Surfaces

    2. Assess Key Capabilities and Identify Zero Trust Initiatives

    3. Evaluate Candidate Solutions and Finalize Roadmap

    4. Formulate Policies for Roadmap Initiatives

    5. Monitor the Zero Trust Roadmap Deployment

    Phase Steps

    Define business goals

    Identify critical DAAS elements

    Map business goals to critical DAAS elements

    1. Review the Info-Tech framework
    2. Assess current capabilities and define the zero trust target state
    3. Identify tasks to close gaps
    4. Define tasks and initiatives
    5. Align initiatives to business goals and protect surfaces
    1. Define solution criteria
    2. Identify candidate solutions
    3. Evaluate candidate solutions
    4. Perform cost/benefit analysis
    5. Prioritize initiatives
    6. Finalize roadmap
    1. Formulate policies for critical DAAS elements
    2. Formulate policies to secure a path to access critical DAAS elements
    1. Establish metrics for roadmap tasks
    2. Track and report metrics
    3. Build a communication deck

    Phase Outcomes

    Mapping of business goals to protect surfaces

    Gap analysis of security capabilities

    Evaluation of candidate solutions and a roadmap to close gaps

    Method for defining zero trust policies for candidate solutions

    Metrics for measuring the progress and efficiency of the zero trust implementation

    Protect what is relevant

    Apply zero trust to key protect surfaces

    A successful zero trust strategy should evolve through an iterative and repeatable process by assessing the full spectrum of available technologies to apply zero trust principles to the most relevant protect surfaces.

    Align protect surfaces to business objectives

    Developing a zero trust roadmap collaboratively with business stakeholders enables alignment with upcoming business priorities and industry trends.

    Identify zero trust capabilities

    Deriving protect surface elements from business goals reframes how security controls are applied. Assess control effectiveness in this context and identify zero trust capabilities to close any gaps.

    Roadmap first, not solution first

    Don’t let your solution dictate your roadmap. Define your zero trust solution criteria before engaging in vendor selection.

    Create enforceable policies

    The success of a zero trust implementation relies on consistent enforcement. Applying the Kipling methodology to each protect surface is the best way to design zero trust policies.

    Success should benefit the organization

    To measure the efficacy of a zero trust implementation, ensure you know what a successful zero trust implementation means for your organization, and define metrics that demonstrate whether that success is being realized.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Zero Trust Communication Deck

    Present your zero trust strategy in a prepopulated document that summarizes the work you have completed as a part of this blueprint.

    Zero Trust Protect Surface Mapping Tool

    Identify critical and vulnerable DAAS elements to protect and align them to business goals.

    Zero Trust Program Gap Analysis Tool

    Perform a gap analysis between current and target states to build a zero trust roadmap.

    Zero Trust Candidate Solutions Selection Tool

    Determine and evaluate candidate solutions based on defined criteria.

    Zero Trust Progress Monitoring Tool

    Develop metrics to track the progress and efficiency of the organization’s zero trust implementation.

    Blueprint benefits

    IT Benefits

    • A mapped transaction flow of critical and vulnerable assets and visibility of where to implement security controls that aligns with the principle of zero trust.
    • Improved security posture across the digital attack surface while focusing on the protect surface.
    • An inside-out architecture that leverages current existing architecture to tighten security controls, is automated, and gives granular visibility.

    Business Benefits

    • Reduced business risks as continuous verification of identity, devices, network, applications, and data is embedded in the organization’s practice.
    • Reduced CapEx and OpEx due to the scalability, low staffing requirement, and improved time-to-respond to threats.
    • Helps achieve compliance with several privacy standards and regulations, improves maturity for cyber insurance premium, and fewer gaps during audits.
    • Reduced risk of data breach in any instance of a malicious attack.

    Measure the value of this blueprint

    Save an average of $1.76 million dollars in the event of a data breach

    • This research set seeks to help organizations develop a mature zero trust implementation which, according to IBM’s “Cost of a Data Breach 2021 Report,” saves organizations an average of $1.76 million in the event of a data breach.
    • Leverage phase 5 of this research to develop metrics to track the implementation progress and efficacy of zero trust tasks.

    43%

    Organizations with a mature implementation of zero trust saved 43%, or $1.76 million, on the costs of data breaches.
    Source: IBM, 2021

    In phase 2 of this blueprint, we will help you establish zero trust implementation tasks for your organization.

    In phase 3, we will help you develop a game plan and a roadmap for implementing those tasks.

    This image contains a screenshot info-tech's methodology for building a zero-trust roadmap, discussed earlier in this blueprint

    Executive Brief Case Study

    National Aeronautics and Space Administration (NASA)

    INDUSTRY: Government

    SOURCE: Zero Trust Architecture Technical Exchange Meeting

    NASA recognized the potential benefits of both adopting a zero trust architecture (including aligning with OMB FISMA and DHS CDM DEFEND) and improving NASA systems, especially those related to user experience with dynamic access, application security with sole access from proxy, and risk-based asset management with trust score. The trust score is continually evaluated from a combination of static factors, such as credential and biometrics, and dynamic factors, such as location and behavior analytics, to determine the level of access. The enhanced access mechanism is projected on use-case flows of users and external partners to analyze the required initiatives.

    The lessons learned in adapting zero trust were:

    • Focus on access to data, assets, applications, and services; and don’t select solutions or vendors too early.
    • Provide support for mobile and external partners.
    • Complete zero trust infrastructure and services design with holistic risk-based management, including network access control with software-defined networking and an identity management program.
    • Develop a zero trust strategy that aligns with mission objectives.

    Results

    NASA implemented zero trust architecture by leveraging the agency existing components on a roadmap with phases related to maturity. The initial development includes privileged access management, security user behavior analytics, and a proof-of-concept lab for evaluating the technologies.
    Case Study Source: NASA, “Planning for a Zero Trust Architecture Target State,” 2019

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5
    Call #1:
    Scope requirements, objectives, and your specific challenges.

    Call #3:
    Define current security capabilities and zero trust target state.

    Call #5:

    Identify and evaluate solution criteria.

    Call #7:
    Create a process for formulating zero trust policies.

    Call #8:
    Establish metrics for assessing the implementation and effectiveness of zero trust.

    Call #2:
    Identify business goals and protect surfaces.

    Call #4:
    Identify gap-closing tasks and assign to zero trust initiatives.

    Call #6:
    Prioritize zero trust initiatives.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
    A typical GI is between 8 to 12 calls over the course of 2 to 4 months.

    Workshop Overview

    Contact your account representative for more information.workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5

    Define Business Goals and Protect Surfaces

    Begin Gap Analysis

    Complete Gap Analysis

    Finalize Roadmap and Formulate Policies

    Next Steps and
    Wrap-Up (offsite)

    Activities

    1.1 Understand business and IT strategy and plans.

    1.2 Define business goals.

    1.3 Identify five critical protect surfaces and their associated DAAS elements.

    1.4 Map business goals and protect surfaces.

    2.1 Assess current security capabilities and define the zero Trust target state for a set of controls.

    2.2 Identify tasks to close maturity gaps.

    2.3 Assign tasks to zero trust initiatives.

    3.1 Align initiatives to business goals and key protect surfaces.

    3.2 Conduct cost/benefit analysis on zero trust initiatives.

    3.3 Prioritize initiatives.

    4.1 Define solution criteria.

    4.2 Identify candidate solutions.

    4.3 Evaluate candidate solutions.

    4.4 Finalize roadmap.

    4.5 Formulate policies for critical DAAS elements.

    4.6 Establish metrics for high-priority initiatives.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables
    1. 1.Mapping of business goals to key protect surfaces and their associated DAAS elements
    1. Security capabilities current state assessment
    2. Zero trust target state
    3. Tasks to address maturity gaps
    1. Zero trust initiative list mapped to business goals and key protect surfaces
    2. Prioritization of zero trust initiatives
    1. Zero trust roadmap
    2. Zero trust policies for critical protect surfaces
    3. Method for defining zero trust policies for candidate solutions
    4. Metrics for high-priority initiatives
    1. Zero trust roadmap documentation
    2. Mapping of Info-Tech resources against individual initiatives

    Phase 1

    Define Business Objectives and Protect Surfaces

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Identify and define the business goals.
    • Identify the critical DAAS elements and protect surface.
    • Align the business goals to the protect surface and critical DAAS elements.

    This phase involves the following participants:

    • Security Team
    • Business Executives
    • Subject Matter Experts From IT, Finance, HR, Legal, Facilities, Compliance, Audit, Risk Management

    Analyze your business goals

    Identifying business goals is the first step in aligning your zero trust roadmap with your business’ vision.

    • Security leaders need to understand the direction the business is headed in.
    • Wise security investments depend on aligning your security initiatives to business objectives.
    • Zero trust, and information security at large, should contribute to your organization’s business objectives by supporting operational performance, ensuring brand protection and shareholder value.
      • For example, if the organization is working on a new business initiative that requires the handling of credit card payments, the security organization needs to know as soon as possible to ensure the zero trust architecture will be extended to protect the PCI data and enable the organization to be PCI compliant.

      Info-Tech Insight

      Security and the business need to be in alignment when implementing zero trust. Defining the business goal helps rationalize the need for a zero trust implementation.

    1.1 Define your organization’s business goals

    Estimated time 1-3 hours

    1. As a group, brainstorm the business goals of the organization.
    2. Review relevant business and IT strategies.
    3. Review the business goal definitions in tab “2. Business Objectives” of the Zero Trust Protect Surface Mapping Tool, including the key goal indicator metrics.
    4. Record the most important business goals in the Business Goal column on tab “3. Protect Surfaces” of the Zero Trust Protect Surface Mapping Tool. Try to limit the number of business goals to no more than five primary goals. This limitation will be critical to help map the protect surface and the zero trust roadmap later.

    Input

    • Business and IT strategies

    Output

    • Prioritized list of business objectives

    Materials

    • Whiteboard/Flip Charts
    • Zero Trust Protect Surface Mapping Tool

    Participants

    • Security Team
    • IT Leadership
    • Business Stakeholders
    • Risk Management
    • Compliance
    • Legal

    Download the Zero Trust Protect Surface Mapping Tool

    Info-Tech Insight

    Developing a zero trust roadmap collaboratively with business stakeholders enables alignment with upcoming business priorities and industry trends.

    What does zero trust mean for you?

    For a successful implementation, focus on your zero trust outcome.

    This image describes the Who, What, When, Where, Why, and How for Zero Trust.

    Regardless of whether the user is accessing resources internally or externally, zero trust is posed to authenticate, authorize, and continuously verify the security policies and posture before access is granted or denied. Many network architecture can be local, cloud based, or hybrid and with users working from any location, there is no network perimeter as we knew it and the internet is now the corporate network.

    Zero trust framework seeks to extend the perimeter-less security to the present digital transformation.

    Understand protect surface

    Data, Application, Asset, and Services

    A protect surface can be described as what’s critical, most vulnerable, or most valuable to your organization. This protect surface could include at least one of the following – data, assets, applications, and services (DAAS) – that requires protection. This is also the area that zero trust policy is aimed to protect. Understanding what your protect surface is can help channel the required energy into protecting that which is crucial to the business, and this aligns with the shift from focusing on the attack surface to narrowing it down to a smaller and achievable area of protection.

    Anything and everything that connects to the internet is a potential attack surface and pursuing every loophole will leave us one step behind due to lack of resources. Since a protect surface contains one or more DAAS element, the micro-perimeter is created around it and the appropriate protection is applied around it. As a team, we can ask ourselves this question when thinking of our protect surface: to what degree does my organization want me to secure things? The knowledge of the answer to this question can be tied to the risk tolerance level of the organization and it is only fair for us to engage the business in identifying what the protect surface should be.

    Components of a protect surface

    • Data
    • Application
    • Asset
    • Services

    Info-Tech Insight

    The protect surface is a shift from focusing on the attack surface. DAAS elements show where the initiatives and controls associated with the zero trust pillars (Identity, Devices, Network, Application, and Data) need to be applied.

    Sample Scenario

    INDUSTRY: Healthcare

    SOURCE: Info-Tech Research Group

    Illustration

    A healthcare provider would consider personal health information a critical resource worthy of being protected against data exfiltration due to a host of reasons including but not limited to privacy regulations, loss of revenue, legal, and reputational loss; hence, this would be considered a protect surface.

    • What is the data that can’t be risked exfiltrated?
    • What application(s) is used to access this data?
    • What assets are used to generate and store the data?
    • What are the services we rely on to be able to access the data?

    DAAS Element

    • The data here is the patient information.
    • The application used to access the personal health information would be EPIC, OR list, and any other application used in that organization.
    • The assets used to store the data and generate the PHI would include physical workstations, medical scanners, etc.
    • The services that can be exploited to disrupt the operation or used to access the data would include active directory, single sign-on, etc.

    DAAS and Zero Trust Pillar

    This granular identification provides an opportunity to not only see what the protect surface and DAAS elements are but also understand where to apply security controls that align with the principle of zero trust as well as how the transaction flows. The application pillar initiatives will provide protection to the EPIC application and the device pillar initiatives will provide protection to the workstations and physical scanners. The identity pillar initiatives will apply protection to the active directory, and single sign-on services. The zero trust pillar initiatives align with the protection of the DAAS elements.

    Shift from attack surface to protect surface

    This image contains a screenshot of the thought map: Shift from attack surface to protect surface.  Go from complex to a micro perimeter approach.

    Info-Tech Insight

    The protect surface is a shift from focusing on the attack surface as it creates a micro-perimeter for the application of zero trust policies on the system. This drastically reduces the success of an attack whether internally or externally, reduces the attack surface, and is also repeatable.

    1.2 Identify critical DAAS elements

    Estimated time 1-3 hours

    1. As a group, brainstorm and identify critical, valuable, sensitive assets or resources requiring high availability in the organization. Each DAAS element is part of a protect surface, or sometimes, the DAAS element itself is a protect surface.
    • Data – The sensitive data that poses the greatest risk if exfiltrated or misused. What data needs to be protected?
    • Applications – The applications that use sensitive data or control critical assets. Which applications are critical for your business functions?
    • Assets – Physical or virtual assets, including an organization’s information technology (IT), operational technology (OT), or Internet of Things devices.
    • Services – The services an organization most depends on. Services that can be exploited to disrupt normal IT or business operations.
  • Record the critical DAAS elements and protect surface in their respective columns of the Zero Trust Protect Surface Mapping Tool. Try to limit the number of business goals to no more than five primary protect surfaces to match with the business goals.
  • Download the Zero Trust Protect Surface Mapping Tool

    Input

    • Critical resources to protect
    • Understanding of how they interoperate or connect

    Output

    • Protect surfaces

    Materials

    • Whiteboard/Flip Charts
    • Zero Trust Protect Surface Mapping Tool

    Participants

    • Security Team
    • IT Leadership
    • Business Stakeholders

    1.3 Map business goals to critical DAAS elements

    Estimated time 1-2 hours

    1. The protect surface will be generated from the critical DAAS elements as a standalone protect surface or a group of interconnected DAAS elements merged into one.
    • Each protect surface can be tied back to a business objective.
  • Select from the drop-down list of business objectives the option that fits the identified protect surface as it relates to the organization.
    • Type in your business objectives if the drop-down list does not apply.

    Download the Zero Trust Protect Surface Mapping Tool

    This image contains a screenshot from the Zero Trust Protect Surface Mapping Tool, with the following columns highlighted: Business Goal Name; Protect Surface Name

    Phase 2

    Assess Key Capabilities and Identify Zero Trust Initiatives

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Assess the organization’s current capabilities.
    • Define the zero trust target state.
    • Identify tasks to close gaps
    • Define zero trust initiatives and align zero trust initiatives to business goals and protect surfaces.

    This phase involves the following participants:

    • Security Team
    • Subject Matter Experts From IT, Finance, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    The Info-Tech Zero Trust Framework

    Info-Tech’s Zero Trust Framework aligns with zero trust references, including:

    • ACT Zero Trust Cybersecurity Current Trends. 2019
    • NIST SP 800-207: Zero Trust Architecture. 2020
    • DOD Zero Trust Reference Architecture. 2021
    • NSA Embracing a Zero Trust Security Model. 2021
    • CISA Zero Trust Maturity Model. 2021
    • Executive Order (EO) 14028: Improving the Nation’s Cybersecurity, The White House. 2021
    • OMB Moving the U.S. Government Toward Zero Trust Cybersecurity Principles. 2022
    • NSTAC Zero Trust and Trusted Identity Management. 2022
    • NIST SP 800-53 r5: Security and Privacy Controls for Information Systems and Organizations

    Identity

    • Authentication
    • Authorization
    • Privileged Access Management

    Applications

    • Software Defined Compute
    • DevSecOps
    • Software Supply Chain

    Devices

    • Authentication
    • Authorization
    • Compliance

    Networks

    • Software Defined Networking
    • Macro Segmentations
    • Micro Segmentation

    Data

    • Software Defined Storage
    • Data Loss Prevention
    • Data Rights Management

    Info-Tech Insight

    A best-of-breed approach ensures holistic coverage of your zero trust program while refraining from locking you into a specific reference.

    2.1 Review the Info-Tech framework

    Estimated time 30-60 minutes

    1. As a group, have the team review the framework within the Zero Trust Program Gap Analysis Tool.
    2. Customize the tool as required using the instructions in tab “2. Setup”:
    • Define costing criteria
    • Define benefits criteria
    • Configure full-time equivalent hours and start year
    • Input business goals as mapped to protect surfaces (see next slide)

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • Protect surfaces mapped to business objectives

    Output

    • Customized framework

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT

    2.1.1 Input business goals as mapped to protect surfaces

    Refer to the Protect Surface Mapping Tool, copy the following elements from the Protect Surface tab.

    1. Enter Business Goals.
    2. Enter Protect Surfaces.
    3. Enter Data.
    4. Enter Application.
    5. Enter Assets.
    6. Enter Services.

    This image contains a screenshot from Info-Tech's Zero Trust Program Gap Analysis Tool.  The Column headings are labeled as follows: 1: Business Goal Name; 2: Protect Surface; 3: DATA; 4: APPLICATION; 5: ASSETS; 6: SERVICES

    Info-Tech Insight

    Deriving protect surface elements from business goals reframes how security controls are applied. Assess control effectiveness in this context and identify zero trust capabilities to close any gaps.

    2.2 Assess current capabilities and define zero trust target state

    Estimated time 6-12 hours

    1. Using the Zero Trust Program Gap Analysis Tool, review each of the controls in the Gap Analysis tab.
    2. Follow the instructions on the next slides to complete your current-state and target-state assessment.
    3. For most organizations, multiple internal subject matter experts will need to be consulted to complete the assessment.

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • Protect surfaces mapped to business objectives
    • Information on current state of controls, including sources such as audit findings, vulnerability and penetration test results, and risk registers

    Output

    • Current-state and target-state assessment for gap analysis

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management

    Understanding security target states

    Maturity models are very effective for determining target states. This table provides general descriptions for each maturity level. As a group, consider which description most accurately reflects the ideal target state in your organization.

    AD HOC 01

    Initial/ad hoc security programs are reactive. Lacking strategic vision, these programs are less effective and less responsive to the needs of the business.

    DEVELOPING 02

    Developing security programs can be effective at what they do but are not holistic. Governance is largely absent. These programs tend to rely on the talents of individuals rather than a cohesive plan.

    DEFINED 03

    A defined security program is holistic, documented, and proactive. At least some governance is in place; however, metrics are often rudimentary and operational in nature. These programs still often rely on best practices rather than strong risk management.

    MANAGED 04

    Managed security programs have robust governance and metrics processes. Management and board-level metrics for the overall program are produced. These are reviewed by business leaders and drive security decisions. More mature risk management practices take the place of best practices.

    OPTIMIZED 05

    An optimized security program is based on strong risk management practices, including the production of key risk indicators (KRIs). Individual security services are optimized using key performance indicators (KPIs) that continually measure service effectiveness and efficiency.

    2.2.1 Conduct current-state assessment

    1. Carefully review each of the controls in the Gap Analysis tab that are needed for the protect surfaces. For each control, indicate the current maturity level of the organization. The tool uses the maturity levels of the CMMI model to score maturity.
    • Only use “N/A” if you are confident that the control is not required in your protect surfaces. For example, if the protect surfaces do not require or use software-defined computing, select “N/A” for any controls related to software-defined computing.
  • Provide comments to describe your current state. This step is optional but recommended as it may be important to record this information for future reference.
  • Select the target maturity for the control.
  • This image contains a screenshot from Info-Tech's Zero Trust Program Gap Analysis Tool, with the following column headings highlighted and numbered: 1: Current Maturity; 2: Current State Comments (optional); Target Maturity

    Make sure that the gap between target state and current state is achievable for the current zero trust roadmap. For instance, if you set your current maturity to 1 – Ad Hoc, then having a target maturity of 4 – Managed or 5 – Optimized is not recommended due to the big jump.

    2.2.2 Review the Gap Analysis Dashboard

    1. Use the Dashboard to map your progress on assessing current- and future-state maturities. As you fill out the Zero Trust Program Gap Analysis Tool, check with the Dashboard to see the difference between your current and target state.
    2. Use the color-coded legend to see the size of the gap between your current and target state.
    3. Zero trust processes that appear white have not yet been assessed or are rated as “N/A.”
    this image contains a screenshot of Info-tech's Zero-Trust framework discussed earlier in this blueprint, with the addition of a legend demonstrating how to use the gap analysis tool to identify the size of the gap between current and target states

    2.3 Identify tasks to close gaps

    Estimated time 5 hours

    1. Using the Zero Trust Program Gap Analysis Tool, review each of the controls in the Gap Analysis tab.
    2. Follow the instructions on the next slides to identify gap closure tasks for each control that requires improvement.
    3. For most organizations, multiple internal subject matter experts will need to be consulted to complete the assessment.

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • Zero trust controls gap information

    Output

    • Gap closure task list

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management

    2.3 Identify tasks to close gaps (cont.)

    1. For each of the controls where there is a gap between the current and target state, a gap closure task should be identified:
    • Review the example tasks and copy one or more of them if appropriate. Otherwise, enter your own gap closure task.
  • Considerations for identifying gap closure tasks:
    • In small groups, have participants ask, “what would we have to do to achieve the target state?” Document these in the Gap Closure Tasks column.
    • The example gap closure tasks may be appropriate for your organization, but do not simply copy them without considering whether they are right for you.
    • Not all gaps require their own task. You can enter one task that may address multiple gaps.
    • Be aware that tasks that are along the lines of “investigate and make recommendations” may not fully close maturity gaps.
    this image contains a screenshot from Info-Tech's Zero Trust Program Gap Analysis Tool, with the following column heading highlighted and numbered: 1: Gap Closure Tasks

    Make sure that the Gap Closure Tasks are SMART (Specific, Measurable, Achievable, Realistic, Timebound).

    2.4 Define tasks and initiatives

    Estimated time 2-4 hours

    1. As a group, review the gap tasks identified in the Gap Analysis tab.
    2. Using the instructions on the following slides, finalize your tab “5. Task List.”
    3. Using the instructions on the following slides, review and consolidate your tab “6. Initiative List.”

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • Gap analysis

    Output

    • Refined list of tasks
    • List of zero trust initiatives

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management
    • Project Management Office

    2.4.1 Finalize your task list

    1. Define the gap closure task list in tab “5. Task List”:
      1. Obtain a list of all your tasks from Gap Closure Tasks column in tab “3. Gap Analysis.”
      2. Paste the list into the table in tab “5. Task List,” Task column.
    • Use Paste Values to retain the table formatting.
  • Consolidate tasks into initiatives when:
      • They have costs associated with them.
      • They require initial effort to implement and ongoing effort to maintain.
      • They must be accomplished dependently of other tasks.
    1. For each new initiative, create the initiative name on Initiative Name column in the tab “6. Initiative List.”
  • For tasks which are not incorporated into initiatives, enter a task owner and due date for each task.
  • this image contains a screenshot from Info-Tech's Zero Trust Gap analysis Tool with the following column headings highlighted and numbered: 1: Task; 2: Initiative Name; 3: (Task Owner; Due Date)

    Example: Initiative consolidation

    In the example below, we see three gap closure tasks within the Authentication process for the Identity pillar being consolidated into a single initiative “IAM modernization.”

    We can also see three gap closure tasks within the Micro Segmentation process for the Network pillar being grouped into another initiative “Network segmentation.”

    This image contains an example of Initiative Consolidation

    Info-Tech Insight

    As you go through this exercise, you may find that some tasks that you previously defined could be consolidated into an initiative.

    2.4.2 Finalize your initiative list

    1. As you go through this exercise, you may find that some tasks that you previously defined could be consolidated into an initiative.
    2. Review your final list of initiatives in tab “6. Initiative List” and make any required updates.
      1. Optionally, add a description or paste in a list of the individual gap closure actions that are associated with the initiative. This will make it easier to perform the cost and benefit analysis.
    3. Obtain a list of all gap closure tasks associated with an initiative by filtering the Initiative Name column in the Task List tab.
    4. Indicate the most appropriate pillar alignment for each initiative using the drop-down list.
      1. Refer to tab “5. Task List” for the pillar associated with an initiative under the Initiative Name column.

    This image contains a screenshot from Info-Tech's Zero Trust Program Gap Analysis Tool, the following column headings are numbered and highlighted: 1: Initiative Name; 2: Description; 3: Pillar

    If the list of tasks is too long for the Description column, then you can also shorten the name of the tasks or group several tasks to a more general task.

    2.5 Align initiatives to business goals and protect surfaces

    Estimated time 30-60 minutes

    1. Using the instructions on the following slides, align initiatives to business goals in tab “6. Initiative List.”
    2. Using the instructions on the following slides, align initiatives to protect surfaces in tab “6. Initiative List.”

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • List of zero trust initiatives
    • Protect surfaces mapped to business objectives

    Output

    • List of zero trust initiatives aligned to business goals and protect surfaces

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management
    • Project Management Office

    2.5.1 Align initiatives to business goals

    1. Indicate the most appropriate business goal(s) alignment for each initiative using the drop-down list in “Selection for Business Goal(s)” column.
      1. Use the legend to determine the most appropriate business goal(s).
    2. After that copy the selected business goal(s) to Business Goal(s) Alignment column.
    3. Then reset the selection using the blank cell in Selection for Business Goal(s) column.
    This image contains a screenshot from the Zero Trust Program Gap Analysis Tool, with the following column headings numbered: 1: Selection for Business Goal(s); Business Goals Alignment; 3: Selection for Business Goals

    2.5.2 Align initiatives to protect surfaces

    1. Indicate the most appropriate protect surface(s) for each initiative using the drop-down list in Selection for Protect Surface(s) column.
      1. Use the legend to determine the most appropriate protect surface(s).
    2. After that copy the selected protect surface(s) to Protect Surface(s) Coverage column.
    3. Reset the selection using the blank cell in Selection for Protect Surface(s) column.
    This image contains a screenshot from the Zero Trust Program Gap Analysis Tool, with the following column headings numbered: 1: Description; 2: Protect Surfaces Covered; 3: Selection for Protect Surfaces

    Phase 3

    Evaluate Candidate Solutions and Finalize Roadmap

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Define solution criteria.
    • Identify candidate solutions.
    • Evaluate candidate solutions.
    • Perform cost/benefit analysis.
    • Prioritize initiatives and build roadmap.

    This phase involves the following participants:

    • Security Team
    • Subject Matter Experts From IT, Finance, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    3.1 Define solution criteria

    Estimated time 30-60 minutes

    1. As a group, review the scoring system within the Zero Trust Candidate Solutions Selection Tool.
    2. Customize the tool as required using the instructions on the following slides.

    Info-Tech Insight

    Don’t let your solution dictate your roadmap. Define your zero trust solution criteria before engaging in vendor selection.

    Download the Zero Trust Candidate Solutions Selection Tool

    Input

    • Zero trust initiative list

    Output

    • Zero trust candidate solutions

    Materials

    • Zero Trust Program Gap Analysis Tool
    • Zero Trust Candidate Solutions Selection Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT

    3.1.1 Define compliance and solution evaluation criteria

    On the Setup tab, provide a weight for each evaluation criterion to evaluate the candidate solutions. You can use “0%” weight if that criterion is not required in your solution selection.

    1. Verify that the Description for each criterion is accurate.
    2. Provide weights for the compliance score and the solution score, which are the overall evaluation:
    • Compliance score consists of tenets score, pillar score, threat protection score, and trust algorithm score.
    • Solution score consists of features score, usability score, affordability score, and architecture score.
    This image contains a screenshot from the Zero Trust Candidate Solutions Selection Tool, which demonstrates how to define compliance and solution evaluation criteria.

    3.1.2 Define remaining evaluation criteria

    On the Setup tab, provide a weight for each evaluation criterion to evaluate the candidate solutions. You can use “0%” weight if that criterion is not required in your solution selection.

    1. Verify that the Description for each criterion is accurate.
    2. Provide weights for the remaining evaluation criteria:
    • Tenets: Considers how well each initiative aligns with zero trust principles.
    • Pillars: Considers how well each initiative aligns with zero trust pillars.
    • Threats: Considers what zero trust threats are relevant with the candidate solution.
    • Trust Algorithm: Considers trust evaluation factors, trust evaluation process score, and input coverage.
    • Cost Estimation: Considers initial costs, which are one-time, upfront capital investments (e.g. hardware and software costs), and ongoing cost, which is any annually recurring operating expenses that are new budgetary costs (e.g. licensing, maintenance, subscription fees).
    • Deployment Architecture: Considers the solutions deployment architecture capabilities.

    This image contains a screenshot from the Zero Trust Candidate Solutions Selection Tool, and demonstrates where to define additional evaluation data

    Review available candidate solutions

    this image contains a list of available candidate Solutions.  This list includes: Zero Trust Identity; Zero-Trust Application & Workloads; Zero-Trust Networks; Zero-Trust Devices; and Zero-Trust Data

    The Rapid Application Selection Framework is a comprehensive yet fast-moving approach to help you select the right software for your organization

    Five key phases sequentially add rigor to your selection efforts while giving you a clear, swift-flowing methodology to follow.

    Awareness Education & Discovery Evaluation Selection Negotiation & Configuration
    1.1 Proactively Lead Technology Optimization & Prioritization 2.1 Understand Marketplace Capabilities & Trends 3.1 Gather & Prioritize Requirements & Establish Key Success Metrics 4.1 Create a Weighted Vendor Selection Decision Model 5.1 Initiate Price Negotiation With Top
    1.2 Scope & Define the Selection Process for Each Selection Request Action 2.2 Discover Alternative Solutions & Conduct Market Education 3.2 Conduct a Data-Driven Comparison of Vendor Features & Capabilities 4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities With Top 2-4 Vendors 5.2 Negotiate Contract Terms & Product Configuration Two Vendors Selected
    1.3 Conduct an Accelerated Business Needs Assessment 2.3 Evaluate Enterprise Architecture & Application Portfolio 3.3 Narrow the Field to Four Top Contenders 4.3 Validate Key Issues With Deep Technical Assessments, Trial Configuration & Reference Checks 5.3 Finalize Budget Approval & Project Implementation Timeline
    1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation 2.4 Validate the Business Case 5.4 Invest in Training & Onboarding Assistance

    Download the Rapid Application Selection Framework research

    Evaluate software category leaders through vendor rankings and awards

    SoftwareReviews

    The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.

    The Data Quadrant Report

    Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.

    Vendors ranked by their Composite Score

    The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.

    Emotional Footprint

    Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

    Vendors ranked by their Customer Experience (CX) Score

    Sample whiteboard activity

    • Place sticky notes on the zero trust tenet that matches with the identified candidate solution to produce “solution requirements” that can be used to develop an RFP.
    • A sample sticky note is provided below for privileged access management.

    This image contains a screenshot of a sample whiteboard activity which can be done using sticky notes.

    • The PAM solution should support MFA
    • Live session monitoring, audit, and reporting
    • Should have password vaulting to prevent privileged users from knowing the passwords to critical systems and resources

    3.2 Identify candidate solutions

    Estimated time 2 hours

    1. As a group, have the team review the candidate solutions within the Zero Trust Program Gap Analysis Tool.
    2. On tab 3 in the Zero Trust Candidate Solutions Selection Tool:
    • Review the candidate solutions within the Zero Trust Program Gap Analysis Tool. For example, the candidate solutions with multifactor authentication (MFA) options are authenticators with SMS, mobile application, smartcard, or token.

    Input

    • Candidate solutions for zero trust tasks and initiatives

    Output

    • Suitability evaluation of candidate solutions

    Materials

    • Zero Trust Program Gap Analysis Tool
    • Zero Trust Candidate Solutions Selection Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT

    Info-Tech Insight

    Add a description associated with the candidate solution, e.g. reference link to vendors or manufacturers. This will make it easier to perform the evaluation.

    Download the Zero Trust Candidate Solutions Selection Tool

    3.2.1 Review candidate solutions

    1. Review the candidate solutions within the Zero Trust Program Gap Analysis Tool. For example, the candidate solutions with multifactor authentication (MFA) options are authenticators with SMS, mobile application, smartcard, or token.
    2. Enter candidate solutions to the Compliance Data Entry tab on the Solution column within the Zero Trust Candidate Solutions Selection Tool.
    3. Optionally, add a description associated with the candidate solution, e.g. reference link to vendors or manufacturers. This will make it easier to perform the evaluation.
    this image contains a screenshot of a sample candidate solution, which can be done using Info-Tech's Zero Trust Program Gap Analysis Tool

    3.3 Evaluate candidate solutions

    Estimated time 3 hours

    On the Scoring tab, evaluate solution features, usability, affordability, and architecture using the instructions on the following slides. This activity will produce a solution score that can be used to identify the suitability of a solution.

    Input

    • Candidate solutions

    Output

    • Candidate solutions scored

    Materials

    • Zero Trust Program Gap Analysis Tool
    • Zero Trust Candidate Solutions Selection Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT

    Download the Zero Trust Candidate Solutions Selection Tool

    3.3.3 Evaluate solution scores

    After all candidate solutions are evaluated, the Solution Score column can be sorted to rank the candidate solutions. After sorting, the top solutions can be used on prioritization of initiatives on Zero Trust Program Gap Analysis Tool.

    1. On Features
      1. Enter Coverage.
      2. Enter Quality.
    2. Enter Usability.
    3. On Affordability
      1. Enter Initial Cost.
      2. Enter Ongoing Cost (annual).
    4. Enter Architecture.
    this image contains a screenshot of how you can sort the solution score column in Info-Tech's Zero Trust Program Gap Analysis Tool

    3.4 Perform cost/benefit analysis

    Estimated time 1-2 hours

    1. Assign costing and benefits information for each initiative, following the instructions on the next slide.
    2. Define dependencies or business impacts if they will help with prioritization.

    Input

    • Ranked candidate solutions
    • Gap analysis
    • Initiative list

    Output

    • Completed cost/benefit analysis for initiative list

    Materials

    • Zero Trust Program Gap Analysis Tool
    • Zero Trust Candidate Solutions Selection Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management
    • Project Management Office

    Download the Zero Trust Program Gap Analysis Tool

    3.4.1 Complete the cost/benefit analysis

    Use Zero Trust Program Gap Analysis Tool.

    1. On the Prioritization tab, use the drop-down lists to enter the estimated costs and efforts for each initiative, using the criteria defined earlier.
    • Use the result from candidate selection to define the estimated costs.
    • If you have actual costs available, you can optionally enter them under the Detailed Cost Estimates columns.
  • Enter the estimated benefits, also using the criteria defined earlier.
  • This image contains a screenshot of a cost/benefit analysis table which can be found in the Zero Trust Program Gap Analysis Tool

    The Cost / Effort Rating is calculated based on the weight defined on step 2.1.1. The Benefit Rating is calculated based on the weight defined on step 2.1.2.

    3.4.2 Optionally enter detailed cost estimates

    Use Zero Trust Program Gap Analysis Tool.

    1. For each initiative, the tool will automatically populate the Detailed Cost Estimates and Detailed Staffing Estimates columns using the averages that you provided in step 2.1.1. However, if you have more detailed data about the costs and effort requirements for an initiative, you can override the calculated data by manually entering it into these columns. For example:
    • You are planning to subscribe to a security awareness vendor, and you have a quote from them specifying that the initial cost will be $75,000.
    • You have defined your “Medium” cost range as being “$10-100K,” so you select medium as your initial cost for this initiative in step 3.4.1. As you defined the average for medium costs as being $50,000, this is what the tool will put into the detailed cost estimate.
    • You can override this average by entering $75,000 as the initial cost in the detailed cost estimate column.

    This image contains a screenshot of a sample cost/benefit table found in the Zero Trust Program Gap Analysis Tool.

    The Benefits-Cost column will give results after comparing the cost and the benefit. Negative value means that the cost outweighs the benefit. Positive value means that the benefit outweighs the cost. Zero value means that the cost equals the benefit.

    3.5 Prioritize initiatives

    Estimated time 2-3 hours

    1. As a group, review the results of the cost/benefit analysis. Optionally, complete the Other Considerations columns in the Prioritization tab:
    • Dependencies can refer to other initiatives on the list or any other dependency that relates to activities or projects within the organization.
    • Business impacts can be helpful to document as they may require additional planning and communication that could impact initiative timelines.
  • Follow step 3.5.1 to create a visual effort map for your organization.
  • Follow step 3.5.2 and 3.5.3 to refine the effort map’s visual output.
  • Input

    • Gap analysis
    • Initiative list
    • Cost/benefit analysis

    Output

    • Prioritized list of initiatives

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    Download the Zero Trust Program Gap Analysis Tool

    3.5.1 Create a visual effort map for your organization

    1 hour

    An effort map is a tool used for the visualization of a cost and benefit analysis. It is a quadrant output that visually shows how your gap initiatives were prioritized based on tab 7 in the Zero Trust Program Gap Analysis Tool.

    1. Establish the axes and colors for your effort map:
      1. X-axis represents the Benefit value from column J
      2. Y-axis represents the Cost/Effort value from column H
      3. Sticky note color is determined using the Alignment to Business value from column I
    2. Create sticky notes for each initiative and place them on the effort map or whiteboard based on the axes you have created with the help of your team.
    3. As you place initiatives on the visual effort map, discuss and modify rankings based on team member input.

    this image contains a sample visual effort map which can be found in the Zero Trust Program Gap Analysis Tool.

    Input

    • Outputs from activities 3.4.1 and 3.4.2

    Output

    • High-level prioritization for each of the gap-closing initiatives
    • Visual representation of quantitative values

    Materials

    • Zero Trust Program Gap Analysis Tool (tab 7)
    • Sticky notes
    • Markers
    • Whiteboard

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    3.5.2 Refine the effort map’s visual output

    1 hour

    Once the effort map is complete, work to further simplify the visual output by categorizing initiatives based on the quadrant in which they have been placed.

    1. Before moving forward with the initiative wave prioritization (activity 3.7), identify any initiatives listed across all quadrants that are required as a part of compliance and mark with a sticky dot.
    2. Document these initiatives as Execution Wave 1.

    this image contains a screenshot of a refined visual effort map, which can be done by following the instructions in this section.

    Input

    • Outputs from activity 3.5.1

    Output

    • Prioritization for each of the gap-closing initiatives
    • First execution wave of gap-closing initiatives

    Materials

    • Zero Trust Program Gap Analysis Tool (tab 7)
    • Sticky notes
    • Sticky dots
    • Markers
    • Whiteboard

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    3.5.3 Refine the effort map’s visual output

    30 minutes

    1. Use a separate area of the whiteboard to draw out four to five Execution Wave columns.
    2. Group initiatives into each Execution Wave column based on their placement within the quadrant from activities 3.5.1 and 3.5.2.
      1. Ensure that all identified mandatory activities as per governing privacy law fall within the first wave.
      2. Leverage the following 0-4 Execution Wave scale:
        1. Underway –Initiatives that are already underway
        2. Must Do – Initiatives that must happen right away
        3. Should Do – Initiatives that should happen but need more time/support
        4. Could Do – Initiatives that are not a priority
        5. Won’t Do – Initiatives that likely won’t be carried out
    3. Indicate the granular level for each execution wave using the a-z scale.
    • Use the lettering to track dependencies between initiatives.
      • If one must take place before another, ensure that its letter comes first alphabetically.
      • If multiple initiatives must take place at the same time, use the same letter to show they will take place in tandem.

    This image depicts the sample output for a refined visual effort map

    Input

    • Outputs from activity 3.5.2

    Output

    • Prioritization for each of the gap-closing initiatives
    • First execution wave of gap-closing initiatives

    Materials

    • Zero Trust Program Gap Analysis Tool (tab 7)
    • Sticky notes
    • Sticky dots
    • Markers
    • Whiteboard

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    Wave assignment example

    In the example below, we see “IAM modernization” was assessed as 9 on cost/effort rating and 5 on benefit rating and its Benefits-Cost has a positive value of 1. We can label this as SHOULD DO (wave 2).

    We can also see “Network segmentation” was assessed as 6 on cost/effort rating and 4 on benefit rating and its Benefits-Cost has a positive value of 2. We can label this as MUST DO (wave 1).

    We can also see “Unified Endpoints Management” was assessed as 8 on cost/effort rating and 2 on benefit rating and its Benefits-Cost has a negative value of -4. We can label this as WON’T DO (no wave).

    We can also see “Data Protection” was assessed as 4 on cost/effort rating and 2 on benefit rating and its Benefits-Cost has a zero value. We can label this as COULD DO (wave 3).

    This image depicts a sample wave assignment output, discussed in this section.

    It is recommended to define the threshold of each wave based on the value of Benefits-Cost before assigning waves.

    3.6 Build roadmap

    Estimated time 2-3 hours

    1. As a group, follow step 3.6.1 to create your roadmap by scheduling initiatives into the Gantt chart within the Zero Trust Program Gap Analysis Tool.
    2. Review the roadmap for resourcing conflicts and adjust as required.
    3. Review the final cost and effort estimates for the roadmap.

    Input

    • Gap analysis
    • Cost/benefit analysis
    • Prioritized initiative list

    Output

    • Zero trust roadmap

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    Download the Zero Trust Program Gap Analysis Tool

    3.6.1 Schedule initiatives using the Gantt chart

    1. On the Gantt Chart tab for each initiative, enter an owner (the role who will be primarily responsible for execution).
    2. Additionally, enter a start month and year for the initiative and the expected duration in months.
    • You can filter the Wave column to only see specific waves at any one time to assist with the scheduling.
    • You do not need to schedule Wave 4 initiatives as the expectation is that these initiatives will not be done.
    • This Image contains a screenshot of the Gantt Chart, with the following column headings highlighted and numbered: 1: Owner; 2: Expected Duration

    3.6.2 Review your roadmap

    1. When you have completed the Gantt chart, as a group review the overall roadmap to ensure that it is reasonable for your organization. Consider the following:
    • Do you have other IT or business projects planned during this time frame that may impact your resourcing or scheduling?
    • Does your organization have regular change freezes throughout the year that will impact the schedule?
    • Do you have over-subscribed resources? You can filter the list on the Owner column to identify potential over-subscription of resources.
    • Have you considered any long vacations, sabbaticals, parental leaves, or other planned longer-term absences?
    • Are your initiatives adequately aligned to your budget cycle? For instance, if you have an initiative that is expected to make recommendations for capital expenditure, it must be completed prior to budget planning.

    This image depicts an example roadmap which can be created following the use of the Gantt Chart

    3.6.3 Review your cost/effort estimates table

    1. Once you have completed your roadmap, review the total cost/effort estimates. This can be found in a table on the Results tab. This table will provide initial and ongoing costs and staffing requirements for each wave. This also includes the total three-year investment. In your review consider:
    • Is this investment realistic? Will completion of your roadmap require adding more staff or funding than you otherwise expected?
    • If the investment seems unrealistic, you may need to revisit some of your assumptions, potentially reducing target levels or increasing the amount of time to complete the strategy.

    This table provides you with the information to have important conversations with management and stakeholders.

    This image contains an example of the Zero Trust Roadmap Cost/Effort Estimates.  The column headings are as follows: Wave; Number of Initiatives; Initial Implementation - Cost; Initial Implementation - Effort; Ongoing Maintenance - Cost; Ongoing Maintenance - Effort.  A separate table is shown with the column heading: Estimated Total Three Year Investment

    Phase 4

    Formulate Policies for Roadmap Initiatives

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Formulate zero trust policies for critical DAAS elements.
    • Formulate zero trust policies to secure a path to access critical DAAS elements.

    This phase involves the following participants:

    • CIO
    • CISO
    • Business Executives
    • IT Manager
    • Security Team

    Understand the zero trust policy

    Use the Kipling methodology as a vendor agnostic approach to identify appropriate allow list elements when deploying multiple zero trust solutions.
    The policies help to prevent lateral movement.

    Who Who should access a resource? Here, the user ID that identifies the users through the principle of least privilege is allowed access to a particular resource. The authentication policy will be used to verify identity of a user when access request to a resource is made. Who requires MFA?
    What What application is used to access the resource? Application ID to identify applications that are only allowed on the network. Port control policies can be used for the application service.
    When When do users access the resource? Policy that identifies and enforces time schedule when an application accessed by users is used.
    Where Where is the resource located? The location of the destination resource should be added to the policy and, where possible, restrict the source of the traffic either by zone and/or IP address.
    Why Why is the data accessed? Data classification should be done to know why the data needs protection and the type of protection (data filtering).
    How How should you allow access to the resource? This covers the protection of the application traffic. Principle of least privilege access, log all traffic, configure security profiles, NGFW, decryption and encryption, consistent application of policy and threat prevention across all locations for all local and remote users on managed and unmanaged endpoints are ways to apply content-ID.

    Info-Tech Insight

    The success of a zero trust implementation relies on enforcing policies consistently. Applying the Kipling methodology to the protect surface is the best way to design zero trust policies.

    4.1.1 Formulate policy

    Estimated time 1-2 hours

    1. As a group, review the protect surface(s) identified in phase one, and using the Kipling methodology from the previous slide, formulate a policy. Each policy can be reviewed repeatedly until we are sure it satisfies the goal.
    2. The policy created should be consistent for both cloud and on-prem environments.
    3. As an example, let's use the healthcare scenario found in tab 3 of the Zero Trust Protect Surface Mapping Tool. The protect surface used is "Automated Medication Dispensing." Another example will be "Salesforce" accessed via the cloud.
    Who What When Where Why How
    Method User-ID App-ID Time limit System Object Classification Content-ID
    On-Prem Pyxis_Users Pyxis Any Pyxis_server Severe (high value data) Decrypt, Inspect, log traffic
    Cloud Sales Salesforce Working hours Canada Severe (high value data) Decrypt, Inspect, log traffic

    Input

    • Kipling methodology
    • Protect surface

    Output

    • Zero trust policy

    Materials

    • Whiteboard/Flip Charts
    • Zero Trust Protect Surface Mapping Tool

    Participants

    • CIO
    • CISO
    • Business Executives
    • IT Manager
    • Security Team

    4.1.2 Apply policy

    1-2 hours

    1. Place each protect surface in its own microperimeter. Each microperimeter should be segmented by a next-generation firewall or authentication broker that will serve as a segmentation gateway.
    2. Name the microperimeter and place it on a firewall.

    Input

    • Kipling methodology
    • Protect surface

    Output

    • Zero trust policy

    Materials

    • Whiteboard/Flip Charts
    • Sticky Notes
    • Zero Trust Protect Surface Mapping Tool

    Participants

    • CIO
    • CISO
    • Business Executives
    • IT Manager
    • Security Team

    Microperimeter A
    Protect Surface:
    DAAS Elements:

    Who What When Where Why How
    Method User-ID App-ID Time limit System Object Classification Content-ID

    Microperimeter B
    Protect Surface:
    DAAS Elements:

    Who What When Where Why How
    Method User-ID App-ID Time limit System Object Classification Content-ID

    Microperimeter C
    Protect Surface:
    DAAS Elements:

    Who What When Where Why How
    Method User-ID App-ID Time limit System Object Classification Content-ID

    4.2 Secure a path to access critical DAAS elements

    How should you allow access to the resource?

    This component makes up the final piece of formulating the policies as it applies the protection of the application traffic.

    The principle of least privilege is applied to the security policy to only allow access requests and restrict the access to the purpose it serves. This access request is then logged as well as the traffic (both internal and external). Most firewalls (NGFW) have policy rules that, by default, enable logging.

    Segmentation gateways (NGFW, VM-series firewalls, agent-based and clientless VPN solutions), are used to apply zero trust policy (Kipling methodology) in the network, cloud, and endpoint (managed and unmanaged) for all local and remote users.

    These policies need to be applied to security profiles on all allowed traffic. Some of these profiles include but are not limited to the following: URL filtering profile for web access and protect against phishing attacks, vulnerability protection profile intrusion prevention systems, anti spyware profiles to protect against command-and-control threats, malware and antivirus profile to protect against malware, and a file blocking profile to block and/or alert suspicious file types.

    Good visibility on your network can also be tied to decryption as you can inspect traffic and data to the lowest level possible that is generally accepted by your organization and in compliance with regulation.

    Conceptualized flow

    With users working from anywhere on managed and unmanaged devices, access to the internet, SAAS, public cloud, and the data center will have consistent policies applied regardless of their location.

    The policy is validating that the user is who they say they are based on the role profile, what they are trying to access to make sure their role or attribute profile has the appropriate permission to the application, and within the stipulated time limit. Where the data or application is located is also verified and the why needs to be satisfied before the requested access is granted. Based on the mentioned policies, the how element is then applied throughout the lifecycle of the access.

    Who

    (Internet)

    What

    (SAAS)

    When

    Where

    (Public Cloud)

    Why

    How

    (Data Center)

    Method User-ID App-ID Time limit System Object Classification Content-ID
    On-Prem Pyxis_Users Pyxis Any Pyxis_server Severe (high value data) Decrypt, Inspect, log traffic
    Cloud Sales Salesforce Working hours Canada Severe (high value data) Decrypt, Inspect, log traffic

    Phase 5

    Monitor Zero Trust Roadmap Deployment

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Establish metrics for roadmap tasks.
    • Track metrics for roadmap tasks.

    This phase involves the following participants:

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    5.1 Establish metrics for roadmap tasks

    Estimated time 2 hours

    1. On tab “2. Task & Metric Register” of the Zero Trust Progress Monitoring Tool, identify metrics to measure implementation and efficacy of tasks
    2. On tab “2. Task & Metric Register” of the Zero Trust Progress Monitoring Tool, document metric metadata.
    3. On the Prioritization tab, use the drop-down lists to enter the estimated costs and efforts for each initiative, using the criteria defined earlier.
    • If you have actual costs available, you can optionally enter them under the Detailed Cost Estimates columns.
  • Enter the estimated benefits, also using the criteria defined earlier.
  • Input

    • Zero trust roadmap task list

    Output

    • Metrics for measuring zero trust task implementation and efficacy

    Materials

    • Zero Trust Progress Monitoring Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    Download the Zero Trust Progress Monitoring Tool

    5.1.1 Identify metrics to measure implementation and efficacy of tasks

    Estimated time 3-4 hours

    1. On tab “2. Task & Metric Register” of the Zero Trust Progress Monitoring Tool, for each section defined in columns C and D, enter zero trust implementation tasks into column E. If you completed the Zero Trust Program Gap Analysis Tool, use the tasks identified there to populate column E.
    2. For each task, identify in column F any metrics that will communicate implementation progress and/or implementation efficacy.
    • If multiple metrics are needed for a single task, we recommend expanding the size of the row and adding additional metrics onto a new line in the same row. A sample is provided in the tool.

    this image contains a screenshot of tab 2 in the Zero Trust Progress Monitoring Tool

    Info-Tech Insight

    To measure the efficacy of a zero trust implementation, ensure you know what a successful zero trust implementation means for your organization, and define metrics that demonstrate whether that success is being realized.

    5.1.2 Document metric metadata

    Estimated time 1-2 hours

    For each metric defined in step 4.1.1:

    1. Identify in column G whether the metric can be measured now (Phase 1), measured in a few months’ time (Phase 2), or measured in a few years’ time (Phase 3).
    2. Identify in columns H through M who is responsible for collecting the metric (Person Source), who/what is consulted to collect the metric (Technology Source), who compiles the collected metric into dashboards and presentations (Compiler), and who is informed of the measurement of the metric (Audience).
    • Add more columns under the Audience category if needed.
    • Use “X” to identify if an audience group will be informed of the measurement of the metric.
  • Identify in columns N through P the target for the metric (Metric Target), the effort it takes to collect the metric (Effort to Collect), the frequency with which the organizations plans to collect the metric (Frequency of Collection), and any comments that people should know when collecting, compiling, or presenting metrics.
  • This image contains a screenshot from the Zero Trust Progress Monitoring Tool, with the following column headings numbered: 1: Priority; 2: Roles and Responsibilities; 3: effort to collect; frequency of collection; Metric Target; Comments

    5.2 Track and report metrics

    Estimated time 2 hours

    1. In the Zero Trust Progress Monitoring Tool, copy and paste metrics you plan to track in the tool from column F on tab 2 to column B on tab 3.
    2. Use tab 3 to identify collection frequency, metric target, and measurements collected for each metric. Add notes or comments to each metric or measurement to track contextual elements that could affect metric measurements.
    3. Leverage the graphs on tab 4 to communicate metrics to the appropriated audience groups, as defined in tab 2.

    Input

    • Metrics for measuring zero trust task implementation and efficacy

    Output

    • Metric data and graphs for presenting zero trust implementation metrics to audience groups

    Materials

    • Zero Trust Progress Monitoring Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    Download the Zero Trust Progress Monitoring Tool

    5.2.1 Record baseline measurements for metrics

    Estimated time 1-2 hours

    On tab “3. Track Metrics” of the Zero Trust Progress Monitoring Tool:

    1. Copy and paste the metrics from Column F on tab “2. Task & Metric Register” that you want to track into Column B of this tab.
    2. For each metric, record the frequency of collection (Collection Frequency) and the metric target (Target) by referencing columns O and P on tab “2. Task & Metric Register.”
    3. Begin to record baseline/initial values for each metric in column E. Rename columns to match your highest frequency of collection.
      (e.g. if any metric is being measured monthly, there should be one column per month)
    4. Over time, conduct measurements of your metrics and store them in the table below.
    5. Add notes, as necessary.

    this image contains a screenshot of tab 3 of the Zero Trust Progress Monitoring Tool, with the following column headings numbered: 1: Your Metrics; 2: Collection Frequency; Target; 3: Jan; 4: Metric Measurements; 5: Notes

    5.2.2 Report metric health to audience groups

    Estimated time 1-2 hours

    On tab “4. Graphs” of the Zero Trust Progress Monitoring Tool:

    1. The Overall Metric Health gauge at the top of this tab presents the average percentage away from meeting metric targets for all metrics being tracked. To calculate this value, the differences between the most recent measurements and target values for each metric are averaged.
    2. Below the Overall Metric Health gauge, use the drop-down list in cell D9 to select one of the metrics from tab “3. Track Metrics.”
    3. Six different graphic representations of the tracked data for the selected metric will populate.

    Copy and paste desired graphs into presentations for audience members identified in step 5.1.2.

    This image contains a screenshot from tab “4. Graphs” of the Zero Trust Progress Monitoring Tool:

    5.3 Build a communication deck

    Estimated time 2 hours

    Leverage the Zero Trust Communication Deck to showcase the work that you have done in the tools and activities associated with this research.

    In this communication deck template, you will find the following sections:

    • Introduction
    • Protect Surfaces
    • Zero Trust Gap Analysis
    • Zero Trust Initiatives & Tasks

    Input

    • Protect surfaces mapped to business goals
    • Zero trust program gap analysis
    • Zero trust roadmap initiatives and tasks
    • Zero trust metrics

    Output

    • Communication deck for zero trust strategy

    Materials

    • Zero Trust Communication Deck

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    Download the Zero Trust Communication Deck

    Summary of Accomplishment

    Knowledge Gained

    • Knowledge of protect surfaces and the business goals protecting them supports
    • Comprehensive knowledge of zero trust current state and summary initiatives required to achieve zero trust objectives
    • Assessment of which solutions for zero trust tasks and initiatives are the most appropriate for the organization
    • A defined set of security metrics assessing zero trust implementation progress and efficacy

    Deliverables Completed

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    Contact your account representative for more information.

    This is a picture of an Info-Tech Account Representative
    workshops@infotech.com 1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Zero Trust Program Gap Analysis Tool

    This is a screenshot from the Zero Trust Program Gap Analysis Tool

    Assess current security capabilities and build a roadmap of tasks and initiatives that close maturity gaps.

    Zero Trust Progress Monitoring Tool

    This is a screenshot from the Zero Trust Progress Monitoring Tool

    Identify and track metrics for zero trust tasks and initiatives.

    Research Contributors

    • Aaron Benson, CME Group, Director of IAM Governance
    • Brad Mateski, Zones, Solutions Architect for CyberSecurity
    • Bob Smock, Info-Tech Research Group, Vice President of Consulting
    • Dr. Chase Cunningham, Ericom Software, Chief Strategy Officer
    • John Kindervag, ON2IT Cybersecurity, Senior Vice President, Cybersecurity Strategy and ON2IT Group Fellow
    • John Zhao, Fonterra, Enterprise Security Architect
    • Rongxing Lu, University of New Brunswick, Associate Professor
    • Sumanta Sarkar, University of Warwick, Assistant Professor
    • Tim Malone, J.B. Hunt Transport, Senior Director Information Security
    • Vana Matte, J.B. Hunt Transport, Senior Vice President of Technology Services

    Related Info-Tech Research

    This is a screenshot from Info-Tech's Build an Information Security Strategy

    Build an Information Security Strategy

    Info-Tech has developed a highly effective approach to building an information security strategy – an approach that has been successfully tested and refined for over seven years with hundreds of organizations. This unique approach includes tools for ensuring alignment with business objectives, assessing organizational risk and stakeholder expectations, enabling a comprehensive current-state assessment, prioritizing initiatives, and building out a security roadmap.

    This is a screenshot from Info-Tech's Determine Your Zero Trust Readiness.

    Determine Your Zero Trust Readiness

    IT security was typified by perimeter security. However, the way the world does business has mandated a change to IT security. In response, zero trust is a set of principles that can add flexibility to planning your IT security strategy.

    Use this blueprint to determine your zero trust readiness and understand how zero trust can benefit both security and the business.

    This is a screenshot from Info-Tech's Mature Your Identity and Access Management Program

    Mature Your Identity and Access Management Program

    Many organizations are looking to improve their identity and access management (IAM) practices but struggle with where to start and whether all areas of IAM have been considered. This blueprint will help you improve the organization's identity and access management practices by following our three-phase methodology:

    • Assess identity and access requirements
    • Identify initiatives using the identity lifecycle
    • Prioritize initiatives and build a roadmap

    Bibliography

    • “2021 Data Breach Investigations Report.” Verizon, 2021. Web.
    • “A Zero-Trust Strategy Has 3 Needs - Identify, Authenticate, and Monitor Users and Devices On and Off The Network.” Fortinet, 15 July 2021. Web.
    • “Applying Zero Trust Principles to Enterprise Mobility.” CISA, March 2022. Web.
    • Biden Jr., Joseph R. “Executive Order on Improving the Nation’s Cybersecurity.” The White House, 12 May 2021. Web.
    • “CISA Zero Trust Maturity Model.” CISA - Cybersecurity Division, June 2021. Web.
    • “Continuous Diagnostics and Mitigation Program Overview.” CISA, Jan. 2022. Web.
    • Contributor. “The Five Business Benefits of a Zero Trust Approach to Security.” Security Brief - Australia, 19 Aug. 2020. Web.
    • “Cost of a Data Breach Report 2021.” IBM, July 2021. Web.
    • English, Melanie. “5 Stats That Show The Cost Saving Effect of Zero Trust.” Teramind, 29 Sept. 2021. Web.
    • “Improve Application Access and Security With Fortinet Zero Trust Network Access.” Fortinet, 2 March 2021. Web.
    • “Incorporating Zero-trust Strategies for Secure Network and Application Access.” Fortinet, 21 July 2021. Web.
    • Jakkal, Vasu. “Zero Trust Adoption Report: How Does Your Organization Compare?” Microsoft, 28 July 2021. Web.
    • “Jericho Forum™ Commandments.” The Open Group, Jericho Forum, May 2007. Web.
    • Johnson, Derrick. “Zero Trust vs. SASE - Here's What You Need to Know.” Security Magazine, 23 July 2021. Web.
    • Joint Defense Information Systems Agency (DISA) and National Security Agency (NSA) Zero Trust Engineering Team. “Department of Defense (DOD) Zero Trust Reference Architecture.” DoD CIO, Feb. 2021. Web.
    • Kay, Dennis. “Planning for a Zero Trust Architecture Target State.” NASA, NIST, 13 Nov. 2019. Web.
    • National Security Agency. “Embracing a Zero Trust Security Model.” U.S. Department of Defense, Feb. 2021. Web.
    • NSTAC. “Draft Report to the President - Zero Trust and Trusted Identity Management.” CISA, NSTAC, n.d. Web.
    • Rose, Scott W., et al. “Zero Trust Architecture.” NIST, 10 Aug. 2020. Web.
    • “Securing Digital Innovation Demands Zero-Trust Access.” Fortinet, 15 July 2021. Web.
    • Shackleford, Dave. “How to Create a Comprehensive Zero Trust Strategy.” SANS, Cisco, 2 Sept. 2020. Web.
    • “The CISO’s Guide to Effective Zero-Trust Access.” Fortinet, 28 April 2021. Web.
    • “The State of Zero Trust Security 2021.” Okta, June 2021. Web.
    • Kerman, Alper, et al. “Implementing a Zero Trust Architecture.” NIST - National Cybersecurity Center of Excellence, March 2020. Web.
    • Kindervag, John. “Keynote - John KINDERVAG - 021622.” Vimeo, VIRTUAL Eastern | CyberSecurity Conference, 16 Feb. 2022. Web.
    • Lodewijkx, Koos. “IBM CISO Perspective: Zero Trust Changes Security From Something You Do to Something You Have.” SecurityIntelligence, IBM, 19 Nov. 2020. Web.
    • VB Staff. “Report: Only 21% of Enterprises Use Zero Trust Architecture.” VentureBeat, 15 Feb. 2022. Web.
    • Young, Shalanda D. “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles.” The White House, EXECUTIVE OFFICE OF THE PRESIDENT - OFFICE OF MANAGEMENT AND BUDGET, 26 Jan. 2022. Web.
    • “Zero Trust Access.” Fortinet, n.d. Web.
    • “Zero Trust Architecture Technical Exchange Meeting.” NIST - National Cybersecurity Center of Excellence, 12 Nov. 2019. Web.
    • “Zero Trust Cybersecurity Current Trends.” ACT-IAC, 18 April 2019. Web.
    • “Zero-Trust Access for Comprehensive Visibility and Control.” Fortinet, 24 Sep. 2020. Web.

    Quality Management

    • Buy Link or Shortcode: {j2store}45|cart{/j2store}
    • Related Products: {j2store}45|crosssells{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Planning and Architecture
    • Parent Category Link: /service-planning-and-architecture
    Drive efficiency and agility with right-sized quality management

    Build an ERP Strategy and Roadmap

    • Buy Link or Shortcode: {j2store}585|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $76,462 Average $ Saved
    • member rating average days saved: 22 Average Days Saved
    • Parent Category Name: Enterprise Resource Planning
    • Parent Category Link: /enterprise-resource-planning
    • Organizations often do not know where to start with an ERP project.
    • They focus on tactically selecting and implementing the technology.
    • ERP projects are routinely reported as going over budget, over schedule, and they fail to realize any benefits.

    Our Advice

    Critical Insight

    • An ERP strategy is an ongoing communication tool for the business.
    • Accountability for ERP success is shared between IT and the business.
    • An actionable roadmap provides a clear path to benefits realization.

    Impact and Result

    • Align the ERP strategy and roadmap with business priorities, securing buy-in from the business for the program.
    • Identification of gaps, needs, and opportunities in relation to business processes; ensuring the most critical areas are addressed.
    • Assess alternatives for the critical path(s) most relevant to your organization’s direction.

    Build an ERP Strategy and Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build an ERP Strategy and Roadmap – A comprehensive guide to align business and IT on what the organization needs from their ERP.

    A business-led, top-management-supported initiative partnered with IT has the greatest chance of success.

  • Aligning and prioritizing key business and technology drivers.
  • Clearly defining what is in and out of scope for the project.
  • Getting a clear picture of how the business process and underlying applications support the business strategic priorities.
  • Pulling it all together into an actionable roadmap.
    • Build an ERP Strategy and Roadmap – Phases 1-4
    • ERP Strategy Report Template
    [infographic]

    Workshop: Build an ERP Strategy and Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Introduction to ERP

    The Purpose

    To build understanding and alignment between business and IT on what an ERP is and the goals for the project

    Key Benefits Achieved

    Clear understanding of how the ERP supports the organizational goals

    What business processes the ERP will be supporting

    An initial understanding of the effort involved

    Activities

    1.1 Introduction to ERP

    1.2 Background

    1.3 Expectations and goals

    1.4 Align business strategy

    1.5 ERP vision and guiding principles

    1.6 ERP strategy model

    1.7 ERP operating model

    Outputs

    ERP strategy model

    ERP Operating model

    2 Build the ERP operation model

    The Purpose

    Generate an understanding of the business processes, challenges, and application portfolio currently supporting the organization.

    Key Benefits Achieved

    An understanding of the application portfolio supporting the business

    Detailed understanding of the business operating processes and pain points

    Activities

    2.1 Build application portfolio

    2.2 Map the level 1 ERP processes including identifying stakeholders, pain points, and key success indicators

    2.3 Discuss process and technology maturity for each level 1 process

    Outputs

    Application portfolio

    Mega-processes with level 1 process lists

    3 Project set up

    The Purpose

    A project of this size has multiple stakeholders and may have competing priorities. This section maps those stakeholders and identifies their possible conflicting priorities.

    Key Benefits Achieved

    A prioritized list of ERP mega-processes based on process rigor and strategic importance

    An understanding of stakeholders and competing priorities

    Initial compilation of the risks the organization will face with the project to begin early mitigation

    Activities

    3.1 ERP process prioritization

    3.2 Stakeholder mapping

    3.3 Competing priorities review

    3.4 Initial risk register compilation

    Outputs

    Prioritized ERP operating model

    Stakeholder map.

    Competing priorities list.

    Initial risk register.

    4 Roadmap and presentation review

    The Purpose

    Select a future state and build the initial roadmap to set expectations and accountabilities.

    Key Benefits Achieved

    Identification of the future state

    Initial roadmap with expectations on accountability and timelines

    Activities

    4.1 Discuss future state options

    4.2 Build initial roadmap

    4.3 Review of final deliverable

    Outputs

    Future state options

    Initiative roadmap

    Draft final deliverable

    Further reading

    Build an ERP Strategy and Roadmap

    Align business and IT to successfully deliver on your ERP initiative

    Table of Contents

    Analyst Perspective

    Phase 3: Plan Your Project

    Executive Summary

    Step 3.1: Stakeholders, risk, and value

    Phase 1: Build Alignment and Scope

    Step 3.2: Project set up

    Step 1.1: Aligning Business and IT

    Phase 4: Next Steps

    Step 1.2: Scope and Priorities

    Step 4.1: Build your roadmap

    Phase 2: Define Your ERP

    Step 4.2: Wrap up and present

    Step 2.1: ERP business model

    Summary of Accomplishment

    Step 2.2: ERP processes and supporting applications

    Research Contributors

    Step 2.3: Process pains, opportunities, and maturity

    Related Info-Tech Research

    Bibliography

    Build an ERP Strategy and Roadmap

    Align business and IT to successfully deliver on your ERP initiative

    EXECUTIVE BRIEF

    Analyst Perspective

    A foundational ERP strategy is critical to decision making.

    Photo of Robert Fayle, Research Director, Enterprise Applications, Info-Tech Research Group.

    Enterprise resource planning (ERP) is a core tool that the business leverages to accomplish its goals. An ERP that is doing its job well is invisible to the business. The challenges come when the tool is no longer invisible. It has become a source of friction in the functioning of the business

    ERP systems are expensive, their benefits are difficult to quantify, and they often suffer from poor user satisfaction. Post-implementation, technology evolves, organizational goals change, and the health of the system is not monitored. This is complicated in today’s digital landscape with multiple integration points, siloed data, and competing priorities.

    Too often organizations jump into selecting replacement systems without understanding the needs of the organization. Alignment between business and IT is just one part of the overall strategy. Identifying key pain points and opportunities, assessed in the light of organizational strategy, will provide a strong foundation to the transformation of the ERP system.

    Robert Fayle
    Research Director, Enterprise Applications
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Organizations often do not know where to start with an ERP project. They focus on tactically selecting and implementing the technology but ignore the strategic foundation that sets the ERP system up for success. ERP projects are routinely reported as going over budget, over schedule, and they fail to realize any benefits.

    Common Obstacles

    ERP projects impact the entire organization – they are not limited to just financial and operating metrics. The disruption is felt during both implementation and in the production environment.

    Missteps early on can cost time, financial resources, and careers. Roughly 55% of ERP projects reported being over budget, and two-thirds of organizations implementing ERP realized less than half of their anticipated benefits.

    Info-Tech’s Approach

    Obtain organizational buy-in and secure top management support. Set clear expectations, guiding principles, and critical success factors.

    Build an ERP operating model/business model that identifies process boundaries, scope, and prioritizes requirements. Assess stakeholder involvement, change impact, risks, and opportunities.

    Understand the alternatives your organization can choose for the future state of ERP. Develop an actionable roadmap and meaningful KPIs that directly align with your strategic goals.

    Info-Tech Insight

    Accountability for ERP success is shared between IT and the business. There is no single owner of an ERP. A unified approach to building your strategy promotes an integrated roadmap so all stakeholders have clear direction on the future state.

    Insight summary

    Enterprise resource planning (ERP) systems facilitate the flow of information across business units. It allows for the seamless integration of systems and creates a holistic view of the enterprise to support decision making.

    In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

    A measured and strategic approach to change will help mitigate many of the risks associated with ERP projects, which will avoid the chances of these changes becoming the dreaded “career killers.”

    A business led, top management supported initiative partnered with IT has the greatest chance of success.

    • A properly scoped ERP project reduces churn and provides all parts of the business with clarity.
    • This blueprint provides the business and IT the methodology to get the right level of detail for the business processes that the ERP supports so you can avoid getting lost in the details.
    • Build a successful ERP Strategy and roadmap by:
      • Aligning and prioritizing key business and technology drivers.
      • Clearly defining what is in and out of scope for the project.
      • Providing a clear picture of how the business process and underlying applications support the business strategic priorities.
      • Pulling it all together into an actionable roadmap.

    Enterprise Resource Planning (ERP)

    What is ERP?

    Enterprise resource planning (ERP) systems facilitate the flow of information across business units. They allow for the seamless integration of systems and create a holistic view of the enterprise to support decision making.

    In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

    An ERP system:

    • Automates processes, reducing the amount of manual, routine work.
    • Integrates with core modules, eliminating the fragmentation of systems.
    • Centralizes information for reporting from multiple parts of the value chain to a single point.

    A diagram visualizing the many aspects of ERP and the categories they fall under. Highlighted as 'Supply Chain Management' are 'Supply Chain: Procure to Pay' and 'Distribution: Forecast to Delivery'. Highlighted as 'Customer Relationship Management' are 'Sales: Quote to Cash', 'CRM: Market to Order', and 'Customer Service: Issue to Resolution'.

    ERP use cases:

    • Product-Centric
      Suitable for organizations that manufacture, assemble, distribute, or manage material goods.
    • Service-Centric
      Suitable for organizations that provide and manage field services and/or professional services.

    ERP by the numbers

    50-70%
    Statistical analysis of ERP projects indicates rates of failure vary from 50 to 70%. Taking the low end of those analyst reports, one in two ERP projects is considered a failure. (Source: Saxena and Mcdonagh)

    85%
    Companies that apply the principles of behavioral economics outperform their peers by 85% in sales growth and more than 25% in gross margin. (Source: Gallup)

    40%
    Nearly 40% of companies said functionality was the key driver for the adoption of a new ERP. (Source: Gheorghiu)

    ERP dissatisfaction

    Drivers of Dissatisfaction
    Business
    • Misaligned objectives
    • Product fit
    • Changing priorities
    • Lack of metrics
    Data
    • Access to data
    • Data hygiene
    • Data literacy
    • One view of the customer
    People and teams
    • User adoption
    • Lack of IT support
    • Training (use of data and system)
    • Vendor relations
    Technology
    • Systems integration
    • Multi-channel complexity
    • Capability shortfall
    • Lack of product support

    Finance, IT, Sales, and other users of the ERP system can only optimize ERP with the full support of each other. The cooperation of the departments is crucial when trying to improve ERP technology capabilities and customer interaction.

    Info-Tech Insight

    While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder-to-shoulder with the business to develop a technology framework for ERP.

    Info-Tech’s methodology for developing a foundational ERP strategy and roadmap

    1. Build alignment and scope 2. Define your ERP 3. Plan your project 4. Next Steps
    Phase Steps
    1. Aligning business and IT
    2. Scope and priorities
    1. ERP Business Model
    2. ERP processes and supporting applications
    3. Process pains, opportunities & maturity
    1. Stakeholders, risk & value
    2. Project set up
    1. Build your roadmap
    2. Wrap up and present
    Phase Outcomes Discuss organizational goals and how to advance those using the ERP system. Establish the scope of the project and ensure that business and IT are aligned on project priorities. Build the ERP business model then move on to the top level (mega) processes and an initial list of the sub-processes. Generate a list of applications that support the identified processes. Conclude with a complete view of the mega-processes and their sub-processes. Map out your stakeholders to evaluate their impact on the project, build an initial risk register and discuss group alignment. Conclude the phase by setting the initial core project team and their accountabilities to the project. Review the different options to solve the identified pain points then build out a roadmap of how to get to that solution. Build a communication plan as part of organizational change management, which includes the stakeholder presentation.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Sample of the Key Deliverable 'ERP Strategy Report'.

    ERP Strategy Report

    Complete an assessment of processes, prioritization, and pain points, and create an initiative roadmap.

    Samples of blueprint deliverables related to 'ERP Strategy Report'.

    ERP Business Model
    Align your business and technology goals and objectives in the current environment.
    Sample of the 'ERP Business Model' blueprint deliverable.
    ERP Operating Model
    Identify and prioritize your ERP top-level processes.
    Sample of the 'ERP Operating Model' blueprint deliverable.
    ERP Process Prioritization
    Assess ERP processes against the axes of rigor and strategic importance.
    Sample of the 'ERP Process Prioritization' blueprint deliverable.
    ERP Strategy Roadmap
    A data-driven roadmap of how to address the ERP pain points and opportunities.
    Sample of the 'ERP Strategy Roadmap' blueprint deliverable.

    Executive Brief Case Study

    INDUSTRY: Aerospace
    SOURCE: Panorama, 2021

    Aerospace organization assesses ERP future state from opportunities, needs, and pain points

    Challenge

    Several issues plagued the aerospace and defense organization. Many of the processes were ad hoc and did not use the system in place, often relying on Excel. The organization had a very large pain point stemming from its lack of business process standardization and oversight. The biggest gap, however, was from the under-utilization of the ERP software.

    Solution

    By assessing the usage of the system by employees and identifying key workarounds, the gaps quickly became apparent. After assessing the organization’s current state and generating recommendations from the gaps, it realized the steps needed to achieve its desired future state. The analysis of the pain points generated various needs and opportunities that allowed the organization to present and discuss its key findings with executive leadership to set milestones for the project.

    Results

    The overall assessment led the organization to the conclusion that in order to achieve its desired future state and maximize ROI from its ERP, the organization must address the internal issues prior to implementing the upgraded software.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between eight to twelve calls over the course of four to six months.

    Phase 1

    • Call #1: Scoping call to understand the current situation.
    • Call #2: Establish business & IT alignment and project scope.

    Phase 2

    • Call #3: Discuss the ERP Strategy business model and mega-processes.
    • Call #4: Begin the drill down on the level 1 processes.

    Phase 3

    • Call #5: Establish the stakeholder map and project risks.
    • Call #6: Discuss project setup including stakeholder commitment and accountability.

    Phase 4

    • Call #7: Discuss resolution paths and build initial roadmap.
    • Call #8: Summarize results and plan next steps.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Introduction to ERP

    1.1 Introduction to ERP

    1.2 Background

    1.3 Expectations and goals

    1.4 Align business strategy

    1.5 ERP vision and guiding principles

    1.6 ERP strategy model

    1.7 ERP operating model

    Build the ERP operating model

    2.1 Build application portfolio

    2.2 Map the level 1 ERP processes including identifying stakeholders, pain points, and key success indicators

    2.3 Discuss process and technology maturity for each level 1 process

    Project set up

    3.1 ERP process prioritization

    3.2 Stakeholder mapping

    3.3 Competing priorities review

    3.4 Initial risk register compilation

    3.5 Workshop retrospective

    Roadmap and presentation review

    4.1 Discuss future state options

    4.2 Build initial roadmap

    4.3 Review of final deliverable

    Next Steps and wrap-up (offsite)

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables
    1. ERP strategy model
    2. ERP operating model
    1. Application portfolio
    2. Mega-processes with level 1 process lists
    1. Prioritized ERP operating model
    2. Stakeholder map
    3. Competing priorities list
    4. Initial risk register
    1. Future state options
    2. Initiative roadmap
    3. Draft final deliverable
    1. Completed ERP strategy template
    2. ERP strategy roadmap

    Build an ERP Strategy and Roadmap

    Phase 1

    Build alignment and scope

    Phase 1

    • 1.1 Aligning business and IT
    • 1.2 Scope and priorities

    Phase 2

    • 2.1 ERP Business Model
    • 2.2 ERP processes and supporting applications
    • 2.3 Process pains, opportunities & maturity

    Phase 3

    • 3.1 Stakeholders, risk & value
    • 3.2 Project set up

    Phase 4

    • 4.1 Build your roadmap
    • 4.2 Wrap up and present

    This phase will walk you through the following activities:

    Build a common language to ensure clear understanding of the organizational needs. Define a vision and guiding principles to aid in decision making and enumerate how the ERP supports achievement of the organizational goals. Define the initial scope of the ERP project. This includes the discussion of what is not in scope.

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Create a compelling case that addresses strategic business objectives

    When someone at the organization asks you WHY, you need to deliver a compelling case. The ERP project will receive pushback, doubt, and resistance; if you can’t answer the question WHY, you will be left back-peddling.

    When faced with a challenge, prepare for the WHY.

    • Why do we need this?
    • Why are we spending all this money?
    • Why are we bothering?
    • Why is this important?
    • Why did we do it this way?
    • Why did we choose this vendor?

    Most organizations can answer “What?”
    Some organizations can answer “How?”
    Very few organizations have an answer for “Why?”

    Each stage of the project will be difficult and present its own unique challenges and failure points. Re-evaluate if you lose sight of WHY at any stage in the project.

    Step 1.1

    Aligning business and IT

    Activities
    • 1.1.1 Build a glossary
    • 1.1.2 ERP Vision and guiding principles
    • 1.1.3 Corporate goals and ERP benefits

    This step will walk you through the following activities:

    • Building a common language to ensure a clear understanding of the organization’s needs.
    • Creating a definition of your vision and identifying the guiding principles to aid in decision making.
    • Defining how the ERP supports achievement of the organizational goals.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    Business and IT have a shared understanding of how the ERP supports the organizational goals.

    Are we all talking about the same thing?

    Every group has their own understanding of the ERP system, and they may use the same words to describe different things. For example, is there a difference between procurement of office supplies and procurement of parts to assemble an item for sale? And if they are different, do your terms differ (e.g., procurement versus purchasing)?

    Term(s) Definition
    HRMS, HRIS, HCM Human Resource Management System, Human Resource Information System, Human Capital Management. These represent four capabilities of HR: core HR, talent management, workforce management, and strategic HR.
    Finance Finance includes the core functionalities of GL, AR, and AP. It also covers such items as treasury, financial planning and analysis (FP&A), tax management, expenses, and asset management.
    Supply Chain The processes and networks required to produce and distribute a product or service. This encompasses both the organization and the suppliers.
    Procurement Procurement is about getting the right products from the right suppliers in a timely fashion. Related to procurement is vendor contract management.
    Distribution The process of getting the things we create to our customers.
    CRM Customer Relationship Management, the software used to maintain records of our sales and non-sales contact with our customers.
    Sales The process of identifying customers, providing quotes, and converting those quotes to sales orders to be invoiced.
    Customer Service This is the process of supporting customers with challenges and non-sales questions related to the delivery of our products/services.
    Field Service The group that provides maintenance services to our customers.

    Activity 1.1.1 Build a glossary

    1 hour
    1. As a group, discuss the organization’s functional areas, business capabilities, value streams, and business processes.
    2. Ask each of the participants if there are terms or “jargon” that they hear used that they may be unclear on or know that others may not be aware of. Record these items in the table along with a description.
      • Acronyms are particularly important to document. These are often bandied about without explanation. For example, people outside of finance may not understand that FP&A is short for Financial Planning and Analysis.

    Record this information in the ERP Strategy Report Template.

    Sample of the 'ERP Strategy Report Template: Glossary'.

    Download the ERP Strategy Report Template

    Activity 1.1.1 Working slide

    Example/working slide for your glossary. Consider this a living document and keep it up to date.

    Term(s) Definition
    HRMS, HRIS, HCM Human Resource Management System, Human Resource Information System, Human Capital Management. These represent four capabilities of HR: core HR, talent management, workforce management, and strategic HR.
    Finance Finance includes the core functionalities of GL, AR, and AP. It also covers such items as treasury, financial planning and analysis (FP&A), tax management, expenses, and asset management.
    Supply Chain The processes and networks required to produce and distribute a product or service. This encompasses both the organization and the suppliers.
    Procurement Procurement is about getting the right products from the right suppliers in a timely fashion. Related to procurement is vendor contract management.
    Distribution The process of getting the things we create to our customers.
    CRM Customer Relationship Management, the software used to maintain records of our sales and non-sales contact with our customers.
    Sales The process of identifying customers, providing quotes, and converting those quotes to sales orders to be invoiced.
    Customer Service This is the process of supporting customers with challenges and non-sales questions related to the delivery of our products/services.
    Field Service The group that provides maintenance services to our customers.

    Vision and Guiding Principles

    GUIDING PRINCIPLES

    Guiding principles are high-level rules of engagement that help to align stakeholders from the outset. Determine guiding principles to shape the scope and ensure stakeholders have the same vision.

    Creating Guiding Principles

    Guiding principles should be constructed as full sentences. These statements should be able to guide decisions.

    EXAMPLES

    • [Organization] is implementing an ERP system to streamline processes and reduce redundancies, saving time and money.
    • [Organization] is implementing an ERP to integrate disparate systems and rationalize the application portfolio.
    • [Organization] is aiming at taking advantage of best industry practices and strives to minimize the level of customization required in solution.

    Questions to Ask

    1. What is a strong statement that will help guide decision making throughout the life of the ERP project?
    2. What are your overarching requirements for business processes?
    3. What do you ultimately want to achieve?
    4. What is a statement that will ensure all stakeholders are on the same page for the project?

    Activity 1.1.2 – ERP Vision and Project Guiding Principles

    1 hour

    1. As a group, discuss whether you want to create a separate ERP vision statement or re-state your corporate vision and/or goals.
      • An ERP vision statement will provide project-guiding principles, encompass the ERP objectives, and give a rationale for the project.
      • Using the corporate vision/goals will remind the business and IT that the project is to find an ERP solution that supports and enhances the organizational objectives.
    2. Review each of the sample guiding principles provided and ask the following questions:
      1. Do we agree with the statement?
      2. Is this statement framed in the language we used internally? Does everyone agree on the meaning of the statement?
      3. Will this statement help guide our decision-making process?

    Record this information in the ERP Strategy Report Template.

    Sample of the 'ERP Strategy Report Template: Guiding Principles.

    Download the ERP Strategy Report Template

    Activity 1.1.2 – ERP Vision and Project Guiding Principles

    We, [Organization], will select and implement an integrated software suite that enhances the growth and profitability of the organization through streamlined global business processes, real time data-driven decisions, increased employee productivity, and IT investment protection.

    • Support Business Agility: A flexible and adaptable integrated business system providing a seamless user experience.
    • Utilize ERP best practices: Do not recreate or replicate what we have today, focus on modernization. Exercise customization governance by focusing on those customizations that are strategically differentiating.
    • Automate: Take manual work out where we can, empowering staff and improving productivity through automation and process efficiencies.
    • Stay focused: Focus on scope around core business capabilities. Maintain scope control. Prioritize demand in line with the strategy.
    • Strive for “One Source of Truth”: Unify data model and integrate processes where possible. Assess integration needs carefully.

    Align the ERP strategy with the corporate strategy

    Corporate Strategy Unified Strategy ERP Strategy
    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and business aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the future state.
    • ERP optimization can be and should be linked, with metrics, to the corporate strategy and ultimate business objectives.
    • Communicates the organization’s budget and spending on ERP.
    • Identifies IT initiatives that will support the business and key ERP objectives.
    • Outlines staffing and resourcing for ERP initiatives.

    Info-Tech Insight

    ERP projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with ERP capabilities. Effective alignment between IT and the business should happen daily. Alignment doesn’t just to occur at the executive level alone, but at each level of the organization.

    1.1.3 – Corporate goals and ERP benefits

    1-2 hours

    1. Discuss the business objectives. Identify two or three objectives that are a priority for this year.
    2. Produce several ways a new ERP system will meet each objective.
    3. Think about the modules and ERP functions that will help you realize these benefits.

    Cost Reduction

    • Decrease Total Cost: Reduce total costs by five percent by January 2022.
    • Decrease Specific Costs: Reduce costs of “x” business unit by ten percent by Jan. next year.

    ERP Benefits

    • Reduce headcount
    • Reallocate workers
    • Reduce overtime
    • Increased compliance
    • Streamlined audit process
    • Less rework due to decrease in errors

    Download the ERP Strategy Report Template

    Activity 1.1.3 – Corporate goals and ERP benefits

    Corporate Strategy ERP Benefits
    End customer visibility (consumer experience)
    • Help OEM’s target customers
    • Keep customer information up-to-date, including contact choices
    • [Product A] process support improvements
    • Ability to survey and track responses
    • Track and improve renewals
    • Service support – improve cycle times for claims, payment processing, and submission quality
    Social responsibility
    • Reduce paper internally and externally
    • Facilitating tracking and reporting of EFT
    • One location for all documents
    New business development
    • Track all contacts
    • Measure where in process the contact is
    • Measure impact of promotions
    Employee experience
    • Improve integration of systems reducing manual processes through automation
    • Better tracking of sales for employee comp
    • Ability to survey employees

    Step 1.2

    Scope and priorities

    Activities
    • 1.2.1 Project scope
    • 1.2.2 Competing priorities

    This step will walk you through the following activities:

    • Define the initial scope of the ERP project. This includes the discussion of what is not in scope. For example, a stand-alone warehouse management system may be out of scope while an existing HRMS could be in scope.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    A project scope statement and a prioritized list of projects that may compete for organizational resources.

    Understand the importance of setting expectations with a scope statement

    Be sure to understand what is in scope for an ERP strategy project. Prevent too wide of a scope to avoid scope creep – for example, we aren’t tackling MMS or BI under ERP.

    A diamond shape with three layers. Inside is 'In Scope', middle is 'Scope Creep', and outside is 'Out of Scope'.

    Establishing the parameters of the project in a scope statement helps define expectations and provides a baseline for resource allocation and planning. Future decisions about the strategic direction of ERP will be based on the scope statement.

    Well-executed requirements gathering will help you avoid expanding project parameters, drawing on your resources, and contributing to cost overruns and project delays. Avoid scope creep by gathering high-level requirements that lead to the selection of category-level application solutions (e.g. HRIS, CRM, PLM etc.) rather than granular requirements that would lead to vendor application selection (e.g. SAP, Microsoft, Oracle, etc.).

    Out-of-scope items should also be defined to alleviate ambiguity, reduce assumptions, and further clarify expectations for stakeholders. Out-of-scope items can be placed in a backlog for later consideration.

    In Scope Out of Scope
    Strategy High-level ERP requirements, strategic direction
    Software selection Vendor application selection, Granular system requirements

    Activity 1.2.1 – Define scope

    1 hour

    1. Formulate a scope statement. Decide which people, processes, and functions the ERP strategy will address. Generally, the aim of this project is to develop strategic requirements for the ERP application portfolio – not to select individual vendors.
    2. To assist in forming your scope statement, answer the following questions:
      • What are the major coverage points?
      • Who will be using the systems?
      • How will different users interact with the systems?
      • What are the objectives that need to be addressed?
      • Where do we start?
      • Where do we draw the line?

    Record this information in the ERP Strategy Report Template.

    Sample of the 'ERP Strategy Report Template: Scope Statements'.

    Download the ERP Strategy Report Template

    Activity 1.2.1 – Define scope

    Scope statements

    The following systems are considered in scope for this project:

    • Finance
    • HRMS
    • CRM
    • Supply chain

    The following systems are out of scope for this project:

    • PLM – product lifecycle management
    • Project management
    • Contract management

    The following systems are in scope, in that they must integrate into the new system. They will not change.

    • Payroll processing
    • Bank accounts
    • EDI software

    Know your competing priorities

    Organizations typically have multiple projects on the table or in flight. Each of those projects requires resources and attention from business and/or the IT organization.

    Don’t let poor prioritization hurt your ERP implementation.
    BNP Paribas Fortis had multiple projects that were poorly prioritized resulting in the time to bring products to market to double over a three-year period. (Source: Neito-Rodriguez, 2016)

    Project Timeline Priority notes Implications
    Warehouse management system upgrade project Early 2022 implementation High Taking IT staff and warehouse team, testing by finance
    Microsoft 365 October 2021-March 2022 High IT Staff, org impacted by change management
    Electronic Records Management April 2022 – Feb 2023 High Legislative requirement, org impact due to record keeping
    Web site upgrade Early fiscal 2023

    Activity 1.2.2 – Competing priorities

    1 hour

    1. As a group, discuss the projects that are currently in flight as well as any known projects including such things as territory expansion or new regulation compliance.
    2. For each project discuss and record the following items:
      • The project timeline. When does it start and how long is it expected to run?
      • How important is this project to the organization? A lot of high priority projects are going to require more attention from the staff involved.
      • What are the implications of this project?
        • What staff will be impacted? What business users will be impacted, and what is the IT involvement?
        • To what extent will the overall organization be impacted? Is it localized to a location or is it organization wide?
        • Can the project be deferred?

    Record this information in the ERP Strategy Report Template.

    Sample of the 'ERP Strategy Report Template: Priorities'.

    Download the ERP Strategy Report Template

    Activity 1.2.2 – Competing priorities

    List all your known projects both current and proposed. Discuss the prioritization of those projects, whether they are more or less important than your ERP project.

    Project Timeline Priority notes Implications
    Warehouse management system upgrade project Early 2022 implementation High Taking IT staff and warehouse team, testing by finance
    Microsoft 365 October 2021-March 2022 High IT Staff, org impacted by change management
    Electronic Records Management April 2022 – Feb 2023 High Legislative requirement, org impact due to record keeping
    Web site upgrade Early fiscal 2023 Medium
    Point of Sale replacement Oct 2021– Mar 2022 Medium
    ERP utilization and training on unused systems Friday, Sept 17 Medium Could impact multiple staff
    Managed Security Service RFP This calendar year Medium
    Mental Health Dashboard In research phase Low

    Build an ERP Strategy and Roadmap

    Phase 2

    Define your ERP

    Phase 1

    • 1.1 Aligning business and IT
    • 1.2 Scope and priorities

    Phase 2

    • 2.1 ERP Business Model
    • 2.2 ERP processes and supporting applications
    • 2.3 Process pains, opportunities & maturity

    Phase 3

    • 3.1 Stakeholders, risk & value
    • 3.2 Project set up

    Phase 4

    • 4.1 Build your roadmap
    • 4.2 Wrap up and present

    This phase will walk you through the following activities:

    • Build the ERP business model then move on to the top level (mega) processes and an initial list of the sub-processes
    • Generate a list of applications that support the identified processes
    • Assign stakeholders, discuss pain points, opportunities, and key success indicators
    • Assign process and technology maturity to each stakeholder

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Step 2.1

    ERP business model

    Activities
    • 2.1.1 Environmental factors, technology drivers, and business needs
    • 2.1.2 Challenges, pain points, enablers, and organizational goals

    This step will walk you through the following activities:

    • Identify ERP drivers and objectives
    • Explore ERP challenges and pain points
    • Discuss the ERP benefits and opportunities

    This step involves the following participants:

    • ERP implementation team
    • Business stakeholders

    Outcomes of this step

    • ERP business model

    Explore environmental factors and technology drivers

    1. Identify business drivers that are contributing to the organization’s need for ERP.
    2. Understand how the company is running today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization.
    3. Consider external considerations, organizational drivers, technology drivers, and key functional requirements
    The ERP Business Model with 'Business Needs', 'Environmental Factors', and 'Technology Drivers' highlighted. At the center is 'ERP Strategy' with 'Barriers' above and 'Enablers' below. Surrounding and feeding into the center group are 'Business Needs', 'Environmental Factors', 'Technology Drivers', and 'Organizational Goals'.
    External Considerations
    • Regulations
    • Elections
    • Availability of resources
    • Staff licensing and certifications
    Organizational Drivers
    • Compliance
    • Scalability
    • Operational efficiency
    • Union agreements
    • Self service
    • Role appropriate dashboards and reports
    • Real time data access
      • Use of data in the system (no exports)
    Technology Considerations
    • Data accuracy
    • Data quality
    • Better reporting
    Functional Requirements
    • Information availability
    • Integration between systems
    • Secure data

    Activity 2.1.1 – Explore environmental factors and technology drivers

    1 hour

    1. Identify business drivers that are contributing to the organization’s need for ERP.
    2. Understand how the company is running today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization. Use a whiteboard or flip charts and markers to capture key findings.
    3. Consider External Considerations, Organizational Drivers, Technology Drivers, and Key Functional Requirements.

    Record this information in the ERP Strategy Report Template.

    Sample of the next slide, 'ERP Business Model', with an iconized ERP Business Model and a table highlighting 'Environmental Factors', 'Technology Drivers', and 'Business Needs'.

    Download the ERP Strategy Report Template

    ERP Business Model A iconized version of the ERP Business Model.

    Environmental FactorsTechnology DriversBusiness Needs
    • Regulations
    • Elections
    • Availability of resources
    • Staff licensing and certifications
    • Document storage
    • Cloud security standards
    • Functionality based on deployment
    • Cloud-first based on above
    • Integration with external data suppliers
    • Integration with internal systems (Elite?)
    • Compliance
    • Scalability
    • Operational efficiency
    • Union agreements
    • Self service
    • Role appropriate dashboards and reports
    • Real time data access
    • Use of data in the system (no exports)
    • CapEx vs. OpEx

    Discuss challenges, pain points, enablers and organizational goals

    1. Identify challenges with current systems and processes.
    2. Brainstorm potential barriers to successful ERP selection and implementation. Use a whiteboard and marker to capture key findings.
    3. Consider organizational goals along with barriers and enablers to ERP success.
    The ERP Business Model with 'Organizational Goals', 'Enablers', and 'Barriers' highlighted. At the center is 'ERP Strategy' with 'Barriers' above and 'Enablers' below. Surrounding and feeding into the center group are 'Business Needs', 'Environmental Factors', 'Technology Drivers', and 'Organizational Goals'.
    Functional Gaps
    • No online purchase order requisition
    Technical Gaps
    • Inconsistent reporting – data quality concerns
    Process Gaps
    • Duplication of data
    • Lack of system integration
    Barriers to Success
    • Cultural mindset
    • Resistance to change
    Business Benefits
    • Business-IT alignment
    IT Benefits
    • Compliance
    • Scalability
    Organizational Benefits
    • Data accuracy
    • Data quality
    Enablers of Success
    • Change management
    • Alignment to strategic objectives

    Activity 2.1.2 – Discuss challenges, pain points, enablers, and organizational goals

    1 hour

    1. Identify challenges with the current systems and processes.
    2. Brainstorm potential barriers to successful ERP selection and implementation. Use a whiteboard or flip chart and markers to capture key findings.
    3. Consider functional gaps, technical gaps, process gaps, and barriers to ERP success.
    4. Identify the opportunities and benefits from an integrated system.
    5. Brainstorm potential enablers for successful ERP selection and implementation. Use a whiteboard and markers to capture key findings.
    6. Consider business benefits, IT benefits, organizational benefits, and enablers of success.

    Record this information in the ERP Strategy Report Template.

    Sample of the next slide, 'ERP Business Model', with an iconized ERP Business Model and a table highlighting 'Organizational Goals', 'Enablers', and 'Barriers'.

    Download the ERP Strategy Report Template

    ERP Business Model A iconized version of the ERP Business Model.

    Organizational Goals Enablers Barriers
    • Efficiency
    • Effectiveness
    • Integrity
    • One source of truth for data
    • One team
    • Customer service, external and internal
    • Cross-trained employees
    • Desire to focus on value-add activities
    • Collaborative
    • Top level executive support
    • Effective change management process
    • Organizational silos
    • Lack of formal process documentation
    • Funding availability
    • What goes first? Organizational priorities

    Step 2.2

    ERP processes and supporting applications

    Activities
    • 2.2.1 ERP process inventory
    • 2.2.2 Application portfolio

    This step will walk you through the following activities:

    • Identify the top-level (mega) processes and create an initial list of the sub-processes
    • Generate a list of applications that support the identified processes

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Outcomes of this step

    • A list of in scope business processes
    • A list of current applications and services supporting the business processes

    Process Inventory

    In business architecture, the primary view of an organization is known as a business capability map.

    A business capability defines what a business does to enable value creation rather than how.

    Business capabilities:

    • Represent stable business functions
    • Are unique and independent of each other
    • Will typically have a defined business outcome

    A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

    A process map titled 'Business capability map (Level 0)' with many processes sectioned off into sections and subsections. The top-left section is 'Products and Services Development' with subsections 'Design'(6 processes) and 'Manufacturing'(3 processes). The top-middle section is 'Revenue Generation'(3 processes) and below that is 'Sourcing'(2 processes). The top-right section is 'Demand Fulfillment'(9 processes). Along the bottom is the section 'Enterprise Management and Planning' with subsections 'Human Resources'(4 processes), 'Business Direction'(4 processes), and 'Finance'(4 processes).

    If you do not have a documented process model, you can use the APQC Framework to help define your inventory of business processes.

    APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.

    APQC’s Process Classification Framework

    Activity 2.2.1 – Process inventory

    2-4 hours

    1. As a group, discuss the business capabilities, value streams, and business processes.
    2. For each capability determine the following:
      • Is this capability applicable to our organization?
      • What application, if any, supports this capability?
    3. Are there any missing capabilities to add?

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Process Inventory' table on the next slide.

    Download the ERP Strategy Report Template

    Activity 2.2.1 – Process inventory

    Core Finance Core HR Workforce Management Talent Management Warehouse Management Enterprise Asset Management
    Process Technology Process Technology Process Technology Process Technology Process Technology Process Technology
    • General ledger
    • Accounts payable
    • Accounts receivable
    • GL consolidation
    • Cash management
    • Billing and invoicing
    • Expenses
    • Payroll accounting
    • Tax management
    • Reporting
    • Payroll administration
    • Benefits administration
    • Position management
    • Organizational structure
    • Core HR records
    • Time and attendance
    • Leave management
    • Scheduling
    • Performance management
    • Talent acquisition
    • Offboarding & onboarding
    • Plan layout
    • Manage inventory
    • Manage loading docks
    • Pick, pack, ship
    • Plan and manage workforce
    • Manage returns
    • Transfer product cross-dock
    • Asset lifecycle management
    • Supply chain management
    • Maintenance planning & scheduling
    Planning & Budgeting Strategic HR Procurement Customer Relationship Management Facilities Management Project Management
    Process Technology Process Technology Process Technology Process Technology Process Technology Process Technology
    • Budget reporting
    • Variance analysis
    • Multi-year operating plan
    • Monthly forecasting
    • Annual operating plan
    • Compensation planning
    • Workforce planning
    • Succession planning
    • Supplier management
    • Purchase order management
    • Workflow approvals
    • Contract / tender management
    • Contact management
    • Activity management
    • Analytics
    • Plan and acquire
    • Asset maintenance
    • Disposal
    • Project management
    • Project costing
    • Budget control
    • Document management

    Complete an inventory collection of your application portfolio

    MANAGED vs. UNMANAGED APPLICATION ENVIRONMENTS

    • Managed environments make way for easier inventory collection since there is significant control as to what applications can be installed on a company asset. Organizations will most likely have a comprehensive list of supported and approved applications.
    • Unmanaged environments are challenging to control because users are free to install any applications on company assets, which may or may not be supported by IT.
    • Most organizations fall somewhere in between – there is usually a central repository of applications and several applications that are exceptions to the company policies. Ensure that all applications are accounted for.

    Determine your inventory collection method:

    MANUAL INVENTORY COLLECTION
    • In its simplest form, a spreadsheet is used to document your application inventory.
    • For large organizations, reps interview all business domains to create a list of installed applications.
    • Conducting an end-user survey within your business domains is one way to gather your application inventory and assess quality.
    • This manual approach is most appropriate for smaller organizations with small application portfolios across domains.
    AUTOMATED INVENTORY COLLECTION
    • Using inventory collection compatibility tools, discover all of the supported applications within your organization.
    • This approach may not capture all applications, depending on the parameters of your automated tool.
    • This approach works well in a managed environment.

    Activity 2.2.2 – Understand the current application portfolio

    1-2 hours

    1. Brainstorm a list of the applications that support the ERP business processes inventoried in Activity 2.2.1. If an application has multiple instances, list each instance as a separate line item.
    2. Indicate the following for each application:
      1. User satisfaction. This may be more than one entry as different groups – e.g., IT vs. business – may differ.
      2. Processes supported. Refer to processes defined in Activity 2.2.1. Update 2.2.1 if additional processes are identified during this exercise.
      3. Define a future disposition: Keep, Update, Replace. It is possible to have more than one disposition, e.g., Update or Replace is a valid disposition.
    3. [Optional] Collect the following information about each application. This information can be used to calculate the cost per application and total cost per user:
      1. Number of users or user groups
      2. Estimated maintenance costs
      3. Estimated capital costs
      4. Estimated licensing costs
      5. Estimated support costs

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Application Portfolio' table on the next slide.

    Download the ERP Strategy Report Template

    2.2.2 - Application portfolio

    Inventory your applications and assess usage, satisfaction, and disposition

    Application Name Satisfaction Processes Supported Future Disposition
    PeopleSoft Financials Medium and declining ERP – shares one support person with HR Update or Replace
    Time Entry (custom) Low Time and Attendance Replace
    PeopleSoft HR Medium Core HR Update or Replace
    ServiceNow High ITSM
    CSM: Med-Low
    ITSM and CSM
    CSM – complexity and process changes
    Update
    Data Warehouse High IT
    Business: Med-Low
    BI portal – Tibco SaaS datamart Keep
    Regulatory Compliance Medium Regulatory software – users need training Keep
    ACL Analytics Low Audit Replace
    Elite Medium Supply chain for wholesale Update (in progress)
    Visual Importer Med-High Customs and taxes Keep
    Custom Reporting application Med-High Reporting solution for wholesale (custom for old system, patched for Elite) Replace

    2.3.1 – Visual application portfolio [optional]

    A diagram of applications and how they connect to each other. There are 'External Systems' and 'Internal Systems' split into three divisions, 'Retail Division', 'Wholesale Division', and 'Corporate Services'. Example external systems are 'Moneris', 'Freight Carriers', and 'Banks'. Example internal systems are 'Retail ERP/POS', 'Elite', and 'Excel'.

    Step 2.3

    Process pains, opportunities, and maturity

    Activities
    • 2.3.1 Level one process inventory with stakeholders
    • 2.3.2 Process pain points and opportunities
    • 2.3.3 Process key success indicators
    • 2.3.4 Process and technology maturity
    • 2.3.5 Mega-process prioritization

    This step will walk you through the following activities:

    • Assign stakeholders, discuss pain points, opportunities, and key success indicators for the mega-processes identified in Step 2.1
    • Assign process and technology maturity to each prioritizing the mega-processes

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Outcomes of this step

    For each mega-process:

    • Level 1 processes with process and technology maturity assigned
    • Stakeholders identified
    • Process pain points, opportunities, and key success indicators identified
    • Prioritize the mega-processes

    Building out the mega-processes

    Congratulations, you have made it to the “big lift” portion of the blueprint. For each of the processes that were identified in exercise 2.2.1, you will fill out the following six details:

    1. Primary stakeholder(s)
    2. A description of the process
    3. hat level 1 processes/capabilities the mega-process is composed of
    4. Problems the new system must solve
    5. What success will look like when the new system is implemented
    6. The process and technological maturity of each level 1 process.

    Sample of the 'Core Finance' slide in the ERP Strategy Report, as shown on the next slide, with numbers corresponding to the ordered list above. 1 is on a list of 'Stakeholders', 2 is by the 'Description' box, 3 is on the 'Capability' table column, 4 is on the 'Current Pain Points' box, 5 is on the 'Key Success Factors' box, and 6 is on the 'Maturity' ratings column.

    It will take one to three hours per mega-process to complete the six different sections.

    Note:
    For each mega-process identified you will create a separate slide in the ERP Strategy Report. Default slides have been provided. Add or delete as necessary.

    Sample of the 'Core Finance' slide in the ERP Strategy Report. Note on the list of stakeholders reads 'Primary Stakeholders'. Note on the title, Core Finance, reads 'Mega-process name'. Note on the description box reads 'Description of the process'. Note on the 'Key Success Factors' box reads 'What success looks like'. Note on the 'Current Pain Points' box reads 'Problems the new system must solve'. Below is a capability table with columns 'Capability', 'Maturity', and a blank on for notes. Note on the 'Capability' table column reads 'Level 1 process'. Note on the 'Maturity' ratings column reads 'Level 1 process maturity of process and technology'. Note on the notes column reads 'Level 1 process notes'.

    An ERP project is most effective when you follow a structured approach to define, select, implement, and optimize

    Top-down approach

    ERP Strategy
    • Operating Model – Define process strategy, objectives, and operational implications.
    • Level 1 Processes –Define process boundaries, scope at the organization level; the highest level of mega-process.

    • Level 2 Processes – Define processes by function/group which represent the next level of process interaction in the organization.
    • Level 3 Processes – Decompose process by activity and role and identify suppliers, inputs, outputs, customers, metrics, and controls.
    • Functional Specifications; Blueprint and Technical Framework – Refine how the system will support and enable processes; includes functional and technical elements.
    • Org Structure and Change Management – Align org structure and develop change mgmt. strategy to support your target operating model.
    • Implementation and Transition to Operations – Execute new methods, systems, processes, procedures, and organizational structure.
    • ERP Optimization and Continuous Improvement – Establish a program to monitor, govern, and improve ERP systems and processes.

    *A “stage gate” approach should be used: the next level begins after consensus is achieved for the previous level.

    Activity 2.3.1 – Level 1 process inventory with stakeholders

    1 hour per mega-process

    1. Identify the primary stakeholder for the mega-process. The primary stakeholder is usually the process owner. For example, for core finance the CFO is the process owner/primary stakeholder. Name a maximum of three stakeholders.
    2. In the lower section, detail all the capabilities/processes associated with the mega-process. Be careful to remain at the level 1 process level as it is easy to start identifying the “How” of a process. The “How” is too deep.

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Core Finance' slide in the ERP Strategy Report with the 'Stakeholders' list and 'Capability' table column highlighted.

    Download the ERP Strategy Report Template

    Activity 2.3.2 – Process pain points and opportunities

    30+ minutes per mega-process

    1. As a group, write a clear description of the mega-process. This helps establish alignment on the scope of the mega-process.
    2. Start with the discussion of current pain points with the various capabilities. These pain points will be items that the new solution will have to resolve.

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Core Finance' slide in the ERP Strategy Report with the 'Description', 'Key Success Factors', and 'Current Pain Points' boxes highlighted.

    Download the ERP Strategy Report Template

    Activity 2.3.3 – Key success indicators

    30 minutes per mega-process

    1. Document key success factors that should be base-lined in the existing system to show the overall improvement once the new system is implemented. For example, if month-end close takes 12 days in the current system, target three days for month-end close in the new system.

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Core Finance' slide in the ERP Strategy Report with the 'Description', 'Key Success Factors', and 'Current Pain Points' boxes highlighted.

    Download the ERP Strategy Report Template

    Activity 2.3.4 – Process and technology maturity

    1 hour

    1. For each capability/level 1 process identified determine you level of process maturity:
      • Weak – Ad hoc processes without documentation
      • Moderate – Documented processes that are often executed consistently
      • Strong – Documented processes that include exception handling that are rigorously followed
      • Payroll is an example of a strong process, even if every step is manual. The process is executed the same every time to ensure staff are paid properly and on time.
    2. For each capability/level 1 process identified determine you level of technology maturity:
      • Weak – manual execution and often paper-based
      • Moderate – Some technology support with little automation
      • Strong – The process executed entirely within the technology stack with no manual processes

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Core Finance' slide in the ERP Strategy Report with the 'Maturity' and notes columns highlighted.

    Download the ERP Strategy Report Template

    Activity 2.3.5 – Mega-process prioritization

    1 hour

    1. For the mega-processes identified, map each process’s current state in terms of process rigor versus organizational importance.
      • For process rigor, refer to your process maturity in the previous exercises.
    2. Now, as a group discuss how you want to “move the needle” on each of the processes. Remember that you have a limited capacity so focus on the processes that are, or will be, of strategic importance to the organization. The processes that are placed in the top right quadrant are the ones that are likely the strategic differentiators.

    Record this information in the ERP Strategy Report Template.

    A smaller version of the process prioritization map on the next slide.

    Download the ERP Strategy Report Template.

    ERP Process Prioritization

    Establishing an order of importance can impact vendor selection and implementation roadmap; high priority areas are critical for ERP success.

    A prioritization map placing processes by 'Rigor' and 'Organizational Importance' They are numbered 1-9, 0, A, and B and are split into two colour-coded sets for 'Future (green)' and 'Current(red)'. On the x-axis 'Organizational Importance' ranges from 'Operational' to 'Strategic' and on the y-axis 'Process Rigor' ranges from 'Get the Job Done' to 'Best Practice'. Comparing 'Current' to 'Future', they have all moved up from 'Get the Job Done' into 'Best Practice' territory and a few have migrated over from 'Operational' to 'Strategic'. Processes are 1. Core Finance, 2. Core HR, 3. Workforce Management, 4.Talent Management, 5. Employee Health and Safety, 6. Enterprise Asset Management, 7.Planning & Budgeting, 8. Strategic HR, 9. Procurement Mgmt., 0. CRM, A. Facilities, and B. Project Management.

    Build an ERP Strategy and Roadmap

    Phase 3

    Plan your project

    Phase 1

    • 1.1 Aligning business and IT
    • 1.2 Scope and priorities

    Phase 2

    • 2.1 ERP Business Model
    • 2.2 ERP processes and supporting applications
    • 2.3 Process pains, opportunities & maturity

    Phase 3

    • 3.1 Stakeholders, risk & value
    • 3.2 Project set up

    Phase 4

    • 4.1 Build your roadmap
    • 4.2 Wrap up and present

    This phase will walk you through the following activities:

    • Map out your stakeholders to evaluate their impact on the project
    • Build an initial risk register and ensure the group is aligned
    • Set the initial core project team and their accountabilities and get them started on the project

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Step 3.1

    Stakeholders, risk, and value

    Activities
    • 3.1.1 Stakeholder analysis
    • 3.1.2 Potential pitfalls and mitigation strategies
    • 3.1.3 Project value [optional]

    This step will walk you through the following activities:

    • Map out your stakeholders to evaluate their impact on the project
    • Build an initial risk register and ensure the group is aligned

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    • An understanding of the stakeholders and their project influence
    • An initial risk register
    • A consensus on readiness to proceed

    Understand how to navigate the complex web of stakeholders in ERP

    Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.

    Sponsor End User IT Business
    Description An internal stakeholder who has final sign-off on the ERP project. Front-line users of the ERP technology. Back-end support staff who are tasked with project planning, execution, and eventual system maintenance. Additional stakeholders that will be impacted by any ERP technology changes.
    Examples
    • CEO
    • CIO/CTO
    • COO
    • CFO
    • Warehouse personnel
    • Sales teams
    • HR admins
    • Applications manager
    • Vendor relationship manager(s)
    • Director, Procurement
    • VP, Marketing
    • Manager, HR
    Value Executive buy-in and support is essential to the success of the project. Often, the sponsor controls funding and resource allocation. End users determine the success of the system through user adoption. If the end user does not adopt the system, the system is deemed useless and benefits realization is poor. IT is likely to be responsible for more in-depth requirements gathering. IT possesses critical knowledge around system compatibility, integration, and data. Involving business stakeholders in the requirements gathering will ensure alignment between HR and organizational objectives.

    Large-scale ERP projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.

    An example stakeholder map, categorizing stakeholders by amount of influence and interest.

    Activity 3.1.1 – Map your stakeholders

    1 hour

    1. As a group, identify all the ERP stakeholders. A stakeholder may be an individual such as the CEO or CFO, or it may be a group such as front-line employees.
    2. Map each stakeholder on the quadrant based on their expected Influence and Involvement in the project
    3. [Optional] Color code the users using the scale below to quickly identify the group that the stakeholder belongs to.
      • Sponsor – An internal stakeholder who has final sign-off on the ERP project.
      • End User – Front-line users of the ERP technology.
      • IT – Back-end support staff who are tasked with project planning, execution, and eventual system maintenance.
      • Business – Additional stakeholders that will be impacted by any ERP technology changes.

    Record this information in the ERP Strategy Report Template.

    Preview of the next slide.

    Download the ERP Strategy Report Template

    Slide titled 'Map the organization's stakeholders with a more in-depth example of a stakeholder map and long 'List of Stakeholders'. The quadrants that stakeholders are sorted into by influence and involvement are labelled 'Keep Satisfied (1)', 'Involve Closely (2)', 'Monitor (3)', and 'Keep Informed (4)'.

    Prepare contingency plans to minimize time spent handling unexpected risks

    Understanding the technical and strategic risks of a project can help you establish contingencies to reduce the likelihood of risk occurrence and devise mitigation strategies to help offset their impact if contingencies are insufficient.

    Risk Impact Likelihood Mitigation Effort
    Inadequate budget for additional staffing resources. 2 1 Use internal transfers and role-sharing rather than external hiring.
    Push-back on an ERP solution. 2 2 Use formal communication plans, an ERP steering committee, and change management to overcome organizational readiness.
    Overworked resources. 1 1 Create a detailed project plan that outlines resources and timelines in advance.
    Rating Scale:
    Impact: 1- High Risk 2- Moderate Risk 3- Minimal Risk
    Likelihood: 1- High/Needs Focus 2- Can Be Mitigated 3- Remote Likelihood

    Remember

    The biggest sources of risk in an ERP strategy are lack of planning, poorly defined requirements, and lack of governance.

    Apply the following mitigation tips to avoid pitfalls and delays.

    Risk Mitigation Tips

    • Upfront planning
    • Realistic timelines
    • Resource support
    • Managing change
    • Executive sponsorship
    • Sufficient funding
    • Setting the right expectations

    Activity 3.1.2 – Identify potential project pitfalls and mitigation strategies

    1-2 hours

    1. Discuss what “Impact” and “Likelihood” mean to your organization. For example, define Impact by what is important to your organization – financial loss, reputational impact, employee loss, and process impairment are all possible factors.
    2. Identify potential risks that may impede the successful completion of each work initiative. Risks may include predictable factors such as low resource capability, or unpredictable factors such as a change in priorities leading to withdrawn buy-in.
    3. For each risk, identify mitigation tactics. In some cases, mitigation tactics might take the form of standalone work initiative. For example, if a risk is lack of end-user buy-in, a work initiative to mitigate that risk might be to build an end-user communication plan.

    Record this information in the ERP Strategy Report Template.

    Preview of the next slide.

    Download the ERP Strategy Report Template

    Risks

    Risk Impact Likelihood Mitigation Effort
    Inadequate budget for additional staffing resources. 2 1 Use internal transfers and role-sharing rather than external hiring.
    Push-back on an ERP solution. 2 2 Use formal communication plans, an ERP steering committee, and change management to overcome organizational readiness.
    Overworked resources. 1 1 Create a detailed project plan that outlines resources and timelines in advance.
    Project approval 1 1 Build a strong business case for project approval and allow adequate time for the approval process
    Software does not work as advertised resulting in custom functionality with associated costs to create/ maintain 1 2 Work with staff to change processes to match the software instead of customizing the system thorough needs analysis prior to RFP creation
    Under estimation of staffing levels required, i.e. staff utilized at 25% for project when they are still 100% on their day job 1 2 Build a proper business case around staffing (be somewhat pessimistic)
    EHS system does not integrate with new HRMS/ERP system 2 2
    Selection of an ERP/HRMS that does not integrate with existing systems 2 3 Be very clear in RFP on existing systems that MUST be integrated to
    Rating Scale:
    Impact: 1- High Risk 2- Moderate Risk 3- Minimal Risk
    Likelihood: 1- High/Needs Focus 2- Can Be Mitigated 3- Remote Likelihood

    Is the organization committed to the ERP project?

    A recent study of critical success factors to an ERP implementation identified top management support and interdepartmental communication and cooperation as the top two success factors.

    By answering the seven questions the key stakeholders are indicating their commitment. While this doesn’t guarantee that the top two critical success factors have been met, it does create the conversation to guide the organization into alignment on whether to proceed.

    A table of example stakeholder questions with options 1-5 for how strongly they agree or disagree. 'Strongly disagree - 1', 'Somewhat disagree - 2', 'Neither agree or disagree - 3', 'Somewhat agree - 4', 'Strongly agree - 5'.

    Activity 3.1.3 – Project value (optional)

    30 minutes

    1. As a group, discuss the seven questions in the table. Ensure everyone agrees on what the questions are asking. If necessary, modify the language so that the meaning is clear to everyone.
    2. Have each stakeholder answer the seven questions on their own. Have someone compile the answers looking for:
      1. Any disagrees, strongly, somewhat, or neither as this indicates a lack of clarity. Endeavour to discover what additional information is required.
      2. [Optional] Have the most positive and most negative respondents present their points of view for the group to discuss. Is someone being overly optimistic, or pessimistic? Did the group miss something?

    There are no wrong answers. It should be okay to disagree with any of these statements. The goal of the exercise is to generate conversation that leads to support of the project and collaboration on the part of the participants.

    Record this information in the ERP Strategy Report Template.

    A preview of the next slide.

    Download the ERP Strategy Report Template

    Ask the right questions now to determine the value of the project to the organization

    Please indicate how much you agree or disagree with each of the following statements.

    Question # Question Strongly disagree Somewhat disagree Neither agree nor disagree Somewhat agree Strongly agree
    1. I have everything I need to succeed. 1 2 3 4 5
    2. The right people are involved in the project. 1 2 3 4 5
    3. I understand the process of ERP selection. 1 2 3 4 5
    4. My role in the project is clear to me. 1 2 3 4 5
    5. I am clear about the vision for this project. 1 2 3 4 5
    6. I am nervous about this project. 1 2 3 4 5
    7. There is leadership support for the project. 1 2 3 4 5

    Step 3.2

    Project set up

    Activities
    • 3.2.1 Create the project team
    • 3.2.2 Set the project RACI

    This step will walk you through the following activities:

    • Set the initial core project team and their accountabilities to the project.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    • Identify the core team members and their time commitments.
    • Assign responsibility, accountability or communication needs.

    Identify the right stakeholders for your project team

    Consider the core team functions when composing the project team. It is essential to ensure that all relevant perspectives (business, IT, etc.) are evaluated to create a well-aligned and holistic ERP strategy.

    PROJECT TEAM ROLES

    • Project champion
    • Project advisor
    • Steering committee
    • Project manager
    • Project team
    • Subject matter experts
    • Change management specialist

    PROJECT TEAM FUNCTIONS

    • Collecting all relevant inputs from the business.
    • Gathering high-level requirements.
    • Creating a roadmap.

    Info-Tech Insight

    There may be an inclination towards a large project team when trying to include all relevant stakeholders. Carefully limiting the size of the project team will enable effective decision making while still including functional business units like HR and Finance, as well as IT.

    Activity 3.2.1 – Project team

    1 hour

    1. Considering your ERP project scope, discuss the resources and capabilities necessary, and generate a complete list of key stakeholders considering each of the roles indicated on the chart to the right.
    2. Using the list previously generated, identify a candidate(s) for each role and determine their responsibility in the ERP strategy and their expected time commitment.

    Record this information in the ERP Strategy Report Template.

    Preview of the table on the next slide.

    Download the ERP Strategy Report Template

    Project team

    Of particular importance for this table is the commitment column. It is important that the organization understands the level of involvement for all roles. Failure to properly account for the necessary involvement is a major risk factor.

    Role Candidate Responsibility Commitment
    Project champion John Smith
    • Provide executive sponsorship.
    20 hours/week
    Steering committee
    • Establish goals and priorities.
    • Define scope and approve changes.
    • Provide adequate resources and resolve conflict.
    • Monitor project milestones.
    10 hours/week
    Project manager
    • Prepare and manage project plan.
    • Monitor project team progress.
    • Conduct project team meetings.
    40 hours/week
    Project team
    • Drive day-to-day project activities.
    • Coordinate department communication.
    • Make process and design decisions.
    40 hours/week
    Subject matter experts by area
    • Attend meetings as needed.
    • Respond to questions and inquiries.
    5 hours/week

    Define project roles and responsibilities to improve progress tracking

    Build a list of the core ERP strategy team members and then structure a RACI chart with the relevant categories and roles for the overall project.

    • Responsible – Conducts work to achieve the task
    • Accountable – Answerable for completeness of task
    • Consulted – Provides input for the task
    • Informed – Receives updates on the task

    Benefits of assigning RACI early:

    • Improve project quality by assigning the right people to the right tasks.
    • Improve chances of project task completion by assigning clear accountabilities.
    • Improve project buy-in by ensuring stakeholders are kept informed of project progress, risks, and successes.

    Activity 3.2.2 – Project RACI

    1 hour

    1. The ERP strategy will require a cross-functional team within IT and business units. Make sure the responsibilities are clearly communicated to the selected project sponsor.
    2. Modify the left-hand column to match the activities expected in your project.

    Record this information in the ERP Strategy Report Template.

    Preview of the RACI chart on the next slide.

    Download the ERP Strategy Report Template

    3.2.2 – Project RACI

    Project champion Project advisor Project steering committee Project manager Project team Subject matter experts
    Determine project scope & vision I C A R C C
    Document business goals I I A R I C
    Inventory ERP processes I I A C R R
    Map current state I I A R I R
    Assess gaps and opportunities I C A R I I
    Explore alternatives R R A I I R
    Build a roadmap R A R I I R
    Create a communication plan R A R I I R
    Present findings R A R I I R

    Build an ERP Strategy and Roadmap

    Phase 4

    Next steps

    Phase 1

    • 1.1 Aligning business and IT
    • 1.2 Scope and priorities

    Phase 2

    • 2.1 ERP Business Model
    • 2.2 ERP processes and supporting applications
    • 2.3 Process pains, opportunities & maturity

    Phase 3

    • 3.1 Stakeholders, risk & value
    • 3.2 Project set up

    Phase 4

    • 4.1 Build your roadmap
    • 4.2 Wrap up and present

    This phase will walk you through the following activities:

    • Review the different options to solve the identified pain points
    • Build out a roadmap showing how you will get to those solutions
    • Build a communication plan that includes the stakeholder presentation

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Step 4.1

    Build your roadmap

    Activities
    • 4.1.1 Pick your path
    • 4.1.2 Build your roadmap
    • 4.1.3 Visualize your roadmap (optional)

    This step will walk you through the following activities:

    • Review the different options to solve the identified pain points then build out a roadmap of how to get to that solution.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    • A strategic direction is set
    • An initial roadmap is laid out

    Choose the right path for your organization

    There are several different paths you can take to achieve your ideal future state. Make sure to pick the one that suits your needs as defined by your current state.

    A diagram of strategies. At the top is 'Current State', at the bottom is 'Future State', and listed strategies are 'Maintain Current System', 'Augment Current System', 'Optimize', and 'Transform'.

    Explore the options for achieving your ideal future state

    CURRENT STATE STRATEGY
    Your existing application satisfies both functionality and integration requirements. The processes surrounding it likely need attention, but the system should be considered for retention. MAINTAIN CURRENT SYSTEM
    Your existing application is, for the most part, functionally rich, but may need some tweaking. Spend time and effort building and enhancing additional functionalities or consolidating and integrating interfaces. AUGMENT CURRENT SYSTEM
    Your ERP application portfolio consists of multiple apps serving the same functions. Consolidating applications with duplicate functionality is more cost efficient and makes integration and data sharing simpler. OPTIMIZE: CONSOLIDATE AND INTEGRATE SYSTEMS
    Your existing system offers poor functionality and poor integration. It would likely be more cost and time efficient to replace the application and its surrounding processes altogether. TRANSFORM: REPLACE CURRENT SYSTEM

    Option: Maintain your current system

    Resolve your existing process and people pain points

    MAINTAIN CURRENT SYSTEM

    Keep the system, change the process.

    Your existing application satisfies both functionality and integration requirements. The processes surrounding it likely need attention, but the system should be considered for retention.

    Maintaining your current system entails adjusting current processes and/or adding new ones, and involves minimal cost, time, and effort.

    INDICATORS POTENTIAL SOLUTIONS
    People Pain Points
    • Lack of training
    • Low user adoption
    • Lack of change management
    • Contact vendor to inquire about employee training opportunities
    • Build a change management strategy
    Process Pain Points
    • Legacy processes
    • Workarounds and shortcuts
    • Highly specialized processes
    • Inconsistent processes
    • Explore process reengineering and process improvement opportunities
    • Evaluate and standardize processes

    Option: Augment your current system

    Use augmentation to resolve your existing technology and data pain points

    AUGMENT CURRENT SYSTEM

    Add to the system.

    Your existing application is for the most part functionally rich but may need some tweaking. Spend time and effort enhancing your current system.

    You will be able to add functions by leveraging existing system features. Augmentation requires limited investment and less time and effort than a full system replacement.

    INDICATORS POTENTIAL SOLUTIONS
    Technology Pain Points
    • Lack of reporting functions.
    • Lacking functional depth in key process areas.
    • Add point solutions or enable modules to address missing functionality.
    Data Pain Points
    • Poor data quality
    • Lack of data for processing and reporting
    • Single-source data entry
    • Add modules or augment processes to capture data

    Option: Consolidate and integrate

    Consolidate and integrate your current systems to address your technology and data pain points

    CONSOLIDATE AND INTEGRATE SYSTEMS

    Get rid of one system, combine two, or connect many.

    Your ERP application portfolio consists of multiple apps serving the same functions.

    Consolidating your systems eliminates the need to manage multiple pieces of software that provide duplicate functionality. Reducing the number of ERP applications makes integration and data sharing simpler.

    INDICATORS POTENTIAL SOLUTIONS
    Technology Pain Points
    • Disparate and disjointed systems
    • Multiple systems supporting the same function
    • Unused software licenses
    • System consolidation
    • System and module integration
    • Assess usage and consolidate licensing
    Data Pain Points
    • Multiple versions of same data
    • Duplication of data entry in different modules or systems
    • Poor data quality
    • Centralize core records
    • Assign data ownership
    • Single-source data entry

    Option: Replace your current system

    Replace your system to address gaps in your existing processes and various pain points

    REPLACE CURRENT SYSTEM

    Start from scratch.

    You’re transitioning from an end-of-life legacy system. Your existing system offers poor functionality and poor integration. It would likely be more cost and time efficient to replace the application and its surrounding processes all together.

    INDICATORS POTENTIAL SOLUTIONS
    Technology Pain Points
    • Lack of functionality and poor integration.
    • Obsolete technology.
    • Not aligned with technology direction or enterprise architecture plans.
    • Evaluate the ERP technology landscape.
    • Determine if you need to replace the current system with a point solution or an all-in-one solution.
    • Align ERP technologies with enterprise architecture.
    Data Pain Points
    • Limited capability to store and retrieve data.
    • Understand your data requirements.
    Process Pains
    • Insufficient tools to manage workflow.
    • Review end-to-end processes.
    • Assess user satisfaction.

    Activity 4.1.1 – Path to future state

    1+ hour
    1. Discuss the four options and the implications for your organization.
    2. Come to an agreement on your chosen path.

    The same diagram of strategies. At the top is 'Current State', at the bottom is 'Future State', and listed strategies are 'Maintain Current System', 'Augment Current System', 'Optimize', and 'Transform'.

    Activity 4.1.2 – Build a roadmap

    1-2 hours

    1. Start your roadmap with the stakeholder presentation. This is your mark in the sand to launch the project.
    2. For each item on your roadmap assign an owner who will be accountable to the completion of the roadmap item.
    3. Wherever possible, assign a start date, month, or quarter. The more specific you can be the better.
    4. Identify completion dates to create a sense of urgency. If you are struggling with start dates, it can help to start with a finish date and “back in” to a start date based on estimated efforts.

    Record this information in the ERP Strategy Report Template.

    Note:
    Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.

    Preview of the strategy roadmap table on the next slide.

    Download the ERP Strategy Report Template

    ERP Strategy roadmap

    Initiative Owner Start Date Completion Date
    Create final workshop deliverable Info-Tech 16 September, 2021
    Review final deliverable Workshop sponsor
    Present to executive team Oct 2021
    Build business case CFO, CIO, Directors 3 weeks to build
    3-4 weeks process time
    Build an RFI for initial costings 1-2 weeks
    Stage 1 approval for requirements gathering Executive committee Milestone
    Determine and acquire BA support for next step 1 week
    Requirements gathering – level 2 processes Project team 5-6 weeks effort
    Build RFP (based on informal approval) CFO, CIO, Directors 4th calendar quarter 2022 Possible completion January 2023
    2-4 weeks

    Activity 4.1.3 – Build a visual roadmap [optional]

    1 hour

    1. For some, a visual representation of a roadmap is easier to comprehend. Consider taking the roadmap built in 4.1.2 and creating a visual.

    Record this information in the ERP Strategy Report Template.

    Preview of the visual strategy roadmap chart on the next slide.

    Download the ERP Strategy Report Template

    ERP Strategy Roadmap

    A table set up similarly to the previous one, but instead of 'Start Date' and 'Completion Date' columns there are multiple small columns broken up by fiscal quarters (i.e.. FY2022: Q1, Q2, Q3, Q4). There is a key with a light blue diamond shape representing a 'Milestone' and a blue arrow representing a 'Work in progress'; they are placed the Quarters columns according to when each row item reached a milestone or began its progress.

    Step 4.2

    Wrap up and present

    Activities
    • 4.2.1 Communication plan
    • 4.2.2 Stakeholder presentation

    This step will walk you through the following activities:

    • Build a communication plan as part of organizational change management, which includes the stakeholder presentation

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    • An initial communication plan for organizational change management
    • A stakeholder presentation

    Effectively communicate the changes an ERP foundation strategy will impose

    A communication plan is necessary because not everyone will react positively to change. Therefore, you must be prepared to explain the rationale behind any initiatives that are being rolled out.

    Steps:

    1. Start by building a sound communication plan.
    2. The communication plan should address all stakeholders that will be subject to change, including executives and end users.
    3. Communicate how a specific initiative will impact the way employees work and the work they do.
    4. Clearly convey the benefits of the strategy to avoid resistance.

    “The most important thing in project management is communication, communication, communication. You have to be able to put a message into business terms rather than technical terms.” (Lance Foust, I.S. Manager, Plymouth Tube Company)

    Project Goals Communication Goals Required Resources Communication Channels
    Why is your organization embarking on an ERP project? What do you want employees to know about the project? What resources are going to be utilized throughout the ERP strategy? How will your project team communicate project updates to the employees?
    Streamline processes and achieve operational efficiency. We will focus on mapping and gathering requirements for (X) mega-processes. We will be hiring process owners for each mega-process. You will be kept up to date about the project progress via email and intranet. Please feel free to contact the project owner if you have any questions.

    Activity 4.2.1 – Communication plan

    1 hour

    1. List the types of communication events and documents you will need to produce and distribute.
    2. Indicate the purpose of the event or document, who the audience is, and who is responsible for the communication.
    3. Identify who will be responsible for the development and delivery of the communication plan.

    Record this information in the ERP Strategy Report Template.

    Preview of the Communication Plan table on the next slide.

    Download the ERP Strategy Report Template

    Communication plan

    Use the communication planning template to track communication methods needed to convey information regarding ERP initiatives.

    This is designed to help your organization make ERP initiatives visible and create stakeholder awareness.

    Audience Purpose Delivery/ Format Communicator Delivery Date Status/Notes
    Front-line employees Highlight successes Bi-weekly email CEO Mondays
    Entire organization Highlight successes
    Plans for next iteration
    Monthly townhall Senior leadership Last Thursday of every month Recognize top contributors from different parts of the business. Consider giving out prizes such as coffee mugs
    Iteration demos Show completed functionality to key stakeholders Iteration completion web conference Delivery lead Every other Wednesday Record and share the demonstrations to all employees

    Conduct a presentation of the final deliverable for stakeholders

    After completing the activities and exercises within this blueprint, the final step of the process is to present the deliverable to senior management and stakeholders.

    Know Your Audience

    • Decide what needs to be presented and to whom. The purpose and format for communicating initiatives varies based on the audience. Identify the audience first to ensure initiatives are communicated appropriately.
    • IT and the business speak different languages. The business may not have the patience to try to understand IT, so it is up to IT to learn and use the language of business. Failing to put messages into language that resonates with the business will create disengagement and resistance.
    • Effective communication takes preparation to get the right content and tone to convey your real message.

    Learn From Other Organizations

    “When delivering the strategy and next steps, break the project down into consumable pieces. Make sure you deliver quick wins to retain enthusiasm and engagement.

    By making it look like a different project you keep momentum and avoid making it seem unattainable.” (Scott Clark, Innovation Credit Union)

    “To successfully sell the value of ERP, determine what the high-level business problem is and explain how ERP can be the resolution. Explicitly state which business areas ERP is going to touch. The business often has a very narrow view of ERP and perceives it as just a financial system. The key part of the strategy is that the organization sees the broader view of ERP.” (Scott Clark, Innovation Credit Union)

    Activity 4.2.2 – Stakeholder presentation

    1 hour

    1. The following sections of the ERP Strategy Report Template are designed to function as the stakeholder presentation:
      1. Workshop Overview
      2. ERP Models
      3. Roadmap
    2. You can use the Template as your presentation deck or extract the above sections to create a stand-alone stakeholder presentation.
    3. Remember to take your audience into account and anticipate the questions they may have.

    Samples of the ERP Strategy Report Template.

    Download the ERP Strategy Report Template

    Summary of Accomplishment

    Get the Most Out of Your ERP

    ERP technology is critical to facilitating an organization’s flow of information across business units. It allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making. ERP implementation should not be a one-and-done exercise. There needs to be an ongoing optimization to enable business processes and optimal organizational results.

    Build an ERP Strategy and Roadmap allows organizations to proactively implement continuous assessment and optimization of their enterprise resource planning system, including:

    • Alignment and prioritization of key business and technology drivers.
    • Identification of ERP processes, including classification and gap analysis.
    • Measurement of user satisfaction across key departments.
    • Improved vendor relations.
    • Data quality initiatives.

    This formal ERP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Research Contributors

    Name Title Organization
    Anonymous Anonymous Software industry
    Anonymous Anonymous Pharmaceutical industry
    Boris Znebel VP of Sales Second Foundation
    Brian Kudeba Director, Administrative Systems Fidelis Care
    David Lawrence Director, ERP Allegheny Technologies Inc.
    Ken Zima CIO Aquarion Water Company
    Lance Foust I.S. Manager Plymouth Tube Company
    Pooja Bagga Head of ERP Strategy & Change Transport for London
    Rob Schneider Project Director, ERP Strathcona County
    Scott Clark Innovation Credit Union
    Tarek Raafat Manager, Application Solutions IDRC
    Tom Walker VP, Information Technology StarTech.com

    Related Info-Tech Research

    Bibliography

    Gheorghiu, Gabriel. "The ERP Buyer’s Profile for Growing Companies." Selecthub. 2018. Accessed 21 Feb. 2021.

    "Maximizing the Emotional Economy: Behavioral Economics." Gallup. n.d. Accessed 21 Feb. 2021.

    Neito-Rodriguez, Antonio. Project Management | How to Prioritize Your Company's Projects. 13 Dec. 2016. Accessed 29 Nov 2021. Web.

    "A&D organization resolves organizational.“ Case Study. Panorama Consulting Group. 2021. PDF. 09 Nov. 2021. Web.

    "Process Frameworks." APQC. n.d. Accessed 21 Feb. 2021.

    Saxena, Deepak and Joe Mcdonagh. "Evaluating ERP Implementations: The Case for a Lifecycle-based Interpretive Approach." The Electronic Journal of Information Systems Evaluation, 29-37. 22 Feb. 2019. Accessed 21 Feb. 2021.

    Exit Plans: Escape from the black hole

    • Large vertical image:
    • member rating overall impact: Highly Valued
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    In early April, I already wrote about exit plans and how they are the latest burning platform.

    As of the end of May 2025, we have both Microsoft and Google reassuring European clients about their sovereign cloud solutions. There are even air-gapped options for military applications. These messages come as a result of the trade war between the US and the rest of the world.

    There is also the other, more mundane example of over-reliance on a single vendor: the Bloomberg-terminal outage of May 21st, 2025. That global outage severely disrupted financial markets. It caused traders to lose access to real-time data, analytics, and pricing information for approximately 90 minutes. This widespread system failure delayed critical government bond auctions in the UK, Portugal, Sweden, and the EU.

    It serves as a reminder of the heavy reliance on the Bloomberg Terminal, which is considered an industry standard despite its high annual cost. While some Bloomberg services like instant messaging remained functional, allowing limited communication among traders, the core disruption led to significant frustration and slowed down trading activities.

    You want to think about this for a moment. Bloomberg is, just like Google and Microsoft are, cornerstones in their respective industries. MS, Google, and Amazon even in many more industries. 

    So the issue goes beyond the “panic of the day.” Every day, there will be some announcement that sends markets reeling and companies fearing. Granted, the period we go through today can have grave consequences, but at the same time, it may be over in the coming months or years.

    Contractual cover

    Let's take a step back and see if we can locate the larger issue at stake. I dare to say that the underlying issue is trust. We are losing trust in one another at a fast pace. Not between business partners, meaning companies who are, in a transaction or relationship, are more or less equal. Regardless of their geolocation, people are keen to do business together in a predictable, mutually beneficial way. And as long as that situation is stable, there is little need, beyond compliance and normal sound practices, to start to distrust each other.

    Trouble brews when other factors come into play. I want to focus on two of them in this article.

    1. Market power
    2. Government interference

    Market Power

    The past few years have seen a large increase in power of the cloud computing platforms. The pandemic of 2019 through to 2023 changed our way of working and gave a big boost to these platforms. Of course, they were already establishing their dominance in the early 2010s.

    Amazon launched SQS in 2004 with S3 (storage)  and EC2 (compute) in 2006. Azure launched in 2008 as a PaaS platform for .NET developers, and became really available in 2010. Since then, it grew into the IaaS (infrastructure as a service) platform we know today. Google's Cloud Platform (GCP) launched in 2008 and added components such as BigQuery, Compute Engine and Storage in the 2010s.

    Since the pandemic, we've seen another boost to their popularity. These platforms solidified their lead through several vectors:

    • Remote working
    • Business continuity and resilience promises
    • Acceleration of digital transformation
    • Scalability
    • Cost optimization 

    Companies made decisions on these premises. A prime example is the use of native cloud functions. These make life easier for developers. Native functions allow for serverless functionality to be made available to clients, and to do so in a non-infra-based way. It gives the impression of less complexity to the management. They are also easily scalable. 

    This comes at a cost, however. The cost is vendor lock-in. And with vendor lock-in, comes increased pricing power for the vendor.

    For a long time, it seems EU companies' attitude was: “It won't be such an issue, after all, there are multiple cloud vendors and if all else fails, we just go back.” The reality is much starker, I suspect that cloud providers with this level of market power will increase their pricing significantly.

     Government interference

    in come two elements:

    • EU laws
    • US laws and unpredictability
    EU laws

     The latest push to their market power came as an unintended consequence of EU Law: DORA. That EU law requires companies to have testable exit plans in place. But it goes well beyond this. The EU has increased the regulatory burden on companies significantly. BusinessEurope, a supranational organization, estimates that in the past five years, the Eu managed to release over 13,000 legislative acts. This is compared to 3,500 in the US.

    Coming back to DORA, this law requires EU companies to actually test their exit plans and show proof of it to the EU ESAs (European Supervisory Agency).  The reaction I have seen in industry representative organizations is complacency. 

    The cost of compliance is significant; hence, companies try to limit their exposure to the law as much as possible. They typically do this by limiting the applicability scope of the law to their business, based on the wording of the law. And herein lies the trap. This is not lost on the IT providers. They see that companies do the heavy lifting for them. What do I mean by that?  Several large providers are looked at by the EU as systemic providers. They fall under direct supervision by the ESAs. 

    For local EU providers, it is what it is, but for non-EU providers, they get to show their goodwill, using sovereign IT services.  I will come back to this in the next point, US unpredictability and laws. But the main point is: we are giving them more market power, and we have less contractual power. Why? Because we are showing them that we will go to great lengths to keep using their services.

    US laws and unpredictability

    US companies must comply with US law. So far, so good. Current US legislation also already requires US companies to share data on non-US citizens.

    • Foreign Intelligence Surveillance Act (FISA), particularly Section 702
    • The CLOUD (Clarifying Lawful Overseas Use of Data) Act of 2018
    • The USA PATRIOT Act (specifically relevant sections like 215 and 314(a)/314(b))
    • Executive Order 14117 and related DOJ Final Rule (Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern)

    This last one is of particular concern. Not so much because of its contents, but because it is an Executive Order.

    We know that the current (May 2025) US government mostly works through executive orders. Let's not forget that executive orders are a legitimate way to implement policy, This means that the US government could use access to cloud services as a lever to obtain more favorable trade rules.

    The EU responds to this (the laws and executive order) by implementing several sovereignty countermeasures like GDPR, DORA, Digital markets Act (DMA), Data Governance Act (DGA), Cybersecurity Act and the upcoming European Health Data Act (EHDS). This is called the “Brussels Effect.”

    EU Answers

    Europe is also investing in several strategic initiatives such as

    This points to a new dynamic between the EU and the US, EU-based companies simply cannot trust their US counterparts anymore to the degree they could before. The sad thing is, that there is no difference on the interpersonal level. It is just that companies must comply with their respective laws.

    Hence, Microsoft, Google, and AWS and any other US provider cannot legally provide sovereign cloud services. In a strict legal sense, Microsoft and Google cannot absolutely guarantee that they can completely insulate EU companies and citizens from all US law enforcement requests for data, despite their robust efforts and sovereign cloud offerings. This is because they are US companies, subject to US law and US jurisdiction. The CLOUD act and FISA section 702 compel US companies to comply. 

    Moreover, there is the nature of sovereign cloud offerings:

    • Increased Control, Not Absolute Immunity: Services like Microsoft's EU Data Boundary and Google's Cloud for Sovereignty are designed to provide customers with greater control over data residency, administrative access (e.g., limiting access to EU-based personnel), and encryption keys
    • Customer-Managed Keys (CMEK): If an EU customer controls their encryption keys, and the data remains encrypted at rest and in transit, it theoretically makes it harder for the cloud provider to provide plaintext data if compelled. However, metadata and other operational data might still be accessible, and the extent to which US authorities could compel a US company to decrypt data remains a point of contention and legal ambiguity.
    • Partnerships and Local Entities: Some “sovereign cloud” models involve partnerships with local EU entities (e.g., Google's partnership with S3NS in France, or Microsoft's with Capgemini and Orange). While this might create a legal buffer, if the core cloud infrastructure and controlling entity are still ultimately US-based, the risk of US legal reach persists.
    • “Limited Security Instances”: Even with the EU Data Boundary, Microsoft explicitly states, “in limited security instances that require a coordinated global response, essential data may be transferred with robust protections that safeguard customer data.” This phrasing acknowledges that some data may still leave the EU boundary under certain circumstances.

     And lastly, there are the legal challenges to the EU data privacy Framework (DPF)

    • Ongoing Scrutiny: The DPF is the current legal basis for EU-US data transfers, but it is under continuous scrutiny and is highly likely to face further legal challenges in the CJEU (a “Schrems III” case is widely anticipated). This uncertainty means that the current framework's longevity and robustness are not guaranteed.
    • Fundamental Conflict: The core legal conflict between the broad scope of US surveillance laws and the EU's fundamental right to privacy has not been fully resolved by the DPF, according to many EU legal experts and privacy advocates.

    This all means that while the cloud providers are doing everything they can, and I'm assuming they are acting in good faith. The fact that they are US entities means however that they are subject to all US legislation and executive orders.  And we cannot trust this last part. Again, this is why the EU is pursuing its digital sovereignty initiatives and why some highly sensitive EU public sector entities are gravitating towards truly EU-owned and operated cloud solutions.

    Bankruptcy

    If your provider goes bankrupt, you do not have a leg to stand on. Most jurisdictions, including the EU and US, have the following elements regarding bankruptcy:

    • Automatic Stay: Upon a bankruptcy filing (in most jurisdictions, including the US and EU), an “automatic stay” is immediately imposed. This is a court order that stops most collection activities against the debtor. For you as a customer, this can mean you might be prevented from:

      • Terminating the contract immediately, even if your contract allows it.
      • Initiating legal proceedings against the provider.
      • Trying to recover your data directly without court permission.
    • Debtor's Estate and Creditor Priority

      • Property of the Estate: All the bankrupt provider's assets become part of the “bankruptcy estate,” to be managed by a court-appointed trustee or receiver. The crucial question becomes: Is your data considered the property of the estate, or does ownership remain unequivocally with you? While most cloud contracts explicitly state that the customer owns their data, a bankruptcy court might still view the possession of that data by the provider as an asset of the estate, potentially subject to monetization to pay off creditors.
      • Secured vs. Unsecured Creditors: You, as a customer seeking to retrieve your data or continue services, are likely to be an “unsecured creditor.” Secured creditors (e.g., banks with liens on assets) get paid first. Your claim for data or service continuity will be far down the priority list, meaning you might recover little, if anything, in compensation.
    • Executory contracts and the Trustee's power
      • Assumption or Rejection: Bankruptcy law generally allows the trustee (or debtor in possession in a Chapter 11 case) to assume (continue) or reject (terminate) “executory contracts” – those where both parties still have significant performance obligations.
      • Trustee's Discretion: The trustee will make this decision based on what benefits the bankruptcy estate and the creditors. If your contract is loss-making for the provider, or if continuing it is not in the best interest of the creditors, the trustee can reject it, even if it has a termination clause unfavorable to them.
      • No Customer Right to Demand Continuation: You typically cannot compel the trustee to continue the service if they choose to reject the contract. Your recourse would then be a claim for damages, which, as noted, is usually a low-priority claim.
    • The practical challenges of data retrieval
        • Even if your contract has strong data return clauses, the practicalities of a bankrupt provider make enforcement difficult. The provider's staff might be laid off, systems might be shut down, and there might be no one left with the technical knowledge or resources to facilitate data export. Not to mention that the trustee may simply refuse to honor the agreement (which is completely within the legal rights of the trustee.)
        • The receiver's priority is liquidation and asset sale, not customer service. They may limit data export speeds or volumes, or prioritize the sale of the business, which might include your data, making retrieval a slow and arduous process.

    Conclusion

    So, while I understand the wait and see stance in regard to exit plans, given where we are, it is in my opinion the wrong thing to do. Companies must make actionable exit plans and prepare beforehand for the exit. That means that you have to:

    1. Design your architecture so that you can port your applications to somewhere else.
    2. Prioritize your data portability and data ownership.
    3. Develop and practice your exit strategy and plans.
    4. Maintain your in-house expertise, especially for all critical business services.
    5. Continuously monitor your vendors and update your risk assessments.

      If you want more detailed steps on how to get there, feel free to contact me.

    Help Managers Inform, Interact, and Involve on the Way to Team Engagement

    • Buy Link or Shortcode: {j2store}595|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Employee Development
    • Parent Category Link: /train-and-develop
    • Employee engagement impacts a company’s bottom line as well as the quality of work life for employees.
    • Employee engagement surveys often fail to provide the value you are hoping for because they are treated like an annual project that quickly loses steam.
    • The responsibility for fixing the issues identified falls to HR, and ultimately HR has very little control over an employee’s concerns with their day-to-day role.

    Our Advice

    Critical Insight

    • HR and the executive team have been exclusively responsible for engagement for too long. Since managers have the greatest impact on employees, they should also be primarily responsible for employee engagement.
    • In most organizations, managers underestimate the impact they can have on employee engagement, and assume that the broader organization will take more meaningful action.
    • Improving employee engagement may be as simple as improving the frequency and quality of the “3Is”: informing employees about the why behind decisions, interacting with them on a personal level, and involving them in decisions that affect them.

    Impact and Result

    • Managers have the greatest impact on employee engagement as they are in a unique situation to better understand what makes employees tick.
    • If employees have a good relationship with their manager, they are much more likely to be engaged at work which ultimately leads to increases in revenue, profit, and shareholder return.

    Help Managers Inform, Interact, and Involve on the Way to Team Engagement Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Get more involved in analyzing and improving team engagement

    Improve employee engagement and ultimately the organization’s bottom line.

    • Storyboard: Help Managers Inform, Interact, and Involve on the Way to Team Engagement

    2. Gather feedback from employees

    Have a productive engagement feedback discussion with teams.

    • Engagement Feedback Session Agenda Template

    3. Engage teams to improve engagement

    Facilitate effective team engagement action planning.

    • Action Planning Worksheet

    4. Gain insight into what engages and disengages employees

    Solicit employee pain points that could potentially hinder their engagement.

    • Stay Interview Guide

    5. Get to know new hires on a more personal level

    Develop a stronger relationship with employees to drive engagement.

    • New Hire Conversation Guide
    [infographic]

    Improve Application Development Throughput

    • Buy Link or Shortcode: {j2store}151|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $59,399 Average $ Saved
    • member rating average days saved: 39 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • The business is demanding more features at an increasing pace. It is expecting your development teams to keep up with its changing needs while maintaining high quality.
    • However, your development process is broken. Tasks are taking significant time to complete, and development handoffs are not smooth.

    Our Advice

    Critical Insight

    • Lean development is independent of your software development lifecycle (SDLC) methodology. Lean development practices can be used in both Agile and Waterfall teams.
    • Lean isn’t about getting rid of sound development processes. Becoming lean means fine-tuning the integration of core practices like coding and testing.
    • Lean thinking motivates automation. By focusing on optimizing the development process, automation becomes a logical and necessary step toward greater maturity and improved throughput.

    Impact and Result

    • Gain a deep understanding of lean principles and associated behaviors. Become familiar with the core lean principles and the critical attitudes and mindsets required by lean. Understand how incorporating DevOps and Agile principles can help your organization.
    • Conduct a development process and tool review. Use a value-stream analysis of your current development process and tools to reveal bottlenecks and time-consuming or wasteful tasks. Analyze these insights to identify root causes and the impact to product delivery.
    • Incorporate the right tools and practices to become more lean. Optimize the key areas where you are experiencing the most pain and consuming the most resources. Look at how today’s best development and testing practices (e.g. version control, branching) and tools (e.g. automation, continuous integration) can improve the throughput of your delivery pipeline.

    Improve Application Development Throughput Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should make development teams leaner, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Conduct a current state analysis

    Acquire a holistic perspective of the development team, process, and tools to identify the bottlenecks and inefficiency points that are significantly delaying releases.

    • Improve Application Development Throughput – Phase 1: Conduct a Current State Analysis
    • Lean Implementation Roadmap Template
    • Lean Development Readiness Assessment

    2. Define the lean future state

    Identify the development guiding principles and artifact management practices and build automation and continuous integration processes and tools that best fit the context and address the organization’s needs.

    • Improve Application Development Throughput – Phase 2: Define the Lean Future State

    3. Create an implementation roadmap

    Prioritize lean implementation initiatives in a gradual, phased approach and map the critical stakeholders in the lean transformation.

    • Improve Application Development Throughput – Phase 3: Create an Implementation Roadmap
    [infographic]

    Workshop: Improve Application Development Throughput

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Conduct a Current State Analysis

    The Purpose

    Assess the current state of your development environment.

    Select a pilot project to demonstrate the value of your optimization.

    Key Benefits Achieved

    Realization of the root causes behind the bottlenecks and inefficiencies in your current development process.

    Valuation of your current development tools.

    Selection of a pilot project that will be used to gather the metrics in order obtain buy-in for wider optimization initiatives.

    Activities

    1.1 Assess your readiness to transition to lean development.

    1.2 Conduct a SWOT analysis and value-stream assessment of your current development process.

    1.3 Evaluate your development tools.

    1.4 Select a pilot project.

    Outputs

    Lean development readiness assessment

    Current state analysis of development process

    Value assessment of existing development tools

    Pilot project selection

    2 Define Your Lean Future State

    The Purpose

    Establish your development guiding principles.

    Enhance the versioning and management of your development artifacts.

    Automatically build and continuously integrate your code.

    Key Benefits Achieved

    Grounded and well-understood set of guiding principles that are mapped to development tasks and initiatives.

    Version control strategy of development artifacts, including source code, adapted to support lean development.

    A tailored approach to establish the right environment to support automated build, testing, and continuous integration tools.

    Activities

    2.1 Assess your alignment to the lean principles.

    2.2 Define your lean development guiding principles.

    2.3 Define your source code branching approach.

    2.4 Define your build automation approach.

    2.5 Define your continuous integration approach.

    Outputs

    Level of alignment to lean principles

    Development guiding principles

    Source code branching approach

    Build automation approach.

    Continuous integration approach

    3 Create Your Implementation Roadmap

    The Purpose

    Prioritize your optimization initiatives to build an implementation roadmap.

    Identify the stakeholders of your lean transformation.

    Key Benefits Achieved

    Phased implementation roadmap that accommodates your current priorities, constraints, and enablers.

    Stakeholder engagement strategy to effectively demonstrate the value of the optimized development environment.

    Activities

    3.1 Identify metrics to gauge the success of your lean transformation.

    3.2 List and prioritize your implementation steps.

    3.3 Identify the stakeholders of your lean transformation.

    Outputs

    List of product, process, and tool metrics

    Prioritized list of tasks to optimize your development environment

    Identification of key stakeholders

    Customer Service Management Software Selection Guide

    • Buy Link or Shortcode: {j2store}530|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • The business is unaware of cross-selling opportunities across multiple product lines.
    • Customer service staff attrition rates continue to be high, creating longer response delays for voice channels.
    • Customer service responses are reactive in nature, reinforcing a poor culture for customer experience.

    Our Advice

    Critical Insight

    • After-sales customer service is critical for creating, maintaining, and growing customer relationships. Organizations that fail to provide adequate service will be ill positioned for future customer service and sales efforts.
    • Shift left toward delivering predictive service instead of reactive service to enhance customer experiences.
    • Ensure your key performance indicators accurately reflect the incentives you want to give your customer support staff for delivering appropriate customer service.

    Impact and Result

    • Determine your organization’s customer service maturity (and thus if a standalone CSM tool is relevant).
    • Understand key trends and differentiating features in the CSM marketspace.
    • Evaluate major vendors in the CSM marketspace to discover the best-fitting provider.

    Customer Service Management Software Selection Guide Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Customer Service Management Software Selection Guide – A guide to walk you through the process of selecting CSM software.

    This trends and buyer’s guide will help you:

    • Customer Service Management Software Selection Guide Storyboard

    2. CSM Platform RFP Template – A template to provide vendors with a detailed account of the requirements and the expected capabilities of the desired suite.

    Create your own request for proposal (RFP) for your customer service management suite procurement process by customizing Info-Tech's RFP template.

    • CSM Platform RFP Template

    3. CSM Platform Opportunity Assessment Tool – A tool to assess whether a CSM solution is right for your organization.

    Use this tool to assess your maturity and fit for a CSM solution. It will help identify your current CSM state and assist with the decision to move forward with a new solution or augment certain features.

    • CSM Platform Opportunity Assessment Tool

    4. Software Selection Workbook – A workbook to document your progress as your select software.

    Keep stakeholders engaged with simple and friction-free templates to document your progress for Rapid Application Selection.

    • The Software Selection Workbook

    5. Vendor Evaluation Workbook – A workbook to assess vendor capabilities and compare vendors.

    Leverage a traceable and straightforward Vendor Evaluation Workbook to narrow the field of potential vendors and accelerate the application selection process.

    • The Vendor Evaluation Workbook

    6. CSM Platform RFP Scoring Tool – A tool to support your business in objectively evaluating the CSM vendors being considered for procurement.

    Create an objective and fair scoring process to evaluate the RFPs and demonstrations provided by shortlisted vendors. Within this framework, provide a multidimensional evaluation that analyzes the solution's functional capabilities, architecture, costs, service support, and overall suitability in comparison to the organization's expressed requirements.

    • CSM Platform RFP Scoring Tool

    7. CSM Platform Vendor Demo Script Template – A template to support your business’ evaluation of vendors and their solutions with an effective demonstration.

    Create an organized and streamlined vendor demonstration process by clearly outlining your expectations for the demo. Use the demo as an opportunity to ensure that capabilities expressed by vendors are actually present within the considered solution.

    • CSM Platform Vendor Demo Script Template
    [infographic]

    Further reading

    Customer Service Management Software Selection

    Market trends and buyer’s guide

    Analyst Perspective

    The pandemic and growing younger demographic have shifted the terrain of customer service delivery. Customer service management (CSM) tools ensure organizations enhance customer acquisition, customer retention, and overall revenues into the future.

    It is one thing to research customer service best practices; it is another to experience such service. Whether being put on hold for an hour with a telecommunications company, encountering voice biometric security with a bank, or receiving automated FAQs from a chatbot, we all perform our own primary research in customer service by going about our daily lives. Yet while the pandemic required a shift to this multichannel and digital assistant environment (to account for ongoing agent attrition), this trend was actually just accelerated. A growing younger demographic now prefers online communication channels to voice. Social media (whichever the platform) is a fundamental part of this demographic’s online presence and has instigated the need for customer service delivery to meet customers where they are – for both damage control and enhancing customer relationships.

    Organizations delivering customer service across multiple product lines need to examine what delivery channels they need to satisfy customers, alongside assessing how customer loyalty and cross-selling can increase revenues and company reputation. Customer service management tools can assist and enable the future state.

    Thomas Randall, Ph.D., Research Director

    Thomas Randall, Ph.D.
    Research Director, Info-Tech Research Group

    Executive Summary

    Your Challenge Common Obstacles Info-Tech’s Solution
    • The business is unaware of cross-selling opportunities across multiple product lines.
    • Customer service staff attrition rates continue to be high, creating longer response delays for voice channels.
    • Customer service responses are reactive in nature, reinforcing a poor culture for customer experience.
    • It is not clear if a CSM tool would resolve the business’ challenges or if a better-fitting technology solution is preferable (such as a customer relationship management add-on).
    • The business does not know its customer service maturity well enough to assess the feasibility of adopting a CSM tool.
    This trends and buyer’s guide will help you:
    1. Determine your organization’s customer service maturity (and thus if a standalone CSM tool is relevant).
    2. Understand key trends and differentiating features in the CSM marketspace.
    3. Evaluate major vendors in the CSM marketspace to discover the best-fitting provider.

    The objective at the end of the day is to have a single interface that the front-line staff interacts with. I think that is the holy grail when we look at CSM technology. The objective that everyone has in mind is we'd all like to get to one screen and one window. Ultimately, the end game really hasn't changed: How can we make it easy for the agents and how can we minimize their errors? How can we streamline the process so they can work?
    Colin Taylor, CEO, The Taylor Reach Group

    Customer service management tools form an integral part of your CXM technology portfolio

    Customer service management tools are an integral part of CXM

    Info-Tech’s methodology for selecting the right CSM platform

    1. Contextualize the CSM Landscape 2. Select the Right CSM Vendor
    Phase Steps
    1. Define CSM tools.
    2. Explore CSM trends.
    3. Understand if CSM tools are a good fit for your organization.
    1. Build the business case.
    2. Streamline requirements elicitation for CSM.
    3. Construct the request for proposal (RFP)/vendor evaluation workbook.
    Phase Outcomes
    1. Consensus on scope of CSM and key CSM capabilities
    2. Identify your customer service maturity and use for CSM tools
    1. CSM business case
    2. High-value use cases and requirements
    3. CSM RFP/vendor evaluation workbook

    Info-Tech Insight
    Need help constructing your RFP? Use Info-Tech’s CSM Platform RFP Template!

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Discover if CSM tools are right for your organization. Understand what a CSM platform is and discover the “art of the possible.”

    Call #2: Identify right-sized vendors and build the business case to select a CSM platform.

    Call #3: Define your key CSM requirements.

    Call #4: Build procurement items, such as an RFP and demo script.

    Call #5: Evaluate vendors and perform final due diligence.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    The CSM selection process should be broken into segments:

    1. CSM vendor shortlisting with this buyer’s guide
    2. Structured approach to selection
    3. Contract review

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to his the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options

    Software Selection Engagement

    Five Advisory Calls Over a Five-Week Period to Accelerate Your Selection Process

    Expert analyst guidance over five weeks on average to select and negotiate software

    Save money, align stakeholders, speed up the process, and make better decisions

    Use a repeatable, formal methodology to improve your application selection process

    Better, faster results, guaranteed, included in membership

    Five advisory calls over a five week period to accelerate your selection process

    Book Your Selection Engagement

    Software Selection Workshops

    40 Hours of Advisory Assistance Delivered Online

    Select Better Software, Faster

    40 hours of expert analyst guidance

    Project & stakeholder management assistance

    Save money, align stakeholders, speed up the process, and make better decisions

    Better, faster results, guaranteed, $25,000 standard engagement fee

    Software selection workshops

    Book Your Workshop Engagement

    Customer Service Management (CSM) Software

    Phase 1: Contextualize the CSM Landscape

    Receive and resolve after-sales requests within a unified CSM platform

    MULTIPLE CHANNELS
    Customers may resolve their issues via a variety of channels, including voice, SMS, email, social media, and live webchat.
    KNOWLEDGE BASE
    Provide a knowledge base for FAQs that is both customer facing (via customer portal) and agent facing (for live resolutions).
    ANALYTICS
    Track customer satisfaction, agent performances, ticket resolutions, backlogs, traffic analysis, and other key performance indicators (KPIs).
    COLLABORATION
    Enable agents to escalate and collaborate within a unified platform (e.g. tagging colleagues to flag a relevant customer query).

    Info-Tech Insight
    After-sales customer service is critical for creating, maintaining, and growing customer relationships. Organizations that fail to provide adequate service will be poorly positioned for future customer service and sales efforts.

    Identify your differentiating CSM requirements that align to your use cases

    INTEGRATIONS
    Note what integrations are available for your contact center, CRM, or industry-specific solutions (e.g. inventory management) to get the most out of CSM.

    SENTIMENT ANALYSIS
    Reads, contextualizes, and categorizes tickets by sentiment (e.g. “positive”) before escalating to an appropriate agent.

    AUTO-RESPONSE EDITOR
    Built-in AI provides prewritten responses or auto-pulls the relevant knowledge article, assisting agents with speed to resolution.

    ATTRIBUTES-BASED ROUTING
    Learns over time how best to route tickets to appropriate agents based on skills, availability, or proximity of an agent (e.g. multilingual, local, or specialist agents).

    AUTOMATED WORKFLOWS
    CSM tool providers have varying usability for workflow building and enablement. Ensure your use cases align.

    TICKET PRIORITIZATION
    Adapts and prioritizes customer issues by service-level agreement (SLA), priority, and severity according to inputted KPIs.

    Good technology will not fix a bad process. I don't care how good the technology is. If the use case is wrong and the process is wrong, it's not going to work.
    Colin Taylor, CEO
    The Taylor Reach Group

    Leverage CSM tools to shift left toward predictive customer service

    Real-time Pre-event Post-event
    Channel example: Notifications via SMS or social media. Channel example: Notifications via SMS or social media. Channel example: Working with an agent or live chatbot. Channel example: Working with an agent or live chatbot.
    “Your car may need a check-up for faulty parts.” “Here is a local garage to fix your tire pressure.” “I see you have poor tire pressure. Here is a local garage.” “Thank you for your patience, how can we help?”
    Predictive Service
    The CSM recommends mitigation options to the customer before the issue occurs and before the customer knows they need it.
    Proactive Service
    The issue occurs but the CSM recommends mitigation options to the customer before the customer contacts the organization.
    Real-Time Service
    The organization offers real-time mitigation options while working with the customer to resolve the issue.
    Reactive Service
    The customer approaches the organization after the issue occurs, but the organization has no insight into the event.

    Selecting a CSM tool should form part of your broader CXM strategy

    Organizations should ask whether they need a standalone CSM solution or a CSM as part of a broader suite of CXM tools. The latter is especially relevant if your organization already invests in a CXM platform.

    Matrix of CMS tools as part of CXM strategy

    CSM tools are best-suited for organizations with high product and service complexity

    Customer Service Complexity

    Low complexity refers to primarily transactional inquiries. High complexity refers to service workflows for symptom analysis, problem identification, and solution delivery.

    Product Complexity

    High complexity refers to having a large number of brands and individual SKUs, technologically complex products, and products with many add-ons.

    A matrix showing that a standalone CSM tool is best where customer service complexity and product complexity are both high.

    Info-Tech Insight
    Use Info-Tech’s CSM Platform Opportunity Assessment Tool to discover your organization’s customer service maturity.

    Activity: Discover your customer service maturity

    30 minutes

    1. Complete the CSM Platform Opportunity Assessment Tool.
    2. Evaluate your result and document whether a CSM business case is warranted (or if a separate technology selection process is needed).
    Input Output
    • Understanding of the current state and how complex the organization’s product line and help desk support are
    • Ranking of the importance of each decision point
    • Assessment results that provide a high-level view of whether your organization’s product and customer service complexity warrant a standalone CSM tool
    Materials Participants
    • CSM Platform Opportunity Assessment Tool
    • Shared screen or projection
    • Customer support analyst(s)
    • Infrastructure and Operations lead(s)
    • Representative customer support staff
    • Product management analyst(s)

    Download the CSM Platform Opportunity Assessment Tool

    Finalize whether your organization is well positioned to leverage CSM tools

    Bypass Adopt
    Monochannel approach
    You do not participate in multichannel campaigns or your customer personas are typically limited to one or two channels (e.g. voice or SMS).
    Multichannel approach
    You are pursuing multifaceted, customer-specific campaigns across a multitude of channels.
    Small to mid-sized business with small CX team
    Do not buy what you do not need. Focus on the foundations of customer experience (CX) first before extending into a full-fledged CSM tool.
    Maturing CX department
    Customer service needs are extending into managing budgets, generating and segmenting leads, and measuring channel effectiveness.
    Limited product range
    CSM tools typically gain return on investment (ROI) if the organization has a complex product range and is looking to increase cross-sell opportunities across different customer personas.
    Multiple product lines
    Customer base and product lines are large enough to engage in opportunities for cross- and up-selling.

    Case Study

    AkzoNobel

    INDUSTRY
    Retail

    SOURCE
    Sprinklr (2021)

    Use CSM tools to unify the multichannel experience and reduce response time.

    Challenge Solution Results
    AzkoNobel is a leading global paints and coatings company. AzkoNobel had 60+ fragmented customer service accounts on social media for multiple brands. There was little consistency in customer experience and agent responses. Moreover, the customer journey was not being tracked, resulting in lost opportunities for cross-selling across brands. The result: slow response times (up to one week) and unsatisfied customers, leaving the AzkoNobel brand in a vulnerable state.

    AkzoNobel leveraged Sprinklr, a customer experience software provider, to unify six social channels, 19 accounts, and six brands. Sprinklr aligned governance across social media channels with AzkoNobel’s strategic business goals, emphasizing the need for process, increasing revenue, and streamlining customer service.

    AzkoNobel was able to use keywords from customers’ inbound messaging to put an escalation process in place.

    Since bringing on Sprinklr in 2015-2016, unifying customer service channels under one multichannel platform resulted in:

    • 172% increase in customer engagement.
    • 133% increase in post comments.
    • 80% reduced response times.
    • 47% of inquiries answered within five minutes.
    • $18,500 added revenues via social media responses.

    How it got here: The birth of CSM tools

    CSM developed alongside the telephone and call center, rather than customer relationship management platforms.

    1920s 1950s 1967-1973 1980-1990s 2000-2010s
    The introduction of lines of credit and growth of household appliance innovations meant households were buying products at an unprecedented rate. Department stores would set up customer service sections to assist with live fixes or returns. Following the Great Depression and World War II, process, efficiency, and computational technology became defining features of customer service. These features were played out in call centers as automatic call distribution (ACD) technology began to scale. With the development of private automatic branch exchange (PABX), AT&T introduced the toll-free telephone number. Companies began training staff and departments for customer service and building loyalty. With the development of interactive voice response (IVR) in 1973, call centers became increasingly more efficient at routing. Analog technology shifted to digital and the term “contact center” was coined. These centers began being outsourced internationally. With the advent of the internet, CSM technology (in the early guise of a “help desk”) became equipped with computer telephony integration (CTI). Software as a service (SaaS) and CRM maturation strengthened the retention and organization of customer data. Social media also enhanced consumer power as companies rushed to prevent online embarrassment. This prompted investment in multichannel customer service.

    Where it’s going: The future of CSM tools lies in predictive analytics

    The capabilities below are available today but will mature over the next few years. Use the roadmap as a guide for your year of implementation.

    2023
    Go mobile first
    85% of customers believe a company’s mobile website should be just as good as its desktop website. Enabling user-friendly mobile websites provides an effective channel to keep inbound calls down.

    2024
    Shift from multichannel to omnichannel
    Integrating CSM tools with your broader CXM suite enables customer data to seamlessly travel between channels for an omnichannel experience.

    2025
    Enable predictive service
    CSM tools integrate with Internet of Things (IoT) systems to provide automated notifications that alert staff of issues and mitigate issues with customers before the issue even occurs.

    2026
    Leverage predictive analytics for ML use cases
    Use customers’ historic data and preferences to perform better automated customer service over time (e.g. providing personalized resolutions based on previous customer engagements).

    Context and scenario play a huge role in measuring good customer service. Ensure your KPIs accurately reflect the incentives you want to give your customer support staff for delivering appropriate customer service.
    David Thomas, Customer Service Specialist
    Freedom Mobile
    (Reve Chat, 2022)

    Key trends in CSM technology

    As predictive analytics matures, organizations are making use of CSM tools’ ability to enhance personalization, improve their social media response times, and enable self-service.

    BIOMETRICS
    65% of customers say they would accept voice recognition to authorize their identity when calling a customer support line (GetApp, 2021).

    PERSONALIZATION
    51% of marketers, advocating for personalization across multiple touchpoints saw 300% ROI (KoMarketing, 2020).

    SOCIAL MEDIA
    29% of customers aged 18 to 39 prefer online chat communication before and after purchase (RingCentral, 2020).

    SELF-SERVICE
    92% of customers say they would use a knowledge base for self-service support if it was available (Vanilla, 2020).

    Customer Service Management (CSM) Software

    Phase 2: Select the Right CSM Vendor

    Conduct a business impact assessment to document the case for CSM tool selection

    Business Opportunity
    Determine high-level understanding of the need that must be addressed, along with the project goals and affiliated key metrics. Establish KPIs to measure project success.

    System Diagram
    Determine the impact on the application portfolio and where integration is necessary.

    Risks
    Identify potential blockers and risk factors that will impede selection.

    High-Level Requirements
    Consider the business functions and processes affected.

    People Impact
    Confirm who will be affected by the output of the technology selection.

    Overall Business Case
    Calculate the ROI and the financial implications of the application selection. Highlight the overarching value.

    Activity: Build the business case

    2 hours

    1. Access the Business Impact Assessment within the Software Selection Workbook (linked below). Store the assessment in a shared folder (such as in SharePoint, OneDrive, or Google Drive).
    2. Set aside two hours (does not need to be all at once) to ensure the selection team aligns with the unifying rationale for selection.
    3. Complete the six steps to arrive at a high-level business case. This case can then be shared and communicated with interested parties (e.g. impacted stakeholders).
    InputOutput
    • Drivers for the business opportunity to adopt CSM tools
    • Understanding of key stakeholders
    • Overview of application portfolio
    • Budgetary information
    • Business Impact Assessment, which captures your high-level business case
    MaterialsParticipants
    • Software Selection Workbook
    • Screen sharing or projector
    • Whiteboard and drawing materials
    • Customer support analyst(s)
    • Infrastructure and Operations lead(s)
    • Representative customer support staff
    • Product management analyst(s)

    Download the Software Selection Workbook

    Elicit and prioritize granular requirements for your CSM platform

    Understanding business needs through requirements gathering is key to defining everything about what is being purchased, yet it is an area where people often make critical mistakes.

    Signs of poorly scoped requirements Best practices
    • Requirements focus on how the solution should work instead of what it must accomplish.
    • Multiple levels of detail exist within the requirements, which are inconsistent and confusing.
    • Requirements drill all the way down into system-level detail.
    • Language is technical and dense, leaving some stakeholder groups confused on what they are actually looking for in a solution.
    • Requirements are copied from a market analysis of the art of the possible, abstract from organization’s own customer persona analysis.
    • Get a clear understanding of what the system needs to do and what it is expected to produce. Build customer personas to assist with identifying high-value use cases.
    • Test against the principle of MECE – requirements should be “mutually exclusive and collectively exhaustive.”
    • Use language that is consistent with that of the market and focus on key differentiators – not table stakes.
    • Include the appropriate level of detail, which should be suitable for procurement and sufficient for differentiating vendors.

    Info-Tech Insight
    Review Info-Tech’s requirements gathering methodology to improve your requirements gathering process.

    Choose your route: RFP or otherwise?

    As you gather requirements, decide which procurement route best suits your context.

    RFI (Request for Information) RFQ (Request for Quotation) RFP (Request for Proposal)
    Purpose and Usage

    Gather information about products/services when you know little about what’s available.

    Often followed by an RFP.

    Solicit pricing and delivery information for products/services with clearly defined requirements.

    Best for standard or commodity products/services.

    Solicit formal proposals from vendors to conduct an evaluation and selection process.

    Formal and fair process; identical for each participating vendor.

    Level of Intent

    Fact-finding there is no commitment to engage the vendor.

    Vendors are often reluctant to provide quotes.

    Committed to procure a specific product/service at the lowest price.

    Intent to buy the products/services in the RFP.

    Business case/approval to spend is already obtained.

    Level of Detail High-level requirements and business goals.

    Detailed specifications of what products/services are needed.

    Detailed contract and delivery terms.

    Detailed business requirements and objectives.

    Standard questions and contract term requests for all vendors.

    Response

    Generalized response with high-level product/services.

    Sometimes standard pricing quote.

    Price quote and confirmation of ability to fulfill desired terms.

    Detailed solution description, delivery approach, customized price quote, and additional requested information.

    Product demo and/or hands-on trial.

    Info-Tech Insight
    If you are in a hurry, consider instead issuing Info-Tech’s Vendor Evaluation Workbook. This workbook speeds up the typical procurement process by adding RFP-like requirements (such as operational and technical requirements) while driving the procurement process via emphasis on high-value use cases.

    Download the Vendor Evaluation Workbook

    Activity: Document requirements

    2 hours

    1. Review each tab of Info-Tech’s CSM Platform RFP Scoring Tool to generate use cases and ideas for your requirements building.
    2. Modify and include additional features you may need, using Info-Tech’s CSM Platform RFP Template to assist with structure (if pursuing an RFP process) or Vendor Evaluation Workbook (if an RFP process is not needed). Pay attention to any nonfunctional requirements (such as security or integrations), alongside future trends of CSM. Vendors must be able to scale with your organization’s growth.
    3. You can use the CSM Platform RFP Scoring Tool again when assessing vendor responses.
    Input Output
    • Key use cases that capture your most important customer service support processes
    • Discussion of CSM future trends and differentiating features
    • Confirmation on organization’s significant nonfunctional requirements (e.g. security or integrations)
    • Either a Requirements Workbook to go straight to shortlisted vendor(s) or an RFP document to solicit a broader market response
    Materials Participants
    • CSM Platform RFP Scoring Tool
    • CSM Platform RFP Template
    • Vendor Evaluation Workbook
    • Customer support analyst(s)
    • Infrastructure and Operations lead(s)
    • Other major stakeholders (for requirements elicitation)

    Download the CSM Platform RFP Scoring Tool

    Download the CSM Platform RFP Template

    Once vendor responses are in, turn product demos into investigative interviews

    Avoid vendor glitz and glamour shows by ensuring vendors are concretely applying their solution to your high-value use cases.

    1 Minimize the number of vendors to four to keep up the pace of the selection process.
    2 Provide a demo script that captures your high-value use cases and differentiating requirements.
    3 Ensure demos are booked close together and the selection committee attends all demos.

    Conduct a day of rapid-fire vendor demos

    Zoom in on high-value use cases and answers to targeted questions

    Rapid-fire vendor investigative interview

    Invite vendors to come onsite (or join you via videoconference) to demonstrate the product and answer questions. Use a highly targeted demo script to help identify how a vendor’s solution will fit your organization’s particular business capability needs.

    Give each vendor 90 to 120 minutes to give a rapid-fire presentation. We suggest the following structure:

    • 30 minutes: Company introduction and vision
    • 60 minutes: Walkthrough of two or three high-value demo scenarios
    • 30 minutes: Targeted Q&A from the business stakeholders and procurement team

    To ensure a consistent evaluation, vendors should be asked analogous questions and answers should be tabulated.

    How to challenge the vendors in the investigative interview

    • Change the visualization/presentation.
    • Change the underlying data.
    • Add additional data sets to the artifacts.
    • Test voice quality (if the vendor offers a native telephony channel).
    • Test collaboration capabilities.

    To kick-start scripting your demo scenarios, leverage our CSM Platform Vendor Demo Script Template.

    A vendor scoring model provides a clear anchor point for your evaluation of CRM vendors based on a variety of inputs

    A vendor scoring model is a systematic method for effectively assessing competing vendors. A weighted-average scoring model is an approach that strikes a strong balance between rigor and evaluation speed.

    How do I build a scoring model? What are some of the best practices?
    • Start by shortlisting the key criteria you will use to evaluate your vendors. Functional capabilities should always be a critical category, but you’ll also want to look at criteria such as affordability, architectural fit, and vendor viability.
    • Depending on the complexity of the project, you may break down some criteria into subcategories to assist with evaluation (for example, breaking down functional capabilities into constituent use cases so you can score each one).
    • Once you’ve developed the key criteria for your project, the next step is weighting each criterion. Your weightings should reflect the priorities for the project at hand. For example, some projects may put more emphasis on affordability, others on vendor partnership.
    • Using the information collected in the subsequent phases of this blueprint, score each criterion from 1 to 100, then multiply by the weighting factor. Add up the weighted scores to arrive at the aggregate evaluation score for each vendor on your shortlist.
    • While the criteria for each project may vary, it’s helpful to have an inventory of repeatable criteria that can be used across application selection projects. The next slide contains an example that you can add to or subtract from.
    • Don’t go overboard on the number of criteria: five to ten weighted criteria should be the norm for most projects. The more criteria (and subcriteria) you must score against, the longer it will take to conduct your evaluation. Always remember, link the level of rigor to the size and complexity of your project! It’s possible to create a convoluted scoring model that takes significant time to fill out but yields little additional value.
    • Creation of the scoring model should be a consensus-driven activity among IT, procurement, and the key business stakeholders – it should not be built in isolation. Everyone should agree on the fundamental criteria and weights that are employed.
    • Consider using not just the outputs of investigative interviews and RFP responses to score vendors, but also third-party review services like SoftwareReviews.

    Info-Tech Insight
    Even the best scoring model will still involve some “art” rather than science. Scoring categories such as vendor viability always entail a degree of subjective interpretation.

    Define how you will score vendor responses and demos

    Your key CSM criteria should be informed by the following goals, use cases, and requirements.

    Criteria Description
    Functional Capabilities How well does the vendor align with the top-priority functional requirements identified in your accelerated needs assessment? What is the vendor’s functional breadth and depth?
    Affordability How affordable is this vendor? Consider a three-to-five-year total cost of ownership (TCO) that encompasses not just licensing costs but also implementation, integration, training, and ongoing support costs.
    Architectural Fit How well does this vendor align with your direction from an enterprise architecture perspective? How interoperable is the solution with existing applications in your technology stack? Does the solution meet your deployment model preferences?
    Extensibility How easy is it to augment the base solution with native or third-party add-ons as your business needs may evolve?
    Scalability How easy is it to expand the solution to support increased user, data, and/or customer volumes? Does the solution have any capacity constraints?
    Vendor Viability How viable is this vendor? Are they an established player with a proven track record or a new and untested entrant to the market? What is the financial health of the vendor? How committed are they to the particular solution category?
    Vendor Vision Does the vendor have a cogent and realistic product roadmap? Are they making sensible investments that align with your organization’s internal direction?
    Emotional Footprint How well does the vendor’s organizational culture and team dynamics align to yours?
    Third-Party Assessments and/or References How well-received is the vendor by unbiased third-party sources like SoftwareReviews? For larger projects, how well does the vendor perform in reference checks (and how closely do those references mirror your own situation)?

    Leverage Info-Tech’s Contract Review Services to level the playing field with shortlisted vendors

    You may be faced with multiple products, services, master service agreements, licensing models, service agreements, and more.

    Use Info-Tech’s Contract Review Services to gain insights on your agreements.

    Consider the aspects of a contract review:

    1. Are all key terms included?
    2. Are they applicable to your business?
    3. Can you trust that results will be delivered?
    4. What questions should you be asking from an IT perspective?

    Validate that a contract meets IT’s and the business’ needs by looking beyond the legal terminology. Use a practical set of questions, rules, and guidance to improve your value for dollar spent.

    Book Contract Review Service

    Download Master Contract Review and Negotiation for Software Agreements

    Customer Service Management (CSM) Software

    Vendor Analysis

    Evaluate software category leaders through vendor rankings and awards

    SoftwareReviews

    The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.

    Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.

    The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.

    Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

    Speak with category experts to dive deeper into the vendor landscape

    SoftwareReviews

    Fact-based reviews of business software from IT professionals.

    Product and category reports with state-of-the-art data visualization.

    Top-tier data quality backed by a rigorous quality assurance process.

    User-experience insight that reveals the intangibles of working with a vendor.

    SoftwareReviews is powered by Info-Tech

    Technology coverage is a priority for Info-Tech, and SoftwareReviews provides the most comprehensive, unbiased data on today’s technology. Combined with the insight of our expert analysts, our members receive unparalleled support in their buying journey.

    Click here to access SoftwareReviews

    Comprehensive software reviews to make better IT decisions

    We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.

    Microsoft Dynamics 365

    Est. 2003 | WA, USA | MSFT:NASDAQ

    Bio

    To accelerate your digital transformation, you need a new type of business application. One that breaks down the silos between CRM and ERP, that’s powered by data and intelligence, and helps capture new business opportunities. That’s Microsoft Dynamics 365.

    Offices

    Microsoft is located all over the world. For a full list, see Microsoft Worldwide Sites.

    representative Customers

    Stated Industry Specializations

    • Covers an extremely wide range of industries, such as finance, education, government, healthcare, manufacturing, and retail.

    Software review for Microsoft

    SoftwareReviews’ CSM Enterprise Vendor Ranking
    (out of 7)

    Likeliness to Recommend

    • 7th (81%)

    Plan to Renew

    • 6th (93%)

    Satisfaction That Cost Is Fair Relative to Value

    • 2nd (81%)

    Strengths

    • Product Strategy and Rate of Improvement (1st)
    • Ease of Customization (1st)
    • Breadth of Features (2nd)

    Areas to Improve

    • Availability and Quality of Training (5th)
    • Ease of Implementation (7th)
    • Usability and Intuitiveness (7th

    Microsoft Dynamics 365

    History

    Founded 2003 (as Microsoft Dynamics CRM)
    2005 Second version branded Dynamics 3.0.
    2009 Dynamics CRM 4.0 (Titan) passes 1 million user mark.
    2015 Announces availability of CRM Cloud design for FedRAMP compliance.
    2016 Dynamics 365 released as successor to Dynamics CRM.
    2016 Microsoft’s acquisition of LinkedIn provides line of data to 500 million users.
    2021 First-party voice channel added to Dynamics 365.
    2022 Announces Digital Contact Center Platform powered with Nuance AI, MS Teams, and Dynamics 365.

    Microsoft is rapidly innovating in the customer experience technology marketspace. Alongside Dynamics 365’s omnichannel offering, Microsoft is building out its own native contact center platform. This will provide new opportunities for centralization without multivendor management between Dynamics 365, Microsoft Teams, and an additional third-party telephony or contact-center-as-a-service (CCaaS) vendor. SoftwareReviews reports suggest that Microsoft is a market leader in the area of product innovation for CSM, and this area of voice channel capability is where I see most industry interest.

    Of course, Dynamics 365 is not a platform to get only for CSM functionality. Users will typically be a strong Microsoft shop already (using Dynamics 365 for customer relationship management) and are looking for native CSM features to enhance customer service workflow management and self-service.
    Thomas Randall
    Research Director, Info-Tech Research Group

    Info-Tech Insight
    Pricing for Microsoft Dynamics 365 is often contextualized to an organization’s needs. However, this can create complicated licensing structures. Two Info-Tech resources to assist are:

    *This service may be used for other enterprise CSM providers too, including Salesforce, ServiceNow, SAP, and Oracle.
    Contact your account manager to review your access to this service.

    Freshworks

    Est. 2010 | CA, USA | FRSH:NASDAQ

    Bio

    Freshworks' cloud-based customer support software, Freshdesk, makes customer happiness refreshingly easy. With powerful features, an easy-to-use interface, and a freemium pricing model, Freshdesk enables companies of all sizes to provide a seamless multichannel support experience across email, phone, web, chat, forums, social media, and mobile apps. Freshdesk’s capabilities include robust ticketing, SLA management, smart automations, intelligent reporting, and game mechanics to motivate agents.

    Offices

    • Americas: US
    • Asia-Pacific (APAC): Australia, India, Singapore
    • Europe, Middle East, and Africa (EMEA): France, Germany, Netherlands, UK

    Freshworks Representative Customers

    Stated Industry Specializations

    • Automotive
    • Education
    • Energy
    • Finance
    • Healthcare
    • Nonprofit
    • Professional Services
    • Publishing
    • Real Estate
    • Retail
    • Travel

    Software Review of Freshworks

    SoftwareReviews’ CSM Enterprise Vendor Ranking
    (out of 7)

    Likeliness to Recommend

    • 3rd (83%)

    Plan to Renew

    • 4th (94%)

    Satisfaction That Cost Is Fair Relative to Value

    • 3rd (80%)

    Strengths

    • Breadth of Features (1st)
    • Usability and Intuitiveness (1st)
    • Ease of Implementation (2nd)

    Areas to Improve

    • Ease of IT Administration (3rd)
    • Vendor Support (4th)
    • Product Strategy and Rate of Improvement (4th)

    Freshworks

    History

    Founded 2010
    2011 Freshdesk forms a core component of product line.
    2014 Raises significant capital in Series D round: $31M.
    2016 Acquires Airwoot, enabling real-time customer support on social media.
    2019 Raises $150M in Series H funding round.
    2019 Acquires Natero, which predicts, analyzes, and drives customer behavior.
    2021 Surpasses $300M in annual recurring revenues.
    2021 Freshworks posts its IPO listing.

    Freshworks stepped into the SaaS customer support marketspace in 2010 to attract dissatisfied Zendesk eSupport customers, following Zendesk’s large price increases that year (of 300%). After performing well during the pandemic, Freshworks has reinforced its global positioning in the CSM tool marketspace; SoftwareReviews data suggests Freshworks performs very well against its competitors for breadth and intuitiveness of its features.

    Freshworks receives strong recommendations from Info-Tech’s members, boasting a broad product selection that enables opportunities for scaling and receiving a high rate of value return. Of note are Freshworks’ internal customer management solution and its native contact center offering, limiting multivendor management typically required for integrating separate IT service management (ITSM) and CCaaS solutions.
    Thomas Randall
    Research Director, Info-Tech Research Group

    Free Growth Pro Enterprise
    • $0 up to 10 agents
    • Knowledge base
    • Ticket routing
    • Out-of-box analytics
    • $15 agent/month
    • Collision detection
    • Integrations
    • Automated follow-ups
    • $49 agent/month
    • Multiple product lines
    • Personalization
    • CSAT surveys
    • Customer journey
    • $79 agent/month
    • Assist bot and email bot
    • Skill-based routing

    *Pricing correct as of November 2022. Listed in USD and absent discounts.
    See pricing on vendor’s website for latest information.

    Help Scout

    Est. 2006 | MA, USA | HUBS:NYSE

    Bio
    Help Scout is designed with your customers in mind. Provide email and live chat with a personal touch and deliver help content right where your customers need it, all in one place, all for one low price. The customer experience is simple and training staff is painless, but Help Scout still has all the powerful features you need to provide great support at scale. With best-in-class reporting, an integrated knowledge base, 50+ integrations, and a robust API, Help Scout lets your team focus on what really matters: your customers.

    Offices

    • Americas: Canada, Colombia, US
    • APAC: Australia, Japan, Singapore
    • EMEA: Belgium, France, Ireland, Germany, UK

    Questions for support transition

    Stated Industry Specializations

    • eCommerce
    • Education
    • Finance
    • Healthcare
    • Logistics
    • Manufacturing
    • Media
    • Professional Services
    • Property Management
    • Software

    Software Review of Help Scout

    SoftwareReviews’ CSM Enterprise Vendor Ranking
    (out of 7)

    Likeliness to Recommend

    • 4th (82%)

    Plan to Renew

    • 7th (87%)

    Satisfaction That Cost Is Fair Relative to Value

    • 7th (71%)

    Strengths

    • Business Value Created (1st)
    • Ease of Data Integration (1st)
    • Breadth of Features (3rd)

    Areas to Improve

    • Ease of IT Administration (5th)
    • Product Strategy and Rate of Improvement (5th)
    • Quality of Features (6th)

    Help Scout

    History

    Founded 2011
    2015 Raised $6M in Series A funding.
    2015 Rebrands from Brightwurks to Help Scout.
    2015 Named by Appstorm as one of six CSM tools to delight Mac users.
    2016 iOS app released.
    2017 Android app released.
    2020 All employees instructed to work remotely.
    2021 Raises $15M in Series B funding.

    Help Scout provides a simplified, standalone CSM tool that operates like a shared email inbox. Best suited for mid-sized organizations, customers can expect live chat, in-app messaging, and knowledge-base functionality. A particular strength is Help Scout’s integration capabilities, with a wide range of CRM, eCommerce, marketing, and communication APIs available. This strength is also reflected in the data: SoftwareReviews lists Help Scout as first in its CSM category for ease of data integrations.

    Customers who are expecting a broader range of channels (including voice, video cobrowsing, and so on) will not find good return on investment with Help Scout. However, for mid-sized organizations looking to begin maturing their customer service management, Help Scout provides a strong foundation – especially for enhancing in-house collaboration between support staff.
    Thomas Randall
    Research Director, Info-Tech Research Group

    Standard Plus Pro
    • $20 user/month
    • Live chat
    • Up to 25 users
    • 50+ integrations
    • 2 mailboxes
    • $40 user/month
    • Advanced permissions
    • Group users
    • 5 mailboxes
    • $65 user/month
    • HIPAA compliance
    • Onboarding service
    • Dedicated account manager

    *Pricing correct as of November 2022. Listed in USD and absent discounts.
    See pricing on vendor’s website for latest information.

    HubSpot

    Est. 2006 | MA, USA | HUBS:NYSE

    Bio
    HubSpot’s Service Hub brings all your customer service data and channels together in one place and helps scale your support through automation and self-service. The result? More time for proactive service that delights, retains, and grows your customer base. HubSpot provides software and support to help businesses grow better. The overall platform includes marketing, sales, service, and website management products that start free and scale to meet our customers’ needs at any stage of growth.

    Offices

    • Americas: Canada, Colombia, US
    • APAC: Australia, Japan, Singapore
    • EMEA: Belgium, France, Ireland, Germany, UK

    HubSpot Representative Customers

    Stated Industry Specializations

    • Covers an extremely wide range of industries, such as finance, education, healthcare, manufacturing, and retail.

    Software Review for HubSpot

    SoftwareReviews’ CSM Enterprise Vendor Ranking
    (out of 7)

    Likeliness to Recommend

    • 1st (88%)

    Plan to Renew

    • 1st (98%)

    Satisfaction That Cost Is Fair Relative to Value

    • 5th (78%)

    Strengths:

    • Vendor Support (1st)
    • Availability and Quality of Training (1st)
    • Ease of IT Administration (1st)

    Areas to Improve:

    • Ease of Data Integration (5th)
    • Ease of Customization (5th)
    • Breadth of Features (7th)

    HubSpot

    History

    Founded 2006
    2013 Opens first international office in Ireland.
    2014 First IPO listing on NYSE, raising $140M.
    2015 Milestone for acquiring 15,000 customers
    2017 Acquires Kemvi for AI and ML support for sales teams.
    2019 Acquires PieSync for customer data synchronization.
    2021 Yamini Rangan is announced as new CEO.
    2021 Records $1B in revenues.

    HubSpot is a competitive player in the enterprise sales and marketing technology market. Offering an all-in-one platform, HubSpot allows users to leverage its CRM, marketing solutions, content management tool, and CSM tool. Across knowledge management, contact center integration, and customer self-service, SoftwareReviews data pits HubSpot as performing better than its enterprise competitors.

    While customers can leverage HubSpot’s CSM tool independently, watch out for scope creep. HubSpot’s other offerings are tightly integrated and module extensions could quickly add up in price. HubSpot may not be affordable for most regional, mid-sized organizations, and a poor ROI may be expected. For instance, the Pro plan is required to get a knowledge base, which is typically a standard CSM feature – yet the same plan also comes with multicurrency support, which could remain unleveraged.
    Thomas Randall
    Research Director, Info-Tech Research Group

    Free Starter Pro Enterprise
    • $0 month
    • Ticketing
    • Live chat
    • 200 notifications per month
    • $45 month
    • 5,000 email templates
    • White label
    • 500 calling minutes
    • $450 month
    • 30 currencies
    • Knowledge base
    • Up to 300 workflows
    • $1,200 month
    • Conversation intelligence
    • SSO

    *Pricing correct as of November 2022. Listed in USD and absent discounts.
    See pricing on vendor’s website for latest information.

    Salesforce

    Est. 1999 | CA, USA | CRM:NYSE

    Bio

    Service Cloud customer service software gives you faster, smarter customer support. Salesforce provides customer relationship management software and applications focused on sales, customer service, marketing automation, analytics, and application development.

    Offices

    • Americas: US
    • APAC: Australia, India, Singapore
    • EMEA: France, Germany, Netherlands, UK

    Salesforce Representative Customers

    Stated Industry Specializations

    • Covers an extremely wide range of industries, such as finance, education, government, healthcare, manufacturing, and retail.

    Software Review for Salesforce

    SoftwareReviews’ CSM Enterprise Vendor Ranking
    (out of 7)

    Likeliness to Recommend

    • 6th (81%)

    Plan to Renew

    • 2nd (96%)

    Satisfaction That Cost Is Fair Relative to Value

    • 4th (79%)

    Strengths:

    • Usability and Intuitiveness (5th)
    • Breadth of Features (5th)
    • Ease of Implementation (6th)

    Areas to Improve:

    • Ease of IT Administration (7th)
    • Availability and Quality of Training (7th)
    • Ease of Customization (7th)

    Salesforce

    History

    Founded 1999
    2000 Salesforce launches its cloud-based products.
    2003 The first Dreamforce (a leading CX conference) happens.
    2005 Salesforce unveils AppExchange.
    2013 Salesforce acquires ExactTarget and expands Marketing Cloud offering.
    2016 Salesforce acquires Demandware, launches Commerce Cloud.
    2019 Salesforce acquires Tableau to expand business intelligence capabilities.
    2021 Salesforce buys major collaboration vendor Slack.

    Salesforce was an early disruptor in CRM marketspace, placing a strong emphasis on a SaaS delivery model and end-user experience. This allowed Salesforce to rapidly gain market share at the expense of complacent enterprise application vendors. A series of savvy acquisitions over the years has allowed Salesforce to augment its core Sales and Service Clouds with a wide variety of other solutions, from ecommerce to marketing automation – and recently Slack for internal collaboration.

    Salesforce Service Cloud Voice is now available to take advantage of integrating telephony and voice channels into your CRM. This service is still maturing, though, with Salesforce selecting Amazon Connect as its preferred integrator. However, Connect is not necessarily plug-and-play – it is a communications platform as a service, requiring you to build your own contact center solution. This is either a fantastic opportunity for creativity or a time suck of already tied-up resources.
    Thomas Randall
    Research Director, Info-Tech Research Group

    Service Cloud Essentials Service Cloud Professional Service Cloud Enterprise Service Cloud Unlimited
    • $25 user/month
    • Small businesses after basic functionality
    • $75 user/month
    • Mid-market target
    • $150 user/month
    • Enterprise target
    • Web Services API
    • $300 user/month
    • Strong upmarket feature additions

    *Pricing correct as of November 2022. Listed in USD and absent discounts.
    See pricing on vendor’s website for latest information.

    Zendesk

    Est. 2007 | CA, USA | ZEN:NYSE

    Bio

    Zendesk streamlines your support with time-saving tools like ticket views, triggers, and automations. This helps you get straight to what matters most – better customer service and more meaningful conversations. Today, Zendesk is the champion of great service everywhere for everyone and powers billions of conversations, connecting more than 100,000 brands with hundreds of millions of customers over telephony, chat, email, messaging, social channels, communities, review sites, and help centers.

    Offices

    • Americas: Brazil, Canada, US
    • APAC: Australia, China, India, Indonesia, Japan, Korea, Malaysia, Philippines, Singapore, Thailand, Vietnam
    • EMEA: Denmark, France, Germany, Ireland, Italy, Netherlands, Poland, Spain, Sweden, UK

    Zendesk Representative Customers

    Stated Industry Specializations

    • Education
    • Finance
    • Government
    • Healthcare
    • Manufacturing
    • Media
    • Retail
    • Software
    • Telecommunications

    Software Review for Zendesk

    SoftwareReviews’ CSM Enterprise Vendor Ranking
    (out of 7)

    Likeliness to Recommend

    • 5th (81%)

    Plan to Renew

    • 5th (94%)

    Satisfaction That Cost Is Fair Relative to Value

    • 6th (77%)

    Strengths

    • Ease of IT Administration (2nd)
    • Ease of Implementation (5th)
    • Quality of Features (5th)

    Areas to Improve

    • Business Value Created (7th)
    • Vendor Support (7th)
    • Product Strategy and Rate of Improvement (7th)

    Zendesk

    History

    Founded 2007
    2008 Initial seed funding of $500,000.
    2009 Receives $6M through Series B Funding.
    2009 Relocates from Copenhagen to San Francisco.
    2014 Acquires Zopin Technologies.
    2014 Listed on NYSE.
    2015 Acquires We Are Cloud SAS.
    2018 Launches Zendesk Sell.

    Zendesk is a global player in the CSM tool marketspace and works with enterprises across a wide variety of industries. Unlike some other CSM players, Zendesk provides more service channels at its lowest licensing offer, affording organizations a quicker expansion in customer service delivery without making enterprise-grade investments. However, the price of the lowest licensing offer starts much higher than Zendesk’s competitors; organizations will need to consider if the cost to try Zendesk over an annual contract is within budget.

    Unfortunately, SoftwareReviews data suggests that Zendesk may not always provide that immediate value, especially to mid-sized organizations. Zendesk is rated lower for vendor support and business value created. However, Zendesk provides strong functionality that competes with other enterprise players, and mid-sized organizations are continually impressed with Zendesk’s automation workflows.
    Thomas Randall
    Research Director, Info-Tech Research Group

    *Pricing correct as of November 2022. Listed in USD and absent discounts.
    See pricing on vendor’s website for latest information.

    Team Growth Pro
    • $49 user/month
    • Ticketing
    • Email, voice, SMS, and live chat channels
    • $79 user/month
    • AI-powered knowledge management
    • Self-service portal
    • $99 user/month
    • HIPAA compliance
    • Customizable dashboards

    LiveChat

    Est. 2002 | Poland | WSE:LVC

    Bio

    Manage all emails from customers in one app and save time on customer support. LiveChat is a real-time live-chat software tool for ecommerce sales and support that is helping ecommerce companies create a new sales channel. It serves more than 30,000 businesses in over 150 countries, including large brands like Adobe, Asus, LG, Acer, Better Business Bureau, and Air Asia and startups like SproutSocial, Animoto, and HasOffers.

    Offices

    • Americas: US
    • EMEA: Poland

    LiveChat Representative Customers

    Stated Industry Specializations

    • eCommerce
    • Education
    • Finance
    • Software and IT

    Software Review for LiveChat

    SoftwareReviews’ CSM Midmarket Vendor Ranking
    (out of 8)

    Likeliness to Recommend

    • 1st (93%)

    Plan to Renew

    • 4th (92%)

    Satisfaction That Cost Is Fair Relative to Value

    • 5th (83%)

    Strengths

    • Product Strategy and Rate of Improvement (1st)
    • Usability and Intuitiveness (1st)
    • Breadth of Features (1st)

    Areas to Improve

    • Ease of Implementation (5th)
    • Ease of IT Administration (5th)
    • Ease of Customization (7th)

    LiveChat

    History

    Founded 2002
    2006 50% of company stock bought by Capital Partners.
    2008 Capital Partners sells entire stake to Naspers.
    2011 LiveChat buys back majority of stakeholder shares.
    2013 Listed by Red Herring in group of most innovative companies across Europe.
    2014 Listed on Warsaw Stock Exchange.
    2019 HelpDesk is launched.
    2020 Offered services for free to organizations helping mitigate the pandemic.

    LiveChat’s HelpDesk solution for CSM is a relatively recent solution (2019) that is proving very popular for small to mid-sized businesses (SMBs) – especially across Western Europe. SoftwareReviews’ data shows that HelpDesk is well-rated for breadth of features, usability and intuitiveness, and rate of improvement. Indeed, LiveChat has won and been shortlisted for several awards over the past decade for customer feedback, innovation, and fast growth to IPO.

    When shortlisting LiveChat’s HelpDesk, SMBs should be careful of scope creep. LiveChat offers a range of other solutions that are intended to work together. The LiveChat self-titled product is designed to integrate with HelpDesk to provide ticketing, email management, and chat management. Moreover, LiveChat’s AI-based ChatBot (for automated webchat) comes with additional cost (starting at $52 team/month).
    Thomas Randall
    Research Director, Info-Tech Research Group

    Team Plan Enterprise
    • $29 user/month.
    • Customized canned responses
    • Real-time reporting
    • Request quote
    • White labelling
    • Product training
    • Account manager

    *Pricing correct as of November 2022. Listed in USD and absent discounts.
    See pricing on vendor’s website for latest information.

    ManageEngine

    Est. 1996 | India | Privately Owned

    Bio

    SupportCenter Plus is a web-based customer support software that lets organizations effectively manage customer tickets, their account and contact information, and their service contracts, and in the process provide a superior customer experience. ManageEngine is a division of Zoho.

    Offices

    • Americas: Brazil, Colombia, Mexico, US
    • APAC: Australia, China, India, Japan, Singapore
    • EMEA: Netherlands, Saudi Arabia, South Africa, UAE, UK

    ManageEngine Representative Customers

    Stated Industry Specializations

    • None stated but representative customers cover manufacturing, R&D, real estate, and transportation.

    Software Review for ManageEngine

    SoftwareReviews’ CSM Midmarket Vendor Ranking
    (out of 8)

    Likeliness to Recommend

    • 6th (85%)

    Plan to Renew

    • 5th (91%)

    Satisfaction That Cost Is Fair Relative to Value

    • 6th (83%)

    Strengths

    • Ease of Customization (1st)
    • Ease of Implementation (2nd)
    • Ease of IT Administration (2nd)

    Areas to Improve

    • Quality of Features (4th)
    • Usability and Intuitiveness (6th)
    • Availability and Quality of Training (8th)

    ManageEngine

    History

    Founded 1996
    2002 Branches from Zoho to become division focused on IT management.
    2004 Becomes an authorized MySQL Partner.
    2009 Begins shift of offerings into the cloud.
    2010 Tops 35,000 customers.
    2011 Integration with Zoho Assist.
    2015 Integration with Zoho Reports.

    ManageEngine, as a division of Zoho, has its strengths in IT operations management (ITOM). SupportCenter thus scores well in our SoftwareReviews data for ease of customization, implementation, and administration. As ManageEngine is a frequently discussed low-cost vendor in the ITOM market, customers often get good scalability across IT, sales, and marketing teams. Although SupportCenter is aimed at the midmarket and is low cost, organizations have the benefit of ManageEngine’s global presence and backing by Zoho for viability.

    However, because ManageEngine’s focus is ITOM, the breadth and quality of features for SupportCenter are not rated as well compared to its competitors. These features may be “good enough,” but usability and intuitiveness is not scored high. Organizations thinking about SupportCenter are recommended to identify their high-value use cases and perform user acceptance testing before adopting.
    Thomas Randall
    Research Director, Info-Tech Research Group

    Standard* Pro* Enterprise*
    • Account and contact management
    • Knowledge base
    • SLA management
    • Customer portal
    • Active Directory integration
    • Reporting and dashboards
    • Billing contracts
    • Live chat
    • APIs
    • Automation tools

    *Pricing unavailable. Request quote.
    See pricing on vendor’s website for latest information.

    Zoho Desk

    Est. 1996 | India | Privately Owned

    Bio

    Use the power of customer context to improve agent productivity, promote self-service, manage cross-functional service processes, and increase customer happiness. Zoho offers beautifully smart software to help you grow your business. With over 80 million users worldwide, Zoho's 55+ products (including Zoho Desk) aid your sales and marketing, support and collaboration, finance, and recruitment needs – letting you focus only on your business.

    Offices

    • Americas: Brazil, Colombia, Mexico, US
    • APAC: Australia, China, India, Japan, Singapore
    • EMEA: Netherlands, Saudi Arabia, South Africa, UAE, UK

    Zoho Desk Representative Customers

    Stated Industry Specializations

    • Covers an extremely wide range of industries, such as finance, education, government, healthcare, manufacturing, and retail.

    Software Review for Zoho Desk

    SoftwareReviews’ CSM Midmarket Vendor Ranking
    (out of 8)

    Likeliness to Recommend

    • 2nd (90%)

    Plan to Renew

    • 2nd (98%)

    Satisfaction That Cost Is Fair Relative to Value

    • 3rd (83%)

    Strengths

    • Breadth of Features (2nd)
    • Quality of Features (3rd)
    • Ease of Implementation (3rd)

    Areas to Improve

    • Business Value Created (5th)
    • Ease of Data Integration (5th)
    • Product Strategy and Rate of Improvements (5th)

    Zoho Desk

    History

    Founded 1996
    2001 Expands into Japan and shifts focus to SMBs.
    2006 Zoho CRM is launched, alongside first Office suite.
    2008 Reaches 1M users.
    2009 Rebrands from AdventNet to Zoho Corp.
    2011 Zoho Desk is built and launched.
    2017 Zoho One, a suite of applications, is launched.
    2020 Reaches 50M users.

    Zoho Desk is one of the highest scoring CSM tool providers for likelihood to renew and recommend (98% and 90%, respectively). A major reason is that users receive a broad range of functionality for a lower-cost price model. There is also the capacity to scale with Zoho Desk as midmarket customers expand; companies can grow with Zoho and can receive high return on investment in the process.

    However, while Zoho Desk can be used as a standalone CSM tool, there is danger of scope creep with other Zoho products. Zoho now has 50+ applications, all tied into one another. For Zoho Desk, customers may also lean into Zoho Assist (for troubleshooting customer problems via remote access) and Zoho Lens (for reality-based remote assistance, typically for plant machinery or servers). Consequently, customers should keep an eye on business value created if the scope of CSM grows wider.
    Thomas Randall
    Research Director, Info-Tech Research Group

    Standard Pro Enterprise
    • $14 user/month
    • 1 social media channel
    • 5 workflow rules
    • $23 user/month
    • Telephony channel
    • Round-robin ticket assignment
    • Ticket sharing
    • $40 user/month
    • Live chat
    • Contract management SLAs

    *Pricing correct as of November 2022. Listed in USD and absent discounts.
    See pricing on vendor’s website for latest information.

    Summary of AccomplishmentSuccessful selection of a CSM tool

    In this trends and buyer’s guide for CSM tool selection, we engaged in several activities to:

    1. Contextualize the CSM technology marketspace.
    2. Engage in a selection process for CSM tools.

    The result:

    • Understanding of key trends and differentiating features in the CSM marketspace.
    • Determination of your organization’s customer service maturity (and thus if a standalone CSM tool is relevant).
    • Identification of high-value use cases that CSM tools should successfully enable.
    • Evaluation of major vendors in the CSM marketspace to discover the best-fitting provider.
    • Procurement items to finalize selection process.

    If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation

    Contact your account representative for more information.
    workshops@infotech.com
    1-888-670-8889

    Related Info-Tech Research

    Governance and Management of Enterprise Software Implementation

    • Being Agile will increase the likelihood of success.

    The Rapid Application Selection Framework

    • Application selection is a critical activity for IT departments. Implement a repeatable, data-driven approach that accelerates application selection efforts.

    Build a Strong Technology Foundation for Customer Experience Management

    • Design an end-to-end technology strategy to drive sales revenue, enhance marketing effectiveness, and create compelling experiences for your customers.

    Bibliography

    Capers, Zach. “How the Pandemic Changed Customer Attitudes Toward Biometric Technology.” GetApp, 21 Feb. 2022. Accessed Nov. 2022.

    Gomez, Jenny. “The Good, the Bad, and the Ugly: A History of Customer Service.” Lucidworks, 15 Jul. 2021. Accessed Nov. 2022.

    Hoory. “History of Customer Service: How Did It All Begin?” Hoory, 24 Mar. 2022. Accessed Nov. 2022.

    Patel, Snigdha. “Top 10 Customer Service Technology Trends to Follow in 2022.” Reve Chat, 21 Feb. 2021. Accessed Nov. 2022.

    RingCentral. “The 2020 Customer Communications Review: A Survey of How Consumers Prefer to Communicate with Businesses.” RingCentral, 2020. Accessed Nov. 2022.

    Robinson-Yu, Sarah. “What is a Knowledgebase? How Can It Help my Business?” Vanilla, 25 Feb. 2022. Accessed Nov. 2022.

    Salesforce. “The Complete History of CRM.” Salesforce, n.d. Accessed Nov. 2022.

    Salesforce. “State of the Connected Customer.” 5th ed. Salesforce, 2022. Accessed Nov. 2022.

    Sprinklr. “How AzkoNobel UK Reduced Response Times and Increased Engagement.” Sprinklr, 2021. Accessed Nov. 2022.

    Vermes, Krystle. “Study: 70% of Marketers Using Advanced Personalization Seeing 200% ROI.” KoMarketing, 2 Jun. 2020. Accessed Nov. 2022.

    Research Contributors and Experts

    Colin Taylor, CEO, The Taylor Research Group

    Colin Taylor
    CEO
    The Taylor Reach Group

    Recognized as one of the leading contact/call center pioneers and experts, Colin has received 30 awards on two continents for excellence in contact center management and has been acknowledged as a leader and influencer on the topics of call/contact centers, customer service, and customer experience, in published rankings on Huffington Post, Call Center Helper, and MindShift. Colin was recognized as number 6 in the global 100 for customer service.

    The Taylor Reach Group is a contact center, call center and customer experience (CX) consultancy specializing in CX consulting and call and contact center consulting, management, performance, technologies, site selection, tools, training development and center leadership training, center audits, benchmarking, and assessments.

    David Thomas, Customer Service Specialist, Freedom Mobile

    David Thomas
    Customer Service Specialist
    Freedom Mobile

    David Thomas has both managerial and hands-on experience with delivering quality service to Freedom Mobile customers. With several years being involved in training customer support and being at the forefront of retail during the pandemic, David has witnessed first-hand how to incentivize staff with the right metrics that create positive experiences for both staff and customers.

    Freedom Mobile Inc. is a Canadian wireless telecommunications provider owned by Shaw Communications. It has 6% market share of Canada, mostly in urban areas of Ontario, British Columbia, and Alberta. Freedom Mobile is the fourth-largest wireless carrier in Canada.

    A special thanks to three other anonymous contributors, all based in customer support and contact center roles for Canada’s National Park Booking Systems’ software provider.

    Define Your Cloud Vision

    • Buy Link or Shortcode: {j2store}448|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $182,333 Average $ Saved
    • member rating average days saved: 28 Average Days Saved
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy

    The cloud permeates the enterprise technology discussion. It can be difficult to separate the hype from the value. Should everything go to the cloud, or is that sentiment stoked by vendors looking to boost their bottom lines? Not everything should go to the cloud, but coming up with a systematic way to determine what belongs where is increasingly difficult as offerings get more complex.

    Our Advice

    Critical Insight

    Don’t think about the cloud as an inevitable next step for all workloads. The cloud is merely another tool in the toolbox, ready to be used when appropriate and put away when it’s not needed. Cloud-first isn’t always the way to go.

    Impact and Result

    • Evaluate workloads’ suitability for the cloud using Info-Tech’s methodology to select the optimal migration (or non-migration) path based on the value of cloud characteristics.
    • Codify risks tied to workloads’ cloud suitability and plan mitigations.
    • Build a roadmap of initiatives for actions by workload and risk mitigation.
    • Define a cloud vision to share with stakeholders.

    Define Your Cloud Vision Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define Your Cloud Vision – A step-by-step guide to generating, validating, and formalizing your cloud vision.

    The cloud vision storyboard walks readers through the process of generating, validating and formalizing a cloud vision, providing a framework and tools to assess workloads for their cloud suitability and risk.

    • Define Your Cloud Vision – Phases 1-4

    2. Cloud Vision Executive Presentation – A document that captures the results of the exercises, articulating use cases for cloud/non-cloud, risks, challenges, and high-level initiative items.

    The executive summary captures the results of the vision exercise, including decision criteria for moving to the cloud, risks, roadblocks, and mitigations.

    • Cloud Vision Executive Presentation

    3. Cloud Vision Workbook – A tool that facilitates the assessment of workloads for appropriate service model, delivery model, support model, and risks and roadblocks.

    The cloud vision workbook comprises several assessments that will help you understand what service model, delivery model, support model, and risks and roadblocks you can expect to encounter at the workload level.

    • Cloud Vision Workbook
    [infographic]

    Workshop: Define Your Cloud Vision

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Cloud

    The Purpose

    Align organizational goals to cloud characteristics.

    Key Benefits Achieved

    An understanding of how the characteristics particular to cloud can support organizational goals.

    Activities

    1.1 Generate corporate goals and cloud drivers.

    1.2 Identify success indicators.

    1.3 Explore cloud characteristics.

    1.4 Explore cloud service and delivery models.

    1.5 Define cloud support models and strategy components.

    1.6 Create state summaries for the different service and delivery models.

    1.7 Select workloads for further analysis.

    Outputs

    Corporate cloud goals and drivers

    Success indicators

    Current state summaries

    List of workloads for further analysis

    2 Assess Workloads

    The Purpose

    Evaluate workloads for cloud value and action plan.

    Key Benefits Achieved

    Action plan for each workload.

    Activities

    2.1 Conduct workload assessment using the Cloud Strategy Workbook tool.

    2.2 Discuss assessments and make preliminary determinations about the workloads.

    Outputs

    Completed workload assessments

    Workload summary statements

    3 Identify and Mitigate Risks

    The Purpose

    Identify and plan to mitigate potential risks in the cloud project.

    Key Benefits Achieved

    A list of potential risks and plans to mitigate them.

    Activities

    3.1 Generate a list of risks and potential roadblocks associated with the cloud.

    3.2 Sort risks and roadblocks and define categories.

    3.3 Identify mitigations for each identified risk and roadblock

    3.4 Generate initiatives from the mitigations.

    Outputs

    List of risks and roadblocks, categorized

    List of mitigations

    List of initiatives

    4 Bridge the Gap and Create the Strategy

    The Purpose

    Clarify your vision of how the organization can best make use of cloud and build a project roadmap.

    Key Benefits Achieved

    A clear vision and a concrete action plan to move forward with the project.

    Activities

    4.1 Review and assign work items.

    4.2 Finalize the decision framework for each of the following areas: service model, delivery model, and support model.

    4.3 Create a cloud vision statement

    Outputs

    Cloud roadmap

    Finalized task list

    Formal cloud decision rubric

    Cloud vision statement

    5 Next Steps and Wrap-Up

    The Purpose

    Complete your cloud vision by building a compelling executive-facing presentation.

    Key Benefits Achieved

    Simple, straightforward communication of your cloud vision to key stakeholders.

    Activities

    5.1 Build the Cloud Vision Executive Presentation

    Outputs

    Completed cloud strategy executive presentation

    Completed Cloud Vision Workbook.

    Further reading

    Define Your Cloud Vision

    Define your cloud vision before it defines you

    Analyst perspective

    Use the cloud’s strengths. Mitigate its weaknesses.

    The cloud isn’t magic. It’s not necessarily cheaper, better, or even available for the thing you want it to do. It’s not mysterious or a cure-all, and it does take a bit of effort to systematize your approach and make consistent, defensible decisions about your cloud services. That’s where this blueprint comes in.

    Your cloud vision is the culmination of this effort all boiled down into a single statement: “This is how we want to use the cloud.” That simple statement should, of course, be representative of – and built from – a broader, contextual strategy discussion that answers the following questions: What should go to the cloud? What kind of cloud makes sense? Should the cloud deployment be public, private, or hybrid? What does a migration look like? What risks and roadblocks need to be considered when exploring your cloud migration options? What are the “day 2” activities that you will need to undertake after you’ve gotten the ball rolling?

    Taken as a whole, answering these questions is difficult task. But with the framework provided here, it’s as easy as – well, let’s just say it’s easier.

    Jeremy Roberts

    Research Director, Infrastructure and Operations

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • You are both extrinsically motivated to move to the cloud (e.g. by vendors) and intrinsically motivated by internal digital transformation initiatives.
    • You need to define the cloud’s true value proposition for your organization without assuming it is an outsourcing opportunity or will save you money.
    • Your industry, once cloud-averse, is now normalizing the use of cloud services, but you have not established a basic cloud vision from which to develop a strategy at a later point.

    Common Obstacles

    • Organizations jump to the cloud before defining their cloud vision and without any clear plan for realizing the cloud’s benefits.
    • Many organizations have a foot in the cloud already, but these decisions have been made in an ad hoc rather than systematic fashion.
    • You lack a consistent framework to assess your workloads’ suitability for the cloud.

    Info-Tech's Approach

    • Evaluate workloads’ suitability for the cloud using Info-Tech’s methodology to select the optimal migration (or non-migration) path based on the value of cloud characteristics.
    • Codify risks tied to workloads’ cloud suitability and plan mitigations.
    • Build a roadmap of initiatives for actions by workload and risk mitigation.
    • Define a cloud vision to share with stakeholders.

    Info-Tech Insight: 1) Base migration decisions on cloud characteristics. If your justification for the migration is simply getting your workload out of the data center, think again. 2) Address the risks up front in your migration plan. 3) The cloud changes roles and calls for different skill sets, but Ops is here to stay.

    Your challenge

    This research is designed to help organizations who need to:

    • Identify workloads that are good candidates for the cloud.
    • Develop a consistent, cost-effective approach to cloud services.
    • Outline and mitigate risks.
    • Define your organization’s cloud archetype.
    • Map initiatives on a roadmap.
    • Communicate your cloud vision to stakeholders so they can understand the reasons behind a cloud decision and differentiate between different cloud service and deployment models.
    • Understand the risks, roadblocks, and limitations of the cloud.

    “We’re moving from a world where companies like Oracle and Microsoft and HP and Dell were all critically important to a world where Microsoft is still important, but Amazon is now really important, and Google also matters. The technology has changed, but most of the major vendors they’re betting their business on have also changed. And that’s super hard for people..” –David Chappell, Author and Speaker

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • Organizations jump to the cloud before defining their cloud vision and without any clear plan for realizing the cloud’s benefits.
    • Many organizations already have a foot in the cloud, but the choice to explore these solutions was made in an ad hoc rather than systematic fashion. The cloud just sort of happened.
    • The lack of a consistent assessment framework means that some workloads that probably belong in the cloud are kept on premises or with hosted services providers – and vice versa.
    • Securing cloud expertise is remarkably difficult – especially in a labor market roiled by the global pandemic and the increasing importance of cloud services.

    Standard cloud challenges

    30% of all cloud spend is self-reported as waste. Many workloads that end up in the cloud don’t belong there. Many workloads that do belong in the cloud aren’t properly migrated. (Flexera, 2021)

    44% of respondents report themselves as under-skilled in the cloud management space. (Pluralsight, 2021)

    Info-Tech’s approach

    Goals and drivers

    • Service model
      • What type of cloud makes the most sense for workload archetypes? When does it make sense to pick SaaS over IaaS, for example?
    • Delivery model
      • Will services be delivered over the public cloud, a private cloud, or a hybrid cloud? What challenges accompany this decision?
    • Migration Path
      • What does the migration path look like? What does the transition to the cloud look like, and how much effort will be required? Amazon’s 6Rs framework captures migration options: rehosting, repurchasing, replatforming, and refactoring, along with retaining and retiring. Each workload should be assessed for its suitability for one or more of these paths.
    • Support model
      • How will services be provided? Will staff be trained, new staff hired, a service provider retained for ongoing operations, or will a consultant with cloud expertise be brought on board for a defined period? The appropriate support model is highly dependent on goals along with expected outcomes for different workloads.

    Highlight risks and roadblocks

    Formalize cloud vision

    Document your cloud strategy

    The Info-Tech difference:

    1. Determine the hypothesized value of cloud for your organization.
    2. Evaluate workloads with 6Rs framework.
    3. Identify and mitigate risks.
    4. Identify cloud archetype.
    5. Plot initiatives on a roadmap.
    6. Write action plan statement and goal statement.

    What is the cloud, how is it deployed, and how is service provided?

    Cloud Characteristics

    1. On-demand self-service: the ability to access reosurces instantly without vendor interaction
    2. Broad network access: all services delivered over the network
    3. Resource pooling: multi-tenant environment (shared)
    4. Rapid elasticity: the ability to expand and retract capabilities as needed
    5. Measured service: transparent metering

    Service Model:

    1. Software-as-a-Service: all but the most minor configuration is done by the vendor
    2. Platform-as-a-Service: customer builds the application using tools provided by the provider
    3. Infrastructure-as-a-Service: the customer manages OS, storage, and the application

    Delivery Model

    1. Public cloud: accessible to anyone over the internet; multi-tenant environment
    2. Private cloud: provisioned for a single organization with multiple units
    3. Hybrid cloud: two or more connected clouds; data is portage across them
    4. Community cloud: provisioned for a specific group of organizations

    (National Institute of Standards and Technology)

    A workload-first approach will allow you to take full advantage of the cloud’s strengths

    • Under all but the most exceptional circumstances, good cloud strategies will incorporate different service models. Very few organizations are “IaaS shops” or “SaaS shops,” even if they lean heavily in one direction.
    • These different service models (including non-cloud options like colocation and on-premises infrastructure) each have different strengths. Part of your cloud strategy should involve determining which of the services makes the most sense for you.
    • Own the cloud by understanding which cloud (or non-cloud!) offering makes the most sense for you given your unique context.

    Migration paths

    In a 2016 blog post, Amazon introduced a framework for understanding cloud migration strategies. The framework presented here is slightly modified – including a “relocate” component rather than a “retire” component – but otherwise hews close to the standard.

    These migration paths reflect organizational capabilities and desired outcomes in terms of service models – cloud or otherwise. Retention means keeping the workload where it is, in a datacenter or a colocation service, or relocating to a colocation or hosted software environment. These represent the “non-cloud” migration paths.

    In the graphic on the right, the paths within the red box lead to the cloud. Rehosting means lifting and shifting to an infrastructure environment. Migrating a virtual machine from your VMware environment on premises to Azure Virtual machines is a quick way to realize some benefits from the cloud. Migrating from SQL Server on premises to a cloud-based SQL solution looks a bit more like changing platforms (replatforming). It involves basic infrastructure modification without a substantial architectural component.

    Refactoring is the most expensive of the options and involves engaging the software development lifecycle to build a custom solution, fundamentally rewriting the solution to be cloud native and take advantage of cloud-native architectures. This can result in a PaaS or an IaaS solution.

    Finally, repurchasing means simply going to market and procuring a new solution. This may involve migrating data, but it does not require the migration of components.

    Migration Paths

    Retain (Revisit)

    • Keep the application in its current form, at least for now. This doesn’t preclude revisiting it in the future.

    Relocate

    • Move the workload between datacenters or to a hosted software/colocation provider.

    Rehost

    • Move the application to the cloud (IaaS) and continue to run it in more or less the same form as it currently runs.

    Replatform

    • Move the application to the cloud and perform a few changes for cloud optimizations.

    Refactor

    • Rewrite the application, taking advantage of cloud-native architectures.

    Repurchase

    • Replace with an alternative, cloud-native application and migrate the data.

    Support model

    Support models by characteristic

    Duration of engagement Specialization Flexibility
    Internal IT Indefinite Varies based on nature of business Fixed, permanent staff
    Managed Service Provider Contractually defined General, some specialization Standard offering
    Consultant Project-based Specific, domain-based Entirely negotiable

    IT services, including cloud services, can be delivered and managed in multiple ways depending on the nature of the workload and the organization’s intended path forward. Three high-level options are presented here and may be more or less valuable based on the duration of the expected engagement with the service (temporary or permanent), the skills specialization required, and the flexibility necessary to complete the job.

    By way of example, a highly technical, short-term project with significant flexibility requirements might be a good fit for an expensive consultant, whereas post-implementation maintenance of a cloud email system requires relatively little specialization and flexibility and would therefore be a better fit for internal management.

    There is no universally applicable rule here, but there are some workloads that are generally a good fit for the cloud and others that are not as effective, with that fit being conditional on the appropriate support model being employed.

    Risks, roadblocks, and strategy components

    No two cloud strategies are exactly alike, but all should address 14 key areas. A key step in defining your cloud vision is an assessment of these strategy components. Lower maturity does not preclude an aggressive cloud strategy, but it does indicate that higher effort will be required to make the transition.

    Component Description Component Description
    Monitoring What will system owners/administrators need visibility into? How will they achieve this? Vendor Management What practices must change to ensure effective management of cloud vendors?
    Provisioning Who will be responsible for deploying cloud workloads? What governance will this process be subject to? Finance Management How will costs be managed with the transition away from capital expenditure?
    Migration How will cloud migrations be conducted? What best practices/standards must be employed? Security What steps must be taken to ensure that cloud services meet security requirements?
    Operations management What is the process for managing operations as they change in the cloud? Data Controls How will data residency, compliance, and protection requirements be met in the cloud?
    Architecture What general principles must apply in the cloud environment? Skills and roles What skills become necessary in the cloud? What steps must be taken to acquire those skills?
    Integration and interoperability How will services be integrated? What standards must apply? Culture and adoption Is there a cultural aversion to the cloud? What steps must be taken to ensure broad cloud acceptance?
    Portfolio Management Who will be responsible for managing the growth of the cloud portfolio? Governing bodies What formal governance must be put in place? Who will be responsible for setting standards?

    Cloud archetypes – a cloud vision component

    Once you understand the value of the cloud, your workloads’ general suitability for cloud, and your proposed risks and mitigations, the next step is to define your cloud archetype.

    Your organization’s cloud archetype is the strategic posture that IT adopts to best support the organization’s goals. Info-Tech’s model recognizes seven archetypes, divided into three high-level archetypes.

    After consultation with your stakeholders, and based on the results of the suitability and risk assessment activities, define your archetype. The archetype feeds into the overall cloud vision and provides simple insight into the cloud future state for all stakeholders.

    The cloud vision itself is captured in a “vision statement,” a short summary of the overall approach that includes the overall cloud archetype.

    We can best support the organization's goals by:

    More Cloud

    Less Cloud

    Cloud Focused Cloud-Centric Providing all workloads through cloud delivery.
    Cloud-First Using the cloud as our default deployment model. For each workload, we should ask “why NOT cloud?”
    Cloud Opportunistic Hybrid Enabling the ability to transition seamlessly between on-premises and cloud resources for many workloads.
    Integrated Combining cloud and traditional infrastructure resources, integrating data and applications through APIs or middleware.
    Split Using the cloud for some workloads and traditional infrastructure resources for others.
    Cloud Averse Cloud-Light Using traditional infrastructure resources and limiting our use of the cloud to when it is absolutely necessary.
    Anti-Cloud Using traditional infrastructure resources and avoiding use of the cloud wherever possible.

    Info-Tech’s methodology for defining your cloud vision

    1. Understand the Cloud 2. Assess Workloads 3. Identify and Mitigate Risks 4. Bridge the Gap and Create the Vision
    Phase Steps
    1. Generate goals and drivers
    2. Explore cloud characteristics
    3. Create a current state summary
    4. Select workloads for analysis
    1. Conduct workload assessments
    2. Determine workload future state
    1. Generate risks and roadblocks
    2. Mitigate risks and roadblocks
    3. Define roadmap initiatives
    1. Review and assign work items
    2. Finalize cloud decision framework
    3. Create cloud vision
    Phase Outcomes
    1. List of goals and drivers
    2. Shared understanding of cloud terms
    3. Current state of cloud in the organization
    4. List of workloads to be assessed
    1. Completed workload assessments
    2. Defined workload future state
    1. List of risks and roadblocks
    2. List of mitigations
    3. Defined roadmap initiatives
    1. Cloud roadmap
    2. Cloud decision framework
    3. Completed Cloud Vision Executive Presentation

    Insight summary

    The cloud may not be right for you – and that’s okay!

    Don’t think about the cloud as an inevitable next step for all workloads. The cloud is merely another tool in the toolbox, ready to be used when appropriate and put away when it’s not needed. Cloud first isn’t always the way to go.

    Not all clouds are equal

    It’s not “should I go to the cloud?” but “what service and delivery models make sense based on my needs and risk tolerance?” Thinking about the cloud as a binary can force workloads into the cloud that don’t belong (and vice versa).

    Bottom-up is best

    A workload assessment is the only way to truly understand the cloud’s value. Work from the bottom up, not the top down, understand what characteristics make a workload cloud suitable, and strategize on that basis.

    Your accountability doesn’t change

    You are still accountable for maintaining available, secure, functional applications and services. Cloud providers share some responsibility, but the buck stops where it always has: with you.

    Don’t customize for the sake of customization

    SaaS providers make money selling the same thing to everyone. When migrating a workload to SaaS, work with stakeholders to pursue standardization around a selected platform and avoid customization where possible.

    Best of both worlds, worst of both worlds

    Hybrid clouds are in fashion, but true hybridity comes with additional cost, administration, and other constraints. A convoy moves at the speed of its slowest member.

    The journey matters as much as the destination

    How you get there is as important as what “there” actually is. Any strategy that focuses solely on the destination misses out on a key part of the value conversation: the migration strategy.

    Blueprint benefits

    Cloud Vision Executive Presentation

    This presentation captures the results of the exercises and presents a complete vision to stakeholders including a desired target state, a rubric for decision making, the results of the workload assessments, and an overall risk profile.

    Cloud Vision Workbook

    This workbook includes the standard cloud workload assessment questionnaire along with the results of the assessment. It also includes the milestone timeline for the implementation of the cloud vision.

    Blueprint benefits

    IT Benefits

    • A consistent approach to the cloud takes the guesswork out of deployment decisions and makes it easier for IT to move on to the execution stage.
    • When properly incorporated, cloud services come with many benefits, including automation, elasticity, and alternative architectures (micro-services, containers). The cloud vision project will help IT readers articulate expected benefits and work towards achieving them.
    • A clear framework for incorporating organizational goals into cloud plans.

    Business benefits

    • Simple, well-governed access to high-quality IT resources.
    • Access to the latest and greatest in technology to facilitate remote work.
    • Framework for cost management in the cloud that incorporates OpEx and chargebacks/showbacks. A clear understanding of expected changes to cost modeling is also a benefit of a cloud vision.
    • Clarity for stakeholders about IT’s response (and contribution to) IT strategic initiatives.

    Measure the value of this blueprint

    Don’t take our word for it:

    • The cloud vision material in various forms has been offered for several years, and members have generally benefited substantially, both from cloud vision workshops and from guided implementations led by analysts.
    • After each engagement, we send a survey that asks members how they benefited from the experience. Of 30 responses, the cloud vision research has received an average score of 9.8/10. Real members have found significant value in the process.
    • Additionally, members reported saving between 2 and 120 days (for an average of 17), and financial savings ranged from $1,920 all the way up to $1.27 million, for an average of $170,577.90! If we drop outliers on both ends, the average reported value of a cloud vision engagement is $37, 613.
    • Measure the value by calculating the time saved from using Info-Tech’s framework vs. a home-brewed cloud strategy alternative and by comparing the overall cost of a guided implementation or workshop with the equivalent offering from another firm. We’re confident you’ll come out ahead.

    9.8/10 Average reported satisfaction

    17 Days Average reported time savings

    $37, 613 Average cost savings (adj.)

    Executive Brief Case Study

    Industry: Financial

    Source: Info-Tech workshop

    Anonymous financial institution

    A small East Coast financial institution was required to develop a cloud strategy. This strategy had to meet several important requirements, including alignment with strategic priorities and best practices, along with regulatory compliance, including with the Office of the Comptroller of the Currency.

    The bank already had a significant cloud footprint and was looking to organize and formalize the strategy going forward.

    Leadership needed a comprehensive strategy that touched on key areas including the delivery model, service models, individual workload assessments, cost management, risk management and governance. The output had to be consumable by a variety of audiences with varying levels of technical expertise and had to speak to IT’s role in the broader strategic goals articulated earlier in the year.

    Results

    The bank engaged Info-Tech for a cloud vision workshop and worked through four days of exercises with various IT team members. The bank ultimately decided on a multi-cloud strategy that prioritized SaaS while also allowing for PaaS and IaaS solutions, along with some non-cloud hosted solutions, based on organizational circumstances.

    Bank cloud vision

    [Bank] will provide innovative financial and related services by taking advantage of the multiplicity of best-of-breed solutions available in the cloud. These solutions make it possible to benefit from industry-level innovations, while ensuring efficiency, redundancy, and enhanced security.

    Bank cloud decision workflow

    • SaaS
      • Platform?
        • Yes
          • PaaS
        • No
          • Hosted
        • IaaS
          • Other

    Non-cloud

    Cloud

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this crticial project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off imediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge the take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Phase 1

    • Call #1: Discuss current state, challenges, etc.
    • Call #2: Goals, drivers, and current state.

    Phase 2

    • Call #3: Conduct cloud suitability assessment for selected workloads.

    Phase 3

    • Call #4: Generate and categorize risks.
    • Call #5: Begin the risk mitigation conversation.

    Phase 4

    • Call #6: Complete the risk mitigation process
    • Call #7: Finalize vision statement and cloud decision framework.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Offsite day
    Understand the cloud Assess workloads Identify and mitigate risks Bridge the gap and create the strategy Next steps and wrap-up (offsite)
    Activities

    1.1 Introduction

    1.2 Generate corporate goals and cloud drivers

    1.3 Identify success indicators

    1.4 Explore cloud characteristics

    1.5 Explore cloud service and delivery models

    1.6 Define cloud support models and strategy components

    1.7 Create current state summaries for the different service and delivery models

    1.8 Select workloads for further analysis

    2.1 Conduct workload assessments using the cloud strategy workbook tool

    2.2 Discuss assessments and make preliminary determinations about workloads

    3.1 Generate a list of risks and potential roadblocks associated with the cloud

    3.2 Sort risks and roadblocks and define categories

    3.3 Identify mitigations for each identified risk and roadblock

    3.4 Generate initiatives from the mitigations

    4.1 Review and assign work items

    4.2 Finalize the decision framework for each of the following areas:

    • Service model
    • Delivery model
    • Support model

    4.3 Create a cloud vision statement

    5.1 Build the Cloud Vision Executive Presentation
    Deliverables
    1. Corporate goals and cloud drivers
    2. Success indicators
    3. Current state summaries
    4. List of workloads for further analysis
    1. Completed workload assessments
    2. Workload summary statements
    1. List of risks and roadblocks, categorized
    2. List of mitigations
    3. List of initiatives
    1. Finalized task list
    2. Formal cloud decision rubric
    3. Cloud vision statement
    1. Completed cloud strategy executive presentation
    2. Completed cloud vision workbook

    Understand the cloud

    Build the foundations of your cloud vision

    Phase 1

    Phase 1

    Understand the Cloud

    Phase 1

    1.1 Generate goals and drivers

    1.2 Explore cloud characteristics

    1.3 Create a current state summary

    1.4 Select workloads for analysis

    Phase 2

    2.1 Conduct workload assessments

    2.2 Determine workload future states

    Phase 3

    3.1 Generate risks and roadblocks

    3.2 Mitigate risks and roadblocks

    3.3 Define roadmap initiatives

    Phase 4

    4.1 Review and assign work items

    4.2 Finalize cloud decision framework

    4.3 Create cloud vision

    This phase will walk you through the following activities:

    1.1.1 Generate organizational goals

    1.1.2 Define cloud drivers

    1.1.3 Define success indicators

    1.3.1 Record your current state

    1.4.1 Select workloads for further assessment

    This phase involves the following participants:

    IT management, the core working group, security, infrastructure, operations, architecture, engineering, applications, non-IT stakeholders.

    It starts with shared understanding

    Stakeholders must agree on overall goals and what “cloud” means

    The cloud is a nebulous term that can reasonably describe services ranging from infrastructure as a service as delivered by providers like Amazon Web Services and Microsoft through its Azure platform, right up to software as a service solutions like Jira or Salesforce. These solutions solve different problems – just because your CRM would be a good fit for a migration to Salesforce doesn’t mean the same system would make sense in Azure or AWS.

    This is important because the language we use to talk about the cloud can color our approach to cloud services. A “cloud-first” strategy will mean something different to a CEO with a concept of the cloud rooted in Salesforce than it will to a system administrator who interprets it to mean a transition to cloud-hosted virtual machines.

    Add to this the fact that not all cloud services are hosted externally by providers (public clouds) and the fact that multiple delivery models can be engaged at once through hybrid or multi-cloud approaches, and it’s apparent that a shared understanding of the cloud is necessary for a coherent strategy to take form.

    This phase proceeds in four steps, each governed by the principle of shared understanding. The first requires a shared understanding of corporate goals and drivers. Step 2 involves coming to a shared understanding of the cloud’s unique characteristics. Step 3 requires a review of the current state. Finally, in Step 4, participants will identify workloads that are suitable for analysis as candidates for the cloud.

    Step 1.1

    Generate goals and drivers

    Activities

    1.1.1 Define organizational goals

    1.1.2 Define cloud drivers

    1.1.3 Define success indicators

    Generate goals and drivers

    Explore cloud characteristics

    Create a current state summary

    Select workloads for analysis

    This step involves the following participants:

    • IT management
    • Core working group
    • Security
    • Applications
    • Infrastructure
    • Service management
    • Leadership

    Outcomes of this step

    • List of organizational goals
    • List of cloud drivers
    • Defined success indicators

    What can the cloud do for you?

    The cloud is not valuable for its own sake, and not all users derive the same value

    • The cloud is characterized by on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Any or all of those characteristics might be enough to make the cloud appealing, but in most cases, there is an overriding driver.
    • Multiple paths may lead to the cloud. Consider an organization with a need to control costs by showing back to business units, or perhaps by reducing capital expenditure – the cloud may be the most appropriate way to effect these changes. Conversely, an organization expanding rapidly and with a need to access the latest and greatest technology might benefit from the elasticity and pooled resources that major cloud providers can offer.
    • In these cases, the destination might be the same (a cloud solution) but the delivery model – public, private, or hybrid – and the decisions made around the key strategy components, including architecture, provisioning, and cost management, will almost certainly be different.
    • Defining goals, understanding cloud drivers, and – crucially – understanding what success means, are all therefore essential elements of the cloud vision process.

    1.1.1 Generate organizational goals

    1-3 hours

    Input

    • Strategy documentation

    Output

    • Organizational goals

    Materials

    • Whiteboard (digital/physical)

    Participants

    • IT leadership
    • Infrastructure
    • Applications
    • Security
    1. As a group, brainstorm organizational goals, ideally based on existing documentation
      • Review relevant corporate and IT strategies.
      • If you do not have access to internal documentation, review the standard goals on the next slide and select those that are most relevant for you.
    2. Record the most important business goals in the Cloud Vision Executive Presentation. Include descriptions where possible to ensure wide readability.
    3. Make note of these goals. They should inform the answers to prompts offered in the Cloud Vision Workbook and should be a consistent presence in the remainder of the visioning exercise. If you’re conducting the session in person, leave the goals up on a whiteboard and make reference to them throughout the workshop.

    Cloud Vision Executive Presentation

    Standard COBIT 19 enterprise goals

    1. Portfolio of competitive products and services
    2. Managed business risk
    3. Compliance with external laws and regulations
    4. Quality of financial information
    5. Customer-oriented service culture
    6. Business service continuity and availability
    7. Quality of management information
    8. Optimization of internal business process functionality
    9. Optimization of business process costs
    10. Staff skills, motivation, and productivity
    11. Compliance with internal policies
    12. Managed digital transformation programs
    13. Product and business innovation

    1.1.2 Define cloud drivers

    30-60 minutes

    Input

    • Organizational goals
    • Strategy documentation
    • Management/staff perspective

    Output

    • List of cloud drivers

    Materials

    • Sticky notes
    • Whiteboard
    • Markers

    Participants

    • IT leadership
    • Infrastructure
    • Applications
    • Security
    1. Cloud drivers sit at a level of abstraction below organizational goals. Keeping your organizational goals in mind, have each participant in the session write down how they expect to benefit from the cloud on a sticky note.
    2. Solicit input one at a time and group similar responses. Encourage participants to bring forward their cloud goals even if similar goals have been mentioned previously. The number of mentions is a useful way to gauge the relative weight of the drivers.
    3. Once this is done, you should have a few groups of similar drivers. Work with the group to name each category. This name will be the driver reported in the documentation.
    4. Input the results of the exercise into the Cloud Vision Executive Presentation, and include descriptions based on the constituent drivers. For example, if a driver is titled “do more valuable work,” the constituent drivers might be “build cloud skills,” “focus on core products,” and “avoid administration work where possible.” The description would be based on these components.

    Cloud Vision Executive Presentation

    1.1.3 Define success indicators

    1 hour

    Input

    • Cloud drivers
    • Organizational goals

    Output

    • List of cloud driver success indicators

    Materials

    • Whiteboard
    • Markers

    Participants

    • IT leadership
    • Infrastructure
    • Applications
    • Security
    1. On a whiteboard, draw a table with each of the cloud drivers (identified in 1.1.2) across the top.
    2. Work collectively to generate success indicators for each cloud driver. In this case, a success indicator is some way you can report your progress with the stated driver. It is a real-world proxy for the sometimes abstract phenomena that make up your drivers. Think about what would be true if your driver was realized.
      1. For example, if your driver is “faster access to resources,” you might consider indicators like developer satisfaction, project completion time, average time to provision, etc.
    3. Once you are satisfied with your list of indicators, populate the slide in the Cloud Vision Executive Presentation for validation from stakeholders.

    Cloud Vision Executive Presentation

    Step 1.2

    Explore cloud characteristics

    Activities

    Understand the value of the cloud:

    • Review delivery models
    • Review support models
    • Review service models
    • Review migration paths

    Understand the Cloud

    Generate goals and drivers

    Explore cloud characteristics

    Create a current state summary

    Select workloads for analysis

    This step involves the following participants:

    • Core working group
    • Architecture
    • Engineering
    • Security

    Outcomes of this step

    • Understanding of cloud service models and value

    Defining the cloud

    Per NIST, the cloud has five fundamental characteristics. All clouds have these characteristics, even if they are executed in somewhat different ways between delivery models, service models, and even individual providers.

    Cloud characteristics

    On-demand self-service

    Cloud customers are capable of provisioning cloud resources without human interaction (e.g. contacting sales), generally through a web console.

    Broad network access

    Capabilities are designed to be delivered over a network and are generally intended for access by a wide variety of platform types (cloud services are generally device-agnostic).

    Resource pooling

    Multiple customers (internal, in the case of private clouds) make use of a highly abstracted shared infrastructure managed by the cloud provider.

    Rapid elasticity

    Customers are capable of provisioning additional resources as required, pulling from a functionally infinite pool of capacity. Cloud resources can be spun-down when no longer needed.

    Measured service

    Consumption is metered based on an appropriate unit of analysis (number of licenses, storage used, compute cycles, etc.) and billing is transparent and granular.

    Cloud delivery models

    The NIST definition of cloud computing outlines four cloud delivery models: public, private, hybrid, and community clouds. A community cloud is like a private cloud, but it is provisioned for the exclusive use of a like-minded group of organizations, usually in a mutually beneficial, non-competitive arrangement. Universities and hospitals are examples of organizations that can pool their resources in this way without impacting competitiveness. The Info-Tech model covers three key delivery models – public, private, and hybrid, and an overarching model (multi-cloud) that can comprise more than one of the other models – public + public, public + hybrid, etc.

    Public

    The cloud service is provisioned for access by the general public (customers).

    Private

    A private cloud has the five key characteristics, but is provisioned for use by a single entity, like a company or organization.

    Hybrid

    Hybridity essentially refers to interoperability between multiple cloud delivery models (public +private).

    Multi

    A multi-cloud deployment requires only that multiple clouds are used without any necessary interoperability (Nutanix, 2019).

    Public cloud

    This is what people generally think about when they talk about cloud

    • The public cloud is, well, public! Anyone can make use of its resources, and in the case of the major providers, capacity is functionally unlimited. Need to store exabytes of data in the cloud? No problem! Amazon will drive a modified shipping container to your datacenter, load it up, and “migrate” it to a datacenter.
    • Public clouds offer significant variety on the infrastructure side. Major IaaS providers, like Microsoft and Amazon, offer dozens of services across many different categories including compute, networking, and storage, but also identity, containers, machine learning, virtual desktops, and much, much more. (See a list from Microsoft here, and Amazon here)
    • There are undoubtedly strengths to the public cloud model. Providers offer the “latest and greatest” and customers need not worry about the details, including managing infrastructure and physical locations. Providers offer built-in redundancy, multi-regional deployments, automation tools, management and governance solutions, and a variety of leading-edge technologies that would not be feasible for organizations to run in-house, like high performance compute, blockchain, or quantum computing.
    • Of course, the public cloud is not all sunshine and rainbows – there are downsides as well. It can be expensive; it can introduce regulatory complications to have to trust another entity with your key information. Additionally, there can be performance hiccups, and with SaaS products, it can be difficult to monitor at the appropriate (per-transaction) level.

    Prominent examples include:

    AWS

    Microsoft

    Azure

    Salesforce.com

    Workday

    SAP

    Private cloud

    A lower-risk cloud for cloud-averse customers?

    • A cloud is a cloud, no matter how small. Some IT shops deploy private clouds that make use of the five key cloud characteristics but provisioned for the exclusive use of a single entity, like a corporation.
    • Private clouds have numerous benefits. Some potential cloud customers might be uncomfortable with the shared responsibility that is inherent in the public cloud. Private clouds allow customers to deliver flexible, measured services without having to surrender control, but they require significant overhead, capital expenditure, administrative effort, and technical expertise.
    • According to the 2021 State of the Cloud Report, private cloud use is common, and the most frequently cited toolset is VMware vSphere, followed by Azure Stack, OpenStack, and AWS Outposts. Private cloud deployments are more common in larger organizations, which makes sense given the overhead required to manage such an environment.

    Private cloud adoption

    The images shows a graph titled Private Cloud Adoption for Enterprises. It is a horizontal bar graph, with three segments in each bar: dark blue marking currently use; mid blue marking experimenting; and light blue marking plan to use.

    VMware and Microsoft lead the pack among private cloud customers, with Amazon and Red Hat also substantially present across private cloud environments.

    Hybrid cloud

    The best of both worlds?

    Hybrid cloud architectures combine multiple cloud delivery models and facilitate some level of interoperability. NIST suggests bursting and load balancing as examples of hybrid cloud use cases. Note: it is not sufficient to simply have multiple clouds running in parallel – there must be a toolset that allows for an element of cross-cloud functionality.

    This delivery model is attractive because it allows users to take advantage of the strengths of multiple service models using a single management pane. Bursting across clouds to take advantage of additional capacity or disaster recovery capabilities are two obvious use cases that appeal to hybrid cloud users.

    But while hybridity is all the rage (especially given the impact Covid-19 has had on the workplace), the reality is that any hybrid cloud user must take the good with the bad. Multiple clouds and a management layer can be technically complex, expensive, and require maintaining a physical infrastructure that is not especially valuable (“I thought we were moving to the cloud to get out of the datacenter!”).

    Before selecting a hybrid approach through services like VMware Cloud on AWS or Microsoft’s Azure Stack, consider the cost, complexity, and actual expected benefit.

    Amazon, Microsoft, and Google dominate public cloud IaaS, but IBM is betting big on hybrid cloud:

    The image is a screencap of a tweet from IBM News. The tweet reads: IBM CEO Ginni Rometty: Hybrid cloud is a trillion dollar market and we'll be number one #Think2019.

    With its acquisition of Red Hat in 2019 for $34 billion, Big Blue put its money where its mouth is and acquired a substantial hybrid cloud business. At the time of the acquisition, Red Hat’s CEO, Jim Whitehurst, spoke about the benefit IBM expected to receive:

    “Joining forces with IBM gives Red Hat the opportunity to bring more open source innovation to an even broader range of organizations and will enable us to scale to meet the need for hybrid cloud solutions that deliver true choice and agility” (Red Hat, 2019).

    Multi-cloud

    For most organizations, the multi-cloud is the most realistic option.

    Multi-cloud is popular!

    The image shows a graph titled Multi-Cloud Architectures Used, % of all Respondents. The largest percentage is Apps siloed on different clouds, followed by DAta integration between clouds.

    Multi-cloud solutions exist at a different layer of abstraction from public, private, and even hybrid cloud delivery models. A multi-cloud architecture, as the name suggests, requires the user to be a customer of more than one cloud provider, and it can certainly include a hybrid cloud deployment, but it is not bound by the same rules of interoperability.

    Many organizations – especially those with fewer resources or a lack of a use case for a private cloud – rely on a multi-cloud architecture to build applications where they belong, and they manage each environment separately (or occasionally with the help of cloud management platforms).

    If your data team wants to work in AWS and your enterprise services run on basic virtual machines in Azure, that might be the most effective architecture. As the Flexera 2021 State of the Cloud Report suggests, this architecture is far more common than the more complicated bursting or brokering architectures characteristic of hybrid clouds.

    NIST cloud service models

    Software as a service

    SaaS has exploded in popularity with consumers who wish to avail themselves of the cloud’s benefits without having to manage underlying infrastructure components. SaaS is simple, generally billed per-user per-month, and is almost entirely provider-managed.

    Platform as a service

    PaaS providers offer a toolset for their customers to run custom applications and services without the requirement to manage underlying infrastructure components. This service model is ideal for custom applications/services that don’t benefit from highly granular infrastructure control.

    Infrastructure as a service

    IaaS represents the sale of components. Instead of a service, IaaS providers sell access to components, like compute, storage, and networking, allowing for customers to build anything they want on top of the providers’ infrastructure.

    Cloud service models

    • This research focuses on five key service models, each of which has its own strengths and weaknesses. Moving right from “on-prem,” customers gradually give up more control over their environments to cloud service providers.
    • An entirely premises-based environment means that the customer is responsible for everything ranging from the dirt under the datacenter to application-level configurations. Conversely, in a SaaS environment, the provider is responsible for everything but those top-level application configurations.
    • A managed service provider or other third party can manage any or of the components of the infrastructure stack. A service provider may, for example, build a SaaS solution on top of another provider’s IaaS, or might offer configuration assistance with a commercially available SaaS.

    Info-Tech Insight

    Not all workloads fit well in the cloud. Many environments will mix service models (e.g. SaaS for some workloads, some in IaaS, some on-premises), and this can be perfectly effective. It must be consistent and intentional, however.

    On-prem Co-Lo IaaS PaaS SaaS
    Application Application Application Application Application
    Database Database Database Database Database
    Runtime/ Middleware Runtime/ Middleware Runtime/ Middleware Runtime/ Middleware Runtime/ Middleware
    OS OS OS OS OS
    Hypervisor Hypervisor Hypervisor Hypervisor Hypervisor
    Server Network Storage Server Network Storage Server Network Storage Server Network Storage Server Network Storage
    Facilities Facilities Facilities Facilities Facilities

    Organization has control

    Organization or vendor may control

    Vendor has control

    Analytics folly

    SaaS is good, but it’s not a panacea

    Industry: Healthcare

    Source: Info-Tech workshop

    Situation

    A healthcare analytics provider had already moved a significant number of “non-core workloads” to the cloud, including email, HRIS, and related services.

    The company CEO was satisfied with the reduced effort required by IT to manage SaaS-based workloads and sought to extend the same benefits to the core analytics platform where there was an opportunity to reduce overhead.

    Complication

    Many components of the health analytics service were designed to run specifically in a datacenter and were not ready to be migrated to the cloud without significant effort/refactoring. SaaS was not an option because this was a core platform – a SaaS provider would have been the competition.

    That left IaaS, which was expensive and would not bring the expected benefits (reduced overhead).

    Results

    The organization determined that there were no short-term gains from migrating to the cloud. Due to the nature of the application (its extensive customization, the fact that it was a core product sold by the company) any steps to reduce operational overhead were not feasible.

    The CEO recognized that the analytics platform was not a good candidate for the cloud and what distinguished the analytics platform from more suitable workloads.

    Migration paths

    In a 2016 blog post, Amazon Web Services articulated a framework for cloud migration that incorporates elements of the journey as well as the destination. If workload owners do not choose to retain or retire their workloads, there are four alternatives. These alternatives all stack up differently along five key dimensions:

    1. Value: does the workload stand to benefit from unique cloud characteristics? To what degree?
    2. Effort: how much work would be required to make the transition?
    3. Cost: how much money is the migration expected to cost?
    4. Time: how long will the migration take?
    5. Skills: what skills must be brought to bear to complete the migration?

    Not all migration paths can lead to all destinations. Rehosting generally means IaaS, while repurchasing leads to SaaS. Refactoring and replatforming have some variety of outcomes, and it becomes possible to take advantage of new IaaS architectures or migrate workloads over fully to SaaS.

    As part of the workload assessment process, use the five dimensions (expanded upon on the next slide) to determine what migration path makes sense. Preferred migration paths form an important part of the overall cloud vision process.

    Retain (Revisit)

    • Keep the application in its current form, at least for now. This doesn’t preclude revisiting it in the future.

    Retire

    • Get rid of the application completely.

    Rehost

    • Move the application to the cloud (IaaS) and continue to run it in more or less the same form as it currently runs.

    Replatform

    • Move the application to the cloud and perform a few changes for cloud optimizations.

    Refactor

    • Rewrite the application, taking advantage of cloud native architectures.

    Repurchase

    • Replace with an alternative, cloud-native application and migrate the data.

    Migration paths – relative value

    Migration path Value Effort Cost Time Skills
    Retain No real change in the absolute value of the workload if it is retained. No effort beyond ongoing workload maintenance. No immediate hard dollar costs, but opportunity costs and technical debt abound. No time required! (At least not right away…) Retaining requires the same skills it has always required (which may be more difficult to acquire in the future).
    Rehire A retired workload can provide no value, but it is not a drain! Spinning a service down requires engaging that part of the lifecycle. N/A Retiring the service may be simple or complicated depending on its current role. N/A
    Rehost Some value comes with rehosting, but generally components stay the same (VM here vs. a VM there). Minimal effort required, especially with automated tools. The effort will depend on the environment being migrated. Relatively cheap compared to other options. Rehosting infrastructure is the simplest cloud migration path and is useful for anyone in a hurry. Rehosting is the simplest cloud migration path for most workloads, but it does require basic familiarity with cloud IaaS.

    Replatform

    Replatformed workloads can take advantage of cloud-native services (SQL vs. SQLaaS). Replatforming is more effortful than rehosting, but less effortful than refactoring. Moderate cost – does not require fundamental rearchitecture, just some tweaking. Relatively more complicated than a simple rehost, but less demanding than a refactor. Platform and workload expertise is required; more substantial than a simple rehost.
    Refactor A fully formed, customized cloud-based workload that can take advantage of cloud-native architectures is generally quite valuable. Significant effort required based on the requirement to engage the full SDLC. Significant cost required to engage SDLC and rebuild the application/service. The most complicated and time-consuming. The most complicated and time-consuming.
    Repurchase Repurchasing is the quickest way to achieve cloud-native value. There are compromises, however (high cost, vendor-lock-in). Repurchasing is the quickest way to achieve cloud-native value. There are compromises, however (high cost, vendor-lock-in). Repurchasing is the quickest way to achieve cloud-native value. There are compromises, however (high cost, vendor-lock-in). Configuration – especially for massive projects – can be time consuming, but in general repurchasing can be quite fast. Buying software does require knowledge of requirements and integrations, but is otherwise quite simple.

    Where should you get your cloud skills?

    Cloud skills are certainly top of mind right now. With the great upheaval in both work patterns and in the labor market more generally, expertise in cloud-related areas is simultaneously more valuable and more difficult to procure. According to Pluralsight’s 2021 “State of Upskilling” report, 44% of respondents report themselves under-skilled in the cloud management area, making cloud management the most significant skill gap reported on the survey.

    Everyone left the office. Work as we know it is fundamentally altered for a generation or more. Cloud services shot up in popularity by enabling the transition. And yet there is a gap – a prominent gap – in skilling up for this critically important future. What is the cloud manager to do?

    Per the framework presented here, that manager has three essential options. They may take somewhat different forms depending on specific requirements and the quirks of the local market, but the options are:

    1. Train or hire internal resources: This might be easier said than done, especially for more niche skills, but makes sense for workloads that are critical to operations for the long term.
    2. Engage a managed service provider: MSPs are often engaged to manage services where internal IT lacks bandwidth or expertise.
    3. Hire a consultant: Consultants are great for time-bound implementation projects where highly specific expertise is required, such as a migration or implementation project.

    Each model makes sense to some degree. When evaluating individual workloads for cloud suitability, it is critical to consider the support model – both immediate and long term. What makes sense from a value perspective?

    Cloud decisions – summary

    A key component of the Info-Tech cloud vision model is that it is multi-layered. Not every decision must be made at every level. At the workload level, it makes sense to select service models that make sense, but each workload does not need its own defined vision. Workload-level decisions should be guided by an overall strategy but applied tactically, based on individual workload characteristics and circumstances.

    Conversely, some decisions will inevitably be applied at the environment level. With some exceptions, it is unlikely that cloud customers will build an entire private/hybrid cloud environment around a single solution; instead, they will define a broader strategy and fit individual workloads into that strategy.

    Some considerations exist at both the workload and environment levels. Risks and roadblocks, as well as the preferred support model, are concerns that exist at both the environment level and at the workload level.

    The image is a Venn diagram, with the left side titled Workload level, and the right side titled Environment Level. In the left section are: service model and migration path. On the right section are: Overall vision and Delivery model. In the centre section are: support model and Risks and roadblocks.

    Step 1.3

    Create a current state summary

    Activities

    1.3.1 Record your current state

    Understand the Cloud

    Generate goals and drivers

    Explore cloud characteristics

    Create a current state summary

    Select workloads for analysis

    This step involves the following participants: Core working group

    Outcomes of this step

    • Current state summary of cloud solutions

    1.3.1 Record your current state

    30 minutes

    Input

    • Knowledge of existing cloud workloads

    Output

    • Current state cloud summary for service, delivery, and support models

    Materials

    • Whiteboard

    Participants

    • Core working group
    • Infrastructure team
    • Service owners
    1. On a whiteboard (real or virtual) draw a table with each of the cloud service models across the top. Leave a cell below each to list examples.
    2. Under each service model, record examples present in your environment. The purpose of the exercise is to illustrate the existence of cloud services in your environment or the lack thereof, so there is no need to be exhaustive. Complete this in turn for each service model until you are satisfied that you have created an effective picture of your current cloud SaaS state, IaaS state, etc.
    3. Input the results into their own slide titled “current state summary” in the Cloud Vision Executive Presentation.
    4. Repeat for the cloud delivery models and support models and include the results of those exercises as well.
    5. Create a short summary statement (“We are primarily a public cloud consumer with a large SaaS footprint and minimal presence in PaaS and IaaS. We retain an MSP to manage our hosted telephony solution; otherwise, everything is handled in house.”

    Cloud Vision Executive Presentation

    Step 1.4

    Select workloads for current analysis

    Activities

    1.4.1 Select workloads for assessment

    This step involves the following participants:

    • Core working group

    Outcomes of this step

    • List of workloads for assessment

    Understand the cloud

    Generate goals and drivers

    Explore cloud characteristics

    Create a current state summary

    Select workloads for analysis

    1.4.1 Select workloads for assessment

    30 minutes

    Input

    • Knowledge of existing cloud workloads

    Output

    • List of workloads to be assessed

    Materials

    • Whiteboard
    • Cloud Vision Workbook

    Participants

    • Core working group
    • IT management
    1. In many cases, the cloud project is inspired by a desire to move a particular workload or set of workloads. Solicit feedback from the core working group about what these workloads might be. Ask everyone in the meeting to suggest a workload and record each one on a sticky note or white board (virtual or physical).
    2. Discuss the results with the group and begin grouping similar workloads together. They will be subject to the assessments in the Cloud Vision Workbook, so try to avoid selecting too many workloads that will produce similar answers. It might not be obvious, but try to think about workloads that have similar usage patterns, risk levels, and performance requirements, and select a representative group.
    3. You should embrace counterintuition by selecting a workload that you think is unlikely to be a good fit for the cloud if you can and subjecting it to the assessment as well for validation purposes.
    4. When you have a list of 4-6 workloads, record them on tab 2 of the Cloud Vision Workbook.

    Cloud Vision Workbook

    Assess your cloud workloads

    Build the foundations of your cloud vision

    Phase 2

    Phase 2

    Evaluate Cloud Workloads

    Phase 1

    1.1 Generate goals and drivers

    1.2 Explore cloud characteristics

    1.3 Create a current state summary

    1.4 Select workloads for analysis

    Phase 2

    2.1 Conduct workload assessments

    2.2 Determine workload future states

    Phase 3

    3.1 Generate risks and roadblocks

    3.2 Mitigate risks and roadblocks

    3.3 Define roadmap initiatives

    Phase 4

    4.1 Review and assign work items

    4.2 Finalize cloud decision framework

    4.3 Create cloud vision

    This phase will walk you through the following activities:

    • Conduct workload assessments
    • Determine workload future state

    This phase involves the following participants:

    • Subject matter experts
    • Core working group
    • IT management

    Define Your Cloud Vision

    Work from the bottom up and assess your workloads

    A workload-first approach will help you create a realistic vision.

    The concept of a cloud vision should unquestionably be informed by the nature of the workloads that IT is expected to provide for the wider organization. The overall cloud vision is no greater than the sum of its parts. You cannot migrate to the cloud in the abstract. Workloads need to go – and not all workloads are equally suitable for the transition.

    It is therefore imperative to understand which workloads are a good fit for the cloud, which cloud service models make the most sense, how to execute the migration, what support should look like, and what risks and roadblocks you are likely to encounter as part of the process.

    That’s where the Cloud Vision Workbook comes into play. You can use this tool to assess as many workloads as you’d like – most people get the idea after about four – and by the end of the exercise, you should have a pretty good idea about where your workloads belong, and you’ll have a tool to assess any net new or previously unconsidered workloads.

    It’s not so much about the results of the assessment – though these are undeniably important – but about the learnings gleaned from the collaborative assessment exercise. While you can certainly fill out the assessment without any additional input, this exercise is most effective when completed as part of a group.

    Introducing the Cloud Vision Workbook

    • The Cloud Vision Workbook is an Excel tool that answers the age old question: “What should I do with my workloads?”
    • It is divided into eight tabs, each of which offers unique value. Start by reading the introduction and inputting your list of workloads. Work your way through tabs 3-6, completing the suitability, migration, management, and risk and roadblock assessments, and review the results on tab 7.
    • If you choose to go through the full battery of assessments for each workload, expect to answer and weight 111 unique questions across the four assessments. This is an intensive exercise, so carefully consider which assessments are valuable to you, and what workloads you have time to assess.
    • Tab 8 hosts the milestone timeline and captures the results of the phase 3 risk and mitigation exercise.

    Understand Cloud Vision Workbook outputs

    The image shows a graphic with several graphs and lists on it, with sections highlighted with notes. At the top, there's the title Database with the note Workload title (populated from tab 2). Below that, there is a graph with the note Relative suitability of the five service models. The Risks and roadblocks section includes the note: The strategy components – the risks and roadblocks – are captured relative to one another to highlight key focus areas. To the left of that, there is a Notes section with the note Notes populated based on post-assessment discussion. At the bottom, there is a section titled Where should skills be procured?, with the note The radar diagram captures the recommended support model relative to the others (MSP, consultant, internal IT). To the right of that, there is a section titled Migration path, with the note that Ordered list of migration paths. Note: a disconnect here with the suggested service model may indicate an unrealistic goal state.

    Step 2.1

    Conduct workload assessments

    Activities

    2.1.1 Conduct workload assessments

    2.1.2 Interpret your results

    Phase Title

    Conduct workload assessments

    Determine workload future state

    This step involves the following participants:

    • Core working group
    • Workload subject matter experts

    Outcomes of this step

    • Completed workload assessments

    2.1.1 Conduct workload assessments

    2 hours per workload

    Input

    • List of workloads to be assessed

    Output

    • Completed cloud vision assessments

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    • Service owners/workload SMEs
    1. The Cloud Vision Workbook is your one stop shop for all things workload assessment. Open the tool to tab 2 and review the workloads you identified at the end of phase 1. Ensure that these are correct. Once satisfied, project the tool (virtually, if necessary) so that all participants can see the assessment questions.
    2. Work through tabs 3-6, answering the questions and assigning a multiplier for each one. A higher multiplier increases the relative weight of the question, giving it a greater impact on the overall outcome.
    3. Do your best to induce participants to offer opinions. Consensus is not absolutely necessary, but it is a good goal. Ask your participants if they agree with initial responses and occasionally take the opposite position (“I’m surprised you said agree – I would have thought we didn’t care about CapEx vs. OpEx”). Stimulate discussion.
    4. Highlight any questions that you will need to return to or run by someone not present. Include a placeholder answer, as the tool requires all cells to be filled for computation.

    Cloud Vision Workbook

    2.1.2 Interpret your results

    10 minutes

    Input

    • Completed cloud vision assessments

    Output

    • Shared understanding of implications

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    • Service owners/workload SMEs
    1. Once you’ve completed all 111 questions for each workload, you can review your results on tab 7. On tab 7, you will see four populated graphics: cloud suitability, migration path, “where should skills be procured?”, and risks and roadblocks. These represent the components of the overall cloud vision that you will present to stakeholders.
    2. The “cloud suitability” chart captures the service model that the assessment judges to be most suitable for the workload. Ask those present if any are surprised by the output. If there is any disagreement, discuss the source of the surprise and what a more realistic outcome would be. Revisit the assessment if necessary.
    3. Conduct a similar exercise with each of the other outputs. Does it make sense to refactor the workload based on its cloud suitability? Does the fact that we scored so highly on the “consultant” support model indicate something about how we handle upskilling internally? Does the profile of risks and roadblocks identified here align with expectations? What should be ranked higher? What about lower?
    4. Once everyone is generally satisfied with the results, close the tool and take a break! You’ve earned it.

    Cloud Vision Workbook

    Understand the cloud strategy components

    Each cloud strategy will take a slightly different form, but all should contain echoes of each of these components. This process will help you define your vision and direction, but you will need to take steps to execute on that vision. The remainder of the cloud strategy, covered in the related blueprint Document Your Cloud Strategy comprises these fourteen topics divided across three categories: people, governance, and technology. The workload assessment covers these under risks and roadblocks and highlights areas that may require specific additional attention. When interpreting the results, think of these areas as comprising things that you will need to do to make your vision a reality.

    People

    • Skills and roles
    • Culture and adoption
    • Governing bodies

    Governance

    • Architecture
    • Integration and interoperability
    • Operations management
    • Cloud portfolio management
    • Cloud vendor management
    • Finance management
    • Security
    • Data controls

    Technology

    • Monitoring
    • Provisioning
    • Migration

    Strategy component: People

    People form the core of any good strategy. As part of your cloud vision, you will need to understand the implications a cloud transition will have on your staff and users, whether those users are internal or external.

    Component Description Challenges
    Skills and roles The move to the cloud will require staff to learn how to handle new technology and new operational processes. The cloud is a different way of procuring IT resources and may require the definition of new roles to handle things like cost management and provisioning. Staff may not have the necessary experience to migrate to a cloud environment or to effectively manage resources once the cloud transition is made. Cloud skills are difficult to hire for, and with the ever-changing nature of the platforms themselves, this shows no sign of abating. Redefining roles can also be politically challenging and should be done with due care and consideration.
    Culture and adoption If you build it, they will come…right? It is not always the case that a new service immediately attracts users. Ensuring that organizational culture aligns with the cloud vision is a critical success factor. Equally important is ensuring that cloud resources are used as intended. Those unfamiliar with cloud resources may be less willing to learn to use them. If alternatives exist (e.g. a legacy service that has not been shut down), or if those detractors are influential, this resistance may impede your cloud execution. Also, if the cloud transition involves significant effort or a fundamental rework (e.g. a DevOps transition) this role redefinition could cause some internal turmoil.
    Governing bodies A large-scale cloud deployment requires formal governance. Formal governance requires a governing body that is ultimately responsible for designing the said governance. This could take the form of a “center of excellence” or may rest with a single cloud architect in a smaller, less complicated environment. Governance is difficult. Defining responsibilities in a way that includes all relevant stakeholders without paralyzing the decision-making process is difficult. Implementing suggestions is a challenge. Navigating the changing nature of service provision (who can provision their own instances or assign licenses?) can be difficult as well. All these concerns must be addressed in a cloud strategy.

    Strategy component: Governance

    Without guardrails, the cloud deployment will grow organically. This has strengths (people tend to adopt solutions that they select and deploy themselves), but these are more than balanced out by the drawbacks that come with inconsistency, poor administration, duplication of services, suboptimal costing, and any number of other unique challenges. The solution is to develop and deploy governance. The following list captures some of the necessary governance-related components of a cloud strategy.

    Component Description Challenges
    Architecture Enterprise architecture is an important function in any environment with more than one interacting workload component (read: any environment). The cloud strategy should include an approach to defining and implementing a standard cloud architecture and should assign responsibility to an individual or group. Sometimes the cloud transition is inspired by the desire to rearchitect. The necessary skills and knowledge may not be readily available to design and transition to a microservices-based environment, for example, vs. a traditional monolithic application architecture. The appropriateness of a serverless environment may not be well understood, and it may be the case that architects are unfamiliar with cloud best practices and reference architectures.
    Integration and interoperability Many services are only highly functional when integrated with other services. What is a database without its front-end? What is an analytics platform without its data lake? For the cloud vision to be properly implemented, a strategy for handling integration and interoperability must be developed. It may be as simple as “all SaaS apps must be compatible with Okta” but it must be there. Migration to the cloud may require a fundamentally new approach to integration, moving away from a point-to-point integrations and towards an ESB or data lake. In many cases, this is easier said than done. Centralization of management may be appealing, but legacy applications – or those acquired informally in a one-off fashion – might not be so easy to integrate into a central management platform.
    Operations management Service management (ITIL processes) must be aligned with your overall cloud strategy. Migrating to the cloud (where applicable) will require refining these processes, including incident, problem, request, change, and configuration management, to make them more suitable for the cloud environment. Operations management doesn’t go away in the cloud, but it does change in line with the transition to shared responsibility. Responding to incidents may be more difficult on the cloud when troubleshooting is a vendor’s responsibility. Change management in a SaaS environment may be more receptive than staff are used to as cloud providers push changes out that cannot be rolled back.

    Strategy component: Governance (cont.)

    Component Description Challenges
    Cloud portfolio management This component refers to the act of managing the portfolio of cloud services that is available to IT and to business users. What requirements must a SaaS service meet to be onboarded into the environment? How do we account for exceptions to our IaaS policy? What about services that are only available from a certain provider? Rationalizing services offers administrative benefits, but may make some tasks more difficult for end users who have learned things a certain way or rely on niche toolsets. Managing access through a service catalog can also be challenging based on buy-in and ongoing administration. It is necessary to develop and implement policy.
    Cloud vendor management Who owns the vendor management function, and what do their duties entail? What contract language must be standard? What does due diligence look like? How should negotiations be conducted? What does a severing of the relationship look like? Cloud service models are generally different from traditional hosted software and even from each other (e.g. SaaS vs. PaaS). There is a bit of a learning curve when it comes to dealing with vendors. Also relevant: the skills that it takes to build and maintain a system are not necessarily the same as those required to coherently interact with a cloud vendor.
    Finance management Cloud services are, by definition, subject to a kind of granular, operational billing that many shops might not be used to. Someone will need to accurately project and allocate costs, while ensuring that services are monitored for cost abnormalities. Cloud cost challenges often relate to overall expense (“the cloud is more expensive than an alternative solution”), expense variability (“I don’t know what my budget needs to be this quarter”), and cost complexity (“I don’t understand what I’m paying for – what’s an Elastic Beanstalk?”).
    Security The cloud is not inherently more or less secure than a premises-based alternative, though the risk profile can be different. Applying appropriate security governance to ensure workloads are compliant with security requirements is an essential component of the strategy.

    Technical security architecture can be a challenge, as well as navigating the shared responsibility that comes with a cloud transition. There are also a plethora of cloud-specific security tools like cloud access security brokers (CASBs), cloud security posture management (CSPM) solutions, and even secure access services edge (SASE) technology.

    Data controls Data residency, classification, quality, and protection are important considerations for any cloud strategy. With cloud providers taking on outsized responsibility, understanding and governing data is essential. Cloud providers like to abstract away from the end user, and while some may be able to guarantee residency, others may not. Additionally, regulations may prevent some data from going to the cloud, and you may need to develop a new organizational backup strategy to account for the cloud.

    Strategy component: Technology

    Good technology will never replace good people and effective process, but it remains important in its own right. A migration that neglects the undeniable technical components of a solid cloud strategy is doomed to mediocrity at best and failure at worst. Understanding the technical implications of the cloud vision – particularly in terms of monitoring, provisioning, and migration – makes all the difference. You can interpret the results of the cloud workload assessments by reviewing the details presented here.

    Component Description Challenges
    Monitoring The cloud must be monitored in line with performance requirements. Staff must ensure that appropriate tools are in place to properly monitor cloud workloads and that they are capturing adequate and relevant data. Defining requirements for monitoring a potentially unfamiliar environment can be difficult, as can consolidating on a monitoring solution that both meets requirements and covers all relevant areas. There may be some upskilling and integration work required to ensure that monitoring works as required.
    Provisioning How will provisioning be done? Who will be responsible for ensuring the right people have access to the right resources? What tooling must be deployed to support provisioning goals? What technical steps must be taken to ensure that the provisioning is as seamless as possible? There is the inevitable challenge of assigning responsibility and accountability in a changing infrastructure and operations environment, especially if the changes are substantial (e.g. a fundamental operating model shift, reoriented around the cloud). Staff may also need to familiarize themselves with cloud-based provisioning tools like Ansible, Terraform, or even CloudFormation.
    Migration The act of migrating is important as well. In some cases, the migration is as simple as configuring the new environment and turning it up (e.g. with a net new SaaS service). In other cases, the migration itself can be a substantial undertaking, involving large amounts of data, a complicated replatforming/refactoring, and/or a significant configuration exercise.

    Not all migration journeys are created equal, and challenges include a general lack of understanding of the requirements of a migration, the techniques that might be necessary to migrate to a particular cloud (there are many) and the disruption/risk associated with moving large amounts of data. All of these challenges must be considered as part of the overall cloud strategy, whether in terms of architectural principles or skill acquisition (or both!).

    Step 2.2

    Determine workload future state

    Activities

    2.2.1 Determine workload future state

    Conduct workload assessments

    Determine workload future state

    This step involves the following participants:

    • IT management
    • Core working group

    Outcomes of this step

    • Completed workload assessments
    • Defined workload future state

    2.2.1 Determine workload future state

    1-3 hours

    Input

    • Completed workload assessments

    Output

    • Preliminary future state outputs

    Materials

    • Cloud Vision Workbook
    • Cloud Vision Executive Presentation

    Participants

    • Core working group
    • Service owners
    • IT management
    1. After you’ve had a chance to validate your results, refer to tab 7 of the tool, where you will find a blank notes section.
    2. With the working group, capture your answers to each of the following questions:
      1. What service model is the most suitable for the workload? Why?
      2. How will we conduct the migration? Which of the six models makes the most sense? Do we have a backup plan if our primary plan doesn’t work out?
      3. What should the support model look like?
      4. What are some workload-specific risks and considerations that must be taken into account for the workload?
    3. Once you’ve got answers to each of these questions for each of the workloads, include your summary in the “notes” section of tab 7.

    Cloud Vision Executive Presentation

    Paste the output into the Cloud Vision Executive Presentation

    • The Cloud Vision Workbook output is a compact, consumable summary of each workload’s planned future state. Paste each assessment in as necessary.
    • There is no absolutely correct way to present the information, but the output is a good place to start. Do note that, while the presentation is designed to lead with the vision statement, because the process is workload-first, the assessments are populated prior to the overall vision in a bottom-up manner.
    • Be sure to anticipate the questions you are likely to receive from any stakeholders. You may consider preparing for questions like: “What other workloads fit this profile?” “What do we expect the impact on the budget to be?” “How long will this take?” Keep these and other questions in mind as you progress through the vision definition process.

    The image shows the Cloud Vision Workbook output, which was described in an annotated version in an earlier section.

    Info-Tech Insight

    Keep your audience in mind. You may want to include some additional context in the presentation if the results are going to be presented to non-technical stakeholders or those who are not familiar with the terms or how to interpret the outputs.

    Identify and Mitigate Risks

    Build the foundations of your cloud vision

    PHASE 3

    Phase 3

    Identify and Mitigate Risks

    Phase 1

    1.1 Generate goals and drivers

    1.2 Explore cloud characteristics

    1.3 Create a current state summary

    1.4 Select workloads for analysis

    Phase 2

    2.1 Conduct workload assessments

    2.2 Determine workload future states

    Phase 3

    3.1 Generate risks and roadblocks

    3.2 Mitigate risks and roadblocks

    3.3 Define roadmap initiatives

    Phase 4

    4.1 Review and assign work items

    4.2 Finalize cloud decision framework

    4.3 Create cloud vision

    This phase will walk you through the following activities:

    • Generate risks and roadblocks
    • Mitigate risks and roadblocks
    • Define roadmap initiatives

    This phase involves the following participants:

    • Core working group
    • Workload subject matter experts

    You know what you want to do, but what do you have to do?

    What questions remain unanswered?

    There are workload-level risks and roadblocks, and there are environment-level risks. This phase is focused primarily on environment-level risks and roadblocks, or those that are likely to span multiple workloads (but this is not hard and fast rule – anything that you deem worth discussing is worth discussing). The framework here calls for an open forum where all stakeholders – technical and non-technical, pro-cloud and anti-cloud, management and individual contributor – have an opportunity to articulate their concerns, however specific or general, and receive feedback and possible mitigation.

    Start by soliciting feedback. You can do this over time or in a single session. Encourage anyone with an opinion to share it. Focus on those who are likely to have a perspective that will become relevant at some point during the creation of the cloud strategy and the execution of any migration. Explain the preliminary direction; highlight any major changes that you foresee. Remind participants that you are not looking for solutions (yet), but that you want to make sure you hear any and every concern as early as possible. You will get feedback and it will all be valuable.

    Before cutting your participants loose, remind them that, as with all business decisions, the cloud comes with trade-offs. Not everyone will have every wish fulfilled, and in some cases, significant effort may be needed to get around a roadblock, risks may need to be accepted, and workloads that looked like promising candidates for one service model or another may not be able to realize that potential. This is a normal and expected part of the cloud vision process.

    Once the risks and roadblocks conversation is complete, it is the core working group’s job to propose and validate mitigations. Not every risk can be completely resolved, but the cloud has been around for decades – chances are someone else has faced a similar challenge and made it through relatively unscathed. That work will inevitably result in initiatives for immediate execution. Those initiatives will form the core of the initiative roadmap that accompanies the completed Cloud Vision Executive Presentation.

    Step 3.1

    Generate risks and roadblocks

    Activities

    3.1.1 Generate risks and roadblocks

    3.1.2 Generate mitigations

    Identify and mitigate risks

    Generate risks and roadblocks

    Mitigate risks and roadblocks

    Define roadmap initiatives

    This step involves the following participants:

    • Core working group
    • IT management
    • Infrastructure
    • Applications
    • Security
    • Architecture

    Outcomes of this step

    • List of risks and roadblocks

    Understand risks and roadblocks

    Risk

    • Something that could potentially go wrong.
    • You can respond to risks by mitigating them:
      • Eliminate: take action to prevent the risk from causing issues.
      • Reduce: take action to minimize the likelihood/severity of the risk.
      • Transfer: shift responsibility for the risk away from IT, towards another division of the company.
      • Accept: where the likelihood or severity is low, it may be prudent to accept that the risk could come to fruition.

    Roadblock

    • There are things that aren’t “risks” that we care about when migrating to the cloud.
    • We know, for example, that a complicated integration situation will create work items for any migration – this is not an “unknown.”
    • We respond to roadblocks by generating work items.

    3.1.1 Generate risks and roadblocks

    1.5 hours

    Input

    • Completed cloud vision assessments

    Output

    • List of risks and roadblocks

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Core working group
    • Service owners/workload SMEs
    • Anyone with concerns about the cloud
    1. Gather your core working group – and really anyone with an intelligent opinion on the cloud – into a single meeting space. Give the group 5-10 minutes to list anything they think could present a difficulty in transitioning workloads to the cloud. Write each risk/roadblock on its own sticky note. You will never be 100% exhaustive, but don’t let anything your users care about go unaddressed.
    2. Once everyone has had time to write down their risks and roadblocks, have everyone share one by one. Make sure you get them all. Overlap in risks and roadblocks is okay! Group similar concerns together to give a sort of heat map of what your participants are concerned about. (This is called “affinity diagramming.”)
    3. Assign names to these categories. Many of these categories will align with the strategy components discussed in the previous phase (governance, security, etc.) but some will be specific whether by nature or by degree.
    4. Sort each of the individual risks into its respective category, collapsing any exact duplicates, and leaving room for notes and mitigations (see the next slide for a visual).

    Understand risks and roadblocks

    The image is two columns--on the left, the column is titled Affinity Diagramming. Below the title, there are many colored blocks, randomly arranged. There is an arrow pointing right, to the same coloured blocks, now sorted by colour. In the right column--titled Categorization--each colour has been assigned a category, with subcategories.

    Step 3.2

    Mitigate risks and roadblocks

    Activities

    3.2.1 Generate mitigations

    Identify and mitigate risks

    Generate risks and roadblocks

    Mitigate risks and roadblocks

    Define roadmap initiatives

    This step involves the following participants:

    • Core working group

    Outcomes of this step

    • List of mitigations

    Is the public cloud less secure?

    This is the key risk-related question that most cloud customers will have to answer at some point: does migrating to the cloud for some services increase their exposure and create a security problem?

    As with all good questions, the answer is “it depends.” But what does it depend on? Consider these cloud risks and potential mitigations:

    1. Misconfiguration: An error grants access to unauthorized parties (as happened to Capital One in 2019). This can be mitigated by careful configuration management and third-party tooling.
    2. Unauthorized access by cloud provider/partner employees: Though rare, it is possible that a cloud provider or partner can be a vector for a breach. Careful contract language, choosing to own your own encryption keys, and a hybrid approach (storing data on-premises) are some possible ways to address this problem.
    3. Unauthorized access to systems: Cloud services are designed to be accessed from anywhere and may be accessed by malicious actors. Possible mitigations include risk-based conditional access, careful identity access management, and logging and detection.

    “The cloud is definitely more secure in that you have much more control, you have much more security tooling, much more visibility, and much more automation. So it is more secure. The caveat is that there is more risk. It is easier to accidentally expose data in the cloud than it is on-premises, but, especially for security, the amount of tooling and visibility you get in cloud is much more than anything we’ve had in our careers on-premises, and that’s why I think cloud in general is more secure.” –Abdul Kittana, Founder, ASecureCloud

    Breach bests bank

    No cloud provider can protect against every misconfiguration

    Industry: Finance

    Source: The New York Times, CNET

    Background

    Capital One is a major Amazon Web Services customer and is even featured on Amazon’s site as a case study. That case study emphasizes the bank’s commitment to the cloud and highlights how central security and compliance were. From the CTO: “Before we moved a single workload, we engaged groups from across the company to build a risk framework for the cloud that met the same high bar for security and compliance that we meet in our on-premises environments. AWS worked with us every step of the way.”

    Complication

    The cloud migration was humming along until July 2019, when the bank suffered a serious breach at the hands of a hacker. That hacker was able to steal millions of credit card applications and hundreds of thousands of Social Security numbers, bank account numbers, and Canadian social insurance numbers.

    According to investigators and to AWS, the breach was caused by an open reverse proxy attack against a misconfigured web app firewall, not by an underlying vulnerability in the cloud infrastructure.

    Results

    Capital One reported that the breach was expected to cost it $150 million, and AWS fervently denied any blame. The US Senate got involved, as did national media, and Capital One’s CEO issued a public apology, writing, “I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right.”

    It was a bad few months for IT at Capital One.

    3.2.1 Generate mitigations

    3-4.5 hours

    Input

    • Completed cloud vision assessments

    Output

    • List of risks and roadblocks

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Core working group
    • Service owners/workload SMEs
    • Anyone with concerns about the cloud
    1. Recall the four mitigation strategies: eliminate, reduce, transfer, or accept. Keep these in mind as you work through the list of risks and roadblocks with the core working group. For every individual risk or roadblock raised in the initial generation session, suggest a specific mitigation. If the concern is “SaaS providers having access to confidential information,” a mitigation might be encryption, specific contract language, or proof of certifications (or all the above).
    2. Work through this for each of the risks and roadblocks, identifying the steps you need to take that would satisfy your requirements as you understand them.
    3. Once you have gone through the whole list – ideally with input from SMEs in particular areas like security, engineering, and compliance/legal – populate the Cloud Vision Workbook (tab 8) with the risks, roadblocks, and mitigations (sorted by category). Review tab 8 for an example of the output of this exercise.

    Cloud Vision Workbook

    Cloud Vision Workbook – mitigations

    The image shows a large chart titled Risks, roadblocks, and mitigations, which has been annotated with notes.

    Step 3.3

    Define roadmap initiatives

    Activities

    3.3.1 Generate roadmap initiatives

    Identify and mitigate risks

    Generate risks and roadblocks

    Mitigate risks and roadblocks

    Define roadmap initiatives

    This step involves the following participants:

    • Core working group

    Outcomes of this step

    • Defined roadmap initiatives

    3.3.1 Generate roadmap initiatives

    1 hour

    Input

    • List of risk and roadblock mitigations

    Output

    • List of cloud initiatives

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    1. Executing on your cloud vision will likely require you to undertake some key initiatives, many of which have already been identified as part of your mitigation exercise. On tab 8 of the Cloud Vision Workbook, review the mitigations you created in response to the risks and roadblocks identified. Initiatives should generally be assignable to a party and should have a defined scope/duration. For example, “assess all net new applications for cloud suitability” might not be counted as an initiative, but “design a cloud application assessment” would likely be.
    2. Design a timeline appropriate for your specific needs. Generally short-term (less than 3 months), medium-term (3-6 months), and long-term (greater than 6 months) will work, but this is entirely based on preference.
    3. Review and validate the parameters with the working group. Consider creating additional color-coding (highlighting certain tasks that might be dependent on a decision or have ongoing components).

    Cloud Vision Workbook

    Bridge the gap and create the vision

    Build the foundations of your cloud vision

    Phase 4

    Phase 4

    Bridge the Gap and Create the Vision

    Phase 1

    1.1 Generate goals and drivers

    1.2 Explore cloud characteristics

    1.3 Create a current state summary

    1.4 Select workloads for analysis

    Phase 2

    2.1 Conduct workload assessments

    2.2 Determine workload future states

    Phase 3

    3.1 Generate risks and roadblocks

    3.2 Mitigate risks and roadblocks

    3.3 Define roadmap initiatives

    Phase 4

    4.1 Review and assign work items

    4.2 Finalize cloud decision framework

    4.3 Create cloud vision

    This phase will walk you through the following activities:

    • Assign initiatives and propose timelines
    • Build a delivery model rubric
    • Build a service model rubric
    • Built a support model rubric
    • Create a cloud vision statement
    • Map cloud workloads
    • Complete the Cloud Vision presentation

    This phase involves the following participants:

    • IT management, the core working group, security, infrastructure, operations, architecture, engineering, applications, non-IT stakeholders

    Step 4.1

    Review and assign work items

    Activities

    4.1.1 Assign initiatives and propose timelines

    Bridge the gap and create the vision

    Review and assign work items

    Finalize cloud decision framework

    Create cloud vision

    This step involves the following participants:

    • Core working group
    • IT management

    Outcomes of this step

    • Populated cloud vision roadmap

    4.1.1 Assign initiatives and propose timelines

    1 hour

    Input

    • List of cloud initiatives

    Output

    • Initiatives assigned by responsibility and timeline

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    1. Once the list is populated, begin assigning responsibility for execution. This is not a RACI exercise, so focus on the functional responsibility. Once you have determined who is responsible, assign a timeline and include any notes. This will form the basis of a more formal project plan.
    2. To assign the initiative to a party, consider 1) who will be responsible for execution and 2) if that responsibility will be shared. Be as specific as possible, but be sure to be consistent to make it easier for you to sort responsibility later on.
    3. When assigning timelines, we suggest including the end date (when you expect the project to be complete) rather than the start date, though whatever you choose, be sure to be consistent. Make use of the notes column to record anything that you think any other readers will need to be aware of in the future, or details that may not be possible to commit to memory.

    Cloud Vision Workbook

    Step 4.2

    Finalize cloud decision framework

    Activities

    4.2.1 Build a delivery model rubric

    4.2.2 Build a service model rubric

    4.2.3 Build a support model rubric

    Bridge the gap and create the vision

    Review and assign work items

    Finalize cloud decision framework

    Create cloud vision

    This step involves the following participants:

    • Core working group

    Outcomes of this step

    • Cloud decision framework

    4.2.1 Build a delivery model rubric

    1 hour

    Input

    • List of cloud initiatives

    Output

    • Initiatives assigned by responsibility and timeline

    Materials

    Participants

    • Core working group
    1. Now that we have a good understanding of the cloud’s key characteristics, the relative suitability of different workloads for the cloud, and a good understanding of some of the risks and roadblocks that may need to be overcome if a cloud transition is to take place, it is time to formalize a delivery model rubric. Start by listing the delivery models on a white board vertically – public, private, hybrid, and multi-cloud. Include a community cloud option as well if that is feasible for you. Strike any models that do not figure into your vision.
    2. Create a table style rubric for each delivery model. Confer with the working group to determine what characteristics best define workloads suitable for each model. If you have a hybrid cloud option, you may consider workloads that are highly dynamic; a private cloud hosted on-premises may be more suitable for workloads that have extensive regulatory requirements.
    3. Once the table is complete, include it in the Cloud Vision Executive Presentation.

    Cloud Vision Executive Presentation

    Vision for the cloud future state (example)

    Delivery model Decision criteria
    Public cloud
    • Public cloud is the primary destination for all workloads as the goal is to eliminate facilities and infrastructure management
    • Offers features, broad accessibility, and managed updates along with provider-managed facilities and hardware
    Legacy datacenter
    • Any workload that is not a good fit for the public cloud
    • Dependency (like a USB key for license validation)
    • Performance requirements (e.g. workloads highly sensitive to transaction thresholds)
    • Local infrastructure components (firewall, switches, NVR)

    Summary statement: Everything must go! Public cloud is a top priority. Anything that is not compatible (for whatever reason) with a public cloud deployment will be retained in a premises-based server closet (downgraded from a full datacenter). The private cloud does not align with the overall organizational vision, nor does a hybrid solution.

    4.2.2 Build a service model rubric

    1 hour

    Input

    • Output of workload assessments
    • Output of risk and mitigation exercise

    Output

    • Service model rubric

    Materials

    • Whiteboard
    • Cloud Vision Executive Presentation

    Participants

    • Core working group
    1. This next activity is like the delivery model activity, but covers the relevant cloud service models. On a whiteboard, make a vertical list of the cloud service models (SaaS, PaaS, IaaS, etc.) that will be considered for workloads. If you have an order of preference, place your most preferred at the top, your least preferred at the bottom.
    2. Describe the circumstances under which you would select each service model. Do your best to focus on differentiators. If a decision criterion appears for multiple service models, consider refining or excluding it. (For additional information, check out Info-Tech’s Reimagine IT Operations for a Cloud-First World blueprint.)
    3. Create a summary statement to capture your overall service model position. See the next slide for an example. Note: this can be incorporated into your cloud vision statement, so be sure that it reflects your genuine cloud preferences.
    4. Record the results in the Cloud Vision Executive Presentation.

    Cloud Vision Executive Presentation

    Vision for the cloud future state (example)

    Service model Decision criteria
    SaaS

    SaaS first; opt for SaaS when:

    • A SaaS option exists that meets all key business requirements
    • There is a strong desire to have someone else (the vendor) manage infrastructure components/the platform
    • Not particularly sensitive to performance thresholds
    • The goal is to transition management of the workload outside of IT
    • SaaS is the only feasible way to consume the desired service
    PaaS
    • Highly customized service/workload – SaaS not feasible
    • Still preferable to offload as much management as possible to third parties
    • Customization required, but not at the platform level
    • The workload is built using a standard framework
    • We have the time/resources to replatform
    IaaS
    • Service needs to be lifted and shifted out of the datacenter quickly
    • Customization is required at the platform level/there is value in managing components
    • There is no need to manage facilities
    • Performance is not impacted by hosting the workload offsite
    • There is value in right-sizing the workload over time
    On-premises Anything that does not fit in the cloud for performance or other reasons (e.g. licensing key)

    Summary statement: SaaS will be the primary service model. All workloads will migrate to the public cloud where possible. Anything that cannot be migrated to SaaS will be migrated to PaaS. IaaS is a transitory step.

    4.2.3 Build a support model rubric

    1 hour

    Input

    • Results of the cloud workload assessments

    Output

    • Support model rubric

    Materials

    • Whiteboard
    • Cloud Vision Executive Presentation

    Participants

    • Core working group
    1. The final rubric covered here is that for the support model. Where will you procure the skills necessary to ensure the vision’s proper execution? Much like the other rubric activities, write the three support models vertically (in order of preference, if you have one) on a whiteboard.
    2. Next to each model, describe the circumstances under which you would select each support model. Focus on the dimensions: the duration of the engagement, specialization required, and flexibility required. If you have existing rules/practices around hiring consultants/MSPs, consider those as well.
    3. Once you have a good list of decision criteria, form a summary statement. This should encapsulate your position on support models and should mention any notable criteria that will contribute to most decisions.
    4. Record the results in the Cloud Vision Executive Presentation.

    Cloud Vision Executive Presentation

    Vision for the cloud future state (example)

    Support model Decision criteria
    Internal IT

    The primary support model will be internal IT going forward

    • Chosen where the primary work required is administrative
    • Where existing staff can manage the service in the cloud easily and effectively
    • Where the chosen solution fits the SaaS service model
    Consultant
    • Where the work required is time-bound (e.g. a migration/refactoring exercise)
    • Where the skills do not exist in house, and where the skills cannot easily be procured (specific technical expertise required in areas of the cloud unfamiliar to staff)
    • Where opportunities for staff to learn from consultant SMEs are valuable
    • Where ongoing management and maintenance can be handled in house
    MSP
    • Where an ongoing relationship is valued
    • Where ongoing administration and maintenance are disproportionately burdensome on IT staff (or where this administration and maintenance is likely to be burdensome)
    • Where the managed services model has already been proven out
    • Where specific expertise in an area of technology is required but this does not rise to the need to hire an FTE (e.g. telephony)

    Summary statement: Most workloads will be managed in house. A consultant will be employed to facilitate the transition to micro-services in a cloud container environment, but this will be transitioned to in-house staff. An MSP will continue to manage backups and telephony.

    Step 4.3

    Create cloud vision

    Activities

    4.3.1 Create a cloud vision statement

    4.3.2 Map cloud workloads

    4.3.3 Complete the Cloud Vision Presentation

    Review and assign work items

    Finalize cloud decision framework

    Create cloud vision

    This step involves the following participants:

    • Core working group
    • IT management

    Outcomes of this step

    Completed Cloud Vision Executive Presentation

    4.3.1 Create a cloud vision statement

    1 hour

    Input

    • List of cloud initiatives

    Output

    • Initiatives assigned by responsibility and timeline

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    1. Now that you know what service models are appropriate, it’s time to summarize your cloud vision in a succinct, consumable way. A good vision statement should have three components:
      • Scope: Which parts of the organization will the strategy impact?
      • Goal: What is the strategy intended to accomplish?
      • Key differentiator: What makes the new strategy special?
    2. On a whiteboard, make a chart with three columns (one column for each of the features of a good mission statement). Have the group generate a list of words to describe each of the categories. Ideally, the group will produce multiple answers for each category.
    3. Once you’ve gathered a few different responses for each category, have the team put their heads down and generate pithy mission statements that capture the sentiments underlying each category.
    4. Have participants read their vision statements in front of the group. Use the rest of the session to produce a final statement. Record the results in the Cloud Strategy Executive Presentation.

    Example vision statement outputs

    “IT at ACME Corp. hereby commits to providing clients and end users with an unparalleled, productivity-enabling technology experience, leveraging, insofar as it is possible and practical, cloud-based services.”

    “At ACME Corp. our employees and customers are our first priority. Using new, agile cloud services, IT is devoted to eliminating inefficiency, providing cutting-edge solutions for a fast-paced world, and making a positive difference in the lives of our colleagues and the people we serve.”

    As a global leader in technology, ACME Corp. is committed to taking full advantage of new cloud services, looking first to agile cloud options to optimize internal processes wherever efficiency gaps exist. Improved efficiency will allow associates to spend more time on ACME’s core mission: providing an unrivalled customer experience.”

    Scope

    Goal

    Key differentiator

    4.3.2 Map cloud workloads

    1 hour

    Input

    • List of workloads
    • List of acceptable service models
    • List of acceptable migration paths

    Output

    • Workloads mapped by service model/migration path

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Core working group
    1. Now that you have defined your overall cloud vision as well as your service model options, consider aligning your service model preferences with your migration path preferences. Draw a table with your expected migration strategies across the top (retain, retire, rehost, replatform, refactor, repurchase, or some of these) and your expected service models across the side.
    2. On individual sticky notes, write a list of workloads in your environment. In a smaller environment, this list can be exhaustive. Otherwise take advantage of the list you created as part of phase 1 along with any additional workloads that warrant discussion.
    3. As a group, go through the list, placing the sticky notes first in the appropriate row based on their characteristics and the decision criteria that have already been defined, and then in the appropriate column based on the appropriate migration path. (See the next slide for an example of what this looks like.)
    4. Record the results in the Cloud Vision Executive Presentation. Note: not every cell will be filled; some migration path/service model combinations are impossible or otherwise undesirable.

    Cloud Vision Executive Presentation

    Example cloud workload map

    Repurchase Replatform Rehost Retain
    SaaS

    Office suite

    AD

    PaaS SQL Database
    IaaS File Storage DR environment
    Other

    CCTV

    Door access

    4.3.3 Complete the Cloud Vision Presentation

    1 hour

    Input

    • List of cloud initiatives

    Output

    • Initiatives assigned by responsibility and timeline

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    1. Open the Cloud Vision Executive Presentation to the second slide and review the templated executive brief. This comprises several sections (see the next slide). Populate each one:
      • Summary of the exercise
      • The cloud vision statement
      • Key cloud drivers
      • Risks and roadblocks
      • Top initiatives and next steps
    2. Review the remainder of the presentation. Be sure to elaborate on any significant initiatives and changes (where applicable) and to delete any slides that you no longer require.

    Cloud Vision Workbook

    Sample cloud vision executive summary

    • From [date to date], a cross-functional group representing IT and its constituents met to discuss the cloud.
    • Over the course of the week, the group identified drivers for cloud computing and developed a shared vision, evaluated several workloads through an assessment framework, identified risks, roadblocks, and mitigations, and finally generated initiatives and next steps.
    • From the process, the group produced a summary and a cloud suitability assessment framework that can be applied at the level of the workload.

    Cloud Vision Statement

    [Organization] will leverage public cloud solutions and retire existing datacenter and colocation facilities. This transition will simplify infrastructure administration, support, and security, while modernizing legacy infrastructure and reducing the need for additional capital expenditure.

    Cloud Drivers Retire the datacenter Do more valuable work
    Right-size the environment Reduce CapEx
    Facilitate ease of mgmt. Work from anywhere
    Reduce capital expenditure Take advantage of elasticity
    Performance and availability Governance Risks and roadblocks
    Security Rationalization
    Cost Skills
    Migration Remaining premises resources
    BC, backup, and DR Control

    Initiatives and next steps

    • Close the datacenter and colocation site in favor of a SaaS-first cloud approach.
    • Some workloads will migrate to infrastructure-as-a-service in the short term with the assistance of third-party consultants.

    Document your cloud strategy

    You did it!

    Congratulations! If you’ve made it this far, you’ve successfully articulated a cloud vision, assessed workloads, developed an understanding (shared with your team and stakeholders) of cloud concepts, and mitigated risks and roadblocks that you may encounter along your cloud journey. From this exercise, you should understand your mission and vision, how your cloud plans will interact with any other relevant strategic plans, and what successful execution looks like, as well as developing a good understanding of overall guiding principles. These are several components of your overall strategy, but they do not comprise the strategy in its entirety.

    How do you fix this?

    First, validate the results of the vision exercise with your stakeholders. Socialize it and collect feedback. Make changes where you think changes should be made. This will become a key foundational piece. The next step is to formally document your cloud strategy. This is a separate project and is covered in the Info-Tech blueprint Document Your Cloud Strategy.

    The vision exercise tells you where you want to go and offers some clues as to how to get there. The formal strategy exercise is a formal documentation of the target state, but also captures in detail the steps you’ll need to take, the processes you’ll need to refine, and the people you’ll need to hire.

    A cloud strategy should comprise your organizational stance on how the cloud will change your approach to people and human resources, technology, and governance. Once you are confident that you can make and enforce decisions in these areas, you should consider moving on to Document Your Cloud Strategy. This blueprint, Define Your Cloud Vision, often serves as a prerequisite for the strategy documentation conversation(s).

    Appendix

    Summary of Accomplishment

    Additional Support

    Research Contributors

    Related Info-Tech Research

    Vendor Resources

    Bibliography

    Summary of Accomplishment

    Problem Solved

    You have now documented what you want from the cloud, what you mean when you say “cloud,” and some preliminary steps you can take to make your vision a reality.

    You now have at your disposal a framework for identifying and evaluating candidates for their cloud suitability, as well as a series of techniques for generating risks and mitigations associated with your cloud journey. The next step is to formalize your cloud strategy using the takeaways from this exercise. You’re well on your way to a completed cloud strategy!

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Generate drivers for cloud adoption

    Work with stakeholders to understand the expected benefits of the cloud migration and how these drivers will impact the overall vision.

    Conduct workload assessments

    Assess your individual cloud workloads for their suitability as candidates for the cloud migration.

    Bibliography

    “2021 State of the Cloud Report.” Flexera, 2021. Web.

    “2021 State of Upskilling Report.” Pluralsight, 2021. Web.

    “AWS Snowmobile.” Amazon Web Services, n.d. Web.

    “Azure products.” Microsoft, n.d. Web.

    “Azure Migrate Documentation.” Microsoft, n.d. Web.

    Bell, Harold. “Multi-Cloud vs. Hybrid Cloud: What’s the Difference?” Nutanix, 2019. Web.

    “Cloud Products.” Amazon Web Services, n.d. Web.

    “COBIT 2019 Framework: Introduction and Methodology.” ISACA, 2019. Web.

    Edmead, Mark T. “Using COBIT 2019 to Plan and Execute an Organization’s Transformation Strategy.” ISACA, 2020. Web.

    Flitter, Emily, and Karen Weise. “Capital One Data Breach Compromises Data of Over 100 Million.” The New York Times, 29 July 2019. Web.

    Gillis, Alexander S. “Cloud Security Posture Management (CSPM).” TechTarget, 2021. Web.

    “’How to Cloud’ with Capital One.” Amazon Web Services, n.d. Web.

    “IBM Closes Landmark Acquisition of Red Hat for $34 Billion; Defines Open, Hybrid Cloud Future.” Red Hat, 9 July 2019. Web.

    Mell, Peter, and Timothy Grance. “The NIST Definition of Cloud Computing.” National Institute of Standards and Technology, Sept. 2011. Web.

    Ng, Alfred. “Amazon Tells Senators it Isn't to Blame for Capital One Breach.” CNET, 2019. Web.

    Orban, Stephen. “6 Strategies for Migrating Applications to the Cloud.” Amazon Web Services, 2016. Web.

    Sullivan, Dan. “Cloud Access Security Broker (CASB).” TechTarget, 2021. Web.

    “What Is Secure Access Service Edge (SASE)?” Cisco, n.d. Web.

    Build an Application Department Strategy

    • Buy Link or Shortcode: {j2store}180|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $220,866 Average $ Saved
    • member rating average days saved: 34 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Application delivery has modernized. There are increasing expectations on departments to deliver on organizational and product objectives with increasing velocity.
    • Application departments produce many diverse, divergent products, applications, and services with expectations of frequent updates and changes based on rapidly changing landscapes

    Our Advice

    Critical Insight

    • There is no such thing as a universal “applications department.” Unlike other domains of IT, there are no widely accepted frameworks that clearly outline universal best practices of application delivery and management.
    • Different software needs and delivery orientations demand a tailored structure and set of processes, especially when managing a mixed portfolio or multiple delivery methods.

    Impact and Result

    Understand what your department’s purpose is through articulating its strategy in three steps:

    • Determining your application department’s values, principles, and orientation.
    • Laying out the goals, objectives, metrics, and priorities of the department.
    • Building a communication plan to communicate your overall department strategy.

    Build an Application Department Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build an application department strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take stock of who you are

    Consider and record your department’s values, principles, orientation, and capabilities.

    • Build an Application Department Strategy – Phase 1: Take Stock of Who You Are
    • Application Department Strategy Supporting Workbook

    2. Articulate your strategy

    Define your department’s strategy through your understanding of your department combined with everything that you do and are working to do.

    • Build an Application Department Strategy – Phase 2: Articulate Your Strategy
    • Application Department Strategy Template

    3. Communicate your strategy

    Communicate your department’s strategy to your key stakeholders.

    • Build an Application Department Strategy – Phase 3: Communicate Your Strategy

    Infographic

    Workshop: Build an Application Department Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Take Stock of Who You Are

    The Purpose

    Understand what makes up your application department beyond the applications and services provided.

    Key Benefits Achieved

    Articulating your guiding principles, values, capabilities, and orientation provides a foundation for expressing your department strategy.

    Activities

    1.1 Identify your team’s values and guiding principles.

    1.2 Define your department’s orientation.

    Outputs

    A summary of your department’s values and guiding principles

    A clear view of your department’s orientation and supporting capabilities

    2 Articulate Your Strategy

    The Purpose

    Lay out all the details that make up your application department strategy.

    Key Benefits Achieved

    A completed application department strategy canvas containing everything you need to communicate your strategy.

    Activities

    2.1 Write your application department vision statement.

    2.2 Define your application department goals and metrics.

    2.3 Specify your department capabilities and orientation.

    2.4 Prioritize what is most important to your department.

    Outputs

    Your department vision

    Your department’s goals and metrics that contribute to achieving your department’s vision

    Your department’s capabilities and orientation

    A prioritized roadmap for your department

    3 Communicate Your Strategy

    The Purpose

    Lay out your strategy’s communication plan.

    Key Benefits Achieved

    Your application department strategy presentation ready to be presented to your stakeholders.

    Activities

    3.1 Identify your stakeholders.

    3.2 Develop a communication plan.

    3.3 Wrap-up and next steps

    Outputs

    List of prioritized stakeholders you want to communicate with

    A plan for what to communicate to each stakeholder

    Communication is only the first step – what comes next?

    Kick-Start IT-Led Business Innovation

    • Buy Link or Shortcode: {j2store}87|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $38,844 Average $ Saved
    • member rating average days saved: 8 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • The CIO is not considered a strategic partner. The business may be satisfied with IT services, but no one is looking to IT to solve business problems or drive the enterprise forward.
    • Even if IT staff do generate ideas that will improve operational efficiency or enable the business, few are ever assessed or executed upon.

    Our Advice

    Critical Insight

    • Business demand for new technology is creating added pressure to innovate and executive stakeholders expect more from IT. If IT is not viewed as a source of innovation, its perceived value will decrease and the threat of shadow IT will grow. Do not wait to start finding and capitalizing on opportunities for IT-led innovation.

    Impact and Result

    • Start innovating right away. All you need are business pains and people willing to ideate around them.
    • Assemble a small team and arm them with proven techniques for identifying unique opportunities for innovation, developing impactful solutions, and prototyping quickly and effectively. Incubate a reservoir of ideas, both big and small, so that you are ready to execute on innovative projects when the timing is right.
    • Once you have demonstrated IT’s ability to innovate, mature your capability with a permanent innovation process and program.

    Kick-Start IT-Led Business Innovation Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create innovation processes, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch innovation

    Sponsor a mandate for innovation and assemble a small team to start sourcing ideas with IT staff.

    • Kick-Start IT-Led Business Innovation – Phase 1: Launch Innovation
    • Innovation Working Group Charter

    2. Ideate

    Identify critical opportunities for innovation and brainstorm effective solutions.

    • Kick-Start IT-Led Business Innovation – Phase 2: Ideate
    • Idea Document
    • Idea Reservoir Tool

    3. Prototype

    Prototype ideas rapidly to gain user feedback, refine solutions, and make a compelling case for project investment.

    • Kick-Start IT-Led Business Innovation – Phase 3: Prototype
    • Prototyping Workbook
    • Prototype Assessment

    4. Mature innovation capability

    Formalize the innovation process and implement a program to create a strong culture of innovation in IT.

    • Kick-Start IT-Led Business Innovation – Phase 4: Mature Innovation Capability

    Infographic

    Workshop: Kick-Start IT-Led Business Innovation

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch Innovation

    The Purpose

    Introduce innovation.

    Assess overall IT maturity to understand what you want to achieve with innovation.

    Define the innovation mandate.

    Introduce ideation.

    Key Benefits Achieved

    A set of shared objectives for innovation will be defined.

    A mandate will be created to help focus innovation efforts on what is most critical to the advancement of IT's maturity.

    The group will be introduced to ideation and prepared to begin addressing critical IT or business pains.

    Activities

    1.1 Define workshop goals and objectives.

    1.2 Introduce innovation.

    1.3 Assess IT maturity.

    1.4 Define the innovation mandate.

    1.5 Introduce ideation.

    Outputs

    Workshop goals and objectives.

    An understanding of innovation.

    IT maturity assessment.

    Sponsored innovation mandate.

    An understanding of ideation.

    2 Ideate, Part I

    The Purpose

    Identify and prioritize opportunities for IT-led innovation.

    Map critical processes to identify the pains that should be ideated around.

    Brainstorm potential solutions.

    Assess, pitch, and prioritize ideas that should be investigated further.

    Key Benefits Achieved

    The team will learn best practices for ideation.

    Critical pain points that might be addressed through innovation will be identified and well understood.

    A number of ideas will be generated that can solve identified pains and potentially feed the project pipeline.

    The team will prioritize the ideas that should be investigated further and prototyped after the workshop.

    Activities

    2.1 Identify processes that present opportunities for IT-led innovation.

    2.2 Map selected processes.

    2.3 Finalize problem statements.

    2.4 Generate ideas.

    2.5 Assess ideas.

    2.6 Pitch and prioritize ideas.

    Outputs

    A list of processes with high opportunity for IT-enablement.

    Detailed process maps that highlight pain points and stakeholder needs.

    Problem statements to ideate around.

    A long list of ideas to address pain points.

    Detailed idea documents.

    A shortlist of prioritized ideas to investigate further.

    3 Ideate, Part II

    The Purpose

    Ideate around a more complex problem that presents opportunity for IT-led innovation.

    Map the associated process to define pain points and stakeholder needs in detail.

    Brainstorm potential solutions.

    Assess, pitch, and prioritize ideas that should be investigated further.

    Introduce prototyping.

    Map the user journey for prioritized ideas.

    Key Benefits Achieved

    The team will be ready to facilitate ideation independently with other staff after the workshop.

    A critical problem that might be addressed through innovation will be defined and well understood.

    A number of innovative ideas will be generated that can solve this problem and help IT position itself as a source of innovative projects.

    Ideas will be assessed and prioritized for further investigation and prototyping after the workshop.

    The team will learn best practices for prototyping.

    The team will identify the assumptions that need to be tested when top ideas are prototyped.

    Activities

    3.1 Select an urgent opportunity for IT-led innovation.

    3.2 Map the associated process.

    3.3 Finalize the problem statement.

    3.4 Generate ideas.

    3.5 Assess ideas.

    3.6 Pitch and prioritize ideas.

    3.7 Introduce prototyping.

    3.8 Map the user journey for top ideas.

    Outputs

    Selection of a process which presents a critical opportunity for IT-enablement.

    Detailed process map that highlights pain points and stakeholder needs.

    Problem statement to ideate around.

    A long list of ideas to solve the problem.

    Detailed idea documents.

    A shortlist of prioritized ideas to investigate further.

    An understanding of effective prototyping techniques.

    A user journey for at least one of the top ideas.

    4 Implement an Innovation Process and Program

    The Purpose

    Establish a process for generating, managing, prototyping, prioritizing, and approving new ideas.

    Create an action plan to operationalize your new process.

    Develop a program to help support the innovation process and nurture your innovators.

    Create an action plan to implement your innovation program.

    Decide how innovation success will be measured.

    Key Benefits Achieved

    The team will learn best practices for managing innovation.

    The team will be ready to operationalize an effective process for IT-led innovation. You can start scheduling ideation sessions as soon as the workshop is complete.

    The team will understand the current innovation ecosystem: drivers, barriers, and enablers.

    The team will be ready to roll out an innovation program that will help generate wider engagement with IT-led innovation.

    You will be ready to measure and report on the success of your program.

    Activities

    4.1 Design an IT-led innovation process.

    4.2 Assign roles and responsibilities.

    4.3 Generate an action plan to roll out the process.

    4.4 Determine critical process metrics to track.

    4.5 Identify innovation drivers, enablers, and barriers.

    4.6 Develop a program to nurture a culture of innovation.

    4.7 Create an action plan to jumpstart each of your program components.

    4.8 Determine critical metrics to track.

    4.9 Summarize findings and gather feedback.

    Outputs

    A process for IT-led innovation.

    Defined process roles and responsibilities.

    An action plan for operationalizing the process.

    Critical process metrics to measure success.

    A list of innovation drivers, enablers, and barriers.

    A program for innovation that will leverage enablers and minimize barriers.

    An action plan to roll out your innovation program.

    Critical program metrics to track.

    Overview of workshop results and feedback.

    Learn the right way to manage metrics

    • Parent Category Name: Improve Your Processes
    • Parent Category Link: /improve-your-processes

    Learn to use metrics in the right way. Avoid staff (subconciously) gaming the numbers, as it is only natural to try to achieve the objective. This is really a case of be careful what you wish for, you may just get it.

    Register to read more …

    Right-Size the Service Desk for Small Enterprise

    • Buy Link or Shortcode: {j2store}487|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk

    The service desk is a major function within IT. Small enterprises with constrained resources need to look at designing a service desk that enables consistency in supporting the business and finds the right balance of documentation.

    Determining the right level of documentation to provide backup and getting the right level of data for good reporting may seem like a waste of time when the team is small, but this is key to knowing when to invest in more people, upgraded technology, and whether your efforts to improve service are successful.

    Our Advice

    Critical Insight

    It’s easy to lose sight of the client experience when working as a small team supporting a variety of end users. Changing from a help desk to a service desk requires a focus on what it means to be a customer centric service desk and a change to the way the technicians think about providing support.

    • Make the best use of the team. Clearly define roles and responsibilities and monitor those wearing multiple hats to make sure they don’t burn out.
    • Build cross training and documentation into your culture to preserve service levels while giving team members time off to recharge.
    • Don’t discount the benefit of good tools. As volume increases, so does the likelihood of issues and requests getting missed. Look for tools that will help to keep a customer focus.

    Impact and Result

    • Improved workload distribution for technicians and enable prioritization based on work type, urgency, and impact.
    • Improved communications methods and messaging will help the technicians to set expectations appropriately and reduce friction between each other and their supported end users.
    • Best practices and use of industry standard tools will reduce administrative overhead while improving workload management.

    Right-Size the Service Desk for Small Enterprise Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Right-Size the Service Desk for Small Enterprise Storyboard – A step-by-step guide to help you identify and prioritize initiatives to become more customer centric.

    This blueprint provides a framework to quickly identify a plan for service desk improvements. It also provides references to build out additional skills and functionality as a continual improvement initiative.

    • Right-Size the Service Desk for Small Enterprise Storyboard

    2. Maturity Assessment – An assessment to determine baseline maturity.

    The maturity assessment will provide a baseline and identify areas of focus based on level of current and target maturity.

    • IT Service Desk Maturity Assessment for Small Enterprise

    3. Standard Operating Procedure – A template to build out a clear, concise SOP right-sized for a small enterprise.

    The SOP provides an excellent guide to quickly inform new team members or contractors of your support approach.

    • Incident Management and Service Desk SOP for Small Enterprise

    4. Categorization Scheme – A template to build out an effective categorization scheme.

    The categorization scheme template provides examples of asset-based categories, resolution codes and status.

    • Service Desk Asset-Based Categories Template

    5. Improvement Plan – A template to present the improvement plan to stakeholders.

    This template provides a starting point for building your communications on planned improvements.

    • Service Desk Improvement Initiative
    [infographic]

    Further reading

    Right-Size the Service Desk for Small Enterprise

    Turn your help desk into a customer-centric service desk.

    Analyst Perspective

    Small enterprises have many of the same issues as large ones, but with far fewer resources. Focus on the most important aspects to improve customer service.

    The service desk is a major function within IT. Small enterprises with constrained resources need to look at designing a service desk that enables consistency in supporting the business and finds the right balance of documentation.

    Evaluate documentation to ensure there is always redundancy built in to cover absences. Determining coverage will be an important factor, especially if vendors will be brought into the organization to assist during shortages. They will not have the same level of knowledge as teammates and may have different requirements for documentation.

    It is important to be customer centric, thinking about how services are delivered and communicated with a focus on providing self-serve at the appropriate level for your users and determining what information the business needs for expectation-setting and service level agreements, as well as communications on incidents and changes.

    And finally, don’t discount the value of good reporting. There are many reasons to document issues besides just knowing the volume of workload and may become more important as the organization evolves or grows. Stakeholder reporting, regulatory reporting, trend spotting, and staff increases are all good reasons to ensure minimum documentation standards are defined and in use.

    Photo of Sandi Conrad, Principal Research Director, Info-Tech Research Group. Sandi Conrad
    Principal Research Director
    Info-Tech Research Group

    Table of Contents

    Title Page Title Page
    Blueprint benefits 6 Incident management 25
    Start / Stop / Continue exercise 10 Prioritization scheme 27
    Complete a maturity assessment 11 Define SLAs 29
    Select an ITSM tool 13 Communications 30
    Define roles & responsibilities 15 Reporting 32
    Queue management 17 What can you do to improve? 33
    Ticket handling best practices 18 Staffing 34
    Customer satisfaction surveys 19 Knowledge base & self-serve 35
    Categorization 20 Customer service 36
    Separate ticket types 22 Ticket analysis 37
    Service requests 23 Problem management 38
    Roadmap 39

    Insight summary

    Help desk to service desk

    It’s easy to lose sight of the client experience when working as a small team supporting a variety of end users. Changing from a help desk to a service desk requires a focus on what it means to be a customer-centric service desk and a change to the way the technicians think about providing support.

    Make the best use of the team

    • Clearly define primary roles and responsibilities, and identify when and where escalations should occur.
    • Divide the work in a way that makes the most sense based on intake patterns and categories of incidents or service requests.
    • Recognize who is wearing multiple hats, and monitor to make sure they don’t burn out or struggle to keep up.
    • Determine the most appropriate areas to outsource based on work type and skills required.

    Build cross-training into your culture

    • Primary role holders need time off and need to know the day-to-day work won’t be waiting for them when they come back.
    • The knowledge base is your first line of defense to make sure incidents don’t have to wait for resolution and to avoid having technicians remote in on their day off.
    • When volumes spike for incidents and service requests, everyone needs to be prepared to pitch in. Train the team to recognize and step up to the call to action.

    Don’t discount the benefit of good tools

    • When volume increases, so does the likelihood of missing issues and requests.
    • Designate a single solution to manage the workload, so there is one place to go for work orders, incident reporting, asset data, and more.
    • Set up self-serve for users so they have access to how-to articles and can check the status of tickets themselves.
    • Create a service catalog to make it easy for them to request the most frequent items easily.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Standard Operating Procedures

    Sample of the Standard Operating Procedures deliverable.

    Maturity Assessment

    Sample of the Maturity Assessment deliverable.

    Categorization scheme

    Sample of the Categorization scheme deliverable.

    Improvement Initiative

    Sample of the Improvement Initiative deliverable.
    Create a standard operating procedure to ensure the support team has a consistent understanding of how they need to engage with the business.

    Blueprint benefits

    IT benefits

    • Improve workload distribution for technicians and enable prioritization based on work type, urgency, and impact.
    • Improved communications methods and messaging will help the technicians set expectations appropriately and reduce friction between each other and their supported end users.
    • Best practices and use of industry-standard tools will reduce administrative overhead while improving workload management.

    Business benefits

    • IT taking a customer-centric approach will improve access to support and reduce interruptions to the way they do business.
    • Expectation setting and improved communications will allow the business to better plan their work around new requests and will have a better understanding of service level agreements.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is six to ten calls over the course of three to four months.

    The current state discussion will determine the path.

    What does a typical GI on this topic look like?

    Current State & Vision

    Best Practices

    Service Requests & Incidents

    Communications

    Next Steps & Roadmap

    Call #1: Discuss current state & create a vision

    Call #2: Document roles & responsibilities

    Call #3:Review and define best practices for ticket handling Call #4: Review categorization

    Call #5: Discuss service requests & self-serve

    Call #6: Assess incident management processes
    Call #7: Assess and document reporting and metrics

    Call #8: Discuss communications methods

    Call #9: Review next steps

    Call #10: Build roadmap for updates

    For a workshop on this topic, see the blueprint Standardize the Service Desk

    Executive Brief Case Study

    Southwest CARE Center
    Logo for Southwest Care.
    INDUSTRY
    Healthcare

    Service Desk Project

    After relying on a managed service provider (MSP) for a number of years, the business hired Kevin to repatriate IT. As part of that mandate, his first strategic initiative was to build a service desk. SCC engaged Info-Tech Research Group to select and build a structure; assign roles and responsibilities; implement incident management, request fulfilment, and knowledge management processes; and integrate a recently purchased ITSM tool.

    Over the course of a four-day onsite engagement, SCC’s IT team worked with two Info-Tech analysts to create and document workflows, establish ticket handling guidelines, and review their technological requirements.

    Results

    The team developed a service desk standard operating procedure and an implementation roadmap with clear service level agreements.

    Southwest CARE Center (SCC) is a leading specialty healthcare provider in New Mexico. They offer a variety of high-quality services with a focus on compassionate, patient-centered healthcare.

    “Info-Tech helped me to successfully rebrand from an MSP help desk to an IT service desk. Sandi and Michel provided me with a customized service desk framework and SOP that quickly built trust within the organization. By not having to tweak and recalibrate my service desk processes through trial and error, I was able to save a year’s worth of work, resulting in cost savings of $30,000 to $40,000.” (Kevin Vigil, Director of Information Technology, Southwest CARE Center)

    The service desk is the cornerstone for customer satisfaction

    Bar charts comparing 'Dissatisfied' vs 'Satisfied End Users' in both 'Service Desk Effectiveness' and 'Timeliness'.
    N=63, small enterprise organizations from the End-User Satisfaction Diagnostic, at December 2021
    Dissatisfied was classified as those organizations with an average score less than 7.
    Satisfied was classified as those organizations with an average score greater or equal to 8.
    • End users who were satisfied with service desk effectiveness rated all other IT processes 36% higher than dissatisfied end users.
    • End users who were satisfied with service desk timeliness rated all other IT processes 34% higher than dissatisfied end-users.

    Improve the service desk with a Start, Stop, Continue assessment

    Use this exercise as an opportunity to discuss what’s working and what isn’t with your current help desk. Use this to define your goals for the improvement project, with a plan to return to the results and rerun the exercise on a regular basis.

    STOP

    • What service desk processes are counterproductive?
    • What service blockers exist that consistently undermine good results?
    • Are end-user relationships with individual team members negatively impacting satisfaction?
    • Make notes on initial ideas for improvement.

    START

    • What service process improvements could be implemented immediately?
    • What technical qualifications do individual staff members need to improve?
    • What opportunities exist to improve service desk communications with end users?
    • How can escalation and triage be more efficient?

    CONTINUE

    • What aspects of your current service desk are positive?
    • What processes are efficient and can be emulated elsewhere?
    • Where can you identify high levels of end-user satisfaction?

    Complete a maturity assessment to create a baseline and areas of focus

    The Service Desk Maturity Assessment tool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.

    The tool will help guide improvement efforts and measure your progress.

    • The second tab of the tool walks through a qualitative assessment of your service desk practices. Questions will prompt you to evaluate how you are executing key activities. Select the answer in the drop-down menus that most closely aligns with your current state.
    • The third tab displays your rate of process completeness and maturity. You will receive a score for each phase, an overall score, and advice based on your performance.
    • Document the results of the efficiency assessment in the Service Desk Improvement Initiative.
    • The tool is intended for periodic use. Review your answers each year and devise initiatives to improve the process performance where you need it most.
    Sample of the Service Desk Maturity Assessment.

    Define your vision for the support structure

    Use this vision for communicating with the business and your IT team

    Consider service improvements and how those changes can be perceived by the organization. For example, offering multiple platforms, such as adding Macs to end-user devices, could translate to “Providing the right IT solutions for the way our employees want to work.”

    To support new platforms, you might need to look at the following steps to get there:
    • Evaluate skills needed – can you upskill generalists quickly, or will specialists be required? Determine training needs for support staff on new platforms.
    • Estimate uptake of the new platform and adjusting budgets – will these mostly be role-based decisions?
    • Determine what applications will work on the new platform and which will have a parity offering, which will require a solution like Parallels or VirtualBox, and which might need substitute applications.
    • What utilities will be needed to secure your solutions such as for encryption, antivirus, and firewalls?
    • What changes in the way you deploy and patch machines?
    • What level of support do you need to provide – just platform, or applications as well? What self-serve training can be made available?
    If you need to change the way you deploy equipment, you may want to review the blueprint Simplify Remote Deployment With Zero-Touch Provisioning

    Info-Tech Insight

    Identify some high-level opportunities and plan out how these changes will impact the way you provide support today. Document steps you’ll need to follow to make it happen. This may include new offerings and product sourcing, training, and research.

    Facilitate service desk operations with an ITSM tool

    You don’t need to spend a fortune. Many solutions are free or low-cost for a small number of users, and you don’t necessarily have to give up functionality to save money.

    Encourage users to submit requests through email or self-serve to keep organized. Ensure that reporting will provide you with the basics without effort, but ensure report creation is easy enough if you need to add more.

    Consider tools that do more than just store tickets. ITSM tools for small enterprises can also assist with:
    • Equipment and software license management
    • Self-serve for password reset and improving the experience for end users to submit tickets
    • Software deployment
    • Onboarding and offboarding workflows
    • Integration with monitoring tools
    Info-Tech Insight Buying rather than building allows you the greatest flexibility and can provide enterprise-level functionality at small-enterprise pricing. Use Info-Tech’s IT Service Management Selection Guide to create a business case and list of requirements for your ITSM purchase.
    Logo for Spiceworks.
    Logo for ZenDesk. Logo for SysAid.
    Logo for ManageEngine.
    Logo for Vector Networks.
    Logo for Freshworks.
    Logo for Squadcast.
    Logo for Jira Software.
    Logos contain links

    ITSM implementations are the perfect time to fix processes

    Consider engaging a partner for the installation and setup as they will have the expertise to troubleshoot and get you to value quickly.

    Even with a partner, don’t rely on them to set up categories, prioritizations, and workflows. If you have unique requirements, you will need to bring your design work to the table to avoid getting a “standard install” that will need to be modified later.

    When we look at what makes a strong and happy product launch, it boils down to a few key elements:
    • Improving customer service, or at least avoiding a decline
    • Improving access to information for technical team and end users
    • Successfully taking advantage of workflows, templates, and other features designed to improve the technician and user experience
    • Using existing processes with the new tools, without having to completely reengineer how things are done
    For a complete installation guide, visit the blueprint Build an ITSM Implementation Plan
    To prepare for a quick time to value in setting up the new ITSM tool, prioritize in this order:
    1. Categorization and status codes
    2. Prioritization
    3. Divide tickets into incidents and service requests
    4. Create workflows for onboarding and offboarding (automate where you can)
    5. Track escalations to vendors
    6. Reporting
    7. Self-serve
    8. Equipment inventory (leading to hardware asset management)

    Define roles looking to balance between customer service and getting things done

    The team will need to provide backfill for each other with high volume, vacations, and leave, but also need to proactively manage interruptions appropriately as they work on projects.
    Icon of a bullseye. First contact – customer service, general knowledge
    Answers phones, chats, responds to email, troubleshooting, creates knowledge articles for end users.
    Icon of a pie chart. Analyst – experienced troubleshooter, general knowledge
    Answers phone when FC isn’t available, responds to email, troubleshooting, creates knowledge articles for first contact, escalates to other technicians or vendors.
    Icon of a lightbulb. Analyst – experienced troubleshooter, specialist
    Answers phones only when necessary, troubleshooting, creates knowledge articles for anyone in IT, consults with peers, escalates to vendors.
    Icon of gear on a folder. Engineer – deep expertise, specialist
    Answers phones only when necessary, troubleshooting, creates knowledge articles for anyone in IT, consults with peers, escalates to vendors.
    Icon of a handshake. Vendor, Managed Service Providers
    Escalation point per contract terms, must meet SLAs, communicate regularly with analysts and management as appropriate. Who escalates and who manages them?
    Row of colorful people.

    Note roles in the Incident Management and Service Desk – Standard Operating Procedure Template

    Keep customers happy and technicians calm by properly managing your queue

    If ticket volume is too high or too dispersed to effectively have teams self-select tickets, assign a queue manager to review tickets throughout the day to ensure they’re assigned and on the technician’s schedule. This is particularly important for technicians who don’t regularly work out of the ticketing system. Follow up on approaching or missed SLAs.

    • Separate incidents (break fix) and service requests: Prioritize incidents over service requests to focus on getting users doing business as soon as possible. Schedule service requests for slower times or assign to technicians who are not working the front lines.
    • First in/first out…mostly: We typically look to prioritize incidents over service requests and only prioritize incidents if there are multiple people or VIPs affected. Where everything is equal, deal with the oldest first. Pause occasionally to deal with quick wins such as password resets.
    • Update ticket status and notes: Knowing what tickets are in progress and which ones are waiting on information or parts is important for anyone looking to pick up the next ticket. Make sure everyone is aware of the benefits of keeping this information up to date, so technicians know what to work on next without duplicating each other’s work.
    • Implement solutions quickly by using knowledge articles: Continue to build out the knowledge base to be able to resolve end-user issues quickly, check to see if additional information is needed before escalating tickets to other technicians.
    • Encourage end users to create tickets through the portal: Issues called in are automatically moved to the front of the queue, regardless of urgency. Make it easy for users to report issues using the portal and save the phone for urgent issues to allow appropriate prioritization of tickets.
    • Create a process to add additional resources on a regular basis to keep control of the backlog: A few extra hours once a week may be enough if the team is focused without interruptions.
    • Determine what backlog is acceptable to your users: Set that as a maximum time to resolve. Ideally, set up automated escalations for tickets that are approaching target SLAs, and build flexibility into schedules to have an “all hands on deck” option if the volume gets too high.

    Info-Tech Insight

    Make sure your queue manager has an accurate escalation list and has the authority to assign tickets and engage with the technical team to manage SLAs; otherwise, SLAs will never be consistently managed.

    Best practices for ticket handling

    Accurate data leads to good decisions. If working toward adding staff members, reducing recurring incidents, gaining access to better tools, or demonstrating value to the business, tickets will enable reporting and dashboards to manage your day-to-day business and provide reports to stakeholders.
    • Provide an easy way for end users to electronically submit tickets and encourage them to do so. This doesn’t mean you shouldn’t still accept phone calls, but that should be encouraged for time sensitive issues.
    • Create and update tickets, but not at the expense of good customer service. Agents can start the ticket but shouldn’t spend five minutes creating the ticket when they should be troubleshooting the problem.
    • Update the ticket when the issue is resolved or needs to be escalated. If agents are escalating, they should make sure all relevant information is passed along to the next technician.
    • Update user of ETA if issue cannot be resolved quickly.
    • Update categories to reflect the actual issue and resolution.
    • Reference or link to the knowledge base article as the documented steps taken to resolve the incident.
    • Validate incident is resolved with client. Automate this process with ticket closure after a certain time.
    • Close or resolve the ticket on time.
    Ticket templates (or quick tickets) for common incidents can lead to fast creation, data input, and categorizations. Templates can reduce the time it takes to create tickets from two minutes to 30 seconds.
    Sample ticket template.

    Create a right-sized self-service portal

    Review tickets and talk to the team to find out the most frequent requests and the most frequent incidents that could be solved by the end user if there were clear instructions. Check with your user community to see what they would like to see in the portal.

    A portal is only as attractive as it is useful. Enabling ticket creation and review is the bare minimum and may not entice users to the portal if email is just as easy to use for ticket creation.

    Consider opening the portal to groups other than IT. HR, finance, and others may have information they want to share or forms to fill in or download where an employee portal rather than an IT portal could be helpful. Work with other departments to see if they would find value. Make sure your solution is easy to use when adding content. Low-code options are useful for this.

    Portals could be built in the ITSM solution or SharePoint/Teams and should include:

    • Easy ways to create and see status on all tickets
    • Manuals, how-to articles, links to training
    • Answers to common questions, could be a wiki or Q&A for users to help each other as well as IT
    • Could have a chatbot to help people find documents or to create a ticket

    Info-Tech Insight

    Consider using video capture software to create short how-to videos for common questions. Vendors such as TechSmith Snagit , Vimeo Screen Recorder, Screencast-O-Matic Video Recording, and Movavi Screen Recording may be quick and easy to learn.

    49%

    49% of employees have trouble finding information at work

    35%

    Employees can cut time spent looking for information by 35% with quality intranet

    (Source: Liferay)

    Use customer satisfaction surveys to monitor service levels

    Transactional surveys are tied to specific interactions and provide a means of communication to help users communicate satisfaction or dissatisfaction with single interactions.
    • Keep it simple: One question to rate the service with opportunity to add a comment is enough to understand the sentiment and potential issues, and it will be more likely that the user will fill it out.
    • Follow up: Feedback will only be provided if customers think it’s being read and actioned. Set an alert to receive notification of any negative feedback and follow up within one or two business days to show you’re listening.

    A simple customer feedback form with smiley face scale.

    Relationship surveys can be run annually to obtain feedback on the overall customer experience.

    Inform yourself of how well you are doing or where you need improvement in the broad services provided.

    Provide a high-level perspective on the relationship between the business and IT.

    Help with strategic improvement decisions.

    Should be sent over a duration of time and to the entire customer base after they’ve had time to experience all the services provided by the service desk. This can be done on an annual basis.

    For example: Info-Tech’s End User Satisfaction Diagnostic. Included in your membership.

    Keep categorizations simple

    Asset categorization provides reports that are straightforward and useful for IT and that are typically used where the business isn’t demanding complex reports.

    Too many options can cause confusion; too few options provide little value. Try to avoid using “miscellaneous” – it’s not useful information. Test your tickets against your new scheme to make sure it works for you. Effective classification schemes are concise, easy to use correctly, and easy to maintain.

    Build out the categories with these questions:
    • What kind of asset am I working on? (type)
    • What general asset group am I working on? (category)
    • What particular asset am I working on? (sub-category)

    Create resolution codes to further modify the data for deeper reporting. This is typically a separate field, as you could use the same code for many categories. Keep it simple, but make sure it’s descriptive enough to understand the type of work happening in IT.

    Create and define simple status fields to quickly review tickets and know what needs to be actioned. Don’t stop the clock for any status changes unless you’re waiting on users. The elapsed time is important to measure from a customer satisfaction perspective.

    Info-Tech Insight

    Think about how you will use the data to determine which components need to be included in reports. If components won’t be used for reporting, routing, or warranty, reporting down to the component level adds little value.

    Example table of categorizations.


    Need to make quick progress? Use Info-Tech Research Group’s Service Desk Asset-Based Categories template.

    1.1 Build or review your categories

    1-3 hours

    Input: Existing tickets

    Output: Categorization scheme

    Materials: Whiteboard/Flip charts, Markers, Sample categorization scheme

    Participants: CIO, Service desk manager, Technicians

    Discuss:

    • How can you use categories and resolution information to enhance reporting?
    • What level of detail do you need to be able to understand the data and take action? What level of detail is too much?
    • Are current status fields allowing you to accurately assess pending work at a glance?

    Draft:

    1. Start with existing categories and review, identifying duplicates and areas of inconsistency.
    2. Write out proposed resolution codes and status fields and critically assess their value.
    3. Test categories and resolution codes against a few recent tickets.
    4. Record the ticket categorization scheme in the Incident Management and Service Desk – Standard Operating Procedure.

    Download the Incident Management and Service Desk – Standard Operating Procedure Template

    Separate tickets into service requests and incidents

    Tickets should be separated into different ticket types to be able to see briefly what needs to be prioritized. This may seem like a non-issue if you have a small team, but if you ever need to report how quickly you’re solving break-fix issues or whether you’re doing root cause analysis, this will save on future efforts. Separating ticket types may make it easier to route tickets automatically or to a new provider in the future.

    INCIDENTS

    SERVICE REQUESTS

    Icon of a bullseye.

    PRIORITIZATION

    Incidents will be prioritized based on urgency and impact to the organization. Service requests will be scheduled and only increase in prioritization if there is an issue with the request process (e.g. new hire start).
    Icon of a handshake.

    SLAs

    Did incidents get resolved according to prioritization rules? REPONSE & RESOLUTION Did service requests get completed on time? SCHEDULING & FULFILMENT
    Icon of a lightbulb.

    TRIAGE & ROOT CAUSE ANALYSIS

    Incidents will typically need triage at the service desk unless something is set up to go directly to a specialist. Service requests don’t need triage and can be routed automatically for approvals and fulfillment.

    “For me, the first key question is, is this keeping you from doing business? Is this a service request? Is it actually something that's broken? Well, okay. Now let's have the conversation about what's broken and keeping you from doing business.” (Anonymous CIO)

    Determine how service requests will be fulfilled

    Process steps for service requests: 'Request, Approve, Schedule, Fulfill, Notify requester, Close ticket'.

    • Identify standard requests, meaning any product approved for use and deployment in the organization.
    • Determine whether this should be published and how. Consider a service catalog with the ability to create tickets right from the request page. If there is an opportunity to automate fulfillment, build that into your workflow and project plans.
    • Create workflows for complicated requests such as onboarding, and build them into a template in the service desk tool. This will allow you to reduce the administrative work to deploy tasks.
    • Who will fulfill requests? There may be a need for more than one technician to be able to fulfill if volume dictates, but it’s important to determine what will be done by each level to quickly assign those tickets for scheduling. Define what will be done by each group of technicians.
    • Determine reasonable SLAs for most service requests. Identify which ones will not meet “normal” SLAs. As you build out a service catalog or automate fulfillment, SLAs can be refined.

    Info-Tech Insight

    Service requests are not as urgent as incidents and should be scheduled.

    Set the SLA based on time to fulfill, plus a buffer to schedule around more urgent service requests.

    1.2 Identify service requests and routing needs

    2-3 hours

    Input: Ticket data, Existing workflow diagrams

    Output: Workflow diagrams

    Materials: Whiteboard/Flip charts, Markers, Visio

    Participants: CIO, Service desk manager, Technicians

    Identify:

    1. Create your list of typical service requests and identify the best person to fulfill, based on complexity, documentation, specialty, access rights.
    2. Review service requests which include multiple people or departments, such as onboarding and offboarding
    3. Draw existing processes.
    4. Discuss challenges and critique existing process.
    5. Document proposed changes and steps that will need to be taken to improve the process.

    Download the Incident Management and Service Desk – Standard Operating Procedure Template

    Incident management

    Critical incidents and normal incidents

    Even with a small team, it’s important to define a priority for response and resolution time for SLA and uptime reporting and extracting insights for continual improvement efforts.

    • Mission-critical systems or problems that affect many people should always come first (i.e. Severity Level 1).
    • The bulk of reported problems, however, are often individual problems with desktop PCs (i.e. Severity Level 3 or 4).
    • Some questions to consider when deciding on problem severity include:
      • How is productivity affected?
      • How many users are affected?
      • How many systems are affected?
      • How critical are the affected systems to the organization?
    • Decide how many severity levels the organization needs the service desk to have. Four levels of severity is ideal for most organizations.
    Go to incident management for SE

    Super-specialization of knowledge is also a common factor in smaller teams and is caused by complex architectures. While helpful, if that knowledge isn’t documented, it can walk out the door with the resource and the rest of the team is left scrambling.

    Lessons learned may be gathered for critical incidents but often are not propagated, which impacts the ability to solve recurring incidents.

    Over time, repeated incidents can have a negative impact on the customer’s perception that the service desk is a credible and essential service to the business.

    Cover image for 'Incident Management for Small Enterprise'.
    Click picture for a link to the blueprint

    1.3 Activity: Identify critical systems

    1 hour

    Input: Ticket data, Business continuity plan

    Output: Service desk SOP

    Materials: Whiteboard/Flip charts, Markers

    Participants: CIO, Service desk manager, Technicians

    Discuss and document:

    1. Create a list of the most critical systems, and identify and document the escalation path.
    2. Review inventory of support documents for critical systems and identify any that require runbooks to ensure quick resolution in the event of an outage or major performance issue. Refer to the blueprint Incident Management for Small Enterprise to prioritize and document runbooks as needed.
    3. Review vendor agreements to determine if SLAs are appropriate to support needs. If there is a need for adjustments, determine options for modifying or renegotiating SLAs.

    Download the Incident Runbook Prioritization Tool

    Prioritization scheme

    Keep the priority scheme simple and meaningful, using this framework to communicate and report to stakeholders and set SLAs for response and resolution.
    1. Focus primarily on incidents. Service requests should always be medium urgency, unless there is a valid reason to move one to high level.
    2. Separate major outages from all other tickets as these are a major factor in business impact.
    3. Decide how many levels of severity are appropriate for your organization.
    4. Build a prioritization matrix, breaking down priority levels by impact and urgency.
    5. Build out the definitions of “impact” and “urgency” to complete the prioritization matrix.
    6. Run through examples of each priority level to make sure everyone is on the same page.
    A matrix of prioritization with rows as levels of 'IMPACT' and columns as levels of 'URGENCY'. Ratings range from 'Critical' at 'Extensive/Critical' to 'Low' at 'Low Impact/Low'.

    Document escalation rules and contacts

    Depending on the size of the team, escalations may be mostly to internal technical colleagues or could be primarily to vendors.

    • Ensure the list of escalation rules and contacts is accurate and available, adding expected SLAs for quick reference
    • If tickets are being escalated but shouldn’t be, ensure knowledge articles and training materials are up to date
    • Follow up on all external escalations, ensuring SLAs are respected
    • Publish an escalation path for clients if service is not meeting their needs (for internal and external providers) and automate escalations for tickets breaching SLAs
    Escalation rules strung together.
    User doesn’t know who will fix the issue but expects to see it done in a reasonable time. If issue cannot be resolved right away, set expectations for resolution time.
    • Document information so next technician doesn’t need to ask the same questions.
    • Escalate to the right technician the first time.
    • Check notes to catch up on the issue.
    • Run tests if necessary.
    • Contact user to troubleshoot and fix.
    • Meet SLAs or update client on new ETA.
    • Provide complete information to vendor.
    • Monitor resolution.
    • Follow up with vendor if delays.
    • Update client as needed.
    • Vendor will provide support according to agreement.
    • Encourage vendor to provide regular updates to IT.
    • Review vendor performance regularly.
    • IT will validate issue is resolved and close ticket.
    Validate user is happy with the experience

    Define, measure, and report on service level agreements

    Improving communications is the most effective way to improve customer service
    1. Set goals for time to respond and time to resolve for different incident levels, communicate to the technical team, and test ability to meet these goals.
    2. Set goals for time to fulfil for most service requests, document exceptions (e.g. onboarding).
    3. Create reports to measure against goals and determine what information will be most effective for reporting to the business.
    4. Management: Communicate expectations to the business leaders and end users.
    5. Management: Set regular cadence to meet with stakeholders to discuss expectations and review relevant metrics.
    6. Management: Determine how metrics will be tracked and reviewed to manage technical partners.
    Keep messaging simple
    • Be prepared with detailed reporting if needed, but focus on a few key metrics to inform stakeholders of progress against goals.
    • Use trending to tell a story, especially when presenting success stories.
    • Use appropriate media for each type of message. For example: SLAs can be listed on automated ticket responses or in a banner on the portal.

    Determine what communications are most important and who will do them

    Icon of a bperson ascending a staircase.

    PROACTIVE, PLANNED CHANGES

    From: Service Desk

    Messaging provided by engineer or director, sent to all employees; proactive planning with business unit leaders.

    Icon of a bullseye.

    OUTAGES & UPDATES

    From: Service Desk

    Use templates to send out concise messaging and updates hourly, with input from technical team working on restoring services to all; director to liaise with business stakeholders.

    Icon of a lightbulb.

    UPDATES TO SERVICES, SELF-SERVE

    From: Director

    Send announcements no more than monthly about new services and processes.

    Icon of a handshake.

    REGULAR STAKEHOLDER COMMUNICATIONS

    From: Director

    Monthly reporting to business and IT stakeholders on strategic and project goals, manage escalations.

    1.4 Create communications plan

    2 hours

    Input: Sample past communications

    Output: Communications templates

    Materials: Whiteboard/flip charts, Markers

    Participants: CIO, Service desk manager, Technicians

    Determine where templates are needed to ensure quick and consistent communications. Review sample templates and modify to suit your needs:

    1. Proactive, planned changes
    2. Outages and updates
    3. Updates to services, self-serve
    4. Regular stakeholder communications

    Download the communications templates

    Create reports that are useful and actionable

    Reporting serves two purposes:

    1. Accountability to stakeholders
    2. Identification of items that need action

    To determine what reports are needed, ask yourself:

    • What are your goals?
    • What story are you trying to tell?
    • What do you need to manage day to day?
    • What do you need to report to get funding?
    • What do you need to report to your stakeholders for service updates?

    Determine which metrics will be most useful to suit your strategic and operational goals

    STRATEGIC GOAL (stakeholders): Improve customer service evidenced by:

    TIME

    • Aged backlog
    • Service requests solved within SLA (could also look for quick ones, e.g. tickets solved in one day, % solved within one hour)
    • Volume of incidents and time to solve each type
    • Critical incidents solved in 4 hours
    • Incidents solved same day

    QUALITY

    • Percentage of tickets solved at first contact
    • SLAs missed
    • Percentage of services available to request through catalog
    • Percentage of tickets created through portal (speaks to quality of experience)
    • Customer satisfaction survey results – transactional and annual

    RESOURCES

    • Knowledge articles used by technicians
    • Knowledge articles used by end users
    • Tickets resolved at each technician level (volume)
    • Non-standard requests evaluated and fulfilled by volume & time served
    • Volume of recurring incidents
    OPERATIONAL GOALS: Report to director & technicians

    What else can you do to improve service?

    Review the next few pages to see if you need additional blueprints to help you:
    • Evaluate staffing and training needs to ensure the right number of resources are available and they have the skills they need for your environment.
    • Create self-service for end users to get quick answers and create tickets.
    • Create a knowledge base to ensure backup for technical expertise.
    • Develop customer service skills through training.
    • Perform ticket analysis to better understand your technical environment.

    Be agile in your approach to service

    It’s easy for small teams to get overwhelmed when covering for vacations, illness, or leave. Determine where priorities may be adjusted during busy or short-staffed times.

    • Have a plan to cross-train technicians and create comprehensive knowledge articles for coverage during vacations and unexpected absences.
    • Know where it makes sense to bring in vendors, such as for managed print services, or to cover for extended absences.
    • Look for opportunities to automate functions or reduce administrative overhead through workflows.
    • Identify any risks and determine how to mitigate, such as managing or changing administrative passwords.
    • Create self-serve to enable ticket creation and self-solve for those users who wish to use it.

    Staff the service desk to meet demand

    • With increasing complexity of support and demand on service desks, staff are often left feeling overwhelmed and struggling to keep up with ticket volume, resulting in long resolution times and frustrated end users.
    • However, it’s not as simple as hiring more staff to keep up with ticket volume. IT managers must have the data to support their case for increasing resources or even maintaining their current resources in an environment where many executives are looking to reduce headcount.
    • Without changing resources to match demand, IT managers will need to determine how to maximize the use of their resources to deliver better service.

    Cover image for 'Staff the Service Desk to Meet Demand'.
    Click picture for a link to the blueprint

    Create and manage a knowledge base

    With a small team, it may seem redundant to create a knowledge base, but without key system and process workflows and runbooks, an organization is still at risk of bottlenecks and knowledge failure.

    • Use a knowledge base to document pre-escalation troubleshooting steps, known errors and workarounds, and runbook solutions.
    • Where incidents may have many root causes, document which are the most frequent solutions and where variations are typically used.
    • Start with an inventory of personal documents, compare and consolidate into the knowledge base, and ensure they are accurate and up to date.
    • Assign someone to review articles on a regular basis and flag for editing and archiving as the technical environment changes.
    • Supplement with vendor-provided or purchased content. Two options for purchased content include RightAnswers or Netformx.

    Info-Tech Insight

    Appeal to a broad audience. Use non-technical language whenever possible to help less technical readers. Identify error messages and use screenshots where it makes sense. Take advantage of social features like voting buttons to increase use.

    Optimize the service desk with a shift-left strategy

    • “Shift left” is a strategy which moves appropriate technical work to users through knowledge articles, automation and service catalogs, freeing up time for technicians to work on more complex issues.
    • Many organizations have built a great knowledge base but fail to see the value of it over time as it becomes overburdened with overlapping and out-of-date information. Knowledge capture, updating, and review must be embedded into your processes if you want to keep the knowledge base useful.
    • Similarly, the self-service portal is often deployed out of the box with little input from end users and fails to deliver its intended benefits. The portal needs to be designed from the end user’s point of view with the goal of self-resolution if it will serve its purpose of deflecting tickets.

    Cover image for 'Optimize the Service Desk With a Shift-Left Strategy'.
    Click picture for a link to the blueprint

    Customer service isn’t just about friendliness

    Your team will all need to deal with end users at some point, and that may occur in times of high stress. Ensure the team has the skills they need to actively listen, stay positive, and de-escalate.

    Info-Tech’s customer service program is a modular approach to improve skills one area at a time. Delivering good customer service means being effective in these areas:
    • Customer focus – Focus on the customer and use a positive, caring, and helpful attitude.
    • Listening and verbal communication skills – Demonstrate empathy and patience, actively listen, and speak in user-friendly ways to help get your point across.
    • Written communication skills – Use appropriate tone, language, and terms in writing (whether via chat, email, or other).
    • Manage difficult situations – Remain calm and in control when dealing with difficult customers and situations.
    • Go the extra mile – Go beyond simply resolving the request to make each interaction positive and memorable.

    Deliver a customer service training program to your IT department

    • There’s a common misconception that customer service skills can’t be taught, so no effort is made to improve those skills.
    • Even when there is a desire to improve customer service, it’s hard for IT teams to make time for training and improvement when they’re too busy trying to keep up with tickets.
    • A talented service desk agent with both great technical and customer service skills doesn’t have to be a rare unicorn, and an agent without innate customer service skills isn’t a lost cause. Relevant and impactful customer service habits, techniques, and skills can be taught through practical, role-based training.
    • IT leaders can make time for this training through targeted, short modules along with continual on-the-job coaching and development.

    Cover image for 'Deliver Customer Service Training Program to Your IT Department'.
    Click picture for a link to the blueprint

    Improve your ticket analysis

    Once you’ve got great data coming into the ticketing system, it’s important to rethink your metrics and determine if there are more insights to be found.

    Analyzing ticket data involves:
    • Collecting ticket data and keeping it clean. Based on the metrics you’re analyzing, define ticket expectations and keep the data up to date.
    • Showing the value of the service desk. SLAs are meaningless if they are not met consistently. The prerequisite to implementing proper SLAs is fully understanding the proper workload of the service desk.
    • Understanding – and improving – the user experience. You cannot improve the user experience without meaningful metrics that allow you to understand the user experience. Different user groups will have different needs and different expectations of the level of service. Your metrics should reflect those needs and expectations.

    Analyze your service desk ticket data

    Properly analyzing ticket data is challenging for the following reasons:
    • Poor ticket hygiene and unclear ticket handling
    • Service desk personnel are not sure where to start with analysis
    • Too many metrics are tracked to parse actionable data from the noise
    Ticket data won’t give you a silver bullet, but it can help point you in the right direction.

    Cover image for 'Analyze Your Service Desk Ticket Data'.
    Click picture for a link to the blueprint

    Start doing problem management

    Proactively focusing on root cause analysis will reduce the most disruptive incidents to the organization.

    • A focus on elimination of critical incidents and the more disruptive recurring incidents will reduce future workloads for the team and improve customer satisfaction.
    • This can be challenging when the team is already struggling with workload; however, setting a regular cadence to review tickets, looking for trends, and identifying at least one focus area a month can be a positive outcome for everyone.
    • Focus on the most impactful ticket or service first. The initial goal should be to reduce or eliminate critical and high-impact incidents. Once the high-stress situations are reduced, proactively scheduling the smaller but still time-consuming repeatable incidents can be done.
    • Where you have vendors involved, work with them to determine when root cause analysis must happen and where they’ll need to coordinate with your team or other supporting vendors.

    Problem management

    Problem management can be challenging because it requires skills and knowledge to go deep into a problem and troubleshoot the root cause of an issue, but it also requires uninterrupted time.
    • Problem management, however, can be taught, and the issue isn’t always hard to spot if you have time to look.
    • Using tried and true methods for walking through an issue step by step will enable the team to improve their investigative and troubleshooting skills.
    • Reduction of one or two major incidents and recurring incidents per month will pay off quickly in reducing reactive ticket volume and improve customer satisfaction.

    Cover image for 'Problem Management'.
    Click picture for a link to the blueprint

    Create your roadmap with high-level requirements

    Determine what tasks and projects need to be completed to meet your improvement goals. Create a high-level project plan and balance with existing resources.

    Roadmap of high-level requirements with 'Goals' as row headers and their timelines mapped out across fiscal quarters.

    Bibliography

    Taylor, Sharon and Ivor Macfarlane. ITIL Small Scale Implementation. Office of Government Commerce, 2005.

    “Share, Collaborate, and Communicate on One Consistent Platform.” Liferay, n.d. Accessed 19 July 2022.

    Rodela, Jimmy. “A Beginner’s Guide to Customer Self-Service.” The Ascent, 18 May 2022. Web.

    Purchase Storage Without Buyer's Remorse

    • Buy Link or Shortcode: {j2store}505|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • Storage is a big ticket item that often only gets purchased every three to five years. Many buyers focus on capital costs and rely on vendors for scoping of requirements leading to overspending and buyer’s remorse.
    • Three-quarters of storage buyers are dissatisfied with at least one aspect of their most recent storage purchase, and over 40% of organizations switched vendors, making it critical to understand the market and the important factors to avoiding buyer’s remorse.

    Our Advice

    Critical Insight

    • Know where to negotiate on price. Many organizations spend as much or more effort on negotiating a better price as they do on assessing current and future requirements; yet, more than 35% of organizations report dissatisfaction with hardware, software, and/or maintenance and support costs from their most recent purchase.
    • Understand support agreements and vendor offerings. Organizations satisfied with their storage purchase spent more effort evaluating support capabilities of vendors and assessing current and future requirements.
    • Determine costs to scale-up your storage. More than 35% of organizations report dissatisfaction with costs to scale their solutions by adding disks or disk trays, following their initial contract, making it crucial to establish scaling costs with your vendor.

    Impact and Result

    • Get peace of mind knowing that the quote you’re about to sign delivers the solution and capabilities around software and support that you think you are getting.
    • Understand contract discounting levels and get advice around where further discounting can be negotiated with the reseller.
    • Future-proof your purchase by capitalizing on Info-Tech’s exposure to other clients’ past experiences.

    Purchase Storage Without Buyer's Remorse Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Purchase storage without buyer's remorse

    Ensure the purchase is the lowest cost with fewest future headaches.

    • Storyboard: Purchase Storage Without Buyer's Remorse

    2. Evaluate storage vendors and their product capabilities

    Select the most appropriate offering for business needs at a competitive price point.

    3. Ensure vendors reveal all details regarding strengths and weaknesses

    Get the lowest priced feature set for the selected product.

    • Storage Reseller Interrogation Script
    [infographic]

    Modernize Your Microsoft Licensing for the Cloud Era

    • Buy Link or Shortcode: {j2store}304|cart{/j2store}
    • member rating overall impact: 9.1/10 Overall Impact
    • member rating average dollars saved: $102,414 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Microsoft licensing is complicated. Often, the same software can be licensed a number of ways. It’s difficult to know which edition and licensing model is best.
    • Licensing and features often change with the release of new software versions, compounding the problem by making it difficult to stay current.
    • In tough economic times, IT is asked to reduce capital and operating expenses wherever possible. As one of the top five expense items in most enterprise software budgets, Microsoft licensing is a primary target for cost reduction.

    Our Advice

    Critical Insight

    • Focus on needs first. Conduct a thorough needs assessment and document the results. Well-documented needs will be your best asset in navigating Microsoft licensing and negotiating your agreement.
    • Beware the bundle. Be aware when purchasing the M365 suite that there is no way out. Negotiating a low price is critical, as all leverage swings to Microsoft once it is on your agreement.
    • If the cloud doesn’t fit, be ready to pay up or start making room. Microsoft has drastically reduced discounting for on-premises products, support has been reduced, and product rights have been limited. If you are planning to remain on premises, be prepared to pay up.

    Impact and Result

    • Understand what your organization needs and what your business requirements are. It’s always easier to purchase more later than try to reduce your spend.
    • Complete cost calculations carefully, as the cloud might end up costing significantly more for the desired feature set. However, in some scenarios, it may be more cost efficient for organizations to license in the cloud.
    • If there are significant barriers to cloud adoption, discuss and document them. You’ll need this documentation in three years when it’s time to renew your agreement.

    Modernize Your Microsoft Licensing for the Cloud Era Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Modernize Your Microsoft Licensing Deck – A deck to help you build a strategy for your Microsoft licensing renewal.

    This storyboard will help you build a strategy for your Microsoft licensing renewal from conducting a thorough needs assessment to examining your licensing position, evaluating Microsoft's licensing options, and negotiations.

    • Modernize Your Microsoft Licensing for the Cloud Era – Phases 1-4

    2. Microsoft Cloud Products Cost Modeler – A tool to model estimated costs for Microsoft's cloud products.

    The Microsoft Cloud Products Cost Modeler will provide a rough estimate of what you can expect to pay for Office 365 or Dynamics CRM licensing, before you enter into negotiations. This is not your final cost, but it will give you an idea.

    • Microsoft Cloud Products Cost Modeler

    3. Microsoft Licensing Purchase Reference Guide - A template to capture licensing stakeholder information, proposed changes to licensing, and negotiation items.

    The Microsoft Licensing Purchase Reference Guide can be used throughout the process of licensing review: from initial meetings to discuss compliance state and planned purchases, to negotiation meetings with resellers. Use it in conjunction with Info-Tech's Microsoft Licensing Effective License Position Template.

    • Microsoft Licensing Purchase Reference Guide

    4. Negotiation Timeline for Microsoft – A template to navigate your negotiations with Microsoft.

    This tool will help you plot out your negotiation timeline, depending on where you are in your contract negotiation process.

  • 6-12 months
  • Less than 3 months
    • Negotiation Timeline for Microsoft – Visio
    • Negotiation Timeline for Microsoft – PDF

    5. Effective Licensing Position Tool – A template to help you create an effective licensing position and determine your compliance position.

    This template helps organizations to determine the difference between the number of software licenses they own and the number of software copies deployed. This is known as the organization’s effective license position (ELP).

    • Effective Licensing Position Tool
    [infographic]

    Lead Staff through Change

    • Buy Link or Shortcode: {j2store}510|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: High Impact Leadership
    • Parent Category Link: /lead
    • Sixty to ninety percent of change initiatives fail, costing organizations dollars off the bottom line and lost productivity.
    • Seventy percent of change initiatives fail because of people-related issues, which place a major burden on managers to drive change initiatives successfully.
    • Managers are often too busy focusing on the process elements of change; as a result, they neglect major opportunities to leverage and mitigate staff behaviors that affect the entire team.

    Our Advice

    Critical Insight

    • Change is costly, but failed change is extremely costly. Managing change right the first time is worth the time and effort.
    • Staff pose the biggest opportunity and risk when implementing a change – managers must focus on their teams in order to maintain positive change momentum.
    • Large and small changes require the same change process to be followed but at different scales.
    • The size of a change must be measured according to the level of impact the change will have on staff, not how executives and managers perceive the change.
    • To effectively lead their staff through change, managers must anticipate staff reaction to change, develop a communication plan, introduce the change well, help their staff let go of old behaviors while learning new ones, and motivate their staff to adopt the change.

    Impact and Result

    • Anticipate and respond to staff questions about the change in order to keep messages consistent, organized, and clear.
    • Manage staff based on their specific concerns and change personas to get the best out of your team during the transition through change.
    • Maintain a feedback loop between staff, executives, and other departments in order to maintain the change momentum and reduce angst throughout the process.

    Lead Staff through Change Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Learn how to manage people throughout the change process

    Set up a successful change adoption.

    • Storyboard: Lead Staff through Change

    2. Learn the intricacies of the change personas

    Correctly identify which persona most closely resembles individual staff members.

    • None

    3. Assess the impact of change on staff

    Ensure enough time and effort is allocated in advance to people change management.

    • Change Impact Assessment Tool

    4. Organize change communications messages for a small change

    Ensure consistency and clarity in change messages to staff.

    • Basic Business Change Communication Worksheet

    5. Organize change communications messages for a large change

    Ensure consistency and clarity in change messages to staff.

    • Advanced Business Change Description Form

    6. Evaluate leadership of the change process with the team

    Improve people change management for future change initiatives.

    • Change Debrief Questionnaire
    [infographic]

    Cost and Budget Management

    • Buy Link or Shortcode: {j2store}8|cart{/j2store}
    • Related Products: {j2store}8|crosssells{/j2store}
    • Up-Sell: {j2store}8|upsells{/j2store}
    • member rating overall impact: 9.5/10
    • member rating average dollars saved: $2,000
    • member rating average days saved: 5
    • Parent Category Name: Financial Management
    • Parent Category Link: /financial-management

    The challenge

    • IT is seen as a cost center in most organizations. Your IT spend is fuelled by negative sentiment instead of contributing to business value.

    • Budgetary approval is difficult, and in many cases, the starting point is lowering the cost-income ratio without looking at the benefits.
    • Provide the right amount of detail in your budgets to tell your investment and spending story. Align it with the business story. Too much detail only increases confusion, too little suspicion.

    Our advice

    Insight

    An effective IT budget complements the business story with how you will achieve the expected business targets.

    • Partner with the business to understand the strategic direction of the company and its future needs.
    • Know your costs and the value you will deliver.
    • Present your numbers and story clearly and credibly. Excellent delivery is part of good communication.
    • Guide your company by clearly explaining the implications of different choices they can make.

    Impact and results 

    • Get a head-start on your IT forecasting exercise by knowing the business strategy and what initiatives they will launch.
    • The coffee corner works! Pre-sell your ideas in quick chats.
    • Do not make innovation budgets bigger than they need to be. It undermines your credibility.
    • You must know your history to accurately forecast your IT operations cost and how it will evolve based on expected business changes.
    • Anticipate questions. IT discretionary proposals are often challenged. Think ahead of time about what areas your business partners will focus on and be ready with researched and credible responses.
    • When you have an optimized budget, tie further cost reductions to consequences in service delivery or deferred projects, or a changed operating model.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief shows you why you should develop a budget based on value delivery. We'll show you our methodology and the ways we can help you in completing this.

    Plan for budget success

    • Build an IT Budget That Demonstrates Value Delivery – Phase 1: Plan (ppt)
    • IT Budget Interview Guide (doc)

    Build your budget.

    • Build an IT Budget That Demonstrates Value Delivery – Phase 2: Build (ppt)
    • IT Cost Forecasting Tool (xls)

    Sell your budget

    • Build an IT Budget That Demonstrates Value Delivery – Phase 3: Sell (ppt)
    • IT Budget Presentation (ppt)

     

    Improve Requirements Gathering

    • Buy Link or Shortcode: {j2store}523|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $153,578 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Requirements & Design
    • Parent Category Link: /requirements-and-design
    • Poor requirements are the number one reason that projects fail. Requirements gathering and management has been an ongoing issue for IT professionals for decades.
    • If proper due diligence for requirements gathering is not conducted, then the applications that IT is deploying won’t meet business objectives and will fail to deliver adequate business value.
    • Inaccurate requirements definition can lead to significant amounts of project rework and hurt the organization’s financial performance. It will also create significant damage to the working relationship between IT and the business.
    • Often, business analysts haven’t developed the right competencies to successfully execute requirements gathering processes, even when they are in place.

    Our Advice

    Critical Insight

    • To avoid makeshift solutions, an organization needs to gather requirements with the desired future state in mind.
    • Creating a unified set of standard operating procedures is essential for effectively gathering requirements, but many organizations fail to do it.
    • Centralizing governance of requirements processes with a requirements gathering steering committee or requirements gathering center of excellence can bring greater uniformity and cohesion when gathering requirements across projects.
    • Business analysts must be targeted for competency development to ensure that the processes developed above are being successfully executed and the right questions are being asked of project sponsors and stakeholders.

    Impact and Result

    • Enhanced requirements analysis will lead to tangible reductions in cycle time and reduced project overhead.
    • An improvement in requirements analysis will strengthen the relationship between business and IT, as more and more applications satisfy stakeholder needs.
    • More importantly, the applications delivered by IT will meet all of the must-have and at least some of the nice-to-have requirements, allowing end users to successfully execute their day-to-day responsibilities.

    Improve Requirements Gathering Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should invest in optimizing your requirements gathering processes.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build the target state for the requirements gathering process

    Capture a clear understanding of the target needs for the requirements process.

    • Build a Strong Approach to Business Requirements Gathering – Phase 1: Build the Target State for the Requirements Gathering Process
    • Requirements Gathering SOP and BA Playbook
    • Requirements Gathering Maturity Assessment
    • Project Level Selection Tool
    • Business Requirements Analyst
    • Requirements Gathering Communication Tracking Template

    2. Define the elicitation process

    Develop best practices for conducting and structuring elicitation of business requirements.

    • Build a Strong Approach to Business Requirements Gathering – Phase 2: Define the Elicitation Process
    • Business Requirements Document Template
    • Scrum Documentation Template

    3. Analyze and validate requirements

    Standardize frameworks for analysis and validation of business requirements.

    • Build a Strong Approach to Business Requirements Gathering – Phase 3: Analyze and Validate Requirements
    • Requirements Gathering Documentation Tool
    • Requirements Gathering Testing Checklist

    4. Create a requirements governance action plan

    Formalize change control and governance processes for requirements gathering.

    • Build a Strong Approach to Business Requirements Gathering – Phase 4: Create a Requirements Governance Action Plan
    • Requirements Traceability Matrix
    [infographic]

    Workshop: Improve Requirements Gathering

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define the Current State and Target State for Requirements Gathering

    The Purpose

    Create a clear understanding of the target needs for the requirements gathering process.

    Key Benefits Achieved

    A comprehensive review of the current state for requirements gathering across people, processes, and technology.

    Identification of major challenges (and opportunity areas) that should be improved via the requirements gathering optimization project.

    Activities

    1.1 Understand current state and document existing requirement process steps.

    1.2 Identify stakeholder, process, outcome, and training challenges.

    1.3 Conduct target state analysis.

    1.4 Establish requirements gathering metrics.

    1.5 Identify project levels 1/2/3/4.

    1.6 Match control points to project levels 1/2/3/4.

    1.7 Conduct project scoping and identify stakeholders.

    Outputs

    Requirements Gathering Maturity Assessment

    Project Level Selection Tool

    Requirements Gathering Documentation Tool

    2 Define the Elicitation Process

    The Purpose

    Create best practices for conducting and structuring elicitation of business requirements.

    Key Benefits Achieved

    A repeatable framework for initial elicitation of requirements.

    Prescribed, project-specific elicitation techniques.

    Activities

    2.1 Understand elicitation techniques and which ones to use.

    2.2 Document and confirm elicitation techniques.

    2.3 Create a requirements gathering elicitation plan for your project.

    2.4 Build the operating model for your project.

    2.5 Define SIPOC-MC for your selected project.

    2.6 Practice using interviews with business stakeholders to build use case models.

    2.7 Practice using table-top testing with business stakeholders to build use case models.

    Outputs

    Project Elicitation Schedule

    Project Operating Model

    Project SIPOC-MC Sub-Processes

    Project Use Cases

    3 Analyze and Validate Requirements

    The Purpose

    Build a standardized framework for analysis and validation of business requirements.

    Key Benefits Achieved

    Policies for requirements categorization, prioritization, and validation.

    Improved project value as a result of better prioritization using the MOSCOW model.

    Activities

    3.1 Categorize gathered requirements for use.

    3.2 Consolidate similar requirements and eliminate redundancies.

    3.3 Practice prioritizing requirements.

    3.4 Build the business process model for the project.

    3.5 Rightsize the requirements documentation template.

    3.6 Present the business requirements document to business stakeholders.

    3.7 Identify testing opportunities.

    Outputs

    Requirements Gathering Documentation Tool

    Requirements Gathering Testing Checklist

    4 Establish Change Control Processes

    The Purpose

    Create formalized change control processes for requirements gathering.

    Key Benefits Achieved

    Reduced interjections and rework – strengthened formal evaluation and control of change requests to project requirements.

    Activities

    4.1 Review existing CR process.

    4.2 Review change control process best practices and optimization opportunities.

    4.3 Build guidelines for escalating changes.

    4.4 Confirm your requirements gathering process for project levels 1/2/3/4.

    Outputs

    Requirements Traceability Matrix

    Requirements Gathering Communication Tracking Template

    5 Establish Ongoing Governance for Requirements Gathering

    The Purpose

    Establish governance structures and ongoing oversight for business requirements gathering.

    Key Benefits Achieved

    Consistent governance and oversight of the requirements gathering process, resulting in fewer “wild west” scenarios.

    Better repeatability for the new requirements gathering process, resulting in less wasted time and effort at the outset of projects.

    Activities

    5.1 Define RACI for the requirements gathering process.

    5.2 Define the requirements gathering steering committee purpose.

    5.3 Define RACI for requirements gathering steering committee.

    5.4 Define the agenda and cadence for the requirements gathering steering committee.

    5.5 Identify and analyze stakeholders for communication plan.

    5.6 Create communication management plan.

    5.7 Build the action plan.

    Outputs

    Requirements Gathering Action Plan

    Further reading

    Improve Requirements Gathering

    Back to basics: great products are built on great requirements.

    Analyst Perspective

    A strong process for business requirements gathering is essential for application project success. However, most organizations do not take a strategic approach to optimizing how they conduct business analysis and requirements definition.

    "Robust business requirements are the basis of a successful project. Without requirements that correctly articulate the underlying needs of your business stakeholders, projects will fail to deliver value and involve significant rework. In fact, an Info-Tech study found that of projects that fail over two-thirds fail due to poorly defined business requirements.

    Despite the importance of good business requirements to project success, many organizations struggle to define a consistent and repeatable process for requirements gathering. This results in wasted time and effort from both IT and the business, and generates requirements that are incomplete and of dubious value. Additionally, many business analysts lack the competencies and analytical techniques needed to properly execute the requirements gathering process.

    This research will help you get requirements gathering right by developing a set of standard operating procedures across requirements elicitation, analysis, and validation. It will also help you identify and fine-tune the business analyst competencies necessary to make requirements gathering a success."

    – Ben Dickie, Director, Enterprise Applications, Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For:

    • The IT applications director who has accountability for ensuring that requirements gathering procedures are both effective and efficient.
    • The designated business analyst or requirements gathering professional who needs a concrete understanding of how to execute upon requirements gathering SOPs.

    This Research Will Help You:

    • Diagnose your current state and identify (and prioritize) gaps that exist between your target requirements gathering needs and your current capabilities and processes.
    • Build a requirements gathering SOP that prescribes a framework for requirements governance and technology usage, as well as techniques for elicitation, analysis, and validation.

    This Research Will Also Assist:

    • The business partner/stakeholder who is interested in ways to work with IT to improve upon existing procedures for requirements gathering.
    • Systems analysts and developers who need to understand how business requirements are effectively gathered upstream.

    This Research Will Help Them:

    • Understand the significance and importance of business requirements gathering on overall project success and value alignment.
    • Create rules of engagement for assisting IT with the collection of requirements from the right stakeholders in a timely fashion.

    Executive summary

    Situation

    • Strong business requirements are essential to project success – inadequate requirements are the number one reason that projects fail.
    • Organizations need a consistent, repeatable, and prescriptive set of standard operating procedures (SOPs) that dictate how business requirements gathering should be conducted.

    Complication

    • If proper due diligence for requirements gathering is not conducted, then the applications that IT is deploying won’t meet business objectives, and they will fail to deliver adequate business value.
    • Inaccurate requirements definition can lead to significant amounts of project rework and hurt the organization’s financial performance. It will also damage the relationship between IT and the business.

    Resolution

    • To avoid delivering makeshift solutions (paving the cow path), organizations need to gather requirements with the desired future state in mind. Organizations need to keep an open mind when gathering requirements.
    • Creating a unified set of SOPs is essential for effectively gathering requirements; these procedures should cover not just elicitation, analysis, and validation, but also include process governance and documentation.
    • BAs who conduct requirements gathering must demonstrate proven competencies for stakeholder management, analytical techniques, and the ability to speak the language of both the business and IT.
    • An improvement in requirements analysis will strengthen the relationship between business and IT, as more and more applications satisfy stakeholder needs. More importantly, the applications delivered by IT will meet all of the must-have and at least some of the nice-to-have requirements, allowing end users to execute their day-to-day responsibilities.

    Info-Tech Insight

    1. Requirements gathering SOPs should be prescriptive based on project complexity. Complex projects will require more analytical rigor. Simpler projects can be served by more straightforward techniques like user story development.
    2. Business analysts (BA) can make or break the execution of the requirements gathering process. A strong process still needs to be executed well by BAs with the right blend of skills and knowledge.

    Understand what constitutes a strong business requirement

    A business requirement is a statement that clearly outlines the functional capability that the business needs from a system or application. There are several attributes to look at in requirements:

    Verifiable
    Stated in a way that can be easily tested

    Unambiguous
    Free of subjective terms and can only be interpreted in one way

    Complete
    Contains all relevant information

    Consistent
    Does not conflict with other requirements

    Achievable
    Possible to accomplish with budgetary and technological constraints

    Traceable
    Trackable from inception through to testing

    Unitary
    Addresses only one thing and cannot be decomposed into multiple requirements

    Agnostic
    Doesn’t pre-suppose a specific vendor or product

    Not all requirements will meet all of the attributes.

    In some situations, an insight will reveal new requirements. This requirement will not follow all of the attributes listed above and that’s okay. If a new insight changes the direction of the project, re-evaluate the scope of the project.

    Attributes are context specific.

    Depending on the scope of the project, certain attributes will carry more weight than others. Weigh the value of each attribute before elicitation and adjust as required. For example, verifiable will be a less-valued attribute when developing a client-facing website with no established measuring method/software.

    Build a firm foundation: requirements gathering is an essential step in any project, but many organizations struggle

    Proper requirements gathering is critical for delivering business value from IT projects, but it remains an elusive and perplexing task for most organizations. You need to have a strategy for end-to-end requirements gathering, or your projects will consistently fail to meet business expectations.

    50% of project rework is attributable to problems with requirements. (Info-Tech Research Group)

    45% of delivered features are utilized by end users. (The Standish Group)

    78% of IT professionals believe the business is “usually” or “always” out of sync with project requirements. (Blueprint Software Systems)

    45% of IT professionals admit to being “fuzzy” about the details of a project’s business objectives. (Blueprint Software Systems)

    Requirements gathering is truly an organization-spanning issue, and it falls directly on the IT directors who oversee projects to put prudent SOPs in place for managing the requirements gathering process. Despite its importance, the majority of organizations have challenges with requirements gathering.

    What happens when requirements are no longer effective?

    • Poor requirements can have a very visible and negative impact on deployed apps.
    • IT receives the blame for any project shortcomings or failures.
    • IT loses its credibility and ability to champion future projects.
    • Late projects use IT resources longer than planned.

    Requirements gathering is a core component of the overall project lifecycle that must be given its due diligence

    PMBOK’s Five Phase Project Lifecycle

    Initiate – Plan: Requirements Gathering Lives Here – Execute – Control – Close

    Inaccurate requirements is the 2nd most common cause of project failure (Project Management Institute ‒ Smartsheet).

    Requirements gathering is a critical stage of project planning.

    Depending on whether you take an Agile or Waterfall project management approach, it can be extended into the initiate and execute phases of the project lifecycle.

    Strong stakeholder satisfaction with requirements gathering results in higher satisfaction in other areas

    Organizations that had high satisfaction with requirements gathering were more likely to be highly satisfied with the other areas of IT. In fact, 72% of organizations that had high satisfaction with requirements gathering were also highly satisfied with the availability of IT capacity to complete projects.

    A bar graph measuring % High Satisfaction when projects have High Requirements Gathering vs. Not High Requirements Gathering. The graph shows a substantially higher percentage of high satisfaction on projects with High Requirements Gathering

    Note: High satisfaction was classified as organizations with a score greater or equal to 8. Not high satisfaction was every other organization that scored below 8 on the area questions.

    N=395 organizations from Info-Tech’s CIO Business Vision diagnostic

    Requirements gathering efforts are filled with challenges; review these pitfalls to avoid in your optimization efforts

    The challenges that afflict requirements gathering are multifaceted and often systemic in nature. There isn’t a single cure that will fix all of your requirements gathering problems, but an awareness of frequently encountered challenges will give you a basis for where to consider establishing better SOPs. Commonly encountered challenges include:

    Process Challenges

    • Requirements may be poorly documented, or not documented at all.
    • Elicitation methods may be inappropriate (e.g. using a survey when collaborative whiteboarding is needed).
    • Elicitation methods may be poorly executed.
    • IT and business units may not be communicating requirements in the same terms/language.
    • Requirements that conflict with one another may not be identified during analysis.
    • Requirements cannot be traced from origin to testing.

    Stakeholder Challenges

    • Stakeholders may be unaware of the requirements needed for the ideal solution.
    • Stakeholders may have difficulty properly articulating their desired requirements.
    • Stakeholders may have difficulty gaining consensus on the ideal solution.
    • Relevant stakeholders may not be consulted on requirements.
    • Sign-off may not be received from the proper stakeholders.

    70% of projects fail due to poor requirements. (Info-Tech Research Group)

    Address the root cause of poor requirements to increase project success

    Root Causes of Poor Requirements Gathering:

    • Requirements gathering procedures don’t exist.
    • Requirements gathering procedures exist but aren’t followed.
    • There isn't enough time allocated to the requirements gathering phase.
    • There isn't enough involvement or investment secured from business partners.
    • There is no senior leadership involvement or mandate to fix requirements gathering.
    • There are inadequate efforts put towards obtaining and enforcing sign-off.

    Outcomes of Poor Requirements Gathering:

    • Rework due to poor requirements leads to costly overruns.
    • Final deliverables are of poor quality.
    • Final deliverables are implemented late.
    • Predicted gains from deployed applications are not realized.
    • There are low feature utilization rates by end users.
    • There are high levels of end-user dissatisfaction.
    • There are high levels of project sponsor dissatisfaction.

    Info-Tech Insight

    Requirements gathering is the number one failure point for most development or procurement projects that don’t deliver value. This has been and continues to be the case as most organizations still don't get requirements gathering right. Overcoming organizational cynicism can be a major obstacle when it is time to optimize the requirements gathering process.

    Reduce wasted project work with clarity of business goals and analysis of requirements

    You can reduce the amount of wasted work by making sure you have clear business goals. In fact, you could see an improvement of as much as 50% by going from a low level of satisfaction with clarity of business goals (<2) to a high level of satisfaction (≥5).

    A line graph demonstrating that as the amount of wasted work increases, clarity of business goals satisfaction decreases.

    Likewise, you could see an improvement of as much as 43% by going from a low level of satisfaction with analysis of requirements (less than 2) to a high level of satisfaction (greater than or equal to 5).

    A line graph demonstrating that as the Amount of Wasted Work decreases, the level of satisfaction with analysis of requirements shifts from low to high.

    Note: Waste is measured by the amount of cancelled projects; suboptimal assignment of resources; analyzing, fixing, and re-deploying; inefficiency, and unassigned resources.

    N=200 teams from the Project Portfolio Management diagnostic

    Effective requirements gathering supports other critical elements of project management success

    Good intentions and hard work aren’t enough to make a project successful. As you proceed with a project, step back and assess the critical success factors. Make sure that the important inputs and critical activities of requirements gathering are supporting, not inhibiting, project success.

    1. Streamlined Project Intake
    2. Strong Stakeholder Management
    3. Defined Project Scope
    4. Effective Project Management
    5. Environmental Analysis

    Don’t improvise: have a structured, end-to-end approach for successfully gathering useful requirements

    Creating a unified SOP guide for requirements elicitation, analysis, and validation is a critical step for requirements optimization; it gives your BAs a common frame of reference for conducting requirements gathering.

    • The key to requirements optimization is to establish a strong set of SOPs that provide direction on how your organization should be executing requirements gathering processes. This SOP guide should be a holistic document that walks your BAs through a requirements gathering project from beginning to end.
    • An SOP that is put aside is useless; it must be well communicated to BAs. It should be treated as the veritable manifesto of requirements management in your organization.

    Info-Tech Insight

    Having a standardized approach to requirements management is critical, and SOPs should be the responsibility of a group. The SOP guide should cover all of the major bases of requirements management. In addition to providing a walk-through of the process, an SOP also clarifies requirements governance.

    Leverage Info-Tech’s proven Requirements Gathering Framework as the basis for building requirements processes

    A graphic with APPLICATIONS THAT DELIVER BUSINESS VALUE written in the middle. Three steps are named: Elicit; Analyze; Validate. Around the outer part of the graphic are 4 arrows arranged in a circle, with the labels: Plan; Monitor; Communicate; Manage.

    Info-Tech’s Requirements Gathering Framework is a comprehensive approach to requirements management that can be scaled to any size of project or organization. This framework has been extensively road-tested with our clients to ensure that it balances the needs of IT and business stakeholders to give a holistic, end-to-end approach for requirements gathering. It covers the foundational issues (elicitation, analysis, and validation) and prescribes techniques for planning, monitoring, communicating, and managing the requirements gathering process.

    Don’t forget resourcing: the best requirements gathering process will still fail if you don’t develop BA competencies

    When creating the process for requirements gathering, think about how it will be executed by your BAs, and what the composition of your BA team should look like. A strong BA needs to serve as an effective translator, being able to speak the language of both the business and IT.

    1. To ensure alignment of your BAs to the requirements gathering process, undertake a formal skills assessment to identify areas where analysts are strong, and areas that should be targeted for training and skills development.
    2. Training of BAs on the requirements gathering process and development of intimate familiarity with SOPs is essential; you need to get BAs on the same page to ensure consistency and repeatability of the requirements process.
    3. Consider implementing a formal mentorship and/or job shadowing program between senior and junior BAs. Many of our members report that leveraging senior BAs to bootstrap the competencies of more junior team members is a proven approach to building skillsets for requirements gathering.

    What are some core competencies of a good BA?

    • Strong stakeholder management.
    • Proven track record in facilitating elicitation sessions.
    • Ability to bridge the gulf between IT and the business by speaking both languages.
    • Ability to ask relevant probing questions to uncover latent needs.
    • Experience with creating project operating models and business process diagrams.
    • Ability to set and manage expectations throughout the process.

    Throughout this blueprint, look for the “BA Insight” box to learn how steps in the requirements gathering process relate to the skills needed by BAs to facilitate the process effectively.

    A mid-sized local government overhauls its requirements gathering approach and sees strong results

    CASE STUDY

    Industry

    Government

    Source

    Info-Tech Research Group Workshop

    The Client

    The organization was a local government responsible for providing services to approximately 600,000 citizens in the southern US. Its IT department is tasked with deploying applications and systems (such as HRIS) that support the various initiatives and mandate of the local government.

    The Requirements Gathering Challenge

    The IT department recognized that a strong requirements gathering process was essential to delivering value to its stakeholders. However, there was no codified process in place – each BA unilaterally decided how they would conduct requirements gathering at the start of each project. IT recognized that to enhance both the effectiveness and efficiency of requirements gathering, it needed to put in place a strong, prescriptive set of SOPs.

    The Improvement

    Working with a team from Info-Tech, the IT leadership and BA team conducted a workshop to develop a new set of SOPs that provided clear guidance for each stage of the requirements process: elicitation, analysis, and validation. As a result, business satisfaction and value alignment increased.

    The Requirements Gathering SOP and BA Playbook offers a codified set of SOPs for requirements gathering gave BAs a clear playbook.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Build a Strong Approach to Business Requirements Gathering – project overview

    1. Build the Target State for Requirements Gathering 2. Define the Elicitation Process 3. Analyze and Validate Requirements 4. Create a Requirements Governance Action Plan
    Best-Practice Toolkit

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    Guided Implementations
    • Review Info-Tech’s requirements gathering methodology.
    • Assess current state for requirements gathering – pains and challenges.
    • Determine target state for business requirements gathering – areas of opportunity.
    • Assess elicitation techniques and determine best fit to projects and business environment.
    • Review options for structuring the output of requirements elicitation (i.e. SIPOC).
    • Create policies for requirements categorization and prioritization.
    • Establish best practices for validating the BRD with project stakeholders.
    • Discuss how to handle changes to requirements, and establish a formal change control process.
    • Review options for ongoing governance of the requirements gathering process.
    Onsite Workshop Module 1: Define the Current and Target State Module 2: Define the Elicitation Process Module 3: Analyze and Validate Requirements Module 4: Governance and Continuous Improvement Process
    Phase 1 Results: Clear understanding of target needs for the requirements process. Phase 2 Results: Best practices for conducting and structuring elicitation. Phase 3 Results: Standardized frameworks for analysis and validation of business requirements. Phase 4 Results: Formalized change control and governance processes for requirements.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities

    Define Current State and Target State for Requirements Gathering

    • Understand current state and document existing requirement process steps.
    • Identify stakeholder, process, outcome, and reigning challenges.
    • Conduct target state analysis.
    • Establish requirements gathering metrics.
    • Identify project levels 1/2/3/4.
    • Match control points to project levels 1/2/3/4.
    • Conduct project scoping and identify stakeholders.

    Define the Elicitation Process

    • Understand elicitation techniques and which ones to use.
    • Document and confirm elicitation techniques.
    • Create a requirements gathering elicitation plan for your project.
    • Practice using interviews with business stakeholders to build use case models.
    • Practice using table-top testing with business stakeholders to build use case models.
    • Build the operating model for your project

    Analyze and Validate Requirements

    • Categorize gathered requirements for use.
    • Consolidate similar requirements and eliminate redundancies.
    • Practice prioritizing requirements.
    • Rightsize the requirements documentation template.
    • Present the business requirements document (BRD) to business stakeholders.
    • Identify testing opportunities.

    Establish Change Control Processes

    • Review existing CR process.
    • Review change control process best practices & optimization opportunities.
    • Build guidelines for escalating changes.
    • Confirm your requirements gathering process for project levels 1/2/3/4.

    Establish Ongoing Governance for Requirements Gathering

    • Define RACI for the requirements gathering process.
    • Define the requirements gathering governance process.
    • Define RACI for requirements gathering governance.
    • Define the agenda and cadence for requirements gathering governance.
    • Identify and analyze stakeholders for communication plan.
    • Create communication management plan.
    • Build the action plan.
    Deliverables
    • Requirements gathering maturity assessment
    • Project level selection tool
    • Requirements gathering documentation tool
    • Project elicitation schedule
    • Project operating model
    • Project use cases
    • Requirements gathering documentation tool
    • Requirements gathering testing checklist
    • Requirements traceability matrix
    • Requirements gathering communication tracking template
    • Requirements gathering action plan

    Phase 1: Build the Target State for the Requirements Gathering Process

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Build the Target State

    Proposed Time to Completion: 2 weeks

    Step 1.1: Understand the Benefits of Requirements Optimization

    Start with an analyst kick off call:

    • Review Info-Tech’s requirements gathering methodology.

    Then complete these activities…

    • Hold a fireside chat.

    With these tools & templates:

    Requirements Gathering SOP and BA Playbook

    Step 1.2: Determine Your Target State for Requirements Gathering

    Review findings with analyst:

    • Assess current state for requirements gathering – pains and challenges.
    • Determine target state for business requirements gathering – areas of opportunity.

    Then complete these activities…

    • Identify your business process model.
    • Define project levels.
    • Match control points to project level.
    • Identify and analyze stakeholders.

    With these tools & templates:

    • Requirements Gathering Maturity Assessment
    • Project Level Selection Tool
    • Business Requirements Analyst job description
    • Requirements Gathering Communication Tracking Template

    Phase 1 Results & Insights:

    Clear understanding of target needs for the requirements process.

    Step 1.1: Understand the Benefits of Requirements Optimization

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Identifying challenges with requirements gathering and identifying objectives for the workshop.
    This step involves the following participants:
    • Business stakeholders
    • BAs
    Outcomes of this step
    • Stakeholder objectives identified.

    Requirements optimization is powerful, but it’s not free; gauge the organizational capital you’ll need to make it a success

    Optimizing requirements management is not something that can be done in isolation, and it’s not necessarily going to be easy. Improving your requirements will translate into better value delivery, but it takes real commitment from IT and its business partners.

    There are four “pillars of commitment” that will be necessary to succeed with requirements optimization:

    1. Senior Management Organizational Capital
      • Before organizations can establish revised SOPs for requirements gathering, they’ll need a strong champion in senior management to ensure that updated elicitation and sign-off techniques do not offend people. A powerful sponsor can lead to success, especially if they are in the business.
    2. End-User Organizational Capital
      • To overcome cynicism, you need to focus on convincing end users that there is something to be gained from participating in requirements gathering (and the broader process of requirements optimization). Frame the value by focusing on how good requirements mean better apps (e.g. faster, cheaper, fewer errors, less frustration).
    3. Staff Resourcing
      • You can have a great SOP, but if you don’t have the right resources to execute on it you’re going to have difficulty. Requirements gathering needs dedicated BAs (or equivalent staff) who are trained in best practices and can handle elicitation, analysis, and validation successfully.
    4. Dedicated Cycle Time
      • IT and the business both need to be willing to demonstrate the value of requirements optimization by giving requirements gathering the time it needs to succeed. If these parties are convinced by the concept in theory, but still try to rush moving to the development phase, they’re destined for failure.

    Rethink your approach to requirements gathering: start by examining the business process, then tackle technology

    When gathering business requirements, it’s critical not to assume that layering on technology to a process will automatically solve your problems.

    Proper requirements gathering views projects holistically (i.e. not just as an attempt to deploy an application or technology, but as an endeavor to enable new or re-engineered business processes). Neglecting to see requirements gathering in the context of business process enablement leads to failure.

    • Far too often, organizations automate an existing process without putting much thought into finding a better way to do things.
    • Most organizations focus on identifying a series of small improvements to make to a process and realize limited gains.
    • The best way to generate transformational gains is to reinvent how the process should be performed and work backwards from there.
    • You should take a top-down approach and begin by speaking with senior management about the business case for the project and their vision for the target state.
    • You should elicit requirements from the rank-and-file employees while centering the discussion and requirements around senior management’s target state. Don’t turn requirements gathering into a griping session about deficiencies with a current application.

    Leverage Info-Tech’s proven Requirements Gathering Framework as the basis for building requirements processes

    A graphic with APPLICATIONS THAT DELIVER BUSINESS VALUE written in the middle. Three steps are named: Elicit; Analyze; Validate. Around the outer part of the graphic are 4 arrows arranged in a circle, with the labels: Plan; Monitor; Communicate; Manage.

    Info-Tech’s Requirements Gathering Framework is a comprehensive approach to requirements management that can be scaled to any size of project or organization. This framework has been extensively road-tested with our clients to ensure that it balances the needs of IT and business stakeholders to give a holistic, end-to-end approach for requirements gathering. It covers both the foundational issues (elicitation, analysis, and validation) as well as prescribing techniques for planning, monitoring, communicating, and managing the requirements gathering process.

    Requirements gathering fireside chat

    1.1.1 – 45 minutes

    Output
    • Stakeholder objectives
    Materials
    • Whiteboard, markers, sticky notes
    Participants
    • BAs

    Identify the challenges you’re experiencing with requirements gathering, and identify objectives.

    1. Hand out sticky notes to participants, and ask the group to work independently to think of challenges that exist with regards to requirements gathering. (Hint: consider stakeholder challenges, process challenges, outcome challenges, and training challenges.) Ask participants to write their current challenges on sticky notes, and place them on the whiteboard.
    2. As a group, review all sticky notes and group challenges into themes.
    3. For each theme you uncover, work as a group to determine the objective that will overcome these challenges throughout the workshop and write this on the whiteboard.
    4. Discuss how these challenges will be addressed in the workshop.

    Don’t improvise: have a structured, prescriptive end-to-end approach for successfully gathering useful requirements

    Creating a unified SOP guide for requirements elicitation, analysis, and validation is a critical step for requirements optimization; it gives your BAs a common frame of reference for conducting requirements gathering.

    • The key to requirements optimization is to establish a strong set of SOPs that provide direction on how your organization should be executing requirements gathering processes. This SOP guide should be a holistic document that walks your BAs through a requirements gathering project from beginning to end.
    • An SOP that is put aside is useless; it must be well communicated to BAs. It should be treated as the veritable manifesto of requirements management in your organization.

    Info-Tech Insight

    Having a standardized approach to requirements management is critical, and SOPs should be the responsibility of a group. The SOP guide should cover all of the major bases of requirements management. In addition to providing a walk-through of the process, an SOP also clarifies requirements governance.

    Use Info-Tech’s Requirements Gathering SOP and BA Playbook to assist with requirements gathering optimization

    Info-Tech’s Requirements Gathering SOP and BA Playbook template forms the basis of this blueprint. It’s a structured document that you can fill out with defined procedures for how requirements should be gathered at your organization.

    Info-Tech’s Requirements Gathering SOP and BA Playbook template provides a number of sections that you can populate to provide direction for requirements gathering practitioners. Sections provided include: Organizational Context Governance Procedures Resourcing Model Technology Strategy Knowledge Management Elicitation SOPs Analysis SOPs Validation SOPs.

    The template has been pre-populated with an example of requirements management procedures. Feel free to customize it to fit your specific needs.

    Download the Requirements Gathering SOP and BA Playbook template.

    Step 1.2: Determine Your Target State for Requirements Gathering

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Conduct a current and target state analysis.
    • Identify requirements gathering business process model.
    • Establish requirements gathering performance metrics.
    • Define project levels – level 1/2/3/4.
    • Match control points to project level.
    • Conduct initial brainstorming on the project.
    This step involves the following participants:
    • BAs
    Outcomes of this step:
    • Requirements gathering maturity summary.
    • Requirements gathering business process model.
    • Identification of project levels.
    • Identification of control points.

    Plan for requirements gathering

    The image is the Requirements Gathering Framework from earlier slides, but with all parts of the graphic grey-out, except for the arrows containing Plan and Monitor, at the top.

    Establishing an overarching plan for requirements governance is the first step in building an SOP. You must also decide who will actually execute the requirements gathering processes, and what technology they will use to accomplish this. Planning for governance, resourcing, and technology is something that should be done repeatedly and at a higher strategic level than the more sequential steps of elicitation, analysis, and validation.

    Establish your target state for requirements gathering processes to have a cogent roadmap of what needs to be done

    Visualize how you want requirements to be gathered in your organization. Do not let elements of the current process restrict your thinking.

    • First, articulate the impetus for optimizing requirements management and establish clear goals.
    • Use these goals to drive the target state.

    For example:

    • If the goal is to improve the accuracy of requirements, then restructure the validation process.
    • If the goal is to improve the consistency of requirements gathering, then create SOPs or use electronic templates and tools.

    Refrain from only making small changes to improve the existing process. Think about the optimal way to structure the requirements gathering process.

    Define the attributes of a good requirement to help benchmark the type of outputs that you’re looking for

    Attributes of Good Requirements

    Verifiable – It is stated in a way that can be tested.

    Unambiguous – It is free of subjective terms and can only be interpreted in one way.

    Complete – It contains all relevant information.

    Consistent – It does not conflict with other requirements.

    Achievable – It is possible to accomplish given the budgetary and technological constraints.

    Traceable – It can tracked from inception to testing.

    Unitary – It addresses only one thing and cannot be decomposed into multiple requirements.

    Accurate – It is based on proven facts and correct information.

    Other Considerations:

    Organizations can also track a requirement owner, rationale, priority level (must have vs. nice to have), and current status (approved, tested, etc.).

    Info-Tech Insight

    Requirements must be solution agnostic – they should focus on the underlying need rather than the technology required to satisfy the need as it can be really easy to fall into the technology solution trap.

    Use Info-Tech’s Requirements Gathering Maturity Assessment tool to help conduct current and target state analysis

    Use the Requirements Gathering Maturity Assessment tool to help assess the maturity of your requirements gathering function in your organization, and identify the gaps between the current state and the target state. This will help focus your organization's efforts in closing the gaps that represent high-value opportunities.

    • On tab 2. Current State, use the drop-down responses to provide the answer that best matches your organization, where 1= Strongly disagree and 5 = Strongly agree. On tab 3. Target State, answer the same questions in relation to where your organization would like to be.
    • Based on your responses, tab 4. Maturity Summary will display a visual of the gap between the current and target state.

    Conduct a current and target state analysis

    1.2.1 – 1 hour

    Complete the Requirements Gathering Maturity Assessment tool to define your target state, and identify the gaps in your current state.

    Input
    • Current and target state maturity rating
    Output
    • Requirements gathering maturity summary
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    1. For each component of requirements gathering, write out a series of questions to evaluate your current requirements gathering practices. Use the Requirements Gathering Maturity Assessment tool to assist you in drafting questions.
    2. Review the questions in each category, and agree on a rating from 1-5 on their current maturity: 1= Strongly disagree and 5 = Strongly agree. (Note: it will likely be very rare that they would score a 5 in any category, even for the target state.)
    3. Once the assigned categories have been completed, have groups present their assessment to all, and ensure that there is consensus. Once consensus has been reached, input the information into the Current State tab of the tool to reveal the overall current state of maturity score for each category.
    4. Now that the current state is complete, go through each category and define the target state goals.
    5. Document any gaps or action items that need to be addressed.

    Example: Conduct a current and target state analysis

    The Requirements Gathering Maturity Assessment - Target State, with example data inputted.

    Select the project-specific KPIs that will be used to track the value of requirements gathering optimization

    You need to ensure your requirements gathering procedures are having the desired effect and adjust course when necessary. Establishing an upfront list of key performance indicators that will be benchmarked and tracked is a crucial step.

    • Without following up on requirements gathering by tracking project metrics and KPIs, organizations will not be able to accurately gauge if the requirements process re-engineering is having a tangible, measurable effect. They will also not be able to determine what changes (if any) need to be made to SOPs based on project performance.
    • This is a crucial step that many organizations overlook. Creating a retroactive list of KPIs is inadequate, since you must benchmark pre-optimization project metrics in order to assess and isolate the value generated by reducing errors and cycle time and increasing value of deployed applications.

    Establish requirements gathering performance metrics

    1.2.2 – 30 minutes

    Input
    • Historical metrics
    Output
    • Target performance metrics
    Materials
    • Whiteboard
    • Markers
    • Paper
    Participants
    • BAs
    1. Identify the following information for the last six months to one year:
      1. Average number of reworks to requirements.
      2. Number of change requests.
      3. Percent of feature utilization by end users.
      4. User adoption rate.
      5. Number of breaches in regulatory requirements.
      6. Percent of final deliverables implemented on time.
      7. End-user satisfaction score (if possible).
    2. As a group, look at each metric in turn and set your target metrics for six months to one year for each of these categories.

    Document the output from this exercise in section 2.2 of the Requirements Gathering SOP and BA Playbook.

    Visualize your current and target state process for requirements gathering with a business process model

    A business process model (BPM) is a simplified depiction of a complex process. These visual representations allow all types of stakeholders to quickly understand a process, how it affects them, and enables more effective decision making. Consider these areas for your model:

    Stakeholder Analysis

    • Identify who the right stakeholders are
    • Plan communication
    • Document stakeholder responsibilities in a RACI

    Elicitation Techniques

    • Get the right information from stakeholders
    • Document it in the appropriate format
    • Define business need
    • Enterprise analysis

    Documentation

    • How are outputs built?
    • Process flows
    • Use cases
    • Business rules
    • Traceability matrix
    • System requirements

    Validation & Traceability

    • Make sure requirements are accurate and complete
    • Trace business needs to requirements

    Managing Requirements

    • Organizing and prioritizing
    • Gap analysis
    • Managing scope
    • Communicating
    • Managing changes

    Supporting Tools

    • Templates to standardize
    • Checklists
    • Software to automate the process

    Your requirements gathering process will vary based on the project level

    It’s important to determine the project levels up front, as each project level will have a specific degree of elicitation, analysis, and validation that will need to be completed. That being said, not all organizations will have four levels.

    Level 4

    • Very high risk and complexity.
    • Projects that result in a transformative change in the way you do business. Level 4 projects affect all lines of business, multiple technology areas, and have significant costs and/or risks.
    • Example: Implement ERP

    Level 3

    • High risk and complexity.
    • Projects that affect multiple lines of business and have significant costs and/or risks.
    • Example: Implement CRM

    Level 2

    • Medium risk and complexity.
    • Projects with broader exposure to the business that present a moderate level of risk to business operations.
    • Example: Deploy Office 365

    Level 1

    • Low risk and complexity.
    • Routine/straightforward projects with limited exposure to the business and low risk of negative business impact.
    • Example: SharePoint Update

    Use Info-Tech’s Project Level Selection Tool to classify your project level and complexity

    1.3 Project Level Selection Tool

    The Project Level Selection Tool will classify your projects into four levels, enabling you to evaluate the risk and complexity of a particular project and match it with an appropriate requirements gathering process.

    Project Level Input

    • Consider the weighting criteria for each question and make any needed adjustments to better reflect how your organization values each of the criterion.
    • Review the option levels 1-4 for each of the six questions, and make any modifications necessary to better suit your organization.
    • Review the points assigned to each of the four buckets for each of the six questions, and make any modifications needed.

    Project Level Selection

    • Use this tab to evaluate the project level of each new project.
    • To do so, answer each of the questions in the tool.

    Define project levels – Level 1/2/3/4

    1.2.3 – 1 hour

    Input
    • Project level assessment criteria
    Output
    • Identification of project levels
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs

    Define the project levels to determine the appropriate requirements gathering process for each.

    1. Begin by asking participants to review the six criteria for assessing project levels as identified in the Project Level Selection Tool. Have participants review the list and ensure agreement around the factors. Create a chart on the board using Level 1, Level 2, Level 3, and Level 4 as column headings.
    2. Create a row for each of the chosen factors. Begin by filling in the chart with criteria for a level 4 project: What constitutes a level 4 project according to these six factors?
    3. Repeat the exercise for Level 3, Level 2, and Level 1. When complete, you should have a chart that defines the four project levels at your organization.
    4. Input this information into the tool, and ask participants to review the weighting factors and point allocations and make modifications where necessary.
    5. Input the details from one of the projects participants had selected prior to the workshop beginning and determine its project level. Discuss whether this level is accurate, and make any changes needed.

    Document the output from this exercise in section 2.3 of the Requirements Gathering SOP and BA Playbook.

    Define project levels

    1.2.3 – 1 hour

    Category Level 4 Level 3 Level 2 Level 1
    Scope of Change Full system update Full system update Multiple modules Minor change
    Expected Duration 12 months + 6 months + 3-6 months 0-3 months
    Impact Enterprise-wide, globally dispersed Enterprise-wide Department-wide Low users/single division
    Budget $1,000,000+ $500,000-1,000,000 $100,000-500,000 $0-100,000
    Services Affected Mission critical, revenue impacting Mission critical, revenue impacting Pervasive but not mission critical Isolated, non-essential
    Confidentiality Yes Yes No No

    Define project levels

    1.2.3 – 1 hour

    The tool is comprised of six questions, each of which is linked to at least one type of project risk.

    Using the answers provided, the tool will calculate a level for each risk category. Overall project level is a weighted average of the individual risk levels, based on the importance weighting of each type of risk set by the project manager.

    This tool is an excerpt from Info-Tech’s exhaustive Project Level Assessment Tool.

    The image shows the Project Level Tool, with example data filled in.

    Build your initial requirements gathering business process models: create different models based on project complexity

    1.2.4 – 30 minutes

    Input
    • Current requirements gathering process flow
    Output
    • Requirements gathering business process model
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs

    Brainstorm the ideal target business process flows for your requirements gathering process (by project level).

    1. As a group, create a process flow on the whiteboard that covers the entire requirements gathering lifecycle, incorporating the feedback from exercise 1.2.1. Draw the process with input from the entire group.
    2. After the process flow is complete, compare it to the best practice process flow on the following slide. You may want to create different process flows based on project level (i.e. a process model for Level 1 and 2 requirements gathering, and a process model for how to collect requirements for Level 3 and 4). As you work through the blueprint, revisit and refine these models – this is the initial brainstorming!

    Document the output from this exercise in section 2.4 of the Requirements Gathering SOP and BA Playbook.

    Example: requirements gathering business process model

    An example of the requirements gathering business process model. The model depicts the various stages of the requirements gathering process.

    Develop your BA team to accelerate collecting, analyzing, and translating requirements

    Having an SOP is important, but it should be the basis for training the people who will actually execute the requirements gathering process. Your BA team is critical for requirements gathering – they need to know the SOPs in detail, and you need to have a plan for recruiting those with an excellent skill set.

    • The designated BA(s) for the project have responsibility for end-to-end requirements management – they are responsible for executing the SOPs outlined in this blueprint, including elicitation, analysis, and validation of requirements during the project.
    • Designated BAs must work collaboratively with their counterparts in the business and IT (e.g. developer teams or procurement professionals) to ensure that the approved requirements are met in a timely and cost-effective manner.

    The ideal candidates for requirements gathering are technically savvy analysts (but not necessarily computer science majors) from the business who are already fluent with the business’ language and cognizant of the day-to-day challenges that take place. Organizationally, these BAs should be in a group that bridges IT and the business (such as an RGCOE or PMO) and be specialists rather than generalists in the requirements management space.

    A BA resourcing strategy is included in the SOP. Customize it to suit your needs.

    "Make sure your people understand the business they are trying to provide the solution for as well if not better than the business folks themselves." – Ken Piddington, CIO, MRE Consulting

    Use Info-Tech’s Business Requirements Analyst job description template for sourcing the right talent

    1.4 Business Requirements Analyst

    If you don’t have a trained group of in-house BAs who can execute your requirements gathering process, consider sourcing the talent from internal candidates or calling for qualified applicants. Our Business Requirements Analyst job description template can help you quickly get the word out.

    • Sometimes, you will have a dedicated set of BAs, and sometimes you won’t. In the latter case, the template covers:
      • Job Title
      • Description of Role
      • Responsibilities
      • Target Job Skills
      • Target Job Qualifications
    • The template is primarily designed for external hiring, but can also be used to find qualified internal candidates.

    Info-Tech Deliverable
    Download the Business Requirements Analyst job description template.

    Standardizing process begins with establishing expectations

    CASE STUDY

    Industry Government

    Source Info-Tech Workshop

    Challenge

    A mid-sized US municipality was challenged with managing stakeholder expectations for projects, including the collection and analysis of business requirements.

    The lack of a consistent approach to requirements gathering was causing the IT department to lose credibility with department level executives, impacting the ability of the team to engage project stakeholders in defining project needs.

    Solution

    The City contracted Info-Tech to help build an SOP to govern and train all BAs on a consistent requirements gathering process.

    The teams first set about establishing a consistent approach to defining project levels, defining six questions to be asked for each project. This framework would be used to assess the complexity, risk, and scope of each project, thereby defining the appropriate level of rigor and documentation required for each initiative.

    Results

    Once the project levels were defined, the team established a formalized set of steps, tools, and artifacts to be created for each phase of the project. These tools helped the team present a consistent approach to each project to the stakeholders, helping improve credibility and engagement for eliciting requirements.

    The project level should set the level of control

    Choose a level of control that facilitates success without slowing progress.

    No control Right-sized control Over-engineered control
    Final deliverable may not satisfy business or user requirements. Control points and communication are set at appropriate stage-gates to allow for deliverables to be evaluated and assessed before proceeding to the next phase. Excessive controls can result in too much time spent on stage-gates and approvals, which creates delays in the schedule and causes milestones to be missed.

    Info-Tech Insight

    Throughout the requirements gathering process, you need checks and balances to ensure that the projects are going according to plan. Now that we know our stakeholder, elicitation, and prioritization processes, we will set up the control points for each project level.

    Plan your communication with stakeholders

    Determine how you want to receive and distribute messages to stakeholders.

    Communication Milestones Audience Artifact Final Goal
    Project Initiation Project Sponsor Project Charter Communicate Goals and Scope of Project
    Elicitation Scheduling Selected Stakeholders (SMEs, Power Users) Proposed Solution Schedule Elicitation Sessions
    Elicitation Follow-Up Selected Stakeholders Elicitation Notes Confirm Accuracy of Notes
    First Pass Validation Selected Stakeholders Consolidated Requirements Validate Aggregated Requirements
    Second Pass Validation Selected Stakeholders Prioritized Requirements Validate Requirements Priority
    Eliminated Requirements Affected Stakeholders Out of Scope Requirements Affected Stakeholders Understand Impact of Eliminated Requirements
    Solution Selection High Authority/Expertise Stakeholders Modeled Solutions Select Solution
    Selected Solution High Authority/Expertise Stakeholders and Project Sponsor Requirements Package Communicate Solution
    Requirements Sign-Off Project Sponsor Requirements Package Obtain Sign-Off

    Setting control points – approvals and sign-offs

    # – Control Point: A decision requiring specific approval or sign-off from defined stakeholders involved with the project. Control points result in accepted or rejected deliverables/documents.

    A – Plan Approval: This control point requires a review of the requirements gathering plan, stakeholders, and elicitation techniques.

    B – Requirements Validation: This control point requires a review of the requirements documentation that indicates project and product requirements.

    C – Prioritization Sign-Off: This requires sign-off from the business and/or user groups. This might be sign-off to approve a document, prioritization, or confirm that testing is complete.

    D – IT or Peer Sign-Off: This requires sign-off from IT to approve technical requirements or confirm that IT is ready to accept a change.

    Match control points to project level and identify these in your requirements business process models

    1.2.5 – 45 minutes

    Input
    • Activity 1.2.4 business process diagram
    Output
    • Identify control points
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • Business stakeholders
    • BAs

    Define all of the key control points, required documentation, and involved stakeholders.

    1. On the board, post the initial business process diagram built in exercise 1.2.4. Have participants suggest appropriate control points. Write the control point number on a sticky note and place it where the control point should be.
    2. Now that we have identified the control points, consider each control point and define who will be involved in each one, who provides the approval to move forward, the documentation required, and the overall goal.

    Document the output from this exercise in section 6.1 of the Requirements Gathering SOP and BA Playbook.

    A savvy BA should clarify and confirm project scope prior to embarking on requirements elicitation

    Before commencing requirements gathering, it’s critical that your practitioners have a clear understanding of the initial business case and rationale for the project that they’re supporting. This is vital for providing the business context that elicitation activities must be geared towards.

    • Prior to commencing the requirements gathering phase, the designated BA should obtain a clear statement of scope or initial project charter from the project sponsor. It’s also advisable for the BA to have an in-person meeting with the project sponsor(s) to understand the overarching strategic or tactical impetus for the project. This initial meeting should be less about eliciting requirements and more about understanding why the project is moving forward, and the business processes it seeks to enable or re-engineer (the target state).
    • During this meeting, the BA should seek to develop a clear understanding of the strategic rationale for why the project is being undertaken (the anticipated business benefits) and why it is being undertaken at this time. If the sponsor has any business process models they can share, this would be a good time to review them.

    During requirements gathering, BAs should steer clear of solutions and focus on capturing requirements. Focus on traceable, hierarchical, and testable requirements. Focusing on solution design means you are out of requirements mode.

    Identify constraints early and often, and ensure that they are adequately communicated to project sponsors and end users

    Constraints come in many forms (i.e. financial, regulatory, and technological). Identifying these constraints prior to entering requirements gathering enables you to remain alert; you can separate what is possible from what is impossible, and set stakeholder expectations accordingly.

    • Most organizations don’t inventory their constraints until after they’ve gathered requirements. This is dangerous, as clients may inadvertently signal to end users or stakeholders that an infeasible requirement is something they will pursue. As a result, stakeholders are disappointed when they don’t see it materialize.
    • Organizations need to put advanced effort into constraint identification and management. Too much time is wasted pursuing requirements that aren't feasible given existing internal (e.g. budgets and system) and external (e.g. legislative or regulatory) constraints.
    • Organizations need to manage diverse stakeholders for requirements analysis. Communication will not always be solely with internal teams, but also with suppliers, customers, vendors, and system integrators.

    Stakeholder management is a critical aspect of the BA’s role. Part of the BA’s responsibility is prioritizing solutions and demonstrating to stakeholders the level of effort required and the value attained.

    A graphic, with an arrow running down the left side, pointing downward, which is labelled Constraint Malleability. On the right side of the arrow are three rounded arrows, stacked. The top arrow is labelled Legal/Regulatory Constraints, the second is labelled System/Technical Constraints and the third is labelled Stakeholder Constraints

    Conduct initial brainstorming on the scope of a selected enterprise application project (real or a sample of your choice)

    1.2.6 – 30 minutes

    Input
    • Project details
    Output
    • Initial project scoping
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    Begin the requirements gathering process by conducting some initial scoping on why we are doing the project, the goals, and the constraints.

    1. Share the project intake form/charter with each member of the group, and give them a few minutes to read over the project details.
    2. On the board write the project topic and three sub-topics:
      • Why does the business want this?
      • What do you want customers (end users) to be able to do?
      • What are the constraints?
    3. As a group, brainstorm answers to each of these questions and write them on the board.

    Example: Conduct initial brainstorming on the project

    Image shows an example for initial brainstorming on a project. The image shows the overall idea, Implement CRM, with question bubbles emerging out of it, and space left blank to brainstorm the answers to those questions.

    Identify stakeholders that must be consulted during the elicitation part of the process; get a good spectrum of subject matter experts (SMEs)

    Before you can dive into most elicitation techniques, you need to know who you’re going to speak with – not all stakeholders hold the same value.

    There are two broad categories of stakeholders:

    Customers: Those who ask for a system/project/change but do not necessarily use it. These are typically executive sponsors, project managers, or interested stakeholders. They are customers in the sense that they may provide the funding or budget for a project, and may have requests for features and functionality, but they won’t have to use it in their own workflows.

    Users: Those who may not ask for a system but must use it in their routine workflows. These are your end users, those who will actually interact with the system. Users don’t necessarily have to be people – they can also be other systems that will require inputs or outputs from the proposed solution. Understand their needs to best drive more granular functional requirements.

    "The people you need to make happy at the end of the day are the people who are going to help you identify and prioritize requirements." – Director of IT, Municipal Utilities Provider

    Need a hand with stakeholder identification? Leverage Info-Tech’s Stakeholder Planning Tool to catalog and prioritize the stakeholders your BAs will need to contact during the elicitation phase.

    Exercise: Identify and analyze stakeholders for the application project prior to beginning formal elicitation

    1.2.7 – 45 minutes

    Input
    • List of stakeholders
    Output
    • Stakeholder analysis
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • BAs

    Practice the process for identifying and analyzing key stakeholders for requirements gathering.

    1. As a group, generate a complete list of the project stakeholders. Consider who is involved in the problem and who will be impacted by the solution, and record the names of these stakeholders/stakeholder groups on a sticky note. Categories include:
      1. Who is the project sponsor?
      2. Who are the user groups?
      3. Who are the project architects?
      4. Who are the specialty stakeholders (SMEs)?
      5. Who is your project team?
    2. Now that you’ve compiled a complete list, review each user group and indicate their level of influence against their level of involvement in the project to create a stakeholder power map by placing their sticky on a 2X2 grid.
    3. At the end of the day, record this list in the Requirements Gathering Communication Tracking Template.

    Use Info-Tech’s Requirements Gathering Communication Tracking Template

    1.5 Requirements Gathering Communication Tracking Template

    Use the Requirements Gathering Communication Tracking Template for structuring and managing ongoing communications among key requirements gathering implementation stakeholders.

    An illustration of the Stakeholder Power Map Template tab of the Requirements Gathering Communication Tracking Template

    Use the Stakeholder Power Map tab to:

    • Identify the stakeholder's name and role.
    • Identify their position on the power map using the drop-down menu.
    • Identify their level of support.
    • Identify resisters' reasons for resisting as: unwilling, unable, and/or unknowing.
    • Identify which committees they currently sit on, and which they will sit on in the future state.
    • Identify any key objections the stakeholder may have.

    Use the Communication Management Plan tab to:

    • Identify the vehicle/communication medium (status update, meeting, training, etc.).
    • Identify the audience for the communication.
    • Identify the purpose for communication.
    • Identify the frequency.
    • Identify who is responsible for the communication.
    • Identify how the communication will be distributed, and the level of detail.

    Right-size your investments in requirements management technology; sometimes the “suite spot” isn’t necessary

    Recording and analyzing requirements needs some kind of tool, but don’t overinvest in a dedicated suite if you can manage with a more inexpensive solution (such as Word, Excel, and/or Visio). Top-tier solutions may be necessary for an enterprise ERP deployment, but you can use a low-cost solution for low-level productivity application.

    • Many companies do things in the wrong order. Organizations need to right-size the approach that they take to recording and analyzing requirements. Taking the suite approach isn’t always better – often, inputting the requirements into Word or Excel will suffice. An RM suite won’t solve your problems by itself.
    • If you’re dealing with strategic approach or calculated approach projects, their complexity likely warrants a dedicated RM suite that can trace system dependencies. If you’re dealing with primarily elementary or fundamental approach projects, use a more basic tool.

    Your SOP guide should specify the technology platform that your analysts are expected to use for initial elicitation as well as analysis and validation. You don’t want them to use Word if you’ve invested in a full-out IBM RM solution.

    The graphic shows a pyramid shape next to an arrow, pointing up. The arrow is labelled Project Complexity. The pyramid includes three text boxes, reading (from top to bottom) Dedicated RM Suite; RM Module in PM Software; and Productivity APP (Word/Excel/Visio)

    If you need to opt for a dedicated suite, these vendors should be strong contenders in your consideration set

    Dedicated requirements management suites are a great (although pricey) way to have full control over recording, analysis, and hierarchical categorization of requirements. Consider some of the major vendors in the space if Word, Excel, and Visio aren’t suitable for you.

    • Before you purchase a full-scale suite or module for requirements management, ensure that the following contenders have been evaluated for your requirements gathering technology strategy:
      • Micro Focus Requirements Management
      • IBM Requisite Pro
      • IBM Rational DOORS
      • Blueprint Requirements Management
      • Jama Software
      • Polarion Software (a Siemens Company)

    A mid-sized consulting company overhauls its requirement gathering software to better understand stakeholder needs

    CASE STUDY

    Industry Consulting

    Source Jama Software

    Challenge

    ArcherPoint is a leading Microsoft Partner responsible for providing business solutions to its clients. Its varied customer base now requires a more sophisticated requirements gathering software.

    Its process was centered around emailing Word documents, creating versions, and merging issues. ArcherPoint recognized the need to enhance effectiveness, efficiency, and accuracy of requirements gathering through a prescriptive set of elicitation procedures.

    Solution

    The IT department at ArcherPoint recognized that a strong requirements gathering process was essential to delivering value to stakeholders. It needed more scalable and flexible requirements gathering software to enhance requirements traceability. The company implemented SaaS solutions that included traceability and seamless integration features.

    These features reduced the incidences of repetition, allowed for tracing of requirements relationships, and ultimately led to an exhaustive understanding of stakeholders’ needs.

    Results

    Projects are now vetted upon an understanding of the business client’s needs with a thorough requirements gathering collection and analysis.

    A deeper understanding of the business needs also allows ArcherPoint to better understand the roles and responsibilities of stakeholders. This allows for the implementation of structures and policies which makes the requirements gathering process rigorous.

    There are different types of requirements that need to be gathered throughout the elicitation phase

    Business Requirements

    • Higher-level statements of the goals, objectives, or needs of the enterprise.
    • Describe the reasons why a project has been initiated, the objectives that the project will achieve, and the metrics that will be used to measure its success.
    • Business requirements focus on the needs of the organization as a whole, not stakeholders within it.
    • Business requirements provide the foundation on which all further requirements analysis is based:
      • Ultimately, any detailed requirements must map to business requirements. If not, what business need does the detailed requirement fulfill?

    Stakeholder Requirements

    • Statements of the needs of a particular stakeholder or class of stakeholders, and how that stakeholder will interact with a solution.
    • Stakeholder requirements serve as a bridge between business requirements and the various classes of solution requirements.
    • When eliciting stakeholder requirements, other types of detailed requirements may be identified. Record these for future use, but keep the focus on capturing the stakeholders’ needs over detailing solution requirements.

    Solution options or preferences are not requirements. Be sure to identify these quickly to avoid being forced into untimely discussions and sub-optimal solution decisions.

    Requirement types – a quick overview (continued)

    Solution Requirements: Describe the characteristics of a solution that meet business requirements and stakeholder requirements. They are frequently divided into sub-categories, particularly when the requirements describe a software solution:

    Functional Requirements

    • Describe the behavior and information that the solution will manage. They describe capabilities the system will be able to perform in terms of behaviors or operations, i.e. specific information technology application actions or responses.
    • Functional requirements are not detailed solution specifications; rather, they are the basis from which specifications will be developed.

    Non-Functional Requirements

    • Capture conditions that do not directly relate to the behavior or functionality of the solution, but rather describe environmental conditions under which the solution must remain effective or qualities that the systems must have. These can include requirements related to capacity, speed, security, availability, and the information architecture and presentation of the user interface.
    • Non-functional requirements often represent constraints on the ultimate solution. They tend to be less negotiable than functional requirements.
    • For IT solutions, technical requirements would fit in this category.
    Info-Tech Insight

    Remember that solution requirements are distinct from solution specifications; in time, specifications will be developed from the requirements. Don’t get ahead of the process.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.2.1 Conduct current and target state analysis

    An analyst will facilitate a discussion to assess the maturity of your requirements gathering process and identify any gaps in the current state.

    1.2.2 Establish requirements gathering performance metrics

    Speak to an analyst to discuss and determine key metrics for measuring the effectiveness of your requirements gathering processes.

    1.2.4 Identify your requirements gathering business process model

    An analyst will facilitate a discussion to determine the ideal target business process flow for your requirements gathering.

    1.2.3; 1.2.5 Define control levels and match control points

    An analyst will assist you with determining the appropriate requirements gathering approach for different project levels. The discussion will highlight key control points and define stakeholders who will be involved in each one.

    1.2.6; 1.2.7 Conduct initial scoping and identify key stakeholders

    An analyst will facilitate a discussion to highlight the scope of the requirements gathering optimization project as well as identify and analyze key stakeholders in the process.

    Phase 2: Define the Elicitation Process

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Define the Elicitation Process

    Proposed Time to Completion: 2 weeks

    Step 2.1: Determine Elicitation Techniques

    Start with an analyst kick off call:

    • Understand and assess elicitation techniques.
    • Determine best fit to projects and business environment.

    Then complete these activities…

    • Understand different elicitation techniques.
    • Record the approved elicitation techniques.
    Step 2.2: Structure Elicitation Output

    Review findings with analyst:

    • Review options for structuring the output of requirements elicitation.
    • Build the requirements gathering operating model.

    Then complete these activities…

    • Build use case model.
    • Use table-top testing to build use case models.
    • Build the operating model.

    With these tools & templates:

    • Business Requirements Document Template
    • Scrum Documentation Template
    Phase 2 Results & Insights:
    • Best practices for conducting and structuring elicitation.

    Step 2.1: Determine Elicitation Techniques

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:

    • Understand requirements elicitation techniques.

    This step involves the following participants:

    • BAs
    • Business stakeholders

    Outcomes of this step

    • Select and record best-fit elicitation techniques.

    Eliciting requirements is all about effectively creating the initial shortlist of needs the business has for an application

    The image is the Requirements Gathering Framework, shown earlier. All parts of the framework are greyed-out, except for the arrow containing the word Elicit in the center of the image, with three bullet points beneath it that read: Prepare; Conduct; Confirm.

    The elicitation phase is where the BAs actually meet with project stakeholders and uncover the requirements for the application. Major tasks within this phase include stakeholder identification, selecting elicitation techniques, and conducting the elicitation sessions. This phase involves the most information gathering and therefore requires a significant amount of time to be done properly.

    Good requirements elicitation leverages a strong elicitation framework and executes the right elicitation techniques

    A mediocre requirements practitioner takes an order taker approach to elicitation: they elicit requirements by showing up to a meeting with the stakeholder and asking, “What do you want?” This approach frequently results in gaps in requirements, as most stakeholders cannot free-form spit out an accurate inventory of their needs.

    A strong requirements practitioner first decides on an elicitation framework – a mechanism to anchor the discussion about the business requirements. Info-Tech recommends using business process modelling (BPM) as the most effective framework. The BA can now work through several key questions:

    • What processes will this application need to support?
    • What does the current process look like?
    • How could we improve the process?
    • In a target state process map, what are the key functional requirements necessary to support this?

    The second key element to elicitation is using the right blend of elicitation techniques: the tactical approach used to actually collect the requirements. Interviews are the most popular means, but focus groups, JAD sessions, and observational techniques can often yield better results – faster. This section will touch on BPM/BPI as an elicitation framework, then do deep dive on different elicitation techniques.

    The elicitation phase of most enterprise application projects follows a similar four-step approach

    Prepare

    Stakeholders must be identified, and elicitation frameworks and techniques selected. Each technique requires different preparation. For example, brainstorming requires ground rules; focus groups require invitations, specific focus areas, and meeting rooms (perhaps even cameras). Look at each of these techniques and discuss how you would prepare.

    Conduct

    A good elicitor has the following underlying competencies: analytical thinking, problem solving, behavioral characteristics, business knowledge, communication skills, interaction skills, and proficiency in BA tools. In both group and individual elicitation techniques, interpersonal proficiency and strong facilitation is a must. A good BA has an intuitive sense of how to manage the flow of conversations, keep them results-oriented, and prevent stakeholder tangents or gripe sessions.

    Document

    How you document will depend on the technique you use. For example, recording and transcribing a focus group is probably a good idea, but you still need to analyze the results and determine the actual requirements. Use cases demand a software tool – without one, they become cumbersome and unwieldy. Consider how you would document the results before you choose the technique. Some analysts prefer to use solutions like OneNote or Evernote for capturing the raw initial notes, others prefer pen and paper: it’s what works best for the BA at hand.

    Confirm

    Review the documentation with your stakeholder and confirm the understanding of each requirement via active listening skills. Revise requirements as necessary. Circulating the initial notes of a requirements interview or focus group is a great practice to get into – it ensures jargon and acronyms are correctly captured, and that nothing has been lost in the initial translation.

    BPM is an extremely useful framework for framing your requirements elicitation discussions

    What is BPM? (Source: BPMInstitute.org)

    BPMs can take multiple forms, but they are created as visual process flows that depict a series of events. They can be customized at the discretion of the requirements gathering team (swim lanes, legends, etc.) based on the level of detail needed from the input.

    When to use them?

    BPMs can be used as the basis for further process improvement or re-engineering efforts for IT and applications projects. When the requirements gathering process owner needs to validate whether or not a specific step involved in the process is necessary, BPM provides the necessary breakdown.

    What’s the benefit?

    Different individuals absorb information in a variety of ways. Visual representations of a process or set of steps tend to be well received by a large sub-set of individuals, making BPMs an effective analysis technique.

    This related Info-Tech blueprint provides an extremely thorough overview of how to leverage BPM and process improvement approaches.

    Use a SIPOC table to assist with zooming into a step in a BPM to help define requirements

    Build a Sales Report
    • Salesforce
    • Daily sales results
    • Sales by product
    • Sales by account rep
    • Receive customer orders
    • Process invoices
    • GL roll-up
    • Sales by region
    • Sales by rep
    • Director of Sales
    • CEO
    • Report is accurate
    • Report is timely
    • Balance to GL
    • Automated email notification

    Source: iSixSigma

    Example: Extract requirements from a BPM for a customer service solution

    Look at an example for a claims process, and focus on the Record Claim task (event).

    Task Input Output Risks Opportunities Condition Sample Requirements
    Record Claim Customer Email Case Record
    • An agent accidentally misses the email and the case is not submitted.
    • The contents of the email are not properly ported over into the case for the claim.
    • The claim is routed to the wrong recipient within the claims department.
    • There is translation risk when the claim is entered in another language from which it is received.
    • Reduce the time to populate a customer’s claim information into the case.
    • Automate the data capture and routing.
    • Pre-population of the case with the email contents.
    • Suggested routing based on the nature of the case.
    • Multi-language support.

    Business:

    • The system requires email-to-case functionality.

    Non-Functional:

    • The cases must be supported in multiple languages.
    • Case management requires Outlook integration.

    Functional:

    • The case must support the following information:
    • Title; Customer; Subject; Case Origin; Case Type; Owner; Status; Priority
    • The system must pre-populate the claims agent based on the nature of the case.

    The image is an excerpt from a table, with the title Claims Process at the top. The top row is labelled Customer Service, and includes a textbox that reads Record Claim. The bottom row is labelled Claims, and includes a textbox that reads Manage Claim. A downward-pointing arrow connects the two textboxes.

    Identify the preferred elicitation techniques in your requirements gathering SOP: outline order of operations

    Conducting elicitation typically takes the greatest part of the requirements management process. During elicitation, the designated BA(s) should be reviewing documentation, and conducting individual and group sessions with key stakeholders.

    • When eliciting requirements, it’s critical that your designated BAs use multiple techniques; relying only on stakeholder interviews while neglecting to conduct focus groups and joint whiteboarding sessions will lead to trouble.
    • Avoid makeshift solutions by focusing on target state requirements, but don’t forget about the basic user needs. These can often be neglected because one party assumes that the other already knows about them.
    • The SOP guide should provide your BAs with a shortlist of recommended/mandated elicitation techniques based on business scenarios (examples in this section). Your SOP should also suggest the order in which BAs use the techniques for initial elicitation. Generally, document review comes first, followed by group, individual, and observational techniques.

    Elicitation is an iterative process – requirements should be refined in successive steps. If you need more information in the analysis phases, don’t be afraid to go back and conduct more elicitation.

    Understand different elicitation techniques

    2.1.1 – 1 hour

    Input
    • Elicitation techniques
    Output
    • Elicitation technique assessment
    Materials
    • Whiteboard
    • Markers
    • Paper
    Participants
    • BAs
    1. For this exercise, review the following elicitation techniques: observation, document review, surveys, focus groups, and interviews. Use the material in the next slides to brainstorm around the following questions:
      1. What types of information can the technique be used to collect?
      2. Why would you use this technique over others?
      3. How will you prepare to use the technique?
      4. How will you document the technique?
      5. Is this technique suitable for all projects?
      6. When wouldn’t you use it?
    2. Have each group present their findings from the brainstorming to the group.

    Document any changes to the elicitation techniques in section 4.0 of the Requirements Gathering SOP and BA Playbook.

    Understand different elicitation techniques – Interviews

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Structured One-on-One Interview In a structured one-on-one interview, the BA has a fixed list of questions to ask the stakeholder and follows up where necessary. Structured interviews provide the opportunity to quickly home in on areas of concern that were identified during process mapping or group elicitation techniques. They should be employed with purpose, i.e. to receive specific stakeholder feedback on proposed requirements or to help identify systemic constraints. Generally speaking, they should be 30 minutes or less. Low Medium
    Unstructured One-on-One Interview In an unstructured one-on-one interview, the BA allows the conversation to flow free form. The BA may have broad themes to touch on but does not run down a specific question list. Unstructured interviews are most useful for initial elicitation, when brainstorming a draft list of potential requirements is paramount. Unstructured interviews work best with senior stakeholders (sponsors or power users), since they can be time consuming if they’re applied to a large sample size. It’s important for BAs not to stifle open dialogue and allow the participants to speak openly. They should be 60 minutes or less. Medium Low
    Info-Tech Insight

    Interviews should be used with high-value targets. Those who receive one-on-one face time can help generate good requirements, as well as allow effective communication around requirements at a later point (i.e. during the analysis and validation phases).

    Understand the diverse approaches for interviews

    Use a clear interview approach to guide the preparation, facilitation styles, participants, and interview schedules you manage for a specific project.

    Depending on your stakeholder audience and interview objectives, apply one or more of the following approaches to interviews.

    Interview Approaches

    • Unstructured
    • Semi-structured
    • Structured

    The Benefits of Interviews

    Fosters direct engagement

    IT is able to hear directly from stakeholders about what they are looking to do with a solution and the level of functionality that they expect from it.

    Offers greater detail

    With interviews, a greater degree of insight can be gained by leveraging information that wouldn’t be collected through traditional surveys. Face-to-face interactions provide thorough answers and context that helps inform requirements.

    Removes ambiguity

    Face-to-face interactions allow opportunities for follow-up around ambiguous answers. Clarify what stakeholders are looking for and expect in a project.

    Enables stakeholder management

    Interviews are a direct line of communication with a project stakeholder. They provide input and insight, and help to maintain alignment, plan next steps, and increase awareness within the IT organization.

    Select an interview structure based on project objectives and staff types

    Consider stakeholder types and characteristics, in conjunction with the best way to maximize time, when selecting which of the three interview structures to leverage during the elicitation phase of requirements gathering.

    Structured Interviews

    • Interviews conducted using this structure are modelled after the typical Q&A session.
    • The interviewer asks the participant a variety of closed-ended questions.
    • The participant’s response is limited to the scope of the question.

    Semi-Structured Interviews

    • The interviewer may prepare a guide, but it acts as more of an outline.
    • The goal of the interview is to foster and develop conversation.
    • Participants have the ability to answer questions on broad topics without compromising the initial guide.

    Unstructured Interviews

    • The interviewer may have a general interview guide filled with open-ended questions.
    • The objective of the questions is to promote discussion.
    • Participants may discuss broader themes and topics.

    Select the best interview approach

    Review the following questions to determine what interview structure you should utilize. If you answer the question with “Yes,” then follow the corresponding recommendations for the interview elements.

    Question Structure Type Facilitation Technique # of Participants
    Do you have to interview multiple participants at once because of time constraints? Semi-structured Discussion 1+
    Does the business or stakeholders want you to ask specific questions? Structured Q&A 1
    Have you already tried an unsuccessful survey to gather information? Semi-structured Discussion 1+
    Are you utilizing interviews to understand the area? Unstructured Discussion 1+
    Do you need to gather requirements for an immediate project? Structured Q&A 1+

    Decisions to make for interviews

    Interviews should be used with high-value targets. Those who receive one-on-one face time can help generate good requirements and allow for effective communication around requirements during the analysis and validation stages.

    Who to engage?

    • Individuals with an understanding of the project scope, constraints and considerations, and high-level objectives.
    • Project stakeholders from across different functional units to solicit a varied set of requirement inputs.

    How to engage?

    • Approach selected interview candidate(s) with a verbal invitation to participate in the requirements gathering process for [Project X].
    • Take the initiative to book time in the candidate’s calendar. Include in your calendar invitation a description of the preparation required for the interview, the anticipated outputs, and a brief timeline agenda for the interview itself.

    How to drive participant engagement?

    • Use introductory interview questions to better familiarize yourself with the interviewee and to create an environment in which the individual feels welcome and at ease.
    • Once acclimatized, ensure that you hold the attention of the interviewee by providing further probing, yet applicable, interview questions.

    Manage each point of the interaction in the interview process

    Interviews generally follow the same workflow regardless of which structure you select. You must manage the process to ensure that the interview runs smoothly and results in an effective gathering requirements process.

    1. Prep Schedule
      • Recommended Actions
        • Send an email with a proposed date and time for the meeting.
        • Include an overview of what you will be discussing.
        • Mention if other people will be joining (if group interview).
    2. Meeting Opening
      • Recommended Actions
        • Provide context around the meeting’s purpose and primary focal points.
        • Let interviewee(s) know how long the interview will last.
        • Ask if they have any blockers that may cause the meeting to end early.
    3. Meeting Discussion
      • Recommended Actions
        • Ask questions and facilitate discussion in accordance with the structure you have selected.
        • Ensure that the meeting’s dialogue is being either recorded using written notes (if possible) or a voice recorder.
    4. Meeting Wrap-Up
      • Recommended Actions
        • Provide a summary of the big findings and what was agreed upon.
        • Outline next steps or anything else you will require from the participant.
        • Let the interviewee(s) know that you will follow up with interview notes, and will require feedback from them.
    5. Meeting Follow-Up
      • Recommended Actions
        • Send an overview of what was covered and agreed upon during the interview.
        • Show the mock-ups of your work based on the interview, and solicit feedback.
        • Give the interviewee(s) the opportunity to review your notes or recording and add value where needed.

    Solve the problem before it occurs with interview troubleshooting techniques

    The interview process may grind to a halt due to challenging situations. Below are common scenarios and corresponding troubleshooting techniques to get your interview back on track.

    Scenario Technique
    Quiet interviewee Begin all interviews by asking courteous and welcoming questions. This technique will warm the interviewee up and make them feel more comfortable. Ask prompting questions during periods of silence in the interview. Take note of the answers provided by the interviewee in your interview guide, along with observations and impact statements that occur throughout the duration of the interview process.
    Disgruntled interviewee Avoid creating a hostile environment by eliminating the interviewee’s perception that you are choosing to focus on issues that the interviewee feels will not be resolved. Ask questions to contextualize the issue. For example, ask why they feel a particular way about the issue, and determine whether they have valid concerns that you can resolve.
    Interviewee has issues articulating their answer Encourage the interviewee to use a whiteboard or pen and paper to kick start their thought process. Make sure you book a room with these resources readily available.

    Understand different elicitation techniques – Observation

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Casual Observation The process of observing stakeholders performing tasks where the stakeholders are unaware they are being observed. Capture true behavior through observation of stakeholders performing tasks without informing them they are being observed. This information can be valuable for mapping business process; however, it is difficult to isolate the core business activities from unnecessary actions. Low Medium
    Formal Observation The process of observing stakeholders performing tasks where the stakeholders are aware they are being observed. Formal observation allows BAs to isolate and study the core activities in a business process because the stakeholder is aware they are being observed. Stakeholders may become distrusting of the BA and modify their behavior if they feel their job responsibilities or job security are at risk Low Medium

    Info-Tech Insight

    Observing stakeholders does not uncover any information about the target state. Be sure to use contextual observation in conjunction with other techniques to discover the target state.

    Understand different elicitation techniques – Surveys

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Closed-Response Survey A survey that has fixed responses for each answer. A Likert-scale (or similar measures) can be used to have respondents evaluate and prioritize possible requirements. Closed response surveys can be sent to large groups and used to quickly gauge user interest in different functional areas. They are easy for users to fill out and don’t require a high investment of time. However, their main deficit is that they are likely to miss novel requirements not listed. As such, closed response surveys are best used after initial elicitation or brainstorming to validate feature groups. Low Medium
    Open-Response Survey A survey that has open-ended response fields. Questions are fixed, but respondents are free to populate the field in their own words. Open-response surveys take longer to fill out than closed, but can garner deeper insights. Open-response surveys are a useful supplement (and occasionally replacement) for group elicitation techniques, like focus groups, when you need to receive an initial list of requirements from a broad cross-section of stakeholders. Their primary shortcoming is the analyst can’t immediately follow up on interesting points. However, they are particularly useful for reaching stakeholders who are unavailable for individual one-on-ones or group meetings. Low Medium

    Info-Tech Insight

    Surveys can be useful mechanisms for initial drafting of raw requirements (open-response) and gauging user interest in proposed requirements or feature sets (closed-response). However, they should not be the sole focus of your elicitation program due to lack of interactivity and two-way dialogue with the BA.

    Be aware: Know the implications of leveraging surveys

    What are surveys?

    Surveys take a sample population’s written responses for data collection. Survey respondents can identify themselves or choose to remain anonymous. Anonymity removes the fear of repercussions for giving critical responses to sensitive topics.

    Who needs to be involved?

    Participants of a survey include the survey writer, respondent(s), and results compiler. There is a moderate amount of work that comes from both the writer and compiler, with little work involved on the end of the respondent.

    What are the benefits?

    The main benefit of surveys is their ability to reach large population groups and segments without requiring personal interaction, thus saving money. Surveys are also very responsive and can be created and modified rapidly to address needs as they arise on an on-going basis.

    When is it best to employ a survey method?

    Surveys are most valuable when completed early in the requirements gathering stage.

    Intake and Scoping → Requirements Gathering → Solution Design → Development/ Procurement → Implementation/ Deployment

    When a project is announced, develop surveys to gauge what users consider must-have, should-have, and could-have requirements.

    Use surveys to profile the demand for specific requirements.

    It is often difficult to determine if requirements are must haves or should haves. Surveys are a strong method to assist in narrowing down a wide range of requirements.

    • If all survey respondents list the same requirement, then that requirement is a must have.
    • If no participants mention a requirement, then that requirement is not likely to be important to project success.
    • If the results are scattered, it could be that the organization is unsure of what is needed.

    Are surveys worth the time and effort? Most of the time.

    Surveys can generate insights. However, there are potential barriers:

    • Well-constructed surveys are difficult to make – asking the right questions without being too long.
    • Participants may not take surveys seriously, giving non-truthful or half-hearted answers.

    Surveys should only be done if the above barriers can easily be overcome.

    Scenario: Survey used to gather potential requirements

    Scenario

    There is an unclear picture of the business needs and functional requirements for a solution.

    Survey Approach

    Use open-ended questions to allow respondents to propose requirements they see as necessary.

    Sample questions

    • What do you believe _______ (project) should include to be successful?
    • How can _______ (project) be best made for you?
    • What do you like/dislike about ________ (process that the project will address)?

    What to do with your results

    Take a step back

    If you are using surveys to elicit a large number of requirements, there is probably a lack of clear scope and vision. Focus on scope clarification. Joint development sessions are a great technique for defining your scope with SMEs.

    Moving ahead

    • Create additional surveys. Additional surveys can help narrow down the large list of requirements. This process can be reiterated until there is a manageable number of requirements.
    • Move onto interviews. Speak directly with the users to get a grasp of the importance of the requirements taken from surveys.

    Employ survey design best practices

    Proper survey design determines how valuable the responses will be. Review survey principles released by the University of Wisconsin-Madison.

    Provide context

    Include enough detail to contextualize questions to the employee’s job duties.

    Where necessary:

    • Include conditions
    • Timeline considerations
    • Additional pertinent details

    Give clear instructions

    When introducing a question identify if it should be answered by giving one answer, multiple answers, or a ranking of answers.

    Avoid IT jargon

    Ensure the survey’s language is easily understood.

    When surveying colleagues from the business use their own terms, not IT’s.

    E.g. laptops vs. hardware

    Saying “laptops” is more detailed and is a universal term.

    Use ranges

    Recommended:

    In a month your Outlook fails:

    • 1-3 times
    • 4-7 times
    • 7+ times

    Not Recommended:

    Your Outlook fails:

    • Almost never
    • Infrequently
    • Frequently
    • Almost always

    Keep surveys short

    Improve responses and maintain stakeholder interest by only including relevant questions that have corresponding actions.

    Recommended: Keep surveys to ten or less prompts.

    Scenario: Survey used to narrow down requirements

    Scenario

    There is a large list of requirements and the business is unsure of which ones to further pursue.

    Survey Approach

    Use closed-ended questions to give degrees of importance and rank requirements.

    Sample questions

    • How often do you need _____ (requirement)?
      • 1-3 times a week; 4-6 times a week; 7+ times a week
    • Given the five listed requirements below, rank each requirement in order of importance, with 1 being the most important and 5 being the least important.
    • On a scale from 1-5, how important is ________ (requirement)?
      • 1 – Not important at all; 2 – Would provide minimal benefit; 3 – Would be nice to have; 4 – Would provide substantial benefit; 5 – Crucial to success

    What to do with your results

    Determine which requirements to further explore

    Avoid simply aggregating average importance and using the highest average as the number-one priority. Group the highest average importance requirements to be further explored with other elicitation techniques.

    Moving ahead

    The group of highly important requirements needs to be further explored during interviews, joint development sessions, and rapid development sessions.

    Scenario: Survey used to discover crucial hidden requirements

    Scenario

    The business wanted a closer look into a specific process to determine if the project could be improved to better address process issues.

    Survey Approach

    Use open-ended questions to allow employees to articulate very specific details of a process.

    Sample questions

    • While doing ________ (process/activity), what part is the most frustrating to accomplish? Why?
    • Is there any part of ________ (process/activity) that you feel does not add value? Why?
    • How would you improve _________ (process/activity)?

    What to do with your results

    Set up prototyping

    Prototype a portion with the new requirement to see if it meets the user’s needs. Joint application development and rapid development sessions pair developers and users together to collaboratively build a solution.

    Next steps

    • Use interviews to begin solution mapping. Speak to SMEs and the users that the requirement would affect. Understand how to properly incorporate the discovered requirement(s) into the solution.
    • Create user stories. User stories allow developers to step into the shoes of the users. Document the user’s requirement desires and their reason for wanting it. Give those user stories to the developers.

    Explore mediums for survey delivery

    Online

    Free online surveys offer quick survey templates but may lack customization. Paid options include customizable features. Studies show that most participants find web-based surveys more appealing, as web surveys tend to have a higher rate of completion.

    Potential Services (Not a comprehensive list)

    SurveyMonkey – free and paid options

    Good Forms – free options

    Ideal for:

    • Low complexity surveys
    • High complexity surveys
    • Quick responses
    • Low cost (free survey options)

    Paper

    Paper surveys offer complete customizability. However, paper surveys take longer to distribute and record, and are also more expensive to administer.

    Ideal for:

    • Low complexity surveys
    • High complexity surveys
    • Quick responses
    • Low cost

    Internally-developed

    Internally-developed surveys can be distributed via the intranet or email. Internal surveys offer the most customization. Cost is the creator’s time, but cost can be saved on distribution versus paper and paid online surveys.

    Ideal for:

    • Low complexity surveys
    • High complexity surveys
    • Quick responses
    • Low cost (if created quickly)

    Understand different elicitation techniques – Focus Groups

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Focus Group Focus groups are sessions held between a small group (typically ten individuals or less) and an experienced facilitator who leads the conversation in a productive direction. Focus groups are highly effective for initial requirements brainstorming. The best practice is to structure them in a cross-functional manner to ensure multiple viewpoints are represented, and the conversation doesn’t become dominated by one particular individual. Facilitators must be wary of groupthink in these meetings (i.e. the tendency to converge on a single POV). Medium Medium
    Workshop Workshops are larger sessions (typically ten people or more) that are led by a facilitator, and are dependent on targeted exercises. Workshops may be occasionally decomposed into smaller group sessions. Workshops are highly versatile: they can be used for initial brainstorming, requirement prioritization, constraint identification, and business process mapping. Typically, the facilitator will use exercises or activities (such as whiteboarding, sticky note prioritization, role-playing, etc.) to get participants to share and evaluate sets of requirements. The main downside to workshops is a high time commitment from both stakeholders and the BA. Medium High

    Info-Tech Insight

    Group elicitation techniques are most useful for gathering a wide spectrum of requirements from a broad group of stakeholders. Individual or observational techniques are typically needed for further follow-up and in-depth analysis with critical power users or sponsors.

    Conduct focus groups and workshops

    There are two specific types of group interviews that can be utilized to elicit requirements: focus groups and workshops. Understand each type’s strengths and weaknesses to determine which is better to use in certain situations.

    Focus Groups Workshops
    Description
    • Small groups are encouraged to speak openly about topics with guidance from a facilitator.
    • Larger groups are led by a facilitator to complete target exercises that promote hands-on learning.
    Strengths
    • Highly effective for initial requirements brainstorming.
    • Insights can be explored in depth.
    • Any part of the requirements gathering process can be done in a workshop.
    • Use of activities can increase the learning beyond simple discussions.
    Weaknesses
    • Loudest voice in the room can induce groupthink.
    • Discussion can easily veer off topic.
    • Extremely difficult to bring together such a large group for extended periods of time.
    Facilitation Guidance
    • Make sure the group is structured in a cross-functional manner to ensure multiple viewpoints are represented.
    • If the group is too large, break the members into smaller groups. Try putting together members who would not usually interact.

    Solution mapping and joint review sessions should be used for high-touch, high-rigor BPM-centric projects

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Solution Mapping Session A one-on-one session to outline business processes. BPM methods are used to write possible target states for the solution on a whiteboard and to engineer requirements based on steps in the model. Solution mapping should be done with technically savvy stakeholders with a firm understanding of BPM methodologies and nomenclature. Generally, this type of elicitation method should be done with stakeholders who participated in tier one elicitation techniques who can assist with reverse-engineering business models into requirement lists. Medium Medium
    Joint Requirements Review Session This elicitation method is sometimes used as a last step prior to moving to formal requirements analysis. During the review session, the rough list of requirements is vetted and confirmed with stakeholders. A one-on-one (or small group) requirements review session gives your BAs the opportunity to ensure that what was recorded/transcribed during previous one-on-ones (or group elicitation sessions) is materially accurate and representative of the intent of the stakeholder. This elicitation step allows you to do a preliminary clean up of the requirements list before entering the formal analysis phase. Low Low

    Info-Tech Insight

    Solution mapping and joint requirements review sessions are more advanced elicitation techniques that should be employed after preliminary techniques have been utilized. They should be reserved for technically sophisticated, high-value stakeholders.

    Interactive whiteboarding and joint development sessions should be leveraged for high-rigor BPM-based projects

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Interactive White- boarding A group session where either a) requirements are converted to BPM diagrams and process flows, or b) these flows are reverse engineered to distil requirement sets. While the focus of workshops and focus groups is more on direct requirements elicitation, interactive whiteboarding sessions are used to assist with creating initial solution maps (or reverse engineering proposed solutions into requirements). By bringing stakeholders into the process, the BA benefits from a greater depth of experience and access to SMEs. Medium Medium
    Joint Application Development (JAD) JAD sessions pair end-user teams together with developers (and BA facilitators) to collect requirements and begin mapping and developing prototypes directly on the spot. JAD sessions fit well with organizations that use Agile processes. They are particularly useful when the overall project scope is ambiguous; they can be used for project scoping, requirements definition, and initial prototyping. JAD techniques are heavily dependent on having SMEs in the room – they should preference knowledge power users over the “rank and file.” High High

    Info-Tech Insight

    Interactive whiteboarding should be heavily BPM-centric, creating models that link requirements to specific workflow activities. Joint development sessions are time-consuming but create greater cohesion and understanding between BAs, developers, and SMEs.

    Rapid application development sessions add some Agile aspects to requirements elicitation

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Rapid Application Development A form of prototyping, RAD sessions are akin to joint development sessions but with greater emphasis on back-and-forth mock-ups of the proposed solution. RAD sessions are highly iterative – requirements are gathered in sessions, developers create prototypes offline, and the results are validated by stakeholders in the next meeting. This approach should only be employed in highly Agile-centric environments. High High

    For more information specific to using the Agile development methodology, refer to the project blueprint Implement Agile Practices That Work.

    The role of the BA differs with an Agile approach to requirements gathering. A traditional BA is a subset of the Agile BA, who typically serves as product owner. Agile BAs have elevated responsibilities that include bridging communication between stakeholders and developers, prioritizing and detailing the requirements, and testing solutions.

    Overview of JAD and RDS techniques (Part 1)

    Use the following slides to gain a thorough understanding of both JAD and rapid development sessions (RDS) to decide which fits your project best.

    Joint Application Development Rapid Development Sessions
    Description JAD pairs end users and developers with a facilitator to collect requirements and begin solution mapping to create an initial prototype. RDS is an advanced approach to JAD. After an initial meeting, prototypes are developed and validated by stakeholders. Improvements are suggested by stakeholders and another prototype is created. This process is iterated until a complete solution is created.
    Who is involved? End users, SMEs, developers, and a facilitator (you).
    Who should use this technique? JAD is best employed in an Agile organization. Agile organizations can take advantage of the high amount of collaboration involved. RDS requires a more Agile organization that can effectively and efficiently handle impromptu meetings to improve iterations.
    Time/effort versus value JAD is a time/effort-intensive activity, requiring different parties at the same time. However, the value is well worth it. JAD provides clarity for the project’s scope, justifies the requirements gathered, and could result in an initial prototype. RDS is even more time/effort intensive than JAD. While it is more resource intensive, the reward is a more quickly developed full solution that is more customized with fewer bugs.

    Overview of JAD and RDS techniques (Part 2)

    Joint Application Development

    Timeline

    Projects that use JAD should not expect dramatically quicker solution development. JAD is a thorough look at the elicitation process to make sure that the right requirements are found for the final solution’s needs. If done well, JAD eliminates rework.

    Engagement

    Employees vary in their project engagement. Certain employees leverage JAD because they care about the solution. Others are asked for their expertise (SMEs) or because they perform the process often and understand it well.

    Implications

    JAD’s thorough process guarantees that requirements gathering is done well.

    • All requirements map back to the scope.
    • SMEs are consulted throughout the duration of the process.
    • Prototyping is only done after final solution mapping is complete.

    Rapid Development Sessions

    Timeline

    Projects that use RDS can either expect quicker or slower requirements gathering depending on the quality of iteration. If each iteration solves a requirement issue, then one can expect that the solution will be developed fairly rapidly. If the iterations fail to meet requirements the process will be quite lengthy.

    Engagement

    Employees doing RDS are typically very engaged in the project and play a large role in helping to create the solution.

    Implications

    RDS success is tied to the organization’s ability to collaborate. Strong collaboration will lead to:

    • Fewer bugs as they are eliminated in each iteration.
    • A solution that is highly customized to meet the user’s needs.

    Poor collaboration will lead to RDS losing its full value.

    When is it best to use JAD?

    JAD is best employed in an Agile organization for application development and selection. This technique best serves relatively complicated, large-scale projects that require rapid or sequential iterations on a prototype or solution as a part of requirements gathering elicitation. JAD effectuates each step in the elicitation process well, from initial elicitation to narrowing down requirements.

    When tackling a project type you’ve never attempted

    Most requirement gathering professionals will use their experience with project type standards to establish key requirements. Avoid only relying on standards when tackling a new project type. Apply JAD’s structured approach to a new project type to be thorough during the elicitation phase.

    In tandem with other elicitation techniques

    While JAD is an overarching requirements elicitation technique, it should not be the only one used. Combine the strengths of other elicitation techniques for the best results.

    When is it best to use RDS?

    RDS is best utilized when one, but preferably both, of the below criteria is met.

    When the scope of the project is small to medium sized

    RDS’ strengths lie in being able to tailor-make certain aspects of the solution. If the solution is too large, tailor-made sections are impossible as multiple user groups have different needs or there is insufficient resources. When a project is small to medium sized, developers can take the time to custom make sections for a specific user group.

    When most development resources are readily available

    RDS requires developers spending a large amount of time with users, leaving less time for development. Having developers at the ready to take on users’ improvement maintains the effectiveness of RDS. If the same developer who speaks to users develops the entire iteration, the process would be slowed down dramatically, losing effectiveness.

    Techniques to compliment JAD/RDS

    1. Unstructured conversations

    JAD relies on unstructured conversations to clarify scope, gain insights, and discuss prototyping. However, a structure must exist to guarantee that all topics are discussed and meetings are not wasted.

    2. Solution mapping and interactive white-boarding

    JAD often involves visually illustrating how high-level concepts connect as well as prototypes. Use solution mapping and interactive whiteboarding to help users and participants better understand the solution.

    3. Focus groups

    Having a group development session provides all the benefits of focus groups while reducing time spent in the typically time-intensive JAD process.

    Plan how you will execute JAD

    Before the meeting

    1. Prepare for the meeting

    Email all parties a meeting overview of topics that will be discussed.

    During the meeting

    2. Discussion

    • Facilitate the conversation according to what is needed (e.g. skip scope clarification if it is already well defined).
    • Leverage solution mapping and other visual aids to appeal to all users.
    • Confirm with SMEs that requirements will meet the users’ needs.
    • Discuss initial prototyping.

    After the meeting

    3. Wrap-up

    • Provide a key findings summary and set of agreements.
    • Outline next steps for all parties.

    4. Follow-up

    • Send the mock-up of any agreed upon prototype(s).
    • Schedule future meetings to continue prototyping.

    JAD provides a detail-oriented view into the elicitation process. As a facilitator, take detailed notes to maximize the outputs of JAD.

    Plan how you will execute RDS

    Before the meeting

    1. Prepare for the meeting

    • Email all parties a meeting overview.
    • Ask employees and developers to bring their vision of the solution, regardless of its level of detail.

    During the meeting

    2. Hold the discussion

    • Facilitate the conversation according to what is needed (e.g. skip scope clarification if already well defined).
    • Have both parties explain their visions for the solution.
    • Talk about initial prototype and current iteration.

    After the meeting

    3. Wrap-up

    • Provide a key findings summary and agreements.
    • Outline next steps for all parties.

    4. Follow-up

    • Send the mock-up of any agreed upon prototype(s).
    • Schedule future meeting to continue prototyping.

    RDS is best done in quick succession. Keep in constant contact with both employees and developers to maintain positive momentum from a successful iteration improvement.

    Develop a tailored facilitation guide for JAD and RDS

    JAD/RDS are both collaborative activities, and as with all group activities, issues are bound to arise. Be proactive and resolve issues using the following guidelines.

    Scenario Technique
    Employee and developer visions for the solution don’t match up Focus on what both solutions have in common first to dissolve any tension. Next, understand the reason why both parties have differences. Was it a difference in assumptions? Difference in what is a requirement? Once the answer has been determined, work on bridging the gaps. If there is no resolution, appoint a credible authority (or yourself) to become the final decision maker.
    Employee has difficulty understanding the technical aspect of the developer’s solution Translate the developer’s technical terms into a language that the employee understands. Encourage the employee to ask questions to further their understanding.
    Employee was told that their requirement or proposed solution is not feasible Have a high-level member of the development team explain how the requirement/solution is not feasible. If it’s possible, tell the employee that the requirement can be done in a future release and keep them updated.

    Harvest documentation from past projects to uncover reusable requirements

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Legacy System Manuals The process of reviewing documentation and manuals associated with legacy systems to identify constraints and exact requirements for reuse. Reviewing legacy systems and accompanying documentation is an excellent way to gain a preliminary understanding of the requirements for the upcoming application. Be careful not to overly rely on requirements from legacy systems; if legacy systems have a feature set up one way, this does not mean it should be set up the same way on the upcoming application. If an upcoming application must interact with other systems, it is ideal to understand the integration points early. None High
    Historical Projects The process of reviewing documentation from historical projects to extract reusable requirements. Previous project documentation can be a great source of information and historical lessons learned. Unfortunately, historical projects may not be well documented. Historical mining can save a great deal of time; however, the fact that it was done historically does not mean that it was done properly. None High

    Info-Tech Insight

    Document mining is a laborious process, and as the term “mining” suggests the yield will vary. Regardless of the outcome, document mining must be performed and should be viewed as an investment in the requirements gathering process.

    Extract internal and external constraints from business rules, policies, and glossaries

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Rules The process of extracting business logic from pre-existing business rules (e.g. explicit or implied workflows). Stakeholders may not be fully aware of all of the business rules or the underlying rationale for the rules. Unfortunately, business rule documents can be lengthy and the number of rules relevant to the project will vary. None High
    Glossary The process of extracting terminology and definitions from glossaries. Terminology and definitions do not directly lead to the generation of requirements. However, reviewing glossaries will allow BAs to better understand domain SMEs and interpret their requirements. None High
    Policy The process of extracting business logic from business policy documents (e.g. security policy and acceptable use). Stakeholders may not be fully aware of the different policies or the underlying rationale for why they were created. Going directly to the source is an excellent way to identify constraints and requirements. Unfortunately, policies can be lengthy and the number of items relevant to the project will vary. None High

    Info-Tech Insight

    Document mining should be the first type of elicitation activity that is conducted because it allows the BA to become familiar with organizational terminology and processes. As a result, the stakeholder facing elicitation sessions will be more productive.

    Review the different types of formal documentation (Part 1)

    1. Glossary

    Extract terminology and definitions from glossaries. A glossary is an excellent source to understand the terminology that SMEs will use.

    2. Policy

    Pull business logic from policy documents (e.g. security policy and acceptable use). Policies generally have mandatory requirements for projects, such as standard compliance requirements.

    3. Rules

    Review and reuse business logic that comes from pre-existing rules (e.g. explicit or implied workflows). Like policies, rules often have mandatory requirements or at least will require significant change for something to no longer be a requirement.

    Review the different types of formal documentation (Part 2)

    4. Legacy System

    Review documents and manuals of legacy systems, and identify reusable constraints and requirements. Benefits include:

    • Gain a preliminary understanding of general organizational requirements.
    • Ease of solution integration with the legacy system if needed.

    Remember to not use all of the basic requirements of a legacy system. Always strive to find a better, more productive solution.

    5. Historical Projects

    Review documents from historical projects to extract reusable requirements. Lessons learned from the company’s previous projects are more applicable than case studies. While historical projects can be of great use, consider that previous projects may not be well documented.

    Drive business alignment as an output from documentation review

    Project managers frequently state that aligning projects to the business goals is a key objective of effective project management; however, it is rarely carried out throughout the project itself. This gap is often due to a lack of understanding around how to create true alignment between individual projects and the business needs.

    Use company-released statements and reports

    Extract business wants and needs from official statements and reports (e.g. press releases, yearly reports). Statements and reports outline where the organization wants to go which helps to unearth relevant project requirements.

    Ask yourself, does the project align to the business?

    Documented requirements should always align with the scope of the project and the business objectives. Refer back frequently to your set of gathered requirements to check if they are properly aligned and ensure the project is not veering away from the original scope and business objectives.

    Don’t just read for the sake of reading

    The largest problem with documentation review is that requirements gathering professionals do it for the sake of saying they did it. As a result, projects often go off course due to not aligning to business objectives following the review sessions.

    • When reading a document, take notes to avoid projects going over time and budget and business dissatisfaction. Document your notes and schedule time to review the set of complete notes with your team following the individual documentation review.

    Select elicitation techniques that match the elicitation scenario

    There is a time and place for each technique. Don’t become too reliant on the same ones. Diversify your approach based on the elicitation goal.

    A chart showing Elicitation Scenarios and Techniques, with each marked for their efficacy.

    This table shows the relative strengths and weaknesses of each elicitation technique compared against the five basic elicitation scenarios.

    A typical project will encounter most of the elicitation scenarios. Therefore, it is important to utilize a healthy mix of techniques to optimize effectiveness.

    Very Strong = Very Effective

    Strong = Effective

    Medium = Somewhat Effective

    Weak = Minimally Effective

    Very Weak = Not Effective

    Record the approved elicitation techniques that your BAs should use

    2.1.2 – 30 minutes

    Input
    • Approved elicitation techniques
    Output
    • Execution procedure
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders
    • BAs

    Record the approved elicitation methods and best practices for each technique in the SOP.

    Identify which techniques should be utilized with the different stakeholder classes.

    Segment the different techniques based by project complexity level.

    Use the following chart to record the approved techniques.

    Stakeholder L1 Projects L2 Projects L3 Projects L4 Projects
    Senior Management Structured Interviews
    Project Sponsor Unstructured Interviews
    SME (Business) Focus Groups Unstructured Interviews
    Functional Manager Focus Groups Structured Interviews
    End Users Surveys; Focus Groups; Follow-Up Interviews; Observational Techniques

    Document the output from this exercise in section 4.0 of the Requirements Gathering SOP and BA Playbook.

    Confirm initial elicitation notes with stakeholders

    Open lines of communication with stakeholders and keep them involved in the requirements gathering process; confirm the initial elicitation before proceeding.

    Confirming the notes from the elicitation session with stakeholders will result in three benefits:

    1. Simple miscommunications can compound and result in costly rework if they aren’t caught early. Providing stakeholders with a copy of notes from the elicitation session will eliminate issues before they manifest themselves in the project.
    2. Stakeholders often require an absorption period after elicitation sessions to reflect on the meeting. Following up with stakeholders gives them an opportunity to clarify, enhance, or change their responses.
    3. Stakeholders will become disinterested in the project (and potentially the finished application) if their involvement in the project ends after elicitation. Confirming the notes from elicitation keeps them involved in the process and transitions stakeholders into the analysis phase.

    This is the Confirm stage of the Confirm, Verify, Approve process.

    “Are these notes accurate and complete?”

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1 Understand the different elicitation techniques

    An analyst will walk you through the different elicitation techniques including observations, document reviews, surveys, focus groups, and interviews, and highlight the level of effort required for each.

    2.1.2 Select and record the approved elicitation techniques

    An analyst will facilitate the discussion to determine which techniques should be utilized with the different stakeholder classes.

    Step 2.2: Structure Elicitation Output

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Build use-case models.
    • Practice using elicitation techniques with business stakeholders to build use-case models.
    • Practice leveraging user stories to convey requirements.
    This step involves the following participants:
    • BAs
    • Business stakeholders
    Outcomes of this step
    • Understand the value of use-case models for requirements gathering.
    • Practice different techniques for building use-case models with stakeholders.

    Record and capture requirements in solution-oriented formats

    Unstructured notes for each requirement are difficult to manage and create ambiguity. Using solution-oriented formats during elicitation sessions ensures that the content can be digested by IT and business users.

    This table shows common solution-oriented formats for recording requirements. Determine which formats the development team and BAs are comfortable using and create a list of acceptable formats to use in projects.

    Format Description Examples
    Behavior Diagrams These diagrams describe what must happen in the system. Business Process Models, Swim Lane Diagram, Use Case Diagram
    Interaction Diagrams These diagrams describe the flow and control of data within a system. Sequence Diagrams, Entity Diagrams
    Stories These text-based representations take the perspective of a user and describe the activities and benefits of a process. Scenarios, User Stories

    Info-Tech Insight

    Business process modeling is an excellent way to visually represent intricate processes for both IT and business users. For complex projects with high business significance, business process modeling is the best way to capture requirements and create transformational gains.

    Use cases give projects direction and guidance from the business perspective

    Use Case Creation Process

    Define Use Cases for Each Stakeholder

    • Each stakeholder may have different uses for the same solution. Identify all possible use cases attributed to the stakeholders.
    • All use cases are possible test case scenarios.

    Define Applications for Each Use Case

    • Applications are the engines behind the use cases. Defining the applications to satisfy use cases will pinpoint the areas where development or procurement is necessary.

    Consider the following guidelines:

    1. Don’t involve systems in the use cases. Use cases just identify the key end-user interaction points that the proposed solution is supposed to cover.
    2. Some use cases are dependent on other use cases or multiple stakeholders may be involved in a single use case. Depending on the availability of these use cases, they can either be all identified up front (Waterfall) or created at various iterations (Agile).
    3. Consider the enterprise architecture perspective. Existing enterprise architecture designs can provide a foundation of current requirement mappings and system structure. Reuse these resources to reduce efforts.
    4. Avoid developing use cases in isolation. Reusability is key in reducing designing efforts. By involving multiple departments, requirement clashes can be avoided and the likelihood of reusability increases.

    Develop practical use cases to help drive the development effort in the right direction

    Evaluating the practicality and likelihood of use cases is just as important as developing them.

    Use cases can conflict with each other. In certain situations, specific requirements of these use cases may clash with one another even though they are functionally sound. Evaluate use-case requirements and determine how they satisfy the overall business need.

    Use cases are not necessarily isolated; they can be nested. Certain functionalities are dependent on the results of another action, often in a hierarchical fashion. By mapping out the expected workflows, BAs can determine the most appropriate way to implement.

    Use cases can be functionally implemented in many ways. There could be multiple ways to accomplish the same use case. Each of these needs to be documented so that functional testing and user documentation can be based on them.

    Nested Use Case Examples:

    Log Into Account ← Depends on (Nested) Ordering Products Online
    Enter username and password Complete order form
    Verify user is a real person Process order
    Send user forgotten password message Check user’s account
    Send order confirmation to user

    Build a use-case model

    2.2.1 – 45 minutes

    Input
    • Sub processes
    Output
    • Use case model
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders
    • BAs
    Demonstrate how to use elicitation techniques to build use cases for the project.
    1. Identify a sub-process to build the use-case model. Begin the exercise by giving a brief description of the purpose of the meeting.
    2. For each stakeholder, draw a stick figure on the board. Pose the question “If you need to do X, what is your first step?” Go through the process until the end goal and draw each step. Ensure that you capture triggers, causes, decision points, outcomes, tools, and interactions.
    3. Starting at the beginning of the diagram, go through each step again and check with stakeholders if the step can be broken down into more granular steps.
    4. Ask the stakeholder if there are any alternative flows that people use, or any exceptions to process steps. If there are, map these out on the board.
    5. Go back through each step and ask the stakeholder where the current process is causing them grief, and where modification should be made.
    6. Record this information in the Business Requirements Document Template.

    Build a use-case model

    2.2.1

    Example: Generate Letters

    Inspector: Log into system → Search for case → Identify recipient → Determine letter type → Print letter

    Admin: Receive letter from inspector → Package and mail letter

    Citizen: Receive letter from inspector

    Understand user stories and profiles

    What are they?

    User stories describe what requirement a user wants in the solution and why they want it. The end goal of a user story is to create a simple description of a requirement for developers.

    When to use them

    User stories should always be used in requirements gathering. User stories should be collected throughout the elicitation process. Try to recapture user stories as new project information is released to capture any changes in end-customer needs.

    What’s the benefit?

    User stories help capture target users, customers, and stakeholders. They also create a “face” for individual user requirements by providing user context. This detail enables IT leaders to associate goals and end objectives with each persona.

    Takeaway

    To better understand the characteristics driving user requirements, begin to map objectives to separate user personas that represent each of the project stakeholders.

    Are user stories worth the time and effort?

    Absolutely.

    A user’s wants and needs serve as a constant reminder to developers. Developers can use this information to focus on how a solution needs to accomplish a goal instead of only focusing on what goals need to be completed.

    Create customized user stories to guide or structure your elicitation output

    Instructions

    1. During surveys, interviews, and development sessions, ask participants the following questions:
      • What do you want from the solution?
      • Why do you want that?
    2. Separate the answer into an “I want to” and “So that” format.
      • For users who give multiple “I want to” and “So that” statements, separate them into their respective pairs.
    3. Place each story on a small card that can easily be given to developers.
    As a I want to So that Size Priority
    Developer Learn network and system constraints The churn between Operations and I will be reduced. 1 point Low

    Team member

    Increase the number of demonstrations I can achieve greater alignment with business stakeholders. 3 points High
    Product owner Implement a user story prioritization technique I can delegate stories in my product backlog to multiple Agile teams. 3 points Medium

    How to make an effective and compelling user story

    Keep your user stories short and impactful to ensure that they retain their impact.

    Follow a simple formula:

    As a [stakeholder title], I want to [one requirement] so that [reason for wanting that requirement].

    Use this template for all user stories. Other formats will undermine the point of a user story. Multiple requirements from a single user must be made into multiple stories and given to the appropriate developer. User stories should fit onto a sticky note or small card.

    Example

    As an: I want to: So that:
    Administrator Integrate with Excel File transfer won’t possibly lose information
    X Administrator Integrate with Excel and Word File transfer won’t possibly lose information

    While the difference between the two may be small, it would still undermine the effectiveness of a user story. Different developers may work on the integration of Excel or Word and may not receive this user story.

    Assign user stories a size and priority level

    Designate a size to user stories

    Size is an estimate of how many resources must be dedicated to accomplish the want. Assign a size to each user story to help determine resource allocation.

    Assign business priority to user stories

    Based on how important the requirement is to project success, assign each user story a rating of high, medium, or low. The priority given will dictate which requirements are completed first.

    Example:

    Scope: Design software to simplify financial reporting

    User Story Estimated Size Priority
    As an administrator, I want to integrate with Excel so that file transfer won’t possibly lose information. Low High
    As an administrator, I want to simplify graph construction so that I can more easily display information for stakeholders. High Medium

    Combine both size and priority to decide resource allocation. Low-size, high-priority tasks should always be done first.

    Group similar user stories together to create greater impact

    Group user stories that have the same requirement

    When collecting user stories, many will be centered around the same requirement. Group similar user stories together to show the need for that requirement’s inclusion in the solution.

    Even if it isn’t a must-have requirement, if the number of similar user stories is high enough, it would become the most important should-have requirement.

    Group together user stories such as these:
    As an I want So that
    Administrator To be able to create bar graphs Information can be more easily illustrated
    Accountant To be able to make pie charts Budget information can be visually represented

    Both user stories are about creating charts and would be developed similarly.

    Leave these user stories separate
    As an I want So that
    Administrator The program to auto-save Information won’t be lost during power outages
    Accountant To be able to save to SharePoint My colleagues can easily view and edit my work

    While both stories are about saving documents, the development of each feature is vastly different.

    Create customized user profiles

    User profiles are a way of grouping users based on a significant shared details (e.g. in the finance department, website user).

    Go beyond the user profile

    When creating the profile, consider more than the group’s name. Ask yourself the following questions:

    • What level of knowledge and expertise does this user profile have with this type of software?
    • How much will this user profile interact with the solution?
    • What degree of dependency will this user profile have on the solution?

    For example, if a user profile has low expertise but interacts and depends heavily on the program, a more thorough tutorial of the FAQ section is needed.

    Profiles put developers in user’s shoes

    Grouping users together helps developers put a face to the name. Developers can then more easily empathize with users and develop an end solution that is directly catered to their needs.

    Leverage group activities to break down user-story sizing techniques

    Work in groups to run through the following story-sizing activities.

    Planning Poker: This approach uses the Delphi method where members estimate the size of each user story by revealing numbered cards. These estimates are then discussed and agreed upon as a group.

    • Planning poker generates discussion about variances in estimates but dominant personalities may lead to biased results or groupthink.

    Team Sort: This approach can assist in expediting estimation when you are handling numerous user stories.

    • Bucket your user stories into sizes (e.g. extra-small, small, medium, large, and extra-large) based on an acceptable benchmark that may change from project to project.
    • Collaborate as a team to conclude the final size.
    • Next, translate these sizes into points.

    The graphic shows the two activities described, Planning Poker and Team Sort. In the Planning Poker image, 3 sets of cards are shown, with the numbers 13, 5, and 1 on the top of each set. At the bottom of the image are 7 cards, labelled with: 1, 2, 3, 5, 8, 13, 21. In the Team Sort section, there is an arrow pointing in both directions, representing a spectrum from XS to XL. Each size is assigned a point value: XS is 1; S is 3; M is 5; L is 10; and XL is 20. Cards with User Story # written on them are arranged along the spectrum.

    Create a product backlog to communicate business needs to development teams

    Use the product backlog to capture expected work and create a roadmap for the project by showing what requirements need to be delivered.

    How is the product owner involved?

    • The product owner is responsible for keeping in close contact with the end customer and making the appropriate changes to the product backlog as new ideas, insights, and impediments arise.
    • The product owner should have good communication with the team to make accurate changes to the product backlog depending on technical difficulties and needs for clarification.

    How do I create a product backlog?

    • Write requirements in user stories. Use the format: “As a (user role), I want (function) so that (benefit).” Identify end users and understand their needs.
    • Assign each requirement a priority. Decide which requirements are the most important to deliver. Ask yourself, “Which user story will create the most value?”

    What are the approaches to generate my backlog?

    • Team Brainstorming – The product owner, team, and scrum master work together to write and prioritize user stories in a single or a series of meetings.
    • Business Case – The product owner translates business cases into user stories as per the definition of “development ready.”

    Epics and Themes

    As you begin to take on larger projects, it may be advantageous to organize and group your user stories to simplify your release plan:

    • Epics are collections of similar user stories and are used to describe significant and large development initiatives.
    • Themes are collections of similar epics and are normally used to define high-level business objectives.

    To avoid confusion, the pilot product backlog will be solely composed of user stories.

    Example:

    Theme: Increase user exposure to corporate services through mobile devices
    Epic: Access corporate services through a mobile application Epic: Access corporate services through mobile website
    User Story: As a user, I want to find the closest office so that I can minimize travel time As a user, I want to find the closest office so that I can minimize travel time User Story: As a user, I want to submit a complaint so that I can improve company processes

    Simulate product backlog creation

    Overview

    Leverage Info-Tech’s Scrum Documentation Template, using the Backlog and Planning tab, to help walk you through this activity.

    Instructions

    1. Have your product owner describe the business objectives of the pilot project.
    2. Write the key business requirements as user stories.
    3. Based on your business value drivers, identify the business value of your user stories (high, medium, low).
    4. Have your team review the user stories and question the story’s value, priority, goal, and meaning.
    5. Break down the user stories if the feature or business goal is unclear or too large.
    6. Document the perceived business value of each user story, as well as the priority, goal, and meaning.

    Examples:

    As a citizen, I want to know about road construction so that I can save time when driving. Business Value: High

    As a customer, I want to find the nearest government office so that I can register for benefits. Business Value: Medium

    As a voter, I want to know what each candidate believes in so that I can make an informed decision. Business Value: High

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.2.1 Build use-case models

    An analyst will assist in demonstrating how to use elicitation techniques to build use-case models. The analyst will walk you through the table testing to visually map out and design process flows for each use case.

    Phase 3: Analyze and Validate Requirements

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Analyze and Validate Requirements

    Proposed Time to Completion: 1 week
    Step 3.1: Create Analysis Framework

    Start with an analyst kick off call:

    • Create policies for requirements categorization and prioritization.

    Then complete these activities…

    • Create functional requirements categories.
    • Consolidate similar requirements and eliminate redundancies.
    • Prioritize requirements.

    With these tools & templates:

    • Requirements Gathering Documentation Tool
    Step 3.2: Validate Business Requirements

    Review findings with analyst:

    • Establish best practices for validating the BRD with project stakeholders.

    Then complete these activities…

    • Right-size the BRD.
    • Present the BRD to business stakeholders.
    • Translate business requirements into technical requirements.
    • Identify testing opportunities.

    With these tools & templates:

    • Business Requirements Document Template
    • Requirements Gathering Testing Checklist

    Phase 3 Results & Insights:

    • Standardized frameworks for analysis and validation of business requirements

    Step 3.1: Create Analysis Framework

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Categorize requirements.
    • Eliminate redundant requirements.
    This step involves the following participants:
    • BAs
    Outcomes of this step
    • Prioritized requirements list.

    Analyze requirements to de-duplicate them, consolidate them – and most importantly – prioritize them!

    he image is the Requirements Gathering Framework, shown earlier. All parts of the framework are greyed-out, except for the arrow containing the word Analyze in the center of the image, with three bullet points beneath it that read: Organize; Prioritize; Verify

    The analysis phase is where requirements are compiled, categorized, and prioritized to make managing large volumes easier. Many organizations prematurely celebrate being finished the elicitation phase and do not perform adequate diligence in this phase; however, the analysis phase is crucial for a smooth transition into validation and application development or procurement.

    Categorize requirements to identify and highlight requirement relationships and dependencies

    Eliciting requirements is an important step in the process, but turning endless pages of notes into something meaningful to all stakeholders is the major challenge.

    Begin the analysis phase by categorizing requirements to make locating, reconciling, and managing them much easier. There are often complex relationships and dependencies among requirements that do not get noted or emphasized to the development team and as a result get overlooked.

    Typically, requirements are classified as functional and non-functional at the high level. Functional requirements specify WHAT the system or component needs to do and non-functional requirements explain HOW the system must behave.

    Examples

    Functional Requirement: The application must produce a sales report at the end of the month.

    Non-Functional Requirement: The report must be available within one minute after midnight (EST) of the last day of the month. The report will be available for five years after the report is produced. All numbers in the report will be displayed to two decimal places.

    Categorize requirements to identify and highlight requirement relationships and dependencies

    Further sub-categorization of requirements is necessary to realize the full benefit of categorization. Proficient BAs will even work backwards from the categories to drive the elicitation sessions. The categories used will depend on the type of project, but for categorizing non-functional requirements, the Volere Requirements Resources has created an exhaustive list of sub-categories.

    Requirements Category Elements

    Example

    Look & Feel Appearance, Style

    User Experience

    Usability & Humanity Ease of Use, Personalization, Internationalization, Learning, Understandability, Accessibility Language Support
    Performance Speed, Latency, Safety, Precision, Reliability, Availability, Robustness, Capacity, Scalability, Longevity Bandwidth
    Operational & Environmental Expected Physical Environment, Interfacing With Adjacent Systems, Productization, Release Heating and Cooling
    Maintainability & Support Maintenance, Supportability, Adaptability Warranty SLAs

    Security

    Access, Integrity, Privacy, Audit, Immunity Intrusion Prevention
    Cultural & Political Global Differentiation Different Statutory Holidays
    Legal Compliance, Standards Hosting Regulations

    What constitutes good requirements

    Complete – Expressed a whole idea or statement.

    Correct – Technically and legally possible.

    Clear – Unambiguous and not confusing.

    Verifiable – It can be determined that the system meets the requirement.

    Necessary – Should support one of the project goals.

    Feasible – Can be accomplished within cost and schedule.

    Prioritized – Tracked according to business need levels.

    Consistent – Not in conflict with other requirements.

    Traceable – Uniquely identified and tracked.

    Modular – Can be changed without excessive impact.

    Design-independent – Does not pose specific solutions on design.

    Create functional requirement categories

    3.1.1 – 1 hour

    Input
    • Activity 2.2.1
    Output
    • Requirements categories
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • BAs
    Practice the techniques for categorizing requirements.
    1. Divide the list of requirements that were elicited for the identified sub-process in exercise 2.2.1 among smaller groups.
    2. Have groups write the requirements on red, yellow, or green sticky notes, depending on the stakeholder’s level of influence.
    3. Along the top of the whiteboard, write the eight requirements categories, and have each group place the sticky notes under the category where they believe they should fit.
    4. Once each group has posted the requirements, review the board and discuss any requirements that should be placed in another category.

    Document any changes to the requirements categories in section 5.1 of the Requirements Gathering SOP and BA Playbook.

    Create functional requirement categories

    The image depicts a whiteboard with different colored post-it notes grouped into the following categories: Look & Feel; Usability & Humanity; Legal; Maintainability & Support; Operational & Environmental; Security; Cultural & Political; and Performance.

    Consolidate similar requirements and eliminate redundancies

    Clean up requirements and make everyone’s life simpler!

    After elicitation, it is very common for an organization to end up with redundant, complementary, and conflicting requirements. Consolidation will make managing a large volume of requirements much easier.

    Redundant Requirements Owner Priority
    1. The application shall feed employee information into the payroll system. Payroll High
    2. The application shall feed employee information into the payroll system. HR Low
    Result The application shall feed employee information into the payroll system. Payroll & HR High
    Complementary Requirements Owner Priority
    1. The application shall export reports in XLS and PDF format. Marketing High
    2. The application shall export reports in CSV and PDF format. Finance High
    Result The application shall export reports in XLS, CSV, and PDF format. Marketing & Finance High

    Info-Tech Insight

    When collapsing redundant or complementary requirements, it is imperative that the ownership and priority metadata be preserved for future reference. Avoid consolidating complementary requirements with drastically different priority levels.

    Identify and eliminate conflict between requirements

    Conflicting requirements are unavoidable; identify and resolve them as early as possible to minimize rework and grief.

    Conflicting requirements occur when stakeholders have requirements that either partially or fully contradict one another, and as a result, it is not possible or practical to implement all of the requirements.

    Steps to Resolving Conflict:

    1. Notify the relevant stakeholders of the conflict and search for a basic solution or compromise.
    2. If the stakeholders remain in a deadlock, appoint a final decision maker.
    3. Schedule a meeting to resolve the conflict with the relevant stakeholders and the decision maker. If multiple conflicts exist between the same stakeholder groups, try to resolve as many as possible at once to save time and encourage reciprocation.
    4. Give all parties the opportunity to voice their rationale and objectively rate the priority of the requirement. Attempt to reach an agreement, consensus, or compromise.
    5. If the parties remain in a deadlock, encourage the final decision maker to weigh in. Their decision should be based on which party has the greater need for the requirement, the difficulty to implement the requirement, and which requirement better aligns with the project goals.

    Info-Tech Insight

    Resolve conflicts whenever possible during the elicitation phase by using cross-functional workshops to facilitate discussions that address and settle conflicts in the room.

    Consolidate similar requirements and eliminate redundancies

    3.1.2 – 30 minutes

    Input
    • Activity 3.1.1
    Output
    • Requirements categories
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • BAs

    Review the outputs from the last exercise and ensure that the list is mutually exclusive by consolidating similar requirements and eliminating redundancies.

    1. Looking at each category in turn, review the sticky notes and group similar, complementary, and conflicting notes together. Put a red dot on any conflicting requirements to be used in a later exercise.
    2. Have the group start by eliminating the redundant requirements.
    3. Have the group look at the complementary requirements, and consolidate each into a single requirement. Discard originals.
    4. Record this information in the Requirements Gathering Documentation Tool.

    Prioritize requirements to assist with solution modeling

    Prioritization is the process of ranking each requirement based on its importance to project success. Hold a separate meeting for the domain SMEs, implementation SMEs, project managers, and project sponsors to prioritize the requirements list. At the conclusion of the meeting, each requirement should be assigned a priority level. The implementation SMEs will use these priority levels to ensure efforts are targeted towards the proper requirements as well as to plan features available on each release. Use the MoSCoW Model of Prioritization to effectively order requirements.

    The MoSCoW Model of Prioritization

    The image shows the MoSCoW Model of Prioritization, which is shaped like a pyramid. The sections, from top to bottom (becoming incrementally larger) are: Must Have; Should Have; Could Have; and Won't Have. There is additional text next to each category, as follows: Must have - Requirements must be implemented for the solution to be considered successful.; Should have: Requirements are high priority that should be included in the solution if possible.; Could Have: Requirements are desirable but not necessary and could be included if resources are available.; Won't Have: Requirements won’t be in the next release, but will be considered for the future releases.

    The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994 (Source: ProductPlan).

    Base your prioritization on the right set of criteria

    Effective Prioritization Criteria

    Criteria

    Description

    Regulatory & Legal Compliance These requirements will be considered mandatory.
    Policy Compliance Unless an internal policy can be altered or an exception can be made, these requirements will be considered mandatory.
    Business Value Significance Give a higher priority to high-value requirements.
    Business Risk Any requirement with the potential to jeopardize the entire project should be given a high priority and implemented early.
    Likelihood of Success Especially in proof-of-concept projects, it is recommended that requirements have good odds.
    Implementation Complexity Give a higher priority to low implementation difficulty requirements.
    Alignment With Strategy Give a higher priority to requirements that enable the corporate strategy.
    Urgency Prioritize requirements based on time sensitivity.
    Dependencies A requirement on its own may be low priority, but if it supports a high-priority requirement, then its priority must match it.

    Info-Tech Insight

    It is easier to prioritize requirements if they have already been collapsed, resolved, and rewritten. There is no point in prioritizing every requirement that is elicited up front when some of them will eventually be eliminated.

    Use the Requirements Gathering Documentation Tool to steer your requirements gathering approach during a project

    3.1 Requirements Gathering Documentation Tool

    Use the Requirements Gathering Documentation Tool to identify and track stakeholder involvement, elicitation techniques, and scheduling, as well as to track categorization and prioritization of requirements.

    • Use the Identify Stakeholders tab to:
      • Identify the stakeholder's name and role.
      • Identify their influence and involvement.
      • Identify the elicitation techniques that you will be using.
      • Identify who will be conducting the elicitation sessions.
      • Identify if requirements were validated post elicitation session.
      • Identify when the elicitation will take place.
    • Use the Categorize & Prioritize tab to:
      • Identify the stakeholder.
      • Identify the core function.
      • Identify the business requirement.
      • Describe the requirement.
      • Identify the categorization of the requirement.
      • Identify the level of priority of the requirement.

    Prioritize requirements

    3.1.3 – 30 minutes

    Input
    • Requirements list
    • Prioritization criteria
    Output
    • Prioritized requirements
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • BAs
    • Business stakeholders

    Using the output from the MoSCoW model, prioritize the requirements according to those you must have, should have, could have, and won’t have.

    1. As a group, review each requirement and decide if the requirement is:
      1. Must have
      2. Should have
      3. Could have
      4. Won’t have
    2. Beginning with the must-have requirements, determine if each has any dependencies. Ensure that each of the dependencies are moved to the must-have category. Group and circle the dependent requirements.
    3. Continue the same exercise with the should-have and could-have options.
    4. Record the results in the Requirements Gathering Documentation Tool.

    Step 1 – Prioritize requirements

    3.1.3

    The image shows a whiteboard, with four categories listed at the top: Must Have; Should Have; Could Have; Won't Have. There are yellow post-it notes under each category.

    Step 2-3 – Prioritize requirements

    This image is the same as the previous image, but with the additions of two dotted line squares under the Must Have category, with arrows pointing to them from post-its in the Should have category.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    3.1.1 Create functional requirements categories

    An analyst will facilitate the discussion to brainstorm and determine criteria for requirements categories.

    3.1.2 Consolidate similar requirements and eliminate redundancies

    An analyst will facilitate a session to review the requirements categories to ensure the list is mutually exclusive by consolidating similar requirements and eliminating redundancies.

    3.1.3 Prioritize requirements

    An analyst will facilitate the discussion on how to prioritize requirements according to the MoSCoW prioritization framework. The analyst will also walk you through the exercise of determining dependencies for each requirement.

    Step 3.2: Validate Business Requirements

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Build the BRD.
    • Translate functional requirements to technical requirements.
    • Identify testing opportunities.

    This step involves the following participants:

    • BAs

    Outcomes of this step

    • Finalized BRD.

    Validate requirements to ensure that they meet stakeholder needs – getting sign-off is essential

    The image is the Requirements Gathering Framework shown previously. In this instance, all aspects of the graphic are greyed out with the exception of the Validate arrow, right of center. Below the arrow are three bullet points: Translate; Allocate; Approve.

    The validation phase involves translating the requirements, modeling the solutions, allocating features across the phased deployment plan, preparing the requirements package, and getting requirement sign-off. This is the last step in the Info-Tech Requirements Gathering Framework.

    Prepare a user-friendly requirements package

    Before going for final sign-off, ensure that you have pulled together all of the relevant documentation.

    The requirements package is a compilation of all of the business analysis and requirements gathering that occurred. The document will be distributed among major stakeholders for review and sign-off.

    Some may argue that the biggest challenge in the validation phase is getting the stakeholders to sign off on the requirements package; however, the real challenge is getting them to actually read it. Often, stakeholders sign the requirements document without fully understanding the scope of the application, details of deployment, and how it affects them.

    Remember, this document is not for the BAs; it’s for the stakeholders. Make the package with the stakeholders in mind. Create multiple versions of the requirements package where the length and level of technical details is tailored to the audience. Consider creating a supplementary PowerPoint version of the requirements package to present to senior management.

    Contents of Requirements Package:

    • Project Charter (if available)
    • Overarching Project Goals
    • Categorized Business Requirements
    • Selected Solution Proposal
    • Rationale for Solution Selection
    • Phased Roll-Out Plan
    • Proposed Schedule/Timeline
    • Signatures Page

    "Sit down with your stakeholders, read them the document line by line, and have them paraphrase it back to you so you’re on the same page." – Anonymous City Manager of IT Project Planning Info-Tech Interview

    Capture requirements in a dedicated BRD

    The BRD captures the original business objectives and high-level business requirements for the system/process. The system requirements document (SRD) captures the more detailed functional and technical requirements.

    The graphic is grouped into two sections, indicated by brackets on the right side, the top section labelled BRD and the lower section labelled as SRD. In the BRD section, a box reads Needs Identified in the Business Case. An arrow points from the bottom of the box down to another box labelled Use Cases. In the SRD section, there are three arrows pointing from the Use Cases box to three boxes in a row. They are labelled Functionality; Usability; and Constraints. Each of these boxes has a plus sign between it and the next in the line. At the bottom of the SRD section is a box with text that reads: Quality of Service Reliability, Supportability, and Performance

    Use Info-Tech’s Business Requirements Document Template to specify the business needs and expectations

    3.2 Business Requirements Document Template

    The Business Requirements Document Template can be used to record the functional, quality, and usability requirements into formats that are easily consumable for future analysis, architectural and design activities, and most importantly in a format that is understandable by all business partners.

    The BRD is designed to take the reader from a high-level understanding of the business processes down to the detailed automation requirements. It should capture the following:

    • Project summary and background
    • Operating model
    • Business process model
    • Use cases
    • Requirements elicitation techniques
    • Prioritized requirements
    • Assumptions and constraints

    Rightsize the BRD

    3.2.1 – 30 minutes

    Input
    • Project levels
    • BRD categories
    Output
    • BRD
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    • Business stakeholders

    Build the required documentation for requirements gathering.

    1. On the board, write out the components of the BRD. As a group, review the headings and decide if all sections are needed for level 1 & 2 and level 3 & 4 projects. Your level 3-4 project business cases will have the most detailed business cases; consider your level 1-2 projects, and remove any categories you don’t believe are necessary for the project level.
    2. Now that you have a right-sized template, break the team into two groups and have each group complete one section of the template for your selected project.
      1. Project overview
      2. Implementation considerations
    3. Once complete, have each group present its section, and allow the group to make additions and modifications to each section.

    Document the output from this exercise in section 6 of the Requirements Gathering SOP and BA Playbook.

    Present the BRD to business stakeholders

    3.2.2 – 1 hour

    Input
    • Activity 3.2.1
    Output
    • BRD presentation
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    Practice presenting the requirements document to business stakeholders.

    1. Hold a meeting with a group of selected stakeholders, and have a representative present each section of the BRD for your project.
    2. Instruct participants that they should spend the majority of their time on the requirements section, in particular the operating model and the requirements prioritization.
    3. At the end of the meeting, have the business stakeholders validate the requirements, and approve moving forward with the project or indicate where further requirements gathering must take place.

    Example:

    Typical Requirements Gathering Validation Meeting Agenda
    Project overview 5 minutes
    Project operating model 10 minutes
    Prioritized requirements list 5 minutes
    Business process model 30 minutes
    Implementation considerations 5 minutes

    Translate business requirements into technical requirements

    3.2.3 – 30 minutes

    Input
    • Business requirements
    Output
    • BRD presentation
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders
    • BAs
    • Developers

    Practice translating business requirements into system requirements.

    1. Bring in representatives from the development team, and have a representative walk them through the business process model.
    2. Present a detailed account of each business requirement, and work with the IT team to build out the system requirements for each.
    3. Document the system requirements in the Requirements Gathering Documentation Tool.

    For requirements traceability, ensure you’re linking your requirements management back to your test strategy

    After a solution has been fully deployed, it’s critical to create a strong link between your software testing strategy and the requirements that were collected. User acceptance testing (UAT) is a good approach for requirement verification.

    • Many organizations fail to create an explicit connection between their requirements gathering and software testing strategies. Don’t follow their example!
    • When conducting UAT, structure exercises in the context of the requirements; run through the signed-off list and ask users whether or not the deployed functionality was in line with the expectations outlined in the finalized requirements documentation.
    • If not – determine whether it was a miscommunication on the requirements management side or a failure of the developers (or procurement team) to meet the agreed-upon requirements.

    Download the Requirements Gathering Testing Checklist template.

    Identify the testing opportunities

    3.2.4 – 30 minutes

    Input
    • List of requirements
    Output
    • Requirements testing process
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    • Developers

    Identify how to test the effectiveness of different requirements.

    1. Ask the group to review the list of requirements and identify:
      1. Which kinds of requirements enable constructive testing efforts?
      2. Which kinds of requirements enable destructive testing efforts?
      3. Which kinds of requirements support end-user acceptance testing?
      4. What do these validation-enabling objectives mean in terms of requirement specificity?
    2. For each, identify who will do the testing and at what stage.

    Verify that the requirements still meet the stakeholders’ needs

    Keep the stakeholders involved in the process in between elicitation and sign-off to ensure that nothing gets lost in transition.

    After an organization’s requirements have been aggregated, categorized, and consolidated, the business requirements package will begin to take shape. However, there is still a great deal of work to complete. Prior to proceeding with the process, requirements should be verified by domain SMEs to ensure that the analyzed requirements continue to meet their needs. This step is often overlooked because it is laborious and can create additional work; however, the workload associated with verification is much less than the eventual rework stemming from poor requirements.

    All errors in the requirements gathering process eventually surface; it is only a matter of time. Control when these errors appear and minimize costs by soliciting feedback from stakeholders early and often.

    This is the Verify stage of the Confirm, Verify, Approve process.

    “Do these requirements still meet your needs?”

    Put it all together: obtain final requirements sign-off

    Use the sign-off process as one last opportunity to manage expectations, obtain commitment from the stakeholders, and minimize change requests.

    Development or procurement of the application cannot begin until the requirements package has been approved by all of the key stakeholders. This will be the third time that the stakeholders are asked to review the requirements; however, this will be the first time that the stakeholders are asked to sign off on them.

    It is important that the stakeholders understand the significance of their signatures. This is their last opportunity to see exactly what the solution will look like and to make change requests. Ensure that the stakeholders also recognize which requirements were omitted from the solution that may affect them.

    The sign-off process needs to mean something to the stakeholders. Once a signature is given, that stakeholder must be accountable for it and should not be able to make change requests. Note that there are some requests from senior stakeholders that can’t be refused; use discretion when declining requests.

    This is the Approve stage of the Confirm, Verify, Approve process.

    "Once requirements are signed off, stay firm on them!" – Anonymous Hospital Business Systems Analyst Info-Tech Interview

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with out Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.2.1; 3.2.2 Rightsize the BRD and present it to business stakeholders

    An analyst will facilitate the discussion to gather the required documentation for building the BRD. The analyst will also assist with practicing the presenting of each section of the document to business stakeholders.

    3.2.3; 3.2.4 Translate business requirements into technical requirements and identify testing opportunities

    An analyst will facilitate the session to practice translating business requirements into testing requirements and assist in determining how to test the effectiveness of different requirements.

    Phase 4: Create a Requirements Governance Action Plan

    Phase 4 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Create a Requirements Governance Action Plan

    Proposed Time to Completion: 3 weeks

    Step 4.1: Create Control Processes for Requirements Changes

    Start with an analyst kick off call:

    • Discuss how to handle changes to requirements and establish a formal change control process.

    Then complete these activities…

    • Develop a change control process.
    • Build the guidelines for escalating changes.
    • Confirm your requirements gathering process.
    • Define RACI for the requirements gathering process.

    With these tools & templates:

    • Requirements Traceability Matrix
    Step 4.2: Build Requirements Governance and Communication Plan

    Review findings with analyst:

    • Review options for ongoing governance of the requirements gathering process.

    Then complete these activities…

    • Define the requirements gathering steering committee purpose.
    • Define the RACI for the RGSC.
    • Define procedures, cadence, and agenda for the RGSC.
    • Identify and analyze stakeholders.
    • Create a communications management plan.
    • Build the requirements gathering process implementation timeline.

    With these tools & templates:

    Requirements Gathering Communication Tracking Template

    Phase 4 Results & Insights:
    • Formalized change control and governance processes for requirements.

    Step 4.1: Create Control Processes for Requirements Changes

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Develop change control process.
    • Develop change escalation process.
    This step involves the following participants:
    • BAs
    • Business stakeholders
    Outcomes of this step
    • Requirements gathering process validation.
    • RACI completed.

    Manage, communicate, and test requirements

    The image is the Requirement Gathering Framework graphic from previous sections. In this instance, all parts of the image are greyed out, with the exception of the arrows labelled Communicate and Manage, located at the bottom of the image.

    Although the manage, communicate, and test requirements section chronologically falls as the last section of this blueprint, that does not imply that this section is to be performed only at the end. These tasks are meant to be completed iteratively throughout the project to support the core requirements gathering tasks.

    Prevent requirements scope creep

    Once the stakeholders sign off on the requirements document, any changes need to be tracked and managed. To do that, you need a change control process.

    Thoroughly validating requirements should reduce the amount of change requests you receive. However, eliminating all changes is unavoidable.

    The BAs, sponsor, and stakeholders should have agreed upon a clearly defined scope for the project during the planning phase, but there will almost always be requests for change as the project progresses. Even a high number of small changes can negatively impact the project schedule and budget.

    To avoid scope creep, route all changes, including small ones, through a formal change control process that will be adapted depending on the level of project and impact of the change.

    Linking change requests to requirements is essential to understanding relevance and potential impact

    1. Receive project change request.
    2. Refer to requirements document to identify requirements associated with the change.
      • Matching requirement is found: The change is relevant to the project.
      • Multiple requirements are associated with the proposed change: The change has wider implications for the project and will require closer analysis.
      • The request involves a change or new business requirements: Even if the change is within scope, time, and budget, return to the stakeholder who submitted the request to identify the potentially new requirements that relate to this change. If the sponsor agrees to the new requirements, you may be able to approve the change.
    3. Findings influence decision to escalate/approve/reject change request.

    Develop a change control process

    4.1.1 – 45 minutes

    Input
    • Current change control process
    Output
    • Updated change control process
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    • Developers
    1. Ask the team to consider their current change control process. It might be helpful to discuss a project that is currently underway, or already completed, to provide context. Draw the process on the whiteboard through discussion with the team.
    2. If necessary, provide some cues. Below are some change control process activities:
      • Submit project change request form.
      • PM assesses change.
      • Project sponsor assesses change.
      • Bring request to project steering committee to assess change.
      • Approve/reject change.
    3. Ask participants to brainstorm a potential separate process for dealing with small changes. Add a new branch for minor changes, which will allow you to make decisions on when to bundle the changes versus implementing directly.

    Document any changes from this exercise in section 7.1 of the Requirements Gathering SOP and BA Playbook.

    Example change control process

    The image is an example of a change control process, depicted via a flowchart.

    Build guidelines for escalating changes

    4.1.2 – 1 hour

    Input
    • Current change control process
    Output
    • Updated change control process
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    • Developers

    Determine how changes will be escalated for level 1/2/3/4 projects.

    1. Write down the escalation options for level 3 & 4 projects on the whiteboard:
      • Final decision rests with project manager.
      • Escalate to sponsor.
      • Escalate to project steering committee.
      • Escalate to change control board.
    2. Brainstorm categories for assessing the impact of a change and begin creating a chart on the whiteboard by listing these categories in the far left column. Across the top, list the escalation options for level 3 & 4 projects.
    3. Ask the team to agree on escalation conditions for each escalation option. For example, for the final decision to rest with the project manager one condition might be:
      • Change is within original project scope.
    4. Review the output from exercise 4.1.1 and tailor the process model to meet level 3 & 4 escalation models.
    5. Repeat steps 1-4 for level 1 & 2 projects.

    Document any changes from this exercise in section 7.2 of the Requirements Gathering SOP and BA Playbook.

    Example: Change control process – Level 3 & 4

    Impact Category Final Decision Rests With Project Manager If: Escalate to Steering Committee If: Escalate to Change Control Board If: Escalate to Sponsor If:
    Scope
    • Change is within original project scope.
    • Change is out of scope.
    Budget
    • Change can be absorbed into current project budget.
    • Change will require additional funds exceeding any contingency reserves.
    • Change will require the release of contingency reserves.
    Schedule
    • Change can be absorbed into current project schedule.
    • Change will require the final project close date to be delayed.
    • Change will require a delay in key milestone dates.
    Requirements
    • Change can be linked to an existing business requirement.
    • Change will require a change to business requirements, or a new business requirement.

    Example: Change control process – Level 1 & 2

    Impact CategoryFinal Decision Rests With Project Manager If:Escalate to Steering Committee If:Escalate to Sponsor If:
    Scope
    • Change is within original project scope.
    • Change is out of scope.
    Budget
    • Change can be absorbed into current project budget, even if this means releasing contingency funds.
    • Change will require additional funds exceeding any contingency reserves.
    Schedule
    • Change can be absorbed into current project schedule, even if this means moving milestone dates.
    • Change will require the final project close date to be delayed.
    Requirements
    • Change can be linked to an existing business requirement.
    • Change will require a change to business requirements, or a new business requirement.

    Leverage Info-Tech’s Requirements Traceability Matrix to help create end-to-end traceability of your requirements

    4.1 Requirements Traceability Matrix

    Even if you’re not using a dedicated requirements management suite, you still need a way to trace requirements from inception to closure.
    • Ensuring traceability of requirements is key. If you don’t have a dedicated suite, Info-Tech’s Requirements Traceability Matrix can be used as a form of documentation.
    • The traceability matrix covers:
      • Association ID
      • Technical Assumptions and Needs
      • Functional Requirement
      • Status
      • Architectural Documentation
      • Software Modules
      • Test Case Number

    Info-Tech Deliverable
    Take advantage of Info-Tech’s Requirements Traceability Matrix to track requirements from inception through to testing.

    You can’t fully validate what you don’t test; link your requirements management back to your test strategy

    Create a repository to store requirements for reuse on future projects.

    • Reuse previously documented requirements on future projects to save the organization time, money, and grief. Well-documented requirements discovered early can even be reused in the same project.
    • If every module of the application must be able to save or print, then the requirement only needs to be written once. The key is to be able to identify and isolate requirements with a high likelihood of reuse. Typically, requirements pertaining to regulatory and business rule compliance are prime candidates for reuse.
    • Build and share a repository to store historical requirement documentation. The repository must be intuitive and easy to navigate, or users will not take advantage of it. Plan the information hierarchy in advance. Requirements management software suites have the ability to create a repository and easily migrate requirements over from past projects.
    • Assign one person to manage the repository to create consistency and accountability. This person will maintain the master requirements document and ensure the changes that take place during development are reflected in the requirements.

    Confirm your requirements gathering process

    4.1.3 – 45 minutes

    Input
    • Activity 1.2.4
    Output
    • Requirements gathering process model
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs

    Review the requirements gathering process and control levels for project levels 1/2/3/4 and add as much detail as possible to each process.

    1. Draw out the requirements gathering process for a level 4 project as created in exercise 1.2.4 on a whiteboard.
    2. Review each process step as a group, and break down each step so that it is at its most granular. Be sure to include each decision point, key documentation, and approvals.
    3. Once complete, review the process for level 3, 2 & 1. Reduce steps as necessary. Note: there may not be a lot of differentiation between your project level 4 & 3 or level 2 & 1 processes. You should see differentiation in your process between 2 and 3.

    Document the output from this exercise in section 2.4 of the Requirements Gathering SOP and BA Playbook.

    Example: Confirm your requirements gathering process

    The image is an example of a requirements gathering process, representing in the format of a flowchart.

    Define RACI for the requirements gathering process

    4.1.4 – 45 minutes

    Input
    • List of stakeholders
    Output
    • RACI matrix
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    Understand who is responsible, accountable, consulted, and informed for key elements of the requirements gathering process for project levels 1/2/3/4.

    1. As a group, identify the key stakeholders for requirements gathering and place those names along the top of the board.
    2. On the left side of the board, list the process steps and control points for a level 4 project.
    3. For each process step, identify who is responsible, accountable, informed, and consulted.
    4. Repeat this process for project levels 3, 2 & 1.

    Example: RACI for requirements gathering

    Project Requestor Project Sponsor Customers Suppliers Subject Matter Experts Vendors Executives Project Management IT Management Developer/ Business Analyst Network Services Support
    Intake Form A C C I R
    High-Level Business Case R A C C C C I I C
    Project Classification I I C I R A R
    Project Approval R R I I I I I I A I I
    Project Charter R C R R C R I A I R C C
    Develop BRD R I R C C C R A C C
    Sign-Off on BRD/ Project Charter R A R R R R
    Develop System Requirements C C C R I C A R R
    Sign-Off on SRD R R R I A R R
    Testing/Validation A I R C R C R I R R
    Change Requests R R C C A I R C
    Sign-Off on Change Request R A R R R R
    Final Acceptance R A R I I I I R R R I I

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    4.1.1; 4.1.2 Develop a change control process and guidelines for escalating changes

    An analyst will facilitate the discussion on how to improve upon your organization’s change control processes and how changes will be escalated to ensure effective tracking and management of changes.

    4.1.3 Confirm your requirements gathering process

    With the group, an analyst will review the requirements gathering process and control levels for the different project levels.

    4.1.4 Define the RACI for the requirements gathering process

    An analyst will facilitate a whiteboard exercise to understand who is responsible, accountable, informed, and consulted for key elements of the requirements gathering process.

    Step 4.2: Build Requirements Governance and Communication Plan

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:

    • Developing a requirements gathering steering committee.
    • Identifying and analyzing stakeholders for requirements governance.
    • Creating a communication management plan.

    This step involves the following participants:

    • Business stakeholders
    • BAs

    Outcomes of this step

    • Requirements governance framework.
    • Communication management plan.

    Establish proper governance for requirements gathering that effectively creates and communicates guiding principles

    If appropriate governance oversight doesn’t exist to create and enforce operating procedures, analysts and developers will run amok with their own processes.

    • One of the best ways to properly govern your requirements gathering process is to establish a working committee within the framework of your existing IT steering committee. This working group should be given the responsibility of policy formulation and oversight for requirements gathering operating procedures. The governance group should be comprised of both business and IT sponsors (e.g. a director, BA, and “voice of the business” line manager).
    • The governance team will not actually be executing the requirements gathering process, but it will be deciding upon which policies to adopt for elicitation, analysis, and validation. The team will also be responsible for ensuring – either directly or indirectly through designated managers – that BAs or other requirements gathering processionals are following the approved steps.

    Requirements Governance Responsibilities

    1. Provide oversight and review of SOPs pertaining to requirements elicitation, analysis, and validation.

    2. Establish corporate policies with respect to requirements gathering SOP training and education of analysts.

    3. Prioritize efforts for requirements optimization.

    4. Determine and track metrics that will be used to gauge the success (or failure) of requirements optimization efforts and make process and policy changes as needed.

    Right-size your governance structure to your organization’s complexity and breadth of capabilities

    Not all organizations will be best served by a formal steering committee for requirements gathering. Assess the complexity of your projects and the number of requirements gathering practitioners to match the right governance structure.

    Level 1: Working Committee
    • A working committee is convened temporarily as required to do periodic reviews of the requirements process (often annually, or when issues are surfaced by practitioners). This governance mechanism works best in small organizations with an ad hoc culture, low complexity projects, and a small number of practitioners.
    Level 2: IT Steering Committee Sub-Group
    • For organizations that already have a formal IT steering committee, a sub-group dedicated to managing the requirements gathering process is desirable to a full committee if most projects are complexity level 1 or 2, and/or there are fewer than ten requirements gathering practitioners.
    Level 3: Requirements Gathering Steering Committee
    • If your requirements gathering process has more than ten practitioners and routinely deals with high-complexity projects (like ERP or CRM), a standing formal committee responsible for oversight of SOPs will provide stronger governance than the first two options.
    Level 4: Requirements Gathering Center of Excellence
    • For large organizations with multiple business units, matrix organizations for BAs, and a very large number of requirements gathering practitioners, a formal center of excellence can provide both governance as well as onboarding and training for requirements gathering.

    Identify and analyze stakeholders

    4.2.1A – 1 hour

    Input
    • Number of practitioners, project complexity levels
    Output
    • Governance structure selection
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    Use a power map to determine which governance model best fits your organization.

    The image is a square, split into four equal sections, labelled as follows from top left: Requirements Steering Committee; Requirements Center of Excellence; IT Steering Committee Sub-Group; Working Committee. The left and bottom edges of the square are labelled as follows: on the left, with an arrow pointing upwards, Project Complexity; on the bottom, with arrow pointing right, # of Requirements Practitioners.

    Define your requirements gathering governance structure(s) and purpose

    4.2.1B – 30 minutes

    Input
    • Requirements gathering elicitation, analysis, and validation policies
    Output
    • Governance mandate
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    This exercise will help to define the purpose statement for the applicable requirements gathering governance team.

    1. As a group, brainstorm key words that describe the unique role the governance team will play. Consider value, decisions, and authority.
    2. Using the themes, come up with a set of statements that describe the overall purpose statement.
    3. Document the outcome for the final deliverable.

    Example:

    The requirements gathering governance team oversees the procedures that are employed by BAs and other requirements gathering practitioners for [insert company name]. Members of the team are appointed by [insert role] and are accountable to [typically the chair of the committee].

    Day-to-day operations of the requirements gathering team are expected to be at the practitioner (i.e. BA) level. The team is not responsible for conducting elicitation on its own, although members of the team may be involved from a project perspective.

    Document the output from this exercise in section 3.1 of the Requirements Gathering SOP and BA Playbook.

    A benefits provider established a steering committee to provide consistency and standardization in requirements gathering

    CASE STUDY

    Industry Not-for-Profit

    Source Info-Tech Workshop

    Challenge

    This organization is a not-for-profit benefits provider that offers dental coverage to more than 1.5 million people across three states.

    With a wide ranging application portfolio that includes in-house, custom developed applications as well as commercial off-the-shelf solutions, the company had no consistent method of gathering requirements.

    Solution

    The organization contracted Info-Tech to help build an SOP to put in place a rigorous and efficient methodology for requirements elicitation, analysis, and validation.

    One of the key realizations in the workshop was the need for governance and oversight over the requirements gathering process. As a result, the organization developed a Requirements Management Steering Committee to provide strategic oversight and governance over requirements gathering processes.

    Results

    The Requirements Management Steering Committee introduced accountability and oversight into the procedures that are employed by BAs. The Committee’s mandate included:

    • Provide oversight and review SOPs pertaining to requirements elicitation, analysis, and validation.
    • Establish corporate policies with respect to training and education of analysts on requirements gathering SOPs.
    • Prioritize efforts for requirements optimization.
    • Determine metrics that can be used to gauge the success of requirements optimization efforts.

    Authority matrix – RACI

    There needs to be a clear understanding of who is accountable, responsible, consulted, and informed about matters brought to the attention of the requirements gathering governance team.

    • An authority matrix is often used within organizations to indicate roles and responsibilities in relation to processes and activities.
    • Using the RACI model as an example, there is only one person accountable for an activity, although several people may be responsible for executing parts of the activity.
    • In this model, accountable means end-to-end accountability for the process. Accountability should remain with the same person for all activities of a process.

    RResponsible

    The one responsible for getting the job done.

    A – Accountable

    Only one person can be accountable for each task.

    C – Consulted

    Involvement through input of knowledge and information.

    I – Informed

    Receiving information about process execution and quality.

    Define the RACI for effective requirements gathering governance

    4.2.2 – 30 minutes

    Input
    • Members’ list
    Output
    • Governance RACI
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • Governance team members

    Build the participation list and authority matrix for the requirements gathering governance team.

    1. Have each participant individually consider the responsibilities of the governance team, and write five participant roles they believe should be members of the governance team.
    2. Have each participant place the roles on the whiteboard, group participants, and agree to five participants who should be members.
    3. On the whiteboard, write the responsibilities of the governance team in a column on the left, and place the sticky notes of the participant roles along the top of the board.
    4. Under the appropriate column for each activity, identify who is the “accountable,” “responsible,” “consulted,” and “informed” role for each activity.
    5. Agree to a governance chair.

    Document any changes from this exercise in section 3.1 of the Requirements Gathering SOP and BA Playbook.

    Example: Steps 2-5: Build the governance RACI

    The image shows an example governance RACI, with the top of the chart labelled with Committee Participants, and the left hand column labelled Committee Responsibilities. Some of the boxes have been filled in.

    Define your requirements gathering governance team procedures, cadence, and agenda

    4.2.3 – 30 minutes

    Input
    • Governance responsibilities
    Output
    • Governance procedures and agenda
    Materials
    • Whiteboard
    • Markers
    Participants
    • Steering committee members

    Define your governance team procedures, cadence, and agenda.

    1. Review the format of a typical agenda as well as the list of responsibilities for the governance team.
    2. Consider how you will address each of these responsibilities in the meeting, who needs to present, and how long each presentation should be.
    3. Add up the times to define the meeting duration.
    4. Consider how often you need to meet to discuss the information: monthly, quarterly, or annually? Are there different actions that need to be taken at different points in the year?
    5. As a group, decide how the governance team will approve changes and document any voting standards that should be included in the charter. Will a vote be taken during or prior to the meeting? Who will have the authority to break a tie?
    6. As a group, decide how the committee will review information and documentation. Will members commit to reviewing associated documents before the meeting? Can associated documentation be stored in a knowledge repository and/or be distributed to members prior to the meeting? Who will be responsible for this? Can a short meeting/conference call be held with relevant reviewers to discuss documentation before the official committee meeting?

    Review the format of a typical agenda

    4.2.3 – 30 minutes

    Meeting call to order [Committee Chair] [Time]
    Roll call [Committee Chair] [Time]
    Review of SOPs
    A. Requirements gathering dashboard review [Presenters, department] [Time]
    B. Review targets [Presenters, department] [Time]
    C. Policy Review [Presenters, department] [Time]

    Define the governance procedures and cadence

    4.2.3 – 30 minutes

    • The governance team or committee will be chaired by [insert role].
    • The team shall meet on a [insert time frame (e.g. monthly, semi-annual, annual)] basis. These meetings will be scheduled by the team or committee chair or designated proxy.
    • Approval for all SOP changes will be reached through a [insert vote consensus criteria (majority, uncontested, etc.)] vote of the governance team. The vote will be administered by the governance chair. Each member of the committee shall be entitled to one vote, excepting [insert exceptions].
    • The governance team has the authority to reject any requirements gathering proposal which it deems not to have made a sufficient case or which does not significantly contribute to the strategic objectives of [insert company name].
    • [Name of individual] will record and distribute the meeting minutes and documentation of business to be discussed in the meeting.

    Document any changes from this exercise in section 3.1 of the Requirements Gathering SOP and BA Playbook.

    Changing the requirements gathering process can be disruptive – be successful by gaining business support

    A successful communication plan involves making the initiative visible and creating staff awareness around it. Educate the organization on how the requirements gathering process will differ.

    People can be adverse to change and may be unreceptive to being told they must “comply” to new policies and procedures. Demonstrate the value in requirements gathering and show how it will assist people in their day-to-day activities.

    By demonstrating how an improved requirements gathering process will impact staff directly, you create a deeper level of understanding across lines-of-business, and ultimately a higher level of acceptance for new processes, rules, and guidelines.

    A proactive communication plan will:
    • Assist in overcoming issues with prioritization, alignment resourcing, and staff resistance.
    • Provide a formalized process for implementing new policies, rules, and guidelines.
    • Detail requirements gathering ownership and accountability for the entirety of the process.
    • Encourage acceptance and support of the initiative.

    Identify and analyze stakeholders to communicate the change process

    Who are the requirements gathering stakeholders?

    Stakeholder:

    • A stakeholder is any person, group, or organization who is the end user, owner, sponsor, or consumer of an IT project, change, or application.
    • When assessing an individual or group, ask whether they can impact or be impacted by any decision, change, or activity executed as part of the project. This might include individuals outside of the organization.

    Key Stakeholder:

    • Someone in a management role or someone with decision-making power who will be able to influence requirements and/or be impacted by project outcomes.

    User Group Representatives:

    • For impacted user groups, follow best practice and engage an individual to act as a representative. This individual will become the primary point of contact when making decisions that impact the group.

    Identify the reasons for resistance to change

    Stakeholders may resist change for a variety of reasons, and different strategies are necessary to address each.

    Unwilling – Individuals who are unwilling to change may need additional encouragement. For these individuals, you’ll need to reframe the situation and emphasize how the change will benefit them specifically.

    Unable – All involved requirements gathering will need some form of training on the process, committee roles, and responsibilities. Be sure to have training and support available for employees who need it and communicate this to staff.

    Unaware – Until people understand exactly what is going on, they will not be able to conform to the process. Communicate change regularly at the appropriate detail to encourage stakeholder support.

    Info-Tech Insight

    Resisters who have influence present a high risk to the implementation as they may encourage others to resist as well. Know where and why each stakeholder is likely to resist to mitigate risk. A detailed plan will ensure you have the needed documentation and communications to successfully manage stakeholder resistance.

    Identify and analyze stakeholders

    4.2.4 – 1 hour

    Input
    • Requirements gathering stakeholders list
    Output
    • Stakeholder power map
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • RGSC members

    Identify the impact and level of resistance of all stakeholders to come up with the right communication plan.

    1. Through discussion, generate a complete list of stakeholders for requirements gathering and record the names on the whiteboard or flip chart. Group related stakeholders together.
    2. Using the template on the next slide, draw the stakeholder power map.
    3. Evaluate each stakeholder on the list based on:
      1. Influence: To what degree can this stakeholder impact progress?
      2. Involvement: How involved is the stakeholder already?
      3. Support: Label supporters with green sticky notes, resisters with red notes, and the rest with a third color.
    4. Based on the assessment, write the stakeholder’s name on a green, red, or other colored sticky note, and place the sticky note in the appropriate place on the power map.
    5. For each of the stakeholders identified as resisters, determine why you think they would be resistant. Is it because they are unwilling, unable, and/or unknowing?
    6. Document changes to the stakeholder analysis in the Requirements Gathering Communication Tracking Template.

    Identify and analyze stakeholders

    4.2.4 – 1 hour

    Use a power map to plot key stakeholders according to influence and involvement.

    The image shows a power map, which is a square divided into 4 equally-sized sections, labelled from top left: Focused Engagement; Key Players; Keep Informed; Minimal Engagement. On the left side of the square, there is an arrow pointing upwards labelled Influence; at the bottom of the square, there is an arrow pointing right labelled Involvement. On the right side of the image, there is a legend indicating that a green dot indicates a Supporter; a grey dot indicated Neutral; and a red dot indicates a Resister.

    Example: Identify and analyze stakeholders

    Use a power map to plot key stakeholders according to influence and involvement.

    The image is the same power map image from the previous section, with some additions. A red dot is located at the top left, with a note: High influence with low involvement? You need a strategy to increase engagement. A green dot is located mid-high on the right hand side. Grey dots are located left and right in the bottom of the map. The bottom right grey dot has the note: High involvement with lower influence? Make sure to keep these stakeholders informed at regular intervals and monitor engagement.

    Stakeholder analysis: Reading the power map

    High Risk:

    Stakeholders with high influence who are not as involved in the project or are heavily impacted by the project are less likely to give feedback throughout the project lifecycle and need to be engaged. They are not as involved but have the ability to impact project success, so stay one step ahead.

    Do not limit your engagement to kick-off and close – you need to continue seeking input and support at all stages of the project.

    Mid Risk:

    Key players have high influence, but they are also more involved with the project or impacted by its outcomes and are thus easier to engage.

    Stakeholders who are heavily impacted by project outcomes will be essential to your organizational change management strategy. Do not wait until implementation to engage them in preparing the organization to accept the project – make them change champions.

    Low Risk:

    Stakeholders with low influence who are not impacted by the project do not pose as great of a risk, but you need to keep them consistently informed of the project and involve them at the appropriate control points to collect feedback and approval.

    Inputs to the communications plan

    Stakeholder analysis should drive communications planning.

    Identify Stakeholders
    • Who is impacted by this project?
    • Who can affect project outcomes?
    Assess Stakeholders
    • Influence
    • Involvement
    • Support
    Stakeholder Change Impact Assessment
    • Identify change supporters/resistors and craft change messages to foster acceptance.
    Stakeholder Register
    • Record assessment results and preferred methods of communication.
    The Communications Management Plan:
    • Who will receive information?
    • What information will be distributed?
    • How will information be distributed?
    • What is the frequency of communication?
    • What will the level of detail be?
    • Who is responsible for distributing information?

    Communicate the reason for the change and stay on message throughout the change

    Leaders of successful change spend considerable time developing a powerful change message: a compelling narrative that articulates the desired end state and makes the change concrete and meaningful to staff. They create the change vision with staff to build ownership and commitment.

    The change message should:

    • Explain why the change is needed.
    • Summarize the things that will stay the same.
    • Highlight the things that will be left behind.
    • Emphasize the things that are being changed.
    • Explain how the change will be implemented.
    • Address how the change will affect the various roles in the organization.
    • Discuss staff’s role in making the change successful.

    The five elements of communicating the reason for the change:

    COMMUNICATING THE CHANGE

    What is the change?

    Why are we doing it?

    How are we going to go about it?

    How long will it take us?

    What will the role be for each department and individual?

    Create a communications management plan

    4.2.5 – 45 minutes

    Input
    • Exercise 4.1.1
    Output
    • Communications management plan
    Materials
    • Whiteboard
    • Markers
    Participants
    • RGSC members

    Build the communications management plan around your stakeholders’ needs.

    1. Build a chart on the board using the template on the next slide.
    2. Using the list from exercise 4.1.1, brainstorm a list of communication vehicles that will need to be used as part of the rollout plan (e.g. status updates, training).
    3. Through group discussion, fill in all these columns for at least three communication vehicles:
      • (Target) audience
      • Purpose (description)
      • Frequency (of the communication)
        • The method, frequency, and content of communication vehicles will change depending on the stakeholder involved. This needs to be reflected by your plan. For example, you may have several rows for “Status Report” to cover the different stakeholders who will be receiving it.
      • Owner (of the message)
      • Distribution (method)
      • (Level of) details
        • High/medium/low + headings
    4. Document your stakeholder analysis in the Requirements Gathering Communication Tracking Template.

    Communications plan template

    4.2.5 – 45 minutes

    Sample communications plan: Status reports

    Vehicle Audience Purpose Frequency Owner Distribution Level of Detail
    Communications Guidelines
    • Regardless of complexity, it is important not to overwhelm stakeholders with information that is not relevant to them. Sending more detailed information than is necessary might mean that it does not get read.
    • Distributing reports too widely may lead to people assuming that someone else is reading it, causing them to neglect reading it themselves.
    • Only distribute reports to the stakeholders who need the information. Think about what information that stakeholder requires to feel comfortable.

    Example: Identify and analyze stakeholders

    Sample communications plan: Status reports

    Vehicle Audience Purpose Frequency Owner Distribution Level of Detail
    Status Report Sponsor Project progress and deliverable status Weekly Project Manager Email

    Details for

    • Milestones
    • Deliverables
    • Budget
    • Schedule
    • Issues
    Status Report Line of Business VP Project progress Monthly Project Manager Email

    High Level for

    • Major milestone update

    Build your requirements gathering process implementation timeline

    4.2.6 – 45 minutes

    Input
    • Parking lot items
    Output
    • Implementation timeline
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • RGSC members

    Build a high-level timeline for the implementation.

    1. Collect the action items identified throughout the week in the “parking lot.”
    2. Individually or in groups, brainstorm any additional action items. Consider communication, additional training required, approvals, etc.
      • Write these on sticky notes and add them to the parking lot with the others.
    3. As a group, start organizing these notes into logical groupings.
    4. Assign each of the tasks to a person or group.
    5. Identify any risks or dependencies.
    6. Assign each of the tasks to a timeline.
    7. Following the exercise, the facilitator will convert this into a Gantt chart using the roadmap for requirements gathering action plan.

    Step 3: Organize the action items into logical groupings

    4.2.6 – 45 minutes

    The image shows a board with 5 categories: Documentation, Approval, Communication, Process, and Training. There are groups of post-it notes under each category title.

    Steps 4-6: Organize the action items into logical groupings

    4.2.6 – 45 minutes

    This image shows a chart with Action Items to be listed in the left-most column, Person or Group Responsible in the next column, Risks/Dependencies in the next columns, and periods of time (i.e. 1-3 months, 2-6 months, etc.) in the following columns. The chart has been partially filled in as an exemplar.

    Recalculate the selected requirements gathering metrics

    Measure and monitor the benefits of requirements gathering optimization.

    • Reassess the list of selected and captured requirements management metrics.
    • Recalculate the metrics and analyze any changes. Don’t expect a substantial result after the first attempt. It will take a while for BAs to adjust to the Info-Tech Requirements Gathering Framework. After the third project, results will begin to materialize.
    • Understand that the project complexity and business significance will also affect how long it takes to see results. The ideal projects to beta the process on would be of low complexity and high business significance.
    • Realize that poor requirements gathering can have negative effects on the morale of BAs, IT, and project managers. Don’t forget to capture the impact of these through surveys.

    Major KPIs typically used for benchmarking include:

    • Number of application bugs/defects (for internally developed applications).
    • Number of support requests or help desk tickets for the application, controlled for user deployment levels.
    • Overall project cycle time.
    • Overall project cost.
    • Requirements gathering as a percentage of project time.

    Revisit the requirements gathering metrics selected in the planning phase and recalculate them after requirements gathering optimization has been attempted.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.2.1; 4.2.2; 4.2.3 – Build a requirements gathering steering committee

    The analyst will facilitate the discussion to define the purpose statement of the steering committee, build the participation list and authority matrix for its members, and define the procedures and agenda.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    4.2.4 Identify and analyze stakeholders

    An analyst will facilitate the discussion on how to identify the impact and level of resistance of all stakeholders to come up with the communication plan.

    4.2.5 Create a communications management plan

    An analyst will assist the team in building the communications management plan based on the stakeholders’ needs that were outlined in the stakeholder analysis exercise.

    4.2.6 Build a requirements gathering implementation timeline

    An analyst will facilitate a session to brainstorm and document any action items and build a high-level timeline for implementation.

    Insight breakdown

    Requirements gathering SOPs should be prescriptive based on project complexity.

    • Complex projects will require more analytical rigor. Simpler projects can be served by more straightforward techniques such as user stories.

    Requirements gathering management tools can be pricy, but they can also be beneficial.

    • Requirements gathering management tools are a great way to have full control over recording, analyzing, and categorizing requirements over complex projects.

    BAs can make or break the execution of the requirements gathering process.

    • A strong process still needs to be executed well by BAs with the right blend of skills and knowledge.

    Summary of accomplishment

    Knowledge Gained

    • Best practices for each stage of the requirements gathering framework:
      • Elicitation
      • Analysis
      • Validation
    • A clear understanding of BA competencies and skill sets necessary to successfully execute the requirements gathering process.

    Processes Optimized

    • Stakeholder identification and management.
    • Requirements elicitation, analysis, and validation.
    • Requirements gathering governance.
    • Change control processes for new requirements.
    • Communication processes for requirements gathering.

    Deliverables Completed

    • SOPs for requirements gathering.
    • Project level selection framework.
    • Communications framework for requirements gathering.
    • Requirements documentation standards.

    Organizations and experts who contributed to this research

    Interviews

    • Douglas Van Gelder, IT Manager, Community Development Commission of the County of Los Angeles
    • Michael Lyons, Transit Management Analyst, Metropolitan Transit Authority
    • Ken Piddington, CIO, MRE Consulting
    • Thomas Dong, Enterprise Software Manager, City of Waterloo
    • Chad Evans, Director of IT, Ontario Northland
    • Three anonymous contributors

    Note: This research also incorporates extensive insights and feedback from our advisory service and related research projects.

    Bibliography

    “10 Ways Requirements Can Sabotage Your Projects Right From the Start.” Blueprint Software Systems, 2012. Web.

    “BPM Definition.” BPMInstitute.org, n.d. Web.

    “Capturing the Value of Project Management.” PMI’s Pulse of the Profession, 2015. Web.

    Eby, Kate. “Demystifying the 5 Phases of Project Management.” Smartsheet, 29 May 2019. Web.

    “Product Management: MoSCoW Prioritization.” ProductPlan, n.d. Web.

    “Projects Delivered on Time & on Budget Result in Larger Market Opportunities.” Jama Software, 2015. Web.

    “SIPOC Table.” iSixSigma, n.d. Web.

    “Survey Principles.” University of Wisconsin-Madison, n.d. Web.

    “The Standish Group 2015 Chaos Report.” The Standish Group, 2015. Web.

    Assess Infrastructure Readiness for Digital Transformation

    • Buy Link or Shortcode: {j2store}300|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    There are many challenges for I&O when it comes to digital transformation, including:

    • Legacy infrastructure technical debt
    • Skills and talent in the IT team
    • A culture that resists change
    • Fear of job loss

    These and many more will hinder your progress, which demonstrates the need to invest in modernizing your infrastructure, investing in training and hiring talent, and cultivating a culture that supports digital transformation.

    Our Advice

    Critical Insight

    By using the framework of culture, competencies, collaboration and capabilities, organizations can create dimensions in their I&O structure in order to shift from traditional infrastructure management to becoming a strategic enabler, driving agility, innovation, and operational excellence though the effective integration of people, process, and technology.

    Impact and Result

    By driving a customer-centric approach, delivering a successful transformation can be tailored to the business goals and drive adoption and engagement. Refining your roadmap through data and analytics will drive this change. Use third-party expertise to guide your transformation and help build that vision of the future.

    Assess Infrastructure Readiness for Digital Transformation Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess Infrastructure Readiness for Digital Transformation – Unlock the full potential of your infrastructure with a digital transformation strategy and clear the barriers for success.

  • Be customer centric as opposed to being technology driven.
  • Understanding business needs and pain points is key to delivering solutions.
  • Approach infrastructure digital transformation in iterations and look at this as a journey.
    • Assess Infrastructure Readiness for Digital Transformation Storyboard
    • I&O Digital Transformation Maturity Assessment Tool

    Infographic

    Further reading

    Assess Infrastructure Readiness for Digital Transformation

    Unlock the full potential of your infrastructure with a digital transformation strategy and clear the barriers to success.

    Analyst Perspective

    It’s not just about the technology!

    Many businesses fail in their endeavors to complete a digital transformation, but the reasons are complex, and there are many ways to fail, whether it is people, process, or technology. In fact, according to many surveys, 70% of digital transformations fail, and it’s mainly down to strategy – or the lack thereof.

    A lot of organizations think of digital transformation as just an investment in technology, with no vision of what they are trying to achieve or transform. So, out of the gate, many organizations fail to undergo a meaningful transformation, change their business model, or bring about a culture of digital transformation needed to be seriously competitive in their given market.

    When it comes to I&O leaders who have been given a mandate to drive digital transformation projects, they still must align to the vision and mission of the organization; they must still train and hire staff that will be experts in their field; they must still drive process improvements and align the right technology to meet the needs of a digital transformation.

    John Donovan

    John Donovan

    Principal Research Director, I&O
    Info-Tech Research Group

    Insight summary

    Overarching insight

    Digital transformation requires I&O teams to shift from traditional infrastructure management to becoming a strategic enabler, driving agility, innovation, and operational excellence through effective integration of people, process, and technology.

    Insight 1

    Collaboration is a key component of I&O – Promote strong collaboration between I&O and other business functions. When doing a digital transformation, it is clear that this is a cross-functional effort. Business leaders and IT teams need to align their objectives, prioritize initiatives, and ensure that you are seamlessly integrating technologies with the new business functions.

    Insight 2

    Embrace agility and adaptability as core principles – As the digital landscape continues to evolve, it is paramount that I&O leaders are agile and adaptable to changing business needs, adopting new technology and implementing new innovative solutions. The culture of continuous improvement and openness to experimentation and learning will assist the I&O leaders in their journey.

    Insight 3

    Future-proof your infrastructure and operations – By anticipating emerging technologies and trends, you can proactively plan and organize your team for future needs. By investing in scalable, flexible infrastructure such as cloud services, automation, AI technologies, and continuously upskilling the IT staff, you can stay relevant and forward-looking in the digital space.

    Tactical insight

    An IT infrastructure maturity assessment is a foundational step in the journey of digital transformation. The demand will be on performance, resilience, and scalability. IT infrastructure must be able to support innovation and rapid deployment of services.

    Tactical insight

    Having a clear strategy, with leadership commitment along with hiring and training the right people, monitoring and measuring your progress, and ensuring it is a business-led journey will increase your chances of success.

    Executive Summary

    Your Challenge

    There are a lot of challenges for I&O when it comes to digital transformation, including:

    • Legacy infrastructure technical debt.
    • Skills and talent in the IT team.
    • A culture that resists change.
    • Fear of job loss.

    These and many more will hinder your progress, which demonstrates the need to invest in modernizing your infrastructure, investing in training and hiring talent, and cultivating a culture that supports digital transformation.

    Common Obstacles

    Many obstacles to digital transformation begin with non-I&O activities, including:

    • Lack of a clear vision and strategy.
    • Siloed organizational structure.
    • Lack of governance and data management.
    • Limited budget and resources.

    By addressing these obstacles, I&O will have a better chance of a successful transformation and delivering the full potential of digital technologies.

    Info-Tech's Approach

    Building a culture of innovation by developing clear goals and creating a vision will be key.

    • Be customer centric as opposed to being technology driven.
    • Understand the business needs and pain points in order to effectively deliver solutions.
    • Approach infrastructure digital transformation in iterations and look at it as a journey.

    By completing the Info-Tech digital readiness questionnaire, you will see where you are in terms of maturity and areas you need to concentrate on.

    Info-Tech Insight

    By driving a customer-centric approach, delivering a successful transformation can be tailored to the business goals and drive adoption and engagement. Refining your roadmap through data and analytics will drive this change. Use third-party expertise to guide your transformation and help build that vision of the future.

    The cost of digital transformation

    The challenges that stand in the way of your success, and what is needed to reverse the risk

    What CIOs are saying about their challenges

    26% of those CIOs surveyed cite resistance to change, with entrenched viewpoints demonstrating a real need for a cultural shift to enhance the digital transformation journey.

    Source: Prophet, 2019.

    70% of digital transformation projects fall short of their objectives – even when their leadership is aligned, often with serious consequences.

    Source: BCG, 2020.

    Having a clear strategy and commitment from leadership, hiring and training the right people, monitoring and measuring your progress, and ensuring it is a business-led journey will increase your chances of success.

    Info-Tech Insight

    Cultural change, business alignment, skills training, and setting a clear strategy with KPIs to demonstrate success are all key to being successful in your digital journey.

    Small and medium-sized enterprises

    What business owners and CEOs are saying about their digital transformation

    57% of small business owners feel they must improve their IT infrastructure to optimize their operations.

    Source: SMB Story, 2023.

    64% of CEOs believe driving digital transformation at a rapid pace is critical to attracting and retaining talent and customers.

    Source: KPMG, 2022.

    Info-Tech Insight

    An IT infrastructure maturity assessment is a foundational step in the journey of digital transformation. The demand will be on performance, resilience, and scalability. IT infrastructure must be able to support innovation and rapid deployments.

    Terms of use

     These Terms of Use state the terms and conditions under which you may use this website and the Services, which are the property of Tymans Group BV. ("TY"). Your use of this site and the Services constitutes acceptance of these Terms of Use.
    1. General Use Restrictions

    TY services, advice, materials, products, websites, and networks (collectively the "Services") are to be used for the User (meaning a named individual user that uses the publicly available Services or is authorized by TY in a service agreement to use the Services that require paid access) use and benefit only pursuant to the terms and limitations of the paid subscription and may not be disclosed, disseminated or distributed to any other party, except as TY otherwise agrees in writing. The User will not circumvent any encryption or otherwise gain access to Services for which the User has not been expressly granted the appropriate rights of access.

    The User will not use the Services for or knowingly transmit to TY or upload to any TY site or network any illegal, improper, or unacceptable material or use them for illegal, improper, or unacceptable practices, including without limitation the dissemination of any defamatory, fraudulent, infringing, abusive, lewd, obscene or pornographic material, viruses, trojan horses, time bombs, worms, or other harmful code designed to interrupt, destroy, or limit the functionality of any software, hardware or communications equipment, unsolicited mass email or other internet-based advertising campaigns, privacy breaches, denial of use attacks, spoofing, or impersonation.

    1. Copyright

    The Services are © Tymans Group BV. All rights reserved.

    The Services are owned by and copyrighted by TY and other parties and may contain trademarks of TY or others. They are protected by Canadian, US, and international copyright and trademark laws and conventions.

    User may use the Services solely for his or their own information purposes pursuant to the terms and limitations of the paid subscription. The User may download any of the Service's tools or templates for his or her individual use but may not distribute any articles, tools, templates, or blueprints internally, subject to the exceptions below. The User may create derivative works from the Service's tools or templates and distribute these for internal use but may not distribute these derivative works externally for any commercial or resale purposes.

    Any other reproduction or dissemination of the Services in any form or by any means is forbidden without TY's written permission, and without limiting the generality of the foregoing, the User will not:

    • A. record and re-transmit the Service over any network (including any local area network), except as otherwise stated above;
    • B. use any Service in any timesharing, service bureau, bulletin board, or similar arrangement or public display;
    • C. post any Service to any other online service (including bulletin boards or the internet);
    • D. sublicense, lease, sell, offer for sale or assign the Service; or
    • E. use TY's name or any excerpts from the Services in the promotion of its products or services.
    1. Users

    Users must be authorized to use the Services by TY. Users must maintain and protect the confidentiality of any password(s) and are responsible for ensuring that the passwords are effective. Users shall advise TY immediately if they discover that their password has been compromised at the following number: 1-888-670-8889. If you are an organization that is party to a service agreement with TY, references in these Terms of Use to "User(s)" include you, and you are responsible for compliance by named individual Users within your organization with these Terms of Use.

    1. User Perspective

    For the benefit of all Users, TY's research services include the ability for Users to (i) participate in the creation of research by contributing User perspectives for publication on TY's websites and (ii) participate in industry-specific community groups and other forums by contributing discussion posts. All such contributions are voluntary with the full consent of the User. If your account is used to contribute content to TY's websites (collectively, "User Contributions"), you agree to accept sole responsibility for those User Contributions, including the information, statements, facts, and material contained in any form or medium (e.g., text, audio, video, and photographic) therein. To the extent Users contribute any feedback to TY (as User Contributions or otherwise), TY may use that feedback to assess, improve, and market its products. To the extent Users contribute to research, TY may incorporate those contributions within the research Services without the necessity of attribution. You grant us and our affiliates a worldwide, irrevocable, royalty-free, nonexclusive license to use, reproduce, create derivative works of, distribute publicly display, and publish User Contributions. You agree you will not attempt to enforce any so-called "moral rights" in User Contributions against us or our affiliates.

    By using TY's research services, you agree that none of your User Contributions will:

    • Infringe on the intellectual property, trade secret, privacy, publicity, or other rights of others;
    • Contain false statements or misrepresentations that could damage TY or any third party;
    • Include obscene, libelous, defamatory, threatening, harassing, abusive, hateful, sexually explicit, sexually-oriented, profane, or embarrassing material, as determined by TY in its sole discretion;
    • Be illegal or otherwise objectionable;
    • Contain the personal information of any third party, including, without limitation, addresses, phone numbers, email addresses, Social Security numbers, and credit card numbers;
    • Encourage or facilitate insider trading or anti-competitive behavior;
    • Include commercial advertisements or solicitations; or
    • Purport to or actually provide legal or professional advice.

    BecauseTY's Web sites are available to the public, User Contributions on TY's Web sites are not Confidential Information.

    Although you are solely responsible for the content you provide, and we do not have a policy of reviewing or monitoring all User Contributions, we reserve the right to pre-screen and/or monitor User Contributions. If we become aware of User Contributions that violate these Terms of Service or that we believe to be otherwise objectionable, we may reject or delete them or take other action without notice to you and at our sole discretion.

    If you believe that any User Contributions appear to violate these Terms of Service, or if you believe any other user is engaged in illegal, harassing, or objectionable behavior, please contact us.

    1. Non-Disclosure of Confidential Information

    In these Terms of Use, "Confidential Information" means information of a commercially sensitive or proprietary character that is marked as confidential or that a reasonable person would understand to be confidential. The "Disclosing Party" is the party disclosing Confidential Information, and the "Receiving Party" is the party receiving Confidential Information. However, Confidential Information does not include information that:

    • was in the public domain at the time of communication to the Receiving Party or is later placed in the public domain by the Disclosing Party;
    • entered the public domain through no fault of the Receiving Party subsequent to the time of disclosure hereunder to the Receiving Party;
    • was in the Receiving Party's possession free of any obligation of confidence prior to disclosure hereunder; or
    • was developed by employees or agents of the Receiving Party independently of and without reference to any Confidential Information.

    The Receiving Party shall not disclose, publish or communicate the Confidential Information to any third party without the prior written consent of the Disclosing Party. However, the Receiving Party may disclose the Confidential Information to a third party who has a need to know the Confidential Information and (i) is an accountant, attorney, underwriter, or advisor under a duty of confidentiality; or (ii) is under a written obligation of confidentiality at least as restrictive as this Agreement and to the extent required by law.

    TY may create or use anonymized data for purposes such as benchmarking, analytics, and other good-faith business purposes. Anonymized data is not the Confidential Information of Users.

    1. Term

    Many of the Services are "subscription" services that have a fixed Term and must be renewed in writing at the end of the term for services to continue. The contractual term of membership is generally one (1) to three (3) years in length and is agreed to by the parties in writing. Workshops purchased as part of membership expire without refund or credit at the end of the membership period covered by the purchase. Workshops purchased outside membership expire without refund or credit one (1) year after purchase. TY may terminate a User's access at any time if the User or the entity paying for the User's access violates the terms of use or subscription or any other agreement with TY.

    1. Cancellation

    As the Services are paid in advance for a committed membership term, a service agreement or membership cannot be terminated by a User for convenience during a contractual term.

    1. Changes

    TY strives to innovate. TY may update, upgrade or otherwise change or discontinue content, features, or other aspects of its Services. TY will not make changes that cumulatively degrade the quality of a paid subscription to the Services. TY also reserves the right to change the terms and conditions applicable to your use of the Services unless TY has otherwise agreed in a service agreement. Use of the Services after such changes shall be deemed to be acceptance by the User of such changes. These terms were last revised on June 8, 2022.

    1. Accuracy of Information and Warranty

    The information contained in the Services has been obtained from sources believed to be reliable, but TY does not warrant the completeness, timeliness, or accuracy of any information contained in the Services. The Services are intended to: help identify business risks; provide insights based on industry research; and help you focus on certain matters which may be affecting your business. TY does not provide legal, accounting, or other professional advice, nor should any advice from TY be construed as such. We encourage you to seek professional advice whenever necessary.

    TY expressly excludes and disclaims all express or implied conditions, representations, and warranties, including, without limitation, any implied warranties or conditions of merchantability or fitness for a particular purpose, to the extent allowable by law.

    Although TY takes reasonable steps to screen Services for infection by viruses, worms, Trojan horses, or other code manifesting contaminating or destructive properties before making the Services available, TY cannot guarantee that any Service will be free of infection.

    User assumes sole responsibility for the selection of the Services to achieve its intended results. The opinions expressed in the Services are subject to change without notice.

    TY does not endorse third-party products or services. TY assesses and analyzes the effectiveness and appropriateness of information technology in the context of a general business environment only unless specifically hired by a User to assess in the context of their own environment.

    1. Limitation of Liability

    In no event is TY liable for any special, indirect, consequential, incidental, punitive, or other damages however caused, whether in contract, tort, negligence, strict liability, operation of law, or otherwise (including without limitation damages for lost profits, business interruption or loss arising out of the use of or inability to use the Services, or any information provided in the Services, or claims attributable to errors, omissions or other inaccuracies in the Service or interpretations thereof), even if TY has been advised of the possibility of such damages. TY's total liability shall in no event exceed the amount paid by the User for the Service in question.

    The User acknowledges that TY has set its prices and sold the Services to it in reliance on the limitations of liability and disclaimers of warranties and damages set forth herein and that the same form a fundamental and essential basis of the bargain between the parties. They shall apply even if the contract between the User and TY is found to have failed in its fundamental or essential purpose or has been fundamentally breached.

    1. Links to Third-Party Sites

    Any third-party sites that are linked to the Services are not under TY's control. TY is not responsible for anything on the linked sites, including without limitation any content, links to other sites, any changes to those sites, or any policies those sites may have. TY provides links as a convenience only, and such links do not imply any endorsement by TY of those sites.

    1. Investment Advice

    The Services are not intended to be used for the purpose of, or as a basis for, making investment decisions or recommendations with respect to securities of any company or industry, and TY assumes no liability for decisions made, in whole or in part, on the basis of any information contained in the Services.

    1. Governing Law

    This site and any service agreement are governed by the laws of the Province of Ontario, Canada, excluding any conflicts of law provisions and excluding the United Nations Convention on Contracts for the International Sale of Goods. Any legal action against TY shall take place in the courts of the province of Antwerp, Belgium. The parties attorn to the non-exclusive jurisdiction of the courts of Ontario.

    1. Entire Agreement

    These standard terms of use, together with any service agreements and statements of work signed by the parties, contains the complete and exclusive statement of Agreement between the parties and supersedes all purchase order terms and conditions, understandings, proposals, negotiations, representations, or warranties of any kind whether written or oral.

    1. Privacy

    A User's right to privacy is of paramount importance to TY. See our Privacy Policy for more detail. The identity of our research clients is not considered personal or confidential information, and we may disclose that information for promotion and marketing purposes.

    1. Contact Information

    Attn: General Counsel

    legal@tymansgroup.com

    (US): 1-917-473-8669

    (BE): 32-468-142-754

    Accelerate Digital Transformation With a Digital Factory

    • Buy Link or Shortcode: {j2store}93|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $50,000 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Organizational challenges are hampering digital transformation (DX) initiatives.
    • The organization’s existing digital factory is failing to deliver value.
    • Designing a successful digital factory is a difficult process.

    Our Advice

    Critical Insight

    To remain competitive, enterprises must deliver products and services like a startup or a digital native enterprise. This requires enterprises to:

    • Understand how digital native enterprises are designed.
    • Understand the foundations of good design: purpose, organizational support, and leadership.
    • Understand the design of the operating model: structure and organization, management practices, culture, environment, teams, technology platforms, and meaningful metrics and KPIs.

    Impact and Result

    Organizations that implement this project will draw benefits in the following aspects:

    • Gain awareness and understanding of various aspects that hamper DX.
    • Set the right foundations by having clarity of purpose, alignment on organizational support, and the right leadership in place.
    • Design an optimal operating model by setting up the right organizational structures, management practices, lean and optimal governance, agile teams, and an environment that promotes productivity and wellbeing.
    • Finally, set the right measures and KPIs.

    Accelerate Digital Transformation With a Digital Factory Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the importance of a well-designed digital factory.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build the case

    Collect data and stats that will help build a narrative for digital factory.

    • Digital Factory Playbook

    2. Lay the foundation

    Discuss purpose, mission, organizational support, and leadership.

    3. Design the operating model

    Discuss organizational structure, management, culture, teams, environment, technology, and KPIs.

    [infographic]

    Workshop: Accelerate Digital Transformation With a Digital Factory

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build the case

    The Purpose

    Understand and gather data and stats for factors impacting digital transformation.

    Develop a narrative for the digital factory.

    Key Benefits Achieved

    Identification of key pain points and data collected

    Narrative to support the digital factory

    Activities

    1.1 Understand the importance and urgency of digital transformation (DX).

    1.2 Collect data and stats on the progress of DX initiatives.

    1.3 Identify the factors that hamper DX and tie them to data/stats.

    1.4 Build the narrative for the digital factory (DF) using the data/stats.

    Outputs

    Identification of factors that hamper DX

    Data and stats on progress of DX

    Narrative for the digital factory

    2 Lay the foundation

    The Purpose

    Discuss the factors that impact the success of establishing a digital factory.

    Key Benefits Achieved

    A solid understanding and awareness that successful digital factories have clarity of purpose, organizational support, and sound leadership.

    Activities

    2.1 Discuss

    2.2 Discuss what organizational support the digital factory will require and align and commit to it.

    2.3 Discuss reference models to understand the dynamics and the strategic investment.

    2.4 Discuss leadership for the digital age.

    Outputs

    DF purpose and mission statements

    Alignment and commitment on organizational support

    Understanding of competitive dynamics and investment spread

    Develop the profile of a digital leader

    3 Design the operating model (part 1)

    The Purpose

    Understand the fundamentals of the operating model.

    Understand the gaps and formulate the strategies.

    Key Benefits Achieved

    Design of structure and organization

    Design of culture aligned with organizational goals

    Management practices aligned with the goals of the digital factory

    Activities

    3.1 Discuss structure and organization and associated organizational pathologies, with focus on hierarchy and silos, size and complexity, and project-centered mindset.

    3.2 Discuss the importance of culture and its impact on productivity and what shifts will be required.

    3.3 Discuss management for the digital factory, with focus on governance, rewards and compensation, and talent management.

    Outputs

    Organizational design in the context of identified pathologies

    Cultural design for the DF

    Management practices and governance for the digital factory

    Roles/responsibilities for governance

    4 Design the operating model (part 2)

    The Purpose

    Understand the fundamentals of the operating model.

    Understand the gaps and formulate the strategies.

    Key Benefits Achieved

    Discuss agile teams and the roles for DF

    Environment design that supports productivity

    Understanding of existing and new platforms

    Activities

    4.1 Discuss teams and various roles for the DF.

    4.2 Discuss the impact of the environment on productivity and satisfaction and discuss design factors.

    4.3 Discuss technology and tools, focusing on existing and future platforms, platform components, and organization.

    4.4 Discuss design of meaningful metrics and KPIs.

    Outputs

    Roles for DF teams

    Environment design factors

    Platforms and technology components

    Meaningful metrics and KPIs

    Build and Deliver an Optimized IT Update Presentation

    • Buy Link or Shortcode: {j2store}269|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Manage Business Relationships
    • Parent Category Link: /manage-business-relationships
    • IT update presentation success comes with understanding the business and the needs of your stakeholders. It often takes time and effort to get it right.
    • Many IT updates are too technically focused and do not engage nor demonstrate value in the eyes of the business.
    • This is not the time to boast about technical metrics that lack relevance.
    • Too often IT updates are prepared without the necessary pre-discussions required to validate content and hone priorities.

    Our Advice

    Critical Insight

    • CIOs need to take charge of the IT value proposition, increasing the impact and strategic role of IT.
    • Use your IT update to focus decisions, improve relationships, find new sources of value, and drive credibility.
    • Evolve the strategic partnership with your business using key metrics to help guide the conversation.

    Impact and Result

    • Build and deliver an IT update that focuses on what is most important.
    • Achieve the buy-in you require while driving business value.
    • Gain clarity on your scope, goals, and outcomes.
    • Validate IT’s role as a strategic business partner.

    Build and Deliver an Optimized IT Update Presentation Research & Tools

    Start here – read the Executive Brief

    Read our Executive Brief to find out how an optimized IT update presentation is your opportunity to drive business value.Review Info-Tech’s methodology and understand how we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Scope and goals

    Confirm the “why” of the IT update presentation by determining its scope and goals.

    • Build and Deliver an Optimized IT Update Presentation – Phase 1: Scope and Goals

    2. Assess and build

    Confirm the “what” of the presentation by focusing on business requirements, metrics, presentation creation, and stakeholder validation.

    • Build and Deliver an Optimized IT Update Presentation – Phase 2: Assess and Build
    • IT Update Stakeholder Interview Guide
    • IT Metrics Prioritization Tool

    3. Deliver and inspire

    Confirm the “how” of the presentation by focusing on engaging your audience, getting what you need, and creating a feedback cycle.

    • Build and Deliver an Optimized IT Update Presentation – Phase 3: Deliver and Inspire
    • IT Update Open Issues Tracking Tool
    [infographic]

    Workshop: Build and Deliver an Optimized IT Update Presentation

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Scope, Goals, and Requirements

    The Purpose

    Determine the IT update’s scope and goals and identify stakeholder requirements

    Key Benefits Achieved

    IT update scope and goals

    Business stakeholder goals and requirements

    Activities

    1.1 Determine/validate the IT update scope

    1.2 Determine/validate the IT update goals

    1.3 Business context analysis

    1.4 Determine stakeholder needs and expectations

    1.5 Confirm business goals and requirements

    Outputs

    Documented IT update scope

    Documented IT update goals

    Validated business context

    Stakeholder requirements analysis

    Confirmed business goals and requirements

    2 Validate Metrics With Business Needs

    The Purpose

    Analyze metrics and content and validate against business needs

    Key Benefits Achieved

    Selection of key metrics

    Metrics and content validated to business needs

    Activities

    2.1 Analyze current IT metrics

    2.2 Review industry best-practice metrics

    2.3 Align metrics and content to business stakeholder needs

    Outputs

    Identification of key metrics

    Finalization of key metrics

    Metrics and content validated to business stakeholder needs

    3 Create an optimized IT update

    The Purpose

    Create an IT update presentation that is optimized to business needs

    Key Benefits Achieved

    Optimized IT update presentation

    Activities

    3.1 Understand the audience and how to best engage them

    3.2 Determine how to present the pertinent data

    3.3 IT update review with key business stakeholders

    3.4 Final edits and review of IT update presentation

    3.5 Pre-presentation checklist

    Outputs

    Clarity on update audience

    Draft IT update presentation

    Business stakeholder feedback

    Finalized IT update presentation

    Confirmation on IT update presentation readiness

    Communicate Any IT Initiative

    • Buy Link or Shortcode: {j2store}428|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Lead
    • Parent Category Link: /lead

    IT communications are often considered ineffective and unengaging. This is demonstrated by the:

    • Lack of expectation that IT should communicate well. Why develop a skill that no one expects IT to deliver on?
    • Failure to recognize the importance of communication to engage employees and communicate ideas.
    • Perception that communication is a broadcast not a continuous dialogue.
    • Inability to create, monitor, and manage feedback mechanisms.
    • Overreliance on data as the main method of communication instead of as evidence to support a broader narrative.

    Our Advice

    Critical Insight

    • Don't make data your star. It is a supporting character. People can argue about the collection methods or interpretation of the data, but they cannot argue with the story you share.
    • Messages are also non-verbal. Practice using your voice and body to set the right tone and impact your audience.
    • Recognize that communications are essential even in highly technical IT environments.
    • Measure if the communication is being received and resulting in the desired outcome. If not, modify what and how the message is being expressed.

    Impact and Result

    • Develop an actionable plan to deliver consistent, timely messaging for all audiences.
    • Compose and deliver meaningful messages.
    • Consistently deliver the right information and the right time to the right stakeholders.

    Communicate Any IT Initiative Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Communicate Any IT Initiative Deck – A step-by-step document that walks you through how to plan, compose, and deliver communications to any stakeholder up, down, or across the organization.

    This blueprint not only provides the tools and techniques for planning, composing, and delivering effective communications, but also walks you through practical exercises. Practice and perfect your communication, composition, and delivery skills for any IT initiative.

    • Communicate Any IT Initiative – Phases 1-3

    2. Communicate Any IT Initiative Facilitation Deck – A step-by-step communications workshop deck suitable for any workshop with a communication component.

    Communication concepts and exercises that teach you how to plan, compose, and deliver effective communications. The deck includes practical tools, techniques, and skills practice.

    • Communicate Any IT Initiative Facilitation Deck

    3. Communications Planner – An communications plan template that includes a section to define a change, a communications plan, communications calendars, and a pitch composition exercise.

    This communications planner is a tool that accompanies the Effective IT Communications blueprint and the Communicate Any IT Initiative Facilitation Deck so that you can plan your communications, view your deliverables, and compose your pitch all in one document.

    • Communications Planner Tool

    4. Stakeholder Analysis Tool – A tool to help ensure that all stakeholders are identified and none are missed.

    A tool for identifying stakeholders and conducting an analysis to understand their degree of influence or impact.

    • Stakeholder Management Analysis Tool
    [infographic]

    Further reading

    Communicate Any IT Initiative

    Plan, compose, and deliver communications that engage your audience.

    Executive Summary

    Your Challenge Common Obstacles Info-Tech’s Approach
    Communicating about your initiative is when the work really begins. Many organizations struggle with:
    • Knowing what target audiences need to be communicated with.
    • Communicating the same message consistently and clearly across target audiences.
    • Communicating to target audiences at the right times.
    • Selecting a channel that will be most effective for the message and practicing to deliver that message.
    Some of the challenges IT faces when it comes to communicating its initiatives includes:
    • Not being given the opportunity or time to practice composing or delivering communications.
    • Coordinating the communications of this initiative with other initiative communications.
    • Forgetting to communicate with key stakeholders.
    Choosing not to communicate because we do not know how it’s leading to initiative failures and lack of adoption by impacted parties.
    For every IT initiative you have going forward, focus on following these three steps:
    1. Create a plan of action around who, what, how, and when communications will take place.
    2. Compose an easy-to-understand pitch for each stakeholder audience.
    3. Practice delivering the message in an authentic and clear manner.
    By following these steps, you will ensure that your audience always understands and feels ready to engage with you.

    Info-Tech Insight
    Every IT employee can be a great communicator; it just takes a few consistent steps, the right tools, and a dedication to practicing communicating your message.

    Info-Tech’s approach

    Effective communications is not a broadcast but a dialogue between communicator and audience in a continuous feedback loop.

    Continuous Feedback Loop

    The Info-Tech difference:

    1. The skills needed to communicate effectively as a front-line employee or CIO are the same. It’s important to begin the development of these skills from the beginning of one's career.
    2. Time is a non-renewable resource. Any communication needs to be considered valuable and engaging by the audience or they will be unforgiving.
    3. Don't make data your star. It is a supporting character. People can argue about the collection methods or interpretation of the data, but they cannot argue about the story you share.

    Poor communication can lead to dissatisfied stakeholders

    27.8% of organizations are not satisfied with IT communications.

    25.8% of business stakeholders are not satisfied with IT communications.

    Source: Info-Tech Diagnostic Programs; n=34,345 business stakeholders within 604 organizations

    The bottom line? Stakeholders for any initiative need to be communicated with often and well. When stakeholders become dissatisfied with IT’s communication, it can lead to an overall decrease in satisfaction with IT.

    Good IT initiative communications can be leverage

    • IT risk mitigation and technology initiative funding are dependent on critical stakeholders comprehending the risk impact and initiative benefit in easy-to-understand terms.
    • IT employees need clear and direct information to feel empowered and accountable to do their jobs well.
    • End users who have a good experience engaging in communications with IT employees have an overall increase in satisfaction with IT.
    • Continuously demonstrating IT’s value to the organization comes when those initiatives are clearly aligned to overall objectives – don’t assume this alignment is being made.
    • Communication prevents assumptions and further miscommunication from happening among IT employees who are usually impacted and fear change the most.

    “Nothing gets done properly if it's not communicated well.”
    -- Nastaran Bisheban, CTO KFC Canada

    Approach to communications

    Introduction
    Review effective communications.

    Plan
    Plan your communications using a strategic tool.

    Compose
    Create your own message.

    Deliver
    Practice delivering your own message.

    Info-Tech’s methodology for effective IT communications

    1. Plan Strategic Communications 2. Compose a Compelling Message 3. Deliver Messages Effectively
    Step Activities
    1. Define the Change
    2. Determine Target Audience
    3. Communication Outcomes
    4. Clarify the Key Message(s)
    5. Identify the Owner and Messenger(s)
    6. Select the Right Channels
    7. Establish a Frequency and Time Frame
    8. Obtain Feedback and Improve
    9. Finalize the Calendar
    1. Craft a Pitch
    2. Revise the Pitch
    1. Deliver Your Pitch
    2. Refine and Deliver Again
    Step Outcomes Establish an easy-to-read view of the key communications that need to take place related to your initiative or change. Practice writing a pitch that conveys the message in a compelling and easy-to-understand way. Practice delivering the pitch. Ensure there is authenticity in the delivery while still maintaining the audience’s attention.

    This blueprint can support communication about any IT initiative

    • Strategy or roadmap
    • Major transformational change
    • System integration
    • Process changes
    • Service changes
    • New solution rollouts
    • Organizational restructuring

    We recommend considering this blueprint a natural add-on to any completed Info-Tech blueprint, whether it is completed in the DIY fashion or through a Guided Implementation or workshop.

    Key deliverable:

    Communication Planner
    A single place to plan and compose all communications related to your IT initiative.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    Facilitation Guide
    A step-by-step guide to help your IT organization develop a communication plan and practice composing and delivering key messages.

    Stakeholder Analysis
    An ability to assess all stakeholders based on impact, influence, and involvement.

    Workshop Overview

    MorningAfternoon
    ActivitiesPlan Strategic Communications for Your Initiative
    1. Define the Change
    2. Determine Target Audience
    3. Communication Outcomes
    4. Clarify the Key Message(s)
    5. Identify the Owner and Messenger(s)
    6. Select the Right Channels
    7. Establish a Frequency and Time Frame
    8. Obtain Feedback and Improve
    9. Finalize the Calendar
    Compose and Deliver a Compelling Message
    1. Craft a Pitch
    2. Revise the Pitch
    3. Deliver Your Pitch
    4. Refine and Deliver Again
    Deliverables
    1. Communication planner with weekly, monthly, and yearly calendar views to ensure consistent and ongoing engagement with every target audience member
    1. Crafted pitches that can be used for communicating the initiative to different stakeholders
    2. Skills and ability to deliver messages more effectively

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Key KPIs for communication with any stakeholder

    Measuring communication is hard; use these to determine effectiveness:

    Goal Key Performance Indicator (KPI) Related Resource
    Obtain board buy-in for IT strategic initiatives. X% of IT initiatives that were approved to be funded.
    Number of times that technical initiatives were asked to be explained further.
    Using our Board Presentation Review
    Ensure stakeholders feel engaged during initiatives. X% of business leadership satisfied with the statement “IT communicates with your group effectively.” Using the CIO Business Vision Diagnostic
    End users know what IT initiatives are going to impact the products or services they use. X% of end users that are satisfied with communications around changing services or applications. Using the End-User Satisfaction Survey
    Project stakeholders receive sufficient communication throughout the initiative. X% overall satisfaction with the quality of the project communications. Using the PPM Customer Satisfaction Diagnostic
    Employees are empowered to perform on IT initiatives. X% satisfaction employees have with statement “I have all the resources and information I need to do a great job.” Using the Employee Engagement Diagnostic Program

    Phase 1

    Plan Strategic Communications

    Activities
    1.1 Define the Change
    1.2 Determine Target Audience
    1.3 Communication Outcomes
    1.4 Clarify the Key Message(s)
    1.5 Identify the Owner and Messenger(s)
    1.6 Select the Right Channels
    1.7 Establish a Frequency and Time Frame
    1.8 Obtain Feedback and Improve
    1.9 Finalize the Calendar

    Communicate Any IT Initiative Effectively
    Phase1 > Phase 2 > Phase 3

    This step involves the following participants:
    Varies based on those who would be relevant to your initiative.

    Outcomes of this step
    Create an easy-to-follow communications plan to ensure that the right message is sent to the right audience using the right medium and frequency.

    What is an IT change?

    Before communicating, understand the degree of change.

    Incremental Change:
    • Changes made to improve current processes or systems (e.g. optimizing current technology).
    Transitional Change:
    • Changes that involve dismantling old systems and/or processes in favor of new ones (e.g. new product or services added).
    Transformational Change:
    • Significant change in organizational strategy or culture resulting in substantial shift in direction.
    Examples:
    • New or changed policy
    • Switching from on-premises to cloud-first infrastructure
    • Implementing ransomware risk controls
    • Implementing a learning & development plan
    Examples:
    • Moving to an insourced or outsourced service desk
    • Developing a BI & analytics function
    • Integrating risk into organization risk
    • Developing a strategy (technology, architecture, security, data, service, infrastructure, application)
    Examples:
    • Organizational redesign
    • Acquisition or merger of another organization
    • Implementing a digital strategy
    • A new CEO or board taking over the organization's direction

    Consider the various impacts of the change

    Invest time at the start of the project to develop a detailed understanding of the impact of the change. This will help to create a plan that will simplify the change and save time in the end. Evaluate the impact from a people, process, and technology perspective.

    Leverage a design thinking principle: Empathize with the stakeholder – what will change?

    People

    • Team structure
    • Reporting structure
    • Career paths
    • Job skills
    • Responsibilities
    • Company vision/mission
    • Number of FTE
    • Culture
    • Training required

    Process

    • Budget
    • Work location
    • Daily workflow
    • Working conditions
    • Work hours
    • Reward structure
    • Required number of completed tasks
    • Training required

    Technology

    • Required tools
    • Required policies
    • Required systems
    • Training required

    1.1 Define the change

    30 minutes

    1. While different stakeholders will be impacted by the change differently, it’s important to be able to describe what the change is at a higher level.
    2. Have everyone take eight minutes to jot down what the change is and why it is happening in one to two sentences. Tab 2 of the Communication Planner Tool can also be used to house the different ideas.
    3. Present the change statements to one another.
    4. By leveraging one of the examples or consolidating many examples, as a group document:
      • What is the change?
      • Why is it happening?
    5. The goal is to ensure that all individuals involved in establishing or implementing the change have the same understanding.
    Input Output
    • Individual ideas about what change is occurring and why.
    • A single statement that reflects the change occurring and the rationale for why the change is needed.
    Materials Participants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Ensure effective communication by focusing on four key elements

    Audience
    Stakeholders (either groups or individuals) who will receive the communication.

    Message
    Information communicated to impacted stakeholders. Must be rooted in a purpose or intent.

    Messenger
    Person who delivers the communication to the audience. The communicator and owner are two different things.

    Channel
    Method or channel used to communicate to the audience.

    Identify the target audience

    The target audience always includes groups and individuals who are directly impacted by the change and may also include those who are change adjacent.

    Define the target audience: Identify which stakeholders will be the target audience of communications related to the initiative. Stakeholders can be single individuals (CFO) or groups (Applications Team).

    Stakeholders to consider:

    • Who is sponsoring the initiative?
    • Who benefits from the initiative?
    • Who loses from the initiative?
    • Who can make approvals?
    • Who controls resources?
    • Who has specialist skills?
    • Who implements the changes?
    • Who will be adversely affected by potential environmental and social impacts in areas of influence that are affected by what you are doing?
    • At which stage will stakeholders be most affected (e.g. procurement, implementation, operations, decommissioning)?
    • Will other stakeholders emerge as the phases are started and completed?

    1.2a Determine target audience

    20 minutes

    1. Consider all the potential individuals or groups of individuals who will be impacted or can influence the outcome of the initiative.
    2. On tab 3 of the Communication Planner Tool, list each of the stakeholders who will be part of the target audience. If in person, use sticky notes to define the target audiences. The individuals or group of individuals that make up the target audience are all the people who require being communicated with before, during, or after the initiative.
    3. As you list each target audience, consider how they perceive IT. This perception could impact how you choose to communicate with the stakeholder(s).
    InputOutput
    • The change
    • Why the change is needed
    • A list of individuals or group of individuals that will be communicated with.
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    1.2b Conduct a stakeholder analysis (optional)

    1 hour

    1. For each stakeholder identified as a part of the target audience, conduct an analysis to understand their degree of influence or impact.
    2. Based on the stakeholder, the influence or impact of the change, initiative, etc. can inform the type and way of communicating.
    3. This is a great activity for those who are unsure how to frame communications for each stakeholder identified as a target audience.
    InputOutput
    • The change
    • Why the change is needed
    • A list of individuals or group of individuals that will be communicated with
    • The degree of influence or impact each target audience stakeholder has.
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Stakeholder Management Analysis Tool

    Determine the desired outcome of communicating with each audience

    For each target audience, there will be an overall goal on why they need to be communicated with. This outcome or purpose is often dependent on the type of influence the stakeholder wields within the organization as well as the type of impact the change or initiative will have. Depending on the target audience, consider each of the communication outcomes listed below.

    Communicating Across the Organization Communicating Up to Board or Executives Communicating Within IT
    • Obtain buy-in
    • Obtain approval
    • Obtain funding
    • Demonstrate alignment to organization objectives
    • Reduce concerns about risk
    • Demonstrate alignment to organization objectives
    • Demonstrate alignment to individual departments or functions
    • Obtain other departments’ buy-in
    • Inform about a crisis
    • Inform about the IT change
    • Obtain adoption related to the change
    • Obtain buy-in
    • Inform about the IT change
    • Create a training plan
    • Inform about department changes
    • Inform about organization changes
    • Inform about a crisis
    • Obtain adoption related to the change
    • Distribute key messages to change agents

    1.3 Communication outcomes

    30 minutes

    1. For each stakeholder, there may be one or more reasons why you need to communicate with them. On tab 3 of the Communication Planner Tool or on a whiteboard, begin to identify the objective or outcome your team is seeking by engaging in each target audience.
    2. As you move through the communication outcomes, it could result in more than one outcome for each target audience.
    3. Ensure there is one line for each target audience desired communication outcome. Many stakeholders might need to be communicated with for several reasons. If using the Communication Planner Tool, add the target audience name in column C for as many different communication outcomes there are in column D related to that stakeholder.
    InputOutput
    • The change
    • A list of individuals or group of individuals that will be communicated with
    • Outcome or objective of communicating with each stakeholder
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Establish and define key messages based on organizational objectives

    What are key messages?
    • Key messages guide all internal communications to ensure they are consistent, unified, and straightforward.
    • Distill key messages down from organizational objectives and use them to reinforce the organization’s strategic direction. Key messages should inspire employees to act in a way that will help the organization reach its objectives.
    How to establish key messages: Ground key messages in organizational strategy and culture. These should be the first places you look to determine the organization’s key messages:
    • Refer to organizational strategy documents. What needs to be reinforced in internal communications to ensure the organization can achieve its strategy? This is a key message.
    • Look at the organization’s values. How do values guide how work should be done? Do employees need to behave in a certain way or keep a certain value top of mind? This is a key message.

    Key messages should be clear, concise, and consistent (Porter, 2014). The intent is to convey important information in a way that is relatable and memorable, to promote reinforcement, and ultimately, to drive action.

    Info-Tech Insight
    Empathizing with the audience is key to anticipating and addressing objections as well as identifying benefits. Customize messaging based on audience attributes such as work model (e.g. hybrid), anticipated objections, what's in it for me? (WIIFM), and specific expectations.

    1.4 Clarify the key messages

    25 minutes

    1. Divide the number of communication lines up equally amongst the participants.
    2. Based on the outcome expected from engaging that target audience in communications, define one to five key messages that should be expressed.
    3. The key messages should highlight benefits anticipated, concerns anticipated, details about the change, and plan of action or next steps. The goal here is to ensure the target audience is included in the communication process.
    4. The key messages should be focused on how the target audience receives a consistent message, especially if different communication messengers are involved.
    5. Document the key messages on tab 3 of the Communication Planner Tool.
    InputOutput
    • The change
    • Target audience
    • Communication outcomes
    • Key messages to support a consistent approach
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Understand to how to identify appropriate messengers

    Messages must be communicated by a variety of individuals across the organization. Select the messenger depending on the message characteristics (e.g. audience, message, medium). The same messenger can be used for a variety of messages across different mediums.

    Personal impact messages should be delivered by an employee's direct supervisor.

    Organizational impact messages and rationale should be delivered by senior leaders in the affected areas.

    Chart Preferred Messenger for Change Messages

    Recent research by Prosci found employees prefer to hear personal messages from their direct manager and organizational messages from the executive leadership team.

    Fifty percent of respondents indicated the CEO as the preferred messenger for organizational change messages.

    Select the appropriate messenger

    For each audience, message, and medium, review whether the message is personal or organizational to determine which messengers are best.

    The number and seniority of messengers involved depends on the size of the change:

    • Incremental change
      • Personal messages from direct supervisors
      • Organizational messages from a leader in the audience’s function or the direct supervisor
    • Transitional change
      • Personal messages from direct supervisors or function leaders
      • Organizational messages from a leader in the audience’s function or the C suite
    • Transformational change
      • Personal messages from direct supervisors or function leaders
      • Organizational messages from the CEO or C-suite
      • Cascading messages are critical in this type of change because all levels of the organization will be involved

    Communication owner vs. messenger

    Communication Owner

    Single person
    Accountable for the communication message and activities
    Oversees that the communication does not contradict other communications
    Validates the key messages to be made

    Communication Messenger(s)

    Single person or many people
    Responsible for delivering the intended message
    Engages the target audience in the communication
    Ensures the key messages are made in a consistent and clear manner

    1.5 Identify the owner and messenger(s)

    30 minutes

    1. For every communication, there needs to be a single owner. This is the person who approves the communication and will be accountable for the communication
    2. The messenger(s) can be several individuals or a single individual depending on the target audience and desired outcome being sought through the communications.
    3. Identify the person or role who will be accountable for the communication and document this in the Communication Planner Tool.
    4. Identify the person(s) or role(s) who will be responsible for delivering the communication and engaging the target audience and document this in the Communication Planner Tool.
    Input Output
    • Individual ideas about what change is occurring and why.
    • A single statement that reflects the change occurring and the rationale for why the change is needed.
    Materials Participants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Review appropriate channel for different types of messages

    Communication channels are in-person, paper-based, or tech-enabled. Provide communicators with guidance on which mediums to use in different situations.

    First question: Should the communication be delivered in-person or not?
    Types of channels In-Person Paper-Based or Tech-Enabled
    Questions to consider
    • How is your message likely to be received? Is the message primarily negative?
    • Will the message prompt a lot of dialogue or questions? Will it require significant context or clarification?
    Note: Messages that are important, complex, or negative must be delivered in person. This allows the sender to provide context, clarify questions, and collect feedback.
    • Use paper-based and tech-enabled communications to provide reminders or updates.
    • When deciding which of the two to use, think about your audience: do they have regular access to a computer?
    Two-way interaction Supplement in-person communications with paper-based or tech-enabled communications to provide follow-up and consistency (Government of Nova Scotia). Tech-enabled communications allow the sender to deliver messages when they do not co-locate with the receiver. That said, make sure paper-based communications are provided to those without regular access to a computer.

    Consider accessibility when communicating change – not all employees will have access to the same mediums. To ensure inclusivity, strategically plan which mediums to use to reach the entire audience.

    Select communication channels

    Medium Description Key Messages When to Use
    One-on-One Meetings Individual meetings between managers and their direct reports to ensure they understand the change, can express any concerns, and obtain feedback or recommendations.
    • How the change will impact the employee, what they can expect throughout the change, how they can get support, what the timelines are, etc.
    • Requests for feedback.
    • Responses to feedback.
    • Most applicable for personal messages throughout all stages of change.
    • When real-time feedback is needed.
    • To understand the change’s impact on each employee, understand their emotional reactions and provide support.
    • After a change has been announced and continuing at a regular cadence until after the change has been implemented. Frequency of meetings will vary by employee over the course of the change.
    Team Meeting A meeting of a work unit or department. Can be virtual, in person, or a combination. Led by the work unit or department head/manager.
    • How the change will impact the team – how work gets done, who they work with, etc.
    • Available timelines regarding the change.
    • Support available throughout the change.
    • Most applicable for personal messages throughout all change stages.
    • When real-time communication is needed to keep everyone on the same page and provide an opportunity to ask questions (essential for buy-in).
    • To announce a small change or after a larger change announcement. Continue frequently until the end of adoption, with time reserved for ad hoc meetings.
    Email Electronic communication sent to the audience’s company emails, or in the absence of that, to their personal emails.
    • Overarching details and timelines.
    • Short, easy-to-digest pieces of information that either provide a summary of what to expect or describe actions employees need to take.
    • Applicable for both personal and organizational messages, depending on the messenger. Send personal messages in separate emails from organizational messages.
    • To communicate key details quickly and to a distributed workforce.
    • To reinforce or reiterate information that has been shared in person. Can be used broadly or target specific employees/groups.

    Select communication channels

    Medium Description Key Messages When to Use
    Town Hall Virtual or in-person meeting where senior leadership shares information with a wide audience about the change and answers questions.
    • Messaging that is applicable to a large audience.
    • The strategic decisions of senior leadership.
    • Highlight positive initiative outcomes.
    • Recognize employee efforts.
    • Report on engagement.
    • Most applicable for organizational messages to launch a change or between milestones in a long-term or complex change.
    • To enable senior leaders to explain strategic decisions to employees.
    • To allow employees to ask questions and provide feedback.
    • When support of senior leadership is critical to change success.
    Roadshow A series of meetings where senior leadership or the change champion travels to different geographic locations to hold town halls adapted to each location’s audience.
    • Why the change is happening, when the change is happening, who will be impacted, expectations, and key points of contact.
    • Most applicable for organizational messages to launch a change and between milestones during a long-term, large, or complex change.
    • For a change impacting several locations.
    • When face time with senior leadership is critical to developing understanding and adoption of the change. Satellite locations can often feel forgotten. A roadshow provides access to senior leadership and lends the credibility of the leader to the change.
    • To enable live two-way communication between employees and leadership.

    Select communication channels

    Medium Description Key Messages When to Use
    Intranet An internal company website that a large number of employees can access at any time.
    • Information that has already been communicated to the audience before, so they can access it at any time.
    • FAQs and/or general details about the change (e.g. milestones).
    • Most applicable for organizational messages.
    • To post relevant documentation so the audience can access it whenever they need it.
    • To enable consistency in answers to common questions.
    Training Scheduled blocks of time for the team to learn new skills and behaviors needed to successfully adapt to the change.
    • Reinforce the need for change and the benefits the change will have.
    • Most applicable for organizational messages during the implementation stage.
    • To reduce anxiety over change initiatives, improve buy-in, and increase adoption by helping employees develop skills and behaviors needed to perform effectively.
    Video Message A prerecorded short video clip designed for either simultaneous broadcast or just-in-time viewing. Can be sent over email or mobile or uploaded to a company portal/intranet.
    • Positive messaging to convey enthusiasm for the change.
    • Details about why the organization is changing and what the benefits will be, updates on major milestone achievements, etc.
    • Most applicable for organizational messages, used on a limited basis at any point during the change.
    • Effective when the message needs to appear more personal by putting a face to the message and when it can be presented in a condensed time frame.
    • When a message needs to be delivered consistently across a variety of employees, locations, and time zones.
    • To provide updates and recognize key achievements.

    Select communication channels

    Medium Description Key Messages When to Use
    Shift Turnover Meeting A meeting between teams or departments when a shift changes over; sometimes called a shift report. Used to communicate any relevant information from the outgoing shift to the incoming shift members.
    • Details related to the activities performed during the shift.
    • Most applicable for personal impact messages during the implementation stage to reinforce information shared using other communication mediums.
    • Where change directly impacts role expectations or performance so teams hear the same message at the same time.
    Company Newsletter Electronic or hardcopy newsletter published by the company. Contains timely updates on company information.
    • Overarching change details.
    • Information that has already been communicated through other mediums.
    • Varies with the change stage and newsletter frequency.
    • Most applicable for organizational messages throughout the change.
    • When the change implementation is expected to be lengthy and audiences need to be kept updated.
    • To celebrate change successes and milestone achievements.
    Sign/Poster Digital or paper-based sign, graphic, or image. Includes posters, screensavers, etc.
    • Positive messaging to convey enthusiasm for the change.
    • Key dates and activities.
    • Key contacts.
    • Most applicable for organizational messages throughout the change.
    • As visual reminders in common, highly visible locations (e.g. a company bulletin board, elevator TV monitors).

    1.6 Select the right channels

    20 minutes

    1. Consider the different channels that were described and presented on the previous five slides. Each channel has element(s) to it that will allow it to be more beneficial based on the communication target audience, outcome, and messenger.
    2. Evenly assign the number of communication rows on tab 3 of the Communication Planner Tool and input the channel that should be used.
    3. Consider if the channel will:
      • Obtain the desired outcome of the communication.
      • Be completed by the messenger(s) defined.
      • Support the target audience in understanding the key messages.
    4. If any target audience communication requires several channels, add additional rows to the planner on TAB 3.
    InputOutput
    • Target audience
    • Communication outcome
    • Communication messenger(s)
    • The right channel selected to support the desired communication outcome.
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Define the communication time frame based on the initiative

    Communication occurs during four of the five stages of an initiative:

    01 Identify and prioritize 02 Prepare for initiative 03 Create a communication plan 04 Implement change 05 Sustain the desired outcome
    Before During After
    • Communication begins with sponsors and the project team.
    • Set general expectations with project team and sponsors.
    • Outline the communication plan for the remaining stages.
    • Set specific expectations with each stakeholder group.
    • Implement the communication plan.
    • Use feedback loops to determine updates or changes to communications.
    • Communication continues as required after the change.
    • Feedback loops continue until change becomes business as usual.
    Where communication needs to happen

    Don’t forget: Cascade messages down through the organization to ensure those who need to deliver messages have time to internalize the change before communicating it to others. Include a mix of personal and organizational messages, but where possible, separate personal and organizational content into different communications.

    Establish a frequency that aligns to the desired communication outcome

    Successful communications are frequent communications.

    • The cadence of a communication is highly dependent on the objective of the communication.
    • Each target requires a different frequency as well:
      • Board Presentations > four times a year is a good frequency
      • Executive Leadership > monthly frequency
      • Organizationally > annually and when necessary
      • Organization Crises > daily, if not hourly
      • IT Initiatives and Projects > weekly
      • IT Teams > weekly, if not daily

    Tech Team Frequency for Discussing Goals

    “When goals are talked about weekly, teams are nearly 3X more likely to feel confident hitting them.”
    – Hypercontext, 2022

    Info-Tech Insight
    Communications made once will always fail. Ensure there is a frequency appropriate for every communication — or do not expect the desired outcome.

    1.7 Establish a frequency and time frame

    30 minutes

    1. For each row in tab 3, determine how frequently that communication needs to take place and when that communication needs to be completed by.
      • Frequency: How often the communication will be delivered to the audience (e.g. one-time, monthly, as needed).
      • Time frame: When the communication will be delivered to the audience (e.g. a planned period or a specific date).
    2. When selecting the time frame, consider what dependencies need to take place prior to that communication. For example, IT employees should not be communicated with on anything that has not yet been approved by the CEO. Also consider when other communications might be taking place so the message is not lost in the noise.
    3. For frequency, the only time that a communication needs to take place once is when presenting up to senior leaders of the organization. And even then it will sometimes require more than one conversation. Be mindful of this.
    InputOutput
    • The change
    • Target audience
    • Communication outcome
    • Communication channel
    • Frequency and time frame of the communication
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    First, ensure feedback mechanisms are in place

    Soliciting and acting on feedback involves employees in the decision-making process and demonstrates to them that their contributions matter.

    Prior to the strategy rollout, make sure you have also established feedback mechanisms to collect feedback on both the messages delivered and how they were delivered. Some ways to collect feedback include:

    • Evaluating intranet comments and interactions (likes, etc.) if this function is enabled.
    • Measuring comprehension and satisfaction through surveys and polls.
    • Looking for themes in the feedback and questions employees bring forward to managers during in-person briefings.

    Feedback Mechanisms:

    • CIO Business Vision Survey
    • Engagement Surveys
    • Focus Groups
    • Suggestion Boxes
    • Team Meetings
    • Random Sampling
    • Informal Feedback
    • Direct Feedback
    • Audience Body Language
    • Repeating the Message Back

    Select metrics to measure progress on key results

    There are two types of metrics that can be used to measure the impact of an internal communications strategy and progress toward strategy goals. These metrics are used to measure both outputs and outcomes.

    Select metrics measuring both:
    Tactical Effectiveness (Outputs) Strategic Effectiveness (Outcomes)
    • Open rate
    • Click-through rate
    • Employee sentiment
    • Participation rates
    • Physical distractions
    • Shift in behavior
    • Manager capability to communicate
    • Organizational ability to meet goals
    • Engagement
    • Turnover

    Pyramid of metrics to measure process on key results

    1.8 Obtain feedback and improve

    20 minutes

    1. Evenly distribute the number of rows in the communication plan to all those involved. Consider a metric that would help inform whether the communication outcome was achieved.
    2. For each row, identify a feedback mechanism (slide 38) that could be used to enable the collection and confirm a successful outcome.
    3. Come back as a group and validate the feedback mechanisms selected.
    4. The important aspect here is not just to measure if the desired outcome was achieved. However, if the desired outcome is not achieved, consider what you might do to change or enable better communication to that target audience.
    5. Every communication can be better. Feedback, whether it is tactical or strategic, will help inform methods to improve future communication activities.
    InputOutput
    • Communication outcome
    • Target audience
    • Communication channel
    • A mechanism to measure communication feedback and adjust future communications when necessary.
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Example of internal communications survey

    Use and modify the questions below when building an internal communications survey. Use a Likert scale to gauge responses.

    1. I am satisfied with the communications at our organization.
    2. I am kept fully informed of news and updates relevant to our organization.
    3. I receive information that is relevant to me on a regular basis.
    4. I have the information I need to do my job.
    5. I know where to go to find the information I am looking for.
    6. My manager communicates with me in-person on a regular basis.
    7. I feel I can believe the information I receive from the company.
    8. I feel heard by senior leaders and know that they have received my feedback.
    9. The content and information that I receive is interesting to me.

    Create an easy-to-read approach to communication

    Example of an easy-to-read approach to communication

    1.9 Finalize the calendar

    2 hours

    1. Once the information on tabs 2 and 3 of the Communication Planner Tool has been completed, start to organize the information in an easy-to-read view.
    2. Using the annual, monthly, and weekly calendar views on tabs 3 to 5, begin to formalize the dates of when communications will take place.
    3. Following the instructions on each tab, complete one or all of the views of the communication plan. Remember, the stakeholder that makes up the target audience needs to be considered and whether this communication will overlap with any other communications.
    InputOutput
    • Communication Plan on tab 2
    • Yearly, monthly, and weekly communication calendars
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Phase 2

    Compose a Compelling Message

    Activities

    2.1 Craft a Pitch
    2.2 Revise the Pitch

    This step involves the following participants:
    Varies based on those who would be relevant to your initiative.

    Outcomes of this step
    Ability to create a clear, concise, and consistent message using best practices and a pitch framework.

    Communication Any IT Initiative Effectively

    Phase 1 > Phase 2 > Phase 3

    Include all the following pieces in your message for an effective communication

    Pieces needed in your message for effective communication

    Info-Tech Insight
    Time is a non-renewable resource. The message crafted must be considered a value-add communication to your audience.

    Enable good communication with these components

    Be Consistent Be Clear
    • The core message must be consistent regardless of audience, channel, or medium.
    • Test your communication with your team or colleagues to obtain feedback before delivering to a broader audience.
    • A lack of consistency can be interpreted as an attempt at deception. This can hurt credibility and trust.
    • Say what you mean and mean what you say.
    • Choice of language is important: “Do you think this is a good idea? I think we could really benefit from your insights and experience here.” Or do you mean: “I think we should do this. I need you to do this to make it happen.”
    • Don’t use jargon.
    Be Relevant Be Concise
    • Talk about what matters to the stakeholder.
    • Talk about what matters to the initiative.
    • Tailor the details of the message to each stakeholder’s specific concerns.
    • IT thinks in processes but stakeholders only care about results: talk in terms of results.
    • IT wants to be understood, but this does not matter to stakeholders. Think: “what’s in it for them?”
    • Communicate truthfully; do not make false promises or hide bad news.
    • Keep communication short and to the point so key messages are not lost in the noise.
    • There is a risk of diluting your key message if you include too many other details.
    • If you provide more information than necessary, the clarity and consistency of the message can be lost.

    Draft the core messages to communicate

    Draft core messages communicating information consistent with the high-level communications plan. This includes the overall goal of communications, key messaging, specifics related to the change action, and customizations for each audience. It’s also important to:

    1. Hook your audience: Use a compelling introduction that ensures your target audience cares about the message. Use a statistic or another piece of information that presents the problem in a unique way.
    2. Demonstrate you can help: Let the audience know that based on the unique problem you can help. There is value to engaging and working with you further.
    3. Repeat messages several times and through several messengers and mediums throughout the change stages to ensure all audience members receive and understand the details.
    4. Write for the ear: Use concise and clear sentences, avoid technological language, and when you speak it aloud ensure it sounds like how you would normally speak.
    5. Keep messaging positive but realistic. Avoid continually telling stakeholders that “change is hard.” Instead, communicate messages around change success to positively prime the audience’s mindset (Harvard Business Review).
    6. Communicate what is meaningfully unchanged. Not everything will be impacted by the change. To help reduce fears, include information about meaningful aspects of employees’ work that will not be changing (e.g. employees are moving to report to a new manager on a new team, but the job responsibilities are staying the same).
    7. Finish with a call to action: Your concluding statement should not be a thank-you but a call to action that ignites how your audience will behave after the communication.

    Components of a good pitch

    Key Components of a Good Pitch
    Purpose of the pitch What are you asking for? What is the desired outcome of the conversation? What three things do you want the audience to take away?
    Speak to what matters to them Who is your audience and what are their biggest challenges today? What do they care? What is the “so what”? Humanize it. Start with an example of a real person.
    Sell the improvement How is your solution going to solve that problem? Is your solution a pain killer or vitamin?
    Show real value How will your solution create real value? How can that be measured? Give an example.
    Discuss potential fears Identify and alleviate fears the stakeholder may have in working with you. Think about what they think now and what you want them to think.
    Have a call to action Identify what your ask is. What are you looking for from the stakeholder? Listen and respond.
    Follow up with a thank-you Did you ensure that the participants’ time was respected and appreciated? Be genuine and sincere.

    Key questions to answer with change communication

    To effectively communicate change, answer questions before they’re asked, whenever possible. To do this, outline at each stage of the change process what’s happening next for the audience and answer other anticipated questions. Pair key questions with core messages in change communications.

    Examples of key questions by change stage include:

    What is changing?
    When is the change expected?
    Who will be championing the change?
    What are the change expectations?
    Will I have input into how the change is happening?
    What’s happening next?
    Why are we changing?
    Why is the change happening now?
    What are the risks of not changing?
    What will be new?
    What’s in it for me?
    What training will be available?
    Who will be impacted?
    How will I be impacted?
    How will my team be impacted?
    What’s happening next?
    Who should I contact with questions or concerns?
    How will I be updated?
    How can I access more information?
    Will the previous process be available throughout the new process implementation?
    What needs to be done and what needs to stop to succeed?
    Will I be measured on this change?
    What’s happening next?
    How can I access more information?
    Will this change be added to key performance indicators?
    How did the change implementation go?
    What’s happening next?
    Before change During change After change
    Prepare for change Create change action and communication plan Implement change Sustain the change

    2.1 Craft a pitch

    20 minutes

    1. Using the set of stakeholders identified in activity 1.2, every participant takes one stakeholder.
    2. Open tab 7 of the Communication Planner Tool or use a piece of paper and create a communication message specific to that stakeholder.
    3. Select a topic from your workshop or use something you are passionate about.
    4. Consider the pitch components as a way to create your pitch. Remember to use what you have learned from the planning and composing sections of this training (in bold).
    5. Compose a three-minute pitch that you will deliver to your audience member.
    InputOutput
    • Individual ideas about what change is occurring and why.
    • A single statement that reflects the change occurring and the rationale for why the change is needed.
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Communication Composition Checklist

    • Did you open the communication with a statistic or other memorable piece of information?
    • Is the topic being communicated in a compelling way that engages the target audience?
    • Are there statistics or data to support the story?
    • Are the statistics and data clear so they cannot be conveyed in any other way than their intended method?
    • Are you writing in clear and concise sentences?
    • Are you avoiding any technical jargon?
    • Is the message only focused on what needs to be said? Have you removed all unnecessary components?
    • Is the content organized in priority order? Could you adapt if the presentation time is shortened?
    • Is the way the communication is written sound like how you would speak normally? Are you writing for the ear?
    • Do you have a clear call to action that the audience will be asked to complete at the end?
    • Does your communication encourage discussion with the target audience? Is the audience a part of the solution?

    2.2 Revise the pitch

    10 minutes

    1. Review the pitch that was created in activity 2.1.
    2. Consider what could be done to make the pitch better:
      • Concise: Identify opportunities to remove unnecessary information.
      • Clear: It uses only terms or language the target audience would understand.
      • Relevant: It matters to the target audience and the problems they face.
      • Consistent: The message could be repeated across audiences.
    3. Validate that when you say the pitch out loud, it sounds like something you would say normally when communicating with other people.
    4. Make updates to the pitch and get ready to present.
    Input Output
    • Individual ideas about what change is occurring and why.
    • A single statement that reflects the change occurring and the rationale for why the change is needed.
    Materials Participants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Phase 3

    Deliver Messages Effectively

    Activities
    3.1 Deliver Your Pitch
    3.2 Refine and Deliver Again

    This step involves the following participants:
    Varies based on those who would be relevant to your initiative.

    Outcomes of this step
    Ability to deliver the pitch in a manner that is clear and would be understood by the specific stakeholder the pitch is intended for.

    Communicate Any IT Initiative Effectively

    Phase 1 > Phase 2 > Phase 3

    Hone presentation skills before meeting with key stakeholders

    Using voice and body

    Think about the message you are trying to convey and how your body can support that delivery. Hands, stance, and frame all have an impact on what might be conveyed.

    If you want your audience to lean in and be eager about your next point, consider using a pause or softer voice and volume.

    Be professional and confident

    State the main points of your presentation confidently. While this should be obvious, it is essential. Your audience should be able to clearly see that you believe the points you are stating.

    Present in a way that is genuine to you and your voice. Whether you have an energetic personality or a calm and composed personality, the presentation should be authentic to you.

    Connect with your audience

    Look each member of the audience in the eye at least once during your presentation. Avoid looking at the ceiling, the back wall, or the floor. Your audience should feel engaged – this is essential to keeping their attention.

    Avoid reading from your slides. If there is text on a slide, paraphrase it while maintaining eye contact.

    Info-Tech Insight
    You are responsible for the response of your audience. If they aren’t engaged, it is on you as the communicator.

    Use clear slides that avoid distracting the audience

    Which slide will be better to present?

    Sample A:

    Sample A

    Sample B:

    Sample B

    3.1 Deliver your pitch

    20 minutes

    1. Take ten minutes to think about how to deliver your pitch. Where will you emphasize words, speak louder, softer, lean in, stand tall, make eye contact, etc.?
    2. Group into pairs. One person is the speaker and the other the audience.
    3. Set a timer on your phone or watch.
    4. Speaker:
      1. Take a few seconds to center yourself and prepare to deliver your pitch.
      2. Deliver your pitch to Person 2. Don’t forget to use your body language and your voice to deliver.
    5. Audience:
      1. Repeats ideas back to Person 1. Are the ideas correct? Are you convinced?
      2. Identifies who the audience is. Are they correct?
    6. Reverse roles and repeat.
    7. Discuss and provide feedback to one another.
    InputOutput
    • Written pitch
    • Best practices for delivering
    • An ability to deliver the pitch in a clear and concise manner that could be understood by the intended stakeholder.
    • Feedback from person 2.
    MaterialsParticipants
    • Pitch framework
    • Communications Plan Tool
    • Piece of paper
    • Varies based on those who would be relevant to your initiative.

    Communication Delivery Checklist

    • Are the slides clean so the audience can focus on your speaking and not on reading the context-heavy slide?
    • Have you practiced delivering the communication to team members or coaches?
    • Have you practiced delivering the communication to someone with little to no technology background?
    • Are you making yourself open to feedback and improvement opportunities?
    • If the communication is derailed from your plan, are you prepared to handle that change?
    • Can you deliver the communication without reading your notes word for word?
    • Have you adapted your voice throughout the communication to highlight specific components you want the audience to focus on?
    • Are you presenting in a way that is genuine to you and your personality?
    • Can you communicate the message within the time allotted?
    • Are you moving in an appropriate manner based on your communication (e.g. toward the screen, across the stage, hand gestures).

    3.2 Refine and deliver again

    1 hour

    1. Go back to what you wrote as your pitch and take ten minutes to eliminate more information to get the pitch down to two minutes based on the feedback from your original partner.
    2. Repeat the last exercise where you deliver your pitch; however, deliver it to the larger group this time.
    3. Focus on ways to adjust body language and voice to make the message more compelling.
    4. Identify if your audience is telling you anything with their body language (e.g. leaning in, leaning back). Use this to adjust as you are presenting.
    5. Have the group provide additional feedback on what was effective about the message and opportunities to further improve the message.
    InputOutput
    • Three-minute pitch
    • Feedback from first delivery
    • An ability to deliver the pitch in a clear and concise manner that could be understood by the intended stakeholder.
    MaterialsParticipants
    • Pitch framework
    • Communications Plan Tool
    • Piece of paper
    • Varies based on those who would be relevant to your initiative.

    Info-Tech Insight
    Whether the CIO or a service desk technician, delivering a presentation is a fear for every role in IT. Prepare your communication to help overcome the fears that are within your control.

    Research Contributors and Experts

    Anuja Agrawal, National Communications Director, PwC

    Anuja Agrawal
    National Communications Director
    PwC

    Anuja is an accomplished global communications professional, with extensive experience in the insurance, banking, financial, and professional services industry in Asia, the US, and Canada. She is currently the National Communications Director at PwC Canada. Her prior work experience includes communication leadership roles at Deutsche Bank, GE, Aviva, and Veritas. Anuja works closely with senior business leaders and key stakeholders to deliver measurable results and effective change and culture building programs. Anuja has experience in both internal and external communications, including strategic leadership communication, employee engagement, PR and media management, digital and social media, M&A/change and crisis management. Anuja believes in leveraging digital tools and technology-enabled solutions combined with in-person engagement to help improve the quality of dialogue and increase interactive communication within the organization to help build an inclusive culture of belonging.

    Nastaran Bisheban, Chief Technology Officer, KFC Canada

    Nastaran Bisheban
    Chief Technology Officer
    KFC Canada

    A passionate technologist and seasoned transformational leader. A software engineer and computer scientist by education, a certified Project Manager that holds an MBA in Leadership with Honors and Distinction from University of Liverpool. A public speaker on various disciplines of technology and data strategy with a Harvard Business School executive leadership program training to round it all. Challenges status quo and conventional practices; is an advocate for taking calculated risk and following the principle of continuous improvement. With multiple computer software and project management publications she is a strategic mentor and board member on various non-profit organizations. Nastaran sees the world as a better place only when everyone has a seat at the table and is an active advocate for diversity and inclusion.

    Heidi Davidson, Co-founder & CEO, Galvanize Worldwide and Galvanize On Demand

    Heidi Davidson
    Co-founder & CEO
    Galvanize Worldwide and Galvanize On Demand

    Dr. Heidi Davidson is the Co-Founder and CEO of Galvanize Worldwide, the largest distributed network of marketing and communications experts in the world. She also is the Co-Founder and CEO of Galvanize On Demand, a tech platform that matches marketing and communications freelancers with client projects. Now with 167 active experts, the Galvanize team delivers startup advisory work, outsourced marketing, training, and crisis communications to organizations of all sizes. Before Galvanize, Heidi spent four years as part of the turnaround team at BlackBerry as the Chief Communications Officer and SVP of Corporate Marketing, where she helped the company move from a device manufacturer to a security software provider.

    Eli Gladstone, Co-founder, Speaker Labs

    Eli Gladstone
    Co-Founder
    Speaker Labs

    Eli is a Co-Founder of Speaker Labs. He has spent over 6 years helping countless individuals overcome their public speaking fears and communicate with clarity and confidence. When he's not coaching others on how to build and deliver the perfect presentation, you'll probably find him reading some weird books, teaching his kids how to ski or play tennis, or trying to develop a good enough jumpshot to avoid being a liability on the basketball court.

    Francisco Mahfuz, Keynote Speaker & Storytelling Coach

    Francisco Mahfuz
    Keynote Speaker & Storytelling Coach

    Francisco Mahfuz has been telling stories in front of audiences for a decade, and even became a National Champion of public speaking. Today, Francisco is a keynote speaker and storytelling coach and offers communication training to individuals and international organisations, and has worked with organisations like Pepsi, HP, the United Nations, Santander and Cornell University. He's the author of Bare: A Guide to Brutally Honest Public Speaking, the host of The Storypowers Podcast, and he’s been part of the IESE MBA communications course since 2020. He's received a BA in English Literature from Birkbeck University in London.

    Sarah Shortreed, EVP & CTO, ATCO Ltd.

    Sarah Shortreed
    EVP & CTO
    ATCO Ltd.

    Sarah Shortreed is ATCO’s Executive Vice President and Chief Technology Officer. Her responsibilities include leading ATCO’s Information Technology (IT) function as it continues to drive agility and collaboration throughout ATCO’s global businesses and expanding and enhancing its enterprise IT strategy, including establishing ATCO’s technology roadmap for the future. Ms. Shortreed's skill and expertise are drawn from her more than 30-year career that spans many industries and includes executive roles in business consulting, complex multi-stakeholder programs, operations, sales, customer relationship management and product management. She was recently the Chief Information Officer at Bruce Power and has previously worked at BlackBerry, IBM and Union Gas. She sits on the Board of Governors for the University of Western Ontario and is the current Chair of the Chief Information Officer (CIO) Committee at the Conference Board of Canada.

    Eric Silverberg, Co-Founder Speaker Labs

    Eric Silverberg
    Co-Founder
    Speaker Labs

    Eric is a Co-Founder of Speaker Labs and has helped thousands of people build their public speaking confidence and become more dynamic and engaging communicators. When he's not running workshops to help people grow in their careers, there's a good chance you'll find him with his wife and dog, drinking Diet Coke and rewatching iconic episodes of the reality TV show Survivor! He's such a die-hard fan, that you'll probably see him playing the game one day.

    Stephanie Stewart, Communications Officer & DR Coordinator, Info Security Services Simon Fraser University

    Stephanie Stewart
    Communications Officer & DR Coordinator
    Info Security Services Simon Fraser University

    Steve Strout, President, Miovision Technologies

    Steve Strout
    President
    Miovision Technologies

    Mr. Strout is a recognized and experienced technology leader with extensive experience in delivering value. He has successfully led business and technology transformations by leveraging many dozens of complex global SFDC, Oracle and/or SAP projects. He is especially adept at leading what some call “Project Rescues” – saving people’s careers where projects have gone awry; always driving "on-time and on-budget.“ Mr. Strout is the current President of Miovision Technologies and the former CEO and board member of the Americas’ SAP Users’ Group (ASUG). His wealth of practical knowledge comes from 30 years of extensive experience in many CxO and executive roles at some prestigious organizations such as Vonage, Sabre, BlackBerry, Shred-it, The Thomson Corporation (now Thomson Reuters) and Morris Communications. Served on Boards including Customer Advisory Boards of Apple, AgriSource Data, Dell, Edgewise, EMC, LogiSense, Socrates.ai, Spiro Carbon Group, and Unifi.

    Info-Tech Research Group Contributors:
    Sanchia Benedict, Research Lead
    Koula Bouloukos, Production Manager
    Antony Chan, Executive Counsellor
    Janice Clatterbuck, Executive Counsellor
    Ahmed Jowar, Research Specialist
    Dave Kish, Practice Lead
    Nick Kozlo, Senior Research Analyst
    Heather Leier Murray, Senior Research Analyst
    Amanda Mathieson, Research Director
    Carlene McCubbin, Practice Lead
    Joe Meier, Executive Counsellor
    Andy Neill, AVP, Research
    Thomas Randall, Research Director

    Plus an additional two contributors who wish to remain anonymous.

    Related Info-Tech Research

    Boardroom Presentation Review

    • You will come away with a clear, concise, and compelling board presentation that IT leaders can feel confident presenting in front of their board of directors.
    • Add improvements to your current board presentation in terms of visual appeal and logical flow to ensure it resonates with your board of directors.
    • Leverage a best-of-breed presentation template.

    Build a Better Manager

    • Management skills training is needed, but organizations are struggling to provide training that makes a long-term difference in the skills managers actually use in their day to day.
    • Many training programs are ineffective because they offer the wrong content, deliver it in a way that is not memorable, and are not aligned with the IT department’s business objectives.

    Crisis Communication Guides

    During a crisis it is important to communicate to employees through messages that convey calm and are transparent and tailored to your audience. Use the Crisis Communication Guides to:

    • Draft a communication strategy.
    • Tailor messages to your audience.
    • Draft employee crisis communications.

    Use this guide to equip leadership to communicate in times of crisis.

    Bibliography

    Gallo, Carmine. "How Great Leaders Communicate." Harvard Business Review. 23 November 2022.

    Gallup. State of the American Workplace Report. Washington, D.C.: Gallup, 6 February 2020.

    Guthrie, Georgina. “Why Good Internal Communications Matter Now More than Ever.” Nulab. 15 Dec. 2021.

    Hypercontext. “The State of High Performing Teams in Tech 2022.” Hypercontext. 2022.

    Lambden, Duncan. “The Importance of Effective Workplace Communication – Statistics for 2022.” Expert Market. 13 June 2022.

    McCreary, Gale & WikiHow. “How to Measure the Effectiveness of Communication: 14 Steps.” WikiHow.

    Nowak, Marcin. “Top 7 Communication Problems in the Workplace.” MIT Enterprise Forum CEE, 2021.

    Nunn, Philip. “Messaging That Works: A Unique Framework to Maximize Communication Success.” iabc.

    Picincu, Andra. “How to Measure Effective Communications.” Small Business Chron. 12 January 2021.

    Price. David A. “Pixar Story Rules.”

    Prosci. “Best Practices in Change Management 2020 Edition.” Prosci, 2020.

    Roberts, Dan. “How CIOs Become Visionary Communicators.” CIO, 2019.

    Schlesinger, Mark. “Why building effective communication skill in IT is incredibly important.”

    Skills Framework for the Information Age, “Mapping SFIA Levels of Responsibilities to Behavioural Factors.” Skills Framework for the Information Age, 2021.

    St. James, Halina. Talk It Out. Podium, 2005.

    TeamState. “Communication in the Workplace Statistics: Importance and Effectiveness in 2022.” TeamStage, 2022.

    Walters, Katlin. “Top 5 Ways to Measure Internal Communication.” Intranet Connections, 30 May 2019.

    Create a Horizontally Optimized SDLC to Better Meet Business Demands

    • Buy Link or Shortcode: {j2store}149|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Development
    • Parent Category Link: /development
    • While teams are used to optimizing their own respective areas of responsibility, there is lack of clarity on the overall core SDLC process resulting in applications being released that are of poor quality.
    • Software development teams are struggling to release on time and within budget.
    • Teams do not understand the overall process, are not communicating well, and traceability is hard to achieve.
    • Each team claims to be optimized yet the final deliverable doesn’t reflect the expected quality.

    Our Advice

    Critical Insight

    • Optimizing can make you worse. One cannot just optimize locally – the SDLC must be optimized in its entirety to ensure traceability across the process.
    • Separate process from framework.
      You don’t need to “Go Agile” or follow other industry jargon to effectively optimize your SDLC.
    • SDLC process improvement is ongoing.
      Start with your team’s current capabilities and optimize. You should set expectations that new improvements will always come in the future.

    Impact and Result

    • Use a systematic framework to bring out local optimizations as potential candidates for SDLC optimization.
    • Prioritize those candidates that will aid in optimizing the overall core SDLC process.
    • Create the necessary governance and control structures to sustain the changes.
    • Use Info-Tech tools and templates to accelerate your process optimization.

    Create a Horizontally Optimized SDLC to Better Meet Business Demands Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand Info-Tech's approach to SDLC optimization and why the SDLC must be optimized in its entirety to ensure traceability across the process.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Document the current state of the SDLC

    This phase of the blueprint will help in understanding the organization's business priorities, documenting the current SDLC process, and identifing current SDLC challenges.

    • Create a Horizontally Optimized SDLC to Better Meet Business Demands – Phase 1: Document the Current State of the SDLC
    • SDLC Optimization Playbook

    2. Define root causes, determine optimization initiatives, and define target state

    This phase of the blueprint, will help with defining root causes, determining potential optimization initiatives, and defining the target state of the SDLC.

    • Create a Horizontally Optimized SDLC to Better Meet Business Demands – Phase 2: Define Root Causes, Determine Optimization Initiatives, and Define Target State

    3. Develop a rollout strategy for SDLC optimization

    This phase of the blueprint will help with prioritizing initiatives in order to develop a rollout strategy, roadmap, and communication plan for the SDLC optimization.

    • Create a Horizontally Optimized SDLC to Better Meet Business Demands – Phase 3: Develop a Rollout Strategy for SDLC Optimization
    • SDLC Communication Template
    [infographic]

    Workshop: Create a Horizontally Optimized SDLC to Better Meet Business Demands

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Document Your Current SDLC

    The Purpose

    Understand SDLC current state.

    Key Benefits Achieved

    Understanding of your current SDLC state and metrics to measure the success of your SDLC optimization initiative.

    Activities

    1.1 Document the key business objectives that your SDLC delivers upon.

    1.2 Document your current SDLC process using a SIPOC process map.

    1.3 Identify appropriate metrics in order to track the effectiveness of your SDLC optimization.

    1.4 Document the current state process flow of each SDLC phase.

    1.5 Document the control points and tools used within each phase.

    Outputs

    Documented business objectives

    Documented SIPOC process map

    Identified metrics to measure the effectiveness of your SDLC optimization

    Documented current state process flows of each SDLC phase

    Documented control points and tools used within each SDLC phase

    2 Assess Challenges and Define Root Causes

    The Purpose

    Understand current SDLC challenges and root causes.

    Key Benefits Achieved

    Understand the core areas of your SDLC that require optimization.

    Activities

    2.1 Identify the current challenges that exist within each SDLC phase.

    2.2 Determine the root cause of the challenges that exist within each SDLC phase.

    Outputs

    Identified current challenges

    Identified root causes of your SDLC challenges

    3 Determine Your SDLC Optimization Initiatives

    The Purpose

    Understand common best practices and the best possible optimization initiatives to help optimize your current SDLC.

    Key Benefits Achieved

    Understand the best ways to address your SDLC challenges.

    Activities

    3.1 Define optimization initiatives to address the challenges in each SDLC phase.

    Outputs

    Defined list of potential optimization initiatives to address SDLC challenges

    4 Define SDLC Target State

    The Purpose

    Define your SDLC target state while maintaining traceability across your overall SDLC process.

    Key Benefits Achieved

    Understand what will be required to reach your optimized SDLC.

    Activities

    4.1 Determine the target state of your SDLC.

    4.2 Determine the people, tools, and control points necessary to achieve your target state.

    4.3 Assess the traceability between phases to ensure a seamlessly optimized SDLC.

    Outputs

    Determined SDLC target state

    Identified people, processes, and tools necessary to achieve target state

    Completed traceability alignment map and prioritized list of initiatives

    5 Prioritize Initiatives and Develop Rollout Strategy

    The Purpose

    Define how you will reach your target state.

    Key Benefits Achieved

    Create a plan of action to achieve your desired target state.

    Activities

    5.1 Gain the full scope of effort required to implement your SDLC optimization initiatives.Gain the full scope of effort required to implement your SDLC optimization initiatives.

    5.2 Identify the enablers and blockers of your SDLC optimization.

    5.3 Define your SDLC optimization roadmap.

    5.4 Create a communication plan to share initiatives with the business.

    Outputs

    Level of effort required to implement your SDLC optimization initiatives

    Identified enablers and blockers of your SDLC optimization

    Defined optimization roadmap

    Completed communication plan to present your optimization strategy to stakeholders

    Establish a Sustainable ESG Reporting Program

    • Buy Link or Shortcode: {j2store}194|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance

    Consistent, high-quality disclosure of ESG practices is the means by which organizations can demonstrate they are acting responsibly and in the best interest of their customers and society. Organizations may struggle with these challenges when implementing an ESG reporting program:

    • Narrowing down ESG efforts to material ESG issues
    • Building a sustainable reporting framework
    • Assessing and solving for data gaps and data quality issues
    • Being aware of the tools and best practices available to support regulatory and performance reporting

    Our Advice

    Critical Insight

    • A tactical approach to ESG reporting will backfire. The reality of climate change and investor emphasis is not going away. For long-term success, organizations need to design an ESG reporting program that is flexible, interoperable, and digital.
    • Implementing a robust reporting program takes time. Start early, remain focused, and make plans to continually improve data quality and collection and performance metrics.
    • The “G” in ESG may not be capturing the limelight under ESG legislation yet, but there are key factors within the governance component that are under the regulatory microscope, including data, cybersecurity, fraud, and diversity and inclusion. Be sure you stay on top of these issues and include performance metrics in your internal and external reporting frameworks.

    Impact and Result

    • Successful organizations recognize that transparent ESG disclosure is necessary for long-term corporate performance.
    • Taking the time up front to design a robust and proactive ESG reporting program will pay off in the long run.
    • Future-proof your ESG reporting program by leveraging new tools, technologies, and software applications.

    Establish a Sustainable ESG Reporting Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish a Sustainable ESG Reporting Program Storyboard – A comprehensive framework to define an ESG reporting program that supports your ESG goals and reporting requirements.

    This storyboard provides a three-phased approach to establishing a comprehensive ESG reporting framework to drive sustainable corporate performance. It will help you identify what to report, understand how to implement your reporting program, and review in-house and external software and tooling options.

    • Establish a Sustainable ESG Reporting Program Storyboard

    2. ESG Reporting Workbook – A tool to document decisions, rationale, and implications of key activities to support your ESG reporting program.

    The workbook allows IT and business leaders to document decisions as they work through the steps to establish a comprehensive ESG reporting framework.

    • ESG Reporting Workbook

    3. ESG Reporting Implementation Plan – A tool to document tasks required to deliver and address gaps in your ESG reporting program.

    This planning tool guides IT and business leaders in planning, prioritizing, and addressing gaps to build an ESG reporting program.

    • ESG Reporting Implementation Plan Template

    4. ESG Reporting Presentation Template – A guide to communicate your ESG reporting approach to internal stakeholders.

    Use this template to create a presentation that explains the drivers behind the strategy, communicates metrics, demonstrates gaps and costs, and lays out the timeline for the implementation plan.

    • ESG Reporting Presentation Template

    Infographic

    Workshop: Establish a Sustainable ESG Reporting Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Determine Material ESG Factors

    The Purpose

    Determine material ESG factors.

    Key Benefits Achieved

    Learn how to identify your key stakeholders and material ESG risks.

    Activities

    1.1 Create a list of stakeholders and applicable ESG factors.

    1.2 Create a materiality map.

    Outputs

    List of stakeholders and applicable ESG factors

    Materiality map

    2 Define Performance and Reporting Metrics

    The Purpose

    Define performance and reporting metrics.

    Key Benefits Achieved

    Align your ESG strategy with key performance metrics.

    Activities

    2.1 Create a list of SMART metrics.

    2.2 Create a list of reporting obligations.

    Outputs

    SMART metrics

    List of reporting obligations

    3 Assess Data and Implementation Gaps

    The Purpose

    Assess data and implementation gaps.

    Key Benefits Achieved

    Surface data and technology gaps.

    Activities

    3.1 Create a list of high-priority data gaps.

    3.2 Summarize high-level implementation considerations.

    Outputs

    List of high-priority data gaps

    Summary of high-level implementation considerations

    4 Consider Software and Tooling Options

    The Purpose

    Select software and tooling options and develop implementation plan.

    Key Benefits Achieved

    Complete your roadmap and internal communication document.

    Activities

    4.1 Review tooling and technology options.

    4.2 Prepare ESG reporting implementation plan.

    4.3 Prepare the ESG reporting program presentation.

    Outputs

    Selected tooling and technology

    ESG reporting implementation plan

    ESG reporting strategy presentation

    Further reading

    Establish a Sustainable ESG Reporting Program

    Strengthen corporate performance by implementing a holistic and proactive reporting approach.

    Analyst Perspective

    The shift toward stakeholder capitalism cannot be pinned on one thing; rather, it is a convergence of forces that has reshaped attitudes toward the corporation. Investor attention on responsible investing has pushed corporations to give greater weight to the achievement of corporate goals beyond financial performance.

    Reacting to the new investor paradigm and to the wider systemic risk to the financial system of climate change, global regulators have rapidly mobilized toward mandatory climate-related disclosure.

    IT will be instrumental in meeting the immediate regulatory mandate, but their role is much more far-reaching. IT has a role to play at the leadership table shaping strategy and assisting the organization to deliver on purpose-driven goals.

    Delivering high-quality, relevant, and consistent disclosure is the key to unlocking and driving sustainable corporate performance. IT leaders should not underestimate the influence they have in selecting the right technology and data model to support ESG reporting and ultimately support top-line growth.

    Photo of Yaz Palanichamy

    Yaz Palanichamy
    Senior Research Analyst
    Info-Tech Research Group

    Photo of Donna Bales

    Donna Bales
    Principal Research Director
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Your organization needs to define a ESG reporting strategy that is driven by corporate purpose.

    Climate-related disclosure mandates are imminent; you need to prepare for them by building a sustainable reporting program now.

    There are many technologies available to support your ESG program plans. How do you choose the one that is right for your organization?

    Common Obstacles

    Knowing how to narrow down ESG efforts to material ESG issues for your organization.

    Understanding the key steps to build a sustainable ESG reporting program.

    Assessing and solving for data gaps and data quality issues.

    Being aware of the tools and best practices available to support regulatory and performance reporting.

    Info-Tech’s Approach

    Learn best-practice approaches to develop and adopt an ESG reporting program approach to suit your organization’s unique needs.

    Understand the key features, tooling options, and vendors in the ESG software market.

    Learn through analyst insights, case studies, and software reviews on best-practice approaches and tool options.

    Info-Tech Insight

    Implementing a robust reporting program takes time. Start early, remain focused, and plan to continually improve data quality and collection and performance metrics

    Putting “E,” “S,” and “G” in context

    Corporate sustainability depends on managing ESG factors well

    Environmental, social, and governance are the components of a sustainability framework that is used to understand and measure how an organization impacts or is affected by society as a whole.

    Human activities, particularly fossil fuel burning since the middle of the twentieth century, have increased greenhouse gas concentration, resulting in observable changes to the atmosphere, ocean, cryosphere, and biosphere. The “E” in ESG relates to the positive and negative impacts an organization may have on the environment, such as the energy it takes in and the waste it discharges.

    The “S” in ESG is the most ambiguous component in the framework, as social impact relates not only to risks but also to prosocial behavior. It’s the most difficult to measure but can have significant financial and reputational impact on corporations if material and poorly managed.

    The “G” in ESG is foundational to the realization of “S” and “E.” It encompasses how well an organization integrates these considerations into the business and how well the organization engages with key stakeholders, receives feedback, and is transparent with its intentions.

    A diagram that shows common examples of ESG issues.

    The impact of ESG factors on investment decisions

    Alleviate Investment Risk

    Organizational Reputation: Seventy-four percent of those surveyed were concerned that failing to improve their corporate ESG performance would negatively impact their organization’s branding and overall reputation in the market (Intelex, 2022).

    Ethical Business Compliance: Adherence to well-defined codes of business conduct and implementation of anti-corruption and anti-bribery practices is a great way to distinguish between organizations with good/poor governance intentions.

    Shifting Consumer Preferences: ESG metrics can also largely influence consumer preferences in buying behavior intentions. Research from McKinsey shows that “upward of 70 percent” of consumers surveyed on purchases in multiple industries said they would pay an additional 5 percent for a green product if it met the same performance standards as a nongreen alternative (McKinsey, 2019).

    Responsible Supply Chain Management: The successful alignment of ESG criteria with supply chain operations can lead to several benefits (e.g. producing more sustainable product offerings, maintaining constructive relationships with more sustainability-focused suppliers).

    Environmental Stewardship: The growing climate crisis has forced companies of all sizes to rethink how they plan their corporate environmental sustainability practices.

    Compliance With Regulatory Guidelines: An increasing emphasis on regulations surrounding ESG disclosure rates may result in some institutional investors taking a more proactive stance toward ESG-related initiatives.

    Sustaining Competitive Advantage: Given today’s globalized economy, many businesses are constantly confronted with environmental issues (e.g. water scarcity, air pollution) as well as social problems (e.g. workplace wellness issues). Thus, investment in ESG factors is simply a part of maintaining competitive advantage.

    Leaders increasingly see ESG as a competitive differentiator

    The perceived importance of ESG has dramatically increased from 2020 to 2023

    A diagram that shows the perceived importance of ESG in 2020 and 2023.

    In a survey commissioned by Schneider Electric, researchers categorized the relative importance of ESG planning initiatives for global IT business leaders. ESG was largely identified as a critical factor in sustaining competitive advantage against competitors and maintaining positive investor/public relations.
    Source: S&P Market Intelligence, 2020; N=825 IT decision makers

    “74% of finance leaders say investors increasingly use nonfinancial information in their decision-making.”
    Source: EY, 2020

    Regulatory pressure to report on carbon emission is building globally

    The Evolving Regulatory Landscape

    Canada

    • Canadian Securities Administrators (CSA) NI 51-107 Disclosure of Climate-related Matters

    United States

    • Securities and Exchange Commission (SEC) 33-11042 – The Enhancement and Standardization of Climate-Related Disclosures for Investors
    • SEC 33-11038 Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure
    • Nasdaq Board Diversity Rule (5605(f))

    Europe

    • European Commission Sustainable Finance Disclosure Regulation (SFDR)
    • European Commission EU Supply Chain Act
    • The German Supply Chain Act (GSCA)
    • Financial Conduct Authority UK Proposal (DP 21/4) Sustainability Disclosure Requirements and investment labels
    • UK Modern Slavery Act, 2015

    New Zealand

    • The Financial Sector (Climate-related Disclosures and Other Matters) Amendment Act 2021

    Accurate ESG reporting will be critical to meet regulatory requirements

    ESG reporting is the disclosure of environmental, social, and governance (ESG) data via qualitative and quantitative reports.

    It is how organizations make their sustainability commitments and strategies transparent to stakeholders.

    For investors it provides visibility into a company's ESG activities, enabling them to align investments to their values and avoid companies that cause damage to the environment or are offside on social and governance issues.

    Despite the growing practice of ESG reporting, reporting standards and frameworks are still evolving and the regulatory approach for climate-related disclosure is inconsistent across jurisdictions, making it challenging for organizations to develop a robust reporting program.

    “Environmental, social and governance (ESG) commitments are at the core a data problem.”

    Source: EY, 2022

    However, organizations will struggle to meet reporting requirements

    An image that shows 2 charts: How accurately can your organization report on the impact of its ESG Initiatives; and More specifically, if it was required to do so, how accurately could your organization report on its carbon footprint.

    Despite the commitment to support an ESG Initiative, less than a quarter of IT professionals say their organization can accurately report on the impact of its ESG initiatives, and 44% say their reporting on impacts is not accurate.

    Reporting accuracy was even worse for reporting on carbon footprint with 46% saying their organization could not report on its carbon footprint accurately. This despite most IT professionals saying they are working to support environmental mandates.

    Global sustainability rankings based on ESG dimensions

    Global Country Sustainability Ranking Map

    An image of Global Country Sustainability Ranking Map, with a score of 0 to 10.

    Country Sustainability Scores (CSR) as of October 2021
    Scores range from 1 (poor) to 10 (best)
    Source: Robeco, 2021

    ESG Performance Rankings From Select Countries

    Top ESG and sustainability performer

    Finland has ranked consistently as a leading sustainability performer in recent years. Finland's strongest ESG pillar is the environment, and its environmental ranking of 9.63/10 is the highest out of all 150 countries.

    Significant score deteriorations

    Brazil, France, and India are among the countries whose ESG score rankings have deteriorated significantly in the past three years.

    Increasing political tensions and risks as well as aftershock effects of the COVID-19 pandemic (e.g. high inequality and insufficient access to healthcare and education) have severely impacted Brazil’s performance across the governance and social pillars of the ESG framework, ultimately causing its overall ESG score to drop to a CSR value of 5.31.

    Largest gains and losses in ESG scores

    Canada has received worse scores for corruption, political risk, income inequality, and poverty over the past three years.

    Taiwan has seen its rankings improve in terms of overall ESG scores. Government effectiveness, innovation, a strong semiconductor manufacturing market presence, and stronger governance initiatives have been sufficient to compensate for a setback in income and economic inequality.

    Source: Robeco, 2021

    Establish a Sustainable Environmental, Social, and Governance (ESG) Reporting Program

    A diagram of establishing a sustainable ESG reporting program.

    Blueprint benefits

    Business Benefits

    • Clarity on technical and organizational gaps in the organization’s ability to deliver ESG reporting strategy.
    • Transparency on the breadth of the change program, internal capabilities needed, and accountable owners.
    • Reduced likelihood of liability.
    • Improved corporate performance and top-line growth.
    • Confidence that the organization is delivering high-quality, comprehensive ESG disclosure.

    IT Benefits

    • Understanding of IT’s role as strategic enabler for delivering high-quality ESG disclosure and sustainable corporate performance.
    • Transparency on primary data gaps and technology and tools needed to support the ESG reporting strategy.
    • Clear direction of material ESG risks and how to prioritize implementation efforts.
    • Awareness of tool selection options.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Photo of Executive Presentation.

    Key deliverable: Executive Presentation

    Leverage this presentation deck to improve corporate performance by implementing a holistic and proactive ESG reporting program.

    Photo of Workbook

    Workbook

    As you work through the activities, use this workbook to document decisions and rationale and to sketch your materiality map.

    Photo of Implementation Plan

    Implementation Plan

    Use this implementation plan to address organizational, technology, and tooling gaps.

    Photo of RFP Template

    RFP Template

    Leverage Info-Tech’s RFP Template to source vendors to fill technology gaps.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

    A diagram that shows Guided Implementation in 3 phases.

    Workshop Overview

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Activities

    Determine Material ESG Factors

    1.1 Review ESG drivers.
    1.2 Identify key stakeholders and what drives their behavior.
    1.3 Discuss materiality frameworks options and select baseline model.
    1.4 Identify material risks and combine and categorize risks.
    1.5 Map material risks on materiality assessment map.

    Define Performance and Reporting Metrics

    2.1 Understand common program metrics for each ESG component.
    2.2 Consider and select program metrics.
    2.3 Discuss ESG risk metrics.
    2.4 Develop SMART metrics.
    2.5 Surface regulatory reporting obligations.

    Assess Data and Implementation Gaps

    3.1 Assess magnitude and prioritize data gaps.
    3.2 Discuss high-level implementation considerations and organizational gaps.

    Software and Tooling Options

    4.1 Review technology options.
    4.2 Brainstorm technology and tooling options and the feasibility of implementing.
    4.3 Prepare implementation plan.
    4.4 Draft ESG reporting program communication.
    4.5 Optional – Review software selection options.

    Next Steps and Wrap-Up (offsite)

    5.1 Complete in-progress deliverables from previous four days.
    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Customized list of key stakeholders and material ESG risks
    2. Materiality assessment map

    1. SMART metrics
    2. List of regulatory reporting obligations

    1. High-priority data gaps
    2. High-level implementation considerations

    1. Technology and tooling opportunities
    2. Implementation Plan
    3. ESG Reporting Communication

    1. ESG Reporting Workbook
    2. Implementation Plan

    Contact your account representative for more information.
    workshops@infotech.com
    1-888-670-8889

    Phase 1

    Explore ESG Reporting

    A diagram that shows phase 1 to 3 of establishing ESG reporting program.

    This phase will walk you through the following:

    • Define key stakeholders and material ESG factors.
    • Identify material ESG issues.
    • Develop SMART program metrics.
    • List reporting obligations.
    • Surface high-level data gaps.
    • Record high-level implementation considerations.

    This phase involves the following participants: CIO, CCO, CSO, business leaders, legal, marketing and communications, head of ESG reporting, and any dedicated ESG team members

    Practical steps for ESG disclosure

    Measuring and tracking incremental change among dimensions such as carbon emissions reporting, governance, and diversity, equity, and inclusion (DEI) requires organizations to acquire, analyze, and synthesize data from beyond their internal organizational ecosystems

    A diagram that shows 5 steps of identify, assess, implement, report & communicate, and monitor & improve.

    1.1 Ensure your reporting requirements are comprehensive

    A diagram of reporting lifecycle.

    This section will walk you through some key considerations for establishing your ESG reporting strategy. The first step in this process is to identify the scope of your reporting program.

    Defining the scope of your reporting program

    1. Stakeholder requirements: When developing a reporting program consider all your stakeholder needs as well as how they want to consume the information.
    2. Materiality assessment: Conduct a materiality assessment to identify the material ESG issues most critical to your organization. Organizations will need to report material risks to internal and external stakeholders.
    3. Purpose-driven goals: Your ESG reporting must include metrics to measure performance against your purpose-driven strategy.
    4. Regulatory requirements & industry: Work with your compliance and legal teams to understand which reporting requirements apply. Don’t forget requirements under the “S” and “G” components. Some jurisdictions require DEI reporting, and the Securities and Exchange Commission (SEC) in the US recently announced cybersecurity disclosure of board expertise and management oversight practices.

    Factor 1: Stakeholder requirements

    Work with key stakeholders to determine what to report

    A diagram that shows internal and external stakeholders.

    Evaluate your stakeholder landscape

    Consider each of these areas of the ESG Stakeholder Wheel and identify your stakeholders. Once stakeholders are identified, consider how the ESG factors might be perceived by delving into the ESG factors that matter to each stakeholder and what drives their behavior.

    A diagram of ESG impact, including materiality assessment, interviews, benchmark verses competitors, metrics and trend analysis.

    Determine ESG impact on stakeholders

    Review materiality assessment frameworks for your industry to surface ESG factors for your segment and stakeholder group(s).

    Perform research and analysis of the competition and stakeholder trends, patterns, and behavior

    Support your findings with stakeholder interviews.

    Stakeholders will prioritize ESG differently. Understanding their commitment is a critical success factor.

    Many of your stakeholders care about ESG commitments…

    27%: Support for social and environmental proposals at shareholder meetings of US companies rose to 27% in 2020 (up from 21% in 2017).
    Source: Sustainable Investments Institute, 2020.

    79%: of investors consider ESG risks and opportunities an important factor in investment decision making.
    Source: “Global Investor Survey,” PwC, 2021.

    ...Yet

    33%: of survey respondents cited that a lack of attention or support from senior leadership was one of the major barriers preventing their companies from making any progress on ESG issues.
    Source: “Consumer Intelligence Survey,” PwC, 2021.

    Info-Tech Insight

    To succeed with ESG reporting it is essential to understand who we hold ourselves accountable to and to focus ESG efforts in areas with the optimal balance between people, the planet, and profits

    Activity 1: Define stakeholders

    Input: Internal documentation (e.g. strategy, annual reports), ESG Stakeholder Wheel
    Output: List of key stakeholders and applicable ESG factors
    Materials: Whiteboard/flip charts, ESG Reporting Workbook
    Participants: Chief Sustainability Officer, Chief Compliance Officer, Head of ESG Reporting, Business leaders

    2 hours

    1. Using the ESG Stakeholder Wheel as a baseline, consider the breadth of your organization’s value chain and write down all your stakeholders.
    2. Discuss what drives their behavior. Be as detailed as you can be. For example, if it’s a consumer, delve into their age group and the factors that may drive their behavior.
    3. List the ESG factors that may be important to each stakeholder.
    4. Write down the communication channels you expect to use to communicate ESG information to this stakeholder group.
    5. Rate the priority of this stakeholder to your organization.
    6. Record this information in ESG Reporting Workbook.
    7. Optional – consider testing the results with a targeted survey.

    Download the ESG Reporting Workbook

    Activity 1: Example

    An example of activity 1 (defining stakeholders)

    Factor 2: Materiality assessments

    Conduct a materiality assessment to inform company strategy and establish targets and metrics for risk and performance reporting

    The concept of materiality as it relates to ESG is the process of gaining different perspectives on ESG issues and risks that may have significant impact (both positive and negative) on or relevance to company performance.

    The objective of a materiality assessment is to identify material ESG issues most critical to your organization by looking at a broad range of social and environmental factors. Its purpose is to narrow strategic focus and enable an organization to assess the impact of financial and non-financial risks aggregately.

    It helps to make the case for ESG action and strategy, assess financial impact, get ahead of long-term risks, and inform communication strategies.

    Organizations can use assessment tools from Sustainalytics or GRI, SASB Standards, or guidance and benchmarking information from industry associations to help assess ESG risks .

    An image of materiality matrix to understand ESG exposure

    Info-Tech Insight

    The materiality assessment informs your risk management approach. Material ESG risks identified should be integrated into your organization’s risk reporting framework.

    Supplement your materiality assessment with stakeholder interviews

    A diagram that shows steps of stakeholder interviews.

    How you communicate the results of your ESG assessment may vary depending on whether you’re communicating to internal or external stakeholders and their communication delivery preferences.

    Using the results from your materiality assessment, narrow down your key stakeholders list. Enhance your strategy for disclosure and performance measurement through direct and indirect stakeholder engagement.

    Decide on the most suitable format to reach out to these stakeholders. Smaller groups lend themselves to interviews and forums, while surveys and questionnaires work well for larger groups.

    Develop relevant questions tailored to your company and the industry and geography you are in.

    Once you receive the results, decide how and when you will communicate them.

    Determine how they will be used to inform your strategy.

    Steps to determine material ESG factors

    Step 1

    Select framework

    A diagram of framework

    Review reporting frameworks and any industry guidance and select a baseline reporting framework to begin your materiality assessment.

    Step 2

    Begin to narrow down

    A diagram of narrowing down stakeholders

    Work with stakeholders to narrow down your list to a shortlist of high-priority material ESG issues.

    Step 3

    Consolidate and group

    A diagram of ESG grouping

    Group ESG issues under ESG components, your company’s strategic goals, or the UN’s Sustainable Development Goals.

    Step 4

    Rate the risks of ESG factors

    A diagram of rating the risks of ESG factors

    Assign an impact and likelihood scale for each risk and assign your risk threshold.

    Step 5

    Map

    A diagram of material map

    Use a material map framework such as GRI or SASB or Info-Tech’s materiality map to visualize your material ESG risks.

    Materiality assessment

    The materiality assessment is a strategic tool used to help identify, refine, and assess the numerous ESG issues in the context of your organization.

    There is no universally accepted approach to materiality assessments. Although the concept of materiality is often embedded within a reporting standard, your approach to conducting the materiality assessment does not need to link to a specific reporting standard. Rather, it can be used as a baseline to develop your own.

    To arrive at the appropriate outcome for your organization, careful consideration is needed to tailor the materiality assessment to meet your organization’s objectives.

    When defining the scope of your materiality assessment consider:

    • Your corporate ESG purpose and sustainability strategy
    • Your audience and what drives their behavior
    • The relevance of the ESG issues to your organization. Do they impact strategy? Increase risk?
    • The boundaries of your materiality assessment (e.g. regions or business departments, supply chains it will cover)
    • Whether you want to assess from a double materiality perspective

    A diagram of framework

    Consider your stakeholders and your industry when selecting your materiality assessment tool – this will ensure you provide relevant disclosure information to the stakeholders that need it.

    Double materiality is an extension of the financial concept of materiality and considers the broader impact of an organization on the world at large – particularly to people and climate.

    Prioritize and categorize

    A diagram of narrowing down stakeholders

    Using internal information (e.g. strategy, surveys) and external information (e.g. competitors, industry best practices), create a longlist of ESG issues.

    Discuss and narrow down the list. Be sure to consider opportunities – not just material risks!

    A diagram of ESG grouping

    Group the issues under ESG components or defined strategic goals for your organization. Another option is to use the UN’s Sustainable Development Goals to categorize.

    Differentiate ESG factors that you already measure and report.

    The benefit of clustering is that it shows related topics and how they may positively or negatively influence one another.

    Internal risk disclosure should not be overlooked

    Bank of America estimates ESG disputes have cost S&P companies more than $600 billion in market capitalization in the last seven years alone.

    ESG risks are good predictors of future risks and are therefore key inputs to ensure long-term corporate success.

    Regardless of the size of your organization, it’s important to build resilience against ESG risks.

    To protect an organization against an ESG incident and potential liability risk, ESG risks should be treated like any other risk type and incorporated into risk management and internal reporting practices, including climate scenario analysis.

    Some regulated entities will be required to meet climate-related financial disclosure expectations, and sound risk management practices will be prescribed through regulatory guidance. However, all organizations should instill sound risk practices.

    ESG risk management done right will help protect against ESG mishaps that can be expensive and damaging while demonstrating commitment to stakeholders that have influence over all corporate performance.

    Source: GreenBiz, 2022.

    A diagram of risk landscape.

    IT has a role to play to provide the underlying data and technology to support good risk decisions.

    Visualize your material risks

    Leverage industry frameworks or use Info-Tech’s materiality map to visualize your material ESG risks.

    GRI’s Materiality Matrix

    A photo of GRI’s Materiality Matrix

    SASB’s Materiality Map

    A photo of SASB’s Materiality Map

    Info-Tech’s Materiality Map

    A diagram of material map

    Activity 2: Materiality assessment

    Input: ESG corporate purpose or any current ESG metrics; Customer satisfaction or employee engagement surveys; Materiality assessment tools from SASB, Sustainalytics, GRI, or industry frameworks; Outputs from stakeholder outreach/surveys
    Output: Materiality map, a list of material ESG issues
    Materials: Whiteboard/flip charts, ESG Reporting Workbook
    Participants: Chief Sustainability Officer, Chief Compliance Officer, Head of ESG Reporting, Business leaders, Participants from marketing and communications

    2-3 hour

    1. Begin by reviewing various materiality assessment frameworks to agree on a baseline framework. This will help to narrow down a list of topics that are relevant to your company and industry.
    2. As a group, discuss the potential impact and start listing material issues. At first the list will be long, but the group will work collectively to prioritize and consolidate the list.
    3. Begin to combine and categorize the results by aligning them to your ESG purpose and strategic pillars.
    4. Treat each ESG issue as a risk and map against the likelihood and impact of the risk.
    5. Map the topics on your materiality map. Most of the materiality assessment tools have materiality maps – you may choose to use their map.
    6. Record this information in the ESG Reporting Workbook.

    Download the ESG Reporting Workbook

    Case Study: Novartis

    Logo of Novartis

    • INDUSTRY: Pharmaceuticals
    • SOURCE: Novartis, 2022

    Novartis, a leading global healthcare company based in Switzerland, stands out as a leader in providing medical consultancy services to address the evolving needs of patients worldwide. As such, its purpose is to use science and technologically innovative solutions to address some of society’s most debilitating, challenging, and ethically significant healthcare issues.

    The application of Novartis’ materiality assessment process in understanding critical ESG topics important to their shareholders, stakeholder groups, and society at large enables the company to better quantify references to its ESG sustainability metrics.

    Novartis applies its materiality assessment process to better understand relevant issues affecting its underlying business operations across its entire value chain. Overall, employing Novartis’s materiality assessment process helps the company to better manage its societal, environmental, and economic impacts, thus engaging in more socially responsible governance practices.

    Novartis’ materiality assessment is a multitiered process that includes three major elements:

    1. Identifying key stakeholders, which involves a holistic analysis of internal colleagues and external stakeholders.
    2. Collecting quantitative feedback and asking relevant stakeholders to rank a set of issues (e.g. climate change governance, workplace culture, occupational health and safety) and rate how well Novartis performs across each of those identified issues.
    3. Eliciting qualitative insights by coordinating interviews and workshops with survey participants to better understand why the issues brought up during survey sessions were perceived as important.

    Results

    In 2021, Novartis had completed its most recent materiality assessment. From this engagement, both internal and external stakeholders had ranked as important eight clusters that Novartis is impacting on from an economic, societal, and environmental standpoint. The top four clusters were patient health and safety, access to healthcare, innovation, and ethical business practices.

    Factor 3: ESG program goals

    Incorporate ESG performance metrics that support your ESG strategy

    Another benefit of the materiality assessment is that it helps to make the case for ESG action and provides key information for developing a purpose-led strategy.

    An internal ESG strategy should drive toward company-specific goals such as green-house gas emission targets, use of carbon neutral technologies, focus on reusable products, or investment in DEI programs.

    Most organizations focus on incremental goals of reducing negative impacts to existing operations or improving the value to existing stakeholders rather than transformative goals.

    Yet, a strategy that is authentic and aligned with key stakeholders and long-term goals will bring sustainable value.

    The strategy must be supported by an accountability and performance measurement framework such as SMART metrics.

    A fulsome reporting strategy should include performance metrics

    A photo of SMART metrics: Specific, Measurable, Actionable, Realistic, Time-bound.

    Activity 3: SMART metrics

    Input: ESG corporate purpose or any current ESG metrics, Outputs from activities 1 and 2, Internally defined metrics (i.e. risk metrics or internal reporting requirements)
    Output: SMART metrics
    Materials: Whiteboard/flip charts, ESG Reporting Workbook
    Participants: Chief Sustainability Officer, Chief Compliance Officer, Chief Risk officer/Risk leaders, Head of ESG Reporting, Business leaders, Participants from marketing and communications

    1-2 hours

    1. Document a list of appropriate metrics to assess the success of your ESG program.
    2. Use the sample metrics listed in the table on the next slide as a starting point.
    3. Fill in the chart to indicate the:
      1. Name of the success metric
      2. Method for measuring success
      3. Baseline measurement
      4. Target measurement
      5. Actual measurements at various points throughout the process of improving the risk management program
      6. A deadline for each metric to meet the target measurement
    4. Record this information in the ESG Reporting Workbook.

    Download the ESG Reporting Workbook

    Sample ESG metrics

    Leverage industry resources to help define applicable metrics

    Environmental

    • Greenhouse gas emissions – total corporate
    • Carbon footprint – percent emitted and trend
    • Percentage of air and water pollution
    • Renewable energy share per facility
    • Percentage of recycled material in a product
    • Ratio of energy saved to actual use
    • Waste creation by weight
    • Circular transition indicators

    Social

    • Rates of injury
    • Lost time incident rate
    • Proportion of spend on local suppliers
    • Entry-level wage vs. local minimum wage
    • Percentage of management who identify with specific identity groups (i.e. gender and ethnic diversity)
    • Percentage of suppliers screened for accordance to ESG vs. total number of suppliers
    • Consumer responsiveness

    Governance

    • Annual CEO compensation compared to median
    • Percentage of employees trained in conflict-of-interest policy
    • Number of data breaches using personally identifiable information (PII)
    • Number of incidents relating to management corruption
    • Percentage of risks with mitigation plans in place

    Activity 3: Develop SMART project metrics

    1-3 hours

    Attach metrics to your goals to gauge the success of the ESG program.

    Sample Metrics

    An image of sample metrics

    Factor 4: Regulatory reporting obligations

    Identify your reporting obligations

    High-level overview of reporting requirements:

    An image of high-level reporting requirements in Canada, the United Kingdom, Europe, and the US.

    Refer to your legal and compliance team for the most up-to-date and comprehensive requirements.

    The focus of regulators is to move to mandatory reporting of material climate-related financial information.

    There is some alignment to the TCFD* framework, but there is a lack of standardization in terms of scope across jurisdictions.
    *TCFD is the Task Force on Climate-Related Financial Disclosures.

    Activity 4: Regulatory obligations

    Input: Corporate strategy documents; Compliance registry or internal governance, risk, and compliance (GRC) tool
    Output: A list of regulatory obligations
    Materials: Whiteboard/flip charts, ESG Reporting Workbook
    Participants: Chief Sustainability Officer, Chief Compliance Officer, Chief Legal Officer, Head of ESG Reporting, Business leaders

    1-2 hours

    1. Begin by listing the jurisdictions in which you operate or plan to operate.
    2. For each jurisdiction, list any known current or future regulatory requirements. Consider all ESG components.
    3. Log whether the requirements are mandatory or voluntary and the deadline to report.
    4. Write any details about reporting framework; for example, if a reporting framework such as TCFD is prescribed.
    5. Record this information in the ESG Reporting Workbook.

    Download the ESG Reporting Workbook

    1.2 Assess impact and weigh options

    A diagram of reporting lifecycle.

    Once the scope of your ESG reporting framework has been identified, further assessment is needed to determine program direction and to understand and respond to organizational impact.

    Key factors for further assessment and decisions include

    1. Reporting framework options. Consider mandated reporting frameworks and any industry standards when deciding your baseline reporting framework. Strive to have a common reporting methodology that serves all your reporting needs: regulatory, corporate, shareholders, risk reporting, etc.
    2. Perform gap analysis. The gap analysis will reveal areas where data may need to be sourced or where tools or external assistance may be needed to help deliver your reporting strategy.
    3. Organizational impact and readiness. The gap analysis will help to determine whether your current operating model can support the reporting program or whether additional resources, tools, or infrastructure will be needed.

    1.2.1 Decide on baseline reporting framework

    1. Determine the appropriate reporting framework for your organization

    Reporting standards are available to enable relevant, high-quality, and comparable information. It’s the job of the reporting entity to decide on the most suitable framework for their organization.

    The most established standard for sustainability reporting is the Global Reporting Initiative (GRI), which has supported sustainability reporting for over 20 years.

    The Task Force on Climate-Related Financial Disclosures (TCFD) was created by the Financial Stability Board to align ESG disclosure with financial reporting. Many global regulators support this framework.

    The International Sustainability Standards Board (ISSB) is developing high-quality, understandable, and enforceable global standards using the Sustainability Accounting Standards Board (SASB) as a baseline. It is good practice to use SASB Standards until the ISSB standards are available.

    2. Decide which rating agencies you will use and why they are important

    ESG ratings are provided by third-party agencies and are increasingly being used for financing and transparency to investors. ESG ratings provide both qualitative and quantitative information.

    However, there are multiple providers, so organizations need to consider which ones are the most important and how many they want to use.

    Some of the most popular rating agencies include Sustainalytics, MSCI, Bloomberg, Moody's, S&P Global, and CDP.

    Reference Appendix Below

    1.2.2 Determine data gaps

    The ESG reporting mandate is built on the assumption of consistent, good-quality data

    To meet ESG objectives, corporations are challenged with collecting non-financial data from across functional business and geographical locations and from their supplier base and supply chains.

    One of the biggest impediments to ESG implementation is the lack of high-quality data and of mature processes and tools to support data collection.

    An important step for delivering reporting requirements is to perform a gap analysis early on to surface gaps in the primary data needed to deliver your reporting strategy.

    The output of this exercise will also inform and help prioritize implementation, as it may show that new data sets need to be sourced or tools purchased to collect and aggregate data.

    Conduct a gap analysis to determine gaps in primary data

    A diagram of gap analysis to determine gaps in primary data.

    Activity 5: Gap analysis

    Input: Business (ESG) strategy, Data inventory (if exists), Output from Activity 1: Key stakeholders, Output from Activity 2: Materiality map, Output of Activity 3: SMART metrics, Output of Activity 4: Regulatory obligations
    Output: List of high-priority data gaps
    Materials: Whiteboard/flip charts, ESG Reporting Workbook
    Participants: Chief Sustainability Officer, Chief Compliance Officer, Chief Legal Officer, Head of ESG Reporting, Business leaders, Data analysts

    1-3 hours

    1. Using the outputs from activities 1-4, list your organization’s ESG issues in order of priority. You may choose to develop your priority list by stakeholder group or by material risks.
    2. List any defined SMART metric from Activity 3.
    3. Evaluate data availability and quality of the data (if existing) as well as any impediments to sourcing the data.
    4. Make note if this is a common datapoint, i.e. would you disclose this data in more than one report?
    5. Record this information in the ESG Reporting Workbook.

    Download the ESG Reporting Workbook

    1.3 Take a holistic implementation approach

    Currently, 84 percent of businesses don’t integrate their ESG performance with financial and risk management reporting.

    Source: “2023 Canadian ESG Reporting Insights,” PwC.

    A diagram of reporting lifecycle.

    When implementing an ESG reporting framework, it is important not to implement in silos but to take a strategic approach that considers the evolving nature of ESG and the link to value creation and sound decision making.

    Key implementation considerations include

    1. Setting clear metrics and targets. Key performance indicators (KPIs) and key risk indicators (KRIs) are used to measure ESG factor performance. It’s essential that they are relevant and are constructed using high-quality data. Your performance metrics should be continually assessed and adapted as your ESG program evolves.
    2. Data challenges. Without good-quality data it is impossible to accurately measure ESG performance, generate actionable insights on ESG performance and risk, and provide informative metrics to investors and other stakeholders. Design your data model to be flexible and digital where possible to enable data interoperability.
    3. Architectural approach. IT will play a key role in the design of your reporting framework, including the decision on whether to build, buy, or deliver a hybrid solution. Every organization will build their reporting program to suit their unique needs; however, taking a holistic and proactive approach will support and sustain your strategy long term.

    1.3.1 Metrics and targets for climate-related disclosure

    “The future of sustainability reporting is digital – and tagged.”
    Source: “XBRL Is Coming,” Novisto, 2022.

    In the last few years, global regulators have proposed or effected legislation requiring public companies to disclose climate-related information.

    Yet according to Info-Tech’s 2023 Trends and Priorities survey, most IT professionals expect to support environmental mandates but are not prepared to accurately report on their organization’s carbon footprint.

    IT groups have a critical role to play in helping organizations develop strategic plans to meet ESG goals, measure performance, monitor risks, and deliver on disclosure requirements.

    To future-proof your reporting structure, your data should be readable by humans and machines.

    eXtensible Business Reporting Language (XBRL) tagging is mandated in several jurisdictions for financial reporting, and several reporting frameworks are adopting XBRL for sustainability reporting so that non-financial and financial disclosure frameworks are aligned.

    Example environmental metrics

    • Amount of scope 1, 2, or 3 GHG emissions
    • Total energy consumption
    • Total water consumption
    • Progress toward net zero emission
    • Percentage of recycled material in a product

    1.3.1 Metrics and targets for social disclosure

    “59% of businesses only talk about their positive performance, missing opportunities to build trust with stakeholders through balanced and verifiable ESG reporting.”
    Source: “2023 Canadian ESG Reporting Insights,” PwC.

    To date, regulatory focus has been on climate-related disclosure, although we are beginning to see signals in Europe and the UK that they are turning their attention to social issues.

    Social reporting focuses on the socioeconomic impacts of an organization’s initiatives or activities on society (indirect or direct).

    The “social” component of ESG can be the most difficult to quantify, but if left unmonitored it can leave your organization open to litigation from consumers, employees, and activists.

    Although organizations have been disclosing mandated metrics such as occupational health and safety and non-mandated activities such as community involvement for years, the scope of reporting is typically narrow and hard to measure in financial terms.

    This is now changing with the recognition by companies of the value of social reporting to brand image, traceability, and overall corporate performance.

    Example social metrics

    • Rate of injury
    • Lost time incident rate
    • Proportion of spend on local suppliers
    • Entry-level wage versus local minimum wage
    • Percentage of management within specific identity groups (i.e. gender and ethnic diversity)
    • Number of workers impacted by discrimination

    Case Study: McDonald’s Corporation (MCD)

    Logo of McDonald’s

    • INDUSTRY: Food service retailer
    • SOURCE: RBC Capital Markets, 2021; McDonald’s, 2019

    McDonald’s Corporation is the leading global food service retailer. Its purpose is not only providing burgers to dinner tables around the world but also serving its communities, customers, crew, farmers, franchisees, and suppliers alike. As such, not only is the company committed to having a positive impact on communities and in maintaining the growth and success of the McDonald's system, but it is also committed to conducting its business operations in a way that is mindful of its ESG commitments.

    An image of McDonald’s Better Together

    McDonald’s Better Together: Gender Balance & Diversity strategy and Women in Tech initiative

    In 2019, MCD launched its Better Together: Gender Balance & Diversity strategy as part of a commitment to improving the representation and visibility of women at all levels of the corporate structure by 2023.

    In conjunction with the Better Together strategy, MCD piloted a “Women in Tech” initiative through its education and tuition assistance program, Archways to Opportunity. The initiative enabled women from company-owned restaurants and participating franchisee restaurants to learn skills in areas such as data science, cybersecurity, artificial intelligence. MCD partnered with Microsoft and Colorado Technical University to carry out the initiative (McDonald’s, 2019).

    Both initiatives directly correlate to the “S” of the ESG framework, as the benefits of gender-diverse leadership continue to be paramount in assessing the core strengths of a company’s overreaching ESG portfolio. Hence, public companies will continue to face pressure from investors to act in accordance with these social initiatives.

    Results

    MCD’s Better Together and Women in Tech programs ultimately helped improve recruitment and retention rates among its female employee base. After the initialization of the gender balance and diversification strategy, McDonald’s signed on to the UN Women’s Empowerment Principles to help accelerate global efforts in addressing the gender disparity problem.

    1.3.1 Metrics and targets for governance disclosure

    Do not lose sight of regulatory requirements

    Strong governance is foundational element of a ESG program, yet governance reporting is nascent and is often embedded in umbrella legislation pertaining to a particular risk factor.

    A good example of this is the recent proposal by the Securities and Exchange Commission in the US (CFR Parts 229, 232, 239, 240, and 249, Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure), which will require public companies to:

    • Disclosure of board oversight of cyber risk.
    • Disclose management’s role in managing and accessing cybersecurity-related risks.

    The "G” component includes more than traditional governance factors and acts as a catch-all for other important ESG factors such as fraud, cybersecurity, and data hygiene. Make sure you understand how risk may manifest in your organization and put safeguards in place.

    Example governance metrics

    • Annual CEO compensation compared to median
    • Percentage of employees trained in conflict-of-interest policy
    • Completed number of supplier assessments
    • Number of data breaches using PII
    • Number of material cybersecurity breaches

    Info-Tech Insight

    The "G" in ESG may not be capturing the limelight under ESG legislation yet, but there are key governance factors that are that are under regulatory radar, including data, cybersecurity, fraud, and DEI. Be sure you stay on top of these issues and include performance metrics into your internal and external reporting frameworks.

    1.3.2 Conquering data management challenges

    48% of investment decision makers, including 58% of institutional investors, say companies’ self-reported ESG performance data is “much more important” than companies’ conventional financial data when informing their investment decisions (Benchmark ESG, 2021).

    Due to the nascent nature of climate-related reporting, data challenges such as the availability, usability, comparability, and workflow integration surface early in the ESG program journey when sourcing and organizing data:

    • It is challenging to collect non-financial data across functional business and geographical locations and from supplier base and supply chains.
    • The lack of common standards leads to comparability challenges, hindering confidence in the outputs.

    In addition to good, reliable inputs, organizations need to have the infrastructure to access new data sets and convert raw data into actionable insights.

    The establishment of data model and workflow processes to track data lineage is essential to support an ESG program. To be successful, it is critical that flexibility, scalability, and transparency exist in the architectural design. Data architecture must scale to capture rapidly growing volumes of unstructured raw data with the associated file formats.

    A photo of conceptual model for data lineage.

    Download Info-Tech’s Create and Manage Enterprise Data Models blueprint

    1.3.3 Reporting architecture

    CIOs play an important part in formulating the agenda and discourse surrounding baseline ESG reporting initiatives

    Building and operating an ESG program requires the execution of a large number of complex tasks.

    IT leaders have an important role to play in selecting the right technology approach to support a long-term strategy that will sustain and grow corporate performance.

    The decision to buy a vendor solution or build capabilities in-house will largely depend on your organization’s ESG ambitions and the maturity of in-house business and IT capabilities.

    For large, heavily regulated entities an integrated platform for ESG reporting can provide organizations with improved risk management and internal controls.

    Example considerations when deciding to meet ESG reporting obligations in-house

    • Size and type of organization
    • Extent of regulatory requirements and scrutiny
    • The amount of data you want to report
    • Current maturity of data architecture, particularly your ability to scale
    • Current maturity of your risk and control program – how easy is it to enhance current processes?
    • The availability and quality of primary data
    • Data set gaps
    • In-house expertise in data, model risk, and change management
    • Current operating model – is it siloed or integrated?
    • Implementation time
    • Program cost
    • The availability of vendor solutions that may address gaps

    Info-Tech Insight

    Executive leadership should take a more holistic and proactive stance to not only accurately reporting upon baseline corporate financial metrics but also capturing and disclosing relevant ESG performance metrics to drive alternative streams of valuation across their respective organizational environments.

    Activity 6: High-level implementation considerations

    Input: Business (ESG) strategy, Data inventory (if exists), Asset inventory (if exists), Output from Activity 5
    Output: Summary of high-level implementation considerations
    Materials: Whiteboard/flip charts, ESG Reporting Workbook
    Participants: Chief Sustainability Officer, Head of ESG Reporting, Business leaders, Data analysts, Data and IT architect/leaders,

    2-3 hours

    1. Review the implementation considerations on the previous slide to help determine the appropriate technology approach.
    2. For each implementation consideration, describe the current state.
    3. Discuss and draft the implications of reaching the desired future state by listing implications and organizational gaps.
    4. Discuss as a group if there is an obvious implementation approach.
    5. At this point, further analysis may be needed. Form a subcommittee or assign a leader to conduct further analysis.
    6. Record this information in the ESG Reporting Workbook.

    Download the ESG Reporting Workbook

    1.3.4 Ensure your implementation team has a high degree of trust and communication

    If external partners are needed, dedicate an internal resource to managing the vendor and partner relationships.

    Communication: Teams must have some type of communication strategy. This can be broken into:

    • Regularity: Having a set time each day to communicate progress and a set day to conduct retrospectives.
    • Ceremonies: Injecting awards and continually emphasizing delivery of value to encourage relationship building and constructive motivation.
    • Escalation: Voicing any concerns and having someone responsible for addressing those concerns.

    Proximity: Distributed teams create complexity as communication can break down. This can be mitigated by:

    • Location: Placing teams in proximity to close the barrier of geographical distance and time zone differences.
    • Inclusion: Making a deliberate attempt to pull remote team members into discussions and ceremonies.
    • Communication tools: Having the right technology (e.g. videoconference) to help bring teams closer together virtually.

    Trust: Members should trust other members are contributing to the project and completing their required tasks on time. Trust can be developed and maintained by:

    • Accountability: Having frequent quality reviews and feedback sessions. As work becomes more transparent, people become more accountable.
    • Role clarity: Having a clear definition of what everyone’s role is.

    1.4 Clear effective communication

    Improving investor transparency is one of the key drivers behind disclosure, so making the data easy to find and consumable is essential

    A diagram of reporting lifecycle.

    Your communication of ESG performance is intricately linked to corporate value creation. When designing your communications strategy, consider:

    • Your message – make it authentic and tell a consistent story.
    • How data will be used to support the narrative.
    • How your ESG program may impact internal and external programs and build a communication strategy that is fit for purpose. Example programs are:
      • Employee recruitment
      • New product rollout
      • New customer campaign
    • The design of the communication and how well it suits the audience. Communications may take the form of campaigns, thought leadership, infographics, etc.
    • The appropriateness of communication channels to your various audiences and the messages you want to convey. For example, social media, direct outreach, shareholder circular, etc.

    1.5 Continually evaluate

    A diagram of reporting lifecycle.

    A recent BDC survey of 121 large companies and public-sector buyers found that 82% require some disclosure from their suppliers on ESG, and that's expected to grow to 92% by 2024.
    Source: BDC, 2023

    ESG's link to corporate performance means that organizations must stay on top of ESG issues that may impact the long-term sustainability of their business.

    ESG components will continue to evolve, and as they do so will stakeholder views. It is important to continually survey your stakeholders to ensure you are optimally managing ESG risks and opportunities.

    To keep ESG on the strategy agenda, we recommend that organizations:

    • Appoint a chief sustainability officer (CSO) with a seat on executive leadership committees.
    • Embed ESG into existing governance and form a tactical ESG working group committee.
    • Ensure ESG risks are integrated into the enterprise risk management program.
    • Continually challenge your ESG strategy.
    • Regularly review risks and opportunities through proactive outreach to stakeholders.

    Download The ESG Imperative and Its Impact on Organizations

    Phase 2

    Streamline Requirements and Tool Selection

    A diagram that shows phase 1 to 3 of establishing ESG reporting program.

    This phase will walk you through the following activities:

    • Assess technology and tooling opportunities.
    • Prepare ESG reporting implementation plan.
    • Write ESG reporting presentation document.

    This phase involves the following participants: CIO, CCO, CSO, EA, IT application and data leaders, procurement, business leaders, marketing and communications, head of ESG reporting, and any dedicated ESG team members

    2.1 Streamline your requirements and tool section

    Spend the time up front to enable success and meet expectations

    Before sourcing any technology, it’s important to have a good understanding of your requirements.

    Key elements to consider:

    1. ESG reporting scope. Large enterprises will have more complex workflow requirements, but they also will have larger teams to potentially manage in-house. Smaller organizations will need easy-to-use, low-cost solutions.
    2. Industry and value chain. Look for industry-specific solutions, as they will be more tailored to your needs and will enable you to be up and running quicker.
    3. Coverage. Ensure the tool has adequate regulatory coverage to meet your current and future needs.
    4. Gap in functionality. Be clear on the problem you are trying to solve and/or the gap in workflow. Refer to the reporting lifecycle and be clear on your needs before sourcing technology.
    5. Resourcing. Factor in capacity during and after implementation and negotiate the appropriate support.

    Industry perspective

    The importance of ESG is something that will need to be considered for most, if not every decision in the future, and having reliable and available information is essential. While the industry will continue to see investment and innovation that drives operational efficiency and productivity, we will also see strong ESG themes in these emerging technologies to ensure they support both sustainable and socially responsible operations.

    With the breadth of technology Datamine already has addressing the ESG needs for the mining industry combined with our new technology, our customers can make effective and timely decisions through incorporating ESG data into their planning and scheduling activities to meet customer demands, while staying within the confines of their chosen ESG targets.

    Photo of Chris Parry

    Chris Parry
    VP of ESG, Datamine

    Photo of Datamine Photo of isystain

    Activity 7: Brainstorm tooling options

    Use the technology feature list below to identify areas along the ESG workflow where automated tools or third-party solutions may create efficiencies

    Technological Solutions Feature Bucket

    Basic Feature Description

    Advanced Feature Description

    Natural language processing (NLP) tools

    Ability to use NLP tools to track and monitor sentiment data from news and social media outlets.

    Leveraging NLP toolsets can provide organizations granular insights into workplace sentiment levels, which is a core component of any ESG strategy. A recent study by MarketPsych, a company that uses NLP technologies to analyze sentiment data from news and social media feeds, linked stock price performance to workplace sentiment levels.

    Distributed ledger technologies (DLTs)

    DLTs can help ensure greater reporting transparency, in line with stringent regulatory reporting requirements.

    DLT as an ESG enabler, with advanced capabilities such as an option to provide demand response services linked to electricity usage and supply forecasting.

    Cloud-based data management and reporting systems

    Cloud-based data management and reporting can support ESG initiatives by providing increased reporting transparency and a better understanding of diverse social and environmental risks.

    Leverage newfound toolsets such as Microsoft Cloud for Sustainability – a SaaS offering that enables organizations to seamlessly record, report, and reduce their emissions on a path toward net zero.

    IoT technologies

    Integration of IoT devices can help enhance the integrity of ESG reporting through the collection of descriptive and accurate ESG metrics (e.g. energy efficiency, indoor air quality, water quality and usage).

    Advanced management of real-time occupancy monitoring: for example, the ability to reduce energy consumption rates by ensuring energy is only used when spaces and individual cubicles are occupied.

    2.2 Vendors tools and technologies to support ESG reporting

    In a recent survey of over 1,000 global public- and private-sector leaders, 87% said they see AI as a helpful tool to fight climate change.
    Source: Boston Consulting Group

    Technology providers are part of the solution and can be leveraged to collect, analyze, disclose, track, and report on the vast amount of data.

    Increasingly organizations are using artificial intelligence to build climate resiliency:

    • AI is useful for the predictive modelling of potential climate events due to its ability to gather and analyze and synthesize large complete data sets.

    And protect organizations from vulnerabilities:

    • AI can be used to identify and assess vulnerabilities that may lead to business disruption or risks in production or the supply chain.

    A diagram of tooling, including DLT, natural language processing, cloud-based data management and IoT.

    2.3 ESG reporting software selection

    What Is ESG Reporting Software?

    Our definition: ESG reporting software helps organizations improve the transparency and accountability of their ESG program and track, measure, and report their sustainability efforts.

    Key considerations for reporting software selection:

    • While there are boutique ESG vendors in the market, organizations with existing GRC tools may first want to discuss ESG coverage with their existing vendor as it will enable better integration.
    • Ensure that the vendors you are evaluating support the requirements and regulations in your region, industry, and geography. Regulation is moving quickly – functionality needs to be available now and not just on the roadmap.
    • Determine the level of software integration support you need before meeting with vendors and ensure they will be able to provide it – when you need it!

    Adoption of ESG reporting software has historically been low, but these tools will become critical as organizations strive to meet increasing ESG reporting requirements.

    In a recent ESG planning and performance survey conducted by ESG SaaS company Diligent Corporation, it was found that over half of all organizations surveyed do not publish ESG metrics of any kind, and only 9% of participants are actively using software that supports ESG data collection, analysis, and reporting.

    Source: Diligent, 2021.

    2.3.1 Elicit and prioritize granular requirements for your ESG reporting software

    Understanding business needs through requirements gathering is the key to defining everything about what is being purchased. However, it is an area where people often make critical mistakes.

    Poorly scoped requirements

    Fail to be comprehensive and miss certain areas of scope.

    Focus on how the solution should work instead of what it must accomplish.

    Have multiple levels of detail within the requirements that are inconsistent and confusing.

    Drill all the way down into system-level detail.

    Add unnecessary constraints based on what is done today rather than focusing on what is needed for tomorrow.

    Omit constraints or preferences that buyers think are obvious.

    Best practices

    Get a clear understanding of what the system needs to do and what it is expected to produce.

    Test against the principle of MECE – requirements should be “mutually exclusive and collectively exhaustive.”

    Explicitly state the obvious and assume nothing.

    Investigate what is sold on the market and how it is sold. Use language that is consistent with that of the market and focus on key differentiators – not table stakes.

    Contain the appropriate level of detail – the level should be suitable for procurement and sufficient for differentiating vendors.

    Download Info-Tech's Improve Requirements Gathering blueprint

    2.3.1 Identify critical and nice-to-have features

    Central Data Repository: Collection of stored data from existing databases merged into one location that can then be shared, analyzed, or updated.

    Automatic Data Collection: Ability to automate data flows, collect responses from multiple sources at specified intervals, and check them against acceptance criteria.

    Automatic KPI Calculations, Conversions, and Updates: Company-specific metrics can be automatically calculated, converted, and tracked.

    Built-In Indicator Catalogs and Benchmarking: Provides common recognized frameworks or can integrate a catalog of ESG indicators.

    Custom Reporting: Ability to create reports on company emissions, energy, and asset data in company-branded templates.

    User-Based Access and Permissions: Ability to control access to specific content or data sets based on the end user’s roles.

    Real-Time Capabilities: Ability to analyze and visualize data as soon as it becomes available in underlying systems.

    Version Control: Tracking of document versions with each iteration of document changes.

    Intelligent Alerts and Notifications: Ability to create, manage, send, and receive notifications, enhancing efficiency and productivity.

    Audit Trail: View all previous activity including any recent edits and user access.

    Encrypted File Storage and Transfer: Ability to encrypt a file before transmitting it over the network to hide content from being viewed or extracted.

    Activity 7: Technology and tooling options

    Input: Business (ESG) strategy, Data inventory (if exists), Asset inventory (if exists), Output from Activity 5, Output from Activity 6,
    Output: List of tooling options
    Materials: Whiteboard/flip charts, ESG Reporting Workbook
    Participants: Chief Sustainability Officer, Head of ESG Reporting, Business leaders, Data analysts, Data and IT architect/leaders

    1-2 hours

    1. Begin by listing key requirements and features for your ESG reporting program.
    2. Use the outputs from activities 5 and 6 and the technology feature list on the previous slide to help brainstorm technology and tooling options.
    3. Discuss the availability and readiness of each option. Note that regulatory requirements will have an effective date that will impact the time to market for introducing new tooling.
    4. Discuss and assign a priority.
    5. At this point, further analysis may be needed. Form a subcommittee or assign a leader to conduct further analysis.
    6. Record this information in the ESG Reporting Workbook.

    Download the ESG Reporting Workbook

    Activity 8: Implementation plan

    Input: Business (ESG) strategy, Output from Activity 5, Output from Activity 6, Output from Activity 7
    Output: ESG Reporting Implementation Plan
    Materials: Whiteboard/flip charts, ESG Reporting Implementation Plan Template
    Participants: Chief Sustainability Officer, Head of ESG Reporting, Business leaders, Data analysts, PMO, Data and IT architect/leaders

    1-2 hours

    1. Use the outputs from activities 5 to 7 and list required implementation tasks. Set a priority for each task.
    2. Assign the accountable owner as well as the group responsible. Larger organizations and large, complex change programs will have a group of owners.
    3. Track any dependencies and ensure the project timeline aligns.
    4. Add status as well as start and end dates.
    5. Complete in the ESG Reporting Implementation Plan Template.

    Download the ESG Reporting Implementation Plan Template

    Activity 9: Internal communication

    Input: Business (ESG) strategy, ESG Reporting Workbook, ESG reporting implementation plan
    Output: ESG Reporting Presentation Template
    Materials: Whiteboard/flip charts, ESG Reporting Presentation Template, Internal communication templates
    Participants: Chief Sustainability Officer, Head of Marketing/ Communications, Business leaders, PMO

    1-2 hours

    Since a purpose-driven ESG program presents a significant change in how organizations operate, the goals and intentions need to be understood throughout the organization. Once you have developed your ESG reporting strategy it is important that it is communicated, understood, and accepted. Use the ESG Reporting Presentation Template as a guide to deliver your story.

    1. Consider your audience and discuss and agree on the key elements you want to convey.
    2. Prepare the presentation.
    3. Test the presentation with smaller group before communicating to senior leadership/board

    Download the ESG Reporting Presentation Template

    Phase 3

    Select ESG Reporting Software

    A diagram that shows phase 1 to 3 of establishing ESG reporting program.

    This phase will provide additional material on Info-Tech’s expertise in the following areas:

    • Info-Tech’s approach to RFPs
    • Info-Tech tools for software selection
    • Example ESG software assessments

    3.1 Leverage Info-Tech’s expertise

    Develop an inclusive and thorough approach to the RFP process

    An image that a process of 7 steps.

    The Info-Tech difference:

    1. The secret to managing an RFP is to make it as manageable and as thorough as possible. The RFP process should be like any other aspect of business – with a standard process in place, you are better able to handle whatever comes your way, because you know the steps you need to follow to produce a top-notch RFP.
    2. The business then identifies the need for more information about a product/service or determines that a purchase is required.
    3. A team of stakeholders from each area impacted gather all business, technical, legal, and risk requirements. What are the expectations of the vendor relationship post-RFP? How will the vendors be evaluated?
    4. Based on predetermined requirements, either an RFI or an RFP is issued to vendors with a due date.

    Info-Tech Insight

    Review Info-Tech’s process and understand how you can prevent your organization from leaking negotiation leverage while preventing vendors from taking control of your RFP.

    Software Selection Engagement

    5 Advisory Calls Over a 5-Week Period to Accelerate Your Selection Process

    Expert Analyst Guidance over5 weeks on average to select and negotiate software.

    Save Money, Align Stakeholders, Speed Up the Process & make better decisions.

    Use a Repeatable, Formal Methodology to improve your application selection process.

    Better, Faster Results, guaranteed, included in membership.

    A diagram of selection engagement over a 5-week period.

    CLICK HERE to Book Your Selection Engagement

    Leverage the Contract Review Service to level the playing field with your shortlisted vendors

    You may be faced with multiple products, services, master service agreements, licensing models, service agreements, and more.

    Use the Contract Review Service to gain insights on your agreements.

    Consider the aspects of a contract review:

    1. Are all key terms included?
    2. Are they applicable to your business?
    3. Can you trust that results will be delivered?
    4. What questions should you be asking from an IT perspective?

    Validate that a contract meets IT’s and the business’ needs by looking beyond the legal terminology. Use a practical set of questions, rules, and guidance to improve your value for dollar spent.

    A photo of Contract Review Service.

    Click here to book The Contract Review Service

    Download blueprint Master Contract Review and Negotiation for Software Agreements

    3.2 Vendor spotlight assessments

    See above for a vendor landscape overview of key ESG reporting software providers

    The purpose of this section is to showcase various vendors and companies that provide software solutions to help users manage and prioritize their ESG reporting initiatives.

    This section showcases the core capabilities of each software platform to provide Info-Tech members with industry insights regarding some of the key service providers that operate within the ESG vendor market landscape.

    Info-Tech members who are concerned with risks stemming from the inability to sort and disseminate unstructured ESG data reporting metrics or interested in learning more about software offerings that can help automate the data collection, processing, and management of ESG metrics will find high-level insights into the ESG vendor market space.

    Vendor spotlight

    A photo of Datamine Isystain

    The establishment of the Datamine ESG unit comes at the same time the mining sector is showing an increased interest in managing ESG and its component systems as part of a single scope.

    With miners collecting and dealing with ever-increasing quantities of data and looking for ways to leverage it to make data-driven decisions that enhance risk management and increase profitability, integrated software solutions are – now more than ever – essential in supporting continuous improvement and maintaining data fidelity and data integrity across the entire mining value chain.

    An example of Datamine Isystain An example of Datamine Isystain An example of Datamine Isystain

    Key Features:

    • Discover GIS for geochemical, water, erosion, and vegetation modelling and management.
    • Qmed for workforce health management, COVID testing, and vaccine administration.
    • MineMarket and Reconcilor for traceability and auditing, giving visibility to chain of custody and governance across the value chain, from resource modelling to shipping and sales.
    • Centric Mining Systems – intelligence software for real-time transparency and governance across multiple sites and systems, including key ESG performance indicator reporting.
    • Zyght – a leading health, safety, and environment solution for high-impact industries that specializes in environment, injury, risk management, safe work plans, document management, compliance, and reporting.
    • Isystain – a cloud-based platform uniquely designed to support health, safety & environment, sustainability reporting, compliance and governance, and social investment reporting. Designed for seamless integration within an organization’s existing software ecosystems providing powerful analytics and reporting capabilities to streamline the production of sustainability and performance reporting.

    Vendor spotlight

    A logo of Benchmark ESG

    Benchmark ESG provides industry-leading ESG data management and reporting software that can assist organizations in managing operational risk and compliance, sustainability, product stewardship, and ensuring responsible sourcing across complex global operations.

    An example of Benchmark ESG An example of Benchmark ESG

    Key Features:

    Vendor spotlight

    A logo of PWC

    PwC’s ESG Management Solution provides quick insights into ways to improve reporting transparency surrounding your organization’s ESG commitments.

    According to PwC’s most recent CEO survey, the number one motivator for CEOs in mitigating climate change risks is their own desire to help solve this global problem and drive transparency with stakeholders.
    Source: “Annual Global CEO Survey,” PwC, 2022.

    An example of PWC An example of PWC

    Key Features:

    • Streamlined data mining capabilities. PwC’s ESG solution provides the means to streamline, automate, and standardize the input of sustainability data based on non-financial reporting directive (NFRD) and corporate sustainability reporting directive (CSRD) regulations.
    • Company and product carbon footprint calculation and verification modules.
    • Robust dashboarding capabilities. Option to create custom-tailored sustainability monitoring dashboards or integrate existing ESG data from an application to existing dashboards.
    • Team management functionalities that allow for more accessible cross-departmental communication and collaboration. Ability to check progress on tasks, assign tasks, set automatic notifications/deadlines, etc.

    Vendor spotlight

    A logo of ServiceNow

    ServiceNow ESG Management (ESGM) and reporting platform helps organizations transform the way they manage, visualize, and report on issues across the ESG spectrum.

    The platform automates the data collection process and the organization and storage of information in an easy-to-use system. ServiceNow’s ESGM solution also develops dashboards and reports for internal user groups and ensures that external disclosure reports are aligned with mainstream ESG standards and frameworks.

    We know that doing well as a business is about more than profits. One workflow at a time, we believe we can change the world – to be more sustainable, equitable, and ethical.
    Source: ServiceNow, 2021.

    An example of ServiceNow

    Key Features:

    1. An executive dashboard to help coherently outline the status of various ESG indicators, including material topics, goals, and disclosure policies all in one centralized hub
    2. Status review modules. Ensure that your organization has built-in modules to help them better document and monitor their ESG goals and targets using a single source of truth.
    3. Automated disclosure modules. ESGM helps organizations create more descriptive ESG disclosure reports that align with industry accountability standards (e.g. SASB, GRI, CDP).

    Other key vendors to consider

    An image of other 12 key vendors

    Related Info-Tech Research

    Photo of The ESG Imperative and Its Impact on Organizations

    The ESG Imperative and Its Impact on Organizations

    Use this blueprint to educate yourself on ESG factors and the broader concept of sustainability.

    Identify changes that may be needed in your organizational operating model, strategy, governance, and risk management approach.

    Learn about Info-Tech’s ESG program approach and use it as a framework to begin your ESG program journey.

    Photo of Private Equity and Venture Capital Growing Impact of ESG Report

    Private Equity and Venture Capital Growing Impact of ESG Report

    Increasingly, new capital has a social mandate attached to it due to the rise of ESG investment principles.

    Learn about how the growing impact of ESG affects both your organization and IT specifically, including challenges and opportunities, with expert assistance.

    Definitions

    Terms

    Definition

    Corporate Social Responsibility

    Management concept whereby organizations integrate social and environmental concerns in their operations and interactions with their stakeholders.

    Chief Sustainability Officer

    Steers sustainability commitments, helps with compliance, and helps ensure internal commitments are met. Responsibilities may extend to acting as a liaison with government and public affairs, fostering an internal culture, acting as a change agent, and leading delivery.

    ESG

    An acronym that stands for environment, social, and governance. These are the three components of a sustainability program.

    ESG Standard

    Contains detailed disclosure criteria including performance measures or metrics. Standards provide clear, consistent criteria and specifications for reporting. Typically created through consultation process.

    ESG Framework

    A broad contextual model for information that provides guidance and shapes the understanding of a certain topic. It sets direction but does not typically delve into the methodology. Frameworks are often used in conjunction with standards.

    ESG Factors

    The factors or issues that fall under the three ESG components. Measures the sustainability performance of an organization.

    ESG Rating

    An aggregated score based on the magnitude of an organization’s unmanaged ESG risk. Ratings are provided by third-party rating agencies and are increasingly being used for financing, transparency to investors, etc.

    ESG Questionnaire

    ESG surveys or questionnaires are administered by third parties and used to assess an organization’s sustainability performance. Participation is voluntary.

    Key Risk Indicator (KRI)

    A measure to indicate the potential presence, level, or trend of a risk.

    Key Performance Indicator (KPI)

    A measure of deviation from expected outcomes to help a firm see how it is performing.

    Materiality

    Material topics are topics that have a direct or indirect impact on an organization's ability to create, preserve, or erode economic, environmental, and social impact for itself and its stakeholder and society as a whole.

    Materiality Assessment

    A tool to identify and prioritize the ESG issues most critical to the organization.

    Risk Sensing

    The range of activities carried out to identify and understand evolving sources of risk that could have a significant impact on the organization (e.g. social listening).

    Sustainability

    The ability of an organization and broader society to endure and survive over the long term by managing adverse impacts well and promoting positive opportunities.

    Sustainalytics

    Now part of Morningstar. Sustainalytics provides ESG research, ratings, and data to institutional investors and companies.

    UN Guiding Principles on Business and Human Rights (UNGPs)

    An essential methodological foundation for how impacts across all dimensions should be assessed.

    Reporting and standard frameworks

    Standard

    Definition and focus

    CDP
    (Formally Carbon Disclosure Project)

    CDP has created standards and metrics for comparing sustainability impact. Focuses on environmental data (e.g. carbon, water, and forests) and on data disclosure and benchmarking.

    Audience: All stakeholders

    Dow Jones Sustainability Indices (DJSI)

    Heavy on corporate governance and company performance. Equal balance of economic, environmental, and social.

    Audience: All stakeholders

    Global Reporting Initiative (GRI)

    International standards organization that has a set of standards to help organizations understand and communicate their impacts on climate change and social responsibility. The standard has a strong emphasis on transparency and materiality, especially on social issues.

    Audience: All stakeholders

    International Sustainability Standards Board (ISSB)

    Standard-setting board that sits within the International Financial Reporting Standards (IFRS) Foundation. The IFRS Foundation is a not-for-profit, public-interest organization established to develop high-quality, understandable, enforceable, and globally accepted accounting and sustainability disclosure standards.

    Audience: Investor-focused

    United Nations Sustainable Development Goals (SDGs)

    Global partnership across sectors and industries that sets out 17 goals to achieve sustainable development for all.

    Audience: All stakeholders

    Sustainability Accounting Standards Board (SASB)
    Now part of IFSR foundation

    Industry-specific standards to help corporations select topics that may impact their financial performance. Focus on material impacts on financial condition or operating performance.

    Audience: Investor-focused

    Task Force on Climate-Related Financial Disclosures (TCFD; created by the Financial Stability Board)

    Standards framework focused on the impact of climate risk on financial and operating performance. More broadly the disclosures inform investors of positive and negative measures taken to build climate resilience and make transparent the exposure to climate-related risk.

    Audience: Investors, financial stakeholders

    Bibliography

    "2021 Global Investor Survey: The Economic Realities of ESG." PwC, Dec. 2021. Accessed May 2022.

    "2023 Canadian ESG Reporting Insights." PwC, Nov. 2022. Accessed Dec. 2022.

    Althoff, Judson. "Microsoft Cloud for Sustainability: Empowering Organizations On Their Path To Net Zero." Microsoft Blog, 14 July 2021. Accessed May 2022.

    "Balancing Sustainability and Profitability." IBM, Feb. 2022. Accessed June. 2022.

    "Beyond Compliance: Consumers and Employees Want Business to Do More on ESG." PwC, Nov. 2021. Accessed July 2022.

    Bizo, Daniel. "Multi-Tenant Datacenters and Sustainability: Ambitions and Reality." S&P Market Intelligence, Sept. 2020. Web.

    Bolden, Kyle. "Aligning nonfinancial reporting with your ESG strategy to communicate long-term value." EY, 18 Dec. 2020. Web.

    Carril, Christopher, et al. "Looking at Restaurants Through an ESG Lens: ESG Stratify – Equity Research Report." RBC Capital Markets, 5 Jan. 2021. Accessed Jun. 2022.

    "Celebrating and Advancing Women." McDonald’s, 8 March 2019. Web.

    Clark, Anna. "Get your ESG story straight: A sustainability communication starter kit." GreenBiz, 20 Dec. 2022, Accessed Dec. 2022.

    Courtnell, Jane. “ESG Reporting Framework, Standards, and Requirements.” Corporate Compliance Insights, Sept. 2022. Accessed Dec. 2022.

    “Country Sustainability Ranking. Country Sustainability: Visibly Harmed by Covid-19.” Robeco, Oct. 2021. Accessed June 2022.

    “Defining the “G” in ESG Governance Factors at the Heart of Sustainable Business.” World Economic Forum, June 2022. Web.

    “Digital Assets: Laying ESG Foundations.” Global Digital Finance, Nov. 2021. Accessed April 2022.

    “Dow Jones Sustainability Indices (DJCI) Index Family.” S&P Global Intelligence, n.d. Accessed June 2022.

    "ESG in Your Business: The Edge You Need to Land Large Contracts." BDC, March 2023, Accessed April 2023.

    “ESG Performance and Its Impact on Corporate Reputation.” Intelex Technologies, May 2022. Accessed July 2022.

    “ESG Use Cases. IoT – Real-Time Occupancy Monitoring.” Metrikus, March 2021. Accessed April 2022.

    Fanter, Tom, et al. “The History & Evolution of ESG.” RMB Capital, Dec. 2021. Accessed May 2022.

    Flynn, Hillary, et al. “A guide to ESG materiality assessments.” Wellington Management, June 2022, Accessed September 2022

    “From ‘Disclose’ to ‘Disclose What Matters.’” Global Reporting Initiative, Dec. 2018. Accessed July 2022.

    “Getting Started with ESG.” Sustainalytics, 2022. Web.

    “Global Impact ESG Fact Sheet.” ServiceNow, Dec. 2021. Accessed June 2022.

    Gorley, Adam. “What is ESG and Why It’s Important for Risk Management.” Sustainalytics, March 2022. Accessed May 2022.

    Hall, Lindsey. “You Need Near-Term Accountability to Meet Long-Term Climate Goals.” S&P Global Sustainable1, Oct. 2021. Accessed April 2022.

    Henisz, Witold, et al. “Five Ways That ESG Creates Value.” McKinsey, Nov. 2019. Accessed July 2022.

    “Integrating ESG Factors in the Investment Decision-Making Process of Institutional Investors.” OECD iLibrary, n.d. Accessed July 2022.

    “Investor Survey.” Benchmark ESG, Nov. 2021. Accessed July 2022.

    Jackson, Brian. Tech Trends 2023, Info-Tech Research Group, Dec. 2022, Accessed Dec. 2022.

    Keet, Lior. “What Is the CIO’s Role in the ESG Equation?” EY, 2 Feb. 2022. Accessed May 2022.

    Lev, Helee, “Understanding ESG risks and why they matter” GreenBiz, June 2022. Accessed Dec 2022.

    Marsh, Chris, and Simon Robinson. “ESG and Technology: Impacts and Implications.” S&P Global Market Intelligence, March 2021. Accessed April 2022.

    Martini, A. “Socially Responsible Investing: From the Ethical Origins to the Sustainable Development Framework of the European Union.” Environment, Development and Sustainability, vol. 23, Nov. 2021. Web.

    Maher, Hamid, et al. “AI Is Essential for Solving the Climate Crisis.” Boston Consulting Group, 7 July 2022. Web.

    “Materiality Assessment. Identifying and Taking Action on What Matters Most.” Novartis, n.d. Accessed June. 2022.

    Morrow, Doug, et al. “Understanding ESG Incidents: Key Lessons for Investors.” Sustainalytics, July 2017. Accessed May 2022.

    “Navigating Climate Data Disclosure.” Novisto, July 2022. Accessed Nov. 2022.

    Nuttall, Robin, et al. “Why ESG Scores Are Here to Stay.” McKinsey & Company, May 2020. Accessed July 2022.

    “Opportunities in Sustainability – 451 Research’s Analysis of Sustainability Perspectives in the Data Center Industry.” Schneider Electric, Sept. 2020. Accessed May 2022.

    Peterson, Richard. “How Can NLP Be Used to Quantify ESG Analytics?” Refinitiv, Feb. 2021. Accessed June 2022.

    “PwC’s 25th Annual Global CEO Survey: Reimagining the Outcomes That Matter.” PwC, Jan. 2022. Accessed June 2022.

    “SEC Proposes Rules on Cybersecurity, Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies.” Securities and Exchange Commission, 9 May 2022. Press release.

    Serafeim, George. “Social-Impact Efforts That Create Real Value.” Harvard Business Review, Sept. 2020. Accessed May 2022.

    Sherrie, Gonzalez. “ESG Planning and Performance Survey.” Diligent, 24 Sept. 2021. Accessed July 2022.

    “Special Reports Showcase, Special Report: Mid-Year Report on Proposed SEC Rule 14-8 Change.” Sustainable Investments Institute, July 2020. Accessed April 2022.

    “State of European Tech. Executive Summary Report.” Atomico, Nov. 2021. Accessed June 2022.

    “Top Challenges in ESG Reporting, and How ESG Management Solution Can Help.” Novisto, Sept. 2022. Accessed Nov. 2022.

    Vaughan-Smith, Gary. “Navigating ESG data sets and ‘scores’.” Silverstreet Capital, 23 March 2022. Accessed Dec. 2022.

    Waters, Lorraine. “ESG is not an environmental issue, it’s a data one.” The Stack, 20 May 2021. Web.

    Wells, Todd. “Why ESG, and Why Now? New Data Reveals How Companies Can Meet ESG Demands – And Innovate Supply Chain Management.” Diginomica, April 2022. Accessed July 2022.

    “XBRL is coming to corporate sustainability Reporting.” Novisto, Aug. 2022. Accessed Dec. 2022.

    Research Contributors and Experts

    Photo of Chris Parry

    Chris Parry
    VP of ESG, Datamine

    Chris Parry has recently been appointed as the VP of ESG at Datamine Software. Datamine’s dedicated ESG division provides specialized ESG technology for sustainability management by supporting key business processes necessary to drive sustainable outcomes.

    Chris has 15 years of experience building and developing business for enterprise applications and solutions in both domestic and international markets.

    Chris has a true passion for business-led sustainable development and is focused on helping organizations achieve their sustainable business outcomes through business transformation and digital software solutions.

    Datamine’s comprehensive ESG capability supports ESG issues such as the environment, occupational health and safety, and medical health and wellbeing. The tool assists with risk management, stakeholder management and business intelligence.

    IT Operations Consulting

    Operations... make sure that the services and products you offer your clients are delivered in the most efficient way possible. IT Operations makes sure that the applications and infrastructure that your delivery depends on is solid.

    Gert Taeymans has over 20 years experience in directing the implementation and management of mission-critical services for businesses in high-volume international markets. Strong track record in risk management, crisis management including disaster recovery, service delivery and change & config management.

    Register to read more …

    Tell Your Story With Data Visualization

    • Buy Link or Shortcode: {j2store}364|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy

    Analysts do not feel empowered to challenge requirements to deliver a better outcome. This alongside underlying data quality issues prevents the creation of accurate and helpful information. Graphic representations do not provide meaningful and actionable insights.

    Our Advice

    Critical Insight

    As organizations strive to become more data-driven, good storytelling with data visualization supports growing corporate data literacy and helps analysts in providing insights that improves organization's decision-making and value-driving processes, which ultimately boosts business performance.

    Impact and Result

    Follow a step-by-step guide to address the business bias of tacet experience over data facts and increase audience's understanding and acceptance toward data solutions.

    Save the lost hours and remove the challenges of reports and dashboards being disregarded due to ineffective usage.

    Gain insights from data-driven recommendations and have decision support to make informed decisions.

    Tell Your Story With Data Visualization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Tell Your Story With Data Visualization Deck – Solve challenging business problems more effectively and improve communication with audiences by demonstrating significant insights through data storytelling with impactful visuals.

    Here is our step-by-step process of getting value out of effective storytelling with data visualization:

  • Step 1: Frame the business problem and the outcomes required.
  • Step 2: Explore the potential drivers and formulate hypotheses to test.
  • Step 3: Construct a meaningful narrative which the data supports.
    • Tell Your Story With Data Visualization Storyboard

    2. Storytelling Whiteboard Canvas Template – Plan out storytelling using Info-Tech’s whiteboard canvas template.

    This storytelling whiteboard canvas is a template that will help you create your visualization story narrative by:

  • Identifying the problem space.
  • Finding logical relationships and data identification.
  • Reviewing analysis and initial insights.
  • Building the story and logical conclusion.
    • Storytelling Whiteboard Canvas Template
    [infographic]

    Further reading

    Tell Your Story With Data Visualization

    Build trust with your stakeholders.

    Analyst Perspective

    Build trust with your stakeholders.

    Data visualization refers to graphical representations of data which help an audience understand. Without good storytelling, however, these representations can distract an audience with enormous amounts of data or even lead them to incorrect conclusions.

    Good storytelling with data visualization involves identifying the business problem, exploring potential drivers, formulating a hypothesis, and creating meaningful narratives and powerful visuals that resonate with all audiences and ultimately lead to clear actionable insights.

    Follow Info-Tech's step-by-step approach to address the business bias of tacit experience over data facts, improve analysts' effectiveness and support better decision making.

    Ibrahim Abdel-Kader, Research Analyst

    Ibrahim Abdel-Kader
    Research Analyst,
    Data, Analytics, and Enterprise Architecture

    Nikitha Patel, Research Specialist

    Nikitha Patel
    Research Specialist,
    Data, Analytics, and Enterprise Architecture

    Ruyi Sun, Research Specialist

    Ruyi Sun
    Research Specialist,
    Data, Analytics, and Enterprise Architecture

    Our understanding of the problem

    This research is designed for

    • Business analysts, data analysts, or their equivalent who (in either a centralized or federated operating model) look to solve challenging business problems more effectively and improve communication with audiences by demonstrating significant insights through visual data storytelling.

    This research will also assist

    • A CIO or business unit (BU) leader looking to improve reporting and analytics, reduce time to information, and embrace decision making.

    This research will help you

    • Identify the business problem and root causes that you are looking to address for key stakeholders.
    • Improve business decision making through effective data storytelling.
    • Focus on insight generation rather than report production.
    • Apply design thinking principles to support the collection of different perspectives.

    This research will help them

    • Understand the report quickly and efficiently, regardless of their data literacy level.
    • Grasp the current situation of data within the organization.

    Executive Summary

    Your Challenge Common Obstacles Info-Tech's Approach
    As analysts, you may experience some critical challenges when presenting a data story.
    • The graphical representation does not provide meaningful or actionable insights.
    • Difficulty selecting the right visual tools or technologies to create visual impact.
    • Lack of empowerment, where analysts don't feel like they can challenge requirements.
    • Data quality issues that prevent the creation of accurate and helpful information.
    Some common roadblocks may prevent you from addressing these challenges.
    • Lack of skills and context to identify the root cause or the insight that adds the most value.
    • Lack of proper design or over-visualization of data will mislead/confuse the audience.
    • Business audience bias, leading them to ignore reliable insights presented.
    • Lack of the right access to obtain data could hinder the process.
    • Understand and dissect the business problem through Info-Tech's guidance on root cause analysis and design thinking process.
    • Explore each potential hypothesis and construct your story's narratives.
    • Manage data visualization using evolving tools and create visual impact.
    • Inform business owners how to proceed and collect feedback to achieve continuous improvement.

    Info-Tech Insight
    As organizations strive to become more data-driven, good storytelling with data visualization supports growing corporate data literacy and helps analysts provide insights that improve organizational decision-making and value-driving processes, which ultimately boosts business performance.

    Glossary

    • Data: Facts or figures, especially those stored in a computer, that can be used for calculating, reasoning, or planning. When data is processed, organized, structured, or presented in a given context to make it useful, it is called information. Data leaders are accountable for certain data domains and sets.
    • Data storytelling: The ability to create a narrative powered by data and analytics that supports the hypothesis and intent of the story. Narrators of the story should deliver a significant view of the message in a way easily understood by the target audience. Data visualization can be used as a tactic to enhance storytelling.
    • Data visualization: The ability to visually represent a complete story to the target audience powered by data & analytics, using data storytelling as an enabling mechanism to convey narratives. Typically, there are two types of visuals used as part of data visualization: explanatory/informative visuals (the entire story or specific aspects delivered to the audience) and exploratory visuals (the collected data used to clarify what questions must be answered).
    • Data literacy: The ability to read, work with, analyze, and argue with data. Easy access to data is essential to exercising these skills. All organizational employees involved with data-driven decisions should learn to think critically about the data they use for analytics and how they assess and interpret the results of their work.
    • Data quality: A measure of the condition of data based on factors such as accuracy, completeness, consistency, reliability, and being up-to-date. This is about how well-suited a data set is to serve its intended purpose, therefore business users and stakeholders set the standards for what is good enough. The governance function along with IT ensures that data quality measures are applied, and corrective actions taken.
    • Analytics/Business intelligence (BI): A technology-driven process for analyzing data and delivering actionable information that helps executives, managers, and workers make informed business decisions. As part of the BI process, organizations collect data from internal IT systems and external sources, prepare it for analysis, run queries against the data, and create data visualizations.
      Note: In some frameworks, analytics and BI refer to different types of analyses (i.e. analytics predict future outcomes, BI describes what is or has been).

    Getting value out of effective storytelling with data visualization

    Data storytelling is gaining wide recognition as a tool for supporting businesses in driving data insights and making better strategic decisions.

    92% of respondents agreed that data storytelling is an effective way of communicating or delivering data and analytics results.

    87% of respondents agreed that if insights were presented in a simpler/clearer manner, their organization's leadership team would make more data-driven decisions.

    93% of respondents agreed that decisions made based on successful data storytelling could potentially help increase revenue.

    Source: Exasol, 2021

    Despite organizations recognizing the value of data storytelling, issues remain which cannot be remedied solely with better technology.

    61% Top challenges of conveying important insights through dashboards are lack of context (61%), over-communication (54%), and inability to customize contents for intended audiences (46%).

    49% of respondents feel their organizations lack storytelling skills, regardless of whether employees are data literate.

    Source: Exasol, 2021

    Info-Tech Insight
    Storytelling is a key component of data literacy. Although enterprises are increasingly investing in data analytics software, only 21% of employees are confident with their data literacy skills. (Accenture, 2020)

    Prerequisite Checklist

    Before applying Info-Tech's storytelling methodology, you should have addressed the following criteria:

    • Select the right data visualization tools.
    • Have the necessary training in statistical analysis and data visualization technology.
    • Have competent levels of data literacy.
    • Good quality data founded on data governance and data architecture best practices.

    To get a complete view of the field you want to explore, please refer to the following Info-Tech resources:

    Select and Implement a Reporting and Analytics Solution

    Build a Data Architecture Roadmap

    Establish Data Governance

    Build Your Data Quality Program

    Foster Data-Driven Culture With Data Literacy

    Info-Tech's Storytelling With Data Visualization Framework

    Data Visualization Framework

    Info-Tech Insight
    As organizations strive to become more data-driven, good storytelling with data visualization supports growing corporate data literacy and helps analysts provide insights that improve organizational decision-making and value-driving processes, which ultimately boosts business performance.

    Research Benefits

    Member Benefits Business Benefits
    • Reduce time spent on getting your audience in the room and promote business involvement with the project.
    • Eliminate ineffectively used reports and dashboards being disregarded for lack of storytelling skills, resulting in real-time savings and monetary impact.
    • Example: A $50k reporting project has a 49% risk of the company being unable to communicate effective data stories (Exasol, 2021). Therefore, a $50k project has an approx. 50% chance of being wasted. Using Info-Tech's methodology, members can remove the risk, saving $25k and the time required to produce each report.
    • Address the common business bias of tacit experience over data-supported facts and increase audience understanding and acceptance of data-driven solutions.
    • Clear articulation of business context and problem.
    • High-level improvement objectives and return on investment (ROI).
    • Gain insights from data-driven recommendations to assist with making informed decisions.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Master the Secrets of Adobe’s Creative Cloud Contracts to Right-Size Your Adobe Spend

    • Buy Link or Shortcode: {j2store}139|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $63,667 Average $ Saved
    • member rating average days saved: 110 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Adobe operates in its own niche in the creative space, and Adobe users have grown accustomed to their products, making switching very difficult.
    • With Adobe’s transition to a cloud-based subscription model, it’s important for organizations to actively manage licenses, software provisioning, and consumption.
    • Without a detailed understanding of Adobe’s various purchasing models, overspending often occurs.
    • Organizations have experienced issues in identifying commercial licensed packages with their install files, making it difficult to track and assign licenses.

    Our Advice

    Critical Insight

    • Focus on user needs first. Examine which products are truly needed versus nice to have to prevent overspending on the Creative Cloud suite.
    • Examine what has been deployed. Knowing what has been deployed and what is being used will greatly aid in completing your true-up.
    • Compliance is not automatic with products that are in the cloud. Shared logins or computers that have desktop installs that can be access by multiple users can cause noncompliance.

    Impact and Result

    • Visibility into license deployments and needs
    • Compliance with internal audits

    Master the Secrets of Adobe’s Creative Cloud Contracts to Right-Size Your Adobe Spend Research & Tools

    Start here – read the Executive Brief

    Procuring Adobe software is not the same game as it was just a few years ago. Adopt a comprehensive approach to understanding Adobe licensing to avoid overspending and to maximize negotiation leverage.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Manage your Adobe agreements

    Use Info-Tech’s licensing best practices to avoid overspending on Adobe licensing and to remain compliant in case of audit.

    • Adobe ETLA vs. VIP Pricing Table
    • Adobe ETLA Forecasted Costs and Benefits
    • Adobe ETLA Deployment Forecast
    [infographic]

    Further reading

    Master the Secrets of Adobe’s Creative Cloud Contracts to Right-Size Your Adobe Spend

    Learn the essential steps to avoid overspending and to maximize negotiation leverage with Adobe.

    ANALYST PERSPECTIVE

    Only 18% of Adobe licenses are genuine copies: are yours?

    "Adobe has designed and executed the most comprehensive evolution to the subscription model of pre-cloud software publishers with Creative Cloud. Adobe's release of Document Cloud (replacement for the Acrobat series of software) is the final nail in the coffin for legacy licensing for Adobe. Technology procurement functions have run out of time in which to act while they still retain leverage, with the exception of some late adopter organizations that were able to run on legacy versions (e.g. CS6) for the past five years. Procuring Adobe software is not the same game as it was just a few years ago. Adopt a comprehensive approach to understanding Adobe licensing, contract, and delivery models in order to accurately forecast your software needs, transact against the optimal purchase plan, and maximize negotiation leverage. "

    Scott Bickley

    Research Lead, Vendor Practice

    Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For:

    • IT managers scoping their Adobe licensing requirements and compliance position.
    • CIOs, CTOs, CPOs, and IT directors negotiating licensing agreements in search of cost savings.
    • ITAM/Software asset managers responsible for tracking and managing Adobe licensing.
    • IT and business leaders seeking to better understand Adobe licensing options (Creative Cloud).
    • Vendor management offices in the process of a contract renewal.

    This Research Will Help You:

    • Understand and simplify licensing per product to help optimize spend.
    • Ensure agreement type is aligned to needs.
    • Navigate the purchase process to negotiate from a position of strength.
    • Manage licenses more effectively to avoid compliance issues, audits, and unnecessary purchases.

    This Research Will Also Assist:

    • CFOs and the finance department
    • Enterprise architects
    • ITAM/SAM team
    • Network and IT architects
    • Legal
    • Procurement and sourcing

    This Research Will Help Them:

    • Understand licensing methods in order to make educated and informed decisions.
    • Understand the future of the cloud in your Adobe licensing roadmap.

    Executive summary

    Situation

    • Adobe’s dominant market position and ownership of the creative software market is forcing customers to refocus the software acquisition process to ensure a positive ROI on every license.
    • In early 2017, Adobe announced it would stop selling perpetual Creative Suite 6 products, forcing future purchases to be transitioned to the cloud.

    Complication

    • Adobe operates in its own niche in the creative space, and Adobe users have grown accustomed to their products, making switching very difficult.
    • With transition to a cloud-based subscription model, organizations need to actively manage licenses, software provisioning, and consumption.
    • Without a detailed understanding of Adobe’s various purchasing models, overspending often occurs.
    • Organizations have experienced issues in identifying commercial licensed packages with their install files, making it difficult to track and assign licenses.

    Resolution

    • Gain visibility into license deployments and needs with a strong SAM program/tool; this will go a long way toward optimizing spend.
      • Number of users versus number of installs are not the same, and confusing the two can result in overspending. Device-based licensing historically would have required two licenses, but now only one may be required.
    • Ensure compliance with internal audits. Adobe has a very high rate of piracy stemming from issues such as license overuse, misunderstanding of contract language, using cracks/keygens, virtualized environments, indirect access, and sharing of accounts.
    • A handful of products are still sold as perpetual – Acrobat Standard/Pro, Captivate, ColdFusion, Photoshop, and Premiere Elements – but be aware of what is being purchased and used in the organization.
      • Beware of products deployed on server, where the number of users accessing that product cannot easily be counted.

    Info-Tech Insight

    1. Your user-need analysis has shifted in the new subscription-based model. Determine which products are needed versus nice to have to prevent overspending on the Creative Cloud suite.
    2. Examine what you need, not what you have. You can no longer mix and match applications.
    3. Compliance is not automatic with products that are in the cloud. Shared logins or computers with desktop installs that can be accessed by multiple users can cause noncompliance.

    The aim of this blueprint is to provide a foundational understanding of Adobe

    Why Adobe

    In 2011 Adobe took the strategic but radical move toward converting its legacy on-premises licensing to a cloud-based subscription model, in spite of material pushback from its customer base. While revenues initially dipped, Adobe’s resolve paid off; the transition is mostly complete and revenues have doubled. This was the first enterprise software offering to effect the transition to the cloud in a holistic manner. It now serves as a case study for those following suit, such as Microsoft, Autodesk, and Oracle.

    What to know

    Adobe elected to make this market pivot in a dramatic fashion, foregoing a gradual transition process. Enterprise clients were temporarily allowed to survive on legacy on-premises editions of Adobe software; however, as the Adobe Creative Cloud functionality was quickly enhanced and new applications were launched, customer capitulation to the new subscription model was assured.

    The Future

    Adobe is now leveraging the power of connected customers, the availability of massive data streams, and the ongoing digitalization trend globally to supplement the core Creative Cloud products with online services and analytics in the areas of Creative Cloud for content, Marketing Cloud for marketers, and Document Cloud for document management and workflows. This blueprint focuses on Adobe's Creative Cloud and Document Cloud solutions and the enterprise term license agreement (ETLA).

    Info-Tech Insight

    Beware of your contract being auto-renewed and getting locked into the quantities and product subset that you have in your current agreement. Determining the number of licenses you need is critical. If you overestimate, you're locked in for three years. If you underestimate, you have to pay a big premium in the true-up process.

    Learn the “Adobe way,” whether you are reviewing existing spend or considering the purchase of new products

    1. Legacy on-premises Adobe Creative Suite products used to be available in multiple package configurations, enabling right-sized spend with functionality. Adobe’s support for legacy Creative Suites CS6 products ended in May 2017.
    2. While early ETLAs allowed customer application packaging at a lower price than the full Creative Cloud suite, this practice has been discontinued. Now, the only purchasing options are the full suite or single-application subscriptions.
    3. Buyers must now assess alternative Adobe products as an option for non-power users. For example, QuarkXPress, Corel PaintShop Pro, CorelDRAW, Bloom, and Affinity Designer are possible replacements for some Creative Cloud applications.
    4. Document Cloud, Adobe’s latest step in creating an Acrobat-focused subscription model, limits the ability to reduce costs with an extended upgrade cycle. These changes go beyond the licensing model.
    5. Organizations need to perform a cost-benefit analysis of single app purchases vs. the full suite to right-size spend with functionality.

    As Adobe’s dominance continues to grow, organizations must find new ways to maintain a value-added relationship

    Adobe estimates the total addressable market for creative and document cloud to be $21 billion. With no sign of growth slowing down, Adobe customers must learn how to work within the current design monopoly.

    The image contains two pie graphs. The first is labelled FY2014 Revenue Mix, and the second graph is titled FY2017E Revenue Mix.

    Source: Adobe, 2017

    "Adobe is not only witnessing a steady increase in Creative Cloud subscriptions, but it also gained more visibility into customers’ product usage, which enables it to consistently push out software updates relevant to user needs. The company also successfully transformed its sales organization to support the recurring revenue model."

    – Omid Razavi, Global Head of Success, ServiceNow

    Consider your route forward

    Consider your route forward, as ETLA contract commitments, scope, and mechanisms differ in structure to the perpetual models previously utilized. The new model shortchanges technology procurement leaders in their expectations of cost-usage alignment and opex flexibility (White, 2016).

    ☑ Implement a user profile to assign licenses by version and limit expenditures. Alternatives can include existing legacy perpetual and Acrobat classic versions that may already be owned by the organization.

    ☑ Examine the suitability and/or dependency on Document Cloud functions, such as existing business workflows and e-signature integration.

    ☑ Involve stakeholders in the evaluation of alternate products for use cases where dependency on Acrobat-specific functionality is limited.

    ☑ Identify not just the installs and active use of the applications but also the depth and breadth of use across the various features so that the appropriate products can be selected.

    The image contains a screenshot of a diagram listing the adobe toolkit. The toolkit includes: Adobe ETLA Deployment Forecast Tool, Adobe ETLA Forecasted Cost and Benefits, Adobe ETLA vs. VIP Pricing Table.

    Use Info-Tech’s Adobe toolkit to prepare for your new purchases or contract renewal

    Info-Tech Insight

    IT asset management (ITAM) and software asset management (SAM) are critical! An error made in a true-up can cost the organization for the remaining years of the ETLA. Info-Tech worked with one client that incurred a $600k error in the true-up that they were not able to recoup from Adobe.

    Apply licensing best practices and examine the potential for cost savings through an unbiased third-party perspective

    Establish Licensing Requirements

    • Understand Adobe’s product landscape and transition to cloud.
    • Analyze users and match to correct Adobe SKU.
    • Conduct an internal software assessment.
    • Build an effective licensing position.

    Evaluate Licensing Options

    • Value Incentive Plan (VIP)
    • Cumulative Licensing Program (CLP)
    • Transactional Licensing Program (TLP)
    • Enterprise Term License Agreement (ETLA)

    Evaluate Agreement Options

    • Price
    • Discounts
    • Price protection
    • Terms and conditions

    Purchase and Manage Licenses

    • Learn negotiation tactics to enhance your current strategy.
    • Control the flow of communication.
    • Assign the right people to manage the environment.

    Preventive practices can help find measured value ($)

    Time and resource disruption to business if audited

    Lost estimated synergies in M&A

    Cost of new licensing

    Cost of software audit, penalties, and back support

    Lost resource allocation and time

    Third party, legal/SAM partners

    Cost of poor negotiation tactics

    Lost discount percentage

    Terms and conditions improved

    Explore Adobe licensing and optimize spend – project overview

    Establish Licensing Requirements

    Evaluate Licensing Options

    Evaluate Agreement Options

    Purchase and Manage Licenses

    Best-Practice Toolkit

    • Assess current state and align goals; review business feedback.
    • Interview key stakeholders to define business objectives and drivers.
    • Review licensing options.
    • Review licensing rules.
    • Determine the ideal contract type.
    • Review final contract.
    • Discuss negotiation points.
    • License management.
    • Future licensing strategy.

    Guided Implementations

    • Engage in a scoping call.
    • Assess the current state.
    • Determine licensing position.
    • Review product options.
    • Review licensing rules.
    • Review contract option types.
    • Determine negotiation points.
    • Finalize the contract.
    • Discuss license management.
    • Evaluate and develop a roadmap for future licensing.

    PHASE 1

    Manage Your Adobe Agreements

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Managing Adobe Contracts

    Proposed Time to Completion: 3-6 weeks

    Step 1.1: Establish Licensing Requirements

    Start with a kick-off call:

    • Assess the current state.
    • Determine licensing position.

    Then complete these activities…

    • Complete a deployment count, needs analysis, and internal audit.

    With these tools & templates:

    Adobe ETLA Deployment Forecast

    Step 1.2: Determine Licensing Options

    Review findings with analyst:

    • Review licensing options.
    • Review licensing rules.
    • Review contract option types.

    Then complete these activities…

    • Select licensing option.
    • Document forecasted costs and benefits.

    With these tools & templates:

    Adobe ETLA vs. VIP Pricing Table

    Adobe ETLA Forecasted Costs and Benefits

    Step 1.3: Purchase and Manage Licenses

    Review findings with analyst:

    • Review final contract.
    • Discuss negotiation points.
    • Plan a roadmap for SAM.

    Then complete these activities…

    • Negotiate final contract.
    • Evaluate and develop a roadmap for SAM.

    With these tools & templates:

    Adobe ETLA Deployment Forecast

    Adobe’s Cloud – Snapshot of what has changed

    1. Since Adobe has limited the procurement and licensing options with the introduction of Creative Cloud, there are three main choices:
      1. Direct online purchase at Adobe.com
      2. Value Incentive Plan (VIP): Creative Cloud for teams–based purchase with a volume discount (minimal, usually ~10%); may have some incentives or promotional pricing
      3. Enterprise Term License Agreement (ETLA): Creative Cloud for Enterprise (CCE)
    2. Adobe has discontinued support for legacy perpetual licenses, with the latest version being CS6, which is steering organizations to prioritize their options for products in the creative and document management space.
    3. Document Cloud (DC) is the cloud product replacing the Acrobat perpetual licensing model. DC extends the subscription-based model further and limits options to extend the lifespan of legacy on-premises licenses through a protracted upgrade process.
    4. The subscription model, coupled with limited discount options on transactional purchases, forces enterprises to consider the ETLA option. The ETLA brings with it unique term commitments, new pricing structures, and true-up mechanisms and inserts the "land and expand" model vs. license reassignment.

    Info-Tech Insight

    Adobe’s move from a perpetual license to a per-user subscription model can be positive in some scenarios for organizations that experienced challenges with deployment, management of named users vs. devices, and license tracking.

    Core concepts of Adobe agreements: Discounting, pricing, and bundling

    ETLA

    Adobe has been systematically reducing discounts on ETLAs as they enter the second renewal cycle of the original three-year terms.

    Adobe Cloud Bundling

    Adobe cloud services are being bundled with ETLAs with a mandate that companies that do not accept the services at the proposed cost have Adobe management’s approval to unbundle the deal, generally with no price relief.

    Custom Bundling

    The option for custom bundling of legacy Creative Suite component applications has been removed, effectively raising the price across the board for licensees that require more than two Adobe applications who must now purchase the full Creative Cloud suite.

    Higher and Public Education

    Higher education/public education agreements have been revamped over the past couple of years, increasing prices for campus-wide agreements by double-digit percentages (~10-30%+). While they still receive an 80% discount over list price, IT departments in this industry are not prepared to absorb the budget increase.

    Info-Tech Insight

    Adobe has moved to an all-or-one bundle model. If you need more than two application products, you will likely need to purchase the full Creative Cloud suite. Therefore, it is important to focus on creating accurate user profiles to identify usage needs.

    Use Info-Tech’s Adobe deployment tool for SAM: Track deployment and needs

    The image contains a screenshot of Info-Tech's Adobe deployment tool for SAM: Track deployment and needs.

    Use Info-Tech’s Adobe deployment tool for SAM: Audit

    The image contains a screenshot of the Adobe Deployment Tool for SAM, specifically the Audit tab.

    Use Info-Tech’s Adobe deployment tool for SAM: Cost

    The image contains a screenshot of the Adobe Deployment Tool for SAM, specifically the Cost tab.

    Use Info-Tech’s tools to compare ETLA vs. VIP and to document forecasted costs and benefits

    Is the ETLA or VIP option better for your organization?

    Use Info-Tech’s Adobe ETLA vs. VIP Pricing Table tool to compare ETLA costs against VIP costs.

    The image contains a screenshot of Info-Tech's Adobe ETLA vs. VIP Pricing Table.

    Your ETLA contains multiple products and is a multi-year agreement.

    Use Info-Tech’s ETLA Forecasted Costs and Benefits tool to forecast your ETLA costs and document benefits.

    The image contains a screenshot of Info-Tech's ETLA Forecasted Costs and Benefits.

    Adobe’s Creative Cloud Complete offering provides access to all Adobe creative products and ongoing upgrades

    Why subscription model?

    The subscription model forces customers to an annuity-based pricing model, so Adobe has recurring revenue from a subscription-based product. This increases customer lifetime value (CLTV) for Adobe while providing ongoing functionality updates that are not version/edition dependent.

    Key Characteristics:

    • Available as a month-to-month or annual subscription license
    • Can be purchased for one user, for a team, or for an enterprise
    • Subject to annual payment and true-up of license fees
    • Can only true-up during lifespan of contract; quantities cannot be reduced until renewal
    • May contain auto-renewal clauses – beware!

    Key things to know:

    1. Applications can be purchased individually if users require only one specific product. A few products continue to have on-premises licensing options, but most are offered by per-user subscriptions.
    2. At the end of the subscription period, the organization no longer has any rights to the software and would have to return to a previously owned version.
    3. True-downs are not possible (in contrast to Microsoft’s Office 365).
    4. Downgrade rights are not included or are limited by default.

    Which products are in the Creative Cloud bundle?

    Adobe Acrobat® XI Pro

    Adobe After Effects® CC

    Adobe Audition® CC

    Adobe Digital Publishing Suite, Single Edition

    Adobe InDesign® CC

    Adobe Dreamweaver® CC

    Adobe Edge Animate

    Adobe Edge Code preview

    Adobe Edge Inspect

    Adobe Photoshop CC

    Adobe Edge Reflow preview

    Adobe Edge Web Fonts

    Adobe Extension Manager

    ExtendScript Toolkit

    Adobe Fireworks® CS6

    Adobe Flash® Builder® 4.7 Premium Edition

    Adobe Flash Professional CC

    Adobe Illustrator® CC

    Adobe Prelude® CC

    Adobe Premiere® Pro CC

    Adobe Scout

    Adobe SpeedGrade® CC

    Adobe Muse CC

    Adobe Photoshop Lightroom 6

    Adobe offers different solutions for teams vs. enterprise licensing

    Evaluate the various options for Creative Cloud, as they can be purchased individually, for teams, or for enterprise.

    Bundle Name

    Target Customer

    Included Applications

    Features

    CC (for Individuals)

    Individual users

    The individual chooses

    • Sync, store, and share assets
    • Adobe Portfolio website
    • Adobe Typekit font collection
    • Microsoft Teams integration
    • Can only be purchased through credit card

    CC for Teams (CCT)

    Small to midsize organizations with a small number of Adobe users who are all within the same team

    Depends on your team’s requirements. You can select all applications or specific applications.

    Everything that CC (for individuals) does, plus

    • One license per user; can reassign CC licenses
    • Web-based admin console
    • Centralized deployment
    • Usage tracking and reporting
    • 100GB of storage per user
    • Volume discounts for 10+ seats

    CC for Enterprise (CCE)

    Large organizations with users who regularly use multiple Adobe products on multiple machines

    All applications including Adobe Stock for images and Adobe Enterprise Dashboard for managing user accounts

    Everything that CCT does, plus

    • Employees can activate a second copy of software on another device (e.g. home computer) as long as they share the same Adobe ID and are not used simultaneously
    • Ability to reassign licenses from old users to new users
    • Custom storage options
    • Greater integration with other Adobe products
    • Larger volume discounts with more seats

    For further information on specific functionality differences, reference Adobe’s comparison table.

    A Cloud-ish solution: Considerations and implications for IT organizations

    ☑ True cloud products are typically service-based, scalable and elastic, shared resources, have usage metering, and rely upon internet technologies. Currently, Adobe’s Creative Cloud and Document Cloud products lack these characteristics. In fact, the core products are still downloaded and physically installed on endpoint devices, then anchored to the cloud provisioning system, where the software can be automatically updated and continuously verified for compliance by ensuring the subscription is active.

    ☑ Adobe Cloud allows Adobe to increase end-user productivity by releasing new features and products to market faster, but the customer will increase lock-in to the Adobe product suite. The fast-release approach poses a different challenge for IT departments, as they must prepare to test and support new functionality and ensure compatibility with endpoint devices.

    ☑ There are options at the enterprise level that enable IT to exert more granular control over new feature releases, but these are tied to the ETLA and the provided enterprise portal and are not available on other subscription plans. This is another mechanism by which Adobe has been able to spur ETLA adoption.

    Not all CIOs consider SaaS/subscription applications their first choice, but the Adobe’s dominant position in the content and document management marketplace is forcing the shift regardless. It is significant that Adobe bypassed the typical hybrid transition model by effectively disrupting the ability to continue with perpetual licensing without falling behind the functionality curve.

    VIP plans do allow for annual terms and payment, but you lose the price elasticity that comes with multi-year terms.

    Download Info-Tech’s Adobe ETLA vs. VIP Pricing Table tool to compare ETLA costs against VIP costs.

    When moving to Adobe cloud, validate that license requirements meet organizational needs, not a sales quota

    Follow these steps in your transition to Creative Cloud.

    Step 1: Make sure you have a software asset management (SAM) tool to determine Adobe installs and usage within your environment.

    Step 2: Look at the current Adobe install base and usage. We recommend reviewing three months’ worth of reliable usage data to decide which users should have which licenses going forward.

    Step 3: Understand the changes in Adobe packages for Creative Cloud (CC). Also, take into account that the license types are based on users, not devices.

    Step 4: Identify those users who only need a single license for a single application (e.g. Photoshop, InDesign, Muse).

    Step 5: Identify the users who require CC suites. Look at their usage of previous Adobe suites to get an idea of which CC suite they require. Did they have Design Suite Standard installed but only use one or two elements? This is a good way to ensure you do not overspend on Adobe licenses.

    Source: The ITAM Review

    Download Info-Tech’s Adobe ETLA Deployment Forecast tool to track Adobe installs within your environment and to determine usage needs.

    Acquiring Adobe Software

    Adobe offers four common licensing methods, which are reviewed in detail in the following slides.

    Most common purchasing models

    Points for consideration

    • Value Incentive Plan (VIP)
    • Cumulative Licensing Program (CLP)
    • Transactional Licensing Program (TLP)
    • Enterprise Term License Agreement (ETLA)
    • Adobe, as with many other large software providers, includes special benefits and rights when its products are purchased through volume licensing channels.
    • Businesses should typically refrain from purchasing individual OEM (shrink wrap) licenses or those meant for personal use.
    • Purchase record history is available online, making it easier for your organization to manage entitlements in the case of an audit.

    "Customers are not even obliged to manage all the licenses themselves. The reseller partners have access to the cloud console and can manage licenses on behalf of their customers. Even better, they can seize cross and upsell opportunities and provide good insight into the environment. Additionally, Adobe itself provides optimization services."

    B-lay

    CLP and TLP

    The CLP and TLP are transactional agreements generally used for the purchase of perpetual licenses. For example, they could be used for making Acrobat purchases if Creative Suite products are purchased on the ETLA.

    The image contains a screenshot of a table comparing CLP and TLP.

    Source: “Adobe Buying Programs Comparison Guide for Commercial and Government Organizations”

    VIP and ETLA

    The Value Incentive Plan is aimed at small- to medium-sized organizations with no minimum quantity required. However, there is limited flexibility to reduce licenses and limited price protection for future purchases. The ETLA is aimed at large organizations who wish to have new functionality as it comes out, license management portal, services, and security/IT control aspects.

    The image contains a screenshot of a table comparing VIP and ETLA.

    Source: “Adobe Buying Programs Comparison Guide for Commercial and Government Organizations”

    ETLA commitments risk creating “shelfware-as-a-service”

    The Adobe ETLA’s rigid contract parameters, true-up process, and unique deployment/provisioning mechanisms give technology/IT procurement leaders fewer options to maximize cost-usage alignment and to streamline opex costs.

    ☑ No ETLA price book is publicly published; pricing is controlled by the Adobe enterprise sales team.

    ☑ Adobe's retail pricing is a good starting point for negotiating discounted pricing.

    ☑ ETLA commitments are usually for three years, and the lack of a true-down option increases the risk involved in overbuying licenses should the organization encounter a business downturn or adverse event.

    ☑ Pricing discounts are the highest at the initial ETLA signing for the upfront volume commitment. The true-up pricing is discounted from retail but still higher than the signing cost per license.

    ☑ Technical support is included in the ETLA.

    ☑ While purchases typically go through value-added resellers (VARs), procurement can negotiate directly with Adobe.

    "For cloud products, it is less complex when it comes to purchasing and pricing. If larger quantities are purchased on a longer term, the discount may reach up to 15%. As soon as you enroll in the VIP program, you can control all your licenses from an ‘admin console’. Any updates or new functionalities are included in the original price. When the licenses expire, you may choose to renew your subscriptions or remove them. Partial renewal is also accepted. Of course, you can also re-negotiate your price if more subscriptions are added to your console."

    B-lay

    ETLA recommendations

    1. Assess the end-user requirements with a high degree of scrutiny. Perform an analysis that matches the licensee with the correct Adobe product SKU to reduce the risk of overspending.
    • Leverage metering data that identifies actual usage and lack thereof, match to user profile functional requirements, and then determine end users’ actual license requirements.
  • Build in time to evaluate alternative products where possible and position the organization to leverage a Plan B vendor to replace or mitigate growth on the Adobe platform. Re-evaluate options well in advance of the ETLA renewal.
  • Secure price protection through negotiating a price cap or an extended ETLA term beyond the standard three-year term. Short of obtaining an escalation cap, which Adobe is strongly resisting, build in price increases for the ETLA renewal years.
    • Demand price transparency and granularity in the proposal process.
    • Validate that volume discounts are appropriate and show through to the true-up line item pricing.
  • Negotiate a true-down mechanism upfront with Adobe if usage decline is inevitable or expected due to a merger or acquisition, divestiture, or material restructuring event.
  • INFO-TECH TIP: For further guidance on ETLAs and pricing, contact your Info-Tech representative to set up a call with an analyst.

    Use Info-Tech’s Adobe ETLA Deployment Forecast tool to match licensees with Adobe product SKUs.

    Prepare for Adobe’s true-up process

    How the true-up process works

    When adding a license, the true-up price will be prorated to 50% of the license cost for previous year’s usage plus 100% of the license cost for the next year. This back-charging adds up to 150% of the overall true-up license cost. In some rare cases, Adobe has provided an “unlimited” quantity for certain SKUs; these Unlimited ETLAs generally align with FTE counts and limit FTE increases to about 5%. Procurement must monitor and work with SAM/ITAM and stakeholder groups to restrain unnecessary growth during the term of an Unlimited ETLA to avoid the risk of cost escalation at renewal time.

    Higher-education specific

    Higher-education clients can license under the ETLA based on a prescribed number of user and classroom/lab devices and/or on a FTE basis. In these cases, the combination of Creative Cloud and Acrobat Pro volume must equal the FTE total, creating an enterprise footprint. FTE calculations establish the full-time faculty plus one-third of part-time faculty plus one-half of part-time staff.

    Info-Tech Insight

    Compliance takes a different form in terms of the ETLA true-up process. The completion of Adobe's transition to cloud-based licensing and verification has improved compliance rates via phone home telemetry such that pirated software is less available and more easily detected. Adobe has actually decommissioned its audit arm in the Americas and EMEA.

    Audits and software asset management with Adobe

    Watch out for:

    • Virtual desktops, freeware, and test and trial licenses
    • Adobe products that may be bundled into a suite; a manual check will be needed to ensure the suite isn’t recognized as a standalone license
    • Pirated licenses with a “crack” built into the software

    Simplify your process – from start to finish – with these steps:

    Determine License Entitlements

    Obtain documentation from internal records and Adobe to track licenses and upgrades to determine what licenses you own and have the right to use.

    Gather Deployment Information

    Leverage a software asset management tool or process to determine what software is deployed and what is/is not being used.

    Determine Effective License Position

    Compare license entitlements with deployment data to uncover surpluses and deficits in licensing. Look for opportunities.

    Plan Changes to License Position

    Meet with IT stakeholders to discuss the enterprise license program (ELP), short- and long-term project plans, and budget allocation. Plan and document licensing requirements.

    Adobe Genuine Software Integrity Service

    • This service was started in 2014 to combat non-genuine software sold by non-authorized resellers.
    • The service works hand in hand with the cloud movement to reduce piracy.
    • Every Adobe product now contains an executable file that will scan your machine for non-genuine software.
    • If non-genuine software is detected, the user will be notified and directed to the official Adobe website for next steps.

    Detailed list of Adobe licensing contract types

    The table below describes Adobe contract types beyond the four typical purchasing models explained in the previous slides:

    Option

    What is it?

    What’s included?

    For

    Term

    CLP (Cumulative Licensing Program)

    10,000 plus points, support and maintenance optional

    Select Adobe perpetual desktop products

    Business

    2 years

    EA (Adobe Enterprise Agreement)

    100 licenses plus maintenance and support for eligible Adobe products

    All applications

    100+ users requirement

    3 years

    EEA (Adobe Enterprise Education Agreement)

    Creative Cloud enterprise agreement for education establishments

    Creative Cloud applications without services

    Education

    1 or 2 years

    ETLA (Enterprise Term License Agreement)

    Licensing program designed for Adobe’s top commercial, government, and education customers

    All Creative Cloud applications

    Large enterprise companies

    3 years

    K-12 – Enterprise Agreement

    Enterprise agreement for primary and secondary schools

    Creative Cloud applications without services

    Education

    1 year

    K-12 – School Site License

    Allows a school to install a Creative Cloud on up to 500 school-owned computers regardless of school size

    Creative Cloud applications without services

    Education

    1 year

    TLP (Transactional Licensing Program)

    Agreement for SMBs that want volume licensing bonuses

    Perpetual desktop products only

    Aimed at SMBs, but Enterprise customers can use the TLP for smaller requirements

    N/A

    Upgrade Plan

    Insurance program for software purchased under a perpetual license program such as CLP or TLP for Creative Cloud upgrade

    Dependent on the existing perpetual estate

    Anyone

    N/A

    VIP (Value Incentive Plan)

    VIP allows customers to purchase, deploy, and manage software through a term-based subscription license model

    Creative Cloud of teams

    Business, government, and education

    Insight breakdown

    Insight 1

    Adobe operates in its own niche in the creative space, and Adobe users have grown accustomed to their products, making switching very difficult.

    Insight 2

    Adobe has transitioned the vast majority of its software offerings to the cloud-based subscription model. Active management of licenses, software provisioning, and consumption of cloud services is now an ongoing job.

    Insight 3

    With the vendor lock-in process nearly complete via the transition to a SaaS subscription model, Adobe is raising prices on an annual basis. Advance planning and strategic use of the ETLA is key to avoid budget-breaking surprises.

    Summary of accomplishment

    Knowledge Gained

    • The key pieces of licensing information that should be gathered about the current state of your own organization.
    • An in-depth understanding of the required licenses across all of your products.
    • Clear methodology for selecting the most effective contract type.
    • Development of measurable, relevant metrics to help track future project success and identify areas of strength and weakness within your licensing program.

    Processes Optimized

    • Understanding of the importance of licensing in relation to business objectives.
    • Understanding of the various licensing considerations that need to be made.
    • Contract negotiation.

    Deliverables Completed

    • Adobe ETLA Deployment Forecast
    • Adobe ETLA Forecasted Cost and Benefits
    • Adobe ETLA vs. VIP Pricing Table

    Related Info-Tech Research

    Take Control of Microsoft Licensing and Optimize Spend

    Create an Effective Plan to Implement IT Asset Management

    Establish an Effective System of Internal IT Controls to Mitigate Risks

    Optimize Software Asset Management

    Take Control of Compliance Improvement to Conquer Every Audit

    Cut PCI Compliance and Audit Costs in Half

    Bibliography

    “Adobe Buying Programs: At-a-glance comparison guide for Commercial and government organizations.” Adobe Systems Incorporated, 2014. Web. 1 Feb. 2018.

    “Adobe Buying Programs Comparison Guide for Commercial and Government Organizations.” Adobe Systems Incorporated, 2018. Web.

    “Adobe Buying Programs Comparison Guide for Education.” Adobe Systems Incorporated, 2018. Web. 1 Feb 2018.

    “Adobe Education Enterprise Agreement: Give your school access to the latest industry-leading creative tools.” Adobe Systems Incorporated, 2014. Web. 1 Feb. 2018.

    “Adobe Enterprise Term License Agreement for commercial and government organizations.” Adobe Systems Incorporated, 2016. Web. 1 Feb. 2018.

    Adobe Investor Presentation – October 2017. Adobe Systems Incorporated, 2017. Web. 1 Feb. 2018.

    Cabral, Amanda. “Students react to end of UConn-Adobe contract.” The Daily Campus (Uconn), 5 April 2017. Web. 1 Feb. 2018.

    de Veer, Patrick and Alecsandra Vintilescu. “Quick Guide to Adobe Licensing.” B-lay, Web. 1 Feb. 2018.

    “Find the best program for your organization.” Adobe, Web. 1 Feb 2018.

    Foxen, David. “Adobe Upgrade Simplified.” Snow Software, 7 Oct. 2016. Web.

    Frazer, Bryant. “Adobe Stops Reporting Subscription Figures for Creative Cloud.” Studio Daily. Access Intelligence, LLC. 17 March 2016. Web.

    “Give your students the power to create bright futures.” Adobe, Web. 1 Feb 2018.

    Jones, Noah. “Adobe changes subscription prices, colleges forced to pay more.” BG Falcon Media. Bowling Green State University, 18 Feb. 2015. Web. 1 Feb. 2018.

    Mansfield, Adam. “Is Your Organization Prepared for Adobe’s Enterprise Term License Agreements (ETLA)?” UpperEdge,30 April 2013. Web. 1 Feb. 2018.

    Murray, Corey. “6 Things Every School Should Know About Adobe’s Move to Creative Cloud.” EdTech: Focus on K-12. CDW LLC, 10 June 2013. Web.

    “Navigating an Adobe Software Audit: Tips for Emerging Unscathed.” Nitro, Web. 1 Feb. 2018.

    Razavi, Omid. “Challenges of Traditional Software Companies Transitioning to SaaS.” Sand Hill, 12 May 2015. Web. 1 Feb. 2018.

    Rivard, Ry. “Confusion in the Cloud.” Inside Higher Ed. 22 May 2013. Web. 1 Feb. 2018.

    Sharwood, Simon. “Adobe stops software licence audits in Americas, Europe.” The Register. Situation Publishing. 12 Aug. 2016. Web. 1 Feb. 2018.

    “Software Licensing Challenges Faced In The Cloud: How Can The Cloud Benefit You?” The ITAM Review. Enterprise Opinions Limited. 20 Nov. 2015. Web.

    White, Stephen. “Understanding the Impacts of Adobe’s Cloud Strategy and Subscriptions Before Negotiating an ETLA.” Gartner, 22 Feb. 2016. Web.

    Create a Buyer Persona and Journey

    • Buy Link or Shortcode: {j2store}558|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Contacts fail to convert to leads because messaging fails to resonate with buyers.
    • Products fail to reach targets given shallow understanding of buyer needs.
    • Sellers' emails go unopened and attempts at discovery fail due to no understanding of buyer challenges, pain points, and needs.

    Our Advice

    Critical Insight

    • Marketing leaders in possession of well-researched and up-to-date buyer personas and journeys dramatically improve product market fit, lead gen, and sales results.
    • Success starts with product, marketing, and sales alignment on targeted personas.
    • Speed to deploy is enabled via initial buyer persona attribute discovery internally.
    • However, ultimate success requires buyer interviews, especially for the buyer journey.
    • Leading marketers update journey maps every six months as disruptive events such as COVID-19 and new media and tech platform advancements require continual innovation.

    Impact and Result

    • Reduce time and treasure wasted chasing the wrong prospects.
    • Improve product-market fit.
    • Increase open and click-through rates in your lead gen engine.
    • Perform more effective sales discovery and increase eventual win rates.

    Create a Buyer Persona and Journey Research & Tools

    Start here – read the Executive Brief

    Our Executive Brief summarizes the challenges faced when buyer persona and journeys are ill-defined. It describes the attributes of, and the benefits that accrue from, a well-defined persona and journey and the key steps to take to achieve success.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Drive an aligned initial draft of buyer persona

    Define and align your team on target persona, outline steps to capture and document a robust buyer persona and journey, and capture current team buyer knowledge.

    • Buyer Persona Creation Template
    • Buyer Persona and Journey Interview Guide and Data Capture Tool

    2. Interview buyers and validate persona and journey

    Hold initial buyer interviews, test initial results, and continue with interviews.

    3. Prepare communications and educate stakeholders

    Consolidate interview findings, present to product, marketing, and sales teams. Work with them to apply to product design, marketing launch/campaigning, and sales and customer success enablement.

    • Buyer Persona and Journey Summary Template
    [infographic]

    Workshop: Create a Buyer Persona and Journey

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Align Team, Identify Persona, and Document Current Knowledge

    The Purpose

    Organize, drive alignment on target persona, and capture initial views.

    Key Benefits Achieved

    Steering committee and project team roles and responsibilities clarified.

    Product, marketing, and sales aligned on target persona.

    Build initial team understanding of persona.

    Activities

    1.1 Outline a vision for buyer persona and journey creation and identify stakeholders.

    1.2 Identify buyer persona choices and settle on an initial target.

    1.3 Document team knowledge about buyer persona (and journey where possible).

    Outputs

    Documented steering committee and working team

    Executive Brief on personas and journey

    Personas and initial targets

    Documented team knowledge

    2 Validate Initial Work and Identify Buyer Interviewees

    The Purpose

    Build list of buyer interviewees, finalize interview guide, and validate current findings with analyst input.

    Key Benefits Achieved

    Interview efficiently using 75-question interview guide.

    Gain analyst help in persona validation, reducing workload.

    Activities

    2.1 Share initial insights with covering industry analyst.

    2.2 Hear from industry analyst their perspectives on the buyer persona attributes.

    2.3 Reconcile differences; update “current understanding.”

    2.4 Identify interviewee types by segment, region, etc.

    Outputs

    Analyst-validated initial findings

    Target interviewee types

    3 Schedule and Hold Buyer Interviews

    The Purpose

    Validate current persona hypothesis and flush out those attributes only derived from interviews.

    Key Benefits Achieved

    Get to a critical mass of persona and journey understanding quickly.

    Activities

    3.1 Identify actual list of 15-20 interviewees.

    3.2 Hold interviews and use interview guides over the course of weeks.

    3.3 Hold review session after initial 3-4 interviews to make adjustments.

    3.4 Complete interviews.

    Outputs

    List of interviewees; calls scheduled

    Initial review – “are you going in the right direction?”

    Completed interviews

    4 Summarize Findings and Provide Actionable Guidance to Colleagues

    The Purpose

    Summarize persona and journey attributes and provide activation guidance to team.

    Key Benefits Achieved

    Understanding of product market fit requirements, messaging, and marketing, and sales asset content.

    Activities

    4.1 Summarize findings.

    4.2 Create action items for supporting team, e.g. messaging, touch points, media spend, assets.

    4.3 Convene steering committee/executives and working team for final review.

    4.4 Schedule meetings with colleagues to action results.

    Outputs

    Complete findings

    Action items for team members

    Plan for activation

    5 Measure Impact and Results

    The Purpose

    Measure results, adjust, and improve.

    Key Benefits Achieved

    Activation of outcomes; measured results.

    Activities

    5.1 Review final copy, assets, launch/campaign plans, etc.

    5.2 Develop/review implementation plan.

    5.3 Reconvene team to review results.

    Outputs

    Activation review

    List of suggested next steps

    Further reading

    Create a Buyer Persona and Journey

    Make it easier to market, sell, and achieve product-market fit with deeper buyer understanding.

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    B2B marketers without documented personas and journeys often experience the following:

    • Contacts fail to convert to leads because messaging fails to resonate with buyers.
    • Products fail to reach targets given shallow understanding of buyer needs.
    • Sellers’ emails go unopened, and attempts at discovery fail due to no understanding of buyer challenges, pain points, and needs.

    Without a deeper understanding of buyer needs and how they buy, B2B marketers will waste time and precious resources targeting the incorrect personas.

    Common Obstacles

    Despite being critical elements, organizations struggle to build personas due to:

    • A lack of alignment and collaboration among marketing, product, and sales.
    • An internal focus; or a lack of true customer centricity.
    • A lack of tools and techniques for building personas and buyer journeys.

    In today’s Agile development environment, combined with the pressure to generate revenues quickly, high tech marketers often skip the steps necessary to go deeper to build buyer understanding.

    SoftwareReviews’ Approach

    With a common framework and target output, clients will:

    • Align marketing, sales, and product, and collaborate together to share current knowledge on buyer personas and journeys.
    • Target 12-15 customers and prospects to interview and validate insights. Share that with customer-facing staff.
    • Activate the insights for more customer-centric lead generation, product development, and selling.

    Clients who activate findings from buyer personas and journeys will see a 50% results improvement.

    SoftwareReviews Insight:
    Buyer personas and buyer journeys are essential ingredients in go-to-market success, as they inform for product, marketing, sales, and customer success who we are targeting and how to engage with them successfully.

    Buyer personas and journeys: A go-to-market critical success factor

    Marketers – large and small – will fail to optimize product-market fit, lead generation, and sales effectiveness without well-defined buyer personas and a buyer journey.

    Critical Success Factors of a Successful G2M Strategy:

    • Opportunity size and business case
    • Buyer personas and journey
    • Competitively differentiated product hypothesis
    • Buyer-validated commercial concept
    • Sales revenue plan and program cost budget
    • Consolidated communications to steering committee

    Jeff Golterman, Managing Director, SoftwareReviews Advisory

    “44% of B2B marketers have already discovered the power of Personas.”
    – Hasse Jansen, Boardview.io!, 2016

    Documenting buyer personas enables success beyond marketing

    Documenting buyer personas has several essential benefits to marketing, sales, and product teams:

    • Achieve a better understanding of your target buyer – by building a detailed buyer persona for each type of buyer and keeping it fresh, you take a giant step toward becoming a customer-centric organization.
    • Team alignment on a common definition – will happen when you build buyer personas collaboratively and among those teams that touch the customer.
    • Improved lead generation – increases dramatically when messaging and marketing assets across your lead generation engine better resonate with buyers because you have taken the time to understand them deeply.
    • More effective selling – is possible when sellers apply persona development output to their interactions with prospects and customers.
    • Better product-market fit – increases when product teams more deeply understand for whom they are designing products. Documenting buyer challenges, pain points, and unmet needs gives product teams what they need to optimize product adoption.

    “It’s easier buying gifts for your best friend or partner than it is for a stranger, right? You know their likes and dislikes, you know the kind of gifts they’ll have use for, or the kinds of gifts they’ll get a kick out of. Customer personas work the same way, by knowing what your customer wants and needs, you can present them with content targeted specifically to their wants and needs.”
    – Emma Bilardi, Product Marketing Alliance, 2020

    Buyer understanding activates just about everything

    Without the deep buyer insights that persona and journey capture enables, marketers are suboptimized.

    Buyer Persona and Journey

    • Product design
    • Customer targeting
    • Personalization
    • Messaging
    • Content marketing
    • Lead gen & scoring
    • Sales Effectiveness
    • Customer retention

    “Marketing eutopia is striking the all-critical sweet spot that adds real value and makes customers feel recognized and appreciated, while not going so far as to appear ‘big brother’. To do this, you need a deep understanding of your audience coming from a range of different data sets and the capability to extract meaning.”
    – Plexure, 2020

    Does your organization need buyer persona and journey updating?

    “Yes,” if experiencing one or more key challenges:

    • Sales time is wasted on unqualified leads
    • Website abandon rates are high
    • Lead gen engine click-through rates are low
    • Ideal customer profile is ill defined
    • Marketing asset downloads are low
    • Seller discovery with prospects is ineffective
    • Sales win/loss rates drop due to poor product-market fit
    • Higher than desired customer churn

    SoftwareReviews Advisory Insight:
    Marketers developing buyer personas and journeys that lack agreement among Marketing, Sales, and Product of personas to target will squander precious time and resources throughout the customer targeting and acquisition process.

    Outcomes and benefits

    Building your buyer persona and journey using our methodology will enable:

    • Greater stakeholder alignment – when marketing, product, and sales agree on personas, less time is wasted on targeting alternate personas.
    • Improved product-market fit – when buyers see both pain-relieving features and value-based pricing, “because you asked vs. guessed,” win rates increase.
    • Greater open and click-through rates – because you understood buyer pain points and motivations for solution seeking, you’ll see higher visits and engagement with your lead gen engine, and because you asked “what asset types do you find most helpful” your CTAs become ”lead-gen magnets” because you’ve offered the right asset types in your content marketing strategy.
    • More qualified leads – because you defined a more accurate ideal customer profile (ICP) and your lead scoring algorithm has improved, sellers see more qualified leads.
    • Increased sales cycle velocity – since you learned from personas their content and engagement preferences and what collateral types they need during the down-funnel sales discussions, sales calls are more productive and sales cycles shrink.

    Our methodology for buyer persona and journey creation

    1. Document Team Knowledge of Buyer Persona and Drive Alignment 2. Interview Target Buyer Prospects and Customers 3. Create Outputs and Apply to Marketing, Sales, and Product
    Phase Steps
    1. Outline a vision for buyer persona and journey creation and identify stakeholders.
    2. Pull stakeholders together, identify initial buyer persona, and begin to document team knowledge about buyer persona (and journey where possible).
    3. Validate with industry and marketing analyst’s initial buyer persona, and identify list of buyer interviewees.
    1. Hold interviews and document and share findings.
    2. Validate initial drafts of buyer persona and create initial documented buyer journey. Review findings among key stakeholders, steering committee, and supporting analysts.
    3. Complete remaining interviews.
    1. Summarize findings.
    2. Convene steering committee/exec. and working team for final review.
    3. Communicate to key stakeholders in product, marketing, sales, and customer success for activation.
    Phase Outcomes
    1. Steering committee and team selection
    2. Team insights about buyer persona documented
    3. Buyer persona validation with industry and marketing analysts
    4. Sales, marketing, and product alignment
    1. Interview guide
    2. Target interviewee list
    3. Buyer-validated buyer persona
    4. Buyer journey documented with asset types, channels, and “how buyers buy” fully documented
    1. Education deck on buyer persona and journey ready for use with all stakeholders: product, field marketing, sales, executives, customer success, partners
    2. Activation will update product-market fit, optimize lead gen, and improve sales effectiveness

    Our approach provides interview guides and templates to help rebuild buyer persona

    Our methodology will enable you to align your team on why it’s important to capture the most important attributes of buyer persona including:

    • Functional – helps you find and locate your target personas
    • Emotive – deepens team understanding of buyer initiatives, motivations for seeking alternatives, challenges they face, pain points for your offerings to address, and terminology that describes the “space”
    • Solution – enables greater product market fit
    • Behavioral – clarifies how to communicate with personas and understand their content preferences
    Functional – “to find them”
    Job Role Title Org. Chart Dynamics Buying Center Firmographics
    Emotive – “what they do and jobs to be done”
    Initiatives: What programs/projects the persona is tasked with and their feelings and aspirations about these initiatives. Motivations? Build credibility? Get promoted? Challenges: Identify the business issues, problems, and pain points that impede attainment of objectives. What are their fears, uncertainties, and doubts about these challenges? Buyer Need: They may have multiple needs; which need is most likely met with the offering? Terminology: What are the keywords/phrases they organically use to discuss the buyer need or business issue?
    Decision Criteria – “how they decide”
    Buyer Role: List decision-making criteria and power level. The five common buyer roles are champion, influencer, decision maker, user, and ratifier (purchaser/negotiator). Evaluation and Decision Criteria: Which lens – strategic, financial, or operational – does the persona evaluate the impact of purchase through?
    Solution Attributes – “what does the ideal solution look like”
    Steps in “Jobs to Be Done” Elements of the “Ideal Solution” Business outcomes from ideal solution Opportunity scope; other potential users Acceptable price for value delivered Alternatives that see consideration Solution sourcing: channel, where to buy
    Behavioral Attributes – “how to approach them successfully”
    Content Preferences: List the persona’s content preferences – blog, infographic, demo, video – vs. long-form assets (e.g. white paper, presentation, analyst report). Interaction Preferences: Which are preferred among in-person meetings, phone calls, emails, videoconferencing, conducting research via Web, mobile, and social? Watering Holes: Which physical or virtual places do they go to network or exchange info with peers (e.g. LinkedIn)?

    Buyer journeys are constantly shifting

    If you didn’t remap buyer journeys in 2021, you may be losing to competitors that did. Leaders remap buyer journey frequently.

    • The multi-channel buyer journey is constantly changing. Today’s B2B buyer uses industry research sites, vendor content marketing assets, software reviews sites, contacts with vendor salespeople, events participation, peer networking, consultants, emails, social media sites, and electronic media to research purchasing decisions.
    • COVID-19 has dramatically decreased face-to-face interaction. We estimate a B2B buyer spent 20-25% more time online in 2021 than pre-COVID-19 researching software buying decisions. This has diminished the importance of face-to-face selling and given dramatic rise to digital selling and outbound marketing.
    • Content marketing has exploded, but without mapping the buyer journey and knowing where – by channel –and when – by buyer journey step – to offer content marketing assets, we will fail to convert prospects into buyers.

    “~2/3 of [B2B] buyers prefer remote human interactions or digital self-service.” And during Aug. ‘20 to Feb. ‘21, use of digital self-service to interact with sales reps leapt by more than 10% for both researching and evaluating new suppliers.”
    – Liz Harrison, Dennis Spillecke, Jennifer Stanley, and Jenny Tsai McKinsey & Company, 2021

    SoftwareReviews Advisory Insight:
    Marketers are advised to update their buyer journey annually and with greater frequency when the human vs. digital mix is affected due to events such as COVID-19 and as emerging media such as AR shifts asset-type usage and engagement options.

    Our approach helps you define the buyer journey

    Because marketing leaders need to reach buyers through the right channel with the right message at the right time during their decision cycle, you’ll benefit by using questionnaires that enable you to build the below easily and quickly.

    You’ll be more successful by following our overall guidance

    Overarching insight

    Buyer personas and buyer journeys are essential ingredients in go-to-market success, as they inform for product, marketing, sales, and customer success who we are targeting and how to engage with them successfully.

    Align Your Team

    Marketers developing buyer personas and journeys that lack agreement among Marketing, Sales, and Product of personas to target will squander precious time and resources throughout the customer targeting and acquisition process.

    Jump-Start Persona Development

    Marketing leaders leverage the buyer persona knowledge not only from in-house experts in areas such as sales and executives but from analysts that speak with their buyers each and every day.

    Buyer Interviews Are a Must

    While leaders will get a fast start by interviewing sellers, executives, and analysts, you will fail to craft the right messages, build the right marketing assets, and design the best buyer journey if you skip buyer interviews.

    Watch for Disruption

    Leaders will update their buyer journey annually and with greater frequency when the human vs. digital mix is effected due to events such as COVID-19 and as emerging media such as AR and VR shifts the way buyers engage.

    Advanced Buyer Journey Discovery

    Digital marketers that ramp up lead gen engine capabilities to capture “wins” and measure engagement back through the lead gen and nurturing engines will build a more data-driven view of the buyer journey. Target to build this advanced capability in your initial design.

    Tools and templates to speed your success

    This blueprint is accompanied by supporting deliverables to help you gather team insights, interview customers and prospects, and summarize results for ease in communications.

    To support your buyer persona and journey creation, we’ve created the enclosed tools

    Buyer Persona Creation Template

    A PowerPoint template to aid the capture and summarizing of your team’s insights on the buyer persona.

    Buyer Persona and Journey Interview Guide and Data Capture Tool

    For interviewing customers and prospects, this tool is designed to help you interview personas and summarize results for up to 15 interviewees.

    Buyer Persona and Journey Summary Template

    A PowerPoint template into which you can drop your buyer persona and journey interviewees list and summary findings.

    SoftwareReviews offers two levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    The "do-it-yourself" step-by-step instructions begin with Phase 1.

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    A Guided Implementation is a series of analysts inquiries with you and your team.

    Diagnostics and consistent frameworks are used throughout each option.

    Guided Implementation

    A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization.

    For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst.

    Your engagement managers will work with you to schedule analyst calls.

    What does our GI on buyer persona and journey mapping look like?

    Drive an Aligned Initial Draft of Buyer Persona

    • Call #1: Collaborate on vision for buyer persona and the buyer journey. Review templates and sample outputs. Identify your team.
    • Call #2: Review work in progress on capturing working team knowledge of buyer persona elements.
    • Call #3: (Optional) Review Info-Tech’s research-sourced persona insights.
    • Call #4: Validate the persona WIP with Info-Tech analysts. Review buyer interview approach and target list.

    Interview Buyers and Validate Persona and Journey

    • Call #5: Revise/review interview guide and final interviewee list; schedule interviews.
    • Call #6: Review interim interview finds; adjust interview guide.
    • Call #7: Use interview findings to validate/update persona and build journey map.
    • Call #8: Add supporting analysts to final stakeholder review.

    Prepare Communications and Educate Stakeholders

    • Call #9: Review output templates completed with final persona and journey findings.
    • Call #10: Add supporting analysts to stakeholder education meetings for support and help with addressing questions/issues.

    Workshop overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    Day1 Day 2 Day 3 Day 4 Day 5
    Align Team, Identify Persona, and Document Current Knowledge Validate Initial Work and Identify Buyer Interviewees Schedule and Hold Buyer interviews Summarize Findings and Provide Actionable Guidance to Colleagues Measure Impact and Results
    Activities

    1.1 Outline a vision for buyer persona and journey creation and identify stakeholders.

    1.2 Identify buyer persona choices and settle on an initial target.

    1.3 Document team knowledge about buyer persona (and journey where possible).

    2.1 Share initial insights with covering industry analyst.

    2.2 Hear from industry analyst their perspectives on the buyer persona attributes.

    2.3 Reconcile differences; update “current understanding.”

    2.4 Identify interviewee types by segment, region, etc.

    3.1 Identify actual list of 15-20 interviewees.

    A gap of up to a week for scheduling of interviews.

    3.2 Hold interviews and use interview guides (over the course of weeks).

    3.3 Hold review session after initial 3-4 interviews to make adjustments.

    3.4 Complete interviews.

    4.1 Summarize findings.

    4.2 Create action items for supporting team, e.g. messaging, touch points, media spend, assets.

    4.3 Convene steering committee/exec. and working team for final review.

    4.4 Schedule meetings with colleagues to action results.

    5.1 Review final copy, assets, launch/campaign plans, etc.

    5.2 Develop/review implementation plan.

    A period of weeks will likely intervene to execute and gather results.

    5.3 Reconvene team to review results.

    Deliverables
    1. Documented steering committee and working team
    2. Executive Brief on personas and journey
    3. Personas and initial targets
    4. Documented team knowledge
    1. Analyst-validated initial findings
    2. Target interviewee types
    1. List of interviewees; calls scheduled
    2. Initial review – “are we going in the right direction?”
    3. Completed interviews
    1. Complete findings
    2. Action items for team members
    3. Plan for activation
    1. Activation review
    2. List of suggested next steps

    Phase 1
    Drive an Aligned Initial Draft of Buyer Persona

    This Phase walks you through the following activities:

    • Develop an understanding of what comprises a buyer persona and journey, including their importance to overall go-to-market strategy and execution.
    • Sample outputs.

    This Phase involves the following stakeholders:

    • Program leadership
    • Product Marketing
    • Product Management
    • Representative(s) from Sales
    • Executive Leadership

    1.1 Establish the team and align on shared vision

    Input

    • Typically a joint recognition that buyer personas have not been fully documented.
    • Identify working team members/participants (see below), and an executive sponsor.

    Output

    • Communication of team members involved and the make-up of steering committee and working team
    • Alignment of team members on a shared vision of “Why Build Buyer Personas and Journey” and what key attributes define both.

    Materials

    • N/A

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • CMO/Sponsoring Executive Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • SoftwareReviews marketing analyst

    60 minutes

    1. Schedule inquiry with working team members and walk the team through the Buyer Persona and Journey Executive Brief PowerPoint presentation.
    2. Optional: Have the (SoftwareReviews Advisory) SRA analyst walk the team through the Buyer Persona and Journey Executive Brief PowerPoint presentation as part of your session.

    Review the Create a Buyer Persona Executive Brief (Slides 3-14)

    1.2 Document team knowledge of buyer persona

    Input

    • Working team member knowledge

    Output

    • Initial draft of your buyer persona

    Materials

    • Buyer Persona Creation Template

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • CMO/Sponsoring Executive (optional)
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    2-3 sessions of 60 minutes each

    1. Schedule meeting with working team members and, using the Buyer Persona Template, lead the team in a discussion that documents current team knowledge of the target buyer persona.
    2. Lead the team to prioritize an initial, single, most important persona and to collaborate to complete the template (and later, the buyer journey). Once the team learns the process for working on the initial persona, the development of additional personas will become more efficient.
    3. Place the PowerPoint template in a shared drive for team collaboration. Expect to schedule several 60-minute meets. Quicken collaboration by encouraging team to “do their homework” by sharing persona knowledge within the shared drive version of the template. Your goal is to get to an initial agreed upon version that can be shared for additional validation with industry analyst(s) in the next step.

    Download the Buyer Persona Creation Template

    1.3 Validate with industry analysts

    Input

    • Identify gaps in persona from previous steps

    Output

    • Further validated buyer persona

    Materials

    • Bring your Buyer Persona Creation Template to the meeting to share with analysts

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • CMO/Sponsoring Executive (Optional)
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • Info-Tech analyst covering your product category and SoftwareReviews marketing analyst

    30 minutes

    1. Schedule meeting with working team members and discuss which persona areas require further validation from an Info-Tech analyst who has worked closely with those buyers within your persona.

    60 minutes

    1. Schedule an inquiry with the appropriate Info-Tech analyst and SoftwareReviews Advisory analyst to share current findings and see:
      1. Info-Tech analyst provide content feedback given what they know about your target persona and product category.
      2. SoftwareReviews Advisory analyst provide feedback on persona approach and to coach any gaps or important omissions.
    2. Tabulate results and update your persona summary. At this point you will likely require additional validation through interviews with customers and prospects.

    1.4 Identify interviewees and prepare for interviews

    Input

    • Identify segments within which you require persona knowledge
    • Understand your persona insight gaps

    Output

    • List of interviewees

    Materials

    • Interviewee recording template on following slide
    • Interview guide questions found within the Buyer Persona and Journey Interview Guide and data Capture Tool

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    1-2 weeks

    1. Identify the types of customers and prospects that will best represent your target persona. Choose interviewees that when interviewed will inform key differences among key segments (geographies, company size, mix of customers and prospects, etc.).
    2. Recruit interviewees and schedule interviews for 45 minutes.
    3. Keep track of Interviewees using the slide following this one.
    4. In preparation for interviews, review the Buyer Persona and Journey Interview Guide and Data Capture Tool. Review the two sets of questions:
      1. Buyer Persona-Related – use to validate areas where you still have gaps in your persona, OR if you are starting with a blank persona and wish to build your personas entirely based on customer and prospect interviews.
      2. Buyer-Journey Related, which we will focus on in the next phase.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    The image shows a table titled ‘Interviewee List.’ A note next to the title indicates: Here you will document your interviewee list and outreach plan. A note in the Segment column indicates: Ensure you are interviewing personas across segments that will give you the insights you need, e.g. by size, by region, mix of customers and prospects. A note in the Title column reads: Vary your title types up or down in the “buying center” if you are seeking to strengthen buying center dynamics understanding. A note in the Roles column reads: Vary your role types according to decision-making roles (decision maker, influencer, ratifier, coach, user) if you are seeking to strengthen decision-making dynamics understanding.

    Phase 2
    Interview Buyers and Validate Persona and Journey

    This Phase walks you through the following activities:

    • Developing final interview guide.
    • Interviewing buyers and customers.
    • Adjusting approach.
    • Validating buyer persona.
    • Crafting buyer journey
    • Gaining analyst feedback.

    This Phase involves the following stakeholders:

    • Program leadership
    • Product Marketing
    • Representative(s) from Sales

    2.1 Hold interviews

    Input

    • List of interviewees
    • Final list of questions

    Output

    • Buyer perspectives on their personas and buyer journeys

    Materials

    • Buyer Persona and Journey Interview Guide and data Capture Tool

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    1-2 weeks

    1. Hold interviews and adjust your interviewing approach as you go along. Uncover where you are not getting the right answers, check with working team and analysts, and adjust.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    2.2 Use interview findings to validate what’s needed for activation

    Input

    • List of interviewees
    • Final list of questions

    Output

    • Buyer perspectives on their personas and buyer journeys
    • Stakeholder feedback that actionable insights are resulting from interviews

    Materials

    • Buyer Persona Creation Template
    • Buyer Persona and Journey Interview Guide and Data Capture Tool

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • SoftwareReviews marketing analyst

    2 hours

    1. Convene your team, with marketing analysts, and test early findings: It’s wise to test initial interview results to check that you are getting the right insights to understand and validate key challenges, pain points, needs, and other vital areas pertaining to the buyer persona. Are the answers you are getting enabling you to complete the Summary slides for later communications and training for Sales?
    2. Check when doing buyer journey interviews that you are getting actionable answers that drive messaging, what asset types are needed, what the marketing channel mix is, and other vital insights to activate the results. Are the answers you are getting adequate to give guidance to campaigners, content marketers, and sales enablement?
    3. See the following slides for detailed questions that need to be answered satisfactorily by your team members that need to “activate” the results.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    2.2.1 Are you getting what you need from interviews to inform the buyer persona?

    Test that you are on the right track:

    1. Are you getting the functional answers so you can guide sellers to the right roles? Can you guide marketers/campaigners to the right “Ideal Customer Profile” for lead scoring?
    2. Are you capturing the right emotive areas that will support message crafting? Solutioning? SEM/SEO?
    3. Are you capturing insights into “how they decide” so sellers are well informed on the decision-making dynamics?
    4. Are you getting a strong understanding of content, interaction preferences, and news and information sources so sellers can outreach more effectively, you can pinpoint media spend, and content marketing can create the right assets?
    Functional – “to find them”
    Job Role Title Org. Chart Dynamics Buying Center Firmographics
    Emotive – “what they do and jobs to be done”
    Initiatives: What programs/projects the persona is tasked with and their feelings and aspirations about these initiatives. Motivations? Build credibility? Get promoted? Challenges: Identify the business issues, problems, and pain points that impede attainment of objectives. What are their fears, uncertainties, and doubts about these challenges? Buyer Need: They may have multiple needs; which need is most likely met with the offering? Terminology: What are the keywords/phrases they organically use to discuss the buyer need or business issue?
    Decision Criteria – “how they decide”
    Buyer Role: List decision-making criteria and power level. The five common buyer roles are champion, influencer, decision maker, user, and ratifier (purchaser/negotiator). Evaluation and Decision Criteria: Which lens – strategic, financial, or operational – does the persona evaluate the impact of purchase through?
    Solution Attributes – “what does the ideal solution look like”
    Steps in “Jobs to Be Done” Elements of the “Ideal Solution” Business outcomes from ideal solution Opportunity scope; other potential users Acceptable price for value delivered Alternatives that see consideration Solution sourcing: channel, where to buy
    Behavioral Attributes – “how to approach them successfully”
    Content Preferences: List the persona’s content preferences – blog, infographic, demo, video – vs. long-form assets (e.g. white paper, presentation, analyst report). Interaction Preferences: Which are preferred among in-person meetings, phone calls, emails, videoconferencing, conducting research via Web, mobile, and social? Watering Holes: Which physical or virtual places do they go to network or exchange info with peers (e.g. LinkedIn)?

    2.2.2 Are you getting what you need from interviews to support the buyer journey?

    Our approach helps you define the buyer journey

    Because marketing leaders need to reach buyers through the right channel with the right message at the right time during their decision cycle, you’ll benefit by using questionnaires that enable you to build the below easily and quickly.

    2.3 Continue interviews

    Input

    • Final adjustments to list of interview questions

    Output

    • Final buyer perspectives on their personas and buyer journeys

    Materials

    • Buyer Persona Creation Template
    • Buyer Persona and Journey Interview Guide and data Capture Tool

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    1-2 weeks

    1. Continue customer and prospect interviews.
    2. Ensure you are gaining the segment perspectives needed.
    3. Complete the “Summary” columns within the Buyer Persona and Journey Interview Guide and Data Capture Tool.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    Phase 3
    Prepare Communications and Educate Stakeholders

    This Phase walks you through the following activities:

    • Creating outputs for key stakeholders
    • Communicating final findings and supporting marketing, sales, and product activation.

    This Phase involves the following stakeholders:

    • Program leadership
    • Product Marketing
    • Product Management
    • Sales
    • Field Marketing/Campaign Management
    • Executive Leadership

    3.1 Summarize interview results and convene full working team and steering committee for final review

    Input

    • Buyer persona and journey interviews detail

    Output

    • Buyer perspectives on their personas and buyer journeys

    Materials

    • Buyer Persona and Journey Interview Guide and Data Capture Tool
    • Buyer Persona and Journey Summary Template

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • CMO/Sponsoring Executive (Optional)
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • SoftwareReviews marketing analyst

    1-2 hours

    1. Summarize interview results within the Buyer Persona and Journey Summary Template.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    Download the Buyer Persona and Journey Summary Template

    3.2 Convene executive steering committee and working team to review results

    Input

    • Buyer persona and journey interviews summary

    Output

    • Buyer perspectives on their personas and buyer journeys

    Materials

    • Buyer Persona and Journey Summary Template

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    1-2 hours

    1. Present final persona and journey results to the steering committee/executives and to working group using the summary slides interview results within the Buyer Persona and Journey Summary Template to finalize results.

    Download the Buyer Persona and Journey Summary Template

    3.3 Convene stakeholder meetings to activate results

    Input

    • Buyer persona and journey interviews summary

    Output

    Activation of key learnings to drive:

    • Better product –market fit
    • Lead gen
    • Sales effectiveness
    • Awareness

    Materials

    • Buyer Persona and Journey Summary Template

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • Stakeholder team members (see left)

    4-5 hours

    Present final persona and journey results to each stakeholder team. Key presentations include:

    1. Product team to validate product market fit.
    2. Content marketing to provide messaging direction for the creation of awareness and lead gen assets.
    3. Campaigners/Field Marketing for campaign-related messaging and to identify asset types required to be designed and delivered to support the buyer journey.
    4. Social media strategists for social post copy, and PR for other awareness-building copy.
    5. Sales enablement/training to enable updating of sales collateral, proposals, and sales training materials. Sellers to help with their targeting, prospecting, and crafting of outbound messaging and talk tracks.

    Download the Buyer Persona and Journey Summary Template

    Summary of Accomplishment

    Problem Solved

    With the help of this blueprint, you have deepened your and your colleagues’ buyer understanding at both the persona “who they are” level and the buyer journey “how do they buy” level. You are among the minority of marketing leaders that have fully documented a buyer persona and journey – congratulations!

    The benefits of having led your team through the process are significant and include the following:

    • Better alignment of customer/buyer-facing teams such as in product, marketing, sales, and customer success.
    • Messaging that can be used by marketing, sales, and social teams that will resonate with buyer initiatives, pain points, sought-after “pain relief,” and value.
    • Places in the digital and physical universe where your prospects “hang out” so you can optimize your media spend.
    • More effective use of marketing assets and sales collateral that align with the way your prospect needs to consume information throughout their buyer journey to make a decision in your solution area.

    And by capturing and documenting your buyer persona and journey even for a single buyer type, you have started to build the “institutional strength” to apply the process to other roles in the decision-making process or for when you go after new and different buyer types for new products. And finally, by bringing your team along with you in this process, you have also led your team in becoming a more customer-focused organization – a strategic shift that all organizations should pursue.

    If you would like additional support, contact us and we’ll make sure you get the professional expertise you need.

    Contact your account representative for more information.

    info@softwarereviews.com

    1-888-670-8889

    Related Software Reviews Research

    Optimize Lead Generation With Lead Scoring

    • Save time and money and improve your sales win rates when you apply our methodology to score contacts with your lead gen engine more accurately and pass better qualified leads over to your sellers.
    • Our methodology teaches marketers to develop your own lead scoring approach based upon lead/contact profile vs. your Ideal Customer Profile (ICP) and scores contact engagement. Applying the methodology to arrive at your own approach to scoring will mean reduced lead gen costs, higher conversion rates, and increased marketing-influenced wins.

    Bibliography

    Bilardi, Emma. “How to Create Buyer Personas.” Product Marketing Alliance, July 2020. Accessed Dec. 2021.

    Harrison, Liz, Dennis Spillecke, Jennifer Stanley, and Jenny Tsai. “Omnichannel in B2B sales: The new normal in a year that has been anything but.” McKinsey & Company, 15 March 2021. Accessed Dec. 2021.

    Jansen, Hasse. “Buyer Personas – 33 Mind Blowing Stats.” Boardview.io!, 19 Feb. 2016. Accessed Jan. 2022.

    Raynor, Lilah. “Understanding The Changing B2B Buyer Journey.” Forbes Agency Council, 18 July 2021. Accessed Dec. 2021.

    Simpson, Jon. “Finding Your Audience: The Importance of Developing a Buyer Persona.” Forbes Agency Council, 16 May 2017. Accessed Dec. 2021.

    “Successfully Executing Personalized Marketing Campaigns at Scale.” Plexure, 6 Jan. 2020. Accessed Dec 2020.

    Ulwick, Anthony W. JOBS TO BE DONE: Theory to Practice. E-book, Strategyn, 1 Jan. 2017. Accessed Jan. 2022.

    Master M&A Cybersecurity Due Diligence

    • Buy Link or Shortcode: {j2store}261|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,399 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance

    This research is designed to help organizations who are preparing for a merger or acquisition and need help with:

    • Understanding the information security risks associated with the acquisition or merger.
    • Avoiding the unwanted possibility of acquiring or merging with an organization that is already compromised by cyberattackers.
    • Identifying best practices for information security integration post merger.

    Our Advice

    Critical Insight

    The goal of M&A cybersecurity due diligence is to assess security risks and the potential for compromise. To succeed, you need to look deeper.

    Impact and Result

    • A repeatable methodology to systematically conduct cybersecurity due diligence.
    • A structured framework to rapidly assess risks, conduct risk valuation, and identify red flags.
    • Look deeper by leveraging compromise diagnostics to increase confidence that you are not acquiring a compromised entity.

    Master M&A Cybersecurity Due Diligence Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to master M&A cyber security due diligence, review Info-Tech’s methodology, and understand how we can support you in completing this project.

    [infographic]

    Generative AI: Market Primer

    • Buy Link or Shortcode: {j2store}349|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Much of the organization remains in the dark for understanding what Gen AI is, complicated by ambiguous branding from vendors claiming to provide Gen AI solutions.
    • Searching the market for a Gen AI platform is nearly impossible, owing to the sheer number of vendors.
    • The evaluative criteria for selecting a Gen AI platform are unclear.

    Our Advice

    Critical Insight

    • You cannot rush Gen AI selection and implementation. Organizations with (1) FTEs devoted to making Gen AI work (including developers and business intelligence analysts), (2) trustworthy and regularly updated data, and (3) AI governance are just now reaching PoC testing.
    • Gen AI is not a software category – it is an umbrella concept. Gen AI platforms will be built on different foundational models, be trained in different ways, and provide varying modalities. Do not expect Gen AI platforms to be compared against the same parameters in a vendor quadrant.
    • Bad data is the tip of the iceberg for Gen AI risks. While Gen AI success will be heavily reliant on the quality of data it is fine-tuned on, there are independent risks organizations must prepare for, from Gen AI hallucinations and output reliability to infrastructure feasibility and handling high-volume events.
    • Prepare for ongoing instability in the Gen AI market. If your organization is unsure about where to start with Gen AI, the secure route is to examine what your enterprise providers are offering. Use this as a learning platform to confidently navigate which specialized Gen AI provider will be viable for meeting your use cases.

    Impact and Result

    • Consensus on Gen AI scope and key Gen AI capabilities
    • Identification of your readiness to leverage Gen AI applications
    • Agreement on Gen AI evaluative criteria
    • Knowledge of vendor viability

    Generative AI: Market Primer Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Generative AI: Market Primer – Contextualize the marketspace and prepare for generative AI selection.

    Use Info-Tech’s best practices for setting out a selection roadmap and evaluative criteria for narrowing down vendors – both enterprise and specialized providers.

    • Generative AI: Market Primer Storyboard
    • Data Governance Policy
    • AI Governance Storyboard
    • AI Architecture Assessment and Project Planning Tool
    • AI Architecture Assessment and Project Planning Tool – Sample
    • AI Architecture Templates
    [infographic]

    Further reading

    Generative AI: Market Primer

    Cut through Gen AI buzzwords to achieve market clarity.

    Analyst Perspective

    The generative AI (Gen AI) marketspace is complex, nascent, and unstable.

    Organizations need to get clear on what Gen AI is, its infrastructural components, and the governance required for successful platform selection.

    Thomas Randall

    The urge to be fast-moving to leverage the potential benefits of Gen AI is understandable. There are plenty of opportunities for Gen AI to enrich an organization’s use cases – from commercial to R&D to entertainment. However, there are requisites an organization needs to get right before Gen AI can be effectively applied. Part of this is ensuring data and AI governance is well established and mature within the organization. The other part is contextualizing Gen AI to know what components of this market the organization needs to invest in.

    Owing to its popularity surge, OpenAI’s ChatGPT has become near synonymous with Gen AI. However, Gen AI is an umbrella concept that encompasses a variety of infrastructural architecture. Organizations need to ask themselves probing questions if they are looking to work with OpenAI: Does ChatGPT rest on the right foundational model for us? Does ChatGPT offer the right modalities to support our organization’s use cases? How much fine-tuning and prompt engineering will we need to perform? Do we require investment in on-premises infrastructure to support significant data processing and high-volume events? And do we require FTEs to enable all this infrastructure?

    Use this market primer to quickly get up to speed on the elements your organization might need to make the most of Gen AI.

    Thomas Randall

    Advisory Director, Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Much of the organization remains in the dark for understanding what Gen AI is, complicated by ambiguous branding from vendors claiming to provide Gen AI solutions.
    • Searching the market for a Gen AI platform is near impossible, owing to the sheer number of vendors.
    • The evaluative criteria for selecting a Gen AI platform is unclear.

    Common Obstacles

    • Data governance is immature within the organization. There is no source of truth or regularly updated organizational process assets.
    • AI functionality is not well understood within the organization; there is little AI governance for monitoring and controlling its use.
    • The extent of effort and resources required to make Gen AI a success remains murky.

    Info-Tech's Solution

    This market primer for Gen AI will help you:

    1. Contextualize the Gen AI market: Learn what components of Gen AI an organization should consider to make Gen AI a success.
    2. Prepare for Gen AI selection: Use Info-Tech’s best practices for setting out a selection roadmap and evaluative criteria for narrowing down vendors – both enterprise and specialized providers.

    “We are entering the era of generative AI.
    This is a unique time in our history where the benefits of AI are easily accessible and becoming pervasive with co-pilots emerging in the major business tools we use today. The disruptive capabilities that can potentially drive dramatic benefits also introduces risks that need to be planned for.”

    Bill Wong, Principal Research Director – Data and BI, Info-Tech Research Group

    Who benefits from this project?

    This research is designed for:

    • Senior IT, developers, data staff, and project managers who:
      • Have received a mandate from their executives to begin researching the Gen AI market.
      • Need to quickly get up to speed on the state of the Gen AI market, given no deep prior knowledge of the space.
      • Require an overview of the different components to Gen AI to contextualize how vendor comparisons and selections can be made.
      • Want to gain an understanding of key trends, risks, and evaluative criteria to consider in their selection process.

    This research will help you:

    • Articulate the potential business value of Gen AI to your organization.
    • Establish which high-value use cases could be enriched by Gen AI functionality.
    • Assess vendor viability for enterprise and specialized software providers in the Gen AI marketspace.
    • Collect information on the prerequisites for implementing Gen AI functionality.
    • Develop relevant evaluative criteria to assist differentiating between shortlisted contenders.

    This research will also assist:

    • Executives, business analysts, and procurement teams who are stakeholders in:
      • Contextualizing the landscape for learning opportunities.
      • Gathering and documenting requirements.
      • Building deliverables for software selection projects.
      • Managing vendors, especially managing the relationships with incumbent enterprise software providers.

    This research will help you:

    • Identify examples of how Gen AI applications could be leveraged for your organization’s core use cases.
    • Verify the extent of Gen AI functionality an incumbent enterprise provider has.
    • Validate accuracy of Gen AI language and architecture referenced in project deliverables.

    Insight Summary

    You cannot speedrun Gen AI selection and implementation.

    Organizations with (1) FTEs devoted to making Gen AI work (including developers and business intelligence analysts), (2) trustworthy and regularly updated data, and (3) AI governance are just now reaching PoC testing.

    Gen AI is not a software category – it is an umbrella concept.

    Gen AI platforms will be built on different foundational models, be trained in different ways, and provide varying modalities. Do not expect to compare Gen AI platforms to the same parameters in a vendor quadrant.

    Bad data is the tip of the iceberg for Gen AI risks.

    While Gen AI success will be heavily reliant on the quality of data it is fine-tuned on, there are independent risks organizations must prepare for: from Gen AI hallucinations and output reliability to infrastructure feasibility to handle high-volume events.

    Gen AI use may require changes to sales incentives.

    If you plan to use Gen AI in a commercial setting, review your sales team’s KPIs. They are rewarded for sales velocity; if they are the human-in-the-loop to check for hallucinations, you must change incentives to ensure quality management.

    Prepare for ongoing instability in the Gen AI market.

    If your organization is unsure about where to start with Gen AI, the secure route is to examine what your enterprise providers are offering. Use this as a learning platform to confidently navigate which specialized Gen AI provider will be viable for meeting your use cases.

    Brace for a potential return of on-premises infrastructure to power Gen AI.

    The market trend has been for organizations to move to cloud-based products. Yet, for Gen AI, effective data processing and fine-tuning may call for organizations to invest in on-premises infrastructure (such as more GPUs) to enable their Gen AI to function effectively.

    Info-Tech’s methodology for understanding the Gen AI marketspace

    Phase Steps

    1. Contextualize the Gen AI marketplace

    1. Define Gen AI and its components.
    2. Explore Gen AI trends.
    3. Begin deriving Gen AI initiatives that align with business capabilities.

    2. Prepare for and understand Gen AI platform offerings

    1. Review Gen AI selection best practices and requisites for effective procurement.
    2. Determine evaluative criteria for Gen AI solutions.
    3. Explore Gen AI offerings with enterprise and specialized providers.
    Phase Outcomes
    1. Achieve consensus on Gen AI scope and key Gen AI capabilities.
    2. Identify your readiness to leverage Gen AI applications.
    3. Hand off to Build Your Generative AI Roadmap to complete pre-requisites for selection.
    1. Determine whether deeper data and AI governance is required; if so, hand off to Create an Architecture for AI.
    2. Gain consensus on Gen AI evaluative criteria.
    3. Understand vendor viability.

    Guided Implementation

    Phase 1

    Phase 2

    • Call #1: Discover if Gen AI is right for your organization. Understand what a Gen AI platform is and discover the art of the possible.
    • Call #2: To take advantage of Gen AI, perform a business capabilities analysis to begin deriving Gen AI initiatives.
    • Call #3: Explore whether Gen AI initiatives can be achieved either with incumbent enterprise players or via procurement of specialized solutions.
    • Call #4: Evaluate vendors and perform final due diligence.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    The Gen AI market evaluation process should be broken into segments:

    1. Gen AI market education with this primer
    2. Structured approach to selection
    3. Evaluation and final due diligence

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful"

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Software selection engagement

    Five advisory calls over a five-week period to accelerate your selection process

    • Receive expert analyst guidance over five weeks (on average) to select and negotiate software.
    • Save money, align stakeholders, speed up the process, and make better decisions.
    • Use a repeatable, formal methodology to improve your application selection process.
    • Get better, faster results guaranteed, included in membership.
    Software selection process timeline. Week 1: Awareness - 1 hour call, Week 2: Education & Discovery - 1 hour call, Week 3: Evaluation - 1 hour call, Week 4: Selection - 1 hour call, Week 5: Negotiation & Configuration - 1 hour call.

    Click here to book your selection engagement.

    Software selection workshops

    40 hours of advisory assistance delivered online.

    Select better software, faster.

    • 40 hours of expert analyst guidance
    • Project and stakeholder management assistance
    • Save money, align stakeholders, speed up the process, and make better decisions
    • Better, faster results guaranteed; 25K standard engagement fee
    Software selection process timeline. Week 1: Awareness - 5 hours of Assistance, Week 2: Education & Discovery - 10 hours of assistance, Week 3: Evaluation - 10 hours of assistance, Week 4: Selection - 10 hours of assistance, Week 5: Negotiation & Configuration - 10 hours of assistance.

    Click here to book your workshop engagement.

    Implement an IT Employee Development Plan

    • Buy Link or Shortcode: {j2store}592|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: 5 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Train & Develop
    • Parent Category Link: /train-and-develop
    • There is a growing gap between the competencies organizations have been focused on developing and what is needed in the future.
    • Employees have been left to drive their own development with little direction or support and without the alignment of development to organizational needs.
    • The pace of change in today’s environment demands new competencies while making others obsolete, and IT is challenged with keeping up with upskilling employees.

    Our Advice

    Critical Insight

    • Organizations position development as employee-owned, yet employees still feel like their needs aren’t being met, and many leave as a result.
    • Development needs to be employee-owned and manager-supported but also organization-informed to ensure that it meets the organization’s needs.
    • Today, operating environments change quickly, and organizations need to develop the competencies employees need both today and in the future.

    Impact and Result

    • Design employee development plans that build the competencies the organization and IT department need both today and in the future.
    • Equip managers and build program support to foster continuous learning and development.
    • Connect the right development opportunity to the right employee through an effective development planning process.

    Implement an IT Employee Development Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement effective development planning, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess employees' development needs

    Assist your employees in setting appropriate development goals.

    • Implement Effective Employee Development Planning – Phase 1: Assess Employees' Development Needs
    • IT Manager Job Aid: Employee Development
    • IT Employee Job Aid: Employee Development
    • IT Employee Career Development Workbook
    • Individual Competency Development Plan
    • IT Competency Library
    • Leadership Competencies Workbook

    2. Select appropriate activities for development

    Review existing and identify new development activities that employees can undertake to achieve their goals.

    • Implement Effective Employee Development Planning – Phase 2: Select Activities for Developing Prioritized Competencies
    • Learning Methods Catalog for IT Employees

    3. Build manager coaching skills

    Establish manager and employee follow-up accountabilities.

    • Implement Effective Employee Development Planning – Phase 3: Build Manager Coaching Skills to Support Employee Development
    • Role Play Coaching Scenarios
    [infographic]

    Integrate IT Risk Into Enterprise Risk

    • Buy Link or Shortcode: {j2store}195|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,599 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • IT risks, when considered, are identified and classified separately from the enterprise-wide perspective.
    • IT is expected to own risks over which they have no authority or oversight.
    • Poor behaviors, such as only considering IT risks when conducting compliance or project due diligence, have been normalized.

    Our Advice

    Critical Insight

    • Stop avoiding risk – integrate it. This provides a holistic view of uncertainty for the organization to drive innovative new approaches to optimize the organization’s ability to respond to risk.

    Impact and Result

    • Understand gaps in the organization’s current approach to risk management practices.
    • Establish a standardized approach for how IT risks impact the enterprise as a whole.
    • Drive a risk-aware organization toward innovation and consider alternative options for how to move forward.
    • Integrate IT risks into the foundational risk practice.

    Integrate IT Risk Into Enterprise Risk Research & Tools

    Integrated Risk Management Capstone – A framework for how IT risks can be integrated into your organization’s enterprise risk management program to enable strategic risk-informed decisions.

    This is a capstone blueprint highlighting the benefits of an integrated risk management program that uses risk information and data to inform strategic decision making. Throughout this research you will gain insight into the five core elements of integrating risk through assessing, governing, defining the program, defining the process, and implementing.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Integrate IT Risk Into Enterprise Risk Capstone
    • Integrated Risk Maturity Assessment
    • Risk Register Tool

    Infographic

    Further reading

    Integrate IT Risk Into Enterprise Risk

    Don’t fear IT risks, integrate them.

    EXECUTIVE BRIEF

    Analyst Perspective

    Having siloed risks is risky business for any enterprise.

    Photo of Valence Howden, Principal Research Director, CIO Practice.
    Valence Howden
    Principal Research Director, CIO Practice
    Photo of Petar Hristov Research Director, Security, Privacy, Risk & Compliance.
    Petar Hristov
    Research Director, Security, Privacy, Risk & Compliance
    Photo of Ian Mulholland Research Director, Security, Risk & Compliance.
    Ian Mulholland
    Research Director, Security, Risk & Compliance
    Photo of Brittany Lutes, Senior Research Analyst, CIO Practice.
    Brittany Lutes
    Senior Research Analyst, CIO Practice
    Photo of Ibrahim Abdel-Kader, Research Analyst, CIO Practice
    Ibrahim Abdel-Kader
    Research Analyst, CIO Practice

    Every organization has a threshold for risk that should not be exceeded, whether that threshold is defined or not.

    In the age of digital, information and technology will undoubtedly continue to expand beyond the confines of the IT department. As such, different areas of the organization cannot address these risks in silos. A siloed approach will produce different ways of identifying, assessing, responding to, and reporting on risk events. Integrated risk management is about embedding IT uncertainty to inform good decision making across the organization.

    When risk is integrated into the organization's enterprise risk management program, it enables a single view of all risks and the potential impact of each risk event. More importantly, it provides a consistent view of the risk event in relation to uncertainty that might have once been seemingly unrelated to IT.

    And all this can be achieved while remaining within the enterprise’s clearly defined risk appetite.

    Executive Summary

    Your Challenge

    Most organizations fail to integrate IT risks into enterprise risks:

    • IT risks, when considered, are identified and classified separately from the enterprise-wide perspective.
    • IT is expected to own risks over which they have no authority or oversight.
    • Poor behaviors, such as only considering IT risks when conducting compliance or project due diligence, have been normalized.

    Common Obstacles

    IT leaders have to overcome these obstacles when it comes to integrating risk:

    • Making business leaders aware of, involved in, and able to respond to all enterprise risks.
    • A lack of data or information being used to support a holistic risk management process.
    • A low level of enterprise risk maturity.
    • A lack of risk management capabilities.

    Info-Tech’s Approach

    By leveraging the Info-Tech Integrated Risk approach, your business can better address and embed risk by:

    • Understanding gaps in the organization’s current approach to risk management practices.
    • Establishing a standardized approach for how IT risks impact the enterprise as a whole.
    • Driving a risk-aware organization toward innovation and considering alternative options for how to move forward.
    • Helping integrate IT risks into the foundational risk practice.

    Info-Tech Insight

    Stop avoiding risk – integrate it. This provides a holistic view of uncertainty for the organization to drive innovative new approaches to optimize its ability to respond to risk.

    What is integrated risk management?

    • Integrated risk management is the process of ensuring all forms of risk information, including information and technology, are considered and included in the enterprise’s risk management strategy.
    • It removes the siloed approach to classifying risks related to specific departments or areas of the organization, recognizing that each of those risks is a threat to the overarching enterprise.
    • Aggregating the different threats or uncertainty that might exist within an organization allows for informed decisions to be made that align to strategic goals and continue to drive value back to the business.
    • By holistically considering the different risks, the organization can make informed decisions on the best course of action that will reduce any negative impacts associated with the uncertainty and increase the overall value.

    Enterprise Risk Management (ERM)

    • IT
    • Security
    • Digital
    • Vendor/Third Party
    • Other

    Enterprise risk management is the practice of identifying and addressing risks to your organization and using risk information to drive better decisions and better opportunities.

    IT risk is enterprise risk

    Multiple types of risk, 'Finance', 'IT', 'People', and 'Digital', funneling into 'ENTERPRISE RISKS'. IT risks have a direct and often aggregated impact on enterprise risks and opportunities in the same way other business risks can. This relationship must be understood and addressed through integrated risk management to ensure a consistent approach to risk.

    Your challenge

    Embedding IT risks into the enterprise risk management program is challenging because:

    • Most organizations classify risks based on the departments or areas of the business where the uncertainty is likely to happen.
    • Unnecessary expectations are placed on the IT department to own risks over which they have no authority or oversight.
    • Risks are often only identified when conducting due diligence for a project or ensuring compliance with regulations and standards.

    Risk-mature organizations have a unique benefit in that they often have established an overarching governance framework and embedded risk awareness into the culture.

    35% — Only 35% of organizations had embraced ERM in 2020. (Source: AICPA and NC State Poole College of Management)

    12% — Only 12% of organizations are leveraging risk as a tool to their strategic advantage. (Source: AICPA and NC State Poole College of Management)

    Common obstacles

    These barriers make integrating IT risks difficult to address for many organizations:

    • IT risks are not seen as enterprise risks.
    • The organization’s culture toward risk is not defined.
    • The organization’s appetite and threshold for risk are not defined.
    • Each area of the organization has a different method of identifying, assessing, and responding to risk events.
    • Access to reliable and informative data to support risk management is difficult to obtain.
    • Leadership does not see the business value of integrating risk into a single management program.
    • The organization’s attitudes and behaviors toward risk contradict the desired and defined risk culture.
    • Skills, training, and resources to support risk management are lacking, let alone those to support integrated risk management.

    Integrating risks has its challenges

    62% — Accessing and disseminating information is the main challenge for 62% of organizations maturing their organizational risk management. (Source: OECD)

    20-28% — Organizations with access to machine learning and analytics to address future risk events have 20 to 28% more satisfaction. (Source: Accenture)

    Integrate Risk and Use It to Your Advantage

    Accelerate and optimize your organization by leveraging meaningful risk data to make intelligent enterprise risk decisions.

    Risk management is more than checking an audit box or demonstrating project due diligence.

    Risk Drivers
    • Audit & compliance
    • Preserve value & avoid loss
    • Previous risk impact driver
    • Major transformation
    • Strategic opportunities
    Arrow pointing right. Only 7% of organizations are in a “leading” or “aspirational” level of risk maturity. (OECD, 2021) 63% of organizations struggle when it comes to defining their appetite toward strategy related risks. (“Global Risk Management Survey,” Deloitte, 2021) Late adopters of risk management were 70% more likely to use instinct over data or facts to inform an efficient process. (Clear Risk, 2020) 55% of organizations have little to no training on ERM to properly implement such practices. (AICPA, NC State Poole College of Management, 2021)
    1. Assess Enterprise Risk Maturity 3. Build a Risk Management Program Plan 4. Establish Risk Management Processes 5. Implement a Risk Management Program
    2. Determine Authority with Governance
    Unfortunately, less than 50% of those in risk focused roles are also in a governance role where they have the authority to provide risk oversight. (Governance Institute of Australia, 2020)
    IT can improve the maturity of the organization’s risk governance and help identify risk owners who have authority and accountability.

    Governance and related decision making is optimized with integrated and aligned risk data.

    List of 'Integrated Risk Maturity Categories': '1. Context & Strategic Direction', '2. Risk Culture and Authority', '3. Risk Management Process', and '4. Risk Program Optimization'. The five types of a risk in Enterprise Risk Management.

    ERM incorporates the different types of risk, including IT, security, digital, vendor, and other risk types.

    The program plan is meant to consider all the major risk types in a unified approach.

    The 'Risk Process' cycle starting with '1. Identify', '2. Assess', '3. Respond', '4. Monitor', '5. Report', and back to the beginning. Implementation of an integrated risk management program requires ongoing access to risk data by those with decision making authority who can take action.

    Integrated Risk Mapping — Downside Risk Focus

    A diagram titled 'Risk and Controls' beginning with 'Possible Sources' and a list of sources, 'Control Activities' to prevent, the 'RISK EVENT', 'Recovery Activities' to recover, and 'Possible Repercussions' with a list of ramifications.

    Integrated Risk Mapping — Downside and Upside Risk

    Third-Party Risk Example

    Example of a third-party risk mapped onto the diagram on the previous slide, but with potential upsides mapped out as well. The central risk event is 'Vendor exposes private customer data'. Possible Sources of the downside are 'External Attack' with likelihood prevention method 'Define security standard requirements for vendor assessment' and 'Exfiltration of data through fourth-party staff' with likelihood prevention method 'Ensure data is properly classified'. Possible Sources of the upside are 'Application rationalization' with likelihood optimization method 'Reduce number of applications in environment' and 'Review vendor assessment practices' with likelihood optimization method 'Improve vendor onboarding'. Possible Repercussions on the downside are 'Organization unable to operate in jurisdiction' with impact minimization method 'Engage in-house risk mitigation responses' and 'Fines levied against organization' with impact minimization method 'Report incident to any regulators'. Possible Repercussions on the upside are 'Easier vendor integration and management' with impact utilization method 'Improved vendor onboarding practices' and 'Able to bid on contracts with these requirements' with impact utilization method 'Vendors must provide attestations (e.g. SOC or CMMC)'.

    Insight Summary

    Overarching insight

    Stop fearing risk – integrate it. Integration leads to opportunities for organizations to embrace innovation and new digital technologies as well as reducing operational costs and simplifying reporting.

    Govern risk strategically

    Governance of risk management for information- and technology-related events is often misplaced. Just because it's classified as an IT risk does not mean it shouldn’t be owned by the board or business executive.

    Assess risk maturity

    Integrating risk requires a baseline of risk maturity at the enterprise level. IT can push integrating risks, but only if the enterprise is willing to adopt the attitudes and behaviors that will drive the integrated risk approach.

    Manage risk

    It is not a strategic decision to have different areas of the organization manage the risks perceived to be in their department. It’s the easy choice, but not the strategic one.

    Implement risk management

    Different areas of an enterprise apply risk management processes differently. Determining a single method for identification, assessment, response, and monitoring can ensure successful implementation of enterprise risk management.

    Tactical insight

    Good risk management will consider both the positives and negatives associated with a risk management program by recognizing both the upside and downside of risk event impact and likelihood.

    Integrated risk benefits

    IT Benefits

    • IT executives have a responsibility but not accountability when it comes to risk. Ensure the right business stakeholders have awareness and ability to make informed risk decisions.
    • Controls and responses to risks that are within the “IT” realm will be funded and provided with sufficient support from the business.
    • The business respects and values the role of IT in supporting the enterprise risk program, elevating its role into business partner.

    Business Benefits

    • Business executives and boards can make informed responses to the various forms of risk, including those often categorized as “IT risks.”
    • The compounding severity of risks can be formally assessed and ideally quantified to provide insight into how risks’ ramifications can change based on scenarios.
    • Risk-informed decisions can be used to optimize the business and drive it toward adopting innovation as a response to risk events.
    • Get your organization insured against cybersecurity threats at the lowest premiums possible.

    Measure the value of integrating risk

    • Reduce Operating Costs

      • Organizations can reduce their risk operating costs by 20 to 30% by adopting enterprise-wide digital risk initiatives (McKinsey & Company).
    • Increase Cybersecurity Threat Preparedness

      • Increase the organization’s preparedness for cybersecurity threats. 79% of organizations that were impacted by email threats in 2020 were not prepared for the hit (Diligent)
    • Increase Risk Management’s Impact to Drive Strategic Value

      • Currently, only 3% of organizations are extensively using risk management to drive their unique competitive advantage, compared to 35% of companies who do not use it at all (AICPA & NC State Poole College of Management).
    • Reduce Lost Productivity for the Enterprise

      • Among small businesses, 76% are still not considering purchasing cyberinsurance in 2021, despite the fact that ransomware attacks alone cost Canadian businesses $5.1 billion in productivity in 2020 (Insurance Bureau of Canada, 2021).

    “31% of CIO’s expected their role to expand and include risk management responsibilities.” (IDG “2021 State of the CIO,” 2021)

    Make integrated risk management sustainable

    58%

    Focus not just on the preventive risk management but also the value-creating opportunities. With 58% of organizations concerned about disruptive technology, it’s an opportunity to take the concern and transform it into innovation. (Accenture)

    70%

    Invest in tools that have data and analytics features. Currently, “gut feelings” or “experience” inform the risk management decisions for 70% of late adopters. (Clear Risk)

    54%

    Align to the strategic vision of the board and CEO, given that these two roles account for 54% of the accountability associated with extended enterprise risk management. (Extended Enterprise Risk Management Survey, 2020,” Deloitte)

    63%

    Include IT leaders in the risk committee to help informed decision making. Currently 63% of chief technology officers are included in the C‑suite risk committee. (AICPA & NC State Poole College of Management)

    Successful adoption of integrated risk management is often associated with these key elements.

    Assessment

    Assess your organization’s method of addressing risk management to determine if integrated risk is possible

    Assessing the organization’s risk maturity

    Mature or not, integrated risk management should be a consideration for all organizations

    The first step to integrating risk management within the enterprise is to understand the organization’s readiness to adopt practices that will enable it to successfully integrate information.

    In 2021, we saw enterprise risk management assessments become one of the most common trends, particularly as a method by which the organization can consolidate the potential impacts of uncertainties or threats (Lawton, 2021). A major driver for this initiative was the recognition that information and technology not only have enterprise-wide impacts on the organization’s risk management but that IT has a critical role in supporting processes that enable effective access to data/information.

    A maturity assessment has several benefits for an organization: It ensures there is alignment throughout the organization on why integrated risk is the right approach to take, it recognizes the organization’s current risk maturity, and it supports the organization in defining where it would like to go.

    Pie chart titled 'Organizational Risk Management Maturity Assessment Results' showing just under half 'Progressing', a third 'Established', a seventh 'Emerging', and a very small portion 'Leading or Aspirational'.

    Integrated Risk Maturity Categories

    Semi-circle with colored points indicating four categories.

    1

    Context & Strategic Direction Understand the organization’s main objectives and how risk can support or enhance those objectives.

    2

    Risk Culture and Authority Examine if risk-based decisions are being made by those with the right level of authority and if the organization’s risk appetite is embedded in the culture.

    3

    Risk Management Process Determine if the current process to identify, assess, respond to, monitor, and report on risks is benefitting the organization.

    4

    Risk Program Optimization Consider opportunities where risk-related data is being gathered, reported, and used to make informed decisions across the enterprise.

    Maturity should inform your approach to risk management

    The outcome of the risk maturity assessment should inform how risk management is approached within the organization.

    A row of waves starting light and small and becoming taller and darker in steps. The levels are 'Non-existent', 'Basic', 'Partially Integrated', 'Mostly Integrated', 'Fully Integrated', and 'Optimized'.

    For organizations with a low maturity, remaining superficial with risk will offer more benefits and align to the enterprise’s risk tolerance and appetite. This might mean no integrated risk is taking place.

    However, organizations that have higher risk maturity should begin to integrate risk information. These organizations can identify the nuances that would affect the severity and impact of risk events.

    Integrated Risk Maturity Assessment

    The purpose of the Integrated Risk Maturity Assessment is to assess the organization's current maturity and readiness for integrated risk management (IRM).

    Frequently and continually assessing your organization’s maturity toward integrated risk ensures the right risk management program can be adopted by your organization.

    Integrated Risk Maturity Assessment

    A simple tool to understand if your organization is ready to embrace integrated risk management by measuring maturity across four key categories: Context & Strategic Direction, Risk Culture & Authority, Risk Management Process, and Risk Program Optimization

    Sample of the Integrated Risk Maturity Assessment deliverable.

    Use the results from this integrated risk maturity assessment to determine the type of risk management program that can and should be adopted by your organization.

    Some organizations will need to remain siloed and focused on IT risk management only, while others will be able to integrate risk-related information to start enabling automatic controls that respond to this data.

    Explore the Secrets of Workday Licensing

    • Buy Link or Shortcode: {j2store}144|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Organizations examining a move to Workday or renewing a contract struggle to gain information and leverage in the negotiation process on commercial components such as pricing transparency, contractual flexibility, terms, and license use rights.
    • Implementations and customization can become difficult if adequate planning steps and communication are not taken beforehand.
    • The FSE Worker Calculation formula is used in the pricing process and can be negotiable.
    • Information and training documentation must be searched in online handbooks, making it difficult to find and time consuming
    • Workday’s partner ecosystem, while closely managed, isn’t flowing with resources. Finding the right partner, at the right cost to support an implementation can be challenging.

    Our Advice

    Critical Insight

    1. Know which defined areas of the agreement can be negotiated and which can't.
    2. Workday closely manages the Partner ecosystem and requests feedback on how to better support and implement its technologies. However, resource availability and talent management can be difficult as not many have the necessary skills.
    3. Recognize and accept that you’ve chosen the premium priced product in the market, so be prepared to pay up for best-in-class capabilities on a cloud-native ERP platform.

    Impact and Result

    • Focus on needs first. Conduct a thorough needs assessment and document the results. Well-documented worker counts by category and licenses required will be your best asset in navigating Workday licensing and negotiating your agreement.
    • Ensure the chosen implementation partner isn’t simply an integrator but provides consultative help and service.
    • Leverage executive relationships, downstream increased spending opportunities, and effective communication to drive and manage the relationship and attain necessary information to make effective decisions.

    Explore the Secrets of Workday Licensing Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should explore the secrets of Workday licensing, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand Workday

    Understand Workday’s business model, competitive options, and what to know when conducting due diligence and requirements gathering.

    • Explore the Secrets of Workday Licensing – Phase 1: Understand Workday

    2. Understand licensing, negotiate commercial terms, and purchase

    Review product options and licensing rules. Determine negotiation points. Evaluate and finalize the contract.

    • Explore the Secrets of Workday Licensing – Phase 2: Understand Licensing, Negotiate Commercial Terms, and Purchase
    • Workday Terms and Conditions Evaluation Tool
    [infographic]

    Secrets of SAP S-4HANA Licensing

    • Buy Link or Shortcode: {j2store}231|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $25,000 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • With the relatively slow uptake of the S/4HANA platform, the pressure is immense for SAP to maintain revenue growth.
    • SAP’s definitions and licensing rules are complex and vague, making it extremely difficult to purchase with confidence while remaining compliant.
    • Aggressive audit tactics may be used to speed up the move to HANA.

    Our Advice

    Critical Insight

    • Mapping SAP products to HANA can be highly complex, leading to overspending and an inability to reduce future spend.
    • The deployment model chosen will directly impact commercial pathways forward.
    • Beware of digital (indirect) access licensing and compliance concerns.
    • Without having a holistic negotiation strategy, it is easy to hit a common obstacle and land into SAP’s playbook, requiring further spend.

    Impact and Result

    • Build a business case to evaluate S/4HANA.
    • Understand the S/4HANA roadmap and map current functionality to ensure compatibility.
    • Understand negotiating pricing and commercial terms.
    • Learn the “SAP way” of conducting business, which includes a best-in-class sales structure, unique contracts, and license use policies combined with a hyper-aggressive compliance function.

    Secrets of SAP S/4HANA Licensing Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should explore the secrets of SAP S/4HANA licensing, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish requirements

    Determining SAP’s fit within your organization is critical. Start off by building a business case to assess overarching drivers and justification for change, any net new business benefits and long-term sustainability. Oftentimes the ROI is negative, but the investment sets the stage for long-term growth.

    2. Evaluate licensing options

    Your deployment model is more important than you think. Selecting a deployment model will dictate your licensing options followed by your contractual pathways forward.

    • SAP License Summary and Analysis Tool
    • SAP Digital Access Licensing Pricing Tool

    3. Negotiation and license management

    Know what’s in the contract. Each customer agreement is different and there may be existing terms that are beneficial. Depending on how much is spent, anything can be up for negation.

    • SAP S/4HANA Terms and Conditions Evaluator
    [infographic]

    Modernize the Network

    • Buy Link or Shortcode: {j2store}501|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $16,499 Average $ Saved
    • member rating average days saved: 8 Average Days Saved
    • Parent Category Name: Network Management
    • Parent Category Link: /network-management
    • Business units, functions, and processes are inextricably intertwined with less and less tolerance for downtime.
    • Business demands change rapidly but the refresh horizon for infrastructure remains 5-7 years.
    • The number of endpoint devices the network is expected to support is growing geometrically but historic capacity planning grew linearly.
    • The business is unable to clearly define requirements, paralyzing planning.

    Our Advice

    Critical Insight

    • Build for your needs. Don’t fall into the trap of assuming what works for your neighbor, your peer, or your competitor will work for you.
    • Deliver on what your business knows it needs as well as what it doesn’t yet know it needs. Business leaders have business vision, but this vision won’t directly demand the required network capabilities to enable the business. This is where you come in.
    • Modern technologies are hampered by vintage processes. New technologies demand new ways of accomplishing old tasks.

    Impact and Result

    • Use a systematic approach to document all stakeholder needs and rely on the network technical staff to translate those needs into design constraints, use cases, features, and management practices.
    • Spend only on those emerging technologies that deliver features offering direct benefits to specific business goals and IT needs.
    • Solidify the business case for your network modernization project by demonstrating and quantifying the hard dollar value it provides to the business.

    Modernize the Network Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should modernize the enterprise network, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess the network

    Identify and prioritize stakeholder and IT/networking concerns.

    • Modernize the Network – Phase 1: Assess the Network
    • Network Modernization Workbook

    2. Envision the network of the future

    Learn about emerging technologies and identify essential features of a modernized network solution.

    • Modernize the Network – Phase 2: Envision Your Future Network
    • Network Modernization Technology Assessment Tool

    3. Communicate and execute the plan

    Compose a presentation for stakeholders and prepare the RFP for vendors.

    • Modernize the Network – Phase 3: Communicate and Execute the Plan
    • Network Modernization Roadmap
    • Network Modernization Executive Presentation Template
    • Network Modernization RFP Template
    [infographic]

    Workshop: Modernize the Network

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess the Network

    The Purpose

    Understand current stakeholder and IT needs pertaining to the network.

    Key Benefits Achieved

    Prioritized lists of stakeholder and IT needs.

    Activities

    1.1 Assess and prioritize stakeholder concerns.

    1.2 Assess and prioritize design considerations.

    1.3 Assess and prioritize use cases.

    1.4 Assess and prioritize network infrastructure concerns.

    1.5 Assess and prioritize care and control concerns.

    Outputs

    Current State Register

    2 Analyze Emerging Technologies and Identify Features

    The Purpose

    Analyze emerging technologies to determine whether or not to include them in the network modernization.

    Identify and shortlist networking features that will be part of the network modernization.

    Key Benefits Achieved

    An understanding of what emerging technologies are suitable for including in your network modernization.

    A prioritized list of features, aligned with business needs, that your modernized network must or should have.

    Activities

    2.1 Analyze emerging technologies.

    2.2 Identify features to support drivers, practices, and pain points.

    Outputs

    Emerging technology assessment

    Prioritize lists of modernized network features

    3 Plan for Future Capacity

    The Purpose

    Estimate future port, bandwidth, and latency requirements for all sites on the network.

    Key Benefits Achieved

    Planning for capacity ensures the network is capable of delivering until the next refresh cycle and beyond.

    Activities

    3.1 Estimate port, bandwidth, and latency requirements.

    3.2 Group sites according to capacity requirements.

    3.3 Create standardized capacity plans for each group.

    Outputs

    A summary of capacity requirements for each site in the network

    4 Communicate and Execute the Plan

    The Purpose

    Create a presentation to pitch the project to executives.

    Compose key elements of RFP.

    Key Benefits Achieved

    Communication to executives, summarizing the elements of the modernization project that business decision makers will want to know, in order to gain approval.

    Communication to vendors detailing the network solution requirements so that proposed solutions are aligned to business and IT needs.

    Activities

    4.1 Build the executive presentation.

    4.2 Compose the scope of work.

    4.3 Compose technical requirements.

    Outputs

    Executive Presentation

    Request for Proposal/Quotation

    In Case Of Emergency...

    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    1. Get people to safety efficiently by following the floor warden's information and get out if needed
      If there are no floor wardens, YOU take the initiative and alert people. Vacate the premises if you suspect danger.
      Err on the side of caution. Nobody ever got fired over keeping people safe.
    2. Get people to safety (yes! double check this)
    3. Check what is happening
    4. Stop the bleeding
    5. Check what you broke while stopping the bleeding
    6. Check if you need to go into DR mode
    7. Go into DR mode if that is the fastest way to restore the service
    8. Only now start to look deeper

    Notice what is missing in this list?

    • WHY did this happen?
    • WHO did what

    During the first reactions to an event, stick to the facts of what is happening and the symptoms. If the symptoms are bad, attend to people first, no matter the financial losses occurring.
    Remember that financial losses are typically insured. Human life is not. Only loss of income and ability to pay is insured! Not the person's life.

    The WHY, HOW, WHO and other root cause questions are asked in the aftermath of the incident and after you have stabilized the situation.
    In ITIL terms, those are Problem Management and Root Cause Analysis stage questions.

     

     

     

    Management, incident, reaction, emergency

    Diagnose and Optimize Your Lead Gen Engine

    • Buy Link or Shortcode: {j2store}567|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    88% of marketing professionals are unsatisfied with their ability to convert leads (Convince & Convert), but poor lead conversion is just a symptom of much deeper problems.

    Globally, B2B SaaS marketers without a well-running lead gen engine will experience:

    • A low volume of quality leads from their website.
    • A low conversion rate from their website visitors.
    • A long lead conversion time compared to competitors.
    • A low volume of organic website visitors.

    If treated without a root cause analysis, these symptoms often result in higher-than-average marketing spend and wasted resources. Without an accurate lead gen engine diagnostic tool and a strategy to fix the misfires, marketers will continue to waste valuable time and resources.

    Our Advice

    Critical Insight

    The lead gen engine is foundational in building profitable long-term customer relationships. It is the process through which marketers build awareness, trust, and loyalty. Without the ability to continually diagnose lead gen engine flaws, marketers will fail to optimize new customer relationship creation and long-term satisfaction and loyalty.

    Impact and Result

    With a targeted set of diagnostic tools and an optimization strategy, you will:

    • Uncover the critical weakness in your lead generation engine.
    • Develop a best-in-class lead gen engine optimization strategy that builds relationships, creates awareness, and establishes trust and loyalty with prospects.
    • Build profitable long-term customer relationships.

    Organizations who activate the findings from their lead generation diagnostic and optimization strategy will decrease the time and budget spent on lead generation by 25% to 50%. They will quickly uncover inefficiencies in their lead gen engine and develop a proven lead generation optimization strategy based on the diagnostic findings.

    Diagnose and Optimize Your Lead Gen Engine Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Diagnose and Optimize Your Lead Gen Engine Deck – A deck to help you diagnose what’s not working in your lead gen engine so that you can remedy issues and get back on track, building new customer relationships and driving loyalty.

    Organizations who activate the findings from their lead generation diagnostic and optimization strategy will decrease the time and budget spent on lead generation by 25% to 50%. They will quickly uncover inefficiencies in their lead gen engine and develop a proven lead generation optimization strategy based on the diagnostic findings.

    • Diagnose and Optimize Your Lead Gen Engine Storyboard

    2. Lead Gen Engine Diagnostic Tool – An easy-to-use diagnostic tool that will help you pinpoint weakness within your lead gen engine.

    The diagnostic tool allows digital marketers to quickly and easily diagnose weakness within your lead gen engine.

    • Lead Gen Engine Diagnostic Tool

    3. Lead Gen Engine Optimization Strategy Template – A step-by-step document that walks you through how to properly optimize the performance of your lead gen engine.

    Develop a best-in-class lead gen engine optimization strategy that builds relationships, creates awareness, and establishes trust and loyalty with prospects.

    • Lead Gen Engine Optimization Strategy Template

    Infographic

    Further reading

    Diagnose and Optimize Your Lead Gen Engine

    Quickly and easily pinpoint any weakness in your lead gen engine so that you stop wasting money and effort on ineffective advertising and marketing.

    EXECUTIVE BRIEF

    Analyst Perspective

    Quickly and easily pinpoint any weakness in your lead gen engine so that you stop wasting money and effort on ineffective advertising and marketing.

    The image contains a photo of Terra Higginson.

    Senior digital marketing leaders are accountable for building relationships, creating awareness, and developing trust and loyalty with website visitors, thereby delivering high-quality, high-value leads that Sales can easily convert to wins. Unfortunately, many marketing leaders report that their website visitors are low-quality and either disengage quickly or, when they engage further with lead gen engine components, they just don’t convert. These marketing leaders urgently need to diagnose what’s not working in three key areas in their lead gen engine to quickly remedy the issue and get back on track, building new customer relationships and driving loyalty. This blueprint will provide you with a tool to quickly and easily diagnose weakness within your lead gen engine. You can use the results to create a strategy that builds relationships, creates awareness, and establishes trust and loyalty with prospects.

    Terra Higginson

    Marketing Research Director

    SoftwareReviews

    Executive Summary

    Your Challenge

    Globally, business-to-business (B2B) software-as-a-service (SaaS) marketers without a well-running lead gen engine will experience:

    • A low volume of quality leads from their website.
    • A low conversion rate from their website visitors.
    • A long lead conversion time compared to competitors.
    • A low volume of organic website visitors.

    88% of marketing professionals are unsatisfied with their ability to convert leads (Convince & Convert), but poor lead conversion is just a symptom of a much larger problem with the lead gen engine. Without an accurate lead gen engine diagnostic tool and a strategy to fix the leaks, marketers will continue to waste valuable time and resources.

    Common Obstacles

    Even though lead generation is a critical element of marketing success, marketers struggle to fix the problems with their lead gen engine due to:

    • A lack of resources.
    • A lack of budget.
    • A lack of experience in implementing effective lead generation strategies.

    Most marketers spend too much on acquiring leads and not enough on converting and keeping them. For every $92 spent acquiring customers, only $1 is spent converting them (Econsultancy, cited in Outgrow). Marketers are increasingly under pressure to deliver high-quality leads to sales but work under tight budgets with inadequate or inexperienced staff who don’t understand the importance of optimizing the lead generation process.

    SoftwareReviews’ Approach

    With a targeted set of diagnostic tools and an optimization strategy, you will:

    • Uncover the critical weakness in your lead generation engine.
    • Develop a best-in-class lead gen engine optimization strategy that builds relationships, creates awareness, and establishes trust and loyalty with prospects.
    • Build profitable long-term customer relationships.

    Organizations who activate the findings from their lead generation diagnostic and optimization strategy will decrease the time and budget spent on lead generation by 25% to 50%. They will quickly uncover inefficiencies in their lead gen engine and develop a proven lead generation optimization strategy based on the diagnostic findings.

    SoftwareReviews Insight

    The lead gen engine is foundational in building profitable long-term customer relationships. It is the process through which marketers build awareness, trust, and loyalty. Without the ability to continually diagnose lead gen engine flaws, marketers will fail to optimize new customer relationship creation and long-term satisfaction and loyalty.

    Your Challenge

    88% of marketing professionals are unsatisfied with their ability to convert leads, but poor lead conversion is just a symptom of much deeper problems.

    Globally, B2B SaaS marketers without a well-running lead gen engine will experience:

    • A low volume of organic website visitors.
    • A low volume of quality leads from their website.
    • A low conversion rate from their website visitors.
    • A longer lead conversion time than competitors in the same space.

    If treated without a root-cause analysis, these symptoms often result in higher-than-average marketing spend and wasted resources. Without an accurate lead gen engine diagnostic tool and a strategy to fix the misfires, marketers will continue to waste valuable time and resources.

    88% of marketers are unsatisfied with lead conversion (Convince & Convert).

    The image contains a diagram that demonstrates a flowchart of the areas where visitors fail to convert. It incorporates observations, benchmarks, and uses a flowchart to diagnose the root causes.

    Benchmarks

    Compare your lead gen engine metrics to industry benchmarks.

    For every 10,000 people that visit your website, 210 will become leads.

    For every 210 leads, 101 will become marketing qualified leads (MQLs).

    For every 101 MQLs, 47 will become sales qualified leads (SQLs).

    For every 47 SQLs, 23 will become opportunities.

    For every 23 opportunities, nine will become customers.

    .9% to 2.1%

    36% to 48%

    28% to 46%

    39% to 48%

    32% to 40%

    Leads Benchmark

    MQL Benchmark

    SQL Benchmark

    Opportunity Benchmark

    Closing Benchmark

    The percentage of website visitors that convert to leads.

    The percentage of leads that convert to marketing qualified leads.

    The percentage of MQLs that convert to sales qualified leads.

    The percentage of SQLs that convert to opportunities.

    The percentage of opportunities that are closed.

    Midmarket B2B SaaS Industry

    Source: “B2B SaaS Marketing KPIs,” First Page Sage, 2021

    Common obstacles

    Why do most organizations improperly diagnose a misfiring lead gen engine?

    Lack of Clear Starting Point

    The lead gen engine is complex, with many moving parts, and marketers and marketing ops are often overwhelmed about where to begin diagnosis.

    Lack of Benchmarks

    Marketers often call out metrics such as increasing website visitors, contact-to-lead conversions, numbers of qualified leads delivered to Sales, etc., without a proven benchmark to compare their results against.

    Lack of Alignment Between Marketing and Sales

    Definitions of a contact, a marketing qualified lead, a sales qualified lead, and a marketing influenced win often vary.

    Lack of Measurement Tools

    Integration gaps between the website, marketing automation, sales enablement, and analytics exist within some 70% of enterprises. The elements of the marketing (and sales) tech stack change constantly. It’s hard to keep up.

    Lack of Understanding of Marketing ROI

    This drives many marketers to push the “more” button – more assets, more emails, more ad spend – without first focusing on optimization and effectiveness.

    Lack of Resources

    Marketers have an endless list of to-dos that drive them to produce daily results. Especially among software startups and mid-sized companies, there are just not enough staff with the right skills to diagnose and fix today’s sophisticated lead gen engines.

    Implications of poor diagnostics

    Without proper lead gen engine diagnostics, marketing performs poorly

    • The lead gen engine builds relationships and trust. When a broken lead gen engine goes unoptimized, customer relationships are at risk.
    • When the lead gen engine isn’t working well, customer acquisition costs rise as more expensive sales resources are charged with prospect qualification.
    • Without a well-functioning lead gen engine, marketers lack the foundation they need to create awareness among prospects – growth suffers.
    • Marketers will throw money at content or ads to generate more leads without any real understanding of engine leakage and misfires – your cost per lead climbs and reduces marketing profitability.

    Most marketers are spending too much on acquiring leads and not enough on converting and keeping them. For every $92 spent acquiring customers, only $1 is spent converting them.

    Source: Econsultancy, cited in Outgrow

    Lead gen engine optimization increases the efficiency of your marketing efforts and has a 223% ROI.

    Source: WordStream

    Benefits of lead gen engine diagnostics

    Diagnosing your lead gen engine delivers key benefits:

    • Pinpoint weakness quickly. A quick and accurate lead gen engine diagnostic tool saves Marketing 50% of the effort spent uncovering the reason for low conversion and low-quality leads.
    • Optimize more easily. Marketing executives will save 70% of the time spent creating a lead gen optimization marketing strategy based upon the diagnostic findings.
    • Maximize marketing ROI. Build toward and maintain the golden 3:1 LTV:CAC (lifetime value to customer acquisition cost) ratio for B2B SaaS marketing.
    • Stop wasting money on ineffective advertising and marketing. Up to 75% of your marketing budget is being inefficiently spent if you are running on a broken lead gen engine.

    “It’s much easier to double your business by doubling your conversion rate than by doubling your traffic. Correct targeting and testing methods can increase conversion rates up to 300 percent.” – Jeff Eisenberg, IterateStudio

    Source: Lift Division

    True benefits of fixing the lead gen engine

    These numbers add up to a significant increase in marketing influenced wins.

    175%
    Buyer Personas Increase Revenue
    Source: Illumin8

    202%
    Personalized CTAs Increase Conversions
    Source: HubSpot

    50%
    Lead Magnets Increase Conversions
    Source: ClickyDrip

    79%
    Lead Scoring Increases Conversions
    Source: Bloominari

    50%
    Lead Nurturing Increases Conversions
    Source: KevinTPayne.com

    80%
    Personalized Landing Pages Increase Conversions
    Source: HubSpot

    Who benefits from an optimized lead gen engine?

    This Research Is Designed for:

    • Senior digital marketing leaders who are:
      • Looking to increase conversions.
      • Looking to increase the quality of leads.
      • Looking to increase the value of leads.

    This Research Will Help You:

    • Diagnose issues with your lead gen engine.
    • Create a lead gen optimization strategy and a roadmap.

    This Research Will Also Assist:

    • Digital marketing leaders and product marketing leaders who are:
      • Looking to decrease the effort needed by Sales to close leads.
      • Looking to increase leadership’s faith in Marketing’s ability to generate high-quality leads and conversions.

    This Research Will Help Them:

    • Align the Sales and Marketing teams.
    • Receive the necessary buy-in from management to increase marketing spend and headcount.
    • Avoid product failure.
    The image contains a screenshot of the thought model that is titled: Diagnose and Optimize your Lead Gen Engine. The image contains the screenshot of the previous image shown on Where Lead Gen Engines Fails, and includes new information. The flowchart connects to a box that says: STOP, Your engine is broken. It then explains phase 1, the diagnostic, and then phase 2 Optimization strategy.

    SoftwareReviews’ approach

    1. Diagnose Misfires in the Lead Gen Engine
    2. Identifying any areas of weakness within your lead gen engine is a fundamental first step in improving conversions, ROI, and lead quality.

    3. Create a Lead Gen Optimization Strategy
    4. Optimize your lead gen strategy with an easily customizable template that will provide your roadmap for future growth.

    The SoftwareReviews Methodology to Diagnose and Optimize Your Lead Gen Engine

    1. Lead Gen Engine Diagnostic

    2. Lead Gen Engine Optimization Strategy

    Phase Steps

    1. Select lead gen engine optimization steering committee & working team
    2. Gather baseline metrics
    3. Run the lead gen engine diagnostic
    4. Identify low-scoring areas & prioritize lead gen engine fixes
    1. Define the roadmap
    2. Create lead gen engine optimization strategy
    3. Present strategy to steering committee

    Phase Outcomes

    • Identify weakness within the lead gen engine.
    • Prioritize the most important fixes within the lead gen engine.
    • Create a best-in-class lead gen engine optimization strategy and roadmap that builds relationships, creates awareness, and develops trust and loyalty with website visitors.
    • Increase leadership’s faith in Marketing’s ability to generate high-quality leads and conversions.

    Insight Summary

    The lead gen engine is the foundation of marketing

    The lead gen engine is critical to building relationships. It is the foundation upon which marketers build awareness, trust, and loyalty.

    Misalignment between Sales and Marketing is costly

    Digital marketing leaders need to ensure agreement with Sales on the definition of a marketing qualified lead (MQL), as it is the most essential element of stakeholder alignment.

    Prioritization is necessary for today’s marketer

    By prioritizing the fixes within the lead gen engine that have the highest impact, a marketing leader will be able to focus their optimization efforts in the right place.

    Stop, your engine is broken

    Any advertising or effort expended while running marketing on a broken lead gen engine is time and money wasted. It is only once the lead gen engine is fixed that marketers will see the true results of their efforts.

    Tactical insight

    Without a well-functioning lead gen engine, marketers risk wasting valuable time and money because they aren’t creating relationships with prospects that will increase the quality of leads, conversion rate, and lifetime value.

    Tactical insight

    The foundational lead relationship must be built at the marketing level, or else Sales will be entirely responsible for creating these relationships with low-quality leads, risking product failure.

    Blueprint Deliverable:

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Lead Gen Engine Diagnostic

    An efficient and easy-to-use diagnostic tool that uncovers weakness in your lead gen engine.

    The image contains a screenshot of the Lead Gen Engine Diagnostic is shown.

    Key Deliverable:

    Lead Gen Engine Optimization Strategy Template

    The image contains a screenshot of the Lead Gen Engine Optimization Strategy.

    A comprehensive strategy for optimizing conversions and increasing the quality of leads.

    SoftwareReviews Offers Various Levels of Support to Meet Your Needs

    Included within Advisory Membership:

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Optional add-ons:

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Guided Implementation

    What does a typical GI on lead gen engine diagnostics look like?

    Diagnose Your Lead Gen Engine

    Call #1: Scope requirements, objectives, and specific challenges with your lead gen engine.

    Call #2: Gather baseline metrics and discuss the steering committee and working team.

    Call #3: Review results from baseline metrics and answer questions.

    Call #4: Discuss the lead gen engine diagnostic tool and your steering committee.

    Call #5: Review results from the diagnostic tool and answer questions.

    Develop Your Lead Gen Engine Optimization Strategy

    Call #6: Identify components to include in the lead gen engine optimization strategy.

    Call #7: Discuss the roadmap for continued optimization.

    Call #8: Review final lead gen engine optimization strategy.

    Call #9: (optional) Follow-up quarterly to check in on progress and answer questions.

    A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization. For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst. Your engagement managers will work with you to schedule analyst calls.

    Workshop Overview

    Day 1

    Day 2

    Activities

    Complete Lead Gen Engine Diagnostic

    1.1 Identify the previously selected lead gen engine steering committee and working team.

    1.2 Share the baseline metrics that were gathered in preparation for the workshop.

    1.3 Run the lead gen engine diagnostic.

    1.4 Identify low-scoring areas and prioritize lead gen engine fixes.

    Create Lead Gen Engine Optimization Strategy

    2.1 Define the roadmap.

    2.2 Create a lead gen engine optimization strategy.

    2.3 Present the strategy to the steering committee.

    Deliverables

    1. Lead gen engine diagnostic scorecard

    1. Lead gen engine optimization strategy

    Contact your account representative for more information.

    workshops@infotech.com1-888-670-8889

    Phase 1

    Lead Gen Engine Diagnostic

    Phase 1

    Phase 2

    1.1 Select lead gen engine steering committee & working team

    1.2 Gather baseline metrics

    1.3 Run the lead gen engine diagnostic

    1.4 Identify & prioritize low-scoring areas

    2.1 Define the roadmap

    2.2 Create lead gen engine optimization strategy

    2.3 Present strategy to steering committee

    This phase will walk you through the following activities:

    The diagnostic tool will allow you to quickly and easily identify the areas of weakness in the lead gen engine by answering some simple questions. The steps include:

    • Select the lead gen engine optimization committee and team.
    • Gather baseline metrics.
    • Run the lead gen engine diagnostic.
    • Identify and prioritize low-scoring areas.

    This phase involves the following participants:

    • Marketing lead
    • Lead gen engine steering committee

    Step 1.1

    Identify Lead Gen Engine Optimization Steering Committee & Working Team

    Activities

    1.1.1 Identify the lead gen engine optimization steering committee and document in the Lead Gen Engine Optimization Strategy Template

    1.1.2 Identify the lead gen engine optimization working team document in the Lead Gen Engine Optimization Strategy Template

    This step will walk you through the following activities:

    Identify the lead gen engine optimization steering committee.

    This step involves the following participants:

    • Marketing director
    • Leadership

    Outcomes of this step

    An understanding of who will be responsible and who will be accountable for accomplishing the lead gen engine diagnostic and optimization strategy.

    1.1.1 Identify the lead gen engine optimization steering committee

    1-2 hours

    1. The marketing lead should meet with leadership to determine who will make up the steering committee for the lead gen engine optimization.
    2. Document the steering committee members in the Lead Gen Engine Optimization Strategy Template slide entitled “The Steering Committee.”

    Input

    Output

    • Stakeholders and leaders across the various functions outlined on the next slide
    • List of the lead gen engine optimization strategy steering committee members

    Materials

    Participants

    • Lead Gen Engine Optimization Strategy Template
    • Marketing director
    • Executive leadership

    Download the Lead Gen Engine Optimization Strategy Template

    Lead gen engine optimization steering committee

    Consider the skills and knowledge required for the diagnostic and the implementation of the strategy. Constructing a cross-functional steering committee will be essential for the optimization of the lead gen engine. At least one stakeholder from each relevant department should be included in the steering committee.

    Required Skills/Knowledge

    Suggested Functions

    • Target Buyer
    • Product Roadmap
    • Brand
    • Competitors
    • Campaigns/Lead Gen
    • Sales Enablement
    • Media/Analysts
    • Customer Satisfaction
    • Data Analytics
    • Ad Campaigns
    • Competitive Intelligence
    • Product Marketing
    • Product Management
    • Creative Director
    • Competitive Intelligence
    • Field Marketing
    • Sales
    • PR/AR/Corporate Comms
    • Customer Success
    • Analytics Executive
    • Campaign Manager

    For small and mid-sized businesses (SMB), because employees wear many different hats, assign people that have the requisite skills and knowledge, not the role title.

    The image contains examples of small and mid-sized businesses, and the different employee recommendations.

    1.1.2 Identify the lead gen engine optimization working team

    1-2 hours

    1. The marketing director should meet with leadership to determine who will make up the working team for the lead gen engine optimization.
    2. Finalize selection of team members and fill out the slide entitled “The Working Team” in the Lead Gen Engine Optimization Strategy Template.

    Input

    Output

    • Executives and analysts responsible for execution of tasks across Marketing, Product, Sales, and IT
    • The lead gen engine optimization working team

    Materials

    Participants

    • The Lead Gen Engine Optimization Strategy Template
    • Marketing director
    • Executive leadership

    Download the Lead Gen Engine Optimization Strategy Template

    Lead gen engine working team

    Consider the working skills required for the diagnostic and implementation of the strategy and assign the working team.

    Required Skills/Knowledge

    Suggested Titles

    • SEO
    • Inbound Marketing
    • Paid Advertising
    • Website Development
    • Content Creation
    • Lead Scoring
    • Landing Pages
    • A/B Testing
    • Email Campaigns
    • Marketing and Sales Automation
    • SEO Analyst
    • Content Marketing Manager
    • Product Marketing Manager
    • Website Manager
    • Website Developer
    • Sales Manager
    • PR
    • Customer Success Manager
    • Analytics Executive
    • Campaign Manager

    Step 1.2

    Gather Baseline Metrics

    Activities

    1.2.1 Gather baseline metrics and document in the Lead Gen Engine Optimization Strategy Template

    This step will walk you through the following activities:

    Gather baseline metrics.

    This step involves the following participants:

    • Marketing director
    • Analytics lead

    Outcomes of this step

    Understand and document baseline marketing metrics.

    1.2.1 Gather baseline metrics and document in the Lead Gen Engine Optimization Strategy Template

    1-2 hours

    1. Use the example on the next slide to learn about the B2B SaaS industry-standard baseline metrics.
    2. Meet with the analytics lead to analyze and record the data within the “Baseline Metrics” slide of the Lead Gen Engine Optimization Strategy Template. The baseline metrics will include:
      • Unique monthly website visitors
      • Visitor to lead conversion rate
      • Lead to MQL conversion rate
      • Customer acquisition cost (CAC)
      • Lifetime customer value to customer acquisition cost (LTV to CAC) ratio
      • Campaign ROI

    Recording the baseline data allows you to measure the impact your lead gen engine optimization strategy has over the baseline.

    Input

    Output
    • Marketing and analytics data
    • Documentation of baseline marketing metrics

    Materials

    Participants

    • The lead gen engine optimization strategy
    • Marketing director
    • Analytics lead

    B2B SaaS baseline metrics

    Industry standard metrics for B2B SaaS in 2022

    Unique Monthly Visitors

    Industry standard is 5% to 10% growth month over month.

    Visitor to Lead Conversion

    Industry standard is between 0.9% to 2.1%.

    Lead to MQL Conversion

    Industry standard is between 36% to 48%.

    CAC

    Industry standard is a cost of $400 to $850 per customer acquired.

    LTV to CAC Ratio

    Industry standard is an LTV:CAC ratio between 3 to 6.

    Campaign ROI

    Email: 201%

    Pay-Per-Click (PPC): 36%

    LinkedIn Ads: 94%

    Source: “B2B SaaS Marketing KPIs,” First Page Sage, 2021

    Update the Lead Gen Optimization Strategy Template with your company’s baseline metrics.

    Download the Lead Gen Engine Optimization Strategy Template

    Step 1.3

    Run the Lead Gen Engine Diagnostic

    Activities

    1.3.1 Gather steering committee and working team to complete the Lead Gen Engine Diagnostic Tool

    This step will walk you through the following activities:

    Gather the steering committee and answer the questions within the Lead Gen Engine Diagnostic Tool.

    This step involves the following participants:

    • Lead gen engine optimization working team
    • Lead gen engine optimization steering committee

    Outcomes of this step

    Lead gen engine diagnostic and scorecard

    1.3.1 Gather the committee and team to complete the Lead Gen Engine Diagnostic Tool

    2-3 hours

    1. Schedule a two-hour meeting with the steering committee and working team to complete the Lead Gen Engine Diagnostic Tool. To ensure the alignment of all departments and the quality of results, all steering committee members must participate.
    2. Answer the questions within the tool and then review your company’s results in the Results tab.

    Input

    Output

    • Marketing and analytics data
    • Diagnostic scorecard for the lead gen engine

    Materials

    Participants

    • Lead Gen Engine Diagnostic Tool
    • Marketing director
    • Analytics lead

    Download the Lead Gen Engine Diagnostic Tool

    Step 1.4

    Identify & Prioritize Low-Scoring Areas

    Activities

    1.4.1 Identify and prioritize low-scoring areas from the diagnostic scorecard

    This step will walk you through the following activities:

    Identify and prioritize the low-scoring areas from the diagnostic scorecard.

    This step involves the following participants:

    • Marketing director

    Outcomes of this step

    A prioritized list of the lead gen engine problems to include in the Lead Gen Engine Optimization Strategy Template

    1.4.1 Identify and prioritize low-scoring areas from the diagnostic scorecard

    1 hour

    1. Transfer the results from the Lead Gen Engine Diagnostic Scorecard Results tab to the Lead Gen Engine Optimization Strategy Template slide entitled “Lead Gen Engine Diagnostic Scorecard.”
      • Results between 0 and 2 should be listed as high-priority fixes on the “Lead Gen Engine Diagnostic Scorecard” slide. You will use these areas for your strategy.
      • Results between 2 and 3 should be listed as medium-priority fixes on “Lead Gen Engine Diagnostic Scorecard” slide. You will use these areas for your strategy.
      • Results between 3 and 4 are within the industry standard and will require no fixes or only small adjustments.

    Input

    Output

    • Marketing and analytics data
    • Documentation of baseline marketing metrics

    Materials

    Participants

    • Lead Gen Engine Optimization Strategy Template
    • Marketing director
    • Analytics lead

    Download the Lead Gen Engine Diagnostic Tool

    Phase 2

    Lead Gen Engine Optimization Strategy

    Phase 1

    Phase 2

    1.1 Select lead gen engine steering committee & working team

    1.2 Gather baseline metrics

    1.3 Run the lead gen engine diagnostic

    1.4 Identify & prioritize low-scoring areas

    2.1 Define the roadmap

    2.2 Create lead gen engine optimization strategy

    2.3 Present strategy to steering committee

    This phase will walk you through the following activities:

    Create a best-in-class lead gen optimization strategy and roadmap based on the weaknesses found in the diagnostic tool. The steps include:

    • Define the roadmap.
    • Create a lead gen engine optimization strategy.
    • Present the strategy to the steering committee.

    This phase involves the following participants:

    • Marketing director

    Step 2.1

    Define the Roadmap

    Activities

    2.1.1 Create the roadmap for the lead gen optimization strategy

    This step will walk you through the following activities:

    Create the optimization roadmap for your lead gen engine strategy.

    This step involves the following participants:

    • Marketing director

    Outcomes of this step

    Strategy roadmap

    2.1.1 Create the roadmap for the lead gen optimization strategy

    1 hour

    1. Copy the results from "The Lead Gen Engine Diagnostic Scorecard" slide to the "Value, Resources & Roadmap Matrix" slide in the Lead Gen Engine Optimization Strategy Template. Adjust the Roadmap Quarter column after evaluating the internal resources of your company and expected value generated.
    2. Using these results, create your strategy roadmap by updating the slide entitled “The Strategy Roadmap” in the Lead Gen Engine Optimization Strategy Template.

    Input

    Output

    • Diagnostic scorecard
    • Strategy roadmap

    Materials

    Participants

    • Lead Gen Engine Optimization Strategy Template
    • Marketing Director

    Download the Lead Gen Engine Optimization Strategy Template

    Step 2.2

    Create the Lead Gen Engine Optimization Strategy

    Activities

    2.2.1 Customize your lead gen engine optimization strategy using the template

    This step will walk you through the following activities:

    Create a lead gen engine optimization strategy based on the results of your diagnostic scorecard.

    This step involves the following participants:

    Marketing director

    Outcomes of this step

    A leadership-facing lead gen optimization strategy

    2.2.1 Customize your lead gen engine optimization strategy using the template

    2-3 hours

    Review the strategy template:

    1. Use "The Strategy Roadmap" slide to organize the remaining slides from the Q1, Q2, and Q3 sections.
      1. Fixes listed in "The Strategy Roadmap" under Q1 should be placed within the Q1 section.
      2. Fixes listed in "The Strategy Roadmap" under Q2 should be placed within the Q2 section.
      3. Fixes listed in "The Strategy Roadmap" under Q3 should be placed within the Q3 section.

    Input

    Output

    • The strategy roadmap
    • Your new lead gen engine optimization strategy

    Materials

    Participants

    • Lead Gen Engine Optimization Strategy Template
    • Marketing director

    Download the Lead Gen Engine Optimization Strategy Template

    Step 2.3

    Present the strategy to the steering committee

    Activities

    2.3.1 Present the findings of the diagnostic and the lead gen optimization strategy to the steering committee.

    This step will walk you through the following activities:

    Get executive buy-in on the lead gen engine optimization strategy.

    This step involves the following participants:

    • Marketing director
    • Steering committee

    Outcomes of this step

    • Buy-in from leadership on the strategy

    2.3.1 Present findings of diagnostic and lead gen optimization strategy to steering committee

    1-2 hours

    1. Schedule a presentation to present the findings of the diagnostic, the lead gen engine optimization strategy, and the roadmap to the steering committee.
    InputOutput
    • Your company’s lead gen engine optimization strategy
    • Official outline of strategy and buy-in from executive leadership

    Materials

    Participants

    • Lead Gen Engine Optimization Strategy Template
    • Marketing director
    • Executive leadership
    • Steering committee

    Download the Lead Gen Engine Optimization Strategy Template

    Related SoftwareReviews Research

    Create a Buyer Persona and Journey

    Make it easier to market, sell, and achieve product-market fit with deeper buyer understanding.

    • Reduce time and treasure wasted chasing the wrong prospects.
    • Improve product-market fit.
    • Increase open and click-through rates in your lead gen engine.
    • Perform more effective sales discovery and increase eventual win rates.

    Optimize Lead Generation With Lead Scoring

    In today’s competitive environment, optimizing Sales’ resources by giving them qualified leads is key to B2B marketing success.

    • Lead scoring is a must-have capability for high-tech marketers.
    • Without lead scoring, marketers will see increased costs of lead generation and decreased SQL-to-opportunity conversion rates.
    • Lead scoring increases sales productivity and shortens sales cycles.

    Build a More Effective Go-to-Market Strategy

    Creating a compelling go-to-market strategy and keeping it current is a critical software company function – as important as financial strategy, sales operations, and even corporate business development – given its huge impact on the many drivers of sustainable growth.

    • Align stakeholders on a common vision and execution plan.
    • Build a foundation of buyer and competitive understanding.
    • Deliver a team-aligned launch plan that enables commercial success.

    Bibliography

    “11 Lead Magnet Statistics That Might Surprise You.” ClickyDrip, 28 Dec. 2020. Accessed April 2022.

    “45 Conversion Rate Optimization Statistics Every Marketer Should Know.” Outgrow, n.d. Accessed April 2022.

    Bailyn, Evan. “B2B SaaS Funnel Conversion Benchmarks.” First Page Sage, 24 Feb. 2021. Accessed April 2022.

    Bailyn, Evan. “B2B SaaS Marketing KPIs: Behind the Numbers.” First Page Sage, 1 Sept. 2021. Accessed April 2022.

    Conversion Optimization.” Lift Division, n.d. Accessed April 2022.

    Corson, Sean. “LTV:CAC Ratio [2022 Guide] | Benchmarks, Formula, Tactics.” Daasity, 3 Nov. 2021. Accessed April 2022.

    Dudley, Carrie. “What are personas?” Illumin8, 26 Jan. 2018. Accessed April 2022.

    Godin, Seth. “Permission Marketing.” Accenture, Oct. 2009. Accessed April 2022.

    Lebo, T. “Lead Conversion Statistics All B2B Marketers Need to Know.” Convince & Convert, n.d. Accessed April 2022.

    Lister, Mary. “33 CRO & Landing Page Optimization Stats to Fuel Your Strategy.” WordStream, 24 Nov. 2021. [Accessed April 2022].

    Nacach, Jamie. “How to Determine How Much Money to Spend on Lead Generation Software Per Month.” Bloominari, 18 Sept. 2018. Accessed April 2022.

    Needle, Flori. “11 Stats That Make a Case for Landing Pages.” HubSpot, 10 June 2021. Accessed April 2022.

    Payne, Kevin. “10 Effective Lead Nurturing Tactics to Boost Your Sales.” Kevintpayne.com, n.d. Accessed April 2022.

    Tam, Edwin. “ROI in Marketing: Lifetime Value (LTV) & Customer Acquisition Cost (CAC).” Construct Digital, 19 Jan. 2016. Accessed April 2022.

    Build a Cloud Security Strategy

    • Buy Link or Shortcode: {j2store}169|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $38,592 Average $ Saved
    • member rating average days saved: 44 Average Days Saved
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Leveraging the cloud introduces IT professionals to a new world that they are tasked with securing.
    • With many cloud vendors proposing to share the security responsibility, it can be a challenge for organizations to develop a clear understanding of how they can best secure their data off premises.

    Our Advice

    Critical Insight

    • Cloud security is not fundamentally different from security on premises.
    • While some of the mechanics are different, the underlying principles are the same. Accountability doesn’t disappear.
    • By virtue of its broad network accessibility, the cloud does expose decisions to extreme scrutiny, however.

    Impact and Result

    • The business is adopting a cloud environment and it must be secured, which includes:
      • Ensuring business data cannot be leaked or stolen.
      • Maintaining privacy of data and other information.
      • Securing the network connection points.
    • This blueprint and associated tools are scalable for all types of organizations within various industry sectors.

    Build a Cloud Security Strategy Research & Tools

    Start Here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a cloud security strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Explore security considerations for the cloud

    Explore how the cloud changes the required controls and implementation strategies for a variety of different security domains.

    • Build a Cloud Security Strategy – Phase 1: Explore Security Considerations for the Cloud
    • Cloud Security Information Security Gap Analysis Tool
    • Cloud Security Strategy Template

    2. Prioritize initiatives and construct a roadmap

    Develop your organizational approach to various domains of security in the cloud, considering the cloud’s unique risks and challenges.

    • Build a Cloud Security Strategy – Phase 2: Prioritize Initiatives and Construct a Roadmap
    [infographic]

    Workshop: Build a Cloud Security Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your Approach

    The Purpose

    Define your unique approach to improving security in the cloud.

    Key Benefits Achieved

    An understanding of the organization’s requirements for cloud security.

    Activities

    1.1 Define your approach to cloud security.

    1.2 Define your governance requirements.

    1.3 Define your cloud security management requirements.

    Outputs

    Defined cloud security approach

    Defined governance requirements

    2 Respond to Cloud Security Challenges

    The Purpose

    Explore challenges posed by the cloud in various areas of security.

    Key Benefits Achieved

    An understanding of how the organization needs to evolve to combat the unique security challenges of the cloud.

    Activities

    2.1 Explore cloud asset management.

    2.2 Explore cloud network security.

    2.3 Explore cloud application security.

    2.4 Explore log and event management.

    2.5 Explore cloud incident response.

    2.6 Explore cloud eDiscovery and forensics.

    2.7 Explore cloud backup and recovery.

    Outputs

    Understanding of cloud security strategy components (cont.).

    3 Build Cloud Security Roadmap

    The Purpose

    Identify initiatives to mitigate challenges posed by the cloud in various areas of security.

    Key Benefits Achieved

    A roadmap for improving security in the cloud.

    Activities

    3.1 Define tasks and initiatives.

    3.2 Finalize your task list

    3.3 Consolidate gap closure actions into initiatives.

    3.4 Finalize initiative list.

    3.5 Conduct a cost-benefit analysis.

    3.6 Prioritize initiatives and construct a roadmap.

    3.7 Create effort map.

    3.8 Assign initiative execution waves.

    3.9 Finalize prioritization.

    3.10 Incorporate initiatives into a roadmap.

    3.11 Schedule initiatives.

    3.12 Review your results.

    Outputs

    Defined task list.

    Cost-benefit analysis

    Roadmap

    Effort map

    Initiative schedule

    CIO Priorities 2023

    • Buy Link or Shortcode: {j2store}84|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $10,000 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    CIOs are facing these challenges in 2023:

    • Trying to understand the implications of external trends.
    • Determining what capabilities are most important to support the organization.
    • Understanding how to help the organization pursue new opportunities.
    • Preparing to mitigate new sources of organizational risk.

    Our Advice

    Critical Insight

    • While functional leaders may only see their next move, as head of the organization with a complete view of all the pieces, the CIO has full context awareness. It's up to them to assess their gaps, consider the present scenario, and then make their next move.
    • Each priority carries new opportunities for organizations that pursue them.
    • There are also different risks to mitigate as each priority is explored.

    Impact and Result

    • Inform your IT strategy for the year ahead.
    • Identify which capabilities you need to improve.
    • Add initiatives that support your priorities to your roadmap.

    CIO Priorities 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. CIO Priorities 2023 Report – Read about the priorities on IT leaders' agenda.

    Understand the five priorities that will help navigate the opportunities and risks of the year ahead.

    • CIO Priorities 2023 Report

    Infographic

     

    Further reading

    CIO Priorities 2023

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    Analyst Perspective

    Take a full view of the board and use all your pieces to win.

    In our Tech Trends 2023 report, we called on CIOs to think of themselves as chess grandmasters. To view strategy as playing both sides of the board, simultaneously attacking the opponent's king while defending your own. In our CIO Priorities 2023 report, we'll continue with that metaphor as we reflect on IT's capability to respond to trends.

    If the trends report is a study of the board state that CIOs are playing with, the priorities report is about what move they should make next. We must consider all the pieces we have at our disposal and determine which ones we can afford to use to seize on opportunity. Other pieces are best used by staying put to defend their position.

    In examining the different capabilities that CIOs will require to succeed in the year ahead, it's apparent that a siloed view of IT isn't going to work. Just like a chess player in a competitive match would never limit themselves to only using their knights or their rooks, a CIO's responsibility is to deploy each of their pieces to win the day. While functional leaders may only see their next move, as head of the organization with a complete view of all the pieces, the CIO has full awareness of the board state.

    It's up to them to assess their gaps, consider the present scenario, and then make their next move.

    This is a picture of Brian Jackson

    Brian Jackson
    Principal Research Director, Research – CIO
    Info-Tech Research Group

    CIO Priorities 2023 is informed by Info-Tech's primary research data of surveys and benchmarks

    Info-Tech's Tech Trends 2023 report and State of Hybrid Work in IT: A Trend Report inform the externalities faced by organizations in the year ahead. They imply opportunities and risks that organizations face. Leadership must determine if they will respond and how to do so. CIOs then determine how to support those responses by creating or improving their IT capabilities. The priorities are the initiatives that will deliver the most value across the capabilities that are most in demand. The CIO Priorities 2023 report draws on data from several different Info-Tech surveys and diagnostic benchmarks.

    2023 Tech Trends and Priorities Survey; N=813 (partial), n=521 (completed)
    Info-Tech's Trends and Priorities 2023 Survey was conducted between August 9 and September 9, 2022. We received 813 total responses with 521 completed surveys. More than 90% of respondents work in IT departments. More than 84% of respondents are at a manager level of seniority or higher.

    2023 The State of Hybrid Work in IT Survey; N=518
    The State of Hybrid Work in IT Survey was conducted between July 11 and July 29 and received 518 responses. Nine in ten respondents were at a manager level of seniority or higher.

    Every organization will have its own custom list of priorities based on its internal context. Organizational goals, IT maturity level, and effectiveness of capabilities are some of the important factors to consider. To provide CIOs with a starting point for their list of priorities for 2023, we used aggregate data collected in our diagnostic benchmark tools between August 1, 2021, and October 31, 2022.

    Info-Tech's CEO-CIO Alignment Program is intended to be completed by CIOs and their supervisors (CEO or other executive position [CxO]) and will provide the average maturity level and budget expectations (N=107). The IT Management and Governance Diagnostic will provide the average capability effectiveness and importance ranking to CIOs (N=271). The CIO Business Vision Diagnostic will provide stakeholder satisfaction feedback (N=259).

    The 2023 CIO priorities are based on that data, internal collaboration sessions at Info-Tech, and external interviews with CIOs and subject matter experts.

    Build IT alignment

    Assess your IT processes

    Determine stakeholder satisfaction

    Most IT departments should aim to drive outcomes that deliver better efficiency and cost savings

    Slightly more than half of CIOs using Info-Tech's CEO-CIO Alignment Program rated themselves at a Support level of maturity in 2022. That aligns with IT professionals' view of their organizations from our Tech Trends and Priorities Survey, where organizations are rated at the Support level on average. At this level, IT departments can provide reliable infrastructure and support a responsive IT service desk that reasonably satisfies stakeholders.

    In the future, CIOs aspire to attain the Transform level of maturity. Nearly half of CIOs select this future state in our diagnostic, indicating a desire to deliver reliable innovation and lead the organization to become a technology-driven firm. However, we see that fewer CxOs aspire for that level of maturity from IT. CxOs are more likely than CIOs to say that IT should aim for the Optimize level of maturity. At this level, IT will help other departments become more efficient and lower costs across the organization.

    Whether a CIO is aiming for the top of the maturity scale in the future or not, IT maturity is achieved one step at a time. Aiming for outcomes at the Optimize level will be a realistic goal for most CIOs in 2023 and will satisfy many stakeholders.

    Current and future state of IT maturity

    This image depicts a table showing the Current and future states of IT maturity.

    Trends indicate a need to focus on leadership and change management

    Trends imply new opportunities and risks that an organization must decide on. Organizational leadership determines if action will be taken to respond to the new external context based on its importance compared to current internal context. To support their organizations, IT must use its capabilities to deliver on initiatives. But if a capability's effectiveness is poor, it could hamper the effort.

    To determine what capabilities IT departments may need to improve or create to support their organizations in 2023, we conducted an analysis of our trends data. Using the opportunities and risks implied by the Tech Trends 2023 report and the State of Hybrid Work in IT: A Trend Report, we've determined the top capabilities IT will need to respond. Capabilities are defined by Info-Tech's IT Management and Governance Framework.

    Tier 1: The Most Important Capabilities In 2023

    Enterprise Application Selection & Implementation

    Manage the selection and implementation of enterprise applications, off-the-shelf software, and software as a service to ensure that IT provides the business with the most appropriate applications at an acceptable cost.

    Effectiveness: 6.5; Importance: 8.8

    Leadership, Culture, and Values

    Ensure that the IT department reflects the values of your organization. Improve the leadership skills of your team to generate top performance.

    Effectiveness: 6.9; Importance: 9

    Data Architecture

    Manage the business' databases, including the technology, the governance processes, and the people that manage them. Establish the principles, policies, and guidelines relevant to the effective use of data within the organization.

    Effectiveness: 6.3; Importance: 8.8

    Organizational Change Management

    Implement or optimize the organization's capabilities for managing the impact of new business processes, new IT systems, and changes in organizational structure or culture.

    Effectiveness: 6.1; Importance: 8.8

    External Compliance

    Ensure that IT processes and IT-supported business processes are compliant with laws, regulations, and contractual requirements.

    Effectiveness: 7.4; Importance: 8.8

    Info-Tech's Management and Diagnostic Benchmark

    Tier 2: Other Important Capabilities In 2023

    Ten more capabilities surfaced as important compared to others but not as important as the capabilities in tier 1.

    Asset Management

    Track IT assets through their lifecycle to make sure that they deliver value at optimal cost, remain operational, and are accounted for and physically protected. Ensure that the assets are reliable and available as needed.

    Effectiveness: 6.4; Importance: 8.5

    Business Intelligence and Reporting

    Develop a set of capabilities, including people, processes, and technology, to enable the transformation of raw data into meaningful and useful information for the purpose of business analysis.

    Effectiveness: 6.3; Importance: 8.8

    Business Value

    Secure optimal value from IT-enabled initiatives, services, and assets by delivering cost-efficient solutions and services and by providing a reliable and accurate picture of costs and benefits.

    Effectiveness: 6.5; Importance: 8.7

    Cost and Budget Management

    Manage the IT-related financial activities and prioritize spending through the use of formal budgeting practices. Provide transparency and accountability for the cost and business value of IT solutions and services.

    Effectiveness: 6.5; Importance: 8.8

    Data Quality

    Put policies, processes, and capabilities in place to ensure that appropriate targets for data quality are set and achieved to match the needs of the business.

    Effectiveness: 6.4; Importance: 8.9

    Enterprise Architecture

    Establish a management practice to create and maintain a coherent set of principles, methods, and models that are used in the design and implementation of the enterprise's business processes, information systems, and infrastructure.

    Effectiveness: 6.8; Importance: 8.8

    IT Organizational Design

    Set up the structure of IT's people, processes, and technology as well as roles and responsibilities to ensure that it's best meeting the needs of the business.

    Effectiveness: 6.8; Importance: 8.8

    Performance Measurement

    Manage IT and process goals and metrics. Monitor and communicate that processes are performing against expectations and provide transparency for performance and conformance.

    Effectiveness: 6; Importance: 8.4

    Stakeholder Relations

    Manage the relationship between the business and IT to ensure that the stakeholders are satisfied with the services they need from IT and have visibility into IT processes.

    Effectiveness: 6.7; Importance: 9.2

    Vendor Management

    Manage IT-related services provided by all suppliers, including selecting suppliers, managing relationships and contracts, and reviewing and monitoring supplier performance.

    Effectiveness: 6.6; Importance: 8.4

    Defining the CIO Priorities for 2023

    Understand the CIO priorities by analyzing both how CIOs respond to trends in general and how a specific CIO responded in the context of their organization.

    This is an image of the four analyses: 1: Implications; 2: Opportunities and risks; 3: Case examples; 4: Priorities to action.

    The Five CIO Priorities for 2023

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    1. Adjust IT operations to manage for inflation
      • Business Value
      • Vendor Management
      • Cost and Budget Management
    2. Prepare your data pipeline to train AI
      • Business Intelligence and Reporting
      • Data Quality
      • Data Architecture
    3. Go all in on zero-trust security
      • Asset Management
      • Stakeholder Relations
      • External Compliance
    4. Engage employees in the digital age
      • Leadership, Culture, and Values
      • Organizational Change Management
      • Enterprise Architecture
    5. Shape the IT organization to improve customer experience
      • Enterprise Application Selection & Implementation
      • Performance Measurement
      • IT Organizational Design

    Adjust IT operations to manage for inflation

    Priority 01

    • APO06 Cost and Budget Management
    • APo10 Vendor Management
    • EDM02 Business Value

    Recognize the relative impact of higher inflation on IT's spending power and adjust accordingly.

    Inflation takes a bite out of the budget

    Two-thirds of IT professionals are expecting their budgets to increase in 2023, according to our survey. But not every increase is keeping up with the pace of inflation. The International Monetary Fund forecasts that global inflation rose to 8.8% in 2022. It projects it will decline to 6.5% in 2023 and 4.1% by 2024 (IMF, 2022).

    CIOs must account for the impact of inflation on their IT budgets and realize that what looks like an increase on paper is effectively a flat budget or worse. Applied to our survey takers, an IT budget increase of more than 6.5% would be required to keep pace with inflation in 2023. Only 40% of survey takers are expecting that level of increase. For the 27% expecting an increase between 1-5%, they are facing an effective decrease in budget after the impact of inflation. Those expecting no change in budget or a decrease will be even worse off.

    Looking ahead to 2023, how do you anticipate your IT spending will change compared to spending in 2022?

    Global inflation estimates by year

    2022 8.8%
    2023 6.5%
    2024 4.1%

    International Monetary Fund, 2022

    CIOs are more optimistic about budgets than their supervisors

    Data from Info-Tech's CEO-CIO Alignment Diagnostic benchmark also shows that CIOs and their supervisors are planning for increases to the budget. This diagnostic is designed for a CIO to use with their direct supervisor, whether it's the CEO or otherwise (CxO). Results show that on average, CIOs are more optimistic than their supervisors that they will receive budget increases and headcount increases in the years ahead.

    While 14% of CxOs estimated the IT budget would see no change or a decrease in the next three to five years, only 3% of CIOs said the same. A larger discrepancy is seen in headcount, where nearly one-quarter of CXOs estimated no change or decrease in the years ahead, versus only 10% of CIOs estimating the same.

    When we account for the impact of inflation in 2023, this misalignment between CIOs and their supervisors increases. When adjusting for inflation, we need to view the responses projecting an increase of between 1-5% as an effective decrease. With the inflation adjustment, 26% of CXOs are predicting IT budgets to stay flat or see a decrease compared to only 10% of CIOs.

    CIOs should consider how inflation has affected their projected spending power over the past year and take into account projected inflation rates over the next couple of years. Given that the past decade has seen inflation rates between 2-3%, the higher rates projected will have more of an impact on organizational budgets than usual.

    Expect headcount to stay flat or decline over 3-5 years

    CIO: 10%; CXO: 24%

    IT budget expectations to stay flat or decrease before inflation

    CIO: 13.6 %; CXO: 3.2%

    IT budget expectations to stay flat or decrease adjusted for inflation

    CIO: 25.8%; CXO: 9.7%

    Info-Tech's CEO-CIO Alignment Program

    Opportunities

    Appoint a "cloud economist"

    Organizations that migrated from on-premises data centers to infrastructure as a service shifted their capital expenditures on server racks to operational expenditures on paying the monthly service bill. Managing that monthly bill so that it is in line with desired performance levels now becomes crucial. The expected benefit of the cloud is that an organization can turn the dial up to meet higher demand and turn it down when demand slows. In practice this is sometimes more difficult to execute than anticipated. Some IT departments realize their cloud-based data flows aren't always connected to the revenue-generating activity seen in the business. As a result, a "cloud economist" is needed to closely monitor cloud usage and adjust it to financial expectations. Especially during any recessionary period, IT departments will want to avoid a "bill shock" incident.

    Partner with technology providers

    Keep your friends close and your vendors closer. Look for opportunities to create leverage with your strategic vendors to unlock new opportunities. Identify if a vendor you work with is not entrenched in your industry and offer them the credibility of working with you in exchange for a favorable contract. Offering up your logo for a website listing clients or giving your own time to speak in a customer session at a conference can go a long way to building up some goodwill with your vendors. That's goodwill you'll need when you ask for a new multi-year contract on your software license without annual increases built into the structure.

    Demonstrate IT projects improve efficiency

    An IT department that operates at the Optimize level of Info-Tech's maturity scale can deliver outcomes that lower costs for other departments. IT can defend its own budget if it's able to demonstrate that its initiatives will automate or augment business activities in a way that improves margins. The argument becomes even more compelling if IT can demonstrate it is supporting a revenue-generating initiative or customer-facing experience. CIOs will need to find business champions to vouch for the important contributions IT is making to their area.

    Risks

    Imposition of non-financial reporting requirements

    In some jurisdictions, the largest companies will be required to start collecting information on carbon emissions emitted as a result of business activities by the end of next year. Smaller sized organizations will be next on the list to determine how to meet new requirements issued by various regulators. Risks of failure include facing fines or being shunned by investors. CIOs will need to support their financial reporting teams in collecting the new required data accurately. This will incur new costs as well.

    Rising asset costs

    Acquiring IT equipment is becoming more expensive due to overall inflation and specific pressures around semiconductor supply chains. As a result, more CIOs are extending their device refresh policies to last another year or two. Still, demands for new devices to support new hybrid work models could put pressure on budgets as IT teams are asked to modernize conferencing rooms. For organizations adopting mixed reality headsets, cutting-edge capabilities will come at a premium. Operating costs of devices may also increase as inflation increases costs of the electricity and bandwidth they depend on.

    CASE STUDY
    Leverage your influence in vendor negotiations

    Denise Cornish, Associate VP of IT and Deputy COO,
    Western University of Health Sciences

    Since taking on the lead IT role at Western University in 2020, Denise Cornish has approached vendor management like an auditable activity. She evaluates the value she gets from each vendor relationship and creates a list of critical vendors that she relies upon to deliver core business services. "The trick is to send a message to the vendor that they also need us as a customer that's willing to act as a reference," she says. Cornish has managed to renegotiate a contract with her ERP vendor, locking in a multi-year contract with a very small escalator in exchange for presenting as a customer at conferences. She's also working with them on developing a new integration to another piece of software popular in the education space.

    Western University even negotiated a partnership approach with Apple for a program run with its College of Osteopathic Medicine of the Pacific (COMP) called the Digital Doctor Bag. The partnership saw Apple agree to pre-package a customer application developed by Western that delivered the curriculum to students and facilitated communications across students and faculty. Apple recognized Western as an Apple Distinguished School, a program that recognizes innovative schools that use Apple products.

    "I like when negotiations are difficult.
    I don't necessarily expect a zero-sum game. We each need to get something out of this and having the conversation and really digging into what's in it for you and what's in it for me, I enjoy that. So usually when I negotiate a vendor contract, it's rare that it doesn't work out."

    CASE STUDY
    Control cloud costs with a simplified approach

    Jim Love, CIO, IT World Canada

    As an online publisher and a digital marketing platform for technology products and services companies, IT World Canada (ITWC) has observed that there are differences in how small and large companies adopt the cloud as their computing infrastructure. For smaller companies, even though adoption is accelerating, there may still be some reluctance to fully embrace cloud platforms and services. While larger companies often have a multi-cloud approach, this might not be practical for smaller IT shops that may struggle to master the skills necessary to effectively manage one cloud platform. While Love acknowledges that the cloud is the future of corporate computing, he also notes that not all applications or workloads may be well suited to run in the cloud. As well, moving data into the cloud is cheap but moving it back out can be more expensive. That is why it is critical to understand your applications and the data you're working with to control costs and have a successful cloud implementation.

    "Standardization is the friend of IT. So, if you can standardize on one platform, you're going to do better in terms of costs."

    From priorities to action

    Go deeper on pursuing your priorities by improving the associated capabilities.

    Improve Cost and Budget Management

    Take control of your cloud costs by providing central financial oversight on the infrastructure-as-a-service provider your organization uses. Create visibility into your operational costs and define policies to control them. Right-size the use of cloud services to stay within organizational budget expectations.

    Take Control of Cloud Costs on AWS

    Take Control of Cloud Costs on Microsoft Azure

    Improve Business Value

    Reduce the funds allocated to ongoing support and impose tougher discipline around change requests to lighten your maintenance burden and make room for investment in net-new initiatives to support the business.

    Free up funds for new initiatives

    Improve Vendor Management

    Lay the foundation for a vendor management process with long-term benefits. Position yourself as a valuable client with your strategic vendors and leverage your position to improve your contract terms.

    Elevate Your Vendor Management Initiative

    Prepare your data pipeline to train AI

    Priority 02

    • ITRG06 BUSINESS INTELLIGENCE AND REPORTING
    • ITRG07 DATA ARCHITECTURE
    • ITRG08 DATA QUALITY

    Keep pace as the market adopts AI capabilities, and be ready to create competitive advantage.

    Today's innovation is tomorrow's expectation

    During 2022, some compelling examples of generative-AI-based products took the world by storm. Images from AI-generating bots Midjourney and Stable Diffusion went viral, flooding social media and artistic communities with images generated from text prompts. Exchanges with OpenAI's ChatGPT bot also caught attention, as the bot was able to do everything from write poetry, to provide directions on a cooking recipe and then create a shopping list for it, to generate working code in a variety of languages. The foundation models are trained with AI techniques that include generative adversarial networks, transformers, and variational autoencoders. The end result is an algorithm that can produce content that's meaningful to people based on some simple direction. The industry is only beginning to come to grips with how this sort of capability will disrupt the enterprise.

    Slightly more than one-third of IT professionals say their organization has already invested in AI or machine learning. It's the sixth-most popular technology to have already invested in after cloud computing (82%), application programming interfaces (64%), workforce management solutions (44%), data lakes (36%), and next-gen cybersecurity (36%). It's ahead of 12 other technologies that IT is already invested in.

    When we asked what technologies organizations planned to invest in for next year, AI rocketed up the list to second place, as it's selected by 44% of IT professionals. It falls behind only cloud computing. This jump up the list makes AI the fastest growing technology for new investment from organizations.

    Many AI capabilities seem cutting edge now, but organizations are prioritizing it as a technology investment. In a couple of years, access to foundational models that produce images, text, or code will become easy to access with a commercial license and an API integration. AI will become embedded in off-the-shelf software and drive many new features that will quickly become commonplace.

    To stay even with the competition and meet customer expectations, organizations will have to work to at least adopt these AI-enhanced products and services. For those that want to create a competitive advantage, they will have to build a data pipeline that is capable of training their own custom AI models based on their unique data sets.

    Which of the following technology categories has your organization already invested in?

    A bar graph is depicted the percentage of organizations which already had invested in the following Categories: Cloud Computing; Application Programming; Next-Gen Cybersecurity; Workforce Management Solutions; Data Lake/Lakehouse; Artificial Intelligence or Machine Learning.

    Which of those same technologies does your organization plan to invest in by the end of 2023?

    A bar graph is depicted the percentage of organizations which plan to invest in the following categories by the end of 2023: No-Code / Low-Code Platforms; Next-Gen Cybersecurity; Application Programming Interfaces (APIs); Data Lake / Lakehouse; Artificial Intelligence (AI) or Machine Learning; Cloud Computing

    Tech Trends 2023 Survey

    Data quality and governance will be critical to customize generative AI

    Data collection and analysis are on the minds of both CIOs and their supervisors. When asked what technologies the business should adopt in the next three to five years, big data (analytics) ranked as most critical to adopt among CIOs and their supervisors. Big data (collection) ranked fourth out of 11 options.

    Organizations that want to drive a competitive advantage from generative AI will need to train these large, versatile models on their own data sets. But at the same time, IT organizations are struggling to provide clean data. The second-most critical gap for IT organizations on average is data quality, behind only organizational change management. Organizations know that data quality is important to support analytics goals, as algorithms can suffer in their integrity if they don't have reliable data to work with. As they say, garbage in, garbage out.

    Another challenge to overcome is the gap seen in IT governance, the sixth largest gap on average. Using data toward training custom generative models will hold new compliance and ethical implications for IT departments to contend with. How user data can be leveraged is already the subject of privacy legislation in many different jurisdictions, and new AI legislation is being developed in various places around the world that could create further demands. In some cases, users are reacting negatively to AI-generated content.

    Biggest capability gaps between rated importance and effectiveness

    This is a Bar graph showing the capability gaps between rated importance and effectiveness.

    IT Management and Governance Diagnostic

    Most critical technologies to adopt rated by CIOs and their supervisors

    This is a Bar graph showing the most critical technologies to adopt as rated by CIO's and their supervisors

    CEO-CIO Alignment Program

    Opportunities

    Enterprise content discovery

    Many organizations still cobble together knowledgebases in SharePoint or some other shared corporate drive, full of resources that no one quite knows how to find. A generative AI chatbot holds potential to be trained on an organization's content and produce content based on an employee's queries. Trained properly, it could point employees to the right resource they need to answer their question or just provide the answer directly.

    Supply chain forecasts

    After Hurricane Ian shut down a Walmart distribution hub, the retailer used AI to simulate the effects on its supply chain. It rerouted deliveries from other hubs based on the predictions and planned for how to respond to demand for goods and services after the storm. Such forecasts would typically take a team of analysts days to compose, but thanks to AI, Walmart had it done in a matter of hours (The Economist, 2022).

    Reduce the costs of AI projects

    New generative AI models of sufficient scale offer advantages over previous AI models in their versatility. Just as ChatGPT can write poetry or dialogue for a play or perhaps a section of a research report (not this one, this human author promises), large models can be deployed for multiple use cases in the enterprise. One AI researcher says this could reduce the costs of an AI project by 20-30% (The Economist, 2022).

    Risks

    Impending AI regulation

    Multiple jurisdictions around the world are pursuing new legislation that imposes requirements on organizations that use AI, including the US, Europe, and Canada. Some uses of AI will be banned outright, such as the real-time use of facial recognition in public spaces, while in other situations people can opt out of using AI and work with a human instead. Regulations will take the risk of the possible outcomes created by AI into consideration, and organizations will often be required to disclose when and how AI is used to reach decisions (Science | Business, 2022). Questions around whether creators can prevent their content from being used for training AI are being raised, with some efforts already underway to collect a list of those who want to opt out. Organizations that adopt a generative AI model today may find it needs to be amended for copyright reasons in the future.

    Bias in the algorithms

    Organizations using a large AI model trained by a third party to complete their tasks or as a foundation to further customize it with their own data will have to contend with the inherent bias of the algorithm. This can lead to unintended negative experiences for users, as it did for MIT Technology Review journalist Melissa Heikkilä when she uploaded her images to AI avatar app Lensa, only to have it render a collection of sexualized portraits. Heikkilä contends that her Asian heritage overly influenced the algorithm to associate her with video-game characters, anime, and adult content (MIT Technology Review, 2022).

    Convincing nonsense

    Many of the generative AI bots released so far often create very good responses to user queries but sometimes create nonsense that at first glance might seem to be accurate. One example is Meta's Galactica bot – intended to streamline scientific research discovery and aid in text generation – which was taken down only three days after being made available. Scientists found that it generated fake research that sounded convincing or failed to do math correctly (Spiceworks, 2022).

    CASE STUDY
    How MLSE enhances the Toronto Raptors' competitiveness with data-driven practices

    Christian Magsisi, Vice President of Venue and Digital Technology, MLSE

    At the Toronto Raptors practice facility, the OVO Athletic Centre, a new 120-foot custom LG video screen towers over the court. The video board is used to playback game clips so coaches can use them to teach players, but it also displays analytics from algorithmic models that are custom-made for each player. Data on shot-making or defensive deflections are just a couple examples of what might inform the players.

    Vice President of Digital Technology Christian Magsisi leads a functional Digital Labs technical group at MLSE. The in-house team builds the specific data models that support the Raptors in their ongoing efforts to improve. The analytics are fed by Noah Analytics, which uses cognitive vision to provide real-time feedback on shot accuracy. SportsVU is a motion capture system that represents how players are positioned on the court, with detail down to which way they are facing and whether their arms are up or down. The third-party vendors provide the solutions to generate the analytics, but it's up to MLSE's internal team to shape them to be actionable for players during a practice.

    "All the way from making sure that a specific player is achieving the results that they're looking for and showing that through data, or finding opportunities for the coaching staff. This is the manifestation of it in real life. Our ultimate goal with the coaches was to be able to take what was on emails or in a report and sometimes even in text message and actually implement it into practice."

    Read the full story on Spiceworks Insights.

    How MLSE enhances the Toronto Raptors' competitiveness with data-driven practices (cont.)

    Humza Teherany, Chief Technology Officer, MLSE

    MLSE's Digital Labs team architects its data insights pipeline on top of cloud services. Amazon Web Services Rekognition provides cognitive vision analysis from video and Amazon Kinesis provides the video processing capabilities. Beyond the court, MLSE uses data to enhance the fan experience, explains CTO Humza Teherany. It begins with having meaningful business goals about where technology can provide the most value. He starts by engaging the leadership of the organization and considering the "art of the possible" when it comes to using technology to unlock their goals.

    Humza Teherany (left) and Christian Magsisi lead MLSE's digital efforts for the pro sports teams owned by the group, including the Toronto Raptors, Toronto Maple Leafs, and Toronto Argonauts. (Photo by Brian Jackson).

    Read the full story on Spiceworks Insights.

    "Our first goal in the entire buildup of the Digital Labs organization has been to support MLSE and all of our teams. We like to do things first. We leverage our own technology to make things better for our fans and for our teams to complete and find incremental advantages where possible."
    Humza Teherany,
    Chief Technology Officer, MLSE

    From priorities to action

    Go deeper on pursuing your priorities by improving the associated capabilities.

    Improve Data Quality

    The performance of AI-assisted tools depends on mature IT operations processes and reliable data sets. Standardize service management processes and build a knowledgebase of structured content to prepare for AI-assisted IT operations.

    Prepare for Cognitive Service Management

    Improve Business Intelligence and Reporting

    Explore the enterprise chatbots that are available to not only assist with customer interactions but also help your employees find the resources they need to do their jobs and retrieve data in real time.

    Explore the best chatbots software

    Improve Data Architecture

    Understand if you are ready to embark on the AI journey and what business use cases are appropriate for AI. Plan around the organization's maturity in people, tools, and operations for delivering the correct data, model development, and model deployment and managing the models in the operational areas.

    Create an Architecture for AI

    Go all in on zero-trust security

    Priority 03

    • BAI09 ASSET MANAGEMENT
    • APO08 STAKEHOLDER RELATIONS
    • MEA03 EXTERNAL COMPLIANCE

    Adopt zero-trust architecture as the new security paradigm across your IT stack and from an organizational risk management perspective.

    Putting faith in zero trust

    The push toward a zero-trust security framework is becoming necessary for organizations for several different reasons over the past couple of years. As the pandemic forced workers away from offices and into their homes, perimeter-based approaches to security were challenged by much wider network footprints and the need to identify users external to the firewall. Supply-chain security became more of a concern with notable attacks affecting many thousands of firms, some with severe consequences. Finally, the regulatory pressure to implement zero trust is rising following President Joe Biden's 2021 Executive Order on Improving the Nation's Cybersecurity. It directs federal agencies to implement zero trust. That will impact any company doing business with the federal government, and it's likely that zero trust will propagate through other government agencies in the years ahead. Zero-trust architecture can also help maintain compliance around privacy-focused regulations concerned about personal data (CSO Online, 2022).

    IT professionals are modestly confident that they can meet new government legislation regarding cybersecurity requirements. When asked to rank their confidence on a scale of one to five, the most common answer was 3 out of 5 (38.5%). The next most common answer was 4 out of 5 (33.3%).

    Zero-trust barriers:
    Talent shortage and lack of leadership involvement

    Out of a list of challenges, IT professionals are most concerned with talent shortages leading to capacity constraints in cybersecurity. Fifty-four per cent say they are concerned or very concerned with this issue. Implementing a new zero-trust framework for security will be difficult if capacity only allows for security teams to respond to incidents.

    The next most pressing concern is that cyber risks are not on the radar of executive leaders or the board of directors, with 46% of IT pros saying they are concerned or very concerned. Since zero-trust requires that organizations take an enterprise risk management approach to cybersecurity and involve top decision makers, this reveals another area where organizations may fall short of achieving a zero-trust environment.

    How confident are you that your organization is prepared to meet current and future government legislation regarding cybersecurity requirements? A circle graph is shown with 68.6% colored dark green, and the words: AVG 3.43 written inside the graph.
    a bar graph showing the confidence % for numbers 1-5
    54%

    of IT professionals are concerned with talent shortages leading to capacity constraints in cybersecurity.

    46%

    of IT professionals are concerned that cyber risks are not on the radar of executive leaders or the board of directors.

    Zero trust mitigates risk while removing friction

    A zero-trust approach to security requires organizations to view cybersecurity risk as part of its overall risk framework. Both CIOs and their supervisors agree that IT-related risks are a pain point. When asked to rate the severity of pain points, 58% of CIOs rated IT-related business risk incidents as a minor pain or major pain. Their supervisors were more concerned, with 61% rating it similarly. Enterprises can mitigate this pain point by involving top levels of leadership in cybersecurity planning.

    Organizations can be wary about implementing new security measures out of concern it will put barriers between employees and what they need to work. Through a zero-trust approach that focuses on identity verification, friction can be avoided. Overall, IT organizations did well to provide security without friction for stakeholders over the past 18 months. Results from Info-Tech's CIO Business Vision Diagnostic shows that stakeholders almost all agree friction due to security practices are acceptable. The one area that stands to be improved is remote/mobile device access, where 78.3% of stakeholders view the friction as acceptable.

    A zero-trust approach treats user identity the same regardless of device and whether it is inside or outside of the corporate network. This can remove friction when workers are looking to connect remotely from a mobile device.

    IT-related business risk incidents viewed as a pain point

    CXO 61%
    CIO 58%

    Business stakeholders rate security friction levels as acceptable

    A bar graph is depicted with the following dataset: Regulatory Compliance: 93.80%; Office/Desktop Computing:	86.50%;Data Access/Integrity: 86.10%; Remote/Mobile Device Access:	78.30%;

    CIO Business Vision Diagnostic, N=259

    Opportunities

    Move to identity-driven access control

    Today's approach to access control on the network is to allow every device to exchange data with every other device. User endpoints and servers talk to each other directly without any central governance. In a zero-trust environment, a centralized zero-trust network access broker provides one-to-one connectivity. This allows servers to rest offline until needed by a user with the right access permissions. Users verify their identity more often as they move throughout the network. The user can access the resources and data they need with minimal friction while protecting servers from unauthorized access. Log files are generated for analysis to raise alerts about when an authorized identity has been compromised.

    Protect data with just-in-time authentication

    Many organizations put process in place to make sure data at rest is encrypted, but often when users copy that data to their own devices, it becomes unencrypted, allowing attackers opportunities to exfiltrate sensitive data from user endpoints. Moving to a zero-trust environment where each data access is brokered by a central broker allows for encryption to be preserved. Parties accessing a document must exchange keys to gain access, locking out unauthorized users that don't have both sets of keys to decrypt the data (MIT Lincoln Laboratory, 2022).

    Harness free and open-source tools to deploy zero trust

    IT teams may not be seeing a budget infusion to invest in a new approach to security. By making use of the many free and open-source tools available, they can bootstrap their strategy into reality. Here's a list to get started:

    PingCastle Wrangle your Active Directory and find all the domains that you've long since forgotten about and manage the situation appropriately. Also builds a spoke-and-hub map of your Active Directory.

    OpenZiti Create an overlay network to enable programmable networking that supports zero trust.

    Snyk Developers can automatically find and fix vulnerabilities before they commit their code. This vendor offers a free tier but users that scale up will need to pay.

    sigstore Open-source users and maintainers can use this solution to verify the code they are running is the code the developer intended. Works by stitching together free services to facilitate software signing, verify against a transparent ledger, and provide auditable logs.

    Microsoft's SBOM generation tool A software bill of materials is a requirement in President Biden's Executive Order, intended to provide organizations with more transparency into their software components by providing a comprehensive list. Microsoft's tool will work with Windows, Linux, and Mac and auto-detect a longlist of software components, and it generates a list organized into four sections that will help organizations comprehend their software footprint.

    Risks

    Organizational culture change to accommodate zero trust

    Zero trust requires that top decision makers get involved in cybersecurity by treating it as an equal consideration of overall enterprise risk. Not all boards will have the cybersecurity expertise required, and some executives may not prioritize cybersecurity despite the warnings. Organizations that don't appoint a chief information security officer (CISO) role to drive the cybersecurity agenda from the top will be at risk of cybersecurity remaining an afterthought.

    Talent shortage

    No matter what industry you're in or what type of organization you run, you need cybersecurity. The demand for talent is very high and organizations are finding it difficult to hire in this area. Without the talent needed to mature cybersecurity approaches to a zero-trust model, the focus will remain on foundational principles of patch management to eliminate vulnerabilities and intrusion prevention. Smaller organizations may want to consider a "virtual CISO" that helps shape the organizational strategy on a part-time basis.

    Social engineering

    Many enterprise security postures remain vulnerable to an attack that commandeers an employee's identity to infiltrate the network. Hosted single sign-on models provide low friction and continuity of identity across applications but also offer a single point of failure that hackers can exploit. Phishing scams that are designed to trick an employee into providing their credentials to a fake website or to just click on a link that delivers a malware payload are the most common inroads that criminals take into the corporate network. Being aware of how user behavior influences security is crucial.

    CASE STUDY
    Engage the entire organization with cybersecurity awareness

    Serge Suponitskiy, CIO, Brosnan Risk Consultants

    Brosnan provides private security services to high-profile clients and is staffed by security experts with professional backgrounds in intelligence services and major law enforcement agencies. Safe to say that security is taken seriously in this culture and CIO Serge Suponitskiy makes sure that extends to all back-office staff that support the firm's activities. He's aware that people are often the weakest link in a cybersecurity posture and are prone to being fooled by a phishing email or even a fraudulent phone call. So cybersecurity training is an ongoing activity that takes many forms. He sends out a weekly cybersecurity bulletin that features a threat report and a story about the "scam of the week." He also uses KnowBe4, a tool that simulates phishing attacks and trains employees in security awareness. Suponitskiy advises reaching out to Marketing or HR for help with engaging employees and finding the right learning opportunities.

    "What is financially the best solution to protect yourself? It's to train your employees. … You can buy all of the tools and it's expensive. Some of the prices are going up for no reason. Some by 20%, some by 50%, it's ridiculous. So, the best way is to keep training, to keep educating, and to reimagine the training. It's not just sending this video that no one clicks on or posting a poster no one looks at. … Given the fact we're moving into this recession world, and everyone is questioning why we need to spend more, it's time to reimagine the training approach."

    CASE STUDY
    Focus on micro-segmentation as the foundation of zero trust

    David Senf, National Cybersecurity Strategist, Bell

    As a cybersecurity analyst and advisor that works with Bell's clients, David Senf sees zero-trust security as an opportunity for organizations to put a strong set of mitigating controls in place to defend against the thorny challenge of reducing vulnerabilities in their software supply chain. With major breaches being linked to widely used software in the past couple of years, security teams might find it effective to focus on a different layer of security to prevent certain breaches. With security policy being enforced at a narrow point/perimeter, attacks are in essence blocked from exploiting application vulnerabilities (e.g. you can't exploit what you can see). Organizations must still ensure there is a solid vulnerability management program in place, but surrounding applications with other controls is critical. One aspect of zero trust, micro-segmentation, which is an approach to network management, can limit the damage caused by a breach. The solutions help to map out and protect the different connections between applications that could otherwise be abused for discovery or lateral movement. Senf advises that knowing your inventory of software and the interdependencies between applications is the first step on a zero-trust journey, before putting protection and detection in place.

    "Next year will be a year of a lot more ZTNA, zero-trust network access, being deployed. So, I think that will give organizations more of an understanding of what zero trust is as well, from a really basic perspective. If I can just limit what applications you can see and no one can even see that application, it's undiscoverable because I've got that ZTNA solution in place. … I would see that as a leading area of deployment and coming to understand what zero trust is in 2023."

    From priorities to action

    Go deeper on pursuing your priorities by improving the associated capabilities.

    Improve Asset Management

    Enable reduced friction in the remote user experience by underpinning it with a hardware asset management program. Creating an inventory of devices and effectively tracking them will aid in maintaining compliance, result in stronger policy enforcement, and reduce the harm of a lost or stolen device.

    Implement Hardware Asset Management

    Improve Stakeholder Relations

    Communicate the transition from a perimeter-based security approach to an "Always Verify" approach with a clear roadmap toward implementation. Map key protect surfaces to business goals to demonstrate the importance of zero-trust security in helping the organization succeed. Help the organization's top leadership build awareness of cybersecurity risk.

    Build a Zero Trust Roadmap

    Improve External Compliance

    Manage the challenge of meeting new government requirements to implement zero-trust security and other data protection and cybersecurity regulations with a compliance program. Create a control environment that aligns multiple compliance regimes, and be prepared for IT audits.

    Build a Security Compliance Program

    Engage employees in the digital age

    Priority 04

    • ITRG02 LEADERSHIP, CULTURE, AND VALUES
    • BAI05 ORGANIZATIONAL CHANGE MANAGEMENT
    • APO03 ENTERPRISE ARCHITECTURE

    Lead a strong culture through digital means to succeed in engaging the hybrid workforce.

    The new deal for employers in a hybrid work world

    Necessity is the mother of innovation.

    The pandemic's disruption for non-essential workers looks to have a long-lasting, if not permanent, effect on the relationship between employer and employee. The new bargain for almost all organizations is a hybrid work reality, with employees splitting time between the office and working remotely, if not working remotely full-time. IT is in a unique position in the organization as it must not only contend with the shift to this new deal with its own employees but facilitate it for the entire organization.

    With 90% of organizations embracing some form of hybrid work, IT leaders have an opportunity to shift from coping with the new work reality to finding opportunities to improve productivity. Organizations that embrace a hybrid model for their IT departments see a more effective IT department. Organizations that offered no remote work for IT rated their IT effectiveness on average 6.2 out of 10, while organizations with at least 10% of IT roles in a hybrid model saw significantly higher effectiveness. At minimum, organizations with between 50%-70% of IT roles in a hybrid model rated their effectiveness at 6.9 out of 10.

    IT achieved this increase in effectiveness during a disruptive time that often saw IT take on a heavier burden. Remote work required IT to support more users and be involved in facilitating more work processes. Thriving through this challenging time is a win that's worth sharing with the rest of the organization.

    90% of organizations are embracing some form of hybrid work.

    IT's effectiveness compared to % working hybrid or remotely

    A bar graph is shown which compares the effectiveness of IT work with hybrid and full remote work, compared to No Remote Work for IT.

    High effectiveness doesn't mean high engagement

    Despite IT's success with hybrid work, CIOs are more concerned about their staff sufficiency, skill, and engagement than their supervisors. Among clients using our CEO-CIO Alignment Diagnostic, 49% of CIOs considered this issue a major pain point compared to only 32% of CXOs. While IT staff are more effective than ever, even while carrying more of a burden in the digital age, CIOs are still looking to improve staff engagement.

    Info-Tech's State of Hybrid Work Survey illuminates further details about where IT leaders are concerned for their employee engagement. About four in ten IT leaders say they are concerned for employee wellbeing, and almost the same amount say they are concerned they are not able to see signs that employees are demotivated (N=518).

    Boosting IT employees' engagement levels to match their effectiveness will require IT leaders to harness all the tools at their disposal. Communicating culture and effectively managing organizational change in the digital age is a real test of leadership.

    Staff sufficiency, skill, and engagement issues as a major pain point

    CXO 32%
    CIO 49%

    CEO-CIO Alignment Diagnostic

    Opportunities

    Drive effectiveness with a hybrid environment

    IT leaders concerned about the erosion of culture and connectedness due to hybrid work can mitigate those effects with increased and improved communication. Among highly effective IT departments, 55% of IT leaders made themselves highly available through instant messaging chat. Another 54% of highly effective leaders increased team meetings (State of Hybrid Work Survey, n=213). The ability to adapt to the team's needs and use a number of tactics to respond is the most important factor. The greater the number of tactics used to overcome communication barriers, the more effective the IT department (State of Hybrid Work Survey, N=518).

    Modernize the office conference room

    A hybrid work approach emphasizes the importance of not only the technology in the office conference room but the process around how meetings are conducted. Creating an equal footing for all participants regardless of how they join is the goal. In pursuit of that, 63% of organizations say they have made changes or upgrades to their conference room technology (n=496). The conferencing experience can influence employee engagement and work culture and enhance collaboration. IT should determine if the business case exists for upgrades and work to decrease the pain of using legacy solutions where possible (State of Hybrid Work in IT: A Trend Report).

    Understand the organizational value chain

    Map out the value chain from the customer perspective and then determine the organizational capabilities involved in delivering on that experience. It is a useful tool for helping IT staff understand how they're connected to the customer experience and organizational mission. It's crucial to identify opportunities to resolve pain points and create more efficiency throughout the organization.

    Risks

    Talent rejects the working model

    Many employees that experienced hybrid work over the past couple of years are finding it's a positive development for work/life balance and aren't interested in a full-time return to the office. Organizations that insist on returning all employees to the office all the time may find that employees choose to leave the organization. Similarly, it could be hard to hire IT talent in a competitive market if the position is required to be onsite every day. Most organizations are providing flexible options to employees and finding ways to manage work in the new digital age.

    Wasted expense on facilities

    Organizations may choose to keep their physical office only to later realize that no one is going to work there. While providing an office space can help foster positive culture through valuable face time, it has to be used intentionally. Managers should plan for specific days that their teams will meet in the office and make sure that work activities take advantage of everyone being in the same place at the same time. Asking everyone to come in so that they can be on a videoconference meeting in their cubicle isn't the point.

    Isolated employees and teams

    Studies on a remote work environment show it has an impact on how many connections each employee maintains within the company. Employees still interact well within their own teams but have fewer interactions across departments. Overall, workers are likely to collaborate just as often as they did when working in the office but with fewer other individuals at the company. Keep the isolating effect of remote work in mind and foster collaboration and networking opportunities across different departments (BBC News, 2022).

    CASE STUDY
    Equal support of in-office and remote work

    Roberto Eberhardt, CIO, Ontario Legislative Assembly

    Working in the legislature of the Ontario provincial government, CIO Roberto Eberhardt's staff went from a fully onsite model to a fully remote model at the outset of the pandemic. Today he's navigating his path to a hybrid model that's somewhere in the middle. His approach is to allow his business colleagues to determine the work model that's needed but to support a technology environment that allows employees to work from home or in the office equally. Every new process that's introduced must meet that paradigm, ensuring it will work in a hybrid environment. For his IT staff, he sees a culture of accountability and commitment to metrics to drive performance measurement as key to the success of this new reality.

    "While it's good in a way, the challenge for us is it became a little more complex because you have to account for all those things in the office environment and in the remote work approach. Everything you do now, you have to say OK well how is this going to work in this world and how will it work in the other world?"

    Creating purpose for IT through strategy

    Mike Russell, Virginia Community College System

    At the Virginia Community College System (VCCS), CIO Mike Russell's IT team supports an organization that governs and delivers services to all community colleges in the state. Russell sees his IT team's purpose as being driven by the organization's mission to ensure success throughout the entire student journey, from enrolment to becoming employed after graduation. That customer-focused mindset starts from the top-level leadership, the chancellor, and the state governor. The VCCS maintains a six-year business plan that informs IT's strategic plan and aligns IT with the mission, and both plans are living documents that get refreshed every two years. Updating the plans provides opportunities for the chancellor to engage the organization and remind everyone of the purpose of their work.

    "The outcome isn't the degree. The outcome we're trying to measure is the job. Did you get the job that you wanted? Whether it's being re-employed or first-time employment, did you get what you were after?"

    From priorities to action

    Go deeper on pursuing your priorities by improving the associated capabilities.

    Improve Leadership, Culture, and Values

    Help leaders manage their teams effectively in a hybrid environment by providing them with the right tools and tactics to manage the challenges of hybrid work. Focus on promoting teamwork and fostering connection.

    Prepare People Leaders for the Hybrid Work Environment

    Improve Organizational Change Management

    Assign accountability for managing the changes that the organization is experiencing in the digital age. Make a people-centric approach that takes human behavior into account and plans to address different needs in different ways. Be proactive about change.

    Master Organizational Change Management Practices

    Improve Enterprise Architecture

    Develop a foundation for aligning IT's activities with business value by creating a right-sized enterprise architecture approach that isn't heavy on bureaucracy. Drive IT's purpose by illustrating how their work contributes to the overall mission and the customer experience.

    Create a Right-Sized Enterprise Architecture Governance Framework

    Shape the IT organization to improve customer experience

    PRIORITY 05

    • BAI03 ENTERPRISE APPLICATION SELECTION & IMPLEMENTATION
    • MEA01 PERFORMANCE MEASUREMENT
    • ITRG01 IT ORGANIZATIONAL DESIGN

    Tightly align the IT organization with the organization's value chain from a customer perspective.

    IT's value is defined by faster, better, bigger

    The pandemic motivated organizations to accelerate their digital transformation efforts, digitalizing more of their tasks and organizing the company's value chain around satisfying the customer experience. Now we see organizations taking their foot off the gas pedal of digitalization and shifting their focus to extracting the value from their investments. They want to execute on the digital transformation in their operations and realize the vision they set out to achieve.

    In our Trends Report we compared the emphasis organizations are putting on digitalization to last year. Overall, we see that most organizations shifted fewer of their processes to digital in the past year.

    We also asked organizations what motivated their push toward automation. The most common drivers are to improve efficiency, with almost seven out of ten organizations looking to increase staff on high-level tasks by automating repetitive tasks, 67% also wanting to increase productivity without increasing headcount, and 59% wanting to reduce errors being made by people. In addition, more than half of organizations pursued automation to improve customer satisfaction.

    What best describes your main motivation to pursue automation, above other considerations?

    A bar graph is depicted showing the following dataset: Increase staff focus on high-level tasks by automating repetitive tasks:	69%; Increase productivity of existing staff to avoid increasing headcount:	67%; Reduce errors made by people:	59%; Improve customer satisfaction:	52%; Achieve cost savings through reduction in headcount:	35%; Increase revenue by enabling higher volume of work:	30%

    Tech Trends 2023 Survey

    To what extent did your organization shift its processes from being manually completed to digitally completed during past year?

    A bar graph is depicted showing the extent to which organizations shifted processes from manual to digital during the past year for 2022 and 2023, from Tech Trends 2023 Survey

    With the shift in focus from implementing new applications to support digital transformation to operating in the new environment, IT must shift its own focus to help realize the value from these systems. At the same time, IT must reorganize itself around the new value chain that's defined by a customer perspective.

    IT struggles to deliver business value or support innovation

    Many current IT departments are structured around legacy processes that hinder their ability to deliver business value. CIOs are trying to grapple with the misalignment between the modern business structure and keep up with the demands for innovation and agility.

    Almost nine in ten CIOs say that business frustration with IT's failure to deliver value is a pain point. Their supervisors have a slightly more favorable opinion, with 76% agreeing that it is a pain point.

    Similarly, nine in ten CIOs say that IT limits affecting business innovation and agility is a pain point, while 81% of their supervisors say the same.

    Supervisors say that IT should "ensure benefits delivery" as the most important process (CEO-CIO Alignment Program). This underlines the need to achieve alignment, optimize service delivery, and facilitate innovation. The pain points identified here will need to be resolved to make this possible.

    IT departments will need to contend with a tight labor market and economic volatility in the year ahead. If this drives down resource capacity, it will be even more critical to tightly align with the organization.

    Views business frustration with IT failure to deliver value as a pain point

    CXO 76%
    CIO 88%

    Views IT limits affecting business innovation and agility as a pain point

    CXO 81%
    CIO

    90%

    CEO-CIO Alignment Program

    Opportunities

    Define IT's value by its contributions to enterprise value

    Communicate the performance of IT to stakeholders by attributing positive changes in enterprise value to IT initiatives. For example, if a digital channel helped increase sales in one area, then IT can claim some portion of that revenue. If optimization of another process resulted in cost savings, then IT can claim that as a contribution toward the bottom line. CIOs should develop their handle on how KPIs influence revenues and costs. Keeping tabs on normalized year-over-year revenue comparisons can help demonstrate that IT contributions are making an impact on driving profitability.

    Go with buy versus build if it's a commodity service

    Most back-office functions common to operating a company can be provided by cloud-based applications accessed through a web browser. There's no value in having IT spend time maintaining on-premises applications that require hosting and ongoing maintenance. Organizations that are still accruing technical debt and are unable to modernize will increasingly find it is negatively impacting employee experience, as users expect their working experience to be similar to their experience with consumer applications. In addition, IT will continue to have capacity challenges as resources will be consumed by maintenance. As they seek to outsource some applications, IT will need to consider the geopolitical risk of certain jurisdictions in selecting a provider.

    Redefine how employee performance is tracked

    The concept of "clocking in" for a shift and spending eight hours a day on the job doesn't help guide IT toward its objectives or create any higher sense of purpose. Leaders must work to create a true sense of accountability by reaching consensus on what key performance indicators are important and tasking staff to improve them. Metrics should clearly link back to business outcomes and IT should understand the role they play in delivering a good customer experience.

    Risks

    Lack of talent available to drive transformation

    CIOs are finding it difficult to hire the talent needed to create the capacity they need as digital demands of their organizations increase. This could slow the pace of change as new positions created in IT go unfilled. CIOs may need to consider reskilling and rebalancing workloads of existing staff in the short term and tap outsourcing providers to help make up shortfalls.

    Resistance to change

    New processes may have been given the official rubber stamp, but that doesn't mean staff are adhering to them. Organizations that reorganize themselves must take steps to audit their processes to ensure they're executed the way they intend. Some employees may feel they are being made obsolete or pushed out of their jobs and become disengaged.

    Short-term increased costs

    Restructuring the organization can come with the need for new tools and more training. It may be necessary to operate with redundant staff for the transitional period. Some additional expenses might be incurred for a brief period as the new structure is being put in place.

    Emphasize the value of IT in driving revenue

    Salman Ali, CIO, McDonald's Germany

    As the new CIO to McDonald's Germany, Salman Ali came on board with an early mandate to reorganize the IT department. The challenge is to merge two organizations together: one that delivers core technology services of infrastructure, security, service desk, and compliance and one that delivers customer-facing technology such as in-store touchscreen kiosks and the mobile app for food delivery. He is looking to organize this new-look department around the technology in the hands of both McDonald's staff and its customers. In conversations with his stakeholders, Ali emphasizes the value that IT is driving rather than discussing the costs that go into it. For example, there was a huge cost in integrating third-party meal delivery apps into the point-of-sales system, but the seamless experience it delivers to customers looking to place an order helps to drive a large volume of sales. He plans to reorganize his department around this value-driven approach. The organization model will be executed with clear accountability in place and key performance indicators to measure success.

    "Technology is no longer just an enabler. It's now a strategic business function. When they talk about digital, they are really talking about what's in the customers' hands and what do they use to interact with the business directly? Digital transformation has given technology a new front seat that's really driving the business."

    CASE STUDY
    Overhauling the "heartbeat" of the organization

    Ernest Solomon, Former CIO, LAWPRO

    LAWPRO is a provider of professional liability insurance and title insurance in Canada. The firm is moving its back-office applications from a build approach to a buy approach and focusing its build efforts on customer-facing systems tied to revenue generation. CIO Ernest Solomon says his team has been developing on a legacy platform for two decades, but it's time to modernize. The firm is replacing its legacy platform and moving to a cloud-based system to address technical debt and improve the experience for staff and customers. The claims and policy management platform, the "heartbeat" of the organization, is moving to a software-as-a-service model. At the same time, the firm's customer-facing Title Plus application is being moved to a cloud-native, serverless architecture. Solomon doesn't see the need for IT to spend time building services for the back office, as that doesn't align with the mission of the organization. Instead, he focuses his build efforts on creating a competitive advantage.

    "We're redefining the customer experience, which is how do we move the needle in a positive direction for all the lawyers that interact with us? How do we generate that value-based proposition and improve their interactions with our organization?"

    From priorities to action

    Go deeper on pursuing your priorities by improving the associated capabilities.

    Improve Enterprise Application Selection & Implementation

    Help leaders manage their teams effectively in a hybrid environment by providing them with the right tools and tactics to manage the challenges of hybrid work. Focus on promoting teamwork and fostering connection.

    Embrace Business-Managed Applications

    Improve Performance Measurement

    Drive the most important IT process in the eyes of supervisors by defining business value and linking IT spend to it. Make benefits realization part of your IT governance.

    Maximize Business Value From IT Through Benefits Realization

    Improve IT Organizational Design

    Showcase IT's value to the business by aligning IT spending and staffing to business functions. Provide transparency into business consumption of IT and compare your spending to your peers'.

    IT Spend & Staffing Benchmarking

    The Five Priorities

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    1. Adjust IT operations to manage for inflation
    2. Prepare your data pipeline to train AI
    3. Go all in on zero-trust security
    4. Engage employees in the digital age
    5. Shape the IT organization to improve customer experience

    Expert Contributors

    In order of appearance

    Denise Cornish, Associate VP of IT and Deputy COO, Western University of Health Sciences

    Jim Love, CIO, IT World Canada

    Christian Magsisi, Vice President of Venue and Digital Technology, MLSE

    Humza Teherany, Chief Technology Officer, MLSE

    Serge Suponitskiy, CIO, Brosnan Risk Consultants

    David Senf, National Cybersecurity Strategist, Bell

    Roberto Eberhardt, CIO, Ontario Legislative Assembly

    Mike Russell, Virginia Community College System

    Salman Ali, CIO, McDonald's Germany

    Ernest Solomon, Former CIO, LAWPRO

    Bibliography

    Anderson, Brad, and Seth Patton. "In a Hybrid World, Your Tech Defines Employee Experience." Harvard Business Review, 18 Feb. 2022. Accessed 12 Dec. 2022.
    "Artificial Intelligence Is Permeating Business at Last." The Economist, 6 Dec. 2022. Accessed 12 Dec. 2022.
    Badlani, Danesh Kumar, and Adrian Diglio. "Microsoft Open Sources Its Software Bill
    of Materials (SBOM) Generation Tool." Engineering@Microsoft, 12 July 2022. Accessed
    12 Dec. 2022.
    Birch, Martin. "Council Post: Equipping Employees To Succeed In Digital Transformation." Forbes, 9 Aug. 2022. Accessed 7 Dec. 2022.
    Bishop, Katie. "Is Remote Work Worse for Wellbeing than People Think?" BBC News,
    17 June 2022. Accessed 7 Dec. 2022.
    Carlson, Brian. "Top 5 Priorities, Challenges For CIOs To Recession-Proof Their Business." The Customer Data Platform Resource, 19 July 2022. Accessed 7 Dec. 2022.
    "CIO Priorities: 2020 vs 2023." IT PRO, 23 Sept. 2022. Accessed 2 Nov. 2022.
    cyberinsiders. "Frictionless Zero Trust Security - How Minimizing Friction Can Lower Risks and Boost ROI." Cybersecurity Insiders, 9 Sept. 2021. Accessed 7 Dec. 2022.
    Garg, Sampak P. "Top 5 Regulatory Reasons for Implementing Zero Trust."
    CSO Online, 27 Oct. 2022. Accessed 7 Dec. 2022.
    Heikkilä, Melissa. "The Viral AI Avatar App Lensa Undressed Me—without My Consent." MIT Technology Review, 12 Dec. 2022. Accessed 12 Dec. 2022.
    Jackson, Brian. "How the Toronto Raptors Operate as the NBA's Most Data-Driven Team." Spiceworks, 1 Dec. 2022. Accessed 12 Dec. 2022.
    Kiss, Michelle. "How the Digital Age Has Transformed Employee Engagement." Spiceworks,16 Dec. 2021. Accessed 7 Dec. 2022.
    Matthews, David. "EU Hopes to Build Aligned Guidelines on Artificial Intelligence with US." Science|Business, 22 Nov. 2022. Accessed 12 Dec. 2022.
    Maxim, Merritt. "New Security & Risk Planning Guide Helps CISOs Set 2023 Priorities." Forrester, 23 Aug. 2022. Accessed 7 Dec. 2022.
    Miller, Michael J. "Gartner Surveys Show Changing CEO and Board Concerns Are Driving a Different CIO Agenda for 2023." PCMag, 20 Oct. 2022. Accessed 2 Nov. 2022.
    MIT Lincoln Laboratory. "Overview of Zero Trust Architectures." YouTube,
    2 March 2022. Accessed 7 Dec. 2022.
    MIT Technology Review Insights. "CIO Vision 2025: Bridging the Gap between BI and AI." MIT Technology Review, 20 Sept. 2022. Accessed 1 Nov. 2022.
    Paramita, Ghosh. "Data Architecture Trends in 2022." DATAVERSITY, 22 Feb. 2022. Accessed 7 Dec. 2022.
    Rosenbush, Steven. "Cybersecurity Tops the CIO Agenda as Threats Continue to Escalate - WSJ." The Wall Street Journal, 17 Oct. 2022. Accessed 2 Nov. 2022.
    Sacolick, Isaac. "What's in the Budget? 7 Investments for CIOs to Prioritize." StarCIO,
    22 Aug. 2022. Accessed 2 Nov. 2022.
    Singh, Yuvika. "Digital Culture-A Hurdle or A Catalyst in Employee Engagement." International Journal of Management Studies, vol. 6, Jan. 2019, pp. 54–60. ResearchGate, https://doi.org/10.18843/ijms/v6i1(8)/08.
    "Talent War Set to Become Top Priority for CIOs in 2023, Study Reveals." CEO.digital,
    8 Sept. 2022. Accessed 7 Dec. 2022.
    Tanaka, Rodney. "WesternU COMP and COMP-Northwest Named Apple Distinguished School." WesternU News. 10 Feb. 2022. Accessed 12 Dec. 2022.
    Wadhwani, Sumeet. "Meta's New Large Language Model Galactica Pulled Down Three Days After Launch." Spiceworks, 22 Nov. 2022. Accessed 12 Dec. 2022.
    "World Economic Outlook." International Monetary Fund (IMF), 11 Oct. 2022. Accessed
    14 Dec. 2022.

    Prepare an Actionable Roadmap for Your PMO

    • Buy Link or Shortcode: {j2store}358|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $103,124 Average $ Saved
    • member rating average days saved: 55 Average Days Saved
    • Parent Category Name: Project Management Office
    • Parent Category Link: /project-management-office
    • Problems with project management offices (PMOs) often start with a lack of a clear definition of what the PMO is actually about and what the organization does.
    • Few organizations provide the minimum required services, and many are not using their PMOs effectively. Many people see the PMO as nothing more than the “project document police,” i.e. a source of red tape rather than a helpful support system. This impacts staffing and hiring.
    • The PMO is often misunderstood as a center for project management governance when it also needs to facilitate the communication of project data from project teams to decision makers to ensure that appropriate decisions get made around resourcing, approval of new projects, etc.
    • Accountability is something that is not clearly defined for many activities that flow through the PMO. Business leaders, project workers, and project managers are rarely as aligned as they need to be.

    Our Advice

    Critical Insight

    • There is a gap in the perception of the actual role of the PMO in many organizations by different stakeholder groups. Many people see the PMO as police that produce red tape rather than a helpful support system. Those that need to present a coherent plan to leadership to champion the need for a PMO often have an uphill battle.
    • Determine the PMO’s role and needs and then determine your staff needs based on that PMO.
    • Staff the PMO according to its actual role and needs. Don’t rush to the assumption that PMO staff starts with accomplished project managers.
    • The difference in a winning PMO is determined by a roadmap or plan created at the beginning.

    Impact and Result

    • Define a PMO with functions that work for you based on the needs of your organization and the gaps in services. A “fit-for-purpose” PMO is the right kind of PMO for your organization.
    • Determine your PMO staffing needs. Our approach to building a PMO starts by analyzing the staffing requirements of your PMO mandate.
    • Create purpose-built role descriptions. Once you understand the staff and skills you’ll need to succeed, we have job description aids you’ll need to fill the roles.

    Prepare an Actionable Roadmap for Your PMO Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare and Actionable Roadmap for Your PMO – An actionable deck to help you establish a valuable PMO.

    Before setting up or re-structuring a PMO, organizational need should not only be taken into consideration but used as a foundation. Phase 1 of this blueprint will help you define the services that your PMO should provide to your organization, instead of the one-size-fits-all approach that doesn’t work.

    • Prepare an Actionable Roadmap for Your PMO – Phases 1-3

    2. PMO Role Definition Tool – An Excel tool to help you define the services of your PMO.

    Use the PMO Role Definition Tool to establish your PMO current state and the service gaps you may have. Use the results to determine the role your PMO should play within your organization.

    • PMO Role Definition Tool

    3. PMO Project Charter – A template to formalize your PMO and make sure everyone is on the same page.

    The PMO Project Charter shares the vision to achieve consensus between stakeholders and projects and initiatives of the PMO. Use this template to jump-start your PMO project.

    • PMO Project Charter

    4. Blank Job Description Template – A template to create different job descriptions from.

    Use this template to create your job descriptions from scratch.

    • Blank Job Description Template

    5. Portfolio Manager Job Description – A clear and realistic job description template for a Portfolio Manager.

    The Portfolio Manager will oversee the business of discovering unsatisfied needs, articulating them as project demand, and organizing appropriate responses. Your customers are the people who approve projects, and you will service them.

    • Portfolio Manager

    6. PMO Job Description Builder Workbook – An Excel tool to help you access PMO staffing requirements.

    This tool will help you assess staffing requirements to facilitate project management, business analysis, and organizational change management outcomes.

    • PMO Job Description Builder Workbook

    7. PMO Strategic Plan – A template to help you compose a PMO strategy.

    This template will help you compose a PMO strategy. Follow the steps in the blueprint to complete the strategy.

    • PMO Strategic Plan

    8. Organizational Change Impact Analysis Tool – An Excel tool to analyze the impact of change to the organization.

    Use the Organizational Change Impact Analysis Tool to analyze the effects of a change across the organization, and to assess the likelihood of adoption to right-size your OCM efforts.

    • Organizational Change Impact Analysis Tool

    9. PMO MS Project Plan – A template to map out timeline for completing the tasks to create your PMO.

    Use this tool to determine the next steps and assign tasks to the appropriate people.

    • PMO MS Project Plan Sample

    Infographic

    Workshop: Prepare an Actionable Roadmap for Your PMO

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define

    The Purpose

    Get a common understanding of your PMO options.

    Determine where you are and engage leadership.

    Key Benefits Achieved

    A clear vision for your PMO and an articulated reason for establishing it.

    An understanding of you PMO goals and which challenges it sets to address.

    Activities

    1.1 PPM Current State Scorecard

    1.2 SWOT Analysis

    1.3 Current State and Leadership Engagement

    1.4 PMO Mandate and Vision

    Outputs

    PPM Current State Scorecard Results

    SWOT Results

    PMO Role Development Tool

    PMO Charter

    2 Staff

    The Purpose

    Identify organizational design.

    Build job descriptions.

    Key Benefits Achieved

    An analysis of staffing requirements of your PMO that aligns with your mandate from phase 1.

    Job description aids to fill the necessary roles.

    Activities

    2.1 Right, Wrong, Missing, Confusing

    2.2 PMO Function, Roles, and Responsibilities

    2.3 Job Descriptions

    Outputs

    Right, Wrong, Missing, Confusing Results

    Job Description Survey Tool

    Job Description Templates

    3 Plan

    The Purpose

    Create a roadmap.

    Key Benefits Achieved

    An actionable roadmap that can be presented to leadership and implemented.

    Activities

    3.1 Roadmap Hierarchy and Staffing and Sizing

    3.2 Governance and Authority

    Outputs

    PMO Roadmap Draft

    Governance Authority

    4 Change

    The Purpose

    Set up governance and OCM.

    Key Benefits Achieved

    An introduction to the concept of governance and tools for a change impact analysis.

    Activities

    4.1 Analyze the impact of the change across multiple dimensions and stakeholder groups.

    4.2 Gain sponsorship.

    Outputs

    Organizational Change Impact Analysis Tool

    Sponsor Template

    Further reading

    Prepare an Actionable Roadmap for Your PMO

    Turn planning into action with a realistic PMO timeline.

    EXECUTIVE BRIEF

    Analyst Perspective

    Prepare an actionable roadmap for your PMO.

    Photo of Ugbad Farah, PMP, Senior Research Analyst, PPM, Info-Tech Research Group

    We all have junk drawers somewhere in our homes, and we probably try not to think about what’s going on in there. We’re just happy that they close and that the contents are concealed from anyone living in or passing through the house.

    What goes in these junk drawers? Things that don’t have a home, things you don’t know what to do with, and things you don’t have the time or desire to deal with. Eventually, the drawer gets full, and it doesn’t serve you anymore because you can’t add anything else to it. Instead of cleaning the drawer and keeping the things you need, you throw everything away in one sweep. One day you will start the process again.

    The junk drawer is like your project management office (PMO). The PMO is given projects that are barely scoped, projects that don’t have clear sponsors, and ad hoc administrative tasks you don’t have the time or desire to deal with. Inevitably, your PMO is out of capacity. This happens rather quickly, since it’s understaffed. You question its purpose because you made it a junk drawer. You even think about closing it. One day you will start the process again.

    Use this blueprint to stop the madness. Learn how to properly define, staff, and plan a roadmap of a PMO that will actually serve your organization.

    Ugbad Farah, PMP
    Senior Research Analyst, PPM
    Info-Tech Research Group

    Your challenge

    This research is designed to help organizations that are facing these challenges:

    • No visibility into projects
    • The organization views the PMO as unnecessary overhead
    • The PMO is not properly staffed to support the organization’s needs
    • Project managers/staff aren’t providing information or following processes
    • Leadership and sponsors are disengaged

    Pie chart of 'IT Time Allocation by Area'. The grey section on the bottom left represents 'Projects and Project Portfolio Management, 11.5%'.
    IT is responsible for many different business services. The data from Info-Tech’s IT Staffing diagnostic shows that 11.5% of staff time is spent on projects and project portfolio management. (Source: Info-Tech IT Staffing Benchmark Report)

    PMOs can’t do everything and be all things to all people. Define limits with a strong mandate and effective staffing. Make sure you have the skills and capacity to support required PMO functions.

    Project management chaos

    PMOs get pulled into the day-to-day project and resourcing issues, making it difficult to focus on running a portfolio:

    1. Teammates seem unphased by overdue tasks and missed milestones.
    2. Fire drills may happen more often than planned projects.
    3. Resources are allocated and then redirected to something more urgent.
    4. Communication that’s stuck in silos, leading to confusion about priorities.
    5. Due dates mysteriously shift without explanation.
    6. Project teams are more focused on the due date than adoption and outcomes.

    Common obstacles

    IT and PMO leaders face several challenges.

    • Many people see the PMO as nothing more than the “project document police,” i.e. a source of red tape rather than a helpful support system. This impacts staffing and hiring.
    • The PMO is often misunderstood as a center for project management governance, when it also needs to facilitate the communication of project data from project teams to decision makers to ensure that appropriate decisions get made around resourcing, approval of new projects, etc.
    • Accountability is something that is not clearly defined for many activities that flow through the PMO. Business leaders, project workers, and project managers are rarely as aligned as they need to be.

    The Reality

    68% — Sixty-eight percent of stakeholders see their PMOs as sources of unnecessary bureaucratic red tape. (Source: KeyedIn, 2014)

    50% — Fifty percent of PMOs close within the first three years due to such things as poorly defined mandates and poor leadership. (Source: KeyedIn, 2014)

    Info-Tech’s approach

    Prepare an Actionable Roadmap for Your PMO

    The Info-Tech difference:

    1. Get a departmental job description first. Defining your PMO may not be as simple as it seems. Explore the boundaries of portfolio, project, resource, and organizational change management before jumping ahead with processes and tools.
    2. The staffing plan should come before your long-term plan. Get buy-in around your definition of the roles needed to run your PMO before articulating a long-term plan. Too often, plans have been accepted without the commensurate level of staffing. Our approach gives you a chance to put hiring on the roadmap as a predecessor to accountability.
    3. Keep your eye on the ball. Build your PMO around the operational imperative to recognize completed projects as an early milestone in broader changes. In other words, projects exist to create change.

    Prepare an Actionable Roadmap for your PMO

    Turn planning into action with a realistic PMO timeline.

    50% of PMOs close within the first 3 years.

    Logo for Info-Tech.


    Logo for ITRG.

    01 Define

    DEFINE THE RIGHT KIND OF PMO

    Establish the purpose of your PMO. Identify organizational needs to fill in gaps instead of duplicating efforts.

    LOGICAL FALLACY
    “If we approve more work, we'll get more done.”

    A properly run portfolio reconciles demand (project requests) to supply (available people) and drives throughput by approving the amount of projects that can get done.

    02 Staff

    STAFF THE PMO FOR RESILIENCE

    Analyze the staffing requirements for your PMOs mandate. Create purpose-built role descriptions.

    FALSE ASSUMPTION
    “Our best project manager should run the PMO.”

    Your best project manager should be running projects and, no, they shouldn't do both.

    03 Plan

    PREPARE AN ACTIONABLE ROADMAP

    The difference in a winning PMO is determined by a roadmap or plan created at the beginning. Leaders should understand the full scope of the plan before committing their teams to the project.

    COMMON MISTAKE
    “We'll get great at project management now and worry about portfolio management later.”

    Too often, PMOs focus on project management rigor and plan to do portfolio management after that's done. But few successfully maintain the process long enough to get there. If you start with portfolio management, leadership might soften their demands for project management rigor.

    04 Execute

    ALIGN TO STRATEGIC PLAN

    Use the power of organizational change management to ensure success and adoption. Iterate through the finer points of planning and execution to deploy the kind of PMO defined in step 1, with the people described in step 2, and the strategic roadmap articulated in step 3.

    PROJECT MYOPIA
    “Let's focus on delivering the project on time so we can move on to our next project.”

    Don't forget why the idea got approved in the first place. The goal is to sustain beneficial business outcomes well beyond the completion of your project.

    Info-Tech’s methodology for Preparing an Actionable Roadmap for Your PMO

    1. Define the PMO 2. Staff the PMO 3. Prepare a Roadmap
    Phase Steps
    1. Get a Common Understanding of Your PMO Options
    2. Determine Where You Are and Engage Leadership
    1. Identify Organizational Design
    2. Build Job Descriptions
    1. Create Roadmap
    2. Governance and OCM
    Phase Outcomes A clear vision for your PMO and an articulated reason for establishing it.
    An understanding of your PMO goals and which challenges it sets to address.
    An analysis of staffing requirements of your PMO that aligns with your mandate from phase 1. Job descriptions help to fill the necessary roles. An actionable roadmap that can be presented to leadership and implemented. An introduction to the concept of governance and tools for a change impact analysis.

    Insight summary

    Overarching insight

    There is a gap in the perception of the actual role of the PMO in many organizations by different stakeholder groups. Many people see the PMO police that produce red tape rather than a helpful support system. Those that need to present a coherent plan to leadership championing the need for a PMO often have an uphill battle.

    Phase 1 insight

    Determine the PMO’s role and needs and then determine your staff needs based on that PMO.

    PMO leaders are all too often set up to fail, left to make successes out of PMOs that:

    1. have poorly defined mandates;
    2. lack the proper resourcing to support the services the organization requires; or
    3. lack executive leadership, vision, and backing.

    Phase 2 insight

    Staff the PMO according to its actual role and needs. Don’t rush to the assumption that PMO staff starts with accomplished project managers.

    Many organizations have PMOs of one person, and it is simply not a long-term recipe for success. People in this situation have a lot of weight on their shoulders and feel like they are being set up to fail. It is very challenging for anyone to run a PMO alone without support or administrative help.

    Phase 3 insight

    The difference in a winning PMO is determined by a roadmap or plan created at the beginning.

    When you are determining what your PMO will provide in the future, it is important to align the ambition of the PMO with the maturity of the business. Too often, a lot of effort is spent trying to convince businesses of the value of a PMO.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    PMO Role Definition Tool Sample of the PMO Role Definition Tool deliverable. PMO Project Charter Template Sample of the PMO Project Charter Template deliverable.
    Blank Job Description Template
    Sample of the Blank Job Description Template deliverable.
    Sample Job Descriptions
    Sample of the Sample Job Descriptions deliverable.
    PMO Job Description Builder Workbook
    Sample of the PMO Job Description Builder Workbook deliverable.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    PMO Strategic Plan
    Sample of the PMO Strategic Plan deliverable.
    PMO MS Project Plan Sample
    Sample of the PMO MS Project Plan Sample deliverable.
    Organizational Change Impact Analysis Tool
    Sample of the Organizational Change Impact Analysis Tool deliverable.

    Benefits

    IT Benefits

    • Determine how you can fill gaps and not duplicate efforts to bring value to your organization.
    • Ensure that key PMO capabilities like portfolio management, project management, and organizational change management are in balance.
    • Staffing is purpose-driven. Avoid putting good people in the wrong role.

    Business Benefits

    • Intake and governance have a primary focus and are not merely afterthoughts of someone primarily focused on project management methodology.
    • Avoid unrealistic commitments by ensuring better upfront analysis of ability to execute.
    • Ensure appropriately mandated sponsor management.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

      Phase 1

    • Call #1: Scope requirements, objectives, and your specific challenges.
    • Call #2: Assess current state and determine PMO role/type.
    • Call #3: Complete job description survey.
    • Phase 2

    • Call #4: Analyze survey results and complete FTE analysis.
    • Call #5: Discuss necessary roles and create job descriptions.
    • Phase 3

    • Call #6: Discuss business goals and priorities.
    • Call #7: Identify and prioritize initiatives on roadmap.
    • Call #8: Discuss governance and organizational change.
    • Call #9: Summarize results in strategic plan and discuss next steps.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Define

    1.1 Review PPM Current State Scorecard Results

    1.2 Get a Common Understanding of Your PMO Options

    1.3 Conduct SWOT Analysis

    1.4 Current State and Leadership Engagement

    1.5 PMO Mandate and Vision

    Staff

    2.1 Identify Organizational Design

    2.2 Right, Wrong, Missing, Confusing

    2.3 PMO Function, Roles, and Responsibilities

    2.4 Job Descriptions

    Plan

    3.1 Roadmap Top-Level Hierarchy

    3.2 Roadmap Second-Level Hierarchy

    3.2 Staffing and Sizing

    3.3 Reconcile and Finalize Roadmap

    3.4 Governance and Authority

    Change

    4.1 Importance of OCM

    4.2 Sponsorship

    4.3 Analyze the Impact of the Change Across Multiple Dimensions and Stakeholder Groups

    Next Steps and Wrap-Up (offsite)

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables
    1. PPM Current State Scorecard
    2. SWOT Results
    3. PMO Role Development Tool
    4. PMO Charter
    1. Right, Wrong, Missing, Confusing Results
    2. Job Description Survey Tool
    3. Job Description Templates
    1. PMO Roadmap Draft
    2. Governance and Authority Activity
    1. Organizational Change Impact Analysis Tool
    2. Sponsor Template
    1. Completed PMO Roadmap draft
    2. PMO Strategic Plan draft

    Prepare an Actionable Roadmap for Your PMO

    Phase 1

    Define the Right Kind of PMO

    Phase 1

    • 1.1 Get a Common Understanding of Your PMO Options
    • 1.2 Determine Where You Are and Engage Your Leadership

    Phase 2

    • 2.1 Identify Organizational Design
    • 2.2. Build Job Descriptions

    Phase 3

    • 3.1 Create Roadmap
    • 3.2 Governance and OCM

    A PMO may not simply be an office of project managers

    Project management offices are evolving and taking on activities that differ from company to company.

    1915 1930s 1950s 1980s 1990s
    Frederick Taylor introduces the PMO with the implementation of the scientific management method and the increase in the number and complexity of projects. The US Air Corps creates a Project Office function to monitor aircraft development (probably the first record of the term being used). The US military starts developing complex missile systems. Each weapon system was composed of several sub-projects grouped together in system program offices (SPOs). This built the structures underlying the traditional PMO. The Project Office concept exported to construction and IT. The PMO gains a lot of momentum with professional associations and project management certifications becoming recognized industry standards.

    Organizations are confused about what a PMO is, whether they should have one, and what it should do

    PMBOK

    The responsibilities of a PMO can range from providing project management support functions to the direct management of one or more projects. The PMO is an organizational body assigned with various responsibilities related to the centralized and coordinated management of those projects under its domain.

    The PMO may play a role in supporting strategic alignment and delivering organizational value, integrating data and information for organizational strategic projects, and evaluating how higher-level strategic objectives are being fulfilled.

    COBIT

    The PMO can be responsible for portfolio maintenance, setting a standard approach for project and program and portfolio management.

    OPM

    The PMO is an organizational body assigned with various responsibilities related to the centralized and coordinated management of those projects under its domain.

    In an effort to set a standard, the governance frameworks have over complicated it for most of us.

    Use Info-Tech’s framework to create the PMO that works for your organization

    Determine the Services Your PMO Will Provide
    Manage your PMO services in alignment with your mandate and your organization’s needs.

    Establish Your PMO’s Mandate
    Figure out the purpose of your PMO and write it down so it’s clear to your leadership. Align your mandate to the organization’s needs.

    Ensure Organizational Needs Are Being Met
    Before you can decide on what your PMO will do, find out who’s doing what in your organization so you can fill gaps instead of duplicating efforts.

    Hierarchy of PMO Needs
    Hierarchy of PMO needs with 'Organizational Needs' as the base, 'PMO Mandate' in the middle, and 'PMO Services' at the top.

    Info-Tech Insight

    Consider the principles of Maslow’s Hierarchy of Needs, which view the lower tiers of the hierarchy as fundamentally required to validate the pursuit of the higher tiers.

    Step 1.1

    Get a Common Understanding of Your PMO Options

    Activities
    • 1.1.1 Review PMO Types
    • 1.1.2 SWOT Analysis

    This step will walk you through the following activities:

    • Review Info-Tech’s PMO Types
    • Complete a Strengths, Weaknesses, Opportunities, and Threats Analysis

    This step involves the following participants:

    • PMO director and/or portfolio manager
    • PMO staff/stakeholders
    • Project managers

    Outcomes of this step

    • Current state analysis
    Define the Right Kind of PMO
    Step 1.1 Step 1.2

    People mistake the PMO as only an office with project managers

    It sounded simple enough, but no one could really explain what it meant.

    PMOs are often born out of necessity or desperation. A traumatic event happens, and leadership decides that it wouldn’t have happened had there been a “Project Management Office.” The phrase itself is often quite reassuring and offers the hope of some sort of sanity and order.

    People may not really be able to explain what a PMO is, but they do have a common understanding that it should solve all project management issues. But simply prescribing the “PMO” as a remedy for every organizational alignment is not going to be sufficient. There are different types of PMOs and more importantly there are different types of organizations.

    Screenshot of a Google search for 'what is a project management office'.
    Google and the Google logo are trademarks of Google LLC.

    The PMI has described what a PMO could be

    The PMI does not have a standard for PMOs like it does for things like project, program, and portfolio management. Its PMO definitions should be used as more of a reference point than a best practice.

    But what should it do?

    • Supportive: Provides a consultative role to projects by supplying templates, best practices, training, access to information, and lessons learned from previous projects.
    • Controlling: Provides support and requires compliance through various means.
    • Directive: Takes control of the projects by directly executing them.

    The PMI described three types of PMOs. These three types are well known in the industry, but they are essentially characteristics and do little to help people understand the functions and services of a PMO. There continue to be questions about the role a PMO should play in an organization and how it’s supposed to add value.

    Stock photo of two sticky notes reading 'project' and 'management'.

    Thousands of practitioners came together at the 2012 PMI Symposium and expanded upon PMBOK’s PMO types

    1. Managing
      Manages the work in projects and programs.
    2. Consulting
      Serves as an experience-based consultative body to project managers.
    3. Project Repository
      Repository of previous project documentation, lessons learned, etc.
    4. Enterprise PMO
      Provides PMO services to the organization.
    5. Center of Excellence
      Creates the standard and methodologies and provides tools.
    6. Managerial
      Manages the project and program managers, and eventually, other project resources.
    7. Delivery
      Manages the project and programs.

    1.1.1 Leverage Info-Tech’s PMO types to anchor yourself

    We have narrowed it down to five types of PMOs.

    ePMO
    Icon for ePMO.
    IT PMO
    Icon for IT PMO.
    PMO
    Icon for PMO.
    CMO
    Icon for CMO.
    CoE
    Icon for CoE.
    Enterprise
    Highest level PMO, typically responsible to align project and program work to strategy-significant projects or programs for the entire organization. Could include both IT and business units.
    IT
    IT PMOs provide project-related support for IT project portfolios. For many organizations PMOs originate in IT departments because of the structure required for technology-related projects.
    Project/Program
    Provides project-related tactical service as an entity to support a specific project or program. Can be dismantled when program is done.
    Change
    Change management offices (CMO) help build change management capabilities and enable change readiness in organizations.
    Excellence
    These centers differ in size and mode of organization, depending on their subject and scope. They support project work by providing the organizations with standard methodologies and tools.

    What is your definition of a PMO?

    Use this model to clearly show what is in and out of scope.

    ePMO IT PMO PMO CMO CoE
    PPM Reporting for enterprise portfolio and the financial/human resources needed to deliver them X
    PPM Finance for project/portfolio capital and expense X X
    PPM Customer Management – the customers, sponsors of the project X X
    PPM Strategy Management – projects and programs relate to corporate X X X
    PPM Program Management – related projects in the portfolio X X X
    PPM Time Accounting X X x
    PPM Business Relationship Management (BRM) X X
    PPM Project Information System (PMIS) – organization of project information X X
    PPM Administrative Support – general assistance with Portfolio X
    PPM Record Keeping – Enterprise Information X X
    RM Forecasting X
    PM Quality Assurance X X
    PM Procurement and Vendor Management X X X
    PM Project Status Reporting X X
    PM PM Services X X X
    PM Training X
    PM PM SOP X
    OCM Adoption X X
    OCM Change Management X X
    OCM Benefits Attainment X X
    OCM Forecast Benefits X X
    OCM Track Benefits X X
    GOV Intake X
    GOV Governance X X
    GOV Reporting X X X X

    Use Info-Tech’s PMO function matrix to help provide role definitions for your PMO

    Info-Tech’s potential PMO capabilities are in the header of the table below. These are the services a PMO may (or may not) provide depending on the needs of the organization.

    Portfolio Management Resource Management Project Management Organizational Change Management PMO Governance
    Recordkeeping and bookkeeping Strategy management Assessment of available supply of people and their time Project status reporting PM SOP
    (e.g. feed the portfolio, project planning, task managing)
    Benefits management Technology and infrastructure
    Reporting Financial management HR Security
    PMIS Intake Matching supply to demand based on time, cost, scope, and skill set requirements Procurement and vendor management Legal Financial
    CRM/RM/BRM Program management
    Tracking of utilization based on the allocations Quality Intake
    Time Accounting PM services
    (e.g. staffing project managers or coordinators)
    Quality assurance Organizational change management Project progress, visibility, and process
    Forecasting of utilization via supply-demand reconciliation Closure and lessons learned
    Administrative support PM Training

    The rest of this blueprint will help you choose the right capabilities and accompanying job functions for your PMO.

    Various options for specific PMO job functions are listed below each capability. PMO leaders need to decide which of these functions are required for their organization.

    1.1.2 SWOT analysis

    45-60 minutes

    Input: Current PMO governance documents and SOPs

    Output: An assessment of current strengths, opportunities, threats, and weaknesses of capabilities in previous slide

    Materials: Whiteboard/flip charts, Sticky notes

    Participants: PMO director and/or portfolio manager, PMO staff/stakeholders, Project managers

    Perform a SWOT analysis to assess the current state of PMO capabilities covered on the previous slide.

    The purpose of the SWOT is to begin to define the goals of this implementation by assessing your project management, portfolio management, resource management, organizational change management, and governance capabilities and cultivating alignment around the most critical opportunities and challenges.

    Follow these steps to complete the SWOT analysis:

    1. Have participants discuss and identify strengths, weaknesses, opportunities, and threats.
    2. Spend roughly 60 minutes on this. Use a whiteboard, flip chart, or PowerPoint slide to document results of the discussion as points are made.
    3. Make sure results are recorded and saved either using the template provided in the next slide or by taking a picture of the whiteboard or flip chart.

    1.1.2 Sample SWOT analysis

    Strengths

    • Knowledge, skills, and talent of project staff.
    • We have fairly effective project management processes.
    • Motivation to get things done when priorities, goals, and action plans are clear.

    Weaknesses

    • IT-business communication and alignment.
    • No standards are currently in place across departments. Staff are unsure which templates to use and how/when/why to use them.
    • There are no formal intake structures in place. Projects are approved and it’s up to us to “figure it out.”
    • We have no prioritization practices to keep up with constantly changing priorities and shifts in the marketplace.

    Opportunities

    • Establish portfolio discipline to improve IT-business communication through more effective and efficient project coordination.
    • Stronger initiation processes should translate to smoother project execution.
    • Establish more disciplined and efficient weekly/monthly project reporting practices that should facilitate more effective communication with senior leaders.

    Threats

    • Risk of introducing burdensome processes and documentation that takes more time away from getting things done.
    • We tried to formalize a PMO in the past and it failed after eight months.
    • We have no insight into project resourcing.

    Step 1.2

    Determine Where You Are and Engage Your Leadership

    Activities
    • 1.2.1 Assess Current State
    • 1.2.2 Gap Analysis
    • 1.2.3 Vision Exercise
    • 1.2.4 PMO Charter
    • 1.2.5 Strategic Planning

    This step will walk you through the following activities:

    • Assess the current state of your PPM/PM services using the PMO Role Definition Tool
    • Determine current gaps in your services and processes using the PMO Role Definition Tool
    • Discuss the vison for your PMO
    • Start creating your PMO charter

    This step involves the following participants:

    • PMO director and/or portfolio manager
    • PMO staff/stakeholders
    • Project managers

    Outcomes of this step

    • Results of PMO Role Definition Tool
    • PMO vision
    • PMO charter

    Define the Right Kind of PMO

    Step 1.1 Step 1.2

    Why do organizations need a PMO?

    Stock image of a man thinking.

    “If a company is not a project-oriented organization, there’s less of a need for a PMO. If they are project-focused though, they should have one. Otherwise, who’s driving the delivery of their projects? Who’s establishing their methodology? How are they managing resources efficiently?” (Mary Hubbard, PMP, director of the PMO at Siemens Government Technologies Inc., A PMI Global Executive Council Member)

    Signs you might need a PMO:

    • A lack of project transparency.
    • Significant discrepancies in project results.
    • Poor customer satisfaction rates.
    • An inability to cost projects accurately.
    • A high percentage of delayed or cancelled projects.
    • High project failure rates.
    • Poor alignment of project activity and business strategy investments.
    • Inconsistent project management processes and methodologies.
    • A lack of collaboration and knowledge sharing.
    • Little to no resource training to meet IT and business needs.
    • A lack of resource management for utilization and capacity.
    • Little to no visibility into project, program, and portfolio-level status.

    Why does your organization need a PMO?

    Observe the needs of your organization before deciding on services to support it.
    • Observe what is and what is not in place. Look for existing processes, tools, and systems and evidence that they are being followed. You might already have some pieces in place; the question becomes what to keep and what not to keep.
    • What does your organization look like?
      • Name
      • Population
      • Current Project Lifecycle
      • IT Services Team
      • # of Unique Applications
      • Annual Budget
    • Gather a list of potential areas for improvement where a PMO can add value. Once a list is established, convert it to a prioritized queue of initiatives. A key item on your list should be how projects go from beginning to end so you can understand the potential issues and opportunities with your current project delivery.
    Stock image of a hierarchy mapped out over a birds eye view of people.

    Ideally, we wouldn’t invest in project, portfolio, or OCM because they’re overhead processes without any direct value…

    …but you need to spend just enough to demonstrate you are a diligent steward of the assets under your administration.

    Organizational Change Management

    • Well-run projects can fail without OCM.
    • More than anyone else, it’s up to the sponsor to pursue outcomes.

    Project Management

    • Determine the current project management standards and methodologies.
    • Uncover any forms and templates that are currently in use.
    • If there is a lack of project management knowledge among current or future staff, you will need to do some training.

    Portfolio Management

    • Who currently approves projects and who will be approving them in the future?
    • Who is accountable for approving too many projects?
    • What roles does resource capacity play? Is it constrained or do you approve everything?
    • Are the resources in your PMO full-time?
    • How big is your portfolio?
    • How much do you spend on resources (hours or months)?

    Governance

    • Governance can mean many different things: intake, finance, over-sight of existing projects, resource management, technology and architecture, and process.
    • Don’t try to introduce governance without considering the people who may already be governing different areas.
    • Consider what things can be done without getting executive approval.

    Define your PMO’s role in the organization

    Use Info-Tech’s PMO Role Definition Tool to help establish your PMO’s future state.

    • Use Info-Tech’s PMO Role Definition Tool to figure out the functions your PMO should provide.
    • The current-state analysis uses specific questions to assess how you are doing things now and provide you with some situational awareness.
    • The gap analysis uses another set of specific questions to uncover the holes in your organization and the services that are not being provided.
    • Based on the answers you gave to the questions, the tool will populate the functions that your PMO should provide to your organization: the services your organization needs.
    • Use the outputs to start looking into missing functions and ultimately start building or re-establishing the responsibilities of your PMO.
    • Consider having multiple team members answer all the questions to establish alignment and get realistic data.

    Sample of the PMO Role Definition Tool.

    Download the PMO Role Definition Tool

    Hey, you don’t to have to spend anything on portfolio, project, and organizational change management! Assuming of course…

    • You have enough people to do all your projects
    • All projects are getting done on time
    • Your customers and employees are happy
    • You have complete visibility into the portfolio
    • Your projects align with your corporate strategy
    • Your projects align with your operational needs
    • Your strategic and operational needs are in harmony
    • You have the right skills
    • You are using all resources provided to you
    • People self-identify the right work and independently do that work
    • Time is not wasted
    • The work is production-ready (i.e. high quality)
    • Vendors honor their commitments
    • The sponsor is confident they’re getting what was committed
    • You have sufficient reports for the portfolio
    • Stakeholders make it through transitions with minimal resistance
    • The organization is prepared to adopt the outcomes of projects
    • The sponsors’ forecasted benefits are realized
    • Stakeholders are aware of the need for change
    • Stakeholders transition well from current to future state

    Use the tool on the next slide to see where you may need to spend.

    1.2.1 Assess the current state of your project environment

    20-30 minutes

    Input: Understanding of current project portfolio environment

    Output: Completed current state survey

    Materials: Tab 1 of Info-Tech’s PMO Role Definition Tool

    Participants: PMO director and/or portfolio manager, PMO staff/stakeholders, Project managers

    Screenshot from tab 1 of Info-Tech’s PMO Role Definition Tool.

    Screenshot from tab 1 of Info-Tech’s PMO Role Definition Tool. There are three columns: '#', 'Question', and 'Answer'.

    There are 20 current-state questions in column C. Together, the questions address the five capabilities in Info-Tech’s PMO function matrix (slide 28).

    Use the drop-down menu in column D to answer Agree, Somewhat Agree, Neutral, Somewhat Disagree, or Disagree to each question in column C.

    The questions are broad by design. Answer them honestly and select “neutral” if anything is not applicable.

    1.2.2 Set your target state needs to identify gaps

    15-30 minutes

    Input: Reflection on the question, “If I/We do nothing, someone in the organization is…”

    Output: Completed target state survey

    Materials: Tab 2 of Info-Tech’s PMO Role Definition Tool

    Participants: PMO director and/or portfolio manager, PMO staff/stakeholders, Project managers

    Screenshot from tab 2 of Info-Tech’s PMO Role Definition Tool.

    Screenshot from tab 2 of Info-Tech’s PMO Role Definition Tool. There are four columns: '#', 'Question', 'Answer', and 'Department'.

    Each question in column C of tab 2 should be answered in the context of, “If I do nothing, someone in the organization is…”

    Answer each question by using the drop-down menu in column D to select “Yes,” “No,” “I don’t know,” or “N/A.”

    If “Yes” include the department or area that is responsible.

    Hierarchy of PMO needs with 'Organizational Needs' highlighted. 'Organizational Needs' at the base, 'PMO Mandate' in the middle, and 'PMO Services' at the top.

    Review the preliminary list of your potential PMO functions

    Tab 3 of the PMO Role Definition Tool contains a customized version of Info-Tech’s PMO definition matrix, based upon your inputs in the previous two tabs.

    Screenshot from tab 3 of Info-Tech’s PMO Role Definition Tool. It is titled 'PMO Functions and Groups' and contains a table with five columns: 'Portfolio Management', 'Resource Management', 'Project Management', 'Organizational Change Management', and 'Governance'. Each column contains high level recommendations, and at the bottom of the columns are outputs.

    The name of the box is the group the function belongs to.

    These outputs are based on the answers to the questions on the previous 2 tabs.

    In each group’s box are high-level recommendations.

    Consider your stakeholders

    Who benefits from the new or updated PMO structure?

    In a matrix environment, understanding the challenges other teams are facing is a core requirement of an effective PMO. The best way to understand this is through direct engagement like conducting interviews and taking surveys with management and members of other teams.

    Ask yourself these questions about your PMO:

    • Are we doing the right things?
    • Do we know the current status of projects?
    • Are we managing, escalating, and resolving project issues?
    • Do PMs have the right training?
    • What is our overall utilization?

    A PMO should be structured to provide service to the organization. View it as a business, serving the stakeholders.

    1.2.3 Complete this vision exercise to produce an initial mandate for a new/improved PMO

    45-60 minutes

    Input: Outputs from SWOT analysis

    Output: An initial PMO mandate

    Materials: Whiteboard/flip charts, Sticky notes

    Participants: PMO director and/or portfolio manager, PMO staff/stakeholders, Project managers

    Now that you have an idea of the services your organization needs from steps 1.1 and 1.2 of this blueprint, you can discuss the target state of your PMO.

    Follow these steps to complete the SWOT analysis:

    1. Each person writes one aspect of a future state that would solve the issues described in the SWOT analysis (activity 1.1.1). Use sticky notes and post them on the whiteboard.
    2. As a group, identify which of these aspects would be good candidates for embodying the “core element” of your PMO’s new mandate.
    3. From the aspects gathered, have everyone individually come up with a statement of one to two sentences they think captures the overall theme and vision of this PMO.
    4. Collectively choose the best statement to use as the working mandate for your new project management office. This mandate can be modified as needed in the time leading up the creation and launch of your PMO.

    Hierarchy of PMO needs with 'PMO Mandate' highlighted. 'Organizational Needs' at the base, 'PMO Mandate' in the middle, and 'PMO Services' at the top.

    1.2.4 Use Info-Tech’s PMO Project Charter template to help capture your mandate and obtain approval

    3-4 hours

    Input: Activity 1.2.3, Logical considerations for PMO deployment (see bulleted list on this slide)

    Output: An assessment of current strengths, opportunities, threats, and weaknesses of capabilities in previous slide

    Materials: Whiteboard/flip charts, Sticky notes

    Participants: PMO director and/or portfolio manager, PMO staff/stakeholders, Project managers

    A successful PMO will offer a range of services which business units can rely on. The aim of the PMO charter is to outline what is in scope for the PMO and what services it will initially offer.

    A project charter serves several important functions. It organizes the project so you can make efficient and effective resource allocation decisions. It also communicates important details about the project purpose, scope definition, and project parameters.

    To use this template, simply modify or delete all information in grey text and convert the remaining text to black before printing or sending. Sections within the Template include:

    1. PMO Mandate
    2. Goals & Benefits
    3. Scope Definition
    4. Key PMO Stakeholders
    5. Projected Timeline for Implementation
    6. Project Roles and Responsibilities
    7. High-Level Budget
    8. High-Level Risk Assessment

    Sample of the PMO Project Charter Template.

    Download the PMO Project Charter Template

    Engage leadership to refine target-state expectations

    Stock image of a person with a megaphone. ?
    Will project managers be included in the PMO? Which projects and programs will be in the PMO’s mandate?
    ?
    Will the PMO have decision-making authority? If so, how much and on what issues?
    ?
    Where in the organizational structure will the PMO report?

    “Changing the perception of project management from ‘busy work’ to ‘valued efforts’ is easier when the PMO is properly aligned.” (Project Management Institute, October 2009)

    Don’t assume your PMO is merely tactical

    It can help drive strategy instead of just being a technical arm.

    Strategic

    Stock image of a business person.

    Tactical

    Strategic Alignment
    Leadership assumes that your presence will optimize the alignment of projects to corporate strategy.
    Process Adherence
    Leadership assumes you’re all about process.
    Portfolio Thinking
    Leadership assumes that you’re thinking about the overall throughput of projects through the portfolio.
    Project Thinking
    Leadership assumes you’re not thinking beyond the boundaries of a single project at any given time.
    Outcomes Focused
    Leadership assumes that you’re focused on the outcomes forecast by sponsors.
    Timeline Focused
    Leadership assumes you’re focused on delivering projects on time.

    Info-Tech Insight

    A key success factor for a PMO is to take part of strategic conversations; when they are left out, it creates a barrier. The PMO is the connective tissue between strategy and tactics. Don’t risk your benefits by not having the PMO Director at the table before you make decisions.

    Avoid the disconnect

    Create a strategic plan with project professionals at the table.

    • Strategic plans should guide organizations to future states, yet many don’t ever get used. This is because there is a disconnect between the people creating the strategic plan and the people being asked to implement it. Strategic planners don’t often develop their plans with the help of project managers who can ensure the plan is transferred into a working operational plan.
    • Strategic planners are broad thinkers with high-level plans whereas project professionals often work in the trenches. The disconnect between the two can often result in cost overruns, delays in implementation, low worker morale, and an overall chaotic work environment.
    • By putting strategic planners and project managers together to work on the strategic planning process, they can see what the other sees and plan accordingly.
    • Twenty-seven percent more projects are executed successfully when a company’s structure and resources align with their strategy (KPMG, 2017).

    “The failure to build a bridge between the strategic planning process and project management’s planning process is a major reason strategic plans don’t work.” (Bruce McGraw, Project/Programme Manager)

    1.2.5 Strategic planning

    1 hour

    To create a strategic plan that provides value, recognize that the strategic plan for the PMO is not the PMO charter.

    • The PMO charter is the organizational mandate for the PMO. It defines the role, purpose and functions of the PMO. It articulates who the PMO's sponsors and customers are, the services that it offers, and the staffing and support structures required to deliver those services. And, it assumes that a decision to have a PMO has already been made.
    • A strategic plan enables the PMO to play an essential role in achieving a company’s business goals, setting out clear objectives and then providing a roadmap on how to achieve them. A strategic plan maps the tools and resources necessary to achieve successful project outcomes.

    To create a results-driven strategic plan for your PMO, it is helpful to follow a top-down format:

    • Start by going through the list on the right and update the strategic plan.
    • What are the top project-related issues and opportunities you want your PMO to address and what’s the value to the business of trusting them?

    Vision: this needs to be a vivid and common image
    Mission: this is the special assignment that is given to a group
    Goals: these are broad statements of future conditions
    Objectives: these are operational statements that indicate how much and by when (e.g. deliverables or intangible objectives like productivity)
    Strategies: these are the set of actions that need to take place
    Needs: these are the things required to carry out the strategy
    Critical Success Factors: these are the key areas of activity in which favorable results are necessary to reach the goal

    Download the PMO Strategic Plan

    Prepare an Actionable Roadmap for Your PMO

    Phase 2

    Staff Your PMO for Resilience

    Phase 1

    • 1.1 Get a Common Understanding of Your PMO Options
    • 1.2 Determine Where You Are and Engage Your Leadership

    Phase 2

    • 2.1 Identify Organizational Design
    • 2.2. Build Job Descriptions

    Phase 3

    • 3.1 Create Roadmap
    • 3.2 Governance and OCM

    Info-Tech’s approach

    Follow our two-step approach to successfully staff your PMO.

    1. Determine your PMO staffing needs.
      Our approach to building a PMO starts by analyzing the staffing requirements of your PMO mandate.
    2. Create purpose-built role descriptions.
      Once you have an understanding of the staff and skills you’ll need to succeed, we have job description aids you’ll need to fill the roles.

    The Info-Tech difference:

    1. Save time developing a purpose-built approach. There is no one-size-fits-all approach to PMO staffing. The advice and tools in this research will help you quickly determine your unique staffing needs and guide your next steps to get the staffing you need.
    2. Leverage insider research. We’ve worked with thousands of PMOs and have seen the good, the bad, and the ugly of PMO staffing. The approach in this research is informed by client successes and will help you avoid the common mistakes that drive PMO failure.

    IT staff allocation for project work

    Projects and Project Portfolio Management

    58.3% — 58% of respondents feel they have the appropriate staffing level to execute project management effectively. (Source: Info-Tech IT Staffing Benchmark Report)

    59.8% — 59% feel they have the appropriate staffing level to execute requirements gathering effectively. (Source: Info-Tech IT Staffing Benchmark Report)

    The GDP contributions from project-oriented industries are forecasted to reach $20.2 trillion over the next 20 years. (Source: “Project Management: Job Growth and Talent Gap” Project Management Institute, 2017)

    Info-Tech Insight

    Project work is only going to increase, and in general, people are dissatisfied with their current staffing levels.

    Step 2.1

    Identify Organizational Design

    Activities
    • 2.1.1 Right, Wrong, Missing, Confusing
    • 2.1.2 Map Your Current Structure
    • 2.1.3 Inventory Assessment
    • 2.1.4 Job Description Survey

    This step will walk you through the following activities:

    • Complete a Right, Wrong, Missing, Confusing analysis
    • Determine your current organizational/PMO structure
    • Assess your current inventory
    • Complete the job description survey

    This step involves the following participants:

    • PMO director and/or portfolio manager
    • PMO staff/stakeholders
    • Project managers

    Outcomes of this step

    • Current-state analysis
    • Job description survey results

    Staff Your PMO for Resilience

    Step 2.1 Step 2.2

    2.1.1 Right, wrong, missing, confusing

    30-45 minutes

    Input: Current PMO process, Current PMO org. chart

    Output: An assessment of current things that are being done right and wrong and what is currently missing and confusing

    Materials: Whiteboard/flip charts, Sticky notes

    Participants: PMO director and/or portfolio manager, PMO staff, Project managers

    Perform a right, wrong, missing, confusing analysis to assess the current state of your PMO and its staff.

    The purpose of this exercise is to begin to define the goals of this implementation by assessing your staffing capabilities and cultivating alignment around the most critical opportunities and challenges.

    Follow these steps to complete the analysis:

    1. Have participants discuss what is wrong, right, missing, and confusing.
    2. Spend roughly 45 minutes on this. Use a whiteboard, flip chart, or PowerPoint slide to document results of the discussion as points are made.
    3. Make sure results are recorded and saved by taking a picture of the whiteboard or flip chart.

    Organizational types

    1. Functional
      Functional organizations are structured around the functions the organization needs to be performed.
    2. Projectized
      Projectized organizations are organized around projects for maximal project management effectiveness.
    3. Matrix
      Matrix organizations have structures that blend the characteristics of functional and projectized organizations.

    Functional organization

    The traditional hierarchical organizational structure.

    A functional hierarchical structure with 'Functional Managers' highlighted and the note 'Project coordination'. 'Chief Executive' at the top, 'Functional Managers' in the middle, and 'Staff' at the bottom.
    Adapted from ProjectEngineer, 2019
    1. Employees are organized by specialties like human resources, information technology, sales, marketing, administration, etc.
    2. The project management role will be performed by a team member of a functional area under the management of a functional manager.
    3. Resources for the project will need to be negotiated for with the functional managers, and the accessibility of those resources will be based on business conditions. Any escalations of issues would need to be taken to the functional manager.
    4. The project management role would act more like a project coordinator who does not usually carry the title of project manager.
    5. Project management is considered a part-time responsibility. Of all the organizational types, this one tends to be the most difficult for the project manager. The project manager lacks the authority to assign resources and must acquire people and other resources from multiple functional managers.
    6. Because the project manager has little to no authority, the project can take longer to complete than in other organizational structures, and there is generally no recognized project management methodology or best practices.

    Projectized organization

    The majority of project resources are involved in project work.

    A projectized hierarchical structure with a single project hierarchy highlighted and the note 'Project coordination'. 'Chief Executive' at the top, 'Project Managers' in the middle, and 'Staff' at the bottom.
    Adapted from ProjectEngineer, 2019
    1. The project manager has increased independence and authority and is a full-time member of a project organization. They have project resources available to them, such as project coordinators, project schedulers, business analysts, and plan administrators.
    2. The project manager is responsible to the sponsor and/or senior management. The project manager has authority and control of the budget, and any escalation of issues would be taken to the sponsor.
    3. Given that the project resources report to the project manager versus the functional area, there may be a decrease in the subject matter expertise of the team members.
    4. Team members are usually co-located within the same office or virtually co-located to maximize communication effectiveness.
    5. There can be some functional units within the organization; however, those units play a supportive role, without authority over the project manager.
    6. There is no defined hierarchy. Resources are brought together specifically for the purpose of a project. At the end of each project, resources are either reassigned to another project or returned to a resource pool.

    Matrix organization

    A combination of functional and projectized.

    A matrix hierarchical structure with the lowest row highlighted and the note 'Project coordination'. 'Chief Executive' at the top, 'Functional Managers' in the middle, mainly 'Staff' at the bottom, except one 'Project Manager' who coordinates across functions.
    Adapted from ProjectEngineer, 2019
    1. A matrix organization is a blended organizational structure. Although a functional hierarchy is still in place, the project manager is recognized as a valuable position and is given more authority to manage the project and assign resources.
    2. Matrix organizations can be classified as weak, balanced, or strong based on the relative authority of the functional manager and project manager. If the project manager is given more of a project coordinator role, then the organization is considered a weak matrix. If the project manager is given much more authority on resources and budget spending, the organization is considered a strong matrix.
    3. Matrix structures evolve in response to the rise of large-scale projects in contemporary organizations. These projects require efficient processing of large amounts of information.
    4. Working in a matrix organization is challenging and structurally complex. Employees have dual reporting relationships – generally to both a functional manager and a project and/or product manager. However, if done well, it offers the best of both worlds.
    5. The matrix organization structure usually exists in large and multi-project organizations. Here they can move employees whenever and wherever their services are needed. The matrix structure has the flexibility to transfer the organization’s talent by considering employees to be shared resources.

    The project management office

    The vast majority of PMOs are understaffed and underequipped.

    • They are often born out of necessity or desperation.
    • They have no long-terms goals; they tend to go from year to year trying to meet the organization’s needs.
    • They don’t have clear mandates, so it is difficult to determine how they are providing value.
    • Over time (and sometimes even from day one), project management offices find that other tasks fall into their area of responsibility. This often happens when the work has nowhere else to go.
    • Resource management is the challenge, both in terms of being able to allocate skilled resources to projects and within the PMO itself. Staffing gaps within the PMO are often met by individuals wearing more than one hat.

    A stock photo of a circle of chairs in a field being occupied by only two people.

    2.1.2 Map your current structure

    30 minutes to 1 hour

    Input: Current org. charts and PMO structures, Info-Tech’s PMO Function Matrix

    Output: Structure chart

    Materials: Whiteboard/flip charts

    Participants: PMO director and/or portfolio manager, PMO staff, Project managers

    1. As a group, review your current organizational and PMO structure.
    2. Map out both, or if your PMO is small, map out how it fits into the overall structure.
      • Make sure to think about your process, reporting structures, and escalation hierarchies.
      • Consider the capabilities on slide 59 as you work.
      • Use the sample structure on the next page as a guide.

    Stock image of a business hierarchy.

    Sample PMO structure

    Sample PMO structure with 'PMO Director' at the top. 'Portfolio Administrator' below, but not directly in charge of others. Then 'Program Manager', 'Change Manager', 'Resource Management Analyst', 'Business Relationship Manager', and 'Business Analyst' all report to the PMO Director. Below 'Program Manager' are two 'Project Managers' then 'Project Coordinator'. Stock photo of a hand placing a puzzle piece of a business person on it into a puzzle.

    Info-Tech’s PMO Function Matrix

    Info-Tech’s potential PMO capabilities are in the header of the table below.

    Portfolio Management Resource Management Project Management Organizational Change Management PMO Governance
    Recordkeeping and bookkeeping Strategy management Assessment of available supply of people and their time Project status reporting PM SOP
    (e.g. feed the portfolio, project planning, task managing)
    Benefits management Technology and infrastructure
    Reporting Financial management HR Security
    PMIS Intake Matching supply to demand based on time, cost, scope, and skill set requirements Procurement and vendor management Legal Financial
    CRM/RM/BRM Program management
    Tracking of utilization based on the allocations Quality Intake
    Time Accounting PM services
    (e.g. staffing project managers or coordinators)
    Quality assurance Organizational change management Project progress, visibility, and process
    Forecasting of utilization via supply-demand reconciliation Closure and lessons learned
    Administrative support PM Training

    2.1.3 Inventory assessment

    30-45 minutes

    Input: Understanding of your current situation regarding project intake and process

    Output: Survey results

    Materials: Whiteboard/flip charts

    Participants: PMO director and/or portfolio manager, PMO staff, Project managers

    When staffing your PMO, it is important to understand your current situation regarding project intake and process.

    Answer the following questions, and be as detailed as possible:

    • What is your project intake process?
    • How many projects do you currently have?
    • How many people lead projects?
    • Are those who lead projects distributed (federated) or centralized?
    • What tools do you use to manage your portfolio, projects, and resources?

    Stock image of a magnifying glass over an idea lightbulb surrounded by the six classic question words.

    2.1.4 Job description survey

    45 minutes to 1 hour

    Input: Tab 1 of the PMO Job Description Builder Workbook

    Output: List of current projects, processes, and tools

    Materials: PMO Job Description Builder Workbook

    Participants: PMO director and/or portfolio manager, PMO staff, Project managers

    On tab 1 of the PMO Job Description Builder Workbook, use the survey to help determine potential role requirements across various project portfolio management, project management, business analysis, and organizational change management activities.

    Follow these steps to complete the survey:

    1. Consider the role that you are trying to fill.
    2. Read each question carefully and use the drop-down menu to answer whether the activity in column C is a core, ancillary, or out-of-scope job duty.

    Download the PMO Job Description Builder Workbook

    2.1.4 Job description survey continued

    Sample of the Job Description Survey with questions and responses.

    Step 2.2

    Build Job Descriptions

    Activities
    • 2.2.1 Analyze Survey Results
    • 2.2.2 FTE Analysis
    • 2.2.3 Create Your Job Descriptions

    This step will walk you through the following activities:

    • Complete the PMO Job Description Builder Workbook
    • Create job descriptions

    This step involves the following participants:

    • PMO director and/or portfolio manager
    • PMO staff/stakeholders
    • Project managers

    Outcomes of this step

    • PMO org. chart
    • Completed job descriptions

    Staff Your PMO for Resilience

    Step 2.1 Step 2.2

    2.2.1 Analyze survey results

    30 minutes

    Tab 2 of the PMO Job Description Builder Workbook shows the survey results from tab 1.

    The job activities are ranked in a prioritized list. The analysis will help you determine if you require a portfolio manager, program manager, project manager, business analyst, organizational change manager, or a combination.

    Follow these steps to analyze your results:

    • Digest the prioritized ranking. The job activities are ranked in a prioritized list (from most essential to the role to least essential) in column D. The core process or capability that corresponds to each activity is listed in column C.
    • Use the drop-down menu in column F to decide if the core job duties and ancillary job duties will or will not be included in the role description. Out-of-scope activities will automatically be removed.

    Screenshot of the 'Job Description Survey Results' from the PMO Job Description Builder Workbook.

    Download the PMO Job Description Builder Workbook

    2.2.2 FTE analysis

    30 minutes

    Input: Tab 3 of the PMO Job Description Builder Workbook

    Output: Total estimated monthly time commitments, Preliminary FTE analysis

    Materials: PMO Job Description Builder Workbook

    Participants: PMO director and/or portfolio manager, PMO staff, Project managers

    Tab 3 of the PMO Job Description Builder Workbook is used to complete the FTE analysis.

    Download the PMO Job Description Builder Workbook

    2.2.2 FTE analysis continued

    Screenshot of the 'FTE analysis' on tab 3 of the PMO Job Description Builder Workbook. It has a table with columns for 'Rank', 'Process', 'Activity', and 'Est. Monthly Time Commitments (aka Column E)' with note 'Base these initial estimates on the number of projects and project teams, as well as the number of internal and external customers and stakeholders'. There is also a table of totals with a pie chart of the 'Distribution of Role Responsibilities'. The value for 'Total Estimated Monthly Timing Commitment' is in cell J5, and the note for the value of 'Preliminary FTE Analysis' is 'If your preliminary FTE analysis comes out to be more than 1 FTE, you may want to revisit your analysis on tabs 1 and 2 to further limit this role, or to further delineate it across multiple roles and FTEs'.

    On tab 3, use column E to estimate the monthly time commitments required for each activity in the role.

    Tip: Base estimates on the number of projects and project teams as well as the number of internal and external stakeholders across the portfolio(s) of projects and programs.

    Cell J5 will provide a preliminary recommended FTE count for the role.

    Job description content

    Screenshot of the 'Job Description Content' section of the PMO Job Description Builder Workbook.

    This is an output tab based on your analysis in tabs 1 and 2. Copy and paste the content and add it under the relevant heading in Info-Tech's Blank Job Description Template later in this blueprint.

    Screenshot of the 'Blank Job Description Template' section of the PMO Job Description Builder Workbook.

    For each capability you are including in your job description, there is a list of common certifications. These can also be copied and pasted into the Blank Job Description Template.

    Download the PMO Job Description Builder Workbook

    How to determine the roles in your PMO

    It’s not black and white.

    While your PMO should have someone to lead the team, aside from that it’s hard to be specific about the exact roles your PMO needs without understanding the needs of your organization.

    This is why it’s important to define your PMO first. Your team members should best support the function and capabilities of your PMO.

    For example:

    • If you want to provide a training program to project managers, you’ll need your PMO to have people with experience delivering training and with experience having done the job before.
    • If your PMO provides management information and deep portfolio analysis, you’ll need someone on the team who knows their way around data analysis tools.

    You should have a mix of skills in the PMO team, each complementing the others. You may have administrators and coordinators, data analysts and software experts, trainers, coaches, and senior managers.

    “If you want to go fast, go alone. If you want to go far, go together.” (African proverb)

    Managing projects and building PMOs are not the same thing

    Your best project manager should be running projects, and, no, they can’t do both.

    • Your new PMO needs a leader to get it off the ground, but don’t assume that the best project manager is best suited to build the PMO. The goal-oriented passion of a successful project manager may prove to be antithetical to the forward-looking finesse and political acumen needed to develop and staff the PMO as an organizational unit. Avoid the common mistake of promoting effective people into positions where they become ineffective, a concept often referred to as “The Peter Principle.”
    • You can’t determine if your best project manager fits the PMO leadership role if the PMO’s role isn’t clearly defined. Carefully define and clearly articulate the PMO’s role to understand the skill set needed to develop and lead your PMO.
    • Project managers often propose to create a PMO without considering the fit with project portfolio management and organizational change management. If the leadership doesn’t understand the magnitude of what is being requested, they may well think a project manager is best suited to run the PMO. The prestige and/or compensation is attractive, but project managers will often spin their wheels and naturally focus on what they know how to do: manage projects. Start with a PMO design to align with business expectations.

    The Peter Principle

    The Peter Principle was first introduced by Canadian sociologist Laurence Johnston Peter describing the pitfalls of bureaucratic organizations. The original principle states that "in a hierarchically structured administration, people tend to be promoted up to their level of incompetence.” The principle is based on the observation that whenever someone succeeds at their job, the organizational response is to promote them, thus people will continue to be promoted until they reach a point where they’re no longer excelling at their job. At that point, they would no longer be promoted. Followed to its logical conclusion, organizations will continue to take successful people and rotate them to new positions until they are no longer effective.

    PMO Director/Lead

    Job overviews for different kinds of PMO directors.

    The job descriptions on the next few pages are associated with the descriptive headings, but it is important to recognize that these diverse roles can all fall under the job title of PMO director.

    Portfolio Management

    As PMO director, you will oversee the throughput of IT projects using portfolio management, project management, and organizational change management disciplines.

    You and your team will directly manage the intake of new project requests, the preparation of evaluation-ready project proposals, and the handoff of approved project initiation documents to project managers in other departments. You will forecast and track the availability of people to do the project work throughout the project life cycle. You will publish monthly and annual portfolio reporting based on information collected from the project teams, and you will oversee the closure of projects with follow-up reporting to those who approved them.

    From time to time, the PMO may be required to identify projects that should be frozen or canceled based on criteria set forth by the leadership and/or industry best practices.

    While currently out of scope, successful candidates should be comfortable with the possibility that the PMO may required to develop full life cycle organizational change management in the future. As well, experienced project managers in the PMO may be required to manage high-risk, high-visibility projects from time to time.

    PMO Director/Lead

    Job overviews for different kinds of PMO directors.

    Project Management

    As PMO director, you will oversee a team of professional project managers who are responsible for the company’s high-risk, high-visibility, and strategic projects.

    You and your team will receive initiation documents and assigned resourcing for approved projects from the company’s authorized decision makers. You will manage the fulfillment of the project requirements, providing regular status updates to project and portfolio stakeholders and escalating concerns when projects are struggling to meet their commitments for scope, cost, and timelines.

    Over time, the PMO will take on an increasing role in organizational change management. The PMO will transition its focus from project delivery to business outcomes. Over time, the PMO will transition project sponsors from articulating requirements to delivering results.

    Project Policy

    As PMO director, you will oversee the establishment, support, and promotion of company-wide standards for project management.

    You and your team will modernize and maintain the company policy manuals and processes for everything related to project management. You will adapt our legacy PMBOK-based standards to cover iterative project management approaches as well as the more formal approaches required for construction projects, outsourced projects, and a wide variety of non-IT projects.

    PMO Director/Lead

    Job overviews for different kinds of PMO directors.

    Project Governance

    As PMO director, you will oversee the governance of project spending, delivery, and impact.

    You and your team will ensure that project proposals address the broad needs of the organization via strategic alignment, operational alignment, appropriateness of timing, identification and management of risk, and ability to execute. You will represent the needs and interests of the shareholder, ratepayer, or constituent by validating adherence to the organization’s published policies for project, portfolio, and organizational change management.

    The PMO is independent from the broader information technology division and will retain a mandate to ensure transparency and disclosure relative to the consumption of the organization’s scarce resources in the pursuit of high-risk IT projects.

    Stock photo of a compass pointing in the direction of leadership.

    Info-Tech sample job descriptions

    Use the sample job descriptions available with this blueprint as a guide when creating your descriptions.

    1. PMO Director
    2. Portfolio Manager
    3. Portfolio Administrator
    4. Project Manager
    5. Project Coordinator
    6. Resource Management Analyst
    1. Program Manager
    2. Change Manager
    3. Business Analyst
    4. Business Relationship Manager
    5. Product Owner
    6. Scrum Master

    Stock photo of a pen resting on a 'job duties' section of a job description.

    2.2.3 Create your job descriptions

    30 minutes

    Input: PMO Job Description Builder Workbook

    Output: Job descriptions

    Materials: Blank Job Description Template

    Participants: PMO director and/or portfolio manager, PMO staff, Project managers

    When you’ve determined the roles you need, you can start creating your job descriptions. If none of our out-of-the-box, pre-populated job description templates suit your needs, use the results of Info-Tech’s PMO Job Description Builder Workbook and the Blank Job Description Template to create your purpose-built job description.

    Follow these steps to create your job description:

    1. Copy the content from tab 4 of the PMO Job Description Builder Workbook and paste it under the relevant headings in the “Responsibilities” section of the Blank Job Description Template. Delete any unused headings if they are not relevant to your role. Additionally, use the list of common certifications on tab 4 of the Workbook to inform that section of the Blank Job Description Template.
    2. Use the sample job descriptions on the blueprint landing page as a guide for filling out the remaining sections of the document.

    Download the Blank Job Description Template

    2.2.3 Create your job descriptions continued

    Screenshot of the Blank Job Description Template.

    Prepare an Actionable Roadmap for Your PMO

    Phase 3

    Prepare an Actionable Roadmap for Your PMO

    Phase 1

    • 1.1 Get a Common Understanding of Your PMO Options
    • 1.2 Determine Where You Are and Engage Your Leadership

    Phase 2

    • 2.1 Identify Organizational Design
    • 2.2. Build Job Descriptions

    Phase 3

    • 3.1 Create Roadmap
    • 3.2 Governance and OCM

    Having a strategy is essential but real value and benefits are delivered through projects

    9.9% of every dollar is wasted due to poor project performance

    52% of projects are delivered to stakeholder satisfaction

    51% of projects are likely to meet original the goal and business intent
    (Source: Project Management Institute, 2018)

    You’re always going to have troubled projects

    Have the organizational discipline to step away from the mess and develop a plan.

    • The world of modern project management has been in place for over 50 years and yet business leaders still seem to put the pressure on troubled projects instead of broken processes.
    • With higher portfolio maturity comes higher performance, warranting investment in the PMO.
    • Instead of alternative cost-reduction measures, such as stopping an individual project, we find that PMO resources (or the entire PMO) are being cut. In most cases, this demonstrates a lack of understanding of the value of portfolio management processes and related impacts.
    • Plan for a series of improvements over time so you’re not continually using your PMO resources on troubled projects. Instead, maintain an ongoing focus on improvement.

    Stock photo of an axe stuck in a piece of wood.
    “If I had six hours to chop down a tree, I’d spend the first four hours sharpening the axe.” (Anonymous woodsman)

    All improvements cannot be done at once

    • The difference in a winning PMO is determined by a roadmap or plan created at the beginning.
    • Leaders should understand the full scope of the plan before committing their teams to the project.
    • All improvements cannot be done at once. The best PMOs create an approach of overall governance and strictly adhere to it. After the approach is defined, a roadmap can be plotted, executed, and delivered effectively.
    • The exercise of creating a roadmap is less about the plan and more about raising the level of understanding for stakeholders.
    • We often find that the PMO is ahead of the business's views of how the PMO can support and add value to the business. A lot of effort is spent trying to convince businesses of the value of a PMO, usually without complete success.
    • The PMO needs to align to the strategic goals of the business, providing the business understands or accepts that alignment. By aligning your roadmap activities to business drivers, you are more likely to get ownership from the business for the initiatives.
    Stock image of a winding path between two map markers.

    A PMO can benefit your business and organization as a whole

    Your PMO can:

    1. Help to align the project or portfolio with a focus on the future strategy of the organization.
    2. Be a mechanism to deliver projects successfully, keep them on track, and report when scheduling, budget, and other scope issues could derail the project.
    3. Create a portfolio of projects and understand the links and dependencies between the projects. This provides you with a bird's-eye view to make better decisions based on changes as they arise.
    4. Facilitate better communications with customers and stakeholders.
    5. Enforce project management governance and ensure consistent standards throughout the organization.
    6. Strategize on how to best use shared resources and best use them productively.

    “If you run projects and the projects have a significant level of cost or have significant level of impact, then you can really benefit from a PMO. Certainly, the larger the projects, the bigger the budget, the more there are projects, then the more you can benefit from a PMO.” (Michael Fritsch, Vice President PMO, Confoe)

    “PMOs are there to ensure project and program success and that’s critical because organizations deliver value through projects and programs.” (Brian Weiss, Vice President, Practitioner Career Development, Project Management Institute)

    Step 3.1

    Create Roadmap

    Activities
    • 3.1.1 Business Goals
    • 3.1.2 Roadmap
    • 3.1.3 Resources

    This step will walk you through the following activities:

    • Determine business goals
    • Create roadmap
    • Establish resources

    This step involves the following participants:

    • PMO director and/or portfolio manager
    • PMO staff/stakeholders
    • Project managers

    Outcomes of this step

    • PMO roadmap aligned to business goals

    Prepare an Actionable Roadmap for Your PMO

    Step 3.1 Step 3.2

    3.1.1 Business goals and priorities

    30 minutes

    Input: Business strategies and goals, Current PMO org. chart

    Output: An initial short, medium, long-term roadmap of initiatives

    Materials: Whiteboard/flip charts, Sticky notes, Slide 83

    Participants: IT leaders/CIO, PMO director and/or portfolio manager, PMO staff, Project managers

    When you are determining what your PMO will provide in the future, it is important to align the ambition of the PMO with the maturity of the business. Too often, a lot of effort is spent trying to convince businesses of the value of a PMO.

    Before you develop your roadmap, try to seek out the key strategies that the business is currently driving to get the proper ownership for the proposed initiatives.

    • What does leadership want to accomplish?
    • What are the key strategies the business is currently driving?
    • What are the current pain points?

    Once you’ve established the business strategies, start mapping out your initiatives:

    • For each initiative, consider the activities you think will work best to take you from your current to future state. It’s okay to keep this high level, we will break them down later in the blueprint.
    • Don’t place activities on a roadmap with dates yet. Use the table on the next slide to record the activities against each initiative at a high level.
    Current State Business Strategies PMO Initiatives Future State Business Strategies
    Short Term Medium Term Long Term
    Portfolio Management Project Intake Process
    Triage Process
    Project Levelling
    Book of Record
    Approval
    Prioritization
    Reporting
    Resource Allocation
    Resource Management
    Project Management Standardize Project Management
    Methodologies
    PM Training
    Organizational Change Management Benefits
    Governance Project progress, visibility, and process
    Documentation

    3.1.2 Create your roadmap

    1-2 hours

    Services should be introduced gradually and your PMO roadmap should clearly highlight this and explain when key deliverables will be achieved.

    Consider the below top-level tasks and add any others that pertain to your organization:

    • Enable Transition
    • Establish Governance
    • Organizational Chart
    • Technology and Infrastructure
    • Develop Portfolio Management Capabilities and Guidelines
    • Standardize Project Management Methodology
    • Organizational Change Management
    • Strategy Management

    Download Info-Tech’s PMO MS Project Plan Sample to see a full list of top-level tasks and second-level tasks. Once done, you can visually plot the tasks on a roadmap. See the next few slides for roadmap visuals.

    Stock photo of median lines on a road with the years 2021-2023 painted between them.

    Download the PMO MS Project Plan Sample

    Screenshot of PMO MS Project Plan Sample

    Screenshot of PMO MS Project Plan Sample with notes point out the headings as 'Top-level hierarchy' and the list contents as 'Second-level-hierarchy'.

    Sample roadmap

    A sample roadmap with column headers 'Task' and 'Q1', 'Q2', 'Q3', 'Q4', and 'Q1' with 3 months beneath each quarter. Under 'Task' are 'Establish Tradition', 'Establish Governance', 'Organizational Chart', and 'Technology and Infrastructure'; these are the 'Top-level-hierarchy'. There are arrows laid out in the table cross section with different steps; these are the 'Second-level hierarchy'.

    Sample roadmap

    A sample roadmap with monthly column headers 'Jan' through 'Jun'. Rows are 'Develop Portfolio Management Capabilities and Guidelines', 'Standardize Project Management Methodology', and 'Design Resource Management Process'. There are processes laid out in the table cross section that are color-coded as 'Completed', 'In progress', and 'Planned'.

    Consider the resources you will need

    Use these Info-Tech resources to make sure your roadmap will be successful.

    Finances – Understand and be transparent about the real costs of your project.

    People – Strategize according to skill sets and availability. Use the org. chart in phase 2 of this blueprint as a starting place (slide 58).

    Assets – Determine the tangible resources you may buy like software and licenses.

    Stock photo of a thinking man.

    3.1.3 Define resources

    30 minutes

    Input: Project documentation, Current resources

    Output: List of resources for your PMO

    Materials: Whiteboard/flip charts

    Participants: IT leaders/CIO, PMO director and/or portfolio manager, PMO staff, Project managers

    Resources for your projects include staff, equipment, and materials. Resource management at the PMO level will help you manage those resources, get visibility into projects, and keep them moving forward. Be sure to consider the resources that will get your PMO off the ground.

    Determine the resources you currently have and the resources your PMO will need and add them to your strategic plan:

    1. Finances — It’s essential that you know, and are transparent about, the real cost of creating your PMO and new process. Don’t forget to consider post deployment costs as well.
    2. People — Every project depends on the skill sets that individual team members bring to the table. Strategize according to these skill sets and their availability for the duration of a project. Some team members may have other work responsibilities and limited time for the project, so you need to accommodate this.
    3. Assets — These include the tangible resources you may have to buy, lease, or arrange for, such as workspace, software and licenses, computer hardware, testing equipment, and so on.

    Step 3.2

    Governance and OCM

    Activities
    • 3.2.1 Governance
    • 3.2.2 OCM
    • 3.2.3 Perform a Change Impact Analysis
    • 3.2.4 Determine Dimensions of Change
    • 3.2.5 Determine Depth of Impact

    This step will walk you through the following activities:

    • Assess/understand governance
    • Conduct impact analysis

    This step involves the following participants:

    • PMO director and/or portfolio manager
    • PMO staff/stakeholders
    • Project managers

    Outcomes of this step

    • Governance Structures
    • Organizational Change Management Impact Analysis Tool

    Prepare an Actionable Roadmap for Your PMO

    Step 3.1 Step 3.2

    Clearly define the authority your PMO will have

    The following section includes slides from Info-Tech’s Make Governance Adaptable blueprint. Download the blueprint to dive deeper into IT governance.

    Governance is an important part of building a strong PMO. A PMO governance framework defines the authority and the support it requires to maximize portfolio and project management capabilities throughout the business. It should sit within your overall governance framework and as the PMO matures, its roles and responsibilities will also change to adapt with business demands and additional capabilities.

    Your framework can:

    • Specify PMO authority
    • Introduce and apply process standards, polices, and directives as it pertains to project and portfolio management
    • Facilitate executive and leadership involvement
    • Foster a collaborative environment between the PMO and the business

    A PMO governance framework enables PMO leaders to establish the common guidelines and manage the distribution of authority given to the PMO.

    Visit Make Your IT Governance Adaptable

    Stock photo of a group working together.

    Common causes of poor governance

    Key causes of poor or misaligned governance
    1. Governance and its value to your organization is not well understood, often being confused or integrated with more granular management activities.
    2. Business executives fail to understand that IT governance is a function of the business and not the IT department.
    3. Poor past experiences have made “governance” a bad word in the organization – a constraint and barrier that must be circumvented to get work done.
    4. There is misalignment between accountability and authority throughout the organization, and the wrong people are involved in governance practices.
    5. There is an unwillingness to change a governance approach that has served the organization well in the past, leading to challenges when the organization starts to change practices and speed of delivery.
    6. There is a lack of data and data-related capabilities required to support good decision making and the automation of governing decisions.
    7. The goals and strategy of the organization are not known or understood, leaving nothing for IT governance to orient around.
    Five key symptoms of ineffective governance committees
    1. No actions or decisions are generated – The committee produces no value and makes no decisions after it meets. The lack of value output makes the usefulness of the committee questionable.
    2. Overallocation of resources – There is a lack of clear understanding of capacity and value in work to be done, leading to consistent underestimation of required resources and resource overallocation.
    3. Decisions are changed outside of committee – Decisions that are made or initiatives that are approved are changed when the proper decision makers are involved or the right information becomes available.
    4. Decisions conflict with organizational direction – Governance decisions conflict with organizational needs, showing a visible lack of alignment and behavioral disconnects that work against organizational success. Often due to power that’s not accounted for within the structure.
    5. Consistently poor outcomes are produced from governance direction – Lack of business acumen in members and relevant data or understanding of organizational goals drives poor measured outcomes from the decisions made in the committee.

    IT PMO

    Chair:
    Updated:

    Mandate

    Ensure business value is achieved through information and technology (IT) investments by aligning strategic objectives and client needs with IT initiatives and their outcomes.

    Committee Goals

    • Maximize throughput of the most valuable projects
    • Ensure visibility of current and pending projects
    • Minimize resource waste and optimize of alignment of skills to assignments
    • Clarify accountability for post-project benefits attainment and facilitate the tracking/reporting of those benefits
    • Drive approval and prioritization of IT initiatives based on their alignment with business goals and strategy
    • Establish a consistent process for handling intake/demand

    Committee Metrics

    • % of approved IT initiatives that measure benefit achievement upon completion
    • % of IT initiatives with direct alignment to organizational strategic direction
    • % of initiatives approved by exception

    Decisions and responsibilities by purpose

    Responsibilities
    STRATEGIC ALIGNMENT

    Ensure initiatives align with organizational objectives
    Embed strategic goals and prioritization approach within process
    Define intake approach

    VALUE DELIVERY
    • Ensure all IT initiatives have a defined value expectation (excepting innovation activities)
    • Approve and prioritize IT initiatives based on value
    RISK MANAGEMENT

    Assess risk as a factor of prioritizing and approving initiatives

    RESOURCE MANAGEMENT

    Decide on the allocation of IT resources

    PERFORMANCE MEASUREMENT

    Ensure process is in place to measure and validate performance of IT initiatives

    Committee Membership
    Role

    CIO, Product Owner, Service Owner, IT VPs, BRM, PMO Director, CISO/CRO

    Individual

    IT Steering Committee

    Chair:
    Updated:

    Mandate

    Ensure business value is achieved through information and technology (IT) investments by aligning strategic objectives and client needs with IT initiatives and their outcomes.

    Committee Goals

    • Align IT initiatives with organizational goals
    • Evaluate, approve, and prioritize IT initiatives
    • Approve IT strategy
    • Reinforce (if provided) or establish risk appetite and threshold
    • Confirm value achievement of approved initiatives
    • Set target investment mix and optimize IT resource utilization

    Committee Metrics

    • % of approved IT initiatives that meet or exceed value expectation
    • % of IT initiatives with direct alignment to organizational strategic direction
    • Level of satisfaction with IT decision making
    • % of initiatives approved by exception

    Committee Overview

    Committee Name Committee Membership Mandate
    Executive Leadership Committee CEO, CFO, CTO, CDO, CISO/CRO, CIO, Enterprise Architect/Chief Architect, CPO Provide strategic and operational leadership to the company by establishing goals, developing strategy, and directing/validating strategic execution.
    Enterprise Risk Committee CISO/CRO, CPO, Enterprise Risk Manager, BU Leaders, CFO, CTO, CDO Govern enterprise risks to ensure that risk information is available and integrated to support governance decision making. Ensure the definition of the organizational risk posture and that an enterprise risk approach is in place.
    IT Steering Committee CIO, Product Owner, Service Owner, IT VPs, BRM, PMO Director, CISO/CRO Ensure business value is achieved through information and technology (IT) investments by aligning strategic objectives and client needs with IT initiatives and their outcomes.
    IT Risk Council IT Risk Manager, CISO, IT Directors Govern IT risks within the context of business strategy and objectives to align the decision-making processes towards the achievement of performance goals. It will also ensure that a risk management framework is in place and risk posture (risk appetite/threshold) is defined.
    PPM Portfolio Manager, Project Managers, BRMs Ensure the best alignment of IT initiatives and program activity to meet the goals of the business.
    Architectural Review Board Service/Product Owners, Enterprise Architects, Chief Architect, Domain Architects Ensure enterprise and related architectures are managed and applied enterprise-wise. Ensure the alignment of IT initiatives to business strategy and architecture and compliance to regulatory standards. Establish architectural standards and guidelines. Review and recommend initiatives.
    Change Advisory Board Service/Product Owner, Change Manager, IT Directors or Managers Ensure changes are assessed, prioritized, and approved to support the change management purpose of optimizing the throughput of successful changes with a minimum of disruption to business function.

    Decisions and responsibilities by purpose

    Responsibilities
    STRATEGIC ALIGNMENT
    • Ensure initiatives align with organizational objectives
    • Approve strategies and policies that ensure the organization benefits from IT
    • Propose innovative uses of IT to enable the business to compete and perform better
    • Make decisions that account for human preferences and behavior
    VALUE DELIVERY
    • Validate the achievement of benefits from IT initiatives
    • Ensure all IT initiatives have a defined value expectation (excepting innovation activities)
    • Ensure stakeholder value and value drivers are understood
    • Prioritize IT work based on value
    • Define a prioritization approach with stakeholders
    RISK MANAGEMENT
    • Ensure creation, maintenance, and observation of policies and procedures, ensuring conformance where needed
    • Ensure ethical behavior in IT
    • Ensure IT meets the requirements of laws, regulations, and contracts
    • Develop or reinforce the risk appetite and threshold
    • Ensure risk management framework is in place
    RESOURCE MANAGEMENT
    • Identify the target investment mix
    • Decide on the allocation of IT resources
    • Define required IT capabilities
    PERFORMANCE MEASUREMENT
    • Confirm that IT supports business processes with the right capabilities and capacity
    • Ensure data is up to date and secure
    • Monitor the extent to which prioritization of IT resources matches organizational objectives
    • Measure extent to which IT supports the business
    • Measure adherence to regulations
    Committee Membership
    Role

    CIO, Product Owner, Service Owner, IT VPs, BRM, PMO Director, CISO/CRO

    Individual

    Sample Governance Model

    A sample governance model with four levels and roles dispersed throughout the levels with arrows indicating hierarchy. The levels are 'Enterprise: Defines organizational goals. Directs or regulates the performance and behavior of the enterprise, ensuring it has the structure and capabilities to achieve its goals', 'Strategic: Ensures IT initiatives, products, and services are aligned to organizational goals and strategy and provide expected value. Ensure adherence to key principles', 'Tactical: Ensures key activities and planning are in place to execute strategic initiatives', and 'Operational: Ensures effective execution of day-to-day functions and practices to meet their key objectives'. Roles in Enterprise are 'Board', 'Executive Leadership Committee', and 'Enterprise Risk Committee'. Roles in Strategic are 'IT Steering Committee', plus three half in Strategic, 'IT PMO', 'Architectural Review Board', and 'IT Risk Council'. One role is half in Strategic and half in Tactical, 'Change Advisory Board'.

    3.2.1 Governance and authority

    1-3 hours

    Input: List of key tasks

    Output: Initial Authority Map

    Materials: Whiteboard/flip charts, Sticky notes, Strategic Plan

    Participants: IT leadership, Portfolio Manager (PMO Director), PMO Admin Team, Project Managers

    Now that you’ve determined the activities on your roadmap, it’s important to determine who is going to be responsible for the following:

    • Intake Scoring
    • Project Approvals
    • Staffing and Resource Management
    • Portfolio Reporting
    • Communications and Organizational Change Management
    • Benefits Attainment
    • Formalized Project Closure
    1. For each task have participants discuss who is ultimately accountable for the decision and who has the ultimate authority to make that decision.
    2. Place the sticky notes on the swim lanes in the strategic plan to represent the area or person has authority over it.
    3. Add all initiatives to your PMO governance framework.

    Download the PMO Strategic Plan

    Governance and Authority

    Committee Name Committee Membership
    Executive Leadership Committee CEO, CFO, CTO, CDO, CISO/CRO, CIO, Enterprise Architect/Chief Architect, CPO
    Enterprise Risk Committee CISO/CRO, CPO, Enterprise Risk Manager, BU Leaders, CFO, CTO, CDO
    IT Steering Committee CIO, Product Owner, Service Owner, IT VPs, BRM, PMO Director, CISO/CRO
    IT Risk Council IT Risk Manager, CISO, IT Directors,
    PPM Portfolio Manager, Project Managers, BRMs
    Architectural Review Board Service/Product Owners, Enterprise Architects, Chief Architect, Domain Architects
    Change Advisory Board Service/Product Owner, Change Manager, IT Directors or Managers

    PMO Governance Framework

    PMO Authority
    • Resource Management
    • Customer Relationship
    • Vendor & Contractor Relationships
    • Intake and Scoring
    • Project Approvals
    • Organizational Change Management
    Standards and Policies
    • Portfolio Management Process
    • Project Governance
    Guidelines
    • Project Classification Guidelines
    Executive Oversight
    • Establish Steering Committees
    • Sponsorship
    • Spending Authorization
    • Execution Oversight
    • Spending Cessation
    • Benefits Attainment
    • Organizational Change Management

    Customize groupings as appropriate.

    Document key achievements governance initiatives.

    Completed projects aren’t necessarily successful projects

    The constraints that drive project management (time, scope, and budget) are insufficient for driving the overall success of project efforts.

    For instance, a project may come in on time, on budget, and in scope, but…

    • …if users and stakeholders fail to adopt…
    • …and the intended benefits are not achieved...

    …then that “successful project” represents a massive waste of the organization’s time and resources.

    Organizational change management (OCM) is a supplement to project management that is needed to ensure the intended value is realized. It is the practice through which the PMO or other body can improve user adoption rates and maximize project benefits. Without it, IT might finish the project but the business might fail to recognize the intended benefits.

    Start with next step and refer to Info-Tech research on OCM for a deeper dive. Impact analysis is the cornerstone of any OCM strategy. By shining a light on considerations that might have otherwise escaped project planners and decision makers, an impact analysis is an essential component to change management and project success.

    Change Impact Analysis

    1. It is important to establish a process for analyzing how the change of your PMO roadmap processes will impact different areas of the business and how to manage these impacts. Analyze change impacts across multiple dimensions to ensure nothing is overlooked.
    2. A thorough analysis of change impacts will help the PMO processes:
      • Bypass avoidable problems.
      • Remove non-fixed barriers to success.
      • Acknowledge and minimize the impacts of unavoidable barriers.
      • Identify and leverage potential benefits.
      • Measure the success of the change.

    3.2.2 Perform a change impact analysis to make your planning more complete

    Use Info-Tech’s Organizational Change Impact Analysis Tool to weigh all the factors involved in the change.

    Info-Tech’s Organizational Change Impact Analysis Tool helps to document the change impact across multiple dimensions, enabling you to review the analysis with others to ensure that the most important impacts are captured. The tool also helps to effectively monitor each impact throughout project execution.

    • Change impact considerations can include products, services, states, provinces, cultures, time zones, legal jurisdictions, languages, colors, brands, subsidiaries, competitors, departments, jobs, stores, locations, etc.
    • Each of these dimensions is an MECE (Mutually Exclusive, Collectively Exhaustive) list of considerations that could be impacted by the change. For example, a North American retail chain might consider “Time Zones” as a key dimension, which could break down as Newfoundland, Atlantic, Eastern, Central, Mountain, and Pacific.

    Sample of the Organizational Change Impact Analysis Tool.

    Download the Organizational Change Impact Analysis Tool

    3.2.3 Assess the current state of your project environment

    15 minutes

    The “2. Set Up” tab of the Impact Tool is where you enter project-specific data pertaining to the change initiative.

    The inputs on this tab are used to auto-populate fields and drop-down menus on subsequent tabs of the analysis.

    Document the stakeholders (by individual or group) associated with the project who will be subject to the impacts.

    You are allowed up to 15 entries. Try to make this list comprehensive. Missing any key stakeholders will threaten the value of this activity as a whole.

    If you find that you have more than 15 individual stakeholders, you can group individuals into stakeholder groups.

    Sample of the Impact Analysis Tool Set-Up Tab. There is a space for 'Project Name' and a list of 'Project Stakeholders'.
    Keep in mind…

    An impact analysis is not a stakeholder management exercise.

    Impact assessments cover:

    • How the change will affect the organization.
    • How individual impacts might influence the likelihood of adoption.

    Stakeholder management covers:

    • Resistance/objections handling.
    • Engagement strategies to promote adoption.

    We will cover the latter in the next step.

    3.2.4 Determine the relevant considerations for analyzing the change impacts

    15-30 minutes

    Use the survey on tab 3 of the Impact Analysis Tool to determine the dimensions of change that are relevant.

    The impact analysis is fueled by the 13-question survey on tab 3 of the tool.

    This survey addresses a comprehensive assortment of change dimensions, ranging from customer-facing considerations to employee concerns, to resourcing, logistical, and technological questions.

    Once you have determined the dimensions that are impacted by the change, you can go on to assess how individual stakeholders and stakeholder groups are affected by the change.

    Sample of the Change Impact Survey on tab 3 of the Impact Analysis Tool.
    Screenshot of tab “3. Impact Survey,” showing the 13-question survey that drives the impact analysis.

    Ideally, the survey should be performed by a group of project stakeholders together. Use the drop-down menus in column K to record your responses.

    Impacts will be felt differently by different stakeholders and stakeholder groups

    As you assess change impacts, keep in mind that no impact will be felt the same across the organization. Depth of impact can vary depending on the frequency (will the impact be felt daily, weekly, monthly?), the actions necessitated by it (e.g. will it change the way the job is done or is it simply a minor process tweak?), and the anticipated response of the stakeholder (support, resistance, indifference?).

    Use the Organizational Change Depth Scale below to help visualize various depths of impact. The deeper the impact, the tougher the job of managing change will be.

    Procedural
    Behavioral
    Interpersonal
    Vocational
    Cultural
    Procedural change involves changes to explicit procedures, rules, policies, processes, etc. Behavioral change is similar to procedural change, but goes deeper to involve the changing tacit or unconscious habits. Interpersonal change goes beyond behavioral change to involve changing relationships, teams, locations, reporting structures, and other social interactions. Vocational change requires acquiring new knowledge and skills and accepting the loss or decline in the value or relevance of previously acquired knowledge and skills. Cultural change goes beyond interpersonal and vocational change to involve changing personal values, social norms, and assumptions about the meaning of good vs. bad or right vs. wrong.
    Example: providing sales reps with mobile access to the CRM application to let them update records from the field. Example: requiring sales reps to use tablets equipped with a custom mobile application for placing orders from the field. Example: migrating sales reps to work 100% remotely. Example: migrating technical support staff to field service and sales support roles. Example: changing the operating model to a more service-based value proposition or focus.

    3.2.5 Determine the depth of each impact for each stakeholder group

    1-3 hours

    Tab “4. Impact Analysis” of the Analysis Tool contains the meat of the impact analysis activity.

    1. The “Impact Analysis” tab is made up of 13 change impact tables (see next slide for a screenshot of one of these tables).
      • You may not need to use all 13 tables. The number of tables you use coincides with the number of “yes” responses you gave in the previous tab.
      • If you do not need all 13 impact tables (i.e. if you do not answer “yes” to all thirteen questions in tab 2) the unused/unnecessary tables will not auto-populate.
    2. Use one table per change impact. Each of your “yes” responses from tab 3 will auto-populate at the top of each change impact table. You should go through each of your “yes” responses in turn.
    3. Analyze how each impact will affect each stakeholder or stakeholder group touched by the project.
      • Column B in each table will auto-populate with the stakeholder groups from the Set-Up tab.
    4. Use the drop-down menus in columns C, D, and E to rate the frequency of each impact, the actions necessitated by each impact, and the anticipated response of each stakeholder group.
      • Each of the options in these drop-down menus is tied to a ranking table that informs the ratings on the two subsequent tabs.
    5. If warranted, you can use the “Comments” cells in column F to note the specifics of each impact for each stakeholder/group.

    See the next slide for an accompanying screenshot of a change impact table from tab 4 of the Analysis Tool.

    Screenshot of “Impact Analysis” tab

    Screenshot of the Impact analysis tab of the Analysis Tool.

    The stakeholder groups entered on the Set Up tab will auto-populate in column B of each table.

    Your “yes” responses from the survey tab will auto-populate in the cells to the right of the “Change Impact” cells.

    Use the drop-down menus in this column to select how often the impact will be felt for each group (e.g. daily, weekly, periodically, one time, or never).

    “Actions” include “change to core job duties,” “change to how time is spent,” “confirm awareness of change,” etc.

    Use the drop-down menus to hypothesize what the stakeholder response might be. For the purpose of this impact analysis, a guess is fine. A more detailed communication plan can be created later.

    Review your overall impact rating to help assess the likelihood of change adoption

    Use the “Overall Impact Rating” on tab 5 to help right-size your OCM efforts.

    Based upon your assessment of each individual impact, the Analysis Tool will provide you with an “Overall Impact Rating” in tab 5.

    • This rating is an aggregate of each of the individual change impact tables used during the analysis and the rankings assigned to each stakeholder group across the frequency, required actions, and anticipated response columns.
    Projects in the red zone should have maximum change governance, applying a full suite of OCM tools and templates as well as revisiting the impact analysis exercise regularly to help monitor progress.

    Increased communication and training efforts, as well as cross-functional partnerships, will also be key for success.

    Projects in the yellow zone also require a high level of change governance.
    Screenshot of 'Overall Impact Rating' scale on tab 5 of the Analysis Tool.
    To free up resources for those OCM initiatives that require more discipline, projects in the green zone can ease up in their OCM efforts somewhat. With a high likelihood of adoption as is, stakeholder engagement and communication efforts can be minimized somewhat for these projects, so long as the PMO is in regular contact with key stakeholders.

    Use the other outputs on tab 5 to help structure your OCM efforts

    In addition to the overall impact rating, tab 5 has other outputs that will help you assess specific impacts and how the overall change will be received by stakeholders.

    Screenshot of the Impact Analysis Outputs on tab 5 of the Analysis Tool. There are tables ranking risk impacts and stakeholders, as well as an impact zone map.

    This table displays the highest risk impacts based on frequency and action inputs on tab 4.

    Here you’ll find the stakeholders, ranked again based on frequency and action, who will be most impacted by the proposed changes.

    These are the five stakeholders most likely to support changes, based on the Anticipated Response column on tab 4.

    The stakeholder groups entered on the Set Up tab will auto-populate in column B of each table.

    In addition to these outputs, this tab also lists top five change resistors and has an impact register and list of potential impacts to watch out for (i.e. your “maybe” responses from tab 3).

    Establish Baseline Metrics

    Baseline metrics will be improved through:

    • A strong PMO is one than can link performance to the overall goals of the organization.
    • Use these examples of KPIs to measure success.
    Metric KPI
    Portfolio Performance Return on Investment (ROI) for projects and programs
    Alignment of spend with objectives
    Resource Utilization Rate (hours allocated to projects actual vs. allocation)
    Customer/Stakeholder Satisfaction
    # of strategic projects approved vs. completed
    Project/Program Performance % of completed projects (planned vs. actual)
    % of projects completed on time (based on original due date)
    % of projects completed on budget
    % of projects delivering their expected business outcomes
    Actual delivery of benefits vs. planned benefits
    % of customer satisfaction
    Project manager satisfaction rating
    PMO % of approved IT initiatives that measure benefit achievement upon completion
    % of IT initiatives with direct alignment to organizational strategic direction

    Summary of Accomplishment

    Problem Solved

    Knowledge Gained
    • PMO Options and “Best Practices”
    • PMO Types
    • Key PMO Functions/Services

    The PMO staffing model that you use will depend on many different factors. It is in your hands to create and define what your staffing needs are for your organization.

    The success of your PMO is linked to the plan you create before executing on it.

    Processes Optimized
    • Establishing organizational need.
    • Getting situational awareness to build a solid foundation for the PMO.
    • Identifying organizational design and establishing PMO structure and staffing needs.
    • Creating an actionable roadmap.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Summary of Accomplishment

    Problem Solved

    Deliverables Completed
    • PMO Role Development Tool
    • Initial PMO Mandate
    • PMO Job Description Builder Workbook
    • PMO job descriptions
    • PMO Strategic Plan
    • Organizational Change Impact Analysis Tool

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Photo of Ugbad Farah.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Sample of the Job Description Survey activity.
    Job Description Survey
    Use the survey to help determine potential role requirements across various project portfolio management, project management, business analysis, and organizational change management activities.
    Sample of the Job Descriptions builder activity.
    Create Your Job Descriptions
    Use the job descriptions as a guide when creating your own job descriptions based on the outputs from the tool.

    Related Info-Tech Research

    Stock photo of two people looking over their finances. Develop a Project Portfolio Management Strategy
    Time is money; spend it wisely.
    Stock photo of a hand with a pen resting on paper. Establish Realistic IT Resource Management Practices
    Holistically balance IT supply and demand to avoid overallocation.
    Stock photo of light bending through a tunnel. Tailor Project Management Processes to Fit Your Projects
    Spend less time managing processes and more time delivering results.

    Related Info-Tech Research

    Stock photo of a group working on a project. Optimize IT Project Intake, Approval, and Prioritization
    Decide which IT projects to approve and when to start them.
    Stock photo of a round table silhouetted in front of a window. Master Organizational Change Management Practices
    PMOs, if you don’t know who is responsible for org change, it’s you.
    Stock photo of the nose of a fighter jet. Set a Strategic Course of Action for the PMO in 100 Days
    Use your first 100 days as PMO leader to define a mandate for long-term success.

    Bibliography

    Alexander, Moira. “How to Develop a PMO Strategic Plan.” CIO, 11 July 2018. Web.

    Barlow, Gina, Andrew Tubb, and Grant Riley. “Driving Business Performance. Project Management Survey 2017.” KPMG, 2017. Accessed 11 Jan. 2022.

    Brennan, M. V., and G. Heerkens. “How we went from zero project management to PMO implementation—a real life story.” Paper presented at PMI® Global Congress 2009—North America, Orlando, FL. Project Management Institute, 13 October 2009. Web.

    Casey, W., and W. Peck. “Choosing the right PMO setup.” PM Network, vol. 15, no. 2, 2001, pp. 40-47. Web.

    “COBIT 2019 Framework Governance and Management Objectives.” ISACA, 2019. PDF.

    Crawford, J. K. “Staffing your strategic project office: seven keys to success.” Paper presented at Project Management Institute Annual Seminars & Symposium, San Antonio, TX. Project Management Institute, 2002. Web.

    Davis, Stanley M., and Paul R. Lawrence. “Problems of Matrix Organizations.” Harvard Business Review, May 1978. Web.

    Dow, William D. “Chapter 6: The Tactical Guide for Building a PMO.” Dow Publishing, 2012. PDF.

    Giraudo, L., and E. Monaldi. “PMO evolution: from the origin to the future.” Paper presented at PMI® Global Congress 2015—EMEA, London, England. Project Management Institute, 11 May 2015. Web.

    Greengard, S. “No PMO? Know when you need one.” PM Network, vol. 27, no. 12, 2013, pp. 44-49. Web.

    Hobbs, J. B., and M. Aubry. “What research is telling us about PMOs.” Paper presented at PMI® Global Congress 2009—EMEA, Amsterdam, North Holland, The Netherlands. Project Management Institute, May 2009. Web.

    Jordan, Andy. “Staffing the Strategic PMO.” ProjectManagement.com, 24 October 2016. Web.

    Lang, Greg. “5 Questions to Answer When Building a Roadmap.” LinkedIn, 2 October 2016. Accessed 15 Apr. 2021.

    Manello, Carl. “Establish a PMO Roadmap.” LinkedIn, 10 February 2021. Accessed 29 Mar. 2021.

    Martin, Ken. “5 Steps to Set Up a Successful Project Management Office.” BrightWork, 9 July 2018. Accessed 29 Mar. 2021.

    Miller, Jen A. “What Is a Project Management Office (PMO) and Do You Need One?” CIO, 19 October 2017. Accessed 16 Apr. 2021.

    Needs, Ian. “Why PMOs Fail: 5 Shocking PMO Statistics.” KeyedIn, 6 January 2014. Web.

    Ovans, Andrea. “Overcoming the Peter Principle.” Harvard Business Review, 22 December 2014. Web.

    PMI®. “A Guide to the Project Management Body of Knowledge.” 6th Ed. Project Management Institute, 2017.

    PMI®. “Ahead of the Curve: Forging a Future-Focused Culture.” Pulse of the Profession. Project Management Institute, 11 February 2020. Accessed 21 April 2021.

    PMI®. “Project Management: Job Growth and Talent Gap.” Project Management Institute, 2017. Web.

    PMI®. “Pulse of the Profession: Success in Disruptive Times.” Project Management Institute, 2018. Web.

    PMI®.“The Project Management Office: In Sync with Strategy.” Project Management Institute, March 2012. Web.

    “Project Management Organizational Structures.” PM4Dev, 2016. Web.

    Rincon, I. “Building a PMO from the ground up: Three stories, one result.” Paper presented at PMI® Global Congress 2014—North America, Phoenix, AZ. Project Management Institute, 26 October 2014. Web.

    Roseke, Bernie. “The 4 Types of Project Organizational Structure.” ProjectEngineer, 16 August 2019. Web.

    Sexton, Peter. “Project Delivery Performance: AIPM and KPMG Project Management Survey 2020 - KPMG Australia.” KPMG, 9 November 2020. Web.

    The Change Management Office (CMO). Prosci, n.d. Accessed 7 July 2021.

    “The New Face of Strategic Planning.” Project Smart, 27 March 2009. Accessed 29 Mar. 2021.

    “The State of Project Management Annual Survey.” Wellington PPM Intelligence, 2018. Web.

    “The State of the Project Management Office : Enabling Strategy Execution Excellence.” PM Solutions Research, 2016. Web.

    Wagner, Rodd. “New Evidence The Peter Principle Is Real - And What To Do About It.” Forbes, 10 April 2018. Accessed 14 Apr. 2021.

    Wright, David. “Developing Your PMO Roadmap.” Paper presented at PMI® Global Congress 2012—North America, Vancouver, British Columbia, Canada. Project Management Institute, 2012. Accessed 29 March 2021.

    Drive Customer Convenience by Enabling Text-Based Customer Support

    • Buy Link or Shortcode: {j2store}531|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Text messaging services and applications (such as SMS, iMessage, WhatsApp, and Facebook Messenger) have seen explosive growth over the last decade. They are an entrenched part of consumers’ daily lives. For many demographics, text messaging rather than audio calls is the preferred medium of communication via smartphone.
    • Despite the popularity of text messaging services and applications with consumers, organizations have been slow to adequately incorporate these channels into their customer service strategy.
    • The result is a major disconnect between the channel preferences of consumers and the customer service options being offered by businesses.

    Our Advice

    Critical Insight

    • IT must work with their counterparts in customer service to build a technology roadmap that incorporates text messaging services and apps as a core channel for customer interaction. Doing so will increase IT’s stature as an innovator in the eyes of the business, while allowing the broader organization to leapfrog competitors that have not yet added text-based support to their repertoire of service channels. Incorporating text messaging as a customer service channel will increase customer satisfaction, improve retention, and reduce cost-to-serve.
    • A prudent strategy for text-based customer service begins with defining the value proposition and creating objectives: is there a strong fit with the organization’s customers and service use cases? Next, organizations must create a technology enablement roadmap for text-based support that incorporates the right tools and applications to deliver it. Finally, the strategy must address best practices for text-based customer service workflows and appropriate resourcing.

    Impact and Result

    • Understand the value and use cases for text-based customer support.
    • Create a framework for enabling technologies that will support scalable text-based customer service.
    • Improve underlying business metrics such as customer satisfaction, retention, and time to resolution by having a plan for text-based support.
    • Better align IT with customer service and support needs.

    Drive Customer Convenience by Enabling Text-Based Customer Support Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should be leveraging text-based services for customer support, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create the business case for text-based customer support

    Understand the use cases and benefits of using text-based services for customer support, and establish how they align to the organization’s current service strategy.

    • Drive Customer Convenience by Enabling Text-Based Customer Support – Phase 1: Create the Business Case for Text-Based Customer Support
    • Text-Based Customer Support Strategic Summary Template
    • Text-Based Customer Support Project Charter Template
    • Text-Based Customer Support Business Case Assessment

    2. Create a technology enablement framework for text-based customer support

    Identify the right applications that will be needed to adequately support a text-based support strategy.

    • Drive Customer Convenience by Enabling Text-Based Customer Support – Phase 2: Create a Technology Enablement Framework for Text-Based Customer Support
    • Text-Based Customer Support Requirements Traceability Matrix

    3. Create customer service workflows for text-based support

    Create repeatable workflows and escalation policies for text-centric support.

    • Drive Customer Convenience by Enabling Text-Based Customer Support – Phase 3: Create Customer Service Workflows for Text-Based Support
    • Text-Based Customer Support TCO Tool
    • Text-Based Customer Support Acceptable Use Policy
    [infographic]

    Workshop: Drive Customer Convenience by Enabling Text-Based Customer Support

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Create the Business Case for Text-Based Support

    The Purpose

    Create the business case for text-based support.

    Key Benefits Achieved

    A clear direction on the drivers and value proposition of text-based customer support for your organization.

    Activities

    1.1 Identify customer personas.

    1.2 Define business and IT drivers.

    Outputs

    Identification of IT and business drivers.

    Project framework and guiding principles for the project.

    2 Create a Technology Enablement Framework for Text-Based Support

    The Purpose

    Create a technology enablement framework for text-based support.

    Key Benefits Achieved

    Prioritized requirements for text-based support and a vetted shortlist of the technologies needed to enable it.

    Activities

    2.1 Determine the correct migration strategy based on the current version of Exchange.

    2.2 Plan the user groups for a gradual deployment.

    Outputs

    Exchange migration strategy.

    User group organization by priority of migration.

    3 Create Service Workflows for Text-Based Support

    The Purpose

    Create service workflows for text-based support.

    Key Benefits Achieved

    Customer service workflows and escalation policies, as well as risk mitigation considerations.

    Present final deliverable to key stakeholders.

    Activities

    3.1 Review the text channel matrix.

    3.2 Build the inventory of customer service applications that are needed to support text-based service.

    Outputs

    Extract requirements for text-based customer support.

    4 Finalize Your Text Service Strategy

    The Purpose

    Finalize the text service strategy.

    Key Benefits Achieved

    Resource and risk mitigation plan.

    Activities

    4.1 Build core customer service workflows for text-based support.

    4.2 Identify text-centric risks and create a mitigation plan.

    4.3 Identify metrics for text-based support.

    Outputs

    Business process models assigned to text-based support.

    Formulation of risk mitigation plan.

    Key metrics for text-based support.

    Deliver on Your Digital Product Vision

    • Buy Link or Shortcode: {j2store}351|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $133,318 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Product organizations are under pressure to align the value they provide to the organization’s goals and overall company vision.
    • You need to clearly convey your direction, strategy, and tactics to gain alignment, support, and funding from your organization.
    • Products require continuous additions and enhancements to sustain their value. This requires detailed, yet simple communication to a variety of stakeholders.

    Our Advice

    Critical Insight

    • A vision without tactics is an unsubstantiated dream, while tactics without a vision is working without a purpose. You need to have a handle on both to achieve outcomes that are aligned with the needs of your organization.

    Impact and Result

    • Recognize that a vision is only as good as the data that backs it up – lay out a comprehensive backlog with quality built-in that can be effectively communicated and understood through roadmaps.
    • Your intent is only a dream if it cannot be implemented – define what goes into a release plan via the release canvas.
    • Define a communication approach that lets everyone know where you are heading.

    Deliver on Your Digital Product Vision Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a digital product vision that you can stand behind. Review Info-Tech’s methodology and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define a digital product vision

    Define a digital product vision that takes into account your objectives, business value, stakeholders, customers, and metrics.

    • Deliver on Your Digital Product Vision – Phase 1: Define a Digital Product Vision
    • Digital Product Strategy Template
    • Digital Product Strategy Supporting Workbook

    2. Build a better backlog

    Build a structure for your backlog that supports your product vision.

    • Deliver on Your Digital Product Vision – Phase 2: Build a Better Backlog
    • Product Backlog Item Prioritization Tool

    3. Build a product roadmap

    Define standards, ownership for your backlog to effectively communicate your strategy in support of your digital product vision.

    • Deliver on Your Digital Product Vision – Phase 3: Build a Product Roadmap
    • Product Roadmap Tool

    4. Release and deliver value

    Understand what to consider when planning your next release.

    • Deliver on Your Digital Product Vision – Phase 4: Release and Deliver Value

    5. Communicate the strategy – make it happen

    Build a plan for communicating and updating your strategy and where to go next.

    • Deliver on Your Digital Product Vision – Phase 5: Communicate the Strategy – Make It Happen!

    Infographic

    Workshop: Deliver on Your Digital Product Vision

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define a Digital Product Vision

    The Purpose

    Understand the elements of a good product vision and the pieces that back it up.

    Key Benefits Achieved

    Provide a great foundation for an actionable vision and goals people can align to.

    Activities

    1.1 Build out the elements of an effective digital product vision

    Outputs

    Completed product vision definition for a familiar product via the product canvas

    2 Build a Better Backlog

    The Purpose

    Define the standards and approaches to populate your product backlog that support your vision and overall strategy.

    Key Benefits Achieved

    A prioritized backlog with quality throughout that enables alignment and the operationalization of the overall strategy.

    Activities

    2.1 Introduction to key activities required to support your digital product vision

    2.2 What do we mean by a quality backlog?

    2.3 Explore backlog structure and standards

    2.4 Define backlog data, content, and quality filters

    Outputs

    Articulate the activities required to support the population and validation of your backlog

    An understanding of what it means to create a quality backlog (quality filters)

    Defining the structural elements of your backlog that need to be considered

    Defining the content of your backlog and quality standards

    3 Build a Product Roadmap

    The Purpose

    Define standards and procedures for creating and updating your roadmap.

    Key Benefits Achieved

    Enable your team to create a product roadmap to communicate your product strategy in support of your digital product vision.

    Activities

    3.1 Disambiguating backlogs vs. roadmaps

    3.2 Defining audiences, accountability, and roadmap communications

    3.3 Exploring roadmap visualizations

    Outputs

    Understand the difference between a roadmap and a backlog

    Roadmap standards and agreed-to accountability for roadmaps

    Understand the different ways to visualize your roadmap and select what is relevant to your context

    4 Define Your Release, Communication, and Next Steps

    The Purpose

    Build a release plan aligned to your roadmap.

    Key Benefits Achieved

    Understand what goes into defining a release via the release canvas.

    Considerations in communication of your strategy.

    Understand how to frame your vision to enable the communication of your strategy (via an executive summary).

    Activities

    4.1 Lay out your release plan

    4.2 How to introduce your product vision

    4.3 Communicate changes to your strategy

    4.4 Where do we get started?

    Outputs

    Release canvas

    An executive summary used to introduce other parties to your product vision

    Specifics on communication of the changes to your roadmap

    Your first step to getting started

    Develop Infrastructure & Operations Policies and Procedures

    • Buy Link or Shortcode: {j2store}452|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $46,324 Average $ Saved
    • member rating average days saved: 42 Average Days Saved
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Time and money are wasted dealing with mistakes or missteps that should have been addressed by procedures or policies.
    • Standard operating procedures are less effective without a policy to provide a clear mandate and direction.
    • Adhering to policies is rarely a priority, as compliance often feels like an impediment to getting work done.
    • Processes aren’t measured or audited to assess policy compliance, which makes enforcing the policies next to impossible.

    Our Advice

    Critical Insight

    • Document what you need to document and forget the rest. Always check to see if you can use a previously approved policy before you create a new one. You may only need to create new guidelines or standards rather than approve a new policy.

    Impact and Result

    • Start with a comprehensive policy framework to help you identify policy gaps. Prioritize and address those policy gaps.
    • Create effective policies that are reasonable, measurable, auditable, and enforceable.
    • Create and document procedures to support policy changes.

    Develop Infrastructure & Operations Policies and Procedures Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should change your approach to developing Infrastructure & Operations policies and procedures, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify policy and procedure gaps

    Create a prioritized action plan for documentation based on business need.

    • Develop Infrastructure & Operations Policies and Procedures – Phase 1: Identify Policy and Procedure Gaps

    2. Develop policies

    Adapt policy templates to meet your business requirements.

    • Develop Infrastructure & Operations Policies and Procedures – Phase 2: Develop Policies
    • Availability and Capacity Management Policy
    • Business Continuity Management Policy
    • Change Control – Freezes & Risk Evaluation Policy
    • Change Management Policy
    • Configuration Management Policy
    • Firewall Policy
    • Hardware Asset Management Policy
    • IT Triage and Support Policy
    • Release Management Policy
    • Software Asset Management Policy
    • System Maintenance Policy – NIST
    • Internet Acceptable Use Policy

    3. Document effective procedures

    Improve policy adherence and service effectiveness through procedure standardization and documentation.

    • Develop Infrastructure & Operations Policies and Procedures – Phase 3: Document Effective Procedures
    • Capacity Plan Template
    • Change Management Standard Operating Procedure
    • Configuration Management Standard Operation Procedures
    • Incident Management and Service Desk SOP
    • DRP Summary Template
    • Service Desk Standard Operating Procedure
    • HAM Standard Operating Procedures
    • SAM Standard Operating Procedures
    [infographic]

    Further reading

    Develop Infrastructure & Operations Policies and Procedures

    Document what you need to document and forget the rest.

    Table of contents

    Project Rationale

    Project Outlines

    • Phase 1: Identify Policy and Procedure Gaps
    • Phase 2: Develop Policies
    • Phase 3: Document Effective Procedures

    Bibliography

    ANALYST PERSPECTIVE

    Document what you need to document now and forget the rest.

    "Most IT organizations struggle to create and maintain effective policies and procedures, despite known improvements to consistency, compliance, knowledge transfer, and transparency.

    The numbers are staggering. Fully three-quarters of IT professionals believe their policies need improvement, and the same proportion of organizations don’t update procedures as required.

    At the same time, organizations that over-document and under-document perform equally poorly on key measures such as policy quality and policy adherence. Take a practical, step-by-step approach that prioritizes the documentation you need now. Leave the rest for later."

    (Andrew Sharp, Research Manager, Infrastructure & Operations Practice, Info-Tech Research Group)

    Our understanding of the problem

    This Research Is Designed For:

    • Infrastructure Managers
    • Chief Technology Officers
    • IT Security Managers

    This Research Will Help You:

    • Address policy gaps
    • Develop effective procedures and procedure documentation to support policy compliance

    This Research Will Also Assist:

    • Chief Information Officers
    • Enterprise Risk and Compliance Officers
    • Chief Human Resources Officers
    • Systems Administrators and Engineers

    This Research Will Help Them:

    • Understand the importance of a coherent approach to policy development
    • Understand the importance of Infrastructure & Operations policies
    • Support Infrastructure & Operations policy development and enforcement

    Info-Tech Best Practice

    This blueprint supports templates for key policies and procedures that help Infrastructure & Operations teams to govern and manage internal operations. For security policies, see the NIST SP 800-171 aligned Info-Tech blueprint, Develop and Deploy Security Policies.

    Executive Summary

    Situation

    • Time and money are wasted dealing with mistakes or missteps that should have been addressed by procedures or policies.
    • Standard operating procedures are less effective without a policy to provide a clear mandate and direction.

    Complication

    • Existing policies were written, approved, signed – and forgotten for years because no one has time to maintain them.
    • Adhering to policies is rarely a priority, as compliance often feels like an impediment to getting work done.
    • Processes aren’t measured or audited to assess policy compliance, which makes enforcing the policies next to impossible.

    Resolution

    • Start with a comprehensive policy framework to help you identify policy gaps. Prioritize and address those policy gaps.
    • Create effective policies that are reasonable, measurable, auditable, and enforceable.
    • Create and document procedures to support policy changes.

    Info-Tech Insight

    1. Document what you need to document and forget the rest.
      Always check if a previously approved policy exists before you create a new one. You may only need to create new guidelines or standards rather than approve a new policy.
    2. Support policies with documented procedures.
      Build procedures that embed policy adherence in daily operations. Find opportunities to automate policy adherence (e.g. removing local admin rights from user computers).

    What are policies, procedures, and processes?

    A policy is a governing document that states the long-term goals of the organization and in broad strokes outlines how they will be achieved (e.g. a Data Protection Policy).

    In the context of policies, a procedure is composed of the steps required to complete a task (e.g. a Backup and Restore Procedure). Procedures are informed by required standards and recommended guidelines. Processes, guidelines, and standards are three pillars that support the achievement of policy goals.

    A process is higher level than a procedure – a set of tasks that deliver on an organizational goal.

    Better policies and procedures reduce organizational risk and, by strengthening the ability to execute processes, enhance the organization’s ability to execute on its goals.

    Visualization of policies, procedures, and processes using pillars. Two separate structures, 'Policy A' and 'Policy B', are each held up by three pillars labelled 'Standards', 'Procedures', and 'Guidelines'. Two lines pass through the pillars of both structures and are each labelled 'Value-creating process'.

    Document to improve governance and operational processes

    Deliver value

    Build, deliver, and support Infrastructure assets in a consistent way, which ultimately reduces costs associated with downtime, errors, and rework. A good manual process is the foundation for a good automated process.

    Simplify Training

    Use documentation for knowledge transfer. Routine tasks can be delegated to less-experienced staff.

    Maintain compliance

    Comply with laws and regulations. Policies are often required for compliance, and formally documented and enforced policies help the organization maintain compliance by mandating required due diligence, risk reduction, and reporting activities.

    Provide transparency

    Build an open kitchen. Other areas of the organization may not understand how Infra & Ops works. Your documentation can provide the answer to the perennial question: “Why does that take so long?”

    Info-Tech Best Practice

    Governance goals must be supported with effective, well-aligned procedures and processes. Use Info-Tech’s research to support the key Infrastructure & Operations processes that enable your business to create value.

    Document what you need to document – and forget the rest

    Half of all organizations believe their policy suite is insufficient. (Info-Tech myPolicies Survey Data (N=59))

    Pie chart with three sections labelled 'Too Many Policies and Procedures 14%', 'Adequate Policies and Procedures 37%', 'Insufficient Policies and Procedures 49%'

    Too much documentation and a lack of documentation are both ineffective. (Info-Tech myPolicies Survey Data (N=59))

    Two bar charts labelled 'Policy Adherence' and 'Policy Quality' each with three bars representing 'Too Many Policies and Procedures', 'Insufficient Policies and Procedures', and 'Adequate Policies and Procedures'. The values shown are an average score out of 5. For Policy Adherence: Too Many is 2.4, Insufficient is 2.1, and Adequate is 3.2. For Policy Quality: Too Many is 2.9, Insufficient is 2.6, and Adequate is 4.1.

    77% of IT professionals believe their policies require improvement. (Kaspersky Lab)

    Presenting: A COBIT-aligned policy suite

    We’ve developed a suite of effective policy templates for every Infra & Ops manager based on Info-Tech’s IT Management & Governance Framework.

    Policy templates and the related aspects of Info-Tech's IT Management & Governance Framework

    Info-Tech Best Practice

    Look for these symbols as you work through the deck. Prioritize and focus on the policies you work on first based on the value of the policy to the enterprise and the existing gaps in your governance structure.

    Project outline

    Phases

    1. Identify policy and procedure gaps 2. Develop policies 3. Document effective procedures

    Steps

    • Review and right-size the existing policy set
    • Create an action plan to address policy gaps
    • Modify policy templates and gather feedback
    • Implement, enforce, measure, and maintain new policies
    • Scope and outline procedures
    • Document and maintain procedures

    Outcomes

    Action list of policy and procedure gaps New or updated Infrastructure & Operations policies Procedure documentation

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Accelerate policy development with a Guided Implementation

    Your trusted advisor is just a call away.

    • Identify Policy and Procedure Gaps (Calls 1-2)
      Assess current policies, operational challenges, and gaps. Mitigate significant risks first.
    • Create and Review Policies (Calls 2-4)
      Modify and review policy templates with an Info-Tech analyst.
    • Create and Review Procedures (Calls 4-6)
      Workflow procedures, using templates wherever possible. Review documentation best practices.

    Contact Info-Tech to set up a Guided Implementation with a dedicated advisor who will walk you through every stage of your policy development project.

    Develop Infrastructure & Operations Policies and Procedures

    Phase 1

    Identify Policy and Procedure Gaps

    PHASE 1: Identify Policy and Procedure Gaps

    Step 1.1: Review and right-size the existing policy set

    This step will walk you through the following activities:

    • Identify gaps in your existing policy suite
    • Document challenges to core Infrastructure & Operations processes
    • Identify documentation that can close gaps
    • Prioritize your documentation effort

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Infrastructure Supervisors

    Results & Insights

    • Results: A review of the existing policy suite and identification of opportunities for improvement.
    • Insights: Not all gaps necessarily require a fresh policy. Repurpose, refresh, or supplement existing documentation wherever appropriate.

    Conduct a policy review

    Associated Activity icon 1(a) 30 minutes per policy

    You’ve got time to review your policy suite. Make the most of it.

    1. Start with organizational requirements.
      • What initiatives are on the go? What policies or procedures do you have a mandate to create?
    2. Weed out expired and dated policies.
      • Gather your existing policies. Identify when each one was published or last reviewed.
      • Decide whether to retire, merge, or update expired or obviously dated policy.
    3. Review policy statements.
      • Check that the organization is adequately supporting policy statements with SOPs, standards, and guidelines. Ensure role-related information is up to date.
    4. Document and bring any gaps forward to the next activity. If no action is required, indicate that you have completed a review and submit the findings for approval.

    But they just want one policy...

    A review of your policy suite is good practice, especially when it hasn’t been done for a while. Why?
    • Existing policies may address what you’re trying to do with a new policy. Using or modifying an existing policy avoids overlap and contradiction and saves you the effort required to create, communicate, approve, and maintain a new policy.
    • Review the suite to validate that you’re addressing the most important challenges first.

    Brainstorm improvements for core Infrastructure & Operations processes

    Associated Activity icon 1(b) 1 hour

    Supplement the list of gaps from your policy review with process challenges.

    1. Write out key Infra & Ops–related processes – one piece of flipchart paper per process. You can work through all of these processes or cherry-pick the processes you want to improve first.
    2. With participants, write out in point form how you currently execute on these processes (e.g. for Asset Management, you might be tagging hardware, tracking licenses, etc.)
    3. Work through a “Start – Stop – Continue” exercise. Ask participants: What should we start doing? What must we stop doing? What do we do currently that’s valuable and must continue? Write ideas on sticky notes.
    4. Once you’ve worked through the “Start – Stop – Continue” exercise for all processes, group similar suggestions for improvements.

    Asset Management: Manage hardware and software assets across their lifecycle to protect assets and manage costs.

    Availability and Capacity Management: Balance current and future availability, capacity, and performance needs with cost-to-serve.

    Business Continuity Management: Continue operation of critical business processes and IT services.

    Change Management: Deliver technical changes in a controlled manner.

    Configuration Management: Define and maintain relationships between technical components.

    Problem Management: Identify incident root cause.

    Operations Management: Coordinate operations.

    Release and Patch Management: Deliver updates and manage vulnerabilities in a controlled manner.

    Service Desk: Respond to user requests and all incidents.

    PHASE 1: Identify Policy and Procedure Gaps

    Step 1.2: Create an action plan to address policy gaps

    This step will walk you through the following activities:

    • Identify challenges and gaps that can be addressed via documentation
    • Prioritize high-value, high-risk gaps

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Infrastructure Supervisors

    Results & Insights

    • Results: An action plan to tackle policy and procedures gaps, aligned with business requirements and business value.
    • Insights: Not all documentation is equally valuable. Prioritize documentation that delivers value and mitigates risk.

    Support policies with procedures, standards, and guidelines

    Use a working definition for each type of document.

    Policy: Directives, rules, and mandates that support the overarching, long-term goals of the organization.

    • Standards: Prescriptive, uniform requirements.
    • Procedures: Specific, detailed, step-by-step instructions for completing a task.
    • Guidelines: Non-enforceable, recommended best practices.

    Info-Tech Best Practice

    Take advantage of your Info-Tech advisory membership by scheduling review sessions with an analyst. We provide high-level feedback to ensure your documentation is clear, concise, and consistent and aligns with the governance objectives you’ve identified.

    Answer the following questions to decide if governance documentation can help close gaps

    Associated Activity icon 1(c) 30 minutes

    Documentation supports knowledge sharing, process consistency, compliance, and transparency. Ask the following questions:

    1. What is the purpose of the documentation?
      Procedures support task completion. Policies set direction and manage organizational risk.
    2. Should it be enforceable?
      Policies and standards are enforceable; guidelines are not. Procedures are enforceable in that they should support policy enforcement.
    3. What is the scope?
      To document a task, create a procedure. Set overarching rules with policies. Use standards and guidelines to set detailed rules and best practices.
    4. What’s the expected cadence for updates?
      Policies should be revisited and revised less frequently than procedures.

    Info-Tech Best Practice

    Reinvent the wheel? I don’t think so!

    Always check to see if a gap can be addressed with existing tools before drafting a new policy

    • Is there an existing policy that could be supported with new or updated procedures, technical standards, or guidelines?
    • Is there a technical control you can deploy that would enforce the terms of an existing, approved policy?
    • It may be simpler to amend an existing policy instead of creating a new one.

    Some problems can’t be solved by better documentation (or by documentation alone). Consider additional strategies that address people, process, and technology.

    Tackle high-value, high-risk gaps first

    Associated Activity icon 1(d) 30 minutes

    Prioritize your documentation effort.

    1. List each proposed piece of documentation on the board.
    2. Assign a score to the risk posed to the business by the lack of documentation and to the expected benefit of completing the documentation. Use a scoring scale between 1 and 3 such as the one on the right.
    3. Prioritize documentation that mitigates risks and maximizes benefits.
    4. If you need to break ties, consider effort required to develop, implement, and enforce policies or procedures.

    Example Scoring Scale

    Score Business risk of missing documentation Business benefit of value of documentation

    1

    Low: Affects ad hoc activities or non-critical data. Low: Minimal impact.

    2

    Moderate: Impacts productivity or internal goodwill. Moderate: Required periodically; some cross-training opportunities.

    3

    High: Impacts revenue, safety, or external goodwill. High: Save time for common or ongoing processes; extensive improvement to training/knowledge transfer.

    Info-Tech Insight

    Documentation pulls resources away from other important programs and projects, so ultimately it must be a demonstrably higher priority than other work. This exercise is designed to align documentation efforts with business goals.

    Phase 1: Review accomplishments

    Policy pillars: Standards, Procedures, Guidelines

    Summary of Accomplishments

    • Identified gaps in the existing policy suite and identified pain points in existing Infra & Ops processes.
    • Developed a list of policies and procedures that can address existing gaps and prioritized the documentation effort.

    Develop Infrastructure & Operations Policies and Procedures

    Phase 2

    Develop Policies

    PHASE 2: Develop Policies

    Step 2.1: Modify policy templates and gather feedback

    This step will walk you through the following activities:

    • Modify policy templates

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Technical Writer

    Results & Insights

    • Results: Your own COBIT-aligned policies built by modifying Info-Tech templates.
    • Insights: Effective policies are easy to read and navigate.

    Write Good-er: Be Clear, Consistent, and Concise

    Effective policies adhere to the three Cs of documentation.

    1. Be clear. Make it as easy as possible for a user to learn how to comply with your policy.
    2. Be consistent. Write policies that complement each other, not contradict each other.
    3. Be concise. Make it as quick and easy as possible to read and understand your policy.

    Info-Tech Best Practice

    To download the full suite of templates all at once, click the “Download Research” button on the research landing page on the website.

    Use the three Cs: Be Clear

    Understanding makes compliance possible. Create policy with the goal of making compliance as easy as possible. Use positive, simple language to convey your intentions and rationale to your audience. Staff will make an effort adhere to your policy when they understand the need and are able to comply with the terms.

    1. Choose a skilled writer. Select a writer who can write clearly and succinctly.
    2. Default to simple language and define key terms. Define scope and key terms upfront. Avoid using technical terms outside of technical documentation; if they’re necessary be sure to define them as well.
    3. Use active, positive language. Where possible, tell people what they can do, not what they can’t.
    4. Keep the structure simple. Complicated documents are less likely to be understood and read. Use short sentences and paragraphs. Lists are a helpful way to summarize important information. Guide your reader through the document with appropriately named section headers, tables of contents, and numeration.
    5. Add a process for handling exceptions. Refer to procedures, standards, and guidelines documentation. Try to keep these links as static as possible. Also, refer to a process for handling exceptions.
    6. Manage the integrity of electronic documents. When published electronically, the policy should have restricted editing access or should be published in a non-editable format. Access to the procedure and policy storage database for employees should be read-only.

    Info-Tech Insight

    Highly effective policies are easy to navigate. Your policies should be “skimmable.” Very few people will fully read a policy before accepting it. Make it easy to navigate so the reader can easily find the policy statements that apply to them.

    Use the three Cs: Be Consistent

    Ensure that policies are aligned with other organizational policies and procedures. It detracts from compliance if different policies prescribe different behavior in the same situation. Moreover, your policies should reflect the corporate culture and other company standards. Use your policies to communicate rules and get employees aligned with how your company works.

    1. Use standard sentences and paragraphs. Policies are usually expressed in short, standard sentences. Lists should also be used when necessary or appropriate.
    2. Remember the three Ws. When writing a policy, always be sure to clearly state what the rule is, when it should be applied, and who needs to follow it. Policies should clearly define their scope of application and whether directives are mandatory or recommended.
    3. Use an outline format. Using a numbered or outline format will make a document easier to read and will make content easier to look up when referring back to the document at a later time.
    4. Avoid amendments. Avoid the use of information that is quickly outdated and requires regular amendment (e.g. names of people).
    5. Reference a set of supplementary documents. Codify your tactics outside of the policy document, but make reference to them within the text. This makes it easier to ensure consistency in the behavior prescribed by your policies.

    "One of the issues is the perception that policies are rules and regulations. Instead, your policies should be used to say ‘this is the way we do things around here.’" (Mike Hughes CISA CGEIT CRISC, Principal Director, Haines-Watts GRC)

    Use the three Cs: Be Concise

    Reading and understanding policies shouldn’t be challenging, and it shouldn’t significantly detract from productive time. Long policies are more difficult to read and understand, increasing the work required for employees to comply with them. Put it this way: How often do you read the Terms and Conditions of software you’ve installed before accepting them?

    1. Be direct. The quicker you get to the point, the easier it is for the reader to interpret and comply with your policy.
    2. Your policy is a rule, not a recipe. Your policy should outline what needs to be accomplished and why – your standards, guidelines, and SOPs address the how.
    3. Keep policies short. Nobody wants to read a huge policy book, so keep your policies short.
    4. Use additional documentation where needed. In addition to making consistency easier, this shortens the length of your policies, making them easier to read.
    5. Policy still too large? Modularize it. If you have an extremely large policy, it’s likely that it’s too widely scoped or that you’re including statements that should be part of procedure documentation. Consider breaking your policy into smaller, focused, more digestible documents.

    "If the policy’s too large, people aren’t going to read it. Why read something that doesn’t apply to me?" (Carole Fennelly, Owner and Principal, cFennelly Consulting)

    "I always try to strike a good balance between length and prescriptiveness when writing policy. Your policies … should be short and describe the problem and your approach to solving it. Below policies, you write standards, guidelines, and SOPs." (Michael Deskin, Policy and Technical Writer, Canadian Nuclear Safety Commission)

    Customize policy documents

    Associated Activity icon 2(a) 1-2 hours per policy

    Use the policies templates to support key Infrastructure & Operations programs.

    INPUT: List of prioritized policies

    OUTPUT: Written policy drafts ready for review

    Materials: Policy templates

    Participants: Policy writer, Signing authority

    No policy template will be a perfect fit for your organization. Use Info-Tech’s research to develop your organization’s program requirements. Customize the policy templates to support those requirements.

    1. Work through policies from highest to lowest priority as defined in Phase 1.
    2. Follow the instructions written in grey text to customize the policy. Follow the three Cs when you write your policy.
    3. When your draft is finished, prepare to request signoff from your signing authority by reviewing the draft with an Info-Tech analyst.
    4. Complete the highest ranked three or four draft policies. Review all these policies with relevant stakeholders and include all relevant signing authorities in the signoff process.
    5. Rinse and repeat. Iterate until all relevant polices are complete.

    Request, Incident, and Problem Management

    An effective, timely service desk correlates with higher overall end-user satisfaction across all other IT services. (Info-Tech Research Group, 2016 (N=25,998))

    An icon for the 'DSS02 Service Desk' template. An icon for the 'DSS03 Incident and Problem Management' template.

    Use the following template to create a policy that outlines the goals and mandate for your service and support organization:

    • IT Triage and Support Policy

    Support the program and associated policy statements using Info-Tech’s research:

    • Standardize the Service Desk
    • Incident and Problem Management
    • Design & Build a User-Facing Service Catalog

    Embrace Standardization

    • Outline the support and service mandate with the policy. Support the policy with the methodology in Info-Tech’s research.
    • Over time, organizations without standardized processes face confusion, redundancies, and cost overruns. Standardization avoids wasting energy and effort building new solutions to solved issues.
    • Standard processes for IT services define repeatable approaches to work and sandbox creative activities.
    • Create tickets for every task and categorize them using a standard classification system. Use the resulting data to support root-cause analysis and long-term trend management.
    • Create a single point of contact for users for all incidents and requests. Escalate and resolve tickets faster.
    • Empower end users and technicians with knowledge bases that help them solve problems without intervention.

    Change, Release, and Patch Management

    Slow turnaround, unauthorized changes, and change-related incidents are all too familiar to many managers.

    An icon for the 'BAI06 Change Management' template. An icon for the 'BAI07 Release Management' template.

    Use the following templates to create policies that define effective patch, release, and change management:

    • Change Management Policy
    • Release and Patch Management Policy
    • Change Control – Freezes & Risk Evaluation Policy

    Ensure the policy is supported by using the following Info-Tech research:

    • Optimize Change Management

    Embrace Change

    • IT system owners resist change management when they see it as slow and bureaucratic.
    • At the same time, an increasingly interlinked technical environment may cause issues to appear in unexpected places. Configuration management systems are often not kept up to date, so preventable conflicts get missed.
    • No process exists to support the identification and deployment of critical security patches. Tracking down users to find a maintenance window takes significant, dedicated effort and intervention from the management team.
    • Create a unified change management process that reduces risk and is balanced in its approach toward deploying changes, while also maintaining throughput of patches, fixes, enhancements, and innovation.

    IT Asset Management (ITAM)

    A proactive, dynamic ITAM program will pay dividends in support, contract management, appropriate provisioning, and more.

    An icon for the 'BAI09 Asset Management' template.

    Start by outlining the requirements for effective asset management:

    • Hardware Asset Management Policy
    • Software Asset Management Policy

    Support ITAM policies with the following Info-Tech research:

    • Implement IT Asset Management

    Leverage Asset Data

    • Create effective, directional policies for your asset management program that provide a mandate for action. Support the policies with robust procedures, capable staff, and right-fit technology solutions.
    • Poor management of assets generally leads to higher costs due to duplicated purchases, early replacement, loss, and so on.
    • Visibility into asset location and ownership improves security and accountability.
    • A centralized repository of asset data supports request fulfilment and incident management.
    • Asset management is an ongoing program, not a one-off project, and must be resourced accordingly. Organizations often implement an asset management program and let it stagnate.

    "Many of the large data breaches you hear about… nobody told the sysadmin the client data was on that server. So they weren’t protecting and monitoring it." (Carole Fennelly, Owner and Principal, cFennelly Consulting)

    Business Continuity Management (BCM)

    Streamline the traditional approach to make BCM practical and repeatable.

    An icon for the 'DSS04 DR and Business Continuity' template.

    Set the direction and requirements for effective BCM:

    • Business Continuity Management Policy

    Support the BCM policy with the following Info-Tech research:

    • Create a Right-Sized Disaster Recovery Plan
    • Develop a Business Continuity Plan

    Build Organizational Resilience

    • Evidence of disaster recovery and business continuity planning is increasingly required to comply with regulations, mitigate business risk, and meet customer demands.
    • IT leaders are often asked to take the lead on business continuity, but overall accountability for business continuity rests with the board of directors, and each business unit must create and maintain its business continuity plan.
    • Set an organizational mandate for BCM with the policy.
    • Divide the business continuity mandate into manageable parcels of work. Follow Info-Tech’s practical methodology to tackle key disaster recovery and business continuity planning activities one at a time.

    Info-Tech Best Practice

    Governance goals must be supported with effective, well-aligned procedures and processes. Use Info-Tech’s research to support the key Infrastructure & Operations processes that enable your business to create value.

    Availability, Capacity, and Operations Management

    What was old is new again. Use time-tested techniques to manage and plan cloud capacity and costs.

    An icon for the 'BAI04 Availability and Capacity Management' template. An icon for the 'DSS01 Operations Management' template. An icon for the 'BAI10 Configuration Management' template.

    Set the direction and requirements for effective availability and capacity management:

    • Availability and Capacity Management Policy
    • System Maintenance Policy – NIST

    Support the policy with the following Info-Tech research:

    • Develop an Availability and Capacity Management Plan
    • Improve IT Operations Management
    • Develop an IT Infrastructure Services Playbook

    Mature Service Delivery

    • Hybrid IT deployments – managing multiple locations, delivery models, and service providers – are the future of IT. Hybrid deployments significantly complicate capacity planning and operations management.
    • Effective operations management practices develop structured processes to automate activities and increase process consistency across the IT organization, ultimately improving IT efficiency.
    • Trying to add mature service delivery can feel like playing whack-a-mole. Systematically improve your service capabilities using the tactical, iterative approach outlined in Improve IT Operations Management.

    Enhance your overall security posture with a defensible, prescriptive policy suite

    Align your security policy suite with NIST Special Publication 800-171.

    Security policies support the organization’s larger security program. We’ve created a dedicated research blueprint and a set of templates that will help you build security policies around a robust framework.

    • Start with a security charter that aligns the security program with organizational objectives.
    • Prioritize security policies that address significant risks.
    • Work with technical and business stakeholders to adapt Info-Tech’s NIST SP 800-171–aligned policy templates (at right) to reflect your organizational objectives.

    A diagram listing all the different elements in a 'Security Charter': 'Access Control', 'Audit & Acc.', 'Awareness and Training', 'Config. Mgmt.', 'Identification and Auth.', 'Incident Response', 'Maintenance', 'Media Protection', 'Personnel Security', 'Physical Protection', 'Risk Assessment', 'Security Assessment', 'System and Comm. Protection', and 'System and Information Integrity'.

    Review and download Info-Tech's blueprint Develop and Deploy Security Policies.

    Info-Tech Best Practice

    Customize Info-Tech’s policy framework to align your policy suite to NIST SP 800-171. Given NIST’s requirements for the control of confidential information, organizations that align their policies to NIST standards will be in a strong governance position.

    PHASE 2: Develop Policies

    Step 2.2: Implement, enforce, measure, and maintain new policies

    This step will walk you through the following activities:

    • Gather stakeholder feedback
    • Identify preventive and detective controls
    • Identify required supports
    • Seek policy approval
    • Establish roles and responsibilities for policy maintenance

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Infrastructure Supervisors
    • Technical Writer
    • Policy Stakeholders

    Results & Insights

    • Results: Well-supported policies that have received signoff.
    • Insights: If you’re not prepared to enforce the policy, you might not actually need a policy. Use the policy statements as guidelines or standards, create and implement procedures, and build a culture of compliance. Once you can confidently execute on required controls, seek signoff.

    Gather feedback from users to assess the feasibility of the new policies

    Associated Activity icon 2(b) Review period: 1-2 weeks

    Once the policies are drafted, roundtable the drafts with stakeholders.

    INPUT: Draft policies

    OUTPUT: Reviewed policy drafts ready for approval

    Materials: Policy drafts

    Participants: Policy stakeholders

    1. Form a test group of users who will be affected by the policy in different ways. Keep the group to around five staff.
    2. Present new policies to the testers. Allow them to read the documents and attempt to comply with the new policies in their daily routines.
    3. Collect feedback from the group.
      • Consider using interviews, email surveys, chat channels, or group discussions.
      • Solicit ideas on how policy statements could be improved or streamlined.
    4. Make reasonable changes to the first draft of the policies before submitting them for approval. Policies will only be followed if they’re realistic and user friendly.

    Info-Tech Best Practice

    Allow staff the opportunity to provide input on policy development. Giving employees a say in policy development helps avoid obstacles down the road. This is especially true if you’re trying to change behavior rather than lock it in.

    Develop mechanisms for monitoring and enforcement

    Associated Activity icon 2(c) 20 minutes per policy

    Brainstorm preventive and detective controls.

    INPUT: Draft policies

    OUTPUT: Reviewed policy drafts ready for approval

    Materials: Policy drafts

    Participants: Policy stakeholders

    Preventive controls are designed to discourage or pre-empt policy breaches before they occur. Training, approvals processes, and segregation of duties are examples of preventive controls. (Ohio University)

    Detective controls help enforce the policy by identifying breaches after they occur. Forensic analysis and event log auditing are examples of detective controls. (Ohio University)

    Not all policies require the same level of enforcement. Policies that are required by law or regulation generally require stricter enforcement than policies that outline best practices or organizational values.

    Identify controls and enforcement mechanisms that are in line with policy requirements. Build control and enforcement into procedure documentation as needed.

    Suggestions:

    1. Have staff sign off on policies. Disclose any monitoring/surveillance.
    2. Ensure consequences match the severity of the infraction. Document infractions and ensure that enforcement is applied consistently across all infractions.
    3. Automatic controls shouldn’t get in the way of people’s ability to do their jobs. Test controls with users before you roll them out widely.

    Support the policy before seeking approval

    A policy is only as strong as its supporting pillars.

    Create Standards

    Standards are requirements that support policy adherence. Server builds and images, purchase approval criteria, and vulnerability severity definitions can all be examples of standards that improve policy adherence.

    Where reasonable, use automated controls to enforce standards. If you automate the control, consider how you’ll handle exceptions.

    Create Guidelines

    If no standards exist – or best practices can’t be monitored and enforced, as standards require – write guidelines to help users remain in compliance with the policy.

    Create Procedures: We’ll cover procedure development and documentation in Phase 3.

    Info-Tech Insight

    In general, failing to follow or strictly enforce a policy creates a risk for the business. If you’re not confident a policy will be followed or enforced, consider using policy statements as guidelines or standards as an interim measure as you update procedures and communicate and roll out changes that support adherence and enforcement.

    Seek approval and communicate the policy

    Policies ultimately need to be accepted by the business.

    • Once the drafts are completed, identify who is in charge of approving the policies.
    • Ensure all stakeholders understand the importance, context, and repercussions of the policies.
    • The approvals process is about appropriate oversight of the drafted policies. For example:
      • Do the policies satisfy compliance and regulatory requirements?
      • Do the policies work with the corporate culture?
      • Do the policies address the underlying need?

    If the draft is rejected:

    • Acquire feedback and make revisions.
    • Resubmit for approval.

    If the draft is approved:

    • Set the effective date and a review date.
    • Begin communication, training, and implementation.
    • Employees must know that there are new policies and understand the steps they must take to comply with the policies in their work.
    • Employees must be able to interpret, understand, and know how to act upon the information they find in the policies.
    • Employees must be informed on where to get help or ask questions and from whom to request policy exceptions.

    "A lot of board members and executive management teams… don’t understand the technology and the risks posed by it." (Carole Fennelly, Owner and Principal, cFennelly Consulting)

    Identify policy management roles and responsibilities

    Associated Activity icon 2(d) 30 minutes

    Discuss and assign roles and responsibilities for ongoing policy management.

    Role

    Responsibilities

    Executive sponsor

  • Supports the program at the highest levels of the business, as needed
  • Program lead

  • Leads the Infrastructure & Operations policy management program
  • Identifies and communicates status updates to the executive sponsor and the project team
  • Coordinates business demands and interviews and organizes stakeholders to identify requirements
  • Manages the work team and coordinates policy rollout
  • Policy writer

  • Authors and updates policies based on requirements
  • Coordinates with outsourced editor for completion of written documents
  • IT infrastructure SMEs

  • Provide technical insight into capabilities and limitations of infrastructure systems
  • Provide advice on possible controls that can aid policy rollout, monitoring, and enforcement
  • Legal expert

  • Provides legal advice on the policy’s legal terms and enforceability
  • "Whether at the level of a government, a department, or a sub-organization: technology and policy expertise complement one another and must be part of the conversation." (Peter Sheingold, Portfolio Manager, Cybersecurity, MITRE Corporation)

    Phase 2: Review accomplishments

    Effective Policies: Clear, Consistent, and Concise

    An icon for the 'DSS02 Service Desk' template.

    An icon for the 'DSS03 Incident and Problem Management' template.

    An icon for the 'BAI06 Change Management' template.

    An icon for the 'BAI07 Release Management' template.

    An icon for the 'BAI09 Asset Management' template.

    An icon for the 'DSS04 DR and Business Continuity' template.

    An icon for the 'BAI04 Availability and Capacity Management' template.

    An icon for the 'DSS01 Operations Management' template.

    An icon for the 'BAI10 Configuration Management' template.

    Summary of Accomplishments

    • Built priority policies based on templates aligned with the IT Management & Governance Framework and COBIT 5.
    • Reviewed controls and policy supports.
    • Assigned roles and responsibilities for ongoing policy maintenance.

    Develop Infrastructure & Operations Policies and Procedures

    Phase 3

    Document Effective Procedures

    PHASE 3: Document Effective Procedures

    Step 3.1: Scope and outline procedures

    This step will walk you through the following activities:

    • Prioritize SOP documentation
    • Draft workflows using a tabletop exercise
    • Modify templates, as applicable

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Technical Writer
    • Infrastructure Supervisors

    Results & Insights

    • Results: An action plan for SOP documentation and an outline of procedure workflows.
    • Insights: Don’t let tools get in the way of documentation – low-tech solutions are often the most effective way to build and analyze workflows.

    Prioritize your SOP documentation effort

    Associated Activity icon 3(a) 1-2 hours

    Build SOP documentation that gets used and doesn’t just check a box.

    1. Review the list of procedure gaps from Phase 1. Are any other procedures needed? Are some of the procedures now redundant?
    2. Establish the scope of the proposed procedures. Who are the stakeholders? What policies do they support?
    3. Run a basic prioritization exercise using a three-point scale. Higher scores mean greater risks or greater benefits. Score the risk of the undocumented procedure to the business (e.g. potential effect on data, productivity, goodwill, health and safety, or compliance). Score the benefit to the business of documenting the procedure (e.g. throughput improvements or knowledge transfer).
    4. Different procedures require different formats. Decide on one or more formats that can help you effectively document the procedure:
      • Flowcharts: Depict workflows and decision points. Provide an at-a-glance view that is easy to follow. Can be supported by checklists and diagrams where more detail is required.
      • Checklists: A reminder of what to do, rather than how to do it. Keep instructions brief.
      • Diagrams: Visualize objects, topologies, and connections for reference purposes.
      • Tables: Establish relationships between related categories.
      • Prose: Use full-text instructions where other documentation strategies are insufficient.

    Modify the following Info-Tech templates for larger SOPs

    Support these processes...

    ...with these blueprints...

    ...to create SOPs using these templates.

    An icon for the 'DSS04 DR and Business Continuity' template. Create a Right-Sized Disaster Recovery Plan DRP Summary
    An icon for the 'BAI09 Asset Management' template. Implement IT Asset Management HAM SOP and SAM SOP
    An icon for the 'BAI06 Change Management' template. An icon for the 'BAI07 Release Management' template. Optimize Change Management Change Management SOP
    An icon for the 'DSS02 Service Desk' template. An icon for the 'DSS03 Incident and Problem Management' template. Standardize the Service Desk Service Desk SOP

    Use tabletop planning or whiteboards to draft workflows

    Associated Activity icon 3(b) 30 minutes

    Tabletop planning is a paper-based exercise in which your team walks through a particular process and maps out what happens at each stage.

    OUTPUT: Steps in the current process for one SOP

    Materials: Tabletop, pen, and cue cards

    Participants: Process owners, SMEs

    1. For this exercise, choose one particular process to document.
    2. Document each step of the process on cue cards, which can be arranged on the table in sequence.
    3. Be sure to include task ownership in your steps.
    4. Map out the process as it currently happens – we’ll think about how to improve it later.
    5. Keep focused. Stay on task and on time.

    Example:

    • Step 3: PM reviews new defects daily
    • Step 4: PM assigns defects to tech leads
    • Step 5: Assigned resource updates status – frequency is based on ticket priority

    Info-Tech Insight

    Don’t get weighed down by tools. Relying on software or other technological tools can detract from the exercise. Use simple tools such as cue cards to record steps so that you can easily rearrange steps or insert steps based on input from the group.

    Collaborate to optimize the SOP

    Associated Activity icon 3(c) 30 minutes

    Review the tabletop exercise. What gaps exist in current processes?
    How can the processes be made better? What are the outputs and checkpoints?

    OUTPUT: Identify steps to optimize the SOP

    Materials: Tabletop, pen, and cue cards

    Participants: Process owners, SMEs

    Example:

    • Step 3: PM reviews new defects daily
    • NEW STEP: Schedule 10-minute daily defect reviews with PM and tech leads to evaluate ticket priority
    • Step 4: PM assigns defects to tech leads
    • Step 5: Assigned resource updates status – frequency is based on ticket priority
      • Step 5 Subprocess: Ticket status update
      • Step 5 Output: Ticket status moved to OPEN by assigned resource – acknowledges receipt by assigned resource

    A note on colors: Use white cards to record steps. Record gaps on yellow cards (e.g. a process step not documented) and risks on red cards (e.g. only one person knows how to execute a step) to highlight your gaps/to-dos and risks to be mitigated or accepted.

    If it’s necessary to clarify complex process flows during the exercise, you can also use green cards for decision diamonds, purple for document/report outputs, and blue for subprocesses.

    PHASE 3: Document Effective Procedures

    Step 3.2: Document effective procedures

    This step will walk you through the following activities:

    • Document workflows, checklists, and diagrams
    • Establish a cadence for document review and updates

    This step involves the following participants:

    • Infrastructure Manager
    • Technical Writer

    Results & Insights

    • Results: Improved SOP documentation and document management practices.
    • Insights: It’s possible to keep up with changes if you put the right cues and accountabilities in place. Include document review in project and change management procedures and hold staff accountable for completion.

    Document workflows with flowcharting software

    Suggestions for workflow documentation

    • Whether you draft the workflow on a whiteboard or using cue cards, the first iteration is usually messy. Clean up the flow as you document the results of the exercise.
    • Make the workflow as simple as possible and no simpler. Eliminate any decision points that aren’t strictly necessary to complete the procedure.
    • Use standard flowchart shapes (see next slide).
    • Use links to connect to related documentation.
    • Review the documented workflow with participants.

    Download the following workflow examples:

    Establish flowcharting standards

    If you don’t have existing flowchart standards, then keep it simple and stick to basic flowcharting conventions as described below.

    Basic flowcharting convention: a circle can be used for 'Start, End, and Connector'. Start, End, and Connector: Traditional flowcharting standards reserve this shape for connectors to other flowcharts or other points in the existing flowchart. Unified Modeling Language (UML) also uses the circle for start and end points.
    Basic flowcharting convention: a rounded rectangle can be used for 'Start and End'. Start and End: Traditional flowcharting standards use this for start and end. However, Info-Tech recommends using the circle shape to reduce the number of shapes and avoid confusion with other similar shapes.
    Basic flowcharting convention: a rectangle can be used for 'Process Step'. Process Step: Individual process steps or activities (e.g. create ticket or escalate ticket). If it’s a series of steps, then use the subprocess symbol and flowchart the subprocess separately.
    Basic flowcharting convention: a rectangle with double-line on the ends can be used for 'Subprocess'. Subprocess: A series of steps. For example, a critical incident SOP might reference a recovery process as one of the possible actions. Marking it as a subprocess, rather than listing each step within the critical incident SOP, streamlines the flowchart and avoids overlap with other flowcharts (e.g. the recovery process).
    Basic flowcharting convention: a diamond can be used for 'Decision'. Decision: Represents decision points, typically with Yes/No branches, but you could have other branches depending on the question (e.g. a “Priority?” question could branch into separate streams for Priority 1, 2, 3, 4, and 5 issues).
    Basic flowcharting convention: a rectangle with a wavy bottom can be used for 'Document/Report Output'. Document/Report Output: For example, the output from a backup process might include an error log.

    Support workflows with checklists and diagrams

    Diagrams

    • Diagrams are a visual representation of real-world phenomena and the connections between them.
    • Be sure to use standard shapes. Clearly label elements of the diagram. Use standard practices, including titles, dates, authorship, and versioning.
    • IT systems and interconnections are layered. Include physical, logical, protocol, and data flow connections.

    Examples:

    • XMPL Recovery Workflows
    • Workflow Library

    Checklists

    • Checklists are best used as short-form reminders on how to complete a particular task.
    • Remember the audience. If the process will be carried out by technical staff, there’s technical background material you won’t need to spell out in detail.

    Examples:

    • Employee Termination Process Checklist
    • XMPL Systems Recovery Playbook

    Establish a cadence for documentation review and maintenance

    Lock-in the work with strong document management practices.

    • Identify documentation requirements as part of project planning.
    • Require a manager or supervisor to review and approve SOPs.
    • Check documentation status as part of change management.
    • Hold staff accountable for documentation.

    "It isn’t unusual for us to see infrastructure or operations documentation that is wildly out of date. We’re talking months, even years. Often it was produced as one big effort and then not reliably maintained." (Gary Patterson, Consultant, Quorum Resources)

    Only a quarter of organizations update SOPs as needed

    A bar chart representing how often organizations update SOPs. Each option has two bars, one representing 'North America', the other representing 'Europe and Asia'. 'Never or rarely' is 11% in North America and 3% in Europe and Asia. 'Ad-hoc approach' is 38% in North America and 28% in Europe and Asia. 'For audits/annual reviews' is 33% in North America and 45% in Europe and Asia. 'As needed/via change management' is 18% in North America and 25% in Europe and Asia. Source: Info-Tech Research Group (N=104)

    Info-Tech Best Practice

    Use Info-Tech’s research Create Visual SOP Documents to further evaluate document management practices and toolsets.

    Phase 3: Review accomplishments

    Workflow documentation: Cue cards into flowcharts

    Summary of Accomplishments

    • Identified priority procedures for documentation activities.
    • Created procedure documentation in the appropriate format and level of granularity to support Infra & Ops policies.
    • Published and maintained procedure documentation.

    Research contributors and experts

    Carole Fennelly, Owner
    cFennelly Consulting

    Picture of Carole Fennelly, Owner, cFennelly Consulting.

    Carole Fennelly provides pragmatic cyber security expertise to help organizations bridge the gap between technical and business requirements. She authored the Center for Internet Security (CIS) Solaris and Red Hat benchmarks, which are used globally as configuration standards to secure IT systems. As a consultant, Carole has defined security strategies, and developed policies and procedures to implement them, at numerous Fortune 500 clients. Carole is a Certified Information Security Manager (CISM), Certified Security Compliance Specialist (CSCS), and Certified HIPAA Professional (CHP).

    Marko Diepold, IT Audit Manager
    audit2advise

    Picture of Marko Diepold, IT Audit Manager, audit2advise.

    Marko is an IT Audit Manager at audit2advise, where he delivers audit, risk advisory, and project management services. He has worked as a Security Officer, Quality Manager, and Consultant at some of Germany’s largest companies. He is a CISA and is ITIL v3 Intermediate and ITGCP certified.

    Research contributors and experts

    Martin Andenmatten, Founder & Managing Director
    Glenfis AG

    Picture of Martin Andenmatten, Founder and Managing Director, Glenfis AG.

    Martin is a digital transformation enabler who has been involved in various fields of IT for more than 30 years. At Glenfis, he leads large Governance and Service Management projects for various customers. Since 2002, he has been the course manager for ITIL® Foundation, ITIL® Service Management, and COBIT training. He has published two books on ISO 20000 and ITIL.

    Myles F. Suer, CIO Chat Facilitator
    CIO.com/Dell Boomi

    Picture of Myles F. Suer, CIO Chat Facilitator, CIO.com/Dell Boomi.

    Myles Suer, according to LeadTails, is the number 9 influencer of CIOs. He is also the facilitator for the CIOChat, which has executive-level participants from around the world in such industries as banking, insurance, education, and government. Myles is also the Industry Solutions Marketing Manager at Dell Boomi.

    Research contributors and experts

    Peter Sheingold, Portfolio Manager
    Cybersecurity, Homeland Security Center, The MITRE Corporation

    Picture of Peter Sheingold, Portfolio Manager, Cybersecurity, Homeland Security Center, The MITRE Corporation.

    Peter leads tasks that involve collaboration with the Department of Homeland Security (DHS) sponsors and MITRE colleagues and connect strategy, policy, organization, and technology. He brings a deep background in homeland security and strategic analysis to his work with DHS in the immigration, border security, and cyber mission spaces. Peter came to MITRE in 2005 but has worked with DHS from its inception.

    Robert D. Austin, Professor
    Ivey Business School

    Picture of Robert D. Austin, Professor, Ivey Business School.

    Dr. Austin is a professor of Information Systems at Ivey Business School and an affiliated faculty member at Harvard Medical School. Before his appointment at Ivey, he was a professor of Innovation and Digital Transformation at Copenhagen Business School, and, before that, a professor of Technology and Operations Management at the Harvard Business School.

    Research contributors and experts

    Ron Jones, Director of IT Infrastructure and Service Management
    DATA Communications

    Picture of Ron Jones, Director of IT Infrastructure and Service Management, DATA Communications.

    Ron is a senior IT leader with over 20 years of management experiences from engineering to IT Service Management and operations support. He is known for joining organizations and leading enhanced process efficiency and has improved software, hardware, infrastructure, and operations solution delivery and support. Ron has worked for global and Canadian firms including BlackBerry, DoubleClick, Cogeco, Infusion, Info-Tech Research Group, and Data Communications Management.

    Scott Genung, Executive Director of Networking, Infrastructure, and Service Operations
    University of Chicago

    Picture of Scott Genung, Executive Director of Networking, Infrastructure, and Service Operations, University of Chicago.

    Scott is an accomplished IT executive with 26 years of experience in technical and leadership roles. In his current role, Scott provides strategic leadership, vision, and oversight for an IT portfolio supporting 31,000 users consisting of services utilized by campuses located in North America, Asia, and Europe; oversees the University’s Command Center; and chairs the UC Cyberinfrastructure Alliance (UCCA), a group of research IT providers that collectively deliver services to the campus and partners.

    Research contributors and experts

    Steve Weil, CISSP, CISM, CRISC, Information Security Director, Cybersecurity Principal Consultant
    Point B

    Picture of Steve Weil, CISSP, CISM, CRISC, Information Security Director, Cybersecurity Principal Consultant, Point B.

    Steve has 20 years of experience in information security design, implementation, and assessment. He has provided information security services to a wide variety of organizations, including government agencies, hospitals, universities, small businesses, and large enterprises. With his background as a systems administrator, security consultant, security architect, and information security director, Steve has a strong understanding of both the strategic and tactical aspects of information security. Steve has significant hands-on experience with security controls, operating systems, and applications. Steve has a master's degree in Information Science from the University of Washington.

    Tony J. Read, Senior Program/Project Lead & Interim IT Executive
    Read & Associates

    Picture of Tony J. Read, Senior Program/Project Lead and Interim IT Executive, Read and Associates.

    Tony has over 25 years of international IT leadership experience, within high tech, computing, telecommunications, finance, banking, government, and retail industries. Throughout his career, Tony has led and successfully implemented key corporate initiatives, contributing millions of dollars to the top and bottom line. He established Read & Associates in 2002, an international IT management and program/project delivery consultancy practice whose aim is to provide IT value-based solutions, realizing stakeholder economic value and network advantage. These key concepts are presented in his new book: The IT Value Network: From IT Investment to Stakeholder Value, published by J. Wiley, NJ.

    Related Info-Tech research

    • Develop and Deploy Security Policies
    • Develop an Availability and Capacity Management Plan
    • Improve IT Operations Management
    • Develop an IT Infrastructure Services Playbook
    • Create a Right-Sized Disaster Recovery Plan
    • Develop a Business Continuity Plan
    • Implement IT Asset Management
    • Optimize Change Management
    • Standardize the Service Desk
    • Incident and Problem Management
    • Design & Build a User-Facing Service Catalog

    Bibliography

    “About Controls.” Ohio University, ND. Web. 2 Feb 2018.

    England, Rob. “How to implement ITIL for a client?” The IT Skeptic. Two Hills Ltd, 4 Feb. 2010. Web. 2018.

    “Global Corporate IT Security Risks: 2013.” Kaspersky Lab, May 2013. Web. 2018.

    “Information Security and Technology Policies.” City of Chicago, Department of Innovation and Technology, Oct. 2014. Web. 2018.

    ISACA. COBIT 5: Enabling Processes. International Systems Audit and Control Association. Rolling Meadows, IL.: 2012.

    “IT Policy & Governance.” NYC Information Technology & Telecommunications, ND. Web. 2018.

    King, Paula and Kent Wada. “IT Policy: An Essential Element of IT Infrastructure”. EDUCAUSE Review. May-June 2001. Web. 2018.

    Luebbe, Max. “Simplicity.” Site Reliability Engineering. O’Reilly Media. 2017. Web. 2018.

    Swartout, Shawn. “Risk assessment, acceptance, and exception with a process view.” ISACA Charlotte Chapter September Event, 2013. Web. 2018.

    “User Guide to Writing Policies.” Office of Policy and Efficiency, University of Colorado, ND. Web. 2018.

    “The Value of Policies and Procedures.” New Mexico Municipal League, ND. Web. 2018.

    Proactively Identify and Mitigate Vendor Risk

    • Buy Link or Shortcode: {j2store}227|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • IT priorities are focused on daily tasks, pushing risk management to secondary importance and diverging from a proactive environment.
    • IT leaders are relying on an increasing number of third-party technology vendors and outsourcing key functions to meet the rapid pace of change within IT.
    • Risk levels can fluctuate over the course of the partnership, requiring manual process checks and/or automated solutions.

    Our Advice

    Critical Insight

    • Every IT vendor carries risks that have business implications. These legal, financial, security, and operational risks could inhibit business continuity and IT can’t wait until an issue arises to act.
    • Making intelligent decisions about risks without knowing what their financial impact will be is difficult. Risk impact must be quantified.
    • You don’t know what you don’t know, and what you don’t know, can hurt you. To find hidden risks, you must use a structured risk identification method.

    Impact and Result

    • A thorough risk assessment in the selection phase is your first line of defense. If you follow the principles of vendor risk management, you can mitigate collateral losses following an adverse event.
    • Make a conscious decision whether to accept the risk based on time, priority, and impact. Spend the required time to correctly identify and enact defined vendor management processes that determine spend categories and appropriately evaluate potential and preferred suppliers. Ensure you accurately assess the partnership potential.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s most significant risks before they happen.

    Proactively Identify and Mitigate Vendor Risk Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to create a vendor risk management program that minimizes your organization’s vulnerability and mitigates adverse scenarios.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review vendor risk fundamentals and establish governance

    Review IT vendor risk fundamentals and establish a risk governance framework.

    • Proactively Identify and Mitigate Vendor Risk – Phase 1: Review Vendor Risk Fundamentals and Establish Governance
    • Vendor Risk Management Maturity Assessment Tool
    • Vendor Risk Management Program Manual
    • Risk Event Action Plan

    2. Assess vendor risk and define your response strategy

    Categorize, prioritize, and assess your vendor risks. Follow up with creating effective response strategies.

    • Proactively Identify and Mitigate Vendor Risk – Phase 2: Assess Vendor Risk and Define Your Response Strategy
    • Vendor Classification Model Tool
    • Vendor Risk Profile and Assessment Tool
    • Risk Costing Tool
    • Risk Register Tool

    3. Monitor, communicate, and improve IT vendor risk process

    Assign accountability and responsibilities to formalize ongoing risk monitoring. Communicate your findings to management and share the plan moving forward.

    • Proactively Identify and Mitigate Vendor Risk – Phase 3: Monitor, Communicate, and Improve IT Vendor Risk Process
    • Risk Report
    [infographic]

    Workshop: Proactively Identify and Mitigate Vendor Risk

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare for the Workshop

    The Purpose

    To prepare the team for the workshop.

    Key Benefits Achieved

    Avoids delays and interruptions once the workshop is in progress.

    Activities

    1.1 Send workshop agenda to all participants.

    1.2 Prepare list of vendors and review any contracts provided by them.

    1.3 Review current risk management process.

    Outputs

    All necessary participants assembled

    List of vendors and vendor contracts

    Understanding of current risk management process

    2 Review Vendor Risk Fundamentals and Establish Governance

    The Purpose

    Review IT vendor risk fundamentals.

    Assess current maturity and set risk management program goals.

    Engage stakeholders and establish a risk governance framework.

    Key Benefits Achieved

    Understanding of organizational risk culture and the corresponding risk threshold.

    Obstacles to effective IT risk management identified.

    Attainable goals to increase maturity established.

    Understanding of the gap to achieve vendor risk readiness.

    Activities

    2.1 Brainstorm vendor-related risks.

    2.2 Assess current program maturity.

    2.3 Identify obstacles and pain points.

    2.4 Develop risk management goals.

    2.5 Develop key risk indicators (KRIs) and escalation protocols.

    2.6 Gain stakeholders’ perspective.

    Outputs

    Vendor risk management maturity assessment

    Goals for vendor risk management

    Stakeholders’ opinions

    3 Assess Vendor Risk and Define Your Response Strategy

    The Purpose

    Categorize vendors.

    Prioritize assessed risks.

    Key Benefits Achieved

    Risk events prioritized according to risk severity – as defined by the business.

    Activities

    3.1 Categorize vendors.

    3.2 Map vendor infrastructure.

    3.3 Prioritize vendors.

    3.4 Identify risk contributing factors.

    3.5 Assess risk exposure.

    3.6 Calculate expected cost.

    3.7 Identify risk events.

    3.8 Input risks into the Risk Register Tool.

    Outputs

    Vendors classified and prioritized

    Vendor risk exposure

    Expected cost calculation

    4 Assess Vendor Risk and Define Your Response Strategy (continued)

    The Purpose

    Determine risk threshold and contract clause relating to risk prevention.

    Identify and assess risk response actions.

    Key Benefits Achieved

    Thorough analysis has been conducted on the value and effectiveness of risk responses for high-severity risk events.

    Risk response strategies have been identified for all key risks.

    Authoritative risk response recommendations can be made to senior leadership.

    Activities

    4.1 Determine the threshold for (un)acceptable risk.

    4.2 Match elements of the contract to related vendor risks.

    4.3 Identify and assess risk responses.

    Outputs

    Thresholds for (un)acceptable risk

    Risk responses

    5 Monitor, Communicate, and Improve IT Vendor Risk Process

    The Purpose

    Communicate top risks to management.

    Assign accountabilities and responsibilities for risk management process.

    Establish monitoring schedule.

    Key Benefits Achieved

    Risk monitoring responsibilities are established.

    Transparent accountabilities and established ongoing improvement of the vendor risk management program.

    Activities

    5.1 Create a stakeholder map.

    5.2 Complete RACI chart.

    5.3 Establish the reporting schedule.

    5.4 Finalize the vendor risk management program.

    Outputs

    Stakeholder map

    Assigned accountability for risk management

    Established monitoring schedule

    Risk report

    Vendor Risk Management Program Manual

    Align Projects With the IT Change Lifecycle

    • Buy Link or Shortcode: {j2store}464|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Coordinate IT change and project management to successfully push changes to production.
    • Manage representation of project management within the scope of the change lifecycle to gather requirements, properly approve and implement changes, and resolve incidents that arise from failed implementations.
    • Communicate effectively between change management, project management, and the business.

    Our Advice

    Critical Insight

    Improvement can be incremental. You do not have to adopt every recommended improvement right away. Ensure every process change you make will create value and slowly add improvements to ease buy-in.

    Impact and Result

    • Establish pre-set touchpoints between IT change management and project management at strategic points in the change and project lifecycles.
    • Include appropriate project representation at the change advisory board (CAB).
    • Leverage standard change resources such as the change calendar and request for change form (RFC).

    Align Projects With the IT Change Lifecycle Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Align Projects With the IT Change Lifecycle Deck – A guide to walk through integrating project touchpoints in the IT change management lifecycle.

    Use this storyboard as a guide to align projects with your IT change management lifecycle.

    • Align Projects With the IT Change Lifecycle Storyboard

    2. The Change Management SOP – This template will ensure that organizations have a comprehensive document in place that can act as a point of reference for the program.

    Use this SOP as a template to document and maintain your change management practice.

    • Change Management Standard Operating Procedure
    [infographic]

    Further reading

    Align Projects With the IT Change Lifecycle

    Increase the success of your changes by integrating project touchpoints in the change lifecycle.

    Analyst Perspective

    Focus on frequent and transparent communications between the project team and change management.

    Benedict Chang

    Misalignment between IT change management and project management leads to headaches for both practices. Project managers should aim to be represented in the change advisory board (CAB) to ensure their projects are prioritized and scheduled appropriately. Advanced notice on project progress allows for fewer last-minute accommodations at implementation. Widespread access of the change calendar can also lead project management to effectively schedule projects to give change management advanced notice.

    Moreover, alignment between the two practices at intake allows for requests to be properly sorted, whether they enter change management directly or are governed as a project.

    Lastly, standardizing implementation and post-implementation across everyone involved ensures more successful changes and socialized/documented lessons learned for when implementations do not go well.

    Benedict Chang
    Senior Research Analyst, Infrastructure and Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    To align projects with the change lifecycle, IT leaders must:

    • Coordinate IT change and project management to successfully push changes to production.
    • Manage representation of project management within the scope of the change lifecycle to gather requirements, properly approve and implement changes, and resolve incidents that arise from failed implementations.
    • Communicate effectively between change management, project management, and the business.

    Loose definitions may work for clear-cut examples of changes and projects at intake, but grey-area requests end up falling through the cracks.

    Changes to project scope, when not communicated, often leads to scheduling conflicts at go-live.

    Too few checkpoints between change and project management can lead to conflicts. Too many checkpoints can lead to delays.

    Set up touchpoints between IT change management and project management at strategic points in the change and project lifecycles.

    Include appropriate project representation at the change advisory board (CAB).

    Leverage standard change resources such as the change calendar and request for change form (RFC).

    Info-Tech Insight

    Improvement can be incremental. You do not have to adopt every recommended improvement right away. Ensure every process change you make will create value, and slowly add improvements to ease buy-in.

    Info-Tech’s approach

    Use the change lifecycle to identify touchpoints.

    The image contains a screenshot of Info-Tech's approach.

    The Info-Tech difference:

    1. Start with your change lifecycle to define how change control can align with project management.
    2. Make improvements to project-change alignment to benefit the relationship between the two practices and the practices individually.
    3. Scope the alignment to your organization. Take on the improvements to the left one by one instead of overhauling your current process.

    Use this research to improve your current process

    This deck is intended to align established processes. If you are just starting to build IT change processes, see the related research below.

    Align Projects With the IT Change Lifecycle

    02 Optimize IT Project Intake, Approval, and Prioritization

    01 Optimize IT Change Management

    Increase the success of your changes by integrating project touchpoints in your change lifecycle.

    (You are here)

    Decide which IT projects to approve and when to start them.

    Right-size IT change management to protect the live environment.

    Successful change management will provide benefits to both the business and IT

    Respond to business requests faster while reducing the number of change-related disruptions.

    IT Benefits

    Business Benefits

    • Fewer incidents and outages at project go-live
    • Upfront identification of project and change requirements
    • Higher rate of change and project success
    • Less rework
    • Fewer service desk calls related to failed go-lives
    • Fewer service disruptions
    • Faster response to requests for new and enhanced functionalities
    • Higher rate of benefits realization when changes are implemented
    • Lower cost per change
    • Fewer “surprise” changes disrupting productivity

    IT satisfaction with change management will drive business satisfaction with IT. Once the process is working efficiently, staff will be more motivated to adhere to the process, reducing the number of unauthorized changes. As fewer changes bypass proper evaluation and testing, service disruptions will decrease and business satisfaction will increase.

    Change management improves core benefits to the business: the four Cs

    Most organizations have at least some form of change control in place, but formalizing change management leads to the four Cs of business benefits:

    Control

    Collaboration

    Consistency

    Confidence

    Change management brings daily control over the IT environment, allowing you to review every relatively new change, eliminate changes that would have likely failed, and review all changes to improve the IT environment.

    Change management planning brings increased communication and collaboration across groups by coordinating changes with business activities. The CAB brings a more formalized and centralized communication method for IT.

    Request-for-change templates and a structured process result in implementation, test, and backout plans being more consistent. Implementing processes for pre-approved changes also ensures these frequent changes are executed consistently and efficiently.

    Change management processes will give your organization more confidence through more accurate planning, improved execution of changes, less failure, and more control over the IT environment. This also leads to greater protection against audits.

    1. Alignment at intake

    Define what is a change and what is a project.

    Both changes and projects will end up in change control in the end. Here, we define the intake.

    Changes and projects will both go to change control when ready to go live. However, defining the governance needed at intake is critical.

    A change should be governed by change control from beginning to end. It would typically be less than a week’s worth of work for a SME to build and come in at a nominal cost (e.g. <$20k over operating costs).

    Projects on the other hand, will be governed by project management in terms of scope, scheduling, resourcing, etc. Projects typically take over a week and/or cost more. However, the project, when ready to go live, should still be scheduled through change control to avoid any conflicts at implementation. At triage and intake, a project can be further scoped based on projected scale.

    This initial touchpoint between change control and project management is crucial to ensure tasks and request are executed with the proper governance. To distinguish between changes and projects at intake, list examples of each and determine what resourcing separates changes from projects.

    Need help scoping projects? Download the Project Intake Classification Matrix

    Change

    Project

    • Smaller scale task that typically takes a short time to build and test
    • Generates a single change request
    • Governed by IT Change Management for the entire lifecycle
    • Larger in scope
    • May generate multiple change requests
    • Governed by PMO
    • Longer to build and test

    Info-Tech Insight

    While effort and cost are good indicators of changes and projects, consider evaluating risk and complexity too.

    1 Define what constitutes a change

    1. As a group, brainstorm examples of changes and projects. If you wish, you may choose to also separate out additional request types such as service requests (user), operational tasks (backend), and releases.
    2. Have each participant write the examples on sticky notes and populate the following chart on the whiteboard/flip chart.
    3. Use the examples to draw lines and determine what defines each category.
    • What makes a change distinct from a project?
    • What makes a change distinct from a service request?
    • What makes a change distinct from an operational task?
    • When do the category workflows cross over with other categories? (For example, when does a project interact with change management?
  • Record the definitions of requests and results in section 2.3 of the Change Management Standard Operating Procedure (SOP).
  • Change

    Project

    Service Request (Optional)

    Operational Task (Optional)

    Release (Optional)

    Changing Configuration

    New ERP

    Add new user

    Delete temp files

    Software release

    Download the Change Management Standard Operating Procedure (SOP).

    Input Output
    • List of examples of each category of the chart
    • Definitions for each category to be used at change intake
    Materials Participants
    • Whiteboard/flip charts (or shared screen if working remotely)
    • Service catalog (if applicable)
    • Sticky notes
    • Markers/pens
    • Change Management SOP
    • Change Manager
    • Project Managers
    • Members of the Change Advisory Board

    2. Alignment at build and test

    Keep communications open by pre-defining and communicating project milestones.

    CAB touchpoints

    Consistently communicate the plan and timeline for hitting these milestones so CAB can prioritize and plan changes around it. This will give change control advanced notice of altered timelines.

    RFCs

    Projects may have multiple associated RFCs. Keeping CAB appraised of the project RFC or RFCs gives them the ability to further plan changes.

    Change Calendar

    Query and fill the change calendar with project timelines and milestones to compliment the CAB touchpoints.

    Leverage the RFC to record and communicate project details

    The request for change (RFC) form does not have to be a burden to fill out. If designed with value in mind, it can be leveraged to set standards on all changes (from projects and otherwise).

    When looking at the RFC during the Build and Test phase of a project, prioritize the following fields to ensure the implementation will be successful from a technical and user-adoption point of view.

    Filling these fields of the RFC and communicating them to the CAB at go-live approval gives the approvers confidence that the project will be implemented successfully and measures are known for when that implementation is not successful.

    Download the Request for Change Form Template

    Communication Plan

    The project may be successful from a technical point of view, but if users do not know about go-live or how to interact with the project, it will ultimately fail.

    Training Plan

    If necessary, think of how to train different stakeholders on the project go-live. This includes training for end users interacting with the project and technicians supporting the project.

    Implementation Plan

    Write the implementation plan at a high enough level that gives the CAB confidence that the implementation team knows the steps well.

    Rollback Plan

    Having a well-formulated rollback plan gives the CAB the confidence that the impact of the project is well known and the impact to the business is limited even if the implementation does not go well.

    Provide clear definitions of what goes on the change calendar and who’s responsible

    Inputs

    • Freeze periods for individual business departments/applications (e.g. finance month-end periods, HR payroll cycle, etc. – all to be investigated)
    • Maintenance windows and planned outage periods
    • Project schedules, and upcoming major/medium changes
    • Holidays
    • Business hours (some departments work 9-5, others work different hours or in different time zones, and user acceptance testing may require business users to be available)

    Guidelines

    • Business-defined freeze periods are the top priority.
    • No major or medium normal changes should occur during the week between Christmas and New Year’s Day.
    • Vendor SLA support hours are the preferred time for implementing changes.
    • The vacation calendar for IT will be considered for major changes.
    • Change priority: High > Medium > Low.
    • Minor changes and preapproved changes have the same priority and will be decided on a case-by-case basis.

    Roles

    • The Change Manager will be responsible for creating and maintaining a change calendar.
    • Only the Change Manager can physically alter the calendar by adding a new change after the CAB has agreed upon a deployment date.
    • All other CAB members, IT support staff, and other impacted stakeholders should have access to the calendar on a read-only basis to prevent people from making unauthorized changes to deployment dates.

    Info-Tech Insight

    Make the calendar visible to as many parties as necessary. However, limit the number of personnel who can make active changes to the calendar to limit calendar conflicts.

    3. Alignment at approval

    How can project management effectively contribute to CAB?

    As optional CAB members

    Project SMEs may attend when projects are ready to go live and when invited by the change manager. Optional members provide details on change cross-dependencies, high-level testing, rollback, communication plans, etc. to inform prioritization and scheduling decisions.

    As project management representatives

    Project management should also attend CAB meetings to report in on changes to ongoing projects, implementation timelines, and project milestones. Projects are typically high-priority changes when going live due to their impact. Advanced notice of timeline and milestone changes allow the rest of the CAB to properly manage other changes going into production.

    As core CAB members

    The core responsibilities of CAB must still be fulfilled:

    1. Protect the live environment from poorly assessed, tested, and implemented changes.

    2. Prioritize changes in a way that fairly reflects change impact, urgency, and likelihood.

    3. Schedule deployments in a way the minimizes conflict and disruption.

    If you need to define the authority and responsibilities of the CAB, see Activity 2.1.3 of the Optimize IT Change Management blueprint.

    4. Alignment at implementation

    At this stage, the project or project phase is treated as any other change.

    Verification

    Once the change has been implemented, verify that all requirements are fulfilled.

    Review

    Ensure all affected systems and applications are operating as predicted.

    Update change ticket and change log

    Update RFC status and CMDB as well (if necessary).

    Transition

    Once the change implementation is complete, it’s imperative that the team involved inform and train the operational and support groups.

    If you need to define transitioning changes to production, download Transition Projects to the Service Desk

    5. Alignment at post-implementation

    Tackle the most neglected portion of change management to avoid making the same mistake twice.

    1. Define RFC statuses that need a PIR
    2. Conduct PIRs for failed changes. Successful changes can simply be noted and transitioned to operations.

    3. Conduct a PIR for every failed change
    4. It’s best to perform a PIR once a change-related incident is resolved.

    5. Avoid making the same mistake twice
    6. Include a root-cause analysis, mitigation actions/timeline, and lessons learned in the documentation.

    7. Report to CAB
    8. Socialize the findings of the PIR at the subsequent CAB meeting.

    9. Circle back on previous PIRs
    10. If a similar change is conducted, append the related PIR to avoid the same mistakes.

    Info-Tech Insight

    Include your PIR documentation right in the RFC for easy reference.

    Download the RFC template for more details on post-implementation reviews

    2 Implement your alignments stepwise

    1. As a group, decide on which implementations you need to make to align change management and project management.
    2. For each improvement, list a timeline for implementation.
    3. Update section 3.5 in the Change Management Standard Operating Procedure (SOP). to outline the responsibilities of project management within IT Change Management.

    The image contains a screenshot of the Change Management SOP

    Download the Change Management Standard Operating Procedure (SOP).

    Input Output
    • This deck
    • SOP update
    Materials Participants
    • Whiteboard/flip charts (or shared screen if working remotely)
    • Service catalog (if applicable)
    • Sticky notes
    • Markers/pens
    • Change Management SOP
    • Change Manager
    • Project Managers
    • Members of the Change Advisory Board

    Related Info-Tech Research

    Optimize IT Change Management

    Right-size IT change management to protect the live environment.

    Optimize IT Project Intake, Approval, and Prioritization

    Decide which IT projects to approve and when to start them.

    Maintain an Organized Portfolio

    Align portfolio management practices with COBIT (APO05: Manage Portfolio).

    Succeed With Digital Strategy Execution

    • Buy Link or Shortcode: {j2store}527|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Rising customer expectations and competitive pressures have accelerated the pace at which organizations are turning to digital transformation to drive revenue or cut costs.
    • Many digital strategies are not put into action, and instead sit on the shelf. A digital strategy that is not translated into specific projects and initiatives will provide no value to the organization.
    • Executing a digital strategy is easier said than done: IT often lacks the necessary framework to create a roadmap, or fails to understand how new applications can enable the vision outlined in the strategy.

    Our Advice

    Critical Insight

    • A digital strategy needs a clear roadmap to succeed. Too many digital strategies are lofty statements of objective with no clear avenue for actual execution: create a digital strategy application roadmap to avoid this pitfall.
    • Understand the art of execution. Application capabilities are rapidly evolving: IT must stand ready to educate the business on how new applications can be used to pursue the digital strategy.

    Impact and Result

    • IT must work with the business to parse specific technology drivers from the digital strategy, distill strategic requirements, and create a prescriptive roadmap of initiatives that will close the gaps between the current state and the target state outlined in the digital strategy. Doing so well is a path to the CIO’s office.
    • To better serve the organization, IT leaders must stay abreast of key application capabilities and trends. Exciting new developments such as artificial intelligence, IoT, and machine learning have opened up new avenues for process digitization, but IT leaders need to make a concerted effort to understand what modern applications bring to the table for technology enablement of the digital strategy.
    • Taking an agile approach to application roadmap development will help to provide a clear path forward for tackling digital strategy execution, while also allowing for flexibility to update and iterate as the internal and external environment changes.

    Succeed With Digital Strategy Execution Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should have a structured approach to translating your digital strategy to specific application initiatives, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Parse digital strategy drivers

    Parse specific technology drivers out of the formal enterprise digital strategy.

    • Succeed With Digital Strategy Execution – Phase 1: Parse Your Digital Strategy for Critical Technology Drivers

    2. Map drivers to enabling technologies

    Review and understand potential enabling applications.

    • Succeed With Digital Strategy Execution – Phase 2: Map Your Drivers to Enabling Applications

    3. Create the application roadmap to support the digital strategy

    Use the drivers and an understanding of enabling applications to put together an execution roadmap that will support the digital strategy.

    • Succeed With Digital Strategy Execution – Phase 3: Create an Application Roadmap That Supports the Digital Strategy
    • Digital Strategy Roadmap Tool
    • Application Roadmap Presentation Template
    • Digital Strategy Communication and Execution Plan Template
    [infographic]

    Workshop: Succeed With Digital Strategy Execution

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Validate the Digital Strategy

    The Purpose

    Review and validate the formal enterprise digital strategy.

    Key Benefits Achieved

    Confirmation of the goals, objectives, and direction of the organization’s digital strategy.

    Activities

    1.1 Review the initial digital strategy.

    1.2 Determine gaps.

    1.3 Refine digital strategy scope and vision.

    1.4 Finalize digital strategy and validate with stakeholders.

    Outputs

    Validated digital strategy

    2 Parse Critical Technology Drivers

    The Purpose

    Enumerate relevant technology drivers from the digital strategy.

    Key Benefits Achieved

    List of technology drivers to pursue based on goals articulated in the digital strategy.

    Activities

    2.1 Identify affected process domains.

    2.2 Brainstorm impacts of digital strategy on technology enablement.

    2.3 Distill critical technology drivers.

    2.4 Identify KPIs for each driver.

    Outputs

    Affected process domains (based on APQC)

    Critical technology drivers for the digital strategy

    3 Map Drivers to Enabling Applications

    The Purpose

    Relate your digital strategy drivers to specific, actionable application areas.

    Key Benefits Achieved

    Understand the interplay between the digital strategy and impacted application domains.

    Activities

    3.1 Build and review current application inventory for digital.

    3.2 Execute fit-gap analysis between drivers and current state inventory.

    3.3 Pair technology drivers to specific enabling application categories.

    Outputs

    Current-state application inventory

    Fit-gap analysis

    4 Understand Applications

    The Purpose

    Understand how different applications support the digital strategy.

    Understand the art of the possible.

    Key Benefits Achieved

    Knowledge of how applications are evolving from a features and capabilities perspective, and how this pertains to digital strategy enablement.

    Activities

    4.1 Application spotlight: customer experience.

    4.2 Application spotlight: content and collaboration.

    4.3 Application spotlight: business intelligence.

    4.4 Application spotlight: enterprise resource planning.

    Outputs

    Application spotlights

    5 Build the Digital Application Roadmap

    The Purpose

    Create a concrete, actionable roadmap of application and technology initiatives to move the digital strategy forward.

    Key Benefits Achieved

    Clear, concise articulation of application roadmap for supporting digital that can be communicated to the business.

    Activities

    5.1 Build list of enabling projects and applications.

    5.2 Create prioritization criteria.

    5.3 Build the digital strategy application roadmap.

    5.4 Socialize the roadmap.

    5.5 Delineate responsibility for roadmap execution.

    Outputs

    Application roadmap for the digital strategy

    RACI chart for digital strategy roadmap execution

    Enable Product Delivery – Executive Leadership Workshop

    • Buy Link or Shortcode: {j2store}353|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Development
    • Parent Category Link: /development
    • You need to clearly convey the direction and strategy of your product portfolio to gain alignment, support, and funding from your organization.
    • IT organizations are traditionally organized to deliver initiatives in specific periods of time. This conflicts with product delivery, which continuously delivers value over the lifetime of a product.
    • Delivering multiple products together creates additional challenges because each product has its own pedigree, history, and goals.

    Our Advice

    Critical Insight

    • Empowered product managers and product owners are the key to ensuring your delivery teams are delivering the right value at the right time to the right stakeholders.
    • Establishing operationally aligned product families helps bridge the gap between enterprise priorities and product enhancements.
    • Leadership must be aligned to empower and support Agile values and product teams to unlock the full value realization within your organization.

    Impact and Result

    • Common understanding of product management and Agile delivery.
    • Commitment to support and empower product teams.

    Enable Product Delivery – Executive Leadership Workshop Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Enabling Product Delivery – Executive workshop to align senior leadership with their transition to product management and delivery.

    • Enabling Product Delivery – Executive Workshop Storyboard

    2. Enabling Product Delivery –Executive Workshop Outcomes.

    • Enabling Product Delivery – Executive Workshop Outcomes
    [infographic]

    Workshop: Enable Product Delivery – Executive Leadership Workshop

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understanding Your Top Challenges

    The Purpose

    Understand the drivers for your product transformation.

    Key Benefits Achieved

    Define the drivers for your transition to product-centric delivery.

    Activities

    1.1 What is driving your organization to become product focused?

    Outputs

    List of challenges and drivers

    2 Transitioning From Projects to Product-Centric Delivery

    The Purpose

    Understand the product transformation journey and differences.

    Key Benefits Achieved

    Identify the cultural, behavioral, and leadership changes needed for a successful transformation.

    Activities

    2.1 Define the differences between projects and product delivery

    Outputs

    List of differences

    3 Enterprise Agility and the Value of Change

    The Purpose

    Understand why smaller iterations increase value realization and decrease accumulated risk.

    Key Benefits Achieved

    Leverage smaller iterations to reduce time to value and accumulated risk to core operations.

    Activities

    3.1 What is business agility?

    Outputs

    Common understanding about the value of smaller iterations

    4 Defining Products and Product Management in Your Context

    The Purpose

    Establish an organizational starting definition of products.

    Key Benefits Achieved

    Tailor product management to meet the needs and vision of your organization.

    Activities

    4.1 What is a product? Who are your consumers?

    4.2 Identify enablers and blockers of product ownership

    4.3 Define a set of guiding principles for product management

    Outputs

    Product definition

    List of enablers and blockers of product ownership

    Set of guiding principles for product management

    5 Connecting Product Management to Agile Practices

    The Purpose

    Understand the relationship between product management and product delivery.

    Key Benefits Achieved

    Optimize product management to prioritize the right changes for the right people at the right time.

    Activities

    5.1 Discussions

    Outputs

    Common understanding

    6 Commit to Empowering Agile Product Teams

    The Purpose

    Personalize and commit to supporting product teams.

    Key Benefits Achieved

    Embrace leadership and cultural changes needed to empower and support teams.

    Activities

    6.1 Your management culture

    6.2 Personal Cultural Stop, Start, and Continue

    6.3 Now, Next, Later to support product owners

    Outputs

    Your management culture map

    Personal Cultural Stop, Start, and Continue list

    Now, Next, Later roadmap

    Further reading

    Enable Product Delivery – Executive Leadership Workshop

    Strengthen product management in your organization through effective executive leadership by focusing on product teams, core capabilities, and proper alignment.

    Objective of this workshop

    To develop a common understanding and foundation for product management so we, as leaders, better understand how to lead product owners, product managers, and their teams.

    Enable Product Delivery - Executive Leadership Workshop

    Learn how enterprise agility can provide lasting value to the organization

    Clarify your role in supporting your teams to deliver lasting value to stakeholders and customers

    1. Understanding Your Top Challenges
      • Define your challenges, goals, and opportunities Agile and product management will impact.
    2. Transitioning from Projects to Product-centric Delivery
      • Understand the shift from fixed delivery to continuous improvement and delivery of value.
    3. Enterprise Agility and the Value of Change
      • Organizations need to embrace change and leverage smaller delivery cycles.
    4. Defining Your "Products" and Product Management
      • Define products in your culture and how to empower product delivery teams.
    5. Connecting Product Management to Agile Practices
      • Use product ownership to drive increased ROI into your product delivery teams and lifecycles.
    6. Commit to Empowering Agile Product Teams
      • Define the actions and changes you must make for this transformation to be successful.

    Your Product Transformation Journey

    1. Make the Case for Product Delivery
      • Align your organization with the practices to deliver what matters most
    2. Enable Product Delivery – Executive Workshop
      • One-day executive workshop – align and prepare your leadership
      • Audience: Senior executives and IT leadership.
        Size: 8-16 people
        Time: 6 hours
    3. Deliver on Your Digital Product Vision
      • Enhance product backlogs, roadmapping, and strategic alignment
      • Audience: Product Owners/Mangers
        Size: 10-20 people
        Time: 3-4 days
    4. Deliver Your Digital Products at Scale
      • Scale Product Families to Align Enterprise Goals
      • Audience: Product Owners/Mangers
        Size: 10-20 people
        Time: 3-4 days
    5. Mature and Scale Product Ownership
      • Align and mature your product owners
      • Audience: Product Owners/Mangers
        Size: 8-16 people
        Time: 2-4 days

    Repeat workshops with different companies, operating units, departments, or teams as needed.

    What is a workshop?

    We WILL ENGAGE in discussions and activities:

    • Flexible, to accommodate the needs of the group.
    • Open forum for discussion and questions.
    • Share your knowledge, expertise, and experiences (roadblocks and success stories).
    • Everyone is part of the process.
    • Builds upon itself.

    This workshop will NOT be:

    • A lecture or class.
    • A monologue that never ends.
    • Technical training.
    • A presentation.
    • Us making all the decisions.

    Roles within the workshop

    We each have a role to play to make our workshop successful!

    Facilitators

    • Introduce the best practice framework used by Info-Tech.
    • Ask questions about processes, procedures, and assumptions.
    • Guide for the methodology.
    • Liaison for any other relevant Info-Tech research or services.

    Participants

    • Contribute and speak out as much as needed.
    • Provide expertise on the current processes and technology.
    • Ask questions.
    • Provide feedback.
    • Collaborate and work together to produce solutions.

    Understanding Your Top Challenges

    • Understanding Your Top Challenges
    • Transitioning From Projects to Product-Centric Delivery
    • Enterprise Agility and the Value of Change
    • Defining Your Products and Product Management
    • Connecting Product Management to Agile Practices
    • Commit to Empowering Agile Product Teams
    • Wrap-Up and Retrospective

    Executive Summary

    Your Challenge

    • Products are the lifeblood of an organization. They deliver the capabilities needed to deliver value to customers, internal users, and stakeholders.
    • The shift to becoming a product organization is intended to continually increase the value you provide to the broader organization as you grow and evolve.
    • You need to clearly convey the direction and strategy of your product portfolio to gain alignment, support, and funding from your organization.

    Common Obstacles

    • IT organizations are traditionally organized to deliver initiatives in specific periods of time. This conflicts with product delivery, which continuously delivers value over the lifetime of a product.
    • Delivering multiple products together creates additional challenges because each product has its own pedigree, history, and goals.
    • Product owners struggle to prioritize changes to deliver product value. This creates a gap and conflict between product and enterprise goals.

    Info-Tech's Approach

    Info-Tech's approach will guide you through:

    • Understanding the top challenges driving your product initiative.
    • Improving your transitioning from projects to product-centric delivery.
    • Enhancing enterprise agility and the value of change.
    • Defining products and product management in your context.
    • Connecting product management to Agile practices.
    • Committing to empowering Agile Product teams.
    This is an image of an Info-Tech Thought Map for Accelerate Your Transition to Product Delivery
    This is an image of an Info-Tech Thought Map for Delier on your Digital Product Vision
    This is an image of an Info-Tech Thought Map for Deliver Digital Products at Scale via Enterprise Product Families.
    This is an image of an Info-Tech Thought Map for What We Mean by an Applcation Department Strategy.

    What is driving your organization to become product focused?

    30 minutes

    • Team introductions:
      • Share your name and role
      • What are the key challenges you are looking to solve around product management?
      • What blockers or challenges will we need to overcome?

    Capture in the Enable Product Delivery – Executive Leadership Workshop Outcomes and Next Steps.

    Input

    • Organizational knowledge
    • Goals and challenges

    Output

    • List of key challenges
    • List of workshop expectations
    • Parking lot items

    Transitioning From Projects to Product-Centric Delivery

    • Understanding Your Top Challenges
    • Transitioning From Projects to Product-Centric Delivery
    • Enterprise Agility and the Value of Change
    • Defining Your Products and Product Management
    • Connecting Product Management to Agile Practices
    • Commit to Empowering Agile Product Teams
    • Wrap-Up and Retrospective

    Define the differences between projects and product delivery

    30 minutes

    • Consider project delivery and product delivery.
    • Discussion:
      • What are some differences between the two?

    Capture in the Enable Product Delivery – Executive Leadership Workshop Outcomes and Next Steps.

    Input

    • Organizational knowledge
    • Internal terms and definitions

    Output

    • List of differences between projects and product delivery

    Define the differences between projects and product delivery

    15 minutes

    Project Delivery

    vs

    Product Delivery

    Point in time

    What is changed

    Method of funding changes

    Needs an owner

    Input

    • Organizational knowledge
    • Internal terms and definitions

    Output

    • List of differences between projects and product delivery

    Capture in the Enable Product Delivery – Executive Leadership Workshop Outcomes and Next Steps.

    Identify the differences between a project-centric and a product-centric organization

    Project

    Product

    Fund Projects

    Funding

    Fund Products or Teams

    Line of Business Sponsor

    Prioritization

    Product Owner

    Makes Specific Changes
    to a Product

    Product Management

    Improve Product Maturity
    and Support

    Assign People to Work

    Work Allocation

    Assign Work
    to Product Teams

    Project Manager Manages

    Capacity Management

    Team Manages Capacity

    Info-Tech Insight

    Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that support improving end user value and enterprise alignment.

    Projects can be a mechanism for funding product changes and improvements

    This is an image showing the relationship between the project lifecycle, a hybrid lifecycle, and a product lifecycle.

    Projects within products

    Regardless of whether you recognize yourself as a "product-based" or "project-based" shop, the same basic principles should apply.

    You go through a period or periods of project-like development to build a version of an application or product.

    You also have parallel services along with your project development, which encompass the more product-based view. These may range from basic support and maintenance to full-fledged strategy teams or services like sales and marketing.

    While Agile and product are intertwined, they are not the same!

    Delivering products does not necessarily require an Agile mindset. However, Agile methods help facilitate the journey because product thinking is baked into them.

    This image shows the product delivery maturity process from waterfall to continuous integration and delivery.

    Product roadmaps guide delivery and communicate your strategy

    In Deliver on Your Digital Product Vision, we demonstrate how the product roadmap is core to value realization. The product roadmap is your communicated path, and as a product owner, you use it to align teams and changes to your defined goals while aligning your product to enterprise goals and strategy.

    This is an image adapted from Pichler, What is Product Management.

    Adapted from: Pichler, "What Is Product Management?"

    Info-Tech Insight

    The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.

    Design and Implement a Business-Aligned Security Program

    • Buy Link or Shortcode: {j2store}368|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • You need to build a security program that enables business services and secures the technology that makes them possible.
    • Building an effective, business-aligned security program requires that you coordinate many components, including technologies, processes, organizational structures, information flows, and behaviors.
    • The program must prioritize the right capabilities, and support its implementation with clear accountabilities, roles, and responsibilities.

    Our Advice

    Critical Insight

    • Common security frameworks focus on operational controls rather than business value creation, are difficult to convey to stakeholders, and provide little implementation guidance.
    • A security strategy can provide a snapshot of your program, but it won’t help you modernize or transform it, or align it to meet emerging business requirements.
    • There is no unique, one-size-fits-all security program. Each organization has a distinct character and profile and differs from others in several critical respects.

    Impact and Result

    Tailor your security program according to what makes your organization unique.

    • Analyze critical design factors to determine and refine the scope of your security program and prioritize core program capabilities.
    • Identify program accountabilities, roles, and responsibilities.
    • Build an implementation roadmap to ensure its components work together in a systematic way to meet business requirements.

    Design and Implement a Business-Aligned Security Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Design and Implement a Business-Aligned Security Strategy – A step-by-step guide on how to understand what makes your organization unique and design a security program with capabilities that create business value.

    This storyboard will help you lay foundations for your security program that will inform future security program decisions and give your leadership team the information they need to support your success. You will evaluate design factors that make your organization unique, prioritize the security capabilities to suit, and assess the maturity of key security program components including security governance, security strategy, security architecture, service design, and service metrics.

    • Design and Implement a Business-Aligned Security Program Storyboard

    2. Security Program Design Tool – Tailor the security program to what makes your organization unique to ensure business-alignment.

    Use this Excel workbook to evaluate your security program against ten key design factors. The tool will produce a goals cascade that shows the relationship between business and security goals, a prioritized list of security capabilities that align to business requirements, and a list of program accountabilities.

    • Security Program Design Tool

    3. Security Program Design and Implementation Plan – Assess the current state of different security program components, plan next steps, and communicate the outcome to stakeholders.

    This second Excel workbook will help you conduct a gap analysis on key security program components and identify improvement initiatives. You can then use the Security Program Design and Implementation Plan to collect results from the design and implementation tools and draft a communication deck.

    • Security Program Implementation Tool
    • Security Program Design and Implementation Plan

    Infographic

    Workshop: Design and Implement a Business-Aligned Security Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Initial Security Program Design

    The Purpose

    Determine the initial design of your security program.

    Key Benefits Achieved

    An initial prioritized list of security capabilities that aligns with enterprise strategy and goals.

    Activities

    1.1 Review Info-Tech diagnostic results.

    1.2 Identify project context.

    1.3 Identify enterprise strategy.

    1.4 Identify enterprise goals.

    1.5 Build a goal cascade.

    1.6 Assess the risk profile.

    1.7 Identify IT-related issues.

    1.8 Evaluate initial program design.

    Outputs

    Stakeholder satisfaction with program

    Situation, challenges, opportunities

    Initial set of prioritized security capabilities

    Initial set of prioritized security capabilities

    Initial set of prioritized security capabilities

    Initial set of prioritized security capabilities

    Initial set of prioritized security capabilities

    Initial set of prioritized security capabilities

    2 Refine Security Program Capabilities

    The Purpose

    Refine the design of your security program.

    Key Benefits Achieved

    A refined, prioritized list of security capabilities that reflects what makes your organization unique.

    Activities

    2.1 Gauge threat landscape.

    2.2 Identify compliance requirements.

    2.3 Categorize the role of IT.

    2.4 Identify the sourcing model.

    2.5 Identify the IT implementation model.

    2.6 Identify the tech adoption strategy.

    2.7 Refine the scope of the program.

    Outputs

    Refined set of prioritized security capabilities

    Refined set of prioritized security capabilities

    Refined set of prioritized security capabilities

    Refined set of prioritized security capabilities

    Refined set of prioritized security capabilities

    Refined set of prioritized security capabilities

    Refined set of prioritized security capabilities

    3 Security Program Gap Analysis

    The Purpose

    Finalize security program design.

    Key Benefits Achieved

    Key accountabilities to support the security program

    Gap analysis to produce an improvement plan

    Activities

    3.1 Identify program accountabilities.

    3.2 Conduct program gap analysis.

    3.3 Prioritize initiatives.

    Outputs

    Documented program accountabilities.

    Security program gap analysis

    Security program gap analysis

    4 Roadmap and Implementation Plan

    The Purpose

    Create and communicate an improvement roadmap for the security program.

    Key Benefits Achieved

    Security program design and implementation plan to organize and communicate program improvements.

    Activities

    4.1 Build program roadmap

    4.2 Finalize implementation plan

    4.3 Sponsor check-in

    Outputs

    Roadmap of program improvement initiatives

    Roadmap of program improvement initiatives

    Communication deck for program design and implementation

    Further reading

    Design a Business-Aligned Security Program

    Focus on business value first.

    EXECUTIVE BRIEF

    Analyst Perspective

    Business alignment is no accident.

    Michel Hébert

    Security leaders often tout their choice of technical security framework as the first and most important program decision they make. While the right framework can help you take a snapshot of the maturity of your program and produce a quick strategy and roadmap, it won’t help you align, modernize, or transform your program to meet emerging business requirements.

    Common technical security frameworks focus on operational controls rather than business services and value creation. They are difficult to convey to business stakeholders and provide little program management or implementation guidance.

    Focus on business value first, and the security services that enable it. Your organization has its own distinct character and profile. Understand what makes your organization unique, then design and refine the design of your security program to ensure it supports the right capabilities. Next, collaborate with stakeholders to ensure the right accountabilities, roles, and responsibilities are in place to support the implementation of the security program.

    Michel Hébert
    Research Director, Security & Privacy
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • You need to build a security program that enables business services and secures the technology that makes them possible.
    • Building an effective, business-aligned security program requires that you coordinate many components, including technologies, processes, organizational structures, information flows, and behaviors.
    • The program must prioritize the right capabilities, and support its implementation with clear accountabilities, roles, and responsibilities.
    • Common security frameworks focus on operational controls rather than business value creation, are difficult to convey to stakeholders, and provide little implementation guidance.
    • A security strategy can provide a snapshot of your program, but it won’t help you modernize or transform it, or align it to meet emerging business requirements.
    • There is no unique, one-size-fits-all security program. Each organization has a distinct character and profile and differs from others in several critical respects.

    Tailor your security program according to what makes your organization unique.

    • Analyze critical design factors to determine and refine the design of your security program and prioritize core program capabilities.
    • Identify program accountabilities, roles, and responsibilities.
    • Build an implementation roadmap to ensure its components work together in a systematic way to meet business requirements.

    Info-Tech Insight

    You are a business leader who supports business goals and mitigates risk. Focus first on business value and the security services that enable it, not security controls.

    Your challenge

    The need for a solid and responsive security program has never been greater.

    • You need to build a security program that enables business services and secures the technology that makes them possible.
    • Building an effective, business-aligned security program requires that you coordinate many components, including technologies, processes, organizational structures, information flows, and behaviors.
    • The program must prioritize the right capabilities, and support its implementation with clear accountabilities, roles, and responsibilities.
    • You must communicate effectively with stakeholders to describe the risks the organization faces, their likely impact on organizational goals, and how the security program will mitigate those risks and support the creation of business value.
    • Ransomware is a persistent threat to organizations worldwide across all industries.
    • Cybercriminals deploying ransomware are evolving into a growing and sophisticated criminal ecosystem that will continue to adapt to maximize its profits.

    • Critical infrastructure is increasingly at risk.
    • Malicious agents continue to target critical infrastructure to harm industrial processes and the customers they serve State-sponsored actors are expected to continue to target critical infrastructure to collect information through espionage, pre-position in case of future hostilities, and project state power.

    • Disruptive technologies bring new threats.
    • Malicious actors increasingly deceive or exploit cryptocurrencies, machine learning, and artificial intelligence technologies to support their activities.

    Sources: CCCS (2023), CISA (2023), ENISA (2023)

    Your challenge

    Most security programs are not aligned with the overall business strategy.

    50% Only half of leaders are framing the impact of security threats as a business risk.

    49% Less than half of leaders align security program cost and risk reduction targets with the business.

    57% Most leaders still don’t regularly review security program performance of the business.

    Source: Tenable, 2021

    Common obstacles

    Misalignment is hurting your security program and making you less influential.

    Organizations with misaligned security programs have 48% more security incidents...

    …and the cost of their data breaches are 40% higher than those with aligned programs.

    37% of stakeholders still lack confidence in their security program.

    54% of senior leaders still doubt security gets the goals of the organization.

    Source: Frost & Sullivan, 2019
    Source: Ponemon, 2023

    Common obstacles

    Common security frameworks won’t help you align your program.

    • Common security frameworks focus on operational controls rather than business value creation, are difficult to convey to stakeholders, and provide little implementation guidance.
    • A security strategy based on the right framework can provide a snapshot of your program, but it won’t help you modernize, transform, or align your program to meet emerging business requirements.
    • The lack of guidance leads to a lack of structure in the way security services are designed and managed, which reduces service quality, increases security friction, and reduces business satisfaction.

    There is no unique, one-size-fits-all security program.

    • Each organization has a distinct character and profile and differs from others in several critical respects. The security program for a cloud-first, DevOps environment must emphasize different capabilities and accountabilities than one for an on-premise environment and a traditional implementation model.

    Info-Tech’s approach

    You are a business leader who supports business goals and mitigates risk.

    • Understand what makes your organization unique, then design and refine a security program with capabilities that create business value.
    • Next, collaborate with stakeholders to ensure the right accountabilities, roles, and responsibilities are in place, and build an implementation roadmap to ensure its components work together over time.

    Security needs to evolve as a business strategy.

    • Laying the right foundations for your security program will inform future security program decisions and give your leadership team the information they need to support your success. You can do it in two steps:
      • Evaluate the design factors that make your organization unique and prioritize the security capabilities to suit. Info-Tech’s approach is based on the design process embedded in the latest COBIT framework.
      • Review the key components of your security program, including security governance, security strategy, security architecture, service design, and service metrics.

    If you build it, they will come

    “There's so much focus on better risk management that every leadership team in every organization wants to be part of the solution.

    If you can give them good data about what things they really need to do, they will work to understand it and help you solve the problem.”

    Dan Bowden, CISO, Sentara Healthcare (Tenable)

    Design a Business-Aligned Security Program

    The image contains a screenshot of how to Design a business-aligned security program.


    Choose your own adventure

    This blueprint is ideal for new CISOs and for program modernization initiatives.

    1. New CISO

    “I need to understand the business, prioritize core security capabilities, and identify program accountabilities quickly.”

    2. Program Renewal

    “The business is changing, and the threat landscape is shifting. I am concerned the program is getting stale.”

    Use this blueprint to understand what makes your organization unique:

    1. Prioritize security capabilities.
    2. Identify program accountabilities.
    3. Plan program implementation.

    If you need a deep dive into governance, move on to a security governance and management initiative.

    3. Program Update

    “I am happy with the fundamentals of my security program. I need to assess and improve our security posture.”

    Move on to our guidance on how to Build an Information Security Strategy instead.

    Info-Tech’s methodology for security program design

    Define Scope of
    Security Program

    Refine Scope of
    Security Program

    Finalize Security
    Program Design

    Phase steps

    1.1 Identify enterprise strategy

    1.2 Identify enterprise goals

    1.3 Assess the risk profile

    1.4 Identify IT-related issues

    1.5 Define initial program design

    2.1 Gage threats and compliance

    2.2 Assess IT role and sourcing

    2.3 Assess IT implementation model

    2.4 Assess tech adoption strategy

    2.5 Refine program design

    3.1 Identify program accountabilities

    3.2 Define program target state

    3.3 Build program roadmap

    Phase outcomes

    • Initial security program design
    • Refined security program design
    • Prioritized set of security capabilities
    • Program accountabilities
    • Program gap closure initiatives

    Tools

    Insight Map

    You are a business leader first and a security leader second

    Technical security frameworks are static and focused on operational controls and standards. They belong in your program’s solar system but not at its center. Design your security program with business value and the security services that enable it in mind, not security controls.

    There is no one-size-fits-all security program
    Tailor your security program to your organization’s distinct profile to ensure the program generates value.

    Lay the right foundations to increase engagement
    Map out accountabilities, roles, and responsibilities to ensure the components of your security program work together over time to secure and enable business services.

    If you build it, they will come
    Your executive team wants to be part of the solution. If you give them reliable data for the things they really need to do, they will work to understand and help you solve the problem.

    Blueprint deliverables

    Info-Tech supports project and workshop activities with deliverables to help you accomplish your goals and accelerate your success.

    Security Program Design Tool

    Tailor the security program to what makes your organization unique to ensure alignment.

    The image contains a screenshot of the Security Program Design Tool.

    Security Program Implementation Tool

    Assess the current state of different security program components and plan next steps.



    SecurityProgram Design and Implementation Plan

    Communicate capabilities, accountabilities, and implementation initiatives.

    The image contains a screenshot of the Security Program Design and Implementation Plan.

    Key deliverable

    Security Program Design and Implementation Plan

    The design and implementation plan captures the key insights your work will generate, including:

    • A prioritized set of security capabilities aligned to business requirements.
    • Security program accountabilities.
    • Security program implementation initiatives.

    Blueprint benefits

    IT Benefits

    Business Benefits

    • Laying the right foundations for your security program will:
      • Inform the future security governance, security strategy, security architecture, and service design decisions you need to make.
      • Improve security service design and service quality, reduce security friction, and increase business satisfaction with the security program.
      • Help you give your leadership team the information they need to support your success.
      • Improve the standing of the security program with business leaders.
    • Organizations with a well-aligned security program:
      • Improve security risk management, performance measurement, resource management, and value delivery.
      • Lower rates of security incidents and lower-cost security breaches.
      • Align costs, performance, and risk reduction objectives with business needs.
      • Are more satisfied with their security program.

    Measure the value of using Info-Tech’s approach

    Assess the effectiveness of your security program with a risk-based approach.

    Deliverable

    Challenge

    Security Program Design

    • Prioritized set of security capabilities
    • Program accountabilities
    • Devise and deploy an approach to gather business requirements, identify and prioritize relevant security capabilities, and assign program accountabilities.
    • Cost and Effort : 2 FTEs x 90 days x $130,000/year

    Program Assessment and Implementation Plan

    • Security program assessment
    • Roadmap of gap closure initiatives
    • Devise and deploy an approach to assess the current state of your security program, identify gap closure or improvement initiatives, and build a transformation roadmap.
    • Cost and Effort : 2 FTEs x 90 days x $130,000/year

    Measured Value

    • Using Info-Tech’s best practice methodology will cut the cost and effort in half.
    • Savings: 2 FTEs x 45 days x $130,000/year = $65,000

    Measure the impact of your project

    Use Info-Tech diagnostics before and after the engagement to measure your progress.

    • Info-Tech diagnostics are standardized surveys that produce historical and industry trends against which to benchmark your organization.
    • Run the Security Business Satisfaction and Alignment diagnostic now, and again in twelve months to assess business satisfaction with the security program and measure the impact of your program improvements.
    • Reach out to your account manager or follow the link to deploy the diagnostic and measure your success. Diagnostics are included in your membership.

    Inform this step with Info-Tech diagnostic results

    • Info-Tech diagnostics are standardized surveys that accelerate the process of gathering and analyzing pain point data.
    • Diagnostics also produce historical and industry trends against which to benchmark your organization.
    • Reach out to your account manager or follow the links to deploy some or all these diagnostics to validate your assumptions. Diagnostics are included in your membership.

    Governance & Management Maturity Scorecard
    Understand the maturity of your security program across eight domains.
    Audience: Security Manager

    Security Business Satisfaction and Alignment Report
    Assess the organization’s satisfaction with the security program.
    Audience: Business Leaders

    CIO Business Vision
    Assess the organization’s satisfaction with IT services and identify relevant challenges.
    Audience: Business Leaders

    Executive Brief Case Study

    INDUSTRY: Higher Education

    SOURCE: Interview

    Building a business-aligned security program

    Portland Community College (PCC) is the largest post-secondary institution in Oregon and serves more than 50,000 students each year. The college has a well-established information technology program, which supports its education mission in four main campuses and several smaller centers.

    PCC launched a security program modernization effort to deal with the evolving threat landscape in higher education. The CISO studied the enterprise strategy and goals and reviewed the college’s risk profile and compliance requirements. The exercise helped the organization prioritize security capabilities for the renewal effort and informed the careful assessment of technical controls in the current security program.

    Results

    Laying the right foundations for the security program helped the security function understand how to provide the organization with a clear report of its security posture. The CISO now reports directly to the board of directors and works with stakeholders to align cost, performance, and risk reduction objectives with the needs of the college.

    The security program modernization effort prioritized several critical design factors

    • Enterprise Strategy
    • Enterprise Goals
    • IT Risk Profile
    • IT-Related Issues
    • IT Threat Landscape
    • Compliance Requirements

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1:
    Scope requirements, objectives, and specific challenges.

    Call #2:
    Define business context, assess risk profile, and identify existing security issues.

    Define initial design of security program.

    Call #3:
    Evaluate threat landscape and compliance requirements.

    Call #4:
    Analyze the role of IT, the security sourcing model, technology adoption, and implementation models.

    Refine the design of the security program.

    Call #5:
    Identify program accountabilities.

    Call #6:
    Design program target state and draft security program implementation plan.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 4 to 6 calls over the course of 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5

    Initial Security
    Program Design

    Refine Security
    Program Design

    Security Program
    Gap Analysis

    Roadmap and Implementation Plan

    Next Steps and
    Wrap-Up (offsite)

    Activities

    1.1.0 Review Info-Tech diagnostic results

    1.1.1 Identify project context

    1.1.2 Identify enterprise strategy

    1.2.1 Identify enterprise goals

    1.2.2 Build a goals cascade

    1.3 Assess the risk profile

    1.4 Identify IT-related issues

    1.5 Evaluate initial program design

    2.1.1 Gauge threat landscape

    2.1.2 Identify compliance requirements

    2.2.1 Categorize the role of IT

    2.2.2 Identify the sourcing model

    2.3.1 Identify the IT implementation model

    2.4.1 Identify the tech adoption strategy

    2.5.1 Refine the design of the program

    3.1 Identify program accountabilities

    3.2.1 Conduct program gap analysis

    3.2.2 Prioritize initiatives

    3.3.1 Build program roadmap

    3.3.2 Finalize implementation plan

    3.3.3 Sponsor check-in

    4.1 Complete in-progress deliverables from previous four days

    4.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables

    1. Project context
    2. Stakeholder satisfaction feedback on security program
    3. Initial set of prioritized security capabilities
    1. Refined set of prioritized security capabilities
    1. Documented program accountabilities
    2. Security program gap analysis
    1. Roadmap of initiatives
    2. Communication deck for program design and implementation
    1. Completed security program design
    2. Security program design and implementation plan

    Customize your journey

    The security design blueprint pairs well with security governance and security strategy.

    • The prioritized set of security capabilities you develop during the program design project will inform efforts to develop other parts of your security program, like the security governance and management program and the security strategy.
    • Work with your member services director, executive advisor, or technical counselor to scope the journey you need. They will work with you to align the subject matter experts to support your roadmap and workshops.

    Workshop
    Days 1 and 2

    Workshop
    Days 3 and 4

    Security Program Design Factors

    Security Program Gap Analysis or
    Security Governance and Management

    z-Series Modernization and Migration

    • Buy Link or Shortcode: {j2store}114|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    Under the best of circumstances, mainframe systems are complex, expensive, and difficult to scale. In today’s world, applications written for mainframe legacy systems also present significant operational challenges to customers compounded by the dwindling pool of engineers who specialize in these outdated technologies. Many organizations want to migrate their legacy applications to the cloud but to do so they need to go through a lengthy migration process that is made more challenging by the complexity of mainframe applications.

    Our Advice

    Critical Insight

    The most common tactic is for the organization to better realize their z/Series options and adopt a strategy built on complexity and workload understanding. To make the evident, obvious, the options here for the non-commodity are not as broad as with commodity server platforms and the mainframe is arguably the most widely used and complex non-commodity platform on the market.

    Impact and Result

    This research will help you:

    • Evaluate the future viability of this platform.
    • Assess the fit and purpose, and determine TCO
    • Develop strategies for overcoming potential challenges.
    • Determine the future of this platform for your organization.

    z/Series Modernization and Migration Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. z/Series Modernization and Migration Guide – A brief deck that outlines key migration options and considerations for the z/Series platform.

    This blueprint will help you assess the fit, purpose, and price; develop strategies for overcoming potential challenges; and determine the future of z/Series for your organization.

    • z/Series Modernization and Migration Storyboard

    2. Scale Up vs. Scale Out TCO Tool – A tool that provides organizations with a framework for TCO.

    Use this tool to play with the pre-populated values or insert your own amounts to compare possible database decisions, and determine the TCO of each. Note that common assumptions can often be false; for example, open-source Cassandra running on many inexpensive commodity servers can actually have a higher TCO over six years than a Cassandra environment running on a larger single expensive piece of hardware. Therefore, calculating TCO is an essential part of the database decision process.

    • Scale Up vs. Scale Out TCO Tool
    [infographic]

    Further reading

    z/Series Modernization and Migration

    The biggest migration is yet to come.

    Executive Summary

    Info-Tech Insight

    “A number of market conditions have coalesced in a way that is increasingly driving existing mainframe customers to consider running their application workloads on alternative platforms. In 2020, the World Economic Forum noted that 42% of core skills required to perform existing jobs are expected to change by 2022, and that more than 1 billion workers need to be reskilled by 2030.” – Dale Vecchio

    Your Challenge

    It seems like anytime there’s a new CIO who is not from the mainframe world there is immediate pressure to get off this platform. However, just as there is a high financial commitment required to stay on System Z, moving off is risky and potentially more costly. You need to truly understand the scale and complexity ahead of the organization.

    Common Obstacles

    Under the best of circumstances, mainframe systems are complex, expensive, and difficult to scale. In today’s world, applications written for mainframe legacy systems also present significant operational challenges to customers compounded by the dwindling pool of engineers who specialize in these outdated technologies. Many organizations want to migrate their legacy applications to the cloud, but to do so they need to go through a lengthy migration process that is made more challenging by the complexity of mainframe applications.

    Info-Tech Approach

    The most common tactic is for the organization to better realize its z/Series options and adopt a strategy built on complexity and workload understanding. To make the evident, obvious: the options here for the non-commodity are not as broad as with commodity server platforms and the mainframe is arguably the most widely used and complex non-commodity platform on the market.

    Review

    We help IT leaders make the most of their z/Series environment

    Problem statement:

    The z/Series remains a vital platform for many businesses and continues to deliver exceptional reliability and performance and play a key role in the enterprise. With the limited and aging resources at hand, CIOs and the like must continually review and understand their migration path with the same regard as any other distributed system roadmap.

    This research is designed for:

    IT strategic direction decision makers.

    IT managers responsible for an existing z/Series platform.

    Organizations evaluating platforms for mission critical applications.

    This research will help you:

    1. Evaluate the future viability of this platform.
    2. Assess the fit and purpose, and determine TCO.
    3. Develop strategies for overcoming potential challenges.
    4. Determine the future of this platform for your organization.

    Analyst Perspective

    Good Luck.

    Darin Stahl.

    Modernize the mainframe … here we go again.

    Prior to 2020, most organizations were muddling around in “year eleven of the four-year plan” to exit the mainframe platform where a medium-term commitment to the platform existed. Since 2020, it appears the appetite for the mainframe platform changed. Again. Discussions mostly seem to be about what the options are beyond hardware outsourcing or re-platforming to “cloud” migration of workloads – mostly planning and strategy topics. A word of caution: it would appear unwise to stand in front of the exit door for fear of being trampled.

    Hardware expirations between now and 2025 are motivating hosting deployments. Others are in migration activities, and some have already decommissioned and migrated but now are trying to rehab the operations team now lacking direction and/or structure.

    There is little doubt that modernization and “digital transformation” trends will drive more exit traffic, so IT leaders who are still under pressure to get off the platform need to assess their options and decide. Being in a state of perpetually planning to get off the mainframe handcuffs your ability to invest in the mainframe, address deficiencies, and improve cost-effectiveness.

    Darin Stahl
    Principal Research Advisor, Infrastructure & Operations Research
    Info-Tech Research Group

    The mainframe “fidget spinner”

    Thinking of modernizing your mainframe can cause you angst so grab a fidget spinner and relax because we have you covered!

    External Business Pressures:

    • Digital transformation
    • Modernization programs
    • Compliance and regulations
    • TCO

    Internal Considerations:

    • Reinvest
    • Migrate to a new platform
    • Evaluate public and vendor cloud alternatives
    • Hosting versus infrastructure outsourcing

    Info-Tech Insight

    With multiple control points to be addressed, care must be taken to simplify your options while addressing all concerns to ease operational load.

    The analyst call review

    “Who has Darin talked with?” – Troy Cheeseman

    Dating back to 2011, Darin Stahl has been the primary z/Series subject matter expert within the Infrastructure & Operations Research team. Below represents the percentage of calls, per industry, where z/Series advisory has been provided by Darin*:

    37% - State Government

    19% - Insurance

    11% - Municipality

    8% - Federal Government

    8% - Financial Services

    5% - Higher Education

    3% - Retail

    3% - Hospitality/Resort

    3% - Logistics and Transportation

    3% - Utility

    Based on the Info-Tech call history, there is a consistent cross section of industry members who not only rely upon the mainframe but are also considering migration options.

    Note:

    Of course, this only represents industries who are Info-Tech members and who called for advisory services about the mainframe.

    There may well be more Info-Tech members with mainframes who have no topic to discuss with us about the mainframe specifically. Why do we mention this?

    We caution against suggesting things like, ”somewhat less than 50% of mainframes live in state data centers” or any other extrapolated inference from this data.

    Our viewpoint and discussion is based on the cases and the calls that we have taken over the years.

    *37+ enterprise calls were reviewed and sampled.

    Scale out versus scale up

    For most workloads “scale out" (e.g. virtualized cloud or IaaS ) is going to provide obvious and quantifiable benefits.

    However, with some workloads (extremely large analytics or batch processing ) a "scale up" approach is more optimal. But the scale up is really limited to very specific workloads. Despite some assumptions, the gains made when moving from scale up to scale out are not linear.

    Obviously, when you scale out from a performance perspective you experience a drop in what a single unit of compute can do. Additionally, there will be latency introduced in the form of network overhead, transactions, and replication into operations that were previously done just bypassing object references within a single frame.

    Some applications or use cases will have to be architected or written differently (thinking about the high-demand analytic workloads at large scale). Remember the “grid computing” craze that hit us during the early part of this century? It was advantageous for many to distribute work across a grid of computing devices for applications but the advantage gained was contingent on the workload able to be parsed out as work units and then pulled back together through the application.

    There can be some interesting and negative consequences for analytics or batch operations in a large scale as mentioned above. Bottom line, as experienced previously with Microfocus mainframe ports to x86, the batch operations simply take much longer to complete.

    Big Data Considerations*:

    • Value: Data has no inherent value until it’s used to solve a business problem.
    • Variety: The type of data being produced is increasingly diverse and ranges from email and social media to geo-spatial and photographic data. This data may be difficult to process using a structured data model.
    • Volume: The sheer size of the datasets is growing exponentially, often ranging from terabytes to petabytes. This is complicating traditional data management strategies.
    • Velocity: The increasing speed at which data is being collected and processed is also causing complications. Big data is often time sensitive and needs to be captured in real time as it is streaming into the enterprise.

    *Build a Strategy for Big Data Platforms

    Consider your resourcing

    Below is a summary of concerns regarding core mainframe skills:

    1. System Management (System Programmers): This is the most critical and hard-to-replace skill since it requires in-depth low-level knowledge of the mainframe (e.g. at the MVS level). These are skills that are generally not taught anymore, so there is a limited pool of experienced system programmers.
    2. Information Management System (IMS) Specialists: Requires a combination of mainframe knowledge and data analysis skills, which makes this a rare skill set. This is becoming more critical as business intelligence takes on an ever-increasing focus in most organizations.
    3. Application Development: The primary concern here is a shortage of developers skilled in older languages such as COBOL. It should be noted that this is an application issue; for example, this is not solved by migrating off mainframes.
    4. Mainframe Operators: This is an easier skill set to learn, and there are several courses and training programs available. An IT person new to mainframes could learn this position in about six weeks of on-the-job training.
    5. DB2 Administration: Advances in database technology have simplified administration (not just for DB2 but also other database products). As a result, as with mainframe operators, this is a skill set that can be learned in a short period of time on the job.

    The Challenge

    An aging workforce, specialized skills, and high salary expectations

    • Mainframe specialists, such as system programmers and IMS specialists, are typically over 50, have a unique skill set, and are tasked with running mission-critical systems.

    The In-House Solution:

    Build your mentorship program to create a viable succession plan

    • Get your money’s worth out of your experienced staff by having them train others.
    • Operator skills take about six weeks to learn. However, it takes about two years before a system programmer trainee can become fully independent. This is similar to the learning curve for other platforms; however, this is a more critical issue for mainframes since organizations have far fewer mainframe specialists to fall back on when senior staff retire or move on.

    Understand your options

    Migrate to another platform

    Use a hosting provider

    Outsource

    Re-platform (cloud/vendors)

    Reinvest

    There are several challenges to overcome in a migration project, from finding an appropriate alternative platform to rewriting legacy code. Many organizations have incurred huge costs in the attempt, only to be unsuccessful in the end, so make this decision carefully.

    Organizations often have highly sensitive data on their mainframes (e.g. financial data), so many of these organizations are reluctant to have this data live outside of their four walls. However, the convenience of using a hosting provider makes this an attractive option to consider.

    The most common tactic is for the organization to adopt some level of outsourcing for the non-commodity platform, retaining the application support/development in-house.

    A customer can “re-platform” the non-commodity workload into public cloud offerings or in a few offerings
    “re-host.”

    If you’re staying with the mainframe and keeping it in-house, it’s important to continue to invest in this platform, keep it current, and look for opportunities to optimize its value.

    Migrate

    Having perpetual plans to migrate handcuffs your ability to invest in your mainframe, extend its value, and improve cost effectiveness.

    If this sounds like your organization, it’s time to do the analysis so you can decide and get clarity on the future of the mainframe in your organization.

    1. Identify current performance, availability, and security requirements. Assess alternatives based on this criteria.
    2. Review and use Info-Tech’s Mainframe TCO Comparison Tool to compare mainframe costs to the potential alternative platform.
    3. Assess the business risks and benefits. Can the alternative deliver the same performance, reliability, and security? If not, what are the risks? What do you gain by migrating?
    4. If migration is still a go, evaluate the following:
    • Do you have the expertise or a reliable third party to perform the migration, including code rewrites?
    • How long will the migration take? Can the business function effectively during this transition period?
    • How much will the migration cost? Is the value you expect to gain worth the expense?

    *3 of the top 4 challenges related to shortfalls of alternative platforms

    The image contains a bar graph that demonstrates challenges related to shortfalls of alternative platforms.

    *Source: Maximize the Value of IBM Mainframes in My Business

    Hosting

    Using a hosting provider is typically more cost-effective than running your mainframe in-house.

    Potential for reduced costs

    • Hosting enables you to reduce or eliminate your mainframe staff.
    • Economies of scale enable hosting providers to reduce software licensing costs. They also have more buying power to negotiate better terms.
    • Power and cooling costs are also transferred to the hosting provider.

    Reliable infrastructure and experienced staff

    • A quality hosting provider will have 24/7 monitoring, full redundancy, and proven disaster recovery capabilities.
    • The hosting provider will also have a larger mainframe staff, so they don’t have the same risk of suddenly being without those advanced critical skills.

    So, what are the risks?

    • A transition to a hosting provider usually means eliminating or significantly reducing your in-house mainframe staff. With that loss of in-house expertise, it will be next to impossible to bring the mainframe back in-house, and you become highly dependent on your hosting provider.

    Outsourcing

    The most common tactic is for the organization to adopt some level of outsourcing for the non-commodity platform, retaining the application support/development in-house.

    The options here for the non-commodity (z/Series, IBM Power platforms, for example) are not as broad as with commodity server platforms. More confusingly, the term “outsourcing” for these can include:

    Traditional/Colocation – A customer transitions their hardware environment to a provider’s data center. The provider can then manage the hardware and “system.”

    Onsite Outsourcing – Here a provider will support the hardware/system environment at the client’s site. The provider may acquire the customer’s hardware and provide software licenses. This could also include hiring or “rebadging” staff supporting the platform. This type of arrangement is typically part of a larger services or application transformation. While low risk, it is not as cost-effective as other deployment models.

    Managed Hosting – A customer transitions their legacy application environment to an off-prem hosted multi-tenanted environment. It will provide the most cost savings following the transition, stabilization, and disposal of existing environment. Some providers will provide software licensing, and some will also support “Bring Your Own,” as permitted by IBM terms for example.

    Info-Tech Insight

    Technical debt for non-commodity platforms isn’t only hardware based. Moving an application written for the mainframe onto a “cheaper” hardware platform (or outsourced deployment) leaves the more critical problems and frequently introduces a raft of new ones.

    Re-platform – z/Series COBOL Cloud

    Re-platforming is not trivial.

    While the majority of the coded functionality (JCLs, programs, etc.) migrate easily, there will be a need to re-code or re-write objects – especially if any object, code, or location references are not exactly the same in the new environment.

    Micro Focus has solid experience in this but if consider it within the context of an 80/20 rule (the actual metrics might be much better than that), meaning that some level of rework would have to be accomplished as an overhead to the exercise.

    Build that thought into your thinking and business case.

    AWS Cloud

    • Astadia (an AWS Partner) is re-platforming mainframe workloads to AWS. With its approach you reuse the original application source code and data to AWS services. Consider reviewing Amazon’s “Migrating a Mainframe to AWS in 5 Steps.”

    Azure Cloud

    Micro Focus COBOL (Visual COBOL)

    • Micro Focus' Visual COBOL also supports running COBOL in Docker containers and managing and orchestrating the containers with Kubernetes. I personally cannot imagine what sort of drunken bender decision would lead me to move COBOL into Docker and then use Kubernetes to run in GCP but there you are...if that's your Jam you can do it.

    Re-platform – z/Series (Non-COBOL)

    But what if it's not COBOL?

    Yeah, a complication for this situation is the legacy code.

    While re-platforming/re-hosting non-COBOL code is not new, we have not had many member observations compared to the re-platforming/re-hosting of COBOL functionality initiatives.

    That being said, there are a couple of interesting opportunities to explore.

    NTT Data Services (GLOBAL)

    • Most intriguing is the re-hosting of a mainframe environment into AWS. Not sure if the AWS target supports NATURAL codebase; it does reference Adabas however (Re-Hosting Mainframe Applications to AWS with NTT DATA Services). Nevertheless, NTT has supported re-platforming and NATURAL codebase environments previously.

    ModernSystems (or ModSys) has relevant experience.

    • ModSys is the resulting entity following a merger between BluePhoenix and ATERAS a number of years ago. ATERAS is the entity I find references to within my “wayback machine” for member discussions. There are also a number of published case studies still searchable about ATERAS’ successful re-platforming engagements, including the California Public Employees Retirement System (CalPERS) most famously after the Accenture project to rewrite it failed.

    ATOS, as a hosting vendor mostly referenced by customers with global locations in a short-term transition posture, could be an option.

    Lastly, the other Managed Services vendors with NATURAL and Adabas capabilities:

    Reinvest

    By contrast, reducing the use of your mainframe makes it less cost-effective and more challenging to retain in-house expertise.

    • For organizations that have migrated applications off the mainframe (at least partly to reduce dependency on the platform), inevitably there remains a core set of mission critical applications that cannot be moved off for reasons described on the “Migrate” slide. This is when the mainframe becomes a costly burden:
      • TCO is relatively high due to low utilization.
      • In-house expertise declines as workload declines and current staffing allocations become harder to justify.
    • Organizations that are instead adding capacity and finding new ways to use this platform have lower cost concerns and resourcing challenges. The charts below illustrate this correlation. While some capacity growth is due to normal business growth, some is also due to new workloads, and it reflects an ongoing commitment to the platform.

    *92% of organizations that added capacity said TCO is lower than for commodity servers (compared to 50% of those who did not add capacity)

    *63% of organizations that added capacity said finding resources is not very difficult (compared to 42% of those who did not add capacity)

    The image contains a bar graph as described in the above text. The image contains a bar graph as described in the above text.

    *Maximize the Value of IBM Mainframes in My Business

    An important thought about data migration

    Mainframe data migrations – “VSAM, IMS, etc.”

    • While the application will be replaced and re-platformed, there is the historical VIN data remaining in the VSAM files and access via the application. The challenge is that a bulk conversion can add upfront costs and delay the re-platforming of the application functionality. Some shops will break the historical data migration into a couple of phases.
    • While there are technical solutions to accessing VSAM data stores, what I have observed with other members facing a similar scenario is a need to “shrink” the data store over time. The technical accesses to historical VSAM records would also have a lifespan, and rather than kicking the can down the road indefinitely, many have turned to a process-based solution allowing them to shrink the historical data store over time. I have observed three approaches to the handling or digitization of historical records like this:

    Temporary workaround. This would align with a technical solution allowing the VASM files to be accessed using platforms other than on mainframe hardware (Micro Focus or other file store trickery). This can be accomplished relatively quickly but does run the risk of technology obsolesce for the workaround at some point in the future.

    Bulk conversion. This method would involve the extract/transform/load of the historical records into the new application platform. Often the order of the conversion is completed on work newest to oldest (the idea is that the newest historical records would have the highest likelihood of an access need), but all files would be converted to the new application and the old data store destroyed.

    Forward convert, which would have files undergo the extract/transform/load conversion into the new application as they are accessed or reopened. This method would keep historical records indefinitely or until they are converted – or the legal retention schedule allows for their destruction (hopefully no file must be kept forever). This could be a cost-efficient approach since the historical files remaining on the VSAM platform would be shrunk over time based on demand from the district attorney process. The conversion process could be automated and scripted, with a QR step allowing for the records to be deleted from the old platform.

    Info-Tech Insight

    It is not usual for organizations to leverage options #2 and #3 above to move the functionality forward while containing the scope creep and costs for the data conversions.

    Enterprise class job scheduling

    Job scheduling or data center automation?

    • Enterprise class job scheduling solutions enable complex unattended batched programmatically conditioned task/job scheduling.
    • Data center automation (DCIM) software automates and orchestrates the processes and workflow for infrastructure operations including provisioning, configuring, patching of physical, virtual, and cloud servers, and monitoring of tasks involved in maintaining the operations of a data center or Infrastructure environment.
    • While there maybe some overlap and or confusion between data center automation and enterprise class job scheduling solutions, data center automation (DCIM) software solutions are least likely to have support for non-commodity server platforms and lack robust scheduling functionality.

    Note: Enterprise job scheduling is a topic with low member interest or demand. Since our published research is driven by members’ interest and needs, the lack of activity or member demand would obviously be a significant influence into our ability to aggregate shared member insight, trends, or best practices in our published agenda.

    Data Center Automation (DCIM) Software

    Orchestration/Provisioning Software

    Enterprise class job scheduling features

    The feature set for these tools is long and comprehensive. The feature list below is not exhaustive as specific tools may have additional product capabilities. At a minimum, the solutions offered by the vendors in the list below will have the following capabilities:

    • Automatic restart and recovery
    • File management
    • Integration with security systems such as AD
    • Operator alerts
    • Ability to control spooling devices
    • Cross-platform support
    • Cyclical scheduling
    • Deadline scheduling
    • Event-based scheduling / triggers
    • Inter-dependent jobs
    • External task monitoring (e.g. under other sub-systems)
    • Multiple calendars and time-zones
    • Scheduling of packaged applications (such as SAP, Oracle, JD Edwards)
    • The ability to schedule web applications (e.g. .net, java-based)
    • Workload analysis
    • Conditional dependencies
    • Critical process monitoring
    • Event-based automation (“self-healing” processes in response to common defined error conditions)
    • Graphical job stream/workflow visualization
    • Alerts (job failure notifications, task thresholds (too long, too quickly, missed windows, too short, etc.) via multiple channels
    • API’s supporting programmable scheduler needs
    • Virtualization support
    • Workload forecasting and workload planning
    • Logging and message data supporting auditing capabilities likely to be informed by or compliant with regulatory needs such as Sarbanes, Gramme-Leach
    • Historical reporting
    • Auditing reports and summaries

    Understand your vendors and tools

    List and compare the job scheduling features of each vendor.

    • This is not presented as an exhaustive list.
    • The list relies on observations aggregated from analyst engagements with Info-Tech Research Group members. Those member discussions tend to be heavily tilted toward solutions supporting non-commodity platforms.
    • Nothing is implied about a solution suitability or capability by the order of presentation or inclusion or absence in this list.

    ✓ Advanced Systems Concepts

    ✓ BMC

    ✓ Broadcom

    ✓ HCL

    ✓ Fortra

    ✓ Redwood

    ✓ SMA Technologies

    ✓ StoneBranch

    ✓ Tidal Software

    ✓ Vinzant Software

    Info-Tech Insight

    Creating vendor profiles will help quickly filter the solution providers that directly meet your z/Series needs.

    Advanced Systems Concepts

    ActiveBatch

    Workload Management:

    Summary

    Founded in 1981, ASCs ActiveBatch “provides a central automation hub for scheduling and monitoring so that business-critical systems, like CRM, ERP, Big Data, BI, ETL tools, work order management, project management, and consulting systems, work together seamlessly with minimal human intervention.”*

    URL

    advsyscon.com

    Coverage:

    Global

    Amazon EC2

    Hadoop Ecosystem

    IBM Cognos

    DataStage

    IBM PureData (Netezza)

    Informatica Cloud

    Microsoft Azure

    Microsoft Dynamics AX

    Microsoft SharePoint

    Microsoft Team Foundation Server

    Oracle EBS

    Oracle PeopleSoft

    SAP

    BusinessObjects

    ServiceNow

    Teradata

    VMware

    Windows

    Linux

    Unix

    IBM i

    *Advanced Systems Concepts, Inc.


    BMC

    Control-M

    Workload Management:

    Summary

    Founded in 1980, BMCs Control-M product “simplifies application and data workflow orchestration on premises or as a service. It makes it easy to build, define, schedule, manage, and monitor production workflows, ensuring visibility, reliability, and improving SLAs.”*

    URL

    bmc.com/it-solutions/control-m.html

    Coverage:

    Global

    AWS

    Azure

    Google Cloud Platform

    Cognos

    IBM InfoSphere

    DataStage

    SAP HANA

    Oracle EBS

    Oracle PeopleSoft

    BusinessObjects

    ServiceNow

    Teradata

    VMware

    Windows

    Linux

    Unix

    IBM i

    IBM z/OS

    zLinux

    *BMC

    Broadcom

    Atomic Automation

    Autosys Workload Automation

    Workload Management:

    Summary

    Broadcom offers Atomic Automation and Autosys Workload Automation which ”gives you the agility, speed and reliability required for effective digital business automation. From a single unified platform, Atomic centrally provides the orchestration and automation capabilities needed accelerate your digital transformation and support the growth of your company.”*

    URL

    broadcom.com/products/software/automation/automic-automation

    broadcom.com/products/software/automation/autosys

    Coverage:

    Global


    Windows

    MacOS

    Linux

    UNIX

    AWS

    Azure

    Google Cloud Platform

    VMware

    z/OS

    zLinux

    System i

    OpenVMS

    Banner

    Ecometry

    Hadoop

    Oracle EBS

    Oracle PeopleSoft

    SAP

    BusinessObjects

    ServiceNow

    Teradata

    VMware

    Windows

    Linux

    Unix

    IBM i

    *Broadcom

    HCL

    Workload Automation

    Workload Management:

    Summary

    “HCL Workload Automation streamlined modelling, advanced AI and open integration for observability. Accelerate the digital transformation of modern enterprises, ensuring business agility and resilience with our latest version of one stop automation platform. Orchestrate unattended and event-driven tasks for IT and business processes from legacy to cloud and kubernetes systems.”*

    URL

    hcltechsw.com/workload-automation

    Coverage:

    Global


    Windows

    MacOS

    Linux

    UNIX

    AWS

    Azure

    Google Cloud Platform

    VMware

    z/OS

    zLinux

    System i

    OpenVMS

    IBM SoftLayer

    IBM BigInsights

    IBM Cognos

    Hadoop

    Microsoft Dynamics 365

    Microsoft Dynamics AX

    Microsoft SQL Server

    Oracle E-Business Suite

    PeopleSoft

    SAP

    ServiceNow

    Apache Oozie

    Informatica PowerCenter

    IBM InfoSphere DataStage

    Salesforce

    BusinessObjects BI

    IBM Sterling Connect:Direct

    IBM WebSphere MQ

    IBM Cloudant

    Apache Spark

    *HCL Software

    Fortra

    JAMS Scheduler

    Workload Management:

    Summary

    Fortra’s “JAMS is a centralized workload automation and job scheduling solution that runs, monitors, and manages jobs and workflows that support critical business processes.

    JAMS reliably orchestrates the critical IT processes that run your business. Our comprehensive workload automation and job scheduling solution provides a single pane of glass to manage, execute, and monitor jobs—regardless of platforms or applications.”*

    URL

    jamsscheduler.com

    Coverage:

    Global


    OpenVMS

    OS/400

    Unix

    Windows

    z/OS

    SAP

    Oracle

    Microsoft

    Infor

    Workday

    AWS

    Azure

    Google Cloud Compute

    ServiceNow

    Salesforce

    Micro Focus

    Microsoft Dynamics 365

    Microsoft Dynamics AX

    Microsoft SQL Server

    MySQL

    NeoBatch

    Netezza

    Oracle PL/SQL

    Oracle E-Business Suite

    PeopleSoft

    SAP

    SAS

    Symitar

    *JAMS

    Redwood

    Redwood SaaS

    Workload Management:

    Summary

    Founded in 1993 and delivered as a SaaS solution, ”Redwood lets you orchestrate securely and reliably across any application, service or server, in the cloud or on-premises, all inside a single platform. Automation solutions are at the core of critical business operations such as forecasting, replenishment, reconciliation, financial close, order to cash, billing, reporting, and more. Enterprises in every industry — from manufacturing, utility, retail, and biotech to healthcare, banking, and aerospace.”*

    URL

    redwood.com

    Coverage:

    Global


    OpenVMS

    OS/400

    Unix

    Windows

    z/OS

    SAP

    Oracle

    Microsoft

    Infor

    Workday

    AWS

    Azure

    Google Cloud Compute

    ServiceNow

    Salesforce

    Github

    Office 365

    Slack

    Dropbox

    Tableau

    Informatica

    SAP BusinessObjects

    Cognos

    Microsoft Power BI

    Amazon QuickSight

    VMware

    Xen

    Kubernetes

    *Redwood

    Fortra

    Robot Scheduler

    Workload Management:

    Summary

    “Robot Schedule’s workload automation capabilities allow users to automate everything from simple jobs to complex, event-driven processes on multiple platforms and centralize management from your most reliable system: IBM i. Just create a calendar of when and how jobs should run, and the software will do the rest.”*

    URL

    fortra.com/products/job-scheduling-software-ibm-i

    Coverage:

    Global


    IBM i (System i, iSeries, AS/400)

    AIX/UNIX

    Linux

    Windows

    SQL/Server

    Domino

    JD Edwards EnterpriseOne

    SAP

    Automate Schedule (formerly Skybot Scheduler)

    *Fortra

    SMA Technologies

    OpCon

    Workload Management:

    Summary

    Founded in1980, SMA offers to “save time, reduce error, and free your IT staff to work on more strategic contributions with OpCon from SMA Technologies. OpCon offers powerful, easy-to-use workload automation and orchestration to eliminate manual tasks and manage workloads across business-critical operations. It's the perfect fit for financial institutions, insurance companies, and other transactional businesses.”*

    URL

    smatechnologies.com

    Coverage:

    Global

    Windows

    Linux

    Unix

    z/Series

    IBM i

    Unisys

    Oracle

    SAP

    Microsoft Dynamics AX

    Infor M3

    Sage

    Cegid

    Temenos

    FICS

    Microsoft Azure Data Management

    Microsoft Azure VM

    Amazon EC2/AWS

    Web Services RESTful

    Docker

    Google Cloud

    VMware

    ServiceNow

    Commvault

    Microsoft WSUS

    Microsoft Orchestrator

    Java

    JBoss

    Asysco AMT

    Tuxedo ART

    Nutanix

    Corelation

    Symitar

    Fiserv DNA

    Fiserv XP2

    *SMA Technologies

    StoneBranch

    Universal Automation Center (UAC)

    Workload Management:

    Summary

    Founded in 1999, ”the Stonebranch Universal Automation Center (UAC) is an enterprise-grade business automation solution that goes beyond traditional job scheduling. UAC's event-based workload automation solution is designed to automate and orchestrate system jobs and tasks across all mainframe, on-prem, and hybrid IT environments. IT operations teams gain complete visibility and advanced control with a single web-based controller, while removing the need to run individual job schedulers across platforms.”*

    URL

    stonebranch.com/it-automation-solutions/enterprise-job-scheduling

    Coverage:

    Global

    Windows

    Linux

    Unix

    z/Series

    Apache Kafka

    AWS

    Databricks

    Docker

    GitHub

    Google Cloud

    Informatica

    Jenkins

    Jscape

    Kubernetes

    Microsoft Azure

    Microsoft SQL

    Microsoft Teams

    PagerDuty

    PeopleSoft

    Petnaho

    RedHat Ansible

    Salesforce

    SAP

    ServiceNow

    Slack

    SMTP and IMAP

    Snowflake

    Tableau

    VMware

    *Stonebranch

    Tidal Software

    Workload Automation

    Workload Management:

    Summary

    Founded in 1979, Tidal’s Workload Automation will “simplify management and execution of end-to-end business processes with our unified automation platform. Orchestrate workflows whether they're running on-prem, in the cloud or hybrid environments.”*

    URL

    tidalsoftware.com

    Coverage:

    Global

    CentOS

    Linux

    Microsoft Windows Server

    Open VMS

    Oracle Cloud

    Oracle Enterprise Linux

    Red Hat Enterprise Server

    Suse Enterprise

    Tandem NSK

    Ubuntu

    UNIX

    HPUX (PA-RISC, Itanium)

    Solaris (Sparc, X86)

    AIX, iSeries

    z/Linux

    z/OS

    Amazon AWS

    Microsoft Azure

    Oracle OCI

    Google Cloud

    ServiceNow

    Kubernetes

    VMware

    Cisco UCS

    SAP R/3 & SAP S/4HANA

    Oracle E-Business

    Oracle ERP Cloud

    PeopleSoft

    JD Edwards

    Hadoop

    Oracle DB

    Microsoft SQL

    SAP BusinessObjects

    IBM Cognos

    FTP/FTPS/SFTP

    Informatica

    *Tidal

    Vinzant Software

    Global ECS

    Workload Management:

    Summary

    Founded in 1987, Global ECS can “simplify operations in all areas of production with the GECS automation framework. Use a single solution to schedule, coordinate and monitor file transfers, database operations, scripts, web services, executables and SAP jobs. Maximize efficiency for all operations across multiple business units intelligently and automatically.”*

    URL

    vinzantsoftware.com

    Coverage:

    Global

    Windows

    Linux

    Unix

    iSeries

    SAP R/3 & SAP S/4HANA

    Oracle, SQL/Server

    *Vizant Software

    Activity

    Scale Out or Scale Up

    Activities:

    1. Complete the Scale Up vs. Scale Out TCO Tool.
    2. Compare total lifecycle costs to determine TCO.

    This activity involves the following participants:

    IT strategic direction decision makers

    IT managers responsible for an existing z/Series platform

    Organizations evaluating platforms for mission critical applications

    Outcomes of this step:

    • Completed Scale Up vs. Scale Out TCO Tool

    Info-Tech Insight

    This checkpoint process creates transparency around agreement costs with the business and gives the business an opportunity to re-evaluate its requirements for a potentially leaner agreement.

    Scale out versus scale up activity

    The Scale Up vs. Scale Out TCO Tool provides organizations with a framework for estimating the costs associated with purchasing and licensing for a scale-up and scale-out environment over a multi-year period.

    Use this tool to:

    • Compare the pre-populated values.
    • Insert your own amounts to contrast possible database decisions and determine the TCO of each.
    The image contains screenshots of the Scale Up vs. Scale Out TCO Tool.

    Info-Tech Insight

    Watch out for inaccurate financial information. Ensure that the financials for cost match your maintenance and contract terms.

    Use the Scale Up vs. Scale Out TCO Tool to determine your TCO options.

    Related Info-Tech Research

    Effectively Acquire Infrastructure Services

    Acquiring a service is like buying an experience. Don’t confuse the simplicity of buying hardware with buying an experience.

    Outsource IT Infrastructure to Improve System Availability, Reliability, and Recovery

    There are very few IT infrastructure components you should be housing internally – outsource everything else.

    Build Your Infrastructure Roadmap

    Move beyond alignment: Put yourself in the driver’s seat for true business value.

    Define Your Cloud Vision

    Make the most of cloud for your organization.

    Document Your Cloud Strategy

    Drive consensus by outlining how your organization will use the cloud.

    Build a Strategy for Big Data Platforms

    Know where to start and where to focus attention in the implementation of a big data strategy.

    Create a Better RFP Process

    Improve your RFPs to gain leverage and get better results.

    Research Authors

    Darin Stahl.

    Darin Stahl, Principal Research Advisor, Info-Tech Research Group

    Darin is a Principal Research Advisor within the Infrastructure Practice, and leveraging 38+ years of experience, his areas of focus include: IT Operations Management, Service Desk, Infrastructure Outsourcing, Managed Services, Cloud Infrastructure, DRP/BCP, Printer Management, Managed Print Services, Application Performance Monitoring/ APM, Managed FTP, non-commodity servers (z/Series, mainframe, IBM i, AIX, Power PC).

    Troy Cheeseman.

    Troy Cheeseman, Practice Lead, Info-Tech Research Group

    Troy has over 25 years of IT management experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT Operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) start-ups.

    Bibliography

    “AWS Announces AWS Mainframe Modernization.” Business Wire, 30 Nov. 2021.
    de Valence, Phil. “Migrating a Mainframe to AWS in 5 Steps with Astadia?” AWS, 23 Mar. 2018.
    Graham, Nyela. “New study shows mainframes still popular despite the rise of cloud—though times are changing…fast?” WatersTechnology, 12 Sept. 2022.
    “Legacy applications can be revitalized with API.” MuleSoft, 2022.
    Vecchio, Dale. “The Benefits of Running Mainframe Applications on LzLabs Software Defined Mainframe® & Microsoft Azure.” LzLabs Sites, Mar. 2021.

    Prepare and Defend Against a Software Audit

    • Buy Link or Shortcode: {j2store}59|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $32,499 Average $ Saved
    • member rating average days saved: 6 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Audit defense starts long before you get audited. Negotiating your vendors’ audit rights and maintaining a documented consolidated licensing position ensure that you are not blindsided by a sudden audit request.
    • Notification of an impending audit can cause panic. Don't panic. While the notification will be full of strong language, your best chance of success is to take control of the situation. Prepare a measured response that buys you enough time to get your house in order before you let the vendor in.
    • If a free software asset review sounds too good to be true, then it probably is. If a vendor or one of its partners offers up a free software asset management engagement, they aren’t doing so out of the goodness of their heart — they expect to recoup their costs (and then some) from identified license discrepancies.

    Our Advice

    Critical Insight

    • The amount of business disruption depends on the scope of the audit, and the size and complexity of the organization coupled with the contractual audit clause in the contract.
    • These highly visible failures can be prevented through effective software asset management practices.
    • As complexity of licensing increases, so do penalties. If the environment is highly complex, prioritize effort by likelihood of audit and spend.
    • Ensure electronic records exist for license documentation to provide fast access for audit and information requests
    • Verify accuracy of discovered data. Ensure all devices on the network are being audited. Without a complete discovery process, data will always be inaccurate.

    Impact and Result

    • Being able to respond quickly with accurate data is critical. When deadlines are tight, and internal resources don’t exist, hire a third party as their experience will allow a faster response.
    • Negotiate terms of the audit such as deadlines, proof of license entitlement, and who will complete the audit.
    • Create a methodology to quickly and efficiently respond to audit requests.
    • Conduct annual internal audits.
    • Have a designated cross-functional IT audit team.
    • Prepare documentation in advance.
    • Manage audit logistics to minimize business disruption.
    • Dispute unwarranted findings.

    Prepare and Defend Against a Software Audit Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should be prepared and ready to defend against a software audit, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prevent an audit

    Begin your proactive audit management journey and leverage value from your software asset management program.

    • Prepare and Defend Against a Software Audit – Phase 1: Prevent an Audit
    • Audit Defense Maturity Assessment Tool
    • Effective Licensing Position Tool
    • Audit Defence RACI Template

    2. Prepare for an audit

    Prepare for an audit by effectively scoping and consolidating organizational response.

    • Prepare and Defend Against a Software Audit – Phase 2: Prepare for an Audit
    • Software Audit Scoping Email Template
    • Audit Defense Readiness Assessment

    3. Conduct the audit

    Execute the audit in a way that preserves valuable relationships while accounting for vendor specific criteria.

    • Prepare and Defend Against a Software Audit – Phase 3: Conduct an Audit
    • Software Audit Launch Email Template

    4. Manage post-audit activities

    Conduct negotiations, settle on remuneration, and close out the audit.

    • Prepare and Defend Against a Software Audit - Phase 4: Manage Post-Audit Activities
    [infographic]

    Workshop: Prepare and Defend Against a Software Audit

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prevent an Audit

    The Purpose

    Kick off the project

    Identify challenges and red flags

    Determine maturity and outline internal audit

    Clarify stakeholder responsibilities

    Build and structure audit team

    Key Benefits Achieved

    Leverage value from your audit management program

    Begin your proactive audit management journey

    A documented consolidated licensing position, which ensures that you are not blindsided by a sudden audit request

    Activities

    1.1 Perform a maturity assessment of the current environment

    1.2 Classify licensing contracts/vendors

    1.3 Conduct a software inventory

    1.4 Meter application usage

    1.5 Manual checks

    1.6 Gather software licensing data

    1.7 Reconcile licenses

    1.8 Create your audit team and assign accountability

    Outputs

    Maturity assessment

    Effective license position/license reconciliation

    Audit team RACI chart

    2 Prepare for an Audit

    The Purpose

    Create a strategy for audit response

    Know the types of requests

    Scope the engagement

    Understand scheduling challenges

    Know roles and responsibilities

    Understand common audit pitfalls

    Define audit goals

    Key Benefits Achieved

    Take control of the situation and prepare a measured response

    A dedicated team responsible for all audit-related activities

    A formalized audit plan containing team responsibilities and audit conduct policies

    Activities

    2.1 Use Info-Tech’s readiness assessment template

    2.2 Define the scope of the audit

    Outputs

    Readiness assessment

    Audit scoping email template

    3 Conduct the Audit

    The Purpose

    Overview of process conducted

    Kick-off and self-assessment

    Identify documentation requirements

    Prepare required documentation

    Data validation process

    Provide resources to enable the auditor

    Tailor audit management to vendor compliance position

    Enforce best-practice audit behaviors

    Key Benefits Achieved

    A successful audit with minimal impact on IT resources

    Reduced severity of audit findings

    Activities

    3.1 Communicate audit commencement to staff

    Outputs

    Audit launch email template

    4 Manage Post-Audit Activities

    The Purpose

    Clarify auditor findings and recommendations

    Access severity of audit findings

    Develop a plan for refuting unwarranted findings

    Disclose findings to management

    Analyze opportunities for remediation

    Provide remediation options and present potential solutions

    Key Benefits Achieved

    Ensure your audit was productive and beneficial

    Improve your ability to manage audits

    Come to a consensus on which findings truly necessitate organizational change

    Activities

    4.1 Don't accept the penalties; negotiate with vendors

    4.2 Close the audit and assess the financial impact

    Outputs

    A consensus on which findings truly necessitate organizational change

    Drive Successful Sourcing Outcomes With a Robust RFP Process

    • Buy Link or Shortcode: {j2store}216|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $25,860 Average $ Saved
    • member rating average days saved: 14 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Most IT organizations do not have standard RFP templates and tools.
    • Many RFPs lack sufficient requirements.
    • Most RFP team members are not adequately trained on RFP best practices.
    • Most IT departments underestimate the amount of time that is required to perform an effective RFP.

    Our Advice

    Critical Insight

    • Vendors generally do not like RFPs
      Vendors view RFPs as time consuming and costly to respond to and believe that the decision is already made.
    • Dont ignore the benefits of an RFI
      An RFI is too often overlooked as a tool for collecting information from vendors about their product offerings and services.
    • Leverage a pre-proposal conference to maintain an equal and level playing field
      Pre-proposal conference is a convenient and effective way to respond to vendors’ questions ensuring all vendors have the same information to provide a quality response.

    Impact and Result

    • A bad or incomplete RFP results in confusing and incomplete vendor RFP responses which consume time and resources.
    • Incomplete or misunderstood requirements add cost to your project due to the change orders required to complete the project.

    Drive Successful Sourcing Outcomes With a Robust RFP Process Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Storyboard – Leverage your vendor sourcing process to get better results

    Discover a proven process for your RFPs. Review Info-Tech’s process and understand how you can prevent your organization from leaking negotiation leverage while preventing vendors from taking control of your RFP. Our 7-phase process prevents a bad RFP from taking your time, money, and resources.

    • Drive Successful Sourcing Outcomes With a Robust RFP Process Storyboard

    2. Define your RFP Requirements Tool – A convenient tool to gather your requirements and align them to your negotiation strategy.

    Use this tool to assist you and your team in documenting the requirements for your RFP. Use the results of this tool to populate the requirements section of your RFP.

    • RFP Requirements Worksheet

    3. RFP Development Suite of Tools – Use Info-Tech’s RFP, pricing, and vendor response tools and templates to increase your efficiency in your RFP process.

    Configure this time-saving suite of tools to your organizational culture, needs, and most importantly the desired outcome of your RFP initiative. This suite contains four unique RFP templates. Evaluate which template is appropriate for your RFP. Also included in this suite are a response evaluation guidebook and several evaluation scoring tools along with a template to report the RFP results to stakeholders.

    • RFP Calendar and Key Date Tool
    • Vendor Pricing Tool
    • Lean RFP Template
    • Short-Form RFP Template
    • Long-Form RFP Template
    • Excel Form RFP Tool
    • RFP Evaluation Guidebook
    • RFP Evaluation Tool
    • Vendor TCO Tool
    • Consolidated Vendor RFP Response Evaluation Summary
    • Vendor Recommendation Presentation

    Infographic

    Workshop: Drive Successful Sourcing Outcomes With a Robust RFP Process

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Foundation for Creating Requirements

    The Purpose

    Problem Identification

    Key Benefits Achieved

    Current process mapped and requirements template configured

    Activities

    1.1 Overview and level-setting

    1.2 Identify needs and drivers

    1.3 Define and prioritize requirements

    1.4 Gain business authorization and ensure internal alignment

    Outputs

    Map Your Process With Gap Identification

    Requirements Template

    Map Your Process With Gap Identification

    Requirements Template

    Map Your Process With Gap Identification

    Requirements Template

    Map Your Process With Gap Identification

    Requirements Template

    2 Creating a Sourcing Process

    The Purpose

    Define Success Target

    Key Benefits Achieved

    Baseline RFP and evaluation templates

    Activities

    2.1 Create and issue RFP

    2.2 Evaluate responses/proposals and negotiate the agreement

    2.3 Purchase goods and services

    Outputs

    RFP Calendar Tool

    RFP Evaluation Guidebook

    RFP Respondent Evaluation Tool

    3 Configure Templates

    The Purpose

    Configure Templates

    Key Benefits Achieved

    Configured Templates

    Activities

    3.1 Assess and measure

    3.2 Review templates

    Outputs

    Long-Form RFP Template

    Short-Form RFP Template

    Excel-Based RFP Template

    Further reading

    Drive Successful Sourcing Outcomes With a Robust RFP Process

    Leverage your vendor sourcing process to get better results.

    EXECUTIVE BRIEF

    Drive Successful Sourcing Outcomes with a Robust RFP Process

    Lack of RFP Process Causes...
    • Stress
    • Confusion
    • Frustration
    • Directionless
    • Exhaustion
    • Uncertainty
    • Disappointment
    Solution: RFP Process
    Steps in an RFP Process, 'Identify Need', 'Define Business Requirements', 'Gain Business Authorization', 'Perform RFI/RFP', 'Negotiate Agreement', 'Purchase Good and Services', and 'Assess and Measure Performance'.
    • Best value solutions
    • Right-sized solutions
    • Competitive Negotiations
    • Better requirements that feed negotiations
    • Internal alignment on requirements and solutions
    • Vendor Management Governance Plan
    Requirements
    • Risk
    • Legal
    • Support
    • Security
    • Technical
    • Commercial
    • Operational
    • Vendor Management Governance
    Templates, Tools, Governance
    • RFP Template
    • Your Contracts
    • RFP Procedures
    • Pricing Template
    • Evaluation Guide
    • Evaluation Matrix
    Vendor Management
    • Scorecards
    • Classification
    • Business Review Meetings
    • Key Performance Indicators
    • Contract Management
    • Satisfaction Survey

    Analyst Perspective

    Consequences of a bad RFP

    Photo of Steven Jeffery, Principal Research Director, Vendor Management, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group

    “A bad request for proposal (RFP) is the gift that keeps on taking – your time, your resources, your energy, and your ability to accomplish your goal. A bad RFP is ineffective and incomplete, it creates more questions than it answers, and, perhaps most importantly, it does not meet your organization’s expectations.”

    Steven Jeffery
    Principal Research Director, Vendor Management
    Co-Author: The Art of Creating a Quality RFP
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Most IT organizations are absent of standard RFP templates, tools, and processes.
    • Many RFPs lack sufficient requirements from across the business (Legal, Finance, Security, Risk, Procurement, VMO).
    • Most RFP team members are not adequately trained on RFP best practices.
    • Most IT departments underestimate the amount of time required to perform an effective RFP.
    • An ad hoc sourcing process is a common recipe for vendor performance failure.

    Common Obstacles

    • Lack of time
    • Lack of resources
    • Right team members not engaged
    • Poorly defined requirements
    • Too difficult to change supplier
    • Lack of a process
    • Lack of adequate tools/processes
    • Lack of a vendor communications plan that includes all business stakeholders.
    • Lack of consensus as to what the ideal result should look like.

    Info-Tech’s Approach

    • Establish a repeatable, consistent RFP process that maintains negotiation leverage and includes all key components.
    • Create reusable templates to expedite the RFP evaluation and selection process.
    • Maximize the competition by creating an equal and level playing field that encourages all the vendors to respond to your RFP.
    • Create a process that is clear and understandable for both the business unit and the vendor to follow.
    • Include Vendor Management concepts in the process.

    Info-Tech Insight

    A well planned and executed sourcing strategy that focuses on solid requirements, evaluation criteria, and vendor management will improve vendor performance.

    Executive Summary

    Your Challenge

    Your challenge is to determine the best sourcing tool to obtain vendor information on capabilities, solution(s), pricing and contracting: RFI, RFP, eRFX.

    Depending on your organization’s knowledge of the market, your available funding, and where you are in the sourcing process, there are several approaches to getting the information you need.

    An additional challenge is to answer the question “What is the purpose of our RFX?”

    If you do not have in-depth knowledge of the market, available solutions, and viable vendors, you may want to perform an RFI to provide available market information to guide your RFP strategy.

    If you have defined requirements, approved funding, and enough time, you can issue a detailed, concise RFP.

    If you have “the basics” about the solution to be acquired and are on a tight timeframe, an “enhanced RFI” may fit your needs.

    This blueprint will provide you with the tools and processes and insights to affect the best possible outcome.

    Executive Summary

    Common Obstacles

    • Lack of process/tools
    • Lack of input from stakeholders
    • Stakeholders circumventing the process to vendors
    • Vendors circumventing the process to key stakeholders
    • Lack of clear, concise, and thoroughly articulated requirements
    • Waiting until the vendor is selected to start contract negotiations
    • Waiting until the RFP responses are back to consider vendor management requirements
    • Lack of clear communication strategy to the vendor community that the team adheres to

    Many organizations underestimate the time commitment for an RFP

    70 Days is the average duration of an IT RFP.

    The average number of evaluators is 5-6

    4 Is the average number of vendor submissions, each requiring an average of two to three hours to review. (Source: Bonfire, 2019. Note: The 2019 Bonfire report on the “State of the RFP” is the most recent published.)

    “IT RFPs take the longest from posting to award and have the most evaluators. This may be because IT is regarded as a complex subject requiring complex evaluation. Certainly, of all categories, IT offers the most alternative solutions. The technology is also changing rapidly, as are the requirements of IT users – the half-life of an IT requirement is less than six months (half the requirements specified now will be invalid six months from now). And when the RFP process takes up two of those months, vendors may be unable to meet changed requirements when the time to implement arrives. This is why IT RFPs should specify the problem to be resolved rather than the solution to be provided. If the problem resolution is the goal, vendors are free to implement the latest technologies to meet that need.” (Bonfire, “2019 State of the RFP”)

    Why Vendors Don’t Like RFPs

    Vendors’ win rate

    44%

    Vendors only win an average of 44% of the RFPs they respond to (Loopio, 2022).
    High cost to respond

    3-5%

    Vendors budget 3-5% of the anticipated contract value to respond (LinkedIn, 2017, Note: LinkedIn source is the latest information available).
    Time spent writing response

    23.8 hours

    Vendors spend on average 23.8 hours to write or respond to your RFP (Marketingprofs, 2021).

    Negative effects on your organization from a lack of RFP process

    Visualization titled 'Lack of RFP Process Causes' with the following seven items listed.

    Stress, because roles and responsibilities aren’t clearly defined and communication is haphazard, resulting in strained relationships.

    Confusion, because you don’t know what the expected or desired results are.

    Directionless, because you don’t know where the team is going.

    Uncertainty, with many questions of your own and many more from other team members.

    Frustration, because of all the questions the vendors ask as a result of unclear or incomplete requirements.

    Exhaustion, because reviewing RFP responses of insufficient quality is tedious.

    Disappointment in the results your company realizes.

    (Source: The Art of Creating a Quality RFP)

    Info-Tech’s approach

    Develop an inclusive and thorough approach to the RFP Process

    Steps in an RFP Process, 'Identify Need', 'Define Business Requirements', 'Gain Business Authorization', 'Perform RFI/RFP', 'Negotiate Agreement', 'Purchase Good and Services', and 'Assess and Measure Performance'.

    The Info-Tech difference:

    1. The secret to managing an RFP is to make it as manageable and as thorough as possible. The RFP process should be like any other aspect of business – by developing a standard process. With a process in place, you are better able to handle whatever comes your way, because you know the steps you need to follow to produce a top-notch RFP.
    2. The business then identifies the need for more information about a product/service or determines that a purchase is required.
    3. A team of stakeholders from each area impacted gather all business, technical, legal, and risk requirements. What are the expectations of the vendor relationship post-RFP? How will the vendors be evaluated?
    4. Based on the predetermined requirements, either an RFI or an RFP is issued to vendors with a predetermined due date.

    Insight Summary

    Overarching insight

    Without a well defined, consistent RFP process, with input from all key stakeholders, the organization will not achieve the best possible results from its sourcing efforts.

    Phase 1 insight

    Vendors are choosing to not respond to RFPs due to their length and lack of complete requirements.

    Phase 2 insight

    Be clear and concise in stating your requirements and include, in addition to IT requirements, procurement, security, legal, and risk requirements.

    Phase 3 insight

    Consider adding vendor management requirements to manage the ongoing relationship post contract.

    Tactical insight

    Consider the RFP Evaluation Process as you draft the RFP, including weighting the RFP components. Don’t underestimate the level of effort required to effectively evaluate responses – write the RFP with this in mind.

    Tactical insight

    Provide strict, prescriptive instructions detailing how the vendor should submit their responses. Controlling vendor responses will increase your team’s efficiency in evaluations while providing ease of reference responses across multiple vendors.

    Key deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverables:

    Info-Tech provides you with the tools you need to go to market in the most efficient manner possible, with guidance on how to achieve your goals.

    Sample of

    Long-Form RFP Template
    For when you have complete requirements and time to develop a thorough RFP.
    Sample of the Long-Form RFP Template deliverable. Short-Form RFP Template
    When the requirements are not as extensive, time is short, and you are familiar with the market.
    Sample of the Short-Form RFP Template deliverable.
    Lean RFP Template
    When you have limited time and some knowledge of the market and wish to include only a few vendors.
    Sample of the Lean RFP Template deliverable. Excel-Form RFP Template
    When there are many requirements, many options, multiple vendors, and a broad evaluation team.
    Sample of the Excel-Form RFP Template deliverable.

    Blueprint benefits

    IT Benefits
    • Side-by-side comparison of vendor capabilities
    • Pricing alternatives
    • No surprises
    • Competitive solutions to deliver the best results
    Mutual IT and Business Benefits
    • Reduced time to implement
    • Improved alignment between IT /Business
    • Improved vendor performance
    • Improved vendor relations
    Business Benefits
    • Budget alignment, reduced cost
    • Best value
    • Risk mitigation
    • Legal and risk protections

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is seven to twelve calls over the course of four to six months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Phase 5

    Phase 6

    Phase 7

    Call #1: Identify the need Call #3: Gain business authorization Call #5: Negotiate agreement strategy Call #7: Assess and measure performance
    Call #2: Define business requirements Call #4: Review and perform the RFX or RFP Call #6: Purchase goods and services

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889

    Day 1 Day 2 Day 3
    Activities
    Answer “What problem do we need to solve?”

    1.1 Overview and level-setting

    1.2 Identify needs and drivers

    1.3 Define and prioritize requirements

    1.4 Gain business authorization and ensure internal alignment

    Define what success looks like?

    2.1 Create and issue RFP

    2.2 Evaluate responses/ proposals and negotiate the agreement.

    2.3 Purchase goods and services

    Configure Templates

    3.1 Assess and measure

    3.2 Review tools

    Deliverables
    1. Map your process with gap identification
    2. RFP Requirements Worksheet
    1. RFP Calendar and Key Date Tool
    2. RFP Evaluation Guidebook
    3. RFP Evaluation Tool
    1. Long-form RFP Template
    2. Short-form RFP Template
    3. Excel-based RFP Tool
    4. Lean RFP Template

    Phase 1

    Identify Need

    Steps

    1.1 Establish the need to either purchase goods/services (RFP) or acquire additional information from the market (RFI).

    Steps in an RFP Process with the first step, 'Identify Need', highlighted.

    This phase involves the following participants:

    • Business stakeholders
    • IT
    • Sourcing/Procurement
    • Finance

    Identify the need based on business requirements, changing technology, increasing vendor costs, expiring contracts, and changing regulatory requirements.

    Outcomes of this phase

    Agreement on the need to go to market to make a purchase (RFP) or to acquire additional information (RFI) along with a high-level agreement on requirements, rough schedule (is there time to do a full blown RFP or are you time constrained, which may result in an eRFP) and the RFP team is identified.

    Identify Need
    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Identify the Need for Your RFP

    • An RFP is issued to the market when you are certain that you intend to purchase a product/service and have identified an adequate vendor base from which to choose as a result of:

      • IT Strategy
      • Changes in technology
      • Marketplace assessment
      • Contract expiration/renewal
      • Changes in regulatory requirements
      • Changes in the business’ requirements
    • An RFI is issued to the market when you are uncertain as to available technologies or supplier capabilities and need budgetary costs for planning purposes.
    • Be sure to choose the right RFx tool for your situation!
    Stock photo of a pen circling the word 'needs' on a printed document.

    Phase 2

    Define Your RFP Requirements

    Steps

    2.1 Define and classify the technical, business, financial, legal, and support and security requirements for your business.

    Steps in an RFP Process with the second step, 'Define Business Requirements', highlighted.

    This phase involves the following participants:

    • IT
    • Legal
    • Finance
    • Risk management
    • Sourcing/Procurement
    • Business stakeholders

    Outcomes of this phase

    A detailed list of required business, technical, legal and procurement requirements classified as to absolute need(s), bargaining and concession need(s), and “nice to haves.”

    Define Business Requirements

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Define RFP Requirements

    Key things to consider when defining requirements

    • Must be inclusive of the needs of all stakeholders: business, technical, financial, and legal
    • Strive for clarity and completeness in each area of consideration.
    • Begin defining your “absolute,” “bargaining,” “concession,” and ‘”dropped/out of scope” requirements to streamline the evaluation process.
    • Keep the requirements identified as “absolute” to a minimum, because vendors that do not meet absolute requirements will be removed from consideration.
    • Do you have a standard contract that can be included or do you want to review the vendor’s contract?
    • Don’t forget Data Security!
    • Begin defining your vendor selection criteria.
    • What do you want the end result to look like?
    • How will you manage the selected vendor after the contract? Include key VM requirements.
    • Defining requirements can’t be rushed or you’ll find yourself answering many questions, which may create confusion.
    • Collect all your current spend and budget considerations regarding the needed product(s) and service(s).

    “Concentrate on the needs of the organization and not the wants of the individuals when creating requirements to avoid scope creep.” (Donna Glidden, ITRG Research Director)

    Leverage the “ABCD” approach found in our Prepare for Negotiations More Effectively blueprint:
    https://tymansgrpup.com/research/ss/prepare-for-negotiations-more-effectively

    2.1 Prioritize your requirements

    1 hr to several days

    Input: List of all requirements from IT and IT Security, Business, Sourcing/Procurement, Risk Management, and Legal

    Output: Prioritized list of RFP requirements approved by the stakeholder team

    Materials: The RFP Requirements Worksheet

    Participants: All stakeholders impacted by the RFP: IT, IT Security, the Business, Sourcing/ Procurement, Risk Management, Legal

    1. Use this tool to assist you and your team in documenting the requirements for your RFP. Leverage it to collect and categorize your requirements in preparation for negotiations. Use the results of this tool to populate the requirements section of your RFP.
    2. As a group, review each of the requirements and determine their priority as they will ultimately relate to the negotiations.
      • Prioritizing your requirements will set up your negotiation strategy and streamline the process.
      • By establishing the priority of each requirement upfront, you will save time and effort in the selection process.
    3. Review RFP requirements with stakeholders for approval.

    Download the RFP Requirements Worksheet

    Phase 3

    Gain Business Authorization

    Steps

    3.1 Obtain business authorization from the business, technology, finance and Sourcing/Procurement

    Steps in an RFP Process with the third step, 'Gain Business Authorization', highlighted.

    This phase involves the following participants:

    • Business stakeholders
    • Technology and finance (depending upon the business)
    • Sourcing/Procurement

    Outcomes of this phase

    Approval by all key stakeholders to proceed with the issuing of the RFP and to make a purchase as a result.

    Gain Business Authorization

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Gain Business Authorization

    Gain authorization for your RFP from all relevant stakeholders
    • Alignment of stakeholders
    • Agreement on final requirements
    • Financial authorization
    • Commitment of resources
    • Agreement on what constitutes vendor qualification
    • Finalization of selection criteria and their prioritization

    Obtaining cross-function alignment will clear the way for contract, SOW, and budget approvals and not waste any of your and your vendor’s resources in performing an RFP that your organization is not ready to implement or invest financial and human resources in.

    Stock photo of the word 'AUTHORIZED' stamped onto a white background with a much smaller stamp laying beside it.

    Phase 4

    Create and Issue

    Steps

    4.1 Build your RFP

    4.2 Decide RFI or not

    4.3 Create your RFP

    4.4 Receive & answer questions

    4.5 Perform Pre-Proposal Conference

    4.6 Evaluate responses

    Steps in an RFP Process with the fourth step, 'Perform RFI/RFP', highlighted.

    This phase involves the following participants:

    • The RFP owner
    • IT
    • Business SMEs/stakeholders

    Outcomes of this phase

    RFP package is issued to vendors and includes the date of the Pre-Proposal Conference, which should be held shortly after RFP release and includes all parties.

    SME’s/stakeholders participate in providing answers to RFP contact for response to vendors.

    Create and Issue Your RFP/RFI

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Build your RFP with evaluation in mind

    Easing evaluation frustrations

    At the beginning of your RFP creation process consider how your requirements will impact the vendor’s response. Concentrate on the instructions you provide the vendors and how you wish to receive their responses. View the RFP through the lens of the vendors and envision how they are going to respond to the proposal.

    Limiting the number of requirements included in the RFP will increase the evaluation team’s speed when reviewing vendors’ responses. This is accomplished by not asking questions for common features and functionality that all vendors provide. Don’t ask multiple questions within a question. Avoid “lifting” vendor-specific language to copy into the RFP as this will signal to vendors who their competition might be and may deter their participation. Concentrate your requirement questions to those areas that are unique to your solution to reduce the amount of time required to evaluate the vendors’ response.

    Things to Consider When Creating Your RFP:

    • Consistency is the foundation for ease of evaluation.
    • Provide templates, such as an Excel worksheet, for the vendor’s pricing submissions and for its responses to close-ended questions.
    • Give detailed instructions on how the vendor should organize their response.
    • Limit the number of open-ended questions requiring a long narrative response to must-have requirements.
    • Organize your requirements and objectives in a numerical outline and have the vendor respond in the same manner, such as the following:
      • 1
      • 1.1
      • 1.1.1

    Increase your response quality

    Inconsistent formatting of vendor responses prevents an apples-to-apples evaluation between vendor responses. Evaluation teams are frequently challenged and are unable to evaluate vendors’ responses equally against each other for the following reasons:

    Challenges
    • Vendor responses are submitted with different and confusing nomenclature
    • Inconsistent format in response
    • Disparate order of sections in the vendors responses
    • Different style of outlining their responses, e.g. 1.1 vs. I.(i)
    • Pricing proposal included throughout their response
    • Responses are comingled with marketing messages
    • Vendor answers to requirements or objectives are not consolidated in a uniform manner
    • Disparate descriptions for response subsections
    Prevention
    • Provide specific instructions as to how the vendor is to organize their response:
      • How to format and outline the response
      • No marketing material
      • No pricing in the body of the response
    • Provide templates for pricing, technical, operational, and legal aspects.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Perform Request for Information

    Don’t underestimate the importance of the RFI

    As the name implies, a request for information (RFI) is a tool for collecting information from vendors about the companies, their products, and their services. We find RFIs useful when faced with a lot of vendors that we don’t know much about, when we want to benchmark the marketplace for products and services, including budgetary information, and when we have identified more potential vendors than we care to commit a full RFP to.

    RFIs are simpler and less time-consuming than RFPs to prepare and evaluate, so it can make a lot of sense to start with an RFI. Eliminating unqualified vendors from further consideration will save your team from weeding through RFP responses that do not meet your objectives. For their part, your vendors will appreciate your efforts to determine up-front which of them are the best bets before asking them to spend resources and money producing a costly proposal.

    While many organizations rarely use RFIs, they can be an effective tool in the vendor manager’s toolbox when used at the right time in the right way. RFIs can be deployed in competitive targeted negotiations.

    A Lean RFP is a two-stage strategy that speeds up the typical RFP process. The first stage is like an RFI on steroids, and the second stage is targeted competitive negotiation.

    Don’t rely solely on the internet to qualify vendors; use an RFI to acquire additional information before finalizing an RFP.

    4.2.1 In a hurry? Consider a Lean RFP instead of an RFP

    Several days
    1. Create an RFI with all of the normal and customary components. Next, add a few additional RFP-like requirements (e.g. operational, technical, and legal requirements). Make sure you include a request for budgetary pricing and provide any significant features and functionality requirements so that the vendors have enough information to propose solutions. In addition, allow the vendors to ask questions through your single point of coordination and share answers with all of the vendors. Finally, notify the vendors that you will not be doing an RFP.
    2. Review the vendors’ proposals and evaluate their proposals against your requirements along with their notional or budgetary pricing.
    3. Have the evaluators utilize the Lean RFP Template to record their scores accordingly.
    4. After collecting the scores from the evaluators, consolidate the scores together to discuss which vendors – we recommend two or three – you want to present demos.
    5. Based on the vendors’ demos, the team selects at least two vendors to negotiate contract and pricing terms with intent of selecting the best-value vendor.
    6. The Lean RFP shortens the typical RFP process, maintains leverage for your organization, and works great with low- to medium-spend items (however your organization defines them). You’ll get clarification on vendors’ competencies and capabilities, obtain a fair market price, and meet your internal clients’ aggressive timelines while still taking steps to protect your organization.

    Download the Lean RFP Template

    Download the RFP Evaluation Tool

    4.2.1 In a hurry? Consider a Lean RFP instead of an RFP continued

    Input

    • List of technical, operational, business, and legal requirements
    • Budgetary pricing ask

    Output

    • A Lean RFP document that includes the primary components of an RFP
    • Lean RFP vendors response evaluation

    Materials

    • Lean RFP Template
    • RFP Evaluation Tool
    • Contracting requirements
    • Pricing

    Participants

    • IT
    • Business
    • Finance
    • Sourcing/Procurement

    Case Study

    A Lean RFP saves time
    INDUSTRY: Pharmaceutical
    SOURCE: Guided Implementation
    Challenge
    • The vendor manager (VM) was experiencing pressure to shorten the expected five-month duration to perform an RFP for software that planned, coordinated, and submitted regulatory documents to the US Food and Drug Administration.
    • The VM team was not completely familiar with the qualified vendors and their solutions.
    • The organization wanted to capitalize on this opportunity to enhance its current processes with the intent of improving efficiencies in documentation submissions.
    Solution
    • Leveraging the Lean RFP process, the team reduced the 200+ RFP questionnaire into a more manageable list of 34 significant questions to evaluate vendor responses.
    • The team issued the Lean RFP and requested the vendors’ responses in three weeks instead of the five weeks planned for the RFP process.
    • The team modified the scoring process to utilize a simple weighted-scoring methodology, using a scale of 1-5.
    Results
    • The Lean RFP scaled back the complexity of a large RFP.
    • The customer received three vendor responses ranging from 19 to 43 pages and 60-80% shorter than expected if the RFP had been used. This allowed the team to reduce the evaluation period by three weeks.
    • The duration of the RFx process was reduced by more than two months – from five months to just under three months.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    4.3.1 RFP Calendar

    1 hour

    Input: List duration in days of key activities, RFP Calendar and Key Date Tool, For all vendor-inclusive meetings, include the dates on your RFP calendar and reference them in the RFP

    Output: A timeline to complete the RFP that has the support of each stakeholder involved in the process and that allows for a complete and thorough vendor response.

    Materials: RFP Calendar and Key Date Tool

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    1. As a group, identify the key activities to be accomplished and the amount of time estimated to complete each task:
      1. Identify who is ultimately accountable for the completion of each task
      2. Determine the length of time required to complete each task
    2. Use the RFP Calendar and Key Date Tool to build the calendar specific to your needs.
    3. Include vendor-related dates in the RFP, i.e., Pre-Proposal Conference, deadline for RFP questions as well as response.

    Download the RFP Calendar and Key Date Tool

    Draft your RFP

    Create and issue your RFP, which should contain at least the following:
    • The ability for the vendors to ask clarifying questions (in writing, sent to the predetermined RFP contact)
    • Pre-Proposal/Pre-Bid Conference schedule where vendors can receive the same answer to all clarifying written questions
    • A calendar of events (block the time on stakeholder calendars – see template).
    • Instructions to potential vendors on how they should construct and return their response to enable effective and timely evaluation of each offer.
    • Requirements; for example: Functional, Operational, Technical, and Legal.
    • Specification drawings as if applicable.
    • Consider adding vendor management requirements – how do you want to manage the relationship after the deal is done?
    • A pricing template for vendors to complete that facilitates comparison across multiple vendors.
    • Contract terms required by your legal team (or your standard contract for vendors to redline as part of their response and rated/ranked accordingly).
    • Create your RFP with the evaluation process and team in mind to ensure efficiency and timeliness in the process. Be clear, concise, and complete in the document.
    • Consistency and completeness is the foundation for ease of evaluation.
    • Give vendors detailed instruction on how to structure and organize their response.
    • Limit the number of open-ended questions requiring a long narrative response.
    • Be sure to leverage Info-Tech’s proven and field-tested Short-Form, Long-Form, and Lean RFP Templates provided in this blueprint.

    Create a template for the vendors’ response

    Dictating to the vendors the format of their response will increase your evaluation efficiency
    Narrative Response:

    Create either a Word or Excel document that provides the vendor with an easy vehicle for their response. This template should include the question identifier that ties the response back to the requirement in the RFP. Instruct vendors to include the question number on any ancillary materials they wish to include.

    Pricing Response:

    Create a separate Excel template that the vendors must use to provide their financial offer. This template should include pricing for hardware, software, training, implementation, and professional services, as well as placeholders for any additional fees.

    Always be flexible in accepting alternative proposals after the vendor has responded with the information you requested in the format you require.

    Stock image of a paper checklist in front of a laptop computer's screen.

    4.3.2 Vendor Pricing Tool

    1 hour

    Input: Identify pricing components for hardware, software, training, consulting/services, support, and additional licenses (if needed)

    Output: Vendor Pricing Tool

    Materials: RFP Requirements Worksheet, Pricing template

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management

    1. Using a good pricing template will prevent vendors from providing pricing offers that create a strategic advantage designed to prevent you from performing an apples-to-apples comparison.
    2. Provide specific instructions as to how the vendor is to organize their pricing response, which should be submitted separate from the RFP response.
    3. Configure and tailor pricing templates that are specific to the product and/or services.
    4. Upon receipt of all the vendor’s responses, simply cut and paste their total response to your base template for an easy side-by-side pricing comparison.
    5. Do not allow vendors to submit financial proposals outside of your template.

    Download the Vendor Pricing Tool

    Three RFP Templates

    Choose the right template for the right sourcing initiative

    • Short-Form
    • Use the Short-Form RFP Template for simple, non-complex solutions that are medium to low dollar amounts that do not require numerous requirements.

    • Long-Form
    • We recommend the Long-Form RFP Template for highly technical and complex solutions that are high dollar and have long implementation duration.

    • Excel-Form
    • Leverage the Excel-Form RFP Tool for requirements that are more specific in nature to evaluate a vendor’s capability for their solution. This template is designed to be complete and inclusive of the RFP process, e.g., requirements, vendor response, and vendor response evaluation scoring.

    Like tools in a carpenters’ tool box or truck, there is no right or wrong template for any job. Take into account your organization culture, resources available, time frame, policies, and procedures to pick the right tool for the job. (Steve Jeffery, Principal Research Director, Vendor Management, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group)

    4.3.3 Short-Form RFP Template

    1-2 hours

    Input: List of technical, legal, business, and data security requirements

    Output: Full set of requirements, prioritized, that all participants agree to

    Materials: Short-Form RFP Template, Vendor Pricing Tool, Supporting exhibits

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    • This is a less complex RFP that has relatively basic requirements and perhaps a small window in which the vendors can respond. As with the long-form RFP, exhibits are placed at the end of the RFP, an arrangement that saves both your team and the vendors time. Of course, the short-form RFP contains less-specific instructions, guidelines, and rules for vendors’ proposal submissions.
    • We find that short-form RFPs are a good choice when you need to use something more than a request for quote (RFQ) but less than an RFP running 20 or more pages. It’s ideal, for example, when you want to send an RFP to only one vendor or to acquire items such as office supplies, contingent labor, or commodity items that don’t require significant vendor risk assessment.

    Download the Short-Form RFP Template

    4.3.4 Long-Form RFP Template

    1-3 hours

    Input: List of technical, legal, business, and data security requirements

    Output: Full set of requirements, prioritized, that all stakeholders agree to

    Materials: Long-Form RFP Template, Vendor Pricing Tool, Supporting exhibits

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    • A long-form or major RFP is an excellent tool for more complex and complicated requirements. This template is for a baseline RFP.
    • It starts with best-in-class RFP terms and conditions that are essential to maintaining your control throughout the RFP process. The specific requirements for the business, functional, technical, legal, and pricing areas should be included in the exhibits at the end of the template. That makes it easier to tailor the RFP for each deal, since you and your team can quickly identify specific areas that need modification. Grouping the exhibits together also makes it convenient for both your team to review and the vendors to respond.
    • You can use this sample RFP as the basis for your template RFP, taking it all as is or picking and choosing the sections that best meet the mission and objectives of the RFP and your organization.

    Download the Long-Form RFP Template

    4.3.5 Excel-Form RFP Tool

    Several weeks

    Input: List of technical, legal, business, and data security requirements

    Output: Full set of requirements, prioritized, that all stakeholders agree to

    Materials: Excel-Form RFP Template, Vendor Pricing Tool, Supporting exhibits

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    • The Excel-Form RFP Tool is used as an alternative to the other RFP toolsets if you have multiple requirements and have multiple vendors to choose from.
    • Requirements are written as a “statement” and the vendor can select from five answers as to their ability to meet the requirements, with the ability to provide additional context and materials to augment their answers, as needed.
    • Requirements are listed separately in each tab, for example, Business, Legal, Technical, Security, Support, Professional Services, etc.

    Download the Excel-Form RFP Template

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Answer Vendor Questions

    Maintaining your equal and level playing field among vendors

    • Provide an adequate amount of time from the RFP issue date to the deadline for vendor questions. There may be multiple vendor staff/departments that need to read the RFP and then discuss their response approach and gather any clarifying questions, so we generally recommend three to five business days.
    • There should be one point of contact for all Q&A, which should be submitted in writing via email only. Be sure to plan for enough time to get the answers back from the RFP stakeholders.
    • After the deadline, collect all Q&A and begin the process of consolidating into one document.
    Large silver question mark.
    • Be sure to anonymize both vendor questions and your responses, so as not to reveal who asked or answered the question.
    • Send the document to all RFP respondents via your sourcing tool or BCC in an email to the point of contact, with read receipt requested. That way, you can track who has received and opened the correspondence.
    • Provide the answers a few days prior to the Pre-Proposal Conference to allow all respondents time to review the document and prepare any additional questions.
    • Begin the preparation for the Pre-Proposal Conference.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Conduct Pre-Proposal Conference

    Maintain an equal and level playing field

    • Consolidate all Q&A to be presented to all vendors during the Pre-Proposal Conference.
    • If the Pre-Proposal Conference is conducted via conference call, be sure to record the session and advise all participants at the beginning of the call.
    • Be sure to have key stakeholders present on the call to answer questions.
    • Read each question and answer, after which ask if there are any follow up questions. Be sure to capture them and then add them to the Q&A document.
    • Remind respondents that no further questions will be entertained during the remainder of the RFP response period.
    • Send the updated and completed document to all vendors (even if circumstances prevented their attending the Pre-Proposal Conference). Use the same process as when you sent out the initial answers: via email, blind copy the respondents and request read/receipt.

    “Using a Pre-Proposal Conference allows you to reinforce that there is a level playing field for all of the vendors…that each vendor has an equal chance to earn your business. This encourages and maximizes competition, and when that happens, the customer wins.” (Phil Bode, Principal Research Director, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group)

    Pre-Proposal Conference Agenda

    Modify this agenda for your specific organization’s culture
    1. Opening Remarks & Welcome – RFP Manager
      1. Agenda review
      2. Purpose of the Pre-Proposal Conference
    2. Review Agenda
      1. Introduction of your (customer) attendees
    3. Participating Vendor Introduction (company name)
    4. Executive or Sr. Leadership Comments (limit to five minutes)
      1. Importance of the RFP
      2. High-level business objective or definition of success
    5. Review Key Dates in the RFP

    (Source: The Art of Creating a Quality RFP, Jeffery et al., 2019)
    1. Review of any Technical Drawings or Information
      1. Key technical requirements and constraints
      2. Key infrastructure requirements and constraints
    2. Review of any complex RFP Issues
      1. Project scope/out of scope
    3. Question &Answer
      1. Vendors’ questions in alphabetical order
    4. Review of Any Specific Instructions for the Respondents
    5. Conclusion/Closing
      1. Review how to submit additional questions
      2. Remind vendors of the single point of contact

    Allow your executive or leadership sponsor to leave the Pre-Proposal Conference after they provide their comments to allow them to continue their day while demonstrating to the vendors the importance of the project.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Evaluate Responses

    Other important information

    • Consider separating the pricing component from the RFP responses before sending them to reviewers to maintain objectivity until after you have received all ratings on the proposals themselves.
    • Each reviewer should set aside focused time to carefully read each vendor’s response
    • Read the entire vendor proposal – they spent a lot time and money responding to your request, so please read everything.
    • Remind reviewers that they should route any questions to the vendor through the RFP manager.
    • Using the predetermined ranking system for each section, rate each section of the response, capturing any notes, questions, or concerns as you proceed through the document(s).
    Stock photo of a 'Rating' meter with values 'Very Bad to 'Excellent'.

    Use a proven evaluation method

    Two proven methods to reviewing vendors’ proposals are by response and by objective

    The first, by response, is when the evaluator reviews each vendor’s response in its entirety.

    The second, reviewing by objective, is when the evaluator reviews each vendor’s response to a single objective before moving on to the next.

    By Response

    Two-way arrow with '+ Pros' in green on the left and 'Cons -' in red on the right.

    By Objective

    Two-way arrow with '+ Pros' in green on the left and 'Cons -' in red on the right.

    • Each response is thoroughly read all the way through.
    • Response inconsistencies are easily noticed.
    • Evaluators obtain a good feel for the vendor's response.
    • Evaluators will lose interest as they move from one response to another.
    • Evaluation will be biased if the beginning of response is subpar, influencing the rest of the evaluation.
    • Deficiencies of the perceived favorite vendor are overlooked.
    • Evaluators concentrate on how each objective is addressed.
    • Evaluators better understand the responses, resulting in identifying the best response for the objective.
    • Evaluators are less susceptible to supplier bias.
    • Electronic format of the response hampers response review per objective.
    • If a hard copy is necessary, converting electronic responses to hard copy is costly and cumbersome.
    • Discipline is required to score each vendor's response as they go.

    Maintain evaluation objectivity by reducing response evaluation biases

    Evaluation teams can be naturally biased during their review of the vendors’ responses.

    You cannot eliminate bias completely – the best you can do is manage it by identifying these biases with the team and mitigating their influence in the evaluation process.

    Vendor

    The evaluator only trusts a certain vendor and is uncomfortable with any other vendor.
    • Evaluate the responses blind of vendor names, if possible.
    Centerpiece for this table, titled 'BIAS' and surrounding by iconized representations of the four types listed.

    Account Representatives

    Relationships extend beyond business, and an evaluator doesn't want to jeopardize them.
    • Craft RFP objectives that are vendor neutral.

    Technical

    A vendor is the only technical solution the evaluator is looking for, and they will not consider anything else.
    • Conduct fair and open solution demonstrations.

    Price

    As humans, we can justify anything at a good price.
    • Evaluate proposals without awareness of price.

    Additional insights when evaluating RFPs

    When your evaluation team includes a member of the C-suite or senior leadership, ensure you give them extra time to sufficiently review the vendor's responses. When your questions require a definitive “Yes”/“True” or “No”/“False” responses, we recommend giving the maximum score for “Yes”/“True” and the minimum score for “No”/“False”.
    Increase your efficiency and speed of evaluation by evaluating the mandatory requirements first. If a vendor's response doesn't meet the minimum requirements, save time by not reviewing the remainder of the response. Group your RFP questions with a high-level qualifying question, then the supporting detailed requirements. The evaluation team can save time by not evaluating a response that does not meet a high-level qualifying requirement.

    Establish your evaluation scoring scale

    Define your ranking scale to ensure consistency in ratings

    Within each section of your RFP are objectives, each of which should be given its own score. Our recommended approach is to award on a scale of 0 to 5. With such a scale, you need to define every level. Below are the recommended definitions for a 0 to 5 scoring scale.

    Score Criteria for Rating
    5 Outstanding – Complete understanding of current and future needs; solution addresses current and future needs
    4 Competent – Complete understanding and adequate solution
    3 Average – Average understanding and adequate solution
    2 Questionable – Average understanding; proposal questionable
    1 Poor – Minimal understanding
    0 Not acceptable – Lacks understanding
    Stock photo of judges holding up their ratings.

    Weigh the sections of your RFP on how important or critical they are to the RFP

    Obtain Alignment on Weighting the Scores of Each Section
    • There are many ways to score responses, ranging from extremely simple to highly complicated. The most important thing is that everyone responsible for completing scorecards is in total agreement about how the scoring system should work. Otherwise, the scorecards will lose their value, since different weighting and scoring templates were used to arrive at their scores.
    • You can start by weighting the scores by section, with all sections adding up to 100%.
    Example RFP Section Weights
    Pie chart of example RFP section weights, 'Operational, 20%', 'Service-Level Agreements, 20%', 'Financial, 20%', 'Legal/Contractual, 15%', 'Technical, 10%' 'Functional, 15%'.
    (Source: The Art of Creating a Quality RFP, Jeffery et al., 2019)

    Protect your negotiation leverage with these best practices

    Protect your organization's reputation within the vendor community with a fair and balanced process.
    • Unless you regularly have the evaluators on your evaluation team, always assume that the team members are not familiar nor experienced with your process and procedures.
    • Do not underestimate the amount of preparations required to ensure that your evaluation team has everything they need to evaluate vendors’ responses without bias.
    • Be very specific about the expectations and time commitment required for the evaluation team to evaluate the responses.
    • Explain to the team members the importance of evaluating responses without conflicts of interest, including the fact that information contained within the responses and all discussions within the team are considered company owned and confidential.
    • Include examples of the evaluation and scoring processes to help the evaluators understand what they should be doing.
    • Finally – don’t forget to the thank the evaluation team and their managers for their time and commitment in contributing to this essential decision.
    Stock photo of a cork board with 'best practice' spelled out by tacked bits of paper, each with a letter in a different font.

    Evaluation teams must balance commercial vs. technical requirements

    Do not alter the evaluation weights after responses are submitted.
    • Evaluation teams are always challenged by weighing the importance of price, budget, and value against the technical requirements of “must-haves” and super cool “nice-to-haves.”
    • Encouraging the evaluation team not to inadvertently convert the nice-to-haves to must-haves will prevent scope creep and budget pressure. The evaluation team must concentrate on the vendors’ responses that drive the best value when balancing both commercial and technical requirements.
    Two blocks labelled 'Commercial Requirements' and 'Technical Requirements' balancing on either end of a flat sheet, which is balancing on a silver ball.

    4.6.1 Evaluation Guidebook

    1 hour

    Input: RFP responses, Weighted Scoring Matrix, Vendor Response Scorecard

    Output: One or two finalists for which negotiations will proceed

    Materials: RFP Evaluation Guidebook

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management

    1. Info-Tech provides an excellent resource for your evaluation team to better understand the process of evaluating vendor response. The guidebook is designed to be configured to the specifics of your RFP, with guidance and instructions to the team.
    2. Use this guidebook to provide instruction to the evaluation team as to how best to score and rate the RFP responses.
    3. Specific definitions are provided for applying the numerical scores to the RFP objectives will ensure consistency among the appropriate numerical score.

    Download the RFP Evaluation Guidebook

    4.6.2 RFP Vendor Proposal Scoring Tool

    1-4 hours

    Input: Each vendor’s RFP response, A copy of the RFP (less pricing), A list of the weighted criteria incorporated into a vendor response scorecard

    Output: A consolidated ranked and weighted comparison of the vendor responses with pricing

    Materials: Vendor responses, RFP Evaluation Tool

    Participants: Sourcing/Procurement, Vendor management

    1. Using the RFP outline as a base, develop a scorecard to evaluate and rate each section of the vendor response, based on the criteria predetermined by the team.
    2. Provide each stakeholder with the scorecard when you provide the vendor responses for them to review and provide the team with adequate time to review each response thoroughly and completely.
    3. Do not, at this stage, provide the pricing. Allow stakeholders to review the responses based on the technical, business, operational criteria without prejudice as to pricing.
    4. Evaluators should always be reminded that they are evaluating each vendor’s response against the objectives and requirements of the RFP. The evaluators should not be evaluating each vendor’s response against one another.
    5. While the team is reviewing and scoring responses, review and consolidate the vendor pricing submissions into one document for a side-by-side comparison.

    Download the RFP Evaluation Tool

    4.6.3 Total Cost of Owners (TCO)

    1-2 hours

    Input: Consolidated vendor pricing responses, Consolidated vendor RFP responses, Current spend within your organization for the product/service, if available, Budget

    Output: A completed TCO model summarizing the financial results of the RFP showing the anticipated costs over the term of the agreement, taking into consideration the impact of renewals.

    Materials: Vendor TCO Tool, Vendor pricing responses

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement

    • Use Info-Tech’s Vendor TCO Tool to normalize each vendor’s pricing proposal and account for the lifetime cost of the product.
    • Fill in pricing information (the total of all annual costs) from each vendor's returned Pricing Proposal.
    • The tool will summarize the net present value of the TCO for each vendor proposal.
    • The tool will also provide the rank of each pricing proposal.

    Download the Vendor TCO Tool

    Conduct an evaluation team results meeting

    Follow the checklist below to ensure an effective evaluation results meeting

    • Schedule the evaluation team’s review meeting well in advance to ensure there are no scheduling conflicts.
    • Collect the evaluation team’s scores in advance.
    • Collate scores and provide an initial ranking.
    • Do not reveal the pricing evaluation results until after initial discussions and review of the scoring results.
    • Examine both high and low scores to understand why the team members scored the response as they did.
    • Allow the team to discuss, debate, and arrive at consensus on the ranking.
    • After consensus, reveal the pricing to examine if or how it changes the ranking.
    • Align the team on the next steps with the applicable vendors.

    4.6.4 Consolidated RFP Response Scoring

    1-2 hours

    Input: Vendor Response Scorecard from each stakeholder, Consolidated RFP responses and pricing, Any follow up questions or items requiring further vendor clarification.

    Output: An RFP Response Evaluation Summary that identifies the finalists based on pre-determined criteria.

    Materials: RFP Evaluation Tool from each stakeholder, Consolidated RFP responses and pricing.

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management

    1. Collect from the evaluation team all scorecards and any associated questions requiring further clarification from the vendor(s). Consolidate the scorecards into one for presentation to the team and key decision makers.
    2. Present the final scores to the team, with the pricing evaluation, to determine, based on your needs, two or three finalists that will move forward to the next steps of negotiations.
    3. Discuss any scores that are have large gaps, e.g., a requirement with a score of one from one evaluator and the same requirement with a score five from different evaluator.
    4. Arrive at a consensus of your top one or two potential vendors.
    5. Determine any required follow-up actions with the vendors and include them in the Evaluation Summary.

    Download the Consolidated Vender RFP Response Evaluation Summary

    4.6.5 Vendor Recommendation Presentation

    1-3 hours
    1. Use the Vendor Recommendation Presentation to present your finalist and obtain final approval to negotiate and execute any agreements.
    2. The Vendor Recommendation Presentation provides leadership with:
      1. An overview of the RFP, its primary goals, and key requirements
      2. A summary of the vendors invited to participate and why
      3. A summary of each component of the RFP
      4. A side-by-side comparison of key vendor responses to each of the key/primary requirements, with ranking/weighting results
      5. A summary of the vendor’s responses to key legal terms
      6. A consolidated summary of the vendors’ pricing, augmented by the TCO calculations for the finalist(s).
      7. The RFP team’s vendor recommendations based on its findings
      8. A summary of next steps with dates
      9. Request approval to proceed to next steps of negotiations with the primary and secondary vendor

    Download the Vendor Recommendation Presentation

    4.6.5 Vendor Recommendation Presentation

    Input

    • Consolidated RFP responses, with a focus on key RFP goals
    • Consolidated pricing responses
    • TCO Model completed, approved by Finance, stakeholders

    Output

    • Presentation deck summarizing the key findings of the RFP results, cost estimates and TCO and the recommendation for approval to move to contract negotiations with the finalists

    Materials

    • Consolidated RFP responses, including legal requirements
    • Consolidated pricing
    • TCO Model
    • Evaluators scoring results

    Participants

    • IT
    • Finance
    • Business stakeholders
    • Legal
    • Sourcing/Procurement

    Caution: Configure templates and tools to align with RFP objectives

    Templates and tools are invaluable assets to any RFP process

    • Leveraging templates and tools saves time and provides consistency to your vendors.
    • Maintain a common repository of your templates and tools with different versions and variations. Include a few sentences with instructions on how to use the template and tools for team members who might not be familiar with them.

    Templates/Tools

    RFP templates and tools are found in a variety of places, such as previous projects, your favorite search engine, or by asking a colleague.

    Sourcing

    Regardless of the source of these documents, you must take great care and consideration to sanitize any reference to another vendor, company, or name of the deal.

    Review

    Then you must carefully examine the components of the deal before creating your final documents.

    Popular RFP templates include:

    • RFP documents
    • Pricing templates
    • Evaluation and scoring templates
    • RFP requirements
    • Info-Tech research

    Phase 5

    Negotiate Agreement(s)

    Steps

    5.1 Perform negotiation process

    Steps in an RFP Process with the fifth step, 'Negotiate Agreement', highlighted.

    This phase involves the following participants:

    • Procurement
    • Vendor management
    • Legal
    • IT stakeholders
    • Finance

    Outcomes of this phase

    A negotiated agreement or agreements that are a result of competitive negotiations.

    Negotiate Agreement(s)

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Negotiate Agreement

    You should evaluate your RFP responses first to see if they are complete and the vendor followed your instructions.


    Then you should:

    • Plan negotiation(s) with one or more vendors based on your questions and opportunities identified during evaluation.
    • Select finalist(s).
    • Apply selection criteria.
    • Resolve vendors’ exceptions.

    Info-Tech Insight

    Be certain to include any commitments made in the RFP, presentations, and proposals in the agreement – dovetails to underperforming vendor.

    Centerpiece of the table, titled 'Negotiation Process'.

    Leverage Info-Tech's negotiation process research for additional information

    Negotiate before you select your vendor:
    • Negotiating with two or more vendors will maintain your competitive leverage while decreasing the time it takes to negotiate the deal.
    • Perform legal reviews as necessary.
    • Use sound competitive negotiations principles.

    Info-Tech Insight

    Providing contract terms in an RFP can dramatically reduce time for this step by understanding the vendor’s initial contractual position for negotiation.

    Phase 6

    Purchase Goods and Services

    Steps

    6.1 Purchase Goods & Services

    Steps in an RFP Process with the sixth step, 'Purchase Goods and Services', highlighted.

    This phase involves the following participants:

    • Procurement
    • Vendor management
    • IT stakeholders

    Outcomes of this phase

    A purchase order that completes the RFP process.

    The beginning of the vendor management process.

    Purchase Goods and Services

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Purchase Goods and Services

    Prepare to purchase goods and services

    Prepare to purchase goods and services by completing all items on your organization’s onboarding checklist.
    • Have the vendor complete applicable tax forms.
    • Set up the vendor in accounts payable for electronic payment (ACH) set-up.
    Then transact day-to-day business:
    • Provide purchasing forecasts.
    • Complete applicable purchase requisition and purchase orders. Be sure to reference the agreement in the PO.
    Stock image of a computer monitor with a full grocery cart shown on the screen.

    Info-Tech Insight

    As a customer, honoring your contractual obligations and commitments will ensure that your organization is not only well respected but considered a customer of choice.

    Phase 7

    Assess and Measure Performance

    Steps

    7.1 Assess and measure performance against the agreement

    Steps in an RFP Process with the seventh step, 'Assess and Measure Performance', highlighted.

    This phase involves the following participants:

    • Vendor management
    • Business stakeholders
    • Senior leadership (as needed)
    • IT stakeholders
    • Vendor representatives & senior management

    Outcomes of this phase

    A list of what went well during the period – it’s important to recognize successes

    A list of areas needing improvement that includes:

    • A timeline for each item to be completed
    • The team member(s) responsible

    Purchase Goods and Services

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Assess and Measure Performance

    Measure to manage: the job doesn’t end when the contract is signed.

    • Classify vendor
    • Assess vendor performance
    • Manage improvement
    • Conduct periodic vendor performance reviews or quarterly business reviews
    • Ensure contract compliance for both the vendor and your organization
    • Build knowledgebase for future
    • Re-evaluate and improve appropriately your RFP processes

    Info-Tech Insight

    To be an objective vendor manager, you should also assess and measure your company’s performance along with the vendor’s performance.

    Summary of Accomplishment

    Problem Solved

    Upon completion of this blueprint, guided implementation, or workshop, your team should have a comprehensive, well-defined end-to-end approach to performing a quality sourcing event. Leverage Info-Tech’s industry-proven tools and templates to provide your organization with an effective approach to maintain your negotiation leverage, improve the ease with which you evaluate vendor proposals, and reduce your risk while obtaining the best market value for your goods and services.

    Additionally, your team will have a foundation to execute your vendor management principles. These principles will assist your organization in ensuring you receive the perceived value from the vendor as a result of your competitive negotiations.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Final Thoughts: RFP Do’s and Don’ts

    DO

    • Leverage your team’s knowledge
    • Document and explain your RFP process to stakeholders and vendors
    • Include contract terms in your RFP
    • Consider vendor management requirements up front
    • Plan to measure and manage performance after contract award leveraging RFP objectives
    • Seek feedback from the RFP team for process improvements

    DON'T

    • Reveal your budget
    • Do an RFP in a vacuum
    • Send an RFP to a vendor your team is not willing to award the business to
    • Hold separate conversations with candidate vendors during your RFP process
    • Skimp on the requirements definition to speed the process
    • Tell the vendor they are selected before negotiating

    Bibliography

    “2022 RFP Response Trends & Benchmarks.” Loopio, 2022. Web.

    Corrigan, Tony. “How Much Does it Cost to Respond to an RFP?” LinkedIn, March 2017. Accessed 10 Dec. 2019

    “Death by RFP:7 Reasons Not to Respond.” Inc. Magazine, 2013. Web.

    Jeffery, Steven, George Bordon, and Phil Bode. The Art of Creating a Quality RFP, 3rd ed. Info-Tech Research Group, 2019.

    “RFP Benchmarks: How Much Time and Staff Firms Devote to Proposals.” MarketingProfs, 2020. Web.

    “State of the RFP 2019.” Bonfire, 2019. Web.

    “What Vendors Want (in RFPs).” Vendorful, 2020. Web.

    Related Info-Tech Research

    Stock photo of two people looking at a tablet. Prepare for Negotiations More Effectively
    • Negotiations are about allocating risk and money – how much risk is a party willing to accept at what price point?
    • Using a cross-functional/cross-insight team structure for negotiation preparation yields better results.
    • Soft skills aren’t enough and theatrical negotiation tactics aren’t effective.
    Stock photo of two people in suits shaking hands. Understand Common IT Contract Provisions to Negotiate More Effectively
    • Focus on the terms and conditions, not just the price. Too often, organizations focus on the price contained within their contracts, neglecting to address core terms and conditions that can end up costing multiples of the initial price.
    • Lawyers can’t ensure you get the best business deal. Lawyers tend to look at general terms and conditions for legal risk and may not understand IT-specific components and business needs.
    Stock photo of three people gathered around a computer. Jump Start Your Vendor Management Initiative
    • Vendor management must be an IT strategy. Solid vendor management is an imperative – IT organizations must develop capabilities to ensure that services are delivered by vendors according to service-level objectives and that risks are mitigated according to the organization's risk tolerance.
    • Visibility into your IT vendor community. Understand how much you spend with each vendor and rank their criticality and risk to focus on the vendors you should be concentrating on for innovative solutions.

    Agile Enterprise Architecture Operating Model

    • Buy Link or Shortcode: {j2store}581|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $31,106 Average $ Saved
    • member rating average days saved: 33 Average Days Saved
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model

    Establish an enterprise architecture practice that:

    • Leverages an operating model that promotes/supports agility within the organization.
    • Embraces business, data, application, and technology architectures in an optimal mix.
    • Is Agile in itself and will be sustainable and reactive to business needs, staying relevant and “profitable” – continuously delivering business value.

    Our Advice

    Critical Insight

    • Use your business and EA strategy and design principles to right-size standardized operating models to fit your EA organization’s needs.
    • You need to define a sound set of design principles before commencing with the design of your EA organization.
    • The EA operating model structure should be rigid but pliable enough to fit the needs of the stakeholders it provides services to.
    • A phased approach and a good communication strategy is key to the success of the new EA organization.
    • Start with one group and work out the hurdles before rolling it out organization-wide.
    • Make sure that you communicate regularly on wins but also on hurdles and how to overcome them.

    Impact and Result

    • The organization design approach proposed will aim to provide twofold agility: the ability to stretch and shrink depending on business requirements and the promotion of agility in architecture delivery.
    • By recognizing that agility comes in different flavors, organizations using more traditional design patterns will also benefit from the approach advocated by this blueprint.

    Agile Enterprise Architecture Operating Model Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out create an Agile EA operating model to execute the EA function, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Design your EA operating model

    You need to define a sound set of design principles before commencing with the design of your EA organization.

    • Agile EA Operating Model Communication Deck
    • Agile EA Operating Model Workbook
    • Business Architect
    • Application Architect
    • Data Architect
    • Enterprise Architect

    2. Define your EA organizational structure

    The EA operating model structure should be rigid but pliable enough to fit the needs of the stakeholders it provide services to.

    • EA Views Taxonomy
    • EA Operating Model Template
    • Architecture Board Charter Template
    • EA Policy Template
    • EA Compliance Waiver Form Template

    3. Implement the EA operating model

    A phased approach and a good communications strategy are key to the success of the new EA organization.

    • EA Roadmap
    • EA Communication Plan Template
    [infographic]

    Workshop: Agile Enterprise Architecture Operating Model

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 EA Function Design

    The Purpose

    Identify how EA looks within the organization and ensure all the necessary skills are accounted for within the function.

    Key Benefits Achieved

    EA is designed to be the most appropriately placed and structured for the organization.

    Activities

    1.1 Place the EA department.

    1.2 Define roles for each team member.

    1.3 Find internal and external talent.

    1.4 Create job descriptions with required proficiencies.

    Outputs

    EA organization design

    Role-based skills and competencies

    Talent acquisition strategy

    Job descriptions

    2 EA Engagement Model

    The Purpose

    Create a thorough engagement model to interact with stakeholders.

    Key Benefits Achieved

    An understanding of each process within the engagement model.

    Create stakeholder interaction cards to plan your conversations.

    Activities

    2.1 Define each engagement process for your organization.

    2.2 Document stakeholder interactions.

    Outputs

    EA Operating Model Template

    EA Stakeholder Engagement Model Template

    3 EA Governance

    The Purpose

    Develop EA boards, alongside a charter and policies to effectively govern the function.

    Key Benefits Achieved

    Governance that aids the EA function instead of being a bureaucratic obstacle.

    Adherence to governace.

    Activities

    3.1 Outline the architecture review process.

    3.2 Position the architecture review board.

    3.3 Create a committee charter.

    3.4 Make effective governance policy.

    Outputs

    Architecture Board Charter Template

    EA Policy Template

    4 Architecture Development Framework

    The Purpose

    Create an operating model that is influenced by universal standards including TOGAF, Zachmans, and DoDAF.

    Key Benefits Achieved

    A thoroughly articulated development framework.

    Understanding of the views that influence each domain.

    Activities

    4.1 Tailor an architecture development framework to your organizational context.

    Outputs

    EA Operating Model Template

    Enterprise Architecture Views Taxonomy

    5 Operational Plan

    The Purpose

    Create a change management and communication plan or roadmap to execute the operating model.

    Key Benefits Achieved

    Build a plan that takes change management and communication into consideration to achieve the wanted benefits of an EA program.

    Effectively execute the roadmap.

    Activities

    5.1 Create a sponsorship action plan.

    5.2 Outline a communication plan.

    5.3 Execute a communication roadmap.

    Outputs

    Sponsorship Action Plan

    EA Communication Plan Template

    EA Roadmap

    Achieve Digital Resilience by Managing Digital Risk

    • Buy Link or Shortcode: {j2store}375|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $123,999 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance

    Businesses are expected to balance achieving innovation through initiatives that transform the organization with effective risk management. While this is nothing new, added challenges arise due to:

    • An increasingly large vendor ecosystem within which to manage risk.
    • A fragmented approach to risk management that separates cyber and IT risk from enterprise risk.
    • A rapidly growing number of threat actors and a larger attack surface.

    Our Advice

    Critical Insight

    • All risks are digital risks.
    • Manage digital risk with a collaborative approach that supports digital transformation, ensures digital resilience, and distributes responsibility for digital risk management across the organization.

    Impact and Result

    Address digital risk to build digital resilience. In the process, you will drive transformation and maintain digital trust among your employees, end users, and consumers by:

    • Defining digital risk, including primary risk categories and prevalent risk factors.
    • Leveraging industry examples to help identify external risk considerations.
    • Building a digital risk profile, addressing core risk categories, and creating a correlating plan for digital risk management.

    Achieve Digital Resilience by Managing Digital Risk Research & Tools

    Start here – read the Executive Brief

    Risk does not exist in isolation and must extend beyond your cyber and IT teams. Read our concise Executive Brief to find out how to manage digital risk to help drive digital transformation and build your organization's digital resilience.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Redefine digital risk and resilience

    Discover an overview of what digital risk is, learn how to assess risk factors for the five primary categories of digital risk, see several industry-specific scenarios, and explore how to plan for and mitigate identified risks.

    • Achieve Digital Resilience by Managing Digital Risk – Phases 1-2
    • Digital Risk Management Charter

    2. Build your digital risk profile

    Begin building the digital risk profile for your organization, identify where your key areas of risk exposure exist, and assign ownership and accountability among the organization’s business units.

    • Digital Risk Profile Tool
    • Digital Risk Management Executive Report
    [infographic]

    Workshop: Achieve Digital Resilience by Managing Digital Risk

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Scope and Define Digital Risk

    The Purpose

    Develop an understanding and standard definition of what digital risk is, who it impacts, and its relevance to the organization.

    Key Benefits Achieved

    Understand what digital risk means and how it differs from traditional enterprise or cybersecurity risk.

    Develop a definition of digital risk that recognizes the unique external and internal considerations of your organization.

    Activities

    1.1 Review the business context

    1.2 Review the current roles of enterprise, IT, and cyber risk management within the organization

    1.3 Define digital transformation and list transformation initiatives

    1.4 Define digital risk in the context of the organization

    1.5 Define digital resilience in the context of the organization

    Outputs

    Digital risk drivers

    Applicable definition of digital risk

    Applicable definition of digital resilience

    2 Make the Case for Digital Risk Management

    The Purpose

    Understand the roles digital risk management and your digital risk profile have in helping your organization achieve safe, transformative growth.

    Key Benefits Achieved

    An overview and understanding of digital risk categories and subsequent individual digital risk factors for the organization

    Industry considerations that highlight the importance of managing digital risk

    A structured approach to managing the categories of digital risk

    Activities

    2.1 Review and discuss industry case studies and industry examples of digital transformation and digital risk

    2.2 Revise the organization's list of digital transformation initiatives (past, current, and future)

    2.3 Begin to build your organization's Digital Risk Management Charter (with inputs from Module 1)

    2.4 Revise, customize, and complete a Digital Risk Management Charter for the organization

    Outputs

    Digital Risk Management Charter

    Industry-specific digital risks, factors, considerations, and scenarios

    The organization's digital risks mapped to its digital transformation initiatives

    3 Build Your Digital Risk Profile

    The Purpose

    Develop an initial digital risk profile that identifies the organization’s core areas of focus in managing digital risk.

    Key Benefits Achieved

    A unique digital risk profile for the organization

    Digital risk management initiatives that are mapped against the organization's current strategic initiatives and aligned to meet your digital resilience objectives and benchmarks

    Activities

    3.1 Review category control questions within the Digital Risk Profile Tool

    3.2 Complete all sections (tabs) within the Digital Risk Profile Tool

    3.3 Assess the results of your Digital Risk Profile Tool

    3.4 Discuss and assign initial weightings for ownership of digital risk among the organization's stakeholders

    Outputs

    Completion of all category tabs within the Digital Risk Profile Tool

    Initial stakeholder ownership assignments of digital risk categories

    4 Manage Your Digital Risk

    The Purpose

    Refine the digital risk management plan for the organization.

    Key Benefits Achieved

    A targeted, organization-specific approach to managing digital risk as a part of the organization's projects and initiatives on an ongoing basis

    An executive presentation that outlines digital risk management for your senior leadership team

    Activities

    4.1 Conduct brief information sessions with the relevant digital risk stakeholders identified in Module 3.

    4.2 Review and revise the organization's Digital Risk Profile as necessary, including adjusting weightings for the digital risk categories

    4.3 Begin to build an actionable digital risk management plan

    4.4 Present your findings to the organization's relevant risk leaders and executive team

    Outputs

    A finalized and assessed Digital Risk Profile Tool

    Stakeholder ownership for digital risk management

    A draft Digital Risk Management plan and Digital Risk Management Executive Report

    Define Your Digital Business Strategy

    • Buy Link or Shortcode: {j2store}55|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $83,641 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Your organizational digital business strategy sits on the shelf because it fails to guide implementation.
    • Your organization has difficulty adapting new technologies or rethinking their existing business models.
    • Your organization lacks a clear vision for the digital customer journey.
    • Your management team lacks a framework to rethink how your organization delivers value today, which causes annual planning to become an ideation session that lacks focus.

    Our Advice

    Critical Insight

    • Pre-pandemic digital strategies have been primarily focused on automation. However, your post-pandemic digital strategy must focus on driving resilience for growth opportunities.

    Impact and Result

    • Design a strategy that applies innovation to your business model, streamline and transform processes, and make use of technologies to enhance interactions with customers and employees.
    • Use digital for transforming non-routine cognitive activities and for derisking key elements of the value chain.
    • Create a balanced roadmap that improves digital maturity and prepares you for long-term success in a digital economy.

    Define Your Digital Business Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Digital Business Strategy Deck – A step-by-step document that walks you through how to identify top value chains and a digitally enabled growth opportunity, transform stakeholder journeys, and build a digital transformation roadmap.

    This blueprint guides you through a value-driven approach to digital transformation that allows you to identify what aspects of the business to transform, what technologies to embrace, what processes to automate, and what new business models to create. This approach to digital transformation unifies digital possibilities with your customer experiences.

    • Define Your Digital Business Strategy – Phases 1-4

    2. Digital Business Strategy Workbook – A tool to guide you in planning and prioritizing projects to build an effective digital business strategy.

    This tool guides you in planning and prioritizing projects to build an effective digital business strategy. Key activities include conducting a horizon scan, conducting a journey mapping exercise, prioritizing opportunities from a journey map, expanding opportunities into projects, and lastly, building the digital transformation roadmap using a Gantt chart visual to showcase project execution timelines.

    • Digital Strategy Workbook

    3. Digital Business Strategy Final Report Template – Use this template to capture the synthesized content from outputs of the activities.

    This deck is a visual presentation template for this blueprint. The intent is to capture the contents of the activities in a presentation PowerPoint. It uses sample data from “City of X” to demonstrate the digital business strategy.

    • Digital Business Strategy Final Report Template
    [infographic]

    Workshop: Define Your Digital Business Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Two Existing Value Chains

    The Purpose

    Understand how your organization creates value today.

    Key Benefits Achieved

    Identify opportunities for digital transformation in how you currently deliver value today.

    Activities

    1.1 Validate business context.

    1.2 Assess business ecosystem.

    1.3 Identify and prioritize value streams.

    1.4 Break down value stream into value chains.

    Outputs

    Business context

    Overview of business ecosystem

    Value streams and value chains

    2 Identify a Digitally Enabled Growth Opportunity

    The Purpose

    Leverage strategic foresight to evaluate how complex trends can evolve over time and identify opportunities to leapfrog competitors.

    Key Benefits Achieved

    Identify a leapfrog idea to sidestep competitors.

    Activities

    2.1 Conduct a horizon scan.

    2.2 Identify leapfrog ideas.

    2.3 Identify impact to existing or new value chains.

    Outputs

    One leapfrog idea

    Corresponding value chain

    3 Transform Stakeholder Journeys

    The Purpose

    Design a journey map to empathize with your customers and identify opportunities to streamline or enhance existing and new experiences.

    Key Benefits Achieved

    Identify a unified view of customer experience.

    Identify opportunities to automate non-routine cognitive tasks.

    Identify gaps in value delivery.

    Improve customer journey.

    Activities

    3.1 Identify stakeholder persona.

    3.2 Identify journey scenario.

    3.3 Conduct one journey mapping exercise.

    3.4 Identify opportunities to improve stakeholder journey.

    3.5 Break down opportunities into projects.

    Outputs

    Stakeholder persona

    Stakeholder scenario

    Journey map

    Journey-based projects

    4 Build a Digital Transformation Roadmap

    The Purpose

    Build a customer-centric digital transformation roadmap.

    Key Benefits Achieved

    Keep your team on the same page with key projects, objectives, and timelines.

    Activities

    4.1 Prioritize and categorize initiatives.

    4.2 Build roadmap.

    Outputs

    Digital goals

    Unified roadmap

    Further reading

    Define Your Digital Business Strategy

    After a major crisis, find your place in the digital economy.

    Info-Tech Research Group

    Info-Tech is a provider of best-practice IT research advisory services that make every IT leader’s job easier.

    35,000 members sharing best practices you can leverage

    Millions spent developing tools and templates annually

    Leverage direct access to over 100 analysts as an extension of your team

    Use our massive database of benchmarks and vendor assessments

    Get up to speed in a fraction of the time

    Analyst Perspective

    Build business resilience and prepare for a digital economy.

    This is a picture of Senior Research Analyst, Dana Daher

    Dana Daher
    Senior Research Analyst

    To survive one of the greatest economic downturns since the Great Depression, organizations had to accelerate their digital transformation by engaging with the Digital Economy. To sustain growth and thrive as the pandemic eases, organizations must focus their attention on building business resilience by transforming how they deliver value today.
    This requires a value-driven approach to digital transformation that is capable of identifying what aspects of the business to transform, what technologies to embrace, what processes to automate, and what new business models to create. And most importantly, it needs to unify digital possibilities with your customer experiences.
    If there was ever a time for an organization to become a digital business, it is today.

    Executive Summary

    Your Challenge

    • Your organization has difficulty adapting new technologies or rethinking the existing business models.
    • Your management lacks a framework to rethink how your organization delivers value today, which causes annual planning to become an ideation session that lacks focus.
    • There is uncertainty on how to meet evolving customer needs and how to compete in a digital economy.

    Common Obstacles

    • Your organization might approach digital transformation as if we were still in 2019, not recognizing that the pandemic resulted in a major shift to an end-to-end digital economy.
    • Your senior-most leadership thinks digital is "IT's problem" because digital is viewed synonymously with technology.
    • On the other hand, your IT team lacks the authority to make decisions without the executives’ involvement in the discussion around digital.

    Info-Tech’s Approach

    • Design a strategy that applies innovation to your business model, streamline and transform processes, and make use of technologies to enhance interactions with customers and employees.
    • Use digital for transforming non-routine cognitive activities and for de-risking key elements of the value chain.
    • Create a balanced roadmap that improves digital maturity and prepares you for long-term success in a digital economy.

    Info-Tech Insight

    After a major crisis, focus on restarting the growth engine and bolstering business resilience.

    Your digital business strategy aims to transform the business

    Digital Business Strategy

    • Looks for ways to transform the business by identifying what technologies to embrace, what processes to automate, and what new business models to create.
    • Unifies digital possibilities with your customer experiences.
    • Accountability lies with the executive leadership.
    • Must involve cross-functional participation from senior management from the different areas of the organization.

    IT Strategy

    • Aims to identify how to change, fix, or improve technology in support of the organization’s business strategy.
    • Accountability lies with the CIO.
    • Must involve IT management and gather strategic input from the business.

    Becoming a digital business

    Automate tasks to free up time for innovation.

    Business activities (tasks, procedures, and processes, etc.) are used to create, sell, buy, and deliver goods and services.

    When we convert information into a readable format used by computers, we call this digitization (e.g. converting paper into digital format). When we convert these activities into a format to be processed by a computer, we have digitalization (e.g. scheduling appointments online).

    These two processes alter how work takes place in an organization and form the foundation of the concept digital transformation.

    We maintain that digital transformation is all about becoming a “digital business” – an organization that performs more than 66% of all work activities via executable code.

    As organizations take a step closer to this optimal state, new avenues are open to identify advances to promote growth, enhance customer experiences, secure sustainability, drive operational efficiencies, and unearth potential future business ventures.

    Key Concepts:

    Digital: The representation of a physical item in a format used by computers

    Digitization: Conversion of information and processes into a digital format

    Digitalization: Conversion of information into a format to be processed by a computer

    Why transform your business?

    COVID-19 has irrefutably changed livelihoods, businesses, and the economy. During the pandemic, digital tools have acted as a lifeline, helping businesses and economies survive, and in the process, have acted as a catalyst for digital transformation.

    As organizations continue to safeguard business continuity and financial recovery, in the long term, recovery won’t be enough.

    Although many pandemic/recession recovery periods have occurred before, this next recovery period will present two first-time challenges no one has faced before. We must find ways to:

    • Recover from the COVID-19 recession.
    • Compete in a digital economy.

    To grow and thrive in this post-pandemic world, organizations must provide meaningful and lasting changes to brace for a future defined by digital technologies. – Dana Daher, Info-Tech Research Group

    We are amid an economic transformation

    What we are facing today is a paradigm shift transforming the ways in which we work, live, and relate to one another.

    In the last 60 years alone, performance and productivity have been vastly improved by IT in virtually all economic activities and sectors. And today, digital technologies continue to advance IT's contribution even further by bringing unprecedented insights into economic activities that have largely been untouched by IT.

    As technological innovation and the digitalization of products and services continue to support economic activities, a fundamental shift is occurring that is redefining how we live, work, shop, and relate to one another.

    These rapid changes are captured in a new 21st century term:

    The Digital Economy.

    90% of CEOs believe the digital economy will impact their industry. But only 25% have a plan in place. – Paul Taylor, Forbes, 2020

    Analyst Perspective

    Become a Digital Business

    this is a picture of Research Fellow, Kenneth McGee

    Kenneth McGee
    Research Fellow

    Today, the world faces two profoundly complex, mega-challenges simultaneously:

    1. Ending the COVID-19 pandemic and recession.
    2. Creating strategies for returning to business growth.

    Within the past year, healthcare professionals have searched for and found solutions that bring real hope to the belief the global pandemic/recession will soon end.

    As progress towards ending COVID-19 continues, business professionals are searching for the most effective near-term and long-term methods of restoring or exceeding the rates of growth they were enjoying prior to 2020.

    We believe developing a digital business strategy can deliver cost savings to help achieve near-term business growth while preparing an enterprise for long-term business growth by effectively competing within the digital economy of the future.

    The Digital Economy

    The digital economy refers to a concept in which all economic activity is facilitated or managed through digital technologies, data, infrastructure, services, and products (OECD, 2020).

    The digital economy captures decades of digital trends including:

    • Declining enterprise computing costs
    • Improvements in computing power and performance; unprecedent analytic capabilities
    • Rapid growth in network speeds, affordability, and geographic reach
    • High adoption rates of PCs, mobile, and other computing devices

    These trends among others have set the stage to permanently alter how buying and selling will take place within and between local, regional, national, and international economies.

    The emerging digital economy concept is so compelling that the world economists, financial experts, and others are currently investigating how they must substantially rewrite the rules governing how taxes, trade, tangible and intangible assets, and countless other financial issues will be assessed and valued in a digital economy.

    Download Info-Tech’s Digital Economy Report

    Signals of Change

    60%
    of People on Earth Use the Internet
    (DataReportal, 2021)
    20%
    of Global Retail Sales Performed via E-commerce
    (eMarketer, 2021)
    6.64T
    Global Business-to-Business
    E-commerce Market
    (Derived from The Business Research Company, 2021)
    9.6%
    of US GDP ($21.4T) accounted for by the digital economy ($2.05T)
    (Bureau of Economic Analysis, 2021)

    The digital economy captures technological developments transforming the way in which we live, work, and socialize

    Technological evolution

    this image contains a timeline of technological advances, from computers and information technology, to the digital economy of the future

    Info-Tech’s approach to digital business strategy

    A path to thrive in a digital economy.

    1. Identify top value chains to be transformed
    2. Identify a digitally enabled growth opportunity
    3. Transform stakeholder journeys
    4. Build a digital transformation roadmap

    Info-Tech Insight

    Pre-pandemic digital strategies have been primarily focused on automation. However, your post-pandemic digital strategy must focus on driving resilience for growth opportunities.

    The Info-Tech difference:

    • Understand how your organization creates value today to identify opportunities for digital transformation.
    • Leverage strategic foresight to evaluate how complex trends can evolve over time and identify opportunities to leapfrog competitors.
    • Design a journey map to empathize with your customers and identify opportunities to streamline or enhance existing and new experiences.
    • Create a balanced roadmap that improves digital maturity and prepares you for long-term success in a digital economy.

    A digital transformation starts by transforming how you deliver value today

    As digital transformation is an effort to transform how you deliver value today, it is important to understand the different value-generating activities that deliver an outcome for and from your customers.

    We do this by looking at value streams –which refer to the specific set of activities an industry player undertakes to create and capture value for and from the end consumer (and so the question to ask is, how do you make money as an organization?).

    Our approach helps you to digitally transform those value streams that generate the most value for your organization.

    Higher Education Value stream

    Recruitment → Admission → Student Enrolment → Instruction & Research → Graduation → Advancement

    Local Government Value Stream

    Sustain Land, Property, and the Environment → Facilitate Civic Engagement → Protect Local Health and Safety → Grow the Economy → Provide Regional Infrastructure

    Manufacturing Value Stream

    Design Product → Produce Product → Sell Product

    Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams

    Assess your external environment to identify new value generators

    Assessing your external environment allows you to identify trends that will have a high impact on how you deliver value today.

    Traditionally, a PESTLE analysis is used to assess the external environment. While this is a helpful tool, it is often too broad as it identifies macro trends that are not relevant to an organization's addressable market. That is because not every factor that affects the macro environment (for example, the country of operation) affects a specific organization’s industry in the same way.

    And so, instead of simply assessing the macro environment and trying to project its evolution along the PESTLE factors, we recommend to:

    • Conduct a PESTLE first and deduce, from the analysis, what are possible shifts in six characteristics of an organization’s industry, or
    • Proceed immediately with identifying evolutionary trends that impact the organization’s direct market.

    the image depicts the relationship of factors from the Macro Environment, to the Industry/Addressable Market, to the Organization. the macro environmental factors are Political; Economic; Social; Technological; Legal; and Environmental. the Industry/addressable market factors are the Customer; Talent; Regulation; technology and; Supply chain.

    Info-Tech Insight

    While PESTLE is helpful to scan the macro environment, the analysis often lacks relevance to an organization’s industry.

    An analysis of evolutionary shifts in five industry-specific characteristics would be more effective for identifying trends that impact the organization

    A Market Evolution Trend Analysis (META) identifies changes in prevailing market conditions that are directly relevant to an organization’s industry, and thus provides some critical input to the strategy design process, since these trends can bring about strategic risks or opportunities.
    Shifts in these five characteristics directly impact an organization:

    ORGANIZATION

    • Customer Expectations
    • Talent Availability
    • Regulatory System
    • Supply Chain Continuity
    • Technological Landscape

    Capture existing and new value generators through a customer journey map

    As we prioritize value streams, we break them down into value chains – that is the “string” of processes that interrelate that work.

    However, once we identify these value chains and determine what parts we wish to digitally transform, we take on the perspective of the user, as the way they interact with your products and services will be different to the view of those within the organization who implement and provide those services.

    This method allows us to build an empathetic and customer-centric lens, granting the capability to uncover challenges and potential opportunities. Here, we may define new experiences or redesign existing ones.

    This image contains an example of how a school might use a value chain and customer journey map. the value streams listed include: Recruitment; Admission; Student Enrolment; Instruction& Research; Graduation; and Advancement. the Value chain for the Instruction and Research Value stream. The value chain includes: Research; Course Creation, Delivery, and assessment. The Customer journey map for curricula delivery includes: Understanding the needs of students; Construct the course material; Deliver course material; Conduct assessment and; Upload Grades into system

    A digital transformation is not just about customer journeys but also about building business resilience

    Pre-pandemic, a digital transformation was primarily focused around improving customer experiences. Today, we are facing a paradigm shift in the way in which we capture the priorities and strategies for a digital transformation.

    As the world grows increasingly uncertain, organizations need to continue to focus on improving customer experience while simultaneously protecting their enterprise value.

    Ultimately, a digital transformation has two purposes:

    1. The classical model – whereby there is a focus on improving digital experiences.
    2. Value protection or the reduction of enterprise risk by systematically identifying how the organization delivers value and digitally transforming it to protect future cashflows and improve the overall enterprise value.
    Old Paradigm New Paradigm
    Predictable regulatory changes with incremental impact Unpredictable regulatory changes with sweeping impact
    Reluctance to use digital collaboration Wide acceptance of digital collaboration
    Varied landscape of brick-and-mortar channels Last-mile consolidation
    Customers value brand Customers value convenience/speed of fulfilment
    Intensity of talent wars depends on geography Broadened battlefields for the war for talent
    Cloud-first strategies Cloud-only strategies
    Physical assets Aggressive asset decapitalization
    Digitalization of operational processes Robotization of operational processes
    Customer experience design as an ideation mechanism Business resilience for value protection and risk reduction

    Key deliverable:

    Digital Business Strategy Presentation Template

    A highly visual and compelling presentation template that enables easy customization and executive-facing content.

    three images are depicted, which contain slides from the Digital Business Strategy presentation template, which will be available in 2022.

    *Coming in 2022

    Blueprint deliverables

    The Digital Business Strategy Workbook supports each step of this blueprint to help you accomplish your goals:

    Initiative Prioritization

    A screenshot from the Initiative Prioritization blueprint is depicted, no words are legible in the image.

    Use the weighted scorecard approach to evaluate and prioritize your opportunities and initiatives.

    Roadmap Gantt Chart

    A screenshot from the Roadmap Gantt Chart blueprint is depicted, no words are legible in the image.

    Populate your Gantt chart to visually represent your key initiative plan over the next 12 months.

    Journey Mapping Workbook

    A screenshot from the Journey Mapping Workbook blueprint is depicted, no words are legible in the image.

    Populate the journey maps to evaluate a user experience over its end-to-end journey.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 0 Phase 1 Phase 2 Phase 3 Phase 4
    Call #1:
    Discuss business context and customize your organization’s capability map.
    Call #2:
    Assess business ecosystem.
    Call #3:
    Perform horizon scanning and trends identification.
    Call #5:
    Identify stakeholder personas and scenarios.
    Call #7:
    Discuss initiative generation and inputs into roadmap.
    Call #3:
    Identify how your organization creates value.
    Call #4:
    Discuss value chain impact.
    Call #6:
    Complete journey mapping exercise.
    Call #8:
    Summarize results and plan next steps.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
    A typical GI is between 8 to 12 calls over the course of 2 to 4 months.

    Workshop Requirements

    Business Inputs

    Gather business strategy documents and find information on:

    • Business goals
    • Current transformation initiatives
    • Business capabilities to create or enhance
    • Identify top ten revenue and expense generators
    • Identify stakeholders

    Interview the following stakeholders to uncover business context information:

    • CEO
    • CIO

    Download the Business Context Discovery Tool

    Optional Diagnostic

    • Assess your digital maturity (Concierge Service)

    Visit Assess Your Digital Maturity

    Phase 1

    Identify top value chains to be transformed

    • Understand the business
    • Assess your business ecosystem
    • Identify two value chains for transformation

    This phase will walk you through the following activities:

    Understand how your organization delivers value today and identify value chains to be transformed.

    This phase involves the following participants:

    A cross-functional cohort across all levels of the organization.

    Outcomes

    • Business ecosystem
    • Existing value chains to be transformed

    Step 1.1

    Understand the business

    Activities

    • Review business documents.

    Identify top value chains to be transformed

    This step will walk you through the following activities:

    In this section you will gain an understanding of the business context for your strategy.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Business Context

    Understand the business context

    Understanding the business context is a must for all strategic initiatives. A pre-requisite to all strategic planning should be to elicit the business context from your business stakeholders.

    Inputs Document(s)/ Method Outputs
    Key stakeholders Strategy Document Stakeholders that are actively involved in, affected by or influence outcome of the organization, e.g. employers, customers, vendors.
    Vision and mission of the organization Website Strategy Document What the organization wants to achieve and how it strives to accomplish those goals.
    Business drivers CEO Interview Inputs and activities that drive the operational and financial results of the organization.
    Key targets CEO Interview Quantitative benchmarks to support strategic goals, e.g. double the enterprise EBITD, improve top-of-mind brand awareness by 15%,
    Strategic investment goals CFO Interview
    Digital Strategy
    Financial investments corresponding with strategic objectives of the organization, e.g. geographic expansion, digital investments.
    Top three value-generating lines of business Financial Document Identification of your top three value-generating products and services or lines of business.
    Goals of the organization over the next 12 months Strategy Document
    Corporate Retreat Notes
    Strategic goals to support the vision, e.g. hire 100 new sales reps, improve product management and marketing.
    Top business initiatives over the next 12 months Strategy Document
    CEO Interview
    Internal campaigns to support strategic goals, e.g. invest in sales team development, expand the product innovation team.
    Business model Strategy Document Products or services that the organization plans to sell, the identified market and customer segments, price points, channels and anticipated expenses.
    Competitive landscape Internal Research Analysis Who your typical or atypical competitors are.

    1.1 Understand the business context

    Objective: Elicit the business context with a careful review of business and strategy documents.

    1. Gather the strategy creation team and review your business context documents. This includes business strategy documents, interview notes from executive stakeholders, and other sources for uncovering the business strategy.
    2. Brainstorm in smaller groups answers to the question you were assigned:
      • What are the strengths and weaknesses of the organization?
      • What are some areas of improvement or opportunity?
      • What does it mean to have a digital business strategy?
    3. Discuss the questions above with participants and document key findings. Share with the group and work through the balanced scorecard questions to complete this exercise.
    4. Document your findings.

    Assess your digital readiness with Info-Tech’s Digital Maturity Assessment

    Input

    • Business Strategy Documents
    • Executive Stakeholder Interviews

    Output

    • Business Context Information

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Step 1.2

    Assess your business ecosystem

    Activities

    • Identify disruptors and incumbents.

    Info-Tech Insight

    Your digital business strategy cannot be formulated without a clear vision of the evolution of your industry.

    Identify top value chains to be transformed

    This step will walk you through the following activities:

    In this section, we will assess who the incumbents and disruptors are in your ecosystem and identify who your stakeholders are.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Business Ecosystem

    Assess your business ecosystem

    Understand the nature of your competition.

    Learn what your competitors are doing.

    To survive, grow, or transform in today's digital era, organizations must first have a strong pulse on their business ecosystem. Learning what your competitors are doing to grow their bottom line is key to identifying how to grow your own. Start by understanding who the key incumbents and disruptors in your industry are to identify where your industry is heading.

    Incumbents: These are established leaders in the industry that possess the largest market share. Incumbents often focus their attention to their most demanding or profitable customers and neglect the needs of those down market.

    Disruptors: Disruptors are primarily new entrants (typically startups) that possess the ability to displace the existing market, industry, or technology. Disruptors are often focused on smaller markets that the incumbents aren’t focused on. (Clayton Christenson, 1997)

    An image is shown demonstrating the relationship within an industry between incumbents, disruptors, and the organization. The incumbents are represented by two large purple circles. The disruptors are represented by 9 smaller blue circles, which represent smaller individual customer bases, but overall account for a larger portion of the industry.

    ’Disruption’ specifically refers to what happens when the incumbents are so focused on pleasing their most profitable customers that they neglect or misjudge the needs of their other segments.– Ilan Mochari, Inc., 2015

    Example Business Ecosystem Analysis

    Business Target Market & Customer Product/Service & Key Features Key Differentiators Market Positioning
    University XYZ
    • Local Students
    • Continuous Learner
    • Certificate programs
    • Associate degrees
    • Strong engineering department with access to high-quality labs
    • Strong community impact
    Affordable education with low tuition cost and access to bursaries & scholarships.
    University CDE University CDE
    • Local students
    • International students
    • Continuous learning students
    • Continuous learning offerings (weekend classes)
    • Strong engineering program
    • Strong continuous learning programs
    Outcome focused university with strong co-ops/internship programs and career placements for graduates
    University MNG
    • Local students
    • Non degree, freshman and continuous learning adults
    • Associate degrees
    • Certificate programs (IT programs)
    • Dual credit program
    • More locations/campuses
    • Greater physical presence
    • High web presence
    Nurturing university with small student population and classroom sizes. University attractive to adult learners.
    Disruptors Online Learning Company EFG
    • Full-time employees & executives– (online presence important)
    • Shorter courses
    • Full-time employees & executives– (online presence important)
    Competitive pricing with an open acceptance policy
    University JKL Online Credential Program
    • High school
    • University students
    • Adult learners
    • Micro credentials
    • Ability to acquire specific skills
    Borderless and free (or low cost) education

    1.2 Understand your business ecosystem

    Objective: Identify the incumbents and disruptors in your business ecosystem.

    1. Identify the key incumbents and disruptors in your business ecosystem.
      • Incumbents: These are established leaders in the industry that possess the largest market share.
      • Disruptors: Disruptors are primarily new entrants (startups) that possess the ability to displace the existing market, industry, or technology.
    2. Identify target market and key customers. Who are the primary beneficiaries of your products or service offerings? Your key customers are those who keep you in business, increase profits, and are impacted by your operations.
    3. Identify what their core products or services are. Assess what core problem their products solve for key customers and what key features of their solution support this.
    4. Assess what the competitors' key differentiators are. There are many differentiators that an organization can have, examples include product, brand, price, service, or channel.
    5. Identify what the organization’s value proposition is. Why do customers come to them specifically? Leverage insights from the key differentiators to derive this.
    6. Finally, assess how your organization derives value relative to your competitors.

    Input

    • Market Assessment

    Output

    • Key Incumbents and Disruptors

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Step 1.3

    Value-chain prioritization

    Activities

    • Identify and prioritize value chains for innovation.

    Identify top value chains to be transformed

    This step will walk you through the following activities:

    Identify and prioritize how your organization currently delivers value today and identify value chains to be transformed.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Prioritized Value Chains

    Determine what value the organization creates

    Identify areas for innovation.

    Value streams and value chains connect business goals to the organization’s value realization activities. They enable an organization to create and capture value in the market place by engaging in a set of interconnected activities. Those activities are dependent on the specific industry segment an organization operates within.

    Different types of value your organization creates

    This an example of a value chain which a school would use to analyze how their organization creates value. The value streams listed include: Recruitment; Admission; Student Enrolment; Instruction& Research; Graduation; and Advancement. the Value chain for the Student enrolment stream is displayed. The value chain includes: Matriculation; Enrolment into a Program and; Unit enrolment.

    Value Streams

    A value stream refers to the specific set of activities an industry player undertakes to create and capture value for and from the end consumer.

    Value Chains

    A value chain is a ”string” of processes within a company that interrelate and work together to meet market demand. Examining the value chain of a company will reveal how it achieves competitive advantage.

    Visit Info-Tech’s Industry Coverage Research to identify value streams

    Begin with understanding your industry’s value streams

    Value Streams

    Recruitment

    • The promotion of the institution and the communication with prospective students is accommodated by the recruitment component.
    • Prospective students are categorized as domestic and international, undergraduate and graduate. Each having distinct processes.

    Admission

    • Admission into the university involves processes distinct from recruitment. Student applications are processed and evaluated and the students are informed of the decision.
    • This component is also concerned with transfer students and the approval of transfer credits.

    Student Enrolment

    • Student enrolment is concerned with matriculation when the student first enters the institution, and subsequent enrolment and scheduling of current students.
    • The component is also concerned with financial aid and the ownership of student records.

    Instruction & Research

    • Instruction involves program development, instructional delivery and assessment, and the accreditation of courses of study.
    • The research component begins with establishing policy and degree fundamentals and concerns the research through to publication and impact assessment.

    Graduation

    • Graduation is not only responsible for the ceremony but also the eligibility of the candidate for an award and the subsequent maintenance of transcripts.

    Advancement

    • Alumni relations are the first responsibility of advancement. This involves the continual engagement with former students.
    • Fundraising is the second responsibility. This includes the solicitation and stewardship of gifts from alumni and other benefactors.

    Value stream defined…

    Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates.

    There are two types of value streams: core value streams and support value streams.

    • Core value streams are mostly externally facing. They deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map.
    • Support value streams are internally facing and provide the foundational support for an organization to operate.

    An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers.

    Leverage your industry’s capability maps to identify value chains

    Business Capability Map Defined

    A business capability defines what a business does to enable value creation, rather than how. Business capabilities:

    • Represent stable business functions.
    • Are unique and independent of each other.
    • Typically, will have a defined business outcome.

    A capability map is a great starting point to identify value chains within an organization as it is a strong indicator of the processes involved to deliver on the value streams.

    this image contains an example of a business capability map using the value streams identified earlier in this blueprint.

    Info-Tech Insight

    Leverage your industry reference architecture to define value streams and value chains.

    Visit Info-Tech’s Industry Coverage Research to identify value streams

    Prioritize value streams to be supported or enhanced

    Use an evaluation criteria that considers both the human and business value generators that these streams provide.

    two identical value streams are depicted. The right most value stream has Student Enrolment and Instruction Research highlighted in green. between the two streams, are two boxes. In these boxes is the following: Business Value: Profit; Enterprise Value; Brand value. Human Value: Faculty satisfaction; Student satisfaction; Community impact.

    Info-Tech Insight

    To produce maximum impact, focus on value streams that provide two-thirds of your enterprise value.

    Business Value

    Assess the value generators to the business, e.g. revenue dollars, enterprise value, cost or differentiation (competitiveness), etc.

    Human Value

    Assess the value generators to people, e.g. student/faculty satisfaction, well-being, and social cohesion.

    Identify value chains for transformation

    Value chains, pioneered by the academic Michael Porter, refer to the ”string” of processes within a company that interrelate and work together to meet market demand. An organization’s value chain is connected to the larger part of the value stream. This perspective of how value is generated encourages leaders to see each activity as a part of a series of steps required deliver value within the value stream and opens avenues to identify new opportunities for value generation.

    this image depicts two sample value chains for the value streams: student enrolment and Instruction & Research. Each value chain has a stakeholder associated with it. This is the primary stakeholder that seeks to gain value from that value chain.

    Prioritize value chains for transformation

    Once we have identified the key value chains within each value stream element, evaluate the individual processes within the value chain to identify opportunities for transformation. Evaluate the value chain processes based on the level of pain experienced by a stakeholder to accomplish that task, and the financial impact that level of the process has on the organization.

    this image depicts the same value chains as the image above, with a legend showing which steps have a financial impact, which steps have a high degree of risk, and which steps are prioritized for transformation. Matriculation and publishing are shown to have a financial impact. Research foundation is shown to have a high degree of risk, and enrollment into a program and conducting research are prioritized for transformation.

    1.3 Value chain analysis

    Objective: Determine how the organization creates value, and prioritize value chains for innovation.

    1. The first step of delivering value is defining how it will happen. Use the organization’s industry segment to start a discussion on how value is created for customers. Working back from the moment value is realized by the customer, consider the sequential steps required to deliver value in your industry segment.
    2. Define and validate the organization’s value stream. Write a short description of the value stream that includes a statement about the value provided and a clear start and end for the value stream.
    3. Prioritize the value streams based on an evaluation criteria that reflects business and human value generators to the organization.
    4. Identify value chains that are associated with each value stream. The value chains refer to a string of processes within the value stream element. Each value chain also captures a particular stakeholder that benefits from the value chain.
    5. Once we have identified the key value chains within each value stream element, evaluate the individual processes within the value chain and identify areas for transformation. Evaluate the value chain processes based on the level of pain or exposure to risk experienced by a stakeholder to accomplish that task and the financial impact that level of the process has on the organization.

    Visit Info-Tech’s Industry Coverage Research to identify value streams and capability maps

    Input

    • Market Assessment

    Output

    • Key Incumbents and Disruptors

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Phase 2

    Identify a digitally enabled growth opportunity

    • Conduct horizon scan
    • Identify leapfrog idea
    • Conduct value chain impact analysis

    This phase will walk you through the following activities:

    Assess trends that are impacting your industry and identify strategic growth opportunities.

    This phase involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes

    Identify new growth opportunities and value chains impacted

    Phase 2.1

    Horizon scanning

    Activities

    • Scan the internal and external environment for trends.

    Info-Tech Insight

    Systematically scan your environment to identify avenues or opportunities to skip one or several stages of technological development and stay ahead of disruption.

    Identify a digitally enabled growth opportunity

    This step will walk you through the following activities:

    Scan the environment for external environment for megatrends, trends, and drivers. Prioritize trends and build a trends radar to keep track of trends within your environment.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Growth opportunity

    Horizon scanning

    Understand how your industry is evolving.

    Horizon scanning is a systematic analysis of detecting early signs of future changes or threats.

    Horizon scanning involves scanning, analyzing, and communicating changes in an organization’s environment to prepare for potential threats and opportunities. Much of what we know about the future is based around the interactions and trajectory of macro trends, trends, and drivers. These form the foundations for future intelligence.

    Macro Trends

    A macro trend captures a large-scale transformative trend that could impact your addressable market.

    Trends

    A trend captures a business use case of the macro trend. Consider trends in relation to competitors in your industry.

    Drivers

    A driver is an underlying force causing the trend to occur. There can be multiple causal forces, or drivers, that influence a trend, and multiple trends can be influenced by the same causal force.

    Identify signals of change in the present and their potential future impacts.

    Identifying macro trends

    A macro trend captures a large-scale transformative trend that could change the addressable market. Here are some examples of macro trends to consider when horizon scanning for your own organization:

    Talent Availability

    • Decentralized workforce
    • Hybrid workforce
    • Diverse workforce
    • Skills gap
    • Digital workforce
    • Multigenerational workforce

    Customer Expectations

    • Personalization
    • Digital experience
    • Data ownership
    • Transparency
    • Accessibility

    Technological Landscape

    • AI & robotics
    • Virtual world
    • Ubiquitous connectivity,
    • Genomics
    • Materials (smart, nano, bio)

    Regulatory System

    • Market control
    • Economic shifts
    • Digital regulation
    • Consumer protection
    • Global green

    Supply Chain Continuity

    • Resource scarcity
    • Sustainability
    • Supply chain digitization
    • Circular supply chains
    • Agility

    Identifying trends and drivers

    A trend captures a business use case of a macro trend. Assessing trends can reduce some uncertainties about the future and highlight potential opportunities for your organization. A driver captures the internal or external forces that lead the trend to occur. Understanding and capturing drivers is important to understanding why these trends are occurring and the potential impacts to your value chains.

    This image contains a flow chart, demonstrating the relationship between Macro trends, Trends, and Drivers. in this example, the macro trend is Accessibility. The Trends, or patterns of change, are an increase in demands for micro-credentials, and Preference for eLearning. The Drivers, or the why, are addressing skill gaps for increase in demand for micro-credentials, and Accommodating adult/working learners- for Preference for eLearning.

    Leverage industry roundtables and trend reports to understand the art of the possible

    Uncover important business and industry trends that can inform possibilities for technology innovation.

    Explore trends in areas such as:

    • Machine Learning
    • Citizen Dev 2.0
    • Venture Architecture
    • Autonomous Organizations
    • Self-Sovereign Cloud
    • Digital Sustainability

    Market research is critical in identifying factors external to your organization and identifying technology innovation that will provide a competitive edge. It’s important to evaluate the impact each trend or opportunity will have in your organization and market.

    Visit Info-Tech’s Trends & Priorities Research Center

    Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams

    this image contains three screenshots from Rethinking Higher Education Report and 2021 Tech Trends Report

    Images are from Info-Tech’s Rethinking Higher Education Report and 2021 Tech Trends Report

    Example horizon scanning activity

    Macro Trends Trends Drivers
    Talent Availability Diversity Inclusive campus culture Systemic inequities
    Hybrid workforce Online learning staff COVID-19 and access to physical institutions
    Customer Expectations Digital experience eLearning for working learners Accommodate adult learners
    Accessibility Micro-credentials for non-traditional students Addressing skills gap
    Technological Landscape Artificial intelligence and robotics AI for personalized learning Hyper personalization
    IoT IoT for monitoring equipment Asset tracking
    Augmented reality Immersive education AR and VR Personalized experiences
    Regulatory System Regulatory System Alternative funding for research Changes in federal funding
    Global Green Environmental and sustainability education curricula Regulatory and policy changes
    Supply Chain Continuity Circular supply chains Vendors recycling outdated technology Sustainability
    Cloud-based solutions Cloud-based eLearning software Convenience and accessibility

    Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams

    Prioritize trends

    Develop a cross-industry holistic view of trends.

    Visualize emerging and prioritize action.

    Moving from horizon scanning to action requires an evaluation process to determine which trends can lead to growth opportunities. First, we need to make a short list of trends to analyze. For your digital strategy, consider trends on the time horizon that are under 24 months. Next, we need to evaluate the shortlisted opportunities by a second set of criteria: relevance to your organization and impact on industry.

    Timing

    The estimated time to disruption this trend will have for your industry. Assess whether the trend will require significant developments to support its entry into the ecosystem.

    Relevance

    The relevance of the trend to your organization. Does the trend fulfil the vision or goals of the organization?

    Impact

    The degree of impact the trend will have on your industry. A trend with high impact will drive new business models, products, or services.

    Prioritize trends to adopt into your organization

    Prioritize trends based on timing, impact, and relevance.

    Trend Timing
    (S/M/L)
    Impact
    (1-5)
    Relevance
    ( 1-5)
    1. Micro-credentialing S 5 5
    2. IoT-connected devices for personalized experience S 1 3
    3. International partnerships with educational institutions M
    4. Use of chatbots throughout enrollment process L
    5. IoT for energy management of campus facilities L
    6. Gamification of digital course content M
    7. Flexible learning curricula S 4 3
    Deprioritize trends
    that have a time frame
    to disruption of more
    than 24 months.
    this image contains a graph demonstrating the relationship between relevance (x axis) and Impact (Y axis).

    2.1 Scanning the horizon

    Objective: Generate trends

    60 minutes

    • Start by selecting macro trends that are occurring in your environment using the five categories. These are the large-scale transformative trends that impact your addressable market. Macro trends have three key characteristics:
      • They span over a long period of time.
      • They impact all geographic regions.
      • They impact governments, individuals, and organizations.
    • Begin to break down these macro trends into trends. Trends should reflect the direction of a macro trend and capture the pattern in events. Consider trends that directly impact your organization.
    • Understand the drivers behind these trends. Why are they occurring? What is driving them? Understanding the drivers helps us understand the value they may generate.
    • Deprioritize trends that are expected to happen beyond 24 months.
    • Prioritize trends that have a high impact and relevance to the organization.
    • If you identify more than one trend, discuss with the group which trend you would like to pursue and limit it to one opportunity.

    Input

    • Macro Trends
    • Trends

    Output

    • Trends Prioritization

    Materials

    • Digital Strategy Workbook

    Participants

    • Executive Team

    Step 2.2

    Leapfrogging ideation

    Activities

    • Identify leapfrog ideas.
    • Identify impact to value chain.

    Info-Tech Insight

    A systematic approach to leapfrog ideation is one of the most critical ways in which an organization can build the capacity for resilient innovation.

    This step will walk you through the following activities:

    Evaluate trend opportunities and determine the strategic opportunities they pose. You will also work towards identifying the impact the trend has on your value chain.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • Strategic growth opportunities
    • Value chain impact

    Leapfrog into the future

    Turn trends into growth opportunities.

    To thrive in the digital age, organizations must innovate big, leverage internal creativity, and prepare for flexibility.

    In this digital era, organizations are often playing catch up to a rapidly evolving technological landscape and following a strict linear approach to innovation. However, this linear catch-up approach does not help companies get ahead of competitors. Instead, organizations must identify avenues to skip one or several stages of technological development to leapfrog ahead of their competitors.

    The best way to predict the future is to invent it. – Alan Kay

    Leapfrogging takes place when an organization introduces disruptive innovation into the market and sidesteps competitors who are unable to mobilize to respond to the opportunities.

    Case Study

    Classroom of the Future

    Higher Education: Barco’s Virtual Classroom at UCL

    University College London (UCL), in the United Kingdom, selected Barco weConnect virtual classroom technology for its continuing professional development medical education offering. UCL uses the platform for synchronous teaching, where remote students can interact with a lecturer.

    One of the main advantages of the system is that it enables direct interaction with students through polls, questions, and whiteboarding. The system also allows you to track student engagement in real time.

    The system has also been leveraged for scientific research and publications. In their “Delphi” process, key opinion leaders were able to collaborate in an effective way to reach consensus on a subject matter. The processes that normally takes months were successfully completed in 48 hours (McCann, 2020).

    Results

    The system has been largely successful and has supported remote, real-time teaching, two-way engagement, engagement with international staff, and an overall enriched teaching experience.

    Funnel trends into leapfrog ideas

    Go from trend insights into ideas.

    Brainstorm ways of generating leapfrog ideas from trend insights.

    Dealing with trends is one of the most important tasks for innovation. It provides the basis of developing the future orientation of the organization. However, being aware of a trend is one thing, to develop strategies for response is another.

    To identify the impact the trend has on the organization, consider the four areas of growth strategies for the organization:

    1. New Customers: Leverage the trend to target new customers for existing products or services.
    2. New Business Models: Adjust the business model to capture a change in how the organization delivers value.
    3. New Markets: Enter or create new markets by applying existing products or services to different problems.
    4. New Product or Service Offerings: Introduce new products or services to the existing market.
    A funnel shaped image is depicted. At the top, at the entrance of the funnel, is the word Trend. At the bottom of the image, at the output of the funnel, is the word Opportunity.

    From trend to leapfrog ideas

    Trend New Customer New Market New Business Model New Product or Service
    What trends pose a high-immediate impact to the organization? Target new customers for existing products or services Enter or create new markets by applying existing products or services to different problems Adjust the business model to capture a change in how the organization delivers value Introduce new products or services to the existing market
    Micro-credentials for non-traditional students Target non-traditional learners/students - Online delivery Introduce mini MBA program

    2.2 Identify and prioritize opportunities

    60 minutes

    1. Gather the prioritized trend identified in the horizon scanning exercise (the trend identified to be “adopted” within the organization).
    2. Analyze each trend identified and assess whether the trend provides an opportunity for a new customers, new markets, new business models, or new products and services.

    Input

    • “Adopt” Trends

    Output

    • Trends to pursue
    • Breakdown of strategic opportunities that the trends pose

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Step 2.3

    Value chain impact

    Activities

    • Identify impact to value chain.

    This step will walk you through the following activities:

    Evaluate trend opportunities and determine the strategic opportunities they pose. Prioritize the opportunities and identify impact to your value chain.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • Strategic growth opportunities

    Value chain analysis

    Identify implications of strategic growth opportunities to the value chains.

    As we identify and prioritize the opportunities available to us, we need to assess their impacts on value chains. Does the opportunity directly impact an existing value chain? Or does it open us to the creation of a new value chain?

    The value chain perspective allows an organization to identify how to best minimize or enhance impacts and generate value.
    As we move from opportunity to impact, it is important to break down opportunities into the relevant pieces so we can see a holistic picture of the sources of differentiation.

    this image depicts the value chain for the value stream, student enrolment.

    2.3 Value chain impact

    Objective: Identify impacts to the value chain from the opportunities identified.
    60 minutes

    1. Once you have identified the opportunity, turn back to the value stream, and with the working group, identify the value stream impacted most by the opportunity. Leverage the human impact/business impact criteria to support the identification of the value stream to be impacted.
    2. Within the value stream, brainstorm what parts of the value chain will be impacted by the new opportunity. Or ask whether this new opportunity provides you with a new value chain to be created.
    3. If this opportunity will require a new value chain, identify what set of new processes or steps will be created to support this new entrant.
    4. Identify any critical value chains that will be impacted by the new opportunity. What areas of the value chain pose the greatest risk? And where can we estimate the financial revenue will be impacted the most?

    Input

    • Opportunity

    Output

    • Value chains impacted

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Phase 3

    Transform stakeholder journeys

    • Identify stakeholder personas and scenarios
    • Conduct journey map
    • Identify projects

    This phase will walk you through the following activities:

    Take the prioritized value chains and create a journey map to capture the end-to-end experience of a stakeholder.

    Through a journey mapping exercise, you will identify opportunities to digitize parts of the journey. These opportunities will be broken down into functional initiatives to tackle in your strategy.

    This phase involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes

    1. Stakeholder persona
    2. Stakeholder scenario
    3. Stakeholder journey map
    4. Opportunities

    Step 3.1

    Identify stakeholder persona and journey scenario

    Activities

    • Identify stakeholder persona.
    • Identify stakeholder journey scenario.

    Transform stakeholder journeys

    This step will walk you through the following activities:

    In this step, you with identify stakeholder personas and scenarios relating to the prioritized value chains.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • A taxonomy of critical stakeholder journeys.

    Identify stakeholder persona and journey scenario

    From value chain to journey scenario.

    Stakeholder personas and scenarios help us build empathy towards our customers. It helps put us into the shoes of a stakeholder and relate to their experience to solve problems or understand how they experience the steps or processes required to accomplish a goal. A user persona is a valuable basis for stakeholder journey mapping.

    A stakeholder scenario describes the situation the journey map addresses. Scenarios can be real (for existing products and services) or anticipated.

    A stakeholder persona is a fictitious profile to represent a customer or a user segment. Creating this persona helps us understand who your customers really are and why they are using your service or product.

    Learn more about applying design thinking methodologies

    Identify stakeholder scenarios to map

    For your digital strategy, leverage the existing and opportunity value chains identified in phase 1 and 2 for journey mapping.

    Identify two existing value chains to be transformed.
    In section 1, we identified existing value chains to be transformed. For example, your stakeholder persona is a member of the faculty (engineering), and the scenario is the curricula design process.
    this image contains the value chains for instruction (engineering) and enrolment of engineering student. the instruction(engineering) value chain includes curricula research, curricula design, curricula delivery, and Assessment for the faculty-instructor. The enrolment of engineering student value chain includes matriculation, enrolment into a program, and unit enrolment for the student. In the instruction(engineering) value chain, curricula design is highlighted in blue. In the enrolment of engineering student value chain, Enrolment into a program is highlighted.
    Identify one new value chain.
    In section 2, we identified a new value chain. However, for a new opportunity, the scenario is more complex as it may capture many different areas of a value chain. Subsequently, a journey map for a new opportunity may require mapping all parts of the value chain.
    this image contains an example of a value chain for micro-credentialing (mini online MBA)

    Identify stakeholder persona

    Who are you transforming for?

    To define a stakeholder scenario, we need to understand who we are mapping for. In each value chain, we identified a stakeholder who gains value from that value chain. We now need to develop a stakeholder persona: a representation of the end user to gain a strong understanding of who they are, what they need, and their pains and gains.

    One of the best ways to flesh out your stakeholder persona is to engage with the stakeholders directly or to gather the input of those who may engage with them within the organization.

    For example, if we want to define a journey map for a student, we might want to gather the input of students or teaching faculty that have firsthand encounters with different student types and are able to define a common student type.

    Info-Tech Insight

    Run a survey to understand your end users and develop a stronger picture of who they are and what they are seeking to gain from your organization.

    Example Stakeholder Persona

    Name: Anne
    Age: 35
    Occupation: Engineering Faculty
    Location: Toronto, Canada

    Pains

    What are their frustrations, fears, and anxieties?

    • Time restraints
    • Using new digital tools
    • Managing a class while incorporating individual learning
    • Varying levels within the same class
    • Unmotivated students

    What do they need to do?

    What do they want to get done? How will they know they are successful?

    • Design curricula in a hybrid mode without loss of quality of experience of in-classroom learning.

    Gains

    What are their wants, needs, hopes, and dreams?

    • Interactive content for students
    • Curriculum alignment
    • Ability to run a classroom lab (in hybrid format)
    • Self-paced and self-directed learning opportunities for students

    (Adapted from Osterwalder, et al., 2014)

    Define a journey statement for mapping

    Now that we understand who we are mapping for, we need to define a journey statement to capture the stakeholder journey.
    Leverage the following format to define the journey statement.
    As a [stakeholder], I need to [prioritized value chain task], so that I can [desired result or overall goal].

    this image contains the instruction(engineering) value chain shown above. next to it is a stakeholder journey statement, which states: As an engineering faculty member, I want to design my curricula in a hybrid mode of delivery so that I can simulate in-classroom experiences.

    3.1 Identify stakeholder persona and journey scenario

    Objective: Identify stakeholder persona and journey scenario statement for journey mapping exercise.

    1. Start by identifying who your stakeholder is. Give your stakeholder a demographic profile – capture a typical stakeholder for this value chain.
    2. Identify what the gains and pains are during this value chain and what the stakeholder is seeking to accomplish.
    3. Looking at the value chain, create a statement that captures the goals and needs of the stakeholder. Use the following format to create a statement:
      As a [stakeholder], I need to [prioritized value chain task], so that I can [desired result or overall goal].

    Input

    • Prioritized Value Chains (existing and opportunity)

    Output

    • Stakeholder Persona
    • Stakeholder Journey Statement

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)
    • Stakeholder Persona Canvas

    Participants

    • Executive Team
    • Stakeholders (if possible)
    • Individual who works directly with stakeholders

    Step 3.2

    Map stakeholder journeys

    Activities

    • Map stakeholder journeys.

    Transform stakeholder journeys

    This step will walk you through the following activities:

    Prioritize the journeys by focusing on what matters most to the stakeholders and estimating the organizational effort to improve those experiences.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • Candidate journeys identified for redesign or build.

    Leverage customer journey mapping to capture value chains to be transformed

    Conduct a journey mapping exercise to identify opportunities for innovation or automation.

    A journey-based approach helps an organization understand how a stakeholder moves through a process and interacts with the organization in the form of touch points, channels, and supporting characters. By identifying pain points in the journey and the activity types, we can identify opportunities for innovation and automation along the journey.

    Embrace design thinking methodologies to elevate the stakeholder journey and to build a competitive advantage for your organization.

    this image contains an example of the result of a journey mapping exercise. the main headings are Awareness, Consideration, Acquisition, Service and, Loyalty.

    Internal vs. external stakeholder perspective

    In journey mapping, we always start with the stakeholder's perspective, then eventually transition into what the organization does business-wise to deliver value to each stakeholder. It is important to keep in mind both perspectives while conducting a journey mapping exercise as there are often different roles, processes, and technologies associated with each of the journey steps.

    Stakeholder Journey
    (External Perspective)

    • Awareness
    • Consideration
    • Selecting
    • Negotiating
    • Approving

    Business Processes
    (Internal Perspective)

    • Preparation
    • Prospecting
    • Presentation
    • Closing
    • Follow-Up

    Info-Tech Insight

    Take the perspective of an end user, who interacts with your products and services, as it is different from the view of those inside the organization, who implement and provide those services.

    Build a stakeholder journey map

    A stakeholder journey map is a tool used to illustrate the user’s perceptions, emotions, and needs as they move through a process and interact with the organization in the form of touch points, channels, and supporting characters.

    this image depicts an example of a stakeholder journey map, the headings in the map are: Journey Activity; Touch Points; Metrics; Nature of Activity; Key Moments & Pain Points; Opportunities

    Stakeholder Journey Map: Journey Activity

    The journey activity refers to the steps taken to accomplish a goal.

    The journey activity comprises the steps or sequence of tasks the stakeholder takes to accomplish their goal. These steps reflect the high-level process your candidates perform to complete a task or solve a problem.

    Stakeholder Journey Map: Touch Points

    Touch points are the points of interaction between a stakeholder and the organization.

    A touch point refers to any time a stakeholder interacts with your organization or brand. Consider three main points of interaction with the customer in the journey:

    • Before: How did they find out about you? How did they first contact you to start this journey? What channels or mediums were used?
      • Social media
      • Rating & reviews
      • Word of mouth
      • Advertising
    • During: How was the sale or service accomplished?
      • Website
      • Catalog
      • Promotions
      • Point of sale
      • Phone system
    • After: What happened after the sale or service?
      • Billing
      • Transactional emails
      • Marketing emails
      • Follow-ups
      • Thank-you emails

    Stakeholder Journey Map: Nature of Activity

    The nature of activity refers to the type of task the journey activity captures.

    We categorize the activity type to identify opportunities for automation. There are four main types of task types, which in combination (as seen in the table below) capture a task or job to be automated.

    Routine Non-Routine
    Cognitive Routine Cognitive: repeatable tasks that rely on knowledge work, e.g. sales, administration
    Prioritize for automation (2)
    Non-Routine Cognitive: infrequent tasks that rely on knowledge work, e.g. driving, fraud detection
    Prioritize for automation (3)
    Non-Routine Cognitive: infrequent tasks that rely on knowledge work, e.g. driving, fraud detection Prioritize for automation (3) Routine Manual: repeatable tasks that rely on physical work, e.g. manufacturing, production
    Prioritize for automation (1)
    Non-Routine Manual: infrequent tasks that rely on physical work, e.g. food preparation
    Not mature for automation

    Info-Tech Insight

    Where automation makes sense, routine manual activities should be transformed first, followed by routine cognitive activities. Non-routine cognitive activities are the final frontier.

    Stakeholder Journey Map: Metrics

    Metrics are a quantifiable measurement of a process, activity, or initiative.

    Metrics are crucial to justify expenses and to estimate growth for capacity planning and resourcing. There are multiple benefits to identifying and implementing metrics in a journey map:

    • Metrics provide accurate indicators for accurate IT and business decisions.
    • Metrics help you identify stakeholder touch point efficiencies and problems and solve issues before they become more serious.
    • Active metrics tracking makes root cause analysis of issues much easier.

    Example of journey mapping metrics: Cost, effort, turnaround time, throughput, net promoter score (NPS), satisfaction score

    Stakeholder Journey Map: Key Moments & Pain Points

    Key moments and pain points refer to the emotional status of a stakeholder at each stake of the customer journey.

    The key moments are defining pieces or periods in a stakeholder's experience that create a critical turning point or memory.

    The pain points are the critical problems that the stakeholder is facing during the journey or business continuity risks. Prioritize identifying pain points around key moments.

    Info-Tech Insight

    To identify key moments, look for moments that can dramatically influence the quality of the journey or end the journey prematurely. To improve the experience, analyze the hidden needs and how they are or aren’t being met.

    Stakeholder Journey Map: Opportunities

    An opportunity is an investment into people, process, or technology for the purposes of building or improving a business capability and accomplishing a specific organizational objective.

    An opportunity refers to the initiatives or projects that should address a stakeholder pain. Opportunities should also produce a demonstrable financial impact – whether direct (e.g. cost reduction) or indirect (e.g. risk mitigation) – and be evaluated based on how technically difficult it will be to implement.

    Customer

    Create new or different experiences for customers

    Workforce

    Generate new organizational skills or new ways of working

    Operations

    Improve responsiveness and resilience of operations

    Innovation

    Develop different products or services

    Example of stakeholder journey output: Higher Education

    Stakeholder: A faculty member
    Journey: As an engineering faculty member, I want to design my curricula in a hybrid mode of delivery so that I can simulate in-classroom experiences

    Journey activity Understanding the needs of students Construct the course material Deliver course material Conduct assessments Upload grades into system
    Touch Points
    • Research (primary or secondary)
    • Teaching and learning center
    • Training on tools
    • Office suite
    • Video tools
    • PowerPoint live
    • Chat (live)
    • Forum (FAQ
    • Online assessment tool
    • ERP
    • LMS
    Nature of Activity Non-routine cognitive Non-routine cognitive Non-routine cognitive Routine cognitive Routine Manual
    Metrics
    • Time to completion
    • Time to completion
    • Student satisfaction
    • Student satisfaction
    • Student scores
    Ken Moments & Pain Points Lack of centralized repository for research knowledge
    • Too many tools to use
    • Lack of Wi-Fi connectivity for students
    • Loss of social aspects
    • Adjusting to new forms of assessments
    No existing critical pain points; process already automated
    Opportunities
    • Centralized repository for research knowledge
    • Rationalize course creation tool set
    • Connectivity self-assessment/checklist
    • Forums for students
    • Implement an online proctoring tool

    3.2 Stakeholder journey mapping

    Objective: Conduct journey mapping exercise for existing value chains and for opportunities.

    1. Gather the working group and, with the journey mapping workbook, begin to map out the journey scenario statements identified in the value chain analysis. In total, there should be three journey maps:
      • Two for the existing value chains. Map out the specific point in the value chain that is to be transformed.
      • One for the opportunity value chain. Map out all parts of the value chain to be impacted by the new opportunity.
    2. Start with the journey activity and map out the steps involved to accomplish the goal of the stakeholder.
    3. Identify the touch points involved in the value chain.
    4. Categorize the nature of the activity in the journey activity.
    5. Identify metrics for the journey. How can we measure the success of the journey?
    6. Identify pain points and opportunities in parallel with one another.

    Input

    • Value Chain Analysis
    • Stakeholder Personas
    • Journey Mapping Scenario

    Output

    • Journey Map

    Materials

    • Digital Strategy Workbook, Stakeholder Journey tab

    Participants

    • Executives
    • Individuals in the organization that have a direct interaction with the stakeholders

    Info-Tech Insight

    Aim to build out 90% of the stakeholder journey map with the working team; validate the last 10% with the stakeholder themselves.

    Step 3.3

    Prioritize opportunities

    Activities

    • Prioritize opportunities.

    Transform stakeholder journeys

    This step will walk you through the following activities:

    Prioritize the opportunities that arose from the stakeholder journey mapping exercise.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Prioritized opportunities

    Prioritization of opportunities

    Leverage design-thinking methods to prioritize opportunities.

    As there may be many opportunities arising from the journey map, we need to prioritize ideas to identify which ones we can tackle first – or at all. Leverage IDEO’s design-thinking “three lenses of innovation” to support prioritization:

    • Feasibility: Do you currently have the capabilities to deliver on this opportunity? Do we have the right partners, resources, or technology?
    • Desirability: Is this a solution the stakeholder needs? Does it solve a known pain point?
    • Viability: Does this initiative have an impact on the financial revenue of the organization? Is it a profitable solution that will support the business model? Will this opportunity require a complex cost structure?
    Opportunities Feasibility
    (L/M/H)
    Desirability
    (L/M/H)
    Viability
    (L/M/H)
    Centralized repository for research knowledge H H H
    Rationalize course creation tool set H H H
    Connectivity self-assessment/ checklist H M H
    Forums for students M H H
    Exam preparation (e.g. education or practice exams) H H H

    3.3 Prioritization of opportunities

    Objective: Prioritize opportunities for creating a roadmap.

    1. Gather the opportunities identified in the journey mapping exercise
    2. Assess the opportunities based on IDEO’s three lenses of innovation:
      • Feasibility: Do you currently have the capabilities to deliver on this opportunity? Do we have the right partners, resources, or technology?
      • Viability: Does this initiative have an impact on the financial revenue of the organization? Is it a profitable solution that will support the business model? Will this opportunity require a complex cost structure?
      • Desirability: Is this a solution the stakeholder needs? Does it solve a known pain point?
    3. Opportunities that score high in all three areas are prioritized for the roadmap.

    Input

    • Opportunities From Journey Map

    Output

    • Prioritized Opportunities

    Materials

    • Digital Strategy Workbook

    Participants

    • Executives

    Step 3.4

    Define digital goals

    Activities

    Transform stakeholder journeys

    This step will walk you through the following activities:

    Define a digital goal as it relates to the prioritized opportunities and the stakeholder journey map.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Digital goals

    Define digital goals

    What digital goals can be derived from the stakeholder journey?

    With the prioritized set of opportunities for each stakeholder journey, take a step back and assess what the sum of these opportunities mean for the journey. What is the overall goal or objective of these opportunities? How do these opportunities change or facilitate the journey experience? From here, identify a single goal statement for each stakeholder journey.

    Stakeholder Scenario Prioritized Opportunities Goal
    Faculty (Engineering) As a faculty (Engineering), I want to prepare and teach my course in a hybrid mode of delivery Centralized repository for research knowledge
    Rationalized course creation tool set
    Support hybrid course curricula development through value-driven toolsets and centralized knowledge

    3.4 Define digital goals

    Objective: Identify digital goals derived from the journey statements.

    1. With the prioritized set of opportunities for each stakeholder journey (the two existing journeys and one opportunity journey) take a step back and assess what the sum of these opportunities means for each journey.
      • What is the overall goal or objective of these opportunities?
      • How do these opportunities change or facilitate the journey experience?
    2. From here, identify a single goal for each stakeholder journey.

    Input

    • Opportunities From Journey Map
    • Stakeholder Persona

    Output

    • Digital Goals

    Materials

    • Prioritization Matrix

    Participants

    • Executives

    Step 3.5

    Breakdown opportunities into series of initiatives

    Activities

    • Identify initiatives from the opportunities.

    Transform stakeholder journeys

    This step will walk you through the following activities:

    Identify people, process, and technology initiatives for the opportunities identified.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • People, process, and technology initiatives

    Break down opportunities into a series of initiatives

    Brainstorm initiatives for each high-priority opportunity using the framework below. Describe each initiative as a plan or action to take to solve the problem.

    Opportunity → Initiatives:

    People: What initiatives are required to manage people, data, and other organizational factors that are impacted by this opportunity?

    Process: What processes must be created, changed, or removed based on the data?

    Technology: What systems are required to support this opportunity?

    Break down opportunities into a series of initiatives

    Initiatives
    Centralized repository for research knowledge Technology Acquire and implement knowledge management application
    People Train researchers on functionality
    Process Periodically review and validate data entries into repository
    Initiatives
    Rationalize course creation toolset Technology Retire duplicate or under-used tools
    People Provide training on tool types and align to user needs
    Process Catalog software applications and tools across the organization
    Identify under-used or duplicate tools/applications

    Info-Tech Insight

    Ruthlessly evaluate if a initiative should stand alone or if it can be rolled up with another. Fewer initiatives or opportunities increases focus and alignment, allowing for better communication.

    3.5 Break down opportunities into initiatives

    Objective: Break down opportunities into people, process, and technology initiatives.

    1. Split into groups and identify initiatives required to deliver on each opportunity. Document each initiative on sticky notes.
    2. Have each team answer the following questions to identify initiatives for the prioritized opportunities:
      • People: What initiatives are required to manage people, data, and other organizational factors that are impacted by this opportunity?
      • Process: What processes must be created, changed, or removed based on the data?
      • Technology: What systems are required to support this opportunity?
    3. Document findings in the Digital Strategy Workbook.

    Input

    • Opportunities

    Output

    • Opportunity initiatives categorized by people, process and technology

    Materials

    • Digital Strategy Workbook

    Participants

    • Executive team

    Phase 4

    Build a digital transformation roadmap

    • Detail initiatives
    • Build a unified roadmap roadmap

    This phase will walk you through the following activities:

    Build a digital transformation roadmap that captures people, process, and technology initiatives.

    This phase involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes

    • Digital transformation roadmap

    Step 4.1

    Detail initiatives

    Activities

    • Detail initiatives.

    Build a digital transformation roadmap

    This step will walk you through the following activities:

    Detail initiatives for each priority initiative on your horizon.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • A roadmap for your digital business strategy.

    Create initiative profiles for each high-priority initiative on your strategy

    this image contains a screenshot of an example initiative profile

    Step 4.2

    Build a roadmap

    Activities

    • Create a roadmap of initiatives.

    Build a digital transformation roadmap

    Info-Tech Insight

    A roadmap that balances growth opportunities with business resilience will transform your organization for long-term success in the digital economy.

    This step will walk you through the following activities:

    Identify timing of initiatives and build a Gantt chart roadmap.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • A roadmap for your digital transformation and the journey canvases for each of the prioritized journeys.

    Build a roadmap to visualize your key initiative plan

    Visual representations of data are more compelling than text alone.

    Develop a high-level document that travels with the initiative from inception through executive inquiry, project management, and finally execution.

    A initiative needs to be discrete: able to be conceptualized and discussed as an independent item. Each initiative must have three characteristics:

    • Specific outcome: Describe an explicit change in the people, processes, or technology of the enterprise.
    • Target end date: When the described outcome will be in effect.
    • Owner: Who on the IT team is responsible for executing on the initiative.
    this image contains screenshots of a sample roadmap for supporting hybrid course curricula development through value-driven toolsets and centralized knowledge.

    4.2 Build your roadmap (30 minutes)

    1. For the Gantt chart:
      • Input the Roadmap Start Year date.
      • Change the months and year in the Gantt chart to reflect the same roadmap start year.
      • Populate the planned start and planned end date for the pre-populated list of high-priority initiatives in each category (people, process, and technology).

    Input

    • Initiatives
    • Initiative start & end dates
    • Initiative category

    Output

    • Digital strategy roadmap visual

    Materials

    • Digital Strategy Workbook

    Participants

    • Senior Executive

    Learn more about project portfolio management strategy

    Step 4.3

    Create a refresh strategy

    Activities

    • Refresh your strategy.

    Build a digital transformation roadmap

    Info-Tech Insight

    A digital strategy is a design process, it must be revisited to pressure test and account for changes in the external environment.

    This step will walk you through the following activities:

    Detail a refresh strategy.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • Refresh strategy

    Create a refresh strategy

    It is important to dedicate time to your strategy throughout the year. Create a refresh plan to assess for the changing business context and its impact on the digital business strategy. Make sure the regular planning cycle is not the primary trigger for strategy review. Put a process in place to review the strategy and make your organization proactive. Start by examining the changes to the business context and how the effect would trickle downwards. It’s typical for organizations to build a refresh strategy around budget season and hold planning and touch points to accommodate budget approval time.
    Example:

    this image contains an example of a refresh strategy.

    4.3 Create a refresh strategy (30 minutes)

    1. Work with the digital strategy creation team to identify the time frequencies the organization should consider to refresh the digital business strategy. Time frequencies can also be events that trigger a review (i.e. changing business goals). Record the different time frequencies in the Refresh of the Digital Business Strategy slide of the section.
    2. Discuss with the team the different audience members for each time frequency and the scope of the refresh. The scope represents what areas of the digital business strategy need to be re-examined and possibly changed.

    Example:

    Frequency Audience Scope Date
    Annually Executive Leadership Resurvey, review/ validate, update schedule Pre-budget
    Touch Point Executive Leadership Status update, risks/ constraints, priorities Oct 2021
    Every Year (Re-build) Executive Leadership Full planning Jan 2022

    Input

    • Digital Business Strategy

    Output

    • Refresh Strategy

    Materials

    • Digital Business Strategy Presentation Template
    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Leaders

    Related Info-Tech Research

    Design a Customer-Centric Digital Operating Model

    Design a Customer-Centric Digital Operating Model

    Establish a new way of working to deliver value on your digital transformation initiatives.

    Develop a Project Portfolio Management Strategy

    Develop a Project Portfolio Management Strategy

    Drive project throughput by throttling resource capacity.

    Adopt Design Thinking in Your Organization

    Adopt Design Thinking in Your Organization

    Innovation needs design thinking.

    Digital Maturity Improvement Service

    Digital Maturity Improvement Service

    Prepare your organization for digital transformation – or risk falling behind.

    Research Contributors and Experts

    Kenneth McGee

    this is a picture of Research Fellow, Kenneth McGee

    Research Fellow
    Info-Tech Research Group

    Kenneth McGee is a Research Fellow within the CIO practice at Info-Tech Research Group and is focused on IT business and financial management issues, including IT Strategy, IT Budgets and Cost Management, Mergers & Acquisitions (M&A), and Digital Transformation. He also has extensive experience developing radical IT cost reduction and return-to-growth initiatives during and following financial recessions.

    Ken works with CIOs and IT leaders to help establish twenty-first-century IT organizational charters, structures, and responsibilities. Activities include IT organizational design, IT budget creation, chargeback, IT strategy formulation, and determining the business value derived from IT solutions. Ken’s research has specialized in conducting interviews with CEOs of some of the world’s largest corporations. He has also interviewed a US Cabinet member and IT executives at the White

    House. He has been a frequent keynote speaker at industry conventions, client sales kick-off meetings, and IT offsite planning sessions.

    Ken obtained a BA in Cultural Anthropology from Dowling College, Oakdale, NY, and has pursued graduate studies at Polytechnic Institute (now part of NYU University). He has been an adjunct instructor at State University of New York, Westchester Community College.

    Jack Hakimian

    this is a picture of Vice President of the Info-Tech Research Group, Jack Hakimian

    Vice President
    Info-Tech Research Group

    Jack has more than 25 years of technology and management consulting experience. He has served multi-billion dollar organizations in multiple industries including Financial Services and Telecommunications. Jack also served a number of large public sector institutions.

    Prior to joining the Info-Tech Research Group, he worked for leading consulting players such as Accenture, Deloitte, EY, and IBM.

    Jack led digital business strategy engagements as well as corporate strategy and M&A advisory services for clients across North America, Europe, the Middle East, and Africa. He is a seasoned technology consultant who has developed IT strategies and technology roadmaps, led large business transformations, established data governance programs, and managed the deployment of mission-critical CRM and ERP applications.

    He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master’s degree in Computer Engineering as well as an MBA from the ESCP-EAP European School of Management.

    Bibliography

    Abrams, Karin von. “Global Ecommerce Forecast 2021.” eMarketer, Insider Intelligence, 7 July 2021. Web.

    Christenson, Clayton. The Innovator's Dilemma: When New Technologies Cause Great Firms to Fail. Harvard Business School, 1997. Book.

    Drucker, Peter F., and Joseph A. Maciariello. Innovation and Entrepreneurship. Routledge, 2015.

    Eagar, Rick, David Boulton, and Camille Demyttenaere. “The Trends in Megatrends.” Arthur D Little, Prism, no. 2, 2014. Web.

    Enright, Sara, and Allison Taylor. “The Future of Stakeholder Engagement.” The Business of a Better World, October 2016. Web.

    Hatem, Louise, Daniel Ker, and John Mitchell. “A roadmap toward a common framework for measuring the digital economy.” Report for the G20 Digital Economy Task Force, OECD, 2020. Web.

    Kemp, Simon. “Digital 2021 April Statshot Report.” DataReportal, Global Digital Insights, 21 Apr. 2021. Web.

    Larson, Chris. “Disruptive Innovation Theory: 4 Key Concepts.” Business Insights, Harvard Business School, HBS Online, 15 Nov. 2016. Web.

    McCann, Leah. “Barco's Virtual Classroom at UCL: A Case Study for the Future of All University Classrooms?” rAVe, 2 July 2020. Web.

    Mochari, Ilan. “The Startup Buzzword Almost Everyone Uses Incorrectly.” Inc., 19 Nov. 2015. Web.

    Osterwalder, Alexander, et al. Value Proposition Design. Wiley, 2014.

    Reed, Laura. “Artificial Intelligence: Is Your Job at Risk?” Science Node, 9 August 2017.

    Rodeck, David. “Alphabet Soup: Understanding the Shape of a Covid-19 Recession.” Forbes, 8 June 2020. Web.

    Tapscott, Don. Wikinomics. Atlantic Books, 2014.

    Taylor, Paul. “Don't Be A Dodo: Adapt to the Digital Economy.” Forbes, 27 Aug. 2015. Web.

    The Business Research Company. "Wholesale Global Market Report 2021: COVID-19 Impact and Recovery to 2030." Research and Markets, January 2021. Press Release.

    “Topic 1: Megatrends and Trends.” BeFore, 11 October 2018.

    “Updated Digital Economy Estimates – June 2021.” Bureau of Economic Analysis, June 2021. Web.

    Williamson, J. N. The Leader Manager. John Wiley & Sons, 1984.

    Build a Security Compliance Program

    • Buy Link or Shortcode: {j2store}257|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $23,879 Average $ Saved
    • member rating average days saved: 15 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Most organizations spend between 25 and 40 percent of their security budget on compliance-related activities.
    • Despite this growing investment in compliance, only 28% of organizations believe that government regulations help them improve cybersecurity.
    • The cost of complying with cybersecurity and data protection requirements has risen to the point where 58% of companies see compliance costs as barriers to entering new markets.
    • However, recent reports suggest that while the costs of complying are higher, the costs of non-compliance are almost three times greater.

    Our Advice

    Critical Insight

    • Test once, attest many. Having a control framework allows you to satisfy multiple compliance requirements by testing a single control.
    • Choose your own conformance adventure. Conformance levels allow your organization to make informed business decisions on how compliance resources will be allocated.
    • Put the horse before the cart. Take charge of your audit costs by preparing test scripts and evidence repositories in advance.

    Impact and Result

    • Reduce complexity within the control environment by using a single framework to align multiple compliance regimes.
    • Provide senior management with a structured framework for making business decisions on allocating costs and efforts related to cybersecurity and data protection compliance obligations.
    • Reduces costs and efforts related to managing IT audits through planning and preparation.
    • This blueprint can help you comply with NIST, ISO, CMMC, SOC2, PCI, CIS, and other cybersecurity and data protection requirements.

    Build a Security Compliance Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should manage your security compliance obligations, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Infographic

    Workshop: Build a Security Compliance Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish the Program

    The Purpose

    Establish the security compliance management program.

    Key Benefits Achieved

    Reviewing and adopting an information security control framework.

    Understanding and establishing roles and responsibilities for security compliance management.

    Identifying and scoping operational environments for applicable compliance obligations.

    Activities

    1.1 Review the business context.

    1.2 Review the Info-Tech security control framework.

    1.3 Establish roles and responsibilities.

    1.4 Define operational environments.

    Outputs

    RACI matrix

    Environments list and definitions

    2 Identify Obligations

    The Purpose

    Identify security and data protection compliance obligations.

    Key Benefits Achieved

    Identifying the security compliance obligations that apply to your organization.

    Documenting obligations and obtaining direction from management on conformance levels.

    Mapping compliance obligation requirements into your control framework.

    Activities

    2.1 Identify relevant security and data protection compliance obligations.

    2.2 Develop conformance level recommendations.

    2.3 Map compliance obligations into control framework.

    2.4 Develop process for operationalizing identification activities.

    Outputs

    List of compliance obligations

    Completed Conformance Level Approval forms

    (Optional) Mapped compliance obligation

    (Optional) Identification process diagram

    3 Implement Compliance Strategy

    The Purpose

    Understand how to build a compliance strategy.

    Key Benefits Achieved

    Updating security policies and other control design documents to reflect required controls.

    Aligning your compliance obligations with your information security strategy.

    Activities

    3.1 Review state of information security policies.

    3.2 Recommend updates to policies to address control requirements.

    3.3 Review information security strategy.

    3.4 Identify alignment points between compliance obligations and information security strategy.

    3.5 Develop compliance exception process and forms.

    Outputs

    Recommendations and plan for updates to information security policies

    Compliance exception forms

    4 Track and Report

    The Purpose

    Track the status of your compliance program.

    Key Benefits Achieved

    Tracking the status of your compliance obligations.

    Managing exceptions to compliance requirements.

    Reporting on the compliance management program to senior stakeholders.

    Activities

    4.1 Define process and forms for self-attestation.

    4.2 Develop audit test scripts for selected controls.

    4.3 Review process and entity control types.

    4.4 Develop self-assessment process.

    4.5 Integrate compliance management with risk register.

    4.6 Develop metrics and reporting process.

    Outputs

    Self-attestation forms

    Completed test scripts for selected controls

    Self-assessment process

    Reporting process

    Recommended metrics

    Explore the Secrets of Oracle Cloud Licensing

    • Buy Link or Shortcode: {j2store}142|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: 5 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Organizations are considering moving workloads to the cloud; however, they often struggle to understand Oracle's licensing and services models.
    • Complexity of licensing and high price tags can make the renewal process an overwhelming experience.
    • Oracle’s SaaS applications are the most mature, but Oracle’s on-premises E-Business Suite still has functionality gaps in comparison to Oracle’s cloud apps.

    Our Advice

    Critical Insight

    • Understand the Oracle agenda. Oracle has established a unique approach to their cloud offerings – they want all of your workloads on the Red Stack.
    • Communicate effectively. Be aware that Oracle will reach out to members at your organization at various levels. Having your executives on the same page is critical to successfully managing Oracle.
    • Negotiate hard. Oracle needs the deal more than the customer. Oracle's top leaders are heavily incentivized to drive massive cloud adoption and increase Oracle's share price. Use this to your advantage.

    Impact and Result

    • Conducting business with Oracle is not typical compared to other vendors. To emerge successfully from a commercial transaction with Oracle, customers must learn the “Oracle way” of conducting business, which includes a best-in-class sales structure, highly unique contracts, and license use policies coupled with a hyper-aggressive compliance function.
    • Leverage cloud spend to retire support on shelf-ware licenses, or gain virtualization rights for an on-premises environment.
    • Map out the process of how to negotiate from a position of strength, examining terms and conditions, discount percentages, and agreement pitfalls.
    • Carefully review key clauses in the Oracle Cloud Services Agreement to avoid additional spend and compliance risks.

    Explore the Secrets of Oracle Cloud Licensing Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should explore the secrets of Oracle Cloud licensing, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evaluate licensing requirements

    Review current licensing options and models to determine which cloud products will most appropriately fit the organization's environment.

    • Oracle Cloud Services Agreement Terms and Conditions Evaluation Tool
    [infographic]

    Capture and Market the ROI of Your VMO

    • Buy Link or Shortcode: {j2store}212|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $108,234 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • All IT organizations are dependent on their vendors for technology products, services, and solutions to support critical business functions.
    • Measuring the impact of and establishing goals for the vendor management office (VMO) to maximize its effectiveness requires an objective and quantitative approach whenever possible.
    • Sharing the VMO’s impact internally is a balancing act between demonstrating value and self-promotion.

    Our Advice

    Critical Insight

    • The return on investment (ROI) calculation for your VMO must be customized. The ROI components selected must match your VMO ROI maturity, resources, and roadmap. There is no one-size-fits-all approach to calculating VMO ROI.
    • ROI contributions come from many areas and sources. To maximize the VMO’s ROI, look outside the traditional framework of savings and cost avoidance to vendor-facing interactions and the impact the VMO has on internal departments.

    Impact and Result

    • Quantifying the contributions of the VMO takes the guess work out of whether the VMO is performing adequately.
    • Taking a comprehensive approach to measuring the value created by the VMO and the ROI associated with it will help the organization appreciate the importance of the VMO.
    • Establishing goals for the VMO with the help of the executives and key stakeholders ensures that the VMO is supporting the needs of the entire organization.

    Capture and Market the ROI of Your VMO Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should calculate and market internally your VMO’s ROI, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Get organized

    Begin the process by identifying your VMO’s ROI maturity level and which calculation components are most appropriate for your situation.

    • Capture and Market the ROI of the VMO – Phase 1: Get Organized
    • VMO ROI Maturity Assessment Tool
    • VMO ROI Calculator and Tracker
    • VMO ROI Data Source Inventory and Evaluation Tool
    • VMO ROI Summary Template

    2. Establish baseline

    Set measurement baselines and goals for the next measurement cycle.

    • Capture and Market the ROI of the VMO – Phase 2: Establish Baseline
    • VMO ROI Baseline and Goals Tool

    3. Measure and monitor results

    Measure the VMO's ROI and value created by the VMO’s efforts and the overall internal satisfaction with the VMO.

    • Capture and Market the ROI of the VMO – Phase 3: Measure and Monitor Results
    • RFP Cost Estimator
    • Improvements in Working Capital Estimator
    • Risk Estimator
    • General Process Cost Estimator and Delta Estimator
    • VMO Internal Client Satisfaction Survey
    • Vendor Security Questionnaire
    • Value Creation Worksheet
    • Deal Summary Report Template

    4. Report results

    Report the results to key stakeholders and executives in a way that demonstrates the value added by the VMO to the entire organization.

    • Capture and Market the ROI of the VMO – Phase 4: Report Results
    • Internal Business Review Agenda Template
    • IT Spend Analytics
    • VMO ROI Reporting Worksheet
    • VMO ROI Stakeholder Report Template
    [infographic]

    Workshop: Capture and Market the ROI of Your VMO

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Get Organized

    The Purpose

    Determine how you will measure the VMO’s ROI.

    Key Benefits Achieved

    Focus your measurement on the appropriate activities.

    Activities

    1.1 Determine your VMO’s maturity level and identify applicable ROI measurement categories.

    1.2 Review and select the appropriate ROI formula components for each applicable measurement category.

    1.3 Compile a list of potential data sources, evaluate the viability of each data source selected, and assign data collection and analysis responsibilities.

    1.4 Communicate progress and proposed ROI formula components to executives and key stakeholders for feedback and/or approval/alignment.

    Outputs

    VMO ROI maturity level and first step of customizing the ROI formula components.

    Second and final step of customizing the ROI formula components…what will actually be measured.

    Viable data sources and assignments for team members.

    A progress report for key stakeholders and executives.

    2 Establish Baseline

    The Purpose

    Set baselines to measure created value against.

    Key Benefits Achieved

    ROI contributions cannot be objectively measured without baselines.

    Activities

    2.1 Gather baseline data.

    2.2 Calculate/set baselines.

    2.3 Set SMART goals.

    2.4 Communicate progress and proposed ROI formula components to executives and key stakeholders for feedback and/or approval/alignment.

    Outputs

    Data to use for calculating baselines.

    Baselines for measuring ROI contributions.

    Value creation goals for the next measurement cycle.

    An updated progress report for key stakeholders and executives.

    3 Measure and Monitor Results

    The Purpose

    Calculate the VMO’s ROI.

    Key Benefits Achieved

    An understanding of whether the VMO is paying for itself.

    Activities

    3.1 Assemble the data and calculate the VMO’s ROI.

    3.2 Organize the data for the reporting step.

    Outputs

    The VMO’s ROI expressed in terms of how many times it pays for itself (e.g. 1X, 3X, 5X).

    Determine which supporting data will be reported.

    4 Report Results

    The Purpose

    Report results to stakeholders.

    Key Benefits Achieved

    Stakeholders understand the value of the VMO.

    Activities

    4.1 Create a reporting template.

    4.2 Determine reporting frequency.

    4.3 Decide how the reports will be distributed or presented.

    4.4 Send out a draft report and update based on feedback.

    Outputs

    A template for reporting ROI and supporting data.

    A decision about quarterly or annual reports.

    A decision regarding email, video, and in-person presentation of the ROI reports.

    Final ROI reports.

    Secure Operations in High-Risk Jurisdictions

    • Buy Link or Shortcode: {j2store}369|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting

    Business operations in high-risk areas of the world contend with complex threat environments and risk scenarios that often require a unique response. But traditional approaches to security strategy often miss these jurisdictional risks, leaving organizations vulnerable to threats that range from cybercrime and data breaches to fines and penalties.

    Security leaders need to identify high-risk jurisdictions, inventory critical assets, identify vulnerabilities, assess risks, and identify security controls necessary to mitigate those risks.

    Secure operations and protect critical assets in high-risk regions

    Across risks that include insider threats and commercial surveillance, the two greatest vulnerabilities that organizations face in high-risk parts of the world are travel and compliance. Organizations can make small adjustments to their security program to address these risks:

    1. Support high-risk travel: Put measures and guidelines in place to protect personnel, data, and devices before, during, and after employee travel.
    2. Mitigate compliance risk: Consider data residency requirements, data breach notification, cross-border data transfer, and third-party risks to support business growth.

    Using these two prevalent risk scenarios in high-risk jurisdictions as examples, this research walks you through the steps to analyze the threat landscape, assess security risks, and execute a response to mitigate them.

    Secure Operations in High-Risk Jurisdictions Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Secure Operations in High-Risk Jurisdictions – A step-by-step approach to mitigating jurisdictional security and privacy risks.

    Traditional approaches to security strategy often miss jurisdictional risks. Use this storyboard to make small adjustments to your security program to mitigate security risks in high-risk jurisdictions.

    • Secure Operations in High-Risk Jurisdictions – Phases 1-3

    2. Jurisdictional Risk Register and Heat Map Tool – A tool to inventory, assess, and treat jurisdictional risks.

    Use this tool to track jurisdictional risks, assess the exposure of critical assets, and identify mitigation controls. Use the geographic heatmap to communicate inherent jurisdictional risk with key stakeholders.

    • Jurisdictional Risk Register and Heat Map Tool

    3. Guidelines for Key Jurisdictional Risk Scenarios – Two structured templates to help you develop guidelines for two key jurisdictional risk scenarios: high-risk travel and compliance risk

    Use these two templates to develop help you develop your own guidelines for key jurisdictional risk scenarios. The guidelines address high-risk travel and compliance risk.

    • Digital Safety Guidelines for International Travel
    • Guidelines for Compliance With Local Security and Privacy Laws Template

    Infographic

    Workshop: Secure Operations in High-Risk Jurisdictions

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Context for Risk Assessment

    The Purpose

    Assess business requirements and evaluate security pressures to set the context for the security risk assessment.

    Key Benefits Achieved

    Understand the goals of the organization in high-risk jurisdictions.

    Assess the threats to critical assets in these jurisdictions and capture stakeholder expectations for information security.

    Activities

    1.1 Determine assessment scope.

    1.2 Determine business goals.

    1.3 Determine compliance obligations.

    1.4 Determine risk appetite.

    1.5 Conduct pressure analysis.

    Outputs

    Business requirements

    Security pressure analysis

    2 Analyze Key Risk Scenarios for High-Risk Jurisdictions

    The Purpose

    Build key risk scenarios for high-risk jurisdictions.

    Key Benefits Achieved

    Identify critical assets in high-risk jurisdictions, their vulnerabilities to relevant threats, and the adverse impact should malicious agents exploit them.

    Assess risk exposure of critical assets in high-risk jurisdictions.

    Activities

    2.1 Identify critical assets.

    2.2 Identify threats.

    2.3 Assess risk likelihood.

    2.4 Assess risk impact.

    Outputs

    Key risk scenarios

    Jurisdictional risk exposure

    Jurisdictional Risk Register and Heat Map

    3 Build Risk Treatment Roadmap

    The Purpose

    Prioritize and treat jurisdictional risks to critical assets.

    Key Benefits Achieved

    Build an initiative roadmap to reduce residual risks in high-risk jurisdictions.

    Activities

    3.1 Identify and assess risk response.

    3.2 Assess residual risks.

    3.3 Identify security controls.

    3.4 Build initiative roadmap.

    Outputs

    Action plan to mitigate key risk scenarios

    Further reading

    Secure Operations in High-Risk Jurisdictions

    Assessments often omit jurisdictional risks. Are your assets exposed?

    EXECUTIVE BRIEF

    Analyst Perspective

    Operations in high-risk jurisdictions face unique security scenarios.

    The image contains a picture of Michel Hebert.

    Michel Hébert

    Research Director

    Security and Privacy

    Info-Tech Research Group


    The image contains a picture of Alan Tang.

    Alan Tang

    Principal Research Director

    Security and Privacy

    Info-Tech Research Group


    Traditional approaches to security strategies may miss key risk scenarios that critical assets face in high-risk jurisdictions. These include high-risk travel, heightened insider threats, advanced persistent threats, and complex compliance environments. Most organizations have security strategies and risk management practices in place, but securing global operations requires its own effort. Assess the security risk that global operations pose to critical assets. Consider the unique assets, threats, and vulnerabilities that come with operations in high-risk jurisdictions. Focus on the business activities you support and integrate your insights with existing risk management practices to ensure the controls you propose get the visibility they need. Your goal is to build a plan that mitigates the unique security risks that global operations pose and secures critical assets in high-risk areas. Don’t leave security to chance.

    Executive Summary

    Your Challenge

    • Security leaders who support operations in many countries struggle to mitigate security risks to critical assets. Operations in high-risk jurisdictions contend with complex threat environments and security risk scenarios that often require a unique response.
    • Security leaders need to identify critical assets, assess vulnerabilities, catalog threats, and identify the security controls necessary to mitigate related operational risks.

    Common Obstacles

    • Securing operations in high-risk jurisdictions requires additional due diligence. Each jurisdiction involves a different risk context, which complicates efforts to identify, assess, and mitigate security risks to critical assets.
    • Security leaders need to engage the organization with the right questions and identify high-risk vulnerabilities and security risk scenarios to help stakeholders make an informed decision about how to assess and treat the security risks they face in high-risk jurisdictions.

    Info-Tech’s Approach

    Info-Tech has developed an effective approach to protecting critical assets in high-risk jurisdictions.

    This approach includes tools for:

    • Evaluating the security context of your organization’s high-risk jurisdictions.
    • Identifying security risk scenarios unique to high-risk jurisdictions and assessing the exposure of critical assets.
    • Planning and executing a response.

    Info-Tech Insight

    Organizations with global operations must contend with a more diverse set of assets, threats, and vulnerabilities when they operate in high-risk jurisdictions. Security leaders need to take additional steps to secure operations and protect critical assets.

    Business operations in high-risk jurisdictions face a more complex security landscape

    Information security risks to business operations vary widely by region.

    The 2022 Allianz Risk Barometer surveyed 2,650 business risk specialists in 89 countries to identify the most important risks to operations. The report identified cybercrime, IT failures, outages, data breaches, fines, and penalties as the most important global business risks in 2022, but their results varied widely by region. The standout finding of the 2022 Allianz Risk Barometer is the return of security risks as the most important threat to business operations. Security risks will continue to be acute beyond 2022, especially in Africa, the Middle East, Europe, and the Asia-Pacific region, where they will dwarf risks of supply chain interruptions, natural catastrophe, and climate change.

    Global operations in high-risk jurisdictions contend with more diverse threats. These security risk scenarios are not captured in traditional security strategies.

    The image contains a picture of the world map that has certain areas of the map highlighted in various shades of blue based on higher security-related business risks.

    Figures represent the number of cybersecurity risks business risk specialists selected as a percentage of all business risks (Allianz, 2022). Higher scores indicate jurisdictions with higher security-related business risks. Jurisdictions without data are in grey.

    Different jurisdictions’ commitment to cybersecurity also varies widely, which increases security risks further

    The Global Cybersecurity Index (GCI) provides insight into the commitment of different countries to cybersecurity.

    The index assesses a country’s legal framework to identify basic requirements that public and private stakeholders must uphold and the legal instruments prohibiting harmful actions.

    The 2020 GCI results show overall improvement and strengthening of the cybersecurity agenda globally, but significant regional gaps persist. Of the 194 countries surveyed:

    • 33% had no data protection legislation.
    • 47% had no breach notification measures in place.
    • 50% had no legislation on the theft of personal information.
    • 19% still had no legislation on illegal access.

    Not every jurisdiction has the same commitment to cybersecurity. Protecting critical assets in high-risk jurisdictions requires additional due diligence.

    The image contains a picture of the world map that has certain areas of the map highlighted in various shades of blue based on scores in relation to the Global Security Index.

    The diagram sets out the score and rank for each country that took part in the Global Cybersecurity Index (ITU, 2021)

    Higher scores show jurisdictions with a lower rank on the CGI, which implies greater risk. Jurisdictions without data are in grey.

    Securing critical assets in high-risk jurisdictions requires additional effort

    Traditional approaches to security strategy may miss these key risk scenarios.

    As a result, security leaders who support operations in many countries need to take additional steps to mitigate security risks to critical assets.

    Guide stakeholders to make informed decisions about how to assess and treat the security risks and secure operations.

    • Engage the organization with the right questions.
    • Identify critical assets and assess vulnerabilities.
    • Catalogue threats and build risk scenarios.
    • Identify the security controls necessary to mitigate risks.

    Work with your organization to analyze the threat landscape, assess security risks unique to high-risk jurisdictions, and execute a response to mitigate them.

    This project blueprint works through this process using the two most prevalent risk scenarios in high-risk jurisdictions: high-risk travel and compliance risk.

    Key Risk Scenarios

    • High-Risk Travel
    • Compliance Risk
    • Insider Threat
    • Advanced Persistent Threat
    • Commercial Surveillance
    The image contains a screenshot of an Info-Tech thought model regarding secure global operations in high-risk jurisdictions.

    Travel risk is the first scenario we use as an example throughout the blueprint

    • This project blueprint outlines a process to identify, assess, and mitigate key risk scenarios in high-risk jurisdictions. We use two common key risk scenarios as examples throughout the deck to illustrate how you create and assess your own scenarios.
    • Supporting high-risk travel is the first scenario we will study in-depth as an example. Business growth, service delivery, and mergers and acquisitions can lead end users to travel to high-risk jurisdictions where staff, devices, and data are at risk.
    • Compromised or stolen devices can provide threat actors with access to data that could compromise the organization’s strategic, economic, or competitive advantage or expose the organization to regulatory risk.

    The project blueprint includes template guidance in Phase 3 to help you build and deploy your own travel guidelines to protect critical assets and support end users before they leave, during their trip, and when they return.

    Before you leave

    • Identify high-risk countries.
    • Enable controls.
    • Limit what you pack.

    During your trip

    • Assume you are monitored.
    • Limit access to systems.
    • Prevent theft.

    When you return

    • Change your password.
    • Restore your devices.

    Compliance risk is the second scenario we use as an example

    • Mitigating compliance risk is the second scenario we will study as an example in this blueprint. The legal and regulatory landscape is evolving rapidly to keep step with the pace of technological change. Security and privacy leaders are expected to mitigate the risk of noncompliance as the organization expands to new jurisdictions.
    • Later sections will show how to think through at least four compliance risks, including:
      • Cross-border data transfer
      • Third-party risk management
      • Data breach notification
      • Data residency

    The project blueprint includes template guidance in Phase 3 to help you deploy your own compliance governance controls as a risk mitigation measure.

    Secure Operations in High-Risk Jurisdictions: Info-Tech’s methodology

    1. Identify Context

    2. Assess Risks

    3. Execute Response

    Phase Steps

    1. Assess business requirements
    2. Evaluate security pressures
    1. Identify risks
    2. Assess risk exposure
    1. Treat security risks
    2. Build initiative roadmap

    Phase Outcomes

    • Internal security pressures that capture the governance, policies, practices, and risk tolerance of the organization
    • External security pressures that capture the expectations of customers, regulators, legislators, and business partners
    • A heatmap that captures not only the global exposure of your critical assets but also the business processes they support
    • A security risk register to allow for the easy transfer of critical assets’ global security risk data to your organization’s enterprise risk management practice
    • A roadmap of prioritized initiatives to apply relevant controls and secure global assets
    • A set of key risk indicators to monitor and report your progress

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Business Security Requirements

    Identify the context for the global security risk assessment, including risk appetite and risk tolerance.

    Jurisdictional Risk Register and Heatmap

    Identify critical global assets and the threats they face in high-risk jurisdictions and assess exposure.

    Mitigation Plan

    Roadmap of initiatives and security controls to mitigate global risks to critical assets. Tools and templates to address key security risk scenarios.

    Key deliverable:

    Jurisdictional Risk Register and Heatmap

    Use the Jurisdictional Risk Register and Heatmap Tool to capture information security risks to critical assets in high-risk jurisdictions. The tool generates a world chart that illustrates the risks global operations face to help you engage the business and execute a response.

    Blueprint benefits

    Protect critical assets in high-risk jurisdictions

    IT Benefits

    Assess and remediate information security risk to critical assets in high-risk jurisdictions.

    Easily integrate your risk assessment with enterprise risk assessments to improve communication with the business.

    Illustrate key information security risk scenarios to make the case for action in terms the business understands.

    Business Benefits

    Develop mitigation plans to protect staff, devices, and data in high-risk jurisdictions.

    Support business growth in high-risk jurisdictions without compromising critical assets.

    Mitigate compliance risk to protect your organization’s reputation, avoid fines, and ensure business continuity.

    Quantify the impact of securing global operations

    The tool included with this blueprint can help you measure the impact of implementing the research

    • Use the Jurisdictional Risk Register and Heatmap Tool to describe the key risk scenarios you face, assess their likelihood and impact, and estimate the cost of mitigating measures. Working through the project in this way will help you quantify the impact of securing global operations.
    The image contains a screenshot of Info-Tech's Jurisdictional Risk Register and Heatmap Tool. The image contains a screenshot of the High-Risk Travel Jurisdiction.

    Establish Baseline Metrics

    • Review existing information security and risk management metrics and the output of the tools included with the blueprint.
    • Identify metrics to measure the impact of your risk management efforts. Focus specifically on high-risk jurisdictions.
    • Compare your results with those in your overall security and risk management program.

    ID

    Metric

    Why is this metric valuable?

    How do I calculate it?

    1.

    Overall Exposure – High-Risk Jurisdictions

    Illustrates the overall exposure of critical assets in high-risk jurisdictions.

    Use the Jurisdictional Risk Register and Heatmap Tool. Calculate the impact times the probability rating for each risk. Take the average.

    2.

    # Risks Identified – High-Risk Jurisdictions

    Informs risk tolerance assessments.

    Use the Jurisdictional Risk Register and Heatmap Tool.

    3.

    # Risks Treated – High-Risk Jurisdictions

    Informs residual risk assessments.

    Use the Jurisdictional Risk Register and Heatmap Tool.

    4.

    Mitigation Cost – High-Risk Jurisdictions

    Informs cost-benefit analysis to determine program effectiveness.

    Use the Jurisdictional Risk Register and Heatmap Tool.

    5.

    # Security Incidents – High-Risk Jurisdictions

    Informs incident trend calculations to determine program effectiveness.

    Draw the information from your service desk or IT service management tool.

    6.

    Incident Remediation Cost – High-Risk Jurisdictions

    Informs cost-benefit analysis to determine program effectiveness.

    Estimate based on cost and effort, including direct and indirect cost such as business disruptions, administrative finds, reputational damage, etc.

    7.

    TRENDS: Program Effectiveness – High-Risk Jurisdictions

    # of security incidents over time. Remediation : Mitigation costs over time

    Calculate based on metrics 5 to 7.

    Info-Tech offers various levels of support to best suit your needs.

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1

    Call #1: Scope project requirements, determine assessment scope, and discuss challenges.

    Phase 2

    Call #2: Conduct initial risk assessment and determine risk tolerance.

    Call #3: Evaluate security pressures in high-risk jurisdictions.

    Call #4: Identify risks in high-risk jurisdictions.

    Call #5: Assess risk exposure.

    Phase 3

    Call #6: Treat security risks in high-risk jurisdictions.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    Days 1

    Days 2-3

    Day 4

    Day 5

    Identify Context

    Key Risk Scenarios

    Build Roadmap

    Next Steps and Wrap-Up (offsite)

    Activities

    1.1.1 Determine assessment scope.

    1.1.2 Determine business goals.

    1.1.3 Identify compliance obligations.

    1.2.1 Determine risk appetite.

    1.2.2 Conduct pressure analysis.

    2.1.1 Identify assets.

    2.1.2 Identify threats.

    2.2.1 Assess risk likelihood.

    2.2.2 Assess risk impact.

    3.1.1 Identify and assess risk response.

    3.1.2 Assess residual risks.

    3.2.1 Identify security controls.

    3.2.2 Build initiative roadmap.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Business requirements for security risk assessment
    2. Identification of high-risk jurisdictions
    3. Security threat landscape for high-risk jurisdictions
    1. Inventory of relevant threats, critical assets, and their vulnerabilities
    2. Assessment of adverse effects should threat agents exploit vulnerabilities
    3. Risk register with key risk scenarios and heatmap of high-risk jurisdictions
    1. Action plan to mitigate key risk scenarios
    2. Investment and implementation roadmap
    1. Completed information security risk assessment for two key risk scenarios
    2. Risk mitigation roadmap

    No safe jurisdictions

    Stakeholders sometimes ask information security and privacy leaders to produce a list of safe jurisdictions from which to operate. We need to help them see that there are no safe jurisdictions, only relatively risky ones. As you build your security program, deepen the scope of your risk assessments to include risk scenarios critical assets face in different jurisdictions. These risks do not need to rule out operations, but they may require additional mitigation measures to keep staff, data, and devices safe and reduce potential reputational harms.

    Traditional approaches to security strategy often omit jurisdictional risks.

    Global operations must contend with a more complex security landscape. Secure critical assets in high-risk jurisdictions with a targeted risk assessment.

    The two greatest risks are high-risk travel and compliance risk.

    You can mitigate them with small adjustments to your security program.

    Support High-Risk Travel

    When securing travel to high-risk jurisdictions, you must consider personnel safety as well as data and device security. Put measures and guidelines in place to protect them before, during, and after travel.

    Mitigate Compliance Risk

    Think through data residency requirements, data breach notification, cross-border data transfer, and third-party risks to support business growth and mitigate compliance risks in high-risk jurisdictions to protect your organization’s reputation and avoid hefty fines or business disruptions.

    Phase 1

    Identify Context

    This phase will walk you through the following activities:

    • Assess business requirements to understand the goals of the organization’s global operations, as well as its risk governance, policies, and practices.
    • Evaluate jurisdictional security pressures to understand threats to critical assets and capture the expectations of external stakeholders, including customers, regulators, legislators, and business partners, and assess risk tolerance.

    This phase involves the following participants:

    • Business stakeholders
    • IT leadership
    • Security team
    • Risk and Compliance

    Step 1.1

    Assess Business Requirements

    Activities

    1.1.1 Determine assessment scope

    1.1.2 Identify enterprise goals in high-risk jurisdictions

    1.1.3 Identify compliance obligations

    This step involves the following participants:

    • Business stakeholders
    • IT leadership
    • Security team
    • Risk and Compliance

    Outcomes of this step

    • Assess business requirements to understand the goals of the organization’s global operations, as well as its risk governance, policies, and practices.

    Focus the risk assessment on high-risk jurisdictions

    Traditional approaches to information security strategy often miss threats to global operations

    • Successful security strategies are typically sensitive to risks to different IT systems and lines of business.
    • However, securing global operations requires additional focus on high-risk jurisdictions, considering what makes them unique.
    • This first phase of the project will help you evaluate the business context of operations in high-risk jurisdictions, including:
      • Enterprise and security goals.
      • Lines of business, physical locations, and IT systems that need additional oversight.
      • Unique compliance obligations.
      • Unique risks and security pressures.
      • Organizational risk tolerance in high-risk jurisdictions.

    Focus your risk assessment on the business activities security supports in high-risk jurisdictions and the unique threats they face to bridge gaps in your security strategy.

    Identify jurisdictions with higher inherent risks

    Your security strategy may not describe jurisdictional risk adequately.

    • Security strategies list lines of business, physical locations, and IT systems the organization needs to secure and those whose security will depend on a third-party. You can find additional guidance on fixing the scope and boundaries of a security strategy in Phase 1 of Build an Information Security Strategy.
    • However, security risks vary widely from one jurisdiction to another according to:
      • Active cyber threats.
      • Legal and regulatory frameworks.
      • Regional security and preparedness capabilities.
    • Your first task is to identify high-risk jurisdictions to target for additional oversight.

    Work closely with your enterprise risk management function.

    Enterprise risk management functions are often tasked with developing risk assessments from composite sources. Work closely with them to complete your own assessment.

    Countries at heightened risk of money laundering and terrorism financing are examples of high-risk jurisdictions. The Financial Action Task Force and the U.S. Treasury publish reports three times a year that identify Non-Cooperative Countries or Territories.

    Develop a robust jurisdictional assessment

    Design an intelligence collection strategy to inform your assessment

    Strategic Intelligence

    White papers, briefings, reports. Audience: C-Suite, board members

    Tactical Intelligence

    Internal reports, vendor reports. Audience: Security leaders

    Operational intelligence

    Indicators of compromise. Audience: IT Operations

    Operational intelligence focuses on machine-readable data used to block attacks, triage and validate alerts, and eliminate threats from the network. It becomes outdated in a matter of hours and is less useful for this exercise.

    Determine travel risks to bolster your assessments

    Not all locations and journeys will require the same security measures.

    • Travel risks vary significantly according to destination, the nature of the trip, and traveler profile.
    • Access to an up-to-date country risk rating system enables your organization and individual staff to quickly determine the overall level of risk in a specific country or location.
    • Based on this risk rating, you can specify what security measures are required prior to travel and what level of travel authorization is appropriate, in line with the organization's security policy or travel security procedures.
    • While some larger organizations can maintain their own country risk ratings, this requires significant capacity, particularly to obtain the necessary information to keep these regularly updated.
    • It may be more effective for your organization to make use of the travel risk ratings provided by an external security information provider, such as a company linked to your travel insurance or travel booking service, if available.
    • Alternatively, various open-source travel risk ratings are available via embassy travel sites or other website providers.

    Without a flexible system to account for the risk exposures of different jurisdictions, staff may perceive measures as a hindrance to operations.

    Develop a tiered risk rating

    The example below outlines potential risk indicators for high-risk travel.

    Rating

    Description

    Low

    Generally secure with adequate physical security. Low violent crime rates. Some civil unrest during significant events. Acts of terrorism rare. Risks associated with natural disasters limited and health threats mainly preventable.

    Moderate

    Periodic civil unrest. Antigovernment, insurgent, or extremist groups active with sporadic acts of terrorism. Staff at risk from common and violent crime. Transport and communications services are unreliable and safety records are poor. Jurisdiction prone to natural disasters or disease epidemics.

    High

    Regular periods of civil unrest, which may target foreigners. Antigovernment, insurgent, or extremist groups very active and threaten political or economic stability. Violent crime rates high, often targeting foreigners. Infrastructure and emergency services poor. May be regular disruption to transportation or communications services. Certain areas off-limits to foreigners. Jurisdictions experiencing natural disasters or epidemics are considered high risk.

    Extreme

    Undergoing active conflict or persistent civil unrest. Risk of being caught up in a violent incident or attack is very high. Authorities may have lost control of significant portions of the country. Lines between criminality and political and insurgent violence are blurred. Foreigners are likely to be denied access to parts of the country. Transportation and communication services are severely degraded or nonexistent. Violence presents a direct threat to staff security.

    Ratings are formulated by assessing several types of risk, including conflict, political/civil unrest, terrorism, crime, and health and infrastructure risks.

    1.1.1 Determine assessment scope

    1 – 2 hours

    1. As a group, brainstorm a list of high-risk jurisdictions to target for additional assessment. Write down as many items as possible to include in:
    • Lines of business
    • Physical locations
    • IT systems

    Pay close attention to elements of the assessment that are not in scope.

  • Discuss the response and the rationale for targeting each of them for additional risk assessments. Identify security-related concerns for different lines of business, locations, user groups, IT systems, and data.
  • Record your responses and your comments in the Information Security Requirements Gathering Tool.
  • Input

    Output

    • Corporate strategy
    • IT strategy
    • Security strategy
    • Relevant threat intelligence
    • A list of high-risk jurisdictions to focus your risk assessment

    Materials

    Participants

    • Laptop
    • Projector
    • Security team
    • IT leadership
    • Business stakeholders
    • Enterprise Risk Management
    • Compliance
    • Legal

    Download the Information Security Requirements Gathering Tool

    Position your efforts in a business context

    Securing critical assets in high-risk jurisdictions is a business imperative

    • Many companies relegate their information security strategies to their IT department. Aside from the strain the choice places on a department that already performs many different functions, it wrongly implies that mitigating information security risk is simply an IT problem.
    • Managing information security risks is a business problem. It requires that organizations identify their risk appetite, prioritize relevant threats, and define risk mitigation initiatives. Business leaders can only do these activities effectively in a context that recognizes the business and financial benefits of implementing protections.
    • This is notably true of businesses with operations in many different countries. Each jurisdiction has its own set of security risks the organization must account for, as well as unique local laws and regulations that affect business operations.
    • In high-risk jurisdictions, your efforts must consider the unique operational challenges your organization may not face in its home country. Your efforts to secure critical assets will be most successful if you describe key risk scenarios in terms of their impact on business goals.
    • You can find additional guidance on assessing the business context of a security strategy in Phase 1 of Build an Information Security Strategy.

    Do you understand the unique business context of operations in high-risk jurisdictions?

    1.1.2 Identify business goals

    Estimated Time: 1-2 hours

    1. As a group, brainstorm the primary and secondary business goals of the organization. Focus your assessment on operations in high-risk jurisdictions you identified in Exercise 1.1.1. Review:
    • Relevant corporate and IT strategies.
    • The business goal definitions and indicator metrics in tab 2, “Goals Definition,” of the Information Security Requirements Gathering Tool.
  • Limit business goals to no more than two primary goals and three secondary goals. This limitation will help you prioritize security initiatives at the end of the project.
  • For each business goal, identify up to two security alignment goals that will support business goals in high-risk jurisdictions.
  • Input

    Output

    • Corporate strategy
    • IT strategy
    • Security strategy
    • Your goals for the security risk assessment for high-risk jurisdictions

    Materials

    Participants

    • Laptop
    • Projector
    • Security team
    • IT leadership
    • Business stakeholders
    • Risk Management
    • Compliance
    • Legal

    Download the Information Security Requirements Gathering Tool

    Record business goals

    Capture the results in the Information Security Requirements Gathering Tool

    1. Record the primary and secondary business goals you identified in tab 3, “Goals Cascade,” of the Information Security Requirements Gathering Tool.
    2. Next, record the two security alignment goals you selected for each business goal based on the tool’s recommendations.
    3. Finally, review the graphic diagram that illustrates your goals on tab 6, “Results,” of the Information Security Requirements Gathering Tool.
    4. Revisit this exercise whenever operations expands to a new jurisdiction to capture how they contribute to the organization’s mission and vision and how the security program can support them.
    The image contains a screenshot of Tab 3, Goals Cascade.

    Tab 3, Goals Cascade

    The image contains a screenshot of Tab 6, Results.

    Tab 6, Results

    Analyze business goals

    Assess how operating in multiple jurisdictions adds nuance to your business goals

    • Security leaders need to understand the direction of the business to propose relevant security initiatives that support business goals in high-risk jurisdictions.
    • Operating in different jurisdictions carries its own degree of risk. The organization is subject not only to the information security risks and legal frameworks of its country of origin but also to those associated with international jurisdictions.
    • You need to understand where your organization operates and how these different jurisdictions contribute to your business goals to support their performance and protect the firm’s reputation.
    • This exercise will make an explicit link between security and privacy concerns in high-risk jurisdictions, what the business cares about, and what security is trying to accomplish.

    If the organization is considering a merger and acquisition project that will expand operations in jurisdictions with different travel risk profiles, the security organization needs to revise the security strategy to ensure the organization can support high-risk travel and mitigate risks to critical assets.

    Identify compliance obligations

    Data compliance obligations loom large in high-risk jurisdictions

    The image contains four hexagons, each with their own words. SOX, PCI DSS, HIPAA, HITECH.

    Security leaders are familiar with most conventional regulatory obligations that govern financial, personal, and healthcare data in North America and Europe.

    The image contains four hexagons, each with their own words. Residency, Cross-Border Transfer, Breach Notification, Third-Party Risk Mgmt.

    Data privacy concerns, nationalism, and the economic value of data are all driving jurisdictions to adopt data residency and data localization and to shut down the cross-border transfer of data.

    The next step requires you to consider the compliance obligations the organization needs to meet to support the business as it expands to other jurisdictions through natural growth, mergers, and acquisitions.

    1.1.3 Identify compliance obligations

    Estimated Time: 1-2 hours

    1. As a group, brainstorm compliance obligations in target jurisdictions. Focus your assessment on operations in high-risk jurisdictions.
    2. Include:

    • Laws
    • Governing regulations
    • Industry standards
    • Contractual agreements
  • Record your compliance obligations and comments on tab 4, “Compliance Obligations,” of the Information Security Requirements Gathering Tool.
  • If you need to take full stock of the laws and regulations in place in the jurisdictions where you operate that you are not familiar with, consider seeking local legal counsel to help you navigate this exercise.
  • Input

    Output

    • Legal and compliance frameworks in target jurisdictions
    • Mandatory and voluntary compliance obligations for target jurisdictions

    Materials

    Participants

    • Laptop
    • Projector
    • Security team
    • IT leadership
    • Business stakeholders
    • Risk Management
    • Compliance
    • Legal

    Download the Information Security Requirements Gathering Tool

    Step 1.2

    Evaluate Security Pressures

    Activities

    1.2.1 Conduct initial risk assessment

    1.2.2 Conduct pressure analysis

    1.2.3 Determine risk tolerance

    This step involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Outcomes of this step

    Identify threats to global assets and capture the security expectations of external stakeholders, including customers, regulators, legislators, and business partners, and determine risk tolerance.

    Evaluate security pressures to set the risk context

    Perform an initial assessment of high-risk jurisdictions to set the context.

    Assess:

    • The threat landscape.
    • The security pressures from key stakeholders.
    • The risk tolerance of your organization.

    You should be able to find the information in your existing security strategy. If you don’t have the information, work through the next three steps of the project blueprint.

    The image contains a diagram to demonstrate evaluating security pressures, as described in the text above.

    Some jurisdictions carry inherent risks

    • Jurisdictional risks stem from legal, regulatory, or political factors that exist in different countries or regions. They can also stem from unexpected legal changes in regions where critical assets have exposure. Understanding jurisdictional risks is critical because they can require additional security controls.
    • Jurisdictional risk tends to be higher in jurisdictions:
      • Where the organization:
        • Conducts high-value or high-volume financial transactions.
        • Supports and manages critical infrastructure.
        • Has high-cost data or data whose compromise could undermine competitive advantage.
        • Has a high percentage of part-time employees and contractors.
        • Experiences a high rate of employee turnover.
      • Where state actors:
        • Have a low commitment to cybersecurity, financial, and privacy legislation and regulation.
        • Support cybercrime organizations within their borders.

    Jurisdictional risk is often reduced to countries where money laundering and terrorist activities are high. In this blueprint, the term refers to the broader set of information security risks that arise when operating in a foreign country or jurisdiction.

    Five key risk scenarios are most prevalent

    Key Risk Scenarios

    • High-Risk Travel
    • Compliance Risk
    • Insider Threat
    • Advanced Persistent Threat
    • Commercial Surveillance

    Security leaders who support operations in many countries need to take additional steps to mitigate security risks to critical assets. The goal of the next two exercises is to analyze the threat landscape and security pressures unique to high-risk jurisdictions, which will inform the construction of key scenarios in Phase 2. These five scenarios are most prevalent in high-risk jurisdictions. Keep them in mind as you go through the exercises in this section.

    1.2.1 Assess jurisdictional risk

    1-3 hours

    1. As a group, review the questions on tab 2, “Risk Assessment,” of the Information Security Pressure Analysis Tool.
    2. Gather the required information from subject matter experts on the following risk elements with a focus on high-risk jurisdictions:
    3. Review each question in tab 2 of the Information Security Pressure Analysis Tool and select the most appropriate response.

    Input

    Output

    • Existing security strategy
    • List of organizational assets
    • Historical data on information security incidents
    • Completed risk assessment

    Materials

    Participants

    • Information Security Pressure Analysis Tool
    • Security team
    • IT leadership
    • Risk Management

    For more information on how to complete the risk assessment questionnaire, see Step 1.2.1 of Build an Information Security Strategy.

    1.2.2 Conduct pressure analysis

    1-3 hours

    1. As a group, review the questions on tab 3, “Pressure Analysis,” of the Information Security Pressure Analysis Tool.
    2. Gather the required information from subject matter experts on the following pressure elements with a focus on high-risk jurisdictions:
    • Compliance and oversight
    • Customer expectations
    • Business expectations
    • IT expectations
  • Review each question in the questionnaire and provide the most appropriate response using the drop-down list. It may be helpful to consult with the appropriate departments to obtain their perspectives.
  • For more information on how to complete the pressure analysis questionnaire, see Step 1.3 of Build an Information Security Strategy.

    Input

    Output

    • Information on various pressure elements within the organization
    • Existing security strategy
    • Completed pressure analysis

    Materials

    Participants

    • Information Security Pressure Analysis Tool
    • Security team
    • IT leadership
    • Business leaders
    • Compliance

    A low security pressure means that your stakeholders do not assign high importance to information security. You may need to engage stakeholders with the right key risk scenarios to illustrate jurisdictional risk and generate support for new security controls.

    Download the Information Security Pressure Analysis Tool

    Assess risk tolerance

    • Risk tolerance expresses the types and amount of risk the organization is willing to accept in pursuit of its goals.
    • These expectations can help you identify, manage, and report on key risk scenarios in high-risk jurisdictions.
    • For instance, an organization with a low risk tolerance will require a stronger information security program to minimize operational security risks.
    • It’s up to business leaders to determine the risks they are willing to accept. They may need guidance to understand how system-level risks affect the organization’s ability to pursue its goals.

    A formalized risk tolerance statement can help:

    • Support risk-based security decisions that align with business goals.
    • Provide a meaningful rationale for security initiatives.
    • Improve the transparency of investments in the organization’s security program.
    • Provide guidance for monitoring inherent risk and residual risk exposure.

    The role of security professionals is to identify and analyze key risk scenarios that may prevent the organization from reaching its goals.

    1.2.3 Determine risk tolerance

    1-3 hours

    1. As a group, review the questions on tab 4, “Risk Tolerance,” of the Information Security Pressure Analysis Tool.
    2. Gather the required information from subject matter experts on the following risk tolerance elements:
    • Recent IT problems, especially downtime and data recovery issues
    • Historical security incidents
  • Review any relevant documentation, including:
    • Existing security strategy
    • Business impact assessments
    • Service-level agreements

    For more information on how to complete the risk tolerance questionnaire, see Step 1.4 of Build an Information Security Strategy.

    Input

    Output

    • Existing security strategy
    • Data on recent IT problems and incidents
    • Business impact assessments
    • Completed risk tolerance statement

    Materials

    Participants

    • Information Security Pressure Analysis Tool
    • Security team
    • IT leadership
    • Risk Management

    Download the Information Security Pressure Analysis Tool

    Review the output of the results tab

    • The organizational risk assessment provides a high-level assessment of inherent risks in high-risk jurisdictions. Use the results to build and assess key risk scenarios in Phase 2.
    • Use the security pressure analysis to inform stakeholder management efforts. A low security pressure indicates that stakeholders do not yet grasp the impact of information security on organizational goals. You may need to communicate its importance before you discuss additional security controls.
    • Jurisdictions in which organizations have a low risk tolerance will require stronger information security controls to minimize operational risks.
    The image contains a screenshot of the organizational risk assessment. The image contains a screenshot of the security pressure analysis. The image contains a screenshot of the risk tolerance curve.

    Phase 2

    Assess Security Risks to Critical Assets

    This phase will walk you through the following activities:

    • Identify critical assets, their vulnerabilities to relevant threats, and the adverse impact a successful threat event would have on the organization.
    • Assess risk exposure of critical assets in high-risk jurisdictions for each risk scenario through an analysis of its likelihood and impact.

    This phase involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Step 2.1

    Identify Risks

    Activities

    2.1.1 Identify assets

    2.1.2 Identify threats

    This step involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Outcomes of this step

    • Define risk scenarios that identify critical assets, their vulnerabilities to relevant threats, and the adverse impact a successful threat event would have on the organization.

    This blueprint focuses on mitigating jurisdictional risks

    The image contains a screenshot of the IT Risk Management Framework. The framework includes: Risk Identification, Risk Assessment, Risk Response, and Risk Governance.

    For a deeper dive into building a risk management program, see Info-Tech’s core project blueprints on risk management:

    Build an IT Risk Management Program

    Combine Security Risk Management Components Into One Program

    Draft key risk scenarios to illustrate adverse events

    Risk scenarios help decision-makers understand how adverse events affect business goals.

    • Risk-scenario building is the process of identifying the critical factors that contribute to an adverse event and crafting a narrative that describes the circumstances and consequences if it were to happen.
    • Risk scenarios set up the risk analysis stage of the risk assessment process. They are narratives that describe in detail:
      • The asset at risk.
      • The threat that can act against the asset.
      • Their intent or motivation.
      • The circumstances and threat actor model associated with the threat event.
      • The potential effect on the organization.
      • When or how often the event might occur.

    Risk scenarios are further distilled into a single sentence or risk statement that communicates the essential elements from the scenario.

    Well-crafted risk scenarios have four components

    The second phase of the project will help you craft meaningful risk scenarios

    Threat

    Exploits an

    Asset

    Using a

    Method

    Creating an

    Effect

    An actor capable of harming an asset

    Anything of value that can be affected and results in loss

    Technique an actor uses to affect an asset

    How loss materializes

    Examples: Malicious or untrained employees, cybercriminal groups, malicious state actors

    Examples: Systems, regulated data, intellectual property, people

    Examples: Credential compromise, privilege escalation, data exfiltration

    Examples: Loss of data confidentiality, integrity, or availability; impact on staff health & safety

    Risk scenarios are concise, four to six sentence narratives that describe the core elements of forecasted adverse events. Use them to engage stakeholders with the right questions and guide them to make informed decisions about how to address and treat security risks in high-risk jurisdictions.

    The next slides review five key risk scenarios prevalent in high-risk jurisdictions. Use them as examples to develop your own.

    Travel to high-risk jurisdictions requires special measures to protect staff, devices, and data

    Governmental, academic, and commercial advisors compile lists of jurisdictions that pose greater travel risks annually.

    For instance, in the US, these lists might include countries that are:

    • Subjects of travel warnings by the US Department of State.
    • Identified as high risk by other US government sources such as:
      • The Department of the Treasury Office of Foreign Assets Control (OFAC).
      • The Federal Bureau of Investigation (FBI).
      • The Office of the Director of National Intelligence (ODNI).
    • Compiled from academic and commercial sources, such as Control Risks.

    When securing travel to high-risk jurisdictions, you must consider personnel safety as well as data and device security.

    The image contains a diagram to present high-risk jurisdictions.

    The diagram presents high-risk jurisdictions based on US governmental sources (2021) listed on this slide.

    High-risk travel

    Likelihood: Medium

    Impact: Medium

    Key Risk Scenario #1

    Malicious state actors, cybercriminals, and competitors can threaten staff, devices, and data during travel to high-risk jurisdictions. Device theft or compromise may occur while traveling through airports, accessing hotel computer and phone networks, or in internet cafés or other public areas. Threat actors can exploit data from compromised or stolen devices to undermine the organization’s strategic, economic, or competitive advantage. They can also infect compromised devices with malware that delivers malicious payloads once they reconnect with home networks.

    Threat Actor:

    • Malicious state actors
    • Cybercriminals
    • Competitors

    Assets:

    • Staff
    • IT systems
    • Sensitive data

    Effect:

    • Compromised staff health and safety
    • Loss of data
    • Lost of system integrity

    Methods:

    • Identify, steal, or target mobile devices.
    • Compromise network, wireless, or Bluetooth connections.
    • Leverage stolen devices as a means of infecting other networks.
    • Access devices to track user location.
    • Activate microphones on devices to collect information.
    • Intercept electronic communications users send from high-risk jurisdictions.

    The data compliance landscape is a jigsaw puzzle of data protection and data residency requirements

    Since the EU passed the GDPR in 2016, jurisdictions have turned to data regulations to protect citizen data

    Data privacy concerns, nationalism, and the economic value of data are all driving jurisdictions to adopt data residency, breach notification, and cross-border data transfer regulations. As 2021 wound down to a close, nearly all the world’s 30 largest economies had some form of data regulation in place. The regulatory landscape is shifting rapidly, which complicates operations as organizations grow into new markets or engage in merger and acquisition activities.

    Global operations require special attention to data-residency requirements, data breach notification requirements, and cross-border data transfer regulations to mitigate compliance risk.

    The image contains a diagram to demonstrate the data regulations placed in various places around the world.

    Compliance risk

    Likelihood: Medium

    Impact: High

    Key Risk Scenario #2

    Rapid changes in the privacy and security regulatory landscape threaten organizations’ ability to meet their compliance obligations from local legal and regulatory frameworks. Organizations risk reputational damage, administrative fines, criminal charges, and loss of market share. In extreme cases, organizations may lose their license to operate in high-risk jurisdictions. Shifts in the regulatory landscape can involve additional requirements for data residency, cross-border data transfer, data breach notification, and third-party risk management.

    Threat Actor:

    • Local, regional, and national state actors

    Asset:

    • Reputation, market share
    • License to operate

    Effect:

    • Administrative fines
    • Loss of reputation, brand trust, and consumer loyalty
    • Loss of market share
    • Suspension of business operations
    • Lawsuits due to collective actions and claims
    • Criminal charges

    Methods:

    • Shifts in the privacy and security regulatory landscape, including requirements for:
      • Data residency.
      • Cross-border data transfer.
      • Data breach notification.
      • Third-party security and privacy risk management.

    The incidence of insider threats varies widely by jurisdiction in unexpected ways

    On average, companies in North America, the Middle East, and Africa had the most insider incidents in 2021, while those in the Asia-Pacific region had the least.

    The Ponemon Institute set out to understand the financial consequences that result from insider threats and gain insight into how well organizations are mitigating these risks.

    In the context of this research, insider threat is defined as:

    • Employee or contractor negligence.
    • Criminal or malicious insider activities.
    • Credential theft (imposter risk).

    On average, the total cost to remediate insider threats in 2021 was US$15.4 million per incident.

    In all regions, employee or contractor negligence occurred most frequently. Organizations in North America and in the Middle East and Africa were most likely to experience insider threat incidents in 2021.

    the image contains a diagram of the world, with various places coloured in different shades of blue.

    The diagram represents the average number of insider incidents reported per organization in 2021. The results are analyzed in four regions (Ponemon Institute, 2022)

    Insider threat

    Likelihood: Low to Medium

    Impact: High

    Key Risk Scenario #3

    Malicious insiders, negligent employees, and credential thieves can exploit inside access to information systems to commit fraud, steal confidential or commercially valuable information, or sabotage computer systems. Insider threats are difficult to identify, especially when security is geared toward external threats. They are often familiar with the organization’s data and intellectual property as well as the methods in place to protect them. An insider may steal information for personal gain or install malicious software on information systems. They may also be legitimate users who make errors and disregard policies, which places the organization at risk.

    Threat Actor:

    • Malicious insiders
    • Negligent employees
    • Infiltrators

    Asset:

    • Sensitive data
    • Employee credentials
    • IT systems

    Effects:

    • Loss of system integrity
    • Loss of data confidentiality
    • Financial loss

    Methods:

    • Infiltrators may compromise credentials.
    • Malicious or negligent insiders may use corporate email to steal or share sensitive data, including:
      • Regulated data.
      • Intellectual property.
      • Critical business information.
    • Malicious agents may facilitate data exfiltration, as well as open-port and vulnerability scans.

    The risk of advanced persistent threats is more prevalent in Central and South America and the Asia-Pacific region

    Attacks from advanced persistent threat (APT) actors are more sophisticated than traditional ones.

    • More countries will use legal indictments as part of their cyber strategy. Exposing toolsets of APT groups carried out at the governmental level will drive more states to do the same.
    • Expect APTs to increasingly target network appliances like VPN gateways as organizations continue to sustain hybrid workforces.
    • The line between APTs and state-sanctioned ransomware groups is blurring. Expect cybercriminals to wield better tools, mount more targeted attacks, and use double-extortion tactics.
    • Expect more disruption and collateral damage from direct attacks on critical infrastructure.

    Top 10 Significant Threat Actors:

    • Lazarus
    • DeathStalker
    • CactusPete
    • IAmTheKing
    • TransparentTribe
    • StrongPity
    • Sofacy
    • CoughingDown
    • MuddyWater
    • SixLittleMonkeys

    Top 10 Targets:

    • Government
    • Banks
    • Financial Institutions
    • Diplomatic
    • Telecommunications
    • Educational
    • Defense
    • Energy
    • Military
    • IT Companies
    The image contains a world map coloured in various shades of blue.
    Top 12 countries targeted by APTs (Kaspersky, 2020)

    Track notable APTs to revise your list of high-risk jurisdictions and review the latest tactics and techniques

    Governmental advisors track notable APT actors that pose greater risks.

    The CISA Shields Up site, SANS Storm Center site, and MITRE ATT&CK group site provide helpful and timely information to understand APT risks in different jurisdictions.

    The following threat actors are currently associated with cyberattacks affiliated with the Russian government.

    Activity Group

    Risks

    APT28 (GRU)

    Known as Fancy Bear, this threat group has been tied to espionage since 2004. They compromised the Hillary Clinton campaign, amid other major events.

    APT29 (SVT)

    Tied to espionage since 2008. Reportedly compromised the Democratic National Committee in 2015. Cited in the 2021 SolarWinds compromise.

    Buhtrap/RTM Group

    Group focused on financial targets since 2014. Currently known to target Russian and Ukrainian banks.

    Gamaredon

    Operating in Crimea. Aligned with Russian interests. Has previously targeted Ukrainian government officials and organizations.

    DEV-0586

    Carried out wiper malware attacks on Ukrainian targets in January 2022.

    UNC1151

    Active since 2016. Linked to information operation campaigns and the distribution of anti-NATO material.

    Conti

    Most successful ransomware gang of 2021, with US$188M revenue. Supported Russian invasion of Ukraine, threatening attacks on allied critical infrastructure.

    Sources: MITRE ATT&CK; Security Boulevard, 2022; Reuters, 2022; The Verge, 2022

    Advanced persistent threat

    Likelihood: Low to Medium

    Impact: High

    Key Risk Scenario #4

    Advanced persistent threats are state actors or state-sponsored affiliates with the means to avoid detection by anti-malware software and intrusion detection systems. These highly-skilled and persistent malicious agents have significant resources with which to bypass traditional security controls, establish a foothold in the information technology infrastructure, and exfiltrate data undetected. APTs have the resources to adapt to a defender’s efforts to resist them over time. The loss of system integrity and data confidentiality over time can lead to financial losses, business continuity disruptions, and the destruction of critical infrastructure.

    Threat Actor:

    • State actors
    • State-sponsored affiliates

    Asset:

    • Sensitive data
    • IT systems
    • Critical infrastructure

    Effects:

    • Loss of system integrity
    • Loss of data confidentiality
    • Financial loss
    • Business continuity disruptions
    • Infrastructure destruction

    Methods:

    • Persistent, consistent attacks using the most advanced threats and tactics to bypass security defenses.
    • The goal of APTs is to maintain access to networks for prolonged periods without being detected.
    • The median dwell time differs widely between regions. FireEye reported the mean dwell time for 2018:
      • Americas: 71 days
      • Europe, Middle East, and Africa: 177 days
      • Asia-Pacific: 204 days
    Sources: Symantec, 2011; FireEye, 2019

    Threat agents have deployed invasive technology for commercial surveillance in at least 76 countries since 2015

    State actors and their affiliates purchased and used invasive spyware from companies in Europe, Israel, and the US.

    • “Customers are predominantly repressive regimes looking for new ways to control the flow of information and stifle dissent. Less than 10% of suspected customers are considered full democracies by the Economist Intelligence Unit.” (Top10VPN, 2021)
    • Companies based in economically developed and largely democratic states are profiting off the technology.
    • The findings demonstrate the need to consider geopolitical realities when assessing high-risk jurisdictions and to take meaningful action to increase layered defenses against invasive malware.
    • Spyware is having an increasingly well-known impact on civil society. For instance, since 2016, over 50,000 individual phone numbers have been identified as potential targets by NSO Group, the Israeli manufacturers of the notorious Pegasus Spyware. The target list contained the phone numbers of politicians, journalists, activists, doctors, and academics across the world.
    • The true number of those affected by spyware is almost impossible to determine given that many fall victim to the technology and do not notice.
    The image contains a map of the world with various countries highlighted in shades of blue.

    Countries where commercial surveillance tools have been deployed (“Global Spyware Market Index,” Top10VPN, 2021)

    The risks and effects of spyware vary greatly

    Spyware can steal mundane information, track a user’s every move, and everything in between.

    Adware

    Software applications that display advertisements while the program is running.

    Keyboard Loggers

    Applications that monitor and record keystrokes. Malicious agents use them to steal credentials and sensitive enterprise data.

    Trojans

    Applications that appear harmless but inflict damage or data loss to a system.

    Mobile Spyware

    Surveillance applications that infect mobile devices via SMS or MMS channels, though the most advanced can infect devices without user input.

    State actors and their affiliates use system monitors to track browsing habits, application usage, and keystrokes and capture information from devices’ GPS location data, microphone, and camera. The most advanced system monitor spyware, such as NSO Group’s Pegasus, can infect devices without user input and record conversations from end-to-end encrypted messaging systems.

    Commercial surveillance

    Likelihood: Low to Medium

    Impact: Medium

    Key Risk Scenario #5

    Malicious agents can deploy malware on end-user devices with commercial tools available off the shelf to secretly monitor the digital activity of users. Attacks exploit widespread vulnerabilities in telecommunications protocols. They occur through email and text phishing campaigns, malware embedded in untested applications, and sophisticated zero-click attacks that deliver payloads without requiring user interactions. Attacks target sensitive as well as mundane information. They can be used to track employee activities, investigate criminal activity, or steal credentials, credit card numbers, or other personally identifiable information.

    Threat Actor:

    • State actors
    • State-sponsored affiliates

    Asset:

    • Sensitive data
    • Staff health and safety
    • IT systems

    Effects:

    • Data breaches
    • Loss of data confidentiality
    • Increased risk to staff health and safety
    • Misuse of private data
    • Financial loss

    Methods:

    • Email and text phishing attacks that delivery malware payloads
    • Sideloading untested applications from a third-party source rather than an official retailer
    • Sophisticated zero-click attacks that deliver payloads without requiring user interaction

    Use the Jurisdictional Risk Register and Heatmap Tool

    The tool included with this blueprint can help you draft risk scenarios and risk statements in this section.

    The risk register will capture a list of critical assets and their vulnerabilities, the threats that endanger them, and the adverse effect your organization may face.

    The image includes two screenshots of the jurisdictional risk register and heatmap tool. The image contains a screenshot of the High-Risk Travel Jurisdiction.

    Download the Jurisdictional Risk Register and Heatmap Tool

    2.1.1 Identify assets

    1 – 2 hours

    1. As a group, consider critical or mission-essential functions in high-risk jurisdictions and the systems on which they depend. Brainstorm a list of the organization’s mission-supporting assets in high-risk jurisdictions. Consider:
    • Staff
    • Critical IT systems
    • Sensitive data
    • Critical operational processes
  • On a whiteboard, brainstorm the potential adverse effect of malicious agents in high-risk jurisdictions compromising critical assets. Consider the impact on:
    • Information systems.
    • Sensitive or regulated data.
    • Staff health and safety.
    • Critical operations and objectives.
    • Organizational finances.
    • Reputation and brand loyalty

    Threat

    Exploits an

    Asset

    Using a

    Method

    Creating an

    Effect

    Inputs for risk scenario identification

    Input

    Output

    • Corporate strategy
    • IT strategy
    • Security strategy
    • Business impact analyses
    • A list of the organization’s mission-supporting assets

    Materials

    Participants

    • Laptop
    • Projector
    • Whiteboard
    • Security team
    • IT leadership
    • System owner
    • Enterprise Risk Management

    Threat

    Exploits an

    Asset

    Using a

    Method

    Creating an

    Effect

    Inputs for risk scenario identification

    The image contains an example of the activity mentioned in the text above.

    Model threats to narrow the range of scenarios

    Motives and capabilities to perform attacks on critical assets vary across different threat actors.

    Category

    Actions

    Motivation

    Sophistication

    Nation-states

    Cyberespionage, cyberattacks

    Geopolitical

    High. Dedicated resources and personnel, extensive planning and coordination.

    Proxy organizations

    Espionage, destructive attacks

    Geopolitical, Ideological, Profit

    Moderate. Some planning and support functions and technical expertise.

    Cybercrime

    Theft, fraud, extortion

    Profit

    Moderate. Some planning and support functions and technical expertise.

    Hacktivists

    Disrupt operations, attack brands, release sensitive data

    Ideological

    Low. Rely on widely available tools that require little skill to deploy.

    Insiders

    Destruction or release of sensitive data, theft, exposure through negligence

    Incompetence, Discontent

    Internal access. Acting on their own or in concert with any of the above.

    • Criminals, hacktivists, and insiders vary in sophistication. Some criminal groups demonstrate a high degree of sophistication; however, a large cyber event that damages critical infrastructure does not align with their incentives to make money at minimal risk.
    • Proxy actors conduct offensive cyber operations on behalf of a beneficiary. They may be acting on behalf of a competitor, national government, or group of individuals.
    • Nation-states engage in long-term espionage and offensive cyber operations that support geopolitical and strategic policy objectives.

    2.1.2 Identify threats

    1 – 2 hours

    1. Review the outputs from activity 1.1.1 and activity 2.1.1.
    2. Identify threat agents that could undermine the security of critical assets in high-risk jurisdictions. Include internal and external actors.
    3. Assess their motives, means, and opportunities.
    • Which critical assets are most attractive? Why?
    • What paths and vulnerabilities can threat agents exploit to reach critical assets without going through a control?
    • How could they defeat existing controls? Draw on the MITRE framework to inform your analysis.
    • Once agents defeat a control, what further attack can they launch?

    Threat

    Exploits an

    Asset

    Using a

    Method

    Creating an

    Effect

    Inputs for risk scenario identification

    Input

    Output

    • Jurisdictional assessment from activity 1.1.1
    • Critical assets from activity 2.1.1
    • Potential vulnerabilities from:
      • Security control gap analysis
      • Security risk register
    • Threat intelligence
    • MITRE framework
    • A list of critical assets, threat agents, vulnerabilities, and potential attack vectors.

    Materials

    Participants

    • Laptop
    • Projector
    • Whiteboard
    • Security team
    • Infrastructure & Operations team
    • Enterprise Risk Management

    2.1.2 Identify threats (continued)

    1 – 2 hours

    1. On a whiteboard, brainstorm how threat agents will exploit vulnerabilities in critical assets to reach their goal. Redefine attack vectors to capture what could result from a successful initial attack.

    For example:

    • State actors and cybercriminals may steal or compromise end-user devices during travel to high-risk jurisdictions using malware they embed in airport charging stations, internet café networks, or hotel business centers.
    • Compromised devices may infect corporate networks and threaten sensitive data once they reconnect to them.

    Threat

    Exploits an

    Asset

    Using a

    Method

    Creating an

    Effect

    The image contains a screenshot of activity 2.1.2 as described in the text above.

    Bring together the critical risk elements into a single risk scenario

    Summarize the scenario further into a single risk statement

    Risk Scenario: High-Risk Travel

    State actors and cybercriminals can threaten staff, devices, and data during travel to high-risk jurisdictions. Device theft or compromise may occur while traveling through airports, accessing hotel computer and phone networks, or in internet cafés or other public areas. Threat actors can exploit data from compromised or stolen devices to undermine the organization’s strategic, economic, or competitive advantage. They can also infect compromised devices with malware that delivers malicious payloads once they reconnect with home networks.

    Risk Statement

    Cybercriminals compromise end-user devices during travel to high-risk jurisdictions, jeopardizing staff safety and leading to loss of sensitive data.

    Risk Scenario: Compliance Risk

    Rapid changes in the privacy and security regulatory landscape threaten an organization’s ability to meet its compliance obligations from local legal and regulatory frameworks. Organizations that fail to do so risk reputational damage, administrative fines, criminal charges, and loss of market share. In extreme cases, organizations may lose their license to operate in high-risk jurisdictions. Shifts in the regulatory landscape can involve additional requirements for data residency, cross-border data transfer, data breach notification, and third-party risk management.

    Risk Statement

    Rapid changes in the privacy and security regulations landscape threaten our ability to remain compliant, leading to reputational and financial loss.

    Fill out the Jurisdictional Risk Register and Heatmap Tool

    The tool is populated with data from two key risk scenarios: high-risk travel and compliance risk.

    The image includes two screenshots of the Jurisdictional Risk Register and Heatmap Tool.

    1. Label the risk in Tab 3, Column B.
    2. Record your risk scenario in Tab 3, Column C.
    3. Record your risk statement in Tab 3, Column D.
    4. Identify the applicable jurisdictions in Tab 3, Column E.
    5. You can further categorize the scenario as:
      • an enterprise risk (Column G).
      • an IT risk (Column H).

    Download the Jurisdictional Risk Register and Heatmap Tool

    Step 2.2

    Assess Risk Exposure

    Activities

    2.2.1 Identify existing controls

    2.2.2 Assess likelihood and impact

    This step involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Outcomes of this step

    • Assess risk exposure for each risk scenario through an analysis of its likelihood and impact.

    Brush up on risk assessment essentials

    The next step will help you prioritize IT risks based on severity.

    Likelihood of Occurrence X Likelihood of Impact = Risk Severity

    Likelihood of occurrence: How likely the risk is to occur.

    Likelihood of impact: The likely impact of a risk event.

    Risk severity: The significance of the risk.

    Evaluate risk severity against the risk tolerance thresholds and the cost of risk response.

    Identify existing controls before you proceed

    Existing controls will reduce the inherent likelihood and impact of the risk scenario you face.

    Existing controls were put in place to avoid, mitigate, or transfer key risks your organization faced in the past. Without considering existing controls, you run the risk of overestimating the likelihood and impact of the risk scenarios your organization faces in high-risk jurisdictions.

    For instance, the ability to remote-wipe corporate-owned devices will reduce the potential impact of a device lost or compromised during travel to high-risk jurisdictions.

    As you complete the risk assessment for each scenario, document existing controls that reduce their inherent likelihood and impact.

    2.2.1 Document existing controls

    6-10 hours

    1. Document the Risk Category and Existing Controls in the Jurisdictional Risk Register and Heatmap Tool.
      • Tactical controls apply to individual risks only. For instance, the ability to remote-wipe devices mitigates the impact of a device lost in a high-risk jurisdiction.
      • Strategic controls apply to multiple risks. For instance, deploying MFA for critical applications mitigates the likelihood that malicious actors can compromise a lost device and impedes their access in devices they do compromise.

    Input

    Output

    • Risk scenarios
    • Existing controls for risk scenarios

    Materials

    Participants

    • Jurisdictional Risk Register and Heatmap Tool
    • Laptop
    • Projector
    • Security team
    • IT leadership
    • Business stakeholders
    • Enterprise Risk Management

    Download the Jurisdictional Risk Register and Heatmap Tool.

    Assess the risk scenarios you identified in Phase 1

    The risk register is the central repository for risks in high-risk jurisdictions.

    • Use the second tab of the Jurisdictional Risk Register and Heatmap Tool to create likelihood, impact, and risk tolerance assessment scales to evaluate every risk event effectively.
    • Severity-level assessment is a “first pass” of your risk scenarios that will reveal your organization’s most severe risks in high-risk jurisdictions.
    • You can incorporate expected cost calculations into your evaluation to assess scenarios in greater detail.
    • Expected cost represents how much you would expect to pay in an average year for each risk event. Expected cost calculations can help compare IT risks to non-IT risks that may not use the same scales and communicate system-level risk to the business in a language they will understand.

    Expected cost calculations may not be practical. Determining robust likelihood and impact values to produce cost estimates can be challenging and time consuming. Use severity-level assessments as a first pass to make the case for risk mitigation measures and take your lead from stakeholders.

    The image contains two screenshots of the Jurisdictional Risk Register and Heatmap Tool.

    Use the Jurisdictional Risk Register and Heatmap Tool to capture and analyze your data.

    2.2.2 Assess likelihood and impact

    6-10 hours

    1. Assign each risk scenario a likelihood of occurrence and a likely impact level that represents the impact of the scenario on the whole organization considering existing controls. Record your results in Tab 3, column R and S, respectively.
    2. You can further dissect likelihood and impact into component parameters but focus first on total likelihood and impact to keep the task manageable.
    3. As you input the first few likelihood and impact values, compare them to one another to ensure consistency and accuracy. For instance, is a device lost in a high-risk jurisdiction truly more impactful than a device compromised with commercial surveillance software?
    4. The tool will calculate the probability of risk exposure based on the likelihood and consequence associated with the scenario. The results are published in Tab 3, Column T.

    Input

    Output

    • Risk scenarios
    • Assessed the likelihood of occurrence and impact for all identified risk events

    Materials

    Participants

    • Jurisdictional Risk Register and Heatmap Tool
    • Laptop
    • Projector
    • Security team
    • IT leadership
    • Business stakeholders
    • Enterprise Risk Management

    Download the Jurisdictional Risk Register and Heatmap Tool.

    Refine your risk assessment to justify your estimates

    Document the rationale behind each value and the level of consensus in group discussions.

    Stakeholders will likely ask you to explain some of the numbers you assigned to likelihood and impact assessments. Pointing to an assessment methodology will give your estimates greater credibility.

    • Assign one individual to take notes during the assessment exercise.
    • Have them document the main rationale behind each value and the level of consensus.

    The goal is to develop robust intersubjective estimates of the likelihood and impact of a risk scenario.

    We assigned a 50% likelihood rating to a risk scenario. Were we correct?

    Assess the truth of the following statements to test likelihood assessments. In this case, do these two statements seem true?

    • The risk event will likely occur once in the next two years, all things being equal.
    • In two nearly identical organizations, one out of two will experience the risk event this year.
    The image includes a screenshot of the High-Risk Travel Jurisdictions.

    Phase 3

    Execute Response

    This phase will walk you through the following activities:

    • Prioritize and treat global risks to critical assets based on their value and exposure.
    • Build an initiative roadmap that identifies and applies relevant controls to protect critical assets. Identify key risk indicators to monitor progress.

    This phase involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Step 3.1

    Treat Security Risks

    Activities

    3.1.1 Identify and assess risk response

    This step involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Outcomes of this step

    • Prioritize and treat global risks to critical assets based on their value and exposure.

    Analyze and select risk responses

    The next step will help you treat the risk scenarios you built in Phase 2.

    Identify

    Identify risk responses.

    Predict

    Predict the effectiveness of the risk response, if implemented, by estimating the residual likelihood and impact of the risk.

    Calculate

    The tool will calculate the residual severity of the risk after applying the risk response.

    The first part of the phase outlines project activities. The second part elaborates on high-risk travel and compliance risk, the two key risk scenarios we are following throughout the project. Use the Jurisdictional Risk Register and Heatmap Tool to capture your work.

    Analyze likelihood and impact to identify response

    The image contains a diagram of he risk response analysis. Risk Transfer and Risk Avoidance has the most likelihood, and Risk Acceptance and Risk Mitigation have the most impact. Risk Avoidance has the most likelihood and most impact in regards to risk response.

    3.1.1 Identify and assess risk response

    Complete the following steps for each risk scenario.

    1. Identify a risk response action that will help reduce the likelihood of occurrence or the impact if the scenario were to occur. Indicate the type of risk response (avoidance, mitigation, transfer, acceptance, or no risk exists).
    2. Assign each risk response action a residual likelihood level and a residual impact level. This is the same step you performed in Activity 2.2.2, but you are now are estimating the likelihood and impact of the risk event after you implemented the risk response action successfully. The Jurisdictional Risk Register and Heatmap Tool will generate a residual risk severity level for each risk event.
    3. Identify the potential Risk Action Owner (Project Manager) if the response is selected and turned into an IT project, and document this in the Jurisdictional Risk Register and Heatmap Tool .
    4. For each risk event, document risk response actions, residual likelihood and impact levels, and residual risk severity level.

    Input

    Output

    • Risk scenarios from Phase 2
    • Risk scenario mitigation plan

    Materials

    Participants

    • Whiteboard/flip charts
    • Jurisdictional Risk Register and Heatmap Tool
    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Download the Jurisdictional Risk Register and Heatmap Tool

    Step 3.2

    Mitigate Travel Risk

    Activities

    3.2.1 Develop a travel policy

    3.2.2 Develop travel procedures

    3.2.3 Design high-risk travel guidelines

    This step involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Outcomes of this step

    • Prioritize and treat global risks to critical assets based on their value and exposure.

    Identify controls to mitigate jurisdictional risk

    This section provides guidance on the most prevalent risk scenarios identified in Phase 2 and provides a more in-depth examination of the two most prevalent ones, high-risk travel and compliance risk. Determine the appropriate response to each risk scenario to keep global risks to critical assets aligned with the organization’s risk tolerance.

    Key Risk Scenarios

    • High-Risk Travel
    • Compliance Risk
    • Insider Threat
    • Advanced Persistent Threat
    • Commercial Surveillance

    Travel risk is a common concern in organizations with global operations

    • The security of staff, devices, and data is one of the biggest challenges facing organizations with a global footprint. Working and traveling in unpredictable environments will aways carry a degree of risk, but organizations can do much to develop a safer and more secure working environment.
    • Compromised or stolen devices can provide threat actors with access to data that could compromise the organization’s strategic, economic, or competitive advantage or expose the organization to regulatory risk.
    • For many organizations, security risk assessments, security plans, travel security procedures, security training, and incident reporting systems are a key part of their operating language.
    • The following section provides a simple structure to help organizations demystify travel in high-risk jurisdictions.

    The image contains a diagram to present high-risk jurisdictions.

    Before you leave

    • Identify high-risk countries.
    • Enable controls.
    • Limit what you pack.

    During your trip

    • Assume you are monitored.
    • Limit access to systems.
    • Prevent theft.

    When you return

    • Change your password.
    • Restore your devices.

    Case study

    Higher Education: Camosun College

    Interview: Evan Garland

    Frame additional security controls as a value-added service.

    Situation

    The director of the international department at Camosun College reached out to IT security for additional support. Department staff often traveled to hostile environments. They were concerned malicious agents would either steal end-user devices or compromise them and access sensitive data. The director asked IT security for options that would better protect traveling staff, their devices, and the information they contain.

    Challenges

    First, controls would need to admit both work and personal use of corporate devices. Staff relied exclusively on work devices for travel to mitigate the risk of personal device theft. Personal use of corporate devices during travel was common. Second, controls needed to strike the right balance between friction and effortless access. Traveling staff had only intermittent access to IT support. Restrictive controls could prevent them from accessing their devices and data altogether.

    Solution

    IT consulted staff to discuss light-touch solutions that would secure devices without introducing too much complexity or compromising functionality. They then planned security controls that involved user interaction and others that did not and identified training requirements.

    Results

    Controls with user interaction

    Controls without user interaction

    • Multifactor authentication for college systems and collaboration platforms
    • Password manager for both work and personal use for staff for stronger passwords and practices
    • Security awareness training to help traveling staff identify potential threats while traveling through airports or accessing public Wi-Fi.
    • Drive encryption and always-on VPN to protect data at rest and in transit
    • Increased setting for phishing and spam filtering for traveling staff email
    • Enhanced anti-malware/endpoint detection and response (EDR) solution for traveling laptops

    Build a program to mitigate travel risks

    There is no one-size-fits-all solution.

    The most effective solution will take advantage of existing risk management policies, processes, and procedures at your organization.

    • Develop a framework. Outline the organization’s approach to high-risk travel, including the policies, procedures, and mechanisms put in place to ensure safe travel to high-risk jurisdictions.
    • Draft a policy. Outline the organization’s risk attitude and key security principles and define roles and responsibilities. Include security responsibilities and obligations in job descriptions of staff members and senior managers.
    • Provide flexible options. Inherent travel risk will vary from one jurisdiction to another. You will likely not find an approach that works for every case. Establish locally relevant measures and plans in different security contexts and risk environments.
    • Look for quick wins. Identify measures or requirements that you can establish quickly but that can have a positive effect on the security of staff, data, and devices.
    • Monitor and review. Undertake periodic reviews of the organization’s security approach and management framework, as well as their implementation, to ensure the framework remains effective.

    3.2.1 Develop a travel policy

    1. Work with your business leaders to build a travel policy for high-risk jurisdictions. The policy should be a short and accessible document structured around four key sections:
      • A statement on the importance of staff security and safety, the scope of the policy, and who it applies to (staff, consultants, contractors, volunteers, visitors, accompanying dependants, etc.).
      • A principles section explaining the organization’s security culture, risk attitude, and the key principles that shape the organization’s approach to staff security and safety.
      • A responsibilities section setting out the organization’s security risk management structure and the roles and actions allocated to specific positions.
      • A minimal security requirements section establishing the specific security requirements that must be in place in all locations and specific locations.
    2. Common security principles include:
    • Shared responsibility – Managing risks to staff is a shared organizational responsibility.
    • Acknowledgment of risk – Managing security will not remove all risks. Staff need to appreciate, as part of their informed consent, that they are still exposed to risk.
    • Primacy of life – Staff safety is of the highest importance. Staff should never place themselves at excessive risk to meet program objectives or protect property.
    • Proportionate risk – Risks must be assessed to ensure they are proportionate to the benefits organizational activities provide and the ability to manage those risks.
    • Right to withdraw – Staff have the right to withdraw from or refuse to take up work in a particular area due to security concerns.
    • No right to remain – The organization has the right to suspend activities that it considers too dangerous.
  • Cross-reference the organization’s other governing policies that outline requirements related to security risk management, such as the health and safety policy, access control policy, and acceptable use of security assets.
  • Input

    Output

    • List of high-risk jurisdictions
    • Risk scenarios from Phase 2
    • Data inventory and data flows
    • Travel policy for high-risk jurisdictions

    Materials

    Participants

    • Whiteboard/flip charts
    • Jurisdictional Risk Register and Heatmap Tool
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Develop security plans for high-risk travel

    Security plans advise staff on how to manage the risk identified in assessments.

    Security plans are key country documents that outline the security measures and procedures in place and the responsibilities and resources required to implement them. Security plans should be established in high-risk jurisdictions where your organization has a regular, significant presence. Security plans must remain relevant and accessible documents that address the specific risks that exist in that location, and, if appropriate, are specific about where the measures apply and who they apply to. Plans should be updated regularly, especially following significant incidents or changes in the operating environment or activities.

    Key Components

    Critical information – One-page summary of pertinent information for easy access and quick reference (e.g. curfew times, no-go areas, important contacts).

    Overview – Purpose and scope of the document, responsibilities for security plan, organization’s risk attitude, date of completion and review date, and a summary of the security strategy and policy.

    Current Context – Summary of current operating context and overall security situation; main risks to staff, assets, and operations; and existing threats and risk rating.

    Procedures – Simple security procedures that staff should adhere to in order to prevent incidents and how to respond should problems arise. Standard operating procedures (SOPs) should address key risks identified in the assessment.

    Security levels – The organization's security levels/phases, with situational indicators that reflect increasing risks to staff in that context and location and specific actions/measures required in response to increasing insecurity.

    Incident reporting – The procedures and responsibilities for reporting security-related incidents; for example, the type of incidents to be reported, the reporting structure, and the format for incident reporting.

    Determine travel risk

    Tailor your risk response to the security risk assessment you conducted in earlier stages of this project.

    Ratings are formulated by assessing several types of risk, including conflict, political/civil unrest, terrorism, crime, and health and infrastructure risks.

    Rating

    Description (Examples)

    Recommended Action

    Low

    Generally secure with adequate physical security. Low violent crime rates. Some civil unrest during significant events. Acts of terrorism rare. Risks associated with natural disasters limited and health threats mainly preventable.

    Basic personal security, travel, and health precautions required.

    Moderate

    Periodic civil unrest. Antigovernment, insurgent, or extremist groups active with sporadic acts of terrorism. Staff at risk from common and violent crime. Transport and communications services are unreliable and safety records are poor. Jurisdiction prone to natural disasters or disease epidemics.

    Increased vigilance and routine security procedures required.

    High

    Regular periods of civil unrest, which may target foreigners. Antigovernment, insurgent, or extremist groups very active and threaten political or economic stability. Violent crime rates high and targeting of foreigners is common. Infrastructure and emergency services poor. May be regular disruption to transportation or communications services. Certain areas off-limits to foreigners. Jurisdictions experiencing a natural disaster or a disease epidemic are considered high risk.

    High level of vigilance and effective, context-specific security precautions required.

    Extreme

    Undergoing active conflict or persistent civil unrest. Risk of being caught up in a violent incident or attack is very high. Civil authorities may have lost control of significant portions of the country. Lines between criminality and political and insurgent violence are blurred. Foreigners are likely to be denied access to significant parts of the country. Transportation and communication services are severely degraded or non-existent. Violence presents a direct threat to staff security.

    Stringent security precautions essential and may not be sufficient to prevent serious incidents.

    Program activities may be suspended and staff withdrawn at very short notice.

    3.2.2 Develop travel procedures

    1. Work with your business leaders to build travel procedures for high-risk jurisdictions. The procedures should be tailored to the risk assessment and address the risk scenarios identified in Phase 2.
    2. Use the categories outlined in the next two slides to structure the procedure. Address all types of travel, detail security measures, and outline what the organization expects of travelers before, during, and after their trip.
    3. Consider the implementation of special measures to limit the impact of a potential security event, including:
      • Information end-user device loaner programs.
      • Temporary travel service email accounts.
    4. Specify what happens when staff add personal travel to their work trip to cover issues such as insurance, check-in, actual travel times, etc.
    5. Discuss the rationale for each procedure. Ensure the components align with the policy statements outlined in the high-risk travel policy developed in the previous step.

    Input

    Output

    • List of high-risk jurisdictions
    • Risk scenarios from Phase 2
    • High-risk travel policy
    • Travel procedures for high-risk jurisdictions

    Materials

    Participants

    • Whiteboard/flip charts
    • Jurisdictional Risk Register and Heatmap Tool
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Draft procedures to mitigate travel risks

    Address all types of travel, detail security measures, and outline what the organization expects of travelers before, during, and after their trip

    Introduction

    Clarifies who the procedures apply to. Highlights any differences in travel security requirements or support provided to staff, consultants, partners, and official visitors.

    Travel risk ratings

    Explains the travel or country risk rating system, how staff access the information, the different categories and indicators, and their implications.

    Roles and responsibilities

    Clarifies the responsibilities of travelers, their line managers or contact points, and senior management regarding travel security and how this changes for destinations with higher risk ratings.

    Travel authorization

    Stipulates who in the organization authorizes travel, the various compliance measures required, and how this changes for destinations with higher risk ratings.

    Travel risk assessment

    Explains when travel risk assessments are required, the template that should be used, and who approves the completed assessments.

    Travel security procedures should specify what happens when staff add personal travel to their work trip to cover issues such as insurance, check-in, actual travel times, etc.

    Pre-travel briefings

    Outlines the information that must be provided to travelers prior to departure, the type of briefing required and who provides it, and how these requirements change as risk ratings increase.

    Security training

    Explain security training required prior to travel. This may vary depending on the country’s risk rating. Includes information on training waiver system, including justifications and authorization.

    Traveler profile forms

    Travelers should complete a profile form, which includes personal details, emergency contacts, medical details, social media footprint, and proof-of-life questions (in contexts where there are abduction risks).

    Check-in protocol

    Specifies who travelers must maintain contact with while traveling and how often, as well as the escalation process in case of loss of contact. The frequency of check-ins should reflect the increase in the risk rating for the destination.

    Emergency procedures

    Outlines the organization's emergency procedures for security and medical emergencies.

    3.2.3 Design high-risk travel guidelines

    • Supplement the high-risk travel policies and procedures with guidelines to help international travelers stay safe.
    • The document is intended for an end-user audience and should reflect your organization’s policies and procedures for the use of information and information systems during international travel.
    • Use the Digital Safety Guidelines for International Travel template in concert with this blueprint to provide guidance on what end users can do to stay safe before they leave, during their trip, and when they return.
    • Consider integrating the guidelines into specialized security awareness training sessions that target end users who travel to high-risk jurisdictions.
    • The guidelines should supplement and align with existing technical controls.

    Input

    Output

    • List of high-risk jurisdictions
    • Risk scenarios from Phase 2
    • High-risk travel policy
    • High-risk travel procedure
    • Travel guidelines for high-risk jurisdictions

    Materials

    Participants

    • Whiteboard/flip charts
    • Jurisdictional Risk Register and Heatmap Tool
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Download the Digital Safety Guidelines for International Travel template

    Step 3.3

    Mitigate Compliance Risk

    Activities

    3.3.1 Identify data localization obligations

    3.3.2 Integrate obligations into IT system design

    3.3.3 Document data processing activities

    3.3.4 Choose the right mechanism

    3.3.5 Implement the appropriate controls

    3.3.6 Identify data breach notification obligations

    3.3.7 Integrate data breach notification into incident response

    3.3.8 Identify vendor security and data protection requirements

    3.3.9 Build due diligence questionnaire

    3.3.10 Build appropriate data processing agreement

    This step involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Outcomes of this step

    • Prioritize and treat global risks to critical assets based on their value and exposure.

    Compliance risk is a prevalent risk in organizations with a global footprint

    • The legal and regulatory landscape is evolving rapidly to keep step with the pace of technological change. Security and privacy leaders are expected to mitigate the risk of noncompliance as the organization expands to new jurisdictions.
    • Organizations with a global footprint must stay abreast of local regulations and provide risk management guidance to business leaders to support global operations.
    • This sections describes four compliance risks in this context:
      • Cross-border data transfer
      • Third-party risk management
      • Data breach notification
      • Data residency

    Compliance with local obligations

    Likelihood: Medium to High

    Impact: High

    Data Residency

    Gap Controls

    • Identify and document the data localization obligations for the jurisdictions that the organization is operating in.
    • Design and implement IT systems that satisfy the data localization requirements.
    • Comply with data localization obligations within each jurisdiction.

    Heatmap of Global Data Residency Regulations

    The image contains a screenshot of a picture of a world map with various shades of blue to demonstrate the heatmap of global data residency regulations.
    Source: InCountry, 2021

    Examples of Data Residency Requirements

    Country

    Data Type

    Local Storage Requirements

    Australia

    Personal data – heath record

    My Health Records Act 2012

    China

    Personal information — critical information infrastructure operators

    Cybersecurity law

    Government cloud data

    Opinions of the Office of the Central Leading Group for Cyberspace Affairs on Strengthening Cybersecurity Administration of Cloud Computing Services for Communist Party and Government Agencies

    India

    Government email data

    The Public Records Act of 1993

    Indonesia

    Data held by electronic system operator for the public service

    Regulation 82 concerning “Electronic System and Transaction Operation”

    Germany

    Government cloud service data

    Criteria for the procurement and use of cloud services by the federal German administration

    Russia

    Personal data

    The amendments of Data Protection Act No. 152 FZ

    Vietnam

    Data held by internet service providers

    The Decree on Management, Provision, and Use of Internet Services and Information Content Online (Decree 72)

    US

    Government cloud service data

    Defense Federal Acquisition Regulation Supplement: Network Penetration Reporting and Contracting for Cloud Services (DFARS Case 2013-D018)

    3.3.1 Identify data localization obligations

    1-2 hours

    1. Work with your business leaders to identify and document the jurisdictions where your organization is operating in or providing services and products to consumers within.
    2. Work with your legal team to identify and document all relevant data localization obligations for the data your organization generates, collects, and processes in order to operate your business.
    3. Record your data localization obligations in the table below.

    Jurisdiction

    Relevant Regulations

    Local Storage Requirements

    Date Type

    Input

    Output

    • List of jurisdictions your organization is operating in
    • Relevant security and data protection regulations
    • Data inventory and data flows
    • Completed list of data localization obligations

    Materials

    Participants

    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Privacy team
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    3.3.2 Integrate obligations into your IT system design

    1-2 hours

    1. Work with your IT department to design the IT architecture and systems to satisfy the data localization requirements.
    2. The table below provides a checklist for integrating privacy considerations into your IT systems.

    Item

    Consideration

    Answer

    Supporting Document

    1

    Have you identified business services that process data that will be subject to localization requirements?

    2

    Have you identified IT systems associated with the business services mentioned above?

    3

    Have you established a data inventory (i.e. data types, business purposes) for the IT systems mentioned above?

    4

    Have you established a data flow diagram for the data identified above?

    5

    Have you identified the types of data that should be stored locally?

    6

    Have you confirmed whether a copy of the data locally stored will satisfy the obligations?

    7

    Have you confirmed whether an IT redesign is needed or whether modifications (e.g. adding a server) to the IT systems would satisfy the obligations?

    8

    Have you confirmed whether access from another jurisdiction is allowed?

    9

    Have you identified how long the data should be stored?

    Input

    Output

    • Data localization obligations
    • Business services that process data that will be subject to localization requirements
    • IT systems associated with business services
    • Data inventory and data flows
    • Completed checklist of localization obligations for IT system design

    Materials

    Participants

    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Privacy team
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    Compliance with local obligations

    Likelihood: Medium to High

    Impact: High

    Cross-Border Transfer

    Gap Controls

    • Know where you transfer your data.
    • Identify jurisdictions that your organization is operating in and that impose different requirements for the cross-border transfer of personal data.
    • Adopt and implement a proper cross-border data transfer mechanism in accordance with applicable privacy laws and regulations.
    • Re-evaluate at appropriate intervals.

    Which cross-border transfer mechanism should I choose?

    Transfer Mechanism

    Advantages

    Disadvantages

    Standard Contractual Clauses (SCC)

    • Easy to implement
    • No DPA (data processing agreement) approval
    • Not suitable for complex data transfers
    • Do not meet business agility
    • Needs legal solution

    Binding Corporate Rules (BCRs)

    • Meets business agility needs
    • Raises trust in the organization
    • Doubles as solution for art. 24/25 of the GDPR
    • Sets high compliance maturity level
    • Takes time to draft/implement
    • Requires DPA approval (scrutiny)
    • Requires culture of compliance
    • Approved by one "lead" authority and two other "co-lead“ authorities
    • Takes usually between six and nine months for the approval process only

    Code of Conduct

    • Raises trust in the sector
    • Self-regulation instead of law
    • No code of conduct approved yet
    • Takes time to draft/implement
    • Requires DPA approval and culture of compliance
    • Needs of organization may not be met

    Certification

    • Raises trust in the organization
    • No certification schemes available yet
    • Risk of compliance at minimum necessary
    • Requires audits

    Consent

    • Legal certainty
    • Transparent
    • Administrative burden
    • Some data subjects are incapable of consenting all or nothing

    3.3.3 Document data processing activities

    1-2 hours

    1. Identify and document the following information:
      • Name of business process
      • Purposes of processing
      • Lawful basis
      • Categories of data subjects and personal data
      • Data subject categories
      • Which system the data resides in
      • Recipient categories
      • Third country/international organization
      • Documents for appropriate safeguards for international transfer (adequacy, SCCs, BCRs, etc.)
      • Description of mitigating measures

    Input

    Output

    • Name of business process
    • Categories of personal data
    • Which system the data resides
    • Third country/international organization
    • Documents for appropriate safeguards for international transfer
    • Completed list of data processing activities

    Materials

    Participants

    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Privacy team
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    3.3.4 Choose the right mechanism

    1-2 hours

    1. Identify jurisdictions that your organization is operating in and that impose different requirements for the cross-border transfer of personal data. For example, the EU’s GDPR and China’s Personal Information Protection Law require proper cross-border transfer mechanisms before the data transfers. Your organization should decide which cross-border transfer mechanism is the best fit for your cross-border data transfer scenarios.
    2. Use the following table to identify and document the pros and cons of each data transfer mechanism and the final decision.

    Data Transfer Mechanism

    Pros

    Cons

    Final Decision

    SCC

    BCR

    Code of Conduct

    Certification

    Consent

    Input

    Output

    • List of relevant data transfer mechanisms
    • Assessment of the pros and cons of each mechanism
    • Final decision regarding which data transfer mechanism is the best fit for your organization

    Materials

    Participants

    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Privacy team
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    3.3.5 Implement the appropriate controls

    1-3 hours

    • One of the most common mechanisms is standard contractual clauses (SCCs).
    • Use Info-Tech’s Standard Contractual Clauses Template to facilitate your cross-border transfer activities.
    • Identify and check whether the following core components are covered in your SCC and record the results in the table below.
    # Core Components Status Note
    1 Purpose and scope
    2 Effect and invariability of the Clauses
    3 Description of the transfer(s)
    4 Data protection safeguards
    5 Purpose limitation
    6 Transparency
    7 Accuracy and data minimization
    8 Duration of processing and erasure or return of data
    9 Storage limitation
    10 Security of processing
    11 Sensitive data
    12 Onward transfers
    13 Processing under the authority of the data importer
    14 Documentation and compliance
    15 Use of subprocessors
    16 Data subject rights
    17 Redress
    18 Liability
    19 Local laws and practices affecting compliance with the Clauses
    20 Noncompliance with the Clauses and termination
    21 Description of data processing activities, such as list of parties, description of transfer, etc.
    22 Technical and organizational measures
    InputOutput
    • Description of the transfer(s)
    • Duration of processing and erasure or return of data
    • Onward transfers
    • Use of subprocessors
    • Etc.
    • Draft of the standard contractual clauses (SCC)
    MaterialsParticipants
    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Legal team
    • Privacy team
    • Security team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    Compliance with local obligations

    Likelihood: High

    Impact: Medium to High

    Data Breach

    Gap Controls

    • Identify jurisdictions that your organization is operating in and that impose different obligations for data breach reporting.
    • Document the notification obligations for various business scenarios, such as controller to DPA, controller to data subject, and processor to controller.
    • Integrate breach notification obligations into security incident response process.

    Examples of Data Breach Notification Obligations

    Location

    Regulation/ Standard

    Reporting Obligation

    EU

    GDPR

    72 hours

    China

    PIPL

    Immediately

    US

    HIPAA

    No later than 60 days

    Canada

    PIPEDA

    As soon as feasible

    Global

    PCI DSS

    • Visa – immediately after breach discovered
    • Mastercard – within 24 hours of discovering breach
    • American Express – immediately after breach discovered

    Summary of US State Data Breach Notification Statutes

    The image contains a graph to show the summary of the US State Data Breach Notification Statutes.

    Source: Davis Wright Tremaine

    3.3.6 Identify data breach notification obligations

    1-2 hours

    1. Identify jurisdictions that your organization is operating in and that impose different obligations for data breach reporting.
    2. Document the notification obligations for various business scenarios, such as controller to DPA, controller to data subject, and processor to controller.
    3. Record your data breach obligations in the table below.
    Region Regulation/Standard Reporting Obligation

    Input

    Output

    • List of regions and jurisdictions your business is operating in
    • List of relevant regulations and standards
    • Documentation of data breach reporting obligations in applicable jurisdictions

    Materials

    Participants

    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Legal team
    • Privacy team
    • Security team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    3.3.7 Integrate data breach notification into incident response

    1-2 hours

    • Integrate breach notification obligations into the security incident response process. Understand the security incident management framework.
    • All incident runbooks follow the same process: detection, analysis, containment, eradication, recovery, and post-incident activity.
    • The table below provides a basic checklist for you to consider when implementing your data breach and incident handling process.
    # Phase Considerations Status Notes
    1 Prepare Ensure the appropriate resources are available to best handle an incident.
    2 Detect Leverage monitoring controls to actively detect threats.
    3 Analyze Distill real events from false positives.
    4 Contain Isolate the threat before it can cause additional damage.
    5 Eradicate Eliminate the threat from your operating environment.
    6 Recover Restore impacted systems to a normal state of operations.
    7 Report Report data breaches to relevant regulators and data subjects if required.
    8 Post-Incident Activities Conduct a lessons-learned post-mortem analysis.
    InputOutput
    • Security and data protection incident response steps
    • Key considerations for integrating data breach notifications into incident response
    • Data breach notifications integrated into the incident response process
    MaterialsParticipants
    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Security team
    • Privacy team
    • Legal team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    Compliance with local obligations

    Likelihood: High

    Impact: Medium to High

    Third-Party Risk

    Gap Controls

    • Build an end-to-end third-party security and privacy risk management process.
    • Perform internal due diligence prior to selecting a service provider.
    • Stipulate the security and privacy protection obligations of the third party in a legally binding document such as contract or data processing agreement, etc.

    End-to-End Third-Party Security and Privacy Risk Management

    1. Pre-Contract
    • Due diligence check
  • Signing of Contract
    • Data processing agreement
  • Post-Contract
    • Continuous monitoring
    • Regular check or audit
  • Termination of Contract
    • Data deletion
    • Access deprovisioning

    Examples of Vendor Security Management Requirements

    Region

    Law/Standard

    Section

    EU

    General Data Protection Regulation (GDPR)

    Article 28 (1)

    Article 46 (1)

    US

    Health Insurance Portability and Accountability Act (HIPAA)

    §164.308(b)(1)

    US

    New York Department of Financial Services Cybersecurity Requirements

    500.11(a)

    Global

    ISO 27002:2013

    15.1.1

    15.1.2

    15.1.3

    15.2.1

    15.2.2

    US

    NIST 800-53

    SA-12

    SA-12 (2)

    US

    NIST Cybersecurity Framework

    ID-SC-1

    ID-SC-2

    ID-SC-3

    ID-SC-4

    Canada

    OSFI Cybersecurity Guidelines

    4.25

    4.26

    3.3.8 Identify vendor security and data protection requirements

    1-2 hours

    • Effective vendor security risk management is an end-to-end process that includes assessment, risk mitigation, and periodic reassessments.
    • An efficient and effective assessment process can only be achieved when all stakeholders are participating.
    • Identify and document your vendor security and data protection requirements in the table below.
    Region Law/Standard Section Requirements

    Input

    Output

    • List of regions and jurisdictions your business is operating in
    • List of relevant regulations and standards
    • Documentation of vendor security and data protection obligations in applicable jurisdictions

    Materials

    Participants

    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Legal team
    • Privacy team
    • Security team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    3.3.9 Build due diligence questionnaire

    1-2 hours

    Perform internal due diligence prior to selecting a service provider.

    1. Build and right-size your vendor security questionnaire by leveraging Info-Tech’s Vendor Security Questionnaire template.
    2. Document your vendor security questionnaire in the table below.
    # Question Vendor Request Vendor Comments
    1 Document Requests
    2 Asset Management
    3 Governance
    4 Supply Chain Risk Management
    5 Identify Management, Authentication, and Access Control
    InputOutput
    • List of regions and jurisdictions your business is operating in
    • List of relevant regulations and standards
    • Business security and data protection requirements and expectations
    • Draft of due diligence questionnaire
    MaterialsParticipants
    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Legal team
    • Privacy team
    • Security team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    3.3.10 Build appropriate data processing agreement

    1-2 hours

    1. Stipulate the security and privacy protection obligations of the third party in a legally binding document such as contract or data processing agreement, etc.
    2. Leverage Info-Tech’s Data Processing Agreement Template to put the language into your legally binding document.
    3. Use the table below to check whether core components of a typical DPA are covered in your document.
    # Core Components Status Note
    1 Processing of personal data
    2 Scope of application and responsibilities
    3 Processor's obligations
    4

    Controller's obligations

    5 Data subject requests
    6 Right to audit and inspection
    7 Subprocessing
    8 Data breach management
    9 Security controls
    10 Transfer of personal data
    11 Duty of confidentiality
    12 Compliance with applicable laws
    13 Service termination
    14 Liability and damages
    InputOutput
    • Processing of personal data
    • Processor’s obligations
    • Controller’s obligations
    • Subprocessing
    • Etc.
    • Draft of data processing agreement (DPA)
    MaterialsParticipants
    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Legal team
    • Privacy team
    • Security team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    Summary of Accomplishment

    Problem Solved

    By following Info-Tech’s methodology for securing global operations, you have:

    • Evaluated the security context of your organization’s global operations.
    • Identified security risks scenarios unique to high-risk jurisdictions and assessed the exposure of critical assets.
    • Planned and executed a response.

    You have gone through a deeper analysis of two key risk scenarios that affect global operations:

    • Travel to high-risk jurisdictions.
    • Compliance risk.

    If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation.

    Contact your account representative for more information.

    workshop@infotech.com

    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    The image contains a picture of Michel Hebert.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    The image contains a screenshot of High-Risk Travel Jurisdictions.

    Identify High-Risk Jurisdictions

    Develop requirements to identify high-risk jurisdictions.

    The image contains a screenshot of Build Risk Scenarios.

    Build Risk Scenarios

    Build risk scenarios to capture assets, vulnerabilities, threats, and the potential effect of a compromise.

    External Research Contributors

    Ken Muir

    CISO

    LMC Security

    Premchand Kurup

    CEO

    Paramount Computer Systems

    Preeti Dhawan

    Manager, Security Governance

    Payments Canada

    Scott Wiggins

    Information Risk and Governance

    CDPHP

    Fritz Y. Jean Louis

    CISO

    Globe and Mail

    Eric Gervais

    CIO

    Ovivo Water

    David Morrish

    CEO

    MBS Techservices

    Evan Garland

    Manager, IT Security

    Camosun College

    Jacopo Fumagalli

    CISO

    Axpo

    Dennis Leon

    Governance and Security Manager

    CPA Canada

    Tero Lehtinen

    CIO

    Planmeca Oy

    Related Info-Tech Research

    Build an IT Risk Management Program

    • Build a program to identify, evaluate, assess, and treat IT risks.
    • Monitor and communicate risks effectively to support business decision making.

    Combine Security Risk Management Components Into One Program

    • Develop a program focused on assessing and managing information system risks.
    • Build a governance structure that integrates security risks within the organization’s broader approach to risk management.

    Build an Information Security Strategy

    • Build a holistic, risk-aware strategy that aligns to business goals.
    • Develop a roadmap of prioritized initiatives to implement the strategy over 18 to 36 months.

    Bibliography

    2022 Cost of Insider Threats Global Report.” Ponemon Institute, NOVIPRO, 9 Feb. 2022. Accessed 25 May 22.

    “Allianz Risk Barometer 2022.” Allianz Global Corporate & Specialty, Jan. 2022. Accessed 25 May 22.

    Bickley, Shaun. “Security Risk Management: a basic guide for smaller NGOs”. European Interagency Security Forum (EISF), 2017. Web.

    “Biden Administration Warns against spyware targeting dissidents.” New York Times, 7 Jan 22. Accessed 20 Jan 2022.

    Boehm, Jim, et al. “The risk-based approach to cybersecurity.” McKinsey & Company, October 2019. Web.

    “Cost of a Data Breach Report 2021.” IBM Security, July 2021. Web.

    “Cyber Risk in Asia-Pacific: The Case for Greater Transparency.” Marsh & McLennan Companies, 2017. Web.

    “Cyber Risk Index.” NordVPN, 2020. Accessed 25 May 22

    Dawson, Maurice. “Applying a holistic cybersecurity framework for global IT organizations.” Business Information Review, vol. 35, no. 2, 2018, pp. 60-67.

    “Framework for improving critical infrastructure cybersecurity.” National Institute of Standards and Technology, 16 Apr 2018. Web.

    “Global Cybersecurity Index 2020.” International Telecommunication Union (ITU), 2021. Accessed 25 May 22.

    “Global Risk Survey 2022.” Control Risks, 2022. Accessed 25 May 22.

    “International Travel Guidance for Government Mobile Devices.” Federal Mobility Group (FMG), Aug. 2021. Accessed 18 Nov 2021.

    Kaffenberger, Lincoln, and Emanuel Kopp. “Cyber Risk Scenarios, the Financial System, and Systemic Risk Assessment.” Carnegie Endowment for International Peace, September 2019. Accessed 11 Jan 2022.

    Koehler, Thomas R. Understanding Cyber Risk. Routledge, 2018.

    Owens, Brian. “Cybersecurity for the travelling scientist.” Nature, vol. 548, 3 Aug 2017. Accessed 19 Jan. 2022.

    Parsons, Fintan J., et al. “Cybersecurity risks and recommendations for international travellers.” Journal of Travel Medicine, vol. 1, no. 4, 2021. Accessed 19 Jan 2022.

    Quinn, Stephen, et al. “Identifying and estimating cybersecurity risk for enterprise risk management.” National Institute of Standards and Technology (NIST), Interagency or Internal Report (IR) 8286A, Nov. 2021.

    Quinn, Stephen, et al. “Prioritizing cybersecurity risk for enterprise risk management.” NIST, IR 8286B, Sept. 2021.

    “Remaining cyber safe while travelling security recommendations.” Government of Canada, 27 April 2022. Accessed 31 Jan 2022.

    Stine, Kevin, et al. “Integrating cybersecurity and enterprise risk management.” NIST, IR 8286, Oct. 2020.

    Tammineedi, Rama. “Integrating KRIs and KPIs for effective technology risk management.” ISACA Journal, vol. 4, 1 July 2018.

    Tikk, Eneken, and Mika Kerttunen, editors. Routledge Handbook of International Cybersecurity. Routledge, 2020.

    Voo, Julia, et al. “National Cyber Power Index 2020.” Belfer Center for Science and International Affairs, Harvard Kennedy School, Sept. 2020. Web.

    Zhang, Fang. “Navigating cybersecurity risks in international trade.” Harvard Business Review, Dec 2021. Accessed 31 Jan 22.

    Appendix

    Insider Threat

    Key Risk Scenario

    Likelihood: Medium to High

    Impact: High

    Gap Controls

    The image contains a picture of the Gap Controls. The controls include: Policy and Awareness, Identification, Monitoring and Visibility, which leads to Cooperation.

    • Identification: Effective and efficient management of insider threats begins with a threat and risk assessment to establish which assets and which employees to consider, especially in jurisdictions associated with sensitive or critical data. You need to pay extra attention to employees who are working in satellite offices in jurisdictions with loose security and privacy laws.
    • Monitoring and Visibility: Organizations should monitor critical assets and groups with privileged access to defend against malicious behavior. Implement an insider threat management platform that provides your organization with the visibility and context into data movement, especially cross-border transfers that might cause security and privacy breaches.
    • Policy and Awareness Training: Insider threats will persist without appropriate action and culture change. Training and consistent communication of best practices will mitigate vulnerabilities to accidental or negligent attacks. Customized training materials using local languages and role-based case studies might be needed for employees in high-risk jurisdictions.
    • Cooperation: An effective insider threat management program should be built with cross-team functions such as Security, IT, Compliance and Legal, etc.

    For more holistic approach, you can leverage our Reduce and Manage Your Organization’s Insider Threat Risk blueprint.

    Info-Tech Insight

    You can’t just throw tools at a human problem. While organizations should monitor critical assets and groups with privileged access to defend against malicious behavior, good management and supervision can help detect attacks and prevent them from happening in the first place.

    Insider threats are not industry specific, but malicious insiders are

    Industry

    Actors

    Risks

    Tactics

    Motives

    State and Local Government

    • Full-time employees
    • Current employees
    • Privileged access to personally identifiable information, financial assets, and physical property
    • Abuse of privileged access
    • Received or transferred fraudulent funds
    • Financial gain
    • Recognition
    • Benefiting foreign entity

    Information Technology

    • Equal mix of former and current employees
    • Privileged access to networks or systems as well as data
    • Highly technical attacks
    • Received or transferred fraudulent funds
    • Revenge
    • Financial gain

    Healthcare

    • Majority were full-time and current employees
    • Privileged access to customer data with personally identifiable information, financial assets
    • Abuse of privileged access
    • Received or transferred fraudulent funds
    • Financial gain
    • Entitlement

    Finance and Insurance

    • Majority were full-time and current employees
    • Authorized users
    • Electronic financial assets
    • Privileged access to customer data
    • Created or used fraudulent accounts
    • Fraudulent purchases
    • Identity theft
    • Financial gain
    • Gambling addiction
    • Family pressures
    • Multiple motivations

    Source: Carnegie Mellon University Software Engineering Institute, 2019

    Advanced Persistent Threat

    Key Risk Scenario #4

    Likelihood: Medium to High

    Impact: High

    Gap Controls

    The image contains a screenshot of the Gap Controls listed: Prevent, Detect, Analyze, Respond.

    Prevent: Defense in depth is the best approach to protect against unknown and unpredictable attacks. Effective anti-malware, diligent patching and vulnerability management, and strong human-centric security are essential.

    Detect: There are two types of companies – those who have been breached and know it, and those who have been breached and don’t know it. Ensure that monitoring, logging, and event detection tools are in place and appropriate to your organizational needs.

    Analyze: Raw data without interpretation cannot improve security and is a waste of time, money, and effort. Establish a tiered operational process that not only enriches data but also provides visibility into your threat landscape.

    Respond: Organizations can’t rely on ad hoc response anymore – don’t wait until a state of panic. Formalize your response processes in a detailed incident runbook to reduce incident remediation time and effort.

    Best practices moving forward

    Defense in Depth

    Lock down your organization. Among other tactics, control administrative privileges, leverage threat intelligence, use IP whitelisting, adopt endpoint protection and two-factor authentication, and formalize incident response measures.

    Block Indicators

    Information alone is not actionable. A successful threat intelligence program contextualizes threat data, aligns intelligence with business objectives, and then builds processes to satisfy those objectives. Actively block indicators and act upon gathered intelligence.

    Drive Adoption

    Create organizational situational awareness around security initiatives to drive adoption of foundational security measures: network hardening, threat intelligence, red-teaming exercises, and zero-day mitigation, policies, and procedures.

    Supply Chain Security

    Security extends beyond your organization. Ensure your organization has a comprehensive view of your organizational threat landscape and a clear understanding of the security posture of any managed service providers in your supply chain.

    Awareness and Training

    Conduct security awareness and training. Teach end users how to recognize current cyberattacks before they fall victim – this is a mandatory first line of defense.

    Additional Resources

    Follow only official sources of information to help you assess risk

    The image contains an image highlighting a few additional resources.

    As misinformation is a major attack vector for malicious actors, follow only reliable sources for cyberalerts and actionable intelligence. Aggregate information from these reliable sources.

    Federal Cyber Agency Alerts

    Informational Resources

    Info-Tech Insight

    The CISA Shields Up site provides the latest cyber risk updates on the Russia-Ukraine conflict and should provide the most value in staying informed.

    Industry-Specific Digital Transformation

    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Infographic

    Map Your Business Architecture to Define Your Strategy

    • Buy Link or Shortcode: {j2store}579|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $357,799 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model
    • Organizations need to innovate rapidly to respond to the changing forces in their industry, but their IT initiatives often fail to deliver meaningful outcomes.
    • Planners face challenges in understanding the relationships between the important customer-focused innovations they’re trying to introduce and the resources (capabilities) that make them possible, including applications, human resources, information, and processes. For example, are we risking the success of a new service offering by underpinning it with a legacy or manual solution?

    Our Advice

    Critical Insight

    Successful execution of business strategy requires planning that:

    1. Accurately reflects organizational capabilities.
    2. Is traceable so all levels can understand how decisions are made.
    3. Makes efficient use of organizational resources.

    To accomplish this, the business architect must engage stakeholders, model the business, and drive planning with business architecture.

    • Business architecture is often regarded as an IT function when its role and tools should be fixtures within the business planning and innovation practice.
    • Any size of organization – from start-ups to global enterprises -- can benefit from using a common language and modeling rigor to identify the opportunities that will produce the greatest impact and value.
    • You don’t need sophisticated modeling software to build an effective business architecture knowledgebase. In fact, the best format for engaging business stakeholders is intuitive visuals using business language.

    Impact and Result

    • Execute more quickly on innovation and transformation initiatives.
    • More effectively target investments in resources and IT according to what goals and requirements are most important.
    • Identify problematic areas (e.g. legacy applications, manual processes) that hinder the business strategy and create inefficiencies in our information technology operation.

    Map Your Business Architecture to Define Your Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Map Your Business Architecture Deck – A step-by-step document that walks you through how to properly engage business and IT in applying a common language and process rigor to build key capabilities required to achieve innovation and growth goals.

    Build a structured, repeatable framework for both IT and business stakeholders to appraise the activities that deliver value to consumers; and assess the readiness of their capabilities to enable them.

    • Map Your Business Architecture to Define Your Strategy – Phases 1-3

    2. Stakeholder Engagement Strategy Template – A best-of-breed template to help you build a clear, concise, and compelling strategy document for identifying and engaging stakeholders.

    This template helps you ensure that your business architecture practice receives the resources, visibility, and support it needs to be successful, by helping you develop a strategy to engage the key stakeholders involved.

    • Stakeholder Engagement Strategy Template

    3. Value Stream Map Template – A template to walk through the value streams that are tied to your strategic goals.

    Record the complete value stream and decompose it into stages. Add a description of the expected outcome of the value stream and metrics for each stage.

    • Value Stream Map Template

    4. Value Stream Capability Mapping Template – A template to define capabilities and align them to selected value streams.

    Build a business capability model for the organization and map capabilities to the selected value stream.

    • Value Stream – Capability Mapping Template
    [infographic]

    Workshop: Map Your Business Architecture to Define Your Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Discover the Business Context

    The Purpose

    Identify and consult stakeholders to discover the business goals and value proposition for the customer.

    Key Benefits Achieved

    Engage stakeholders and SMEs in describing the business and its priorities and culture.

    Identify focus for the areas we will analyze and work on.

    Activities

    1.1 Select key stakeholders

    1.2 Plan for engaging stakeholders

    1.3 Gather business goals and priorities

    Outputs

    Stakeholder roles

    Engagement plan

    Business strategy, value proposition

    2 Define Value Streams

    The Purpose

    Describe the main value-adding activities of the business from the consumer’s point of view, e.g. provide product or service.

    Key Benefits Achieved

    Shared understanding of why we build resources and do what we do.

    Starting point for analyzing resources and investing in innovation.

    Activities

    2.1 Define or update value streams

    2.2 Decompose selected value stream(s) into value stages and identify problematic areas and opportunities

    Outputs

    Value streams for the enterprise

    Value stages breakdown for selected value stream(s)

    3 Build Business Capability Map

    The Purpose

    Describe all the capabilities that make up an organization and enable the important customer-facing activities in the value streams.

    Key Benefits Achieved

    Basis for understanding what resources the organization has and their ability to support its growth and success.

    Activities

    3.1 Define and describe all business capabilities (Level 1)

    3.2 Decompose and analyze capabilities for a selected priority value stream.

    Outputs

    Business Capability Map (Level 1)

    Business Capabilities Level 2 for selected value stream

    4 Develop a Roadmap

    The Purpose

    Use the Business Capability Map to identify key capabilities (e.g. cost advantage creator), and look more closely at what applications or information or business processes are doing to support or hinder that critical capability.

    Key Benefits Achieved

    Basis for developing a roadmap of IT initiatives, focused on key business capabilities and business priorities.

    Activities

    4.1 Identify key capabilities (cost advantage creators, competitive advantage creators)

    4.2 Assess capabilities with the perspective of how well applications, business processes, or information support the capability and identify gaps

    4.3 Apply analysis tool to rank initiatives

    Outputs

    Business Capability Map with key capabilities: cost advantage creators and competitive advantage creators

    Assessment of applications or business processes or information for key capabilities

    Roadmap of IT initiatives

    Further reading

    Map Your Business Architecture to Define Your Strategy

    Plan your organization’s capabilities for best impact and value.

    Info-Tech Research Group

    Info-Tech is a provider of best-practice IT research advisory services that make every IT leader’s job easier.

    35,000 members sharing best practices you can leverage Millions spent developing tools and templates annually Leverage direct access to over 100 analysts as an extension of your team Use our massive database of benchmarks and vendor assessments Get up to speed in a fraction of the time

    Analyst perspective

    Know your organization’s capabilities to build a digital and customer-driven culture.

    Business architecture provides a holistic and unified view of:

    • All the organization’s activities that provide value to their clients (value streams).
    • The resources that make them possible and effective (capabilities, i.e. its employees, software, processes, information).
    • How they inter-relate, i.e. depend on and impact each other to help deliver value.

    Without a business architecture it is difficult to see the connections between the business’s activities for the customer and the IT resources supporting them – to demonstrate that what we do in IT is customer-driven.

    As a map of your business, the business architecture is an essential input to the digital strategy:

    • Develop a plan to transform the business by investing in the most important capabilities.
    • Ensure project initiatives are aligned with business goals as they evolve.
    • Respond more quickly to customer requirements and to disruptions in the industry by streamlining operations and information sharing across the enterprise.

    Crystal Singh, Research Director, Data and Analytics

    Crystal Singh
    Research Director, Data and Analytics
    Info-Tech Research Group

    Andrea Malick, Research Director, Data and Analytics

    Andrea Malick
    Research Director, Data and Analytics
    Info-Tech Research Group

    Executive summary

    Your Challenge Common Obstacles Info-Tech’s Approach

    Organizations need to innovate rapidly to respond to ever-changing forces and demands in their industry. But they often fail to deliver meaningful outcomes from their IT initiatives within a reasonable time.

    Successful companies are transforming, i.e. adopting fluid strategies that direct their resources to customer-driven initiatives and execute more quickly on those initiatives. In a responsive and digital organization, strategies, capabilities, information, people, and technology are all aligned, so work and investment are consistently allocated to deliver maximum value.

    You don’t have a complete reference map of your organization’s capabilities on which to base strategic decisions.

    You don’t know how to prioritize and identify the capabilities that are essential for achieving the organization’s customer-driven objectives.

    You don’t have a shared enterprise vision, where everyone understands how the organization delivers value and to whom.

    Begin important business decisions with a map of your organization – a business reference architecture. Model the business in the form of architectural blueprints.

    Engage your stakeholders. Recognize the opportunity for mapping work, and identify and engage the right stakeholders.

    Drive business architecture forward to promote real value to the organization. Assess your current projects to determine if you are investing in the right capabilities. Conduct business capability assessments to identify opportunities and prioritize projects.

    Info-Tech Insight
    Business architecture is the set of strategic planning techniques that connects organization strategy to execution in a manner that is accurate and traceable and promotes the efficient use of organizational resources.

    Blueprint activities summary

    Phase Purpose Activity Outcome
    1. Business context:
    Identify organization goals, industry drivers, and regulatory requirements in consultation with business stakeholders.
    Identify forces within and outside the organization to consider when planning the focus and timing of digital growth, through conducting interviews and surveys and reviewing existing strategies. Business value canvas, business strategy on a page, customer journey
    2. Customer activities (value stream):
    What is the customer doing? What is our reason for being as a company? What products and services are we trying to deliver?
    Define or update value streams, e.g. purchase product from supplier, customer order, and deliver product to customer. Value streams enterprise-wide (there may be more than one set of value streams, e.g. a medical school and community clinic)
    Prioritize value streams:
    Select key value streams for deeper analysis and focus.
    Assess value streams. Priority value streams
    Value stages:
    Break down the selected value stream into its stages.
    Define stages for selected value streams. Selected value stream stages
    3. Business capability map, level 1 enterprise:
    What resources and capabilities at a high level do we have to support the value streams?
    Define or update the business capabilities that align with and support the value streams. Business capability map, enterprise-wide capabilities level 1
    Business capability map, level 2 for selected area:
    List resources and capabilities that we have at a more detailed level.
    Define or update business capabilities for selected value stream to level 2. Business capability map, selected value stream, capability level 2
    Heatmap Business Capability Map: Flag focus areas in supporting technology, applications, data and information.

    Info-Tech’s workshop methodology

    Day 1: Discover Business Context Day 2: Define Value Streams Day 3: Build Business Capability Map Day 4: Roadmap Business Architecture
    Phase Steps

    1.1 Collect corporate goals and strategies

    1.2 Identify stakeholders

    2.1 Build or update value streams

    2.2 Decompose selected value stream into value stages and analyze for opportunities

    3.1 Update business capabilities to level 1 for enterprise

    3.2 For selected value streams, break down level 1 to level 2

    3.3 Use business architecture to heatmap focus areas: technology, information, and processes

    3.4 Build roadmap of future business architecture initiatives

    Phase Outcomes
    • Organizational context and goals
    • Business strategy on a page, customer journey map, business model canvas
    • Roles and responsibilities
    • Value stream map and definitions
    • Selected value stream(s) decomposed into value stages
    • Enterprise business capabilities map to level 1
    • Business architecture to level 2 for prioritized value stream
    • Heatmap business architecture
    • Business architecture roadmap, select additional initiatives

    Key concepts for this blueprint

    INDUSTRY VALUE CHAIN DIGITAL TRANSFORMATION BUSINESS ARCHITECTURE
    A high-level analysis of how the industry creates value for the consumer as an overall end-to-end process. The adoption of digital technologies to innovate and re-invent existing business, talent ,and operating models to drive growth, business value, and improved customer experience. A holistic, multidimensional business view of capabilities, end-to-end value, and operating model in relation to the business strategy.
    INDUSTRY VALUE STREAM STRATEGIC OBJECTIVES CAPABILITY ASSESSMENTS
    A set of activities, tasks, and processes undertaken by a business or a business unit across the entire end-to-end business function to realize value. A set of standard objectives that most industry players will feature in their corporate plans. A heat-mapping effort to analyze the maturity and priority of each capability relative to the strategic priorities that they serve.

    Info-Tech’s approach

    1 Understand the business context and drivers
    Deepen your understanding of the organization’s priorities by gathering business strategies and goals. Talking to key stakeholders will allow you to get a holistic view of the business strategy and forces shaping the strategy, e.g. economy, workforce, and compliance.
    2 Define value streams; understand the value you provide
    Work with senior leadership to understand your customers’ experience with you and the ways your industry provides value to them.
    Assess the value streams for areas to explore and focus on.
    3 Customize the industry business architecture; develop business capability map
    Work with business architects and enterprise architects to customize Info-Tech’s business architecture for your industry as an enterprise-wide map of the organization and its capabilities.
    Extend the business capability map to more detail (Level 2) for the value stream stages you select to focus on.

    Business architecture is a planning function that connects strategy to execution

    Business architecture provides a framework that connects business strategy and IT strategy to project execution through a set of models that provide clarity and actionable insights. How well do you know your business?

    Business architecture is:

    • Inter-disciplinary: Business architecture is a core planning activity that supports all important decisions in the organization, for example, organizational resources planning. It’s not just about IT.
    • Foundational: The best way to answer the question, “Where do we start?” or “Where is our investment best directed?”, comes from knowing your organization, what its core functions and capabilities are (i.e. what’s important to us as an organization), and where there is work to do.
    • Connecting: Digital transformation and modernization cannot work with siloes. Connecting siloes means first knowing the organization and its functions and recognizing where the siloes are not communicating.

    Business architecture must be branded as a front-end planning function to be appropriately embedded in the organization’s planning process.

    Brand business architecture as an early planning pre-requisite on the basis of maintaining clarity of communication and spreading an accurate awareness of how strategic decisions are being made.

    As an organization moves from strategy toward execution, it is often unclear as to exactly how decisions pertaining to execution are being made, why priority is given to certain areas, and how the planning function operates.

    The business architect’s primary role is to model this process and document it.

    In doing so, the business architect creates a unified view as to how strategy connects to execution so it is clearly understood by all levels of the organization.

    Business architecture is part of the enterprise architecture framework

    Business Architecture
    Business strategy map Business model canvas Value streams
    Business capability map Business process flows Service portfolio
    Data Architecture Application Architecture Infrastructure Architecture
    Conceptual data model Application portfolio catalog Technology standards catalog
    Logical data model Application capability map Technology landscape
    Physical data model Application communication model Environments location model
    Data flow diagram Interface catalog Platform decomposition diagram
    Data lifecycle diagram Application use-case diagram Network computing / hardware diagram
    Security Architecture
    Enterprise security model Data security model Application security model

    Business architecture is a set of shared and practical views of the enterprise

    The key characteristic of the business architecture is that it represents real-world aspects of a business, along with how they interact.

    Many different views of an organization are typically developed. Each view is a diagram that illustrates a way of understanding the enterprise by highlighting specific information about it:

    • Business strategy view captures the tactical and strategic goals that drive an organization forward.
    • Business capabilities view describes the primary business functions of an enterprise and the pieces of the organization that perform those functions.
    • Value stream view defines the end-to-end set of activities that deliver value to external and internal stakeholders.
    • Business knowledge view establishes the shared semantics (e.g. customer, order, and supplier) within an organization and relationships between those semantics (e.g. customer name, order date, supplier name) – an information map.
    • Organizational view captures the relationships among roles, capabilities, and business units, the decomposition of those business units into subunits, and the internal or external management of those units.

    Business architect connects all the pieces

    The business owns the strategy and operating model; the business architect connects all the pieces together.

    R Business Architect (Responsible)
    A Business Unit Leads (Accountable)
    C Subject Matter Experts (Consulted)
    – Business Lines, Operations, Data, Technology Systems & Infrastructure Leads
    I Business Operators (Informed)
    – Process, Data, Technology Systems & Infrastructure

    Choose a key business challenge to address with business architecture

     Choose a key business challenge to address with business architecture

    Picking the right project is critical to setting the tone for business architecture work in the organization.

    Best practices for business architecture success

    Consider these best practices to maintain a high level of engagement from key stakeholders throughout the process of establishing or applying business architecture.

    Balance short-term cost savings with long-term benefits

    Participate in project governance to facilitate compliance

    Create a center of excellence to foster dialogue

    Identify strategic business objectives

    Value streams: Understand how you deliver value today

    It is important to understand the different value-generating activities that deliver an outcome for and from your customers.

    We do this by looking at value streams, which refer to the specific set of activities an industry player undertakes to create and capture value for and from the end consumer (and so the question to ask is, how do you make money as an organization?).

    Our approach helps you to strengthen and transform those value streams that generate the most value for your organization.

    Understand how you deliver value today

    An organization can have more than one set of streams.
    For example, an enterprise can provide both retail shopping and financial services, such as credit cards.

    Define the organization’s value streams

    • Value streams connect business goals to the organization’s value realization activities. They enable an organization to create and capture value in the market place by engaging in a set of interconnected activities. Those activities are dependent on the specific industry segment an organization operates within. Value streams can extend beyond the organization into the supporting ecosystem, whereas business processes are contained within and the organization has complete control over them.
    • There are two types of value streams: core value streams and support value streams. Core value streams are mostly externally facing: they deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map. Support value streams are internally facing and provide the foundational support for an organization to operate.
    • An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers. Info-Tech recommends identifying and organizing the value streams with customers and partners as end-value receivers.

    Example: Value stream descriptions for the retail industry

    Value Streams Create or Purchase the Product Manage Inventory Distribute Product Sell Product, Make Product Available to Customers
    • Product is developed before company sells it.
    • Make these products by obtaining raw materials from external suppliers or using their own resources.
    • Retailers purchase the products they are going to sell to customers from manufacturers or wholesale distributors.
    • Retailer success depends on its ability to source products that customers want and are willing to buy.
    • Inventory products are tracked as they arrive in the warehouse, counted, stored, and prepared for delivery.
    • Estimate the value of your inventory using retail inventory management software.
    • Optimizing distribution activities is an important capability for retailers. The right inventory needs to be at a particular store in the right quantities exactly when it is needed. This helps to maximize sales and minimize how much cash is held up in inventory.
    • Proper supply chain management can not only reduce costs for retailers but drive revenues by enhancing shopping experiences.
    • Once produced, retailers need to sell the products. This is done through many channels including physical stores, online, the mail, or catalogs.
    • After the sale, retailers typically have to deliver the product, provide customer care, and manage complaints.
    • Retailers can use loyalty programs, pricing, and promotions to foster repeat business.

    Value streams describe your core business

    Value streams describe your core business

    Value streams – the activities we do to provide value to customers – require business capabilities.

    Value streams are broken down further into value stages, for example, the Sell Product value stream has value stages Evaluate Options, Place Order, and Make Payment.

    Think of value streams as the core operations: the reason for your organization’s being. A professional consulting organization may have a legal team but it does not brand itself as a law firm. A core value stream is providing research products and services; a business capability that supports it is legal counsel.

    Decompose the value stream into stages

    The stages of a value stream are usually action-oriented statements or verbs that make up the individual steps involved throughout the scope of the value stream, e.g. Place Order or Make Payment.

    Each value stream should have a trigger or starting point and an end result for a client or receiver.

    Decompose the value stream into stages

    There should be measurable value or benefits at each stage. These are key performance indicators (KPIs). Spot problem areas in the stream.

    Value streams usually fall into one of these categories:

    1. Fulfillment of products and services
    2. Manufacturing
    3. Software products
    4. Supporting value streams (procurement of supplies, product planning)

    Value streams need capabilities

    • Value streams connect business goals to the organization’s value realization activities. They enable an organization to create and capture value in the market place by engaging in a set of interconnected activities.
    • There are two types of value streams: core value streams and support value streams. Core value streams are mostly externally facing: they deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map. Support value streams are internally facing and provide the foundational support for an organization to operate.
    • There can be different end-value receivers. Info-Tech recommends identifying and organizing the value streams with customers and partners as end-value receivers.

    Value streams need business capabilities

    Business capabilities are built up to allow the business to perform the activities that bring value to customers. Map capabilities to the value-add activities in the value stream. Business capabilities lie at the top layer of the business architecture:

    • They are the most stable reference for planning organizations.
    • They make strategy more tangible.
    • If properly defined, they can help overcome organizational silos.

    Value streams need business capabilities

    Example business capability map – Higher Education

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and represents a view of what your data program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Example business capability map for: Higher Education

    Example business capability map for Higher Education

    Example business capability map – Local Government

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and represents a view of what your data program must support.

    Example business capability map for: Local Government

    Example business capability map for Local Government

    Value streams need business capabilities

    Value streams – the activities we do to provide value to customers – require business capabilities. Value streams are broken down further into value stages.

    Business capabilities are built up to allow the business to perform the activities that bring value to customers. Map capabilities to the activities in the value stage to spot opportunities and problems in delivering services and value.

    Business processes fulfill capabilities. They are a step-by-step description of who is performing what to achieve a goal. Capabilities consist of networks of processes and the resources – people, technology, materials – to execute them.

    Capability = Processes + Software, Infrastructure + People

    Prioritize a value stream and identify its supporting capabilities

    Prioritize your improvement objectives and business goals and identify a value stream to transform.

    Align the business objectives of your organization to your value streams (the critical actions that take place within your organization to add value to a customer).

    Prioritize a value stream to transform based on the number of priorities aligned to a value stream, and/or the business value (e.g. revenue, EBITDA earnings, competitive differentiation, or cost efficiency).

    Decompose the selected value stream into value stages.

    Align capabilities level 1 and 2 to value stages. One capability may support several value stages in the stream.

    Build a business architecture for the prioritized value stream with a map of business capabilities up to level 2.

    NOTE: We can’t map all capabilities all at once: business architecture is an ongoing practice; select key mapping initiatives each year based on business goals.

    Prioritize a value stream and identify its supporting capabilities

    Map business capabilities to Level 2

     Map business capabilities to Level 2

    Map capabilities to value stage

    Map capabilities to value stage

    Business value realization

    Business value defines the success criteria of an organization as manifested through organizational goals and outcomes, and it is interpreted from four perspectives:

    • Profit generation: The revenue generated from a business capability with a product that is enabled with modern technologies.
    • Cost reduction: The cost reduction when performing business capabilities with a product that is enabled with modern technologies.
    • Service enablement: The productivity and efficiency gains of internal business operations from products and capabilities enhanced with modern technologies.
    • Customer and market reach: The improved reach and insights of the business in existing or new markets.

    Business Value Matrix

    Value, goals, and outcomes cannot be achieved without business capabilities

    Break down your business goals into strategic and achievable initiatives focused on specific value streams and business capabilities.

    Business goals and outcomes

    Accelerate the process with an industry business architecture

    It’s never a good idea to start with a blank page.

    The business capability map available from Info-Tech and with industry standard models can be used as an accelerator. Assemble the relevant stakeholders – business unit leads and product/service owners – and modify the business capability map to suit your organization’s context.

    Acceleration path: Customize generic capability maps with the assistance of our industry analysts.

    Accelerate the process with an industry business architecture

    Identify goals and drivers

    Consider organizational goals and industry forces when planning.

    Business context Define value streams Build business capability map
    1.1 Select key stakeholders
    1.2 Collect and understand corporate goals
    2.1 Update or define value streams
    2.2 Decompose and analyze selected value stream
    3.1 Build level 1 capability map
    3.2 Build level 2 capability map
    3.3 Heatmap capability map
    3.4 Roadmap

    Use inputs from business goals and strategies to understand priorities.

    It is not necessary to have a comprehensive business strategy document to start – with key stakeholders, the business architect should be able to gather a one-page business value canvas or customer journey.

    Determine how the organization creates value

    Begin the process by identifying and locating the business mission and vision statements.

    What is business context?

    “The business context encompasses an understanding of the factors impacting the business from various perspectives, including how decisions are made and what the business is ultimately trying to achieve. The business context is used by IT to identify key implications for the execution of its strategic initiatives.”

    Source: Businesswire, 2018

    Identify the key stakeholders who can help you promote the value of business architecture

    First, as the CIO, you must engage executive stakeholders and secure their support.
    Focus on key players who have high power and high interest in business architecture.

    Engage the stakeholders who are impacted the most and have the power to impede the success of business architecture.

    For example, if the CFO – who has the power to block funding – is disengaged, business architecture will be put at risk.

    Use Info-Tech’s Stakeholder Power Map Template to help prioritize time spent with stakeholders.

    Sample power map

    Identify the key stakeholders concerned with the business architecture project

    A business architecture project may involve the following stakeholders:

    Business architecture project stakeholders

    You must identify who the stakeholders are for your business architecture work.

    Think about:

    • Who are the decision makers and key influencers?
    • Who will impact the business architecture work? Who will the work impact?
    • Who has vested interest in the success or failure of the practice?
    • Who has the skills and competencies necessary to help us be successful?

    Avoid these common mistakes:

    • Don’t focus on the organizational structure and hierarchy. Often stakeholder groups don’t fit the traditional structure.
    • Don’t ignore subject-matter experts on either the business or IT side. You will need to consider both.

    1.1 Identify and assemble key stakeholders

    1-3 hours

    Build an accurate depiction of the business.

    1. It is important to make sure the right stakeholders participate in this exercise. The exercise of identifying capabilities for an organization is very introspective and requires deep analysis.
    2. Consider:
      1. Who are the decision makers and key influencers?
      2. Who will impact the business capability work? Who has a vested interest in the success or failure of the outcome?
      3. Who has the skills and competencies necessary to help you be successful?
    3. Avoid:
      1. Don’t focus on the organizational structure and hierarchy. Often stakeholder groups don’t fit the traditional structure.
      2. Don’t ignore subject matter experts on either the business or IT side. You will need to consider both.
    Input Output
    • List of who is accountable for key business areas and decisions
    • Organizational chart
    • List of who has decision-making authority
    • A list of the key stakeholders
    Materials Participants
    • Whiteboard/Flip Charts
    • Modeling software (e.g. Visio, ArchiMate)
    • Business capability map industry models
    • CIO
    • Enterprise/Business Architect
    • Business Analysts
    • Business Unit Leads
    • Departmental Executives & Senior Managers

    Conduct interviews with the business to gather intelligence for strategy

    Talking to key stakeholders will allow you to get a holistic view of the business strategy.

    Stakeholder interviews provide holistic view of business strategy

    Build a strategy on a page through executive interviews and document reviews

    Understanding the business mandate and priorities ensures alignment across the enterprise.

    A business strategy must articulate the long-term destination the business is moving into. This illustration shapes all the strategies and activities in every other part of the business, including what IT capabilities and resources are required to support business goals. Ultimately, the benefits of a well-defined business strategy increase as the organization scales and as business units or functions are better equipped to align the strategic planning process in a manner that reflects the complexity of the organization.

    Using the Business Strategy on a Page canvas, consider the questions in each bucket to elicit the overall strategic context of the organization and uncover the right information to build your digital strategy. Interview key executives including your CEO, CIO, CMO, COO, CFO, and CRO, and review documents from your board or overall organizational strategy to uncover insights.

    Info-Tech Insight
    A well-articulated and clear business strategy helps different functional and business units work together and ensures that individual decisions support the overall direction of the business.

    Focus on business value and establish a common goal

    Business architecture is a strategic planning function and the focus must be on delivering business value.

    Examples business objectives:

    • Digitally transform the business, redefining its customer interactions.
    • Identify the root cause for escalating customer complaints and eroding satisfaction.
    • Identify reuse opportunities to increase operational efficiency.
    • Identify capabilities to efficiently leverage suppliers to handle demand fluctuations.

    Info-Tech Insight
    CIOs are ideally positioned to be the sponsors of business architecture given that their current top priorities are digital transformation, innovation catalyzation, and business alignment.

    1.2 Collect and understand business objectives

    1-3 hours

    Having a clear understanding of the business is crucial to executing on the strategic IT initiatives.

    1. Discover the strategic CIO initiatives your organization will pursue:
    • Schedule interviews.
    • Use the CIO Business Vision diagnostic or Business Context Discovery Tool.
  • Document the business goals.
  • Update and finalize business goals.
  • InputOutput
    • Existing business goals and strategies
    • Existing IT strategies
    • Interview findings
    • Diagnostic results
    • List of business goals
    • Strategy on a page
    • Business model canvas
    • Customer journey
    MaterialsParticipants
    • CIO Business Vision diagnostic
    • Interview questionnaire
    • CIO
    • Enterprise/Business Architect
    • Business Analysts
    • Business Unit Leads
    • Departmental Executives & Senior Managers

    CIO Business Vision Diagnostic

    CEO

    Vision

    Where do you want to go?
    What is the problem your organization is addressing?

    Mission/Mandate

    What do you do?
    How do you do?
    Whom do you do it for?

    Value Streams

    Why are you in business? What do you do?
    What products and services do you provide?
    Where has your business seen persistent demand?

    Key Products & Services

    What are your top three to five products and services?

    Key Customer Segments

    Who are you trying to serve or target?
    What are the customer segments that decide your value proposition?

    Value Proposition

    What is the value you deliver to your customers?

    Future Value Proposition

    What is your value proposition in three to five years’ time?

    Digital Experience Aspirations

    How can you create a more effective value stream?
    For example, greater value to customers or better supplier relationships.

    Business Resilience Aspirations

    How can you reduce business risks?
    For example, compliance, operational, security, or reputational.

    Sustainability (or ESG) Aspirations

    How can you deliver ESG and sustainability goals?

    Interview the following executives for each business goal area.

    CEO
    CRO
    COO

    Core Business Goals

    What are the core business goals to meet business objectives?

    Top Priorities & Initiatives

    What are the top initiatives and priorities over the planning horizon?

    Performance Insights/Metrics

    What do we need to achieve?
    How can the success be measured?

    CMO
    COO
    CFO

    Shared Business Goals

    What are the shared (operational) business goals to meet business objectives?

    Top Priorities & Initiatives

    What are the top initiatives and priorities over the planning horizon?

    Performance Insights/Metrics

    What do we need to achieve?
    How can the success be measured?

    CFO
    CIO
    COO
    CHRO

    Enabling Business Goals

    What are the enabling (supporting/enterprise) business goals to meet business objectives?

    Top Priorities & Initiatives

    What are the top initiatives and priorities over the planning horizon?

    Performance Insights/Metrics

    What do we need to achieve?
    How can the success be measured?

    Craft a strategy to increase stakeholder support and participation

    The BA practice’s supporters are potential champions who will help you market the value of BA; engage with them first to create positive momentum. Map out the concerns of each group of stakeholders so you can develop marketing tactics and communications vehicles to address them.

    Example Communication Strategy

    Stakeholder Concerns Tactics to Address Concerns Communication Vehicles Frequency
    Supporters
    (High Priority)
    • Build ability to execute BA techniques
    • Build executive support
    • Build understanding of how they can contribute to the success of the BA practice
    • Communicate the secured executive support
    • Help them apply BA techniques in their projects
    • Show examples of BA work (case studies)
    • Personalized meetings and interviews
    • Department/functional meetings
    • Communities of practice or centers of excellent (education and case studies)
    Bi-Monthly
    Indifferent
    (Medium Priority)
    • Build awareness and/or confidence
    • Feel like BA has nothing to do with them
    • Show quick wins and case studies
    • Centers of excellence (education and case studies
    • Use the support of the champions
    Quarterly
    Resistors
    (Medium Priority)
    • BA will cause delays
    • BA will step in their territory
    • BA’s scope is too broad
    • Lack of understanding
    • Prove the value of BA – case studies and metrics
    • Educate how BA complements their work
    • Educate them on the changes resulting from the BA practice’s work, and involve them in crafting the process
    • Individual meetings and interviews
    • Political jockeying
    • Use the support of the champions
    Tailored to individual groups

    1.3 Craft a strategy to increase stakeholder support and participation

    1-2 hours

    Now that you have organized and categorized your stakeholders based on their power, influence, interest, and knowledge of business architecture, it is time to brainstorm how you are going to gain their support and participation.

    Think about the following:

    • What are your stakeholders’ concerns?
    • How can you address them?
    • How will you deliver the message?
    • How often will you deliver the message?

    Avoid these common mistakes:

    • Your communication strategy development should be an iterative process. Do not assume to know the absolute best way to get through to every resistor right away. Instead, engage with your supporters for their input on how to communicate to resistors and repeat the process for indifferent stakeholders as well.
    Input Output
  • Stakeholder Engagement Map
    • Stakeholder Communications Strategy
    Materials Participants
    • Stakeholder Engagement Strategy Template
    • A computer
    • A whiteboard and markers CIO
    • Business Architect
    • IT Department Leads

    Download the Stakeholder Engagement Strategy Template for this project.

    Engaging the right stakeholders

    CASE STUDY

    Industry
    Financial - Banking

    Source
    Anonymous

    Situation Complication Result

    To achieve success with the business architecture initiative, the bank’s CIO needed to put together a plan to engage the right stakeholders in the process.

    Without the right stakeholders, the initiative would suffer from inadequate information and thus would run the risk of delivering an ineffective solution.

    The bank’s culture was resistant to change and each business unit had its own understanding of the business strategy. This was a big part of the problem that led to decreasing customer satisfaction.

    The CIO needed a unified vision for the business architecture practice involving people, process, and technology that all stakeholders could support.

    Starting with enlisting executive support in the form of a business sponsor, the CIO identified the rest of the key stakeholders, in this case, the business unit heads, who were necessary to engage for the initiative.

    Once identified, the CIO promoted the benefits of business architecture to each of the business unit heads while taking stock of their individual needs.

    1.4 Develop a plan to engage key stakeholders

    1 hour

    Using your stakeholder power map as a starting point, focus on the three most important quadrants: those that contain stakeholders you must keep informed, those to keep satisfied, and the key players.

    Plot the stakeholders from those quadrants on a stakeholder engagement map.

    Think about the following:

    • Who are your resistors? These individuals will actively detract from project’s success if you don’t address their concerns.
    • Who is indifferent? These individuals need to be educated more on the benefits of business architecture to have an opinion either way.
    • Who are your supporters? These individuals will support you and spread your message if you equip them to do so.

    Avoid these common mistakes:

    • Do not jump to addressing resistor concerns first. Instead, equip your supporters with the info they need to help your cause and gain positive momentum before approaching resistors.
    InputOutput
    • Stakeholder Engagement Map
    • Stakeholder Communications Strategy
    MaterialsParticipants
    • Stakeholder Engagement Strategy Template
    • A computer
    • A whiteboard and markers
    • CIO
    • Business Architect
    • IT Department Leads

    Download the Stakeholder Engagement Strategy Template for this project.

    1.5 Craft a strategy to increase stakeholder support and participation

    1-2 hours

    Now that you have organized and categorized your stakeholders based on their power, influence, interest, and knowledge of business architecture, it is time to brainstorm how you are going to gain their support and participation.

    Think about the following:

    • What are your stakeholders’ concerns?
    • How can you address them?
    • How will you deliver the message?
    • How often will you deliver the message?

    Avoid these common mistakes:

    • Your communication strategy development should be an iterative process. Do not assume to know the absolute best way to get through to every resistor right away. Instead, engage with your supporters for their input on how to communicate to resistors and repeat the process for indifferent stakeholders as well.
    InputOutput
    • Stakeholder Engagement Map
    • Stakeholder Communications Strategy
    MaterialsParticipants
    • Stakeholder Engagement Strategy Template
    • A computer
    • A whiteboard and markers
    • CIO
    • Business Architect
    • IT Department Leads

    Download the Stakeholder Engagement Strategy Template for this project.

    Define value streams

    Identify the core activities your organization does to provide value to your customers.

    Business context Define value streams Build business capability map

    1.1 Select key stakeholders
    1.2 Collect and understand corporate goals

    2.1 Update or define value streams
    2.2 Decompose and analyze selected value stream

    3.1 Build Level 1 capability map
    3.2 Build Level 2 capability map
    3.3 Heatmap capability map
    3.4 Roadmap

    This phase will walk you through the following activities:

    • Note: It is recommended that you gather and leverage relevant industry standard business architecture models you may have available to you. Example: Info-Tech Industry Business Architecture, BIZBOK, APQC.
    • Defining or updating the organization’s value streams.
    • Selecting priority value streams for deeper analysis.

    This phase involves the following participants:

    • Business Architect, Enterprise Architect
    • Relevant Business Stakeholder(s): Business Unit Leads, Departmental Executives, Senior Mangers, Business Analysts

    Define the organization’s value streams

    • Value streams connect business goals to the organization’s value realization activities. They enable an organization to create and capture value in the marketplace by engaging in a set of interconnected activities. Those activities are dependent on the specific industry segment an organization operates within. Value streams can extend beyond the organization into the supporting ecosystem, whereas business processes are contained within and the organization has complete control over them.
    • There are two types of value streams: core value streams and support value streams. Core value streams are mostly externally facing: they deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map. Support value streams are internally facing and provide the foundational support for an organization to operate.
    • An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers. Info-Tech recommends identifying and organizing the value streams with customers and partners as end-value receivers.

    Connect business goals to value streams

    Example strategy map and value stream

    Identifying value streams

    Value streams connect business goals to organization’s value realization activities. They enable an organization to create and capture value in the market place by engaging in a set of interconnected activities.

    There are several key questions to ask when endeavoring to identify value streams.

    Key Questions
    • Who are your customers?
    • What are the benefits we deliver to them?
    • How do we deliver those benefits?
    • How does the customer receive the benefits?

    Example: Value stream descriptions for the retail industry

    Value StreamsCreate or Purchase ProductManage InventoryDistribute ProductSell Product
    • Retailers need to purchase the products they are going to sell to customers from manufacturers or wholesale distributors.
    • A retailer’s success depends on its ability to source products that customers want and are willing to buy.
    • In addition, they need to purchase the right amount and assortment of products based on anticipated demand.
    • The right inventory needs to be at a particular store in the right quantities exactly when it is needed. This helps to maximize sales and minimize how much cash is held up in inventory.
    • Inventory management includes tracking, ordering, and stocking products, e.g. raw materials, finished products, buffer inventory.
    • Optimizing distribution activities is important for retailers.
    • Proper supply chain management can not only reduce costs for retailers but also drive revenues by enhancing shopping experiences.
    • Distribution includes transportation, packaging and delivery.
    • As business becomes global, it is important to ensure the whole distribution channel is effective.
    • Once produced, retailers need to sell the products. This is done through many channels including physical stores, online, the mail, or catalogs.
    • After the sale, retailers typically have to deliver the product, provide customer care, and manage complaints.
    • Retailers can use loyalty programs, pricing, and promotions to foster repeat business.

    Value streams describe your core business

    Value streams – the activities we do to provide value to customers – require business capabilities.

    Value streams are broken down further into value stages, for example, Sell Product value stream has value stages Evaluate Options, Place Order, and Make Payment.

    Think of value streams as the core operations, the reason for our organization’s being. A professional consulting organization may have a legal team but it does not brand itself as a law firm. A core value stream is providing research products and services – a business capability that supports it is legal counsel.

    2.1 Define value streams

    1-3 hours

    Unify the organization’s perspective on how it creates value.

    1. Write a short description of the value stream that includes a statement about the value provided and a clear start and end for the value stream. Validate the accuracy of the descriptions with your key stakeholders.
    2. Consider:
      1. How does the organization deliver those benefits?
      2. How does the customer receive the benefits?
      3. What is the scope of your value stream? What will trigger the stream to start and what will the final value be?
    3. Avoid: Don’t start with a blank page. Use Info-Tech’s business architecture models for sample value streams.
    Input Output
    • Business strategy or goals
    • Financial statements
    • Info-Tech’s industry-specific business architecture
    • List of organizational specific value streams
    • Detailed value stream definition(s)
    Materials Participants
    • Whiteboard / Kanban Board
    • Reference Architecture Template – See your Account Representative for details
    • Other industry standard reference architecture models: BIZBOK, APQC, etc.
    • Info-Tech Archi Models
    • Enterprise/Business Architect
    • Business Analysts
    • Business Unit Leads
    • CIO
    • Departmental Executives & Senior Managers

    See your Info-Tech Account Representative for access to the Reference Architecture Template

    Decompose the value stream into stages

    The stages of a value stream are usually action-oriented statements or verbs that make up the individual steps involved throughout the scope of the value stream, e.g. Place Order or Make Payment.

    Each value stream should have a trigger or starting point and an end result for a client or receiver.

    Decompose the value stream into stages

    There should be measurable value or benefits at each stage.
    These are key performance indicators (KPIs).
    Spot problem areas in the stream.

    Value streams usually fall into one of these categories:

    1. Fulfillment of products and services
    2. Manufacturing
    3. Software products
    4. Supporting value streams (procurement of supplies, product planning)

    Value stream and value stages examples

    Customer Acquisitions
    Identify Prospects > Contact Prospects > Verify Interests

    Sell Product
    Identify Options > Evaluate Options > Negotiate Price and Delivery Date > Place Order > Get Invoice > Make Payment

    Product Delivery
    Confirm Order > Plan Load > Receive Warehouse > Fill Order > Ship Order > Deliver Order > Invoice Customer

    Product Financing
    Initiate Loan Application > Decide on Application > Submit Documents > Review & Satisfy T&C > Finalize Documents > Conduct Funding > Conduct Funding Audits

    Product Release
    Ideate > Design > Build > Release

    Sell Product is a value stream, made up of value stages Identify options, Evaluate options, and so on.

    2.2 Decompose selected value streams

    1-3 hours

    Once we have a good understanding of our value streams, we need to decide which ones to focus on for deeper analysis and modeling, e.g. extend the business architecture to more detailed level 2 capabilities.

    Organization has goals and delivers products or services.

    1. Identify which value propositions are most important, e.g. be more productive or manage money more simply.
    2. Identify the value stream(s) that create the value proposition.
    3. Break the selected value stream into value stages.
    4. Analyze value stages for opportunities.

    Practical Guide to Agile Strategy Execution

    InputOutput
    • Value stream maps and definitions
    • Business goals, business model canvas, customer journey (value proposition) Selected value streams decomposed into value stages
    • Analysis of selected value streams for opportunities
    • Value stream map
    MaterialsParticipants
    • Whiteboard / Kanban Board
    • Reference Architecture Template – See your Account Representative for details
    • Other industry standard reference architecture models: BIZBOK, APQC, etc.
    • Enterprise/Business Architect
    • Business Analysts
    • Business Unit Leads
    • CIO
    • Departmental Executives & Senior Managers

    Build your value stream one layer at a time to ensure clarity and comprehensiveness

    The first step of creating a value stream is defining it.

    • In this step, you create the parameters around the value stream and document them in a list format.
    • This allows you to know where each value stream starts and ends and the unique value it provides.

    The second step is the value stream mapping.

    • The majority of the mapping is done here where you break down your value stream into each of its component stages.
    • Analysis of these stages allows for a deeper understanding of the value stream.
    • The mapping layer connects the value stream to organizational capabilities.

    Define the value streams that are tied to your strategic goals and document them in a list

    Title

    • Create a title for your value stream that indicates the value it achieves.
    • Ensure your title is clear and will be understood the same way across the organization.
    • The common naming convention for value streams is to use nouns, e.g. product purchase.

    Scope

    • Determine the scope of your value stream by defining the trigger to start the value stream and final value delivered to end the value stream.
    • Be precise with your trigger to ensure you do not mistakenly include actions that would not trigger your value stream.
    • A useful tip is creating a decision tree and outlining the path that results in your trigger.

    Objectives

    • Determine the objectives of the value stream by highlighting the outcome it delivers.
    • Identify the desired outcomes of the value stream from the perspective of your organization.

    Example Value Streams List

    Title Scope Objectives
    Sell Product From option identification to payment Revenue Growth

    Create a value stream map

    A Decompose the Value Stream Into Stages B Add the Customer Perspective
    • Determine the different stages that comprise the value stream.
    • Place the stages in the correct order.
    • Outline the likely sentiment and meaningful needs of the customer at each value stage.
    C Add the Expected Outcome D Define the Entry and Exit Criteria
    • Define the desired outcome of each stage from the perspective of the organization.
    • Define both the entry and exit criteria for each stage.
    • Note that the entry criteria of the first stage is what triggers the value stream.
    E Outline the Metrics F Assess the Stages
    • For each stage of the value stream, outline the metrics the organization can use to identify its ability to attain the desired outcome.
    • Assess how well each stage of the value stream is performing against its target metrics and use this as the basis to drill down into how/where improvements can be made.

    Decompose the value stream into its value stages

    The first step in creating a value stream map is breaking it up into its component stages.

    The stages of a value stream are usually action-oriented statements or verbs that make up the individual steps involved throughout the scope of the value stream.

    Illustration of decomposing value stream into its value stages

    The Benefit
    Segmenting your value stream into individual stages will give you a better understanding of the steps involved in creating value.

    Connect the stages of the value stream to a specific customer perspective

    Example of a sell product value stream

    The Benefit
    Adding the customer’s perspective will inform you of their priorities at each stage of the value stream.

    Connect the stages of the value stream to a desired outcome

    Example of a sell product value stream

    The Benefit
    Understanding the organization’s desired outcome at each stage of the value stream will help set objectives and establish metrics.

    Define the entry and exit criteria of each stage

    Example of entry and exit criteria for each stage

    The Benefit
    Establishing the entry and exit criteria for each stage will help you understand how the customer experience flows from one end of the stream to the other.

    Outline the key metric(s) for each stage

    Outline the key metrics for each stage

    The Benefit
    Setting metrics for each stage will facilitate the tracking of success and inform the business architecture practitioner of where investments should be made.

    Example value stream map: Sell Product

    Assess the stages of your value stream map to determine which capabilities to examine further

    To determine which specific business capabilities you should seek to assess and potentially refine, you must review performance toward target metrics at each stage of the value stream.

    Stages that are not performing to their targets should be examined further by assessing the capabilities that enable them.

    Value Stage Metric Description Metric Target Current Measure Meets Objective?
    Evaluate Options Number of Product Demonstrations 12,000/month 9,000/month No
    Identify Options Google Searches 100K/month 100K/month Yes
    Identify Options Product Mentions 1M/month 1M/month Yes
    Website Traffic (Hits)
    Average Deal Size
    Number of Deals
    Time to Complete an Order
    Percentage of Invoices Without Error
    Average Time to Acquire Payment in Full

    Determine the business capabilities that support the value stage corresponding with the failing metric

    Sell Product

    Identify Options > Evaluate Options > Negotiate Price and Delivery Date > Place Order > Get Invoice > Make Payment

    The value stage(s) that doesn’t meet its objective metrics should be examined further.

    • This is done through business capability mapping and assessment.
    • Starting at the highest level (level 0) view of a business, the business architecture practitioner must drill down into the lower level capabilities that support the specific value stage to diagnose/improve an issue.

    Info-Tech Insight
    In the absence of tangible metrics, you will have to make a qualitative judgement about which stage(s) of the value stream warrant further examination for problems and opportunities.

    Build business capability map

    Align supporting capabilities to priority activities.

    Business context Define value streams Build business capability map
    1.1 Select key stakeholders
    1.2 Collect and understand corporate goals
    2.1 Update or define value streams
    2.2 Decompose and analyze selected value stream
    3.1 Build Level 1 capability map
    3.2 Build Level 2 capability map
    3.3 Heatmap capability map
    3.4 Roadmap

    This step will walk you through the following activities:

    • Determine which business capabilities support value streams
    • Accelerate the process with an industry reference architecture
    • Validate the business capability map
    • Establish level 2 capability

    This step involves the following participants:

    • Enterprise/Business Architect
    • Business Analysts
    • Business Unit Leads
    • CIO
    • Departmental Executives & Senior Managers

    Outcomes of this step

  • A validated level 1 business capability map
  • Level 2 capabilities for selected value stream(s)
  • Heatmapped business capability map
  • Business architecture initiatives roadmap
  • Develop a business capability map – level 1

    • Business architecture consists of a set of techniques to create multiple views of an organization; the primary view is known as a business capability map.
    • A business capability defines what a business does to enable value creation and achieve outcomes, rather than how. Business capabilities are business terms defined using descriptive nouns such as “Marketing” or “Research and Development.” They represent stable business functions, are unique and independent of each other, and typically will have a defined business outcome. Business capabilities should not be defined as organizational units and are typically longer lasting than organizational structures.
    • A business capability mapping process should begin at the highest-level view of an organization, the level 1, which presents the entire business on a page.
    • An effective method of organizing business capabilities is to split them into logical groupings or categories. At the highest level, capabilities are either “core” (customer-facing functions) or “enabling” (supporting functions).
    • As a best practice, Info-Tech recommends dividing business capabilities into the categories illustrated to the right.

    The Business Capability Map is the primary visual representation of the organization’s key abilities or services that are delivered to stakeholders. This model forms the basis of strategic planning discussions.

    Example of a business capability map

    Example business capability map – Higher Education

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and represents a view of what your data program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Example business capability map for: Higher Education

    Example business capability map for higher education

    Example business capability map – Local Government

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and represents a view of what your data program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Example business capability map for: Local Government

    Example business capability map for local government

    Map capabilities to value stage

    Example of a value stage

    Source: Lambert, “Practical Guide to Agile Strategy Execution”

    3.1 Build level 1 business capability map

    1-3 hours

    1. Analyze the value streams to identify and describe the organization’s capabilities that support them. This stage requires a good understanding of the business and will be a critical foundation for the business capability map. Use the reference business architecture’s business capability map for your industry for examples of level 1 and 2 business capabilities and the capability map template to work in.
    2. Avoid:
      1. Don’t repeat capabilities. Capabilities are typically mutually exclusive activities.
      2. Don’t include temporary initiatives. Capabilities should be stable over time. The people, processes, and technologies that support capabilities will change continuously.

    Ensure you engage with the right stakeholders:

    Don’t waste your efforts building an inaccurate depiction of the business: The exercise of identifying capabilities for an organization is very introspective and requires deep analysis.

    It is challenging to develop a common language that everyone will understand and be able to apply. Invest in the time to ensure the right stakeholders are brought into the fold and bring their business area expertise and understanding to the table.

    InputOutput
    • Existing business capability maps
    • Value stream map
    • Info-Tech’s industry-specific business architecture
    • Level 1 business capability map for enterprise
    MaterialsParticipants
    • Whiteboard
    • Reference Architecture Template – See your Account Representative for details
    • Other industry standard reference architecture models: BIZBOK, APQC, etc.
    • Archi Models
    • Enterprise/Business Architect
    • Business Analysts
    • Business Unit Leads
    • CIO
    • Departmental Executives & Senior Managers

    Prioritize one value stream and build a business architecture to level 2 capabilities

    Prioritize your innovation objectives and business goals, and identify a value stream to transform.

    Align the innovation goals and business objectives of your organization to your value streams (the critical actions that take place within your organization to add value to a customer).
    Prioritize a value stream to transform based on the number of priorities aligned to a value stream and/or the business value (e.g. revenue, EBITDA earnings, competitive differentiation, or cost efficiency).
    Working alongside a business or enterprise architect, build a reference architecture for the prioritized value stream up to level 2.

    Example of a value stream to business architecture level 2 capabilities

    Info-Tech Insight
    To produce maximum impact, focus on value streams that provide two-thirds of your enterprise value (EBITDA earnings).

    From level 1 to level 2 business capabilities

    Example moving from level 1 to level 2 business capabilities

    3.2 Build level 2 business capability map

    1-3 hours

    It is only at level 2 and further that we can pinpoint the business capabilities – the exact resources, whether applications or data or processes – that we need to focus on to realize improvements in the organization’s performance and customer experience.

    1. Gather industry reference models and any existing business capability maps.
    2. For the selected value stream, further break down its level 1 business capabilities into level 2 capabilities.
    3. You can often represent the business capabilities on a single page, providing a holistic visual for decision makers.
    4. Use meaningful names for business capabilities so that planners, stakeholders, and subject matter experts can easily search the map.
    InputOutput
    • Existing business capability maps
    • Value stream map
    • Info-Tech’s industry-specific business architecture
    • Level 1 business capability map
    • Level 2 Business Capability Map for selected Value Stream
    MaterialsParticipants
    • Whiteboard
    • Reference Architecture Template – See your Account Representative for details.
    • Other industry standard reference architecture models: BIZBOK, APQC, etc.
    • Archi Models
    • Enterprise/Business Architect
    • Business Analysts
    • Business Unit Leads
    • CIO
    • Departmental Executives & Senior Managers

    Download: See your Account Representative for access to Info-Tech’s Reference Architecture Template

    3.3 Heatmap business capability map

    1-3 hours

    Determine the organization’s key capabilities.

    1. Determine cost advantage creators. If your organization has a cost advantage over competitors, the capabilities that enable it should be identified and prioritized. Highlight these capabilities and prioritize the programs that support them.
    2. Determine competitive advantage creators. If your organization does not have a cost advantage over competitors, determine if it can deliver differentiated end-customer experiences. Once you have identified the competitive advantages, understand which capabilities enable them. These capabilities are critical to the success of the organization and should be highly supported.
    3. Define key future state capabilities. In addition to the current and competitive advantage creators, the organization may have the intention to enhance new capabilities. Discuss and select the capabilities that will help drive the attainment of future goals.
    4. Assess how well information, applications, and processes support capabilities.
    InputOutput
    • Business capability map
    • Cost advantage creators
    • Competitive advantage creators
    • IT and business assessments
    • Key business capabilities
    • Business process review
    • Information assessment
    • Application assessment
    • List of IT implications
    MaterialsParticipants
    • Whiteboard
    • Reference Architecture Template – See your Account Representative for details.
    • Other industry standard reference architecture models: BIZBOK, APQC, etc.
    • Archi Models
    • Enterprise/Business Architect
    • Business Analysts
    • Business Unit Leads
    • CIO
    • Departmental Executives & Senior Managers

    Download: See your Account Representative for access to Info-Tech’s Reference Architecture Template

    Business capability map: Education

    Illustrative example of a business capability map for education

    Define key capabilities

    Illustrative example of Define key capabilities

    Note: Illustrative Example

    Business process review

    Illustrative example of a business process review

    Note: Illustrative Example

    Information assessment

     Illustrative example of an Information assessment

    Note: Illustrative Example

    Application assessment

     Illustrative example of an Application assessment

    Note: Illustrative Example

    MoSCoW analysis for business capabilities

     Illustrative example of a MoSCoW analysis for business capabilities

    Note: Illustrative Example

    Ranked list of IT implications

    MoSCoW Rank IT Implication Value Stream Impacted Comments/Actions
    M [Implication] [Value Stream]
    M [Implication] [Value Stream]
    M [Implication] [Value Stream]
    S [Implication] [Value Stream]
    S [Implication] [Value Stream]
    S [Implication] [Value Stream]
    C [Implication] [Value Stream]
    C [Implication] [Value Stream]
    C [Implication] [Value Stream]
    W [Implication] [Value Stream]
    W [Implication] [Value Stream]
    W [Implication] [Value Stream]

    3.4 Roadmap business architecture initiatives

    1-3 hours

    Unify the organization’s perspective on how it creates value.

    1. Write a short description of the value stream that includes a statement about the value provided and a clear start and end for the value stream. Validate the accuracy of the descriptions with your key stakeholders.
    2. Consider:
      1. How does the organization deliver those benefits?
      2. How does the customer receive the benefits?
      3. What is the scope of your value stream? What will trigger the stream to start and what will the final value be?
    3. Don’t start with a blank page. Use Info-Tech’s business architecture models for sample value streams.
    InputOutput
    • Existing business capability maps
    • Value stream map
    • Info-Tech’s industry-specific business architecture
    • Level 1 business capability map
    • Heatmapped business capability map
    MaterialsParticipants
    • Whiteboard
    • Reference Architecture Template – See your Account Representative for details.
    • Other industry standard reference architecture models: BIZBOK, APQC, etc.
    • Archi Models
    • Enterprise/Business Architect
    • Business Analysts
    • Business Unit Leads
    • CIO
    • Departmental Executives & Senior Managers

    Download: See your Account Representative for access to Info-Tech’s Reference Architecture Template

    Example: Business architecture deliverables

    Enterprise Architecture Domain Architectural View Selection
    Business Architecture Business strategy map Required
    Business Architecture Business model canvas Optional
    Business Architecture Value streams Required
    Business Architecture Business capability map Not Used
    Business Architecture Business process flows
    Business Architecture Service portfolio
    Data Architecture Conceptual data model
    Data Architecture Logical data model
    Data Architecture Physical data model
    Data Architecture Data flow diagram
    Data Architecture Data lineage diagram

    Tools and templates to compile and communicate your business architecture work

    The Industry Business Reference Architecture Template for your industry is a place for you to collect all of the activity outputs and outcomes you’ve completed for use in next-steps.

    Download the Industry Business Reference Architecture Template for your industry

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options

    Research Contributors and Experts

    Name Role Organization
    Ibrahim Abdel-Kader Research Analyst, Data & Analytics Info-Tech Research Group
    Ben Abrishami-Shirazi Technical Counselor, Enterprise Architecture Info-Tech Research Group
    Andrew Bailey Consulting, Manager Info-Tech Research Group
    Dana Dahar Research & Advisory Director, CIO / Digital Business Strategy Info-Tech Research Group
    Larry Fretz VP Info-Tech Research Group
    Shibly Hamidur Enterprise Architect Toronto Transit Commission (TTC)
    Rahul Jaiswal Principal Research Director, Industry Info-Tech Research Group
    John Kemp Executive Counselor, Executive Services Info-Tech Research Group
    Gerald Khoury Senior Executive Advisor Info-Tech Research Group
    Igor Ikonnikov Principal Advisory Director, Data & Analytics Info-Tech Research Group
    Daniel Lambert VP Benchmark Consulting
    Milena Litoiu Principal Research Director, Enterprise Architecture Info-Tech Research Group
    Andy Neill AVP Data & Analytics, Chief Enterprise Architect Info-Tech Research Group
    Rajesh Parab Research Director, Data & Analytics Info-Tech Research Group
    Rick Pittman VP, Research Info-Tech Research Group
    Irina Sedenko Research Director, Data & Analytics Info-Tech Research Group

    Bibliography

    Andriole, Steve. “Why No One Understands Enterprise Architecture & Why Technology Abstractions Always Fail.” Forbes, 18 September 2020. Web.

    “APQC Process Classification Framework (PCF) – Retail.” American Productivity & Quality Center, 9 January 2019. Web.

    Brose, Cari. “Who’s on First? Architecture Roles and Responsibilities in SAFe.” Business Architecture Guild, 9 March 2017. Web.

    Burlton, Roger, Jim Ryne, and Daniel St. George. “Value Streams and Business Processes: The Business Architecture Perspective.” Business Architecture Guild, December 2019. Web.

    “Business Architecture: An overview of the business architecture professional.” Capstera, 5 January 2022. Web.

    Business Architecture Guild. “What is Business Architecture?” Business Analyst Mentor, 18 November 2022. Web.

    “Business Architecture Overview.” The Business Architecture Working Group of the Object Management Group (OMG), n.d. Web.

    “Delivering on your strategic vision.” The Business Architecture Guild, n.d. Web.

    Ecker, Grant. “Deploying business architecture.” LinkedIn, 11 November 2021. (Presentation)

    IRIS. “Retail Business Architecture Framework and Examples.” IRIS Business Architect, n.d. Web.

    IRIS. “What Is Business Architecture?” IRIS Business Architect, 8 May 2014. Web.

    IRIS. “Your Enterprise Architecture Practice Maturity 2021 Assessment.” IRIS Business Architect, 17 May 2021. Web.

    Khuen, Whynde. “How Business Architecture Breaks Down and Bridges Silos.” Biz Arch Mastery, January 2020. Web.

    Lambert, Daniel. “Practical Guide to Agile Strategy Execution.” 18 February 2020.

    Lankhorst, Marc, and Bernd Ihnen. “Mapping the BIZBOK Metamodel to the ArchiMate Language.” Bizzdesign, 2 September 2021. Web.

    Ramias, Alan, and Andrew Spanyi, “Demystifying the Relationship Between Processes and Capabilities: A Modest Proposal.” BPTrends, 2 February 2015. Web.

    Newman, Daniel. “NRF 2022: 4 Key Trends From This Year’s Big Show.” Forbes, 20 January 2022. Web.

    Research and Markets. “Define the Business Context Needed to Complete Strategic IT Initiatives: 2018 Blueprint.” Business Wire, 1 February 2018. Web.

    Sabanoglu, Tugba. “Retail market worldwide - Statistics & Facts.” Statista, 21 April 2022. Web.

    Spacey, John. “Capability vs Process.” Simplicable, 18 November 2016. Web.

    “The Definitive Guide to Business Capabilities.” LeanIX, n.d. Web.

    TOGAF 9. Version 9.1. The Open Group, 2011. Web.

    “What is Business Architecture?” STA Group, 2017. PDF.

    Whittie, Ralph. “The Business Architecture, Value Streams and Value Chains.” BA Institute, n.d. Web.

    Master the Art of Stakeholder Management in Small Enterprise Environments

    • Buy Link or Shortcode: {j2store}572|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Stakeholder Management
    • Parent Category Link: /stakeholder-management
    • IT hasn’t taken into account critical stakeholders and their concerns and preferences as they plan projects or operate on daily business.
    • It is difficult to tailor communication and messaging to all of the different personal and professional styles and motivations of stakeholders.
    • Access to stakeholders and getting an accurate understanding of their needs and concerns regarding IT can be difficult to obtain.

    Our Advice

    Critical Insight

    • Small enterprises have an advantage in stakeholder management. Less people and fewer barriers create opportunities for more productive interactions and stronger relationships.
    • The guiding principles for effective stakeholder management are common concepts, but unfortunately not common practice.
    • By stepping back and taking the time to thoughtfully consider the dynamics and needs of important IT stakeholders, you will be better able to position yourself and your department.

    Impact and Result

    • Info-Tech’s guiding principles provide clear and feasible recommendations for how to incorporate stakeholder management into daily interactions.
    • This blueprint’s guidance will enable IT leaders to tailor communication and interactions that will enable them to build stronger and more meaningful relationships with stakeholders.
    • Following this approach and its guiding principles will make IT projects be more successful by reducing their risk of failure due to issues of buy-in, misunderstanding of priorities, or a lack of support from critical stakeholders.

    Master the Art of Stakeholder Management in Small Enterprise Environments Research & Tools

    Executive Overview

    Use Info-Tech’s approach to stakeholder management to guide you in building stronger and more beneficial relationships, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Master the Art of Stakeholder Management in Small Enterprise Environments Storyboard
    • None
    • None

    1. Identify stakeholders

    Determine the stakeholders for an IT department of a singular initiative.

    • Stakeholder Management Analysis Tool

    2. Analyze stakeholders

    Use the guidance of this section to analyze stakeholders on both a professional and personal level.

    3. Manage stakeholders

    Use Info-Tech’s guiding principles of stakeholder management to direct how to best engage key stakeholders.

    4. Review case studies

    Use real-life experiences from Info-Tech’s analysts to understand how to use and apply stakeholder management techniques.

    [infographic]

    Renovate the Data Center

    • Buy Link or Shortcode: {j2store}497|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Center & Facilities Optimization
    • Parent Category Link: /data-center-and-facilities-optimization
    • 33% of enterprises will be undertaking facility upgrades or refreshes in 2010 aimed at extending the life of their existing data centers.
    • Every upgrade or refresh targeting specific components in the facility to address short-term pain will have significant impact on the data center environment as a whole. Planning upfront and establishing a clear project scope will minimize expensive changes in later years.
    • This solution set will provide you with step-by-step design, planning, and selection tools to define a Data Center renovation plan to reduce cost and risk while supporting cost-effective long-term growth for power, cooling, standby power, and fire protection renovations.

    Our Advice

    Critical Insight

    • 88% of organizations cited they would spend more time and effort on documenting and identifying facility requirements for initial project scoping. Organizations can prevent scope creep by conducting the necessary project planning up front and identify requirements and the effect that the renovation project will have in all areas of the data center facility.
    • Data Center facilities renovations must include the specific requirements related to power provisioning, stand-by power, cooling, and fire protection - not just the immediate short-term pain.
    • 39% of organizations cited they would put more emphasis on monitoring contractor management and performance to improve the outcome of the data center renovation project.

    Impact and Result

    • Early internal efforts to create a budget and facility requirements yields better cost and project outcomes when construction begins. Each data center renovation project is unique and should have its own detailed budget.
    • Upfront planning and detailed project scoping can prevent a cascading impact on data center renovation projects to other areas of the data center that can increase project size, scope and spend.
    • Contractor selection is one of the most important first steps in a complex data center renovation. Organizations must ensure the contractor selected has experience specifically in data center renovation.

    Renovate the Data Center Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and understand the renovation project.

    • Storyboard: Renovate the Data Center
    • None
    • Data Center Annual Review Checklist

    2. Renovate power in the data center.

    • Data Center Power Requirements Calculator

    3. Renovate cooling in the data center.

    • Data Center Cooling Requirements Calculator

    4. Renovate standby power in the data center.

    • Data Center Standby Power Requirements Calculator

    5. Define current and future fire protection requirements.

    • Fire Protection & Suppression Engineer Selection Criteria Checklist
    • None

    6. Assess the opportunities and establish a clear project scope.

    • Data Center Renovation Project Charter
    • Data Center Renovation Project Planning & Monitoring Tool

    7. Establish a budget for the data center renovation project.

    • Data Center Renovation Budget Tool

    8. Select a general contractor to execute the project.

    • None
    • Data Center Renovation Contractor Scripted Interview
    • Data Center Renovation Contractor Scripted Interview Scorecard
    • Data Center Renovation Contractor Reference Checklist
    [infographic]

    The Rush Trap: Why "Move Fast and Break Things" Breaks Your Business

    • Large vertical image:

    Most business leaders think that the best way to beat the competition is to push their development teams harder and demand faster delivery. I've seen the opposite happen many times.

    When you prioritize "shipping fast" and "getting to market first," you often end up taking the longest time to succeed, because your team must spend months, sometimes years, addressing the problems caused by your haste. On the surface, things appear to be improving, but internally, they can feel overwhelming. You will notice this impact on your staff.

    This is the harsh truth about rushing IT development:

    Every Shortcut Creates Two New Problems

    Here's what really happens in the codebase when you tell your team to "just get it done fast": you don't do proper input validation and sanitization because you say, "We'll add that later." And then you have to deal with SQL injection attacks and data breaches for months. This wasted time could have been avoided by using simple parameterized queries and validation frameworks.

    In 2024, the average cost of a data breach was $4.88 million. 73% of these breaches require more than 200 days to resolve. You only code for the happy flow, but real users submit incorrect data, experience network timeouts, and encounter failures with third-party APIs. 

    Your app crashes more than it should because you didn't set up proper error handling, or circuit breakers, or graceful degradation patterns. I know these take time to implement, but what would you rather have? Customers abandoning it?

    Businesses lose an average of $5,600 per minute when their systems go down, and e-commerce sites can lose up to $300,000 per hour during busy times. Instead of fixing the root causes of problems, you just patch them up with quick fixes. Instead of proper garbage collection, that memory leak gets a band-aid restart script. Instead of being optimized, the slow database query is cached.

    Soon, you will find yourself struggling to keep your building intact.

    To keep up with technical debt, companies usually have to spend 23–42% of their total IT budget each year.

    You don't do full testing because "writing unit tests takes longer than manual testing." This approach does not include load testing, test-driven development, or integration testing. Your first real test is when you have paying customers in production. Companies that don't test their software properly have 60% more bugs in their products and spend 40% more time fixing them than companies that do.

    You start without being able to properly monitor and see what's going on. There are no logging frameworks, no application performance monitoring, and no health checks in place. When things go wrong—and they will—it's difficult to figure out what's amiss. Without proper monitoring, it takes an average of 4.5 hours to find and fix IT problems. With full observability tools, it only takes 45 minutes.

    It's easy to see that every shortcut you take today will cause two new problems tomorrow. Each of those problems makes two more. You're going to be in a lot of trouble with technical debt, security holes, and unstable systems soon. All because you were in a hurry to meet some random deadline.

    The true cost of rushing in those "move fast and break things" success stories is often overlooked. You don't guarantee a quick time to market when you rush code to market. You're just making sure that failure to market happens quickly. Remember that most Silicon Valley break-movers lose millions, but you never read about those; you only read about the 1 in 350 VC-backed companies that make it. That is a staggering 0.29%. I would not bet on that strategy just yet.

    Because code that is rushed doesn't just break once. It breaks all the time. In production. This issue arises when dealing with real customers. At the worst times. Your developers are putting out fires instead of adding new features. Instead of adding the features that the customer asked for, they're fixing race conditions at 2 AM. They're patching vulnerabilities in dependencies rather than creating the next version.

    According to research, developers in environments with a lot of technical debt spend 42% of their time on maintenance and bug fixes, while those in well-architected systems spend only 23% of their time on these tasks. Bad code drives up your infrastructure costs by requiring more servers to handle the same load. Your database runs slower because no one took the time to make the right indexes or make the queries run faster. Unoptimized applications typically require 3 to 5 times more infrastructure resources, directly impacting your cloud computing and operational costs.

    The costs of getting new customers go up because products that are rushed have higher churn rates. People stop using apps that crash a lot or don't work well. For example, 53% of mobile users will stop using an app if it takes longer than 3 seconds to load. It costs 5 to 25 times more to get a new customer than to keep an old one.

    In the meantime, what about your competitor who took an extra month to set up proper error handling, security controls, and performance optimization? They're growing smoothly while you're still working on the base.

    The Slow Way Is the Quick Way

    Let me tell you a myth that is costing you millions: The race isn't about speed unless you're in a real winner-take-all market with huge network effects. It's about lasting.

    There is usually room for more than one winner in most markets. Your real job isn't to be the first to market; it's to still be there when the "fast movers" fail because they owe too much money. The businesses that are the biggest in their markets aren't usually the first ones there. They are the ones who took the time to use excellent software engineering practices from the start. They used well-known security frameworks like the OWASP guidelines to make their systems safe, set up the right authentication and authorization patterns, and made sure their APIs were designed with security and resilience in mind from the start.

    Companies that have good security practices have 76% fewer security incidents and save an average of $1.76 million for every breach they avoid. They wrote code for failure scenarios using patterns like retry logic with exponential backoff, circuit breakers to stop failures from spreading, and bulkhead isolation to keep problems from spreading.

    They set up full logging and monitoring so they could find problems before customers did. Systems that are built well and have the right resilience patterns are up 99.9% of the time, while systems that are built quickly are up 95% to 98% of the time. While you may believe that 95% to 98% uptime is an acceptable figure to agree to, take a moment to consider what that actually translates to in terms of downtime for your availability metrics. Remember that you should only calculate the times you really want to be available. This is due to the fact that any unavailability during your downtime is not taken into account. But failures do not take your opening hours into consideration. 

    Successful companies used domain-driven design to get the business requirements right, made complete API documentation, and built automated testing suites that found regressions before deployment. Companies that do a lot of testing deliver features 2.5 times faster and with 50% fewer bugs after deployment.

    They made sure that their environments were always the same by using infrastructure as code, setting up the right CI/CD pipelines with automated security scanning and regression testing, and planning for horizontal scaling from the start.

    Companies that have mature DevOps practices deploy 208 times more often and have lead times that are 106 times faster, all while being more reliable.

    What This Means for Your Process of Development

    The truth is that your development schedule isn't about meeting deadlines. The purpose is to create systems that function effectively when real people use them in real-life situations with actual data and at a large scale. If your code crashes under load because you didn't use the right caching strategies or database connection pooling, it doesn't matter how fast it is to market.

    If you neglect to conduct security code reviews and utilize static analysis tools, the likelihood of hacking increases significantly.

    Think about the return on investment: putting in an extra 20–30% up front for the right architecture, security, and testing usually cuts the total cost of ownership by 60–80% over the life of the application.

    The first "delay" of 2 to 4 weeks for proper engineering practices saves 6 to 12 months of fixing technical debt later on.

    You have a simple choice: either take the time to follow excellent software engineering practices now, or spend the next two years telling customers why your system is down again while your competitors take your market share. The companies that last and eventually take over choose quality engineering over random speed. I leave it up to your imagination as to what multi-trillion-dollar company immediately comes to mind.

    I am always up for a conversation.

    Build a Strategic Infrastructure Roadmap

    • Buy Link or Shortcode: {j2store}332|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $36,636 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    Getting a seat at the table is your first objective in building a strategic roadmap. Knowing what the business wants to do and understanding what it will need in the future is a challenge for most IT departments.

    This could be a challenge such as:

    • Understanding the business vision
    • Clear communications on business planning
    • Insight into what the future state should look like
    • Understanding what the IT team is spending its time on day to day

    Our Advice

    Critical Insight

    • Having a clear vision of what the future state is and knowing that creating an IT Infrastructure roadmap is never finished will give your IT team an understanding of priorities, goals, business vision, and risks associated with not planning.
    • Understand what you are currently paying for and why.

    Impact and Result

    • Understanding of the business priorities, and vision of the future
    • Know what your budget is spent on: running the business, growth, or innovation
    • Increased communication with the right stakeholders
    • Better planning based on analysis of time study, priorities, and business goals

    Build a Strategic Infrastructure Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a Strategic Infrastructure Roadmap Storyboard – Improve and align goals and strategy.

    In this section you will develop a vision and mission statement and set goals that align with the business vision and goals. The outcome will deliver your guiding principles and a list of goals that will determine your initiatives and their priorities.

    • Build Your Infrastructure Roadmap Storyboard
    • Strategic Infrastructure Roadmap Tool

    2. Financial Spend Analysis Template – Envision future and analyze constraints.

    Consider your future state by looking at technology that will help the business in the future. Complete an analysis of your past spending to determine your future spend. Complete a SWOT analysis to determine suitability.

    • Financial Spend Analysis Template

    3. Strategic Roadmap Initiative Template – Align and build the roadmap.

    Develop a risk framework that may slow or hinder your strategic initiatives from progressing and evaluate your technical debt. What is the current state of your infrastructure? Generate and prioritize your initiatives, and set dates for completion.

    • Strategic Roadmap Initiative Template

    4. Infrastructure and Strategy Executive Brief Template – Communicate and improve the process.

    After creating your roadmap, communicate it to your audience. Identify who needs to be informed and create an executive brief with the template download. Finally, create KPIs to measure what success looks like.

    • Infrastructure Strategy and Roadmap Executive Presentation Template
    • Infrastructure Strategy and Roadmap Report Template

    Infographic

    Further reading

    Build a Strategic Infrastructure Roadmap

    Align infrastructure investment to business-driven goals.

    Analysts' Perspectives

    Infrastructure roadmaps are an absolute necessity for all organizations. An organization's size often dictates the degree of complexity of the roadmap, but they all strive to paint the future picture of the organization's IT infrastructure.

    Infrastructure roadmaps typically start with the current state of infrastructure and work on how to improve. That thinking must change! Start with the future vision, an unimpeded vision, as if there were no constraints. Now you can see where you want to be.

    Look at your past to determine how you have been spending your infrastructure budget. If your past shows a trend of increased operational expenditures, that trend will likely continue. The same is true for capital spending and staffing numbers.

    Now that you know where you want to go, and how you ended up where you are, look at the constraints you must deal with and make a plan. It's not as difficult as it may seem, and even the longest journey begins with one step.

    Speaking of that first step, it should be to understand the business goals and align your roadmap with those same goals. Now you have a solid plan to develop a strategic infrastructure roadmap; enjoy the journey!

    There are many reasons why you need to build a strategic IT infrastructure roadmap, but your primary objectives are to set the long-term direction, build a framework for decision making, create a foundation for operational planning, and be able to explain to the business what you are planning. It is a basis for accountability and sets out goals and priorities for the future.

    Other than knowing where you are going there are four key benefits to building the roadmap.

    1. It allows you to be strategic and transformative rather than tactical and reactive.
    2. It gives you the ability to prioritize your tasks and projects in order to get them going.
    3. It gives you the ability to align your projects to business outcomes.
    4. Additionally, you can leverage your roadmap to justify your budget for resources and infrastructure.

    When complete, you will be able to communicate to your fellow IT teams what you are doing and get an understanding of possible business- or IT-related roadblocks, but overall executing on your roadmap will demonstrate to the business your competencies and ability to succeed.

    PJ Ryan

    PJ Ryan
    Research Director
    Infrastructure & Operations Practice
    Info-Tech Research Group

    John Donovan

    John Donovan
    Principal Research Director
    Infrastructure & Operations Practice
    Info-Tech Research Group

    Build a Strategic Infrastructure Roadmap

    Align infrastructure investment to business-driven goals.

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    When it comes to building a strategic roadmap, getting a seat at the table is your first objective. Knowing what the business wants to do and understanding its future needs is a challenge for most IT organizations.

    Challenges such as:

    • Understanding the business vision
    • Clear communications on business planning
    • Insight into what the future state should look like

    Common Obstacles

    Fighting fires, keeping the lights on, patching, and overseeing legacy debt maintenance – these activities prevent your IT team from thinking strategically and looking beyond day-to-day operations. Issues include:

    • Managing time well
    • Building the right teams
    • Setting priorities

    Procrastinating when it comes to thinking about your future state will get you nowhere in a hurry.

    Info-Tech's Approach

    Look into your past IT spend and resources that are being utilized.

    • Analyze all aspects of the operation, and resources required.
    • Be realistic with your timelines.
    • Work from the future state backward.

    Build your roadmap by setting priorities, understanding risk and gaps both in finance and resources. Overall, your roadmap is never done, so don't worry if you get it wrong on the first pass.

    Info-Tech Insight

    Have a clear vision of what the future state is, and know that when creating an IT infrastructure roadmap, it is never done. This will give your IT team an understanding of priorities, goals, business vision, and risks associated with not planning. Understand what you are currently paying for and why.

    Insight Summary

    "Planning is bringing the future into the present so that you can do something about it now."
    Source: Alan Lakein, Libquotes

    Your strategic objectives are key to building a roadmap

    Many organizations' day-to-day IT operations are tactical and reactive. This needs to change; the IT team needs to become strategic and proactive in its planning and execution. Forward thinking bridges the gap from your current state, to what the organization is, to what it wants to achieve. Your strategic objectives need to align to the business vision and goals and keep it running.

    Your future state will determine your roadmap priorities

    Identify what the business needs to meet its goals; this should be reflected in your roadmap priorities. Then identify the tasks and projects that can get you there. Business alignment is key, as these projects require prioritization. Strategic initiatives that align to business outcomes will be your foundation for planning on those priorities. If you do not align your initiatives, you will end up spinning your wheels. A good strategic roadmap will have all the elements of forward thinking and planning to execute with the right resources, right priorities, and right funding to make it happen.

    Understand what you have been paying for the last few years

    Measure the cost of "keeping the lights on" as a baseline for your budget that is earmarked and already spent. Determine if your current spend is holding back innovation due to:

    1. The high cost of maintenance
    2. Resources in operations doing low-value work due to the effort required to do tasks related to break/fix on aging hardware and software

    A successful strategic roadmap will be determined when you have a good handle on your current spending patterns and planning for future needs that include resources, budget, and know-how. Without a plan and roadmap, that plan will not get business buy-in or funding.

    Top challenges reported by Info-Tech members

    Lack of strategic direction

    • Infrastructure leadership must discover the business goals.

    Time seepage

    • Project time is constantly being tracked incorrectly.

    Technical debt

    • Aging equipment is not proactively cycled out with newer enabling technologies.

    Case Study

    The strategic IT roadmap allows Dura to stay at the forefront of automotive manufacturing.

    INDUSTRY: Manufacturing
    SOURCE: Performance Improvement Partners

    Challenge

    Following the acquisition of Dura, MiddleGround aimed to position Dura as a leader in the automotive industry, leveraging the company's established success spanning over a century.

    However, prior limited investments in technology necessitated significant improvements for Dura to optimize its processes and take advantage of digital advancements.

    Solution

    MiddleGround joined forces with PIP to assess technology risks, expenses, and prospects, and develop a practical IT plan with solutions that fit MiddleGround's value-creation timeline.

    By selecting the top 15 most important IT projects, the companies put together a feasible technology roadmap aimed at advancing Dura in the manufacturing sector.

    Results

    Armed with due diligence reports and a well-defined IT plan, MiddleGround and Dura have a strategic approach to maximizing value creation.

    By focusing on key areas such as analysis, applications, infrastructure and the IT organization, Dura is effectively transforming its operations and shaping the future of the automotive manufacturing industry.

    How well do you know your business strategy?

    A mere 25% of managers
    can list three of the company's
    top five priorities.

    Based on a study from MIT Sloan, shared understanding of strategic directives barely exists beyond the top tiers of leadership.

    An image of a bar graph showing the percentage of leaders able to correctly list a majority of their strategic priorities.

    Take your time back

    Unplanned incident response is a leading cause of the infrastructure time crunch, but so too are nonstandard service requests and service requests that should be projects.

    29%

    Less than one-third of all IT projects finish on time.

    200%

    85% of IT projects average cost overruns of 200% and time overruns of 70%.

    70%

    70% of IT workers feel as though they have too much work and not enough time to do it.

    Source: MIT Sloan

    Inventory Assessment

    Lifecycle

    Refresh strategies are still based on truisms (every three years for servers, every seven years for LAN, etc.) more than risk-based approaches.

    Opportunity Cost

    Assets that were suitable to enable business goals need to be re-evaluated as those goals change.

    See Info-Tech's Manage Your Technical Debt blueprint

    an image of info-tech's Manage your technical debt.

    Key IT strategy initiatives can be categorized in three ways

    IT key initiative plan

    Initiatives collectively support the business goals and corporate initiatives, and improve the delivery of IT services.

    1. Business support
      • Support major business initiatives
      • Each corporate initiative is supported by a major IT project and each project has unique IT challenges that require IT support.
    2. IT excellence
      • Reduce risk and improve IT operational excellence
      • These projects will increase IT process maturity and will systematically improve IT.
    3. Innovation
      • Drive technology innovation
      • These projects will improve future innovation capabilities and decrease risk by increasing technology maturity.

    Info-Tech Insight

    A CIO has three roles: enable business productivity, run an effective IT shop, and drive technology innovation. Your key initiative plan must reflect these three mandates and how IT strives to fulfill them.

    IT must accomplish many things

    Manage
    the lifecycle of aging equipment against current capacity and capability demands.

    Curate
    a portfolio of enabling technologies to meet future capacity and capability demands.

    Initiate
    a realistic schedule of initiatives that supports a diverse range of business goals.

    Adapt
    to executive feedback and changing business goals.

    an image of Info-Tech's Build your strategic roadmap

    Primary and secondary infrastructure drivers

    • Primary driver – The infrastructure component that is directly responsible for enabling change in the business metric.
    • Secondary driver – The infrastructure component(s) that primary drivers rely on.

    (Source: BMC)

    Sample primary and secondary drivers

    Business metric Source(s) Primary infrastructure drivers Secondary infrastructure drivers

    Sales revenue

    Online store

    Website/Server (for digital businesses)

    • Network
    • Data center facilities

    # of new customers

    Call center

    Physical plant cabling in the call center

    • PBX/VOIP server
    • Network
    • Data center facilities

    Info-Tech Insight

    You may not be able to directly influence the primary drivers of the business, but your infrastructure can have a major impact as a secondary driver.

    Info-Tech's approach

    1. Align strategy and goals
    • Establish the scope of your IT strategy by defining IT's mission and vision statements and guiding principles.
  • Envision future and analyze constraints
    • Envision and define your future infrastructure and analyze what is holding you back.
  • Align and build the roadmap
    • Establish a risk framework, identify initiatives, and build your strategic infrastructure roadmap.
  • Communicate and improve the process
    • Communicate the results of your hard work to the right people and establish the groundwork for continual improvement of the process.
  • Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Mission and Vision Statement
    Goal Alignment (Slide 28)

    Construct your vision and mission aligned to the business.

    Mission and Vision Statement

    Strategic Infrastructure Roadmap tool

    Build initiatives and prioritize them. Build the roadmap.

    Strategic Infrastructure Roadmap tool

    Infrastructure Domain Study

    What is stealing your time from getting projects done?

    Infrastructure Domain Study

    Initiative Templates Process Maps & Strategy

    Build templates for initiates, build process map, and develop strategies.

    Initiative Templates Process Maps & Strategy

    Key Deliverable

    it infrastructure roadmap template

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Info-Tech's methodology for an infrastructure strategy and roadmap

    1. Align Strategy and Goals

    2. Envision Future and Analyze Constraints

    3. Align and Build the Roadmap

    4. Communicate and Improve the Process

    Phase steps

    1.1 Develop the infrastructure strategy

    1.2 Define the goals

    2.1 Define the future state

    2.2 Analyze constraints

    3.1 Align the roadmap

    3.2 Build the roadmap

    4.1 Identify the audience

    4.2 Improve the process

    Phase Outcomes

    • Vision statement
    • Mission statement
    • Guiding principles
    • List of goals
    • Financial spend analysis
    • Domain time study
    • Prioritized list of roadblocks
    • Future-state vision document
    • IT and business risk frameworks
    • Technical debt assessment
    • New technology analysis
    • Initiative templates
    • Initiative candidates
    • Roadmap visualization
    • Process schedule
    • Communications strategy
    • process map
    • Infrastructure roadmap report

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 0 Phase 1 Phase 2 Phase 3 Phase 4

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Define mission and vision statements and guiding principles to discuss strategy scope.
    Call #3: Brainstorm goals and definition.

    Call #4: Conduct a spend analysis and a time resource study.
    Call #5: Identify roadblocks.

    Call #6: Develop a risk framework and address technical debt.
    Call #7: Identify new initiatives and SWOT analysis.
    Call #8: Visualize and identify initiatives.
    Call #9: Complete shadow IT and initiative finalization.

    Call #10: Identify your audience and communicate.
    Call #11: Improve the process.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Session 0 (Pre-workshop)

    Session 1

    Session 2

    Session 3

    Session 4

    Session 5 (Post-workshop)

    Elicit business context Align Strategy and Goals Envision Future and Analyze Constraints Align and Build the Roadmap Communicate and Improve the Process Wrap-up (offsite)

    0.1 Complete recommended diagnostic programs.
    0.2 Interview key business stakeholders, as needed, to identify business context: business goals, initiatives, and the organization's mission and vision.
    0.3 (Optional) CIO to compile and prioritize IT success stories.

    1.1 Infrastructure strategy.
    1.1.1 Review/validate the business context.
    1.1.2 Construct your mission and vision statements.
    1.1.3 Elicit your guiding principles and finalize IT strategy scope.

    1.2 Business goal alignment
    1.2.1 Intake identification and analysis.
    1.2.2 Survey results analysis.
    1.2.3 Brainstorm goals.
    1.2.4 Perform goal association and analysis.

    2.1 Define the future state.
    2.1.1 Conduct an emerging technology discussion.
    2.1.2 Document desired future state.
    2.1.3 Develop a new technology identification process.
    2.1.4 Compete SWOT analysis.

    2.2 Analyze your constraints
    2.2.1 Perform a historical spend analysis.
    2.2.2 Conduct a time study.
    2.2.3 Identify roadblocks.
    .

    3.1 Align the roadmap
    3.1.1 Develop a risk framework.
    3.1.2 Evaluate technical debt.

    3.2 Build the roadmap.
    3.2.1 Build effective initiative templates.
    3.2.2 Visualize.
    3.2.3 Generate new initiatives.
    3.2.4 Repatriate shadow IT initiatives.
    3.2.5 Finalize initiative candidates.

    4.2 Identify the audience
    4.1.1 Identify required authors and target audiences.
    4.1.2 Plan the process.
    4.1.2 Identify supporters and blockers.

    4.2 Improve the process
    4.2.1 Evaluate the value of each process output.
    4.2.2 Brainstorm improvements.
    4.2.3 Set realistic measures.

    5.1 Complete in-progress deliverables from previous four days.
    5.2 Set up time to review workshop deliverables and discuss next steps.

    1. SWOT analysis of current state
    2. Goals cascade
    3. Persona analysis
    1. Vision statement, mission statement, and guiding principles
    2. List of goals
    1. Spend analysis document
    2. Domain time study
    3. Prioritized list of roadblocks
    4. Future state vision document
    1. IT and business risk frameworks
    2. Technical debt assessment
    3. New technology analysis
    4. Initiative templates
    5. Initiative candidates
    1. Roadmap visualization
    2. Process schedule
    3. Communications strategy
    4. Process map
    1. Strategic Infrastructure Roadmap Report

    Phase 1

    Align Strategy and Goals

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Infrastructure strategy

    1.2 Goal alignment

    2.1 Define your future

    2.2 Conduct constraints analysis

    3.1 Drive business alignment

    3.2. Build the roadmap

    4.1 Identify the audience

    4.2 Process improvement

    and measurements

    This phase will walk you through the following activities:

    • How to build IT mission and vision statements
    • How to elicit IT guiding principles
    • How to finalize and communicate your IT strategy scope

    This phase involves the following participants:

    • CIO
    • Senior IT Team

    Step 1.1

    Develop the Infrastructure Strategy

    Activities

    1.1.1 Review/validate the business context

    1.1.2 Construct your mission and vision statements

    1.1.3 Elicit your guiding principles and finalize IT strategy scope

    This step requires the following inputs:

    • Business Mission Statement
    • Business Vision Statement
    • Business Goals

    This step involves the following participants:

    • Roadmap team

    Outcomes of this step

    • IT mission statement
    • IT vision statement
    • Guiding principles

    To complete this phase, you will need:

    Infrastructure Strategy and Roadmap Report Template

    Infrastructure Strategy and Roadmap Report Template

    Use the IT Infrastructure Strategy and Roadmap Report Template to document the results from the following activities:

    • Mission and Vision Statements
    • Business impact
    • Roadmap

    IT must aim to support the organization's mission and vision

    A mission statement

    • Focuses on today and what an organization does to achieve the mission.
    • Drives the company.
    • Answers: What do we do? Who do we serve? How do we service them?

    "A mission statement focuses on the purpose of the brand; the vision statement looks to the fulfillment of that purpose."

    A vision statement

    • Focuses on tomorrow and what an organization ultimately wants to become.
    • Gives the company direction.
    • Answers: What problems are we solving? Who and what are we changing?

    "A vision statement provides a concrete way for stakeholders, especially employees, to understand the meaning and purpose of your business. However, unlike a mission statement – which describes the who, what, and why of your business – a vision statement describes the desired long-term results of your company's efforts."
    Source: Business News Daily, 2020

    Characteristics of mission and vision statements

    A strong mission statement has the following characteristics:

    • Articulates the IT function's purpose and reason for existence.
    • Describes what the IT function does to achieve its vision.
    • Defines the customers of the IT function.
    • Is:
      • Compelling
      • Easy to grasp
      • Sharply focused
      • Concise

    A strong vision statement has the following characteristics:

    • Describes a desired future achievement.
    • Focuses on ends, not means.
    • Communicates promise.
    • Is:
      • Concise; no unnecessary words
      • Compelling
      • Achievable
      • Measurable

    Derive the IT mission and vision statements from the business

    Begin the process by identifying and locating the business mission and vision statements.

    • Corporate websites
    • Business strategy documents
    • Business executives

    Ensure there is alignment between the business and IT statements.

    Note: Mission statements may remain the same unless the IT department's mandate is changing.

    an image showing Business mission, IT mission, Business Vision, and IT Vison.

    1.1.2 Construct mission and vision statements

    1 hour

    Objective: Help teams define their purpose (why they exist) to build a mission statement (if one doesn't already exist).

    Step 1:

    1. Gather the IT strategy creation team and revisit your business context inputs, specifically the corporate mission statement.
    2. Begin by asking the participants:
        1. What is our job as a team?
        2. What's our goal? How do we align IT to our corporate mission?
        3. What benefit are we bringing to the company and the world?
      1. Ask them to share general thoughts in a check-in.

    Step 2:

    1. Share some examples of IT mission statements.
    2. Example: IT provides innovative product solutions and leadership that drives growth and
      success.
    3. Provide each participant with some time to write their own version of an IT mission statement.

    Download the ITRG IT Infrastructure Strategy and Roadmap Report Template and document your mission and vision statements in Section 1.

    Input

    • Business vision statement
    • Business mission statement

    Output

    • IT mission statement
    • IT vision statement

    Materials

    • Sticky notes
    • Markers
    • Whiteboard
    • Paper
    • Collaboration/brain-storming tool (whiteboard, flip chart, digital equivalent)

    Participants

    • CIO
    • Senior IT Team

    1.1.2 Construct mission and vision statements (cont'd)

    1 hour

    Objective: Help teams define their purpose (why they exist) to build a mission statement (if one doesn't already exist).

    Step 3:

    This step involves reviewing individual mission statements, combining them, and building one collective mission statement for the team.

    1. Consider the following approach to build a unified mission statement:

    Use the 20x20 rule for group decision-making. Give the group no more than 20 minutes to craft a collective team purpose with no more than 20 words.

    1. As a facilitator, provide guidelines on how to write for the intended audience. Business stakeholders need business language.
    2. Refer to the corporate mission statement periodically and ensure there is alignment.
    3. Document your final mission statement in your ITRG Infrastructure Strategy and Roadmap Report Template.

    Download the ITRG IT Infrastructure Strategy and Roadmap Report Template and document your mission and vision statements in Section 1.

    Input

    • Business vision statement
    • Business mission statement

    Output

    • IT mission statement
    • IT vision statement

    Materials

    • Sticky notes
    • Markers
    • Whiteboard
    • Paper
    • Collaboration/brain-storming tool (whiteboard, flip chart, digital equivalent)

    Participants

    • CIO
    • Senior IT Team

    1.1.2 Construct mission and vision statements (cont'd)

    1 hour

    Objective: Help teams define their purpose (why they exist) to build a mission statement (if one doesn't already exist).

    Step 4:

    1. Gather the IT strategy creation team and revisit your business context inputs, specifically the corporate vision statement.
    2. Share one or more examples of vision statements.
    3. Provide participants with sticky notes and writing materials and ask them to work individually for this step.
    4. Ask participants to brainstorm:
      1. What is the desired future state of the IT organization?
      2. How should we work to attain the desired state?
      3. How do we want IT to be perceived in the desired state?
    5. Provide participants with guidelines to build descriptive, compelling, and achievable statements regarding their desired future state.
    6. Regroup as a team and review participant answers.

    Download the ITRG IT Infrastructure Strategy and Roadmap Report Template and document your mission and vision statements in Section 1.

    Input

    • Business vision statement
    • Business mission statement

    Output

    • IT mission statement
    • IT vision statement

    Materials

    • Sticky notes
    • Markers
    • Whiteboard
    • Paper
    • Collaboration/brain-storming tool (whiteboard, flip chart, digital equivalent)

    Participants

    • CIO
    • Senior IT Team

    1.1.2 Construct mission and vision statements (cont'd)

    1 hour

    Objective: Help teams define their purpose (why they exist) to build a mission statement (if one doesn't already exist).

    Step 5:

    1. Ask the team to post their notes on the wall.
    2. Have the team group the words that have a similar meaning or feeling behind them; this will create themes.
    3. When the group is done categorizing the statements into themes, ask if there's anything missing. Did they ensure alignment to the corporate vision statement? Are there any elements missing when considering alignment back to the corporate vision statement?

    Step 6:

    1. Consider each category as a component of your vision statement.
    2. Review each category with participants; define what the behavior looks like when it is being met and what it looks like when it isn't.
    3. As a facilitator, provide guidelines on word-smithing and finessing the language.
    4. Refer to the corporate vision statement periodically and ensure there is alignment.
    5. Document your final mission statement in your IT Strategy Presentation Template.

    Download the ITRG IT Infrastructure Strategy and Roadmap Report Template and document your mission and vision statements in Section 1.

    Input

    • Business vision statement
    • Business mission statement

    Output

    • IT mission statement
    • IT vision statement

    Materials

    • Sticky notes
    • Markers
    • Whiteboard
    • Paper
    • Collaboration/brain-storming tool (whiteboard, flip chart, digital equivalent)

    Participants

    • CIO
    • Senior IT Team

    1.1.2 Construct mission and vision statements (cont'd)

    Tips for online facilitation:

    • Pick an online whiteboard tool that allows participants to use a large, zoomable canvas.
    • Set up each topic at a different area of the board; spread them out just like you would do on the walls of a room.
    • Invite participants to zoom in and visit each section and add their ideas as sticky notes once you reach that section of the exercise.
    • If you're not using an online whiteboard, we'd recommend using a collaboration tool such as Google Docs or Teams Whiteboard to collect the information for each step under a separate heading. Invite everyone into the document but be very clear regarding editing rights.
    • Pre-create your screen deck and screen share this with your participants through your videoconferencing software. We'd also recommend sharing this so participants can go through the deck again during the reflection steps.
    • When facilitating group discussion, we'd recommend that participants use non-verbal means to indicate they'd like to speak. You can use tools like Teams' hand-raising tool, a reaction emoji, or have people put their hands up. The facilitator can then invite that person to talk.

    Source: Hyper Island

    Input

    • Business vision statement
    • Business mission statement

    Output

    • IT mission statement
    • IT vision statement

    Materials

    • Sticky notes
    • Markers
    • Whiteboard
    • Paper
    • Collaboration/brainstorming tool (whiteboard, flip chart, digital equivalent)

    Participants

    • CIO
    • Senior IT Team

    IT mission statements demonstrate IT's purpose

    The IT mission statement specifies the function's purpose or reason for being. The mission should guide each day's activities and decisions. The mission statements use simple and concise terminology and speak loudly and clearly, generating enthusiasm for the organization.

    Strong IT mission statements have the following characteristics:

    • Articulate the IT function's purpose and reason for existence
    • Describe what the IT function does to achieve its vision
    • Define the customers of the IT function
    • Are:
      • Compelling
      • Easy to grasp
      • Sharply focused
      • Inspirational
      • Memorable
      • Concise

    Sample IT Mission Statements:

    • To provide infrastructure, support, and innovation in the delivery of secure, enterprise-grade information technology products and services that enable and empower the workforce at [Company Name].
    • To help fulfill organizational goals, the IT department is committed to empowering business stakeholders with technology and services that facilitate effective processes, collaboration, and communication.
    • The mission of the information technology (IT) department is to build a solid, comprehensive technology infrastructure; to maintain an efficient, effective operations environment; and to deliver high-quality, timely services that support the business goals and objectives of ABC Inc.
    • The IT department has operational, strategic, and fiscal responsibility for the innovation, implementation, and advancement of technology at ABC Inc. in three main areas: network administration and end-user support, instructional services, and information systems. The IT department provides leadership in long-range planning, implementation, and maintenance of information technology across the organization.
    • The IT group is customer-centered and driven by its commitment to management and staff. It oversees services in computing, telecommunications, networking, administrative computing, and technology training.

    Sample mission statements (cont'd)

    • To collaborate and empower our stakeholders through an engaged team and operational agility and deliver innovative technology and services.
    • To empower our stakeholders with innovative technology and services, through collaboration and agility.
    • To collaborate and empower our stakeholder, by delivering innovative technology and services, with an engaged team and operational agility.
    • To partner with departments and be technology leaders that will deliver innovative, secure, efficient, and cost-effective services for our citizens.
    • As a client-centric strategic partner, provide excellence in IM and IT services through flexible business solutions for achieving positive user experience and satisfaction.
    • Develop a high-performing global team that will plan and build a scalable, stable operating environment.
    • Through communication and collaboration, empower stakeholders with innovative technology and services.
    • Build a robust portfolio of technology services and solutions, enabling science-lead and business-driven success.
    • Guided by value-driven decision making, high-performing teams and trusted partners deliver and continually improve secure, reliable, scalable, and reusable services that exceed customer expectations.
    • Engage the business to grow capabilities and securely deliver efficient services to our users and clients.
    • Engage the business to securely deliver efficient services and grow capabilities for our users and clients.

    IT vision statements demonstrate what the IT organization aspires to be

    The IT vision statement communicates a desired future state of the IT organization. The statement is expressed in the present tense. It seeks to articulate the desired role of IT and how IT will be perceived.

    Strong IT vision statements have the following characteristics:

    • Describe a desired future
    • Focus on ends, not means
    • Communicate promise
    • Are:
      • Concise; no unnecessary words
      • Compelling
      • Achievable
      • Inspirational
      • Memorable

    Sample IT vision statements:

    • To be a trusted advisor and partner in enabling business innovation and growth through an engaged IT workforce.
    • The IT organization will strive to become a world-class value center that is a catalyst for innovation.
    • IT is a cohesive, proactive, and disciplined team that delivers innovative technology solutions while demonstrating a strong customer-oriented mindset.
    • Develop and maintain IT and an IT support environment that is secure, stable, and reliable within a dynamic environment.

    Sample vision statements (cont'd)

    • Alignment: To ensure that the IT organizational model and all related operational services and duties are properly aligned with all underlying business goals and objectives. Alignment reflects an IT operation "that makes sense," considering the business served, its interests and its operational imperatives.
    • Engagement: To ensure that all IT vision stakeholders are fully engaged in technology-related planning and the operational parameters of the IT service portfolio. IT stakeholders include the IT performing organization (IT Department), company executives and end-users.
    • Best Practices: To ensure that IT operates in a standardized fashion, relying on practical management standards and strategies properly sized to technology needs and organizational capabilities.
    • Commitment to Customer Service: To ensure that IT services are provided in a timely, high-quality manner, designed to fill the operational needs of the front-line end-users, working within the boundaries established by business interests and technology best practices.

    Quoted From ITtoolkit, 2020

    Case Study

    Acme Corp. was able to construct its IT mission and vison statements by aligning to its corporate mission and vision.

    INDUSTRY: Professional Services
    COMPANY: This case study is based on a real company but was anonymized for use in this research.

    Business

    IT

    Mission

    Vision

    Mission

    Vision

    We help IT leaders achieve measurable results by systematically improving core IT processes, governance, and critical technology projects.

    Acme Corp. will grow to become the largest research firm across the industry by providing unprecedented value to our clients.

    IT provides innovative product solutions and leadership that drives growth and success.

    We will relentlessly drive value to our customers through unprecedented innovation.

    IT guiding principles set the boundaries for your strategy

    Strategic guiding principles advise the IT organization on the boundaries of the strategy.

    Guiding principles are a priori decisions that limit the scope of strategic thinking to what is acceptable organizationally, from budgetary, people, and partnership standpoints. Guiding principles can cover other dimensions, as well.

    Organizational stakeholders are more likely to follow IT principles when a rationale is provided.

    After defining the set of IT principles, ensure that they are all expanded upon with a rationale. The rationale ensures principles are more likely to be followed because they communicate why the principles are important and how they are to be used. Develop the rationale for each IT principle your organization has chosen.

    IT guiding principles = IT strategy boundaries

    Consider these four components when brainstorming guiding principles

    Breadth

    of the IT strategy can span across the eight perspectives: people, process, technology, data, process, sourcing, location, and timing.

    Defining which of the eight perspectives is in scope for the IT strategy is crucial to ensuring the IT strategy will be comprehensive, relevant, and actionable.

    Depth

    of coverage refers to the level of detail the IT strategy will go into for each perspective. Info-Tech recommends that depth should go to the initiative level (i.e. individual projects).

    Organizational coverage

    will determine which part of the organization the IT strategy will cover.

    Planning horizon

    of the IT strategy will dictate when the target state should be reached and the length of the roadmap.

    Consider these criteria when brainstorming guiding principle statements

    Approach focused IT principles are focused on the approach, i.e. how the organization is built, transformed, and operated, as opposed to what needs to be built, which is defined by both functional and non-functional requirements.
    Business relevant Create IT principles that are specific to the organization. Tie IT principles to the organization's priorities and strategic aspirations.
    Long lasting Build IT principles that will withstand the test of time.
    Prescriptive Inform and direct decision-making with IT principles that are actionable. Avoid truisms, general statements, and observations.
    Verifiable If compliance can't be verified, the principle is less likely to be followed.
    Easily digestible IT principles must be clearly understood by everyone in IT and by business stakeholders. IT principles aren't a secret manuscript of the IT team. IT principles should be succinct; wordy principles are hard to understand and remember.
    Followed

    Successful IT principles represent a collection of beliefs shared among enterprise stakeholders. IT principles must be continuously reinforced to all stakeholders to achieve and maintain buy-in.

    In organizations where formal policy enforcement works well, IT principles should be enforced through appropriate governance processes.

    Review ten universal IT principles to determine if your organization wishes to adopt them

    IT principle name

    IT principle statement

    1. Enterprise value focus We aim to provide maximum long-term benefits to the enterprise as a whole while optimizing total costs of ownership and risks.
    2. Fit for purpose We maintain capability levels and create solutions that are fit for purpose without over engineering them.
    3. Simplicity We choose the simplest solutions and aim to reduce operational complexity of the enterprise.
    4. Reuse > buy > build We maximize reuse of existing assets. If we can't reuse, we procure externally. As a last resort, we build custom solutions.
    5. Managed data We handle data creation, modification, and use enterprise-wide in compliance with our data governance policy.
    6. Controlled technical diversity We control the variety of technology platforms we use.
    7. Managed security We manage security enterprise-wide in compliance with our security governance policy.
    8. Compliance to laws and regulations We operate in compliance with all applicable laws and regulations.
    9. Innovation We seek innovative ways to use technology for business advantage.
    10. Customer centricity We deliver best experiences to our customers with our services and products.

    1.1.3 Elicit guiding principles

    1 hour

    Objective: Generate ideas for guiding principle statements with silent sticky note writing.

    1. Gather the IT strategy creation team and revisit your mission and vision statements.
    2. Ask the group to brainstorm answers individually, silently writing their ideas on separate sticky notes. Provide the brainstorming criteria from the previous slide to all team members. Allow the team to put items on separate notes that can later be shuffled and sorted as distinct thoughts.
    3. After a set amount of time, ask the members of the group to stick their notes to the whiteboard and quickly present them. Categorize all ideas into four major buckets: breadth, depth, organizational coverage, and planning horizon. Ideally, you want one guiding principle to describe each of the four components.
    4. If there are missing guiding principles in any category or anyone's items inspire others to write more, they can stick those up on the wall too, after everyone has presented.
    5. Discuss and finalize your IT guiding principles.
    6. Document your guiding principles in the IT Strategy Presentation Template in Section 1.

    Source: Hyper Island

    Download the ITRG IT Infrastructure Strategy and Roadmap Report Template and document your mission and vision statements in Section 1.

    Input

    • Four components for eliciting guiding principles
    • Mission and vision statements

    Output

    • IT guiding principles
    • IT strategy scope

    Materials

    • Sticky notes
    • Whiteboard
    • Paper
    • Collaboration/brain-storming tool (whiteboard, flip chart, digital equivalent)

    Participants

    • CIO
    • Senior IT Team

    Guiding principle examples

    • Alignment: Our IT decisions will align with [our organization's] strategic plan.
    • Resources: We will allocate cyber-infrastructure resources based on providing the greatest value and benefit for [the community].
    • User Focus: User needs will be a key component in all IT decisions.
    • Collaboration: We will work within and across organizational structures to meet strategic goals and identify opportunities for innovation and improvement.
    • Transparency: We will be transparent in our decision making and resource use.
    • Innovation: We will value innovative and creative thinking.
    • Data Stewardship: We will provide a secure but accessible data environment.
    • IT Knowledge and Skills: We will value technology skills development for the IT community.
    • Drive reduced costs and improved services
    • Deploy packaged apps – do not develop – retain business process knowledge expertise – reduce apps portfolio
    • Standardize/Consolidate infrastructure with key partners
    • Use what we sell, and help sell
    • Drive high-availability goals: No blunders
    • Ensure hardened security and disaster recovery
    • Broaden skills (hard and soft) across the workforce
    • Improve business alignment and IT governance

    Quoted From: Office of Information Technology, 2014; Future of CIO, 2013

    Case Study

    Acme Corp. elicited guiding principles that set the scope of its IT strategy for FY21.

    INDUSTRY: Professional Services
    COMPANY: Acme Corp.

    The following guiding principles define the values that drive IT's strategy in FY23 and provide the criteria for our 12-month planning horizon.

    • We will focus on big-ticket items during the next 12 months.
    • We will keep the budget within 5%+/- YOY.
    • We will insource over outsource.
    • We will develop a cloud-first technology stack.

    Finalize your IT strategy scope

    Your mission and vision statements and your guiding principles should be the first things you communicate on your IT strategy document.

    Why is this important?

    • Communicating these elements shows how IT supports the corporate direction.
    • The vision and mission statements will clearly articulate IT's aspirations and purpose.
    • The guiding principles will clearly articulate how IT plans to support the business strategically.
    • These elements set expectations with stakeholders for the rest of your strategy.

    Input information into the IT Strategy Presentation Template.

    an image showing the IT Strategy Scope.

    Summary of Accomplishment

    Established the scope of your IT strategy

    • Constructed the IT mission statement to communicate the IT organization's reason for being.
    • Constructed the IT vision statement to communicate the desired future state of the IT organization.
    • Elicited IT's guiding principles to communicate the overall scope and time horizon for the strategy.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Step 1.2

    Business Goal Alignment

    Activities

    1.2.1 Intake identification and analysis

    1.2.2 Survey results analysis

    1.2.3 Goal brainstorming

    1.2.4 Goal association and analysis

    This step requires the following inputs:

    • Last year's accomplished project list
    • Business unit input source list
    • Goal list
    • In-flight initiatives list

    This step involves the following participants:

    • Business leadership
    • Project Management Office
    • Service Desk
    • Business Relationship Management
    • Solution or Enterprise Architecture
    • Roadmap team

    Outcomes of this step

    • Intake analysis
    • Goal list
    • Initiative-to-goal map

    Identify who is expecting what from the infrastructure

    "Typically, IT thinks in an IT first, business second, way: 'I have a list of problems and if I solve them, the business will benefit.' This is the wrong way of thinking. The business needs to be thought of first, then IT."

    – Fred Chagnon, Infrastructure Director,
    Info-Tech Research Group

    Info-Tech Insight

    If you're not soliciting input from or delivering on the needs of the various departments in your company, then who is? Be explicit and track how you communicate with each individual unit within your company.

    Mature project portfolio management and enterprise architecture practices are no substitute for understanding your business clientele.

    It may not be a democracy, but listening to everyone's voice is an essential step toward generating a useful roadmap.

    Building good infrastructure requires an understanding of how it will be used. Explicit consultation with stakeholders maximizes a roadmap's usefulness and holds the enterprise accountable in future roadmap iterations as goals change.

    Who are the customers for infrastructure?

    Internal customer examples:

    • Network Operations manager
    • IT Systems manager
    • Webmaster
    • Security manager

    External customer examples:

    • Director of Sales
    • Operations manager
    • Applications manager
    • Clients
    • Partners and consultants
    • Regulators/government

    1.2.1 Intake identification and analysis

    1 hour

    The humble checklist is the single most effective tool to ensure we don't forget someone or something:

    1. Have everyone write down their top five completed projects from last year – one project per sticky note.
    2. Organize everyone's sticky notes on a whiteboard according to input source – did these projects come from the PMO? Directly from a BRM? Service request? VP or LoB management?
    3. Make a MECE list of these sources on the left-hand side of a whiteboard.
    4. On the right-hand side list all the departments or functional business units within the company.
    5. Draw lines from right to left indicating which business units use which input source to request work.
    6. Optional: Rate the efficacy of each input channel – what is the success rate of projects per channel in terms of time, budget, and functionality?

    Discussion:

    1. How clearly do projects and initiatives arrive at infrastructure to be acted on? Do they follow the predictable formal process with all the needed information or is it more ad hoc?
    2. Can we validate that business units are using the correct input channel to request the appropriate work? Does infrastructure have to spend more time validating the requests of any one channel?
    3. Can we identify business units that are underserved? How about overserved? Infrastructure initiatives tend to be near universal in effect – are we forgetting anyone?
    4. Are all these methods passive (order taking), or is there a process for infrastructure to suggest an initiative or project?

    Input

    • Last year's accomplished project list

    Output

    • Work requested workflow and map

    Materials

    • Sticky notes
    • Whiteboard & markers

    Participants

    • Roadmap team

    Case Study

    Building IT governance and digital infrastructure for tech-enabled student experiences

    INDUSTRY: Education
    COMPANY: Collegis Education

    Challenge

    In 2019, Saint Francis University decided to expand its online program offering to reach students outside of its market.

    It had to first transform its operations to deliver a high-quality, technology-enabled student experience on and off campus. The remote location of the campus posed power outages, Wi-Fi issues, and challenges in attracting and retaining the right staff to help the university achieve its goals.

    It began working with an IT consulting firm to build a long-term strategic roadmap.

    Solution

    The consultant designed a strategic multi-year roadmap for digital transformation that would prioritize developing infrastructure to immediately improve the student experience and ultimately enable the university to scale its online programs. The consultant worked with school leadership to establish a virtual CIO to oversee the IT department's strategy and operations. The virtual CIO quickly became a key advisor to the president and board, identifying gaps between technology initiatives and enrollment and revenue targets. St. Francis staff also transitioned to the consultant's technology team, allowing the university to alleviate its talent acquisition and retention challenges.

    Results

    • $200,000 in funds reallocated to help with upgrades due to streamlined technology infrastructure
    • Updated card access system for campus staff and students
    • Active directory implementation for a secure and strong authentication technology
    • An uninterruptible power supply (UPS) backup is installed to ensure power continues in the event of a power outage
    • Upgrade to a reliable, campus-wide Wi-Fi network
    • Behind-the-scenes upgrades like state-of-the-art data centers to stabilize aging technology for greater reliability

    Track your annual activity by business unit – not by input source

    A simple graph showing the breakdown of projects by business unit is an excellent visualization of who is getting the most from infrastructure services.

    Show everyone in the organization that the best way to get anything done is by availing themselves of the roadmap process.

    An image of two bar graphs, # of initiatives requested
by customer; # of initiatives proposed to customer.

    Enable technology staff to engage in business storytelling by documenting known goals in a framework

    Without a goal framework

    Technology-focused IT staff are notoriously disconnected from the business process and are therefore often unable to explain the outcomes of their projects in terms that are meaningful to the business.

    With a goal framework

    When business, IT, and infrastructure goals are aligned, the business story writes itself as you follow the path of cascading goals upward.

    Info-Tech Best Practice

    So many organizations we speak with don't have goals written down. This rarely means that the goals aren't known, rather that they're not clearly communicated.

    When goals aren't clear, personal agendas can take precedence. This is what often leads to the disconnect between what the business wants and what IT is delivering.

    1.2.2 Survey and results analysis

    1 hour

    Infrastructure succeeds by effectively scaling shared resources for the common good. Sometimes that is a matter of aggregating similarities, sometimes by recognizing where specialization is required.

    1. Have every business unit provide their top three to five current goals or objectives for their department. Emphasize that you are requesting their operational objectives, not just the ones they think IT may be able to help them with.
    2. Put each goal on a sticky note (optional: use a unique sticky note or marker color for each department) and place them on a whiteboard.
    3. Group the sticky notes according to common themes.
    4. Rank each grouping according to number of occurrences.

    Discussion:

    1. This is very democratic. Do certain departments' goals carry more weight more than others?
    2. What is the current business prioritization process? Do the results of our activity match with the current published output of this process?
    3. Consider each business goal in the context of infrastructure activity or technology feature or capability. As infrastructure is a lift function existing only to serve the business, it is important to understand our world in context.

    Examples: The VP of Operations is looking to reduce office rental costs over the next three years. The VP of Sales is focused on increasing the number of face-to-face customer interactions. Both can potentially be served by IT activities and technologies that increase mobility.

    Input

    • Business unit input source list

    Output

    • Prioritized list of business goals

    Materials

    • Sticky notes
    • Whiteboard & markers

    Participants

    • Roadmap team

    1.2.3 Goal brainstorming – Affinity diagramming exercise

    1 hour

    Clarify how well you understand what the business wants.

    1. Ask each participant to consider: "What are the top three priorities of the company [this period]?" They should consider not what they think the priorities should be, but their understanding of what business leadership's priorities actually are.
    2. Have each participant write down their three priorities on sticky notes – one per note.
    3. Select a moderator from the group – not the infrastructure leader or the CIO. The moderator will begin by placing (and explaining) their sticky notes on the whiteboard.
    4. Have each participant place and explain their sticky notes on the whiteboard.
    5. The moderator will assist each participant in grouping sticky notes together based on theme.
    6. Groups that become overly large may be broken into smaller, more precise themes.
    7. Once everyone has placed their sticky notes, and the groups have been arranged and rearranged, you should have a visual representation of infrastructure's understanding of the business' priorities.
    8. Let the infrastructure leader and/or CIO place their sticky notes last.

    Discussion:

    Is there a lot of agreement within the group? What does it mean if there are 10 or 15 groups with equal numbers of sticky notes? What does it mean if there are a few top groups and dozens of small outliers?

    How does the group's understanding compare with that of the Director and/or CIO?

    What mechanisms are in place for the business to communicate their goals to infrastructure? Are they effective? Does the team take the time to reimagine those goals and internalize them?

    What does it mean if infrastructure's understanding differs from the business?

    Input

    • Business unit input source list

    Output

    • Prioritized list of business goals

    Materials

    • Sticky notes
    • Whiteboard & markers

    Participants

    • Roadmap team

    Additional Activity

    Now that infrastructure has a consensus on what it thinks the business' goals are, suggest a meeting with leadership to validate this understanding. Once the first picture is drawn, a 30-minute meeting can help clear up any misconceptions.

    Build your own framework or start with these three root value drivers

    With a framework of cascading goals in place, a roadmap is a Rosetta Stone. Being able to map activities back to governance objectives allows you to demonstrate value regardless of the audience you are addressing.

    An image of the framework for developing a roadmap using three root value drivers.

    (Info-Tech, Build a Business-Aligned IT Strategy 2022)

    1.2.4 Goal association exercise and analysis

    1 hour

    Wherever possible use the language of your customers to avoid confusion, but at least ensure that everyone in infrastructure is using a common language.

    1. Take your business strategy or IT strategy or survey response (Activity 1.2.3) or Info-Tech's fundamental goals list (strategic agility, improved cash flow, innovate product, safety, standardize end-user experience) and write them across the top of a whiteboard.
    2. Have everyone write, on a sticky note, their current in-flight initiatives – one per sticky note.
    3. Have each participant then place each of their sticky notes on the whiteboard and draw a line from the initiative to the goal it supports.
    4. The rest of the group should challenge any relationships that seem unsupported or questionable.

    Discussion:

    1. How many goals are you supporting? Are there too many? Are you doing enough to support the right goals?
    2. Is there a shared understanding of the business goals among the infrastructure staff? Or, do questions about meaning keep coming up?
    3. Do you have initiatives that are difficult to express in terms of business goals? Do you have a lot of them or just a few?

    Input

    • Goal list
    • In-flight initiatives list

    Output

    • Initiatives-to-goals map

    Materials

    • Whiteboard & markers

    Participants

    • Roadmap team

    Summary of Accomplishment

    Review performance from last fiscal year.

    • Analyzed and communicated the benefits and value realized from IT's strategic initiatives in the past fiscal year.
    • Analyzed and prioritized diagnostic data insights to communicate IT success stories.
    • Elicited important retrospective information such as KPIs, financials, etc. to build IT's credibility as a strategic business partner.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Phase 2

    Envision Future and Analyze Constraints

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Infrastructure strategy

    1.2 Goal alignment

    2.1 Define your future

    2.2 Conduct constraints analysis

    3.1 Drive business alignment

    3.2. Build the roadmap

    4.1 Identify the audience

    4.2 Process improvement

    and measurements

    This phase will walk you through the following activities:

    • Determine from a greenfield perspective what the future state looks like.
    • Do SWOT analysis on technology you may plan to use in the future.
    • Complete a time study.

    This phase involves the following participants:

    • Roadmap team

    Step 2.1

    Define the future state

    Activities

    2.1.1 Define your future infrastructure vision

    2.1.2 Document desired future state

    2.1.3 Develop a new technology identification process

    2.1.4 Conduct a SWOT analysis

    This step requires the following inputs:

    • Emerging technology interest

    This step involves the following participants:

    • Roadmap team
    • External SMEs

    Outcomes of this step

    • Technology discovery process
    • Technology assessment process
    • Future state vision document

    Future state discussion

    "Very few of us are lucky enough to be one of the first few employees in a new organization. Those of you who get to plan the infrastructure with a blank slate and can focus all of your efforts on doing things right the first time."

    BMC, 2018

    "A company's future state is ultimately defined as the greater vision for the business. It's where you want to be, your long-term goal in terms of the ever-changing state of technology and how that applies to your present-day business."
    "Without a definitive future state, a company will often find themselves lacking direction, making it harder to make pivotal decisions, causing misalignment amongst executives, and ultimately hindering the progression and growth of a company's mission."
    Source: Third Stage Consulting

    "When working with digital technologies, it is imperative to consider how such technologies can enhance the solution. The future state should communicate the vision of how digital technologies will enhance the solutions, deliver value, and enable further development toward even greater value creation."
    Source: F. Milani

    Info-Tech Insight

    Define your infrastructure roadmap as if you had a blank slate – no constraints, no technical debt, and no financial limitations. Imagine your future infrastructure and let that vision drive your roadmap.

    Expertise is not innate; it requires effort and research

    Evaluating new enterprise technology is a process of defining it, analyzing it, and sourcing it.

    • Understand what a technology is in order to have a common frame of reference for discussion. Just as important, understand what it is not.
    • Conduct an internal and external analysis of the technology including an adoption case study.
    • Provide an overview of the vendor landscape, identifying the leading players in the market and how they differentiate their offerings.

    This is not intended to be a thesis grade research project, nor an onerous duty. Most infrastructure practitioners came to the field because of an innate excitement about technology! Harness that excitement and give them four to eight hours to indulge themselves.

    An output of approximately four slides per technology candidate should be sufficient to decided if moving to PoC or pilot is warranted.

    Including this material in the roadmap helps you control the technology conversation with your audience.

    Info-Tech Best Practices

    Don't start from scratch. Recall the original sources from your technology watchlist. Leverage vendors and analyst firms (such as Info-Tech) to give the broad context, letting you focus instead on the specifics relevant to your business.

    Channel emerging technologies to ensure the rising tide floats all boats rather than capsizing your business

    Adopting the wrong new technology can be even more dangerous than failing to adopt any new technology.

    Implementing every new promising technology would cost prodigious amounts of money and time. Know the costs before choosing what to invest in.

    The risk of a new technology failing is acceptable. The risk of that failure disrupting adjacent core functions is unacceptable. Vet potential technologies to ensure they can be safely integrated.

    Best practices for new technologies are nonexistent, standards are in flux, and use cases are fuzzy. Be aware of the unforeseen that will negatively affect your chances of a successful implementation.

    "Like early pioneers crossing the American plains, first movers have to create their own wagon trails, but later movers can follow in the ruts."
    Harper Business, 2014

    Info-Tech Insight

    The right technology for someone else can easily be the wrong technology for your business.

    Even with a mature Enterprise Architecture practice, wrong technology bets can happen. Minimize the chance of this occurrence by making selection an infrastructure-wide activity. Leverage the practical knowledge of the day-to-day operators.

    First Mover

    47% failure rate

    Fast Follower

    8% failure rate

    2.1.1 Create your future infrastructure vision

    1 hour

    Objective: Help teams define their future infrastructure state (assuming zero constraints or limitations).

    1. Ask each participant to ponder the question: "How would the infrastructure look if there were no limitations?" They should consider all aspects of their infrastructure but keep in mind the infrastructure vision and mission statements from phase one, as well as the business goals.
    2. Have each participant write down their ideas on sticky notes – one per note.
    3. Select a moderator and a scribe from the group – not the infrastructure leader or the CIO. The moderator will begin by placing (and explaining) their sticky notes on the whiteboard. The scribe will summarize the results in short statements at the end.
    4. Have each participant place and explain their sticky notes on the whiteboard.
    5. The moderator will assist each participant in grouping sticky notes together based on theme.
    6. Once everyone has placed their sticky notes and groups have been arranged and rearranged, you should have a visual representation of infrastructure's understanding of the business' priorities.
    7. Let the infrastructure leader and/or CIO place their sticky notes last.

    Discussion:

    1. Assume a blank slate as a starting point. No technical debt or financial constraints; nothing holding you back.
    2. Can SaaS, PaaS, or other cloud-based offerings play a role in this future utopia?
    3. Do vendors play a larger or smaller role in your future infrastructure vision?

    Download the IT Infrastructure Strategy and Roadmap Report Template and document your mission and vision statements in Section 1.

    Input

    • Thoughts and ideas about how the future infrastructure should look.

    Output

    • Future state vision

    Materials

    • Sticky notes
    • Whiteboard & markers

    Participants

    • Roadmap team

    2.1.1 Document your future state vision (cont'd)

    Objective: Help teams define their future infrastructure state (assuming zero constraints or limitations).

    1 hour

    Steps:

    1. The scribe will take the groups of suggestions and summarize them in a statement or two, briefly describing the infrastructure in that group.
    2. The statements should be recorded on Tab 2 of the Infrastructure Strategy and Roadmap Tool.

    Discussion:

    • Should the points be listed in any specific order?
    • Include all suggestions in the summary. Remember this is a blank slate with no constraints, and no idea is higher or lower in weight at this stage.
    Infrastructure Future State Vision
    Item Focus Area Future Vision
    1 Email Residing on Microsoft 365
    2 Servers Hosted in cloud - nothing on prem.
    3 Endpoints virtual desktops on Microsoft Azure
    4 Endpoint hardware Chromebooks
    5 Network internet only
    6 Backups cloud based but stored in multiple cloud services
    7

    Download Info-Tech's Infrastructure Strategy and Roadmap Tool and document your future state vision in the Infrastructure Future State tab.

    Input

    • Thoughts and ideas about how the future infrastructure should look.

    Output

    • Future state vision

    Materials

    • Sticky notes
    • Whiteboard & markers

    Participants

    • Roadmap team

    2.1.2 Identification and association exercise

    1 hour

    Formalize what is likely an ad hoc process.

    1. Brainstorm with the group a list of external sources they are currently using to stay abreast of the market.
    2. Organize this list on the left-hand side of a whiteboard, in vendor and vendor-neutral groups.
      1. For each item in the list ask a series of questions:
      2. Is this a push or pull source?
      3. Is this source suited to individual or group consumption?
      4. What is the frequency of this source?
    3. What is the cost of this source to the company?
    4. On the right-hand side of the whiteboard brainstorm a list of internal mechanisms for sharing new technology information. Ask about the audience, distribution mode, and frequency for each of those mechanisms.
    5. Map which of the external sources make it over to internal distribution.

    Discussion:

    1. Are we getting the most value out of our high-cost conferences? Does that information make it from the attendees to the rest of the team?
    2. Do we share information only within our domains? Or across the whole infrastructure practice?
    3. Do we have sufficient diversity of sources? Are we in danger of believing one vendor's particular market interpretation?
    4. How do we select new technologies to explore further? Make it fun – upvotes, for example.

    Input

    • Team knowledge
    • Conference notes
    • Expense reports

    Output

    • Internal socialization process
    • Tech briefings & repository

    Materials

    • Whiteboard & markers

    Participants

    • Roadmap team

    Info-Tech Best Practices

    It is impractical for everyone to present their tech briefing at the monthly meeting. But you want to avoid a one-to-many exercise. Keep the presenter a secret until called on. Those who do not present live can still contribute their material to the technology watchlist database.

    Analyze new technologies for your future state

    Four to eight hours of research per technology can uncover a wealth of relevant information and prepare the infrastructure team for a robust discussion. Key research elements include:

    • Précis: A single page or slide that describes the technology, outlines some of the vendors, and explores the value proposition.
    • SWOT Analysis:
      • Strengths and weaknesses: What does the technology inherently do well (e.g. lots of features) and what does it do poorly (e.g. steep learning curve)?
      • Opportunities and threats: What capabilities can the technology enable (e.g. build PCs faster, remote sensing)? Why would we not want to exploit this technology (e.g. market volatility, M&As)

    a series of four screenshots from the IT Infrastructure Strategy and Roadmap Report Template

    Download the IT Infrastructure Strategy and Roadmap Report Template slides 21, 22, 23 for sample output.

    Position infrastructure as the go-to source for information about new technology

    One way or another, tech always seems to finds its way into infrastructure's lap. Better to stay in front and act as stewards rather than cleanup crew.

    Beware airline magazine syndrome!

    Symptoms

    Pathology
    • Leadership speaking in tech buzzwords
    • Urgent meetings to discuss vaguely defined topics
    • Fervent exclamations of "I don't care how – just get it done!"
    • Management showing up on at your doorstep needing help with their new toy

    Outbreaks tend to occur in close proximity to

    • Industry trade shows
    • Excessive executive travel
    • Vendor BRM luncheons or retreats with leadership
    • Executive golf outings with old college roommates

    Effective treatment options

    1. Targeted regular communication with a technology portfolio analysis customized to the specific goals of the business.
    2. Ongoing PoC and piloting efforts with detailed results reporting.

    While no permanent cure exists, regular treatment makes this chronic syndrome manageable.

    Keep your roadmap horizon in mind

    Technology doesn't have to be bleeding edge. New-to-you can have plenty of value.

    You want to present a curated landscape of technologies, demonstrating that you are actively maintaining expertise in your chosen field.

    Most enterprise IT shops buy rather than develop their technology, which means they want to focus effort on what is market available. The outcome is that infrastructure sponsors and delivers new technologies whose capabilities and features will help the business achieve its goals on this roadmap.

    If you want to think more like a business disruptor or innovator, we suggest working through the blueprint Exploit Disruptive Infrastructure Technology.
    Explore technology five to ten years into the future!

    a quadrant analysis comparing innovation and transformation, as well as two images from Exploit Disruptive Infrastructure Technology.

    Info-Tech Insight

    The ROI of any individual effort is difficult to justify – in aggregate, however, the enterprise always wins!
    Money spent on Google Glass in 2013 seemed like vanity. Certainly, this wasn't enterprise-ready technology. But those early experiences positioned some visionary firms to quickly take advantage of augmented reality in 2018. Creative research tends to pay off in unexpected and unpredictable ways.
    .

    2.1.3 Working session, presentation, and feedback

    1 hour

    Complete a SWOT analysis with future state technology.

    The best research hasn't been done in isolation since the days of da Vinci.

    1. Divide the participants into small groups of at least four people.
    2. Further split those groups into two teams – the red team and the white team.
    3. Assign a technology candidate from the last exercise to each group. Ideally the group should have some initial familiarity with the technology and/or space.
    4. The red team from each group will focus on the weaknesses and threats of the technology. The white team will focus on the strengths and opportunities of the technology.
    5. Set a timer and spend the next 30-40 minutes completing the SWOT analysis.
    6. Have each group present their analysis to the larger team. Encourage conversation and debate. Capture and refine the understanding of the analysis.
    7. Reset with the next technology candidate. Have the participants switch teams within their groups.
    8. Continue until you've exhausted your technology candidates.

    Discussion:

    1. Does working in a group make for better research? Why?
    2. Do you need specific expertise in order to evaluate a technology? Is an outsider (non-expert) view sometimes valuable?
    3. Is it easier to think of the positive or the negative qualities of a technology? What about the internal or external implications?

    Input

    • Technology candidates

    Output

    • Technology analysis including SWOT

    Materials

    • Projector
    • Templates
    • Laptops & internet

    Participants

    • Roadmap team

    Step 2.2

    Constraints analysis

    Activities

    2.2.1 Historical spend analysis

    2.2.2 Conduct a time study

    2.2.3 Identify roadblocks

    This step requires the following inputs:

    • Historical spend and staff numbers
    • Organizational design identification and thought experiment
    • Time study
    • Roadblock brainstorming session
    • Prioritization exercise

    This step involves the following participants:

    • Financial leader
    • HR Leader
    • Roadmap team

    Outcomes of this step

    • OpEx, CapEx, and staffing trends
    • Domain time study
    • Prioritized roadblock list

    2.2.1 Historical spend analysis

    "A Budget is telling your money where to go, instead of wondering where it went."
    -David Ramsay

    "Don't tell me where your priorities are. Show me where you spend your money and I'll tell you what they are"
    -James Frick, Due.com

    Annual IT budgeting aligns with business goals
    a circle showing 68%, broken down into 50% and 18%

    50% of businesses surveyed see that improvements are necessary for IT budgets to align to business goals, while 18% feel they require significant improvements to align to business goals
    Source: ITRG Diagnostics 2022

    Challenges in IT spend visibility

    68%

    Visibility of all spend data for on-prem, SaaS and cloud environments
    Source: Flexera

    The challenges that keep IT leaders up at night

    47%

    Lack of visibility in resource usage and cost
    Source: BMC, 2021

    2.2.1 Build a picture of your financial spending and staffing trends

    Follow the steps below to generate a visualization so you can start the conversation:

    1 hour

    1. Open the Info-Tech Infrastructure Roadmap Financial Spend Analysis Tool.
    2. The Instructions tab will provide guidance, or you can follow the instructions below.
    3. Insert values into the appropriate uncolored blocks in the first 4 rows of the Spend Record Entry tab to reflect the amount spent on IT OpEx, IT CapEx, or staff numbers for the present year (budgeted) as well as the previous five years.
    4. Data input populates cells in subsequent rows to quickly reveal spending ratios.

    an image of the timeline table from the Infrastructure Roadmap Financial Analysis Tool

    Download the Infrastructure Roadmap Financial Analysis Tool
    ( additional Deep Dive available if required)

    Input

    • Historical spend and staff numbers

    Output

    • OpEx, CapEx, and staffing trends for your organization

    Materials

    • Info-Tech's Infrastructure Roadmap Financial Spend Analysis Tool

    Participants

    • Infrastructure leader
    • Financial leader
    • HR leader

    2.2.1 Build a picture of your financial spending and staffing trends (cont'd)

    Continue with the steps below to generate a visualization so you can start the conversation.

    1 hour

    1. Select tab 3 (Results) to reveal a graphical analysis of your data.
    2. Trends are shown in graphs for OpEx, CapEx, and staffing levels as well as comparative graphs to show broader trends between multiple spend and staffing areas.
    3. Some observations worth noting may include the following:
      • Is OpEx spending increasing over time or decreasing?
      • Is CapEx increasing or decreasing?
      • Are OpEx and CapEx moving in the same directions?
      • Are IT staff to total staff ratios increasing or decreasing?
      • Trends will continue in the same direction unless changes are made.

    Download the Infrastructure Roadmap Financial Analysis Tool
    ( additional Deep Dive available if required)

    Input

    • Historical spend and staff numbers

    Output

    • OpEx, CapEx, and staffing trends for your organization

    Materials

    • Info-Tech's Infrastructure Roadmap Financial Spend Analysis Tool

    Participants

    • Infrastructure leader
    • Financial leader
    • HR leader

    Consider perceptions held by the enterprise when dividing infrastructure into domains

    2.2.2 Conduct a time study

    Internal divisions that seem important to infrastructure may have little or even negative value when it comes to users accessing their services.

    Domains are the logical divisions of work within an infrastructure practice. Historically, the organization was based around physical assets: servers, storage, networking, and end-user devices. Staff had skills they applied according to specific best practices using physical objects that provided functionality (computing power, persistence, connectivity, and interface).

    Modern enterprises may find it more effective to divide according to activity (analytics, programming, operations, and security) or function (customer relations, learning platform, content management, and core IT). As a rule, look to your organizational chart; managers responsible for buying, building, deploying, or supporting technologies should each be responsible for their own domain.

    Regardless of structure, poor organization leads to silos of marginally interoperable efforts working against each other, without focus on a common goal. Clearly defined domains ensure responsibility and allow for rapid, accurate, and confident decision making.

    • Server
    • Network
    • Storage
    • End User
    • DevOps
    • Analytics
    • Core IT
    • Security

    Info-Tech Insight

    The medium is the message. Do stakeholders talk about switches or storage or services? Organizing infrastructure to match its external perception can increase communication effectiveness and improve alignment.

    Case Study

    IT infrastructure that makes employees happier

    INDUSTRY: Services
    SOURCE: Network Doctor

    Challenge

    Atlas Electric's IT infrastructure was very old and urgently needed to be refreshed. Its existing server hardware was about nine years old and was becoming unstable. The server was running Windows 2008 R2 server operating systems that was no longer supported by Microsoft; security updates and patches were no longer available. They also experienced slowdowns on many older PCs.

    Recommendations for an upgrade were not approved due to budgetary constraints. Recommendations for upgrading to virtual servers were approved following a harmful phishing attack.

    Solution

    The following improvements to their infrastructure were implemented.

    • Installing a new physical host server running VMWare ESXi virtualization software and hosting four virtual servers.
    • Migration of data and applications to new virtual servers.
    • Upgrading networking equipment and deploying new relays, switches, battery backups, and network management.
    • New server racks to host new hardware.

    Results

    Virtualization, consolidating servers, and desktops have made assets more flexible and simpler to manage.

    Improved levels of efficiency, reliability, and productivity.

    Enhanced security level.

    An upgraded backup and disaster recovery system has improved risk management.

    Optimize where you spend your time by doing a time study

    Infrastructure activity is limited generally by only two variables: money and time. Money is in the hands of the CFO, which leaves us a single variable to optimize.

    Not all time is spent equally, nor is it equally valuable. Analysis lets us communicate with others and gives us a shared framework to decide where our priorities lie.

    There are lots of frameworks to help categorize our activities. Stephen Covey (Seven Habits of Highly Effective People) describes a four-quadrant system along the axes of importance and urgency. Gene Kim, through his character Erik in The Phoenix Project,speaks instead of business projects, internal IT projects, changes, and unplanned work.

    We propose a similar four-category system.

    Project Maintenance

    Administrative

    Reactive

    Planned activity spent pursuing a business objective

    Planned activity spent on the upkeep of existing IT systems

    Planned activity required as a condition of employment

    Unplanned activity requiring immediate response

    This is why we are valuable to our company

    We have it in our power to work to reduce these three in order to maximize our time available for projects

    Survey and analysis

    Perform a quick time study.

    Verifiable data sources are always preferred but large groups can hold each other's inherent biases in check to get a reasonable estimate.

    1 hour

    1. Organize the participants into the domain groups established earlier.
    2. On an index card have each participant independently write down the percentage of time they think their entire domain (not themselves personally) spends during the average month, quarter, or year on:
      1. Admin
      2. Reactive work
      3. Maintenance
    3. Draw a matrix on the whiteboard; collect the index cards and transcribe the results from participants into the matrix.
    4. Add up the three reported time estimates and subtract from 100 – the result is the percentage of time available for/spent on project work.

    Discussion

    1. Certain domains should have higher percentages of reactive work (think Service Desk and Network Operations Center) – can we shift work around to optimize resources?
    2. Why is reactive work the least desirable type? Could we reduce our reactive work by increasing our maintenance work?
    3. From a planning perspective, what are the implications of only having x% of time available for project work?
    4. Does it feel like backing into the project work from adding the other three together provides a reasonable assessment?

    Input

    • Domain groups

    Output

    • Time study

    Materials

    • Whiteboard & markers
    • Index cards

    Participants

    • Roadmap team

    Quickly and easily evaluate all your infrastructure

    Strategic Infrastructure Roadmap Tool, Tab 2, Capacity Analysis

    In order to quickly and easily build some visualizations for the eventual final report, Info-Tech has developed the Strategic Infrastructure Roadmap Tool.

    • Up to five infrastructure domains are supported.
      • For practices that cannot be reasonably collapsed into five domains, multiple copies of the tool can be used and manually stitched together.
    • The tool can be used in either an absolute (total number) or relative mode (percentage of available).
    • By design we specifically don't ask for a project work figure but rather calculate it based on other values.
    • For everything but miscellaneous duties, hard data sources can (and where appropriate should) be leveraged.
      • Reactive work – service desk tool
      • Project work – project management tool
      • Maintenance work – logs or ITSM tool
    • Individual domains' values are calculated, as well as the overall breakdown for the infrastructure practice.
    • Even these rough estimates will be useful during the planning steps throughout the rest of the roadmap process.

    an image of the source capacity analysis page from tab 2 of the Strategic Infrastructure Roadmap Tool

    Please note that this tool requires Microsoft's Power Pivot add-in to be installed if you are using Excel 2010 or 2013. The scatter plot labels on tabs 5 and 8 may not function correctly in Excel 2010.

    Build your roadmap from both the top and the bottom for best results

    Strong IT strategy favors top-down: activities enabling clearly dictated goals. The bottom-up approach aggregates ongoing activities into goals.

    Systematic approach

    External stakeholders prioritize a list of goals requiring IT initiatives to achieve.

    Roadblocks:

    • Multitudes of goals easily overwhelm scant IT resources.
    • Unglamorous yet vital maintenance activities get overlooked.
    • Goals are set without awareness of IT capacity or capabilities.

    Organic approach

    Practitioners aggregate initiatives into logical groups and seek to align them to one or more business goals.

    Roadblocks:

    • Pet initiatives can be perpetuated based on cult of personality rather than alignment to business goals.
    • Funding requests can fall flat when competing against other business units for executive support.

    A successful roadmap respects both approaches.

    an image of two arrows, intersecting with the words Infrastructure Roadmap with the top arrow labeled Systematic, and the bottom arrow being labeled Organic.

    Info-Tech Insight

    Perfection is anathema to practicality. Draw the first picture and not only expect but welcome conflicting feedback! Socialize it and drive the conversation forward to a consensus.

    2.2.3 Brainstorming – Affinity diagramming

    Identify the systemic roadblocks to executing infrastructure projects

    1 hour

    Affinity diagramming is a form of structured brainstorming that works well with larger groups and provokes discussion.

    1. Have each participant write down their top five impediments to executing their projects from last year – one roadblock per sticky note.
    2. Once everyone has written their top five, select a moderator from the group. The moderator will begin by placing (and explaining) their five sticky notes on the whiteboard.
    3. Have each participant then place and explain their sticky notes on the whiteboard.
    4. The moderator will assist participants in grouping sticky notes together based on theme.
    5. Groups that have become overly large may be broken into smaller, more precise themes.
    6. Once everyone has placed their sticky notes, you should be able to visually identify the greatest or most common roadblocks the group perceives.

    Discussion

    Categorize each roadblock identified as either internal or external to infrastructure's control.

    Attempt to understand the root cause of each roadblock. What would you need to ask for in order to remove the roadblock?

    Additional Research

    Also called the KJ Method (after its inventor, Jiro Kawakita, a 1960s Japanese anthropologist), this activity helps organize large amounts of data into groupings based on natural relationships while reducing many social biases.

    Input

    • Last years initiatives and their roadblocks

    Output

    • List of refined Roadblocks

    Materials

    • Sticky notes
    • Whiteboard & markers

    Participants

    • Roadmap team

    2.2.4 Prioritization exercise – Card sorting

    Choose your priorities wisely.

    Which roadblocks do you need to work on? How do you establish a group sense of these priorities? This exercise helps establish priorities while reducing individual bias.

    1 hour

    1. Distribute index cards that have been prepopulated with the roadblocks identified in the previous activity – one full set of cards to each participant.
    2. Have each participant sort their set-in order of perceived priority, highest on top.
    3. Where n=number of cards in the stack, take the n-3 lowest priority cards and put a tick mark in the upper-right-hand corner. Pass these cards to the person on the left, who should incorporate them into their pile (if you start with eight cards you're ticking and passing five cards). Variation: On the first pass, allow everyone to take the most important and least important cards, write "0th" and "NIL" on them, respectively, and set them aside.
    4. Repeat steps 2 and 3 for a total of n times. Treat duplicates as a single card in your hand.
    5. After the final pass, ask each participant to write the priority in the upper-left-hand corner of their top three cards.
    6. Collect all the cards, group by roadblock, count the number of ticks, and take note of the final priority.

    Discussion

    Total the number of passes (ticks) for each roadblock. A large number indicates a notionally low priority. No passes indicates a high priority.

    Are the internal or external roadblocks of highest priority? Were there similarities among participants' 0th and NILs compared to each other or to the final results?

    Input

    • Roadblock list

    Output

    • Prioritized roadblocks

    Materials

    • Index cards

    Participants

    • Roadmap team

    Summary of Accomplishment

    Review performance from last fiscal year

    • Analyzed and communicated the benefits and value realized from IT's strategic initiatives in the past fiscal year.
    • Analyzed and prioritized diagnostic data insights to communicate IT success stories.
    • Elicited important retrospective information such as KPIs, financials, etc. to build IT's credibility as a strategic business partner.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Phase 3

    Align and Build the Roadmap

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Infrastructure strategy

    1.2 Goal alignment

    2.1 Define your future

    2.2 Conduct constraints analysis

    3.1 Drive business alignment

    3.2. Build the roadmap

    4.1 Identify the audience

    4.2 Process improvement

    and measurements

    This phase will walk you through the following activities:

    • Elicit business context from the CIO & IT team
    • Identify key initiatives that support the business
    • Identify key initiatives that enable IT excellence
    • Identify initiatives that drive technology innovation
    • Build initiative profiles
    • Construct your strategy roadmap

    This phase involves the following participants:

    • Roadmap Team

    Step 3.1

    Drive business alignment

    Activities

    3.1.1 Develop a risk framework

    3.1.2 Evaluate technical debt

    This step requires the following inputs:

    • Intake identification and analysis
    • Survey results analysis
    • Goal brainstorming
    • Goal association and analysis

    This step involves the following participants:

    • Business leadership
    • Project Management Office
    • Service Desk
    • Business Relationship Management
    • Solution or Enterprise Architecture
    • Roadmap team

    Outcomes of this step

    • Intake analysis
    • Goal list
    • Initiative-to-goal map

    Speak for those with no voice – regularly review your existing portfolio of IT assets and services

    A chain is only as strong as its weakest link; while you'll receive no accolades for keeping the lights on, you'll certainly hear about it if you don't!

    Time has been a traditional method for assessing the fitness of infrastructure assets – servers are replaced every five years, core switches every seven, laptops and desktops every three. While quick, this framework of assessment is overly simplistic for most modern organizations.

    Building one that is instead based on the likelihood of asset failure plotted against the business impact of that failure is not overly burdensome and yields more practical results. Infrastructure focuses on its strength (assessing IT risk) and validates an understanding with the business regarding the criticality of the service(s) enabled by any given asset.

    Rather than fight on every asset individually, agree on a framework with the business that enables data-driven decision making.

    IT Risk Factors
    Age, Reliability, Serviceability, Conformity, Skill Set

    Business Risk Factors
    Suitability, Capacity, Safety, Criticality

    Info-Tech Insight

    Infrastructure in a cloud-enabled world: As infrastructure operations evolve it is important to keep current with the definition of an asset. Software platforms such as hypervisors and server OS are just as much an asset under the care and control of infrastructure as are cloud services, managed services from third-party providers, and traditional racks and switches.

    3.1.1 Develop a risk framework – Classification exercise

    While it's not necessary for each infrastructure domain to view IT risk identically, any differences should be intensely scrutinized.

    1 hour

    1. Divide the whiteboard along the axes of IT Risk and
      Business Risk (criticality) into quadrants:
      1. High IT Risk & High Biz Risk (upper right)
      2. Low IT Risk & Low Biz Risk (bottom left)
      3. Low IT Risk & High Biz Risk (bottom right)
      4. High IT Risk & Low Biz Risk (upper left)
    2. Have each participant write the names of two or three infrastructure assets or services they are responsible or accountable for – one name per sticky note.
    3. Have each participant come one-at-a-time and place their sticky notes in one quadrant.
    4. As each additional sticky note is placed, verify with the group that the relative positioning of the others is still accurate.

    Discussion:

    1. Most assets should end up in the lower-right quadrant, indicating that IT has lowered the risk of failure commensurate to the business consequences of a failure. What does this imply about assets in the other three quadrants?
    2. Infrastructure is foundational; do we properly document and communicate all dependencies for business-critical services?
    3. What actions can infrastructure take to adjust the risk profile of any given asset?

    Input

    • List of infrastructure assets

    Output

    • Notional risk analysis

    Materials

    • Whiteboard & markers
    • Sticky notes

    Participants

    • Roadmap team

    3.1.2 Brainstorming and prioritization exercise

    Identify the key elements that make up risk in order to refine your framework.

    A shared notional understanding is good, but in order to bring the business onside a documented defensible framework is better.

    1 hour

    1. Brainstorm (possibly using the affinity diagramming technique) the component elements of IT risk.
    2. Ensure you have a non-overlapping set of risk elements. Ensure that all the participants are comfortable with the definitions of each element. Write them on a whiteboard.
    3. Give each participant an equal number (three to five) of voting dots.
    4. As a group have the participants go the whiteboard and use their dots to cast their votes for what they consider to be the most important risk element(s). Participants are free to place any number of their dots on a single element.
    5. Based on the votes cast select a reasonable number of elements with which to proceed.
    6. For each element selected, brainstorm up to six tiers of the risk scale. You can use numbers or words, whichever is most compelling.
      • E.g. Reliability: no failures, >1 incident per year, >1 incident per quarter, >1 incident per month, frequent issues, unreliable.
    7. Repeat the above except with the components of business risk. Alternately, rely on existing business risk documentation, possibly from a disaster recovery or business continuity plan.

    Discussion
    How difficult was it to agree on the definitions of the IT risk elements? What about selecting the scale? What was the voting distribution like? Were there tiers of popular elements or did most of the dots end up on a limited number of elements? What are the implications of having more elements in the analysis?

    Input

    • Notional risk analysis

    Output

    • Risk elements
    • Scale dimensions

    Materials

    • Whiteboard & markers
    • Voting dots

    Participants

    • Roadmap team

    3.1.3 Forced ranking exercise

    Alternate: Identify the key elements that make up risk in order to refine your framework

    A shared notional understanding is good, but in order to bring the business onside a documented defensible framework is better.

    1 hour

    1. Brainstorm (possibly using the affinity diagramming technique) the component elements of IT risk.
    2. Ensure you have a non-overlapping set of risk elements. Ensure that all the participants are comfortable with the definitions of each element. Write them on a whiteboard.
    3. Distribute index cards (one per participant) with the risk elements written down one side.
    4. Ask the participants to rank the elements in order of importance, with 1 being the most important.
    5. Collect the cards and write the ranking results on the whiteboard.
    6. Look for elements with high variability. Also look for the distribution of 1, 2, and 3 ranks.
    7. Based on the results select a reasonable number of elements with which to proceed.
    8. Follow the rest of the procedure from the previous activity.

    Discussion:

    What was the total number of elements required in order to contain the full set of every participant's first-, second-, and third-ranked risks? Does this seem a reasonable number?

    Why did some elements contain both the lowest and highest rankings? Was one (or more) participant thinking consistently different from the rest of the group? Are they seeing something the rest of the group is overlooking?

    This technique automatically puts the focus on a smaller number of elements – is this effective? Or is it overly simplistic and reductionist?

    Input

    • Notional risk analysis

    Output

    • Risk elements

    Materials

    • Whiteboard & markers
    • Index cards

    Participants

    • Roadmap team

    3.1.4 Consensus weighting

    Use your previous notional assessment to inform your risk weightings:

    1 hour

    1. Distribute index cards that have been prepopulated with the risk elements from the previous activity.
    2. Have the participants independently assign a weighting to each element. The assigned weights must add up to 100.
    3. Collect the cards and transcribe the results into a matrix on the whiteboard.
    4. Look for elements with high variability in the responses.
    5. Discuss and come to a consensus figure for each element's weighting.
    6. Select a variety of assets and services from the notional assessment exercise. Ensure that you have representation from all four quadrants.
    7. Using your newly defined risk elements and associated scales, evaluate as a group the values you'd suggest for each asset. Aim for a plurality of opinion rather than full consensus.
    8. Use Info-Tech's Strategic Infrastructure Roadmap Tool to document the elements, weightings, scales, and asset analysis.
    9. Compare the output generated by the tool (Tab 4) with the initial notional assessment.

    Discussion:

    How much framework is too much? Complexity and granularity do not guarantee accuracy. What is the right balance between effort and result?

    Does your granular assessment match your notional assessment? Why or why not? Do you need to go back and change weightings? Or reduce complexity?

    Is this a more reasonable and valuable way of periodically evaluating your infrastructure?

    Input

    • Notional risk analysis

    Output

    • Weighted risk framework

    Materials

    • Whiteboard & markers
    • Index cards
    • Strategic Infrastructure Roadmap Tool

    Participants

    • Roadmap team

    3.1.5 Platform assessment set-up

    Hard work up front allows for year-over-year comparisons

    The value of a risk framework is that once the heavy lifting work of building it is done, the analysis and assessment can proceed very quickly. Once built, the framework can be tweaked as necessary, rather than recreated every year.

    • Open Info-Tech's Strategic Infrastructure Roadmap Tool, Tab 3.
    • Up to eight elements each of IT and business risk can be captured.
      • IT risk elements of end-of-life and dependencies are mandatory and do not count against the eight customizable elements.
    • Every element can have up to six scale descriptors. Populate them from left to right in increasing magnitude of risk.
      • Scale descriptors must be input as string values and not numeric.
    • Each element's scale can be customized from linear to a risk-adverse or risk-seeking curve. We recommend linear.

    an image of the Platform Assessment Setup Page from Info-Tech's Strategic Infrastructure Roadmap Tool,

    IT platform assessment

    Quickly and easily evaluate all your infrastructure.

    Once configured, individual domain teams can spend surprisingly little time answering reasonably simple questions to assess their assets. The common framework lets results be compared between teams and produces a valuable visualization to communication with the business.

    • Open the Strategic Infrastructure Roadmap Tool, Tab 4.
    • The tool has been tested successfully with up to 2,000 asset items. Don't necessarily list every asset; rather, think of the logical groups of assets you'd cycle in or out of your environment.
    • Each asset must be associated with one and only one infrastructure domain and have a defined End of Service Life date.
    • With extreme numbers of assets an additional filter can be useful – the Grouping field allows you to set any number of additional tags to make sorting and filtering easier.
    • Drop-down menus for each risk element are prepopulated with the scale descriptors from Tab 3. Unused elements are greyed out.
    • Each asset can be deemed dependent on up to four additional assets or services. Use this to highlight obscure or undervalued relationships between assets. It is generally not useful to be reminded that everything relies on Cat 6 cabling.

    A series of screenshots from the IT Platform Assessment.

    Prioritized upgrades

    Validate and tweak your framework with the business

    Once the grunt work of inputting all the assets and the associated risk data has been completed, you can tweak the risk profile and sort the data to whatever the business may require.

    • Open Info-Tech's Strategic Infrastructure Roadmap Tool, Tab 5.
    • IT platforms in the upper-right quadrant have an abundance of IT risk and are critical to the business.
    • The visualization can be sorted by selecting the slicers on the left. Sort by:
      • Infrastructure domain
      • Customized grouping tag
      • Top overall risk platforms
    • With extreme numbers of assets an additional filter can be useful. The Grouping field allows you to set any number of additional tags to make sorting and filtering easier.
    • Risk weightings can be individually adjusted to reflect changing business priorities or shared infrastructure understanding of predictive power.
      • In order to make year-over-year comparisons valuable it is recommended that changing IT risk elements should be avoided unless absolutely necessary.

    An image of a scatter plot graph titled Prioritized Upgrades.

    Step 3.2

    Build the roadmap

    Activities

    3.2.1 Build templates and visualize

    3.2.2 Generate new initiatives

    3.2.3 Repatriate shadow IT initiatives

    3.2.4 Finalize initiative candidates

    This step requires the following inputs:

    • Develop an initiative template
    • Restate the existing initiatives with the template
    • Visualize the existing initiatives
    • Brainstorm new initiatives
    • Initiative ranking
    • Solicit, evaluate, and refine shadow IT initiatives
    • Resource estimation

    This step involves the following participants:

    • Roadmap team

    Outcomes of this step

    • Initiative communication template
    • Roadmap visualization diagram

    Tell them what they really need to know

    Templates transform many disparate sources of data into easy-to-produce, easy-to-consume, business-ready documents.

    Develop a high-level document that travels with the initiative from inception through executive inquiry and project management, and finally to execution. Understand an initiative's key elements that both IT and the business need defined and that are relatively static over its lifecycle.

    Initiatives are the waypoints along a roadmap leading to the eventual destination, each bringing you one step closer. Like steps, initiatives need to be discrete: able to be conceptualized and discussed as a single largely independent item. Each initiative must have two characteristics:

    • Specific outcome: Describe an explicit change in the people, processes, or technology of the enterprise.
    • Target end date: When the described outcome will be in effect.

    "Learn a new skill"– not an effective initiative statement.

    "Be proficient in the new skill by the end of the year" – better.

    "Use the new skill to complete a project and present it at a conference by Dec 15" – best!

    Info-Tech Insight

    Bundle your initiatives for clarity and manageability.
    Ruthlessly evaluate if an initiative should stand alone or can be rolled up with another. Fewer initiatives increases focus and alignment, allowing for better communication.

    3.2.1 Develop impactful templates to sell your initiative upstream

    Step 1: Open Info-Tech's Strategic Roadmap Initiative Template. Determine and describe the goals that the initiative is enabling or supporting.
    Step 2: State the current pain points from the end-user or business perspective. Do not list IT-specific pain points here, such as management complexity.
    Step 3: List both the tangible (quantitative) and ancillary (qualitative) benefits of executing the project. These can be pain relievers derived from the pain points, or any IT-specific benefit not captured in Step 1.
    Step 4: List any enabled capability that will come as an output of the project. Avoid technical capabilities like "Application-aware network monitoring." Instead, shoot for business outcomes like "Ability to filter network traffic based on application type."

    An image of the Move to Office 365, with the numbers 1-4 superimposed over the image.  These correspond to steps 1-4 above.

    Info-Tech Insight

    Sell the project to the mailroom clerk! You need to be able to explain the outcome of the project in terms that non-IT workers can appreciate. This is done by walking as far up the goals cascade as you have defined, which gets to the underlying business outcome that the initiative supports.

    Develop impactful templates to sell your initiative upstream (cont'd)

    Strategic Roadmap Initiative Template, p. 2

    Step 5: State the risks to the business for not executing the project (and avoid restating the pain points).
    Step 6: List any known or anticipated roadblocks that may come before, during, or after executing the project. Consider all aspects of people, process, and technology.
    Step 7: List any measurable objectives that can be used to gauge the success of the projects. Avoid technical metrics like "number of IOPS." Instead think of business metrics such as "increased orders per hour."
    Step 8: The abstract is a short 50-word project description. Best to leave it as the final step after all the other aspects of the project (risks and rewards) have been fully fleshed out. The abstract acts as an executive summary – written last, read first.

    An image of the Move to Office 365, with the numbers 5-8 superimposed over the image.  These correspond to steps 5-8 above.

    Info-Tech Insight

    Every piece of information that is not directly relevant to the interests of the audience is a distraction from the value proposition.

    Working session, presentation, and feedback

    Rewrite your in-flight initiatives to ensure you're capturing all the required information:

    1 hour

    1. Have each participant select an initiative they are responsible or accountable for.
    2. Introduce the template and discuss any immediate questions they might have.
    3. Take 15-20 minutes and have each participant attempt to fill out the template for their initiative.
    4. Have each participant present their initiative to the group.
    5. The group should imagine themselves business leaders and push back with questions or clarification when IT jargon is used.
    6. Look to IT leadership in the room for cues as to what hot button items they've encountered from the business executives.
    7. Debate the merits of each section in the template. Adjust and customize as appropriate.

    Discussion:
    Did everyone use the goal framework adopted earlier? Why not?
    Are there recurring topics or issues that business leaders always seem concerned about?
    Of all the information available, what consistently seems to be the talking points when discussing an initiative?

    Input

    • In-flight initiatives

    Output

    • Completed initiatives templates

    Materials

    • Templates
    • Laptops & internet

    Participants

    • Roadmap team

    3.2.2 Visual representations are more compelling than text alone

    Being able to quickly sort and filter data allows you to customize the visualization and focus on what matters to your audience. Any data that is not immediately relevant to them risks becoming a distraction.

    1. Open the Strategic Infrastructure Roadmap Tool, Tabs 6 and 7.
    2. Up to ten goals can be supported. Input the goals into column F of the tool. Be explicit but brief.
    3. Initiatives and Obstacles can be independently defined, and the tool supports up to five subdivisions of each. Initiative by origin source makes for an interesting analysis but initially we recommend simplicity.
    4. Every Initiative and Obstacle must be given a unique name in column H. Context-sensitive drop-downs let you define the subtype and responsible infrastructure domain.
    5. Three pieces of data are captured for each initiative: Business Impact is the qualitative value to the business; Risk is the qualitative likelihood of failure – entirely or partially (e.g. significantly over budget or delayed); and Effort is a relative measure of magnitude ($ or time). Only the value for Effort must be specified.
    6. Every initiative can claim to support one or many goals by placing an "x" in the appropriate column(s).
    7. On Tab 7 you must select the initiative end date (go-live date). You can also document start date, owner, and manager if required. Remember, though, that the tool does not replace proper project management tools.

    A series of screenshots of tables, labeled A-F

    Decoding your visualization

    Strategic Infrastructure Roadmap Tool, Tab 8, "Roadmap"

    Visuals aren't always as clear as we assume them to be.

    An example of a roadmap visualization found in the Strategic Infrastructure Roadmap Tool

    If you could suggest one thing, what would it be?

    The roadmap is likely the best and most direct way to showcase our ideas to business leadership – take advantage of it.

    We've spent an awful lot of time setting the stage, deciding on frameworks so we agree on what is important. We know how to have an effective conversation – now what do we want to say?

    an image of a roadmap, including inputs passing through infrastructure & Operations; to the Move to Office 365 images found earlier in this blueprint.

    Creative thinking, presentation, and feedback

    Since we're so smart – how could we do it better?

    1 hour

    1. Introduce the Roadmap Initiative Template and discuss any immediate questions the participants might have.
    2. Take 15-20 minutes and have each participant attempt to fill out the template for their initiative candidate.
    3. Have each author present their initiative to the group.
    4. The group should imagine themselves business leaders and push back with questions or clarification when IT jargon is used.
    5. Look to IT leadership in the room for cues as to what hot button items they've encountered from the business executives
    6. Debate the merits of each section in the template. Adjust and customize as appropriate.

    Discussion:
    Did everyone use the goal framework adopted earlier? Why not?
    Do we think we can find business buy-in or sponsorship? Why or why not?
    Are our initiatives at odds with or complementary to the ones proposed through the normal channels?

    Input

    • Everything we know

    Output

    • Initiative candidates

    Materials

    • Info-Tech's Infrastructure Roadmap Initiatives Template
    • Laptops & internet

    Participants

    • Roadmap team

    Forced Ranking Exercise

    Showcase only your best and brightest ideas:

    1 hour

    1. Write the initiative titles from the previous exercise across the top of a whiteboard.
    2. Distribute index cards (one per participant) with the initiative titles written down one side.
    3. Ask each participant to rank the initiatives in order of importance, with 1 being the most important.
    4. Collect the cards and write the ranking results on the whiteboard.
    5. Look at the results with an eye toward high variability. Also look for the distribution of 1, 2, and 3 ranks.
    6. Based on the results, select (through democratic vote or authoritarian fiat – Director or CIO) a reasonable number of initiatives.
    7. Refine the selected initiative templates for inclusion in the roadmap.

    Discussion:
    Do participants tend to think their idea is the best and rank it accordingly?
    If so, then is it better to look at the second, third, and fourth rankings for consensus instead?
    What is a reasonable number of initiatives to suggest? How do we limit ourselves?

    Input

    • Infrastructure initiative candidates

    Output

    • Infrastructure initiatives

    Materials

    • Index cards

    Participants

    • Roadmap team

    Who else might be using technology to solve business problems?

    Shadow IT operates outside of the governance and control structure of Enterprise IT and so is, by definition, a problem. an opportunity!

    Except for that one thing they do wrong, that one small technicality, they may well do everything else right.

    Consider:

    1. Shadow IT evolves to solve a problem or enable an activity for a specific group of users.
    2. This infers that because stakeholders spend their own resources resolving a problem or enabling an action, it is a priority.
    3. The technology choices they've made have been based solely on functionality for value, unrestrained by any legacy of previous decisions.
    4. Staffing demands and procedural issues must be modest or nonexistent.
    5. The users must be engaged, receptive to change, and tolerant of stutter steps toward a goal.

    In short, shadow IT can provide fully vetted infrastructure initiatives that with a little effort can be turned into easy wins on the roadmap.

    Info-Tech Insight

    Shadow IT can include business-ready initiatives, needing only minor tweaking to align with infrastructure's best practices.

    3.2.3 Survey and hack-a-thon

    Negotiate amnesty with shadow IT by evaluating their "hacks" for inclusion on the roadmap.

    1 hour

    1. Put out an open call for submissions across the enterprise. Ask "How do you think technology could help you solve one of your pain points?" Be specific.
    2. Gather the responses into a presentable format and assemble the roadmap team.
    3. Use voting dots (three per person) to filter out a shortlist.
    4. Invite the original author to come in and work with a roadmap team member to complete the template.
    5. Reassemble the roadmap team and use the forced ranking exercise to select initiatives to move forward.

    Discussion:
    Did you learn anything from working directly with in-the-trenches staff? Can those learnings be used elsewhere in infrastructure? Or in larger IT?

    Input

    • End-user ideas

    Output

    • Roadmap initiatives

    Materials

    • Whiteboard & markers
    • Voting dots
    • Index cards
    • Templates

    Participants

    • Enthusiastic end users
    • Roadmap team
    • Infrastructure leader

    3.2.4 Consensus estimation

    Exploit the wisdom of groups to develop reasonable estimates.

    1 hour

    Also called scrum poker (in Agile software circles), this method reduces anchoring bias by requiring all participants to formulate and submit their estimates independently and simultaneously.

    Equipment: A typical scrum deck shows the Fibonacci sequence of numbers, or similar progression, with the added values of ∞ (project too big and needs to be subdivided), and a coffee cup (need a break). Use of the (mostly) Fibonacci sequence helps capture the notional uncertainty in estimating larger values.

    1. The infrastructure leader, who will not play, moderates the activity. A "currency" of estimation is selected. This could be person, days, or weeks, or a dollar value in the thousands or tens of thousands – whatever the group feels they can speak to authoritatively.
    2. The author of each initiative gives a short overview, and the participants are given the chance to ask questions and clarify assumptions and risks.
    3. Participants lay a card representing their estimate face down on the table. Estimates are revealed simultaneously.
    4. Participants with the highest and lowest estimates are given a soapbox to offer justification. The author is expected to provide clarifications. The moderator drives the conversation.
    5. The process is repeated until consensus is reached (decided by the moderator).
    6. To structure discussion, the moderator can impose time limits between rounds.

    Discussion:

    How often was the story unclear? How often did participants have to ask for additional information to make their estimate? How many rounds were required to reach consensus?
    Does number of person, days, or weeks, make more sense than dollars? Should we estimate both independently?
    Source: Scrum Poker

    Input

    • Initiative candidates from previous activity

    Output

    • Resourcing estimates

    Materials

    • Scrum poker deck

    Participants

    • Roadmap team

    Hard work up front allows for year-over-year comparisons

    Open the Strategic Infrastructure Roadmap Tool, Tab 6, "Initiatives & Goals" and Tab 7, "Timeline"

    Add your ideas to the visualization.

    • An initiative subtype can be useful here to differentiate infrastructure-sponsored initiatives from traditional ones.
    • Goal alignment is as important as always – ideally you want your sponsored initiatives to fill gaps or support the highest-priority business goals.
    • The longer-term roadmap is an excellent parking lot for ideas, especially ones the business didn't even know they wanted. Make sure to pull those ideas forward, though, as you repeat the process periodically.

    An image containing three screenshots of timeline tables from the Strategic Infrastructure Roadmap Tool

    Pulling it all together – the published report

    We started with eight simple questions. Logically, the answers suggest sections for a published report. Developing those answers in didactic method is effective and popular among technologists as answers build upon each other. Business leaders and journalists, however, know never to bury the lead.

    Report Section Title Roadmap Activity or Step
    Sunshine diagram Visualization
    Priorities Understand business goals
    Who we help Evaluate intake process
    How we can help Create initiatives
    What we're working on Review initiatives
    How you can help us Assess roadblocks
    What is new Assess new technology
    How we spend our day Conduct a time study
    What we have Assess IT platform
    We can do better! Identify process optimizations

    Summary of Accomplishment

    Review performance from last fiscal year

    • Analyzed and communicated the benefits and value realized from IT's strategic initiatives in the past fiscal year.
    • Analyzed and prioritized diagnostic data insights to communicate IT success stories.
    • Elicited important retrospective information such as KPIs, financials, etc. to build IT's credibility as a strategic business partner.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Phase 4

    Communicate and Improve the Process

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Infrastructure strategy

    1.2 Goal alignment

    2.1 Define your future

    2.2 Conduct constraints analysis

    3.1 Drive business alignment

    3.2. Build the roadmap

    4.1 Identify the audience

    4.2 Process improvement

    and measurements

    This phase will walk you through the following activities:

    • Identify authors and target audiences
    • Understand the planning process
    • Identify if the process outputs have value
    • Set up realistic KPIs

    This phase involves the following participants:

    • CIO
    • Roadmap team

    Step 4.1

    Identify the audience

    Activities

    4.1.1 Identify required authors and target audiences

    4.1.2 Planning the process

    4.1.3 Identifying supporters and blockers

    This step requires the following inputs:

    • Identify required authors and target audiences
    • Plan the process
    • Identify supporters and blockers

    This step involves the following participants:

    • CIO
    • Roadmap team

    Outcomes of this step

    • Process schedule
    • Communication strategy

    Again! Again!

    And you thought we were done. The roadmap is a process. Set a schedule and pattern to the individual steps.

    Publishing an infrastructure roadmap once a year as a lead into budget discussion is common practice. But this is just the last in a long series of steps and activities. Balance the effort of each activity against its results to decide on a frequency. Ensure that the frequency is sufficient to allow you to act on the results if required. Work backwards from publication to develop the schedule.

    an image of a circle of questions around the Infrastructure roadmap.

    A lot of work has gone into creating this final document. Does a single audience make sense? Who else may be interested in your promises to the business? Look back at the people you've asked for input. They probably want to know what this has all been about. Publish your roadmap broadly to ensure greater participation in subsequent years.

    4.1.1 Identify required authors and target audiences

    1 hour

    Identification and association

    Who needs to hear (and more importantly believe) your message? Who do you need to hear from? Build a communications plan to get the most from your roadmap effort.

    1. Write your eight roadmap section titles in the middle of a whiteboard.
    2. Make a list of everyone who answered your questions during the creation of this roadmap. Write these names on a single color of sticky notes and place them on the left side.
    3. Make a list of everyone who would be (or should be) interested in what you have to say. Write these names on a different single color of sticky notes and place them on the right side.
    4. Draw lines between the stickies and the relevant section of the roadmap. Solid lines indicate a must have communication while dashed lines indicate a nice-to-have communication.
    5. Come to a consensus.

    Discussion:

    How many people appear in both lists? What are the implications of that?

    Input

    • Roadmap sections

    Output

    • Roadmap audience and contributors list

    Materials

    • Whiteboard & markers
    • Sticky notes

    Participants

    • Roadmap team

    4.1.2 Planning the process and scheduling

    The right conversation at the right time

    Due Date (t) Freq Mode Participants Infrastructure Owner
    Update & Publish

    Start of Budget Planning

    Once

    Report

    IT Steering Committee

    Infrastructure Leader or CIO

    Evaluate Intakes

    (t) - 2 months

    (t) - 8 months

    Biannually

    Review

    PMO

    Service Desk

    Domain Heads

    Assess Roadblocks

    (t) - 2 months

    (t) - 5 months

    (t) - 8 months

    (t) - 11 months

    Quarterly

    Brainstorming & Consensus

    Domain Heads

    Infrastructure Leader

    Time Study

    (t) - 1 month

    (t) - 4 months

    (t) - 7 months

    (t) - 10 months

    Quarterly

    Assessment

    Domain Staff

    Domain Heads

    Inventory Assessment

    (t) - 2 months

    Annually

    Assessment

    Domain Staff

    Domain Heads

    Business Goals

    (t) - 1 month

    Annually

    Survey

    Line of Business Managers

    Infrastructure Leader or CIO

    New Technology Assessment

    monthly

    (t) - 2 months

    Monthly/Annually

    Process

    Domain Staff

    Infrastructure Leader

    Initiative Review

    (t) - 1 month

    (t) - 4 months

    (t) - 7 months

    (t) - 10 months

    Quarterly

    Review

    PMO

    Domain Heads

    Infrastructure Leader

    Initiative Creation

    (t) - 1 month

    Annually

    Brainstorming & Consensus

    Roadmap Team

    Infrastructure Leader

    The roadmap report is just a point-in-time snapshot, but to be most valuable it needs to come at the end of a full process cycle. Know your due date, work backwards, and assign responsibility.

    Discussion:

    1. Do each of the steps make sense? Is the outcome clear and does it flow naturally to where it will be useful?
    2. Is the effort required for each step commensurate with its value? Are we doing to much for not enough return?
    3. Are we acting on the information we're gathering? Is it informing or changing decisions throughout the year or period?

    Input

    • Roadmap sections

    Output

    • Roadmap process milestones

    Materials

    • Whiteboard & markers
    • Template

    Participants

    • Roadmap team

    Tailor your messaging to secure stakeholders' involvement and support

    If your stakeholders aren't on board, you're in serious trouble.

    Certain stakeholders will not only be highly involved and accountable in the process but may also be responsible for approving the roadmap and budget, so it's essential that you get their buy-in upfront.

    an image of a quadrant analysis, comparing levels of influence and support.

    an image of a quadrant analysis, comparing levels of influence and support.

    4.1.3 Identifying supporters and blockers

    Classification and Strategy

    1 hour

    You may want to restrict participation to senior members of the roadmap team only.

    This activity requires a considerable degree of candor in order to be effective. It is effectively a political conversation and as such can be sensitive.

    Steps:

    1. Review your sticky notes from the earlier activity (list of input and output names).
    2. Place each name in the corresponding quadrant of a 2x2 matrix like the one on the right.
    3. Come to a consensus on the placement of each sticky note.

    Input

    • Roadmap audience and contributors list

    Output

    • Communications strategy & plan

    Materials

    • Whiteboard & markers
    • Sticky notes

    Participants

    • Senior roadmap team

    Step 4.2

    Process improvement

    Activities

    4.2.1 Evaluating the value of each process output

    4.2.2 Brainstorming improvements

    4.2.3 Setting realistic measures

    This step requires the following inputs:

    • Evaluating the efficacy of each process output
    • Brainstorming improvements
    • Setting realistic measures

    This step involves the following participants:

    • Roadmap team

    Outcomes of this step

    • Process map
    • Process improvement plan

    Continual improvement

    Not just for the DevOps hipsters!

    You started with a desire – greater satisfaction with infrastructure from the business. All of the inputs, processes, and outputs exist only, and are designed solely, to serve the attainment of that outcome.

    The process outlined is not dogma; no element is sacrosanct. Ruthlessly evaluate the effectiveness of your efforts so you can do better next time.

    You would do no less after a server migration, network upgrade, or EUC rollout.

    Consider these four factors to help make your infrastructure roadmap effort more successful.

    Leadership
    If infrastructure leaders aren't committed, then this will quickly become an exercise of box-checking rather than candid communication.

    Data
    Quantitative or qualitative – always try to go where the data leads. Reduce unconscious bias and be surprised by the insight uncovered.

    Metrics
    Measurement allows management but if you measure the wrong thing you can game the system, cheating yourself out of the ultimate prize.

    Focus
    Less is sometimes more.

    4.2.1 Evaluating the value of each process output

    Understanding why and how individual steps are effective (or not) is how we improve the outcome of any process.

    1 hour

    1. List each of the nine roadmap steps on the left-hand side of a whiteboard.
    2. Ask the participants "Why was this step included? Did it accomplish its objective?" Consider using a reduced scale affinity diagramming exercise for this step.
    3. Consider the priority characteristics of each step; try to be as universal as possible (every characteristic will ideally apply to each step).
    4. Include two columns at the far right: "Improvement" and "Expected Change."
    5. Populate the table. If this is your first time, brainstorm reasonable objectives for your left-hand columns. Otherwise, document the reality of last year and focus on brainstorming the right-hand columns.
    6. Optional: Conduct a thought experiment and brainstorm tension metrics to establish whether the process is driving the outcomes we desire.
    7. Optional: Consider Info-Tech's assertion about the four things a roadmap can do. Brainstorm KPIs that you can measure yearly. What else would you want the roadmap to be able to do?

    Discussion:

    Did the group agree on the intended outcome of each step? Did the group think the step was effective? Was the outcome clear and did it flow naturally to where it was useful?
    Is the effort required for each step commensurate with its value? Are we doing too much for not enough return?
    Are we acting on the information we're gathering? Is it informing or changing decisions throughout the year or period?

    Input

    • Roadmap process steps

    Output

    • Process map
    • Improvement targets & metrics

    Materials

    • Whiteboard & markers
    • Sticky notes
    • Process Map Template (see next slide)

    Participants

    • Roadmap team

    Process map template

    Replace the included example text with your inputs.

    Freq.MethodMeasuresSuccess criteria

    Areas for improvement

    Expected change

    Evaluate intakesBiannuallyPMO Intake & Service RequestsProjects or Initiatives% of departments engaged

    Actively reach out to underrepresented depts.

    +10% engagement

    Assess roadblocksQuarterlyIT All-Staff MeetingRoadblocks% of identified that have been resolved

    Define expected outcomes of removing roadblock

    Measurable improvements

    Time studyQuarterly IT All-Staff MeetingTimeConfidence value of data

    Real data sources (time sheets, tools, etc.)

    85% of sources defensible

    Legacy asset assessmentAnnuallyDomain effortAsset Inventory Completeness of Inventory
    • Compare against Asset Management database
    • Track business activity by enabling asset(s)
    • > 95% accuracy/
      completeness
    • Easier business risk framework conversations
    Understand business goalsAnnuallyRoadmap MeetingGoal listGoal specificity

    Survey or interview leadership directly

    66% directly attributable participation

    New technology assessmentMonthly/AnnuallyTeam/Roadmap MeetingTechnologies Reviewed IT staff participation/# SWOTs

    Increase participation from junior members

    50% presentations from junior members

    Initiative review

    Quarterly

    IT All-Staff Meeting

    • Status Review
    • Template usage
    • Action taken upon review
    • Template uptake
    • Identify predictive factors
    • Improve template
    • 25% of yellow lights to green
    • -50% requests for additional info

    Initiative creation

    Annually Roadmap MeetingInitiatives# of initiatives proposedBusiness uptake+25% sponsorship in 6 months (biz)

    Update and publish

    AnnuallyPDF reportRoadmap Final ReportLeadership engagement Improve audience reach+15% of LoB managers have read the report

    Establish baseline metrics

    Baseline metrics will improve through:

    1. Increased communication. More information being shared to more people who need it.
    2. Better planning. More accurate information being shared.
    3. Reduced lead times. Less due diligence or discovery work required as part of project implementations.
    4. Faster delivery times. Less less-valuable work, freeing up more time to project work.
    Metric description Current metric Future goal
    # of critical incidents resulting from equipment failure per month
    # of service provisioning delays due to resource (non-labor) shortages
    # of projects that involve standing up untested (no prior infrastructure PoC) technologies
    # of PoCs conducted each year
    # of initiatives proposed by infrastructure
    # of initiatives proposed that find business sponsorship in >1yr
    % of long-term projects reviewed as per goal framework
    # of initiatives proposed that are the only ones supporting a business goal
    # of technologies deployed being used by more than the original business sponsor
    # of PMO delays due to resource contention

    Insight Summary

    Insight 1

    Draw the first picture.

    Highly engaged and effective team members are proactive rather than reactive. Instead of waiting for clear inputs from the higher ups, take what you do know, make some educated guesses about the rest, and present that to leadership. Where thinking diverges will be crystal clear and the necessary adjustments will be obvious.

    Insight 2

    Infrastructure must position itself as the broker for new technologies.

    No man is an island; no technology is a silo. Infrastructure's must ensure that everyone in the company benefits from what can be shared, ensure those benefits are delivered securely and reliably, and prevent the uninitiated from making costly technological mistakes. It is easier to lead from the front, so infrastructure must stay on top of available technology.

    Insight 3

    The roadmap is a process that is business driven and not a document.

    In an ever-changing world the process of change itself changes. We know the value of any specific roadmap output diminishes quickly over time, but don't forget to challenge the process itself from time to time. Striving for perfection is a fool's game; embrace constant updates and incremental improvement.

    Insight 4

    Focus on the framework, not the output.

    There usually is no one right answer. Instead make sure both the business and infrastructure are considering common relevant elements and are working from a shared set of priorities. Data then, rather than hierarchical positioning or a d20 Charisma roll, becomes the most compelling factor in making a decision. But since your audience is in hierarchical ascendency over you, make the effort to become familiar with their language.

    4.2.3 Track metrics throughout the project to keep stakeholders informed

    An effective strategic infrastructure roadmap should help to:

    1. Initiate a schedule of infrastructure projects to achieve business goals.
    2. Adapt to feedback from executives on changing business priorities.
    3. Curate a portfolio of enabling technologies that align to the business whether growing or stabilizing.
    4. Manage the lifecycle of aging equipment in order to meet capacity demands.
    Metric description

    Metric goal

    Checkpoint 1

    Checkpoint 2

    Checkpoint 3

    # of critical incidents resulting from equipment failure per month >1
    # of service provisioning delays due to resource (non-labor) shortages >5
    # of projects that involve standing up untested (no prior infrastructure PoC) technologies >10%
    # of PoCs conducted each year 4
    # of initiatives proposed by infrastructure 4
    # of initiatives proposed that find business sponsorship in >1 year 1
    # of initiatives proposed that are the only ones supporting a business goal 1
    % of long-term projects reviewed as per goal framework 100%

    Summary of Accomplishment

    Review performance from last fiscal year

    • Analyzed and communicated the benefits and value realized from IT's strategic initiatives in the past fiscal year.
    • Analyzed and prioritized diagnostic data insights to communicate IT success stories.
    • Elicited important retrospective information such as KPIs, financials, etc. to build IT's credibility as a strategic business partner.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Related Info-Tech Research

    Build a Business-Aligned IT Strategy
    Success depends on IT initiatives clearly aligned to business goals, IT excellence, and driving technology innovation.

    Document your Cloud Strategy
    A cloud strategy might seem like a big project, but it's just a series of smaller conversations. The methodology presented here is designed to facilitate those conversations using a curated list of topics, prompts, participant lists, and sample outcomes. We have divided the strategy into four key areas.

    Develop an IT Asset Management Strategy
    ITAM is a foundational IT service that provides accurate, accessible, actionable data on IT assets. But there's no value in data for data's sake. Enable collaboration between IT asset managers, business leaders, and IT leaders to develop an ITAM strategy that maximizes the value they can deliver as service provider.

    Infrastructure & Operations Research Center
    Practical insights, tools, and methodologies to systematically improve IT Infrastructure & Operations.

    Summary of Accomplishment

    Knowledge gained

    • Deeper understanding of business goals and priorities
    • Key data the business requires for any given initiative
    • Quantification of risk
    • Leading criteria for successful technology adoption

    Processes optimized

    • Infrastructure roadmap
    • Initiative creation, estimation, evaluation, and prioritization
    • Inventory assessment for legacy infrastructure debt
    • Technology adoption

    Deliverables completed

    • Domain time study
    • Initiative intake analysis
    • Prioritized roadblock list
    • Goal listing
    • IT and business risk frameworks
    • Infrastructure inventory assessment
    • New technology analyzes
    • Initiative templates
    • Initiative candidates
    • Roadmap visualization
    • Process schedule
    • Communications strategy
    • Process map
    • Roadmap report

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Bibliography

    "10 Essential KPIs for the IT Strategic Planning Process." Apptio Inc, Dec. 2021. Accessed Nov. 2022.
    Amos, Justin. "8 areas your 2022 IT Infrastructure roadmap should cover." Soma, 24 Jan 2022 Accessed Nov. 2022
    Ahmed, Anam. "Importance of Mission Vision in Organizational Strategy." Chron, 14 March 2019. Accessed 10 May 2021. ."
    Barker, Joel A. "Joel A Barker Quote about Vision." Joel A Barker.com. Accessed 10 Nov 2022
    Bhagwat, Swapnil ."Top IT Infrastructure Management Strategies For 2023 , Atlas Systems, 23 Oct 2022. Accessed Nov. 2022.
    Blank, Steve. "You're Better Off Being A Fast Follower Than An Originator." Business Insider. 5 Oct. 2010. Web.
    Bridges, Jennifer . "IT Risk Management Strategies and Best Practices." Project Manager, 6 Dec 2019. Accessed Nov. 2022.
    "Building a Technology Roadmap That Stabilizes and Transforms." Collegis Education. Accessed Dec 2022.
    Collins, Gavin. "WHY AN IT INFRASTRUCTURE ROAD MAP?." Fifth Step, Date unknown. Accessed Nov. 2022.
    "Define the Business Context Needed to Complete Strategic IT Initiatives: 2018 Blueprint - ResearchAndMarkets.com." Business Wire, 1 Feb. 2018. Accessed 9 June 2021.
    De Vos, Colton. “Well-Developed IT Strategic Plan Example." Resolute Tech Solutions, 6 Jan 2020. Accessed Nov. 2022.
    Gray, Dave. "Post-Up." Gamestorming, 15 Oct. 2010. Accessed 10 Nov 2022
    Helm, Clay. "Majority of Surveyed Companies are Not Prepared for IT Needs of the Future." IBM Study, 4 Jan 2021. Accessed Nov. 2022.
    Hertvik, Joe. "8 Components of A Great IT Strategy, BMC Blogs, 29 May. 2020. Accessed Nov. 2022.
    ISACA, "Effective governance at your Fingertips". COBIT Framework, Accessed Dec 2022
    "IT Guiding Principles." Office of Information Technology, NC State University, 2014-2020. Accessed 9 Nov 2022.
    ""IT Infrastructure That Makes Employees Happier." Network Doctor, 2021. Accessed Dec 2022
    "IT Road mapping Helps Dura Remain at the Forefront of Auto Manufacturing." Performance Improvement Partners, ND. Accessed Dec 2022.
    ITtoolkit.com. "The IT Vision: A Strategic Path to Lasting IT Business Alignment." ITtoolkit Magazine, 2020. Accessed 9 June 2021.
    Kark, Khalid. "Survey: CIOs Are CEOs' Top Strategic Partner." CIO Journal, The Wall Street Journal, 22 May 2020. Accessed 11 May 2021.
    Kimberling, Eric. "What is "Future State" and Why is it Important?" Third Stage Consulting, 11 June 2021. Accessed Nov. 2022.
    Kishore. "The True Cost of Keeping the Lights On." Optanix, 1 Feb. 2017. Accessed Nov. 2022.
    Lakein, Alan. Libquotes.
    Mindsight. "THE ULTIMATE GUIDE TO CREATING A TECHNOLOGY ROADMAP" Mind sight, 12 Dec 2021. Accessed Nov. 2022.
    Milani, F. (2019). Future State Analysis. In: Digital Business Analysis. Springer, Cham. https://doi.org/10.1007/978-3-030-05719-0_13
    Newberry, Dennis. "Meeting the Challenges of Optimizing IT Cost and Capacity Management." BMC, 2021, Accessed 12 Nov 2022.
    Peek, Sean. "What Is a Vision Statement?" Business News Daily, 7 May 2020. Accessed 10 Nov 2022.
    Ramos, Diana. "Infrastructure Management 101: A Beginner's Guide to IT Infrastructure Management." Smartsheet.com. 30 Nov 2021. Accessed 09 Dec 2022.
    Ramsey, Dave. "Dave Rant: How to Finally Take Control of Your Money." Ramseysolutions. 26 Aug 2021. Accessed 10 Nov 2022.
    Richards-Gustafson, Flora. "5 Core Operational Strategies." Chron, 8 Mar 2019. Accessed 9 June 2021.
    Richardson, Nigel. "What are the differences between current and future state maps?." Nexus, 18 Oct 2022. Accessed Nov. 2022.
    Roush, Joe. "IT Infrastructure Planning: How To Get Started." BMC. 05 January, 2018. Accessed 24 Jan 2023.
    Shields, Corey. "A Complete Guide to IT Infrastructure Management." Ntiva, 15 Sept. 2020. Accessed 28 Nov. 2022.
    Snow, Shane. "Smartcuts: How Hackers, Innovators, and Icons Accelerate Success." Harper Business, 2014.
    Strohlein, Marc. "The CIO's Guide to Aligning IT Strategy with the Business." IDC, 2019. Accessed Nov 2022.
    Sull, Sull, and Yoder. "No One Knows Your Strategy — Not Even Your Top Leaders." MIT Sloan. 12 Feb 2018. Accessed 26 Jan 2023.
    "Team Purpose & Culture." Hyper Island. Accessed 10 Nov. 2022
    "Tech Spend Pulse, 2022." Flexera, Jan 2022, Accessed 15 Nov 2022
    "Tech Spend Pulse." Flexera, Dec. 2022. Accessed Nov. 2022.
    "The Definitive Guide to Developing an IT Strategy and Roadmap" CIO Pages.com , 5 Aug 13 2022. Accessed 30 Nov. 2022.
    Wei, Jessica. "Don't Tell Me Where Your Priorities Are – James W. Frick." Due.com, 21 Mar 2022. Accessed 23 Nov 2022.
    Zhu, Pearl. "How to Set Guiding Principles for an IT Organization." Future of CIO, 1 July 2013. Accessed 9 June 2021.

    Stakeholder Relations

    • Buy Link or Shortcode: {j2store}25|cart{/j2store}
    • Related Products: {j2store}25|crosssells{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Governance
    • Parent Category Link: /strategy-and-governance

    The challenge

    • Stakeholders come in a wide variety, often with competing and conflicting demands.
    • Some stakeholders are hard to identify. Those hidden agendas may derail your efforts.
    • Understanding your stakeholders' relative importance allows you to prioritize your IT agenda according to the business needs.

    Our advice

    Insight

    • Stakeholder management is an essential factor in how successful you will be.
    • Stakeholder management is a continuous process. The landscape constantly shifts.
    • You must also update your stakeholder management plan and approach on an ongoing basis.

    Impact and results 

    • Use your stakeholder management process to identify, prioritize, and manage key stakeholders effectively.
    • Continue to build on strengthening your relationships with stakeholders. It will help to gain easier buy-in and support for your future initiatives. 

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Make the case

    Identify stakeholders

    • Stakeholder Management Analysis Tool (xls)

    Analyze your stakeholders

    Assess the stakeholder's influence, interest, standing, and support to determine priority for future actions 

    Manage your stakeholders

    Develop your stakeholder management and communication plans

    • Stakeholder Management Plan Template (doc)
    • Communication Plan Template (doc)

    Monitor your stakeholder management plan performance

    Measure and monitor the success of your stakeholder management process.

     

     

    Adopt Design Thinking in Your Organization

    • Buy Link or Shortcode: {j2store}327|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $23,245 Average $ Saved
    • member rating average days saved: 13 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • End users often have a disjointed experience while interacting with your organization in using its products and services.
    • You have been asked by your senior leadership to start a new or revive an existing design or innovation function within your organization. However, your organization has dismissed design thinking as the latest “management fad” and does not buy into the depth and rigor that design thinking brings.
    • The design or innovation function lives on the fringes of your organization due to its apathy towards design thinking or tumultuous internal politics.
    • You, as a CIO, want to improve the user satisfaction with the IT services your team provides to both internal and external users.

    Our Advice

    Critical Insight

    • A user’s perspective while interacting with the products and services is very different from the organization’s internal perspective while implementing and provisioning those. A design-based organization balances the two perspectives to drive user-satisfaction over end-to-end journeys.
    • Top management must have a design thinker – the guardian angel of the balance between exploration (i.e. discovering new business models) and exploitation (i.e. leveraging existing business models).
    • Your approach to adopt design thinking must consider your organization’s specific goals and culture. There’s no one-size-fits-all approach.

    Impact and Result

    • User satisfaction, with the end-to-end journeys orchestrated by your organization, will significantly increase.
    • Design-centric organizations enjoy disproportionate financial rewards.

    Adopt Design Thinking in Your Organization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should adopt design thinking in your organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. What is design thinking?

    The focus of this phase is on revealing what designers do during the activity of designing, and on building an understanding of the nature of design ability. We will formally examine the many definitions of design thinking from experts in this field. At the core of this phase are several case studies that illuminate the various aspects of design thinking.

    • Adopt Design Thinking in Your Organization – Phase 1: What Is Design Thinking?
    • Victor Scheinman's Experiment for Design

    2. How does an organization benefit from design thinking?

    This phase will illustrate the relevance of design in strategy formulation and in service-design. At the core of this phase are several case studies that illuminate these aspects of design thinking. We will also identify the trends impacting your organization and establish a baseline of user-experience with the journeys orchestrated by your organization.

    • Adopt Design Thinking in Your Organization – Phase 2: How Does an Organization Benefit From Design Thinking?
    • Trends Matrix (Sample)

    3. How do you build a design organization?

    The focus of this phase is to:

  • Measure the design-centricity of your organization and subsequently, identify the areas for improvement.
  • Define an approach for a design program that suites your organization’s specific goals and culture.
    • Adopt Design Thinking in Your Organization – Phase 3: How Do You Build a Design Organization?
    • Report on How Design-Centric Is Your Organization (Sample)
    • Approach for the Design Program (Sample)
    • Interview With David Dunne on Design Thinking
    • Interview With David Dunne on Design Thinking (mp3)
    [infographic]

    Workshop: Adopt Design Thinking in Your Organization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 What Is Design Thinking?

    The Purpose

    The focus of this module is on revealing what designers do during the activity of designing, and on building an understanding of the nature of design ability. We will also review the report on the design-centricity of your organization and subsequently, earmark the areas for improvement.

    Key Benefits Achieved

    An intimate understanding of the design thinking

    An assessment of design-centricity of your organization and identification of areas for improvement

    Activities

    1.1 Discuss case studies on how designers think and work

    1.2 Define design thinking

    1.3 Review report from Info-Tech’s diagnostic: How design-centric is your organization?

    1.4 Earmark areas for improvement to raise the design-centricity of your organization

    Outputs

    Report from Info-Tech’s diagnostic: ‘How design-centric is your organization?’ with identified areas for improvement.

    2 How Does an Organization Benefit From Design Thinking?

    The Purpose

    In this module, we will discuss the relevance of design in strategy formulation and service design. At the core of this module are several case studies that illuminate these aspects of design thinking. We will also identify the trends impacting your organization. We will establish a baseline of user experience with the journeys orchestrated by your organization.

    Key Benefits Achieved

    An in-depth understanding of the relevance of design in strategy formulation and service design

    An understanding of the trends that impact your organization

    A taxonomy of critical customer journeys and a baseline of customers’ satisfaction with those

    Activities

    2.1 Discuss relevance of design in strategy through case studies

    2.2 Articulate trends that impact your organization

    2.3 Discuss service design through case studies

    2.4 Identify critical customer journeys and baseline customers’ satisfaction with those

    2.5 Run a simulation of design in practice

    Outputs

    Trends that impact your organization.

    Taxonomy of critical customer journeys and a baseline of customers’ satisfaction with those.

    3 How to Build a Design Organization

    The Purpose

    The focus of this module is to define an approach for a design program that suits your organization’s specific goals and culture.

    Key Benefits Achieved

    An approach for the design program in your organization. This includes aspects of the design program such as its objectives and measures, its model (one of the five archetypes or a hybrid one), and its governance.

    Activities

    3.1 Identify objectives and key measures for your design thinking program

    3.2 Structure your program after reviewing five main archetypes of a design program

    3.3 Balance between incremental and disruptive innovation

    3.4 Review best practices of a design organization

    Outputs

    An approach for your design thinking program: objectives and key measures; structure of the program, etc.

    Prototype With an Innovation Design Sprint

    • Buy Link or Shortcode: {j2store}90|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • The business has a mandate for IT-led innovation.
    • IT doesn’t have the budget it wants for high-risk, high-reward initiatives.
    • Many innovation projects have failed in the past.
    • Many projects that have moved through the approval process failed to meet their expectations.

    Our Advice

    Critical Insight

    • Don’t let perfect be the enemy of good. Think like a start-up and use experimentation and rapid re-iteration to get your innovative ideas off the ground.

    Impact and Result

    • Build and test a prototype in four days using Info-Tech’s Innovation Design Sprint Methodology.
    • Create an environment for co-creation between IT and the business.
    • Learn techniques for socializing and selling your ideas to business stakeholders.
    • Refine your prototype through rapid iteration and user-experience testing.
    • Socialize design thinking culture, tactics, and methods with the business.

    Prototype With an Innovation Design Sprint Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should evaluate your ideas using a design sprint, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand and ideate

    Define the problem and start ideating potential solutions.

    • Prototype With an Innovation Design Sprint – Day 1: Understand and Ideate
    • Prototyping Workbook

    2. Divide and conquer

    Split off into prototyping teams to build and test the first-iteration prototypes

    • Prototype With an Innovation Design Sprint – Day 2: Divide and Conquer
    • Research Study Log Tool

    3. Unite and integrate

    Integrate the best ideas from the first iterations and come up with a team solution to the problem.

    • Prototype With an Innovation Design Sprint – Day 3: Unite and Integrate
    • Prototype One Pager

    4. Build and sell

    Build and test the team’s integrated prototype, decide on next steps, and come up with a pitch to sell the solution to business executives.

    • Prototype With an Innovation Design Sprint – Day 4: Build and Sell
    [infographic]

    Workshop: Prototype With an Innovation Design Sprint

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand and Ideate

    The Purpose

    Align the team around a well-defined business problem and start ideating solutions.

    Key Benefits Achieved

    Ideate solutions in the face of organizational cconstraints and characterize the success of the prototype.

    Activities

    1.1 Frame the problem.

    1.2 Develop evaluation criteria.

    1.3 Diverge and converge.

    Outputs

    Problem statement(s)

    Evaluation criteria

    Ideated solutions

    2 Divide and Conquer

    The Purpose

    Break off into teams to try and develop solutions that address the problem in unique ways.

    Key Benefits Achieved

    Develop and test a first-iteration prototype.

    Activities

    2.1 Design first prototypes in teams.

    2.2 Conduct UX testing.

    Outputs

    First-iteration prototypes

    User feedback and data

    3 Unite and Integrate

    The Purpose

    Bring the team back together to develop a team vision of the final prototype.

    Key Benefits Achieved

    Integrated, second-iteration prototype.

    Activities

    3.1 Create and deliver prototype pitches.

    3.2 Integrate prototypes.

    Outputs

    Prototype practice pitches

    Second-iteration prototype

    4 Build and Sell

    The Purpose

    Build and test the second prototype and prepare to sell it to business executives.

    Key Benefits Achieved

    Second-iteration prototype and a budget pitch.

    Activities

    4.1 Conduct second round of UX testing.

    4.2 Create one pager and budget pitch.

    Outputs

    User feedback and data

    Prototype one pager and budget pitch

    Identify and Manage Strategic Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}219|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Moreso than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their strategic plans to accommodate risk on an unprecedented level.

    A new global change will impact your organizational strategy at any given time. So, make sure your plans are flexible enough to manage the inevitable consequences.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential strategic impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes affect strategic plans.
    • Organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals.

    Impact and Result

    • Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Risk Impact Tool.

    Identify and Manage Strategic Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Strategic Risk Impacts to Your Organization Deck – Use the research to better understand the negative impacts of vendor actions on your strategic plans.

    Use this research to identify and quantify the potential strategic impacts caused by vendors. Use Info-Tech’s approach to look at the strategic impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Strategic Risk Impacts on Your Organization Storyboard

    2. What If Vendor Strategic Impact Tool – Use this tool to help identify and quantify the strategic impacts of negative vendor actions

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Strategic Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Strategic Risk Impacts on Your Organization

    The world is in a perpetual state of change. Organizations need to build adaptive resiliency into their strategic plans to adjust to ever-changing market dynamics.

    Analyst perspective

    Organizations need to build flexible resiliency into their strategic plans to be able to adjust to ever-changing market dynamics.

    This is a picture of Frank Sewell, Research Director, Vendor Management at Info-Tech Research Group

    Like most people, organizations are poor at assessing the likelihood of risk. If the past few years have taught us anything, it is that the probability of a risk occurring is far more flexible in the formula Risk = Likelihood * Impact than we ever thought possible. The impacts of these risks have been catastrophic, and organizations need to be more adaptive in managing them to strengthen their strategic plans.

    Frank Sewell,
    Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Moreso than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their strategic plans to accommodate risk on an unprecedented level.

    A new global change will impact your organizational strategy at any given time. So, make sure your plans are flexible enough to manage the inevitable consequences.

    Common Obstacles

    Identifying and managing a vendor’s potential strategic impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes affect strategic plans.

    Organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals.

    Info-Tech’s Approach

    Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Impacts Tool.

    Info-Tech Insight

    Organizations must evolve their strategic risk assessments to be more adaptive to respond to global changes in the market. Ongoing monitoring of the market and the vendors tied to company strategies is imperative to achieving success.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    This image depicts a cube divided into six different coloured sections. The sections are labeled: Financial; Reputational; Operational; Strategic; Security; Regulatory & Compliance.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of Scope:

    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Strategic risk impacts

    Potential losses to the organization due to risks to the strategic plan

    • In this blueprint, we’ll explore strategic risks (risks to the Strategic Plans of the organization) and their impacts.
    • Identify potentially disruptive events to assess the overall impact on organizations and implement adaptive measures to correct strategic plans.
    This image depicts a cube divided into six different coloured sections. The section labeled Strategic is highlighted.

    The world is constantly changing

    The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them.

    When the unexpected happens, being able to adapt quickly to new priorities ensures continued long-term business success.

    Below are some things no one expected to happen in the last few years:

    62%

    of IT professionals are more concerned about being a victim of ransomware than they were a year ago.

    82%

    of Microsoft’s non-essential employees shifted to working from home in 2020, joining the 18% already remote.

    89%

    of organizations invested in web conferencing technology to facilitate collaboration.

    Source: Info-Tech Tech Trends Survey 2022

    Strategic risks on a global scale

    Odds are at least one of these is currently affecting your strategic plans

    • Vendor Acquisitions
    • Global Pandemic
    • Global Shortages
    • Gas Prices
    • Poor Vendor Performance
    • Travel Bans
    • War
    • Natural Disasters
    • Supply Chain Disruptions
    • Security Incidents

    Make sure you have the right people at the table to identify and plan to manage impacts.

    Identify & manage strategic risks

    Global Pandemic

    Very few people could have predicted that a global pandemic would interrupt business on the scale experienced today. Organizations should look at their lessons learned and incorporate adaptable preparations into their strategic planning moving forward.

    Vendor Acquisitions

    The IT market is an ever-shifting environment. Larger companies often gobble up smaller ones to control their sectors. Incorporating plans to manage those shifts in ownership will be key to many strategic plans that depend on niche vendor solutions for success. Be sure to monitor the potentially affected markets on an ongoing cadence.

    Global Shortages

    Organizations need to accept that shortages will recur periodically and that preparing for them will significantly increase the success potential of long-term strategic plans. Understand what your business needs to stock for project needs and where those supplies are located, and plan how to rapidly access and distribute them as required if supply chain disruptions occur.

    What to look for in vendors

    Identify strategic risk impacts

    • A vendor acquires many smaller, seemingly irrelevant IT products. Suddenly their revenue model includes aggressive license compliance audits.
      • Ensure that your installed software meets license compliance requirements with good asset management practices.
      • Monitor the market for such acquisitions or news of audits hitting companies.
    • A vendor changes their primary business model from storage and hardware to becoming a self-proclaimed “professional services guru,” relying almost entirely on their name recognition to build their marketing.
      • Be wary of self-proclaimed experts and review their successes and failures with other organizations before adopting them into your business strategy.
      • Review the backgrounds their “experts” have and make sure they have the industry and technical skill sets to perform the services to the required level.

    Not preparing for your growth can delay your goals

    Why can’t I get a new laptop?

    For example:

    • An IT professional services organization plans to take advantage of the growing work-from-home trend to expand its staff by 30% over the coming year.
    • Logically, this should include a review of the necessary tasks involved, including onboarding.
      • Suppose the company does not order enough equipment in preparation to cover the new staff plus routine replacement. In that case, this will delay the output of the new team members immeasurably as they wait for their company equipment and will delay existing staff whose equipment breaks, preventing them from getting back to work efficiently.

    Sometimes an organization has the right mindset to take advantage of the changes in the market but can fail to plan for the particulars.

    When your strategic plan changes, you need to revisit all the steps in the processes to ensure a successful outcome.

    Strategic risks

    Poor or uninformed business decisions can lead to organizational strategic failures

    • Supply chain disruptions and global shortages
      • Geopolitical disruptions and natural disasters have caused unprecedented interruptions to business. Incorporate forecasting of product and ongoing business continuity planning into your strategic plans to adapt as events unfold.
    • Poor vendor performance
      • Consider the impact of a vendor that fails to perform midway through the implementation. Organizations need to be able to manage the impact of replacing that vendor and cutting their losses rather than continuing to throw good money away after bad performance.
    • Vendor acquisitions
      • A lot of acquisition is going on in the market today. Large companies are buying competitors and either imposing new terms on customers or removing the competing products from the market. Prepare options for any strategy tied to a niche product.

    It is important to identify potential risks to strategic plans to manage the risk and be agile enough in planning to adapt to the changing environments.

    Info-Tech Insight
    Few organizations are good at identifying risks to their strategic plan. As a result, almost none realistically plan to monitor, manage, and adapt their strategies to those risks.

    Prepare your strategic risk management for success

    Due diligence will enable successful outcomes

    1. Obtain top-level buy-in; it is critical to success.
    2. Build enterprise risk management (ERM) through incremental improvement.
    3. Focus initial efforts on the “big wins” to prove the process works.
    4. Use existing resources.
    5. Build on any risk management activities that already exist in the organization.
    6. Socialize ERM throughout the organization to gain additional buy‑in.
    7. Normalize the process long term with ongoing updates and continuing education for the organization.

    (Adapted from COSO)

    How to assess strategic risk

    1. Review Organizational Strategy
      Understand the organizational strategy to prepare for the “What If” game exercise.
    2. Identify & Understand Potential Strategic Risks
      Play the “What If” game with the right people at the table.
    3. Create a Risk Profile Packet for Leadership
      Pull all the information together in a presentation document.
    4. Validate the Risks
      Work with leadership to ensure that the proposed risks are in line with their thoughts.
    5. Plan to Manage the Risks
      Lower the overall risk potential by putting mitigations in place.
    6. Communicate the Plan
      It is important not only to have a plan but also to socialize it in the organization for awareness.
    7. Enact the Plan
      Once the plan is finalized and socialized, put it in place with continued monitoring for success.

    Insight summary

    Insight 1

    Organizations build portions of their strategies around chosen vendors and should protect those plans against the risks of unforeseen acquisitions in the market.
    Is your vendor solvent? Does it have enough staff to accommodate your needs? Has its long-term planning been affected by changes in the market? Is it unique in its space?

    Insight 2

    Organizations’ strategic plans need to be adaptable to avoid vendors’ negative actions causing an expedited shift in priorities.
    For example, Philip's recall of ventilators impacted its products and the availability of its competitor’s products as demand overwhelmed the market.

    Insight 3

    Organizations need to become better at risk assessment and actively manage the identified risks to their strategic plans.
    Few organizations are good at identifying risks to their strategic plan. As a result, almost none realistically plan to monitor, manage, and adapt their strategies to those risks.

    Strategic risk impacts are often unanticipated, causing unforeseen downstream effects. Anticipating the potential changes in the global IT market and continuously monitoring vendors’ risk levels can help organizations modify their strategic alignment with the new norms.

    Identifying strategic risk

    Who should be included in the discussion

    • While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make informed decisions.
    • Getting input from operational experts at your organization will enhance the long-term potential for success of your strategies.
    • Involving those who directly manage vendors and understand the market will aid operational experts in determining the forward path for relationships with your current vendors and identifying new emerging potential strategic partners.

    Review your strategic plans for new risks and evolving likelihood on a regular basis.

    Keep in mind Risk = Likelihood x Impact (R=L*I).

    Impact (I) tends to remain the same, while Likelihood (L) is a very flexible variable.

    See the blueprint Build an IT Risk Management Program

    Managing strategic risk impacts

    What can we realistically do about the risks?

    • Review business continuity plans and disaster recovery testing.
    • Institute proper contract lifecycle management.
    • Re-evaluate corporate policies frequently.
    • Develop IT governance and change control.
    • Ensure strategic alignment in contracts.
    • Introduce continual risk assessment to monitor the relevant vendor markets.
      • Regularly review your strategic plans for new risks and evolving likelihood.
      • Risk = Likelihood x Impact (R=L*I)
        • Impact (I) tends to remain the same and be well understood, while Likelihood (L) turns out to be highly variable.
    • Be adaptable and allow for innovations that arise from the current needs.
      • Capture lessons learned from prior incidents to improve over time, and adjust your strategy based on the lessons.

    Organizations need to be reviewing their strategic risk plans considering the likelihood of incidents in the global market.

    Pandemics, extreme weather, and wars that affect global supply chains are a current reality, not unlikely scenarios.

    Ongoing Improvement

    Incorporating lessons learned

    • Over time, despite everyone’s best observations and plans, incidents will catch us off guard.
    • When it happens, follow your incident response plans and act accordingly.
    • An essential step is to document what worked and what did not – collectively known as the “lessons learned.”
    • Use the lessons learned document to devise, incorporate, and enact a better risk management process.

    Sometimes disasters occur despite our best plans to manage them.

    When this happens, it is important to document the lessons learned and improve our plans going forward.

    The “what if” game

    1-3 hours

    Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (or if too small, continue as a single group).
    2. Use the Strategic Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potentials but manage the overall process to keep the discussion pertinent and on track.
    3. Collect the outputs and ask the subject matter experts (SMEs) for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.

    Download the Strategic Risk Impact Tool

    Input Output
    • List of identified potential risk scenarios scored by likelihood and financial impact
    • List of potential management of the scenarios to reduce the risk
    • Comprehensive strategic risk profile on the specific vendor solution
    Materials Participants
    • Whiteboard/flip charts
    • Strategic Risk Impact Tool to help drive discussion
    • Vendor Management – Coordinator
    • Organizational Leadership
    • Operations Experts (SMEs)
    • Legal/Compliance/Risk Manager

    Case Study

    Airline Industry Strategic Adaptation

    Industry: Airline

    Impact categories: Pandemic, Lockdowns, Travel Bans, Increased Fuel Prices

    • In 2019 the airline industry yielded record profits of $35.5 billion.
    • In 2020 the pandemic devastated the industry with losses around $371 billion.
    • The industry leaders engaged experts to conduct a study on how the pandemic impacted them and propose measures to ensure the survival of their industry in the future after the pandemic.
    • They determined that “[p]recise decision-making based on data analytics is essential and crucial for an effective Covid-19 airline recovery plan.”

    Results

    The pandemic prompted systemic change to the overall strategic planning of the airline industry.

    Summary

    Be vigilant and adaptable to change

    • Organizations need to learn how to assess the likelihood of potential risks in the changing global world.
    • Those organizations that incorporate adaptive risk management processes can prepare their strategic plans for greater success.
    • Bring the right people to the table to outline potential risks in the market.
    • Socialize the risk management process throughout the organization to heighten awareness and enable employees to help protect the strategic plan.
    • Incorporate lessons learned from incidents into your risk management process to build better plans for future issues.

    Organizations must evolve their strategic risk assessments to be more adaptive to respond to global changes in the market.

    Ongoing monitoring of the market and the vendors tied to company strategies is imperative to achieving success.

    Related Info-Tech Research

    Identify and Manage Financial Risk Impacts on Your Organization

    This image contains a screenshot from Info-Tech's Identify and Manage Financial Risk Impacts on Your Organization.
    • Vendor management practices educate organizations on the different potential financial impacts that vendors may incur and suggest systems to help manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Identify and Reduce Agile Contract Risk

    This image contains a screenshot from Info-Tech's Identify and Reduce Agile Contract Risk
    • Customer maturity levels with Agile are low, with 67% of organizations using Agile for less than five years.
    • Customer competency levels with Agile are also low, with 84% of organizations stating they are below a high level of competency.
    • Contract disputes are the number one or two types of disputes faced by organizations across all industries.

    Build an IT Risk Management Program

    This image contains a screenshot from Info-Tech's Build an IT Risk Management Program
    • Transform your ad hoc IT risk management processes into a formalized, ongoing program, and increase risk management success.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest risks before they occur.
    • Involve key stakeholders including the business senior management team to gain buy-in and to focus on IT risks most critical to the organization.

    Bibliography

    Olaganathan, Rajee. “Impact of COVID-19 on airline industry and strategic plan for its recovery with special reference to data analytics technology.” Global Journal of Engineering and Technology Advances, vol 7, no 1, 2021, pp. 033-046.

    Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012.

    Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.

    Research Contributors and Experts

    • Frank Sewell
      Research Director, Info-Tech Research Group
    • Steven Jeffery
      Principal Research Director, Info-Tech Research Group
    • Scott Bickley
      Practice Lead, Info-Tech Research Group
    • Donna Glidden
      Research Director, Info-Tech Research Group
    • Phil Bode
      Principal Research Director, Info-Tech Research Group
    • David Espinosa
      Senior Director, Executive Services, Info-Tech Research Group
    • Rick Pittman
      Vice President, Research, Info-Tech Research Group
    • Patrick Philpot
      CISSP
    • Gaylon Stockman
      Vice President, Information Security
    • Jennifer Smith
      Senior Director

    2020 Applications Priorities Report

    • Buy Link or Shortcode: {j2store}159|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Optimization
    • Parent Category Link: /optimization
    • Although IT may have time to look at trends, it does not have the capacity to analyze the trends and turn them into initiatives.
    • IT does not have time to parse trends for initiatives that are relevant to them.
    • The business complains that if IT does not pursue trends the organization will get left behind by cutting-edge competitors. At the same time, when IT pursues trends, the business feels that IT is unable to deal with the basic issues.

    Our Advice

    Critical Insight

    • Take advantage of a trend by first understanding why it is happening and how it is actionable. Build momentum now. Breaking a trend into bite-sized initiatives and building them into your IT foundations enables the organization to maintain pace with competitors and make the technological leap.
    • The concepts of shadow IT and governance are critical. As it becomes easier for the business to purchase its own applications, it will be essential for IT to embrace this form of user empowerment. With a diminished focus on vendor selection, IT will drive the most value by directing its energy toward data and integration governance.

    Impact and Result

    • Determine how to explore, adopt, and optimize the technology and practice initiatives in this report by understanding which core objective(s) each initiative serves:
      • Optimize the effectiveness of the IT organization.
      • Boost the productivity of the enterprise.
      • Enable business growth through technology.

    2020 Applications Priorities Report Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief for a summary of the priorities and themes that an IT organization should focus on this year.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Read the 2020 Applications Priorities Report

    Use Info-Tech's 2020 Applications Priorities Report to learn about the five initiatives that IT should prioritize for the coming year.

    • 2020 Applications Priorities Report Storyboard
    [infographic]

    Modernize Your SDLC

    • Buy Link or Shortcode: {j2store}148|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $30,263 Average $ Saved
    • member rating average days saved: 39 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Today’s rapidly scaling and increasingly complex products create mounting pressure on delivery teams to release new features and changes quickly and with sufficient quality.
    • Many organizations lack the critical capabilities and resources needed to satisfy their growing backlog, jeopardizing product success.

    Our Advice

    Critical Insight

    • Delivery quality and throughput go hand in hand. Focus on meeting minimum process and product quality standards first. Improved throughput will eventually follow.
    • Business integration is not optional. The business must be involved in guiding delivery efforts, and ongoing validation and verification product changes.
    • The software development lifecycle (SDLC) must deliver more than software. Business value is generated through the products and services delivered by your SDLC. Teams must provide the required product support and stakeholders must be willing to participate in the product’s delivery.

    Impact and Result

    • Standardize your definition of a successful product. Come to an organizational agreement of what defines a high-quality and successful product. Accommodate both business and IT perspectives in your definition.
    • Clarify the roles, processes, and tools to support business value delivery and satisfy stakeholder expectations. Indicate where and how key roles are involved throughout product delivery to validate and verify work items and artifacts. Describe how specific techniques and tools are employed to meet stakeholder requirements.
    • Focus optimization efforts on most affected stages. Reveal the health of your SDLC from the value delivery, business and technical practice quality standards, discipline, throughput, and governance perspectives with a diagnostic. Identify and roadmap the solutions to overcome the root causes of your diagnostic results.

    Modernize Your SDLC Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should modernize your SDLC, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Set your SDLC context

    State the success criteria of your SDLC practice through the definition of product quality and organizational priorities. Define your SDLC current state.

    • Modernize Your SDLC – Phase 1: Set Your SDLC Context
    • SDLC Strategy Template

    2. Diagnose your SDLC

    Build your SDLC diagnostic framework based on your practice’s product and process objectives. Root cause your improvement opportunities.

    • Modernize Your SDLC – Phase 2: Diagnose Your SDLC
    • SDLC Diagnostic Tool

    3. Modernize your SDLC

    Learn of today’s good SDLC practices and use them to address the root causes revealed in your SDLC diagnostic results.

    • Modernize Your SDLC – Phase 3: Modernize Your SDLC
    [infographic]

    Workshop: Modernize Your SDLC

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Set Your SDLC Context

    The Purpose

    Discuss your quality and product definitions and how quality is interpreted from both business and IT perspectives.

    Review your case for strengthening your SDLC practice.

    Review the current state of your roles, processes, and tools in your organization.

    Key Benefits Achieved

    Grounded understanding of products and quality that is accepted across the organization.

    Clear business and IT objectives and metrics that dictate your SDLC practice’s success.

    Defined SDLC current state people, process, and technologies.

    Activities

    1.1 Define your products and quality.

    1.2 Define your SDLC objectives.

    1.3 Measure your SDLC effectiveness.

    1.4 Define your current SDLC state.

    Outputs

    Product and quality definitions.

    SDLC business and technical objectives and vision.

    SDLC metrics.

    SDLC capabilities, processes, roles and responsibilities, resourcing model, and tools and technologies.

    2 Diagnose Your SDLC

    The Purpose

    Discuss the components of your diagnostic framework.

    Review the results of your SDLC diagnostic.

    Key Benefits Achieved

    SDLC diagnostic framework tied to your SDLC objectives and definitions.

    Root causes to your SDLC issues and optimization opportunities.

    Activities

    2.1 Build your diagnostic framework.

    2.2 Diagnose your SDLC.

    Outputs

    SDLC diagnostic framework.

    Root causes to SDLC issues and optimization opportunities.

    3 Modernize Your SDLC

    The Purpose

    Discuss the SDLC practices used in the industry.

    Review the scope and achievability of your SDLC optimization initiatives.

    Key Benefits Achieved

    Knowledge of good practices that can improve the effectiveness and efficiency of your SDLC.

    Realistic and achievable SDLC optimization roadmap.

    Activities

    3.1 Learn and adopt SDLC good practices.

    3.2 Build your optimization roadmap.

    Outputs

    Optimization initiatives and target state SDLC practice.

    SDLC optimization roadmap, risks and mitigations, and stakeholder communication flow.

    Mitigate Key IT Employee Knowledge Loss

    • Buy Link or Shortcode: {j2store}511|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $12,314 Average $ Saved
    • member rating average days saved: 13 Average Days Saved
    • Parent Category Name: Lead
    • Parent Category Link: /lead

    Seventy-four percent of organizations do not have a formal process for capturing and retaining knowledge - which, when lost, results in decreased productivity, increased risk, and money out the door.

    Our Advice

    Critical Insight

    • Seventy-four percent of organizations do not have a formal process for capturing and retaining knowledge – which, when lost, results in decreased productivity, increased risk, and money out the door. It’s estimated that Fortune 500 companies lose approximately $31.5 billion each year by failing to share knowledge.
    • Don’t follow a one-size-fits-all approach to knowledge transfer strategy! Right-size your approach based on your business goals.
    • Prioritize knowledge transfer candidates based on their likelihood of departure and the impact of losing that knowledge.
    • Select knowledge transfer tactics based on the type of knowledge that needs to be captured – explicit or tacit.

    Impact and Result

    Successful completion of the IT knowledge transfer project will result in the following outcomes:

    1. Approval for IT knowledge transfer project obtained.
    2. Knowledge and stakeholder risks identified.
    3. Effective knowledge transfer plans built.
    4. Knowledge transfer roadmap built.
    5. Knowledge transfer roadmap communicated and approval obtained.

    Mitigate Key IT Employee Knowledge Loss Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Mitigate Key IT Employee Knowledge Loss Deck – A step-by-step document that walks you through how to transfer knowledge on your team to mitigate risks from employees leaving the organization.

    Minimize risk and IT costs resulting from attrition through effective knowledge transfer.

    • Mitigate Key IT Employee Knowledge Loss Storyboard

    2. Project Stakeholder Register Template – A template to help you identify and document project management stakeholders.

    Use this template to document the knowledge transfer stakeholder power map by identifying the stakeholder’s name and role, and identifying their position on the power map.

    • Project Stakeholder Register Template

    3. IT Knowledge Transfer Project Charter Template – Define your project and lay the foundation for subsequent knowledge transfer project planning

    Use this template to communicate the value and rationale for knowledge transfer to key stakeholders.

    • IT Knowledge Transfer Project Charter Template

    4. IT Knowledge Transfer Risk Assessment Tool – Identify the risk profile of knowledge sources and the knowledge they have

    Use this tool to identify and assess the knowledge and individual risk of key knowledge holders.

    • IT Knowledge Transfer Risk Assessment Tool

    5. IT Knowledge Transfer Plan Template – A template to help you determine the most effective knowledge transfer tactics to be used for each knowledge source by listing knowledge sources and their knowledge, identifying type of knowledge to be transferred and choosing tactics that are appropriate for the knowledge type

    Use this template to track knowledge activities, intended recipients of knowledge, and appropriate transfer tactics for each knowledge source.

    • IT Knowledge Transfer Plan Template

    6. IT Knowledge Identification Interview Guide Template – A template that provides a framework to conduct interviews with knowledge sources, including comprehensive questions that cover what type of knowledge a knowledge source has and how unique the knowledge is

    Use this template as a starting point for managers to interview knowledge sources to extract information about the type of knowledge the source has.

    • IT Knowledge Identification Interview Guide Template

    7. IT Knowledge Transfer Roadmap Presentation Template – A presentation template that provides a vehicle used to communicate IT knowledge transfer recommendations to stakeholders to gain buy-in

    Use this template as a starting point to build your proposed IT knowledge transfer roadmap presentation to management to obtain formal sign-off and initiate the next steps in the process.

    • IT Knowledge Transfer Roadmap Presentation Template
    [infographic]

    Workshop: Mitigate Key IT Employee Knowledge Loss

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    Further reading

    Mitigate Key IT Employee Knowledge Loss

    Transfer IT knowledge before it’s gone.

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    Seventy-four percent of organizations do not have a formal process for capturing and retaining knowledge1 which, when lost, results in decreased productivity, increased risk, and money out the door. You need to:

    • Build a strategic roadmap to retain and share knowledge.
    • Build a knowledge transfer strategy based on your organization’s business goals.
    • Increase departmental efficiencies through increased collaboration.
    • Retain key IT knowledge
    • Improve junior employee engagement by creating development opportunities.
    • Don’t follow a one-size fits all approach. Right-size your approach based on your organizational goals.
    • Prioritize knowledge transfer candidates based on their likelihood of departure and the impact of losing that knowledge.
    • What you’re transferring impacts how you should transfer it. Select knowledge transfer tactics based on the type of knowledge that needs to be captured – explicit or tacit.

    Our client-tested methodology and project steps allow you to tailor your knowledge transfer plan to any size of organization, across industries. Successful completion of the IT knowledge transfer project will result in the following outcomes:

    • Approval for IT knowledge transfer project obtained.
    • Knowledge and stakeholder risks identified.
    • Effective knowledge transfer plans built.
    • Knowledge transfer roadmap built.
    • Knowledge transfer roadmap communicated.

    Info-Tech Insight

    Seventy-four percent of organizations do not have a formal process for capturing and retaining knowledge which, when lost, results in decreased productivity, increased risk, and money out the door.1

    1 McLean & Company, 2016, N=120

    Stop your knowledge from walking out the door

    Today, the value of an organization has less to do with its fixed assets and more to do with its intangible assets. Intangible assets include patents, research and development, business processes and software, employee training, and employee knowledge and capability.

    People (and their knowledge and capabilities) are an organization’s competitive advantage and with the baby boomer retirement looming, organizations need to invest in capturing employee knowledge before the employees leave. Losing employees in key roles without adequate preparation for their departure has a direct impact on the bottom line in terms of disrupted productivity, severed relationships, and missed opportunities.

    Knowledge Transfer (KT) is the process and tactics by which intangible assets – expertise, knowledge, and capabilities – are transferred from one stakeholder to another. A well-devised knowledge transfer plan will mitigate the risk of knowledge loss, yet as many as 74%2 of organizations have no formal approach to KT – and it’s costing them money, reputation, and time.

    84%of all enterprise value on the S&P 500 is intangibles.3

    $31.5 billion lost annually by Fortune 500 companies failing to share knowledge. 1

    74% of organizations have no formal process for facilitating knowledge transfer. 2

    1 Shedding Light on Knowledge Management, 2004, p. 46

    2 McLean & Company, 2016, N=120

    3 Visual Capitalists, 2020

    Losing knowledge will undermine your organization’s strategy in four ways

    In a worst-case scenario, key employees leaving will result in the loss of valuable knowledge, core business relationships, and profits.

    1

    Inefficiency due to “reinvention of the wheel.” When older workers leave and don’t effectively transfer their knowledge, younger generations duplicate effort to solve problems and find solutions.

    2

    Loss of competitive advantage. What and who you know is a tremendous source of competitive edge. Losing knowledge and/or established client relationships hurts your asset base and stifles growth, especially in terms of proprietary or unique knowledge.

    3

    Reduced capacity to innovate. Older workers know what works and what doesn’t, as well as what’s new and what’s not. They can identify the status quo faster, to make way for novel thinking.

    4

    Increased vulnerability. One thing that comes with knowledge is a deeper understanding of risk. Losing knowledge can impede your organizational ability to identify, understand, and mitigate risks. You’ll have to learn through experience all over again.

    Are you part of the 74% of organizations with no knowledge transfer planning in place? Can you afford not to have it?

    Consider this:

    55-60

    67%

    78%

    $14k / minute

    the average age of mainframe workers – making close to 50% of workers over 60.2

    of Fortune 100 companies still use mainframes3 requiring. specialized skills and knowledge

    of CIOs report mainframe applications will remain a key asset in the next decade.1

    is the cost of mainframe outages for an average enterprise.1

    A system failure to a mainframe could be disastrous for organizations that haven’t effectively transferred key knowledge. Now think past the mainframe to key processes, customer/vendor relationships, legal requirements, home grown solutions etc. in your organization.

    What would knowledge loss cost you in terms of financial and reputational loss?

    Source: 1 Big Tech Problem as Mainframes Outlast Workforce

    Source: 2 IT's most wanted: Mainframe programmers

    Source: 3The State of the Mainframe, 2022

    Case Study

    Insurance organization fails to mitigate risk of employee departure and incurs costly consequences – in the millions

    INDUSTRY: Insurance

    SOURCE: ITRG Member

    Challenge

    Solution

    Results

    • A rapidly growing organization's key Senior System Architect unexpectedly fell ill and needed to leave the organization.
    • This individual had been with the organization for more than 25 years and was the primary person in IT responsible for several mission-critical systems.
    • Following this individual’s departure, one of the systems unexpectedly went down.
    • As this individual had always been the go-to person for the system, and issues were few and far between, no one had thought to document key system elements and no knowledge transfer had taken place.
    • The failed system cost the organization more than a million dollars in lost revenue.
    • The organization needed to hire a forensic development team to reverse engineer the system.
    • This cost the organization another $200k in consulting fees plus the additional cost of training existing employees on a system which they had originally been hoping to upgrade.

    Forward thinking organizations use knowledge transfer not only to avoid risks, but to drive IT innovation

    IT knowledge transfer is a process that, at its most basic level, ensures that essential IT knowledge and capabilities don’t leave the organization – and at its most sophisticated level, drives innovation and customer service by leveraging knowledge assets.

    Knowledge Transfer Risks:

    Knowledge Transfer Opportunities:

    ✗ Increased training and development costs when key stakeholders leave the organization.

    ✗ Decreased efficiency through long development cycles.

    ✗ Late projects that tie up IT resources longer than planned, and cost overruns that come out of the IT budget.

    ✗ Lost relationships with key stakeholders within and outside the organization.

    ✗ Inconsistent project/task execution, leading to inconsistent outcomes.

    ✗ IT losing its credibility due to system or project failure from lost information.

    ✗ Customer dissatisfaction from inconsistent service.

    ✓ Mitigated risks and costs from talent leaving the organization.

    ✓ Business continuity through redundancies preventing service interruptions and project delays.

    ✓ Operational efficiency through increased productivity by never having to start projects from scratch.

    ✓ Increased engagement from junior staff through development planning.

    ✓ Innovation by capitalizing on collective knowledge.

    ✓ Increased ability to adapt to change and save time-to-market.

    ✓ IT teams that drive process improvement and improved execution.

    Common obstacles

    In building your knowledge transfer roadmap, the size of your organization can present unique challenges

    How you build your knowledge transfer roadmap will not change drastically based on the size of your organization; however, the scope of your initiative, tactics you employ, and your communication plan for knowledge transfer may change.


    How knowledge transfer projects vary by organization size:

    Small Organization

    Medium Organization

    Large Organization

    Project Opportunities

    ✓ Project scope is much more manageable.

    ✓ Communication and planning can be more manageable.

    ✓ Fewer knowledge sources and receivers can clarify prioritization needs.

    ✓ Project scope is more manageable.

    ✓ Moderate budget for knowledge transfer activities.

    ✓ Communication and enforcement is easier.

    ✓ Budget available to knowledge transfer initiatives.

    ✓ In-house expertise may be available.

    Project Risks

    ✗ Limited resources for the project.

    ✗ In-house expertise is unlikely.

    ✗ Knowledge transfer may be informal and not documented.

    ✗ Limited overlap in responsibilities, resulting in fewer redundancies.

    ✗ Limited staff with knowledge transfer experience for the project.

    ✗ Knowledge assets are less likely to be documented.

    ✗ Knowledge transfer may be a lower priority and difficult to generate buy-in.

    ✗ More staff to manage knowledge transfer for, and much larger scope for the project.

    ✗ Impact of poor knowledge transfer can result in much higher costs.

    ✗Geographically dispersed business units make collaboration and communication difficult.

    ✗ Vast amounts of historical knowledge to capture.

    Capture both explicit and tacit knowledge

    Explicit

    Tacit

    • “What knowledge” – knowledge can be articulated, codified, and easily communicated.
    • Easily explained and captured – documents, memos, speeches, books, manuals, process diagrams, facts, etc.
    • Learn through reading or being told.
    • “How knowledge” – intangible knowledge from an individual’s experience that is more from the process of learning, understanding, and applying information (insights, judgments, and intuition).
    • Hard to verbalize, and difficult to capture and quantify.
    • Learn through observation, imitation, and practice.

    Types of explicit knowledge

    Types of tacit knowledge

    Information

    • Specialized technical knowledge.
    • Unique design capabilities/ methods/ models.
    • Legacy systems, details, passwords.
    • Special formulas/algorithms/ techniques/contacts.

    Process

    • Specialized research and development processes.
    • Proprietary production processes.
    • Decision-making processes.
    • Legacy systems.
    • Variations from documented processes.

    Skills

    • Techniques for executing on processes.
    • Relationship management.
    • Competencies built through deliberate practice enabling someone to act effectively.

    Expertise

    • Company history and values.
    • Relationships with key stakeholders.
    • Tips and tricks.
    • Competitor history and differentiators.

    Examples: reading music, building a bike, knowing the alphabet, watching a YouTube video on karate.

    Examples: playing the piano, riding a bike, reading or speaking a language, earning a black belt in karate.

    Knowledge transfer is not a one-size-fits-all project

    The image contains a picture of Info-Tech's Knowledge Transfer Maturity Model. Level 0: Accidental, goal is not prioritized. Level 1: Stabilize, goal is risk mitigation. Level 2: Proactive, goal is operational efficiency. Level 3: Knowledge Culture, goal is innovation & customer service.

    No formal knowledge transfer program exists; knowledge transfer is ad hoc, or may be conducted through an exit interview only.

    74% of organizations are at level 0.1

    At level one, knowledge transfer is focused around ensuring that high risk, explicit knowledge is covered for all high-risk stakeholders.

    Organizations have knowledge transfer plans for all high-risk knowledge to ensure redundancies exist and leverage this to drive process improvements, effectiveness, and employee engagement.

    Increase end-user satisfaction and create a knowledge value center by leveraging the collective knowledge to solve repeat customer issues and drive new product innovation.

    1 Source: McLean & Company, 2016, N=120

    Assess your fit for this blueprint by considering the following statements

    I’m an IT Leader who…

    Stabilize

    …has witnessed that new employees have recently left or are preparing to leave the organization, and worries that we don’t have their knowledge captured anywhere.

    …previously had to cut down our IT department, and as a result there is a lack of redundancy for tasks. If someone leaves, we don’t have the information we need to continue operating effectively.

    …is worried that the IT department has no succession planning in place and that we’re opening ourselves up to risk.

    Proactive

    …feels like we are losing productivity because the same problems are being solved differently multiple times.

    …worries that different employees have unique knowledge which is critical to performance and that they are the only ones who know about it.

    …has noticed that the processes people are using are different from the ones that are written down.

    …feels like the IT department is constantly starting projects from scratch, and employees aren’t leveraging each other’s information, which is causing inefficiencies.

    …feels like new employees take too long to get up to speed.

    …knows that we have undocumented systems and more are being built each day.

    Knowledge Culture

    …feels like we’re losing out on opportunities to innovate because we’re not sharing information, learning from others’ mistakes, or capitalizing on their successes.

    …notices that staff don’t have a platform to share information on a regular basis, and believes if we brought that information together, we would be able to improve customer service and drive product innovation.

    …wants to create a culture where employees are valued for their competencies and motivated to learn.

    …values knowledge and the contributions of my team.

    This blueprint can help you build a roadmap to resolve each of these pain points. However, not all organizations need to have a knowledge culture. In the next section, we will walk you through the steps of selecting your target maturity model based on your knowledge goals.

    Case Study

    Siemens builds a knowledge culture to drive customer service improvements and increases sales by $122 million

    INDUSTRY: Electronics Engineering

    SOURCE: KM Best Practices

    Challenge

    Solution

    Results

    • As a large electronics and engineering global company, Siemens was facing increased global competition.
    • There was an emphasized need for agility and specialized knowledge to remain competitive.
    • The new company strategy to address competitive forces focused on becoming a knowledge enterprise and improving knowledge-sharing processes.
    • New leadership roles were created to develop a knowledge management culture.
    • “Communities of practice” were created with the goal of “connecting people to people” by allowing them to share best practices and information across departments.
    • An internal information-sharing program was launched that combined chat, database, and search engine capabilities for 12,000 employees.
    • Employees were able to better focus on customer needs based on offering services and products with high knowledge content.
    • With the improved customer focus, sales increased by $122 million and there was a return of $10-$20 per dollar spent on investment in the communities of practice.

    Info-Tech’s approach

    Five steps to future-proof your IT team

    The five steps are in a cycle. The five steps are: Obtain approval for IT knowledge transfer project, Identify your  knowledge and stakeholder risks, Build knowledge transfer plans, Build your knowledge transfer roadmap, Communicate your knowledge transfer roadmap to stakeholders.

    The Info-Tech difference:

    1. Successfully build a knowledge transfer roadmap based on your goals, no matter what market segment or size of business.
    2. Increase departmental efficiencies through increased collaboration.
    3. Retain key IT knowledge.
    4. Improve junior employee engagement by creating development opportunities.

    Use Info-Tech tools and templates

    Project outcomes

    1. Approval for IT knowledge transfer project obtained

    2. Knowledge and stakeholder risks identified

    3. Tactics for individuals’ knowledge transfer identified

    4. Knowledge transfer roadmap built

    5. Knowledge transfer roadmap approved

    Info-Tech tools and templates to help you complete your project deliverables

    Project Stakeholder Register Template

    IT Knowledge Transfer Risk Assessment Tool

    IT Knowledge Identification Interview Guide Template

    Project Planning and Monitoring Tool

    IT Knowledge Transfer Roadmap Presentation Template

    IT Knowledge Transfer Project Charter Template

    IT Knowledge Transfer Plan Template

    Your completed project deliverables

    IT Knowledge Transfer Plans

    IT Knowledge Transfer Roadmap Presentation

    IT Knowledge Transfer Roadmap

    Info-Tech’s methodology to mitigate key IT employee knowledge loss

    1. Initiate

    2. Design

    3. Implement

    Phase Steps

    1. Obtain approval for IT knowledge transfer project.
    2. Identify your knowledge and stakeholder risks.
    1. Build knowledge transfer plans.
    2. Build your knowledge transfer roadmap.
    1. Communicate your knowledge transfer roadmap to stakeholders.

    Phase Outcomes

    • Approval for IT knowledge transfer project obtained.
    • Knowledge and stakeholder risks identified.
    • IT knowledge transfer project charter created.
    • Tactics for individuals’ knowledge transfer identified.
    • Knowledge transfer roadmap built.
    • IT knowledge transfer plans established.
    • IT Knowledge transfer roadmap presented.
    • Knowledge transfer roadmap approved.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    IT Knowledge Transfer Project Charter

    Establish a clear project scope, decision rights, and executive sponsorship for the project.

    The image contains a screenshot of the IT Knowledge Transfer Project Charter.

    IT Knowledge Transfer Risk Assessment Tool

    Identify and assess the knowledge and individual risk of key knowledge holders.

    The image contains a screenshot of the IT Knowledge Transfer Risk Assessment Tool.

    IT Knowledge Identification Interview Guide

    Extract information about the type of knowledge sources have.

    The image contains a screenshot of the IT Knowledge Identification Interview Guide.

    IT Knowledge Transfer Roadmap Presentation

    Communicate IT knowledge transfer recommendations to stakeholders to gain buy-in.

    The image contains a screenshot of the IT Knowledge Transfer Roadmap Presentation.

    Key deliverable:

    IT Knowledge Transfer Plan

    Track knowledge activities, intended recipients, and appropriate transfer tactics for each knowledge source.

    The image contains a screenshot of the IT Knowledge Transfer Plan.

    Blueprint benefits

    IT Benefits

    Business Benefits

    • Business continuity through redundancies preventing service interruptions and project delays.
    • Operational efficiency through increased productivity by never having to start projects from scratch.
    • Increased engagement from junior staff through development planning.
    • IT teams that drive process improvement and improved execution.
    • Mitigated risks and costs from talent leaving the organization.
    • Innovation by capitalizing on collective knowledge.
    • Increased ability to adapt to change and save time-to-market.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “ Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1: Structure the project. Discuss transfer maturity goal and metrics.

    Call #2: Build knowledge transfer plans.

    Call #3: Identify priorities & review risk assessment tool.

    Call #4: Build knowledge transfer roadmap. Determine logistics of implementation.

    Call #5: Determine logistics of implementation.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is five to six calls.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Define the Current and Target State

    Identify Knowledge Priorities

    Build Knowledge Transfer Plans

    Define the Knowledge Transfer Roadmap

    Next Steps and
    Wrap-Up (offsite)

    Activities

    1.1 Have knowledge transfer fireside chat.

    1.2 Identify current and target maturity.

    1.3 Identify knowledge transfer metrics

    1.4 Identify knowledge transfer project stakeholders

    2.1 Identify your knowledge sources.

    2.2 Complete a knowledge risk assessment.

    2.3 Identify knowledge sources’ level of knowledge risk.

    3.1 Build an interview guide.

    3.2 Interview knowledge holders.

    4.1 Prioritize the sequence of initiatives.

    4.2 Complete the project roadmap.

    4.3 Prepare communication presentation.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Organizational benefits and current pain points of knowledge transfer.
    2. Identification of target state of maturity.
    3. Metrics for knowledge transfer.
    4. Project stakeholder register.
    1. List of high risk knowledge sources.
    2. Departure analysis.
    3. Knowledge risk analysis.
    1. Knowledge transfer interview guide.
    2. Itemized knowledge assets.
    1. Prioritized sequence based on target state maturity goals.
    2. Project roadmap.
    3. Communication deck.

    Phase #1

    Initiate your IT knowledge transfer project

    Phase 1

    Phase 2

    Phase 3

    1.1 Obtain approval for project

    1.2 Identify knowledge and stakeholder risks

    2.1 Build knowledge transfer plans

    2.2 Build knowledge transfer roadmap

    3.1 Communicate your roadmap

    This phase will walk you through the following activities:

    • Hold a working session with key stakeholders.
    • Identify your current state of maturity for knowledge transfer.
    • Identify your target state of maturity for knowledge transfer.
    • Define key knowledge transfer metrics.
    • Identify your project team and their responsibilities.
    • Build the project charter and obtain approval.

    This phase involves the following participants:

    • IT Leadership
    • Other key stakeholders

    Step 1.1

    Obtain Approval for Your IT Knowledge Transfer Project

    Activities

    1.1.1 Hold a Working Session With Key Stakeholders

    1.1.2 Conduct a Current and Target State Analysis.

    1.1.3 Identify Key Metrics

    1.1.4 Identify Your Project Team

    1.1.5 Populate an RACI

    1.1.6 Build the Project Charter and Obtain Approval

    Initiate Your IT Knowledge Transfer Project

    The primary goal of this section is to gain a thorough understanding of the reasons why your organization should invest in knowledge transfer and to identify the specific challenges to address.

    Outcomes of this step

    Organizational benefits and current pain points of knowledge transfer

    Hold a working session with the key stakeholders to structure the project

    Don’t build your project charter in a vacuum. Involve key stakeholders to determine the desired knowledge transfer goals, target maturity and KPIs, and ultimately build the project charter.

    Building the project charter as a group will help you to clarify your key messages and help secure buy-in from critical stakeholders up-front, which is key.

    In order to execute on the knowledge transfer project, you will need significant involvement from your IT leadership team. The trouble is that knowledge transfer can be inherently stressful for employees as it can cause concerns around job security. Members of your IT leadership team will also be individuals who need to participate in knowledge transfer, so get them involved upfront. The working session will help stakeholders feel more engaged in the project, which is pivotal for success.

    You may feel like a full project charter isn’t necessary, and depending on your organizational size, it might not be. However, the exercise of building the charter is important regardless. No matter your current climate, some level of socializing the value and plans for knowledge transfer will be necessary.

    Meeting Agenda

    1. Short project introduction
    2. Led by: Project Sponsor

    • Why the project was initiated.
  • Make the case for the project
  • Led by: Project Manager

    • Current state: What project does the project address?
    • Future state: What is our target state of maturity?
  • Success criteria
  • Led by: Project Manager

    • How will success be measured?
  • Define the project team
  • Led by: Project Manager

    • Description of planned project approach.
    • Stakeholder assessment.
    • What is required of the sponsor and stakeholders?
  • Determine next steps
  • Led by: Project Manager

    1.1.1 Key Stakeholder Working Session

    Identify the pain points you’re experiencing with knowledge transfer and some of the benefits which you’d like to see from a program to determine the key objectives By doing so, you’ll get a holistic view of what you need to achieve.

    Collect this information by:

    1. Asking the working group participants (as a whole or in smaller groups) to discuss pain points created by ineffective knowledge transfer practices.
    • Challenges related to stakeholders.
    • Challenges created by process issues.
    • Issues achieving the intended outcome due to ineffective knowledge transfer.
    • Difficulties improving knowledge transfer practices.
  • Discussing opportunities to be gained from improving these practices.
  • Having participants write these down on sticky notes and place them on a whiteboard or flip chart.
  • Reviewing all the points as a group and grouping challenges and benefits into themes.
  • Having the group prioritize the risks and benefits in terms of what the solution “must have,” “should have,” “could have,” and “won’t have.”
  • Documenting this in the IT Knowledge Transfer Charter template.
  • Input Output
    • Reasons for the project
    • Stakeholder requirements
    • Pain point and risks
    • Identified next steps
    • Target state
    • Completed IT Knowledge Transfer Charter
    Materials Participants
    • Agenda (see previous slide)
    • Sticky notes (optional)
    • Pens (optional)
    • Whiteboard (optional
    • Markers (optional)
    • IT leadership

    Examples of Possible Pain Points

    • Employees have recently left or are preparing to leave the organization, and we worry that we don’t have their knowledge captured anywhere.
    • We previously had to cut down our IT department, and as a result there is a lack of redundancy for tasks. If someone leaves, we don’t have the information we need to continue operating effectively.
    • We’re worried that the IT department has no succession planning in place and that we’re opening ourselves up to risk.
    • It feels like we are losing productivity because the same problems are being solved multiple times, differently.
    • We’re worried that different employees have unique knowledge which is critical to performance, and that they are the only ones who know about it.
    • We’ve noticed that the processes people are using are different from the ones that are written down.
    • It feels like the IT department is constantly starting projects from scratch and employees aren’t leveraging each other’s information, which is causing inefficiencies.
    • It feels like new employees take too long to get up to speed.
    • We know that we have undocumented systems and more are being built each day.
    • We feel like we’re losing out on opportunities to innovate because we’re not sharing information, learning from others’ mistakes, or capitalizing on their successes.
    • We’ve noticed that staff don’t have a platform to share information on a regular basis. We believe if we brought that information together, we would be better able to improve customer service and drive product innovation.
    • We want to create a culture where employees are valued for their competencies and motivated to learn.
    • We value knowledge and the contributions of our team.

    1.1.2 Conduct a Current and Target State Analysis

    Identify your current and target state of maturity

    How to determine your current and target state of maturity:

    1. Provide the previous two slides with the details of the maturity assessment to the group, to review.
    2. Ask each participant to individually determine what they think is the IT team’s current state of maturity. After a few minutes, discuss as a group and come to an agreement.
    3. Review each of the benefits and timing for each of the maturity levels. Compare the benefits listed to those that you named in the previous exercise and determine which maturity level best describes your target state.
    4. Discuss as a group and agree on one maturity level.
    5. Review the other levels of maturity and determine what is in and out of scope for the project (hint: higher level benefits would be considered out of scope). Document this in the IT Knowledge Transfer Project Charter template.
    Input Output
    • Knowledge Transfer Maturity Level charts
    • Target maturity level documented in the IT Knowledge Transfer Charter
    Materials Participants
    • Paper and pens
    • Handouts of maturity levels
    • IT Leadership Team

    IT Knowledge Transfer Project Charter Template

    Info-Tech’s Knowledge Transfer Maturity Model

    Depending on the level of maturity you are trying to achieve, a knowledge transfer project could take weeks, months, or even years. Your maturity level depends on the business goal you would like to achieve, and impacts who and what your roadmap targets.

    The image contains a picture of Info-Tech's Knowledge Transfer Maturity Model. Level 0: Accidental, goal is not prioritized. Level 1: Stabilize, goal is risk mitigation. Level 2: Proactive, goal is operational efficiency. Level 3: Knowledge Culture, goal is innovation & customer service.

    Info-Tech Insight

    The maturity levels build on one another; if you start with a project, it is possible to move from a level 0 to a level 1, and once the project is complete, you can advance to a level 2 or 3. However, it’s important to set clear boundaries upfront to limit scope creep, and it’s important to set appropriate expectations for what the project will deliver.

    Knowledge Transfer Maturity Level: Accidental and Stabilize

    Goal

    Description

    Time to implement

    Benefits

    Level 0: Accidental

    Not Prioritized

    • No knowledge transfer process is present.
    • Knowledge transfer is completed in an ad hoc manner.
    • Some transfer may take place through exit interviews.

    N/A

    • Simple to implement and maintain.

    Level 1: Stabilize

    Risk Mitigation

    At level one, knowledge transfer is focused around ensuring that redundancies exist for explicit knowledge for:

    1. ALL high-risk knowledge.
    2. ALL high-risk stakeholders.

    Your high-risk knowledge is any information which is proprietary, unique, or specialized.

    High risk stakeholders are those individuals who are at a higher likelihood of departing the organization due to retirement or disengagement.

    0 – 6 months

    • Mitigates risks from talent leaving the organization.
    • Ensures business continuity through redundancies.
    • Provides stability to sustain high-performing services, and mitigates risks from service interruptions.

    Knowledge Transfer Maturity Level: Proactive and Knowledge Culture

    Goal

    Description

    Time to implement

    Benefits

    Level 2: Proactive

    Operational Efficiency

    Level 2 extends Level 1.

    Once stabilized, you can work on KT initiatives that allow you to be more proactive and cover high risk knowledge that may not be held by those see as high risk individuals.

    Knowledge transfer plans must exist for ALL high risk knowledge.

    3m – 1yr

    • Enhances productivity by reducing need to start projects from scratch.
    • Increases efficiency by tweaking existing processes with best practices.
    • Sees new employees become productive more quickly through targeted development planning.
    • Increases chance that employees will stay at the organization longer, if they can see growth opportunities.
    • Streamlines efficiencies by eliminating redundant or unnecessary processes.

    Level 3: Knowledge Culture

    Drive Innovation Through Knowledge

    Level 3 extends Level 2.

    • Knowledge Transfer covers explicit and tacit information throughout the IT organization.
    • The program should be integrated with leadership development and talent management.
    • Key metrics should be tied to process improvement, innovation, and customer service.

    1-2 years

    • Increases end-user satisfaction by leveraging the collective knowledge to solve repeat customer issues.
    • Drives product innovation through collaboration.
    • Increases employee engagement by recognizing and rewarding knowledge sharing.
    • Increases your ability to adapt to change and save time-to-market through increased learning.
    • Enables the development of new ideas through iteration.
    • Supports faster access to knowledge.

    Select project-specific KPIs

    Use the selected KPIs to track the value of knowledge transfer

    You need to ensure your knowledge transfer initiatives are having the desired effect and adjust course when necessary. Establishing an upfront list of key performance indicators that will be benchmarked and tracked is a crucial step.

    Many organizations overlook the creation of KPIs for knowledge transfer because the benefits are often one step removed from the knowledge transfer itself. However, there are several metrics you can use to measure success.

    Hint: Metrics will vary based on your knowledge transfer maturity goals.

    Metrics For Knowledge Transfer

    Creating KPIs for knowledge transfer is a crucial step that many organizations overlook because the benefits are often one step removed from the knowledge transfer itself. However, there are several qualitative and quantitative metrics you can use to measure success depending on your maturity level goals.

    Stabilize

    • Number of high departure risk employees identified.
    • Number of high-risk employees without knowledge transfer plans.
    • Number of post-retirement knowledge issues.

    Be Proactive

    • Number of issues arising from lack of redundancy.
    • Percentage of high-risk knowledge items without transfer plans.
    • Time required to get new employees up to speed.

    Promote Knowledge Culture

    • Percentage of returned deliverables for rework.
    • Percentage of errors repeated in reports.
    • Number of employees mentoring their colleagues.
    • Number of issues solved through knowledge sharing.
    • Percentage of employees with knowledge transfer/development plans.

    1.1.3 Identify Key Metrics

    Identify key metrics the organization will use to measure knowledge transfer success

    How to determine knowledge transfer metrics:

    1. Assign each participant 1-4 of the desired knowledge transfer benefits and pain points which you identified as priorities.
    2. Independently have them brainstorm how they would measure the success of each, and after 10 minutes, present their thoughts to the group.
    3. Write each of the metric suggestions on a whiteboard and agree to 3-5 benefits which you will track. The metrics you choose should relate to the key pain points you have identified and match your desired maturity level.
    InputOutput
    • Knowledge transfer pain points and benefits
    • 3-5 key metrics to track
    MaterialsParticipants
    • Whiteboard
    • IT Leadership Team

    Identify knowledge transfer project team

    Determine Project Participants

    Pick a Project Sponsor

    • The project participants are the IT managers and directors whose day-to-day lives will be impacted by the knowledge transfer roadmap and its implementation.
    • These individuals will be your roadmap ream and will help with planning. Most of these individuals should be in the workshop, but ensure you have everyone covered. Some examples of individuals you should consider for your team are:
      • Director/Manager Level:
        • Applications
        • Infrastructure
        • Operations
      • Service Delivery Managers
      • Business Relationship Managers
    • The project sponsor should be a member of your IT department’s senior executive team whose goals and objectives will be impacted by knowledge transfer implementation.
      • This is the person you will get to sign-off on the project charter document.
    The image contains a triangle that has been split into three parts. The top section is labelled: Project Sponsor, middle section: Project Participants, and the bottom is labelled Project Stakeholders.

    The project sponsor is the main catalyst for the creation of the roadmap. They will be the one who signs off on the project roadmap.

    The Project Participants are the key stakeholders in your organization whose input will be pivotal to the creation of the roadmap.

    The project stakeholders are the senior executives who have a vested interest in knowledge transfer. Following completion of this workshop, you will present your roadmap to these individuals for approval.

    1.1.4 Identify Your Project Team

    How to define the knowledge transfer project team:

    1. Through discussion, generate a complete list of key stakeholders, considering each of the roles indicated in the chart on the Key Project Management Stakeholders slide. Write their names on a whiteboard.
    2. Using the quadrant template on the next slide, draw the stakeholder power map.
    3. Evaluate each stakeholder on the list based on their level of influence and support of the project. Write the stakeholder’s name on a sticky note and place it in the appropriate place on the grid.
    4. Create an engagement plan based on the stakeholder’s placement.
    5. Use Info-Tech’s Project Stakeholder Register Template to identify and document your project management stakeholders.

    Project Stakeholder Register Template

    Input Output
    • Initial stakeholder analysis
    • Complete list of project participants.
    • Complete project stakeholder register.
    Materials Participants
    • Whiteboard / Flip chart
    • Markers / Pens
    • Project Stakeholder Register Template
    • IT Leadership Team
    • Other stakeholders

    Have a strategic approach for engaging stakeholders to help secure buy-in

    If your IT leadership team isn’t on board, you’re in serious trouble! IT leaders will not only be highly involved in the knowledge transfer project, but they also may be participants, so it’s essential that you get their buy-in for the project upfront.

    Document the results in the Project Stakeholder Register Template; use this as a guide to help structure your communication with stakeholders based on where they fall on the grid.

    How to Manage:

    Focus on increasing these stakeholders’ level of support!

    1. Have a one-on-one meeting to seek their views on critical issues and address concerns.
    2. Identify key pain points they have experienced and incorporate these in the project goal statements.
    3. Where possible, leverage KT champions to help encourage support.
    The image contains a small graph to demonstrate the noise makers, the blockers, the changers, and the helpers.

    Capitalize on champions to drive the project/change.

    1. Use them for internal PR of the objectives and benefits.
    2. Ask them what other stakeholders can be leveraged.
    3. Involve them early in creating project documents.

    How to Manage:

    How to Manage:

    Pick your battles – focus on your noise makers first, and then move on to your blockers.

    1. Determine the level of involvement the blockers will have in the project (i.e. what you will need from them in the future) and determine next steps based on this (one-on-one meeting, group meeting, informal communication, or leveraging helpers/ champions to encourage them).

    Leverage this group where possible to help socialize the program and to help encourage dissenters to support.

    1. Mention their support in group settings.
    2. Focus on increasing their understanding via informal communication.

    How to Manage:

    Key Project Management Stakeholders

    Role

    Project Role

    Required

    CIO

    Will often play the role of project sponsor and should be involved in key decision points.

    IT Managers Directors

    Assist in the identification of high-risk stakeholders and knowledge and will be heavily involved in the development of each transfer plan.

    Project Manager

    Should be in charge of leading the development and execution of the project.

    Business Analysts

    Responsible for knowledge transfer elicitation analysis and validation for the knowledge transfer project.

    Situational

    Technical Lead

    Responsible for solution design where required for knowledge transfer tactics.

    HR

    Will aid in the identification of high-risk stakeholders or help with communication and stakeholder management.

    Legal

    Organizations that are subject to knowledge confidentiality, Sarbanes-Oxley, federal rules, etc. may need legal to participate in planning.

    Ensure coverage of all project tasks

    Populate a Project RACI (Responsible, Accountable, Consulted, Informed) chart

    Apps MGR

    Dev. MGR

    Infra MGR

    Build the project charter

    R

    R

    I

    Identify IT stakeholders

    R

    R

    I

    Identify high risk stakeholders

    R

    A

    R

    Identify high risk knowledge

    I C C

    Validate prioritized stakeholders

    I C R

    Interview key stakeholders

    R R A

    Identify knowledge transfer tactics for individuals

    C C A

    Communicate knowledge transfer goals

    C R A

    Build the knowledge transfer roadmap

    C R A

    Approve knowledge transfer roadmap

    C R C

    1.1.5 Populate an RACI

    Populate a RACI chart to identify who should be responsible, accountable, consulted, and informed for each key activity.

    How to define RACI for the project team:

    1. Write out the list of all stakeholders along the top of a whiteboard. Write out the key project steps along the left-hand side (use this list as a starting point).
    2. For each initiative, identify each team member’s role. Are they:
    3. Responsible: The one responsible for getting the job done.

      Accountable: Only one person can be accountable for each task.

      Consulted: Involvement through input of knowledge and information.

      Informed: Receiving information about process execution and quality.

    4. As you proceed through the project, continue to add tasks and assign responsibility to the RACI chart on the next slide.
    InputOutput
    • Stakeholder list
    • Key project steps
    • Project RACI chart
    MaterialsParticipants
    • Whiteboard
    • IT Leadership Team

    1.1.6 Build the Project Charter and Obtain Sign-off

    Complete the IT knowledge transfer project charter.

    Build the project charter and obtain sign-off from your project sponsor. Use your organization’s project charter if one exists. If not, customize Info-Tech’s IT Knowledge Transfer Project Charter Template to suit your needs.

    The image contains a screenshot of the IT knowledge transfer project charter template.

    IT Knowledge Transfer Project Charter Template

    Step 1.2

    Identify Your Knowledge and Stakeholder Risks

    Activities

    1.2.1 Identify Knowledge Sources

    1.2.2 Complete a Knowledge Risk Assessment

    1.2.3 Review the Prioritized List of Knowledge Sources

    The primary goal of this section is to identify who your primary risk targets are for knowledge transfer.

    Outcomes of this step

    • A list of your high-risk knowledge sources
    • Departure analysis
    • Knowledge risk analysis

    Prioritize your knowledge transfer initiatives

    Throughout this section, we will walk through the following 3 activities in the tool to determine where you need to focus attention for your knowledge transfer roadmap based on knowledge value and likelihood of departure.

    1. Identify Knowledge Sources

    Create a list of knowledge sources for whom you will be conducting the analysis, and identify which sources currently have a transfer plan in place.

    2. Value of Knowledge

    Consider the type of knowledge held by each identified knowledge source and determine the level of risk based on the knowledge:

    1. Criticality
    2. Availability

    3. Likelihood of Departure

    Identify the knowledge source’s risk of leaving the organization based on their:

    1. Age cohort
    2. Engagement level

    This tool contains sensitive information. Do not share this tool with knowledge sources. The BA and Project Manager, and potentially the project sponsor, should be the only ones who see the completed tool.

    The image contains screenshots from the Knowledge Risk Assessment Tool.

    Focus on key roles instead of all roles in IT

    Identify Key Roles

    Hold a meeting with your IT Leadership team, or meet with members individually, and ask these questions to identify key roles:

    • What are the roles that have a significant impact on delivering the business strategy?
    • What are the key differentiating roles for our IT organization?
    • Which roles, if vacant, would leave the organization open to non-compliance with regulatory or legal requirements?
    • Which roles have a direct impact on the customer?
    • Which roles, if vacant, would create system, function, or process failure for the organization?

    Key roles include:

    • Strategic roles: Roles that give the greatest competitive advantage. Often these are roles that involve decision-making responsibility.
    • Core roles: Roles that must provide consistent results to achieve business goals.
    • Proprietary roles: Roles that are tied closely to unique or proprietary internal processes or knowledge that cannot be procured externally. These are often highly technical or specialized.
    • Required roles: Roles that support the department and are required to keep it moving forward day-to-day.
    • Influential roles: Positions filled by employees who are the backbone of the organization, i.e. the go-to people who are the corporate culture.

    Info-Tech Insight

    This step is meant to help speed up and simplify the process for large IT organizations. IT organizations with fewer than 30 people, or organizations looking to build a knowledge culture, can opt to skip this step and include all members of the IT team. This way, everyone is considered and you can prioritize accordingly.

    1.2.1 Identify Key Knowledge Sources

    1. Identify key roles, as shown on the previous slide. This can be done by brainstorming names on sticky notes and placing them on a whiteboard.
    2. Document using IT Knowledge Transfer Risk Assessment Tool Tab 2. Input with first name, last name, department/ IT area, and manager of each identified Knowledge Source.
    3. Also answer the question of whether the Knowledge Source currently has a knowledge transfer plan in place.
    • Not in place
    • Partially in place
    • In place
  • Conduct sanity check: once you have identified key roles, ask – “did we miss anybody?”
  • InputOutput
    • Employee list
    • List of knowledge sources for IT
    MaterialsParticipants
    • IT Knowledge Transfer Risk Assessment Tool.
    • IT Leadership Team

    IT Knowledge Transfer Risk Assessment Tool

    Document key knowledge sources (example)

    Use information about the current state of knowledge transfer plans in your organization to understand your key risks and focus areas.

    The image contains a screenshot of the knowledge source.

    Legend:

    1. Document knowledge source information (name, department, and manager).

    2. Select the current state of knowledge transfer plans for each knowledge source.

    Once you have identified key roles, conduct a sanity check and ask – “did we miss anybody?” For example:

    • There are three systems administrators. One of them, Joe, has been with the organization for 15 years.
    • Joe’s intimate systems knowledge and long-term relationship with one of the plant systems vendors has made him a go-to person during times of operational systems crisis and has resulted in systems support discounts.
    • While the systems administrator role by itself is not considered key (partly due to role redundancy), Joe is a key person to flag for knowledge transfer activities as losing him would make achieving core business goals more difficult.

    Case Study

    Municipal government learns the importance of thorough knowledge source identification after losing key stakeholder

    INDUSTRY: Government

    Challenge

    Solution

    Results

    • A municipal government was introducing a new integration project that was led by their controller.
    • The controller left abruptly, and while the HR department conducted an exit interview, they didn’t realize until after the individual had left how much information was lost.
    • Nobody knew the information needed to complete the integration, so they had to make do with what they had.
    • The Director of IT at the time was the most familiar with the process.
    • Even though she would not normally do this type of project, at the time she was the only person with knowledge of the process and luckily was able to complete the integration.
    • The Director of IT had to put other key projects on hold, and lost productivity on other prioritized work.
    • The organization realized how much they were at risk and changed how they approached knowledge. They created a new process to identify “single point of failures” and label people as high risk. These processes started with the support organization’s senior level key people to identify their processes and record everything they do and what they know.

    Identify employees who may be nearing retirement and flag them as high risk

    Risk Parameter

    Description

    How to Collect this Data:

    Age Cohort

    • 60+ years of age or older, or anyone who has indicated they will be retiring within five years (highest risk).
    • Employees in their early 50s: are still many years away from retirement but have a sufficient number of years remaining in their career to make a move to a new role outside of your organization.
    • Employees in their late 50s: are likely more than five years away from retirement but are less likely than younger employees to leave your organization for another role because of increasing risk in making such a move, and persistent employer unwillingness to hire older employees.
    • Employees under 50: should never be considered low risk only based on age – which is why the second component of stakeholder risk is engagement.

    For those people on your shortlist, pull some hard demographic data.

    Compile a report that breaks down employees into age-based demographic groups.

    Flag those over the age of 50 – they’re in the “retirement zone” and could decide to leave at any time.

    Check to see which stakeholders identified fall into the “over 50” age demographic.

    Document this information in the IT Knowledge Transfer Risk Assessment Tool.

    Info-Tech Insight

    150% of an employee’s base salary and benefits is the estimated cost of turnover according to The Society of Human Resource Professionals.1

    1McLean & Company, Make the Case for Employee Engagement

    Identify disengaged employees who may be preparing to leave the organization

    Risk Parameter

    Description

    How to Collect this Data:

    Engagement

    An engaged stakeholder is energized and passionate about their work, leading them to exert discretionary effort to drive organizational performance (lowest risk).

    An almost engaged stakeholder is generally passionate about their work. At times they exert discretionary effort to help achieve organizational goals.

    Indifferent employees are satisfied, comfortable, and generally able to meet minimum expectations. They see their work as “just a job,” prioritizing their needs before organizational goals.

    Disengaged employees have little interest in their job and the organization and often display negative attitudes (highest risk).

    Option 1:

    The optimal approach for determining employee engagement is through an engagement survey. See McLean & Company for more details.

    Option 2:

    Ask the identified stakeholder’s manager to provide an assessment of their engagement either independently or via a meeting.

    Info-Tech Insight

    Engaged employees are five times more likely than disengaged employees to agree that they are committed to their organization.1

    1Source: McLean & Company, N = 13683

    The level of risk of the type of information is defined by criticality and availability

    Risk Parameter

    Description

    How to Collect this Data:

    Criticality

    Roles that are critical to the continuation of business and cannot be left vacant without risking business operations. Would the role, if vacant, create system, function, or process failure for the organization?

    Option 1: (preferred)

    Meet with IT managers/directors over the phone or directly and review each of the identified reports to determine the risk.

    Option 2: Send the IT mangers/directors the list of their direct reports, and ask them to evaluate their knowledge type risk independently and return the information to you.

    Option 3: (if necessary) Review individual job descriptions independently, and use your judgment to come up with a rating for each. Send the assessment to the stakeholders’ managers for validation.

    Availability

    Refers to level of redundancy both within and outside of the organization. Information which is highly available is considered lower risk. Key questions to consider include: does this individual have specialized, unique, or proprietary expertise? Are there internal redundancies?

    1.2.2 Complete a Knowledge Risk Assessment

    Complete a Tab 3 assessment for each of your identified Knowledge Sources. The Knowledge Source tab will pre-populate with information from Tab 2 of the tool. For each knowledge source, you will determine their likelihood of departure and degree of knowledge risk.

    Likelihood of departure:

    1. Document the age cohort risk for each knowledge source on Tab 3 of the IT Knowledge Transfer Risk Assessment Tool. Age Cohort: Under 50, 51-55, 56-60, or over 60.
    2. Document the engagement risk for each knowledge source on Tab 3, “Assessment”, of the IT Knowledge Transfer Risk Assessment Tool. Engagement level: Engaged, Almost engaged, Indifferent employees, Disengaged.
    3. Degree of knowledge risk is based on:

    4. Document the knowledge type risk for each stakeholder on Tab 3, “Assessment” in the IT Knowledge Transfer Risk Assessment Tool.
    • Criticality: Would the role, if vacant, create system, function, or process failure for the organization?
    • Availability: Does this individual have specialized, unique, or proprietary expertise? Are there internal redundancies?
    Input Output
    • Knowledge source list (Tab 2)
    • Employee demographics information
    • List of high-risk knowledge sources
    Materials Participants
    • Sticky notes
    • Pens
    • Whiteboard
    • Marker
    • IT Leadership Team
    • HR

    IT Knowledge Transfer Risk Assessment Tool

    Results matrix

    The image contains a screenshot of risk assessment. The image contains a matrix example from tab 4.

    Determine where to focus your efforts

    The IT Knowledge Transfer Map on Tab 5 helps you to determine where to focus your knowledge transfer efforts

    Knowledge sources have been separated into the three maturity levels (Stabilize, Proactive, and Knowledge Culture) and prioritized within each level.

    Focus first on your stabilize groups, and based on your target maturity goal, move on to your proactive and knowledge culture groups respectively.

    The image contains a screenshot of the IT Knowledge Transfer Map on tab 5.

    Sequential Prioritization

    Orange line Level 1: Stabilize

    Blue Line Level 2: Proactive

    Green Line Level 3: Knowledge Culture

    Each pie chart indicates which of the stakeholders in that risk column currently has knowledge transfer plans.

    Each individual also has their own status ball on whether they currently have a knowledge transfer plan.

    1.2.3 Review the Prioritized List

    Review results

    Identify knowledge sources to focus on for the knowledge transfer roadmap. Review the IT Knowledge Transfer Map on Tab 5 to determine where to focus your knowledge transfer efforts

    1. Show the results from the assessment tool.
    2. Discuss matrix and prioritized list.
    • Does it match with maturity goals?
    • Do prioritizations seem correct?
    InputOutput
    • Knowledge source risk profile
    • Risk Assessment (Tab 3)
    • Prioritized list of knowledge sources to focus on for the knowledge transfer roadmap
    MaterialsParticipants
    • n/a
    • IT Knowledge Transfer Risk Assessment Tool
    • IT Leadership Team

    IT Knowledge Transfer Risk Assessment Tool

    Phase #2

    Design your knowledge transfer plans

    Phase 1

    Phase 2

    Phase 3

    1.1 Obtain approval for project

    1.2 Identify knowledge and stakeholder risks

    2.1 Build knowledge transfer plans

    2.2 Build knowledge transfer roadmap

    3.1 Communicate your roadmap

    This phase will walk you through the following activities:

    • Building knowledge transfer plans for all prioritized knowledge sources.
    • Understanding which transfer tactics are best suited for different knowledge types.
    • Identifying opportunities to leverage collaboration tools for knowledge transfer.

    This phase involves the following participants:

    • IT Leadership
    • Other key stakeholders
    • Knowledge sources

    Define what knowledge needs to be transferred

    Each knowledge source has unique information which needs to be transferred. Chances are you don’t know what you don’t know. The first step is therefore to interview knowledge sources to find out.

    Identify the knowledge receiver

    Depending on who the information is going to, the knowledge transfer tactic you employ will differ. Before deciding on the knowledge receiver and tactic, consider three key factors:

    • How will this knowledge be used in the future?
    • What is the next career step for the knowledge receiver?
    • Are the receiver and the source going to be in the same location?

    Identify which knowledge transfer tactics you will use for each knowledge asset

    Not all tactics are good in every situation. Always keep the “knowledge type” (information, process, skills, and expertise), knowledge sources’ engagement level, and the knowledge receiver in mind as you select tactics.

    Determine knowledge transfer tactics

    Determine tactics for each stakeholder based on qualities of their specific knowledge.

    This tool is built to accommodate up to 30 knowledge items; Info-Tech recommends focusing on the top 10-15 items.

    1. Send documents to each manager. Include:
    • a copy of this template.
    • interview guide.
    • tactics booklet.
  • Instruct managers to complete the template for each knowledge source and return it to you.
  • These steps should be completed by the BA or IT Manager. The BA is helpful to have around because they can learn about the tactics and answer any questions about the tactics that the managers might have when completing the template.

    The image contains a screenshot of the Knowledge Source's Name.

    IT Knowledge Transfer Plan Template

    Step 2.1

    Build Your Knowledge Transfer Plans

    Activities

    2.1.1 Interview Knowledge Sources to Uncover Key Knowledge Items

    2.1.2 Identify When to use Knowledge Transfer Tactics

    2.1.3 Build Individual Knowledge Transfer Plans

    The primary goal of this section is to build an interview guide and interview knowledge sources to identify key knowledge assets.

    Outcomes of this step

    • Knowledge Transfer Interview Guide
    • Itemized knowledge assets
    • Completed knowledge transfer plans

    2.1.1 Interview Knowledge Sources

    Determine key knowledge items

    The first step is for managers to interview knowledge sources in order to extract information about the type of knowledge the source has.

    Meet with the knowledge sources and work with them to identify essential knowledge. Use the following questions as guidance:

    1. What are you an expert in?
    2. What do others ask you for assistance with?
    3. What are you known for?
    4. What are key responsibilities you have that no one else has or knows how to do?
    5. Are there any key systems, processes, or applications which you’ve taken the lead on?
    6. When you go on vacation, what is waiting for you in your inbox?
    7. If you went on vacation, would there be any systems that, if there was a failure, you would be the only one who knows how to fix?
    8. Would you say that all the key processes you use, or tools, codes etc. are documented?
    Input Output
    • Knowledge type information
    • Prioritized list of key knowledge sources.
    • Knowledge activity information
    • What are examples of good use cases for the technique?
    • Why would you use this technique over others?
    • Is this technique suitable for all projects? When wouldn’t you use it?
    Materials Participants
    • Interview guide
    • Pen
    • Paper
    • IT Leadership Team
    • Knowledge sources

    IT Knowledge Identification Interview Guide Template

    2.1.2 Understand Knowledge Transfer Tactics

    Understand when and how to use different knowledge transfer tactics

    1. Break the workshop participants into teams. Assign each team two to four knowledge transfer tactics and provide them with the associated handout(s) from the following slides. Using the material provided, have each team brainstorm around the following questions:
      1. What types of information can the technique be used to collect?
      2. What are examples of good use cases for the technique?
      3. Why would you use this technique over others?
      4. Is this technique suitable for all projects? When wouldn’t you use it?
    2. Have each group present their findings from the brainstorming to the group.
    3. Once everyone has presented, have the groups select which tactics they would be interested in using and which ones they would not want to use by putting green and red dots on each.
    4. As a group, confirm the list of tactics you would be interested in using and disqualify the others.
    Input Output
    • List of knowledge tactics to utilize.
    Materials Participants
    • Knowledge transfer tactics handouts
    • Flip chart paper
    • Markers
    • Green and red dot stickers
    • IT Leadership Team
    • Project team

    Knowledge Transfer Tactics:

    Interviews

    Interviews provide an opportunity to meet one-on-one with key stakeholders to document key knowledge assets. Interviews can be used for explicit and tacit information, and in particular, capture processes, rules, coding information, best practices, etc.

    Benefits:

    • Good bang-for-your-buck interviews are simple to conduct and can be used for all types of knowledge.
    • Interviews can obtain a lot of information in a relatively short period of time.
    • Interviews help make tacit knowledge more explicit through effective questioning.
    • They have highly flexible formatting as interviews can be conducted in person, over the phone, or by email.

    How to get started:

    1. Have the business analyst (BA) review the employee’s knowledge transfer plan and highlight the areas to be discussed in the interview.
    2. The BA will then create an interview guide detailing key questions which would need to be asked to ascertain the information.
    3. Schedule a 30-60 minute interview. When complete, document the interview and key lessons learned. Send the information back to the interviewee for validation of what was discussed.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training: Minimal

    Technology Support: N/A

    Process Development: Minimal

    Duration: Annual

    Participants

    Business analysts

    Knowledge source

    Materials

    Interview guide

    Notepad

    Pen

    Knowledge Transfer Tactics:

    Process Mapping

    Business process mapping refers to building a flow chart diagram of the sequence of actions which defines what a business does. The flow chart defines exactly what a process does and the specific succession of steps including all inputs, outputs, flows, and linkages. Process maps are a powerful tool to frame requirements in the context of the complete solution.

    Benefits:

    • They are simple to build and analyze; most organizations and users are familiar with flow diagrams, making them highly usable.
    • They provide an end-to-end picture of a process.
    • They’re ideal for gathering full and detailed requirements of a process.
    • They include information around who is responsible, what they do, when, where it occurs, triggers, to what degree, and how often it occurs.
    • They’re great for legacy systems.

    How to get started:

    1. Have the BA prepare beforehand by doing some preliminary research on the purpose of the process, and the beginning and end points.
    2. With the knowledge holder, use a whiteboard and identify the different stakeholders who interact with the process, and draw swim lanes for each.
    3. Together, use sticky notes and/or dry erase markers etc. to draw out the process.
    4. When you believe you’re complete, start again from the beginning and break the process down to more details.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training: Minimal

    Technology Support: N/A

    Process Development: Minimal

    Duration: Annual

    Participants

    Business analysts

    Knowledge source

    Materials

    Whiteboard / flip-chart paper

    Marker

    Knowledge Transfer Tactics:

    Use Cases

    Use case diagrams are a common transfer tactic where the BA maps out step-by-step how an employee completes a project or uses a system. Use cases show what a system or project does rather than how it does it. Use cases are frequently used by product managers and developers.

    Benefits:

    • Easy to draw and understand.
    • Simple way to digest information.
    • Can get very detailed.
    • Should be used for documenting processes, experiences etc.
    • Initiation and brainstorming.
    • Great for legacy systems.

    How to get started:

    1. The BA will schedule a 30-60 minute in-person meeting with the employee, draw a stick figure on the left side of the board, and pose the initial question: “If you need to do X, what is your first step?” Have the stakeholder go step-by-step through the process until the end goal. Draw this process across the whiteboard. Make sure you capture the triggers, causes of events, decision points, outcomes, tools, and interactions.
    2. Starting at the beginning of the diagram, go through each step again and ask the employee if the step can be broken down into more granular steps. If the answer is yes, break down the use case further.
    3. Ask the employee if there are any alternative flows that people could use, or any exceptions. If there are, map these out on the board.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training: Minimal

    Technology Support: N/A

    Process Development: Minimal

    Duration: Annual

    Participants

    Business analysts

    Knowledge source

    Materials

    Whiteboard / flip-chart paper

    Marker

    Knowledge Transfer Tactics:

    Job Shadow

    Job shadowing is a working arrangement where the “knowledge receiver” learns how to do a job by observing an experienced employee complete key tasks throughout their normal workday.

    Benefits:

    • Low cost and minimal effort required.
    • Helps employees understand different elements of the business.
    • Helps build relationships.
    • Good for knowledge holders who are not great communicators.
    • Great for legacy systems.

    How to get started:

    1. Determine goals and objectives for the knowledge transfer, and communicate these to the knowledge source and receiver.
    2. Have the knowledge source identify when they will be performing a particular knowledge activity and select that day for the job shadow. If the information is primarily experience, select any day which is convenient.
    3. Ask the knowledge receiver to shadow the source and ask questions whenever they have them.
    4. Following the job shadow, have the knowledge receiver document what they learned that day and file that information.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training: Required

    Technology Support: N/A

    Process Development:Required

    Duration:Ongoing

    Participants

    BA

    IT manager

    Knowledge source and receiver

    Materials

    N/A

    Knowledge Transfer Tactics:

    Peer Assist

    Meeting or workshop where peers from different teams share their experiences and knowledge with individuals or teams that require help with a specific challenge or problem.

    Benefits:

    • Improves productivity through enhanced problem solving.
    • Encourages collaboration between teams to share insight, and assistance from people outside your team to obtain new possible approaches.
    • Promotes sharing and development of new connections among different staff, and creates opportunities for innovation.
    • Can be combined with Action Reviews.

    How to get started:

    1. Create a registry of key projects that different individuals have solved. Where applicable, leverage the existing work done through action reviews.
    2. Create and communicate a process for knowledge sources and receivers to reach out to one another. Email or social collaboration platforms are the most common.
    3. The source may then reply with documentation or a peer can set up an interview to discuss.
    4. Information should be recorded and saved on a corporate share drive with appropriate metadata to ensure ease of search.
    5. See Appendix for further details.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training: Minimal

    Technology Support: N/A

    Process Development:Required

    Duration:Ongoing

    Participants

    Knowledge sources

    Knowledge receiver

    BA to build a skill repository

    Materials

    Intranet

    Knowledge Transfer Tactics:

    Transition Workshop

    A half- to full-day exercise where an outgoing leader facilitates a knowledge transfer of key insights they have learned along the way and any high-profile knowledge they may have.

    Benefits:

    • Accelerates knowledge transfer following a leadership change.
    • Ensures business continuity.
    • New leader gets a chance to understand the business drivers behind team decisions and skills of each member.
    • The individuals on the team learn about the new leader’s values and communication styles.

    How to get started:

    1. Outgoing leader organizes a one-time session where they share information with the team (focus on tacit knowledge, such as team successes and challenges) and team can ask questions.
    2. Incoming leader and remaining team members share information about norms, priorities, and values.
    3. Document the information.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training: Required

    Technology Support: Some

    Process Development: Some

    Duration:Ongoing

    Participants

    IT leader

    Incoming IT team

    Key stakeholders

    Materials

    Meeting space

    Video conferencing (as needed)

    Knowledge Transfer Tactics:

    Action Review

    Action Review is a team-based discussion at the end of a project or step to review how the activity went and what can be done differently next time. It is ideal for transferring expertise and skills.

    Benefits:

    • Learning is done during and immediately after the project so that knowledge transfer happens quickly.
    • Results can be shared with other teams outside of the immediate members.
    • Makes tacit knowledge explicit.
    • Encourages a culture where making mistakes is OK, but you need to learn from them.

    How to get started:

    1. Hold an initial meeting with IT teams to inform them of the action reviews. Create an action review goals statement by working with IT teams to discuss what they hope to get out of the initiative.
    2. Ask project teams to present their work and answer the following questions:
      1. What was supposed to happen?
      2. What actually happened?
      3. Why were there differences?
      4. What can we learn and do differently next time?
    3. Have each individual or group present, record the meeting minutes, and send the details to the group for future reference. Determine a share storage place on your company intranet or shared drive for future reference.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training:Minimal

    Technology Support: Minimal

    Process Development: Some

    Duration:Ongoing

    Participants

    IT unit/group

    Any related IT stakeholder impacted by or involved in a project.

    Materials

    Meeting space

    Video conferencing (as needed)

    Knowledge Transfer Tactics:

    Mentoring

    Mentoring can be a formal program where management sets schedules and expectations. It can also be informal through an environment for open dialogue where staff is encouraged to seek advice and guidance, and to share their knowledge with more novice members of the organization.

    Benefits:

    • Speeds up learning curves and helps staff acclimate to the organizational culture.
    • Communicates organizational values and appropriate behaviors, and is an effective way to augment training efforts.
    • Leads to higher engagement by improving communication among employees, developing leadership, and helping employees work effectively.
    • Improves succession planning by preparing and grooming employees for future roles and ensuring the next wave of managers is qualified.

    How to get started:

    1. Have senior management define the goals for a mentorship program. Depending on your goals, the frequency, duration, and purpose for mentorship will change. Create a mission statement for the program.
    2. Communicate the program with mentors and mentees and define what the scope of their roles will be.
    3. Implement the program and measure success.

    Creating a mentorship program is a full project in itself. For full details on how to set up a mentorship program, see McLean & Company’s Build a Mentoring Program.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training: Required

    Technology Support: N/a

    Process Development:Required

    Duration:Ongoing

    Participants

    IT unit/group

    Materials

    Meeting space

    Video conferencing (as needed)

    Documentation

    Knowledge Transfer Tactics:

    Story Telling

    Knowledge sources use anecdotal examples to highlight a specific point and pass on information, experience, and ideas through narrative.

    Benefits:

    • Provides context and transfers expertise in a simple way between people of different contexts and background.
    • Illustrates a point effectively and makes a lasting impression.
    • Helps others learn from past situations and respond more effectively in future ones.
    • Can be completed in person, through blogs, video or audio recordings, or case studies.

    How to get started:

    1. Select a medium for how your organization will record stories, whether through blogs, video or audio recordings, or case studies. Develop a template for how you’re going to record the information.
    2. Integrate story telling into key activities – project wrap-up, job descriptions, morning meetings, etc.
    3. Determine the medium for retaining and searching stories.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training: Required

    Technology Support: Some

    Process Development:Required

    Duration:Ongoing

    Participants

    Knowledge source

    Knowledge receiver

    Videographer (where applicable)

    Materials

    Meeting space

    Video conferencing (as needed)

    Documentation

    Knowledge Transfer Tactics:

    Job Share

    Job share exists when at least two people share the knowledge and responsibilities of two job roles.

    Benefits:

    • Reduces the risk of concentrating all knowledge in one person and creating a single point of failure.
    • Increases the number of experts who hold key knowledge that can be shared with others, i.e. “two heads are better than one.”
    • Ensures redundancies exist for when an employee leaves or goes on vacation.
    • Great for getting junior employees up to speed on legacy system functionality.
    • Results in more agile teams.
    • Doubles the amount of skills and expertise.

    How to get started:

    1. Determine which elements of two individuals’ job duties could be shared by two people. Before embarking on a job share, ensure that the two individuals will work well together as a team and individually.
    2. Establish a vision, clear values, and well-defined roles, responsibilities, and reporting relationships to avoid duplication of effort and confusion.
    3. Start with a pilot group of employees who are in support of the initiative, track the results, and make adjustments where needed.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training: Some

    Technology Support: Minimal

    Process Development:Required

    Duration:Ongoing

    Participants

    IT manager

    HR

    Employees

    Materials

    Job descriptions

    Knowledge Transfer Tactics:

    Communities of Practice

    Communities of practice are working groups of individuals who engage in a process of regularly sharing information with each other across different parts of the organization by focusing on common purpose and working practices. These groups meet on a regular basis to work together on problem solving, to gain information, ask for help and assets, and share opinions and best practices.

    Benefits:

    • Supports a collaborative environment.
    • Creates a sense of community and positive working relationships, which is a key driver for engagement.
    • Encourages creative thinking and support of one another.
    • Facilitates transfer of wide range of knowledge between people from different specialties.
    • Fast access to information.
    • Multiple employees hear the answers to questions and discussions, resulting in wider spread knowledge.
    • Can be done in person or via video conference, and is best when supported by social collaboration tools.

    How to get started:

    1. Determine your medium for these communities and ensure you have the needed technology.
    2. Develop training materials, and a rewards and recognition process for communities.
    3. Have a meeting with staff, ask them to brainstorm a list of different key “communities,” and ask staff to self select into communities.
    4. Have the communities determine the purpose statement for each group, and set up guidelines for functionality and uses.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training:Required

    Technology Support: Required

    Process Development:Required

    Duration:Ongoing

    Participants

    Employees

    BA (to assist in establishing)

    IT managers (rewards and recognition)

    Materials

    TBD

    The effectiveness of each knowledge transfer tactic varies based on the type of knowledge you are trying to transfer

    This table shows the relative strengths and weaknesses of each knowledge transfer tactic compared to four different knowledge types.

    Not all techniques are effective for types of knowledge; it is important to use a healthy mixture of techniques to optimize effectiveness.

    Very strong = Very effective

    Strong = Effective

    Medium = Somewhat effective

    Weak = Minimally effective

    Very weak = Not effective

    Knowledge Type

    Tactic

    Explicit

    Tacit

    Information

    Process

    Skills

    Expertise

    Interviews

    Very strong

    Strong

    Strong

    Strong

    Process mapping

    Medium

    Very strong

    Very weak

    Very weak

    Use cases

    Medium

    Very strong

    Very weak

    Very weak

    Job shadow

    Very weak

    Medium

    Very strong

    Very strong

    Peer assist

    Strong

    Medium

    Very strong

    Very strong

    Action review

    Medium

    Medium

    Strong

    Weak

    Mentoring

    Weak

    Weak

    Strong

    Very strong

    Transition workshop

    Strong

    Strong

    Strong

    Strong

    Story telling

    Weak

    Weak

    Strong

    Very strong

    Job share

    Weak

    Weak

    Very strong

    Very strong

    Communities of practice

    Strong

    Weak

    Very strong

    Very strong

    Consider your stakeholders’ level of engagement prior to selecting a knowledge transfer tactic

    Level of Engagement

    Tactic

    Disengaged/ Indifferent

    Almost Engaged - Engaged

    Interviews

    Yes

    Yes

    Process mapping

    Yes

    Yes

    Use cases

    Yes

    Yes

    Job shadow

    No

    Yes

    Peer assist

    Yes

    Yes

    Action review

    Yes

    Yes

    Mentoring

    No

    Yes

    Transition workshop

    Yes

    Yes

    Story telling

    No

    Yes

    Job share

    Maybe

    Yes

    Communities of practice

    Maybe

    Yes

    When considering which tactics to employ, it’s important to consider the knowledge holder’s level of engagement. Employees whom you would identify as being disengaged may not make good candidates for job shadowing, mentoring, or other tactics where they are required to do additional work or are asked to influence others.

    Knowledge transfer can be controversial for all employees as it can cause feelings of job insecurity. It’s essential that motivations for knowledge transfer are communicated effectively.

    Pay particular attention to your communication style with disengaged and indifferent employees, communicate frequently, and tie communication back to what’s in it for them.

    Putting disengaged employees in a position where they are mentoring others can be a risk. Their negativity could influence others not to participate as well or negate the work you’re doing to create a positive knowledge sharing culture.

    Consider using collaboration tools as a medium for knowledge transfer

    There is a wide variety of different collaboration tools available to enable interpersonal and team connections for work-related purposes. Familiarize yourself with all types of collaboration tools to understand what is available to help facilitate knowledge transfer.

    Collaboration Tools

    Content Management

    Real Time Communication

    Community Collaboration

    Social Collaboration

    Tools for collaborating around documents. They store content and allow for easy sharing and editing, e.g. content repositories and version control.

    Can be used for:

    • Action review
    • Process maps and use cases
    • Storing interview notes
    • Stories: blogs, video, and case studies

    Tools that enable real-time employee interactions. They permit “on-demand” workplace communication, e.g. IM, video and web conferencing.

    Can be used for:

    • Action review
    • Interviews
    • Mentoring
    • Peer assist
    • Story telling
    • Transition workshops

    Tools that allow teams and communities to come together and share ideas or collaborate on projects, e.g. team portals, discussion boards, and ideation tools.

    Can be used for:

    • Action review
    • Communities of practice
    • Peer assist
    • Story Telling

    Social tools borrow concepts from consumer social media and apply them to the employee-centric context, e.g. employee profiles, activity streams, and microblogging.

    Can be used for:

    • Peer assist
    • Story telling
    • Communities of practice

    For more information on Collaboration Tools and how to use them, see Info-Tech’s Establish a Communication and Collaboration System Strategy.

    Identify potential knowledge receivers

    Hold a meeting with your IT leaders to identify who would be the best knowledge receivers for specific knowledge assets

    • Before deciding on a successor, determine how the knowledge asset will be used in the future. This will impact who the receiver will be and your tactic. That is, if you are looking to upgrade a technology in the future, consider who would be taking on that project and what they would need to know.
    • Prior to the meeting, each manager should send a copy of the knowledge assets they have identified to the other managers.
    • Participants should come equipped with names of members of their teams and have an idea of what their career aspirations are.
    • Don’t assume that all employees want a career change. Be sure to have conversations with employees to determine their career aspirations.

    Ask how effectively the potential knowledge receiver would serve in the role today.

    • Review their competencies in terms of:
      • Relationship-building skills
      • Business skills
      • Technical skills
      • Industry-specific skills or knowledge
    • Consider what competencies the knowledge receiver currently has and what must be learned.
    • Finally, determine how difficult it will be for the knowledge receiver to acquire missing skills or knowledge, whether the resources are available to provide the required development, and how long it will take to provide it.

    Info-Tech Insight

    Wherever possible, ask employees about their personal learning styles. It’s likely that a collaborative compromise will have to be struck for knowledge transfer to work well.

    Using the IT knowledge transfer plan tool

    The image contains a screenshot of the IT Knowledge Transfer tool.

    We will use the IT Knowledge Transfer Plans as the foundation for building your knowledge transfer roadmap.

    2.1.3 Complete Knowledge Transfer Plans

    Complete one plan template for each of the knowledge sources

    1. Fill in the top with the knowledge source’s name. Remember that one template should be filled out for each source.
    2. List their key knowledge activities as identified through the interview.
    3. For each knowledge activity, identify and list the most appropriate recipient of this knowledge.
    4. For each knowledge activity, use the drop-down options to identify the type of knowledge that it falls under.
    5. Depending on the type of knowledge, different tactic drop-down options are available. Select which tactic would be most appropriate for this knowledge as well as the people involved in the knowledge transfer.

    The Strength Level column will indicate how well matched the tactic is to the type of knowledge.

    Input Output
    • Results of knowledge source interviews
    • A completed knowledge transfer plan for each identified knowledge source.
    Materials Participants
    • A completed knowledge transfer plan for each identified knowledge source.
    • IT leadership team

    IT Knowledge Transfer Plan Template

    Step 2.2

    Build Your Knowledge Transfer Roadmap

    Activities

    2.2.1 Merge Your Knowledge Transfer Plans

    2.2.2 Define Knowledge Transfer Initiatives’ Timeframes

    The goal of this step is to build the logistics of the knowledge transfer roadmap to prepare to communicate it to key stakeholders.

    Outcomes of this step

    • Prioritized sequence based on target state maturity goals.
    • Project roadmap.

    Plan and monitor the knowledge transfer project

    Depending on the desired state of maturity, the number of initiatives your organization has will vary and there could be a lengthy number of tasks and subtasks required to reach your organization knowledge transfer target state. The best way to plan, organize, and manage all of them is with a project roadmap.

    The image contains a screenshot of the Project Planning and Monitoring tool.

    Project Planning & Monitoring Tool

    Steps to use the project planning and monitoring tool:

    1. Begin by identifying all the project deliverables in scope for your organization. Review the previous content pertaining to specific people, process, and technology deliverables that your organization plans on creating.
    2. Identify all the tasks and subtasks necessary to create each deliverable.
    3. Arrange the tasks in the appropriate sequential order.
    4. Assign each task to a member of the project team.
    5. Estimate the day the task will be started and completed.
    6. Specify any significant dependencies or prerequisites between tasks.
    7. Update the project roadmap throughout the project by accounting for injections and entering the actual starting and ending dates.
    8. Use the project dashboard to monitor the project progress and identify risks early.

    Project Planning & Monitoring Tool

    Prioritize your tactics to build a realistic roadmap

    Initiatives should not and cannot be tackled all at once;

    • At this stage, each of the identified stakeholders should have a knowledge transfer plan for each of their reports with rough estimates for how long initiatives will take.
    • Simply looking at this raw list of transition plans can be daunting. Logically bundle the identified needs into IT initiatives to create the optimal IT Knowledge Transfer Roadmap.
    • It’s important not to try to do too much too quickly. Focus on some quick wins and leverage the success of these initiatives to drive the project forward.

    The image contains a screenshot of the prioritize tactics step.

    Populate the task column of the Project Planning and Monitoring Tool. See the following slides for more details on how to do this.

    Some techniques require a higher degree of effort than others

    Effort by Stakeholder

    Tactic

    Business Analyst

    IT Manager

    Knowledge Holder

    Knowledge Receiver

    Interviews

    Medium

    N/A

    Low

    Low

    These tactics require the least amount of effort, especially for organizations that are already using these tactics for a traditional requirements gathering process.

    Process Mapping

    Medium

    N/A

    Low

    Low

    Use Cases

    Medium

    N/A

    Low

    Low

    Job Shadow

    Medium

    Medium

    Medium

    Medium

    These tactics generally require more involvement from IT management and the BA in tandem for preparation. They will also require ongoing effort for all stakeholders. Stakeholder buy-in is key for success.

    Peer Assist

    Medium

    Medium

    Medium

    Medium

    Action Review

    Low

    Medium

    Medium

    Low

    Mentoring

    Medium

    High

    High

    Medium

    Transition Workshop

    Medium

    Low

    Medium

    Low

    Story Telling

    Medium

    Medium

    Low

    Low

    Job Share

    Medium

    High

    Medium

    Medium

    Communities of Practice

    High

    Medium

    Medium

    Medium

    Consider each tactic’s dependencies as you build your roadmap

    Implementation Dependencies

    Tactic

    Training

    Technology Support

    Process Development

    Duration

    Interviews

    Minimal

    N/A

    Minimal

    Annual

    Start your knowledge transfer project here to get quick wins for explicit knowledge.

    Process Mapping

    Minimal

    N/A

    Minimal

    Annual

    Use Cases

    Minimal

    N/A

    Minimal

    Annual

    Job Shadow

    Required

    N/A

    Required

    Ongoing

    Don’t change too much too quickly or try to introduce all of the tactics at once. Focus on 1-2 key tactics and spend a significant amount of time upfront building an effective process and rolling it out. Leverage the effectiveness of the initial tactics to push these initiatives forward.

    Peer Assist

    Minimal

    N/A

    Required

    Ongoing

    Action Review

    Minimal

    Minimal

    Some

    Ongoing

    Mentoring

    Required

    N/A

    Required

    Ongoing

    Transition Workshop

    Required

    Some

    Some

    Ongoing

    Story Telling

    Some

    Required

    Required

    Ongoing

    Job Share

    Some

    Minimal

    Required

    Ongoing

    Communities of Practice

    Required

    Required

    Required

    Ongoing

    2.2.1 Merge Your Knowledge Transfer Plans

    Populate the task column of the Project Planning and Monitoring Tool

    1. Take an inventory of all the tactics and techniques which you plan to employ. Eliminate redundancies where possible.
    2. Start your implementation with your highest risk group using explicit knowledge transfer tactics. Interviews, use cases, and process mapping will give you some quick wins and will help gain momentum for the project.
    3. Proactive and knowledge culture should then move forward to other tactics, the majority of which will require training and process design. Pick one to two other key tactics you would like to employ and build those out.
    4. Once you get more advanced, you can continue to grow the number of tactics you employ, but in the beginning, less is more. Keep growing your implementation roadmap one tactic at a time and track key metrics as you go.
    InputOutput
    • A list of project tasks to be completed.
    MaterialsParticipants
    • Project Planning Monitoring Tool.
    • IT Leadership Team

    Project Planning & Monitoring Tool

    2.2.2 Define Initiatives’ Timeframes

    Populate the estimated start and completion date and task owner columns of the Project Planning and Monitoring Tool.

    1. Define the time frame: time frames will depend on several factors. Consider the following while defining timelines for your knowledge transfer tactics:
    • Tactics you choose to employ
    • Availability of resources to implement the initiative
    • Technology requirements
  • Input the Start Date and End Date for each initiative via the drop-down. (Year 1-M1 = year 1, month 1 of implementation.)
  • Define the status of initiative:
    • Planned
    • In progress
    • Completed
  • The initiative owner will ensure each step of the rollout is executed as planned, and will:
    • Engage all required stakeholders at appropriate stages of the project.
    • Engage all required resources to implement the process and make sure that communication channels are open and available between all relevant parties.
    Input Output
    • Timeframes for all project tasks.
    Materials Participants
    • Project Planning and Monitoring Tool.
    • IT Leadership Team

    Project Planning & Monitoring Tool

    Once you start the implementation, leverage the Project Planning and Monitoring Tool for ongoing status updates

    Track your progress

    • Update your project roadmap as you complete the project and keep track of your progress by completing the “Actual Start Date” and “Actual Completion Date” as you go through your project.
    • Use the Progress Report tab in project team meetings to update stakeholders on which tasks have been completed on schedule, for an analysis of tasks to date, and project time management.
    The image contains screenshots from the Project Planning and Monitoring Tool.

    Phase #3

    Implement your knowledge transfer plans and roadmap

    Phase 1

    Phase 2

    Phase 3

    1.1 Obtain approval for project

    1.2 Identify knowledge and stakeholder risks

    2.1 Build knowledge transfer plans

    2.2 Build knowledge transfer roadmap

    3.1 Communicate your roadmap

    This phase will walk you through the following activities:

    • Preparing a key stakeholder communication presentation.

    This phase involves the following participants:

    • IT Leadership
    • Other key stakeholders

    Step 3.1

    Communicate Your Knowledge Transfer Roadmap to Stakeholders

    Activities

    3.1.1 Prepare IT Knowledge Transfer Roadmap Presentation

    The goal of this step is to be ready to communicate the roadmap with the project team, project sponsor, and other key stakeholders.

    Outcomes of this step

    • Key stakeholder communication deck.

    Use Info-Tech’s template to communicate with stakeholders

    Obtain approval for the IT Knowledge Transfer Roadmap by customizing Info-Tech’s IT Knowledge Transfer Roadmap Presentation Template designed to effectively convey your key messages. Tailor the template to suit your needs.

    It includes:

    • Project Context
    • Project Scope and Objectives
    • Knowledge Transfer Roadmap
    • Next Steps

    The image contains screenshots of the IT Knowledge Transfer Roadmap Presentation Template.

    Info-Tech Insight

    The support of IT leadership is critical to the success of your roadmap roll-out. Remind them of the project benefits and impact them hard with the risks/pain points.

    IT Knowledge Transfer Roadmap Presentation Template

    3.1.1 Prepare a Presentation for Your Project Team and Sponsor

    Now that you have created your knowledge transfer roadmap, the final step of the process is to get sign-off from the project sponsor to begin the planning process to roll-out your initiatives.

    Know your audience:

    1. Revisit your project charter to determine the knowledge transfer project stakeholders who will be included in your presentation audience.
    2. You want your presentation to be succinct and hard-hitting. Management’s time is tight, and they will lose interest if you drag out the delivery. Impact them hard and fast with the pains and benefits of your roadmap.
    3. The presentation should take no more than an hour. Depending on your audience, the actual presentation delivery could be quite short (12-13 slides). However, you want to ensure adequate time for Q & A.
    Input Output
    • Project charter
    • A completed presentation to communicate your knowledge transfer roadmap.
    Materials Participants
    • IT Knowledge Transfer Roadmap Presentation Template
    • IT leadership team
    • Project sponsor
    • Project stakeholders

    IT Knowledge Transfer Roadmap Presentation Template

    Related Info-Tech Research

    Build an IT Succession Plan

    Train Managers to Handle Difficult Conversations

    Lead Staff Through Change

    Bibliography

    Babcock, Pamela. “Shedding Light on Knowledge Management.” HR Magazine, 1 May 2004.

    King, Rachael. "Big Tech Problem as Mainframes Outlast Workforce." Bloomberg, 3 Aug. 2010. Web.

    Krill, Paul. “IT’s Most Wanted: Mainframe Programmers.” IDG Communications, Inc. 1 December 2011.

    McLean & Company. “Mitigate the Risk of Baby Boomer Retirement with Scalable Succession Planning.” 7 March 2016.

    McLean & Company. “Make the Case For Employee Engagement.” McLean and Company. 27 March 2014.

    PwC. “15th Annual Global CEO Survey: Delivering Results Growth and Value in a Volatile World.” PwC, 2012.

    Rocket Software, Inc. “Rocket Software 2022 Survey Report: The State of the Mainframe.” Rocket Software, Inc. January 2022. Accessed 30 April 2022.

    Ross, Jenna. “Intangible Assets: A Hidden but Crucial Driver of Company Value.” Visual Capitalist, 11 February 2020. Accessed 2 May 2022.

    Foster Data-Driven Culture With Data Literacy

    • Buy Link or Shortcode: {j2store}132|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,999 Average $ Saved
    • member rating average days saved: 115 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    Organizations are joining the wave and adopting machine learning and artificial intelligence (AI) to unlock the value in their data and power their competitive advantage. But to succeed with these complex analytics programs, they need to begin by looking at their data – empowering their people to realize and embrace the valuable insights within the organization’s data.

    The key to achieve becoming a data-driven organization is to foster a strong data culture and equip employees with data skills through an organization-wide data literacy program.

    Our Advice

    Critical Insight

    • Start with real business problems in a hands-on format to demonstrate the value of data.
    • Use a formalized organization-wide approach to data literacy program to bridge the data skills gap.
    • Provide relevant and practical training programs tailored to different learning styles and tenures (e.g. onboarding, development plan).

    Impact and Result

    Data literacy is critical to the success of digital transformation and AI analytics. Info-Tech’s approach to creating a sustainable and effective data literacy program is recognizing it is:

    • More than just technical training. A data literacy program isn’t just about data; it encompasses aspects of business, IT, and data.
    • More than a one-off exercise. To keep the literacy skills alive the program must be regular, sustainable, and tailored to different needs across all levels of the organization.
    • More than one delivery format. Different delivery methods need to be considered to suit various learning styles to ensure an effective delivery.

    Foster Data-Driven Culture With Data Literacy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Foster Data-Driven Culture With Data Literacy Storyboard – A step-by-step guide to help organizations build an effective and sustainable data literacy program that benefits all employees who work with data.

    Data literacy as part of the data governance strategic program should be launched to all levels of employees that will help your organization bridge the data knowledge gap at all levels of the organization. This research recommends approaches to different learning styles to address data skill needs and helps members create a practical and sustainable data literacy program.

    • Foster Data-Driven Culture With Data Literacy Storyboard

    2. Fundamental Data Literacy Program Template – A document that provides an example of a fundamental data literacy program.

    Kick off a data awareness program that explains the fundamental understanding of data and its lifecycle. Explore ways to create or mature the data literacy program with smaller amounts of information on a more frequent basis.

    • Fundamental Data Literacy Program Template
    [infographic]

    Further reading

    Foster Data-Driven Culture With Data Literacy

    Data literacy is an essential part of a data-driven culture, bridging the data knowledge gaps across all levels of the organization.

    Analyst Perspective

    Data literacy is the missing link to becoming a data-driven organization.

    “Digital transformation” and “data driven” are two terms that are inseparable. With organizations accelerating in their digital transformation roadmap implementation, organizations need to invest in developing data skills with their people. Talent is scarce and the demand for data skills is huge, with 70% of employees expected to work heavily with data by 2025. There is no time like the present to launch an organization-wide data literacy program to bridge the data knowledge gap and foster a data-driven culture.

    Data literacy training is as important as your cybersecurity training. It impacts all levels of the organization. Data literacy is critical to success with digital transformation and AI analytics.

    Annabel Lui

    Principal Advisory Director, Data & Analytics Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Organizations are joining the wave and adopting machine learning (ML) and artificial intelligence (AI) to unlock the value in their data and power their competitive advantage. But to succeed with these complex analytics programs, they need to begin by empowering their people to realize and embrace the valuable insights within the organization’s data.

    The key to becoming a data-driven organization is to foster a strong data culture and equip people with data skills through an organization-wide data literacy program.

    Common Obstacles

    Challenges the data leadership is likely to face as digital transformation initiatives drive intensified competition:

    • Resistance to change
    • Technological distractions
    • “Shadow data”
    • Difficulty securing resources and skilled data professionals
    • Inability to appreciate the value of data and its meaning for users – even fear of it

    Info-Tech's Approach

    We interviewed data leaders and instructors to gather insights about investing in data:

    • Start with real business problems in a hands-on format to demonstrate the value of data.
    • Implement a formalized organization-wide approach to data literacy program to bridge the data skill gap.
    • Provide relevant and practical training programs tailored to different learning styles and tenures (e.g. onboarding,development plan).

    Info-Tech Insight

    By thoughtfully designing a data literacy training program for the audience's own experience, maturity level, and learning style, organizations build the data-driven and engaged culture that helps them to unlock their data's full potential and outperform other organizations.

    Your Challenge

    Data literacy is the missing link to drive business outcomes from data.

    • Having a data-driven culture as an organization’s mission statement without implementing a data literacy program is like making an empty promise and leaving the value unrealized and unattainable.
    • A study conducted by the Data Literacy Project clearly indicates that organizations with aggressive data literacy programs will outperform those who do not have such programs. By 2030, data literacy will be one of the most sought-after skill sets. All employees require data literacy skills.
    • Everyone has a role in data. From employees who are actively involved in data collection to operational teams who create reports with analytics tools and finally to executives who use data to make business decisions – they all require continuous data literacy training in a data-driven organization. Because of differences in maturity, data literacy strategies cannot be one-size-fits-all.

    “Data literacy is the ability to read, work with, analyze, and communicate with data. It's a skill that empowers all levels of workers to ask the right questions of data and machines, build knowledge, make decisions, and communicate meaning to others.” – Qlik, n.d.

    75% of organizational employees have access to data tools – only 21% demonstrated confidence in their data skills.

    Source: Accenture, 2020.

    89% of C-level executives expect team members to explain how data has informed their decisions, but only 11% employees are fully confident in their ability to read, analyze, work with, and communicate with data

    Source: Qlik, 2022.

    Data debt or data asset?

    Manage your data as strategic assets.

    “[Data debt is] when you have undocumented, unused, incomplete, and inconsistent data,” according to Secoda (2023). “When … data debt is not solved, data teams could risk wasting time managing reports no one uses and producing data that no one understands.”

    Signs of data debt when considering investing in data literacy:

    • Lack of definition and understanding of data terms, therefore they don’t speak the same language. Without data literacy, an organization will not succeed in becoming a data-driven organization.
    • Putting data literacy as a low priority. Organization sees this as “another” training to put on the list and keeps it on the back burner.
    • Data literacy is not seen as the number one skill set needed in the organization. However, anyone who works with data requires data skills.
    • End users are not trained on self-serve features and tools.
    • Focusing on a minority group of people rather than everyone in the organization or seeing it as a one-off exercise.
    • Delays or failure to deliver digital transformation projects due to lack of data skills and data access issues.

    66%

    of organizations say a backlog of data debt is impacting new data management initiatives.

    40%

    of organizations say individuals within the business do not trust data insights.

    30%

    of organizations are unable to become data-driven.

    Source: Experian, 2020

    Info-Tech’s Approach

    Data literacy is critical to success with digital transformation and AI analytics.

    Diagram showing components of Data literacy: 1 - Data: understand your data, 2 - Business: define the purpose, 3 - IT: Introduce new ways of working

    The Info-Tech difference:

    1. More than just technical training. Data literacy program isn’t just about data but rather encompasses aspects of business, IT, and data.
    2. More than a one-off exercise. To keep literacy skills alive, the program must be routine and sustainable, tailored to different needs across all levels of the organization.
    3. More than one delivery format. Different delivery methods need to be considered to suit various learning styles.

    Data needs to be processed

    Data – facts – are organized, processed, and given meaning to become insights.

    Data, information, knowledge, insight, wisdom

    Image source: Welocalize, 2020.

    Data represents a discrete fact or event without relation to other things (e.g. it is raining). Data is unorganized and not useful on its own.

    Information organizes and structures data so that it is meaningful and valuable for a specific purpose (i.e. it answers questions). Information is a refined form of data.

    When information is combined with experience and intuition, it results in knowledge. It is our personal map/model of the world.

    Knowledge set with context generates insight. We become knowledgeable as a result of reading, researching, and memorizing (i.e. accumulating information).

    Wisdom means the ability to make sound judgments. Wisdom synthesizes knowledge and experiences into insights.

    Investment in data literacy is a game changer.

    Data literacy is the ability to collect, manage, evaluate, and apply data in a critical manner.

    A data-driven culture is “an operating environment that seeks to leverage data whenever and wherever possible to enhance business efficiency and effectiveness” (Forbes).

    Info-Tech Insight

    Data-driven culture refers to a workplace where decisions are made based on data evidence, not on gut instinct.

    Info-Tech’s methodology for building a data literacy program

    Phase Steps

    1. Define Data Literacy Objectives

    1.1 Understand organization’s needs

    1.2 Create vision and objective for data literacy program

    2. Assess Learning Style and Align to Program Design

    2.1 Create persona and identify audience

    2.2 Assess learning style and align to program design

    2.3 Determine the right delivery method

    3. Socialize Roadmap and Milestones

    3.1 Establish a roadmap

    3.2 Set key performance metrics and milestones

    Phase Outcomes

    Identify key objectives to establish and grow the data literacy program by articulating the problem and solutions proposed.

    Assess each audience’s learning style and adapt the program to their unique needs.

    Show a roadmap with key performance indicators to track each milestone and tell a data story.

    Insight Summary

    “In a world of more data, the companies with more data-literate people are the ones that are going to win.”

    – Miro Kazakoff, senior lecturer, MIT Sloan, in MIT Sloan School of Management, 2021

    Overarching insight

    By thoughtfully designing a data literacy training program personalized to each audience's maturity level, learning style, and experience, organizations can develop and grow a data-driven culture that unlocks the data's full potential for competitive differentiation.

    Module 1 insight

    We can learn a lot from each other. Literacy works both ways – business data stewards learn to “speak data” while IT data custodians understand the business context and value. Everyone should strive to exchange knowledge.

    Module 2 insight

    Avoid traditional classroom teaching – create a data literacy program that is learner-centric to allow participants to learn and experiment with data.

    Aligning program design to those learning styles will make participants more likely to be receptive to learning a new skill.

    Module 3 insight

    A data literacy program isn’t just about data but rather encompasses aspects of business, IT, and data. With executive support and partnership with business, running a data literacy program means that it won’t end up being just another technical training. The program needs to address why, what, how questions.

    Tactical insight

    A lot of programs don’t include the fundamentals. To get data concepts to stick, focus on socializing the data/information/knowledge/wisdom foundation.

    Tactical insight

    Many programs speak in abstract terms. We present case studies and tangible use cases to personalize training to the audience’s world and showcase opportunities enabled through data.

    Key performance indicators (KPIs) for your data literacy program

    How do you know if your data literacy program is successful? Here are some useful KPIs:

    Program Adoption Metrics

    • Percentage of employees attending data literacy training
    • Percentage of participants who report gains in data management knowledge after training sessions
    • Maturity assessment result
    • Survey and diagnostic feedback before and after training
    • Trend analysis of overall data literacy program

    Operational Metrics

    • Number of requests for analytics/reporting services
    • Number of reports created by users
    • Speed and quality of business decisions
    • User satisfaction with reports and analytics services
    • Improved business performance (customer satisfaction)
    • Improved valuation of organization data

    A data-driven culture builds tools and skills, builds users’ trust in the quality of data across sources, and raises the skills and understanding among the frontlines by encouraging everyone to leverage data for critical thinking and innovation.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of the project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Session 1

    Session 2

    Session 3

    Session 4

    Activities

    Define Data Literacy Objectives

    1.1 Review Data Culture Diagnostic results

    1.2 Identify business context: business goals, initiatives

    1.3 Create vision and objective for data literacy program

    Assess Learning Style and Align to Program Design

    2.1 Identify audience

    2.2 Assess learning style and align to program design

    2.3 Determine the right delivery method

    Build a Data Literacy Roadmap and Milestones

    3.1 Identify program initiatives and topics

    3.2 Determine delivery methods

    3.3 Build the data literacy roadmap

    Operational Strategy to implement Data Literacy

    4.1 Identify key performance metrics

    4.2 Identify owners and document RACI matrix

    4.3 Discuss next steps and wrap up.

    Deliverables

    1. Diagnostics reports (data culture survey)
    2. Vision and value statement
    1. Assessment of audience covering all levels of organization
    1. List of key program initiatives and topics
    2. Allocation of delivery methods
    3. Roadmap
    1. Data literacy metrics
    2. List of owners and roles and responsibilities
    3. Next step and implementation schedule

    Phase 1

    Define Data Literacy Objectives

    Phase 1: step 1 - Understand organization's needs, step 2 - Create vision and objective for data literacy program.

    Foster Data-Driven Culture With Data Literacy

    This phase will walk you through the following activities:

    • Understand the organization’s needs.
    • Create vision and objective for data literacy program.

    This phase involves the following participants:

    • Data governance sponsor
    • Data owners
    • Data stewards
    • Data custodians

    1.1 Gauge your organization’s current data culture

    Conduct data culture survey or diagnostic.

    1. Identify members of the data user base, data consumers, and other key stakeholders for surveying.
    2. Conduct an information session to introduce Info-Tech’s Data Culture Diagnostic survey. Explain the objective and importance of the survey and its role in helping to understand the organization’s current data culture and inform the improvement of that culture.
    3. Roll out the Info-Tech Data Culture Diagnostic survey to the identified users and stakeholders.
    4. Debrief and document the results and scorecard in the Data Strategy Stakeholder Interview Guide and Findings document.

    Input

    • Email addresses of participants in your organization who should receive the survey

    Output

    • Your organization’s Data Culture Scorecard for understanding current data culture as it relates to the use and consumption of data
    • An understanding of whether data is currently perceived to be an asset to the organization

    Materials

    • Info-Tech’s Data Culture Diagnostic service

    Participants

    • Participants include those at the senior leadership level through to middle management, as well as other business stakeholders at varying levels across the organization
    • Data owners, stewards, and custodians
    • Core data users and consumers

    Contact your Info-Tech Account Representative for details on launching a Data Culture Diagnostic.

    1.2 Define data literacy objectives

    1. Understand the organization’s needs by identifying opportunities and challenges relating to data. Document the described real-life examples.
    2. Categorize the list and identify areas where data literacy can address the business problem.
    3. Create a vision statement for the data literacy program, ensuring that it covers all levels of the organization.
    4. Articulate the intended targets and goals in planning for a data literacy program.

    Input

    • List of opportunities and challenges relating to data
    • Relevant business real-life examples

    Output

    • Categorized list of data literacy needs
    • Vision for literacy program
    • Targets and goals

    Materials

    • Whiteboard/flip charts
    • Sticky notes

    Participants

    • CDO or sponsor
    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data governance working group

    Quick wins for improving data literacy

    Data collected through Info-Tech’s Data Culture Diagnostic suggests three ways to improve data literacy:

    87%

    think more can be done to define and document commonly used terms with methods such as a business data glossary.

    68%

    think they can have a better understanding of the meaning of all data elements that are being captured or managed.

    86%

    feel that they can have more training in terms of tools as well as on what data is available at the organization.

    Source: Info-Tech Research Group's Data Culture Diagnostic, 2022; N=2,652

    Quick Wins

    • Create a business data glossary to document and define common terms.
    • Provide easy access to the business data glossary and procedures on how data is captured and managed.
    • Launch an organization-wide data literacy program.

    Delivering value is a means and the goal

    Start with real business problems in a hands-on format to demonstrate the value of data.

    Identify business problem:

    • Business decisions without facts are just guesses.
    • Management spends a lot of time finding and fixing data.
    • Unknown challenges on data assets and risk.
    • Incomplete view of customer/client and industry.
    • Not ready for modern data opportunities (e.g. artificial intelligence).

    Create an objective

    Treat data as a strategic asset to gain insight into our customers for all levels of organization.

    The solution: Data-driven culture powered by people who speak data.

    • Data dictionary
    • Data literacy
    • Trusted single source
    • Access to analytics tools
    • Decision making

    "According to Forrester, 91% of organizations find it challenging to improve the use of data insights for decision-making – even though 90% see it as a priority. Why the disconnect? A lack of data literacy."

    – Alation, 2020

    Fundamental data literacy

    Data literacy is more than just a technical training or a one-off exercise.

    Info-Tech provides various topics suited for a data literacy program that can accommodate different data skill requirements and encompasses relevant aspects of business, IT, and data.

    Info-Tech Research Group’s Data Literacy Program

    Use discovery and diagnostics to understand users’ comfort level and maturity with data.

    Data lunch 'n' learn

    • The power and value of data
    • Everyone is a data steward
    • Becoming data literate
    • Data 101
    • The future is data
    1 hour
    For: General audience, senior leadership, data leads, change management

    Speak data

    • What is data
    • Meet the data team
    • Day in the life of a steward
    • How data impacts you
    • Tools of the trade
    1/2 day
    For: New stewards, data owners, pre-data strategy workshop

    Your data story

    • Ask the right questions
    • Find the top five data elements
    • Understand your data
    • Present your data story
    • Lessons from COVID-19
    1/2 day
    For: New stewards, business data owners, pre-BI/analytics workshop

    Phase 2

    Assess Learning Style and Align to Program Design

    Phase 2: step 1 - Identify audience, step 2 - Access learning style and align to program design, step 3 - Determine the right delivery method.

    Foster Data-Driven Culture With Data Literacy

    This phase will walk you through the following activities:

    • Identify your audience.
    • Assess learning styles and align them to the data program design.
    • Determine the right delivery method.

    This phase involves the following participants:

    • Data governance sponsor
    • Data owners
    • Data stewards
    • Data custodians

    Avoid common pitfalls

    75%

    feel that training was too long to remember or to apply in their day-to-day work.

    21%

    find training had insufficient follow-up to help them apply on the job.

    Source: Grovo, 2018.

    1. Information Overload

      Trying to cover too much useful information results in overwhelm and does not deliver on key training objectives.
    2. Limited Implementation

      Learning is only the beginning. The real results are obtained when learning is followed by practice, which turns new knowledge into reliable habits.
    3. Lack of Organizational Alignment

      Implementing training without a clear link to organizational objectives leaves you unable to clearly communicate its value, undermines your ability to secure buy-in from attendees and executives, and leaves you unable to verify that the training is actually improving effectiveness.

    2.1 Understand learning style

    1. Create persona and identify the audiences and their roles in data across all levels of the organization.
    2. Identify the data program initiatives and assign the best delivery method to each initiative.
    3. Assign participants to each program initiative based on their skill gap and learning style.

    Input

    • List of audiences, their roles, and tenures
    • Data skill gap assessment
    • List of literacy program initiatives/topics

    Output

    • Target audience grouping
    • List of program initiatives with assigned groups

    Materials

    • Whiteboard/flip charts
    • Sticky notes

    Participants

    • CDO or sponsor
    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data governance working group

    You and data

    Is data an integral part of your work?

    Do you feel comfortable finding and using data in your organization?

    • Many people feel intimidated by data and therefore miss out on what data can do for them.
    • Often the obstacle is language. If you don’t understand the semantics around data, you will not feel confident to contribute to discussions around data.
    • You use data every day but need additional vocabulary to understand how to handle it properly.
    • Data literacy is the ability to “speak data” and to understand what data means (i.e. how to read charts and graphs, draw valid conclusions, and recognize when data is misinterpreted or used inappropriately to be misleading).
    • The business often doesn’t understand its role in data governance and how it informs and assists IT in responsible data management.

    Info-Tech Insight

    IT and data professionals need to understand the business as much as business needs to talk about data. Bidirectional learning and feedback improves the synergy between business and IT.

    Create personas

    Persona creation is a way to brainstorm ideas for the data literacy program.

    Choose a data role (e.g. data steward, data owner, data scientist).

    Describe the persona based on goals, priorities, tenures, preferred learning style, type of work with data.

    Identify data skill and level of skills required.

    Persona 1: Denise - Manager, People and Culture. Goals, priorities, tenure, data role, learning style, skill level

    Consider these other ways to brainstorm:

    • Review current in-flight projects.
    • Analyze types of data requests.
    • Understand needs by department.
    • Share learnings in a community of practice.

    Program design

    Categorize into six data skill areas

    Not everyone needs the same level of skill sets

    Bullseye board with skill levels (Innermost going outward): Expert, advanced, intermediate and Basic. The six data skill areas: 1. Understanding Data, 2. Find and Obtain Data, 3. Read, Interpret and Evaluate Data, 4. Manage Data, 5. Create and Use Data, 6. Tell a Story and Share Data are placed equally around in sections.

    Map the personas to the program

    Bridging the data knowledge gap.

    • Each component will promote the value of data to all levels of employees when demonstrating the right way for data to be understood, managed, and consumed in the organization.
    • Categorizing the data literacy program into six areas and levels of skill sets will provide clarity into which areas to focus on.
    • The program is intended to be implemented in stages, allowing the audience to learn and adopt the new skills. Leveraging in-flight projects for rolling out training will have a higher success because the need is already built into the project.
    Personas are placed at different points in the data skill area and skill level.

    Align program design to learning styles

    The four methods (Discussion, Information, Coaching, and Self-Discovery) are based on learner-centered model design rather than the traditional teacher-centered model.

    Info-Tech Insight

    Tailor your data literacy program to meet your organization’s needs, filling your range of knowledge gaps and catering to different levels of users.

    When it comes to rolling out a data literacy program, there is no one-size-fits-all solution. Your data literacy program is intended to spread knowledge throughout your organization. It should target everyone from executive leadership to management to subject matter experts across all functions of the business.

    Discussion method

    Delivery Method

    • Interactive format between instructor and learner
    • Instructor empowers and motivates learner through dialogues and exercises

    The imaginative learner

    The imaginative learner group likes to engage in feelings and spend time on reflection. This type of learner desires personal meaning and involvement. They focus on personal values for themselves and others and make connections quickly.

    For this group of learners, their question is: why should I learn this?

    Learning characteristics

    • Seek meaning
    • Need to be personally involved
    • Learn by listening and sharing ideas
    • Function through social interaction

    Information method

    Delivery Method

    • Instructor does most of the talking in the training
    • Instructor is teaching the content, delivering the training content, and demonstrating

    Analytical learner

    The analytical learner group likes to listen, to think about information, and to come up with ideas. They are interested in acquiring facts and delving into concepts and processes. They can learn effectively and enjoy doing independent research.

    For this group of learners, their question is: what should I learn?

    Learning characteristics

    • Seek and examine the facts
    • Need to know what experts think
    • Interested in ideas and concepts
    • Critique information and collect data
    • Function by adapting to experts

    Coaching method

    Delivery Method

    • Learning has on-the-job training or learning through role-play exercises
    • Instructor is coaching and facilitating learner

    Common sense learner

    The common sense learner group likes thinking and doing. They are satisfied when they can carry out experiments, build and design, and create usability. They like tinkering and applying useful ideas.

    For this group of learners, their question is: how should I learn?

    Learning characteristics

    • Seek usability
    • Need to know how things work
    • Learn by testing theories using practical methods
    • Use factual data to build concepts
    • Enjoy hands-on experience

    Self-discovery method

    Delivery Method

    • Interactive format between instructor and learner
    • Instructor provides evaluation and remedial instruction

    Common sense learner

    The dynamic learner group learns through doing and experiencing. They are continually looking for hidden possibilities and researching ideas to make original adjustments. They learn through trial and error and self-discovery.

    For this group of learners, their question is: what if I learn this?

    Learning characteristics

    • Seek hidden possibilities
    • Need to know what can be done with things
    • Learn by trial and error
    • Enjoy variety and excel in being flexible

    Delivery method considerations

    There are four common ways to learn a new skill: by watching, conceptualizing, doing, and experiencing. The following are some suggestions on ways to implement your data literacy program through different delivery methods.

    There are four common ways to learn a new skill: by watching, conceptualizing, doing, and experiencing. The following are some suggestions on ways to implement your data literacy program through different delivery methods.

    Phase 3

    Map Out Data Literacy Roadmap and Milestones

    Phase 3: step 1 - Roadmap exercise, step 2 - Set key performance metrics and milestones.

    Foster Data-Driven Culture With Data Literacy

    This phase will walk you through the following activities:

    • Complete a roadmap exercise.
    • Set key performance metrics and milestones.

    This phase involves the following participants:

    • Data governance sponsor
    • Data owners
    • Data stewards
    • Data custodians

    3.1 Build the data literacy roadmap and milestones

    1-3 hours
    1. Gather the data literacy objectives and list of program initiatives with their assigned groups.
    2. Discuss each program initiative with the data literacy creation team, assigning content owners and estimating effort required to build the content.

    For the Gantt chart:

    • Input the roadmap start year.
    • List each data literacy topic and delivery method.
    • Populate the planned start and end dates for the prepopulated list of program initiatives.

    Input

    • List of data literacy topics with assigned groups
    • Vision statement of data literacy program
    • Data literacy objectives

    Output

    • Roadmap Gantt chart
    • List of program initiatives with start and end date
    • Content owner assignment

    Materials

    • Whiteboard/flip charts
    • Sticky notes
    • MS Projects/Excel

    Participants

    • CDO or sponsor
    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data governance working group

    Data literacy journey mapping

    Making it sustainable

    • Deliver the literacy program in stages to make it easier for the audience to consume the content.
    • Allow opportunities to apply the learnings at work.
    • Map out the data literacy trainings as they get delivered and identify gaps, if any. Continue to refine and adjust the program and delivery method for better outcome.
    • Set clear goals and KPIs measurement up front.
    • Conduct Info-Tech Research Group’s Data Culture Diagnostics to set the baseline and repeat the assessment in 12 to 18 months.
    • Assign champions to lead change and influence end users to adopt better processes.
    Data Literacy journey mapping. Different departments need different skills in data literacy.

    Research contributors

    Name

    Position

    Andrea Malick Advisory Director, Info-Tech Research Group
    Andy Neill AVP, Data and Analytics, Chief Enterprise Architect, Info-Tech Research Group
    Crystal Singh Research Director, Info-Tech Research Group
    Imad Jawadi Senior Manager, Consulting Advisory, Info-Tech Research Group
    Irina Sedenko Research Director, Info-Tech Research Group
    Reddy Doddipalli Senior Workshop Director, Info-Tech Research Group
    Sherwick Min Technical Counselor, Info-Tech Research Group
    Wayne Cain Principal Advisory Director, Info-Tech Research Group

    Info-Tech’s Data Literacy Program

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Session 1

    Session 2

    Session 3

    Session 4

    Activities

    Understand the WHY and Value of Data

    1.1 Business context, business objectives, and goals

    1.2 You and data

    1.3 Data journey from data to insights

    1.4 Speak data – common terminology

    Learn about the WHAT Through Data Flow

    2.1 Data creation

    2.2 Data ingestion

    2.3 Data accumulation

    2.4 Data augmentation

    2.5 Data delivery

    2.6 Data consumption

    Explore the HOW Through Data Visualization Training

    3.1 Ask the right questions

    3.2 Find the top five data elements

    3.3 Understand your data

    3.4 Present your data story

    3.5 Sharing of lessons learned

    Put Them All Together Through Data Governance Awareness

    4.1 Data governance framework

    4.2 Data roles and responsibilities

    4.3 Data domain and owners

    Deliverables

    1. Learning material for understanding the data fundamental and its terminology
    1. Learning material for data flow elements
    1. Learning material for data visualization
    1. Learning material for data governance awareness program

    Related Info-Tech Research

    Establish Data Governance

    Deliver measurable business value.

    Build a Robust and Comprehensive Data Strategy

    Key to building and fostering a data-driven culture.

    Create a Data Management Roadmap

    Streamline your data management program with our simplified framework.

    Bibliography

    About Learning. “4MAT overview.” About Learning., 16 Aug. 2001. Web.

    Accenture. “The Human Impact of Data Literacy,” Accenture, 2020. Web.

    Anand, Shivani. “IDC Reveals India Data and Content Technologies Predictions for 2022 and onwards; Focus on Data Literacy for an Elevated data Culture.” IDC, 14 Mar. 2022. Web.

    Belissent, Jennifer, and Aaron Kalb. “Data Literacy: The Key to Data-Driven Decision Making.” Alation, April 2020. Web.

    Brown, Sara. “How to build data literacy in your company.” MIT Sloan School of Management, 9 Feb 2021. Web.

    ---. “How to build a data-driven company.” MIT Sloan School of Management, 24 Sept. 2020. Web.

    Domo. “Data Never Sleeps 9.0.” Domo, 2021. Web.

    Dykes, Brent. “Creating A Data-Driven Culture: Why Leading By Example Is Essential.” Forbes, 26 Oct. 2017. Web.

    Experian. “10 signs you are sitting on a pile of data debt.” Experian, 2020. Accessed 25 June 2021. Web.

    Experian. “2019 Global Data Management Research.” Experian, 2019. Web.

    Knight, Michelle. “Data Literacy Trends in 2023: Formalizing Programs.” Dataversity, 3 Jan. 2023. Web.

    Ghosh, Paramita. “Data Literacy Skills Every Organization Should Build.” Dataversity, 2 Nov. 2022. Web.

    Johnson, A., et al., “How to Build a Strategy in a Digital World,” Compact, 2018, vol. 2. Web.

    LifeTrain. “Learning Style Quiz.” EMTrain, Web.

    Lambers, E., et al. “How to become data literate and support a data-drive culture.” Compact, 2018, vol. 4. Web.

    Marr, Benard. “Why is data literacy important for any business?” Bernard Marr & Co., 16 Aug. 2022. Web.

    Marr, Benard. “8 simple ways to enhance your data literacy skills.” Bernard Marr & Co., 16 Aug. 2022. Web/

    Mendoza, N.F. “Data literacy: Time to cure data phobia” Tech Republic, 27 Sept. 2022. Web.

    Mizrahi, Etai. “How to stay ahead of data debt and downtime?” Secoda, 17 April 2023. Web.

    Needham, Mass., “IDC FutureScape: Top 10 Predictions for the Future of Intelligence.” IDC, 5 Dec. 2022. Web.

    Paton, J., and M.A.P. op het Veld. “Trusted Analytics.” Compact, 2017, vol. 2. Web.

    Qlik. “Data Literacy to be Most In-Demand Skill by 2030 as AI Transforms Global Workplaces.” Qlik., 16 Mar 2022. Web.

    Qlik. “What is data literacy?” Qlik, n.d. Web.

    Reed, David. Becoming Data Literate. Harriman House Publishing, 1 Sept. 2021. Print.

    Salomonsen, Summer. “Grovo’s First-Time Manager Microlearning® Program Will Help Your New Managers Thrive in 2018.” Grovos Blog, 5 Dec. 2018. Web.

    Webb, Ryan. “More Than Just Reporting: Uncovering Actionable Insights From Data.” Welocalize, 1 Sept. 2020. Web.

    Automate Testing to Get More Done

    • Buy Link or Shortcode: {j2store}285|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $29,139 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Testing, Deployment & QA
    • Parent Category Link: /testing-deployment-and-qa
    • Today’s rapidly changing software products and operational processes create mounting pressure on software delivery teams to release new features and changes quickly while meeting high and demanding quality standards.
    • Most organizations see automated testing as a solution to meet this demand alongside their continuous delivery pipeline. However, they often lack the critical foundations, skills, and practices that are imperative for success.
    • The technology is available to enable automated testing for many scenarios and systems, but industry noise and an expansive tooling marketplace create confusion for those interested in adopting this technology.

    Our Advice

    Critical Insight

    • Good automated testing improves development throughput. No matter how quickly you put changes into production, end users will not accept them if they do not meet quality standards. Escaped defects, refactoring, and technical debt can significantly hinder your team’s ability to deliver software on time and on budget. In fact, 65% of organizations saw a reduction of test cycle time and 62% saw reductions in test costs with automated testing (Sogeti, World Quality Report 2020–21).
    • Start automation with unit and functional tests. Automated testing has a sharp learning curve, due to either the technical skills to implement and operate it or the test cases you are asked to automate. Unit tests and functional tests are ideal starting points in your automation journey because of the available tools and knowledge in the industry, the contained nature of the tests you are asked to execute, and the repeated use of the artifacts in more complicated tests (such as performance and integration tests). After all, you want to make sure the application works before stressing it.
    • Automated testing is a cross-functional practice, not a silo. A core component of successful software delivery throughput is recognizing and addressing defects, bugs, and other system issues early and throughout the software development lifecycle (SDLC). This involves having all software delivery roles collaborate on and participate in automated test case design, configure and orchestrate testing tools with other delivery tools, and proactively prepare the necessary test data and environments for test types.

    Impact and Result

    • Bring the right people to the table. Automated testing involves significant people, process and technology changes across multiple software delivery roles. These roles will help guide how automated testing will compliment and enhance their responsibilities.
    • Build a foundation. Review your current circumstances to understand the challenges blocking automated testing. Establish a strong base of good practices to support the gradually adoption of automated testing across all test types.
    • Start with one application. Verify and validate the automated testing practices used in one application and their fit for other applications and systems. Develop a reference guide to assist new teams.

    Automate Testing to Get More Done Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should automate testing, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    2. Adopt good automated testing practices

    Develop and implement practices that mature your automated testing capabilities.

    • Automated Testing Quick Reference Template

    Infographic

    Workshop: Automate Testing to Get More Done

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Adopt Good Automated Testing Practices

    The Purpose

    Understand the goals of and your vision for your automated testing practice.

    Develop your automated testing foundational practices.

    Adopt good practices for each test type.

    Key Benefits Achieved

    Level set automated testing expectations and objectives.

    Learn the key practices needed to mature and streamline your automated testing across all test types.

    Activities

    1.1 Build a foundation.

    1.2 Automate your test types.

    Outputs

    Automated testing vision, expectations, and metrics

    Current state of your automated testing practice

    Ownership of the implementation and execution of automated testing foundations

    List of practices to introduce automation to for each test type

    Select a Security Outsourcing Partner

    • Buy Link or Shortcode: {j2store}246|cart{/j2store}
    • member rating overall impact: 8.8/10 Overall Impact
    • member rating average dollars saved: $13,739 Average $ Saved
    • member rating average days saved: 8 Average Days Saved
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations
    • Most organizations do not have a clear understanding of their current security posture, their security goals, and the specific security services they require. Without a clear understanding of their needs, organizations may struggle to identify a partner that can meet their requirements.
    • Breakdowns and lack of communication can be a significant obstacle, especially when clear lines of communication with partners, including regular check-ins, reporting, and incident response protocols, have not been clearly established.
    • Ensuring that security partners’ systems and processes integrate seamlessly with existing systems can be a challenge for most organizations in addition to making sure that security partners have the necessary access and permissions to perform their services effectively.
    • Adhering to security policies is rarely a priority to users as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.

    Our Advice

    Critical Insight

    • You can outsource your responsibilities but not your accountability.
    • Be aware that in most cases, the traditional approach is more profitable to MSSPs, and they may push you toward one, so make sure you get the service you want, not what they prescribe.

    Impact and Result

    • Determine which security responsibilities can be outsourced and which should be insourced and the right procedure to outsourcing to gain cost savings, improve resource allocation, and boost your overall security posture.

    Select a Security Outsourcing Partner Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Select a Security Outsourcing Partner Storyboard – A guide to help you determine your requirements and select and manage your security outsourcing partner.

    Our systematic approach will ensure that the correct procedure for selecting a security outsourcing partner is implemented. This blueprint will help you build and implement your security policy program by following our three-phase methodology: determine what to outsource, select the right MSSP, and manage your MSSP.

    • Select a Security Outsourcing Partner – Phases 1-3

    2. MSSP RFP Template – A customizable template to help you choose the right security service provider.

    This modifiable template is designed to introduce consistency and outline key requirements during the request for proposal phase of selecting an MSSP.

    • MSSP RFP Template

    Infographic

    Further reading

    Select a Security Outsourcing Partner

    Outsource the right functions to secure your business.

    Analyst Perspective

    Understanding your security needs and remaining accountable is the key to selecting the right partner.

    The need for specialized security services is fast becoming a necessity to most organizations. However, resource challenges will always mean that organizations will still have to take practical measures to ensure that the time, quality, and service that they require from outsourcing partners have been carefully crafted and packaged to elicit the right services that cover all their needs and requirements.

    Organizations must ensure that security partners are aligned not only with their needs and requirements, but also with the corporate culture. Rather than introducing hindrances to daily operations, security partners must support business goals and protect the organization’s interests at all times.

    And as always, outsource only your responsibilities and do not outsource your accountability, as that will cost you in the long run.

    Photo of Danny Hammond
    Danny Hammond
    Research Analyst
    Security, Risk, Privacy & Compliance Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    A lack of high-skill labor increases the cost of internal security, making outsourcing more appealing.

    A lack of time and resources prevents your organization from being able to enable security internally.

    Due to a lack of key information on the subject, you are unsure which functions should be outsourced versus which functions should remain in-house.

    Having 24/7/365 monitoring in-house is not feasible for most firms.

    There is difficulty measuring the effectiveness of managed security service providers (MSSPs).

    Common Obstacles

    InfoSec leaders will struggle to select the right outsourcing partner without knowing what the organization needs, such as:

    • How to start the process to select the right service provider that will cover your security needs. With so many service providers and technology tools in this field, who is the right partner?
    • Where to obtain guidance on externalization of resources or maintaining internal posture to enable to you confidently select an outsourcing partner.

    InfoSec leaders must understand the business environment and their own internal security needs before they can select an outsourcing partner that fits.

    Info-Tech’s Approach

    Info-Tech’s Select a Security Outsourcing Partner takes a multi-faceted approach to the problem that incorporates foundational technical elements, compliance considerations, and supporting processes:

    • Determine which security responsibilities can be insourced and which should be outsourced, and the right procedure to outsourcing in order to gain cost savings, improve resource allocation, and boost your overall security posture.
    • Understand the current landscape of MSSPs that are available today and the features they offer.
    • Highlight the future financial obligations of outsourcing vs. insourcing to explain which method is the most cost-effective.

    Info-Tech Insight

    Mitigate security risks by developing an end-to-end process that ensures you are outsourcing your responsibilities and not your accountability.

    Your Challenge

    This research is designed to help organizations select an effective security outsourcing partner.

    • A security outsourcing partner is a third-party service provider that offers security services on a contractual basis depending on client needs and requirements.
    • An effective outsourcing partner can help an organization improve its security posture by providing access to more specialized security experts, tools, and technologies.
    • One of the main challenges with selecting a security outsourcing partner is finding a partner that is a good fit for the organization's unique security needs and requirements.
    • Security outsourcing partners typically have access to sensitive information and systems, so proper controls and safeguards must be in place to protect all sensitive assets.
    • Without careful evaluation and due diligence to ensure that the partner is a good fit for the organization's security needs and requirements, it can be challenging to select an outsourcing partner.

    Outsourcing is effective, but only if done right

    • 83% of decision makers with in-house cybersecurity teams are considering outsourcing to an MSP (Syntax, 2021).
    • 77% of IT leaders said cyberattacks were more frequent (Syntax, 2021).
    • 51% of businesses suffered a data breach caused by a third party (Ponemon, 2021).

    Common Obstacles

    The problem with selecting an outsourcing partner isn’t a lack of qualified partners, it’s the lack of clarity about an organization's specific security needs.

    • Most organizations do not have a clear understanding of their current security posture, their security goals, and the specific security services they require. Without a clear understanding of their needs, organizations may struggle to identify a partner that can meet their requirements.
    • Breakdowns and lack of communication can be a significant obstacle, especially when clear lines of communication with partners, including regular check-ins, reporting, and incident response protocols, have not been clearly established.
    • Ensuring that security partner's systems and processes integrate seamlessly with existing systems can be a challenge for most organizations. This is in addition to making sure that security partners have the necessary access and permissions to perform their services effectively.
    • Adhering to security policies is rarely a priority to users, as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.

    A diagram that shows Average cost of a data breach from 2019 to 2022.
    Source: IBM, 2022 Cost of a Data Breach; N=537.


    Reaching an all-time high, the cost of a data breach averaged US$4.35 million in 2022. This figure represents a 2.6% increase from 2021, when the average cost of a breach was US$4.24 million. The average cost has climbed 12.7% since 2020.

    Info-Tech’s methodology for selecting a security outsourcing partner

    Determine your responsibilities

    Determine what responsibilities you can outsource to a service partner. Analyze which responsibilities you should outsource versus keep in-house? Do you require a service partner based on identified responsibilities?

    Scope your requirements

    Refine the list of role-based requirements, variables, and features you will require. Use a well-known list of critical security controls as a framework to determine these activities and send out RFPs to pick the best candidate for your organization.

    Manage your outsourcing program

    Adopt a program to manage your third-party service security outsourcing. Trust your managed security service providers (MSSP) but verify their results to ensure you get the service level you were promised.

    Select a Security Outsourcing Partner

    A diagram that shows your organization responsibilities & accountabilities, framework for selecting a security outsourcing partner, and benefits.

    Blueprint benefits

    IT/InfoSec Benefits

    Reduces complexity within the MSSP selection process by highlighting all the key steps to a successful selection program.

    Introduces a roadmap to clearly educate about the do’s and don’ts of MSSP selection.

    Reduces costs and efforts related to managing MSSPs and other security partners.

    Business Benefits

    Assists with selecting outsourcing partners that are essential to your organization’s objectives.

    Integrates outsourcing into corporate culture, leveraging organizational requirements while maximizing value of outsourcing.

    Reduces security outsourcing risk.

    Insight summary

    Overarching insight: You can outsource your responsibilities but not your accountability.

    Determine what to outsource: Assess your responsibilities to determine which ones you can outsource. It is vital that an understanding of how outsourcing will affect the organization, and what cost savings, if any, to expect from outsourcing is clear in order to generate a list of responsibilities that can/should be outsourced.

    Select the right partner: Create a list of variables to evaluate the MSSPs and determine which features are important to you. Evaluate all potential MSSPs and determine which one is right for your organization

    Manage your MSSP: Align the MSSP to your organization. Adopt a program to monitor the MSSP which includes a long-term strategy to manage the MSSP.

    Identifying security needs and requirements = Effective outsourcing program: Understanding your own security needs and requirements is key. Ensure your RFP covers the entire scope of your requirements; work with your identified partner on updates and adaptation, where necessary; and always monitor alignment to business objectives.

    Measure the value of this blueprint

    Phase

    Purpose

    Measured Value

    Determine what to outsource Understand the value in outsourcing and determining what responsibilities can be outsourced. Cost of determining what you can/should outsource:
    • 120 FTE hours at $90K per year = $5,400
    Cost of determining the savings from outsourcing vs. insourcing:
    • 120 FTE hours at $90K per year = $5,400
    Select the right partner Select an outsourcing partner that will have the right skill set and solution to identified requirements. Cost of ranking and selecting your MSSPs:
    • 160 FTE hours at $90K per year = $7,200
    Cost of creating and distributing RFPs:
    • 200 FTE hours at $90K per year = $9,000
    Manage your third-party service security outsourcing Use Info-Tech’s methodology and best practices to manage the MSSP to get the best value. Cost of creating and implementing a metrics program to manage the MSSP:
    • 80 FTE hours at $90K per year = $3,600

    After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

    Overall Impact: 8.9 /10

    Overall Average Cost Saved: $22,950

    Overall Average Days Saved: 9

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Simplify Remote Deployment With Zero-Touch Provisioning

    • Buy Link or Shortcode: {j2store}310|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $5,199 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: End-User Computing Strategy
    • Parent Category Link: /end-user-computing-strategy

    Provide better end-user device support to a remote workforce:

    • Remain compliant while purchasing, deploying, supporting, and decommissioning devices.
    • Save time and resources during device deployment while providing a high-quality experience to remote end users.
    • Build a set of capabilities that will let you support different use cases.

    Our Advice

    Critical Insight

    • Zero-touch is more than just deployment. This is more difficult than turning on a tool and provisioning new devices to end users.
    • Consider the entire user experience and device lifecycle to show value to the organization. Don’t forget that you will eventually need to touch the device.

    Impact and Result

    Approach zero-touch provisioning and patching from the end user’s experience:

    • Align your zero-touch approach with stakeholder priorities and larger IT strategies.
    • Build your zero-touch provisioning and patching plan from both the asset lifecycle and the end-user perspective to take a holistic approach that emphasizes customer service.
    • Tailor deployment plans to more easily scope and resource deployment projects.

    Simplify Remote Deployment With Zero-Touch Provisioning Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should adopt zero-touch provisioning, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Design the zero-touch experience

    Design the user’s experience and build a vision to direct your zero-touch provisioning project. Update your ITAM practices to reflect the new experience.

    • Zero-Touch Provisioning and Support Plan
    • HAM Process Workflows (Visio)
    • HAM Process Workflows (PDF)
    • End-User Device Management Standard Operating Procedure

    2. Update device management, provisioning, and patching

    Leverage new tools to manage remote endpoints, keep those devices patched, and allow users to get the apps they need to work.

    • End-User Device Build Book Template

    3. Build a roadmap and communication plan

    Create a roadmap for migrating to zero-touch provisioning.

    • Roadmap Tool
    • Communication Plan Template
    [infographic]

    Application Development Throughput

    • Buy Link or Shortcode: {j2store}27|cart{/j2store}
    • Related Products: {j2store}27|crosssells{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Applications
    • Parent Category Link: /applications

    The challenge

    • As we work more and more using agile techniques, teams tend to optimize their areas of responsibility.
    • IT will still release lower-quality applications when there is a lack of clarity around the core SDLC processes.
    • Software development teams continue to struggle with budget and time constraints within their releases.
    • Typically each group claims to be optimized, yet the final deliverable falls short of the expected quality.

    Our advice

    Insight

    • Database administrators know this all too well: Optimizing can you perform worse. The software development lifecycle (SDLC) must be optimized holistically, not per area or team.
    • Separate how you work from your framework. You do not need "agile" or "extreme" or "agifall" or "safe" to optimize your SDLC.
    • SDLC optimization is a continuous effort. Start from your team's current capabilities and improve over time.

    Impact and results 

    • You can assume proper accountability for the implementation and avoid over-reliance on the systems integrator.
    • Leverage the collective knowledge and advice of additional IT professionals
    • Review the pitfalls and lessons learned from failed integrations.
    • Manage risk at every stage.
    • Perform a self-assessment at various stages of the integration path.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started.

    Read our executive brief to understand our approach to SDLC optimization and why we advocate a holistic approach for your company.

    Document your current state

    This phase helps you understand your business goals and priorities. You will document your current SDLC process and find where the challenges are.

    • Create a Horizontally Optimized SDLC to Better Meet Business Demands – Phase 1: Document the Current State of the SDLC (ppt)
    • SDLC Optimization Playbook (xls)

    Find out the root causes, define how to move forward, and set your target state

    • Create a Horizontally Optimized SDLC to Better Meet Business Demands – Phase 2: Define Root Causes, Determine Optimization Initiatives, and Define Target State (ppt)

    Develop the roll-out strategy for SDLC optimization

    Prioritize your initiatives and formalize them in a roll-out strategy and roadmap. Communicate your plan to all your stakeholders.

    • Create a Horizontally Optimized SDLC to Better Meet Business Demands – Phase 3: Develop a Rollout Strategy for SDLC Optimization (ppt)
    • SDLC Communication Template (ppt)

     

    Terms and Conditions for consulting to businesses

    By signing an agreement with Gert Taeymans bvba, Client declares that he agrees with the Terms and Conditions referred to hereafter. Terms and conditions on Client's order form or any other similar document shall not be binding upon Gert Taeymans bvba.

    The prices, quantities and delivery time stated in any quotation are not binding upon Gert Taeymans bvba. They are commercial estimates only which Gert Taeymans bvba will make reasonable efforts to achieve. Prices quoted in final offers will be valid only for 30 days. All prices are VAT excluded and do not cover expenses, unless otherwise agreed in writing. Gert Taeymans bvba reserves the right to increase a quoted fee in the event that Client requests a variation to the work agreed.

    The delivery times stated in any quotation are of an indicative nature and not binding upon Gert Taeymans bvba, unless otherwise agreed in writing. Delivery times will be formulated in working days. In no event shall any delay in delivery be neither cause for cancellation of an order nor entitle Client to any damages.

    Amendments or variations of the initial agreement between Client and Gert Taeymans bvba will only be valid when accepted by both parties in writing.

    Any complaints concerning the performance of services must be addressed to Gert Taeymans bvba in writing and by registered mail within 7 working days of the date of the performance of the services.

    In no event shall any complaint be just cause for non-payment or deferred payment of invoices. Any invoice and the services described therein will be deemed irrevocably accepted by Client if no official protest of non-payment has been sent by Client within 7 working days from the date of the mailing of the invoice.

    Client shall pay all invoices of Gert Taeymans bvba within thirty (30) calendar days of the date of invoice unless otherwise agreed in writing by Gert Taeymans bvba. In the event of late payment, Gert Taeymans bvba may charge a monthly interest on the amount outstanding at the rate of two (2) percent with no prior notice of default being required, in which case each commenced month will count as a full month. Any late payment will entitle Gert Taeymans bvba to charge Client a fixed handling fee of 300 EUR. All costs related to the legal enforcement of the payment obligation, including lawyer fees, will be charged to Client.

    In no event will Gert Taeymans bvba be liable for damages of any kind, including without limitation, direct, incidental or consequential damages (including, but not limited to, damages for lost profits, business interruption and loss of programs or information) arising out of the use of Gert Taeymans bvba services.

    Gert Taeymans bvba collects personal data from Client for the performance of its services and the execution of its contracts. Such personal data can also be used for direct marketing, allowing Gert Taeymans bvba to inform Client of its activities on a regular basis. If Client objects to the employment of its personal data for direct marketing, Client must inform Gert Taeymans bvba on the following address: gert@gerttaeymans.consulting.

    Client can consult, correct or amend its personal data by addressing such request to Gert Taeymans bvba by registered mail. Personal data shall in no event be sold, rented or made available to other firms or third parties where not needed for the execution of the contract. Gert Taeymans bvba reserves the right to update and amend its privacy policy from time to time to remain consistent with applicable privacy legislation.

    The logo of the Client will be displayed on the Gert Taeymans bvba website, together with a short description of the project/services.

    Any changes to Client’s contact information such as addresses, phone numbers or e-mail addresses must be communicated to Gert Taeymans bvba as soon as possible during the project.

    Both parties shall maintain strict confidence and shall not disclose to any third party any information or material relating to the other or the other's business, which comes into that party's possession and shall not use such information and material. This provision shall not, however, apply to information or material, which is or becomes public knowledge other than by breach by a party of this clause.

    Gert Taeymans bvba has the right at any time to change or modify these terms and conditions at any time without notice.

    The agreement shall be exclusively governed by and construed in accordance with the laws of Belgium. The competent courts of Antwerp, Belgium will finally settle any dispute about the validity, the interpretation or the execution of this agreement.

    These Terms and Conditions are the only terms and conditions applicable to both parties.

    If any provision or provisions of these Terms and Conditions shall be held to be invalid, illegal or unenforceable, such provision shall be enforced to the fullest extent permitted by applicable law, and the validity, legality and enforceability of the remaining provisions shall not in any way be affected or impaired thereby.

    Drive Business Value With a Right-Sized Project Gating Process

    • Buy Link or Shortcode: {j2store}445|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $61,999 Average $ Saved
    • member rating average days saved: 21 Average Days Saved
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • Low sponsor commitment on projects.
    • Poor quality on completed projects.
    • Little to no visibility into the project portfolio.
    • Organization does not operationalize change .
    • Analyzing, fixing, and redeploying is a constant struggle. Even when projects are done well, they fail to deliver the intended outcomes and benefits.

    Our Advice

    Critical Insight

    • Stop applying a one-size-fits-all-projects approach to governance.
    • Engage the sponsor by shifting the accountability to the business so they can get the most out of the project.
    • Do not limit the gating process to project management – expand to portfolio management.

    Impact and Result

    • Increase Project Throughput: Do more projects by ensuring the right projects and right amount of projects are approved and executed.
    • Validate Project Quality: Ensure issues are uncovered and resolved with standard check points in the project.
    • Increase Reporting and Visibility: Easily compare progress of projects across the portfolio and report outcomes to leadership.
    • Reduce Resource Waste: Terminate low-value projects early and assign the right resources to approved projects.
    • Achieve Intended Project Outcomes: Keep the sponsor engaged throughout the gating process to achieve desired outcomes.

    Drive Business Value With a Right-Sized Project Gating Process Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should design a right-sized project gating process, review Info-Tech’s methodology, and understand the four ways we can support you.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Lay the groundwork for tailored project gating

    This phase will walk you through the following activities:

  • Understand the role of gating and why we need it.
  • Determine what projects will follow the gating process and how to classify them.
  • Establish the role of the project sponsor throughout the entire project lifecycle.
    • Drive Business Value With a Right-Sized Project Gating Process – Phase 1: Lay the Groundwork for Tailored Project Gating
    • Project Intake Classification Matrix
    • Project Sponsor Role Description Template

    2. Establish level 1 project gating

    This phase will help you customize Level 1 Project Gates with appropriate roles and responsibilities.

    • Drive Business Value With a Right-Sized Project Gating Process – Phase 2: Establish Level 1 Project Gating
    • Project Gating Strategic Template

    3. Establish level 2 project gating

    This phase will help you customize Level 2 Project Gates with appropriate roles and responsibilities.

    • Drive Business Value With a Right-Sized Project Gating Process – Phase 3: Establish Level 2 Project Gating

    4. Establish level 3 project gating

    This phase will help you customize Level 3 Project Gates with appropriate roles and responsibilities. It will also help you determine next steps and milestones for the adoption of the new process.

    • Drive Business Value With a Right-Sized Project Gating Process – Phase 4: Establish Level 3 Project Gating
    • Project Gating Reference Document
    [infographic]

    Workshop: Drive Business Value With a Right-Sized Project Gating Process

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Lay the Groundwork for Tailored Project Gating

    The Purpose

    Understand the role of gating and why we need it.

    Determine what projects will follow the gating process and how to classify them.

    Establish the role of the project sponsor throughout the entire project lifecycle.

    Key Benefits Achieved

    Get stakeholder buy-in for the process.

    Ensure there is a standard leveling process to determine size, risk, and complexity of requests.

    Engage the project sponsor throughout the portfolio and project processes.

    Activities

    1.1 Project Gating Review

    1.2 Establish appropriate project levels

    1.3 Define the role of the project sponsor

    Outputs

    Project Intake Classification Matrix

    Project Sponsor Role Description Template

    2 Establish Level 1 Project Gating

    The Purpose

    This phase will help you customize Level 1 Project Gates with appropriate roles and responsibilities.

    Key Benefits Achieved

    Create a lightweight project gating process for small projects.

    Activities

    2.1 Review level 1 project gating process

    2.2 Determine what gates should be part of your custom level 1 gating process

    2.3 Establish required artifacts for each gate

    2.4 Define the stakeholder’s roles and responsibilities at each gate

    Outputs

    Documented outputs in the Project Gating Strategic Template

    3 Establish Level 2 Project Gating

    The Purpose

    This phase will help you customize Level 2 Project Gates with appropriate roles and responsibilities.

    Key Benefits Achieved

    Create a heavier project gating process for medium projects.

    Activities

    3.1 Review level 2 project gating process

    3.2 Determine what gates should be part of your custom level 2 gating process

    3.3 Establish required artifacts for each gate

    3.4 Define the stakeholder’s roles and responsibilities at each gate

    Outputs

    4 Establish Level 3 Project Gating

    The Purpose

    This phase will help you customize Level 3 Project Gates with appropriate roles and responsibilities.

    Come up with a roadmap for the adoption of the new project gating process.

    Key Benefits Achieved

    Create a comprehensive project gating process for large projects.

    Activities

    4.1 Review level 3 project gating process

    4.2 Determine what gates should be part of your custom level 3 gating process

    4.3 Establish required artifacts for each gate

    4.4 Define the stakeholder’s roles and responsibilities at each gate

    4.5 Determine next steps and milestones for process adoption

    Outputs

    Documented outputs in the Project Gating Strategic Template

    Documented Project Gating Reference Document for all stakeholders

    Business Intelligence and Reporting

    • Buy Link or Shortcode: {j2store}6|cart{/j2store}
    • Related Products: {j2store}6|crosssells{/j2store}
    • member rating overall impact: 8.9/10
    • member rating average dollars saved: $45,792
    • member rating average days saved: 29
    • Parent Category Name: Data and Business Intelligence
    • Parent Category Link: /improve-your-core-processes/data-and-business-intelligence

    The challenge

    • Your business partners need an environment that facilitates flexible data delivery.
    • Your data and BI strategy must continuously adapt to new business realities and data sources to stay relevant.
    • The pressure to go directly to the solution design is high.  

    Our advice

    Insight

    • A BI initiative is not static. It must be treated as a living platform to adhere to changing business goals and objectives. Only then will it support effective decision-making.
    • Hear the voice of the business; that is the "B" in BI.
    • Boys and their toys... The solution to better intelligence often lies not in the tool but the BI practices.
    • Build a roadmap that starts with quick-wins to establish base support for your initiative.

    Impact and results 

    • Use the business goals and objectives to drive your BI initiatives.
    • Focus first on what you already have in your company's business intelligence landscape before investing in a new tool that will only complicate things.
    • Understand the core of what your users need by leveraging different approaches to pinpointing BI capabilities.
    • Create a roadmap that details the iterative deliveries of your business intelligence initiative. Show both the short and long term.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief shows why you should create or refresh your business intelligence (BI) strategy. We'll show you our methodology and the ways we can help you in handling this.

    Upon ordering you receive the complete guide with all files zipped.

    Understand your business context and BI landscape

    Understand critical business information and analyze your current business intelligence landscape.

    • Build a Next-Generation BI with a Game-Changing BI Strategy – Phase 1: Understand the Business Context and BI Landscape (ppt)
    • BI Strategy and Roadmap Template (doc)
    • BI End-User Satisfaction Survey Framework (ppt)

    Evaluate your current business intelligence practices

    Assess your current maturity level and define the future state.

    • Build a Next-Generation BI with a Game-Changing BI Strategy – Phase 2: Evaluate the Current BI Practice (ppt)
    • BI Practice Assessment Tool – Example 1 (xls)
    • BI Practice Assessment Tool – Example 2 (xls)

    Create your BI roadmap

    Create business intelligence focused initiatives for continuous improvement.

    • Build a Next-Generation BI with a Game-Changing BI Strategy – Phase 3: Create a BI Roadmap for Continuous Improvement (ppt)
    • BI Initiatives and Roadmap Tool (xls)
    • BI Strategy and Roadmap Executive Presentation Template (ppt)

     

    The Complete Manual for Layoffs

    • Buy Link or Shortcode: {j2store}514|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $30,999 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Lead
    • Parent Category Link: /lead

    When the economy is negatively influenced by factors beyond any organization’s control, the impact can be felt almost immediately on the bottom line. This decline in revenue as a result of a weakening economy will force organizations to reconsider every dollar they spend.

    Our Advice

    Critical Insight

    • The remote work environment many organizations find themselves in adds a layer of complexity to the already sensitive process of laying off employees.
    • Carrying out layoffs must be done while keeping personal contact as your first priority. That personal contact should be the basis for all subsequent communication with laid-off and remaining staff, even after layoffs have occurred.

    Impact and Result

    By following our process, we can provide your organization with the direction, tools, and best practices to lay off employees. This will need to be done with careful consideration into your organization’s short- and longer-term strategic goals.

    The Complete Manual for Layoffs Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare for layoffs

    Understand the most effective cost-cutting solutions and set layoff policies and guidelines.

    • The Complete Manual for Layoffs Storyboard
    • Layoffs SWOT Analysis Template
    • Redeployment and Layoff Strategy Workbook
    • Sample Layoffs Policy
    • Cost-Cutting Planning Tool
    • Termination Costing Tool

    2. Objectively identify employees

    Develop an objective layoff selection method and plan for the transfer of essential responsibilities.

    • Workforce Planning Tool
    • Employee Layoff Selection Tool

    3. Prepare to meet with employees

    Plan logistics, training, and a post-layoff plan communication.

    • Termination Logistics Tool
    • IT Knowledge Transfer Risk Assessment Tool
    • IT Knowledge Transfer Plan Template
    • IT Knowledge Identification Interview Guide Template
    • Knowledge Transfer Job Aid
    • Layoffs Communication Package

    4. Meet with employees

    Collaborate with necessary departments and deliver layoffs notices.

    • Employee Departure Checklist Tool

    5. Monitor and manage departmental effectiveness

    Plan communications for affected employee groups and monitor organizational performance.

    • Ten Ways to Connect With Your Employees
    • Creating Connections
    [infographic]

    Don't try this at home

    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    Brilliant little and very amusing way to deal with a scammer.

    But do not copy this method as it will actually reveal quite a bit and confirm that your email is valid and active.

    Click to watch Joe Lycett

     

    Build a Continual Improvement Program

    • Buy Link or Shortcode: {j2store}463|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • IT managers must work hard to maintain and improve service quality or risk performance deterioration over time.
    • Leadership may feel lost about what to do next and which initiatives have higher priority for improvement.
    • The backlog of improvement initiatives makes the work even harder. Managers should involve the right people in the process and build a team that is responsible to monitor, measure, prioritize, implement, and test improvements.

    Our Advice

    Critical Insight

    • Without continual improvement, sustained service quality will be temporary. Organizations need to put in place an ongoing process to detect potential services, enhance their procedures, and sustain their performance, whatever the process maturity is.

    Impact and Result

    • Set strategic vision for the continual improvement program.
    • Build a team to set regulations, processes, and audits for the program.
    • Set measurable targets for the program.
    • Identify and prioritize improvement initiatives.
    • Measure and monitor progress to ensure initiatives achieve the desired outcome.
    • Apply lessons learned to the next initiatives.

    Build a Continual Improvement Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a Continual Improvement Program – A step-by-step document to walk you through building a plan for efficient IT continual improvement.

    This storyboard will help you craft a continual improvement register and a workflow to ensure sustained service improvements that fulfill ongoing increases in stakeholder expectations.

    • Build a Continual Improvement Program Storyboard

    2. Continual Improvement Register and Workflow – Structured documents to help you outline improvement initiatives, prioritize them, and build a dashboard to streamline tracking.

    Use the Continual Improvement Register and Continual Improvement Workflow to help you brainstorm improvement items, get a better visibility into the items, and plan to execute improvements.

    • Continual Improvement Register
    • Continual Improvement Workflow (Visio)
    • Continual Improvement Workflow (PDF)
    [infographic]

    Further reading

    Build a Continual Improvement Program

    Don’t stop with process standardization; plan to continually improve and help those improvements stick.

    Analyst Perspective

    Go beyond standardizing basics

    IT managers often learn how to standardize IT services. Where they usually fail is in keeping these improvements sustainable. It’s one thing to build a quality process, but it’s another challenge entirely to keep momentum and know what to do next.

    To fill the gap, build a continual improvement plan to continuously increase value for stakeholders. This plan will help connect services, products, and practices with changing business needs.

    Without a continual improvement plan, managers may find themselves lost and wonder what’s next. This will lead to misalignment between ongoing and increasingly high stakeholder expectations and your ability to fulfill these requirements.

    Build a continual improvement program to engage executives, leaders, and subject matter experts (SMEs) to go beyond break fixes, enable proactive enhancements, and sustain process changes.

    Photo of Mahmoud Ramin, Ph.D., Senior Research Analyst, Infrastructure and Operations, Info-Tech Research Group. Mahmoud Ramin, Ph.D.
    Senior Research Analyst
    Infrastructure and Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Even high-quality services and products need to be aligned with rising stakeholder expectations to sustain operational excellence.
    • Without the right leadership, commitment, and processes, improvements in service quality can be difficult to sustain.
    • Continual improvement is not only a development plan but also an organizational culture shift, which makes stakeholder buy-in even challenging.

    Common Obstacles

    • IT managers must work hard to maintain and improve service quality or risk performance deterioration over time.
    • Leadership feels lost about what to do next and which initiatives have higher priority for improvement.
    • A backlog of improvement initiatives makes the work even harder. Managers should involve the right people in the process and build a team that is responsible for monitoring, measuring, prioritizing, implementing, and testing improvements.

    Info-Tech’s Approach

    • Set a strategic vision for the continual improvement program.
    • Build a team to set regulations, processes, and audits for the program.
    • Set measurable targets for the program.
    • Identify and prioritize improvement initiatives.
    • Measure and monitor progress to ensure initiatives achieve the desired outcome.
    • Apply lessons learned to the next initiatives.

    Info-Tech Insight

    Without continual improvement, any process maturity achieved around service quality will not be sustained. Organizations need to put in place an ongoing program to maintain their current maturity and continue to grow and improve by identifying new services and enhancing existing processes.

    Purpose of continual improvement

    There should be alignment between ongoing improvements of business products and services and management of these products and services. Continual improvement helps service providers adapt to changing environments. No matter how critical the service is to the business, failure to continually improve reduces the service value.

    Image of a notebook with an illustration titled 'Continuous Improvement'.

    Continual improvement is one of the five elements of ITIL’s Service Value System (SVS).

    Continual improvement should be documented in an improvement register to record and manage improvement initiatives.

    Continual improvement is a proactive approach to service management. It involves measuring the effectiveness and efficiency of people, processes, and technology to:

    • Identify areas for improvement.
    • Adapt to changes in the business environment.
    • Align the IT strategy to organizational goals.

    A continual improvement process helps service management move away from a reactive approach that focuses only on fixing problems as they occur.

    Info-Tech Insight

    Make sure the basics are in place before you embark on a continual improvement initiative.

    Benefits of embedding a cross-organizational continual improvement approach

    Icon of a computer screen. Encourage end users to provide feedback on service quality. Icon of a crossed pencil and wrench.

    Provide an opportunity to stakeholders to define requirements and raise their concerns.

    Icon of a storefront.

    Embed continual improvement in all service delivery procedures.

    Icon of chevrons moving backward.

    Turn failures into improvement opportunities rather than contributing to a blame culture.

    Icon of a telescope.

    Improve practice effectiveness that enhances IT efficiency.

    Icon of a thumbs up in a speech bubble.

    Improve end-user satisfaction that positively impacts brand reputation.

    Icon of shopping bags.

    Improve operational costs while maintaining a high level of satisfaction.

    Icon of a magnifying glass over a map marker.

    Help the business become more proactive by identifying and improving services.

    Info-Tech Insight

    It’s the responsibility of the organization’s leaders to develop and promote a continual improvement culture. Work with the business unit leads and communicate the benefits of continual improvement to get their buy-in for the practice and achieve the long-term impact.

    Build a feedback program to get input into where improvement initiatives are needed

    A well-maintained continual improvement process creates a proper feedback mechanism for the following stakeholder groups:
    • Users
    • Suppliers
    • Service delivery team members
    • Service owners
    • Sponsors
    An efficient feedback mechanism should be constructed around the following initiatives:
    Target with an arrow in the bullseye. The arrow has four flags: 'Perceived value by users', 'Service effectiveness', 'Service governance', and 'Service demand'.
    Stakeholders who participate in feedback activities should feel comfortable providing suggestions for improvement.

    Work closely with the service desk team to build communication channels to conduct surveys. Avoid formal bureaucratic communications and enforce openness in communicating the value of feedback the stakeholders can provide.

    Info-Tech Insight

    When conducting feedback activities with users, keep surveys anonymous and ensure users’ information is kept confidential. Make sure everyone else is comfortable providing feedback in a constructive way so that you can seek clarification and create a feedback loop.

    Implement an iterative continual improvement model and ensure that your services align with your organizational vision

    Build a six-step process for your continual improvement plan. Make it a loop, in which each step becomes an input for the next step. A cycle around a dartboard with numbered steps: '01 Determine your goals', '02 Define the process team', '03 Determine initiatives', '04 Prioritize initiatives', '05 Execute improvement', '06 Establish a learning culture'.

    1. Determine your goals

    A vision statement communicates your desired future state of the IT organization.

    Your IT goals should always support your organizational goals. IT goals are high-level objectives that the IT organization needs to achieve to reach a target state.
    A cycle of the bolded statements on the right surrounding a dartboard with two bullseyes.

    Understand the high-level business objectives to set the vision for continual improvement in a way that will align IT strategies with business strategies.

    Obtaining a clear picture of your organization’s goals and overall corporate strategy is one of the crucial first steps to continual improvement and will set the stage for the metrics you select. Document your continual improvement program goals and objectives.

    Knowing what your business is doing and understanding the impact of IT on the business will help you ensure that any metrics you collect will be business focused.

    Understanding the long-term vision of the business and its appetite for commitment and sponsorship will also inform your IT strategy and continual improvement goals.

    Assess the future state

    At this stage, you need to visualize improvement, considering your critical success factors.

    Critical success factors (CSFs) are higher-level goals or requirements for success, such as improving end-user satisfaction. They’re factors that must be met in order to reach your IT and business strategic vision.

    Select key performance indicators (KPIs) that will identify useful information for the initiative: Define KPIs for each CSF. These will usually involve a trend, as an increase or decrease in something. If KPIs already exist for your IT processes, re-evaluate them to assess their relevance to current strategy and redefine if necessary. Selected KPIs should provide a full picture of the health of targeted practice.

    KPIs should cover these four vectors of practice performance:

    1. Quantity
      How many continual improvement initiatives are in progress
    2. Quality
      How well you implemented improvements
    3. Timeliness
      How long it took to get continual improvement initiatives done
    4. Compliance
      How well processes and controls are being executed, such as system availability
    Cross-section of a head split into sections with icons in the middle sections.

    Examples of key CSFs and KPIs for continual improvement

    CSF

    KPI

    Adopt and maintain an effective approach for continual improvement Improve stakeholder satisfaction due to implementation of improvement initiatives.
    Enhance stakeholder awareness about continual improvement plan and initiatives.
    Increase continual improvement adoption across the organization.
    Commit to effective continual improvement across the business Improve the return on investment.
    Increase the impact of the improvement initiatives on process maturity.
    Increase the rate of successful improvement initiatives.

    Prepare a vision statement to communicate the improvement strategy

    IT Implications + Business Context –› IT Goals
    • IT implications are derived from the business context and inform goals by aligning the IT goals with the business context.
    • Business context encompasses an understanding of the factors impacting the business from various perspectives, how the business makes decisions, and what it is trying to achieve.
    • IT goals are high-level, specific objectives that the IT organization needs to achieve to reach the target state. IT goals begin a process of framing what IT as an organization needs to be able to do in the target state.

    IT goals will help identify the target state, IT capabilities, and the initiatives that will need to be implemented to enable those capabilities.

    The vision statement is expressed in the present tense. It seeks to articulate the desired role of IT and how IT will be perceived.

    Strong IT vision statements have the following characteristics:
    Arrow pointing right. Describe a desired future
    Arrow pointing right. Focus on ends, not means
    Arrow pointing right. Communicate promise
    Arrow pointing right. Work as an elevator pitch:
    • Concise; no unnecessary words
    • Compelling
    • Achievable
    • Inspirational
    • Memorable

    2. Define the process team

    The structure of each continual improvement team depends on resource availability and competency levels.

    Make sure to allocate continual improvement activities to the available resources and assess the requirement to bring in others to fulfill all tasks.

    Brainstorm what steps should be included in a continual improvement program:

    • Who is responsible for identifying, logging, and prioritizing improvement opportunities?
    • Who makes the business case for improvement initiatives?
    • Who is the owner of the register, responsible for documenting initiatives and updating their status?
    • Who executes implementation?
    • Who evaluates implementation success?
    Match stakeholder skill sets with available resources to ensure continual improvement processes are handled properly. Brainstorm skills specific to the program:
    • Knowledge of provided products and services.
    • Good understanding of organization’s goals and objectives.
    • Efficiency in collecting and measuring metrics, understanding company standards and policies, and presenting them to impacted stakeholders.
    • Competency in strategic thinking and aligning the organization’s goals with improvement initiatives.

    Enable the continual improvement program by clarifying responsibilities

    Determine roles and responsibilities to ensure accountability

    The continual improvement activities will only be successful if specific roles and responsibilities are clearly identified.

    Depending on available staff and resources, you may be able to have full-time continual improvement roles, or you may include continual improvement activities in individuals’ job descriptions.

    Each improvement action that you identify should have clear ownership and accountability to ensure that it is completed within the specified timeframe.

    Roles and responsibilities can be reassigned throughout the continual improvement process.

    Info-Tech Insight

    Create cross-functional teams to improve perspective and not focus on only one small group when trying to problem solve. Having other teams hear and reframe the issue or talk about how they can help to solve issues as a team can create bigger solutions that will help the entire IT team, not just one group.

    Consider assigning dedicated continual improvement roles

    Silhouette of a business person.
    CI Coordinator

    Continual improvement coordinators are responsible for moving projects to the implementation phase and monitoring all continual improvement roles.

    Silhouette of a business person.
    Business Owner

    Business owners are accountable for business governance, compliance, and ROI analysis. They are responsible for operational and monetary aspects of the business.

    Silhouette of a business person.
    IT Owner

    IT owners are responsible for developing the action plan and ensuring success of the initiatives. They are usually the subject matter experts, focusing on technical aspects.

    3. Determine improvement initiatives

    Businesses usually make the mistake of focusing too much on making existing processes better while missing gaps in their practices.

    Gather stakeholder feedback to help you evaluate the maturity levels of IT practices Sample of the End User Satisfaction Survey.

    You need to understand the current state of service operations to understand how you can provide value through continual improvement. Give everyone an opportunity to provide feedback on IT services.

    Use Info-Tech’s End User Satisfaction Survey to define the state of your core IT services.

    Info-Tech Insight

    Become proactive to improve satisfaction. Continual improvement is not only about identifying pain points and improving them. It enables you to proactively identify initiatives for further service improvement using both practice functionality and technology enablement.

    Understand the current state of your IT practices

    Determine the maturity level of your IT areas to help you understand which processes need improvement. Involve the practice team in maturity assessment activities to get ideas and input from them. This will also help you get their buy-in and engagement for improvement.

    Leverage performance metrics to analyze performance level. Metrics play a key role in understanding what needs improvement. After you implement metrics, have an impact report regularly generated to monitor them.

    Use problem management to identify root causes for the identified gaps. Potential sources of problems can be:

    • Recurring issues that may be an indicator of an underlying problem.
    • Business processes or service issues that are not IT related, such as inefficient business process or service design issues.

    Establish an improvement roadmap and execute initiatives

    Build a continual improvement register (CIR) for your target initiatives

    A CIR is a document used for recording your action plan from the beginning to the end of the improvement project.

    If you just sit and plan for improvements without acting on them, nothing will improve. CIR helps you create an action plan and allows you to manage, track, and prioritize improvement suggestions.

    Consider tracking the following information in your CIR, adjusted to meet the needs of your organization:

    Information

    Description

    Business value impact Identify approved themes or goals that each initiative should apply to. These can and should change over time based on changing business needs.
    Effort/cost Identify the expected effort or cost the improvement initiative will require.
    Priority How urgent is the improvement? Categorize based on effort, cost, and risk levels.
    Status Ensure each initiative has a status assigned that reflects its current state.
    Timeline List the timeframe to start the improvement initiative based on the priority level.
    CI functional groups Customize the functional groups in your CI program

    Populate your register with ideas that come from your first round of assessments and use this document to continually add and track new ideas as they emerge.

    You can also consider using the register to track the outcomes and benefits of improvement initiatives after they have been completed.

    Activity: Use the Continual Improvement Register template to brainstorm responsibilities, generate improvement initiatives, and action plan

    1-3 hours
    1. Open the Continual Improvement Register template and navigate to tab 2, Setup.
    2. Brainstorm your definitions for the following items to get a clear understanding of these items when completing the CIR. The more quantification you apply to the criteria, the more tangible evaluation you will do:
      • Business value impact categories
      • Effort/cost
      • Priority
      • Status
      • Timeline
    3. Discuss the teams that the upcoming initiatives will belong to and update them under CI Functional Groups.
    1. Analyze the assessment data collected throughout stakeholder feedback and your current-state evaluation.
    2. Use this data to generate a list of initiatives that should be undertaken to improve the performance of the targeted processes.
    3. Use sticky notes to record identified CI initiatives.
    4. Record each initiative in tab 3, CI Register, along with associated information:
      • A unique ID number for the initiative
      • The individual who submitted the idea
      • The team the initiative belongs to
      • A description of the initiative

    Download the Continual Improvement Register template

    Activity: Use the Continual Improvement Register template to brainstorm responsibilities, generate improvement initiatives, and action plan

    Input

    • List of key stakeholders for continual improvement
    • Current state of services and processes

    Output

    • Continual improvement register setup
    • List of initiatives for continual improvement

    Materials

    • Continual improvement register
    • Whiteboard/flip charts
    • Markers
    • Laptops

    Participant

    • CIO
    • IT managers
    • Project managers
    • Continual improvement manager/coordinator

    4. Prioritize initiatives

    Prioritization should be transparent and available to stakeholders.

    Some initiatives are more critical than others to achieve and should be prioritized accordingly. Some improvements require large investments and need an equally large effort, while some are relatively low-cost, low-effort improvements. Focus on low-hanging fruit and prioritize low-cost, low-effort improvements to help the organization with rapid growth. This will also help you get stakeholder buy-in for the rest of your continual improvement program.

    Prioritize improvement initiatives in your CIR to increase visibility and ensure larger improvement initiatives are done the next cycle. As one improvement cycle ends, the next cycle begins, which allows the continual improvement team to keep pace with changing business requirements.

    Stock image of a person on a ladder leaning against a bookshelf.

    Identify “quick wins” that can provide immediate improvement

    Prioritize these quick wins to immediately demonstrate the success of the continual service improvement effort to the business.

    01

    Keep the scope of the continual improvement process manageable at the beginning by focusing on a few key areas that you want to improve.
    • If you have identified pain points, addressing these will demonstrate the value of the project to the business to gain their support.
    • Choose the services or processes that continue to disrupt or threaten service – focus on where pain points are evident and where there is a need for improvement.
    • Critical services to improve should emerge from the current-state assessments.

    02

    From your list of proposed improvements, focus on a few of the top pain points and plan to address those.

    03

    Choose the right services to improve at the first stage of continual improvement to ensure that the continual improvement process delivers value to the business.

    Activity: Prioritize improvement initiatives

    2-3 hours

    Input: List of initiatives for continual improvement

    Output: Prioritized list of initiatives

    Materials: Continual improvement register, Whiteboard/flip charts, Markers, Laptops

    Participants: CIO, IT managers, Project managers, Continual improvement manager

    1. In the CI Register tab of the Continual Improvement Register template, define the status, priority, effort/cost, and timeline according to the definition of each in the data entry tab.
    2. Review improvement initiatives from the previous activity.
    3. Record the CI coordinator, business owner, and IT owner for each initiative.
    4. Fill out submission date to track when the initiative was added to the register.
    5. According to the updated items, you will get a dashboard of items based on their categories, effort, priority, status, and timeline. You will also get a visibility into the total number of improvement initiatives.
    6. Focus on the short-term initiatives that are higher priority and require less effort.
    7. Refer to the Continual Improvement Workflow template and update the steps.

    Download the Continual Improvement Register template

    Download the Continual Improvement Workflow template

    5. Execute improvement

    Develop a plan for improvement

    Determine how you want to reach your improvement objectives. Define how to make processes work better.
    Icons representing steps. Descriptions below.
    Make a business case for your action plan Determine budget for implementing the improvement and move to execution. Find out how long it takes to build the improvement in the practice. Confirm the resources and skill sets you require for the improvement. Communicate the improvement plan across the business for better visibility and for seamless organizational change management, if needed. Lean into incremental improvements to ensure practice quality is sustained, not temporary. Put in place an ongoing process to audit, enhance, and sustain the performance of the target practice.

    Create a specific action plan to guide your improvement activities

    As part of the continual improvement plan, identify specific actions to be completed, along with ownership for each action.

    The continual improvement process must:

    • Define activities to be completed.
    • Create roles and assign ownership to complete activities.
    • Provide training and awareness about the initiative.
    • Define inputs and outputs.
    • Include reporting.

    For each action, identify:

    • The problem.
    • Who will be responsible and accountable.
    • Metric(s) for assessment.
    • Baseline and target metrics.
    • Action to be taken to achieve improvement (training, new templates, etc.).

    Choose timelines:

    • Firm timelines are important to keep the project on track.
    • One to two months for an initiative is an ideal length of time to maintain interest and enthusiasm for the specific project and achieve a result.

    Info-Tech Insight

    Every organization is unique in terms of its services, processes, strengths, weaknesses, and needs, as well as the expectations of its end users. There is no single action plan that will work for everyone. The improvement plan will vary from organization to organization, but the key elements of the plan (i.e. specific priorities, timelines, targets, and responsibilities) should always be in place.

    Build a communication plan to ensure the implementation of continual improvement stakeholder buy-in

    1. Throughout the improvement process, share information about both the status of the project and the impact of the improvement initiatives.
    Icon of a group of people. Encourage a collaborative environment across all members of the practice team.
    Icon of an ascending graph. Motivate every individual to continue moving upward and taking ownership over their roles.
    Icon of overlapping speech bubbles. Communication among team members ensures that everyone is on the same page working together toward a common goal.
    Icon of a handshake. The most important thing is to get the support of your team. Unless you have their support, you won’t be able to deliver any of the solutions you draw up.
    2. The end users should be kept in the loop so they can feel that their contribution is valued.
    Icon of an arrow pointing right. When improvements happen and only a small group of people are involved in the results and action plan, misconceptions will arise.
    Icon of a thumbs up in a speech bubble. If communication is lacking, end users will provide less feedback on the practice improvements.
    Icon of a cone made of stacked layers. For end users to feel their concerns are being considered, you must communicate the findings in a way that conveys the impact of their contribution.

    Info-Tech Insight

    To be effective, continual improvement requires open and honest feedback from IT staff. Debriefings work well for capturing information about lessons learned. Break down the debriefings into smaller, individual activities completed within each phase of the project to better capture the large amount of data and lessons learned within that phase.

    Measure the success of your improvement program

    Continual improvement is everybody’s job within the organization.

    Determine how improvements impacted stakeholders. Build a relationship pyramid to analyze how improvements impacted external users and narrow down to the internal users, implementing team, and leaders.
    1. How did we make improvements with our partners and suppliers? –› Look into your contracts and measure the SLAs and commitments.
    2. How could improvement initiatives impact the organization? –› Involve everybody to provide feedback. Rerun the end-user satisfaction survey and compare with the baseline that you obtained before improvement implementation.
    3. How does the improvement team feel about the whole process? –› What were the lessons learned, and can the team apply the lessons in the next improvement initiatives?
    4. How did the leaders manage and lead improvements? –› Were they able to provide proper vision to guide the improvement team through the process?
    A relationship pyramid with the initial questions on the left starting from '1' at the bottom to '4' at the 2nd highest level.

    Measure changes in selected metrics to evaluate success

    Measuring and reporting are key components in the improvement process.

    Adjust improvement priority based on updated objectives. Justify the reason. Refer to your CIR to document it.

    Did you get there?

    Part of the measurement should include a review of CSFs and KPIs determined in step 1 (assess the future state). Some may need to be replaced.

    • After an improvement has been implemented, it is important to regularly monitor and evaluate the CSFs and KPIs you chose and run reports to evaluate whether the implemented improvement has actually resolved the service/process issues or helped you achieve your objectives.
    • Establish a schedule for regularly reviewing key metrics that were identified in Step 1 and assessing change in those metrics and progress toward reaching objectives.
    • In addition to reviewing CSFs, KPIs, and metrics, check in with the IT organization and end users to measure their perceptions of the change once an appropriate amount of time has passed.
    • Ensure that metrics are telling the whole story and that reporting is honest in order to be informative.
    Outcomes of the continual improvement process should include:
    • Improved efficiency, effectiveness, and quality of processes and services.
    • Processes and services more aligned with the business needs and strategy.
    • Maturity of processes and services.

    For a guideline to determine a list of metrics, refer to Info-Tech’s blueprints:

    Info-Tech Insight

    Make sure you’re measuring the right things and considering all sources of information. Don’t rely on a single or very few metrics. Instead, consider a group of metrics to help you get a better holistic view of improvement initiatives and their impact on IT operations.

    6. Establish a learning culture and apply it to other practices

    Reflect on lessons learned to drive change forward

    What did you learn?
    Icon of a checklist and pencil. Ultimately, continual improvement is an ongoing educational program.
    Icon of a brain with a lighting bolt.
    Icon of a wrench in a speech bubble. By teaching your team how to learn better and identify sources of new knowledge that can be applied going forward, you maximize the efficacy of your team and improvement plan effort.
    What obstacles prevented you from reaching your target condition?
    Icon of a map marker. If you did not reach your target goals, reflect as a team on what obstacles prevented you from reaching that target.
    Icon of a wrench in a gear. Focus on the obstacles that are preventing your team from reaching the target state.
    Icon of a sun behind clouds. As obstacles are removed, new ones will appear, and old ones will disappear.

    Compare expectations versus reality

    Compare the EC (expected change) to the AC (actual change)
    Arrow pointing down.
    Arrow pointing left and down labelled 'Small'. Evaluate the differences: how large is the difference from what you expected? Arrow pointing right and down labelled 'Large'.
    Things are on track and the issue could have simply been an issue with timing of the improvement. More reflection is needed. Perhaps it is a gap in understanding the goal or a poor execution of the action plan.

    Info-Tech Insight

    Regardless of the cause, large differences between the EC and the AC provide great learning opportunities about how to approach change in the future.

    A cycle around a dartboard with numbered steps: '01 Determine your goals', '02 Define the process team', '03 Determine initiatives', '04 Prioritize initiatives', '05 Execute improvement', '06 Establish a learning culture'.

    Think long-term to sustain changes

    The continual improvement process is ongoing. When one improvement cycle ends, the next should begin in order to continually measure and evaluate processes.

    The goal of any framework is steady and continual improvement over time that resets the baseline to the current (and hopefully improved) level at the end of each cycle.

    Have processes in place to ensure that the improvements made will remain in place after the change is implemented. Each completed cycle is just another step toward your target state.
    Icon of a group of people. Ensure that there is a continual commitment from management.
    Icon of a bar chart. Regularly monitor metrics as well as stakeholder feedback after the initial improvement period has ended. Use this information to plan the next improvement.
    Icon of gears. Continual improvement is a combination of attitudes, behavior, and culture.

    Related Info-Tech Research

    Sample of 'Build a Business-Aligned IT Strategy'. Build a Business-Aligned IT Strategy

    Success depends on IT initiatives clearly aligned to business goals, IT excellence, and driving technology innovation.

    Sample of 'Develop Meaningful Service Metrics'. Develop Meaningful Service Metrics

    Reinforce service orientation in your IT organization by ensuring your IT metrics generate value-driven resource behavior.

    Sample of 'Common Challenges to incident management success'. Improve Incident and Problem Management

    Rise above firefighter mode with structured incident management to enable effective problem management.

    Works Cited

    “Continual Improvement ITIL4 Practice Guide.” AXELOS, 2020. Accessed August 2022.

    “5 Tips for Adopting ITIL 4’s Continual Improvement Management Practice.” SysAid, 2021. Accessed August 2022.

    Jacob Gillingham. “ITIL Continual Service Improvement And 7-Step Improvement Process” Invensis Global Learning Services, 2022. Accessed August 2022.

    Create an IT View of the Service Catalog

    • Buy Link or Shortcode: {j2store}396|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $59,399 Average $ Saved
    • member rating average days saved: 66 Average Days Saved
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • Organizations often don’t understand which technical services affect user-facing services.
    • Organizations lack clarity around ownership of responsibilities for service delivery.
    • Organizations are vulnerable to change-related incidents when they don’t have insight into service dependencies and their business impact.

    Our Advice

    Critical Insight

    • Even IT professionals underestimate the effort and the complexity of technical components required to deliver a service.
    • Info-Tech’s methodology promotes service orientation among technical teams by highlighting how their work affects the value of user-facing services.
    • CIOs can use the technical part of the catalog as a tool to articulate the value, dependencies, and constraints of services to business leaders.

    Impact and Result

    • Extend the user-facing service catalog to document the people, processes, and technology required to deliver user-facing services.
    • Bring transparency to how services are delivered to better articulate IT’s capabilities and strengthen IT-business alignment.
    • Increase IT’s ability to assess the impact of changes, make informed decisions, and mitigate change-related risks.
    • Respond to incidents and problems in the IT environment with more agility due to reduced diagnosis time for issues.

    Create an IT View of the Service Catalog Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build the technical components of your service catalog, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch the project

    Build a strong foundation for the project to increase the chances of success.

    • Create an IT View of the Service Catalog – Phase 1: Launch the Project
    • Service Catalog Extension Project Charter
    • Service Catalog Extension Training Deck

    2. Identify service-specific technologies

    Identify which technologies are specific to certain services.

    • Create an IT View of the Service Catalog – Phase 2: Identify Service-Specific Technology
    • IT Service Catalog

    3. Identify underpinning technologies

    Determine which technologies underpin the existence of user-facing services.

    • Create an IT View of the Service Catalog – Phase 3: Identify Underpinning Services

    4. Map the people and processes to the technologies they support

    Document the roles and responsibilities required to deliver each user-facing service.

    • Create an IT View of the Service Catalog – Phase 4: Determine People & Process
    • Service Definitions: Visual Representations
    [infographic]

    Workshop: Create an IT View of the Service Catalog

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch the Project

    The Purpose

    Build a foundation to kick off the project.

    Key Benefits Achieved

    A carefully selected team of project participants.

    Identified stakeholders and metrics.

    Activities

    1.1 Create a communication plan

    1.2 Complete the training deck

    Outputs

    Project charter

    Understanding of the process used to complete the definitions

    2 Identify Service-Specific Technologies and Underpinning Technologies

    The Purpose

    Determine the technologies that support the user-facing services.

    Key Benefits Achieved

    Understanding of what is required to run a service.

    Activities

    2.1 Determine service-specific technology categories

    2.2 Identify service-specific technologies

    2.3 Determine underpinning technologies

    Outputs

    Logical buckets of service-specific technologies makes it easier to identify them

    Identified technologies

    Identified underpinning services and technologies

    3 Identify People and Processes

    The Purpose

    Discover the roles and responsibilities required to deliver each user-facing service.

    Key Benefits Achieved

    Understanding of what is required to deliver each user-facing service.

    Activities

    3.1 Determine roles required to deliver services based on organizational structure

    3.2 Document the services

    Outputs

    Mapped responsibilities to each user-facing service

    Completed service definition visuals

    4 Complete the Service Definition Chart and Visual Diagrams

    The Purpose

    Create a central hub (database) of all the technical components required to deliver a service.

    Key Benefits Achieved

    Single source of information where IT can see what is required to deliver each service.

    Ability to leverage the extended catalog to benefit the organization.

    Activities

    4.1 Document all the previous steps in the service definition chart and visual diagrams

    4.2 Review service definition with team and subject matter experts

    Outputs

    Completed service definition visual diagrams and completed catalog

    Optimize Social Media Strategy by Service

    • Buy Link or Shortcode: {j2store}562|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,599 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Many organizations are jumping the gun on service selection and missing valuable opportunities to tap into conversations their consumers are having about them.
    • Companies are struggling to harness real benefits from social media because they dive into content and engagement strategy without spending the appropriate amount of time on social media service selection.
    • After organizations have selected the appropriate social media services, clients fail to understand best practices for participating in conversations and therefore are unable to optimize their success on each service.

    Our Advice

    Critical Insight

    • Conventional wisdom dictates that you should pick the social network where you have the greatest subscriber base to reach, but this is irrelevant. Organizations need to consider all the social media services available when selecting services, to ensure they are optimizing their social media strategy and interacting with the right people.
    • In today’s social media landscape there is a wide variety of social media services to choose from. Services range from hot micro-blogging services, like Twitter, to more niche social multimedia services, like Flickr or Vimeo.
    • Each department should manage its set of relevant services regardless of platform. For example a marketing manager should manage all social media services in marketing, rather than have one person manage all Twitter feeds, one person manage all Facebook pages, etc.
    • The services your organization selects shouldn’t operate as islands. Consider not only how the services will fit with each other, but also how they will fit with existing channels. Use a market coverage model to ensure the services you select are complementing each other.
    • The landscape for social media services changes rapidly. It is essential to conduct an audit of services to maintain an optimal mix of services. Conduct the audit semi-annually for best effect.

    Impact and Result

    • Learn about the importance of choosing the correct services to ensure you are reaching your consumers and not wasting time playing with the wrong people.
    • Understand the business use cases for each service and best practices for using them.
    • Leverage different social media services to create a market coverage model that balances social media services with your products/services and business objectives.
    • Identify the risks associated with specific platforms and ensure IT works to mitigate them.
    • Create a plan for conducting a Social Media Service Audit to stay on top of changing trends.

    Optimize Social Media Strategy by Service Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create the right social media service mix

    Understand the different social media services, their unique value propositions for customer interaction, and the content and timing best practices for each.

    • Storyboard: Optimize Social Media Strategy by Service
    • Social Media Service Selection Tool

    2. Execute a plan for social service selection and management

    Leverage different social media services to create a market coverage model and assign responsibilities.

    3. Perform a semi-annual social media service audit

    Conduct an audit to stay on top of changing trends.

    • Social Media Services Audit Template
    [infographic]

    Design and Build a User-Facing Service Catalog

    • Buy Link or Shortcode: {j2store}395|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $62,821 Average $ Saved
    • member rating average days saved: 29 Average Days Saved
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • Business users don’t know what breadth of services are available to them.
    • It is difficult for business users to obtain useful information regarding services because they are often described in technical language.
    • Business users have unrealistic expectations of what IT can do for them.
    • There is no defined agreement on what is available, so the business assumes everything is.

    Our Advice

    Critical Insight

    • Define services from the business user’s perspective, not IT’s perspective.
      • A service catalog is of no use if a user looks at it and sees a significant amount of information that doesn’t apply to them.
    • Separate the enterprise services from the Line of Business (LOB) services.
      • This will simplify the process of documenting your service definitions and make it easier for users to navigate, which leads to a higher chance of user acceptance.

    Impact and Result

    • Our program helps you organize your services in a way that is relevant to the users, and practical and manageable for IT.
    • Our approach to defining and categorizing services ensures your service catalog remains a living document. You may add or revise your service records with ease.
    • Our program creates a bridge between IT and the business. Begin transforming IT’s perception within the organization by communicating the benefits of the service catalog.

    Design and Build a User-Facing Service Catalog Research & Tools

    Start here – read the Executive Brief

    Read our concise executive brief to understand why building a Service Catalog is a good idea for your business, and how following our approach will help you accomplish this difficult task.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch the project

    The Launch the Project phase will walk through completing Info-Tech's project charter template. This phase will help build a balanced project team, create a change message and communication plan, and achieve buy-in from key stakeholders.

    • Design & Build a User-Facing Service Catalog – Phase 1: Launch the Project
    • Service Catalog Project Charter

    2. Identify and define enterprise services

    The Identify and Define Enterprise Services phase will help to target enterprise services offered by the IT team. They are offered to everyone in the organization, and are grouped together in logical categories for users to access them easily.

    • Design & Build a User-Facing Service Catalog – Phase 2: Identify and Define Enterprise Services
    • Sample Enterprise Services

    3. Identify and define Line of Business (LOB) services

    After completing this phase, all services IT offers to each LOB or functional group should have been identified. Each group should receive different services and display only these services in the catalog.

    • Design & Build a User-Facing Service Catalog – Phase 3: Identify and Define Line of Business Services
    • Sample LOB Services – Industry Specific
    • Sample LOB Services – Functional Group

    4. Complete the Services Definition Chart

    Completing the Services Definition Chart will help the business pick which information to include in the catalog. This phase also prepares the catalog to be extended into a technical service catalog through the inclusion of IT-facing fields.

    • Design & Build a User-Facing Service Catalog – Phase 4: Complete Service Definitions
    • Services Definition Chart
    [infographic]

    Workshop: Design and Build a User-Facing Service Catalog

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch the Project

    The Purpose

    The purpose of this module is to help engage IT with business decision making.

    Key Benefits Achieved

    This module will help build a foundation for the project to begin. The buy-in from key stakeholders is key to having them take onus on the project’s completion.

    Activities

    1.1 Assemble the project team.

    1.2 Develop a communication plan.

    1.3 Establish metrics for success.

    1.4 Complete the project charter.

    Outputs

    A list of project members, stakeholders, and a project leader.

    A change message, communication strategy, and defined benefits for each user group.

    Metrics used to monitor the usefulness of the catalog, both from a performance and monetary perspective.

    A completed project charter to engage users in the initiative.

    2 Identify and Define Enterprise Services

    The Purpose

    The purpose of this module is to review services which are offered across the entire organization.

    Key Benefits Achieved

    A complete list of enterprise services defined from the user’s perspective to help them understand what is available to them.

    Activities

    2.1 Identify enterprise services used by almost everyone across the organization.

    2.2 Categorize services into logical groups.

    2.3 Define the services from the user’s perspective.

    Outputs

    A complete understanding of enterprise services for both IT service providers and business users.

    Logical groups for organizing the services in the catalog.

    Completed definitions in business language, preferably reviewed by business users.

    3 Identify and Define Line of Business (LOB) Services

    The Purpose

    The purpose of this module is to define the remaining LOB services for business users, and separate them into functional groups.

    Key Benefits Achieved

    Business users are not cluttered with LOB definitions that do not pertain to their business activities.

    Business users are provided with only relevant IT information.

    Activities

    3.1 Identify the LOBs.

    3.2 Determine which one of two methodologies is more suitable.

    3.3 Identify LOB services using appropriate methodology.

    3.4 Define services from a user perspective.

    Outputs

    A structured view of the different functional groups within the business.

    An easy to follow process for identifying all services for each LOB.

    A list of every service for each LOB.

    Completed definitions in business language, preferably reviewed by business users.

    4 Complete the Full Service Definitions

    The Purpose

    The purpose of this module is to guide the client to completing their service record definitions completely.

    Key Benefits Achieved

    This module will finalize the deliverable for the client by defining every user-facing service in novice terms.

    Activities

    4.1 Understand the components to each service definition (information fields).

    4.2 Pick which information to include in each definition.

    4.3 Complete the service definitions.

    Outputs

    A selection of information fields to be included in the service catalog.

    A selection of information fields to be included in the service catalog.

    A completed service record design, ready to be implemented with the right tool.

    Further reading

    Design and Build a User-Facing Service Catalog

    Improve user satisfaction with IT with a convenient menu-like catalog.

    Our understanding of the problem

    This Research Is Designed For:

    • CIOs
    • Directors and senior managers within IT and the business

    This Research Will Help You:

    • Articulate all of the services IT provides to the business in a language the business users understand.
    • Improve IT and business alignment through a common understanding of service features and IT support.

    This Research Will Help Them

    • Standardize and communicate how users request access to services.
    • Standardize and communicate how users obtain support for services.
    • Clearly understand IT’s role in providing each service.

    What is a service catalog?

    The user-facing service catalog is the go-to place for IT service-related information.

    The catalog defines, documents, and organizes the services that IT delivers to the organization. The catalog also describes the features of the services and how the services are intended to be used.

    The user-facing service catalog creates benefits for both the business and IT.

    For business users, the service catalog:

    1. Documents how to request access to the service, hours of availability, delivery timeframes, and customer responsibilities.
    2. Specifies how to obtain support for the services, support hours, and documentation.

    For IT, the service catalog:

    1. Identifies who owns the services and who is authorized to use the services.
    2. Specifies IT support requirements for the services, including support hours and documentation.

    What is the difference between a user-facing service catalog and a technical service catalog?

    This blueprint is about creating a user-facing service catalog written and organized in a way that focuses on the services from the business’ view.

    User facing

    User-friendly, intuitive, and simple overview of the services that IT provides to the business.

    The items you would see on the menu at a restaurant are an example of User Facing. The content is relatable and easy to understand.

    Technical

    Series of technical workflows, supporting services, and the technical components that are required to deliver a service.

    The recipe book with cooking instructions is an example of Technical Facing. This catalog is intended for the IT teams and is “behind the scene.”

    What is a service and what does it mean to be service oriented?

    The sum of the people, processes, and technologies required to enable users to achieve a business outcome is a Service.

    A service is used directly by the end users and is perceived as a coherent whole.

    Business Users →Service = Application & Systems + People & Processes

    Service Orientation is…

    • A focus on business requirements and business value, rather than IT driven motives.
    • Services are designed to enable required business activities.
    • Services are defined from the business perspective using business language.

    In other words, put on your user hat and leave behind the technical jargons!

    A lack of a published user-facing service catalog could be the source of many pains throughout your organization

    IT Pains

    • IT doesn’t understand all the services they provide.
    • Business users would go outside of IT for solutions, proliferating shadow IT.
    • Business users have a negative yet unrealistic perception of what IT is capable of.
    • IT has no way of managing expectations for their users, which tend to inflate.
    • There is often no defined agreement on services; the business assumes everything is available.

    Business Pains

    • Business users don’t know what services are available to them.
    • It is difficult to obtain useful information regarding a service because IT always talks in technical language.
    • Without a standard process in place, business users don’t know how to request access to a service with multiple sources of information available.
    • Receiving IT support is a painful, long process and IT doesn’t understand what type of support the business requires.

    An overwhelming majority of IT organizations still need to improve how they demonstrate their value to the business

    This image contains a pie chart with a slice representing 23% of the circle This image contains a pie chart with a slice representing 47% of the circle This image contains a pie chart with a slice representing 92% of the circle

    23% of IT is still viewed as a cost center.

    47% of business executives believe that business goals are going unsupported by IT.

    92% of IT leaders see the need to prove the business value of IT’s contribution.

    How a Service Catalog can help:

    Use the catalog to demonstrate how IT is an integral part of the organization and IT services are essential to achieve business objectives.

    Source: IT Communication in Crisis Report

    Transform the perception of IT by articulating all the services that are provided through the service catalog in a user-friendly language.

    Source: Info-Tech Benchmarking and Diagnostic Programs

    Increase IT-business communication and collaboration through the service catalog initiative. Move from technology focused to service-oriented.

    Source: IT Communication in Crisis Report

    Project Steps

    Phase 1 – Project Launch

    1.2 Project Team

    The team must be balanced between representatives from the business and IT.

    1.2 Communication Plan

    Communication plan to facilitate input from both sides and gain adoption.

    1.3 Identify Metrics

    Metrics should reflect the catalog benefits. Look to reduced number of service desk inquiries.

    1.4 Project Charter

    Project charter helps walk you through project preparation.

    This blueprint separates enterprise service from line of business service.

    This image contains a comparison between Enterprise IT Service and Line of Business Service, which will be discussed in further detail later in this blueprint.

    Project steps

    Phase 2 – Identify and Define Enterprise Services

    2.1 Identify the services that are used across the entire organization.

    2.2 Users must be able to identify with the service categories.

    2.3 Create basic definitions for enterprise services.

    Phase 3 – Identify and Define Line of Business Services

    3.1 Identify the different lines of business (LOBs) in the organization.

    3.2 Understand the differences between our two methodologies for identifying LOB services.

    3.3 Use methodology 1 if you have thorough knowledge of the business.

    3.4 Use methodology 2 if you only have an IT view of the LOB.

    Phase 4 – Complete Service Definitions

    4.1 Understand the different components to each service definition, or the fields in the service record.

    4.2 Identify which information to include for each service definition.

    4.3 Define each enterprise service according to the information and field properties.

    4.3 Define each LOB service according to the information and field properties.

    Define your service catalog in bundles to achieve better catalog design in the long run

    Trying to implement too many services at once can be overwhelming for both IT and the users. You don’t have to define and implement all of your services in one release of the catalog.

    Info-Tech recommends implementing services themselves in batches, starting with enterprise, and then grouping LOB services into separate releases. Why? It benefits both IT and business users:

    • It enables a better learning experience for IT – get to test the first release before going full-scale. In other words, IT gets a better understanding of all components of their deliverable before full adoption.
    • It is easier to meet customer agreements on what is to be delivered early, and easier to be able to meet those deadlines.
    This image depicts how you can use bundles to simplify the process of catalog design using bundles. The cycle includes the steps: Identify Services; Select a Service Bundle; Review Record Design; followed by a cycle of: Pick a service; Service X; Service Data Collection; Create Service Record, followed by Publish the bundle; Communicate the bundle; Rinse and Repeat.

    After implementing a service catalog, your IT will be able to:

    Use the service catalog to communicate all the services that IT provides to the business.

    Improve IT’s visibility within the organization by creating a single source of information for all the value creating services IT has to offer. The service catalog helps the business understand the value IT brings to each service, each line of business, and the overall organization.

    Concentrate more on high-value IT services.

    The service catalog contains information which empowers business users to access IT services and information without the help of IT support staff. The reduction in routine inquiries decreases workload and increases morale within the IT support team, and allows IT to concentrate on providing higher value services.

    Reduce shadow IT and gain control of services.

    Service catalog brings more control to your IT environment by reducing shadow IT activities. The service catalog communicates business requests responsively in a language the business users understand, thus eliminating the need for users to seek outside help.

    After implementing a service catalog, your business will be able to:

    Access IT services with ease.

    The language of IT is often confusing for the business and the users don’t know what to do when they have a concern. With a user-facing service catalog, business users can access information through a single source of information, and better understand how to request access or receive support for a service through clear, consistent, and business-relevant language.

    Empower users to self-serve.

    The service catalog enables users to “self-serve” IT services. Instead of calling the service desk every time an issue occurs, the users can rely on the service catalog for information. This simplified process not only reduces routine service requests, but also provides information in a faster, more efficient manner that increases productivity for both IT and the business.

    Gain transparency on the IT services provided.

    With every service clearly defined, business users can better understand the current support level, communicate their expectation for IT accountability, and help IT align services with critical business strategies.

    Leverage the different Info-Tech deliverable tools to help you along the way

    1. Project Charter

    A project charter template with a few samples completed. The project charter helps you govern the project progress and responsibilities.

    2. Enterprise Service Definitions

    A full list of enterprise definitions with features and descriptions pre-populated. These are meant to get you on your feet defining your own enterprise services, or editing the ones already there.

    3. Basic Line of Business Service Definitions

    Similar to the enterprise services deliverable, but with two separate deliverables focusing on different perspectives – functional groups services (e.g. HR and finance) and industry-specific services (e.g. education and government).

    Service Definitions & Service Record Design

    Get a taste of a completed service catalog with full service definitions and service record design. This is the final product of the service catalog design once all the steps and activities have been completed.

    The service catalog can be the foundation of your future IT service management endeavors

    After establishing a catalog of all IT services, the following projects are often pursued for other objectives. Service catalog is a precursor for all three.

    1. Technical Service Catalog

    Need an IT-friendly breakdown of each service?
    Keep better record of what technical components are required to deliver a service. The technical service catalog is the IT version of a user-facing catalog.

    2. Service-Based Costing

    Want to know how much each IT service is costing you?
    Get a better grip on the true cost of IT. Using service-based costing can help justify IT expenses and increase budgetary allotment.

    3. Chargeback

    Want to hold each business unit accountable for the IT services they use?
    Some business units abuse their IT services because they are thought to be free. Keep them accountable and charge them for what they use.

    The service catalog need not be expensive – organizations of all sizes (small, medium, large) can benefit from a service catalog

    No matter what size organization you may be, every organization can create a service catalog. Small businesses can benefit from the catalog the same way a large organization can. We have an easy step-by-step methodology to help introduce a catalog to your business.

    It is common that users do not know where to go to obtain services from IT… We always end up with a serious time-crunch at the beginning of a new school year. With automated on- and off-boarding services, this could change for the better.Dean Obermeyer, Technology Coordinator, Los Alamos Public Schools

    CIO Call to Action

    As the CIO and the project sponsor, you need to spearhead the development of the service catalog and communicate support to drive engagement and adoption.

      Start

    1. Select an experienced project leader
    2. Identify stakeholders and select project team members with the project leader
    3. Throughout the project

    4. Attend or lead the project kick-off meeting
    5. Create checkpoints to regularly touch base with the project team
    6. Service catalog launch

    7. Communicate the change message from beginning to implementation

    Identify a project leader who will drive measurable results with this initiative

    The project leader acts on behalf of the CIO and must be a senior level staff member who has extensive knowledge of the organization and experiences marshalling resources.

    Influential & Impactful

    Developing a service catalog requires dedication from many groups within IT and outside of IT.
    The project leader must hold a visible, senior position and can marshal all the necessary resources to ensure the success of the project. Ability to exert impact and influence around both IT and the business is a must.

    Relationship with the Business

    The user-facing service catalog cannot be successful if business input is not received.
    The project leader must leverage his/her existing relationship with the business to test out the service definitions and the service record design.

    Results Driven

    Creating a service catalog is not an easy job and the project leader must continuously engage the team members to drive results and efficiency.
    The highly visible nature of the service catalog means the project leader must produce a high-quality outcome that satisfies the business users.

    Info-Tech’s methodology helps organization to standardize how to define services

    CASE STUDY A
    Industry Municipal Government
    Source Onsite engagement

    Municipal Government
    The IT department of a large municipal government in the United States provides services to a large number of customers in various government agencies.
    Service Catalog Initiative
    The municipal government allocated a significant amount of resources to answer routine inquiries that could have been avoided through user self-service. The government also found that they do not organize all the services IT provides, and they could not document and publish them to the customer. The government has already begun the service catalog initiative, but was struggling with how to identify services. Progress was slow because people were arguing amongst themselves – the project team became demoralized and the initiative was on the brink of failure.
    Results
    With Info-Tech’s onsite support, the government was able to follow a standardized methodology to identify and define services from the user perspective. The government was able to successfully communicate the initiative to the business before the full adoption of the service catalog.

    We’re in demos with vendors right now to purchase an ITSM tool, and when the first vendor looked at our finished catalog, they were completely impressed.- Client Feedback

    [We feel] very confident. The group as a whole is pumped up and empowered – they're ready to pounce on it. We plan to stick to the schedule for the next three months, and then review progress/priorities. - Client Feedback

    CASE STUDY B
    Industry Healthcare
    Source Onsite engagement

    Healthcare Provider
    The organization is a healthcare provider in Canada. It treats patients with medical emergencies, standard operations, and manages a faculty of staff ranging from nurses and clerks, to senior doctors. This organization is run across several hospitals, various local clinics, and research centers.
    Service Catalog Initiative
    Because the organization is publicly funded, it is subject to regular audit requirements – one of which is to have a service catalog in place.
    The organization also would like to charge back its clients for IT-related costs. In order to do this, the organization must be able to trace it back to each service. Therefore, the first step would be to create a user-facing service catalog, followed by the technical service catalog, which then allows the organization to do service-based costing and chargeback.
    Results
    By leveraging Info-Tech’s expertise on the subject, the healthcare provider was able to fast-track its service catalog development and establish the groundwork for chargeback abilities.

    "There is always some reticence going in, but none of that was apparent coming out. The group dynamic was very good. [Info-Tech] was able to get that response, and no one around the table was silent.
    The [expectation] of the participants was that there was a purpose in doing the workshop. Everybody knew it was for multiple reasons, and everyone had their own accountability/stakes in the development of it. Highly engaged."
    - Client Feedback

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Launch the Project

    Identify Enterprise Services

    Identify Line of Business Services

    Complete Service Definitions

    Best-Practice Toolkit

    1.1 Assemble the project team.

    1.2 Develop a communication plan.

    1.3 Establish metrics for success.

    1.4 Complete the project charter.

    2.1 Identify services available organization-wide.

    2.2 Categorize services into logical groups.

    2.3 Define the services.

    3.1 Identify different LOBs.

    3.2 Pick one of two methodologies.

    3.3 Use method to identify LOB services.

    4.1 Learn components to each service definition.

    4.2 Pick which information to include in each definition.

    4.3 Define each service accordingly.

    Guided Implementations Identify the project leader with the appropriate skills.

    Assemble a well-rounded project team.

    Develop a mission statement and change messages.

    Create a comprehensive list of enterprise services that are used across the organization.

    Create a categorization scheme that is based on the needs of the business users.

    Walk through the two Info-Tech methodologies and understand which one is applicable.

    Define LOB services using the appropriate methodology.

    Decide what should be included and what should be kept internal for the service record design.

    Complete the full service definitions.

    Onsite Workshop Phase 1 Results:

    Clear understanding of project objectives and support obtained from the business.

    Phase 2 Results:

    Enterprise services defined and categorized.

    Phase 3 Results:

    LOB services defined based on user perspective.

    Phase 4 Results:

    Service record designed according to how IT wishes to communicate to the business.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Activities

    Launch the Project

    Identify Enterprise Services

    Identify Line of Business Services

    Complete Service Definitions

    1.1 Assemble the project team.

    1.2 Develop a communication plan.

    1.3 Establish metrics for success.

    1.4 Complete the project charter.

    2.1 Identify services available organization-wide.

    2.2 Categorize services into logical groups.

    2.3 Define the services.

    3.1 Identify different LOBs.

    3.2 Pick one of two methodologies.

    3.3 Use method to identify LOB services.

    4.1 Learn components to each service definition.

    4.2 Pick which information to include in each definition.

    4.3 Define each service accordingly.

    Deliverables
    • Service Catalog Project Charter
    • Enterprise Service Definitions
    • LOB Service Definitions – Functional groups
    • LOB Service Definitions – Industry specific
    • Service Definitions Chart

    PHASE 1

    Launch the Project

    Design & Build a User-Facing Service Catalog

    Step 1 – Create a project charter to launch the initiative

    1. Complete the Project Charter
    2. Create Enterprise Services Definitions
    3. Create Line of Business Services Definitions
    4. Complete Service Definitions

    This step will walk you through the following activities:

    • Develop a mission statement to obtain buy-ins from both IT and business stakeholders.
    • Assemble a well-rounded project team to increase the success of the project.
    • Identify and obtain support from stakeholders.
    • Create an impactful change message to the organization to promote the service catalog.
    • Determine project metrics to measure the effectiveness and value of the initiative.

    Step Insights

    • The project leader must have a strong relationship with the business, the ability to garner user input, and the authority to lead the team in creating a user-facing catalog that is accessible and understandable to the user.
    • Having two separate change messages prepared for IT and the business is a must. The business change message advocates how the catalog will make IT more accessible to users, and the IT message centers around how the catalog will make IT’s life easier through a standardized request process.

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Launch the project
    Proposed Time to Completion: 2 weeks
    Step 1.2: Create change messages

    Step 1.2: Create change messages

    Start with an analyst kick off call:

    • Identify the key objectives of creating a user-facing service catalog.
    • Identify the necessary members of the project team.

    Review findings with analyst:

    • Prioritize project stakeholders according to their involvement and influence.
    • Create a change message for IT and the business articulating the benefits.

    Then complete these activities…

  • Assemble a team with representatives from all areas of IT.
  • Identify the key project stakeholders.
  • Create a project mission statement.
  • Then complete these activities…

  • Create a separate change message for IT and the business.
  • Determine communication methods and channels.
  • With these tools & templates: Service

    Catalog Project Charter

    With these tools & templates:

    Service Catalog Project Charter

    Use Info-Tech’s Service Catalog Project Charter to begin your initiative

    1.1 Project Charter

    The following section of slides outline how to effectively use Info-Tech’s sample project charter.

    The Project Charter is used to govern the initiative throughout the project. IT should provide the foundation for project communication and monitoring.

    It has been pre-populated with information appropriate for Service Catalog projects. Please review this sample text and change, add, or delete information as required.

    Building the charter as a group will help you to clarify your key messages and help secure buy-in from critical stakeholders upfront.

    You may feel like a full charter isn’t necessary, and depending on your organizational size, it might not be. However, the exercise of building the charter is important none-the-less. No matter your current climate, some elements of communicating the value and plans for implementing the catalog will be necessary.

    The Charter includes the following sections:

    • Mission Statement
    • Project team members
    • Project stakeholders
    • Change message
    • Communication and organizational plan
    • Metrics

    Use Info-Tech’s Service Catalog Project Charter.

    Create a mission statement to articulate the purpose of this project

    The mission statement must be compelling because embarking on creating a service catalog is no easy task. It requires significant commitment from different people in different areas of the business.

    Good mission statements are directive, easy to understand, narrow in focus, and favor substance over vagueness.

    While building your mission statement, think about what it is intended to do, i.e. keep the project team engaged and engage others to adopt the service catalog. Included in the project charter’s mission statement section is a brief description of the goals and objectives of the service catalog.

    Ask yourself the following questions:

    1. What frustrations does your business face regarding IT services?
    2. f our company continues growing at this rate, will IT be able to manage service levels?
    3. How has IT benefited from consolidating IT services into a user perspective?

    Project Charter

    Info-Tech’s project charter contains two sample mission statements, along with additional tips to help you create yours.

    Tackle the project with a properly assembled team to increase the speed and quality in which the catalog will be created

    Construct a well-balanced project team to increase your chances of success.

    Project Leader

    Project leader will be the main catalyst for the creation of the catalog. This person is responsible for driving the whole initiative.

    Project Participants

    IT project participants’ input and business input will be pivotal to the creation of the catalog.

    Project Stakeholders

    The project stakeholders are the senior executives who have a vested interest in the service catalog. IT must produce periodic and targeted communication to these stakeholders.

    Increase your chances of success by creating a dynamic group of project participants

    Your project team will be a major success factor for your service catalog. Involvement from IT management and the business is a must.

    IT Team Member

    IT Service Desk Manager

    • The Service Desk team will be an integral part of the service catalog creation. Because of their client-facing work, service desk technicians can provide real feedback about how users view and request services.

    Senior Manager/Director of Application

    • The Application representative provides input on how applications are used by the business and supported by IT.

    Senior Manager/Director of Infrastructure

    • The infrastructure representative provides input on services regarding data storage, device management, security, etc.

    Business Team Member

    Business IT Liaison

    • This role is responsible for bridging the communication between IT and the business. This role could be fulfilled by the business relationship manager, service delivery manager, or business analyst. It doesn’t have to be a dedicated role; it could be part of an existing role.

    Business representatives from different LOBs

    • Business users need to validate the service catalog design and ensure the service definitions are user facing and relevant.

    Project Charter

    Input your project team, their roles, and relevant contact information into your project charter, Section 2.

    Identify the senior managers who are the stakeholders for the service catalog

    Obtain explicit buy-in from both IT and business stakeholders.

    The stakeholders could be your biggest champions for the service catalog initiative, or they could pull you back significantly. Engage the stakeholders at the start of the project and communicate the benefits of the service catalog to them to gain their approval.

    Stakeholders

    Benefits

    CIO
    • Improved visibility and perception for IT
    • Ability to better manage business expectation

    Manager of Service Desk

    • Reduced number of routine inquires
    • Respond to business needs faster and uniformly

    Senior Manager/Director of Application & Infrastructure

    • Streamlined and standardized request/support process
    • More effective communication with the business

    Senior Business Executives from Major LOBs

    • Self-service increases user productivity for business users
    • Better quality of services provided by IT

    Project Charter

    Document a list of stakeholders, their involvement in the process (why they are stakeholders), and their contact information in Section 3.

    Articulate the creation of the service catalog to the organization

    Spread the word of service catalog implementation. Bring attention to your change message through effective mediums and organizational changes.

    Key aspects of a communication plan

    The methods of communication (e.g. newsletters, email broadcast, news of the day, automated messages) notify users of implementation.

    In addition, it is important to know who will deliver the message (delivery strategy). Talking to the business leaders is very important, and you need IT executives to deliver the message. Work hard on obtaining their support as they are the ones communicating to their staff and could be your project champions.

    Recommended organizational changes

    The communication plan should consist of changes that will affect the way users interact with the catalog. Users should know of any meetings pertinent to the maintenance and improvement of the catalog, and ways to access the catalog (e.g. link on desktop/start menu).

    This image depicts the cycle of communicating change. the items in the cycle include: What is the change?; Why are we doing it?; How are we going to go about it?; What are we trying to achieve?; How often will we be updated?

    The Qualities of Leadership: Leading Change

    Project Charter

    Your communication plan should serve as a rough guide. Communication happens in several unpredictable happenstances, but the overall message should be contained within.

    Ensure you get the whole company on board for the service catalog with a well practiced change message

    The success of your catalog implementation hinges on the business’ readiness.

    One of the top challenges for organizations that are implementing a service catalog is the acceptance and adoption of the change. Effective planning for implementation and communication is pivotal. Ensure you create tailored plans for communication and understand how the change will impact staff.

    1. Draft your change message
    2. “Better Service, Better Value.” It is important to have two change messages prepared: one for the IT department and one for business users.
      Outline a few of the key benefits each user group will gain from adopting the service catalog (e.g. Faster, ease of use, convenient, consistent…)

    3. Address feedback
    4. Anticipate some resistances of service catalog adoption and prepare responses. These may be the other benefits which were not included in the change message (e.g. IT may be reluctant to think in business language.)

    5. Conduct training sessions
    6. Host lunch & learns to demonstrate the value of the service catalog to both business and IT user groups.
      These training sessions also serve as a great way to gather feedback from users regarding style and usability.

    Project Charter

    Pick your communication medium, and then identify your target audience. You should have a change message for each: the IT department and the business users. Pay careful consideration to wording and phrasing with regard for each.

    Track metrics throughout the project to keep stakeholders informed

    In order to measure the success of your service catalog, you must establish baseline metrics to determine how much value the catalog is creating for your business.

    1. Number of service requests via the service catalog
    2. The number of service catalog requests should be carefully monitored so that it does not fluctuate too greatly. In general, the number of requests via the service catalog should increase, which indicates a higher level of self-serve.

    3. Number of inquiry calls to the service desk
    4. The number of inquiry calls should decrease because customers are able to self-serve routine IT inquiries that would otherwise have gone through the service desk.

    5. Customer satisfaction – specific questions
    6. The organization could adopt the following sample survey questions:
      From 0-5: How satisfied are you with the functionality of the service catalog? How often do you turn to the service catalog first to solve IT problems?

    7. Number of non-standard requests
    8. The number of non-standard requests should decrease because a majority of services should eventually be covered in the service catalog. Users should be able to solve nearly any IT related problem through navigating the service catalog.

    Metric Description Current Metric Future Goal
    Number of service requests via the Service Catalog
    Number of inquiry calls to the service desk
    Customer Satisfaction – specific question
    Number of non-standard requests

    Use metrics to monitor the monetary improvements the service catalog creates for the business

    When measuring against your baseline, you should expect to see the following two monetary improvements:

    1. Improved service desk efficiency
    2. (# of routine inquiry calls reduced) x (average time for a call) x (average service desk wage)

      Routine inquiries often take up a significant portion of the service desk’s effort, and the majority of them can be answered via the service catalog, thus reducing the amount of time required for a service desk employee to engage in routine solutions. The reduction in routine inquiries allows IT to allocate resources to high-value services and provide higher quality of support.

    Example

    Originally, the service desk of an organization answers 850 inquiries per month, and around 540 of them are routine inquiries requesting information on when a service is available, who they can contact if they want to receive a service, and what they need to do if they want access to a service, etc.

    IT successfully communicated the introduction of the service catalog to the business and 3 months after the service catalog was implemented, the number of routine inquiries dropped to 60 per month. Given that the average time for IT to answer the inquiry is 10 minutes (0.167 hour) and the hourly wage of a service desk technician is $25, the monthly monetary cost saving of the service catalog is:

    (540 – 60) x 0.167 x 25 = $2004.00

    • Reduced expense by eliminating non-standard requests

    (Average additional cost of non-standard request) x (Reduction of non-standard request)
    +
    (Extra time IT spends on non-standard request fulfilment) x (Average wage)

    Non-standard requests require a lot of time, and often a lot of money. IT frequently incurs additional cost because the business is not aware of how to properly request service or support. Not only can the service catalog standardize and streamline the service request process, it can also help IT define its job boundary and say no to the business if needed.

    Example

    The IT department of an organization often finds itself dealing with last-minute, frustrating service requests from the business. For example, although equipment requests should be placed a week in advance, the business often requests equipment to be delivered the next day, leaving IT to pay for additional expedited shipping costs and/or working fanatically to allocate the equipment. Typically, these requests happen 4 times a month, with an additional cost of $200.00. IT staff work an extra 6 hours per each non-standard request at an hourly wage of $30.00.

    With the service catalog, the users are now aware of the rules that are in place and can submit their request with more ease. IT can also refer the users to the service catalog when a non-standard request occurs, which helps IT to charge the cost to the department or not meet the terms of the business.

    The monthly cost saving in this case is:

    $200.00 x 4 + 6 hours x 30 = $980.00

    Create your project charter for the service catalog initiative to get key stakeholders to buy in

    1.1 2-3 hours

    The project charter is an important document to govern your project process. Support from the project sponsors is important and must be documented. Complete the following steps working with Info-Tech’s sample Project Charter.

    1. The project leader and the core project team must identify key reasons for creating a service catalog. Document the project objectives and benefits in the mission statement section.
    2. Identify and document your project team. The team must include representatives from the Infrastructure, Applications, Service desk, and a Business-IT Liaison.
    3. Identify and document your project stakeholders. The stakeholders are those who have interest in seeing the service catalog completed. Stakeholders for IT are the CIO and management of different IT practices. Stakeholders for the business are executives of different LOBs.
    4. Identify your target audience and choose the communication medium most effective to reach them. Draft a communication message hitting all key elements.
      Info-Tech’s project charter contains sample change messages for the business and IT.
    5. Develop a strategy as to how the change message will be distributed, i.e. the communication and organizational change plan.
    6. Use the metrics identified as a base to measure your service catalog’s implementation. If you have identified any other objectives, add new metrics to monitor your progress from the baseline to reaching those objectives.
    7. Sign and date the project charter to officiate commitment to completing the project and reaching your objectives. Have the signed and dated charter available to members of the project team.

    INPUT

    • A collaborative discussion between team members

    OUTPUT

    • Thorough briefing for project launch
    • A committed team

    Materials

    • Communication message and plan
    • Metric tracking

    Participants

    • Project leader
    • Core project team

    Obtain buy-in from business users at the beginning of the service catalog initiative

    CASE STUDY A
    Industry Government
    Source Onsite engagement

    Challenge

    The nature of government IT is quite complex: there are several different agencies located in a number of different areas. It is extremely important to communicate the idea of the service catalog to all the users, no matter the agency or location.

    The IT department had yet to let business leaders of the various agencies know about the initiative and garner their support for the project. This has proven to be prohibitive for gaining adoption from all users.

    Solution

    The IT leaders met and identified all the opportunities to communicate the service catalog to the business leaders and end users.

    To meet with the business leaders, IT leaders hosted a service level meeting with the business directors and managers. They adopted a steering committee for the continuation of the project.

    To communicate with business users, IT leaders published announcements on the intranet website before releasing the catalog there as well.

    Results

    Because IT communicated the initiative, support from business stakeholders was obtained early and business leaders were on board shortly after.

    IT also managed to convince key business stakeholders to become project champions, and leveraged their network to communicate the initiative to their employees.

    With this level of adoption, it meant that it was easier for IT to garner business participation in the project and to obtain feedback throughout.

    Info-Tech assists project leader to garner support from the project team

    CASE STUDY A
    Industry Government
    Source Onsite engagement

    Challenge

    The project received buy-in from the CIO and director of infrastructure. Together they assembled a team and project leader.

    The two struggled to get buy-in from the rest of the team, however. They didn’t understand the catalog or its benefits and objectives. They were reluctant to change their old ways. They didn’t know how much work was required from them to accomplish the project.

    Solution

    With the Info-Tech analyst on site, the client was able to discuss the benefits within their team as well as the project team responsibilities.

    The Info-Tech analyst convinced the group to move towards focusing on a business- and service-oriented mindset.

    The workshop discussion was intended to get the entire team on board and engaged with meeting project objectives.

    Results

    The project team had experienced full buy-in after the workshop. The CIO and director relived their struggles of getting project members on-board through proper communication and engagement.

    Engaging the members of the project team with the discussion was key to having them take ownership in accomplishing the project.

    The business users understood that the service catalog was to benefit their long-term IT service development.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    1.1 this image contains a screenshot from section 1.1 of this blueprint. Begin your project with a mission statement
    A strong mission statement that outlines the benefits of the project is needed to communicate the purpose of the project. The onsite Info-Tech analysts will help you customize the message and establish the foundation of the project charter.
    1.2 this image contains a screenshot from section 1.2 of this blueprint.

    Identify project team members

    Our onsite analysts will help you identify high-value team members to contribute to this project.

    1.3 This image contains a screenshot from section 1.3 of this blueprint.

    Identify important business and IT stakeholders

    Buy-in from senior IT and business management is a must. Info-Tech will help you identify the stakeholders and determine their level of influence and impact.

    1.4 This image contains a screenshot from section 1.4 of this blueprint.

    Create a change message for the business and IT

    It is important to communicate changes early and the message must be tailored for each target audience. Our analysts will help you create an effective message by articulating the benefits of the service catalog to the business and to IT.

    1.5 This image contains a screenshot from section 1.5 of this blueprint.

    Determine service project metrics

    To demonstrate the value of the service catalog, IT must come up with tangible metrics. Info-Tech’s analysts will provide some sample metrics as well as facilitate a discussion around which metrics should be tracked and monitored.

    PHASE 2

    Identify and Define Enterprise Services

    Design & Build a User-Facing Service Catalog

    Step 2 – Create Enterprise Services Definitions

    1. Complete the Project Charter
    2. Create Enterprise Services Definitions
    3. Create Line of Business Services Definitions
    4. Complete Service Definitions

    This step will walk you through the following activities:

    • Identify and define enterprise services that are commonly used across the organization.
    • Create service descriptions and features to accurately sum up the functionality of each service.
    • Create service categories and assign each service to a category.

    Step Insights

    • When defining services, be sure to carefully distinguish between what is a feature and what is a service. Often, separate services are defined in situations when they would be better off as features of existing services, and vice versa.
    • When coming up with enterprise services categories, ensure the categories group the services in a way that is intuitive. The users should be able to find a service easily based on the names of the categories.

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Define Enterprise Services
    Proposed Time to Completion: 4 weeks

    Step 2.1: Identify enterprise services

    Step 2.2: Create service categories

    Start with an analyst kick off call:

    • Identify enterprise services that are commonly used.
    • Ensure the list is comprehensive and capture common IT needs.
    • Create service descriptions and features.

    Review findings with analyst:

    • Review full list of identified enterprise services.
    • Identify service categories that are intuitive to the users.

    Then complete these activities…

    • Use Info-Tech’s sample enterprise service definitions as a guide, and change/add/delete the service definitions to customize them to your organization.

    Then complete these activities…

    • Group identified services into categories that are intuitive to the users.

    With these tools & templates: Service

    Sample Enterprise Services

    With these tools & templates:

    Sample Enterprise Services

    Identify enterprise services in the organization apart from the services available to lines of business

    Separating enterprise services from line of business services helps keep things simple to organize the service catalog. -

    Documentation of all business-facing IT services is an intimidating task, and a lack of parameters around this process often leads to longer project times and unsatisfactory outcomes.

    To streamline this process, separating enterprise services from line of business services allows IT to effectively and efficiently organize these services. This method increases the visibility of the service catalog through user-oriented communication plans.

    Enterprise Services are common services that are used across the organization.

    1. Common Services for all users within the organization (e.g. Email, Video Conferencing, Remote Access, Guest Wireless)
    2. Service Requests organized into Service Offerings (e.g. Hardware Provisioning, Software Deployment, Hardware Repair, Equipment Loans)
    3. Consulting Services (e.g. Project Management, Business Analysis, RFP Preparation, Contract Negotiation)

    All user groups access Enterprise Services

    Enterprise Services

    • Finance
    • IT
    • Sales
    • HR

    Ensure your enterprise services are defined from the user perspective and are commonly used

    If you are unsure whether a service is enterprise wide, ask yourself these two questions:

    This image contains an example of how you would use the two questions: Does the user directly use the service themselves?; and; Is the service used by the entire organization (or nearly everyone)?. The examples given are: A. Video Conferencing; B. Exchange Server; C. Email & Fax; D. Order Entry System

    Leverage Info-Tech’s Sample Enterprise Services definition

    2.1 Info-Tech’s Sample Enterprise Services definitions

    Included with this blueprint is Info-Tech’s Sample Enterprise Services definitions.

    The sample contains dozens of services common across most organizations; however, as a whole, they are not complete for every organization. They must be modified according to the business’ needs. Phase two will serve as a guide to identifying an enterprise service as well as how to fill out the necessary fields.

    This image contains a screenshot of definitions from Info-Tech's Sample Enterprises services

    Info-Tech Insight

    Keep track of which services you either modify or delete. You will have to change the same services in the final Info-Tech deliverable.

    The next slide will introduce you to the information for each service record that can be edited.

    Info-Tech’s Sample Enterprise Services definitions is designed to be easily customized

    2.1 Info-Tech’s Sample Enterprise Services definitions

    Below is an example of a service record and its necessary fields of information. This is information that can be kept, deleted, or expanded upon.

    Name the service unambiguously and from the user’s perspective.

    Brief description of how the service allows users to perform tasks.

    Describe the functionality of the service and how it helps users to achieve their business objectives.

    Cluster the services into logical groups.

    Service Name Description Features Category
    Email Email communication to connect with other employees, suppliers, and customers
    • Inbox
    • Calendar
    • Resource Scheduling (meeting rooms)
    • Access to shared mailboxes
    • Limit on mailbox size (‘x’ GB)
    • Address book/external contacts
    • Spam filtering, virus protection
    • Archiving and retrieval of older emails
    • Web/browser access to email
    • Mass email/notification (emergency, surveys, reporting)
    • Setting up a distribution list
    • Setting up Active Sync for email access on mobile devices
    Communications

    Distinguish between a feature and a unique service

    It can be difficult to determine what is considered a service itself, and what is a feature of another service. Use these tips and examples below to help you standardize this judgement.

    Example 1

    Web Conferencing has already been defined as a service. Is Audio Conferencing its own service or a feature of Web Conferencing?

    Info-Tech Tip: Is Audio Conferencing run by the same application as the Web Conferencing? Does it use the same equipment? If not, Audio Conferencing is probably its own service.

    Example 2

    Web Conferencing has already been defined as a service. Is “Screen Sharing” its own service or a feature of Web Conferencing?

    Info-Tech Tip: It depends on how the user interacts with Screen Sharing. Do they only screen share when engaged in a Web Conference? If so, Screen Sharing is a feature and not a service itself.

    Example 3

    VoIP is a popular alternative to landline telephone nowadays, but should it be part of the telephony service or a separate service?

    Info-Tech Tip: It depends on how the VoIP phone is set up.

    If the user uses the VoIP phone the same way they would use a landline phone – because the catalog is user facing – consider the VoIP as part of the telephone service.

    If the user uses their computer application to call and receive calls, consider this a separate service on its own.

    Info-Tech Insight

    While there are some best practices for coming up with service definitions, it is not an exact science and you cannot accommodate everyone. When in doubt, think how most users would perceive the service.

    Change or delete Info-Tech’s enterprise services definitions to make them your own

    2.1 3 hours

    You need to be as comprehensive as possible and try to capture the entire breadth of services IT provides to the business.

    To achieve this, a three-step process is recommended.

    1. First, assemble your project team. It is imperative to have representatives from the service desk. Host two separate workshops, one with the business and one with IT. These workshops should take the form of focus groups and should take no more than 1-2 hours.
    2. Business Focus Group:
    • In an open-forum setting, discuss what the business needs from IT to carry out their day-to-day activities.
    • Engage user-group representatives and business relationship managers.

    IT Focus Group:

    • In a similar open-forum setting, determine what IT delivers to the business. Don’t think about it from a support perspective, but from an “ask” perspective – e.g. “Service Requests.
    • Engage the following individuals: team leads, managers, directors.
  • Review results from the focus groups and compare with your service desk tickets – are there services users inquire about frequently that are not included? Finalize your list of enterprise services as a group.
  • INPUT

    • Modify Info-Tech’s sample services

    OUTPUT

    • A list of some of your business’ enterprise services

    Materials

    • Whiteboard/marker
    • Info-Tech sample enterprise services

    Participants

    • Key members of the project team
    • Service desk rep
    • Business rep

    Using Info-Tech’s Sample Enterprise Services, expand upon the services to add those that we did not include

    2.2 1-3 hours (depending on size and complexity of the IT department)

    Have your user hat on when documenting service features and descriptions. Try to imagine how the users interact with each service.

    1. Once you have your service name, start with the service feature. This field lists all the functionality the service provides. Think from the user’s perspective and document the IT-related activities they need to complete.
    2. Review the service feature fields with internal IT first to make sure there isn’t any information that IT doesn’t want to publish. Afterwards, review with business users to ensure the language is easy to understand and the features are relatable.
    3. Lastly, create a high-level service description that defines the nature of the service in one or two sentences.

    INPUT

    • Collaborate and discuss to expand on Info-Tech’s example

    OUTPUT

    • A complete list of your business’ enterprise services

    Materials

    • Whiteboard/marker
    • Info-Tech sample enterprise services

    Participants

    • Key members of the project team
    • Service desk rep
    • Business rep

    Follow Info-Tech’s guidelines to establish categories for the enterprise services that IT provides to the business

    Similar to the services and their features, there is no right or wrong way to categorize. The best approach is to do what makes sense for your organization and understand what your users think.

    What are Service Categories?

    Categories organize services into logical groups that the users can identify with. Services with similar functions are grouped together in a common category.

    When deciding your categories, think about:

    • What is best for the users?
    • Look at the workflows from the user perspective: how and why do they use the service?
    • Will the user connect with the category name?
    • Will they think about the services within the category?
    Enterprise Service Categories
    Accounts and Access
    Collaboration
    Communication
    Connectivity
    Consulting
    Desktop, Equipment, & Software
    Employee Services
    Files and Documents
    Help & Support
    Training

    Sample categories

    Categorize the services from the list below; how would you think to group them?

    There is no right or wrong way to categorize services; it is subjective to how they are provided by IT and how they are used by the business. Use the aforementioned categories to group the following services. Sample solutions are provided on the following slide.

    Service Name
    Telephone
    Email
    Remote access
    Internet
    BYOD (wireless access)
    Instant Messaging
    Video Conferencing
    Audio Conferencing
    Guest Wi-Fi
    Document Sharing

    Tips and tricks:

    1. Think about the technology behind the service. Is it the same application that provides the services? For example: is instant messaging run by the same application as email?
    2. Consider how the service is used by the business. Are two services always used together? If instant messaging is always used during video conferencing, then they belong in the same category.
    3. Consider the purpose of the services. Do they achieve the same outcomes? For example, document sharing is different from video conferencing, though they both support a collaborative working environment.

    This is a sample of different categorizations – use these examples to think about which would better suit your business

    Example 1 Example 2

    Desktop, Equipment, & Software Services

    Connectivity

    Mobile Devices

    Communications

    Internet

    Telephone

    BYOD (wireless access)

    Telephone

    Guest Wi-Fi

    Internet

    Email

    Remote Access

    Instant Messaging

    Video Conferencing

    Audio Conferencing

    Communications

    Collaboration

    Storage and Retrieval

    Accounts and Access

    Telephone

    Email

    Document Sharing

    Remote access

    Email

    Instant Messaging

    Connectivity

    Mobile Devices

    Video Conferencing

    Internet

    BYOD (wireless access)

    Audio Conferencing

    Guest Wi-Fi

    Guest Wi-Fi

    Document Sharing

    Info-Tech Insight

    Services can have multiple categories only if it means the users will be better off. Try to limit this as much as possible.

    Neither of these two examples are the correct answer, and no such thing exists. The answers you came up with may well be better suited for the users in your business.

    With key members of your project team, categorize the list of enterprise services you have created

    2.3 1 hour

    Before you start, you must have a modified list of all defined enterprise services and a modified list of categories.

    1. Write down the service names on sticky notes and write down the categories either on the whiteboard or on the flipchart.
    2. Assign the service to a category one at a time. For each service, obtain consensus on how the users would view the service and which category would be the most logical choice. In some cases, discuss whether a service should be included in two categories to create better searchability for the users.
    3. If a consensus could not be reached on how to categorize a service, review the service features and category name. In some cases, you may go back and change the features or modify or create new categories if needed.

    INPUT

    • Collaborate and discuss to expand on Info-Tech’s example

    OUTPUT

    • A complete list of your business’ enterprise services

    Materials

    • Whiteboard/marker
    • Info-Tech sample enterprise services

    Participants

    • Key members of the project team
    • Service desk rep
    • Business rep

    Accounts & Access Services

    • User ID & Access
    • Remote Access
    • Business Applications Access

    Communication Services

    • Telephone
    • Email
    • Mobile devices

    Files & Documents

    • Shared Folders
    • File Storage
    • File Restoration
    • File Archiving

    Collaboration

    • Web Conferencing
    • Audio Conferencing
    • Video Conferencing
    • Chat
    • Document Sharing

    Employee Services

    • Onboarding & Off Boarding
    • Benefits Self Service
    • Time and Attendance
    • Employee Records Management

    Help & Support

    • Service Desk
    • Desk Side Support
    • After Hours Support

    Desktop, Equipment, & Software

    • Printing
    • Hardware Provisioning
    • Software Provisioning
    • Software Support
    • Device Move
    • Equipment Loaner

    Education & Training Services

    • Desktop Application Training
    • Corporate Application Training
    • Clinical Application Training
    • IT Training Consultation

    Connectivity

    • BYOD (wireless access)
    • Internet
    • Guest Wi-Fi

    IT Consulting Services

    • Project Management
    • Analysis
    • RFP Reviews
    • Solution Development
    • Business Analysis/Requirements Gathering
    • RFI/RFP Evaluation
    • Security Consulting & Assessment
    • Contract Management
    • Contract Negotiation

    IT department identifies a comprehensive list of enterprise services

    CASE STUDY A
    Industry Government
    Source Onsite engagement

    Challenge

    Because of the breadth of services IT provides across several agencies, it was challenging to identify what was considered enterprise beyond just the basic ones (email, internet, etc.)

    IT recognized that although the specific tasks of service could be different, there are many services that are offered universally across the organization and streamlining the service request and delivery process would reduce the burden on IT.

    Solution

    The client began with services that users interact with on a daily basis; this includes email, wireless, telephone, internet, printing, etc.

    Then, they focused on common service requests from the users, such as software and hardware provisioning, as well as remote access.

    Lastly, they began to think of other IT services that are provided across the organization, such as RFP/RFI support, project management analysis, employee onboarding/off-boarding, etc.

    Results

    By going through the lists and enterprise categories, the government was able to come up with a comprehensive list of all services IT provides to the business.

    Classifying services such as onboarding meant that IT could now standardize IT services for new recruits and employee termination.

    By capturing all enterprise services offered to the organization, IT centralized its management of services instead of having scattered request processes.

    Organization distinguishes features from services using Info-Tech’s tips and techniques

    CASE STUDY B
    Industry Government
    Source Onsite engagement

    Challenge

    For some services, the project team had difficulty deciding on what was a service and what was a feature. They found it hard to distinguish between a service with features or multiple services.

    For example, the client struggled to define the Wi-Fi services because they had many different user groups and different processes to obtain the service. Patients, visitors, doctors, researchers, and corporate employees all use Wi-Fi, but the service features for each user group were different.

    Solution

    The Info-Tech analyst came on-site and engaged the project team in a discussion around how the users would view the services.

    The analyst also provided tips and techniques on identifying services and their features.

    Because patients and visitors do not access Wi-Fi or receive support for the service in the same way as clinical or corporate employees, Wi-Fi was separated into two services (one for each user group).

    Results

    Using the tips and techniques that were provided during the onsite engagement, the project team was able to have a high degree of clarity on how to define the services by articulating who the authorized users are, and how to access the process.

    This allowed the group to focus on the users’ perspective and create clear, unambiguous service features so that users could clearly understand eligibility requirements for the service and how to request them.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    2.1 This image contains a screenshot from section 2.1 of this blueprint.

    Understand what enterprise services are

    The project team must have a clear understanding of what qualifies as an enterprise service. The onsite analysts will also promote a user-oriented mindset so the catalog focuses on business needs.

    2.2 this image contains a screenshot from section 2.2 of this blueprint.

    Identify enterprise services

    The Info-Tech analysts will provide a list of ready-to-use services and will work with the project team to change, add, and delete service definitions and to customize the service features.

    2.3 this image contains a screenshot from section 2.3 of this blueprint.

    Identify categories for enterprise services

    The Info-Tech analyst will again emphasize the importance of being service-oriented rather than IT-oriented. This will allow the group to come up with categories that are intuitive to the users.

    PHASE 3

    Identify and Define Line of Business Services

    Design & Build a User-Facing Service Catalog

    Step 3 – Create Line of Business Services Definitions

    1. Complete the Project Charter
    2. Create Enterprise Services Definitions
    3. Create Line of Business Services Definitions
    4. Complete Service Definitions

    This step will walk you through the following activities:

    • Identify lines of business (LOB) within the organization as well as the user groups within the different LOBs.
    • Determine which one of Info-Tech’s two approaches is more suitable for your IT organization.
    • Define and document LOB services using the appropriate approach.
    • Categorize the LOB services based on the organization’s functional structure.

    Step Insights

    • Collaboration with the business significantly strengthens the quality of line of business service definitions. A significant amount of user input is crucial to create impactful and effective service definitions.
    • If a strong relationship with the business is not in place, IT can look at business applications and the business activities they support in order to understand how to define line of business services.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Define LOB Services

    Proposed Time to Completion: 4 weeks

    Step 3.1: Identify LOB services

    Step 3.2: Define LOB services

    Start with an analyst kick off call:

    • Identify enterprise services that are commonly used.
    • Ensure the list is comprehensive and capture common IT needs.
    • Create service descriptions and features.

    Review findings with analyst:

    • Use either the business view or the IT view methodology to identify and define LOB services.

    Then complete these activities…

    • Select one of the methodologies and either compile a list of business applications or a list of user groups/functional departments.

    Then complete these activities…

    • Validate the service definitions and features with business users.

    With these tools & templates: Service

    LOB Services – Functional Group
    LOB Services – Industry Specific

    With these tools & templates:

    LOB Services – Functional Group
    LOB Services – Industry Specific

    Communicate with your business users to get a clear picture of each line of business

    Within a business unit, there are user groups that use unique applications and IT services to perform business activities. IT must understand which group is consuming each service to document to their needs and requirements. Only then is it logical to group services into lines of business.

    Covering every LOB service is a difficult task. Info-Tech offers two approaches to identifying LOB services, though we recommend working alongside business user groups to have input on how each service is used directly from the users. Doing so makes the job of completing the service catalog easier, and the product more detailed and user friendly.

    Some helpful questions to keep in mind when characterizing user groups:

    • Where do they fall on the organizational chart?
    • What kind of work do they do?
    • What is included in their job description?
    • What are tasks that they do in addition to their formal responsibilities?
    • What do they need from IT to do their day-to-day tasks?
    • What does their work day look like?
    • When, why, and how do they use IT services?

    Info-Tech Insight

    With business user input, you can answer questions as specific as “What requirements are necessary for IT to deliver value to each line of business?” and “What does each LOB need in order to run their operation?”

    Understand when it is best to use one of Info-Tech’s two approaches to defining LOB services

    1. Business View

    Business View is the preferred method for IT departments with a better understanding of business operations. This is because they can begin with input from the user, enabling them to more successfully define every service for each user group and LOB.

    In addition, IT will also have a chance to work together with the business and this will improve the level of collaboration and communication. However, in order to follow this methodology, IT needs to have a pre-established relationship with the business and can demonstrate their knowledge of business applications.

    2. IT View

    The IT view begins with considering each business application used within the organization’s lines of business. Start with a broad view, following with a process of narrowing down, and then iterate for each business application.

    This process leads to each unique service performed by every application within the business’ LOBs.

    The IT view does not necessarily require a substantial amount of information about the business procedures. IT staff are capable of deducing what business users often require to maintain their applications’ functionality.

    Use one of Info-Tech’s two methodologies to help you identify each LOB service

    Choose the methodology that fits your IT organization’s knowledge of the business.

    This image demonstrates a comparison between the business view of service and the IT View of Service. Under the Business View, the inputs are LOB; User Groups; and Business Activity. Under the IT View, the inputs are Business Application and Functionality, and the outputs are Business Activity; User Groups; and LOB.

    1. Business View

    If you do have knowledge of business operations, using the business view is the better option and the service definition will be more relatable to the users.

    2. IT View

    For organizations that don’t have established relationships with the business or detailed knowledge of business activities, IT can decompose the application into services. They have more familiarity and comfort with the business applications than with business activities.

    It is important to continue after the service is identified because it helps confirm and solidify the names and features. Determining the business activity and the user groups can help you become more user-oriented.

    Identifying LOB services using Info-Tech’s Business View method

    We will illustrate the two methodologies with the same example.

    If you have established an ongoing relationship with the business and you are familiar with their business operations, starting with the LOB and user groups will ensure you cover all the services IT provides to the business and create more relatable service names.

    This is a screenshot of an example of the business view of Service.

    Identifying LOB services using Info-Tech’s IT View method

    If you want to understand what services IT provides to the Sales functional group, and you don’t have comprehensive knowledge of the department, you need to start with the IT perspective.

    This is a screenshot of an example of the business view of Service.

    Info-Tech Insight

    If you are concerned about the fact that people always associate a service with an application, you can include the application in the service name or description so users can find the service through a search function.

    Group LOB services into functional groups as you did enterprise services into categories

    3.1 Sample Line of Business Services Definitions – Functional Groups & Industry Examples

    Like categories for enterprise services in Phase Two, LOB services are grouped into functional groups. Functional groups are the components of an organizational chart (HR, Finance, etc.) that are found in a company’s structure.

    Functional Groups

    Functional groups enable a clear view for business users of what services they need, while omitting services that do not apply to them. This does not overwhelm them, and provides them with only relevant information.

    Industry Services

    To be clear, industry services can be put into functional groups.

    Info-Tech provides a few sample industry services (without their functional group) to give an idea of what LOB service is specific to these industries. Try to extrapolate from these examples to create LOB services for your business.

    Use Info-Tech’s Sample LOB Services – Functional Group and Sample LOB Services – Industry Specific documents.

    This is a screenshot of Info-Tech's Functional Group Services

    Info-Tech Insight

    Keep track of which services you either modify or delete. You will have to change the same services in the final Info-Tech deliverable.

    Identify the user group and business activity within each line of business – Business view

    3.1 30-45 minutes per line of business

    Only perform this activity if you have a relationship with the business that can enable you to generate business input on service identifications and definitions.

    In a group of your project participants, repeat the sequence for each LOB.

    1. Brainstorm each user group within the LOB that is creating value for the business by performing functional activities.
    2. Think of what each individual end user must do to create their value. Think of the bigger picture rather than specifics at this point. For example, sales representatives must communicate with clients to create value.
    3. Now that you have each user group and the activities they perform, consider the specifics of how they go about doing that activity. Consider each application they use and how much they use that application. Think of any and all IT services that could occur as a result of that application usage.

    INPUT

    • A collaborative discussion (with a business relationship)

    OUTPUT

    • LOB services defined from the business perspective

    Materials

    • Sticky notes
    • Whiteboard/marker

    Participants

    • Members of the project team
    • Representatives from the LOBs

    Identify the user group and business activity within each line of business – IT view

    3.1 30-45 minutes per application

    Only perform this activity if you cannot generate business input through your relationships, and must begin service definitions with business applications.

    In a group of your project participants, repeat the sequence for each application.

    1. Brainstorm all applications that the business provides through IT. Cross out the ones that provide enterprise services.
    2. In broad terms, think about what the application is accomplishing to create value for the business from IT’s perspective. What are the modules? Is it recording interactions with the clients? Each software can have multiple functionalities.
    3. Narrow down each functionality performed by the application and think about how IT helps deliver that value. Create a name for the service that the users can relate to and understand.
    4. → Optional

    5. Now go beyond the service and think about the business activities. They are always similar to IT’s application functionality, but from the user perspective. How would the user think about what the application’s functionality to accomplish that particular service is? At this point, focus on the service, not the application.
    6. Determine the user groups for each service. This step will help you complete the service record design in phase 4. Keep in mind that multiple user groups may access one service.

    INPUT

    • A collaborative discussion (without a business relationship)

    OUTPUT

    • LOB services defined from the IT perspective

    Materials

    • Sticky notes
    • Whiteboard/marker

    Participants

    • Members of the project team

    You must review your LOB service definitions with the business before deployment

    Coming up with LOB service definitions is challenging for IT because it requires comprehension of all lines of business within the organization as well as direct interaction with the business users.

    After completing the LOB service definitions, IT must talk to the business to ensure all the user groups and business activities are covered and all the features are accurate.

    Here are some tips to reviewing your LOB Service Catalog generated content:

    • If you plan to talk to a business SME, plan ahead to help complete the project in time for rollout.
    • Include a business relationship manager on the project team to facilitate discussion if you do not have an established relationship with the business.

    Sample Meeting Agenda

    Go through the service in batches. Present 5-10 related services to the business first. Start with the service name and then focus on the features.

    In the meeting, discuss whether the service features accurately sum up the business activities, or if there are missing key activities. Also discuss whether certain services should be split up into multiple services or combined into one.

    Organization identifies LOB services using Info-Tech’s methodologies

    CASE STUDY A
    Industry Government
    Source Onsite engagement

    Challenge

    There were many users from different LOBs, and IT provided multiple services to all of them. Tracking them and who had access to what was difficult.

    IT didn’t understand who provided the services (service owner) and who the customers were (business owner) for some of the services.

    Solution

    After identifying the different Lines of Business, they followed the first approach (Business View) for those that IT had sufficient knowledge of in terms of business operations:

    1. Identified lines of business
    2. Identified user groups
    3. Identified business activities

    For the LOBs they weren’t familiar with, they used the IT view method, beginning with the application:

    1. Identified business apps
    2. Deduced the functionalities of each application
    3. Traced the application back to the service and identified the service owner and business owner

    Results

    Through these two methodologies, IT was able to define services according to how the users both perceive and utilize them.

    IT was able to capture all the services it provides to each line of business effectively without too much help from the business representatives.

    By capturing all enterprise services offered to the organization, IT centralized its management of services instead of having scattered request processes.

    Info-Tech helps organization to identify LOB services using the IT View

    CASE STUDY B
    Industry Healthcare
    Source Onsite engagement

    Challenge
    The organization uses a major application containing several modules used by different users for various business activities.

    The challenge was to break down the application into multiple services in a way that makes sense to the business users. Users should be able to find services specific to them easily.

    Therefore, the project team must understand how to map the modules to different services and user groups.


    Solution
    The project team identified the major lines of business and took various user groups such as nurses and doctors, figured out their daily tasks that require IT services, and mapped each user-facing service to the functionality of the application.

    The project team then went back to the application to ensure all the modules and functionalities within the application were accounted for. This helped to ensure that services for all user groups were covered and prepared to be released in the catalog.


    Results
    Once the project team had come up with a comprehensive list of services for each line of business, they were able to sit with the business and review the services.

    IT was also able to use this opportunity to demonstrate all the services it provides. Having all the LOB services demonstrates IT has done its preparation and can show the value they help create for the business in a language the users can understand. The end result was a strengthened relationship between the business and the IT department.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    This is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    3.1 this image contains a screenshot from section 3.1 of this blueprint.

    Understand what Line of Business services are

    The onsite analysts will provide a clear distinction between enterprise services and LOB services. The analysts will also articulate the importance of validating LOB services with the business.

    3.2 this image contains a screenshot from section 3.2 of this blueprint.

    Identify LOB services using the business’ view

    There are two methods for coming up with LOB services. If IT has comprehensive knowledge of the business, they can identify the services by outlining the user groups and their business activities.

    3.3 This image contains a screenshot from section 3.3 of this blueprint.

    Identify LOB services using IT’s view

    If IT does not understand the business and cannot obtain business input, Info-Tech’s analysts will present the second method, which allows IT to identify services with more comfortability through business applications/systems.

    3.4 This image contains a screenshot from section 3.4 of this blueprint.

    Categorize the LOB services into functional groups

    The analysts will help the project team categorize the LOB services based on user groups or functional departments.

    PHASE 4

    Complete Service Definitions

    Design & Build a User-Facing Service Catalog

    Step 4: Complete service definitions and service record design

    1. Complete the Project Charter
    2. Create Enterprise Services Definitions
    3. Create Line of Business Services Definitions
    4. Complete Service Definitions

    This step will walk you through the following activities:

    • Select which fields of information you would like to include in your service catalog design.
    • Determine which fields should be kept internal for IT use only.
    • Complete the service record design with business input if possible.

    Step Insights

    • Don’t overcomplicate the service record design. Only include the pieces of information the users really need to see.
    • Don’t publish anything that you don’t want to be held accountable for. If you are not ready, keep the metrics and costs internal.
    • It is crucial to designate a facilitator and a decision maker so confusions and disagreements regarding service definitions can be resolved efficiently.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Complete service definitions
    Proposed Time to Completion (in weeks): 4 weeks

    Step 4.1: Design service record

    Step 4.2: Complete service definitions

    Start with an analyst kick off call:

    • Review Info-Tech’s sample service record and determine which fields to add/change/delete.
    • Determine which fields should be kept internal.

    Review findings with analyst:

    • Complete all fields in the service record for each identified service.

    Then complete these activities…

    • Finalize the design of the service record and bring over enterprise services and LOB services.

    Then complete these activities…

    • Test the service definitions with business users prior to catalog implementation.

    With these tools & templates: Service

    Services Definition Chart

    With these tools & templates:

    Services Definition Chart

    Utilize Info-Tech’s Services Definition Chart to map out your final service catalog design

    Info-Tech’s Sample Services Definition Chart

    Info-Tech has provided a sample Services Definition Chart with standard service definitions and pre-populated fields. It is up to you throughout this step to decide which fields are necessary to your business users, as well as how much detail you wish to include in each of them.

    This image contains a screenshot from Info-Tech's Services Definition Chart.

    Info-Tech Insight

    Keep track of which services you either modify or delete. You will have to change the same services in the final Info-Tech deliverable.

    Tips and techniques for service record design

    The majority of the fields in the service catalog are user facing, which means they must be written in business language that the users can understand.

    If there is any confusion or disagreement in filling out the fields, a facilitator is required to lead the working groups in coming up with a definitive answer. If a decision is still not reached, it should be escalated to the decision maker (usually the service owner).

    IT-Facing Fields

    There are IT facing fields that should not be published to the business users – they are for the benefit of IT. For example, you may want to keep Performance Metrics internal to IT until you are ready to discuss it with the business.

    If the organization is interested in creating a Technical Service Catalog following this initiative, these fields will provide a helpful starting place for IT to identify the people, process, and technology required to support user-facing services.

    Info-Tech Insight

    It is important for IT-facing fields to be kept internal. If business users are having trouble with a service and the service owner’s name is available to them, they will phone them for support even if they are not the support owner.

    Design your service catalog with business input: have the user in mind

    When completing the service record, adopt the principle that “Less is More.” Keep it simple and write the service description from the user’s perspective, without IT language. From the list below, pick which fields of information are important to your business users.

    What do the users need to access the service quickly and with minimal assistance?

    The depicted image contains an example of an analysis of what users need to access the service quickly and with minimal assistance. The contents are as follows. Under Service Overview, Name; Description; Features; Category; and Supporting Services. Under Owners, are Service Owner; Business Owner. Under Access Policies and Procedures, are Authorized Users; Request Process; Approval Requirements/Process; Turnaround Time; User Responsibility. Under Availability and Service Levels are Support Hours; Hours of Availability; Planned Downtime; and Metrics. Under Support Policies & Procedures are Support Process; Support Owner; Support Documentation. Under Costs are Internal Cost; Customer Cost. The items which are IT Facing are coloured Red. These include Supporting Services; Service Owner; Business Owner; Metrics; Support Owner; and Internal Cost.

    Identify service overview

    “What information must I have in each service record? What are the fundamentals required to define a service?”

    Necessary Fields – Service Description:

    • Service name → a title for the service that gives a hint of its purpose.
    • Service description → what the service does and expected outcomes.
    • Service features → describe functionality of the service.
    • Service category → an intuitive way to group the service.
    • Support services → applications/systems required to support the service.

    Description: Delivers electronic messages to and from employees.

    Features:

    • Desk phone
    • Teleconference phones (meeting rooms)
    • Voicemail
    • Recover deleted voicemails
    • Team line: call rings multiple phones/according to call tree
    • Employee directory
    • Caller ID, Conference calling

    Category: Communications

    This image contains an example of a Service overview table. The headings are: Description; Features; Category; Supporting Services (Systems, Applications).

    Identify owners

    Who is responsible for the delivery of the service and what are their roles?

    Service Owner and Business Owner

    Service owner → the IT member who is responsible and accountable for the delivery of the service.

    Business owner → the business partner of the service owner who ensures the provided service meets business needs.

    Example: Time Entry

    Service Owner: Manager of Business Solutions

    Business Owner: VP of Human Resources

    This image depicts a blank table with the headings Service Owner, and Business Owner

    Info-Tech Insight

    For enterprise services that are used by almost everyone in the organization, the business owner is the CIO.

    Identify access policies and procedures

    “Who is authorized to access this service? How do they access it?”

    Access Policies & Procedures

    Authorized users → who can access the service.

    Request process → how to request access to the service.

    Approval requirement/process → what the user needs to have in place before accessing the service.

    Example: Guest Wi-Fi

    Authorized Users: All people on site not working for the company

    Request Process: Self-Service through website for external visitors

    Approval Requirement/Process: N/A

    This image depicts a blank table with the headings: Authorized Users; Request Process; Approval Requirement/Process

    Info-Tech Insight

    Clearly defining how to access a service saves time and money by decreasing calls to the service desk and getting users up and running faster. The result is higher user productivity.

    Identify access policies and procedures

    “Who is authorized to access this service? How do they access it?”

    Access Policies & Procedures

    Requirements & pre-requisites → details of what must happen before a service can be provided.

    Turnaround time → how much time it will take to grant access to the service.

    User responsibility → What the user is expected to do to acquire the service.

    Example: Guest Wi-Fi

    Requirements & Pre-requisites: Disclaimer of non-liability and acceptance

    Turnaround time: Immediate

    User Responsibility: Adhering to policies outlined in the disclaimer

    This image depicts a blank table with the headings: Authorized Users; Request Process; Approval Requirement/Process

    Info-Tech Insight

    Clearly defining how to access a service saves time and money by decreasing calls to the service desk and getting users up and running faster. The result is higher user productivity.

    Identify availability and service levels

    “When is this service available to users? What service levels can the user expect?”

    Availability & Service Levels

    Support hours → what days/times is this service available to users?

    Hours of availability/planned downtime → is there scheduled downtime for maintenance?

    Performance metrics → what level of performance can the user expect for this service?

    Example: Software Provisioning

    Support Hours: Standard business hours

    Hours of Availability/Planned Downtime: Standard business hours; can be agreed to work beyond operating hours either earlier or later

    Performance Metrics: N/A

    This image depicts a blank table with the headings: Support hours; Hours of availability/planned downtime; Performance Metrics.

    Info-Tech Insight

    Manage user expectations by clearly documenting and communicating service levels.

    Identify support policies and procedures

    “How do I obtain support for this service?”

    Support Policies & Procedures

    Support process → what is the process for obtaining support for this service?

    Support owner → who can users contact for escalations regarding this service?

    Support documentation → where can users find support documentation for this service?

    Example: Shared Folders

    Support Process: Contact help desk or submit a ticket via portal

    Support Owner: Manager, client support

    Support Documentation: .pdf of how-to guide

    This image depicts a blank table with the headings: Support Process; Support Owner; Support Documentation

    Info-Tech Insight

    Clearly documenting support procedures enables users to get the help they need faster and more efficiently.

    Identify service costs and approvals

    “Is there a cost for this service? If so, how much and who is expensing it?”

    Costs

    Internal Cost → do we know the total cost of the service?

    Customer Cost → a lot of services are provided without charge to the business; however, certain service requests will be charged to a department’s budget.

    Example: Hardware Provisioning

    Internal Cost: For purposes of audit, new laptops will be expensed to IT.

    Customer Cost: Cost to rush order 10 new laptops with retina displays for the graphics team. Charged for extra shipment cost, not for cost of laptop.

    This image depicts a blank table with the headings: Internal Costs; Customer costs

    Info-Tech Insight

    Set user expectations by clearly documenting costs associated with a service and how to obtain approval for these costs if required.

    Complete the service record design fields for every service

    4.1 3 Hours

    This is the final activity to completing the service record design. It has been a long journey to make it here; now, all that is left is completing the fields and transferring information from previous activities.

    1. Organize the services however you think is most appropriate. A common method of organization is alphabetically by enterprise category, and then each LOB functional group.
    2. Determine which fields you would like to keep or edit to be part of your design. Also add any other fields you can think of which will add value to the user or IT. Remember to keep them IT facing if necessary.
    3. Complete the fields for each service one by one. Keep in mind that for some services, a field or two may not apply to the nature of that service and may be left blank or filled with a null value (e.g. N/A).

    INPUT

    • A collaborative discussion

    OUTPUT

    • Completed service record design ready for a catalog

    Materials

    • Info-Tech sample service record design.

    Participants

    • Project stakeholders, business representatives

    Info-Tech Insight

    Don’t forget to delete or bring over the edited LOB and Enterprise services from the phase 2 and 3 deliverables.

    Complete the service definitions and get them ready for publication

    Now that you have completed the first run of service definitions, you can go back and complete the rest of the identified services in batches. You should observe increased efficiency and effectiveness in filling out the service definitions.

    This image depicts how you can use bundles to simplify the process of catalog design using bundles. The cycle includes the steps: Identify Services; Select a Service Bundle; Review Record Design; followed by a cycle of: Pick a service; Service X; Service Data Collection; Create Service Record, followed by Publish the bundle; Communicate the bundle; Rinse and Repeat.

    This blueprint’s purpose is to help you design a service catalog. There are a number of different platforms to build the catalog offered by application vendors. The sophistication of the catalog depends on the size of your business. It may be as simple as an Excel book, or something as complex as a website integrated with your service desk.

    Determine how you want to publish the service catalog

    There are various levels of maturity to consider when you are thinking about how to deploy your service catalog.

    1. Website/User Portal 2. Catalog Module Within ITSM Tool

    3. Homegrown Solution

    Prerequisite

    An internet website, or a user portal

    An existing ITSM tool with a built-in service catalog module

    Database development capabilities

    Website development capabilities

    Pros

    Low cost

    Low effort

    Easy to deploy

    Customized solution tailored for the organization

    High flexibility regarding how the service catalog is published

    Cons

    Not aesthetically appealing

    Lacking sophistication

    Difficult to customize to organization’s needs

    Limitation on how the service catalog info is published

    High effort

    High cost

    → Maturity Level →

    Organization uses the service catalog to outline IT’s and users’ responsibilities

    CASE STUDY A
    Industry Government
    Source Onsite engagement

    Challenge

    The client had collected a lot of good information, but they were not sure about what to include to ensure the users could understand the service clearly.

    They were also not sure what to keep internal so the service catalog did not increase IT’s workload. They want to help the business, but not appear as if they are capable of solving everything for everyone immediately. There was a fear of over-commitment.

    Solution

    The government created a Customer Responsibility field for each service, so it was not just IT who was providing solutions. Business users needed to understand what they had to do to receive some services.

    The Service Owner and Business Owner fields were also kept internal so users would go through the proper request channel instead of calling Service Owners directly.

    Lastly, the Performance Metrics field was kept internal until IT was ready to present service metrics to the business.

    Results

    The business was provided clarity on their responsibility and what was duly owed to them by IT staff. This established clear boundaries on what was to be expected of IT services projected into the future.

    The business users knew what to do and how to obtain the services provided to them. In the meantime, they didn’t feel overwhelmed by the amount of information provided by the service catalog.

    Organization leverages the service catalog as a tool to define IT workflows and business processes

    CASE STUDY B
    Industry Healthcare
    Source Onsite engagement

    Challenge

    There is a lack of clarity and a lack of agreement between the client’s team members regarding the request/approval processes for certain services. This was an indication that there is a level of ambiguity around process. Members were not sure what was the proper way to access a service and could not come up with what to include in the catalog.

    Different people from different teams had different ways of accessing services. This could be true for both enterprise and LOB services.

    Solution

    The Info-Tech analyst facilitated a discussion about workflows and business processes.

    In particular, the discussion focused around the approval/authorization process, and IT’s workflows required to deliver the service. The Info-Tech analyst on site walked the client through their different processes to determine which one should be included in the catalog.

    Results

    The discussion brought clarity to the project team around both IT and business process. Using this new information, IT was able to communicate to the business better, and create consistency for IT and the users of the catalog.

    The catalog design was a shared space where IT and business users could confer what the due process and responsibilities were from both sides. This increased accountability for both parties.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    4.1 this image contains a screenshot from section 4.1 of this blueprint.

    Determine which fields should be included in the record design

    The analysts will present the sample service definitions record and facilitate a discussion to customize the service record so unique business needs are captured.

    4.2 this image contains a screenshot from section 4.2.1 of this blueprint.

    Determine which fields should be kept internal

    The onsite analysts will explain why certain fields are used but not published. The analysts will help the team determine which fields should be kept internal.

    4.3 this image contains a screenshot from section 4.3 of this blueprint.

    Complete the service definitions

    The Info-Tech analysts will help the group complete the full service definitions. This exercise will also provide the organization with a clear understanding of IT workflows and business processes.

    Summary of accomplishment

    Knowledge Gained

    • Understanding why it is important to identify and define services from the user’s perspective.
    • Understand the differences between enterprise services and line of business services.
    • Distinguish service features from services.
    • Involve the business users to define LOB services using either IT’s view or LOB’s view.

    Processes Optimized

    • Enterprise services identification and documentation.
    • Line of business services identification and documentation.

    Deliverables Completed

    • Service catalog project charter
    • Enterprise services definitions
    • Line of business service definitions – functional groups
    • Line of business service definitions – industry specific
    • Service definition chart

    Project step summary

    Client Project: Design and Build a User-Facing Service Catalog

    1. Launch the Project – Maximize project success by assembling a well-rounded team and managing all important stakeholders.
    2. Identify Enterprise Services – Identify services that are used commonly across the organization and categorize them in a user-friendly way.
    3. Identify Line of Business Services – Identify services that are specific to each line of business using one of two Info-Tech methodologies.
    4. Complete the Service Definitions – Determine what should be presented to the users and complete the service definitions for all identified services.

    Info-Tech Insight

    This project has the ability to fit the following formats:

    • Onsite workshop by Info-Tech Research Group consulting analysts.
    • Do-it-yourself with your team.
    • Remote delivery (Info-Tech Guided Implementation).

    Related Info-Tech research

    Establish a Service-Based Costing Model

    Develop the right level of service-based costing capability by applying our methodology.